Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

tls: refactor legacy #39333

Closed
wants to merge 5 commits into from
Closed
Show file tree
Hide file tree
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 4 additions & 1 deletion lib/_tls_common.js
Original file line number Diff line number Diff line change
Expand Up @@ -52,8 +52,11 @@ const {

const {
configSecureContext,
} = require('internal/tls/secure-context');

const {
parseCertString,
} = require('internal/tls');
} = require('internal/tls/legacy');

function toV(which, v, def) {
if (v == null) v = def;
Expand Down
51 changes: 0 additions & 51 deletions lib/internal/streams/duplexpair.js

This file was deleted.

123 changes: 123 additions & 0 deletions lib/internal/tls/legacy.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,123 @@
'use strict';

const EventEmitter = require('events');
const { Duplex } = require('stream');
const internalUtil = require('internal/util');

const {
ArrayIsArray,
ArrayPrototypeForEach,
ArrayPrototypePush,
StringPrototypeIndexOf,
StringPrototypeSlice,
StringPrototypeSplit,
ObjectCreate,
Symbol,
ReflectConstruct,
} = primordials;

const kCallback = Symbol('Callback');
const kOtherSide = Symbol('Other');

class DuplexSocket extends Duplex {
constructor() {
super();
this[kCallback] = null;
this[kOtherSide] = null;
}

_read() {
const callback = this[kCallback];
if (callback) {
this[kCallback] = null;
callback();
}
}

_write(chunk, encoding, callback) {
if (chunk.length === 0) {
process.nextTick(callback);
} else {
this[kOtherSide].push(chunk);
this[kOtherSide][kCallback] = callback;
}
}

_final(callback) {
this[kOtherSide].on('end', callback);
this[kOtherSide].push(null);
}
}

class DuplexPair {
constructor() {
this.socket1 = new DuplexSocket();
this.socket2 = new DuplexSocket();
this.socket1[kOtherSide] = this.socket2;
this.socket2[kOtherSide] = this.socket1;
}
}

class SecurePair extends EventEmitter {
constructor(secureContext = exports.createSecureContext(),
isServer = false,
requestCert = !isServer,
rejectUnauthorized = false,
options = {}) {
super();
const { socket1, socket2 } = new DuplexPair();

this.server = options.server;
this.credentials = secureContext;

this.encrypted = socket1;
this.cleartext = new exports.TLSSocket(socket2, {
secureContext,
isServer,
requestCert,
rejectUnauthorized,
...options
});
this.cleartext.once('secure', () => this.emit('secure'));
}

destroy() {
this.cleartext.destroy();
this.encrypted.destroy();
}
}

// Example:
// C=US\nST=CA\nL=SF\nO=Joyent\nOU=Node.js\nCN=ca1\[email protected]
function parseCertString(s) {
const out = ObjectCreate(null);
ArrayPrototypeForEach(StringPrototypeSplit(s, '\n'), (part) => {
const sepIndex = StringPrototypeIndexOf(part, '=');
if (sepIndex > 0) {
const key = StringPrototypeSlice(part, 0, sepIndex);
const value = StringPrototypeSlice(part, sepIndex + 1);
if (key in out) {
if (!ArrayIsArray(out[key])) {
out[key] = [out[key]];
}
ArrayPrototypePush(out[key], value);
} else {
out[key] = value;
}
}
});
return out;
}

exports.parseCertString = internalUtil.deprecate(
parseCertString,
'tls.parseCertString() is deprecated. ' +
'Please use querystring.parse() instead.',
'DEP0076');

exports.createSecurePair = internalUtil.deprecate(
function createSecurePair(...args) {
return ReflectConstruct(SecurePair, args);
},
'tls.createSecurePair() is deprecated. Please use ' +
'tls.TLSSocket instead.', 'DEP0064');
27 changes: 0 additions & 27 deletions lib/internal/tls.js → lib/internal/tls/secure-context.js
Original file line number Diff line number Diff line change
Expand Up @@ -5,12 +5,8 @@ const {
ArrayPrototypeFilter,
ArrayPrototypeForEach,
ArrayPrototypeJoin,
ArrayPrototypePush,
StringPrototypeIndexOf,
StringPrototypeSlice,
StringPrototypeSplit,
StringPrototypeStartsWith,
ObjectCreate,
} = primordials;

const {
Expand Down Expand Up @@ -42,28 +38,6 @@ const {
},
} = internalBinding('constants');

// Example:
// C=US\nST=CA\nL=SF\nO=Joyent\nOU=Node.js\nCN=ca1\[email protected]
function parseCertString(s) {
const out = ObjectCreate(null);
ArrayPrototypeForEach(StringPrototypeSplit(s, '\n'), (part) => {
const sepIndex = StringPrototypeIndexOf(part, '=');
if (sepIndex > 0) {
const key = StringPrototypeSlice(part, 0, sepIndex);
const value = StringPrototypeSlice(part, sepIndex + 1);
if (key in out) {
if (!ArrayIsArray(out[key])) {
out[key] = [out[key]];
}
ArrayPrototypePush(out[key], value);
} else {
out[key] = value;
}
}
});
return out;
}

function getDefaultEcdhCurve() {
// We do it this way because DEFAULT_ECDH_CURVE can be
// changed by users, so we need to grab the current
Expand Down Expand Up @@ -340,5 +314,4 @@ function configSecureContext(context, options = {}, name = 'options') {

module.exports = {
configSecureContext,
parseCertString,
};
51 changes: 3 additions & 48 deletions lib/tls.js
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,6 @@ const {
ArrayPrototypeSome,
ObjectDefineProperty,
ObjectFreeze,
ReflectConstruct,
RegExpPrototypeTest,
StringFromCharCode,
StringPrototypeCharCodeAt,
Expand All @@ -50,19 +49,17 @@ const {
} = require('internal/errors').codes;
const internalUtil = require('internal/util');
internalUtil.assertCrypto();
const internalTLS = require('internal/tls');
const { isArrayBufferView } = require('internal/util/types');

const net = require('net');
const { getOptionValue } = require('internal/options');
const { getRootCertificates, getSSLCiphers } = internalBinding('crypto');
const { Buffer } = require('buffer');
const EventEmitter = require('events');
const { URL } = require('internal/url');
const DuplexPair = require('internal/streams/duplexpair');
const { canonicalizeIP } = internalBinding('cares_wrap');
const _tls_common = require('_tls_common');
const _tls_wrap = require('_tls_wrap');
const { parseCertString, createSecurePair } = require('internal/tls/legacy');

// Allow {CLIENT_RENEG_LIMIT} client-initiated session renegotiations
// every {CLIENT_RENEG_WINDOW} seconds. An error event is emitted if more
Expand Down Expand Up @@ -300,53 +297,11 @@ exports.checkServerIdentity = function checkServerIdentity(hostname, cert) {
}
};


class SecurePair extends EventEmitter {
constructor(secureContext = exports.createSecureContext(),
isServer = false,
requestCert = !isServer,
rejectUnauthorized = false,
options = {}) {
super();
const { socket1, socket2 } = new DuplexPair();

this.server = options.server;
this.credentials = secureContext;

this.encrypted = socket1;
this.cleartext = new exports.TLSSocket(socket2, {
secureContext,
isServer,
requestCert,
rejectUnauthorized,
...options
});
this.cleartext.once('secure', () => this.emit('secure'));
}

destroy() {
this.cleartext.destroy();
this.encrypted.destroy();
}
}


exports.parseCertString = internalUtil.deprecate(
internalTLS.parseCertString,
'tls.parseCertString() is deprecated. ' +
'Please use querystring.parse() instead.',
'DEP0076');

exports.createSecureContext = _tls_common.createSecureContext;
exports.SecureContext = _tls_common.SecureContext;
exports.TLSSocket = _tls_wrap.TLSSocket;
exports.Server = _tls_wrap.Server;
exports.createServer = _tls_wrap.createServer;
exports.connect = _tls_wrap.connect;

exports.createSecurePair = internalUtil.deprecate(
function createSecurePair(...args) {
return ReflectConstruct(SecurePair, args);
},
'tls.createSecurePair() is deprecated. Please use ' +
'tls.TLSSocket instead.', 'DEP0064');
exports.parseCertString = parseCertString;
exports.createSecurePair = createSecurePair;
3 changes: 2 additions & 1 deletion src/node_native_module.cc
Original file line number Diff line number Diff line change
Expand Up @@ -99,7 +99,8 @@ void NativeModuleLoader::InitializeModuleCategories() {
"tls",
"_tls_common",
"_tls_wrap",
"internal/tls",
"internal/tls/index",
"internal/tls/secure-context",
"internal/http2/core",
"internal/http2/compat",
"internal/policy/manifest",
Expand Down
2 changes: 1 addition & 1 deletion test/parallel/test-tls-parse-cert-string.js
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ const {
} = require('../common/hijackstdio');
const assert = require('assert');
// Flags: --expose-internals
const internalTLS = require('internal/tls');
const internalTLS = require('internal/tls/legacy');
const tls = require('tls');

const noOutput = common.mustNotCall();
Expand Down