werift 0.15.1 → 0.15.2

package/lib/common/src/index.d.ts

@@ -1,3 +1,4 @@
 export * from "./binary";
 export * from "./number";
 export * from "./promise";
+export * from "./network";

package/lib/common/src/index.js

@@ -13,4 +13,5 @@ Object.defineProperty(exports, "__esModule", { value: true });
 __exportStar(require("./binary"), exports);
 __exportStar(require("./number"), exports);
 __exportStar(require("./promise"), exports);
+__exportStar(require("./network"), exports);
 //# sourceMappingURL=index.js.map

package/lib/common/src/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../common/src/index.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,2CAAyB;AACzB,2CAAyB;AACzB,4CAA0B","sourcesContent":["export * from \"./binary\";\nexport * from \"./number\";\nexport * from \"./promise\";\n"]}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../common/src/index.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,2CAAyB;AACzB,2CAAyB;AACzB,4CAA0B;AAC1B,4CAA0B","sourcesContent":["export * from \"./binary\";\nexport * from \"./number\";\nexport * from \"./promise\";\nexport * from \"./network\";\n"]}

package/lib/common/src/network.d.ts

@@ -0,0 +1,5 @@
+/// <reference types="node" />
+import { SocketType } from "dgram";
+export declare function randomPort(protocol?: SocketType): Promise<number>;
+export declare function randomPorts(num: number, protocol?: SocketType): Promise<number[]>;
+export declare function findPort(min: number, max: number, protocol?: SocketType): Promise<number>;

package/lib/common/src/network.js

@@ -0,0 +1,41 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.findPort = exports.randomPorts = exports.randomPort = void 0;
+const dgram_1 = require("dgram");
+async function randomPort(protocol = "udp4") {
+    const socket = (0, dgram_1.createSocket)(protocol);
+    setImmediate(() => socket.bind(0));
+    await new Promise((r) => {
+        socket.once("error", r);
+        socket.once("listening", r);
+    });
+    const port = socket.address()?.port;
+    await new Promise((r) => socket.close(() => r()));
+    return port;
+}
+exports.randomPort = randomPort;
+async function randomPorts(num, protocol = "udp4") {
+    return Promise.all([...Array(num)].map(() => randomPort(protocol)));
+}
+exports.randomPorts = randomPorts;
+async function findPort(min, max, protocol = "udp4") {
+    let port;
+    for (let i = min; i <= max; i++) {
+        const socket = (0, dgram_1.createSocket)(protocol);
+        setImmediate(() => socket.bind(i));
+        await new Promise((r) => {
+            socket.once("error", r);
+            socket.once("listening", r);
+        });
+        port = socket.address()?.port;
+        await new Promise((r) => socket.close(() => r()));
+        if (min <= port && port <= max) {
+            break;
+        }
+    }
+    if (!port)
+        throw new Error("port not found");
+    return port;
+}
+exports.findPort = findPort;
+//# sourceMappingURL=network.js.map

package/lib/common/src/network.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"network.js","sourceRoot":"","sources":["../../../../common/src/network.ts"],"names":[],"mappings":";;;AAAA,iCAAiD;AAE1C,KAAK,UAAU,UAAU,CAAC,WAAuB,MAAM;IAC5D,MAAM,MAAM,GAAG,IAAA,oBAAY,EAAC,QAAQ,CAAC,CAAC;IAEtC,YAAY,CAAC,GAAG,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;IAEnC,MAAM,IAAI,OAAO,CAAO,CAAC,CAAC,EAAE,EAAE;QAC5B,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC;QACxB,MAAM,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC;IAC9B,CAAC,CAAC,CAAC;IAEH,MAAM,IAAI,GAAG,MAAM,CAAC,OAAO,EAAE,EAAE,IAAI,CAAC;IACpC,MAAM,IAAI,OAAO,CAAO,CAAC,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IACxD,OAAO,IAAI,CAAC;AACd,CAAC;AAbD,gCAaC;AAEM,KAAK,UAAU,WAAW,CAAC,GAAW,EAAE,WAAuB,MAAM;IAC1E,OAAO,OAAO,CAAC,GAAG,CAAC,CAAC,GAAG,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;AACtE,CAAC;AAFD,kCAEC;AAEM,KAAK,UAAU,QAAQ,CAC5B,GAAW,EACX,GAAW,EACX,WAAuB,MAAM;IAE7B,IAAI,IAAwB,CAAC;IAE7B,KAAK,IAAI,CAAC,GAAG,GAAG,EAAE,CAAC,IAAI,GAAG,EAAE,CAAC,EAAE,EAAE;QAC/B,MAAM,MAAM,GAAG,IAAA,oBAAY,EAAC,QAAQ,CAAC,CAAC;QAEtC,YAAY,CAAC,GAAG,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;QAEnC,MAAM,IAAI,OAAO,CAAO,CAAC,CAAC,EAAE,EAAE;YAC5B,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC;YACxB,MAAM,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC;QAC9B,CAAC,CAAC,CAAC;QAEH,IAAI,GAAG,MAAM,CAAC,OAAO,EAAE,EAAE,IAAI,CAAC;QAC9B,MAAM,IAAI,OAAO,CAAO,CAAC,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;QACxD,IAAI,GAAG,IAAI,IAAI,IAAI,IAAI,IAAI,GAAG,EAAE;YAC9B,MAAM;SACP;KACF;IAED,IAAI,CAAC,IAAI;QAAE,MAAM,IAAI,KAAK,CAAC,gBAAgB,CAAC,CAAC;IAE7C,OAAO,IAAI,CAAC;AACd,CAAC;AA3BD,4BA2BC","sourcesContent":["import { createSocket, SocketType } from \"dgram\";\n\nexport async function randomPort(protocol: SocketType = \"udp4\") {\n  const socket = createSocket(protocol);\n\n  setImmediate(() => socket.bind(0));\n\n  await new Promise<void>((r) => {\n    socket.once(\"error\", r);\n    socket.once(\"listening\", r);\n  });\n\n  const port = socket.address()?.port;\n  await new Promise<void>((r) => socket.close(() => r()));\n  return port;\n}\n\nexport async function randomPorts(num: number, protocol: SocketType = \"udp4\") {\n  return Promise.all([...Array(num)].map(() => randomPort(protocol)));\n}\n\nexport async function findPort(\n  min: number,\n  max: number,\n  protocol: SocketType = \"udp4\"\n) {\n  let port: number | undefined;\n\n  for (let i = min; i <= max; i++) {\n    const socket = createSocket(protocol);\n\n    setImmediate(() => socket.bind(i));\n\n    await new Promise<void>((r) => {\n      socket.once(\"error\", r);\n      socket.once(\"listening\", r);\n    });\n\n    port = socket.address()?.port;\n    await new Promise<void>((r) => socket.close(() => r()));\n    if (min <= port && port <= max) {\n      break;\n    }\n  }\n\n  if (!port) throw new Error(\"port not found\");\n\n  return port;\n}\n"]}

package/lib/dtls/src/context/cipher.js

@@ -159,10 +159,7 @@ CipherContext.createSelfSignedCertificateWithKey = async (signatureHash, namedCu
                 };
         }
     })();
-    const keys = (await crypto.subtle.generateKey(alg, true, [
-        "sign",
-        "verify",
-    ]));
+    const keys = await crypto.subtle.generateKey(alg, true, ["sign", "verify"]);
     const cert = await x509.X509CertificateGenerator.createSelfSigned({
         serialNumber: "01",
         name: "C=AU, ST=Some-State, O=Internet Widgits Pty Ltd",

package/lib/dtls/src/context/cipher.js.map

@@ -1 +1 @@
-{"version":3,"file":"cipher.js","sourceRoot":"","sources":["../../../../../dtls/src/context/cipher.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,qCAAqD;AACrD,mDAA6C;AAC7C,qDAAuC;AACvC,6CAAoD;AACpD,mCAAoC;AACpC,iEAAyC;AAEzC,2CAQyB;AAEzB,uCAAyE;AACzE,wDAAsE;AAEtE,gDAAsD;AAItD,MAAM,MAAM,GAAG,IAAI,kBAAM,EAAE,CAAC;AAC5B,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,MAAa,CAAC,CAAC;AAEvC,MAAa,aAAa;IAcxB,YACS,WAAyB,EACzB,OAAgB,EAChB,MAAe,EACtB,sBAAsC;QAH/B,gBAAW,GAAX,WAAW,CAAc;QACzB,YAAO,GAAP,OAAO,CAAS;QAChB,WAAM,GAAN,MAAM,CAAS;QAGtB,IAAI,OAAO,IAAI,MAAM,IAAI,sBAAsB,EAAE;YAC/C,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,MAAM,EAAE,sBAAsB,CAAC,CAAC;SACzD;IACH,CAAC;IA8ED,aAAa,CAAC,GAAkB;QAC9B,MAAM,MAAM,GAAG,GAAG,CAAC,iBAAiB,CAAC;QACrC,MAAM,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,WAAW,EAAE,GAAG,CAAC,QAAQ,EAAE;YAC9D,IAAI,EAAE,MAAM,CAAC,WAAW;YACxB,OAAO,EAAE,IAAA,oBAAM,EACb,MAAM,CAAC,IAAI,CAAC,IAAA,oBAAM,EAAC,MAAM,CAAC,eAAe,EAAE,wBAAe,CAAC,CAAC,KAAK,EAAE,CAAC,EACpE,EAAE,OAAO,EAAE,mBAAK,CAAC,QAAQ,EAAE,CAC5B,CAAC,OAAO;YACT,KAAK,EAAE,MAAM,CAAC,KAAK;YACnB,cAAc,EAAE,MAAM,CAAC,cAAc;SACtC,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,GAAG,GAAG,CAAC;QACnB,GAAG,CAAC,iBAAiB,CAAC,UAAU,GAAG,GAAG,CAAC,MAAM,CAAC;QAC9C,OAAO,GAAG,CAAC;IACb,CAAC;IAED,aAAa,CAAC,GAAkB;QAC9B,MAAM,MAAM,GAAG,GAAG,CAAC,iBAAiB,CAAC;QACrC,MAAM,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,WAAW,EAAE,GAAG,CAAC,QAAQ,EAAE;YAC9D,IAAI,EAAE,MAAM,CAAC,WAAW;YACxB,OAAO,EAAE,IAAA,oBAAM,EACb,MAAM,CAAC,IAAI,CAAC,IAAA,oBAAM,EAAC,MAAM,CAAC,eAAe,EAAE,wBAAe,CAAC,CAAC,KAAK,EAAE,CAAC,EACpE,EAAE,OAAO,EAAE,mBAAK,CAAC,QAAQ,EAAE,CAC5B,CAAC,OAAO;YACT,KAAK,EAAE,MAAM,CAAC,KAAK;YACnB,cAAc,EAAE,MAAM,CAAC,cAAc;SACtC,CAAC,CAAC;QACH,OAAO,GAAG,CAAC;IACb,CAAC;IAED,UAAU,CAAC,GAAW;QACpB,IAAI,IAAI,CAAC,WAAW,KAAK,sBAAW,CAAC,MAAM;YACzC,OAAO,IAAA,yBAAmB,EAAC,IAAI,CAAC,YAAY,EAAE,GAAG,CAAC,CAAC;;YAChD,OAAO,IAAA,yBAAmB,EAAC,IAAI,CAAC,YAAY,EAAE,GAAG,CAAC,CAAC;IAC1D,CAAC;IAED,aAAa,CAAC,IAAY,EAAE,IAAY;QACtC,MAAM,SAAS,GAAG,IAAA,mBAAU,EAAC,IAAI,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QAChD,MAAM,GAAG,GAAG,IAAI,CAAC,eAAe,CAAC,KAAK,EAAE,CAAC,QAAQ,EAAE,CAAC;QACpD,MAAM,MAAM,GAAG,SAAS,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACnC,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,oBAAoB,CAAC,aAAqB;QACxC,MAAM,YAAY,GAChB,IAAI,CAAC,WAAW,KAAK,sBAAW,CAAC,MAAM;YACrC,CAAC,CAAC,IAAI,CAAC,WAAW;YAClB,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC;QACxB,MAAM,YAAY,GAChB,IAAI,CAAC,WAAW,KAAK,sBAAW,CAAC,MAAM;YACrC,CAAC,CAAC,IAAI,CAAC,WAAW;YAClB,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC;QAExB,MAAM,GAAG,GAAG,IAAI,CAAC,iBAAiB,CAChC,YAAY,CAAC,SAAS,EAAE,EACxB,YAAY,CAAC,SAAS,EAAE,EACxB,IAAI,CAAC,YAAY,CAAC,SAAS,EAC3B,IAAI,CAAC,UAAU,CAChB,CAAC;QAEF,MAAM,GAAG,GAAG,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,GAAG,EAAE,aAAa,CAAC,CAAC;QAC1D,OAAO,GAAG,CAAC;IACb,CAAC;IAED,SAAS,CAAC,OAAe,EAAE,MAAc,EAAE,aAA4B;QACrE,MAAM,IAAI,GAAG,kBAAW,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC;QACvD,MAAM,GAAG,GAAG,iBAAU,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC;QACpD,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,CAAC;QAC1B,IAAI,CAAC,eAAe,GAAG,GAAG,CAAC;QAC3B,IAAI,CAAC,sBAAsB,GAAG,aAAa,CAAC;IAC9C,CAAC;IAEO,iBAAiB,CACvB,YAAoB,EACpB,YAAoB,EACpB,SAAiB,EACjB,UAAkB;QAElB,MAAM,YAAY,GAAG,MAAM,CAAC,IAAI,CAC9B,IAAA,oBAAM,EACJ;YACE,IAAI,EAAE,iBAAS,CAAC,aAAa;YAC7B,KAAK,EAAE,UAAU;YACjB,GAAG,EAAE,SAAS,CAAC,MAAM;SACtB,EACD,EAAE,IAAI,EAAE,mBAAK,CAAC,KAAK,EAAE,KAAK,EAAE,mBAAK,CAAC,QAAQ,EAAE,GAAG,EAAE,mBAAK,CAAC,KAAK,EAAE,CAC/D,CAAC,KAAK,EAAE,CACV,CAAC;QACF,OAAO,MAAM,CAAC,MAAM,CAAC,CAAC,YAAY,EAAE,YAAY,EAAE,YAAY,EAAE,SAAS,CAAC,CAAC,CAAC;IAC9E,CAAC;;AA9LH,sCA+LC;;AAtKC;;;;GAIG;AACI,gDAAkC,GAAG,KAAK,EAC/C,aAA4B,EAC5B,mBAA0C,EAC1C,EAAE;IACF,MAAM,sBAAsB,GAAG,CAAC,GAAG,EAAE;QACnC,QAAQ,aAAa,CAAC,SAAS,EAAE;YAC/B,KAAK,0BAAkB,CAAC,KAAK;gBAC3B,OAAO,mBAAmB,CAAC;YAC7B,KAAK,0BAAkB,CAAC,OAAO;gBAC7B,OAAO,OAAO,CAAC;SAClB;IACH,CAAC,CAAC,EAAE,CAAC;IACL,MAAM,IAAI,GAAG,CAAC,GAAG,EAAE;QACjB,QAAQ,aAAa,CAAC,IAAI,EAAE;YAC1B,KAAK,qBAAa,CAAC,QAAQ;gBACzB,OAAO,SAAS,CAAC;SACpB;IACH,CAAC,CAAC,EAAE,CAAC;IACL,MAAM,UAAU,GAAG,CAAC,GAAG,EAAE;QACvB,QAAQ,mBAAmB,EAAE;YAC3B,KAAK,2BAAmB,CAAC,YAAY;gBACnC,OAAO,OAAO,CAAC;YACjB,KAAK,2BAAmB,CAAC,SAAS;gBAChC,6CAA6C;gBAC7C,IAAI,sBAAsB,KAAK,OAAO,EAAE;oBACtC,OAAO,OAAO,CAAC;iBAChB;gBACD,OAAO,QAAQ,CAAC;YAClB,OAAO,CAAC,CAAC;gBACP,IAAI,sBAAsB,KAAK,OAAO;oBAAE,OAAO,OAAO,CAAC;gBACvD,IAAI,sBAAsB,KAAK,mBAAmB;oBAAE,OAAO,QAAQ,CAAC;aACrE;SACF;IACH,CAAC,CAAC,EAAE,CAAC;IACL,MAAM,GAAG,GAAG,CAAC,GAAG,EAAE;QAChB,QAAQ,sBAAsB,EAAE;YAC9B,KAAK,OAAO;gBACV,OAAO,EAAE,IAAI,EAAE,sBAAsB,EAAE,IAAI,EAAE,UAAU,EAAE,CAAC;YAC5D,KAAK,mBAAmB;gBACtB,OAAO;oBACL,IAAI,EAAE,sBAAsB;oBAC5B,IAAI;oBACJ,cAAc,EAAE,IAAI,UAAU,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC;oBACzC,aAAa,EAAE,IAAI;iBACpB,CAAC;SACL;IACH,CAAC,CAAC,EAAE,CAAC;IAEL,MAAM,IAAI,GAAG,CAAC,MAAM,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,GAAG,EAAE,IAAI,EAAE;QACvD,MAAM;QACN,QAAQ;KACT,CAAC,CAAQ,CAAC;IAEX,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,wBAAwB,CAAC,gBAAgB,CAAC;QAChE,YAAY,EAAE,IAAI;QAClB,IAAI,EAAE,iDAAiD;QACvD,SAAS,EAAE,IAAI,IAAI,EAAE;QACrB,QAAQ,EAAE,IAAA,kBAAQ,EAAC,IAAI,CAAC,GAAG,EAAE,EAAE,EAAE,CAAC;QAClC,gBAAgB,EAAE,GAAG;QACrB,IAAI;KACL,CAAC,CAAC;IAEH,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;IACrC,MAAM,MAAM,GAAG,IAAI,CAAC,YAAY,CAAC,MAAM,CACrC,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,OAAO,EAAE,IAAI,CAAC,UAAiB,CAAC,EAC9D,aAAa,CACd,CAAC;IAEF,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,aAAa,EAAE,CAAC;AAC5C,CAAE,CAAA","sourcesContent":["import { Certificate, PrivateKey } from \"@fidm/x509\";\nimport { Crypto } from \"@peculiar/webcrypto\";\nimport * as x509 from \"@peculiar/x509\";\nimport { decode, encode, types } from \"binary-data\";\nimport { createSign } from \"crypto\";\nimport addYears from \"date-fns/addYears\";\n\nimport {\n  CipherSuites,\n  CurveType,\n  HashAlgorithm,\n  NamedCurveAlgorithm,\n  NamedCurveAlgorithms,\n  SignatureAlgorithm,\n  SignatureHash,\n} from \"../cipher/const\";\nimport { NamedCurveKeyPair } from \"../cipher/namedCurve\";\nimport { prfVerifyDataClient, prfVerifyDataServer } from \"../cipher/prf\";\nimport { SessionType, SessionTypes } from \"../cipher/suites/abstract\";\nimport AEADCipher from \"../cipher/suites/aead\";\nimport { ProtocolVersion } from \"../handshake/binary\";\nimport { DtlsRandom } from \"../handshake/random\";\nimport { DtlsPlaintext } from \"../record/message/plaintext\";\n\nconst crypto = new Crypto();\nx509.cryptoProvider.set(crypto as any);\n\nexport class CipherContext {\n  localRandom!: DtlsRandom;\n  remoteRandom!: DtlsRandom;\n  cipherSuite!: CipherSuites;\n  remoteCertificate?: Buffer;\n  remoteKeyPair!: Partial<NamedCurveKeyPair>;\n  localKeyPair!: NamedCurveKeyPair;\n  masterSecret!: Buffer;\n  cipher!: AEADCipher;\n  namedCurve!: NamedCurveAlgorithms;\n  signatureHashAlgorithm?: SignatureHash;\n  localCert!: Buffer;\n  localPrivateKey!: PrivateKey;\n\n  constructor(\n    public sessionType: SessionTypes,\n    public certPem?: string,\n    public keyPem?: string,\n    signatureHashAlgorithm?: SignatureHash\n  ) {\n    if (certPem && keyPem && signatureHashAlgorithm) {\n      this.parseX509(certPem, keyPem, signatureHashAlgorithm);\n    }\n  }\n\n  /**\n   *\n   * @param signatureHash\n   * @param namedCurveAlgorithm necessary when use ecdsa\n   */\n  static createSelfSignedCertificateWithKey = async (\n    signatureHash: SignatureHash,\n    namedCurveAlgorithm?: NamedCurveAlgorithms\n  ) => {\n    const signatureAlgorithmName = (() => {\n      switch (signatureHash.signature) {\n        case SignatureAlgorithm.rsa_1:\n          return \"RSASSA-PKCS1-v1_5\";\n        case SignatureAlgorithm.ecdsa_3:\n          return \"ECDSA\";\n      }\n    })();\n    const hash = (() => {\n      switch (signatureHash.hash) {\n        case HashAlgorithm.sha256_4:\n          return \"SHA-256\";\n      }\n    })();\n    const namedCurve = (() => {\n      switch (namedCurveAlgorithm) {\n        case NamedCurveAlgorithm.secp256r1_23:\n          return \"P-256\";\n        case NamedCurveAlgorithm.x25519_29:\n          // todo fix (X25519 not supported with ECDSA)\n          if (signatureAlgorithmName === \"ECDSA\") {\n            return \"P-256\";\n          }\n          return \"X25519\";\n        default: {\n          if (signatureAlgorithmName === \"ECDSA\") return \"P-256\";\n          if (signatureAlgorithmName === \"RSASSA-PKCS1-v1_5\") return \"X25519\";\n        }\n      }\n    })();\n    const alg = (() => {\n      switch (signatureAlgorithmName) {\n        case \"ECDSA\":\n          return { name: signatureAlgorithmName, hash, namedCurve };\n        case \"RSASSA-PKCS1-v1_5\":\n          return {\n            name: signatureAlgorithmName,\n            hash,\n            publicExponent: new Uint8Array([1, 0, 1]),\n            modulusLength: 2048,\n          };\n      }\n    })();\n\n    const keys = (await crypto.subtle.generateKey(alg, true, [\n      \"sign\",\n      \"verify\",\n    ])) as any;\n\n    const cert = await x509.X509CertificateGenerator.createSelfSigned({\n      serialNumber: \"01\",\n      name: \"C=AU, ST=Some-State, O=Internet Widgits Pty Ltd\",\n      notBefore: new Date(),\n      notAfter: addYears(Date.now(), 10),\n      signingAlgorithm: alg,\n      keys,\n    });\n\n    const certPem = cert.toString(\"pem\");\n    const keyPem = x509.PemConverter.encode(\n      await crypto.subtle.exportKey(\"pkcs8\", keys.privateKey as any),\n      \"private key\"\n    );\n\n    return { certPem, keyPem, signatureHash };\n  };\n\n  encryptPacket(pkt: DtlsPlaintext) {\n    const header = pkt.recordLayerHeader;\n    const enc = this.cipher.encrypt(this.sessionType, pkt.fragment, {\n      type: header.contentType,\n      version: decode(\n        Buffer.from(encode(header.protocolVersion, ProtocolVersion).slice()),\n        { version: types.uint16be }\n      ).version,\n      epoch: header.epoch,\n      sequenceNumber: header.sequenceNumber,\n    });\n    pkt.fragment = enc;\n    pkt.recordLayerHeader.contentLen = enc.length;\n    return pkt;\n  }\n\n  decryptPacket(pkt: DtlsPlaintext) {\n    const header = pkt.recordLayerHeader;\n    const dec = this.cipher.decrypt(this.sessionType, pkt.fragment, {\n      type: header.contentType,\n      version: decode(\n        Buffer.from(encode(header.protocolVersion, ProtocolVersion).slice()),\n        { version: types.uint16be }\n      ).version,\n      epoch: header.epoch,\n      sequenceNumber: header.sequenceNumber,\n    });\n    return dec;\n  }\n\n  verifyData(buf: Buffer) {\n    if (this.sessionType === SessionType.CLIENT)\n      return prfVerifyDataClient(this.masterSecret, buf);\n    else return prfVerifyDataServer(this.masterSecret, buf);\n  }\n\n  signatureData(data: Buffer, hash: string) {\n    const signature = createSign(hash).update(data);\n    const key = this.localPrivateKey.toPEM().toString();\n    const signed = signature.sign(key);\n    return signed;\n  }\n\n  generateKeySignature(hashAlgorithm: string) {\n    const clientRandom =\n      this.sessionType === SessionType.CLIENT\n        ? this.localRandom\n        : this.remoteRandom;\n    const serverRandom =\n      this.sessionType === SessionType.SERVER\n        ? this.localRandom\n        : this.remoteRandom;\n\n    const sig = this.valueKeySignature(\n      clientRandom.serialize(),\n      serverRandom.serialize(),\n      this.localKeyPair.publicKey,\n      this.namedCurve\n    );\n\n    const enc = this.localPrivateKey.sign(sig, hashAlgorithm);\n    return enc;\n  }\n\n  parseX509(certPem: string, keyPem: string, signatureHash: SignatureHash) {\n    const cert = Certificate.fromPEM(Buffer.from(certPem));\n    const sec = PrivateKey.fromPEM(Buffer.from(keyPem));\n    this.localCert = cert.raw;\n    this.localPrivateKey = sec;\n    this.signatureHashAlgorithm = signatureHash;\n  }\n\n  private valueKeySignature(\n    clientRandom: Buffer,\n    serverRandom: Buffer,\n    publicKey: Buffer,\n    namedCurve: number\n  ) {\n    const serverParams = Buffer.from(\n      encode(\n        {\n          type: CurveType.named_curve_3,\n          curve: namedCurve,\n          len: publicKey.length,\n        },\n        { type: types.uint8, curve: types.uint16be, len: types.uint8 }\n      ).slice()\n    );\n    return Buffer.concat([clientRandom, serverRandom, serverParams, publicKey]);\n  }\n}\n"]}
+{"version":3,"file":"cipher.js","sourceRoot":"","sources":["../../../../../dtls/src/context/cipher.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,qCAAqD;AACrD,mDAA6C;AAC7C,qDAAuC;AACvC,6CAAoD;AACpD,mCAAoC;AACpC,iEAAyC;AAEzC,2CAQyB;AAEzB,uCAAyE;AACzE,wDAAsE;AAEtE,gDAAsD;AAItD,MAAM,MAAM,GAAG,IAAI,kBAAM,EAAE,CAAC;AAC5B,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,MAAa,CAAC,CAAC;AAEvC,MAAa,aAAa;IAcxB,YACS,WAAyB,EACzB,OAAgB,EAChB,MAAe,EACtB,sBAAsC;QAH/B,gBAAW,GAAX,WAAW,CAAc;QACzB,YAAO,GAAP,OAAO,CAAS;QAChB,WAAM,GAAN,MAAM,CAAS;QAGtB,IAAI,OAAO,IAAI,MAAM,IAAI,sBAAsB,EAAE;YAC/C,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,MAAM,EAAE,sBAAsB,CAAC,CAAC;SACzD;IACH,CAAC;IA2ED,aAAa,CAAC,GAAkB;QAC9B,MAAM,MAAM,GAAG,GAAG,CAAC,iBAAiB,CAAC;QACrC,MAAM,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,WAAW,EAAE,GAAG,CAAC,QAAQ,EAAE;YAC9D,IAAI,EAAE,MAAM,CAAC,WAAW;YACxB,OAAO,EAAE,IAAA,oBAAM,EACb,MAAM,CAAC,IAAI,CAAC,IAAA,oBAAM,EAAC,MAAM,CAAC,eAAe,EAAE,wBAAe,CAAC,CAAC,KAAK,EAAE,CAAC,EACpE,EAAE,OAAO,EAAE,mBAAK,CAAC,QAAQ,EAAE,CAC5B,CAAC,OAAO;YACT,KAAK,EAAE,MAAM,CAAC,KAAK;YACnB,cAAc,EAAE,MAAM,CAAC,cAAc;SACtC,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,GAAG,GAAG,CAAC;QACnB,GAAG,CAAC,iBAAiB,CAAC,UAAU,GAAG,GAAG,CAAC,MAAM,CAAC;QAC9C,OAAO,GAAG,CAAC;IACb,CAAC;IAED,aAAa,CAAC,GAAkB;QAC9B,MAAM,MAAM,GAAG,GAAG,CAAC,iBAAiB,CAAC;QACrC,MAAM,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,WAAW,EAAE,GAAG,CAAC,QAAQ,EAAE;YAC9D,IAAI,EAAE,MAAM,CAAC,WAAW;YACxB,OAAO,EAAE,IAAA,oBAAM,EACb,MAAM,CAAC,IAAI,CAAC,IAAA,oBAAM,EAAC,MAAM,CAAC,eAAe,EAAE,wBAAe,CAAC,CAAC,KAAK,EAAE,CAAC,EACpE,EAAE,OAAO,EAAE,mBAAK,CAAC,QAAQ,EAAE,CAC5B,CAAC,OAAO;YACT,KAAK,EAAE,MAAM,CAAC,KAAK;YACnB,cAAc,EAAE,MAAM,CAAC,cAAc;SACtC,CAAC,CAAC;QACH,OAAO,GAAG,CAAC;IACb,CAAC;IAED,UAAU,CAAC,GAAW;QACpB,IAAI,IAAI,CAAC,WAAW,KAAK,sBAAW,CAAC,MAAM;YACzC,OAAO,IAAA,yBAAmB,EAAC,IAAI,CAAC,YAAY,EAAE,GAAG,CAAC,CAAC;;YAChD,OAAO,IAAA,yBAAmB,EAAC,IAAI,CAAC,YAAY,EAAE,GAAG,CAAC,CAAC;IAC1D,CAAC;IAED,aAAa,CAAC,IAAY,EAAE,IAAY;QACtC,MAAM,SAAS,GAAG,IAAA,mBAAU,EAAC,IAAI,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QAChD,MAAM,GAAG,GAAG,IAAI,CAAC,eAAe,CAAC,KAAK,EAAE,CAAC,QAAQ,EAAE,CAAC;QACpD,MAAM,MAAM,GAAG,SAAS,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACnC,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,oBAAoB,CAAC,aAAqB;QACxC,MAAM,YAAY,GAChB,IAAI,CAAC,WAAW,KAAK,sBAAW,CAAC,MAAM;YACrC,CAAC,CAAC,IAAI,CAAC,WAAW;YAClB,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC;QACxB,MAAM,YAAY,GAChB,IAAI,CAAC,WAAW,KAAK,sBAAW,CAAC,MAAM;YACrC,CAAC,CAAC,IAAI,CAAC,WAAW;YAClB,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC;QAExB,MAAM,GAAG,GAAG,IAAI,CAAC,iBAAiB,CAChC,YAAY,CAAC,SAAS,EAAE,EACxB,YAAY,CAAC,SAAS,EAAE,EACxB,IAAI,CAAC,YAAY,CAAC,SAAS,EAC3B,IAAI,CAAC,UAAU,CAChB,CAAC;QAEF,MAAM,GAAG,GAAG,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,GAAG,EAAE,aAAa,CAAC,CAAC;QAC1D,OAAO,GAAG,CAAC;IACb,CAAC;IAED,SAAS,CAAC,OAAe,EAAE,MAAc,EAAE,aAA4B;QACrE,MAAM,IAAI,GAAG,kBAAW,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC;QACvD,MAAM,GAAG,GAAG,iBAAU,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC;QACpD,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,CAAC;QAC1B,IAAI,CAAC,eAAe,GAAG,GAAG,CAAC;QAC3B,IAAI,CAAC,sBAAsB,GAAG,aAAa,CAAC;IAC9C,CAAC;IAEO,iBAAiB,CACvB,YAAoB,EACpB,YAAoB,EACpB,SAAiB,EACjB,UAAkB;QAElB,MAAM,YAAY,GAAG,MAAM,CAAC,IAAI,CAC9B,IAAA,oBAAM,EACJ;YACE,IAAI,EAAE,iBAAS,CAAC,aAAa;YAC7B,KAAK,EAAE,UAAU;YACjB,GAAG,EAAE,SAAS,CAAC,MAAM;SACtB,EACD,EAAE,IAAI,EAAE,mBAAK,CAAC,KAAK,EAAE,KAAK,EAAE,mBAAK,CAAC,QAAQ,EAAE,GAAG,EAAE,mBAAK,CAAC,KAAK,EAAE,CAC/D,CAAC,KAAK,EAAE,CACV,CAAC;QACF,OAAO,MAAM,CAAC,MAAM,CAAC,CAAC,YAAY,EAAE,YAAY,EAAE,YAAY,EAAE,SAAS,CAAC,CAAC,CAAC;IAC9E,CAAC;;AA3LH,sCA4LC;;AAnKC;;;;GAIG;AACI,gDAAkC,GAAG,KAAK,EAC/C,aAA4B,EAC5B,mBAA0C,EAC1C,EAAE;IACF,MAAM,sBAAsB,GAAG,CAAC,GAAG,EAAE;QACnC,QAAQ,aAAa,CAAC,SAAS,EAAE;YAC/B,KAAK,0BAAkB,CAAC,KAAK;gBAC3B,OAAO,mBAAmB,CAAC;YAC7B,KAAK,0BAAkB,CAAC,OAAO;gBAC7B,OAAO,OAAO,CAAC;SAClB;IACH,CAAC,CAAC,EAAE,CAAC;IACL,MAAM,IAAI,GAAG,CAAC,GAAG,EAAE;QACjB,QAAQ,aAAa,CAAC,IAAI,EAAE;YAC1B,KAAK,qBAAa,CAAC,QAAQ;gBACzB,OAAO,SAAS,CAAC;SACpB;IACH,CAAC,CAAC,EAAE,CAAC;IACL,MAAM,UAAU,GAAG,CAAC,GAAG,EAAE;QACvB,QAAQ,mBAAmB,EAAE;YAC3B,KAAK,2BAAmB,CAAC,YAAY;gBACnC,OAAO,OAAO,CAAC;YACjB,KAAK,2BAAmB,CAAC,SAAS;gBAChC,6CAA6C;gBAC7C,IAAI,sBAAsB,KAAK,OAAO,EAAE;oBACtC,OAAO,OAAO,CAAC;iBAChB;gBACD,OAAO,QAAQ,CAAC;YAClB,OAAO,CAAC,CAAC;gBACP,IAAI,sBAAsB,KAAK,OAAO;oBAAE,OAAO,OAAO,CAAC;gBACvD,IAAI,sBAAsB,KAAK,mBAAmB;oBAAE,OAAO,QAAQ,CAAC;aACrE;SACF;IACH,CAAC,CAAC,EAAE,CAAC;IACL,MAAM,GAAG,GAAG,CAAC,GAAG,EAAE;QAChB,QAAQ,sBAAsB,EAAE;YAC9B,KAAK,OAAO;gBACV,OAAO,EAAE,IAAI,EAAE,sBAAsB,EAAE,IAAI,EAAE,UAAU,EAAE,CAAC;YAC5D,KAAK,mBAAmB;gBACtB,OAAO;oBACL,IAAI,EAAE,sBAAsB;oBAC5B,IAAI;oBACJ,cAAc,EAAE,IAAI,UAAU,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC;oBACzC,aAAa,EAAE,IAAI;iBACpB,CAAC;SACL;IACH,CAAC,CAAC,EAAE,CAAC;IAEL,MAAM,IAAI,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,GAAG,EAAE,IAAI,EAAE,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC;IAE5E,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,wBAAwB,CAAC,gBAAgB,CAAC;QAChE,YAAY,EAAE,IAAI;QAClB,IAAI,EAAE,iDAAiD;QACvD,SAAS,EAAE,IAAI,IAAI,EAAE;QACrB,QAAQ,EAAE,IAAA,kBAAQ,EAAC,IAAI,CAAC,GAAG,EAAE,EAAE,EAAE,CAAC;QAClC,gBAAgB,EAAE,GAAG;QACrB,IAAI;KACL,CAAC,CAAC;IAEH,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;IACrC,MAAM,MAAM,GAAG,IAAI,CAAC,YAAY,CAAC,MAAM,CACrC,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,OAAO,EAAE,IAAI,CAAC,UAAiB,CAAC,EAC9D,aAAa,CACd,CAAC;IAEF,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,aAAa,EAAE,CAAC;AAC5C,CAAE,CAAA","sourcesContent":["import { Certificate, PrivateKey } from \"@fidm/x509\";\nimport { Crypto } from \"@peculiar/webcrypto\";\nimport * as x509 from \"@peculiar/x509\";\nimport { decode, encode, types } from \"binary-data\";\nimport { createSign } from \"crypto\";\nimport addYears from \"date-fns/addYears\";\n\nimport {\n  CipherSuites,\n  CurveType,\n  HashAlgorithm,\n  NamedCurveAlgorithm,\n  NamedCurveAlgorithms,\n  SignatureAlgorithm,\n  SignatureHash,\n} from \"../cipher/const\";\nimport { NamedCurveKeyPair } from \"../cipher/namedCurve\";\nimport { prfVerifyDataClient, prfVerifyDataServer } from \"../cipher/prf\";\nimport { SessionType, SessionTypes } from \"../cipher/suites/abstract\";\nimport AEADCipher from \"../cipher/suites/aead\";\nimport { ProtocolVersion } from \"../handshake/binary\";\nimport { DtlsRandom } from \"../handshake/random\";\nimport { DtlsPlaintext } from \"../record/message/plaintext\";\n\nconst crypto = new Crypto();\nx509.cryptoProvider.set(crypto as any);\n\nexport class CipherContext {\n  localRandom!: DtlsRandom;\n  remoteRandom!: DtlsRandom;\n  cipherSuite!: CipherSuites;\n  remoteCertificate?: Buffer;\n  remoteKeyPair!: Partial<NamedCurveKeyPair>;\n  localKeyPair!: NamedCurveKeyPair;\n  masterSecret!: Buffer;\n  cipher!: AEADCipher;\n  namedCurve!: NamedCurveAlgorithms;\n  signatureHashAlgorithm?: SignatureHash;\n  localCert!: Buffer;\n  localPrivateKey!: PrivateKey;\n\n  constructor(\n    public sessionType: SessionTypes,\n    public certPem?: string,\n    public keyPem?: string,\n    signatureHashAlgorithm?: SignatureHash\n  ) {\n    if (certPem && keyPem && signatureHashAlgorithm) {\n      this.parseX509(certPem, keyPem, signatureHashAlgorithm);\n    }\n  }\n\n  /**\n   *\n   * @param signatureHash\n   * @param namedCurveAlgorithm necessary when use ecdsa\n   */\n  static createSelfSignedCertificateWithKey = async (\n    signatureHash: SignatureHash,\n    namedCurveAlgorithm?: NamedCurveAlgorithms\n  ) => {\n    const signatureAlgorithmName = (() => {\n      switch (signatureHash.signature) {\n        case SignatureAlgorithm.rsa_1:\n          return \"RSASSA-PKCS1-v1_5\";\n        case SignatureAlgorithm.ecdsa_3:\n          return \"ECDSA\";\n      }\n    })();\n    const hash = (() => {\n      switch (signatureHash.hash) {\n        case HashAlgorithm.sha256_4:\n          return \"SHA-256\";\n      }\n    })();\n    const namedCurve = (() => {\n      switch (namedCurveAlgorithm) {\n        case NamedCurveAlgorithm.secp256r1_23:\n          return \"P-256\";\n        case NamedCurveAlgorithm.x25519_29:\n          // todo fix (X25519 not supported with ECDSA)\n          if (signatureAlgorithmName === \"ECDSA\") {\n            return \"P-256\";\n          }\n          return \"X25519\";\n        default: {\n          if (signatureAlgorithmName === \"ECDSA\") return \"P-256\";\n          if (signatureAlgorithmName === \"RSASSA-PKCS1-v1_5\") return \"X25519\";\n        }\n      }\n    })();\n    const alg = (() => {\n      switch (signatureAlgorithmName) {\n        case \"ECDSA\":\n          return { name: signatureAlgorithmName, hash, namedCurve };\n        case \"RSASSA-PKCS1-v1_5\":\n          return {\n            name: signatureAlgorithmName,\n            hash,\n            publicExponent: new Uint8Array([1, 0, 1]),\n            modulusLength: 2048,\n          };\n      }\n    })();\n\n    const keys = await crypto.subtle.generateKey(alg, true, [\"sign\", \"verify\"]);\n\n    const cert = await x509.X509CertificateGenerator.createSelfSigned({\n      serialNumber: \"01\",\n      name: \"C=AU, ST=Some-State, O=Internet Widgits Pty Ltd\",\n      notBefore: new Date(),\n      notAfter: addYears(Date.now(), 10),\n      signingAlgorithm: alg,\n      keys,\n    });\n\n    const certPem = cert.toString(\"pem\");\n    const keyPem = x509.PemConverter.encode(\n      await crypto.subtle.exportKey(\"pkcs8\", keys.privateKey as any),\n      \"private key\"\n    );\n\n    return { certPem, keyPem, signatureHash };\n  };\n\n  encryptPacket(pkt: DtlsPlaintext) {\n    const header = pkt.recordLayerHeader;\n    const enc = this.cipher.encrypt(this.sessionType, pkt.fragment, {\n      type: header.contentType,\n      version: decode(\n        Buffer.from(encode(header.protocolVersion, ProtocolVersion).slice()),\n        { version: types.uint16be }\n      ).version,\n      epoch: header.epoch,\n      sequenceNumber: header.sequenceNumber,\n    });\n    pkt.fragment = enc;\n    pkt.recordLayerHeader.contentLen = enc.length;\n    return pkt;\n  }\n\n  decryptPacket(pkt: DtlsPlaintext) {\n    const header = pkt.recordLayerHeader;\n    const dec = this.cipher.decrypt(this.sessionType, pkt.fragment, {\n      type: header.contentType,\n      version: decode(\n        Buffer.from(encode(header.protocolVersion, ProtocolVersion).slice()),\n        { version: types.uint16be }\n      ).version,\n      epoch: header.epoch,\n      sequenceNumber: header.sequenceNumber,\n    });\n    return dec;\n  }\n\n  verifyData(buf: Buffer) {\n    if (this.sessionType === SessionType.CLIENT)\n      return prfVerifyDataClient(this.masterSecret, buf);\n    else return prfVerifyDataServer(this.masterSecret, buf);\n  }\n\n  signatureData(data: Buffer, hash: string) {\n    const signature = createSign(hash).update(data);\n    const key = this.localPrivateKey.toPEM().toString();\n    const signed = signature.sign(key);\n    return signed;\n  }\n\n  generateKeySignature(hashAlgorithm: string) {\n    const clientRandom =\n      this.sessionType === SessionType.CLIENT\n        ? this.localRandom\n        : this.remoteRandom;\n    const serverRandom =\n      this.sessionType === SessionType.SERVER\n        ? this.localRandom\n        : this.remoteRandom;\n\n    const sig = this.valueKeySignature(\n      clientRandom.serialize(),\n      serverRandom.serialize(),\n      this.localKeyPair.publicKey,\n      this.namedCurve\n    );\n\n    const enc = this.localPrivateKey.sign(sig, hashAlgorithm);\n    return enc;\n  }\n\n  parseX509(certPem: string, keyPem: string, signatureHash: SignatureHash) {\n    const cert = Certificate.fromPEM(Buffer.from(certPem));\n    const sec = PrivateKey.fromPEM(Buffer.from(keyPem));\n    this.localCert = cert.raw;\n    this.localPrivateKey = sec;\n    this.signatureHashAlgorithm = signatureHash;\n  }\n\n  private valueKeySignature(\n    clientRandom: Buffer,\n    serverRandom: Buffer,\n    publicKey: Buffer,\n    namedCurve: number\n  ) {\n    const serverParams = Buffer.from(\n      encode(\n        {\n          type: CurveType.named_curve_3,\n          curve: namedCurve,\n          len: publicKey.length,\n        },\n        { type: types.uint8, curve: types.uint16be, len: types.uint8 }\n      ).slice()\n    );\n    return Buffer.concat([clientRandom, serverRandom, serverParams, publicKey]);\n  }\n}\n"]}

package/lib/ice/src/exceptions.d.ts

@@ -1,10 +1,13 @@
 import { Message } from "./stun/message";
+import { Address } from "./types/model";
 export declare class TransactionError extends Error {
     response?: Message;
+    addr?: Address;
 }
 export declare class TransactionFailed extends TransactionError {
     response: Message;
-    constructor(response: Message);
+    addr: Address;
+    constructor(response: Message, addr: Address);
     get str(): string;
 }
 export declare class TransactionTimeout extends TransactionError {

package/lib/ice/src/exceptions.js

@@ -5,14 +5,16 @@ class TransactionError extends Error {
 }
 exports.TransactionError = TransactionError;
 class TransactionFailed extends TransactionError {
-    constructor(response) {
+    constructor(response, addr) {
         super();
         this.response = response;
+        this.addr = addr;
     }
     get str() {
         let out = "STUN transaction failed";
-        if (Object.keys(this.response.attributes).includes("ERROR-CODE")) {
-            const [code, msg] = this.response.attributes["ERROR-CODE"];
+        const attribute = this.response.getAttributeValue("ERROR-CODE");
+        if (attribute) {
+            const [code, msg] = attribute;
             out += ` (${code} - ${msg})`;
         }
         return out;

package/lib/ice/src/exceptions.js.map

@@ -1 +1 @@
-{"version":3,"file":"exceptions.js","sourceRoot":"","sources":["../../../../ice/src/exceptions.ts"],"names":[],"mappings":";;;AAEA,MAAa,gBAAiB,SAAQ,KAAK;CAE1C;AAFD,4CAEC;AAED,MAAa,iBAAkB,SAAQ,gBAAgB;IACrD,YAAmB,QAAiB;QAClC,KAAK,EAAE,CAAC;QADS,aAAQ,GAAR,QAAQ,CAAS;IAEpC,CAAC;IAED,IAAI,GAAG;QACL,IAAI,GAAG,GAAG,yBAAyB,CAAC;QACpC,IAAI,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC,QAAQ,CAAC,YAAY,CAAC,EAAE;YAChE,MAAM,CAAC,IAAI,EAAE,GAAG,CAAC,GAAG,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,YAAY,CAAC,CAAC;YAC3D,GAAG,IAAI,KAAK,IAAI,MAAM,GAAG,GAAG,CAAC;SAC9B;QACD,OAAO,GAAG,CAAC;IACb,CAAC;CACF;AAbD,8CAaC;AAED,MAAa,kBAAmB,SAAQ,gBAAgB;IACtD,IAAI,GAAG;QACL,OAAO,4BAA4B,CAAC;IACtC,CAAC;CACF;AAJD,gDAIC","sourcesContent":["import { Message } from \"./stun/message\";\n\nexport class TransactionError extends Error {\n  response?: Message;\n}\n\nexport class TransactionFailed extends TransactionError {\n  constructor(public response: Message) {\n    super();\n  }\n\n  get str() {\n    let out = \"STUN transaction failed\";\n    if (Object.keys(this.response.attributes).includes(\"ERROR-CODE\")) {\n      const [code, msg] = this.response.attributes[\"ERROR-CODE\"];\n      out += ` (${code} - ${msg})`;\n    }\n    return out;\n  }\n}\n\nexport class TransactionTimeout extends TransactionError {\n  get str() {\n    return \"STUN transaction timed out\";\n  }\n}\n"]}
+{"version":3,"file":"exceptions.js","sourceRoot":"","sources":["../../../../ice/src/exceptions.ts"],"names":[],"mappings":";;;AAGA,MAAa,gBAAiB,SAAQ,KAAK;CAG1C;AAHD,4CAGC;AAED,MAAa,iBAAkB,SAAQ,gBAAgB;IACrD,YAAmB,QAAiB,EAAS,IAAa;QACxD,KAAK,EAAE,CAAC;QADS,aAAQ,GAAR,QAAQ,CAAS;QAAS,SAAI,GAAJ,IAAI,CAAS;IAE1D,CAAC;IAED,IAAI,GAAG;QACL,IAAI,GAAG,GAAG,yBAAyB,CAAC;QACpC,MAAM,SAAS,GAAG,IAAI,CAAC,QAAQ,CAAC,iBAAiB,CAAC,YAAY,CAAC,CAAC;QAChE,IAAI,SAAS,EAAE;YACb,MAAM,CAAC,IAAI,EAAE,GAAG,CAAC,GAAG,SAAS,CAAC;YAC9B,GAAG,IAAI,KAAK,IAAI,MAAM,GAAG,GAAG,CAAC;SAC9B;QACD,OAAO,GAAG,CAAC;IACb,CAAC;CACF;AAdD,8CAcC;AAED,MAAa,kBAAmB,SAAQ,gBAAgB;IACtD,IAAI,GAAG;QACL,OAAO,4BAA4B,CAAC;IACtC,CAAC;CACF;AAJD,gDAIC","sourcesContent":["import { Message } from \"./stun/message\";\nimport { Address } from \"./types/model\";\n\nexport class TransactionError extends Error {\n  response?: Message;\n  addr?: Address;\n}\n\nexport class TransactionFailed extends TransactionError {\n  constructor(public response: Message, public addr: Address) {\n    super();\n  }\n\n  get str() {\n    let out = \"STUN transaction failed\";\n    const attribute = this.response.getAttributeValue(\"ERROR-CODE\");\n    if (attribute) {\n      const [code, msg] = attribute;\n      out += ` (${code} - ${msg})`;\n    }\n    return out;\n  }\n}\n\nexport class TransactionTimeout extends TransactionError {\n  get str() {\n    return \"STUN transaction timed out\";\n  }\n}\n"]}

package/lib/ice/src/ice.d.ts

@@ -103,7 +103,7 @@ export interface IceOptions {
 export declare function validateRemoteCandidate(candidate: Candidate): Candidate;
 export declare function sortCandidatePairs(pairs: CandidatePair[], iceControlling: boolean): void;
 export declare function candidatePairPriority(local: Candidate, remote: Candidate, iceControlling: boolean): number;
-export declare function getHostAddress(useIpv4: boolean, useIpv6: boolean): string[];
+export declare function getHostAddresses(useIpv4: boolean, useIpv6: boolean): string[];
 export declare function serverReflexiveCandidate(protocol: Protocol, stunServer: Address): Promise<Candidate | undefined>;
 export declare function validateAddress(addr?: Address): Address | undefined;
 export {};

package/lib/ice/src/ice.js

@@ -22,7 +22,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.validateAddress = exports.serverReflexiveCandidate = exports.getHostAddress = exports.candidatePairPriority = exports.sortCandidatePairs = exports.validateRemoteCandidate = exports.CandidatePairState = exports.CandidatePair = exports.Connection = void 0;
+exports.validateAddress = exports.serverReflexiveCandidate = exports.getHostAddresses = exports.candidatePairPriority = exports.sortCandidatePairs = exports.validateRemoteCandidate = exports.CandidatePairState = exports.CandidatePair = exports.Connection = void 0;
 const crypto_1 = require("crypto");
 const debug_1 = __importDefault(require("debug"));
 const dns_1 = __importDefault(require("dns"));
@@ -31,6 +31,7 @@ const nodeIp = __importStar(require("ip"));
 const isEqual_1 = __importDefault(require("lodash/isEqual"));
 const range_1 = __importDefault(require("lodash/range"));
 const net_1 = require("net");
+const os_1 = __importDefault(require("os"));
 const p_cancelable_1 = __importDefault(require("p-cancelable"));
 const rx_mini_1 = require("rx.mini");
 const promises_1 = __importDefault(require("timers/promises"));
@@ -94,6 +95,7 @@ class Connection {
                             }
                         }
                         catch (error) {
+                            log("no stun response");
                             failures++;
                             this.setState("disconnected");
                         }
@@ -129,7 +131,7 @@ class Connection {
             const request = this.buildRequest(pair, nominate);
             const result = {};
             try {
-                const [response, addr] = await pair.protocol.request(request, pair.remoteAddr, Buffer.from(this.remotePassword, "utf8"));
+                const [response, addr] = await pair.protocol.request(request, pair.remoteAddr, Buffer.from(this.remotePassword, "utf8"), 4);
                 log("response", response, addr);
                 result.response = response;
                 result.addr = addr;
@@ -138,7 +140,7 @@ class Connection {
                 const exc = error;
                 // 7.1.3.1.  Failure Cases
                 log("failure case", exc.response);
-                if (exc.response?.attributes["ERROR-CODE"][0] === 487) {
+                if (exc.response?.getAttributeValue("ERROR-CODE")[0] === 487) {
                     if (request.attributesKeys.includes("ICE-CONTROLLED")) {
                         this.switchRole(true);
                     }
@@ -218,7 +220,7 @@ class Connection {
         if (!this.localCandidatesStart) {
             this.localCandidatesStart = true;
             this.promiseGatherCandidates = new rx_mini_1.Event();
-            const address = getHostAddress(this.useIpv4, this.useIpv6);
+            const address = getHostAddresses(this.useIpv4, this.useIpv6);
             for (const component of this._components) {
                 const candidates = await this.getComponentCandidates(component, address, 5, cb);
                 this.localCandidates = [...this.localCandidates, ...candidates];
@@ -292,7 +294,7 @@ class Connection {
         // This coroutine returns if a candidate pair was successfully nominated
         // and raises an exception otherwise.
         // """
-        log("start connect ice");
+        log("start connect ice", this.localCandidates);
         if (!this._localCandidatesEnd) {
             if (!this.localCandidatesStart)
                 throw new Error("Local candidates gathering was not performed");
@@ -451,6 +453,7 @@ class Connection {
         catch (error) {
             return;
         }
+        log("addRemoteCandidate", remoteCandidate);
         this.remoteCandidates.push(remoteCandidate);
         this.pairRemoteCandidate(remoteCandidate);
         this.sortCheckList();
@@ -485,7 +488,7 @@ class Connection {
             (0, message_1.parseMessage)(rawData, Buffer.from(this.localPassword, "utf8"));
             if (!this.remoteUsername) {
                 const rxUsername = `${this.localUserName}:${this.remoteUsername}`;
-                if (message.attributes["USERNAME"] != rxUsername)
+                if (message.getAttributeValue("USERNAME") != rxUsername)
                     throw new Error("Wrong username");
             }
         }
@@ -496,7 +499,7 @@ class Connection {
         const { iceControlling } = this;
         // 7.2.1.1.  Detecting and Repairing Role Conflicts
         if (iceControlling && message.attributesKeys.includes("ICE-CONTROLLING")) {
-            if (this._tieBreaker >= message.attributes["ICE-CONTROLLING"]) {
+            if (this._tieBreaker >= message.getAttributeValue("ICE-CONTROLLING")) {
                 this.respondError(message, addr, protocol, [487, "Role Conflict"]);
                 return;
             }
@@ -506,7 +509,7 @@ class Connection {
         }
         else if (!iceControlling &&
             message.attributesKeys.includes("ICE-CONTROLLED")) {
-            if (this._tieBreaker < message.attributes["ICE-CONTROLLED"]) {
+            if (this._tieBreaker < message.getAttributeValue("ICE-CONTROLLED")) {
                 this.respondError(message, addr, protocol, [487, "Role Conflict"]);
             }
             else {
@@ -516,9 +519,10 @@ class Connection {
         }
         // # send binding response
         const response = new message_1.Message(const_1.methods.BINDING, const_1.classes.RESPONSE, message.transactionId);
-        response.attributes["XOR-MAPPED-ADDRESS"] = addr;
-        response.addMessageIntegrity(Buffer.from(this.localPassword, "utf8"));
-        response.addFingerprint();
+        response
+            .setAttribute("XOR-MAPPED-ADDRESS", addr)
+            .addMessageIntegrity(Buffer.from(this.localPassword, "utf8"))
+            .addFingerprint();
         protocol.sendStun(response, addr);
         // todo fix
         // if (this.checkList.length === 0) {
@@ -650,7 +654,7 @@ class Connection {
         }
         if (!remoteCandidate) {
             // 7.2.1.3.  Learning Peer Reflexive Candidates
-            remoteCandidate = new candidate_1.Candidate((0, helper_1.randomString)(10), component, "udp", message.attributes["PRIORITY"], host, port, "prflx");
+            remoteCandidate = new candidate_1.Candidate((0, helper_1.randomString)(10), component, "udp", message.getAttributeValue("PRIORITY"), host, port, "prflx");
             this.remoteCandidates.push(remoteCandidate);
         }
         // find pair
@@ -678,24 +682,26 @@ class Connection {
     buildRequest(pair, nominate) {
         const txUsername = `${this.remoteUsername}:${this.localUserName}`;
         const request = new message_1.Message(const_1.methods.BINDING, const_1.classes.REQUEST);
-        request.attributes["USERNAME"] = txUsername;
-        request.attributes["PRIORITY"] = (0, candidate_1.candidatePriority)(pair.component, "prflx");
+        request
+            .setAttribute("USERNAME", txUsername)
+            .setAttribute("PRIORITY", (0, candidate_1.candidatePriority)(pair.component, "prflx"));
         if (this.iceControlling) {
-            request.attributes["ICE-CONTROLLING"] = this._tieBreaker;
+            request.setAttribute("ICE-CONTROLLING", this._tieBreaker);
             if (nominate) {
-                request.attributes["USE-CANDIDATE"] = null;
+                request.setAttribute("USE-CANDIDATE", null);
             }
         }
         else {
-            request.attributes["ICE-CONTROLLED"] = this._tieBreaker;
+            request.setAttribute("ICE-CONTROLLED", this._tieBreaker);
         }
         return request;
     }
     respondError(request, addr, protocol, errorCode) {
         const response = new message_1.Message(request.messageMethod, const_1.classes.ERROR, request.transactionId);
-        response.attributes["ERROR-CODE"] = errorCode;
-        response.addMessageIntegrity(Buffer.from(this.localPassword, "utf8"));
-        response.addFingerprint();
+        response
+            .setAttribute("ERROR-CODE", errorCode)
+            .addMessageIntegrity(Buffer.from(this.localPassword, "utf8"))
+            .addFingerprint();
         protocol.sendStun(response, addr);
     }
 }
@@ -761,15 +767,45 @@ function candidatePairPriority(local, remote, iceControlling) {
     return (1 << 32) * Math.min(G, D) + 2 * Math.max(G, D) + (G > D ? 1 : 0);
 }
 exports.candidatePairPriority = candidatePairPriority;
-function getHostAddress(useIpv4, useIpv6) {
+function nodeIpAddress(family) {
+    // https://chromium.googlesource.com/external/webrtc/+/master/rtc_base/network.cc#236
+    const costlyNetworks = ["ipsec", "tun", "utun", "tap"];
+    const interfaces = os_1.default.networkInterfaces();
+    const all = Object.keys(interfaces)
+        .map((nic) => {
+        for (const costly of costlyNetworks) {
+            if (nic.startsWith(costly)) {
+                return {
+                    nic,
+                    addresses: [],
+                };
+            }
+        }
+        const addresses = interfaces[nic].filter((details) => details.family.toLowerCase() === family &&
+            !nodeIp.isLoopback(details.address));
+        return {
+            nic,
+            addresses: addresses.map((address) => address.address),
+        };
+    })
+        .filter((address) => !!address);
+    // os.networkInterfaces doesn't actually return addresses in a good order.
+    // have seen instances where en0 (ethernet) is after en1 (wlan), etc.
+    // eth0 > eth1
+    all.sort((a, b) => a.nic.localeCompare(b.nic));
+    return Object.values(all)
+        .map((entry) => entry.addresses)
+        .flat();
+}
+function getHostAddresses(useIpv4, useIpv6) {
     const address = [];
     if (useIpv4)
-        address.push(nodeIp.address("", "ipv4"));
+        address.push(...nodeIpAddress("ipv4"));
     if (useIpv6)
-        address.push(nodeIp.address("", "ipv6"));
+        address.push(...nodeIpAddress("ipv6"));
     return address;
 }
-exports.getHostAddress = getHostAddress;
+exports.getHostAddresses = getHostAddresses;
 async function serverReflexiveCandidate(protocol, stunServer) {
     // """
     // Query STUN server to obtain a server-reflexive candidate.
@@ -781,7 +817,7 @@ async function serverReflexiveCandidate(protocol, stunServer) {
         const localCandidate = protocol.localCandidate;
         if (!localCandidate)
             throw new Error("not exist");
-        return new candidate_1.Candidate((0, candidate_1.candidateFoundation)("srflx", "udp", localCandidate.host), localCandidate.component, localCandidate.transport, (0, candidate_1.candidatePriority)(localCandidate.component, "srflx"), response.attributes["XOR-MAPPED-ADDRESS"][0], response.attributes["XOR-MAPPED-ADDRESS"][1], "srflx", localCandidate.host, localCandidate.port);
+        return new candidate_1.Candidate((0, candidate_1.candidateFoundation)("srflx", "udp", localCandidate.host), localCandidate.component, localCandidate.transport, (0, candidate_1.candidatePriority)(localCandidate.component, "srflx"), response.getAttributeValue("XOR-MAPPED-ADDRESS")[0], response.getAttributeValue("XOR-MAPPED-ADDRESS")[1], "srflx", localCandidate.host, localCandidate.port);
     }
     catch (error) {
         // todo fix