react-native-nitro-net 0.1.5 → 0.2.0

package/lib/index.js

@@ -1,6 +1,39 @@
 "use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.connect = exports.Server = exports.Socket = exports.BlockList = exports.SocketAddress = void 0;
+exports.tls = exports.connect = exports.Server = exports.Socket = exports.BlockList = exports.SocketAddress = void 0;
 exports.createConnection = createConnection;
 exports.createServer = createServer;
 exports.isIP = isIP;
@@ -219,13 +252,14 @@ class Socket extends readable_stream_1.Duplex {
             return;
         const id = this._driver.id ?? this._driver._id;
         this._driver.onEvent = (eventType, data) => {
+            this.emit('event', eventType, data);
             if (eventType === 3) { // ERROR
                 const msg = new TextDecoder().decode(data);
                 debugLog(`Socket (id: ${id}) NATIVE ERROR: ${msg}`);
             }
-            if (eventType === 9) { // DEBUG
-                const msg = new TextDecoder().decode(data);
-                debugLog(`Socket (id: ${id}) NATIVE DEBUG: ${msg}`);
+            if (eventType === 9) { // SESSION/DEBUG
+                debugLog(`Socket (id: ${id}) NATIVE SESSION EVENT RECEIVED`);
+                this.emit('session', data);
                 return;
             }
             debugLog(`Socket (id: ${id}, localPort: ${this.localPort}) Event TYPE: ${eventType}, data len: ${data?.byteLength}`);
@@ -635,8 +669,8 @@ class Server extends eventemitter3_1.EventEmitter {
                     this.emit('error', new Error(data ? react_native_nitro_buffer_1.Buffer.from(data).toString() : 'Unknown server error'));
                     break;
                 case Net_nitro_1.NetServerEvent.DEBUG: {
-                    const msg = data ? react_native_nitro_buffer_1.Buffer.from(data).toString() : 'Unknown debug message';
-                    debugLog(`Server NATIVE DEBUG: ${msg}`);
+                    debugLog(`Server NATIVE SESSION/DEBUG EVENT RECEIVED`);
+                    this.emit('session', data);
                     break;
                 }
                 case Net_nitro_1.NetServerEvent.CLOSE:
@@ -724,6 +758,12 @@ class Server extends eventemitter3_1.EventEmitter {
         return this;
     }
     close(callback) {
+        // Destroy all active connections first
+        for (const socket of this._sockets) {
+            socket.destroy();
+        }
+        this._sockets.clear();
+        this._connections = 0;
         this._driver.close();
         if (callback)
             this.once('close', callback);
@@ -763,6 +803,7 @@ exports.connect = createConnection;
 function createServer(options, connectionListener) {
     return new Server(options, connectionListener);
 }
+exports.tls = __importStar(require("./tls"));
 exports.default = {
     Socket,
     Server,

package/lib/tls.d.ts

@@ -0,0 +1,124 @@
+import { Socket, Server as NetServer, SocketOptions } from './index';
+export interface PeerCertificate {
+    subject: {
+        [key: string]: string;
+    };
+    issuer: {
+        [key: string]: string;
+    };
+    valid_from: string;
+    valid_to: string;
+    fingerprint: string;
+    fingerprint256: string;
+    serialNumber: string;
+}
+export interface ConnectionOptions extends SocketOptions {
+    host?: string;
+    port?: number;
+    path?: string;
+    servername?: string;
+    rejectUnauthorized?: boolean;
+    session?: ArrayBuffer;
+    secureContext?: SecureContext;
+    ca?: string | string[];
+    cert?: string | string[];
+    key?: string | string[];
+    pfx?: string | ArrayBuffer;
+    passphrase?: string;
+    keylog?: boolean;
+}
+export interface SecureContextOptions {
+    pfx?: string | ArrayBuffer;
+    passphrase?: string;
+    cert?: string | string[];
+    key?: string | string[];
+    ca?: string | string[];
+}
+export declare const DEFAULT_MIN_VERSION = "TLSv1.2";
+export declare const DEFAULT_MAX_VERSION = "TLSv1.3";
+export declare const rootCertificates: string[];
+export declare const DEFAULT_ECDH_CURVE = "auto";
+export declare const SLAB_BUFFER_SIZE: number;
+export declare class SecureContext {
+    private _id;
+    constructor(options?: SecureContextOptions);
+    setOCSPResponse(ocsp: ArrayBuffer): void;
+    getTicketKeys(): ArrayBuffer | undefined;
+    setTicketKeys(keys: ArrayBuffer): void;
+    get id(): number;
+    addCACert(ca: string): void;
+}
+export declare function createSecureContext(options?: SecureContextOptions): SecureContext;
+export declare class TLSSocket extends Socket {
+    private _servername?;
+    get encrypted(): boolean;
+    get servername(): string | undefined;
+    get authorized(): boolean;
+    get authorizationError(): string | undefined;
+    get alpnProtocol(): string | undefined;
+    getProtocol(): string | undefined;
+    getCipher(): {
+        name: string;
+        version: string;
+    } | undefined;
+    getPeerCertificate(detailed?: boolean): PeerCertificate | {};
+    isSessionReused(): boolean;
+    getSession(): ArrayBuffer | undefined;
+    getEphemeralKeyInfo(): string | undefined;
+    getFinished(): Buffer | undefined;
+    getPeerFinished(): Buffer | undefined;
+    getSharedSigalgs(): string | undefined;
+    renegotiate(options: any, callback: (err: Error | null) => void): boolean;
+    disableRenegotiation(): void;
+    constructor(socket: Socket, options?: ConnectionOptions);
+    constructor(options: ConnectionOptions);
+    connect(options: any, connectionListener?: () => void): this;
+}
+export declare function connect(options: ConnectionOptions, connectionListener?: () => void): TLSSocket;
+export declare function connect(port: number, host?: string, options?: ConnectionOptions, connectionListener?: () => void): TLSSocket;
+export declare function connect(port: number, options?: ConnectionOptions, connectionListener?: () => void): TLSSocket;
+export declare class Server extends NetServer {
+    private _secureContextId;
+    constructor(options?: any, connectionListener?: (socket: Socket) => void);
+    addContext(hostname: string, context: {
+        key: string;
+        cert: string;
+    }): void;
+    setSecureContext(options: {
+        key: string;
+        cert: string;
+        ca?: string | string[];
+    }): void;
+    getTicketKeys(): ArrayBuffer | undefined;
+    setTicketKeys(keys: ArrayBuffer): void;
+    listen(port?: any, host?: any, backlog?: any, callback?: any): this;
+}
+export declare function createServer(options?: any, connectionListener?: (socket: Socket) => void): Server;
+export declare function getCiphers(): string[];
+export declare function checkServerIdentity(hostname: string, cert: PeerCertificate): Error | undefined;
+/**
+ * Legacy CryptoStream for Node.js compatibility.
+ * In this implementation, it's a simple wrapper around TLSSocket.
+ */
+export declare class CryptoStream extends TLSSocket {
+    constructor(options?: ConnectionOptions);
+}
+/**
+ * Legacy SecurePair for Node.js compatibility.
+ */
+export declare class SecurePair {
+    cleartext: CryptoStream;
+    encrypted: CryptoStream;
+    constructor(secureContext?: SecureContext, isServer?: boolean, requestCert?: boolean, rejectUnauthorized?: boolean);
+}
+export declare function createSecurePair(secureContext?: SecureContext, isServer?: boolean, requestCert?: boolean, rejectUnauthorized?: boolean): SecurePair;
+/**
+ * Legacy certificate string parser.
+ */
+export declare function parseCertString(certString: string): {
+    [key: string]: string;
+};
+/**
+ * Mock implementation of convertTLSV1CertToPEM.
+ */
+export declare function convertTLSV1CertToPEM(cert: string | Buffer): string;

package/lib/tls.js

@@ -0,0 +1,451 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SecurePair = exports.CryptoStream = exports.Server = exports.TLSSocket = exports.SecureContext = exports.SLAB_BUFFER_SIZE = exports.DEFAULT_ECDH_CURVE = exports.rootCertificates = exports.DEFAULT_MAX_VERSION = exports.DEFAULT_MIN_VERSION = void 0;
+exports.createSecureContext = createSecureContext;
+exports.connect = connect;
+exports.createServer = createServer;
+exports.getCiphers = getCiphers;
+exports.checkServerIdentity = checkServerIdentity;
+exports.createSecurePair = createSecurePair;
+exports.parseCertString = parseCertString;
+exports.convertTLSV1CertToPEM = convertTLSV1CertToPEM;
+const index_1 = require("./index");
+const Driver_1 = require("./Driver");
+exports.DEFAULT_MIN_VERSION = 'TLSv1.2';
+exports.DEFAULT_MAX_VERSION = 'TLSv1.3';
+exports.rootCertificates = [];
+exports.DEFAULT_ECDH_CURVE = 'auto'; // Managed by rustls
+exports.SLAB_BUFFER_SIZE = 10 * 1024 * 1024; // 10MB default
+class SecureContext {
+    constructor(options) {
+        if (options && options.pfx) {
+            this._id = Driver_1.Driver.createEmptySecureContext();
+            const pfx = typeof options.pfx === 'string' ? Buffer.from(options.pfx).buffer : options.pfx;
+            Driver_1.Driver.setPFXToSecureContext(this._id, pfx, options.passphrase);
+        }
+        else if (options && options.cert && options.key) {
+            const cert = Array.isArray(options.cert) ? options.cert[0] : options.cert;
+            const key = Array.isArray(options.key) ? options.key[0] : options.key;
+            this._id = Driver_1.Driver.createSecureContext(cert, key, options.passphrase);
+        }
+        else {
+            this._id = Driver_1.Driver.createEmptySecureContext();
+        }
+        if (options && options.ca) {
+            const cas = Array.isArray(options.ca) ? options.ca : [options.ca];
+            for (const ca of cas) {
+                Driver_1.Driver.addCACertToSecureContext(this._id, ca);
+            }
+        }
+    }
+    setOCSPResponse(ocsp) {
+        Driver_1.Driver.setOCSPResponseToSecureContext(this._id, ocsp);
+    }
+    getTicketKeys() {
+        return Driver_1.Driver.getTicketKeys(this._id);
+    }
+    setTicketKeys(keys) {
+        Driver_1.Driver.setTicketKeys(this._id, keys);
+    }
+    get id() {
+        return this._id;
+    }
+    // Node.js doesn't have these on SecureContext but we might need them
+    addCACert(ca) {
+        Driver_1.Driver.addCACertToSecureContext(this._id, ca);
+    }
+}
+exports.SecureContext = SecureContext;
+function createSecureContext(options) {
+    return new SecureContext(options);
+}
+class TLSSocket extends index_1.Socket {
+    get encrypted() {
+        return true;
+    }
+    get servername() {
+        return this._servername;
+    }
+    get authorized() {
+        const driver = this._driver;
+        return driver.getAuthorizationError() === undefined;
+    }
+    get authorizationError() {
+        const driver = this._driver;
+        return driver.getAuthorizationError();
+    }
+    get alpnProtocol() {
+        const driver = this._driver;
+        return driver.getALPN();
+    }
+    getProtocol() {
+        const driver = this._driver;
+        return driver.getProtocol();
+    }
+    getCipher() {
+        const driver = this._driver;
+        const cipher = driver.getCipher();
+        const protocol = driver.getProtocol();
+        if (cipher) {
+            return {
+                name: cipher,
+                version: protocol || 'Unknown'
+            };
+        }
+        return undefined;
+    }
+    getPeerCertificate(detailed) {
+        const driver = this._driver;
+        const json = driver.getPeerCertificateJSON();
+        if (json) {
+            try {
+                return JSON.parse(json);
+            }
+            catch (e) {
+                console.error('Failed to parse peer certificate JSON', e);
+            }
+        }
+        return {};
+    }
+    isSessionReused() {
+        const driver = this._driver;
+        return driver.isSessionReused();
+    }
+    getSession() {
+        const driver = this._driver;
+        return driver.getSession();
+    }
+    getEphemeralKeyInfo() {
+        const driver = this._driver;
+        return driver.getEphemeralKeyInfo();
+    }
+    getFinished() {
+        throw new Error('getFinished is not supported by rustls');
+    }
+    getPeerFinished() {
+        throw new Error('getPeerFinished is not supported by rustls');
+    }
+    getSharedSigalgs() {
+        const driver = this._driver;
+        return driver.getSharedSigalgs();
+    }
+    renegotiate(options, callback) {
+        if (callback) {
+            process.nextTick(() => callback(new Error('Renegotiation is not supported by rustls')));
+        }
+        return false;
+    }
+    disableRenegotiation() {
+        // No-op, already effectively disabled
+    }
+    constructor(socketOrOptions, options) {
+        let opts = {};
+        if (socketOrOptions instanceof index_1.Socket) {
+            opts = { ...options, socketDriver: socketOrOptions._driver };
+        }
+        else {
+            opts = socketOrOptions || {};
+        }
+        super(opts);
+        if (socketOrOptions instanceof index_1.Socket) {
+            this._servername = socketOrOptions._servername;
+        }
+        this.on('event', (event, data) => {
+            if (event === 10 && data) { // KEYLOG
+                this.emit('keylog', Buffer.from(data));
+            }
+            else if (event === 11 && data) { // OCSP
+                this.emit('OCSPResponse', Buffer.from(data));
+            }
+        });
+    }
+    connect(options, connectionListener) {
+        // Override connect to use connectTLS
+        const port = typeof options === 'number' ? options : options.port;
+        const host = (typeof options === 'object' && options.host) ? options.host : (typeof options === 'string' ? arguments[1] : 'localhost');
+        const path = (typeof options === 'object' && options.path) ? options.path : undefined;
+        const servername = (typeof options === 'object' && options.servername) ? options.servername : (path ? 'localhost' : host);
+        this._servername = servername;
+        const rejectUnauthorized = (typeof options === 'object' && options.rejectUnauthorized !== undefined) ? options.rejectUnauthorized : true;
+        const session = (typeof options === 'object' && options.session) ? options.session : undefined;
+        const driver = this._driver;
+        if (driver) {
+            this.connecting = true;
+            if (connectionListener)
+                this.once('secureConnect', connectionListener);
+            this.once('connect', () => {
+                this.emit('secureConnect');
+            });
+            if (session) {
+                driver.setSession(session);
+            }
+            const secureContext = (typeof options === 'object' && options.secureContext) ? options.secureContext : undefined;
+            let secureContextId = secureContext ? secureContext.id : undefined;
+            // If cert/key/ca provided directly, create a temporary secure context
+            if (!secureContextId && typeof options === 'object' && (options.cert || options.key || options.ca)) {
+                secureContextId = createSecureContext({
+                    cert: options.cert,
+                    key: options.key,
+                    ca: options.ca
+                }).id;
+            }
+            if (options && options.keylog) {
+                driver.enableKeylog();
+            }
+            if (path) {
+                if (secureContextId !== undefined) {
+                    driver.connectUnixTLSWithContext(path, servername, rejectUnauthorized, secureContextId);
+                }
+                else {
+                    driver.connectUnixTLS(path, servername, rejectUnauthorized);
+                }
+            }
+            else {
+                if (secureContextId !== undefined) {
+                    driver.connectTLSWithContext(host, port, servername, rejectUnauthorized, secureContextId);
+                }
+                else {
+                    driver.connectTLS(host, port, servername, rejectUnauthorized);
+                }
+            }
+        }
+        return this;
+    }
+}
+exports.TLSSocket = TLSSocket;
+function connect(...args) {
+    let port;
+    let host = 'localhost';
+    let options = {};
+    let listener;
+    if (typeof args[0] === 'object') {
+        options = args[0];
+        port = options.port || 443;
+        host = options.host || 'localhost';
+        listener = args[1];
+    }
+    else {
+        port = args[0];
+        if (typeof args[1] === 'string') {
+            host = args[1];
+            options = args[2] || {};
+            listener = args[3];
+        }
+        else if (typeof args[1] === 'object') {
+            options = args[1];
+            listener = args[2];
+        }
+        else if (typeof args[1] === 'function') {
+            listener = args[1];
+        }
+    }
+    const socket = new TLSSocket(options);
+    socket.connect({
+        port,
+        host,
+        ...options
+    }, listener);
+    return socket;
+}
+class Server extends index_1.Server {
+    constructor(options, connectionListener) {
+        super(options);
+        this._secureContextId = 0;
+        if (options && options.secureContext) {
+            this._secureContextId = options.secureContext.id;
+        }
+        else if (options && (options.key || options.cert || options.ca)) {
+            this._secureContextId = createSecureContext({
+                cert: options.cert,
+                key: options.key,
+                ca: options.ca
+            }).id;
+        }
+        this.on('connection', (socket) => {
+            const tlsSocket = new TLSSocket(socket);
+            this.emit('secureConnection', tlsSocket);
+        });
+        this.on('session', (data) => {
+            this.emit('newSession', data);
+        });
+        if (options && options.SNICallback) {
+            console.warn("SNICallback is not supported yet, use addContext() instead");
+        }
+        if (connectionListener) {
+            this.on('secureConnection', connectionListener);
+        }
+    }
+    addContext(hostname, context) {
+        if (!this._secureContextId) {
+            throw new Error("Cannot addContext to a non-TLS server. Provide initial cert/key in constructor.");
+        }
+        Driver_1.Driver.addContextToSecureContext(this._secureContextId, hostname, context.cert, context.key);
+    }
+    setSecureContext(options) {
+        this._secureContextId = createSecureContext(options).id;
+    }
+    getTicketKeys() {
+        return this._secureContextId ? Driver_1.Driver.getTicketKeys(this._secureContextId) : undefined;
+    }
+    setTicketKeys(keys) {
+        if (!this._secureContextId)
+            throw new Error("Not a TLS server");
+        Driver_1.Driver.setTicketKeys(this._secureContextId, keys);
+    }
+    listen(port, host, backlog, callback) {
+        if (!this._secureContextId) {
+            return super.listen(port, host, backlog, callback);
+        }
+        let _port = 0;
+        let _host;
+        let _backlog;
+        let _path;
+        let _callback;
+        let ipv6Only = false;
+        let reusePort = false;
+        let handle;
+        if (typeof port === 'object' && port !== null) {
+            if (typeof port.fd === 'number') {
+                handle = port;
+                _backlog = port.backlog;
+                _callback = host;
+            }
+            else {
+                _port = port.port;
+                _host = port.host;
+                _backlog = port.backlog;
+                _path = port.path;
+                ipv6Only = port.ipv6Only === true;
+                reusePort = port.reusePort === true;
+                _callback = host;
+            }
+        }
+        else {
+            _port = typeof port === 'number' ? port : (typeof port === 'string' && !isNaN(Number(port)) ? Number(port) : 0);
+            if (typeof port === 'string' && isNaN(Number(port)))
+                _path = port;
+            if (typeof host === 'string')
+                _host = host;
+            else if (typeof host === 'function')
+                _callback = host;
+            if (typeof backlog === 'number')
+                _backlog = backlog;
+            else if (typeof backlog === 'function')
+                _callback = backlog;
+            if (typeof callback === 'function')
+                _callback = callback;
+        }
+        if (_callback)
+            this.once('listening', _callback);
+        const driver = this._driver;
+        if (handle || _path) {
+            console.warn("TLS over Unix sockets/handles not fully implemented yet");
+        }
+        driver.listenTLS(_port || 0, this._secureContextId, _backlog, ipv6Only, reusePort);
+        return this;
+    }
+}
+exports.Server = Server;
+function createServer(options, connectionListener) {
+    return new Server(options, connectionListener);
+}
+function getCiphers() {
+    return [
+        'TLS_AES_128_GCM_SHA256',
+        'TLS_AES_256_GCM_SHA384',
+        'TLS_CHACHA20_POLY1305_SHA256',
+        'TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256',
+        'TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384',
+        'TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256',
+        'TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256',
+        'TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384',
+        'TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'
+    ];
+}
+function checkServerIdentity(hostname, cert) {
+    const subject = cert.subject;
+    const dnsNames = [];
+    // In a real implementation we'd extract SANs from the cert object if available.
+    // Our PeerCertificate already has subject.CN.
+    if (subject && subject.CN) {
+        dnsNames.push(subject.CN);
+    }
+    // SANs are preferred over CN but our current peer_cert JSON might not have them exploded yet
+    // unless x509-parser logic is updated. For now, we match against CN.
+    // Wildcard matching logic:
+    const matchHash = (host, pattern) => {
+        const parts = host.split('.');
+        const patternParts = pattern.split('.');
+        if (parts.length !== patternParts.length)
+            return false;
+        for (let i = 0; i < parts.length; i++) {
+            if (patternParts[i] === '*')
+                continue;
+            if (parts[i].toLowerCase() !== patternParts[i].toLowerCase())
+                return false;
+        }
+        return true;
+    };
+    const matches = dnsNames.some(name => {
+        if (name.includes('*')) {
+            return matchHash(hostname, name);
+        }
+        return name.toLowerCase() === hostname.toLowerCase();
+    });
+    if (!matches) {
+        const err = new Error(`Hostname/IP does not match certificate's altnames: Host: ${hostname}. is not in cert's altnames: ${dnsNames.join(', ')}`);
+        err.reason = 'Host name mismatch';
+        err.host = hostname;
+        err.cert = cert;
+        return err;
+    }
+    return undefined;
+}
+// -----------------------------------------------------------------------------
+// Legacy Classes & Utils
+// -----------------------------------------------------------------------------
+/**
+ * Legacy CryptoStream for Node.js compatibility.
+ * In this implementation, it's a simple wrapper around TLSSocket.
+ */
+class CryptoStream extends TLSSocket {
+    constructor(options) {
+        super(options || {});
+    }
+}
+exports.CryptoStream = CryptoStream;
+/**
+ * Legacy SecurePair for Node.js compatibility.
+ */
+class SecurePair {
+    constructor(secureContext, isServer, requestCert, rejectUnauthorized) {
+        this.cleartext = new CryptoStream();
+        this.encrypted = this.cleartext; // Logically the same in our simplified model
+    }
+}
+exports.SecurePair = SecurePair;
+function createSecurePair(secureContext, isServer, requestCert, rejectUnauthorized) {
+    return new SecurePair(secureContext, isServer, requestCert, rejectUnauthorized);
+}
+/**
+ * Legacy certificate string parser.
+ */
+function parseCertString(certString) {
+    const out = {};
+    const parts = certString.split('/');
+    for (const part of parts) {
+        const [key, value] = part.split('=');
+        if (key && value)
+            out[key] = value;
+    }
+    return out;
+}
+/**
+ * Mock implementation of convertTLSV1CertToPEM.
+ */
+function convertTLSV1CertToPEM(cert) {
+    if (typeof cert === 'string' && cert.includes('BEGIN CERTIFICATE'))
+        return cert;
+    const body = (cert instanceof Buffer) ? cert.toString('base64') : Buffer.from(cert).toString('base64');
+    return `-----BEGIN CERTIFICATE-----\n${body}\n-----END CERTIFICATE-----`;
+}