LeenkxTeam/LNXSDK
3
3
Fork 4
Code Issues 16 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
03967c7a2b44808619762b6baeba21040fe91b70
LNXSDK/Kha/Backends/Node/js/node/Tls.hx

213 lines
6.8 KiB
Haxe
Raw Normal View History

Update Files
2025-01-22 16:18:30 +01:00
/*
* Copyright (C)2014-2020 Haxe Foundation
*
* Permission is hereby granted, free of charge, to any person obtaining a
* copy of this software and associated documentation files (the "Software"),
* to deal in the Software without restriction, including without limitation
* the rights to use, copy, modify, merge, publish, distribute, sublicense,
* and/or sell copies of the Software, and to permit persons to whom the
* Software is furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
* FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
* DEALINGS IN THE SOFTWARE.
*/
package js.node;
import haxe.extern.EitherType;
import js.node.Buffer;
import js.node.tls.SecureContext;
import js.node.tls.SecurePair;
import js.node.tls.Server;
import js.node.tls.TLSSocket;
#if haxe4
import js.lib.Error;
#else
import js.Error;
#end
typedef TlsOptionsBase = {
/**
If true the server will reject any connection which is not authorized with the list of supplied CAs.
This option only has an effect if `requestCert` is true.
Default: false.
**/
@:optional var rejectUnauthorized:Bool;
/**
possible NPN protocols. (Protocols should be ordered by their priority).
**/
@:optional var NPNProtocols:EitherType<Array<String>, Buffer>;
}
typedef TlsServerOptionsBase = {
> TlsOptionsBase,
/**
If true the server will request a certificate from clients that connect
and attempt to verify that certificate.
Default: false.
**/
@:optional var requestCert:Bool;
/**
A function that will be called if client supports SNI TLS extension.
Two argument will be passed to it: `servername`, and `cb`.
SNICallback should invoke `cb(null, ctx)`, where `ctx` is a SecureContext instance.
(You can use tls.createSecureContext(...) to get proper `SecureContext`).
If `SNICallback` wasn't provided - default callback with high-level API will be used.
**/
@:optional var SNICallback:#if (haxe_ver >= 4)(servername:String, cb:(Error->SecureContext)) -> Void #else String->(Error->SecureContext)->Void #end;
}
typedef TlsClientOptionsBase = {
> TlsOptionsBase,
/**
A Buffer instance, containing TLS session.
**/
@:optional var session:Buffer;
/**
If true - OCSP status request extension would be added to client hello,
and OCSPResponse event will be emitted on socket before establishing secure communication
**/
@:optional var requestOCSP:Bool;
}
/**
Base structure for options object used in tls methods.
**/
typedef TlsCreateServerOptions = {
> TlsServerOptionsBase,
> SecureContextOptions,
/**
Abort the connection if the SSL/TLS handshake does not finish in this many milliseconds.
The default is 120 seconds.
A 'clientError' is emitted on the `tls.Server` object whenever a handshake times out.
**/
@:optional var handshakeTimeout:Int;
/**
An integer specifying the seconds after which TLS session identifiers
and TLS session tickets created by the server are timed out.
See SSL_CTX_set_timeout for more details.
**/
@:optional var sessionTimeout:Int;
/**
A 48-byte `Buffer` instance consisting of 16-byte prefix, 16-byte hmac key, 16-byte AES key.
You could use it to accept tls session tickets on multiple instances of tls server.
NOTE: Automatically shared between cluster module workers.
**/
@:optional var ticketKeys:Buffer;
}
typedef TlsConnectOptions = {
> TlsClientOptionsBase,
> SecureContextOptions,
/**
Host the client should connect to.
Defaults to 'localhost'
**/
@:optional var host:String;
/**
Port the client should connect to
**/
@:optional var port:Int;
/**
Establish secure connection on a given socket rather than creating a new socket.
If this option is specified, `host` and `port` are ignored.
**/
@:optional var socket:js.node.net.Socket;
/**
Creates unix socket connection to path.
If this option is specified, host and port are ignored.
**/
@:optional var path:String;
/**
Servername for SNI (Server Name Indication) TLS extension.
**/
@:optional var servername:String;
/**
An override for checking server's hostname against the certificate.
Should return an error if verification fails. Return `js.Lib.undefined` if passing.
**/
@:optional var checkServerIdentity:String -> {}->Dynamic; // TODO: peer cerficicate structure
}
/**
The tls module uses OpenSSL to provide Transport Layer Security
and/or Secure Socket Layer: encrypted stream communication.
**/
@:jsRequire("tls")
extern class Tls {
/**
renegotiation limit, default is 3.
**/
static var CLIENT_RENEG_LIMIT:Int;
/**
renegotiation window in seconds, default is 10 minutes.
**/
static var CLIENT_RENEG_WINDOW:Int;
/**
Size of slab buffer used by all tls servers and clients. Default: 10 * 1024 * 1024.
Don't change the defaults unless you know what you are doing.
**/
static var SLAB_BUFFER_SIZE:Int;
/**
Returns an array with the names of the supported SSL ciphers.
**/
static function getCiphers():Array<String>;
/**
Creates a new `Server`.
The `connectionListener` argument is automatically set as a listener for the 'secureConnection' event.
**/
static function createServer(options:TlsCreateServerOptions, ?secureConnectionListener:TLSSocket->Void):Server;
/**
Creates a new client connection to the given `port` and `host` (old API) or `options.port` and `options.host`.
If `host` is omitted, it defaults to 'localhost'.
**/
@:overload(function(port:Int, ?callback:Void->Void):TLSSocket {})
@:overload(function(port:Int, options:TlsConnectOptions, ?callback:Void->Void):TLSSocket {})
@:overload(function(port:Int, host:String, ?callback:Void->Void):TLSSocket {})
@:overload(function(port:Int, host:String, options:TlsConnectOptions, ?callback:Void->Void):TLSSocket {})
static function connect(options:TlsConnectOptions, ?callback:Void->Void):TLSSocket;
/**
Creates a credentials object.
**/
static function createSecureContext(?details:SecureContextOptions):SecureContext;
/**
Creates a new secure pair object with two streams, one of which reads/writes encrypted data,
and one reads/writes cleartext data.
Generally the encrypted one is piped to/from an incoming encrypted data stream,
and the cleartext one is used as a replacement for the initial encrypted stream.
**/
static function createSecurePair(?context:SecureContext, ?isServer:Bool, ?requestCert:Bool, ?rejectUnauthorized:Bool):SecurePair;
}
Reference in New Issue Copy Permalink