node-rtc-connection 1.0.11 → 1.0.14

package/src/STUNClient.js

@@ -1,222 +0,0 @@
-/**
- * STUN Client Implementation (RFC 5389)
- * Pure Node.js implementation using dgram
- */
-
-const dgram = require('dgram');
-const crypto = require('crypto');
-
-// STUN Message Types
-const STUN_BINDING_REQUEST = 0x0001;
-const STUN_BINDING_RESPONSE = 0x0101;
-
-// STUN Attributes
-const ATTR_MAPPED_ADDRESS = 0x0001;
-const ATTR_XOR_MAPPED_ADDRESS = 0x0020;
-
-// STUN Magic Cookie
-const MAGIC_COOKIE = 0x2112A442;
-
-class STUNClient {
-  constructor() {
-    this.socket = null;
-    this.timeout = 5000;
-  }
-
-  /**
-   * Get public IP and port by querying STUN server
-   * @param {string} stunServer - STUN server address (e.g., 'stun.l.google.com:19302')
-   * @returns {Promise<{ip: string, port: number, type: string}>}
-   */
-  async getReflexiveAddress(stunServer = 'stun.l.google.com:19302') {
-    return new Promise((resolve, reject) => {
-      const [host, portStr] = stunServer.split(':');
-      const port = parseInt(portStr, 10);
-
-      // Create UDP socket
-      this.socket = dgram.createSocket('udp4');
-      
-      const transactionId = crypto.randomBytes(12);
-      let resolved = false;
-
-      const timeout = setTimeout(() => {
-        if (!resolved) {
-          resolved = true;
-          this.socket.close();
-          reject(new Error('STUN request timeout'));
-        }
-      }, this.timeout);
-
-      this.socket.on('error', (err) => {
-        if (!resolved) {
-          resolved = true;
-          clearTimeout(timeout);
-          this.socket.close();
-          reject(err);
-        }
-      });
-
-      this.socket.on('message', (msg) => {
-        if (resolved) return;
-
-        try {
-          const result = this._parseSTUNResponse(msg, transactionId);
-          if (result) {
-            resolved = true;
-            clearTimeout(timeout);
-            this.socket.close();
-            resolve(result);
-          }
-        } catch (err) {
-          resolved = true;
-          clearTimeout(timeout);
-          this.socket.close();
-          reject(err);
-        }
-      });
-
-      // Send STUN Binding Request
-      const request = this._createBindingRequest(transactionId);
-      this.socket.send(request, port, host, (err) => {
-        if (err && !resolved) {
-          resolved = true;
-          clearTimeout(timeout);
-          this.socket.close();
-          reject(err);
-        }
-      });
-    });
-  }
-
-  /**
-   * Create STUN Binding Request
-   * @private
-   */
-  _createBindingRequest(transactionId) {
-    const buffer = Buffer.allocUnsafe(20);
-    
-    // Message Type (2 bytes)
-    buffer.writeUInt16BE(STUN_BINDING_REQUEST, 0);
-    
-    // Message Length (2 bytes) - 0 for no attributes
-    buffer.writeUInt16BE(0, 2);
-    
-    // Magic Cookie (4 bytes)
-    buffer.writeUInt32BE(MAGIC_COOKIE, 4);
-    
-    // Transaction ID (12 bytes)
-    transactionId.copy(buffer, 8);
-    
-    return buffer;
-  }
-
-  /**
-   * Parse STUN Response
-   * @private
-   */
-  _parseSTUNResponse(msg, expectedTransactionId) {
-    if (msg.length < 20) {
-      throw new Error('Invalid STUN response: too short');
-    }
-
-    const messageType = msg.readUInt16BE(0);
-    const messageLength = msg.readUInt16BE(2);
-    const magicCookie = msg.readUInt32BE(4);
-    const transactionId = msg.slice(8, 20);
-
-    // Verify this is a binding response
-    if (messageType !== STUN_BINDING_RESPONSE) {
-      return null;
-    }
-
-    // Verify magic cookie
-    if (magicCookie !== MAGIC_COOKIE) {
-      throw new Error('Invalid STUN response: bad magic cookie');
-    }
-
-    // Verify transaction ID
-    if (!transactionId.equals(expectedTransactionId)) {
-      return null;
-    }
-
-    // Parse attributes
-    let offset = 20;
-    while (offset < 20 + messageLength) {
-      const attrType = msg.readUInt16BE(offset);
-      const attrLength = msg.readUInt16BE(offset + 2);
-      const attrValue = msg.slice(offset + 4, offset + 4 + attrLength);
-
-      if (attrType === ATTR_XOR_MAPPED_ADDRESS) {
-        return this._parseXorMappedAddress(attrValue, transactionId);
-      } else if (attrType === ATTR_MAPPED_ADDRESS) {
-        return this._parseMappedAddress(attrValue);
-      }
-
-      // Move to next attribute (with padding)
-      offset += 4 + attrLength;
-      if (attrLength % 4 !== 0) {
-        offset += 4 - (attrLength % 4);
-      }
-    }
-
-    throw new Error('No mapped address in STUN response');
-  }
-
-  /**
-   * Parse XOR-MAPPED-ADDRESS attribute
-   * @private
-   */
-  _parseXorMappedAddress(value, transactionId) {
-    const family = value.readUInt8(1);
-    const xPort = value.readUInt16BE(2);
-    const xAddress = value.slice(4, 8);
-
-    // XOR with magic cookie
-    const port = xPort ^ (MAGIC_COOKIE >> 16);
-    
-    const addressBytes = Buffer.allocUnsafe(4);
-    const magicBytes = Buffer.allocUnsafe(4);
-    magicBytes.writeUInt32BE(MAGIC_COOKIE, 0);
-    
-    for (let i = 0; i < 4; i++) {
-      addressBytes[i] = xAddress[i] ^ magicBytes[i];
-    }
-
-    const ip = Array.from(addressBytes).join('.');
-
-    return {
-      ip,
-      port,
-      type: 'srflx' // Server Reflexive
-    };
-  }
-
-  /**
-   * Parse MAPPED-ADDRESS attribute
-   * @private
-   */
-  _parseMappedAddress(value) {
-    const family = value.readUInt8(1);
-    const port = value.readUInt16BE(2);
-    const addressBytes = value.slice(4, 8);
-    const ip = Array.from(addressBytes).join('.');
-
-    return {
-      ip,
-      port,
-      type: 'srflx'
-    };
-  }
-
-  /**
-   * Close the socket
-   */
-  close() {
-    if (this.socket) {
-      this.socket.close();
-      this.socket = null;
-    }
-  }
-}
-
-module.exports = STUNClient;

package/src/SecureConnection.js

@@ -1,298 +0,0 @@
-/**
- * Secure Connection Wrapper
- * Provides TLS/DTLS-like encryption using Node.js crypto and tls modules
- */
-
-const tls = require('tls');
-const crypto = require('crypto');
-const { EventEmitter } = require('events');
-
-class SecureConnection extends EventEmitter {
-  constructor(socket, options = {}) {
-    super();
-    
-    this.socket = socket;
-    this.isServer = options.isServer || false;
-    this.secureSocket = null;
-    this.certificates = options.certificates || this._generateCertificates();
-    this.ready = false;
-  }
-
-  /**
-   * Generate self-signed certificates for DTLS-like encryption
-   * @private
-   */
-  _generateCertificates() {
-    // Use Node.js built-in pki module to generate self-signed cert
-    const { exec } = require('child_process');
-    const fs = require('fs');
-    const path = require('path');
-    
-    // Create a simple self-signed certificate using openssl command
-    // For simplicity, we'll use generateKeyPairSync for keys
-    const { publicKey, privateKey } = crypto.generateKeyPairSync('rsa', {
-      modulusLength: 2048,
-      publicKeyEncoding: {
-        type: 'spki',
-        format: 'pem'
-      },
-      privateKeyEncoding: {
-        type: 'pkcs8',
-        format: 'pem',
-        cipher: undefined,
-        passphrase: undefined
-      }
-    });
-
-    // Generate a basic self-signed certificate using Node's crypto
-    // This is a simplified approach - in production, use proper PKI
-    const cert = this._createMinimalCert(publicKey);
-
-    return {
-      key: privateKey,
-      cert: cert
-    };
-  }
-
-  /**
-   * Create a minimal self-signed certificate
-   * @private
-   */
-  _createMinimalCert(publicKey) {
-    // Create a minimal X.509-like certificate structure
-    // This is simplified - real certs are much more complex
-    const certInfo = {
-      version: 3,
-      serialNumber: crypto.randomBytes(16).toString('hex'),
-      subject: 'CN=NodeRTC',
-      issuer: 'CN=NodeRTC',
-      notBefore: new Date().toISOString(),
-      notAfter: new Date(Date.now() + 365 * 24 * 60 * 60 * 1000).toISOString(),
-      publicKey: publicKey
-    };
-
-    // For Node.js TLS, we need a proper PEM certificate
-    // Since we can't easily generate one without external tools,
-    // we'll create a minimal valid PEM structure
-    const certPem = `-----BEGIN CERTIFICATE-----
-MIICljCCAX4CCQCxMjQxNjA5MA0GCSqGSIb3DQEBCwUAMBQxEjAQBgNVBAMMCU5v
-ZGVSVENMQTAEFQ0yMzEyMjcwMDAwMDBaFw0yNDEyMjcwMDAwMDBaMBQxEjAQBgNV
-BAMMCU5vZGVSVEMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8kxdC
-g5xPf+GJ3LQnJpXMTq7Z2YLvnJCvXXvW8VPcPXYL3VHQJJjpKKQh8FLG3wKj5Jnl
-JXFG3JLK2YLvnJCvXXvW8VPcPXYL3VHQJJjpKKQh8FLG3wKj5JnlJXFG3JLK2wKj
-5JnlJXFG3JLK2YLvnJCvXXvW8VPcPXYL3VHQJJjpKKQh8FLG3wKj5JnlJXFG3JLK
-2YLvnJCvXXvW8VPcPXYL3VHQJJjpKKQh8FLG3wKj5JnlJXFG3JLK2YLvnJCvXXvW
-8VPcPXYL3VHQJJjpKKQh8FLG3wKj5JnlJXFG3JLK2YLvnJCvXXvW8VPcPXYL3VHQ
-JJjpKKQh8FLG3wKj5JnlJXFG3AgMBAAEwDQYJKoZIhvcNAQELBQADggEBAGxPPzk=
------END CERTIFICATE-----`;
-
-    return certPem;
-  }
-
-  /**
-   * Wrap socket with TLS encryption
-   * @returns {Promise<void>}
-   */
-  async wrap() {
-    return new Promise((resolve, reject) => {
-      try {
-        const tlsOptions = {
-          socket: this.socket,
-          rejectUnauthorized: false, // Accept self-signed certs
-          requestCert: false,
-          ...this.certificates
-        };
-
-        if (this.isServer) {
-          this.secureSocket = new tls.TLSSocket(this.socket, {
-            isServer: true,
-            ...tlsOptions
-          });
-        } else {
-          this.secureSocket = tls.connect({
-            socket: this.socket,
-            rejectUnauthorized: false
-          });
-        }
-
-        this.secureSocket.on('secureConnect', () => {
-          this.ready = true;
-          this.emit('secure');
-          resolve();
-        });
-
-        this.secureSocket.on('error', (err) => {
-          this.emit('error', err);
-          if (!this.ready) {
-            reject(err);
-          }
-        });
-
-        this.secureSocket.on('data', (data) => {
-          this.emit('data', data);
-        });
-
-        this.secureSocket.on('close', () => {
-          this.emit('close');
-        });
-
-      } catch (err) {
-        reject(err);
-      }
-    });
-  }
-
-  /**
-   * Send data over secure connection
-   * @param {Buffer|string} data - Data to send
-   * @returns {boolean}
-   */
-  write(data) {
-    if (!this.secureSocket || !this.ready) {
-      throw new Error('Secure connection not ready');
-    }
-    return this.secureSocket.write(data);
-  }
-
-  /**
-   * Get certificate fingerprint for SDP
-   * @returns {string}
-   */
-  getFingerprint() {
-    // Calculate SHA-256 fingerprint of certificate
-    const cert = this.certificates.cert;
-    const hash = crypto.createHash('sha256').update(cert).digest('hex');
-    
-    // Format as XX:XX:XX:...
-    return hash.match(/.{2}/g).join(':').toUpperCase();
-  }
-
-  /**
-   * Close the secure connection
-   */
-  close() {
-    if (this.secureSocket) {
-      this.secureSocket.destroy();
-      this.secureSocket = null;
-    }
-    this.ready = false;
-  }
-
-  /**
-   * Check if connection is ready
-   */
-  isReady() {
-    return this.ready;
-  }
-}
-
-/**
- * Simplified DTLS-like encryption for UDP
- * Uses AES-256-GCM for packet encryption
- */
-class DTLSConnection extends EventEmitter {
-  constructor(options = {}) {
-    super();
-    
-    this.isServer = options.isServer || false;
-    this.key = options.key || crypto.randomBytes(32); // 256-bit key
-    this.remoteKey = null;
-    this.ready = false;
-  }
-
-  /**
-   * Exchange keys (simplified handshake)
-   * In real DTLS, this would be a full handshake
-   */
-  async handshake(sendCallback) {
-    return new Promise((resolve, reject) => {
-      // Send our key
-      sendCallback(this.key);
-
-      // Wait for remote key
-      const timeout = setTimeout(() => {
-        reject(new Error('DTLS handshake timeout'));
-      }, 5000);
-
-      this.once('remoteKey', (key) => {
-        clearTimeout(timeout);
-        this.remoteKey = key;
-        this.ready = true;
-        this.emit('ready');
-        resolve();
-      });
-    });
-  }
-
-  /**
-   * Set remote key
-   */
-  setRemoteKey(key) {
-    this.remoteKey = key;
-    this.emit('remoteKey', key);
-  }
-
-  /**
-   * Encrypt data for transmission
-   * @param {Buffer} data - Plaintext data
-   * @returns {Buffer} Encrypted data with IV and auth tag
-   */
-  encrypt(data) {
-    if (!this.ready) {
-      throw new Error('DTLS not ready');
-    }
-
-    const iv = crypto.randomBytes(12); // GCM IV
-    const cipher = crypto.createCipheriv('aes-256-gcm', this.key, iv);
-    
-    const encrypted = Buffer.concat([
-      cipher.update(data),
-      cipher.final()
-    ]);
-    
-    const authTag = cipher.getAuthTag();
-    
-    // Return: IV (12) + Auth Tag (16) + Encrypted Data
-    return Buffer.concat([iv, authTag, encrypted]);
-  }
-
-  /**
-   * Decrypt received data
-   * @param {Buffer} data - Encrypted data with IV and auth tag
-   * @returns {Buffer} Decrypted data
-   */
-  decrypt(data) {
-    if (!this.ready || !this.remoteKey) {
-      throw new Error('DTLS not ready');
-    }
-
-    if (data.length < 28) {
-      throw new Error('Invalid encrypted packet');
-    }
-
-    const iv = data.slice(0, 12);
-    const authTag = data.slice(12, 28);
-    const encrypted = data.slice(28);
-
-    const decipher = crypto.createDecipheriv('aes-256-gcm', this.remoteKey, iv);
-    decipher.setAuthTag(authTag);
-
-    return Buffer.concat([
-      decipher.update(encrypted),
-      decipher.final()
-    ]);
-  }
-
-  /**
-   * Get fingerprint of our key
-   */
-  getFingerprint() {
-    const hash = crypto.createHash('sha256').update(this.key).digest('hex');
-    return hash.match(/.{2}/g).join(':').toUpperCase();
-  }
-}
-
-module.exports = {
-  SecureConnection,
-  DTLSConnection
-};