mocktp 0.0.1-security → 3.15.3

package/dist/util/socket-util.js

@@ -0,0 +1,174 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.requireSocketResetSupport = exports.isSocketLoop = exports.isLocalhostAddress = exports.isLocalIPv6Available = void 0;
+exports.isLocalPortActive = isLocalPortActive;
+exports.getParentSocket = getParentSocket;
+exports.resetOrDestroy = resetOrDestroy;
+exports.buildSocketEventData = buildSocketEventData;
+exports.buildSocketTimingInfo = buildSocketTimingInfo;
+const _ = require("lodash");
+const now = require("performance-now");
+const os = require("os");
+const net = require("net");
+const tls = require("tls");
+const http2 = require("http2");
+const util_1 = require("./util");
+// Test if a local port for a given interface (IPv4/6) is currently in use
+async function isLocalPortActive(interfaceIp, port) {
+    if (interfaceIp === '::1' && !exports.isLocalIPv6Available)
+        return false;
+    return new Promise((resolve) => {
+        const server = net.createServer();
+        server.listen({
+            host: interfaceIp,
+            port,
+            ipv6Only: interfaceIp === '::1'
+        });
+        server.once('listening', () => {
+            resolve(false);
+            server.close(() => { });
+        });
+        server.once('error', (e) => {
+            resolve(true);
+        });
+    });
+}
+// This file imported in browsers etc as it's used in handlers, but none of these methods are used
+// directly. It is useful though to guard sections that immediately perform actions:
+exports.isLocalIPv6Available = util_1.isNode
+    ? _.some(os.networkInterfaces(), (addresses) => _.some(addresses, a => a.address === '::1'))
+    : true;
+// We need to normalize ips for comparison, because the same ip may be reported as ::ffff:127.0.0.1
+// and 127.0.0.1 on the two sides of the connection, for the same ip.
+const normalizeIp = (ip) => (ip && ip.startsWith('::ffff:'))
+    ? ip.slice('::ffff:'.length)
+    : ip;
+const isLocalhostAddress = (host) => !!host && ( // Null/undef are something else weird, but not localhost
+host === 'localhost' || // Most common
+    host.endsWith('.localhost') ||
+    host === '::1' || // IPv6
+    normalizeIp(host).match(/^127\.\d{1,3}\.\d{1,3}\.\d{1,3}$/) // 127.0.0.0/8 range
+);
+exports.isLocalhostAddress = isLocalhostAddress;
+// Check whether an incoming socket is the other end of one of our outgoing sockets:
+const isSocketLoop = (outgoingSockets, incomingSocket) => 
+// We effectively just compare the address & port: if they match, we've almost certainly got a loop.
+// I don't think it's generally possible to see the same ip on different interfaces from one process (you need
+// ip-netns network namespaces), but if it is, then there's a tiny chance of false positives here. If we have ip X,
+// and on another interface somebody else has ip X, and they send a request with the same incoming port as an
+// outgoing request we have on the other interface, we'll assume it's a loop. Extremely unlikely imo.
+_.some([...outgoingSockets], (outgoingSocket) => {
+    if (!outgoingSocket.localAddress || !outgoingSocket.localPort) {
+        // It's possible for sockets in outgoingSockets to be closed, in which case these properties
+        // will be undefined. If so, we know they're not relevant to loops, so skip entirely.
+        return false;
+    }
+    else {
+        return normalizeIp(outgoingSocket.localAddress) === normalizeIp(incomingSocket.remoteAddress) &&
+            outgoingSocket.localPort === incomingSocket.remotePort;
+    }
+});
+exports.isSocketLoop = isSocketLoop;
+function getParentSocket(socket) {
+    return socket._parent || // TLS wrapper
+        socket.stream || // SocketWrapper
+        socket._handle?._parentWrap?.stream; // HTTP/2 CONNECT'd TLS wrapper
+}
+const isSocketResetSupported = util_1.isNode
+    ? !!net.Socket.prototype.resetAndDestroy
+    : false; // Avoid errors in browsers
+const requireSocketResetSupport = () => {
+    if (!isSocketResetSupported) {
+        throw new Error('Connection reset is only supported in Node v16.17+, v18.3.0+, or later');
+    }
+};
+exports.requireSocketResetSupport = requireSocketResetSupport;
+const isHttp2Stream = (maybeStream) => 'httpVersion' in maybeStream &&
+    maybeStream.httpVersion?.startsWith('2');
+/**
+ * Reset the socket where possible, or at least destroy it where that's not possible.
+ *
+ * This has a few cases for different layers of socket & tunneling, designed to
+ * simulate a real connection reset as closely as possible. That means, in general,
+ * we unwrap the connection as far as possible whilst still only affecting a single
+ * request.
+ *
+ * In practice, we unwrap HTTP/1 & TLS back as far as we can, until we hit either an
+ * HTTP/2 stream or a raw TCP connection. We then either send a RST_FRAME or a TCP RST
+ * to kill that connection.
+ */
+function resetOrDestroy(requestOrSocket) {
+    let socket = (isHttp2Stream(requestOrSocket) && requestOrSocket.stream)
+        ? requestOrSocket.stream
+        : ('socket' in requestOrSocket && requestOrSocket.socket)
+            ? requestOrSocket.socket
+            : requestOrSocket;
+    while (socket instanceof tls.TLSSocket) {
+        const parent = getParentSocket(socket);
+        if (!parent)
+            break; // Not clear why, but it seems in some cases we run out of parents here
+        socket = parent;
+    }
+    if ('rstCode' in socket) {
+        // It's an HTTP/2 stream instance - let's kill it here.
+        // If it's the innermost stream, i.e. this is the stream of the request we're
+        // resetting, then we want to send an internal error. If it's a tunneling
+        // stream, then we want to send a CONNECT error:
+        const isOuterSocket = socket === requestOrSocket.stream;
+        const errorCode = isOuterSocket
+            ? http2.constants.NGHTTP2_INTERNAL_ERROR
+            : http2.constants.NGHTTP2_CONNECT_ERROR;
+        const h2Stream = socket;
+        h2Stream.close(errorCode);
+    }
+    else {
+        // Must be a net.Socket then, so we let's reset it for real:
+        if (isSocketResetSupported) {
+            try {
+                socket.resetAndDestroy();
+            }
+            catch (error) {
+                // This could fail in funky ways if the socket is not just the right kind
+                // of socket. We should still fail in that case, but it's useful to log
+                // some extra data first beforehand, so we can fix this if it ever happens:
+                console.warn(`Failed to reset on socket of type ${socket.constructor.name} with parent of type ${getParentSocket(socket)?.constructor.name}`);
+                throw error;
+            }
+        }
+        else {
+            socket.destroy();
+        }
+    }
+}
+;
+function buildSocketEventData(socket) {
+    const timingInfo = socket.__timingInfo ||
+        socket._parent?.__timingInfo ||
+        buildSocketTimingInfo();
+    // Attached in passThroughMatchingTls TLS sniffing logic in http-combo-server:
+    const tlsMetadata = socket.__tlsMetadata ||
+        socket._parent?.__tlsMetadata ||
+        {};
+    return {
+        hostname: socket.servername,
+        // These only work because of oncertcb monkeypatch in http-combo-server:
+        remoteIpAddress: socket.remoteAddress || // Normal case
+            socket._parent?.remoteAddress || // Pre-certCB error, e.g. timeout
+            socket.initialRemoteAddress, // Recorded by certCB monkeypatch
+        remotePort: socket.remotePort ||
+            socket._parent?.remotePort ||
+            socket.initialRemotePort,
+        tags: [],
+        timingEvents: {
+            startTime: timingInfo.initialSocket,
+            connectTimestamp: timingInfo.initialSocketTimestamp,
+            tunnelTimestamp: timingInfo.tunnelSetupTimestamp,
+            handshakeTimestamp: timingInfo.tlsConnectedTimestamp
+        },
+        tlsMetadata
+    };
+}
+function buildSocketTimingInfo() {
+    return { initialSocket: Date.now(), initialSocketTimestamp: now() };
+}
+//# sourceMappingURL=socket-util.js.map

package/dist/util/socket-util.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"socket-util.js","sourceRoot":"","sources":["../../src/util/socket-util.ts"],"names":[],"mappings":";;;AAWA,8CAkBC;AA8CD,0CAIC;AA6BD,wCAkDC;AAED,oDA4BC;AAED,sDAEC;AAhMD,4BAA4B;AAC5B,uCAAwC;AACxC,yBAAyB;AACzB,2BAA2B;AAC3B,2BAA2B;AAC3B,+BAA+B;AAE/B,iCAAgC;AAGhC,0EAA0E;AACnE,KAAK,UAAU,iBAAiB,CAAC,WAAgC,EAAE,IAAY;IAClF,IAAI,WAAW,KAAK,KAAK,IAAI,CAAC,4BAAoB;QAAE,OAAO,KAAK,CAAC;IAEjE,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;QAC3B,MAAM,MAAM,GAAG,GAAG,CAAC,YAAY,EAAE,CAAC;QAClC,MAAM,CAAC,MAAM,CAAC;YACV,IAAI,EAAE,WAAW;YACjB,IAAI;YACJ,QAAQ,EAAE,WAAW,KAAK,KAAK;SAClC,CAAC,CAAC;QACH,MAAM,CAAC,IAAI,CAAC,WAAW,EAAE,GAAG,EAAE;YAC1B,OAAO,CAAC,KAAK,CAAC,CAAC;YACf,MAAM,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;QAC3B,CAAC,CAAC,CAAC;QACH,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC,EAAE,EAAE;YACvB,OAAO,CAAC,IAAI,CAAC,CAAC;QAClB,CAAC,CAAC,CAAC;IACP,CAAC,CAAC,CAAC;AACP,CAAC;AAED,kGAAkG;AAClG,oFAAoF;AACvE,QAAA,oBAAoB,GAAG,aAAM;IACtC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,iBAAiB,EAAE,EAC3B,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,KAAK,KAAK,CAAC,CAC7D;IACD,CAAC,CAAC,IAAI,CAAC;AAEX,mGAAmG;AACnG,qEAAqE;AACrE,MAAM,WAAW,GAAG,CAAC,EAA6B,EAAE,EAAE,CAClD,CAAC,EAAE,IAAI,EAAE,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;IAC5B,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,SAAS,CAAC,MAAM,CAAC;IAC5B,CAAC,CAAC,EAAE,CAAC;AAEN,MAAM,kBAAkB,GAAG,CAAC,IAA+B,EAAE,EAAE,CAClE,CAAC,CAAC,IAAI,IAAI,EAAE,yDAAyD;AACjE,IAAI,KAAK,WAAW,IAAI,cAAc;IACtC,IAAI,CAAC,QAAQ,CAAC,YAAY,CAAC;IAC3B,IAAI,KAAK,KAAK,IAAI,OAAO;IACzB,WAAW,CAAC,IAAI,CAAE,CAAC,KAAK,CAAC,kCAAkC,CAAC,CAAC,oBAAoB;CACpF,CAAC;AANO,QAAA,kBAAkB,sBAMzB;AAGN,oFAAoF;AAC7E,MAAM,YAAY,GAAG,CAAC,eAA+C,EAAE,cAA0B,EAAE,EAAE;AACxG,oGAAoG;AAEpG,8GAA8G;AAC9G,mHAAmH;AACnH,6GAA6G;AAC7G,qGAAqG;AAErG,CAAC,CAAC,IAAI,CAAC,CAAC,GAAG,eAAe,CAAC,EAAE,CAAC,cAAc,EAAE,EAAE;IAC5C,IAAI,CAAC,cAAc,CAAC,YAAY,IAAI,CAAC,cAAc,CAAC,SAAS,EAAE,CAAC;QAC5D,4FAA4F;QAC5F,qFAAqF;QACrF,OAAO,KAAK,CAAC;IACjB,CAAC;SAAM,CAAC;QACJ,OAAO,WAAW,CAAC,cAAc,CAAC,YAAY,CAAC,KAAK,WAAW,CAAC,cAAc,CAAC,aAAa,CAAC;YACzF,cAAc,CAAC,SAAS,KAAK,cAAc,CAAC,UAAU,CAAC;IAC/D,CAAC;AACL,CAAC,CAAC,CAAC;AAjBM,QAAA,YAAY,gBAiBlB;AAEP,SAAgB,eAAe,CAAC,MAAkB;IAC9C,OAAO,MAAM,CAAC,OAAO,IAAI,cAAc;QACnC,MAAM,CAAC,MAAM,IAAI,gBAAgB;QAChC,MAAc,CAAC,OAAO,EAAE,WAAW,EAAE,MAAM,CAAC,CAAC,+BAA+B;AACrF,CAAC;AAED,MAAM,sBAAsB,GAAG,aAAM;IACjC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,SAAS,CAAC,eAAe;IACxC,CAAC,CAAC,KAAK,CAAC,CAAC,2BAA2B;AACjC,MAAM,yBAAyB,GAAG,GAAG,EAAE;IAC1C,IAAI,CAAC,sBAAsB,EAAE,CAAC;QAC1B,MAAM,IAAI,KAAK,CACX,wEAAwE,CAC3E,CAAC;IACN,CAAC;AACL,CAAC,CAAC;AANW,QAAA,yBAAyB,6BAMpC;AAEF,MAAM,aAAa,GAAG,CAAC,WAAgB,EAA2C,EAAE,CAChF,aAAa,IAAI,WAAW;IAC5B,WAAW,CAAC,WAAW,EAAE,UAAU,CAAC,GAAG,CAAC,CAAC;AAE7C;;;;;;;;;;;GAWG;AACH,SAAgB,cAAc,CAAC,eAGD;IAE1B,IAAI,MAAM,GACN,CAAC,aAAa,CAAC,eAAe,CAAC,IAAI,eAAe,CAAC,MAAM,CAAC;QACtD,CAAC,CAAC,eAAe,CAAC,MAAM;QAC5B,CAAC,CAAC,CAAC,QAAQ,IAAI,eAAe,IAAI,eAAe,CAAC,MAAM,CAAC;YACrD,CAAC,CAAC,eAAe,CAAC,MAAM;YAC5B,CAAC,CAAC,eAA6B,CAAC;IAEpC,OAAO,MAAM,YAAY,GAAG,CAAC,SAAS,EAAE,CAAC;QACrC,MAAM,MAAM,GAAG,eAAe,CAAC,MAAM,CAAC,CAAC;QACvC,IAAI,CAAC,MAAM;YAAE,MAAM,CAAC,uEAAuE;QAC3F,MAAM,GAAG,MAAM,CAAC;IACpB,CAAC;IAED,IAAI,SAAS,IAAI,MAAM,EAAE,CAAC;QACtB,uDAAuD;QAEvD,6EAA6E;QAC7E,yEAAyE;QACzE,gDAAgD;QAChD,MAAM,aAAa,GAAG,MAAM,KAAM,eAAuB,CAAC,MAAM,CAAC;QAEjE,MAAM,SAAS,GAAG,aAAa;YAC3B,CAAC,CAAC,KAAK,CAAC,SAAS,CAAC,sBAAsB;YACxC,CAAC,CAAC,KAAK,CAAC,SAAS,CAAC,qBAAqB,CAAC;QAE5C,MAAM,QAAQ,GAAG,MAAiC,CAAC;QACnD,QAAQ,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;IAC9B,CAAC;SAAM,CAAC;QACJ,4DAA4D;QAC5D,IAAI,sBAAsB,EAAE,CAAC;YACzB,IAAI,CAAC;gBACD,MAAM,CAAC,eAAgB,EAAE,CAAC;YAC9B,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACb,yEAAyE;gBACzE,uEAAuE;gBACvE,2EAA2E;gBAC3E,OAAO,CAAC,IAAI,CAAC,qCACT,MAAM,CAAC,WAAW,CAAC,IACvB,wBAAwB,eAAe,CAAC,MAAa,CAAC,EAAE,WAAW,CAAC,IAAI,EAAE,CAAC,CAAC;gBAC5E,MAAM,KAAK,CAAC;YAChB,CAAC;QACL,CAAC;aAAM,CAAC;YACJ,MAAM,CAAC,OAAO,EAAE,CAAC;QACrB,CAAC;IACL,CAAC;AACL,CAAC;AAAA,CAAC;AAEF,SAAgB,oBAAoB,CAAC,MAA2C;IAC5E,MAAM,UAAU,GAAG,MAAM,CAAC,YAAY;QAClC,MAAM,CAAC,OAAO,EAAE,YAAY;QAC5B,qBAAqB,EAAE,CAAC;IAE5B,8EAA8E;IAC9E,MAAM,WAAW,GAAG,MAAM,CAAC,aAAa;QACpC,MAAM,CAAC,OAAO,EAAE,aAAa;QAC7B,EAAE,CAAC;IAEP,OAAO;QACH,QAAQ,EAAE,MAAM,CAAC,UAAU;QAC3B,wEAAwE;QACxE,eAAe,EAAE,MAAM,CAAC,aAAa,IAAI,cAAc;YACnD,MAAM,CAAC,OAAO,EAAE,aAAa,IAAI,iCAAiC;YAClE,MAAM,CAAC,oBAAqB,EAAE,iCAAiC;QACnE,UAAU,EAAE,MAAM,CAAC,UAAU;YACzB,MAAM,CAAC,OAAO,EAAE,UAAU;YAC1B,MAAM,CAAC,iBAAkB;QAC7B,IAAI,EAAE,EAAE;QACR,YAAY,EAAE;YACV,SAAS,EAAE,UAAU,CAAC,aAAa;YACnC,gBAAgB,EAAE,UAAU,CAAC,sBAAsB;YACnD,eAAe,EAAE,UAAU,CAAC,oBAAoB;YAChD,kBAAkB,EAAE,UAAU,CAAC,qBAAqB;SACvD;QACD,WAAW;KACd,CAAC;AACN,CAAC;AAED,SAAgB,qBAAqB;IACjC,OAAO,EAAE,aAAa,EAAE,IAAI,CAAC,GAAG,EAAE,EAAE,sBAAsB,EAAE,GAAG,EAAE,EAAE,CAAC;AACxE,CAAC"}

package/dist/util/tls.d.ts

@@ -0,0 +1,68 @@
+export type CAOptions = (CertDataOptions | CertPathOptions);
+export interface CertDataOptions extends BaseCAOptions {
+    key: string;
+    cert: string;
+}
+export interface CertPathOptions extends BaseCAOptions {
+    keyPath: string;
+    certPath: string;
+}
+export interface BaseCAOptions {
+    /**
+     * Minimum key length when generating certificates. Defaults to 2048.
+     */
+    keyLength?: number;
+    /**
+     * The countryName that will be used in the certificate for incoming TLS
+     * connections.
+     */
+    countryName?: string;
+    /**
+     * The localityName that will be used in the certificate for incoming TLS
+     * connections.
+     */
+    localityName?: string;
+    /**
+     * The organizationName that will be used in the certificate for incoming TLS
+     * connections.
+     */
+    organizationName?: string;
+}
+export type PEM = string | string[] | Buffer | Buffer[];
+export type GeneratedCertificate = {
+    key: string;
+    cert: string;
+    ca: string;
+};
+/**
+ * Generate a CA certificate for mocking HTTPS.
+ *
+ * Returns a promise, for an object with key and cert properties,
+ * containing the generated private key and certificate in PEM format.
+ *
+ * These can be saved to disk, and their paths passed
+ * as HTTPS options to a Mockttp server.
+ */
+export declare function generateCACertificate(options?: {
+    commonName?: string;
+    organizationName?: string;
+    countryName?: string;
+    bits?: number;
+    nameConstraints?: {
+        permitted?: string[];
+    };
+}): Promise<{
+    key: string;
+    cert: string;
+}>;
+export declare function generateSPKIFingerprint(certPem: PEM): string;
+export declare function getCA(options: CAOptions): Promise<CA>;
+export declare class CA {
+    private caCert;
+    private caKey;
+    private options;
+    private certCache;
+    constructor(options: CertDataOptions);
+    generateCertificate(domain: string): GeneratedCertificate;
+}
+//# sourceMappingURL=tls.d.ts.map

package/dist/util/tls.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"tls.d.ts","sourceRoot":"","sources":["../../src/util/tls.ts"],"names":[],"mappings":"AAOA,MAAM,MAAM,SAAS,GAAG,CAAC,eAAe,GAAG,eAAe,CAAC,CAAC;AAE5D,MAAM,WAAW,eAAgB,SAAQ,aAAa;IAClD,GAAG,EAAE,MAAM,CAAC;IACZ,IAAI,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,eAAgB,SAAQ,aAAa;IAClD,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,aAAa;IAC1B;;OAEG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;IAEnB;;;OAGG;IACH,WAAW,CAAC,EAAE,MAAM,CAAC;IAErB;;;OAGG;IACH,YAAY,CAAC,EAAE,MAAM,CAAC;IAEtB;;;OAGG;IACH,gBAAgB,CAAC,EAAE,MAAM,CAAC;CAC7B;AAED,MAAM,MAAM,GAAG,GAAG,MAAM,GAAG,MAAM,EAAE,GAAG,MAAM,GAAG,MAAM,EAAE,CAAC;AAExD,MAAM,MAAM,oBAAoB,GAAG;IAC/B,GAAG,EAAE,MAAM,CAAC;IACZ,IAAI,EAAE,MAAM,CAAC;IACb,EAAE,EAAE,MAAM,CAAA;CACb,CAAC;AAEF;;;;;;;;GAQG;AACH,wBAAsB,qBAAqB,CAAC,OAAO,GAAE;IACjD,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,eAAe,CAAC,EAAE;QACd,SAAS,CAAC,EAAE,MAAM,EAAE,CAAA;KACvB,CAAA;CACC;;;GA8DL;AAkDD,wBAAgB,uBAAuB,CAAC,OAAO,EAAE,GAAG,UASnD;AASD,wBAAsB,KAAK,CAAC,OAAO,EAAE,SAAS,GAAG,OAAO,CAAC,EAAE,CAAC,CAoB3D;AAaD,qBAAa,EAAE;IACX,OAAO,CAAC,MAAM,CAAwB;IACtC,OAAO,CAAC,KAAK,CAAuB;IACpC,OAAO,CAAC,OAAO,CAAkB;IAEjC,OAAO,CAAC,SAAS,CAA6C;gBAElD,OAAO,EAAE,eAAe;IAiBpC,mBAAmB,CAAC,MAAM,EAAE,MAAM,GAAG,oBAAoB;CA2F5D"}

package/dist/util/tls.js

@@ -0,0 +1,220 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.CA = void 0;
+exports.generateCACertificate = generateCACertificate;
+exports.generateSPKIFingerprint = generateSPKIFingerprint;
+exports.getCA = getCA;
+const _ = require("lodash");
+const fs = require("fs/promises");
+const uuid_1 = require("uuid");
+const forge = require("node-forge");
+const { asn1, pki, md, util } = forge;
+;
+/**
+ * Generate a CA certificate for mocking HTTPS.
+ *
+ * Returns a promise, for an object with key and cert properties,
+ * containing the generated private key and certificate in PEM format.
+ *
+ * These can be saved to disk, and their paths passed
+ * as HTTPS options to a Mockttp server.
+ */
+async function generateCACertificate(options = {}) {
+    options = _.defaults({}, options, {
+        commonName: 'Mockttp Testing CA - DO NOT TRUST - TESTING ONLY',
+        organizationName: 'Mockttp',
+        countryName: 'XX', // ISO-3166-1 alpha-2 'unknown country' code
+        bits: 2048,
+    });
+    const keyPair = await new Promise((resolve, reject) => {
+        pki.rsa.generateKeyPair({ bits: options.bits }, (error, keyPair) => {
+            if (error)
+                reject(error);
+            else
+                resolve(keyPair);
+        });
+    });
+    const cert = pki.createCertificate();
+    cert.publicKey = keyPair.publicKey;
+    cert.serialNumber = generateSerialNumber();
+    cert.validity.notBefore = new Date();
+    // Make it valid for the last 24h - helps in cases where clocks slightly disagree
+    cert.validity.notBefore.setDate(cert.validity.notBefore.getDate() - 1);
+    cert.validity.notAfter = new Date();
+    // Valid for the next year by default.
+    cert.validity.notAfter.setFullYear(cert.validity.notAfter.getFullYear() + 1);
+    cert.setSubject([
+        // All of these are required for a fully valid CA cert that will be accepted when imported anywhere:
+        { name: 'commonName', value: options.commonName },
+        { name: 'countryName', value: options.countryName },
+        { name: 'organizationName', value: options.organizationName }
+    ]);
+    const extensions = [
+        { name: 'basicConstraints', cA: true, critical: true },
+        { name: 'keyUsage', keyCertSign: true, digitalSignature: true, nonRepudiation: true, cRLSign: true, critical: true },
+        { name: 'subjectKeyIdentifier' },
+    ];
+    const permittedDomains = options.nameConstraints?.permitted || [];
+    if (permittedDomains.length > 0) {
+        extensions.push({
+            critical: true,
+            id: '2.5.29.30',
+            name: 'nameConstraints',
+            value: generateNameConstraints({
+                permitted: permittedDomains,
+            }),
+        });
+    }
+    cert.setExtensions(extensions);
+    // Self-issued too
+    cert.setIssuer(cert.subject.attributes);
+    // Self-sign the certificate - we're the root
+    cert.sign(keyPair.privateKey, md.sha256.create());
+    return {
+        key: pki.privateKeyToPem(keyPair.privateKey),
+        cert: pki.certificateToPem(cert)
+    };
+}
+/**
+ * Generate name constraints in conformance with
+ * [RFC 5280 § 4.2.1.10](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.10)
+ */
+function generateNameConstraints(input) {
+    const domainsToSequence = (ips) => ips.map((domain) => {
+        return asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
+            asn1.create(asn1.Class.CONTEXT_SPECIFIC, 2, false, util.encodeUtf8(domain)),
+        ]);
+    });
+    const permittedAndExcluded = [];
+    if (input.permitted && input.permitted.length > 0) {
+        permittedAndExcluded.push(asn1.create(asn1.Class.CONTEXT_SPECIFIC, 0, true, domainsToSequence(input.permitted)));
+    }
+    return asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, permittedAndExcluded);
+}
+function generateSPKIFingerprint(certPem) {
+    let cert = pki.certificateFromPem(certPem.toString('utf8'));
+    return util.encode64(pki.getPublicKeyFingerprint(cert.publicKey, {
+        type: 'SubjectPublicKeyInfo',
+        md: md.sha256.create(),
+        encoding: 'binary'
+    }));
+}
+// Generates a unique serial number for a certificate as a hex string:
+function generateSerialNumber() {
+    return 'A' + (0, uuid_1.v4)().replace(/-/g, '');
+    // We add a leading 'A' to ensure it's always positive (not 'F') and always
+    // valid (e.g. leading 000 is bad padding, and would be unparseable).
+}
+async function getCA(options) {
+    let certOptions;
+    if ('key' in options && 'cert' in options) {
+        certOptions = options;
+    }
+    else if ('keyPath' in options && 'certPath' in options) {
+        certOptions = await Promise.all([
+            fs.readFile(options.keyPath, 'utf8'),
+            fs.readFile(options.certPath, 'utf8')
+        ]).then(([keyContents, certContents]) => ({
+            ..._.omit(options, ['keyPath', 'certPath']),
+            key: keyContents,
+            cert: certContents
+        }));
+    }
+    else {
+        throw new Error('Unrecognized https options: you need to provide either a keyPath & certPath, or a key & cert.');
+    }
+    return new CA(certOptions);
+}
+// We share a single keypair across all certificates in this process, and
+// instantiate it once when the first CA is created, because it can be
+// expensive (depending on the key length).
+// This would be a terrible idea for a real server, but for a mock server
+// it's ok - if anybody can steal this, they can steal the CA cert anyway.
+let KEY_PAIR;
+class CA {
+    constructor(options) {
+        this.caKey = pki.privateKeyFromPem(options.key.toString());
+        this.caCert = pki.certificateFromPem(options.cert.toString());
+        this.certCache = {};
+        this.options = options ?? {};
+        const keyLength = options.keyLength || 2048;
+        if (!KEY_PAIR || KEY_PAIR.length < keyLength) {
+            // If we have no key, or not a long enough one, generate one.
+            KEY_PAIR = Object.assign(pki.rsa.generateKeyPair(keyLength), { length: keyLength });
+        }
+    }
+    generateCertificate(domain) {
+        // TODO: Expire domains from the cache? Based on their actual expiry?
+        if (this.certCache[domain])
+            return this.certCache[domain];
+        if (domain.includes('_')) {
+            // TLS certificates cannot cover domains with underscores, bizarrely. More info:
+            // https://www.digicert.com/kb/ssl-support/underscores-not-allowed-in-fqdns.htm
+            // To fix this, we use wildcards instead. This is only possible for one level of
+            // certificate, and only for subdomains, so our options are a little limited, but
+            // this should be very rare (because it's not supported elsewhere either).
+            const [, ...otherParts] = domain.split('.');
+            if (otherParts.length <= 1 || // *.com is never valid
+                otherParts.some(p => p.includes('_'))) {
+                throw new Error(`Cannot generate certificate for domain due to underscores: ${domain}`);
+            }
+            // Replace the first part with a wildcard to solve the problem:
+            domain = `*.${otherParts.join('.')}`;
+        }
+        let cert = pki.createCertificate();
+        cert.publicKey = KEY_PAIR.publicKey;
+        cert.serialNumber = generateSerialNumber();
+        cert.validity.notBefore = new Date();
+        // Make it valid for the last 24h - helps in cases where clocks slightly disagree.
+        cert.validity.notBefore.setDate(cert.validity.notBefore.getDate() - 1);
+        cert.validity.notAfter = new Date();
+        // Valid for the next year by default. TODO: Shorten (and expire the cache) automatically.
+        cert.validity.notAfter.setFullYear(cert.validity.notAfter.getFullYear() + 1);
+        cert.setSubject([
+            ...(domain[0] === '*'
+                ? [] // We skip the CN (deprecated, rarely used) for wildcards, since they can't be used here.
+                : [{ name: 'commonName', value: domain }]),
+            { name: 'countryName', value: this.options?.countryName ?? 'XX' }, // ISO-3166-1 alpha-2 'unknown country' code
+            { name: 'localityName', value: this.options?.localityName ?? 'Unknown' },
+            { name: 'organizationName', value: this.options?.organizationName ?? 'Mockttp Cert - DO NOT TRUST' }
+        ]);
+        cert.setIssuer(this.caCert.subject.attributes);
+        const policyList = forge.asn1.create(forge.asn1.Class.UNIVERSAL, forge.asn1.Type.SEQUENCE, true, [
+            forge.asn1.create(forge.asn1.Class.UNIVERSAL, forge.asn1.Type.SEQUENCE, true, [
+                forge.asn1.create(forge.asn1.Class.UNIVERSAL, forge.asn1.Type.OID, false, forge.asn1.oidToDer('2.5.29.32.0').getBytes() // Mark all as Domain Verified
+                )
+            ])
+        ]);
+        cert.setExtensions([
+            { name: 'basicConstraints', cA: false, critical: true },
+            { name: 'keyUsage', digitalSignature: true, keyEncipherment: true, critical: true },
+            { name: 'extKeyUsage', serverAuth: true, clientAuth: true },
+            {
+                name: 'subjectAltName',
+                altNames: [{
+                        type: 2,
+                        value: domain
+                    }]
+            },
+            { name: 'certificatePolicies', value: policyList },
+            { name: 'subjectKeyIdentifier' },
+            {
+                name: 'authorityKeyIdentifier',
+                // We have to calculate this ourselves due to
+                // https://github.com/digitalbazaar/forge/issues/462
+                keyIdentifier: this.caCert // generateSubjectKeyIdentifier is missing from node-forge types
+                .generateSubjectKeyIdentifier().getBytes()
+            }
+        ]);
+        cert.sign(this.caKey, md.sha256.create());
+        const generatedCertificate = {
+            key: pki.privateKeyToPem(KEY_PAIR.privateKey),
+            cert: pki.certificateToPem(cert),
+            ca: pki.certificateToPem(this.caCert)
+        };
+        this.certCache[domain] = generatedCertificate;
+        return generatedCertificate;
+    }
+}
+exports.CA = CA;
+//# sourceMappingURL=tls.js.map

package/dist/util/tls.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"tls.js","sourceRoot":"","sources":["../../src/util/tls.ts"],"names":[],"mappings":";;;AA6DA,sDAsEC;AAkDD,0DASC;AASD,sBAoBC;AA3ND,4BAA4B;AAC5B,kCAAkC;AAClC,+BAAkC;AAClC,oCAAoC;AAEpC,MAAM,EAAE,IAAI,EAAE,GAAG,EAAE,EAAE,EAAE,IAAI,EAAE,GAAG,KAAK,CAAC;AAOrC,CAAC;AAwCF;;;;;;;;GAQG;AACI,KAAK,UAAU,qBAAqB,CAAC,UAQxC,EAAE;IACF,OAAO,GAAG,CAAC,CAAC,QAAQ,CAAC,EAAE,EAAE,OAAO,EAAE;QAC9B,UAAU,EAAE,kDAAkD;QAC9D,gBAAgB,EAAE,SAAS;QAC3B,WAAW,EAAE,IAAI,EAAE,4CAA4C;QAC/D,IAAI,EAAE,IAAI;KACb,CAAC,CAAC;IAEH,MAAM,OAAO,GAAG,MAAM,IAAI,OAAO,CAAwB,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACzE,GAAG,CAAC,GAAG,CAAC,eAAe,CAAC,EAAE,IAAI,EAAE,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,KAAK,EAAE,OAAO,EAAE,EAAE;YAC/D,IAAI,KAAK;gBAAE,MAAM,CAAC,KAAK,CAAC,CAAC;;gBACpB,OAAO,CAAC,OAAO,CAAC,CAAC;QAC1B,CAAC,CAAC,CAAC;IACP,CAAC,CAAC,CAAC;IAEH,MAAM,IAAI,GAAG,GAAG,CAAC,iBAAiB,EAAE,CAAC;IACrC,IAAI,CAAC,SAAS,GAAG,OAAO,CAAC,SAAS,CAAC;IACnC,IAAI,CAAC,YAAY,GAAG,oBAAoB,EAAE,CAAC;IAE3C,IAAI,CAAC,QAAQ,CAAC,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC;IACrC,iFAAiF;IACjF,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC,CAAC;IAEvE,IAAI,CAAC,QAAQ,CAAC,QAAQ,GAAG,IAAI,IAAI,EAAE,CAAC;IACpC,sCAAsC;IACtC,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,WAAW,EAAE,GAAG,CAAC,CAAC,CAAC;IAE7E,IAAI,CAAC,UAAU,CAAC;QACZ,oGAAoG;QACpG,EAAE,IAAI,EAAE,YAAY,EAAE,KAAK,EAAE,OAAO,CAAC,UAAU,EAAE;QACjD,EAAE,IAAI,EAAE,aAAa,EAAE,KAAK,EAAE,OAAO,CAAC,WAAW,EAAE;QACnD,EAAE,IAAI,EAAE,kBAAkB,EAAE,KAAK,EAAE,OAAO,CAAC,gBAAgB,EAAE;KAChE,CAAC,CAAC;IAEH,MAAM,UAAU,GAAU;QACtB,EAAE,IAAI,EAAE,kBAAkB,EAAE,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE;QACtD,EAAE,IAAI,EAAE,UAAU,EAAE,WAAW,EAAE,IAAI,EAAE,gBAAgB,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE;QACpH,EAAE,IAAI,EAAE,sBAAsB,EAAE;KACnC,CAAC;IACF,MAAM,gBAAgB,GAAG,OAAO,CAAC,eAAe,EAAE,SAAS,IAAI,EAAE,CAAC;IAClE,IAAG,gBAAgB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC7B,UAAU,CAAC,IAAI,CAAC;YACZ,QAAQ,EAAE,IAAI;YACd,EAAE,EAAE,WAAW;YACf,IAAI,EAAE,iBAAiB;YACvB,KAAK,EAAE,uBAAuB,CAAC;gBAC7B,SAAS,EAAE,gBAAgB;aAC5B,CAAC;SACL,CAAC,CAAA;IACN,CAAC;IACD,IAAI,CAAC,aAAa,CAAC,UAAU,CAAC,CAAC;IAE/B,kBAAkB;IAClB,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;IAExC,6CAA6C;IAC7C,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,UAAU,EAAE,EAAE,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC;IAElD,OAAO;QACH,GAAG,EAAE,GAAG,CAAC,eAAe,CAAC,OAAO,CAAC,UAAU,CAAC;QAC5C,IAAI,EAAE,GAAG,CAAC,gBAAgB,CAAC,IAAI,CAAC;KACnC,CAAC;AACN,CAAC;AAUD;;;GAGG;AACH,SAAS,uBAAuB,CAC5B,KAAmC;IAEnC,MAAM,iBAAiB,GAAG,CAAC,GAAa,EAAE,EAAE,CACxC,GAAG,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE;QACf,OAAO,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,SAAS,EAAE,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,EAAE;YAC/D,IAAI,CAAC,MAAM,CACP,IAAI,CAAC,KAAK,CAAC,gBAAgB,EAC3B,CAAC,EACD,KAAK,EACL,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,CAC1B;SACJ,CAAC,CAAC;IACP,CAAC,CAAC,CAAC;IAEP,MAAM,oBAAoB,GAAsB,EAAE,CAAC;IAEnD,IAAI,KAAK,CAAC,SAAS,IAAI,KAAK,CAAC,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAChD,oBAAoB,CAAC,IAAI,CACrB,IAAI,CAAC,MAAM,CACP,IAAI,CAAC,KAAK,CAAC,gBAAgB,EAC3B,CAAC,EACD,IAAI,EACJ,iBAAiB,CAAC,KAAK,CAAC,SAAS,CAAC,CACrC,CACJ,CAAC;IACN,CAAC;IAED,OAAO,IAAI,CAAC,MAAM,CACd,IAAI,CAAC,KAAK,CAAC,SAAS,EACpB,IAAI,CAAC,IAAI,CAAC,QAAQ,EAClB,IAAI,EACJ,oBAAoB,CACvB,CAAC;AACN,CAAC;AAED,SAAgB,uBAAuB,CAAC,OAAY;IAChD,IAAI,IAAI,GAAG,GAAG,CAAC,kBAAkB,CAAC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC;IAC5D,OAAO,IAAI,CAAC,QAAQ,CAChB,GAAG,CAAC,uBAAuB,CAAC,IAAI,CAAC,SAAS,EAAE;QACxC,IAAI,EAAE,sBAAsB;QAC5B,EAAE,EAAE,EAAE,CAAC,MAAM,CAAC,MAAM,EAAE;QACtB,QAAQ,EAAE,QAAQ;KACrB,CAAC,CACL,CAAC;AACN,CAAC;AAED,sEAAsE;AACtE,SAAS,oBAAoB;IACzB,OAAO,GAAG,GAAG,IAAA,SAAI,GAAE,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;IACtC,2EAA2E;IAC3E,qEAAqE;AACzE,CAAC;AAEM,KAAK,UAAU,KAAK,CAAC,OAAkB;IAC1C,IAAI,WAA4B,CAAC;IACjC,IAAI,KAAK,IAAI,OAAO,IAAI,MAAM,IAAI,OAAO,EAAE,CAAC;QACxC,WAAW,GAAG,OAAO,CAAC;IAC1B,CAAC;SACI,IAAI,SAAS,IAAI,OAAO,IAAI,UAAU,IAAI,OAAO,EAAE,CAAC;QACrD,WAAW,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC;YAC5B,EAAE,CAAC,QAAQ,CAAC,OAAO,CAAC,OAAO,EAAE,MAAM,CAAC;YACpC,EAAE,CAAC,QAAQ,CAAC,OAAO,CAAC,QAAQ,EAAE,MAAM,CAAC;SACxC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAE,WAAW,EAAE,YAAY,CAAE,EAAE,EAAE,CAAC,CAAC;YACxC,GAAG,CAAC,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC,SAAS,EAAE,UAAU,CAAC,CAAC;YAC3C,GAAG,EAAE,WAAW;YAChB,IAAI,EAAE,YAAY;SACrB,CAAC,CAAC,CAAC;IACR,CAAC;SACI,CAAC;QACF,MAAM,IAAI,KAAK,CAAC,+FAA+F,CAAC,CAAA;IACpH,CAAC;IAED,OAAO,IAAI,EAAE,CAAC,WAAW,CAAC,CAAC;AAC/B,CAAC;AAED,yEAAyE;AACzE,sEAAsE;AACtE,2CAA2C;AAC3C,yEAAyE;AACzE,0EAA0E;AAC1E,IAAI,QAIS,CAAC;AAEd,MAAa,EAAE;IAOX,YAAY,OAAwB;QAChC,IAAI,CAAC,KAAK,GAAG,GAAG,CAAC,iBAAiB,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC,CAAC;QAC3D,IAAI,CAAC,MAAM,GAAG,GAAG,CAAC,kBAAkB,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC,CAAC;QAC9D,IAAI,CAAC,SAAS,GAAG,EAAE,CAAC;QACpB,IAAI,CAAC,OAAO,GAAG,OAAO,IAAI,EAAE,CAAC;QAE7B,MAAM,SAAS,GAAG,OAAO,CAAC,SAAS,IAAI,IAAI,CAAC;QAE5C,IAAI,CAAC,QAAQ,IAAI,QAAQ,CAAC,MAAM,GAAG,SAAS,EAAE,CAAC;YAC3C,6DAA6D;YAC7D,QAAQ,GAAG,MAAM,CAAC,MAAM,CACpB,GAAG,CAAC,GAAG,CAAC,eAAe,CAAC,SAAS,CAAC,EAClC,EAAE,MAAM,EAAE,SAAS,EAAE,CACxB,CAAC;QACN,CAAC;IACL,CAAC;IAED,mBAAmB,CAAC,MAAc;QAC9B,qEAAqE;QACrE,IAAI,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC;YAAE,OAAO,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;QAE1D,IAAI,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;YACvB,gFAAgF;YAChF,+EAA+E;YAC/E,gFAAgF;YAChF,iFAAiF;YACjF,0EAA0E;YAC1E,MAAM,CAAE,AAAD,EAAG,GAAG,UAAU,CAAC,GAAG,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YAC7C,IACI,UAAU,CAAC,MAAM,IAAI,CAAC,IAAI,uBAAuB;gBACjD,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,EACvC,CAAC;gBACC,MAAM,IAAI,KAAK,CAAC,8DAA8D,MAAM,EAAE,CAAC,CAAC;YAC5F,CAAC;YAED,+DAA+D;YAC/D,MAAM,GAAG,KAAK,UAAU,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;QACzC,CAAC;QAED,IAAI,IAAI,GAAG,GAAG,CAAC,iBAAiB,EAAE,CAAC;QAEnC,IAAI,CAAC,SAAS,GAAG,QAAS,CAAC,SAAS,CAAC;QACrC,IAAI,CAAC,YAAY,GAAG,oBAAoB,EAAE,CAAC;QAE3C,IAAI,CAAC,QAAQ,CAAC,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC;QACrC,kFAAkF;QAClF,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC,CAAC;QAEvE,IAAI,CAAC,QAAQ,CAAC,QAAQ,GAAG,IAAI,IAAI,EAAE,CAAC;QACpC,0FAA0F;QAC1F,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,WAAW,EAAE,GAAG,CAAC,CAAC,CAAC;QAE7E,IAAI,CAAC,UAAU,CAAC;YACZ,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,GAAG;gBACjB,CAAC,CAAC,EAAE,CAAC,yFAAyF;gBAC9F,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,YAAY,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,CAC5C;YACD,EAAE,IAAI,EAAE,aAAa,EAAE,KAAK,EAAE,IAAI,CAAC,OAAO,EAAE,WAAW,IAAI,IAAI,EAAE,EAAE,4CAA4C;YAC/G,EAAE,IAAI,EAAE,cAAc,EAAE,KAAK,EAAE,IAAI,CAAC,OAAO,EAAE,YAAY,IAAI,SAAS,EAAE;YACxE,EAAE,IAAI,EAAE,kBAAkB,EAAE,KAAK,EAAE,IAAI,CAAC,OAAO,EAAE,gBAAgB,IAAI,6BAA6B,EAAE;SACvG,CAAC,CAAC;QACH,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;QAE/C,MAAM,UAAU,GAAG,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,SAAS,EAAE,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,EAAE;YAC7F,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,SAAS,EAAE,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,EAAE;gBAC1E,KAAK,CAAC,IAAI,CAAC,MAAM,CACb,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,SAAS,EAC1B,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EACnB,KAAK,EACL,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC,QAAQ,EAAE,CAAC,8BAA8B;iBAC/E;aACJ,CAAC;SACL,CAAC,CAAC;QAEH,IAAI,CAAC,aAAa,CAAC;YACf,EAAE,IAAI,EAAE,kBAAkB,EAAE,EAAE,EAAE,KAAK,EAAE,QAAQ,EAAE,IAAI,EAAE;YACvD,EAAE,IAAI,EAAE,UAAU,EAAE,gBAAgB,EAAE,IAAI,EAAE,eAAe,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE;YACnF,EAAE,IAAI,EAAE,aAAa,EAAE,UAAU,EAAE,IAAI,EAAE,UAAU,EAAE,IAAI,EAAE;YAC3D;gBACI,IAAI,EAAE,gBAAgB;gBACtB,QAAQ,EAAE,CAAC;wBACP,IAAI,EAAE,CAAC;wBACP,KAAK,EAAE,MAAM;qBAChB,CAAC;aACL;YACD,EAAE,IAAI,EAAE,qBAAqB,EAAE,KAAK,EAAE,UAAU,EAAE;YAClD,EAAE,IAAI,EAAE,sBAAsB,EAAE;YAChC;gBACI,IAAI,EAAE,wBAAwB;gBAC9B,6CAA6C;gBAC7C,oDAAoD;gBACpD,aAAa,EACT,IAAI,CAAC,MAAa,CAAC,gEAAgE;gBACtF,CAAC,4BAA4B,EAAE,CAAC,QAAQ,EAAE;aAC9C;SACJ,CAAC,CAAC;QAEH,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,EAAE,EAAE,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC;QAE1C,MAAM,oBAAoB,GAAG;YACzB,GAAG,EAAE,GAAG,CAAC,eAAe,CAAC,QAAS,CAAC,UAAU,CAAC;YAC9C,IAAI,EAAE,GAAG,CAAC,gBAAgB,CAAC,IAAI,CAAC;YAChC,EAAE,EAAE,GAAG,CAAC,gBAAgB,CAAC,IAAI,CAAC,MAAM,CAAC;SACxC,CAAC;QAEF,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,GAAG,oBAAoB,CAAC;QAC9C,OAAO,oBAAoB,CAAC;IAChC,CAAC;CACJ;AAnHD,gBAmHC"}

package/dist/util/type-utils.d.ts

@@ -0,0 +1,14 @@
+export type Omit<T, K> = Pick<T, Exclude<keyof T, K>>;
+export type RequireProps<T, K extends keyof T> = Omit<T, K> & Required<Pick<T, K>>;
+export type MaybePromise<T> = T | Promise<T>;
+type SubsetKeyOf<T, Ks extends keyof T = keyof T> = Ks;
+export type Replace<T, KV extends {
+    [K in SubsetKeyOf<T, any>]: unknown;
+}> = Omit<T, keyof KV> & {
+    [K in keyof KV]: KV[K];
+};
+export type Mutable<T> = {
+    -readonly [K in keyof T]: T[K];
+};
+export {};
+//# sourceMappingURL=type-utils.d.ts.map

package/dist/util/type-utils.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"type-utils.d.ts","sourceRoot":"","sources":["../../src/util/type-utils.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,IAAI,CAAC,CAAC,EAAE,CAAC,IAAI,IAAI,CAAC,CAAC,EAAE,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;AAGtD,MAAM,MAAM,YAAY,CAAC,CAAC,EAAE,CAAC,SAAS,MAAM,CAAC,IACzC,IAAI,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;AAEtC,MAAM,MAAM,YAAY,CAAC,CAAC,IAAI,CAAC,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;AAE7C,KAAK,WAAW,CAAC,CAAC,EAAE,EAAE,SAAS,MAAM,CAAC,GAAG,MAAM,CAAC,IAAI,EAAE,CAAC;AACvD,MAAM,MAAM,OAAO,CAAC,CAAC,EAAE,EAAE,SAAS;KAAG,CAAC,IAAI,WAAW,CAAC,CAAC,EAAE,GAAG,CAAC,GAAG,OAAO;CAAE,IACrE,IAAI,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,GAAG;KAAG,CAAC,IAAI,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC;CAAE,CAAC;AAEnD,MAAM,MAAM,OAAO,CAAC,CAAC,IAAI;IACrB,CAAC,UAAU,CAAC,IAAI,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;CACjC,CAAA"}

package/dist/util/type-utils.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=type-utils.js.map

package/dist/util/type-utils.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"type-utils.js","sourceRoot":"","sources":["../../src/util/type-utils.ts"],"names":[],"mappings":""}

package/dist/util/url.d.ts

@@ -0,0 +1,17 @@
+export declare const isAbsoluteUrl: (url: string) => boolean;
+export declare const isRelativeUrl: (url: string) => boolean;
+export declare const isAbsoluteProtocollessUrl: (url: string) => boolean;
+export declare const getUrlWithoutProtocol: (url: string) => string;
+export declare const getPathFromAbsoluteUrl: (url: string) => string;
+export declare const getEffectivePort: (url: {
+    protocol: string | null;
+    port: string | null;
+}) => number;
+/**
+ * Normalizes URLs to the form used when matching them.
+ *
+ * This accepts URLs in all three formats: relative, absolute, and protocolless-absolute,
+ * and returns them in the same format but normalized.
+ */
+export declare const normalizeUrl: (url: string) => string;
+//# sourceMappingURL=url.d.ts.map

package/dist/util/url.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"url.d.ts","sourceRoot":"","sources":["../../src/util/url.ts"],"names":[],"mappings":"AAOA,eAAO,MAAM,aAAa,QAAS,MAAM,YAEG,CAAC;AAE7C,eAAO,MAAM,aAAa,QAAS,MAAM,YAClB,CAAC;AAExB,eAAO,MAAM,yBAAyB,QAAS,MAAM,YACP,CAAC;AAE/C,eAAO,MAAM,qBAAqB,QAAS,MAAM,KAAG,MAEnD,CAAA;AAED,eAAO,MAAM,sBAAsB,QAAS,MAAM,WAOjD,CAAA;AAED,eAAO,MAAM,gBAAgB,QAAS;IAAE,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;IAAC,IAAI,EAAE,MAAM,GAAG,IAAI,CAAA;CAAE,WAQrF,CAAA;AAED;;;;;GAKG;AACH,eAAO,MAAM,YAAY,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,MAkEvC,CAAC"}

package/dist/util/url.js

@@ -0,0 +1,96 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.normalizeUrl = exports.getEffectivePort = exports.getPathFromAbsoluteUrl = exports.getUrlWithoutProtocol = exports.isAbsoluteProtocollessUrl = exports.isRelativeUrl = exports.isAbsoluteUrl = void 0;
+const url = require("url");
+const _ = require("lodash");
+const util_1 = require("./util");
+// Is this URL fully qualified?
+// Note that this supports only HTTP - no websockets or anything else.
+const isAbsoluteUrl = (url) => url.toLowerCase().startsWith('http://') ||
+    url.toLowerCase().startsWith('https://');
+exports.isAbsoluteUrl = isAbsoluteUrl;
+const isRelativeUrl = (url) => url.startsWith('/');
+exports.isRelativeUrl = isRelativeUrl;
+const isAbsoluteProtocollessUrl = (url) => !(0, exports.isAbsoluteUrl)(url) && !(0, exports.isRelativeUrl)(url);
+exports.isAbsoluteProtocollessUrl = isAbsoluteProtocollessUrl;
+const getUrlWithoutProtocol = (url) => {
+    return url.split('://', 2).slice(-1).join('');
+};
+exports.getUrlWithoutProtocol = getUrlWithoutProtocol;
+const getPathFromAbsoluteUrl = (url) => {
+    const pathIndex = (0, util_1.nthIndexOf)(url, '/', 3);
+    if (pathIndex !== -1) {
+        return url.slice(pathIndex);
+    }
+    else {
+        return '';
+    }
+};
+exports.getPathFromAbsoluteUrl = getPathFromAbsoluteUrl;
+const getEffectivePort = (url) => {
+    if (url.port) {
+        return parseInt(url.port, 10);
+    }
+    else if (url.protocol === 'https:' || url.protocol === 'wss:') {
+        return 443;
+    }
+    else {
+        return 80;
+    }
+};
+exports.getEffectivePort = getEffectivePort;
+/**
+ * Normalizes URLs to the form used when matching them.
+ *
+ * This accepts URLs in all three formats: relative, absolute, and protocolless-absolute,
+ * and returns them in the same format but normalized.
+ */
+exports.normalizeUrl = _.memoize((urlInput) => {
+    let parsedUrl;
+    let isProtocolless = false;
+    try {
+        // Strip the query and anything following it
+        const queryIndex = urlInput.indexOf('?');
+        if (queryIndex !== -1) {
+            urlInput = urlInput.slice(0, queryIndex);
+        }
+        if ((0, exports.isAbsoluteProtocollessUrl)(urlInput)) {
+            parsedUrl = url.parse('http://' + urlInput);
+            isProtocolless = true;
+        }
+        else {
+            parsedUrl = url.parse(urlInput);
+        }
+        // Trim out lots of the bits we don't like:
+        delete parsedUrl.host;
+        delete parsedUrl.query;
+        delete parsedUrl.search;
+        delete parsedUrl.hash;
+        if (parsedUrl.pathname) {
+            parsedUrl.pathname = parsedUrl.pathname.replace(/\%[A-Fa-z0-9]{2}/g, (encoded) => encoded.toUpperCase()).replace(/[^\u0000-\u007F]+/g, (unicodeChar) => encodeURIComponent(unicodeChar));
+        }
+        if (parsedUrl.hostname && parsedUrl.hostname.endsWith('.')) {
+            parsedUrl.hostname = parsedUrl.hostname.slice(0, -1);
+        }
+        if ((parsedUrl.protocol === 'https:' && parsedUrl.port === '443') ||
+            (parsedUrl.protocol === 'http:' && parsedUrl.port === '80')) {
+            delete parsedUrl.port;
+        }
+    }
+    catch (e) {
+        console.log(`Failed to normalize URL ${urlInput}`);
+        console.log(e);
+        if (!parsedUrl)
+            return urlInput; // Totally unparseble: use as-is
+        // If we've successfully parsed it, we format what we managed
+        // and leave it at that:
+    }
+    let normalizedUrl = url.format(parsedUrl);
+    // If the URL came in with no protocol, it should leave with
+    // no protocol (protocol added temporarily above to allow parsing)
+    if (isProtocolless) {
+        normalizedUrl = normalizedUrl.slice('http://'.length);
+    }
+    return normalizedUrl;
+});
+//# sourceMappingURL=url.js.map

package/dist/util/url.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"url.js","sourceRoot":"","sources":["../../src/util/url.ts"],"names":[],"mappings":";;;AAAA,2BAA2B;AAC3B,4BAA4B;AAE5B,iCAAoC;AAEpC,+BAA+B;AAC/B,sEAAsE;AAC/D,MAAM,aAAa,GAAG,CAAC,GAAW,EAAE,EAAE,CACzC,GAAG,CAAC,WAAW,EAAE,CAAC,UAAU,CAAC,SAAS,CAAC;IACvC,GAAG,CAAC,WAAW,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC;AAFhC,QAAA,aAAa,iBAEmB;AAEtC,MAAM,aAAa,GAAG,CAAC,GAAW,EAAE,EAAE,CACzC,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;AADX,QAAA,aAAa,iBACF;AAEjB,MAAM,yBAAyB,GAAG,CAAC,GAAW,EAAE,EAAE,CACrD,CAAC,IAAA,qBAAa,EAAC,GAAG,CAAC,IAAI,CAAC,IAAA,qBAAa,EAAC,GAAG,CAAC,CAAC;AADlC,QAAA,yBAAyB,6BACS;AAExC,MAAM,qBAAqB,GAAG,CAAC,GAAW,EAAU,EAAE;IACzD,OAAO,GAAG,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;AAClD,CAAC,CAAA;AAFY,QAAA,qBAAqB,yBAEjC;AAEM,MAAM,sBAAsB,GAAG,CAAC,GAAW,EAAE,EAAE;IAClD,MAAM,SAAS,GAAG,IAAA,iBAAU,EAAC,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC;IAC1C,IAAI,SAAS,KAAK,CAAC,CAAC,EAAE,CAAC;QACnB,OAAO,GAAG,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;IAChC,CAAC;SAAM,CAAC;QACJ,OAAO,EAAE,CAAC;IACd,CAAC;AACL,CAAC,CAAA;AAPY,QAAA,sBAAsB,0BAOlC;AAEM,MAAM,gBAAgB,GAAG,CAAC,GAAqD,EAAE,EAAE;IACtF,IAAI,GAAG,CAAC,IAAI,EAAE,CAAC;QACX,OAAO,QAAQ,CAAC,GAAG,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;IAClC,CAAC;SAAM,IAAI,GAAG,CAAC,QAAQ,KAAK,QAAQ,IAAI,GAAG,CAAC,QAAQ,KAAK,MAAM,EAAE,CAAC;QAC9D,OAAO,GAAG,CAAC;IACf,CAAC;SAAM,CAAC;QACJ,OAAO,EAAE,CAAC;IACd,CAAC;AACL,CAAC,CAAA;AARY,QAAA,gBAAgB,oBAQ5B;AAED;;;;;GAKG;AACU,QAAA,YAAY,GACrB,CAAC,CAAC,OAAO,CACL,CAAC,QAAgB,EAAU,EAAE;IACzB,IAAI,SAAsD,CAAC;IAE3D,IAAI,cAAc,GAAG,KAAK,CAAC;IAE3B,IAAI,CAAC;QACD,4CAA4C;QAC5C,MAAM,UAAU,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QACzC,IAAI,UAAU,KAAK,CAAC,CAAC,EAAE,CAAC;YACpB,QAAQ,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,UAAU,CAAC,CAAC;QAC7C,CAAC;QAED,IAAI,IAAA,iCAAyB,EAAC,QAAQ,CAAC,EAAE,CAAC;YACtC,SAAS,GAAG,GAAG,CAAC,KAAK,CAAC,SAAS,GAAG,QAAQ,CAAC,CAAC;YAC5C,cAAc,GAAG,IAAI,CAAC;QAC1B,CAAC;aAAM,CAAC;YACJ,SAAS,GAAG,GAAG,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;QACpC,CAAC;QAED,2CAA2C;QAC3C,OAAO,SAAS,CAAC,IAAI,CAAC;QACtB,OAAO,SAAS,CAAC,KAAK,CAAC;QACvB,OAAO,SAAS,CAAC,MAAM,CAAC;QACxB,OAAO,SAAS,CAAC,IAAI,CAAC;QAEtB,IAAI,SAAS,CAAC,QAAQ,EAAE,CAAC;YACrB,SAAS,CAAC,QAAQ,GAAG,SAAS,CAAC,QAAQ,CAAC,OAAO,CAC3C,mBAAmB,EACnB,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,WAAW,EAAE,CACrC,CAAC,OAAO,CACL,oBAAoB,EACpB,CAAC,WAAW,EAAE,EAAE,CAAC,kBAAkB,CAAC,WAAW,CAAC,CACnD,CAAC;QACN,CAAC;QAED,IAAI,SAAS,CAAC,QAAQ,IAAI,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;YACzD,SAAS,CAAC,QAAQ,GAAG,SAAS,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;QACzD,CAAC;QAED,IACI,CAAC,SAAS,CAAC,QAAQ,KAAK,QAAQ,IAAI,SAAS,CAAC,IAAI,KAAK,KAAK,CAAC;YAC7D,CAAC,SAAS,CAAC,QAAQ,KAAK,OAAO,IAAI,SAAS,CAAC,IAAI,KAAK,IAAI,CAAC,EAC7D,CAAC;YACC,OAAO,SAAS,CAAC,IAAI,CAAC;QAC1B,CAAC;IACL,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACT,OAAO,CAAC,GAAG,CAAC,2BAA2B,QAAQ,EAAE,CAAC,CAAC;QACnD,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;QAEf,IAAI,CAAC,SAAS;YAAE,OAAO,QAAQ,CAAC,CAAC,gCAAgC;QACjE,6DAA6D;QAC7D,wBAAwB;IAC5B,CAAC;IAED,IAAI,aAAa,GAAG,GAAG,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IAE1C,4DAA4D;IAC5D,kEAAkE;IAClE,IAAI,cAAc,EAAE,CAAC;QACjB,aAAa,GAAG,aAAa,CAAC,KAAK,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;IAC1D,CAAC;IAED,OAAO,aAAa,CAAC;AACzB,CAAC,CACJ,CAAC"}