|
1 | | -// Copyright Joyent, Inc. and other Node contributors. |
2 | | -// |
3 | | -// Permission is hereby granted, free of charge, to any person obtaining a |
4 | | -// copy of this software and associated documentation files (the |
5 | | -// "Software"), to deal in the Software without restriction, including |
6 | | -// without limitation the rights to use, copy, modify, merge, publish, |
7 | | -// distribute, sublicense, and/or sell copies of the Software, and to permit |
8 | | -// persons to whom the Software is furnished to do so, subject to the |
9 | | -// following conditions: |
10 | | -// |
11 | | -// The above copyright notice and this permission notice shall be included |
12 | | -// in all copies or substantial portions of the Software. |
13 | | -// |
14 | | -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS |
15 | | -// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF |
16 | | -// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN |
17 | | -// NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, |
18 | | -// DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR |
19 | | -// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE |
20 | | -// USE OR OTHER DEALINGS IN THE SOFTWARE. |
21 | | - |
22 | 1 | 'use strict'; |
23 | 2 |
|
24 | | -const { |
25 | | - JSONParse, |
26 | | -} = primordials; |
27 | | - |
28 | | -const tls = require('tls'); |
29 | | - |
30 | | -const { |
31 | | - codes: { |
32 | | - ERR_TLS_INVALID_PROTOCOL_VERSION, |
33 | | - ERR_TLS_PROTOCOL_VERSION_CONFLICT, |
34 | | - }, |
35 | | -} = require('internal/errors'); |
36 | | - |
37 | | -const { |
38 | | - crypto: { |
39 | | - SSL_OP_CIPHER_SERVER_PREFERENCE, |
40 | | - TLS1_VERSION, |
41 | | - TLS1_1_VERSION, |
42 | | - TLS1_2_VERSION, |
43 | | - TLS1_3_VERSION, |
44 | | - }, |
45 | | -} = internalBinding('constants'); |
46 | | - |
47 | | -const { |
48 | | - kEmptyObject, |
49 | | -} = require('internal/util'); |
50 | | - |
51 | | -const { |
52 | | - validateInteger, |
53 | | -} = require('internal/validators'); |
54 | | - |
55 | | -const { |
56 | | - configSecureContext, |
57 | | -} = require('internal/tls/secure-context'); |
58 | | - |
59 | | -function toV(which, v, def) { |
60 | | - v ??= def; |
61 | | - if (v === 'TLSv1') return TLS1_VERSION; |
62 | | - if (v === 'TLSv1.1') return TLS1_1_VERSION; |
63 | | - if (v === 'TLSv1.2') return TLS1_2_VERSION; |
64 | | - if (v === 'TLSv1.3') return TLS1_3_VERSION; |
65 | | - throw new ERR_TLS_INVALID_PROTOCOL_VERSION(v, which); |
66 | | -} |
67 | | - |
68 | | -const { |
69 | | - SecureContext: NativeSecureContext, |
70 | | -} = internalBinding('crypto'); |
71 | | - |
72 | | -function SecureContext(secureProtocol, secureOptions, minVersion, maxVersion) { |
73 | | - if (!(this instanceof SecureContext)) { |
74 | | - return new SecureContext(secureProtocol, secureOptions, minVersion, |
75 | | - maxVersion); |
76 | | - } |
77 | | - |
78 | | - if (secureProtocol) { |
79 | | - if (minVersion != null) |
80 | | - throw new ERR_TLS_PROTOCOL_VERSION_CONFLICT(minVersion, secureProtocol); |
81 | | - if (maxVersion != null) |
82 | | - throw new ERR_TLS_PROTOCOL_VERSION_CONFLICT(maxVersion, secureProtocol); |
83 | | - } |
84 | | - |
85 | | - this.context = new NativeSecureContext(); |
86 | | - this.context.init(secureProtocol, |
87 | | - toV('minimum', minVersion, tls.DEFAULT_MIN_VERSION), |
88 | | - toV('maximum', maxVersion, tls.DEFAULT_MAX_VERSION)); |
89 | | - |
90 | | - if (secureOptions) { |
91 | | - validateInteger(secureOptions, 'secureOptions'); |
92 | | - this.context.setOptions(secureOptions); |
93 | | - } |
94 | | -} |
95 | | - |
96 | | -function createSecureContext(options) { |
97 | | - options ||= kEmptyObject; |
98 | | - const { |
99 | | - honorCipherOrder, |
100 | | - minVersion, |
101 | | - maxVersion, |
102 | | - secureProtocol, |
103 | | - } = options; |
104 | | - |
105 | | - let { secureOptions } = options; |
106 | | - |
107 | | - if (honorCipherOrder) |
108 | | - secureOptions |= SSL_OP_CIPHER_SERVER_PREFERENCE; |
109 | | - |
110 | | - const c = new SecureContext(secureProtocol, secureOptions, |
111 | | - minVersion, maxVersion); |
112 | | - |
113 | | - configSecureContext(c.context, options); |
114 | | - |
115 | | - return c; |
116 | | -} |
117 | | - |
118 | | -// Translate some fields from the handle's C-friendly format into more idiomatic |
119 | | -// javascript object representations before passing them back to the user. Can |
120 | | -// be used on any cert object, but changing the name would be semver-major. |
121 | | -function translatePeerCertificate(c) { |
122 | | - if (!c) |
123 | | - return null; |
124 | | - |
125 | | - if (c.issuerCertificate != null && c.issuerCertificate !== c) { |
126 | | - c.issuerCertificate = translatePeerCertificate(c.issuerCertificate); |
127 | | - } |
128 | | - if (c.infoAccess != null) { |
129 | | - const info = c.infoAccess; |
130 | | - c.infoAccess = { __proto__: null }; |
131 | | - |
132 | | - // XXX: More key validation? |
133 | | - info.replace(/([^\n:]*):([^\n]*)(?:\n|$)/g, |
134 | | - (all, key, val) => { |
135 | | - if (val.charCodeAt(0) === 0x22) { |
136 | | - // The translatePeerCertificate function is only |
137 | | - // used on internally created legacy certificate |
138 | | - // objects, and any value that contains a quote |
139 | | - // will always be a valid JSON string literal, |
140 | | - // so this should never throw. |
141 | | - val = JSONParse(val); |
142 | | - } |
143 | | - if (key in c.infoAccess) |
144 | | - c.infoAccess[key].push(val); |
145 | | - else |
146 | | - c.infoAccess[key] = [val]; |
147 | | - }); |
148 | | - } |
149 | | - return c; |
150 | | -} |
151 | | - |
| 3 | +const { SecureContext, createSecureContext, translatePeerCertificate } = require('internal/tls/common'); |
152 | 4 | module.exports = { |
153 | 5 | SecureContext, |
154 | 6 | createSecureContext, |
155 | 7 | translatePeerCertificate, |
156 | 8 | }; |
| 9 | +process.emitWarning('The _tls_common module is deprecated.', |
| 10 | + 'DeprecationWarning', 'DEP0192'); |
0 commit comments