@push.rocks/smartproxy 12.0.0 → 13.1.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist_ts/00_commitinfo_data.js +1 -1
- package/dist_ts/certificate/acme/acme-factory.d.ts +17 -0
- package/dist_ts/certificate/acme/acme-factory.js +40 -0
- package/dist_ts/certificate/acme/challenge-handler.d.ts +44 -0
- package/dist_ts/certificate/acme/challenge-handler.js +92 -0
- package/dist_ts/certificate/acme/index.d.ts +4 -0
- package/dist_ts/certificate/acme/index.js +5 -0
- package/dist_ts/certificate/events/certificate-events.d.ts +33 -0
- package/dist_ts/certificate/events/certificate-events.js +38 -0
- package/dist_ts/certificate/index.d.ts +24 -0
- package/dist_ts/certificate/index.js +39 -0
- package/dist_ts/certificate/models/certificate-types.d.ts +77 -0
- package/dist_ts/certificate/models/certificate-types.js +2 -0
- package/dist_ts/certificate/providers/cert-provisioner.d.ts +93 -0
- package/dist_ts/certificate/providers/cert-provisioner.js +262 -0
- package/dist_ts/certificate/providers/index.d.ts +4 -0
- package/dist_ts/certificate/providers/index.js +5 -0
- package/dist_ts/certificate/storage/file-storage.d.ts +66 -0
- package/dist_ts/certificate/storage/file-storage.js +194 -0
- package/dist_ts/certificate/storage/index.d.ts +4 -0
- package/dist_ts/certificate/storage/index.js +5 -0
- package/dist_ts/certificate/utils/certificate-helpers.d.ts +17 -0
- package/dist_ts/certificate/utils/certificate-helpers.js +45 -0
- package/dist_ts/common/eventUtils.d.ts +1 -1
- package/dist_ts/common/port80-adapter.d.ts +1 -1
- package/dist_ts/core/events/index.d.ts +4 -0
- package/dist_ts/core/events/index.js +5 -0
- package/dist_ts/core/index.d.ts +6 -0
- package/dist_ts/core/index.js +8 -0
- package/dist_ts/core/models/common-types.d.ts +82 -0
- package/dist_ts/core/models/common-types.js +15 -0
- package/dist_ts/core/models/index.d.ts +4 -0
- package/dist_ts/core/models/index.js +5 -0
- package/dist_ts/core/utils/event-utils.d.ts +15 -0
- package/dist_ts/core/utils/event-utils.js +19 -0
- package/dist_ts/core/utils/index.d.ts +6 -0
- package/dist_ts/core/utils/index.js +7 -0
- package/dist_ts/core/utils/ip-utils.d.ts +53 -0
- package/dist_ts/core/utils/ip-utils.js +153 -0
- package/dist_ts/core/utils/validation-utils.d.ts +61 -0
- package/dist_ts/core/utils/validation-utils.js +149 -0
- package/dist_ts/forwarding/config/domain-config.d.ts +12 -0
- package/dist_ts/forwarding/config/domain-config.js +12 -0
- package/dist_ts/forwarding/config/domain-manager.d.ts +86 -0
- package/dist_ts/forwarding/config/domain-manager.js +242 -0
- package/dist_ts/forwarding/config/forwarding-types.d.ts +104 -0
- package/dist_ts/forwarding/config/forwarding-types.js +50 -0
- package/dist_ts/forwarding/config/index.d.ts +6 -0
- package/dist_ts/forwarding/config/index.js +7 -0
- package/dist_ts/forwarding/factory/forwarding-factory.d.ts +25 -0
- package/dist_ts/forwarding/factory/forwarding-factory.js +138 -0
- package/dist_ts/forwarding/factory/index.d.ts +4 -0
- package/dist_ts/forwarding/factory/index.js +5 -0
- package/dist_ts/forwarding/handlers/base-handler.d.ts +55 -0
- package/dist_ts/forwarding/handlers/base-handler.js +94 -0
- package/dist_ts/forwarding/handlers/http-handler.d.ts +30 -0
- package/dist_ts/forwarding/handlers/http-handler.js +131 -0
- package/dist_ts/forwarding/handlers/https-passthrough-handler.d.ts +29 -0
- package/dist_ts/forwarding/handlers/https-passthrough-handler.js +162 -0
- package/dist_ts/forwarding/handlers/https-terminate-to-http-handler.d.ts +36 -0
- package/dist_ts/forwarding/handlers/https-terminate-to-http-handler.js +229 -0
- package/dist_ts/forwarding/handlers/https-terminate-to-https-handler.d.ts +35 -0
- package/dist_ts/forwarding/handlers/https-terminate-to-https-handler.js +254 -0
- package/dist_ts/forwarding/handlers/index.d.ts +8 -0
- package/dist_ts/forwarding/handlers/index.js +9 -0
- package/dist_ts/forwarding/index.d.ts +19 -0
- package/dist_ts/forwarding/index.js +25 -0
- package/dist_ts/http/index.d.ts +15 -0
- package/dist_ts/http/index.js +20 -0
- package/dist_ts/http/models/http-types.d.ts +81 -0
- package/dist_ts/http/models/http-types.js +62 -0
- package/dist_ts/http/port80/acme-interfaces.d.ts +78 -0
- package/dist_ts/http/port80/acme-interfaces.js +6 -0
- package/dist_ts/http/port80/challenge-responder.d.ts +53 -0
- package/dist_ts/http/port80/challenge-responder.js +203 -0
- package/dist_ts/http/port80/index.d.ts +6 -0
- package/dist_ts/http/port80/index.js +9 -0
- package/dist_ts/http/port80/port80-handler.d.ts +121 -0
- package/dist_ts/http/port80/port80-handler.js +554 -0
- package/dist_ts/http/redirects/index.d.ts +4 -0
- package/dist_ts/http/redirects/index.js +5 -0
- package/dist_ts/http/router/index.d.ts +4 -0
- package/dist_ts/http/router/index.js +5 -0
- package/dist_ts/http/router/proxy-router.d.ts +115 -0
- package/dist_ts/http/router/proxy-router.js +325 -0
- package/dist_ts/index.d.ts +15 -8
- package/dist_ts/index.js +26 -10
- package/dist_ts/networkproxy/classes.np.certificatemanager.js +2 -2
- package/dist_ts/networkproxy/index.d.ts +1 -6
- package/dist_ts/networkproxy/index.js +4 -8
- package/dist_ts/plugins.d.ts +2 -1
- package/dist_ts/plugins.js +3 -2
- package/dist_ts/port80handler/classes.port80handler.d.ts +8 -136
- package/dist_ts/port80handler/classes.port80handler.js +14 -567
- package/dist_ts/proxies/index.d.ts +6 -0
- package/dist_ts/proxies/index.js +8 -0
- package/dist_ts/proxies/network-proxy/certificate-manager.d.ts +77 -0
- package/dist_ts/proxies/network-proxy/certificate-manager.js +373 -0
- package/dist_ts/proxies/network-proxy/connection-pool.d.ts +47 -0
- package/dist_ts/proxies/network-proxy/connection-pool.js +210 -0
- package/dist_ts/proxies/network-proxy/index.d.ts +10 -0
- package/dist_ts/proxies/network-proxy/index.js +12 -0
- package/dist_ts/proxies/network-proxy/models/index.d.ts +4 -0
- package/dist_ts/proxies/network-proxy/models/index.js +5 -0
- package/dist_ts/proxies/network-proxy/models/types.d.ts +80 -0
- package/dist_ts/proxies/network-proxy/models/types.js +35 -0
- package/dist_ts/proxies/network-proxy/network-proxy.d.ts +118 -0
- package/dist_ts/proxies/network-proxy/network-proxy.js +387 -0
- package/dist_ts/proxies/network-proxy/request-handler.d.ts +57 -0
- package/dist_ts/proxies/network-proxy/request-handler.js +394 -0
- package/dist_ts/proxies/network-proxy/websocket-handler.d.ts +38 -0
- package/dist_ts/proxies/network-proxy/websocket-handler.js +188 -0
- package/dist_ts/proxies/nftables-proxy/index.d.ts +5 -0
- package/dist_ts/proxies/nftables-proxy/index.js +6 -0
- package/dist_ts/proxies/nftables-proxy/models/errors.d.ts +15 -0
- package/dist_ts/proxies/nftables-proxy/models/errors.js +28 -0
- package/dist_ts/proxies/nftables-proxy/models/index.d.ts +5 -0
- package/dist_ts/proxies/nftables-proxy/models/index.js +6 -0
- package/dist_ts/proxies/nftables-proxy/models/interfaces.d.ts +75 -0
- package/dist_ts/proxies/nftables-proxy/models/interfaces.js +5 -0
- package/dist_ts/proxies/nftables-proxy/nftables-proxy.d.ts +136 -0
- package/dist_ts/proxies/nftables-proxy/nftables-proxy.js +1516 -0
- package/dist_ts/proxies/smart-proxy/connection-handler.d.ts +39 -0
- package/dist_ts/proxies/smart-proxy/connection-handler.js +894 -0
- package/dist_ts/proxies/smart-proxy/connection-manager.d.ts +78 -0
- package/dist_ts/proxies/smart-proxy/connection-manager.js +378 -0
- package/dist_ts/proxies/smart-proxy/domain-config-manager.d.ts +95 -0
- package/dist_ts/proxies/smart-proxy/domain-config-manager.js +255 -0
- package/dist_ts/proxies/smart-proxy/index.d.ts +13 -0
- package/dist_ts/proxies/smart-proxy/index.js +17 -0
- package/dist_ts/proxies/smart-proxy/models/index.d.ts +4 -0
- package/dist_ts/proxies/smart-proxy/models/index.js +5 -0
- package/dist_ts/proxies/smart-proxy/models/interfaces.d.ts +107 -0
- package/dist_ts/proxies/smart-proxy/models/interfaces.js +2 -0
- package/dist_ts/proxies/smart-proxy/network-proxy-bridge.d.ts +62 -0
- package/dist_ts/proxies/smart-proxy/network-proxy-bridge.js +316 -0
- package/dist_ts/proxies/smart-proxy/port-range-manager.d.ts +56 -0
- package/dist_ts/proxies/smart-proxy/port-range-manager.js +176 -0
- package/dist_ts/proxies/smart-proxy/security-manager.d.ts +64 -0
- package/dist_ts/proxies/smart-proxy/security-manager.js +149 -0
- package/dist_ts/proxies/smart-proxy/smart-proxy.d.ts +63 -0
- package/dist_ts/proxies/smart-proxy/smart-proxy.js +523 -0
- package/dist_ts/proxies/smart-proxy/timeout-manager.d.ts +47 -0
- package/dist_ts/proxies/smart-proxy/timeout-manager.js +154 -0
- package/dist_ts/proxies/smart-proxy/tls-manager.d.ts +57 -0
- package/dist_ts/proxies/smart-proxy/tls-manager.js +132 -0
- package/dist_ts/smartproxy/classes.pp.networkproxybridge.d.ts +2 -2
- package/dist_ts/smartproxy/classes.pp.networkproxybridge.js +1 -1
- package/dist_ts/smartproxy/classes.pp.tlsmanager.js +2 -2
- package/dist_ts/smartproxy/classes.smartproxy.js +3 -3
- package/dist_ts/tls/alerts/index.d.ts +4 -0
- package/dist_ts/tls/alerts/index.js +5 -0
- package/dist_ts/tls/alerts/tls-alert.d.ts +150 -0
- package/dist_ts/tls/alerts/tls-alert.js +226 -0
- package/dist_ts/tls/index.d.ts +18 -0
- package/dist_ts/tls/index.js +27 -0
- package/dist_ts/tls/sni/client-hello-parser.d.ts +100 -0
- package/dist_ts/tls/sni/client-hello-parser.js +463 -0
- package/dist_ts/tls/sni/index.d.ts +4 -0
- package/dist_ts/tls/sni/index.js +5 -0
- package/dist_ts/tls/sni/sni-extraction.d.ts +58 -0
- package/dist_ts/tls/sni/sni-extraction.js +275 -0
- package/dist_ts/tls/sni/sni-handler.d.ts +154 -0
- package/dist_ts/tls/sni/sni-handler.js +191 -0
- package/dist_ts/tls/utils/index.d.ts +4 -0
- package/dist_ts/tls/utils/index.js +5 -0
- package/dist_ts/tls/utils/tls-utils.d.ts +158 -0
- package/dist_ts/tls/utils/tls-utils.js +187 -0
- package/package.json +1 -1
- package/readme.md +89 -21
- package/readme.plan.md +253 -469
- package/ts/00_commitinfo_data.ts +1 -1
- package/ts/certificate/acme/acme-factory.ts +48 -0
- package/ts/certificate/acme/challenge-handler.ts +110 -0
- package/ts/certificate/acme/index.ts +3 -0
- package/ts/certificate/events/certificate-events.ts +36 -0
- package/ts/certificate/index.ts +67 -0
- package/ts/certificate/models/certificate-types.ts +88 -0
- package/ts/certificate/providers/cert-provisioner.ts +326 -0
- package/ts/certificate/providers/index.ts +3 -0
- package/ts/certificate/storage/file-storage.ts +234 -0
- package/ts/certificate/storage/index.ts +3 -0
- package/ts/certificate/utils/certificate-helpers.ts +50 -0
- package/ts/common/eventUtils.ts +1 -1
- package/ts/common/port80-adapter.ts +1 -1
- package/ts/core/events/index.ts +3 -0
- package/ts/core/index.ts +8 -0
- package/ts/core/models/common-types.ts +91 -0
- package/ts/core/models/index.ts +5 -0
- package/ts/core/utils/event-utils.ts +34 -0
- package/ts/core/utils/index.ts +7 -0
- package/ts/core/utils/ip-utils.ts +175 -0
- package/ts/core/utils/validation-utils.ts +177 -0
- package/ts/{smartproxy/forwarding → forwarding/config}/domain-config.ts +1 -1
- package/ts/{smartproxy/forwarding → forwarding/config}/domain-manager.ts +8 -8
- package/ts/{smartproxy/types/forwarding.types.ts → forwarding/config/forwarding-types.ts} +6 -6
- package/ts/forwarding/config/index.ts +7 -0
- package/ts/{smartproxy/forwarding/forwarding.factory.ts → forwarding/factory/forwarding-factory.ts} +12 -11
- package/ts/forwarding/factory/index.ts +5 -0
- package/ts/{smartproxy/forwarding/forwarding.handler.ts → forwarding/handlers/base-handler.ts} +2 -2
- package/ts/{smartproxy/forwarding/http.handler.ts → forwarding/handlers/http-handler.ts} +13 -4
- package/ts/{smartproxy/forwarding/https-passthrough.handler.ts → forwarding/handlers/https-passthrough-handler.ts} +13 -4
- package/ts/{smartproxy/forwarding/https-terminate-to-http.handler.ts → forwarding/handlers/https-terminate-to-http-handler.ts} +3 -3
- package/ts/{smartproxy/forwarding/https-terminate-to-https.handler.ts → forwarding/handlers/https-terminate-to-https-handler.ts} +3 -3
- package/ts/forwarding/handlers/index.ts +9 -0
- package/ts/forwarding/index.ts +34 -0
- package/ts/http/index.ts +23 -0
- package/ts/http/models/http-types.ts +105 -0
- package/ts/http/port80/acme-interfaces.ts +85 -0
- package/ts/http/port80/challenge-responder.ts +246 -0
- package/ts/http/port80/index.ts +13 -0
- package/ts/{port80handler/classes.port80handler.ts → http/port80/port80-handler.ts} +164 -161
- package/ts/http/redirects/index.ts +3 -0
- package/ts/http/router/index.ts +5 -0
- package/ts/{classes.router.ts → http/router/proxy-router.ts} +27 -20
- package/ts/index.ts +32 -9
- package/ts/plugins.ts +2 -1
- package/ts/proxies/index.ts +8 -0
- package/ts/{networkproxy/classes.np.certificatemanager.ts → proxies/network-proxy/certificate-manager.ts} +17 -16
- package/ts/{networkproxy/classes.np.connectionpool.ts → proxies/network-proxy/connection-pool.ts} +3 -3
- package/ts/proxies/network-proxy/index.ts +13 -0
- package/ts/proxies/network-proxy/models/index.ts +4 -0
- package/ts/{networkproxy/classes.np.types.ts → proxies/network-proxy/models/types.ts} +7 -11
- package/ts/{networkproxy/classes.np.networkproxy.ts → proxies/network-proxy/network-proxy.ts} +31 -24
- package/ts/{networkproxy/classes.np.requesthandler.ts → proxies/network-proxy/request-handler.ts} +12 -7
- package/ts/{networkproxy/classes.np.websockethandler.ts → proxies/network-proxy/websocket-handler.ts} +6 -6
- package/ts/proxies/nftables-proxy/index.ts +5 -0
- package/ts/proxies/nftables-proxy/models/errors.ts +30 -0
- package/ts/proxies/nftables-proxy/models/index.ts +5 -0
- package/ts/proxies/nftables-proxy/models/interfaces.ts +94 -0
- package/ts/{nfttablesproxy/classes.nftablesproxy.ts → proxies/nftables-proxy/nftables-proxy.ts} +24 -126
- package/ts/{smartproxy/classes.pp.connectionhandler.ts → proxies/smart-proxy/connection-handler.ts} +12 -12
- package/ts/{smartproxy/classes.pp.connectionmanager.ts → proxies/smart-proxy/connection-manager.ts} +8 -8
- package/ts/{smartproxy/classes.pp.domainconfigmanager.ts → proxies/smart-proxy/domain-config-manager.ts} +15 -14
- package/ts/proxies/smart-proxy/index.ts +18 -0
- package/ts/proxies/smart-proxy/models/index.ts +4 -0
- package/ts/{smartproxy/classes.pp.interfaces.ts → proxies/smart-proxy/models/interfaces.ts} +12 -8
- package/ts/{smartproxy/classes.pp.networkproxybridge.ts → proxies/smart-proxy/network-proxy-bridge.ts} +14 -14
- package/ts/{smartproxy/classes.pp.portrangemanager.ts → proxies/smart-proxy/port-range-manager.ts} +1 -1
- package/ts/{smartproxy/classes.pp.securitymanager.ts → proxies/smart-proxy/security-manager.ts} +3 -3
- package/ts/{smartproxy/classes.smartproxy.ts → proxies/smart-proxy/smart-proxy.ts} +29 -24
- package/ts/{smartproxy/classes.pp.timeoutmanager.ts → proxies/smart-proxy/timeout-manager.ts} +3 -3
- package/ts/{smartproxy/classes.pp.tlsmanager.ts → proxies/smart-proxy/tls-manager.ts} +3 -3
- package/ts/tls/alerts/index.ts +3 -0
- package/ts/{smartproxy/classes.pp.tlsalert.ts → tls/alerts/tls-alert.ts} +44 -43
- package/ts/tls/index.ts +33 -0
- package/ts/tls/sni/client-hello-parser.ts +629 -0
- package/ts/tls/sni/index.ts +3 -0
- package/ts/tls/sni/sni-extraction.ts +353 -0
- package/ts/tls/sni/sni-handler.ts +264 -0
- package/ts/tls/utils/index.ts +3 -0
- package/ts/tls/utils/tls-utils.ts +201 -0
- package/ts/common/acmeFactory.ts +0 -23
- package/ts/helpers.certificates.ts +0 -30
- package/ts/networkproxy/index.ts +0 -7
- package/ts/smartproxy/classes.pp.certprovisioner.ts +0 -200
- package/ts/smartproxy/classes.pp.snihandler.ts +0 -1281
- package/ts/smartproxy/forwarding/index.ts +0 -52
|
@@ -0,0 +1,201 @@
|
|
|
1
|
+
import * as plugins from '../../plugins.js';
|
|
2
|
+
|
|
3
|
+
/**
|
|
4
|
+
* TLS record types as defined in various RFCs
|
|
5
|
+
*/
|
|
6
|
+
export enum TlsRecordType {
|
|
7
|
+
CHANGE_CIPHER_SPEC = 20,
|
|
8
|
+
ALERT = 21,
|
|
9
|
+
HANDSHAKE = 22,
|
|
10
|
+
APPLICATION_DATA = 23,
|
|
11
|
+
HEARTBEAT = 24, // RFC 6520
|
|
12
|
+
}
|
|
13
|
+
|
|
14
|
+
/**
|
|
15
|
+
* TLS handshake message types
|
|
16
|
+
*/
|
|
17
|
+
export enum TlsHandshakeType {
|
|
18
|
+
HELLO_REQUEST = 0,
|
|
19
|
+
CLIENT_HELLO = 1,
|
|
20
|
+
SERVER_HELLO = 2,
|
|
21
|
+
NEW_SESSION_TICKET = 4,
|
|
22
|
+
ENCRYPTED_EXTENSIONS = 8, // TLS 1.3
|
|
23
|
+
CERTIFICATE = 11,
|
|
24
|
+
SERVER_KEY_EXCHANGE = 12,
|
|
25
|
+
CERTIFICATE_REQUEST = 13,
|
|
26
|
+
SERVER_HELLO_DONE = 14,
|
|
27
|
+
CERTIFICATE_VERIFY = 15,
|
|
28
|
+
CLIENT_KEY_EXCHANGE = 16,
|
|
29
|
+
FINISHED = 20,
|
|
30
|
+
}
|
|
31
|
+
|
|
32
|
+
/**
|
|
33
|
+
* TLS extension types
|
|
34
|
+
*/
|
|
35
|
+
export enum TlsExtensionType {
|
|
36
|
+
SERVER_NAME = 0, // SNI
|
|
37
|
+
MAX_FRAGMENT_LENGTH = 1,
|
|
38
|
+
CLIENT_CERTIFICATE_URL = 2,
|
|
39
|
+
TRUSTED_CA_KEYS = 3,
|
|
40
|
+
TRUNCATED_HMAC = 4,
|
|
41
|
+
STATUS_REQUEST = 5, // OCSP
|
|
42
|
+
SUPPORTED_GROUPS = 10, // Previously named "elliptic_curves"
|
|
43
|
+
EC_POINT_FORMATS = 11,
|
|
44
|
+
SIGNATURE_ALGORITHMS = 13,
|
|
45
|
+
APPLICATION_LAYER_PROTOCOL_NEGOTIATION = 16, // ALPN
|
|
46
|
+
SIGNED_CERTIFICATE_TIMESTAMP = 18, // Certificate Transparency
|
|
47
|
+
PADDING = 21,
|
|
48
|
+
SESSION_TICKET = 35,
|
|
49
|
+
PRE_SHARED_KEY = 41, // TLS 1.3
|
|
50
|
+
EARLY_DATA = 42, // TLS 1.3 0-RTT
|
|
51
|
+
SUPPORTED_VERSIONS = 43, // TLS 1.3
|
|
52
|
+
COOKIE = 44, // TLS 1.3
|
|
53
|
+
PSK_KEY_EXCHANGE_MODES = 45, // TLS 1.3
|
|
54
|
+
CERTIFICATE_AUTHORITIES = 47, // TLS 1.3
|
|
55
|
+
POST_HANDSHAKE_AUTH = 49, // TLS 1.3
|
|
56
|
+
SIGNATURE_ALGORITHMS_CERT = 50, // TLS 1.3
|
|
57
|
+
KEY_SHARE = 51, // TLS 1.3
|
|
58
|
+
}
|
|
59
|
+
|
|
60
|
+
/**
|
|
61
|
+
* TLS alert levels
|
|
62
|
+
*/
|
|
63
|
+
export enum TlsAlertLevel {
|
|
64
|
+
WARNING = 1,
|
|
65
|
+
FATAL = 2,
|
|
66
|
+
}
|
|
67
|
+
|
|
68
|
+
/**
|
|
69
|
+
* TLS alert description codes
|
|
70
|
+
*/
|
|
71
|
+
export enum TlsAlertDescription {
|
|
72
|
+
CLOSE_NOTIFY = 0,
|
|
73
|
+
UNEXPECTED_MESSAGE = 10,
|
|
74
|
+
BAD_RECORD_MAC = 20,
|
|
75
|
+
DECRYPTION_FAILED = 21, // TLS 1.0 only
|
|
76
|
+
RECORD_OVERFLOW = 22,
|
|
77
|
+
DECOMPRESSION_FAILURE = 30, // TLS 1.2 and below
|
|
78
|
+
HANDSHAKE_FAILURE = 40,
|
|
79
|
+
NO_CERTIFICATE = 41, // SSLv3 only
|
|
80
|
+
BAD_CERTIFICATE = 42,
|
|
81
|
+
UNSUPPORTED_CERTIFICATE = 43,
|
|
82
|
+
CERTIFICATE_REVOKED = 44,
|
|
83
|
+
CERTIFICATE_EXPIRED = 45,
|
|
84
|
+
CERTIFICATE_UNKNOWN = 46,
|
|
85
|
+
ILLEGAL_PARAMETER = 47,
|
|
86
|
+
UNKNOWN_CA = 48,
|
|
87
|
+
ACCESS_DENIED = 49,
|
|
88
|
+
DECODE_ERROR = 50,
|
|
89
|
+
DECRYPT_ERROR = 51,
|
|
90
|
+
EXPORT_RESTRICTION = 60, // TLS 1.0 only
|
|
91
|
+
PROTOCOL_VERSION = 70,
|
|
92
|
+
INSUFFICIENT_SECURITY = 71,
|
|
93
|
+
INTERNAL_ERROR = 80,
|
|
94
|
+
INAPPROPRIATE_FALLBACK = 86,
|
|
95
|
+
USER_CANCELED = 90,
|
|
96
|
+
NO_RENEGOTIATION = 100, // TLS 1.2 and below
|
|
97
|
+
MISSING_EXTENSION = 109, // TLS 1.3
|
|
98
|
+
UNSUPPORTED_EXTENSION = 110, // TLS 1.3
|
|
99
|
+
CERTIFICATE_REQUIRED = 111, // TLS 1.3
|
|
100
|
+
UNRECOGNIZED_NAME = 112,
|
|
101
|
+
BAD_CERTIFICATE_STATUS_RESPONSE = 113,
|
|
102
|
+
BAD_CERTIFICATE_HASH_VALUE = 114, // TLS 1.2 and below
|
|
103
|
+
UNKNOWN_PSK_IDENTITY = 115,
|
|
104
|
+
CERTIFICATE_REQUIRED_1_3 = 116, // TLS 1.3
|
|
105
|
+
NO_APPLICATION_PROTOCOL = 120,
|
|
106
|
+
}
|
|
107
|
+
|
|
108
|
+
/**
|
|
109
|
+
* TLS version codes (major.minor)
|
|
110
|
+
*/
|
|
111
|
+
export const TlsVersion = {
|
|
112
|
+
SSL3: [0x03, 0x00],
|
|
113
|
+
TLS1_0: [0x03, 0x01],
|
|
114
|
+
TLS1_1: [0x03, 0x02],
|
|
115
|
+
TLS1_2: [0x03, 0x03],
|
|
116
|
+
TLS1_3: [0x03, 0x04],
|
|
117
|
+
};
|
|
118
|
+
|
|
119
|
+
/**
|
|
120
|
+
* Utility functions for TLS protocol operations
|
|
121
|
+
*/
|
|
122
|
+
export class TlsUtils {
|
|
123
|
+
/**
|
|
124
|
+
* Checks if a buffer contains a TLS handshake record
|
|
125
|
+
* @param buffer The buffer to check
|
|
126
|
+
* @returns true if the buffer starts with a TLS handshake record
|
|
127
|
+
*/
|
|
128
|
+
public static isTlsHandshake(buffer: Buffer): boolean {
|
|
129
|
+
return buffer.length > 0 && buffer[0] === TlsRecordType.HANDSHAKE;
|
|
130
|
+
}
|
|
131
|
+
|
|
132
|
+
/**
|
|
133
|
+
* Checks if a buffer contains TLS application data
|
|
134
|
+
* @param buffer The buffer to check
|
|
135
|
+
* @returns true if the buffer starts with a TLS application data record
|
|
136
|
+
*/
|
|
137
|
+
public static isTlsApplicationData(buffer: Buffer): boolean {
|
|
138
|
+
return buffer.length > 0 && buffer[0] === TlsRecordType.APPLICATION_DATA;
|
|
139
|
+
}
|
|
140
|
+
|
|
141
|
+
/**
|
|
142
|
+
* Checks if a buffer contains a TLS alert record
|
|
143
|
+
* @param buffer The buffer to check
|
|
144
|
+
* @returns true if the buffer starts with a TLS alert record
|
|
145
|
+
*/
|
|
146
|
+
public static isTlsAlert(buffer: Buffer): boolean {
|
|
147
|
+
return buffer.length > 0 && buffer[0] === TlsRecordType.ALERT;
|
|
148
|
+
}
|
|
149
|
+
|
|
150
|
+
/**
|
|
151
|
+
* Checks if a buffer contains a TLS ClientHello message
|
|
152
|
+
* @param buffer The buffer to check
|
|
153
|
+
* @returns true if the buffer appears to be a ClientHello message
|
|
154
|
+
*/
|
|
155
|
+
public static isClientHello(buffer: Buffer): boolean {
|
|
156
|
+
// Minimum ClientHello size (TLS record header + handshake header)
|
|
157
|
+
if (buffer.length < 9) {
|
|
158
|
+
return false;
|
|
159
|
+
}
|
|
160
|
+
|
|
161
|
+
// Check record type (must be TLS_HANDSHAKE_RECORD_TYPE)
|
|
162
|
+
if (buffer[0] !== TlsRecordType.HANDSHAKE) {
|
|
163
|
+
return false;
|
|
164
|
+
}
|
|
165
|
+
|
|
166
|
+
// Skip version and length in TLS record header (5 bytes total)
|
|
167
|
+
// Check handshake type at byte 5 (must be CLIENT_HELLO)
|
|
168
|
+
return buffer[5] === TlsHandshakeType.CLIENT_HELLO;
|
|
169
|
+
}
|
|
170
|
+
|
|
171
|
+
/**
|
|
172
|
+
* Gets the record length from a TLS record header
|
|
173
|
+
* @param buffer Buffer containing a TLS record
|
|
174
|
+
* @returns The record length if the buffer is valid, -1 otherwise
|
|
175
|
+
*/
|
|
176
|
+
public static getTlsRecordLength(buffer: Buffer): number {
|
|
177
|
+
if (buffer.length < 5) {
|
|
178
|
+
return -1;
|
|
179
|
+
}
|
|
180
|
+
|
|
181
|
+
// Bytes 3-4 contain the record length (big-endian)
|
|
182
|
+
return (buffer[3] << 8) + buffer[4];
|
|
183
|
+
}
|
|
184
|
+
|
|
185
|
+
/**
|
|
186
|
+
* Creates a connection ID based on source/destination information
|
|
187
|
+
* Used to track fragmented ClientHello messages across multiple packets
|
|
188
|
+
*
|
|
189
|
+
* @param connectionInfo Object containing connection identifiers
|
|
190
|
+
* @returns A string ID for the connection
|
|
191
|
+
*/
|
|
192
|
+
public static createConnectionId(connectionInfo: {
|
|
193
|
+
sourceIp?: string;
|
|
194
|
+
sourcePort?: number;
|
|
195
|
+
destIp?: string;
|
|
196
|
+
destPort?: number;
|
|
197
|
+
}): string {
|
|
198
|
+
const { sourceIp, sourcePort, destIp, destPort } = connectionInfo;
|
|
199
|
+
return `${sourceIp}:${sourcePort}-${destIp}:${destPort}`;
|
|
200
|
+
}
|
|
201
|
+
}
|
package/ts/common/acmeFactory.ts
DELETED
|
@@ -1,23 +0,0 @@
|
|
|
1
|
-
import * as fs from 'fs';
|
|
2
|
-
import * as path from 'path';
|
|
3
|
-
import type { IAcmeOptions } from './types.js';
|
|
4
|
-
import { Port80Handler } from '../port80handler/classes.port80handler.js';
|
|
5
|
-
|
|
6
|
-
/**
|
|
7
|
-
* Factory to create a Port80Handler with common setup.
|
|
8
|
-
* Ensures the certificate store directory exists and instantiates the handler.
|
|
9
|
-
* @param options Port80Handler configuration options
|
|
10
|
-
* @returns A new Port80Handler instance
|
|
11
|
-
*/
|
|
12
|
-
export function buildPort80Handler(
|
|
13
|
-
options: IAcmeOptions
|
|
14
|
-
): Port80Handler {
|
|
15
|
-
if (options.certificateStore) {
|
|
16
|
-
const certStorePath = path.resolve(options.certificateStore);
|
|
17
|
-
if (!fs.existsSync(certStorePath)) {
|
|
18
|
-
fs.mkdirSync(certStorePath, { recursive: true });
|
|
19
|
-
console.log(`Created certificate store directory: ${certStorePath}`);
|
|
20
|
-
}
|
|
21
|
-
}
|
|
22
|
-
return new Port80Handler(options);
|
|
23
|
-
}
|
|
@@ -1,30 +0,0 @@
|
|
|
1
|
-
import * as fs from 'fs';
|
|
2
|
-
import * as path from 'path';
|
|
3
|
-
import { fileURLToPath } from 'url';
|
|
4
|
-
|
|
5
|
-
const __dirname = path.dirname(fileURLToPath(import.meta.url));
|
|
6
|
-
|
|
7
|
-
export interface ICertificates {
|
|
8
|
-
privateKey: string;
|
|
9
|
-
publicKey: string;
|
|
10
|
-
}
|
|
11
|
-
|
|
12
|
-
export function loadDefaultCertificates(): ICertificates {
|
|
13
|
-
try {
|
|
14
|
-
const certPath = path.join(__dirname, '..', 'assets', 'certs');
|
|
15
|
-
const privateKey = fs.readFileSync(path.join(certPath, 'key.pem'), 'utf8');
|
|
16
|
-
const publicKey = fs.readFileSync(path.join(certPath, 'cert.pem'), 'utf8');
|
|
17
|
-
|
|
18
|
-
if (!privateKey || !publicKey) {
|
|
19
|
-
throw new Error('Failed to load default certificates');
|
|
20
|
-
}
|
|
21
|
-
|
|
22
|
-
return {
|
|
23
|
-
privateKey,
|
|
24
|
-
publicKey
|
|
25
|
-
};
|
|
26
|
-
} catch (error) {
|
|
27
|
-
console.error('Error loading default certificates:', error);
|
|
28
|
-
throw error;
|
|
29
|
-
}
|
|
30
|
-
}
|
package/ts/networkproxy/index.ts
DELETED
|
@@ -1,7 +0,0 @@
|
|
|
1
|
-
// Re-export all components for easier imports
|
|
2
|
-
export * from './classes.np.types.js';
|
|
3
|
-
export * from './classes.np.certificatemanager.js';
|
|
4
|
-
export * from './classes.np.connectionpool.js';
|
|
5
|
-
export * from './classes.np.requesthandler.js';
|
|
6
|
-
export * from './classes.np.websockethandler.js';
|
|
7
|
-
export * from './classes.np.networkproxy.js';
|
|
@@ -1,200 +0,0 @@
|
|
|
1
|
-
import * as plugins from '../plugins.js';
|
|
2
|
-
import type { IDomainConfig, ISmartProxyCertProvisionObject } from './classes.pp.interfaces.js';
|
|
3
|
-
import { Port80Handler } from '../port80handler/classes.port80handler.js';
|
|
4
|
-
import { Port80HandlerEvents } from '../common/types.js';
|
|
5
|
-
import { subscribeToPort80Handler } from '../common/eventUtils.js';
|
|
6
|
-
import type { ICertificateData } from '../common/types.js';
|
|
7
|
-
import type { NetworkProxyBridge } from './classes.pp.networkproxybridge.js';
|
|
8
|
-
|
|
9
|
-
/**
|
|
10
|
-
* CertProvisioner manages certificate provisioning and renewal workflows,
|
|
11
|
-
* unifying static certificates and HTTP-01 challenges via Port80Handler.
|
|
12
|
-
*/
|
|
13
|
-
export class CertProvisioner extends plugins.EventEmitter {
|
|
14
|
-
private domainConfigs: IDomainConfig[];
|
|
15
|
-
private port80Handler: Port80Handler;
|
|
16
|
-
private networkProxyBridge: NetworkProxyBridge;
|
|
17
|
-
private certProvisionFunction?: (domain: string) => Promise<ISmartProxyCertProvisionObject>;
|
|
18
|
-
private forwardConfigs: Array<{ domain: string; forwardConfig?: { ip: string; port: number }; acmeForwardConfig?: { ip: string; port: number }; sslRedirect: boolean }>;
|
|
19
|
-
private renewThresholdDays: number;
|
|
20
|
-
private renewCheckIntervalHours: number;
|
|
21
|
-
private autoRenew: boolean;
|
|
22
|
-
private renewManager?: plugins.taskbuffer.TaskManager;
|
|
23
|
-
// Track provisioning type per domain: 'http01' or 'static'
|
|
24
|
-
private provisionMap: Map<string, 'http01' | 'static'>;
|
|
25
|
-
|
|
26
|
-
/**
|
|
27
|
-
* @param domainConfigs Array of domain configuration objects
|
|
28
|
-
* @param port80Handler HTTP-01 challenge handler instance
|
|
29
|
-
* @param networkProxyBridge Bridge for applying external certificates
|
|
30
|
-
* @param certProvider Optional callback returning a static cert or 'http01'
|
|
31
|
-
* @param renewThresholdDays Days before expiry to trigger renewals
|
|
32
|
-
* @param renewCheckIntervalHours Interval in hours to check for renewals
|
|
33
|
-
* @param autoRenew Whether to automatically schedule renewals
|
|
34
|
-
*/
|
|
35
|
-
constructor(
|
|
36
|
-
domainConfigs: IDomainConfig[],
|
|
37
|
-
port80Handler: Port80Handler,
|
|
38
|
-
networkProxyBridge: NetworkProxyBridge,
|
|
39
|
-
certProvider?: (domain: string) => Promise<ISmartProxyCertProvisionObject>,
|
|
40
|
-
renewThresholdDays: number = 30,
|
|
41
|
-
renewCheckIntervalHours: number = 24,
|
|
42
|
-
autoRenew: boolean = true,
|
|
43
|
-
forwardConfigs: Array<{ domain: string; forwardConfig?: { ip: string; port: number }; acmeForwardConfig?: { ip: string; port: number }; sslRedirect: boolean }> = []
|
|
44
|
-
) {
|
|
45
|
-
super();
|
|
46
|
-
this.domainConfigs = domainConfigs;
|
|
47
|
-
this.port80Handler = port80Handler;
|
|
48
|
-
this.networkProxyBridge = networkProxyBridge;
|
|
49
|
-
this.certProvisionFunction = certProvider;
|
|
50
|
-
this.renewThresholdDays = renewThresholdDays;
|
|
51
|
-
this.renewCheckIntervalHours = renewCheckIntervalHours;
|
|
52
|
-
this.autoRenew = autoRenew;
|
|
53
|
-
this.provisionMap = new Map();
|
|
54
|
-
this.forwardConfigs = forwardConfigs;
|
|
55
|
-
}
|
|
56
|
-
|
|
57
|
-
/**
|
|
58
|
-
* Start initial provisioning and schedule renewals.
|
|
59
|
-
*/
|
|
60
|
-
public async start(): Promise<void> {
|
|
61
|
-
// Subscribe to Port80Handler certificate events
|
|
62
|
-
subscribeToPort80Handler(this.port80Handler, {
|
|
63
|
-
onCertificateIssued: (data: ICertificateData) => {
|
|
64
|
-
this.emit('certificate', { ...data, source: 'http01', isRenewal: false });
|
|
65
|
-
},
|
|
66
|
-
onCertificateRenewed: (data: ICertificateData) => {
|
|
67
|
-
this.emit('certificate', { ...data, source: 'http01', isRenewal: true });
|
|
68
|
-
}
|
|
69
|
-
});
|
|
70
|
-
|
|
71
|
-
// Apply external forwarding for ACME challenges (e.g. Synology)
|
|
72
|
-
for (const f of this.forwardConfigs) {
|
|
73
|
-
this.port80Handler.addDomain({
|
|
74
|
-
domainName: f.domain,
|
|
75
|
-
sslRedirect: f.sslRedirect,
|
|
76
|
-
acmeMaintenance: false,
|
|
77
|
-
forward: f.forwardConfig,
|
|
78
|
-
acmeForward: f.acmeForwardConfig
|
|
79
|
-
});
|
|
80
|
-
}
|
|
81
|
-
// Initial provisioning for all domains
|
|
82
|
-
const domains = this.domainConfigs.flatMap(cfg => cfg.domains);
|
|
83
|
-
for (const domain of domains) {
|
|
84
|
-
const isWildcard = domain.includes('*');
|
|
85
|
-
let provision: ISmartProxyCertProvisionObject | 'http01' = 'http01';
|
|
86
|
-
if (this.certProvisionFunction) {
|
|
87
|
-
try {
|
|
88
|
-
provision = await this.certProvisionFunction(domain);
|
|
89
|
-
} catch (err) {
|
|
90
|
-
console.error(`certProvider error for ${domain}:`, err);
|
|
91
|
-
}
|
|
92
|
-
} else if (isWildcard) {
|
|
93
|
-
// No certProvider: cannot handle wildcard without DNS-01 support
|
|
94
|
-
console.warn(`Skipping wildcard domain without certProvisionFunction: ${domain}`);
|
|
95
|
-
continue;
|
|
96
|
-
}
|
|
97
|
-
if (provision === 'http01') {
|
|
98
|
-
if (isWildcard) {
|
|
99
|
-
console.warn(`Skipping HTTP-01 for wildcard domain: ${domain}`);
|
|
100
|
-
continue;
|
|
101
|
-
}
|
|
102
|
-
this.provisionMap.set(domain, 'http01');
|
|
103
|
-
this.port80Handler.addDomain({ domainName: domain, sslRedirect: true, acmeMaintenance: true });
|
|
104
|
-
} else {
|
|
105
|
-
// Static certificate (e.g., DNS-01 provisioned or user-provided) supports wildcard domains
|
|
106
|
-
this.provisionMap.set(domain, 'static');
|
|
107
|
-
const certObj = provision as plugins.tsclass.network.ICert;
|
|
108
|
-
const certData: ICertificateData = {
|
|
109
|
-
domain: certObj.domainName,
|
|
110
|
-
certificate: certObj.publicKey,
|
|
111
|
-
privateKey: certObj.privateKey,
|
|
112
|
-
expiryDate: new Date(certObj.validUntil)
|
|
113
|
-
};
|
|
114
|
-
this.networkProxyBridge.applyExternalCertificate(certData);
|
|
115
|
-
this.emit('certificate', { ...certData, source: 'static', isRenewal: false });
|
|
116
|
-
}
|
|
117
|
-
}
|
|
118
|
-
|
|
119
|
-
// Schedule renewals if enabled
|
|
120
|
-
if (this.autoRenew) {
|
|
121
|
-
this.renewManager = new plugins.taskbuffer.TaskManager();
|
|
122
|
-
const renewTask = new plugins.taskbuffer.Task({
|
|
123
|
-
name: 'CertificateRenewals',
|
|
124
|
-
taskFunction: async () => {
|
|
125
|
-
for (const [domain, type] of this.provisionMap.entries()) {
|
|
126
|
-
// Skip wildcard domains
|
|
127
|
-
if (domain.includes('*')) continue;
|
|
128
|
-
try {
|
|
129
|
-
if (type === 'http01') {
|
|
130
|
-
await this.port80Handler.renewCertificate(domain);
|
|
131
|
-
} else if (type === 'static' && this.certProvisionFunction) {
|
|
132
|
-
const provision2 = await this.certProvisionFunction(domain);
|
|
133
|
-
if (provision2 !== 'http01') {
|
|
134
|
-
const certObj = provision2 as plugins.tsclass.network.ICert;
|
|
135
|
-
const certData: ICertificateData = {
|
|
136
|
-
domain: certObj.domainName,
|
|
137
|
-
certificate: certObj.publicKey,
|
|
138
|
-
privateKey: certObj.privateKey,
|
|
139
|
-
expiryDate: new Date(certObj.validUntil)
|
|
140
|
-
};
|
|
141
|
-
this.networkProxyBridge.applyExternalCertificate(certData);
|
|
142
|
-
this.emit('certificate', { ...certData, source: 'static', isRenewal: true });
|
|
143
|
-
}
|
|
144
|
-
}
|
|
145
|
-
} catch (err) {
|
|
146
|
-
console.error(`Renewal error for ${domain}:`, err);
|
|
147
|
-
}
|
|
148
|
-
}
|
|
149
|
-
}
|
|
150
|
-
});
|
|
151
|
-
const hours = this.renewCheckIntervalHours;
|
|
152
|
-
const cronExpr = `0 0 */${hours} * * *`;
|
|
153
|
-
this.renewManager.addAndScheduleTask(renewTask, cronExpr);
|
|
154
|
-
this.renewManager.start();
|
|
155
|
-
}
|
|
156
|
-
}
|
|
157
|
-
|
|
158
|
-
/**
|
|
159
|
-
* Stop all scheduled renewal tasks.
|
|
160
|
-
*/
|
|
161
|
-
public async stop(): Promise<void> {
|
|
162
|
-
// Stop scheduled renewals
|
|
163
|
-
if (this.renewManager) {
|
|
164
|
-
this.renewManager.stop();
|
|
165
|
-
}
|
|
166
|
-
}
|
|
167
|
-
|
|
168
|
-
/**
|
|
169
|
-
* Request a certificate on-demand for the given domain.
|
|
170
|
-
* @param domain Domain name to provision
|
|
171
|
-
*/
|
|
172
|
-
public async requestCertificate(domain: string): Promise<void> {
|
|
173
|
-
const isWildcard = domain.includes('*');
|
|
174
|
-
// Determine provisioning method
|
|
175
|
-
let provision: ISmartProxyCertProvisionObject | 'http01' = 'http01';
|
|
176
|
-
if (this.certProvisionFunction) {
|
|
177
|
-
provision = await this.certProvisionFunction(domain);
|
|
178
|
-
} else if (isWildcard) {
|
|
179
|
-
// Cannot perform HTTP-01 on wildcard without certProvider
|
|
180
|
-
throw new Error(`Cannot request certificate for wildcard domain without certProvisionFunction: ${domain}`);
|
|
181
|
-
}
|
|
182
|
-
if (provision === 'http01') {
|
|
183
|
-
if (isWildcard) {
|
|
184
|
-
throw new Error(`Cannot request HTTP-01 certificate for wildcard domain: ${domain}`);
|
|
185
|
-
}
|
|
186
|
-
await this.port80Handler.renewCertificate(domain);
|
|
187
|
-
} else {
|
|
188
|
-
// Static certificate (e.g., DNS-01 provisioned) supports wildcards
|
|
189
|
-
const certObj = provision as plugins.tsclass.network.ICert;
|
|
190
|
-
const certData: ICertificateData = {
|
|
191
|
-
domain: certObj.domainName,
|
|
192
|
-
certificate: certObj.publicKey,
|
|
193
|
-
privateKey: certObj.privateKey,
|
|
194
|
-
expiryDate: new Date(certObj.validUntil)
|
|
195
|
-
};
|
|
196
|
-
this.networkProxyBridge.applyExternalCertificate(certData);
|
|
197
|
-
this.emit('certificate', { ...certData, source: 'static', isRenewal: false });
|
|
198
|
-
}
|
|
199
|
-
}
|
|
200
|
-
}
|