Onek8/LNXSDK
1
0
Fork 0
forked from LeenkxTeam/LNXSDK
Code Pull Requests Activity

Update Files

Browse Source
This commit is contained in:
Onek8
2025-01-22 16:18:30 +01:00
parent ed4603cf95
commit a36294b518
16718 changed files with 2960346 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

111
Kha/Backends/Node/js/node/tls/SecureContext.hx Normal file
View File

@ -0,0 +1,111 @@
/*
* Copyright (C)2014-2020 Haxe Foundation
*
* Permission is hereby granted, free of charge, to any person obtaining a
* copy of this software and associated documentation files (the "Software"),
* to deal in the Software without restriction, including without limitation
* the rights to use, copy, modify, merge, publish, distribute, sublicense,
* and/or sell copies of the Software, and to permit persons to whom the
* Software is furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
* FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
* DEALINGS IN THE SOFTWARE.
*/
package js.node.tls;
import haxe.extern.EitherType;
typedef SecureContextOptions = {
/**
private key, certificate and CA certs of the server in PFX or PKCS12 format.
**/
@:optional var pfx:EitherType<String, Buffer>;
/**
passphrase for the private key or pfx.
**/
@:optional var passphrase:String;
/**
private key of the server in PEM format.
**/
@:optional var key:EitherType<String, Buffer>;
/**
certificate key of the server in PEM format.
**/
@:optional var cert:EitherType<String, Buffer>;
/**
trusted certificates in PEM format.
If this is omitted several well known "root" CAs will be used, like VeriSign.
These are used to authorize connections.
**/
@:optional var ca:Array<EitherType<String, Buffer>>;
/**
PEM encoded CRLs (Certificate Revocation List)
**/
@:optional var crl:EitherType<String, Array<String>>;
/**
ciphers to use or exclude.
To mitigate BEAST attacks it is recommended that you use this option in conjunction with the `honorCipherOrder`
option described below to prioritize the non-CBC cipher.
Defaults to AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH.
Consult the OpenSSL cipher list format documentation for details on the format.
ECDH (Elliptic Curve Diffie-Hellman) ciphers are not yet supported.
**/
@:optional var ciphers:String;
/**
named curve to use for ECDH key agreement or false to disable ECDH.
Defaults to prime256v1 (NIST P-256). Use `Crypto.getCurves` to obtain a list of available curve names.
On recent releases, openssl ecparam -list_curves will also display the name and description
of each available elliptic curve.
**/
@:optional var ecdhCurve:String;
/**
Diffie Hellman parameters, required for Perfect Forward Secrecy.
Use openssl dhparam to create it. Its key length should be greater than or equal to 1024 bits,
otherwise it throws an error. It is strongly recommended to use 2048 bits or more for stronger security.
If omitted or invalid, it is silently discarded and DHE ciphers won't be available.
**/
@:optional var dhparam:EitherType<String, Buffer>;
/**
The SSL method to use, e.g. SSLv3_method to force SSL version 3.
The possible values depend on your installation of OpenSSL and are defined in the constant SSL_METHODS.
**/
@:optional var secureProtocol:String;
/**
opaque identifier for session resumption.
If `requestCert` is true, the default is MD5 hash value generated from command-line.
Otherwise, the default is not provided.
**/
@:optional var sessionIdContext:String;
/**
When choosing a cipher, use the server's preferences instead of the client preferences.
Default: true.
**/
@:optional var honorCipherOrder:Bool;
}
extern class SecureContext {}

47
Kha/Backends/Node/js/node/tls/SecurePair.hx Normal file
View File

@ -0,0 +1,47 @@
/*
* Copyright (C)2014-2020 Haxe Foundation
*
* Permission is hereby granted, free of charge, to any person obtaining a
* copy of this software and associated documentation files (the "Software"),
* to deal in the Software without restriction, including without limitation
* the rights to use, copy, modify, merge, publish, distribute, sublicense,
* and/or sell copies of the Software, and to permit persons to whom the
* Software is furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
* FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
* DEALINGS IN THE SOFTWARE.
*/
package js.node.tls;
import js.node.events.EventEmitter;
/**
Events emitted by `SecurePair`.
**/
@:enum abstract SecurePairEvent<T:haxe.Constraints.Function>(Event<T>) to Event<T> {
/**
The event is emitted from the `SecurePair` once the pair has successfully established a secure connection.
Similarly to the checking for the server 'secureConnection' event,
`SecurePair.cleartext.authorized` should be checked to confirm whether
the certificate used properly authorized.
**/
var Secure:SecurePairEvent<Void->Void> = "secure";
}
/**
Returned by `Tls.createSecurePair`.
**/
extern class SecurePair extends EventEmitter<SecurePair> {
var cleartext(default, null):TLSSocket;
var encrypted(default, null):js.node.stream.Duplex.IDuplex;
}

124
Kha/Backends/Node/js/node/tls/Server.hx Normal file
View File

@ -0,0 +1,124 @@
/*
* Copyright (C)2014-2020 Haxe Foundation
*
* Permission is hereby granted, free of charge, to any person obtaining a
* copy of this software and associated documentation files (the "Software"),
* to deal in the Software without restriction, including without limitation
* the rights to use, copy, modify, merge, publish, distribute, sublicense,
* and/or sell copies of the Software, and to permit persons to whom the
* Software is furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
* FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
* DEALINGS IN THE SOFTWARE.
*/
package js.node.tls;
import js.node.Buffer;
import js.node.events.EventEmitter.Event;
import js.node.tls.SecureContext.SecureContextOptions;
import js.node.tls.TLSSocket;
#if haxe4
import js.lib.Error;
#else
import js.Error;
#end
/**
Enumeration of events emitted by `Server` in addition to its parent classes.
**/
@:enum abstract ServerEvent<T:haxe.Constraints.Function>(Event<T>) to Event<T> {
/**
This event is emitted after a new connection has been successfully handshaked.
**/
var SecureConnection:ServerEvent<TLSSocket->Void> = "secureConnection";
/**
When a client connection emits an 'error' event before secure connection is established -
it will be forwarded here.
Listener arguments:
exception - error object
securePair - the `TLSSocket` that the error originated from
**/
var ClientError:ServerEvent<Error->TLSSocket->Void> = "clientError";
/**
Emitted on creation of TLS session.
May be used to store sessions in external storage.
`callback` must be invoked eventually, otherwise no data will be sent or received from secure connection.
Listener arguments:
sessionId
sessionData
callback
**/
var NewSession:ServerEvent<Buffer->Buffer->(Void->Void)->Void> = "newSession";
/**
Emitted when client wants to resume previous TLS session.
Event listener may perform lookup in external storage using given sessionId,
and invoke callback(null, sessionData) once finished.
If session can't be resumed (i.e. doesn't exist in storage) one may call callback(null, null).
Calling callback(err) will terminate incoming connection and destroy socket.
Listener arguments:
sessionId
callback
**/
var ResumeSession:ServerEvent<Buffer->(Error->?Buffer->Void)->Void> = "resumeSession";
/**
Emitted when the client sends a certificate status request.
You could parse server's current certificate to obtain OCSP url and certificate id,
and after obtaining OCSP response invoke `callback(null, resp)`, where `resp` is a `Buffer` instance.
Both certificate and issuer are a Buffer DER-representations of the primary and issuer's certificates.
They could be used to obtain OCSP certificate id and OCSP endpoint url.
Alternatively, `callback(null, null)` could be called, meaning that there is no OCSP response.
Calling `callback(err)` will result in a `socket.destroy(err)` call.
**/
var OCSPRequest:ServerEvent<Buffer->Buffer->(Error->?Buffer->Void)->Void> = "OCSPRequest";
}
/**
This class is a subclass of `net.Server` and has the same methods on it.
Instead of accepting just raw TCP connections, this accepts encrypted connections using TLS or SSL.
**/
@:jsRequire("tls", "Server")
extern class Server extends js.node.net.Server {
/**
Returns `Buffer` instance holding the keys currently used for encryption/decryption of the TLS Session Tickets.
**/
function getTicketKeys():Buffer;
/**
Updates the keys for encryption/decryption of the TLS Session Tickets.
NOTE: the buffer should be 48 bytes long. See server `ticketKeys` option for
more information on how it is going to be used.
NOTE: the change is effective only for the future server connections. Existing or currently pending
server connections will use previous keys.
**/
function setTicketKeys(keys:Buffer):Void;
/**
Add secure context that will be used if client request's SNI hostname
is matching passed hostname (wildcards can be used).
**/
function addContext(hostname:String, credentials:SecureContextOptions):Void;
}

174
Kha/Backends/Node/js/node/tls/TLSSocket.hx Normal file
View File

@ -0,0 +1,174 @@
/*
* Copyright (C)2014-2020 Haxe Foundation
*
* Permission is hereby granted, free of charge, to any person obtaining a
* copy of this software and associated documentation files (the "Software"),
* to deal in the Software without restriction, including without limitation
* the rights to use, copy, modify, merge, publish, distribute, sublicense,
* and/or sell copies of the Software, and to permit persons to whom the
* Software is furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
* FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
* DEALINGS IN THE SOFTWARE.
*/
package js.node.tls;
import haxe.Constraints.Function;
import js.node.Buffer;
import js.node.Tls.TlsClientOptionsBase;
import js.node.Tls.TlsServerOptionsBase;
import js.node.events.EventEmitter.Event;
#if haxe4
import js.lib.Error;
#else
import js.Error;
#end
/**
Enumeration of events emitted by `TLSSocket` objects in addition to its parent class events.
**/
@:enum abstract TLSSocketEvent<T:Function>(Event<T>) to Event<T> {
/**
This event is emitted after a new connection has been successfully handshaked.
The listener will be called no matter if the server's certificate was authorized or not.
It is up to the user to test `TLSSocket.authorized` to see if the server certificate
was signed by one of the specified CAs. If `TLSSocket.authorized` is false then the error
can be found in `TLSSocket.authorizationError`. Also if NPN was used - you can
check `TLSSocket.npnProtocol` for negotiated protocol.
**/
var SecureConnect:TLSSocketEvent<Void->Void> = "secureConnect";
/**
This event will be emitted if `requestOCSP` option was set.
`response` is a `Buffer` object, containing server's OCSP response.
Traditionally, the response is a signed object from the server's CA
that contains information about server's certificate revocation status.
**/
var OCSPResponse:TLSSocketEvent<Buffer->Void> = "OCSPResponse";
}
typedef TLSSocketOptions = {
> TlsServerOptionsBase,
> TlsClientOptionsBase,
/**
An optional TLS context object from `Tls.createSecureContext`
**/
@:optional var secureContext:SecureContext;
/**
If true - TLS socket will be instantiated in server-mode
**/
@:optional var isServer:Bool;
@:optional var server:js.node.net.Server;
}
/**
This is a wrapped version of `net.Socket` that does transparent encryption
of written data and all required TLS negotiation.
Its `encrypted` field is always true.
**/
@:jsRequire("tls", "TLSSocket")
extern class TLSSocket extends js.node.net.Socket {
/**
Construct a new TLSSocket object from existing TCP socket.
**/
function new(socket:js.node.net.Socket, options:TLSSocketOptions);
/**
true if the peer certificate was signed by one of the specified CAs, otherwise false
**/
var authorized(default, null):Bool;
/**
The reason why the peer's certificate has not been verified.
This property becomes available only when `authorized` is false.
**/
var authorizationError(default, null):Null<String>;
/**
Negotiated protocol name.
**/
var npnProtocol(default, null):String;
/**
Returns an object representing the peer's certificate.
The returned object has some properties corresponding to the field of the certificate.
If `detailed` argument is true - the full chain with issuer property will be returned,
if false - only the top certificate without issuer property.
**/
function getPeerCertificate(?detailed:Bool):Dynamic; // TODO: is there a well defined structure for this?
/**
Returns an object representing the cipher name and the SSL/TLS protocol version of the current connection.
Example: { name: 'AES256-SHA', version: 'TLSv1/SSLv3' }
See SSL_CIPHER_get_name() and SSL_CIPHER_get_version() in http://www.openssl.org/docs/ssl/ssl.html#DEALING_WITH_CIPHERS for more information.
**/
function getCipher():{name:String, version:String};
/**
Initiate TLS renegotiation process.
The `options` may contain the following fields: rejectUnauthorized, requestCert (See `Tls.createServer` for details).
`callback(err)` will be executed with null as err, once the renegotiation is successfully completed.
NOTE: Can be used to request peer's certificate after the secure connection has been established.
ANOTHER NOTE: When running as the server, socket will be destroyed with an error after handshakeTimeout timeout.
**/
function renegotiate(options:{?rejectUnauthorized:Bool, ?requestCert:Bool}, ?callback:Error->Void):Bool;
/**
Set maximum TLS fragment size (default and maximum value is: 16384, minimum is: 512).
Returns true on success, false otherwise.
Smaller fragment size decreases buffering latency on the client: large fragments are buffered by the TLS layer
until the entire fragment is received and its integrity is verified; large fragments can span multiple roundtrips,
and their processing can be delayed due to packet loss or reordering. However, smaller fragments add
extra TLS framing bytes and CPU overhead, which may decrease overall server throughput.
**/
function setMaxSendFragment(size:Int):Bool;
/**
Returns a string containing the negotiated SSL/TLS protocol version of the current connection.
'unknown' will be returned for connected sockets that have not completed the handshaking process.
`null` will be returned for server sockets or disconnected client sockets.
**/
function getProtocol():String;
/**
Return ASN.1 encoded TLS session or null if none was negotiated.
Could be used to speed up handshake establishment when reconnecting to the server.
**/
function getSession():Null<Buffer>;
/**
NOTE: Works only with client TLS sockets.
Useful only for debugging, for session reuse provide session option to tls.connect.
Return TLS session ticket or null if none was negotiated.
**/
function getTLSTicket():Null<Buffer>;
}