Files

 main

/

tls.ts

Copy path

Blame

Blame

Latest commit

 

History

History

127 lines (117 loc) · 4.15 KB

 main

/

tls.ts

Top

File metadata and controls

• Code
• Blame

127 lines (117 loc) · 4.15 KB

Raw

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

70

71

72

73

74

75

76

77

78

79

80

81

82

83

84

85

86

87

88

89

90

91

92

93

94

95

96

97

98

99

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

// Copyright 2018-2025 the Deno authors. MIT license.

// Copyright Joyent and Node contributors. All rights reserved. MIT license.

// TODO(petamoriken): enable prefer-primordials for node polyfills

// deno-lint-ignore-file prefer-primordials

import { notImplemented } from "ext:deno_node/_utils.ts";

import tlsCommon from "node:_tls_common";

import tlsWrap from "node:_tls_wrap";

import { op_get_root_certificates } from "ext:core/ops";

import { primordials } from "ext:core/mod.js";

const { ObjectFreeze } = primordials;

// openssl -> rustls

const cipherMap = {

"__proto__": null,

"AES128-GCM-SHA256": "TLS13_AES_128_GCM_SHA256",

"AES256-GCM-SHA384": "TLS13_AES_256_GCM_SHA384",

"ECDHE-ECDSA-AES128-GCM-SHA256": "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",

"ECDHE-ECDSA-AES256-GCM-SHA384": "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",

"ECDHE-ECDSA-CHACHA20-POLY1305":

"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256",

"ECDHE-RSA-AES128-GCM-SHA256": "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",

"ECDHE-RSA-AES256-GCM-SHA384": "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",

"ECDHE-RSA-CHACHA20-POLY1305": "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256",

"TLS_AES_128_GCM_SHA256": "TLS13_AES_128_GCM_SHA256",

"TLS_AES_256_GCM_SHA384": "TLS13_AES_256_GCM_SHA384",

"TLS_CHACHA20_POLY1305_SHA256": "TLS13_CHACHA20_POLY1305_SHA256",

};

export function getCiphers() {

// TODO(bnoordhuis) Use locale-insensitive toLowerCase()

return Object.keys(cipherMap).map((name) => name.toLowerCase());

}

let lazyRootCertificates: string[] | null = null;

function ensureLazyRootCertificates(target: string[]) {

if (lazyRootCertificates === null) {

lazyRootCertificates = op_get_root_certificates() as string[];

lazyRootCertificates.forEach((v) => target.push(v));

ObjectFreeze(target);

}

}

export const rootCertificates = new Proxy([] as string[], {

// @ts-ignore __proto__ is not in the types

__proto__: null,

get(target, prop) {

ensureLazyRootCertificates(target);

return Reflect.get(target, prop);

},

ownKeys(target) {

ensureLazyRootCertificates(target);

return Reflect.ownKeys(target);

},

has(target, prop) {

ensureLazyRootCertificates(target);

return Reflect.has(target, prop);

},

getOwnPropertyDescriptor(target, prop) {

ensureLazyRootCertificates(target);

return Reflect.getOwnPropertyDescriptor(target, prop);

},

set(target, prop, value) {

ensureLazyRootCertificates(target);

return Reflect.set(target, prop, value);

},

defineProperty(target, prop, descriptor) {

ensureLazyRootCertificates(target);

return Reflect.defineProperty(target, prop, descriptor);

},

deleteProperty(target, prop) {

ensureLazyRootCertificates(target);

return Reflect.deleteProperty(target, prop);

},

isExtensible(target) {

ensureLazyRootCertificates(target);

return Reflect.isExtensible(target);

},

preventExtensions(target) {

ensureLazyRootCertificates(target);

return Reflect.preventExtensions(target);

},

setPrototypeOf() {

return false;

},

});

export const DEFAULT_ECDH_CURVE = "auto";

export const DEFAULT_MAX_VERSION = "TLSv1.3";

export const DEFAULT_MIN_VERSION = "TLSv1.2";

export const CLIENT_RENEG_LIMIT = 3;

export const CLIENT_RENEG_WINDOW = 600;

export class CryptoStream {}

export class SecurePair {}

export const Server = tlsWrap.Server;

export function createSecurePair() {

notImplemented("tls.createSecurePair");

}

export default {

CryptoStream,

SecurePair,

Server,

TLSSocket: tlsWrap.TLSSocket,

checkServerIdentity: tlsWrap.checkServerIdentity,

connect: tlsWrap.connect,

createSecureContext: tlsCommon.createSecureContext,

createSecurePair,

createServer: tlsWrap.createServer,

getCiphers,

rootCertificates,

DEFAULT_CIPHERS: tlsWrap.DEFAULT_CIPHERS,

DEFAULT_ECDH_CURVE,

DEFAULT_MAX_VERSION,

DEFAULT_MIN_VERSION,

CLIENT_RENEG_LIMIT,

CLIENT_RENEG_WINDOW,

};

export const checkServerIdentity = tlsWrap.checkServerIdentity;

export const connect = tlsWrap.connect;

export const createSecureContext = tlsCommon.createSecureContext;

export const createServer = tlsWrap.createServer;

export const DEFAULT_CIPHERS = tlsWrap.DEFAULT_CIPHERS;

export const TLSSocket = tlsWrap.TLSSocket;