1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
|
// Copyright 2018-2024 the Deno authors. All rights reserved. MIT license.
// Copyright Joyent and Node contributors. All rights reserved. MIT license.
// TODO(petamoriken): enable prefer-primordials for node polyfills
// deno-lint-ignore-file prefer-primordials
import { notImplemented } from "ext:deno_node/_utils.ts";
import tlsCommon from "node:_tls_common";
import tlsWrap from "node:_tls_wrap";
import { op_get_root_certificates } from "ext:core/ops";
import { primordials } from "ext:core/mod.js";
const { ObjectFreeze } = primordials;
// openssl -> rustls
const cipherMap = {
"__proto__": null,
"AES128-GCM-SHA256": "TLS13_AES_128_GCM_SHA256",
"AES256-GCM-SHA384": "TLS13_AES_256_GCM_SHA384",
"ECDHE-ECDSA-AES128-GCM-SHA256": "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
"ECDHE-ECDSA-AES256-GCM-SHA384": "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
"ECDHE-ECDSA-CHACHA20-POLY1305":
"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256",
"ECDHE-RSA-AES128-GCM-SHA256": "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
"ECDHE-RSA-AES256-GCM-SHA384": "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
"ECDHE-RSA-CHACHA20-POLY1305": "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
"TLS_AES_128_GCM_SHA256": "TLS13_AES_128_GCM_SHA256",
"TLS_AES_256_GCM_SHA384": "TLS13_AES_256_GCM_SHA384",
"TLS_CHACHA20_POLY1305_SHA256": "TLS13_CHACHA20_POLY1305_SHA256",
};
export function getCiphers() {
// TODO(bnoordhuis) Use locale-insensitive toLowerCase()
return Object.keys(cipherMap).map((name) => name.toLowerCase());
}
let lazyRootCertificates: string[] | null = null;
function ensureLazyRootCertificates(target: string[]) {
if (lazyRootCertificates === null) {
lazyRootCertificates = op_get_root_certificates() as string[];
lazyRootCertificates.forEach((v) => target.push(v));
ObjectFreeze(target);
}
}
export const rootCertificates = new Proxy([] as string[], {
// @ts-ignore __proto__ is not in the types
__proto__: null,
get(target, prop) {
ensureLazyRootCertificates(target);
return Reflect.get(target, prop);
},
ownKeys(target) {
ensureLazyRootCertificates(target);
return Reflect.ownKeys(target);
},
has(target, prop) {
ensureLazyRootCertificates(target);
return Reflect.has(target, prop);
},
getOwnPropertyDescriptor(target, prop) {
ensureLazyRootCertificates(target);
return Reflect.getOwnPropertyDescriptor(target, prop);
},
set(target, prop, value) {
ensureLazyRootCertificates(target);
return Reflect.set(target, prop, value);
},
defineProperty(target, prop, descriptor) {
ensureLazyRootCertificates(target);
return Reflect.defineProperty(target, prop, descriptor);
},
deleteProperty(target, prop) {
ensureLazyRootCertificates(target);
return Reflect.deleteProperty(target, prop);
},
isExtensible(target) {
ensureLazyRootCertificates(target);
return Reflect.isExtensible(target);
},
preventExtensions(target) {
ensureLazyRootCertificates(target);
return Reflect.preventExtensions(target);
},
setPrototypeOf() {
return false;
},
});
export const DEFAULT_ECDH_CURVE = "auto";
export const DEFAULT_MAX_VERSION = "TLSv1.3";
export const DEFAULT_MIN_VERSION = "TLSv1.2";
export const CLIENT_RENEG_LIMIT = 3;
export const CLIENT_RENEG_WINDOW = 600;
export class CryptoStream {}
export class SecurePair {}
export const Server = tlsWrap.Server;
export function createSecurePair() {
notImplemented("tls.createSecurePair");
}
export default {
CryptoStream,
SecurePair,
Server,
TLSSocket: tlsWrap.TLSSocket,
checkServerIdentity: tlsWrap.checkServerIdentity,
connect: tlsWrap.connect,
createSecureContext: tlsCommon.createSecureContext,
createSecurePair,
createServer: tlsWrap.createServer,
getCiphers,
rootCertificates,
DEFAULT_CIPHERS: tlsWrap.DEFAULT_CIPHERS,
DEFAULT_ECDH_CURVE,
DEFAULT_MAX_VERSION,
DEFAULT_MIN_VERSION,
CLIENT_RENEG_LIMIT,
CLIENT_RENEG_WINDOW,
};
export const checkServerIdentity = tlsWrap.checkServerIdentity;
export const connect = tlsWrap.connect;
export const createSecureContext = tlsCommon.createSecureContext;
export const createServer = tlsWrap.createServer;
export const DEFAULT_CIPHERS = tlsWrap.DEFAULT_CIPHERS;
export const TLSSocket = tlsWrap.TLSSocket;
|
