@push.rocks/smartproxy 25.17.10 → 26.1.0

package/dist_ts/protocols/tls/sni/sni-extraction.js

@@ -1,275 +0,0 @@
-import { Buffer } from 'node:buffer';
-import { TlsExtensionType, TlsUtils } from '../utils/tls-utils.js';
-import { ClientHelloParser } from './client-hello-parser.js';
-/**
- * Utilities for extracting SNI information from TLS handshakes
- */
-export class SniExtraction {
-    /**
-     * Extracts the SNI (Server Name Indication) from a TLS ClientHello message.
-     *
-     * @param buffer The buffer containing the TLS ClientHello message
-     * @param logger Optional logging function
-     * @returns The extracted server name or undefined if not found
-     */
-    static extractSNI(buffer, logger) {
-        const log = logger || (() => { });
-        try {
-            // Parse the ClientHello
-            const parseResult = ClientHelloParser.parseClientHello(buffer, logger);
-            if (!parseResult.isValid) {
-                log(`Failed to parse ClientHello: ${parseResult.error}`);
-                return undefined;
-            }
-            // Check if ServerName extension was found
-            if (parseResult.serverNameList && parseResult.serverNameList.length > 0) {
-                // Use the first hostname (most common case)
-                const serverName = parseResult.serverNameList[0];
-                log(`Found SNI: ${serverName}`);
-                return serverName;
-            }
-            log('No SNI extension found in ClientHello');
-            return undefined;
-        }
-        catch (error) {
-            log(`Error extracting SNI: ${error instanceof Error ? error.message : String(error)}`);
-            return undefined;
-        }
-    }
-    /**
-     * Attempts to extract SNI from the PSK extension in a TLS 1.3 ClientHello.
-     *
-     * In TLS 1.3, when a client attempts to resume a session, it may include
-     * the server name in the PSK identity hint rather than in the SNI extension.
-     *
-     * @param buffer The buffer containing the TLS ClientHello message
-     * @param logger Optional logging function
-     * @returns The extracted server name or undefined if not found
-     */
-    static extractSNIFromPSKExtension(buffer, logger) {
-        const log = logger || (() => { });
-        try {
-            // Ensure this is a ClientHello
-            if (!TlsUtils.isClientHello(buffer)) {
-                log('Not a ClientHello message');
-                return undefined;
-            }
-            // Parse the ClientHello to find PSK extension
-            const parseResult = ClientHelloParser.parseClientHello(buffer, logger);
-            if (!parseResult.isValid || !parseResult.extensions) {
-                return undefined;
-            }
-            // Find the PSK extension
-            const pskExtension = parseResult.extensions.find(ext => ext.type === TlsExtensionType.PRE_SHARED_KEY);
-            if (!pskExtension) {
-                log('No PSK extension found');
-                return undefined;
-            }
-            // Parse the PSK extension data
-            const data = pskExtension.data;
-            // PSK extension structure:
-            // 2 bytes: identities list length
-            if (data.length < 2)
-                return undefined;
-            const identitiesLength = (data[0] << 8) + data[1];
-            let pos = 2;
-            // End of identities list
-            const identitiesEnd = pos + identitiesLength;
-            if (identitiesEnd > data.length)
-                return undefined;
-            // Process each PSK identity
-            while (pos + 2 <= identitiesEnd) {
-                // Identity length (2 bytes)
-                if (pos + 2 > identitiesEnd)
-                    break;
-                const identityLength = (data[pos] << 8) + data[pos + 1];
-                pos += 2;
-                if (pos + identityLength > identitiesEnd)
-                    break;
-                // Try to extract hostname from identity
-                // Chrome often embeds the hostname in the PSK identity
-                // This is a heuristic as there's no standard format
-                if (identityLength > 0) {
-                    const identity = data.slice(pos, pos + identityLength);
-                    // Skip identity bytes
-                    pos += identityLength;
-                    // Skip obfuscated ticket age (4 bytes)
-                    if (pos + 4 <= identitiesEnd) {
-                        pos += 4;
-                    }
-                    else {
-                        break;
-                    }
-                    // Try to parse the identity as UTF-8
-                    try {
-                        const identityStr = identity.toString('utf8');
-                        log(`PSK identity: ${identityStr}`);
-                        // Check if the identity contains hostname hints
-                        // Chrome often embeds the hostname in a known format
-                        // Try to extract using common patterns
-                        // Pattern 1: Look for domain name pattern
-                        const domainPattern = /([a-z0-9]([a-z0-9-]{0,61}[a-z0-9])?\.)+[a-z0-9]([a-z0-9-]{0,61}[a-z0-9])?/i;
-                        const domainMatch = identityStr.match(domainPattern);
-                        if (domainMatch && domainMatch[0]) {
-                            log(`Found domain in PSK identity: ${domainMatch[0]}`);
-                            return domainMatch[0];
-                        }
-                        // Pattern 2: Chrome sometimes uses a specific format with delimiters
-                        // This is a heuristic approach since the format isn't standardized
-                        const parts = identityStr.split('|');
-                        if (parts.length > 1) {
-                            for (const part of parts) {
-                                if (part.includes('.') && !part.includes('/')) {
-                                    const possibleDomain = part.trim();
-                                    if (/^[a-z0-9.-]+$/i.test(possibleDomain)) {
-                                        log(`Found possible domain in PSK delimiter format: ${possibleDomain}`);
-                                        return possibleDomain;
-                                    }
-                                }
-                            }
-                        }
-                    }
-                    catch (e) {
-                        log('Failed to parse PSK identity as UTF-8');
-                    }
-                }
-            }
-            log('No hostname found in PSK extension');
-            return undefined;
-        }
-        catch (error) {
-            log(`Error parsing PSK: ${error instanceof Error ? error.message : String(error)}`);
-            return undefined;
-        }
-    }
-    /**
-     * Main entry point for SNI extraction with support for fragmented messages
-     * and session resumption edge cases.
-     *
-     * @param buffer The buffer containing TLS data
-     * @param connectionInfo Connection tracking information
-     * @param logger Optional logging function
-     * @param cachedSni Optional previously cached SNI value
-     * @returns The extracted server name or undefined
-     */
-    static extractSNIWithResumptionSupport(buffer, connectionInfo, logger, cachedSni) {
-        const log = logger || (() => { });
-        // Log buffer details for debugging
-        if (logger) {
-            log(`Buffer size: ${buffer.length} bytes`);
-            log(`Buffer starts with: ${buffer.slice(0, Math.min(10, buffer.length)).toString('hex')}`);
-            if (buffer.length >= 5) {
-                const recordType = buffer[0];
-                const majorVersion = buffer[1];
-                const minorVersion = buffer[2];
-                const recordLength = (buffer[3] << 8) + buffer[4];
-                log(`TLS Record: type=${recordType}, version=${majorVersion}.${minorVersion}, length=${recordLength}`);
-            }
-        }
-        // Check if we need to handle fragmented packets
-        let processBuffer = buffer;
-        if (connectionInfo) {
-            const connectionId = TlsUtils.createConnectionId(connectionInfo);
-            const reassembledBuffer = ClientHelloParser.handleFragmentedClientHello(buffer, connectionId, logger);
-            if (!reassembledBuffer) {
-                log(`Waiting for more fragments on connection ${connectionId}`);
-                return undefined; // Need more fragments to complete ClientHello
-            }
-            processBuffer = reassembledBuffer;
-            log(`Using reassembled buffer of length ${processBuffer.length}`);
-        }
-        // First try the standard SNI extraction
-        const standardSni = this.extractSNI(processBuffer, logger);
-        if (standardSni) {
-            log(`Found standard SNI: ${standardSni}`);
-            return standardSni;
-        }
-        // Check for session resumption when standard SNI extraction fails
-        if (TlsUtils.isClientHello(processBuffer)) {
-            const resumptionInfo = ClientHelloParser.hasSessionResumption(processBuffer, logger);
-            if (resumptionInfo.isResumption) {
-                log(`Detected session resumption in ClientHello without standard SNI`);
-                // Try to extract SNI from PSK extension
-                const pskSni = this.extractSNIFromPSKExtension(processBuffer, logger);
-                if (pskSni) {
-                    log(`Extracted SNI from PSK extension: ${pskSni}`);
-                    return pskSni;
-                }
-            }
-        }
-        // If cached SNI was provided, use it for application data packets
-        if (cachedSni && TlsUtils.isTlsApplicationData(buffer)) {
-            log(`Using provided cached SNI for application data: ${cachedSni}`);
-            return cachedSni;
-        }
-        return undefined;
-    }
-    /**
-     * Unified method for processing a TLS packet and extracting SNI.
-     * Main entry point for SNI extraction that handles all edge cases.
-     *
-     * @param buffer The buffer containing TLS data
-     * @param connectionInfo Connection tracking information
-     * @param logger Optional logging function
-     * @param cachedSni Optional previously cached SNI value
-     * @returns The extracted server name or undefined
-     */
-    static processTlsPacket(buffer, connectionInfo, logger, cachedSni) {
-        const log = logger || (() => { });
-        // Add timestamp if not provided
-        if (!connectionInfo.timestamp) {
-            connectionInfo.timestamp = Date.now();
-        }
-        // Check if this is a TLS handshake or application data
-        if (!TlsUtils.isTlsHandshake(buffer) && !TlsUtils.isTlsApplicationData(buffer)) {
-            log('Not a TLS handshake or application data packet');
-            return undefined;
-        }
-        // Create connection ID for tracking
-        const connectionId = TlsUtils.createConnectionId(connectionInfo);
-        log(`Processing TLS packet for connection ${connectionId}, buffer length: ${buffer.length}`);
-        // Handle application data with cached SNI (for connection racing)
-        if (TlsUtils.isTlsApplicationData(buffer)) {
-            // If explicit cachedSni was provided, use it
-            if (cachedSni) {
-                log(`Using provided cached SNI for application data: ${cachedSni}`);
-                return cachedSni;
-            }
-            log('Application data packet without cached SNI, cannot determine hostname');
-            return undefined;
-        }
-        // Enhanced session resumption detection
-        if (TlsUtils.isClientHello(buffer)) {
-            const resumptionInfo = ClientHelloParser.hasSessionResumption(buffer, logger);
-            if (resumptionInfo.isResumption) {
-                log(`Session resumption detected in TLS packet`);
-                // Always try standard SNI extraction first
-                const standardSni = this.extractSNI(buffer, logger);
-                if (standardSni) {
-                    log(`Found standard SNI in session resumption: ${standardSni}`);
-                    return standardSni;
-                }
-                // Enhanced session resumption SNI extraction
-                // Try extracting from PSK identity
-                const pskSni = this.extractSNIFromPSKExtension(buffer, logger);
-                if (pskSni) {
-                    log(`Extracted SNI from PSK extension: ${pskSni}`);
-                    return pskSni;
-                }
-                log(`Session resumption without extractable SNI`);
-            }
-        }
-        // For handshake messages, try the full extraction process
-        const sni = this.extractSNIWithResumptionSupport(buffer, connectionInfo, logger);
-        if (sni) {
-            log(`Successfully extracted SNI: ${sni}`);
-            return sni;
-        }
-        // If we couldn't extract an SNI, check if this is a valid ClientHello
-        if (TlsUtils.isClientHello(buffer)) {
-            log('Valid ClientHello detected, but no SNI extracted - might need more data');
-        }
-        return undefined;
-    }
-}
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoic25pLWV4dHJhY3Rpb24uanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi8uLi90cy9wcm90b2NvbHMvdGxzL3NuaS9zbmktZXh0cmFjdGlvbi50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQSxPQUFPLEVBQUUsTUFBTSxFQUFFLE1BQU0sYUFBYSxDQUFDO0FBQ3JDLE9BQU8sRUFBRSxnQkFBZ0IsRUFBRSxRQUFRLEVBQUUsTUFBTSx1QkFBdUIsQ0FBQztBQUNuRSxPQUFPLEVBQ0wsaUJBQWlCLEVBRWxCLE1BQU0sMEJBQTBCLENBQUM7QUFhbEM7O0dBRUc7QUFDSCxNQUFNLE9BQU8sYUFBYTtJQUN4Qjs7Ozs7O09BTUc7SUFDSSxNQUFNLENBQUMsVUFBVSxDQUFDLE1BQWMsRUFBRSxNQUF1QjtRQUM5RCxNQUFNLEdBQUcsR0FBRyxNQUFNLElBQUksQ0FBQyxHQUFHLEVBQUUsR0FBRSxDQUFDLENBQUMsQ0FBQztRQUVqQyxJQUFJLENBQUM7WUFDSCx3QkFBd0I7WUFDeEIsTUFBTSxXQUFXLEdBQUcsaUJBQWlCLENBQUMsZ0JBQWdCLENBQUMsTUFBTSxFQUFFLE1BQU0sQ0FBQyxDQUFDO1lBQ3ZFLElBQUksQ0FBQyxXQUFXLENBQUMsT0FBTyxFQUFFLENBQUM7Z0JBQ3pCLEdBQUcsQ0FBQyxnQ0FBZ0MsV0FBVyxDQUFDLEtBQUssRUFBRSxDQUFDLENBQUM7Z0JBQ3pELE9BQU8sU0FBUyxDQUFDO1lBQ25CLENBQUM7WUFFRCwwQ0FBMEM7WUFDMUMsSUFBSSxXQUFXLENBQUMsY0FBYyxJQUFJLFdBQVcsQ0FBQyxjQUFjLENBQUMsTUFBTSxHQUFHLENBQUMsRUFBRSxDQUFDO2dCQUN4RSw0Q0FBNEM7Z0JBQzVDLE1BQU0sVUFBVSxHQUFHLFdBQVcsQ0FBQyxjQUFjLENBQUMsQ0FBQyxDQUFDLENBQUM7Z0JBQ2pELEdBQUcsQ0FBQyxjQUFjLFVBQVUsRUFBRSxDQUFDLENBQUM7Z0JBQ2hDLE9BQU8sVUFBVSxDQUFDO1lBQ3BCLENBQUM7WUFFRCxHQUFHLENBQUMsdUNBQXVDLENBQUMsQ0FBQztZQUM3QyxPQUFPLFNBQVMsQ0FBQztRQUNuQixDQUFDO1FBQUMsT0FBTyxLQUFLLEVBQUUsQ0FBQztZQUNmLEdBQUcsQ0FBQyx5QkFBeUIsS0FBSyxZQUFZLEtBQUssQ0FBQyxDQUFDLENBQUMsS0FBSyxDQUFDLE9BQU8sQ0FBQyxDQUFDLENBQUMsTUFBTSxDQUFDLEtBQUssQ0FBQyxFQUFFLENBQUMsQ0FBQztZQUN2RixPQUFPLFNBQVMsQ0FBQztRQUNuQixDQUFDO0lBQ0gsQ0FBQztJQUVEOzs7Ozs7Ozs7T0FTRztJQUNJLE1BQU0sQ0FBQywwQkFBMEIsQ0FDdEMsTUFBYyxFQUNkLE1BQXVCO1FBRXZCLE1BQU0sR0FBRyxHQUFHLE1BQU0sSUFBSSxDQUFDLEdBQUcsRUFBRSxHQUFFLENBQUMsQ0FBQyxDQUFDO1FBRWpDLElBQUksQ0FBQztZQUNILCtCQUErQjtZQUMvQixJQUFJLENBQUMsUUFBUSxDQUFDLGFBQWEsQ0FBQyxNQUFNLENBQUMsRUFBRSxDQUFDO2dCQUNwQyxHQUFHLENBQUMsMkJBQTJCLENBQUMsQ0FBQztnQkFDakMsT0FBTyxTQUFTLENBQUM7WUFDbkIsQ0FBQztZQUVELDhDQUE4QztZQUM5QyxNQUFNLFdBQVcsR0FBRyxpQkFBaUIsQ0FBQyxnQkFBZ0IsQ0FBQyxNQUFNLEVBQUUsTUFBTSxDQUFDLENBQUM7WUFDdkUsSUFBSSxDQUFDLFdBQVcsQ0FBQyxPQUFPLElBQUksQ0FBQyxXQUFXLENBQUMsVUFBVSxFQUFFLENBQUM7Z0JBQ3BELE9BQU8sU0FBUyxDQUFDO1lBQ25CLENBQUM7WUFFRCx5QkFBeUI7WUFDekIsTUFBTSxZQUFZLEdBQUcsV0FBVyxDQUFDLFVBQVUsQ0FBQyxJQUFJLENBQUMsR0FBRyxDQUFDLEVBQUUsQ0FDckQsR0FBRyxDQUFDLElBQUksS0FBSyxnQkFBZ0IsQ0FBQyxjQUFjLENBQUMsQ0FBQztZQUVoRCxJQUFJLENBQUMsWUFBWSxFQUFFLENBQUM7Z0JBQ2xCLEdBQUcsQ0FBQyx3QkFBd0IsQ0FBQyxDQUFDO2dCQUM5QixPQUFPLFNBQVMsQ0FBQztZQUNuQixDQUFDO1lBRUQsK0JBQStCO1lBQy9CLE1BQU0sSUFBSSxHQUFHLFlBQVksQ0FBQyxJQUFJLENBQUM7WUFFL0IsMkJBQTJCO1lBQzNCLGtDQUFrQztZQUNsQyxJQUFJLElBQUksQ0FBQyxNQUFNLEdBQUcsQ0FBQztnQkFBRSxPQUFPLFNBQVMsQ0FBQztZQUV0QyxNQUFNLGdCQUFnQixHQUFHLENBQUMsSUFBSSxDQUFDLENBQUMsQ0FBQyxJQUFJLENBQUMsQ0FBQyxHQUFHLElBQUksQ0FBQyxDQUFDLENBQUMsQ0FBQztZQUNsRCxJQUFJLEdBQUcsR0FBRyxDQUFDLENBQUM7WUFFWix5QkFBeUI7WUFDekIsTUFBTSxhQUFhLEdBQUcsR0FBRyxHQUFHLGdCQUFnQixDQUFDO1lBQzdDLElBQUksYUFBYSxHQUFHLElBQUksQ0FBQyxNQUFNO2dCQUFFLE9BQU8sU0FBUyxDQUFDO1lBRWxELDRCQUE0QjtZQUM1QixPQUFPLEdBQUcsR0FBRyxDQUFDLElBQUksYUFBYSxFQUFFLENBQUM7Z0JBQ2hDLDRCQUE0QjtnQkFDNUIsSUFBSSxHQUFHLEdBQUcsQ0FBQyxHQUFHLGFBQWE7b0JBQUUsTUFBTTtnQkFFbkMsTUFBTSxjQUFjLEdBQUcsQ0FBQyxJQUFJLENBQUMsR0FBRyxDQUFDLElBQUksQ0FBQyxDQUFDLEdBQUcsSUFBSSxDQUFDLEdBQUcsR0FBRyxDQUFDLENBQUMsQ0FBQztnQkFDeEQsR0FBRyxJQUFJLENBQUMsQ0FBQztnQkFFVCxJQUFJLEdBQUcsR0FBRyxjQUFjLEdBQUcsYUFBYTtvQkFBRSxNQUFNO2dCQUVoRCx3Q0FBd0M7Z0JBQ3hDLHVEQUF1RDtnQkFDdkQsb0RBQW9EO2dCQUNwRCxJQUFJLGNBQWMsR0FBRyxDQUFDLEVBQUUsQ0FBQztvQkFDdkIsTUFBTSxRQUFRLEdBQUcsSUFBSSxDQUFDLEtBQUssQ0FBQyxHQUFHLEVBQUUsR0FBRyxHQUFHLGNBQWMsQ0FBQyxDQUFDO29CQUV2RCxzQkFBc0I7b0JBQ3RCLEdBQUcsSUFBSSxjQUFjLENBQUM7b0JBRXRCLHVDQUF1QztvQkFDdkMsSUFBSSxHQUFHLEdBQUcsQ0FBQyxJQUFJLGFBQWEsRUFBRSxDQUFDO3dCQUM3QixHQUFHLElBQUksQ0FBQyxDQUFDO29CQUNYLENBQUM7eUJBQU0sQ0FBQzt3QkFDTixNQUFNO29CQUNSLENBQUM7b0JBRUQscUNBQXFDO29CQUNyQyxJQUFJLENBQUM7d0JBQ0gsTUFBTSxXQUFXLEdBQUcsUUFBUSxDQUFDLFFBQVEsQ0FBQyxNQUFNLENBQUMsQ0FBQzt3QkFDOUMsR0FBRyxDQUFDLGlCQUFpQixXQUFXLEVBQUUsQ0FBQyxDQUFDO3dCQUVwQyxnREFBZ0Q7d0JBQ2hELHFEQUFxRDt3QkFDckQsdUNBQXVDO3dCQUV2QywwQ0FBMEM7d0JBQzFDLE1BQU0sYUFBYSxHQUNqQiw0RUFBNEUsQ0FBQzt3QkFDL0UsTUFBTSxXQUFXLEdBQUcsV0FBVyxDQUFDLEtBQUssQ0FBQyxhQUFhLENBQUMsQ0FBQzt3QkFDckQsSUFBSSxXQUFXLElBQUksV0FBVyxDQUFDLENBQUMsQ0FBQyxFQUFFLENBQUM7NEJBQ2xDLEdBQUcsQ0FBQyxpQ0FBaUMsV0FBVyxDQUFDLENBQUMsQ0FBQyxFQUFFLENBQUMsQ0FBQzs0QkFDdkQsT0FBTyxXQUFXLENBQUMsQ0FBQyxDQUFDLENBQUM7d0JBQ3hCLENBQUM7d0JBRUQscUVBQXFFO3dCQUNyRSxtRUFBbUU7d0JBQ25FLE1BQU0sS0FBSyxHQUFHLFdBQVcsQ0FBQyxLQUFLLENBQUMsR0FBRyxDQUFDLENBQUM7d0JBQ3JDLElBQUksS0FBSyxDQUFDLE1BQU0sR0FBRyxDQUFDLEVBQUUsQ0FBQzs0QkFDckIsS0FBSyxNQUFNLElBQUksSUFBSSxLQUFLLEVBQUUsQ0FBQztnQ0FDekIsSUFBSSxJQUFJLENBQUMsUUFBUSxDQUFDLEdBQUcsQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLFFBQVEsQ0FBQyxHQUFHLENBQUMsRUFBRSxDQUFDO29DQUM5QyxNQUFNLGNBQWMsR0FBRyxJQUFJLENBQUMsSUFBSSxFQUFFLENBQUM7b0NBQ25DLElBQUksZ0JBQWdCLENBQUMsSUFBSSxDQUFDLGNBQWMsQ0FBQyxFQUFFLENBQUM7d0NBQzFDLEdBQUcsQ0FBQyxrREFBa0QsY0FBYyxFQUFFLENBQUMsQ0FBQzt3Q0FDeEUsT0FBTyxjQUFjLENBQUM7b0NBQ3hCLENBQUM7Z0NBQ0gsQ0FBQzs0QkFDSCxDQUFDO3dCQUNILENBQUM7b0JBQ0gsQ0FBQztvQkFBQyxPQUFPLENBQUMsRUFBRSxDQUFDO3dCQUNYLEdBQUcsQ0FBQyx1Q0FBdUMsQ0FBQyxDQUFDO29CQUMvQyxDQUFDO2dCQUNILENBQUM7WUFDSCxDQUFDO1lBRUQsR0FBRyxDQUFDLG9DQUFvQyxDQUFDLENBQUM7WUFDMUMsT0FBTyxTQUFTLENBQUM7UUFDbkIsQ0FBQztRQUFDLE9BQU8sS0FBSyxFQUFFLENBQUM7WUFDZixHQUFHLENBQUMsc0JBQXNCLEtBQUssWUFBWSxLQUFLLENBQUMsQ0FBQyxDQUFDLEtBQUssQ0FBQyxPQUFPLENBQUMsQ0FBQyxDQUFDLE1BQU0sQ0FBQyxLQUFLLENBQUMsRUFBRSxDQUFDLENBQUM7WUFDcEYsT0FBTyxTQUFTLENBQUM7UUFDbkIsQ0FBQztJQUNILENBQUM7SUFFRDs7Ozs7Ozs7O09BU0c7SUFDSSxNQUFNLENBQUMsK0JBQStCLENBQzNDLE1BQWMsRUFDZCxjQUErQixFQUMvQixNQUF1QixFQUN2QixTQUFrQjtRQUVsQixNQUFNLEdBQUcsR0FBRyxNQUFNLElBQUksQ0FBQyxHQUFHLEVBQUUsR0FBRSxDQUFDLENBQUMsQ0FBQztRQUVqQyxtQ0FBbUM7UUFDbkMsSUFBSSxNQUFNLEVBQUUsQ0FBQztZQUNYLEdBQUcsQ0FBQyxnQkFBZ0IsTUFBTSxDQUFDLE1BQU0sUUFBUSxDQUFDLENBQUM7WUFDM0MsR0FBRyxDQUFDLHVCQUF1QixNQUFNLENBQUMsS0FBSyxDQUFDLENBQUMsRUFBRSxJQUFJLENBQUMsR0FBRyxDQUFDLEVBQUUsRUFBRSxNQUFNLENBQUMsTUFBTSxDQUFDLENBQUMsQ0FBQyxRQUFRLENBQUMsS0FBSyxDQUFDLEVBQUUsQ0FBQyxDQUFDO1lBRTNGLElBQUksTUFBTSxDQUFDLE1BQU0sSUFBSSxDQUFDLEVBQUUsQ0FBQztnQkFDdkIsTUFBTSxVQUFVLEdBQUcsTUFBTSxDQUFDLENBQUMsQ0FBQyxDQUFDO2dCQUM3QixNQUFNLFlBQVksR0FBRyxNQUFNLENBQUMsQ0FBQyxDQUFDLENBQUM7Z0JBQy9CLE1BQU0sWUFBWSxHQUFHLE1BQU0sQ0FBQyxDQUFDLENBQUMsQ0FBQztnQkFDL0IsTUFBTSxZQUFZLEdBQUcsQ0FBQyxNQUFNLENBQUMsQ0FBQyxDQUFDLElBQUksQ0FBQyxDQUFDLEdBQUcsTUFBTSxDQUFDLENBQUMsQ0FBQyxDQUFDO2dCQUVsRCxHQUFHLENBQ0Qsb0JBQW9CLFVBQVUsYUFBYSxZQUFZLElBQUksWUFBWSxZQUFZLFlBQVksRUFBRSxDQUNsRyxDQUFDO1lBQ0osQ0FBQztRQUNILENBQUM7UUFFRCxnREFBZ0Q7UUFDaEQsSUFBSSxhQUFhLEdBQUcsTUFBTSxDQUFDO1FBQzNCLElBQUksY0FBYyxFQUFFLENBQUM7WUFDbkIsTUFBTSxZQUFZLEdBQUcsUUFBUSxDQUFDLGtCQUFrQixDQUFDLGNBQWMsQ0FBQyxDQUFDO1lBQ2pFLE1BQU0saUJBQWlCLEdBQUcsaUJBQWlCLENBQUMsMkJBQTJCLENBQ3JFLE1BQU0sRUFDTixZQUFZLEVBQ1osTUFBTSxDQUNQLENBQUM7WUFFRixJQUFJLENBQUMsaUJBQWlCLEVBQUUsQ0FBQztnQkFDdkIsR0FBRyxDQUFDLDRDQUE0QyxZQUFZLEVBQUUsQ0FBQyxDQUFDO2dCQUNoRSxPQUFPLFNBQVMsQ0FBQyxDQUFDLDhDQUE4QztZQUNsRSxDQUFDO1lBRUQsYUFBYSxHQUFHLGlCQUFpQixDQUFDO1lBQ2xDLEdBQUcsQ0FBQyxzQ0FBc0MsYUFBYSxDQUFDLE1BQU0sRUFBRSxDQUFDLENBQUM7UUFDcEUsQ0FBQztRQUVELHdDQUF3QztRQUN4QyxNQUFNLFdBQVcsR0FBRyxJQUFJLENBQUMsVUFBVSxDQUFDLGFBQWEsRUFBRSxNQUFNLENBQUMsQ0FBQztRQUMzRCxJQUFJLFdBQVcsRUFBRSxDQUFDO1lBQ2hCLEdBQUcsQ0FBQyx1QkFBdUIsV0FBVyxFQUFFLENBQUMsQ0FBQztZQUMxQyxPQUFPLFdBQVcsQ0FBQztRQUNyQixDQUFDO1FBRUQsa0VBQWtFO1FBQ2xFLElBQUksUUFBUSxDQUFDLGFBQWEsQ0FBQyxhQUFhLENBQUMsRUFBRSxDQUFDO1lBQzFDLE1BQU0sY0FBYyxHQUFHLGlCQUFpQixDQUFDLG9CQUFvQixDQUFDLGFBQWEsRUFBRSxNQUFNLENBQUMsQ0FBQztZQUVyRixJQUFJLGNBQWMsQ0FBQyxZQUFZLEVBQUUsQ0FBQztnQkFDaEMsR0FBRyxDQUFDLGlFQUFpRSxDQUFDLENBQUM7Z0JBRXZFLHdDQUF3QztnQkFDeEMsTUFBTSxNQUFNLEdBQUcsSUFBSSxDQUFDLDBCQUEwQixDQUFDLGFBQWEsRUFBRSxNQUFNLENBQUMsQ0FBQztnQkFDdEUsSUFBSSxNQUFNLEVBQUUsQ0FBQztvQkFDWCxHQUFHLENBQUMscUNBQXFDLE1BQU0sRUFBRSxDQUFDLENBQUM7b0JBQ25ELE9BQU8sTUFBTSxDQUFDO2dCQUNoQixDQUFDO1lBQ0gsQ0FBQztRQUNILENBQUM7UUFFRCxrRUFBa0U7UUFDbEUsSUFBSSxTQUFTLElBQUksUUFBUSxDQUFDLG9CQUFvQixDQUFDLE1BQU0sQ0FBQyxFQUFFLENBQUM7WUFDdkQsR0FBRyxDQUFDLG1EQUFtRCxTQUFTLEVBQUUsQ0FBQyxDQUFDO1lBQ3BFLE9BQU8sU0FBUyxDQUFDO1FBQ25CLENBQUM7UUFFRCxPQUFPLFNBQVMsQ0FBQztJQUNuQixDQUFDO0lBRUQ7Ozs7Ozs7OztPQVNHO0lBQ0ksTUFBTSxDQUFDLGdCQUFnQixDQUM1QixNQUFjLEVBQ2QsY0FBOEIsRUFDOUIsTUFBdUIsRUFDdkIsU0FBa0I7UUFFbEIsTUFBTSxHQUFHLEdBQUcsTUFBTSxJQUFJLENBQUMsR0FBRyxFQUFFLEdBQUUsQ0FBQyxDQUFDLENBQUM7UUFFakMsZ0NBQWdDO1FBQ2hDLElBQUksQ0FBQyxjQUFjLENBQUMsU0FBUyxFQUFFLENBQUM7WUFDOUIsY0FBYyxDQUFDLFNBQVMsR0FBRyxJQUFJLENBQUMsR0FBRyxFQUFFLENBQUM7UUFDeEMsQ0FBQztRQUVELHVEQUF1RDtRQUN2RCxJQUFJLENBQUMsUUFBUSxDQUFDLGNBQWMsQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLFFBQVEsQ0FBQyxvQkFBb0IsQ0FBQyxNQUFNLENBQUMsRUFBRSxDQUFDO1lBQy9FLEdBQUcsQ0FBQyxnREFBZ0QsQ0FBQyxDQUFDO1lBQ3RELE9BQU8sU0FBUyxDQUFDO1FBQ25CLENBQUM7UUFFRCxvQ0FBb0M7UUFDcEMsTUFBTSxZQUFZLEdBQUcsUUFBUSxDQUFDLGtCQUFrQixDQUFDLGNBQWMsQ0FBQyxDQUFDO1FBQ2pFLEdBQUcsQ0FBQyx3Q0FBd0MsWUFBWSxvQkFBb0IsTUFBTSxDQUFDLE1BQU0sRUFBRSxDQUFDLENBQUM7UUFFN0Ysa0VBQWtFO1FBQ2xFLElBQUksUUFBUSxDQUFDLG9CQUFvQixDQUFDLE1BQU0sQ0FBQyxFQUFFLENBQUM7WUFDMUMsNkNBQTZDO1lBQzdDLElBQUksU0FBUyxFQUFFLENBQUM7Z0JBQ2QsR0FBRyxDQUFDLG1EQUFtRCxTQUFTLEVBQUUsQ0FBQyxDQUFDO2dCQUNwRSxPQUFPLFNBQVMsQ0FBQztZQUNuQixDQUFDO1lBRUQsR0FBRyxDQUFDLHVFQUF1RSxDQUFDLENBQUM7WUFDN0UsT0FBTyxTQUFTLENBQUM7UUFDbkIsQ0FBQztRQUVELHdDQUF3QztRQUN4QyxJQUFJLFFBQVEsQ0FBQyxhQUFhLENBQUMsTUFBTSxDQUFDLEVBQUUsQ0FBQztZQUNuQyxNQUFNLGNBQWMsR0FBRyxpQkFBaUIsQ0FBQyxvQkFBb0IsQ0FBQyxNQUFNLEVBQUUsTUFBTSxDQUFDLENBQUM7WUFFOUUsSUFBSSxjQUFjLENBQUMsWUFBWSxFQUFFLENBQUM7Z0JBQ2hDLEdBQUcsQ0FBQywyQ0FBMkMsQ0FBQyxDQUFDO2dCQUVqRCwyQ0FBMkM7Z0JBQzNDLE1BQU0sV0FBVyxHQUFHLElBQUksQ0FBQyxVQUFVLENBQUMsTUFBTSxFQUFFLE1BQU0sQ0FBQyxDQUFDO2dCQUNwRCxJQUFJLFdBQVcsRUFBRSxDQUFDO29CQUNoQixHQUFHLENBQUMsNkNBQTZDLFdBQVcsRUFBRSxDQUFDLENBQUM7b0JBQ2hFLE9BQU8sV0FBVyxDQUFDO2dCQUNyQixDQUFDO2dCQUVELDZDQUE2QztnQkFDN0MsbUNBQW1DO2dCQUNuQyxNQUFNLE1BQU0sR0FBRyxJQUFJLENBQUMsMEJBQTBCLENBQUMsTUFBTSxFQUFFLE1BQU0sQ0FBQyxDQUFDO2dCQUMvRCxJQUFJLE1BQU0sRUFBRSxDQUFDO29CQUNYLEdBQUcsQ0FBQyxxQ0FBcUMsTUFBTSxFQUFFLENBQUMsQ0FBQztvQkFDbkQsT0FBTyxNQUFNLENBQUM7Z0JBQ2hCLENBQUM7Z0JBRUQsR0FBRyxDQUFDLDRDQUE0QyxDQUFDLENBQUM7WUFDcEQsQ0FBQztRQUNILENBQUM7UUFFRCwwREFBMEQ7UUFDMUQsTUFBTSxHQUFHLEdBQUcsSUFBSSxDQUFDLCtCQUErQixDQUFDLE1BQU0sRUFBRSxjQUFjLEVBQUUsTUFBTSxDQUFDLENBQUM7UUFFakYsSUFBSSxHQUFHLEVBQUUsQ0FBQztZQUNSLEdBQUcsQ0FBQywrQkFBK0IsR0FBRyxFQUFFLENBQUMsQ0FBQztZQUMxQyxPQUFPLEdBQUcsQ0FBQztRQUNiLENBQUM7UUFFRCxzRUFBc0U7UUFDdEUsSUFBSSxRQUFRLENBQUMsYUFBYSxDQUFDLE1BQU0sQ0FBQyxFQUFFLENBQUM7WUFDbkMsR0FBRyxDQUFDLHlFQUF5RSxDQUFDLENBQUM7UUFDakYsQ0FBQztRQUVELE9BQU8sU0FBUyxDQUFDO0lBQ25CLENBQUM7Q0FDRiJ9

package/dist_ts/protocols/tls/utils/index.d.ts

@@ -1,4 +0,0 @@
-export {};
-/**
- * TLS utilities
- */

package/dist_ts/protocols/tls/utils/index.js

@@ -1,5 +0,0 @@
-export {};
-/**
- * TLS utilities
- */
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi8uLi90cy9wcm90b2NvbHMvdGxzL3V0aWxzL2luZGV4LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7QUFBQTs7R0FFRyJ9

package/dist_ts/protocols/tls/utils/tls-utils.d.ts

@@ -1,158 +0,0 @@
-/**
- * TLS record types as defined in various RFCs
- */
-export declare enum TlsRecordType {
-    CHANGE_CIPHER_SPEC = 20,
-    ALERT = 21,
-    HANDSHAKE = 22,
-    APPLICATION_DATA = 23,
-    HEARTBEAT = 24
-}
-/**
- * TLS handshake message types
- */
-export declare enum TlsHandshakeType {
-    HELLO_REQUEST = 0,
-    CLIENT_HELLO = 1,
-    SERVER_HELLO = 2,
-    NEW_SESSION_TICKET = 4,
-    ENCRYPTED_EXTENSIONS = 8,// TLS 1.3
-    CERTIFICATE = 11,
-    SERVER_KEY_EXCHANGE = 12,
-    CERTIFICATE_REQUEST = 13,
-    SERVER_HELLO_DONE = 14,
-    CERTIFICATE_VERIFY = 15,
-    CLIENT_KEY_EXCHANGE = 16,
-    FINISHED = 20
-}
-/**
- * TLS extension types
- */
-export declare enum TlsExtensionType {
-    SERVER_NAME = 0,// SNI
-    MAX_FRAGMENT_LENGTH = 1,
-    CLIENT_CERTIFICATE_URL = 2,
-    TRUSTED_CA_KEYS = 3,
-    TRUNCATED_HMAC = 4,
-    STATUS_REQUEST = 5,// OCSP
-    SUPPORTED_GROUPS = 10,// Previously named "elliptic_curves"
-    EC_POINT_FORMATS = 11,
-    SIGNATURE_ALGORITHMS = 13,
-    APPLICATION_LAYER_PROTOCOL_NEGOTIATION = 16,// ALPN
-    SIGNED_CERTIFICATE_TIMESTAMP = 18,// Certificate Transparency
-    PADDING = 21,
-    SESSION_TICKET = 35,
-    PRE_SHARED_KEY = 41,// TLS 1.3
-    EARLY_DATA = 42,// TLS 1.3 0-RTT
-    SUPPORTED_VERSIONS = 43,// TLS 1.3
-    COOKIE = 44,// TLS 1.3
-    PSK_KEY_EXCHANGE_MODES = 45,// TLS 1.3
-    CERTIFICATE_AUTHORITIES = 47,// TLS 1.3
-    POST_HANDSHAKE_AUTH = 49,// TLS 1.3
-    SIGNATURE_ALGORITHMS_CERT = 50,// TLS 1.3
-    KEY_SHARE = 51
-}
-/**
- * TLS alert levels
- */
-export declare enum TlsAlertLevel {
-    WARNING = 1,
-    FATAL = 2
-}
-/**
- * TLS alert description codes
- */
-export declare enum TlsAlertDescription {
-    CLOSE_NOTIFY = 0,
-    UNEXPECTED_MESSAGE = 10,
-    BAD_RECORD_MAC = 20,
-    DECRYPTION_FAILED = 21,// TLS 1.0 only
-    RECORD_OVERFLOW = 22,
-    DECOMPRESSION_FAILURE = 30,// TLS 1.2 and below
-    HANDSHAKE_FAILURE = 40,
-    NO_CERTIFICATE = 41,// SSLv3 only
-    BAD_CERTIFICATE = 42,
-    UNSUPPORTED_CERTIFICATE = 43,
-    CERTIFICATE_REVOKED = 44,
-    CERTIFICATE_EXPIRED = 45,
-    CERTIFICATE_UNKNOWN = 46,
-    ILLEGAL_PARAMETER = 47,
-    UNKNOWN_CA = 48,
-    ACCESS_DENIED = 49,
-    DECODE_ERROR = 50,
-    DECRYPT_ERROR = 51,
-    EXPORT_RESTRICTION = 60,// TLS 1.0 only
-    PROTOCOL_VERSION = 70,
-    INSUFFICIENT_SECURITY = 71,
-    INTERNAL_ERROR = 80,
-    INAPPROPRIATE_FALLBACK = 86,
-    USER_CANCELED = 90,
-    NO_RENEGOTIATION = 100,// TLS 1.2 and below
-    MISSING_EXTENSION = 109,// TLS 1.3
-    UNSUPPORTED_EXTENSION = 110,// TLS 1.3
-    CERTIFICATE_REQUIRED = 111,// TLS 1.3
-    UNRECOGNIZED_NAME = 112,
-    BAD_CERTIFICATE_STATUS_RESPONSE = 113,
-    BAD_CERTIFICATE_HASH_VALUE = 114,// TLS 1.2 and below
-    UNKNOWN_PSK_IDENTITY = 115,
-    CERTIFICATE_REQUIRED_1_3 = 116,// TLS 1.3
-    NO_APPLICATION_PROTOCOL = 120
-}
-/**
- * TLS version codes (major.minor)
- */
-export declare const TlsVersion: {
-    SSL3: number[];
-    TLS1_0: number[];
-    TLS1_1: number[];
-    TLS1_2: number[];
-    TLS1_3: number[];
-};
-/**
- * Utility functions for TLS protocol operations
- */
-export declare class TlsUtils {
-    /**
-     * Checks if a buffer contains a TLS handshake record
-     * @param buffer The buffer to check
-     * @returns true if the buffer starts with a TLS handshake record
-     */
-    static isTlsHandshake(buffer: Buffer): boolean;
-    /**
-     * Checks if a buffer contains TLS application data
-     * @param buffer The buffer to check
-     * @returns true if the buffer starts with a TLS application data record
-     */
-    static isTlsApplicationData(buffer: Buffer): boolean;
-    /**
-     * Checks if a buffer contains a TLS alert record
-     * @param buffer The buffer to check
-     * @returns true if the buffer starts with a TLS alert record
-     */
-    static isTlsAlert(buffer: Buffer): boolean;
-    /**
-     * Checks if a buffer contains a TLS ClientHello message
-     * @param buffer The buffer to check
-     * @returns true if the buffer appears to be a ClientHello message
-     */
-    static isClientHello(buffer: Buffer): boolean;
-    /**
-     * Gets the record length from a TLS record header
-     * @param buffer Buffer containing a TLS record
-     * @returns The record length if the buffer is valid, -1 otherwise
-     */
-    static getTlsRecordLength(buffer: Buffer): number;
-    /**
-     * Creates a connection ID based on source/destination information
-     * Used to track fragmented ClientHello messages across multiple packets
-     *
-     * @param connectionInfo Object containing connection identifiers
-     * @returns A string ID for the connection
-     */
-    static createConnectionId(connectionInfo: {
-        sourceIp?: string;
-        sourcePort?: number;
-        destIp?: string;
-        destPort?: number;
-    }): string;
-}

package/dist_ts/protocols/tls/utils/tls-utils.js

@@ -1,187 +0,0 @@
-import * as plugins from '../../../plugins.js';
-/**
- * TLS record types as defined in various RFCs
- */
-export var TlsRecordType;
-(function (TlsRecordType) {
-    TlsRecordType[TlsRecordType["CHANGE_CIPHER_SPEC"] = 20] = "CHANGE_CIPHER_SPEC";
-    TlsRecordType[TlsRecordType["ALERT"] = 21] = "ALERT";
-    TlsRecordType[TlsRecordType["HANDSHAKE"] = 22] = "HANDSHAKE";
-    TlsRecordType[TlsRecordType["APPLICATION_DATA"] = 23] = "APPLICATION_DATA";
-    TlsRecordType[TlsRecordType["HEARTBEAT"] = 24] = "HEARTBEAT";
-})(TlsRecordType || (TlsRecordType = {}));
-/**
- * TLS handshake message types
- */
-export var TlsHandshakeType;
-(function (TlsHandshakeType) {
-    TlsHandshakeType[TlsHandshakeType["HELLO_REQUEST"] = 0] = "HELLO_REQUEST";
-    TlsHandshakeType[TlsHandshakeType["CLIENT_HELLO"] = 1] = "CLIENT_HELLO";
-    TlsHandshakeType[TlsHandshakeType["SERVER_HELLO"] = 2] = "SERVER_HELLO";
-    TlsHandshakeType[TlsHandshakeType["NEW_SESSION_TICKET"] = 4] = "NEW_SESSION_TICKET";
-    TlsHandshakeType[TlsHandshakeType["ENCRYPTED_EXTENSIONS"] = 8] = "ENCRYPTED_EXTENSIONS";
-    TlsHandshakeType[TlsHandshakeType["CERTIFICATE"] = 11] = "CERTIFICATE";
-    TlsHandshakeType[TlsHandshakeType["SERVER_KEY_EXCHANGE"] = 12] = "SERVER_KEY_EXCHANGE";
-    TlsHandshakeType[TlsHandshakeType["CERTIFICATE_REQUEST"] = 13] = "CERTIFICATE_REQUEST";
-    TlsHandshakeType[TlsHandshakeType["SERVER_HELLO_DONE"] = 14] = "SERVER_HELLO_DONE";
-    TlsHandshakeType[TlsHandshakeType["CERTIFICATE_VERIFY"] = 15] = "CERTIFICATE_VERIFY";
-    TlsHandshakeType[TlsHandshakeType["CLIENT_KEY_EXCHANGE"] = 16] = "CLIENT_KEY_EXCHANGE";
-    TlsHandshakeType[TlsHandshakeType["FINISHED"] = 20] = "FINISHED";
-})(TlsHandshakeType || (TlsHandshakeType = {}));
-/**
- * TLS extension types
- */
-export var TlsExtensionType;
-(function (TlsExtensionType) {
-    TlsExtensionType[TlsExtensionType["SERVER_NAME"] = 0] = "SERVER_NAME";
-    TlsExtensionType[TlsExtensionType["MAX_FRAGMENT_LENGTH"] = 1] = "MAX_FRAGMENT_LENGTH";
-    TlsExtensionType[TlsExtensionType["CLIENT_CERTIFICATE_URL"] = 2] = "CLIENT_CERTIFICATE_URL";
-    TlsExtensionType[TlsExtensionType["TRUSTED_CA_KEYS"] = 3] = "TRUSTED_CA_KEYS";
-    TlsExtensionType[TlsExtensionType["TRUNCATED_HMAC"] = 4] = "TRUNCATED_HMAC";
-    TlsExtensionType[TlsExtensionType["STATUS_REQUEST"] = 5] = "STATUS_REQUEST";
-    TlsExtensionType[TlsExtensionType["SUPPORTED_GROUPS"] = 10] = "SUPPORTED_GROUPS";
-    TlsExtensionType[TlsExtensionType["EC_POINT_FORMATS"] = 11] = "EC_POINT_FORMATS";
-    TlsExtensionType[TlsExtensionType["SIGNATURE_ALGORITHMS"] = 13] = "SIGNATURE_ALGORITHMS";
-    TlsExtensionType[TlsExtensionType["APPLICATION_LAYER_PROTOCOL_NEGOTIATION"] = 16] = "APPLICATION_LAYER_PROTOCOL_NEGOTIATION";
-    TlsExtensionType[TlsExtensionType["SIGNED_CERTIFICATE_TIMESTAMP"] = 18] = "SIGNED_CERTIFICATE_TIMESTAMP";
-    TlsExtensionType[TlsExtensionType["PADDING"] = 21] = "PADDING";
-    TlsExtensionType[TlsExtensionType["SESSION_TICKET"] = 35] = "SESSION_TICKET";
-    TlsExtensionType[TlsExtensionType["PRE_SHARED_KEY"] = 41] = "PRE_SHARED_KEY";
-    TlsExtensionType[TlsExtensionType["EARLY_DATA"] = 42] = "EARLY_DATA";
-    TlsExtensionType[TlsExtensionType["SUPPORTED_VERSIONS"] = 43] = "SUPPORTED_VERSIONS";
-    TlsExtensionType[TlsExtensionType["COOKIE"] = 44] = "COOKIE";
-    TlsExtensionType[TlsExtensionType["PSK_KEY_EXCHANGE_MODES"] = 45] = "PSK_KEY_EXCHANGE_MODES";
-    TlsExtensionType[TlsExtensionType["CERTIFICATE_AUTHORITIES"] = 47] = "CERTIFICATE_AUTHORITIES";
-    TlsExtensionType[TlsExtensionType["POST_HANDSHAKE_AUTH"] = 49] = "POST_HANDSHAKE_AUTH";
-    TlsExtensionType[TlsExtensionType["SIGNATURE_ALGORITHMS_CERT"] = 50] = "SIGNATURE_ALGORITHMS_CERT";
-    TlsExtensionType[TlsExtensionType["KEY_SHARE"] = 51] = "KEY_SHARE";
-})(TlsExtensionType || (TlsExtensionType = {}));
-/**
- * TLS alert levels
- */
-export var TlsAlertLevel;
-(function (TlsAlertLevel) {
-    TlsAlertLevel[TlsAlertLevel["WARNING"] = 1] = "WARNING";
-    TlsAlertLevel[TlsAlertLevel["FATAL"] = 2] = "FATAL";
-})(TlsAlertLevel || (TlsAlertLevel = {}));
-/**
- * TLS alert description codes
- */
-export var TlsAlertDescription;
-(function (TlsAlertDescription) {
-    TlsAlertDescription[TlsAlertDescription["CLOSE_NOTIFY"] = 0] = "CLOSE_NOTIFY";
-    TlsAlertDescription[TlsAlertDescription["UNEXPECTED_MESSAGE"] = 10] = "UNEXPECTED_MESSAGE";
-    TlsAlertDescription[TlsAlertDescription["BAD_RECORD_MAC"] = 20] = "BAD_RECORD_MAC";
-    TlsAlertDescription[TlsAlertDescription["DECRYPTION_FAILED"] = 21] = "DECRYPTION_FAILED";
-    TlsAlertDescription[TlsAlertDescription["RECORD_OVERFLOW"] = 22] = "RECORD_OVERFLOW";
-    TlsAlertDescription[TlsAlertDescription["DECOMPRESSION_FAILURE"] = 30] = "DECOMPRESSION_FAILURE";
-    TlsAlertDescription[TlsAlertDescription["HANDSHAKE_FAILURE"] = 40] = "HANDSHAKE_FAILURE";
-    TlsAlertDescription[TlsAlertDescription["NO_CERTIFICATE"] = 41] = "NO_CERTIFICATE";
-    TlsAlertDescription[TlsAlertDescription["BAD_CERTIFICATE"] = 42] = "BAD_CERTIFICATE";
-    TlsAlertDescription[TlsAlertDescription["UNSUPPORTED_CERTIFICATE"] = 43] = "UNSUPPORTED_CERTIFICATE";
-    TlsAlertDescription[TlsAlertDescription["CERTIFICATE_REVOKED"] = 44] = "CERTIFICATE_REVOKED";
-    TlsAlertDescription[TlsAlertDescription["CERTIFICATE_EXPIRED"] = 45] = "CERTIFICATE_EXPIRED";
-    TlsAlertDescription[TlsAlertDescription["CERTIFICATE_UNKNOWN"] = 46] = "CERTIFICATE_UNKNOWN";
-    TlsAlertDescription[TlsAlertDescription["ILLEGAL_PARAMETER"] = 47] = "ILLEGAL_PARAMETER";
-    TlsAlertDescription[TlsAlertDescription["UNKNOWN_CA"] = 48] = "UNKNOWN_CA";
-    TlsAlertDescription[TlsAlertDescription["ACCESS_DENIED"] = 49] = "ACCESS_DENIED";
-    TlsAlertDescription[TlsAlertDescription["DECODE_ERROR"] = 50] = "DECODE_ERROR";
-    TlsAlertDescription[TlsAlertDescription["DECRYPT_ERROR"] = 51] = "DECRYPT_ERROR";
-    TlsAlertDescription[TlsAlertDescription["EXPORT_RESTRICTION"] = 60] = "EXPORT_RESTRICTION";
-    TlsAlertDescription[TlsAlertDescription["PROTOCOL_VERSION"] = 70] = "PROTOCOL_VERSION";
-    TlsAlertDescription[TlsAlertDescription["INSUFFICIENT_SECURITY"] = 71] = "INSUFFICIENT_SECURITY";
-    TlsAlertDescription[TlsAlertDescription["INTERNAL_ERROR"] = 80] = "INTERNAL_ERROR";
-    TlsAlertDescription[TlsAlertDescription["INAPPROPRIATE_FALLBACK"] = 86] = "INAPPROPRIATE_FALLBACK";
-    TlsAlertDescription[TlsAlertDescription["USER_CANCELED"] = 90] = "USER_CANCELED";
-    TlsAlertDescription[TlsAlertDescription["NO_RENEGOTIATION"] = 100] = "NO_RENEGOTIATION";
-    TlsAlertDescription[TlsAlertDescription["MISSING_EXTENSION"] = 109] = "MISSING_EXTENSION";
-    TlsAlertDescription[TlsAlertDescription["UNSUPPORTED_EXTENSION"] = 110] = "UNSUPPORTED_EXTENSION";
-    TlsAlertDescription[TlsAlertDescription["CERTIFICATE_REQUIRED"] = 111] = "CERTIFICATE_REQUIRED";
-    TlsAlertDescription[TlsAlertDescription["UNRECOGNIZED_NAME"] = 112] = "UNRECOGNIZED_NAME";
-    TlsAlertDescription[TlsAlertDescription["BAD_CERTIFICATE_STATUS_RESPONSE"] = 113] = "BAD_CERTIFICATE_STATUS_RESPONSE";
-    TlsAlertDescription[TlsAlertDescription["BAD_CERTIFICATE_HASH_VALUE"] = 114] = "BAD_CERTIFICATE_HASH_VALUE";
-    TlsAlertDescription[TlsAlertDescription["UNKNOWN_PSK_IDENTITY"] = 115] = "UNKNOWN_PSK_IDENTITY";
-    TlsAlertDescription[TlsAlertDescription["CERTIFICATE_REQUIRED_1_3"] = 116] = "CERTIFICATE_REQUIRED_1_3";
-    TlsAlertDescription[TlsAlertDescription["NO_APPLICATION_PROTOCOL"] = 120] = "NO_APPLICATION_PROTOCOL";
-})(TlsAlertDescription || (TlsAlertDescription = {}));
-/**
- * TLS version codes (major.minor)
- */
-export const TlsVersion = {
-    SSL3: [0x03, 0x00],
-    TLS1_0: [0x03, 0x01],
-    TLS1_1: [0x03, 0x02],
-    TLS1_2: [0x03, 0x03],
-    TLS1_3: [0x03, 0x04],
-};
-/**
- * Utility functions for TLS protocol operations
- */
-export class TlsUtils {
-    /**
-     * Checks if a buffer contains a TLS handshake record
-     * @param buffer The buffer to check
-     * @returns true if the buffer starts with a TLS handshake record
-     */
-    static isTlsHandshake(buffer) {
-        return buffer.length > 0 && buffer[0] === TlsRecordType.HANDSHAKE;
-    }
-    /**
-     * Checks if a buffer contains TLS application data
-     * @param buffer The buffer to check
-     * @returns true if the buffer starts with a TLS application data record
-     */
-    static isTlsApplicationData(buffer) {
-        return buffer.length > 0 && buffer[0] === TlsRecordType.APPLICATION_DATA;
-    }
-    /**
-     * Checks if a buffer contains a TLS alert record
-     * @param buffer The buffer to check
-     * @returns true if the buffer starts with a TLS alert record
-     */
-    static isTlsAlert(buffer) {
-        return buffer.length > 0 && buffer[0] === TlsRecordType.ALERT;
-    }
-    /**
-     * Checks if a buffer contains a TLS ClientHello message
-     * @param buffer The buffer to check
-     * @returns true if the buffer appears to be a ClientHello message
-     */
-    static isClientHello(buffer) {
-        // Minimum ClientHello size (TLS record header + handshake header)
-        if (buffer.length < 9) {
-            return false;
-        }
-        // Check record type (must be TLS_HANDSHAKE_RECORD_TYPE)
-        if (buffer[0] !== TlsRecordType.HANDSHAKE) {
-            return false;
-        }
-        // Skip version and length in TLS record header (5 bytes total)
-        // Check handshake type at byte 5 (must be CLIENT_HELLO)
-        return buffer[5] === TlsHandshakeType.CLIENT_HELLO;
-    }
-    /**
-     * Gets the record length from a TLS record header
-     * @param buffer Buffer containing a TLS record
-     * @returns The record length if the buffer is valid, -1 otherwise
-     */
-    static getTlsRecordLength(buffer) {
-        if (buffer.length < 5) {
-            return -1;
-        }
-        // Bytes 3-4 contain the record length (big-endian)
-        return (buffer[3] << 8) + buffer[4];
-    }
-    /**
-     * Creates a connection ID based on source/destination information
-     * Used to track fragmented ClientHello messages across multiple packets
-     *
-     * @param connectionInfo Object containing connection identifiers
-     * @returns A string ID for the connection
-     */
-    static createConnectionId(connectionInfo) {
-        const { sourceIp, sourcePort, destIp, destPort } = connectionInfo;
-        return `${sourceIp}:${sourcePort}-${destIp}:${destPort}`;
-    }
-}
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoidGxzLXV0aWxzLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vLi4vdHMvcHJvdG9jb2xzL3Rscy91dGlscy90bHMtdXRpbHMudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUEsT0FBTyxLQUFLLE9BQU8sTUFBTSxxQkFBcUIsQ0FBQztBQUUvQzs7R0FFRztBQUNILE1BQU0sQ0FBTixJQUFZLGFBTVg7QUFORCxXQUFZLGFBQWE7SUFDdkIsOEVBQXVCLENBQUE7SUFDdkIsb0RBQVUsQ0FBQTtJQUNWLDREQUFjLENBQUE7SUFDZCwwRUFBcUIsQ0FBQTtJQUNyQiw0REFBYyxDQUFBO0FBQ2hCLENBQUMsRUFOVyxhQUFhLEtBQWIsYUFBYSxRQU14QjtBQUVEOztHQUVHO0FBQ0gsTUFBTSxDQUFOLElBQVksZ0JBYVg7QUFiRCxXQUFZLGdCQUFnQjtJQUMxQix5RUFBaUIsQ0FBQTtJQUNqQix1RUFBZ0IsQ0FBQTtJQUNoQix1RUFBZ0IsQ0FBQTtJQUNoQixtRkFBc0IsQ0FBQTtJQUN0Qix1RkFBd0IsQ0FBQTtJQUN4QixzRUFBZ0IsQ0FBQTtJQUNoQixzRkFBd0IsQ0FBQTtJQUN4QixzRkFBd0IsQ0FBQTtJQUN4QixrRkFBc0IsQ0FBQTtJQUN0QixvRkFBdUIsQ0FBQTtJQUN2QixzRkFBd0IsQ0FBQTtJQUN4QixnRUFBYSxDQUFBO0FBQ2YsQ0FBQyxFQWJXLGdCQUFnQixLQUFoQixnQkFBZ0IsUUFhM0I7QUFFRDs7R0FFRztBQUNILE1BQU0sQ0FBTixJQUFZLGdCQXVCWDtBQXZCRCxXQUFZLGdCQUFnQjtJQUMxQixxRUFBZSxDQUFBO0lBQ2YscUZBQXVCLENBQUE7SUFDdkIsMkZBQTBCLENBQUE7SUFDMUIsNkVBQW1CLENBQUE7SUFDbkIsMkVBQWtCLENBQUE7SUFDbEIsMkVBQWtCLENBQUE7SUFDbEIsZ0ZBQXFCLENBQUE7SUFDckIsZ0ZBQXFCLENBQUE7SUFDckIsd0ZBQXlCLENBQUE7SUFDekIsNEhBQTJDLENBQUE7SUFDM0Msd0dBQWlDLENBQUE7SUFDakMsOERBQVksQ0FBQTtJQUNaLDRFQUFtQixDQUFBO0lBQ25CLDRFQUFtQixDQUFBO0lBQ25CLG9FQUFlLENBQUE7SUFDZixvRkFBdUIsQ0FBQTtJQUN2Qiw0REFBVyxDQUFBO0lBQ1gsNEZBQTJCLENBQUE7SUFDM0IsOEZBQTRCLENBQUE7SUFDNUIsc0ZBQXdCLENBQUE7SUFDeEIsa0dBQThCLENBQUE7SUFDOUIsa0VBQWMsQ0FBQTtBQUNoQixDQUFDLEVBdkJXLGdCQUFnQixLQUFoQixnQkFBZ0IsUUF1QjNCO0FBRUQ7O0dBRUc7QUFDSCxNQUFNLENBQU4sSUFBWSxhQUdYO0FBSEQsV0FBWSxhQUFhO0lBQ3ZCLHVEQUFXLENBQUE7SUFDWCxtREFBUyxDQUFBO0FBQ1gsQ0FBQyxFQUhXLGFBQWEsS0FBYixhQUFhLFFBR3hCO0FBRUQ7O0dBRUc7QUFDSCxNQUFNLENBQU4sSUFBWSxtQkFtQ1g7QUFuQ0QsV0FBWSxtQkFBbUI7SUFDN0IsNkVBQWdCLENBQUE7SUFDaEIsMEZBQXVCLENBQUE7SUFDdkIsa0ZBQW1CLENBQUE7SUFDbkIsd0ZBQXNCLENBQUE7SUFDdEIsb0ZBQW9CLENBQUE7SUFDcEIsZ0dBQTBCLENBQUE7SUFDMUIsd0ZBQXNCLENBQUE7SUFDdEIsa0ZBQW1CLENBQUE7SUFDbkIsb0ZBQW9CLENBQUE7SUFDcEIsb0dBQTRCLENBQUE7SUFDNUIsNEZBQXdCLENBQUE7SUFDeEIsNEZBQXdCLENBQUE7SUFDeEIsNEZBQXdCLENBQUE7SUFDeEIsd0ZBQXNCLENBQUE7SUFDdEIsMEVBQWUsQ0FBQTtJQUNmLGdGQUFrQixDQUFBO0lBQ2xCLDhFQUFpQixDQUFBO0lBQ2pCLGdGQUFrQixDQUFBO0lBQ2xCLDBGQUF1QixDQUFBO0lBQ3ZCLHNGQUFxQixDQUFBO0lBQ3JCLGdHQUEwQixDQUFBO0lBQzFCLGtGQUFtQixDQUFBO0lBQ25CLGtHQUEyQixDQUFBO0lBQzNCLGdGQUFrQixDQUFBO0lBQ2xCLHVGQUFzQixDQUFBO0lBQ3RCLHlGQUF1QixDQUFBO0lBQ3ZCLGlHQUEyQixDQUFBO0lBQzNCLCtGQUEwQixDQUFBO0lBQzFCLHlGQUF1QixDQUFBO0lBQ3ZCLHFIQUFxQyxDQUFBO0lBQ3JDLDJHQUFnQyxDQUFBO0lBQ2hDLCtGQUEwQixDQUFBO0lBQzFCLHVHQUE4QixDQUFBO0lBQzlCLHFHQUE2QixDQUFBO0FBQy9CLENBQUMsRUFuQ1csbUJBQW1CLEtBQW5CLG1CQUFtQixRQW1DOUI7QUFFRDs7R0FFRztBQUNILE1BQU0sQ0FBQyxNQUFNLFVBQVUsR0FBRztJQUN4QixJQUFJLEVBQUUsQ0FBQyxJQUFJLEVBQUUsSUFBSSxDQUFDO0lBQ2xCLE1BQU0sRUFBRSxDQUFDLElBQUksRUFBRSxJQUFJLENBQUM7SUFDcEIsTUFBTSxFQUFFLENBQUMsSUFBSSxFQUFFLElBQUksQ0FBQztJQUNwQixNQUFNLEVBQUUsQ0FBQyxJQUFJLEVBQUUsSUFBSSxDQUFDO0lBQ3BCLE1BQU0sRUFBRSxDQUFDLElBQUksRUFBRSxJQUFJLENBQUM7Q0FDckIsQ0FBQztBQUVGOztHQUVHO0FBQ0gsTUFBTSxPQUFPLFFBQVE7SUFDbkI7Ozs7T0FJRztJQUNJLE1BQU0sQ0FBQyxjQUFjLENBQUMsTUFBYztRQUN6QyxPQUFPLE1BQU0sQ0FBQyxNQUFNLEdBQUcsQ0FBQyxJQUFJLE1BQU0sQ0FBQyxDQUFDLENBQUMsS0FBSyxhQUFhLENBQUMsU0FBUyxDQUFDO0lBQ3BFLENBQUM7SUFFRDs7OztPQUlHO0lBQ0ksTUFBTSxDQUFDLG9CQUFvQixDQUFDLE1BQWM7UUFDL0MsT0FBTyxNQUFNLENBQUMsTUFBTSxHQUFHLENBQUMsSUFBSSxNQUFNLENBQUMsQ0FBQyxDQUFDLEtBQUssYUFBYSxDQUFDLGdCQUFnQixDQUFDO0lBQzNFLENBQUM7SUFFRDs7OztPQUlHO0lBQ0ksTUFBTSxDQUFDLFVBQVUsQ0FBQyxNQUFjO1FBQ3JDLE9BQU8sTUFBTSxDQUFDLE1BQU0sR0FBRyxDQUFDLElBQUksTUFBTSxDQUFDLENBQUMsQ0FBQyxLQUFLLGFBQWEsQ0FBQyxLQUFLLENBQUM7SUFDaEUsQ0FBQztJQUVEOzs7O09BSUc7SUFDSSxNQUFNLENBQUMsYUFBYSxDQUFDLE1BQWM7UUFDeEMsa0VBQWtFO1FBQ2xFLElBQUksTUFBTSxDQUFDLE1BQU0sR0FBRyxDQUFDLEVBQUUsQ0FBQztZQUN0QixPQUFPLEtBQUssQ0FBQztRQUNmLENBQUM7UUFFRCx3REFBd0Q7UUFDeEQsSUFBSSxNQUFNLENBQUMsQ0FBQyxDQUFDLEtBQUssYUFBYSxDQUFDLFNBQVMsRUFBRSxDQUFDO1lBQzFDLE9BQU8sS0FBSyxDQUFDO1FBQ2YsQ0FBQztRQUVELCtEQUErRDtRQUMvRCx3REFBd0Q7UUFDeEQsT0FBTyxNQUFNLENBQUMsQ0FBQyxDQUFDLEtBQUssZ0JBQWdCLENBQUMsWUFBWSxDQUFDO0lBQ3JELENBQUM7SUFFRDs7OztPQUlHO0lBQ0ksTUFBTSxDQUFDLGtCQUFrQixDQUFDLE1BQWM7UUFDN0MsSUFBSSxNQUFNLENBQUMsTUFBTSxHQUFHLENBQUMsRUFBRSxDQUFDO1lBQ3RCLE9BQU8sQ0FBQyxDQUFDLENBQUM7UUFDWixDQUFDO1FBRUQsbURBQW1EO1FBQ25ELE9BQU8sQ0FBQyxNQUFNLENBQUMsQ0FBQyxDQUFDLElBQUksQ0FBQyxDQUFDLEdBQUcsTUFBTSxDQUFDLENBQUMsQ0FBQyxDQUFDO0lBQ3RDLENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSxNQUFNLENBQUMsa0JBQWtCLENBQUMsY0FLaEM7UUFDQyxNQUFNLEVBQUUsUUFBUSxFQUFFLFVBQVUsRUFBRSxNQUFNLEVBQUUsUUFBUSxFQUFFLEdBQUcsY0FBYyxDQUFDO1FBQ2xFLE9BQU8sR0FBRyxRQUFRLElBQUksVUFBVSxJQUFJLE1BQU0sSUFBSSxRQUFRLEVBQUUsQ0FBQztJQUMzRCxDQUFDO0NBQ0YifQ==