@push.rocks/smartproxy/dist_ts/protocols/tls/utils/tls-utils.d.ts

A powerful proxy package with unified route-based configuration for high traffic management. Features include SSL/TLS support, flexible routing patterns, WebSocket handling, advanced security options, and automatic ACME certificate management.

/**
 * TLS record types as defined in various RFCs
 */
export declare enum TlsRecordType {
    CHANGE_CIPHER_SPEC = 20,
    ALERT = 21,
    HANDSHAKE = 22,
    APPLICATION_DATA = 23,
    HEARTBEAT = 24
}
/**
 * TLS handshake message types
 */
export declare enum TlsHandshakeType {
    HELLO_REQUEST = 0,
    CLIENT_HELLO = 1,
    SERVER_HELLO = 2,
    NEW_SESSION_TICKET = 4,
    ENCRYPTED_EXTENSIONS = 8,// TLS 1.3
    CERTIFICATE = 11,
    SERVER_KEY_EXCHANGE = 12,
    CERTIFICATE_REQUEST = 13,
    SERVER_HELLO_DONE = 14,
    CERTIFICATE_VERIFY = 15,
    CLIENT_KEY_EXCHANGE = 16,
    FINISHED = 20
}
/**
 * TLS extension types
 */
export declare enum TlsExtensionType {
    SERVER_NAME = 0,// SNI
    MAX_FRAGMENT_LENGTH = 1,
    CLIENT_CERTIFICATE_URL = 2,
    TRUSTED_CA_KEYS = 3,
    TRUNCATED_HMAC = 4,
    STATUS_REQUEST = 5,// OCSP
    SUPPORTED_GROUPS = 10,// Previously named "elliptic_curves"
    EC_POINT_FORMATS = 11,
    SIGNATURE_ALGORITHMS = 13,
    APPLICATION_LAYER_PROTOCOL_NEGOTIATION = 16,// ALPN
    SIGNED_CERTIFICATE_TIMESTAMP = 18,// Certificate Transparency
    PADDING = 21,
    SESSION_TICKET = 35,
    PRE_SHARED_KEY = 41,// TLS 1.3
    EARLY_DATA = 42,// TLS 1.3 0-RTT
    SUPPORTED_VERSIONS = 43,// TLS 1.3
    COOKIE = 44,// TLS 1.3
    PSK_KEY_EXCHANGE_MODES = 45,// TLS 1.3
    CERTIFICATE_AUTHORITIES = 47,// TLS 1.3
    POST_HANDSHAKE_AUTH = 49,// TLS 1.3
    SIGNATURE_ALGORITHMS_CERT = 50,// TLS 1.3
    KEY_SHARE = 51
}
/**
 * TLS alert levels
 */
export declare enum TlsAlertLevel {
    WARNING = 1,
    FATAL = 2
}
/**
 * TLS alert description codes
 */
export declare enum TlsAlertDescription {
    CLOSE_NOTIFY = 0,
    UNEXPECTED_MESSAGE = 10,
    BAD_RECORD_MAC = 20,
    DECRYPTION_FAILED = 21,// TLS 1.0 only
    RECORD_OVERFLOW = 22,
    DECOMPRESSION_FAILURE = 30,// TLS 1.2 and below
    HANDSHAKE_FAILURE = 40,
    NO_CERTIFICATE = 41,// SSLv3 only
    BAD_CERTIFICATE = 42,
    UNSUPPORTED_CERTIFICATE = 43,
    CERTIFICATE_REVOKED = 44,
    CERTIFICATE_EXPIRED = 45,
    CERTIFICATE_UNKNOWN = 46,
    ILLEGAL_PARAMETER = 47,
    UNKNOWN_CA = 48,
    ACCESS_DENIED = 49,
    DECODE_ERROR = 50,
    DECRYPT_ERROR = 51,
    EXPORT_RESTRICTION = 60,// TLS 1.0 only
    PROTOCOL_VERSION = 70,
    INSUFFICIENT_SECURITY = 71,
    INTERNAL_ERROR = 80,
    INAPPROPRIATE_FALLBACK = 86,
    USER_CANCELED = 90,
    NO_RENEGOTIATION = 100,// TLS 1.2 and below
    MISSING_EXTENSION = 109,// TLS 1.3
    UNSUPPORTED_EXTENSION = 110,// TLS 1.3
    CERTIFICATE_REQUIRED = 111,// TLS 1.3
    UNRECOGNIZED_NAME = 112,
    BAD_CERTIFICATE_STATUS_RESPONSE = 113,
    BAD_CERTIFICATE_HASH_VALUE = 114,// TLS 1.2 and below
    UNKNOWN_PSK_IDENTITY = 115,
    CERTIFICATE_REQUIRED_1_3 = 116,// TLS 1.3
    NO_APPLICATION_PROTOCOL = 120
}
/**
 * TLS version codes (major.minor)
 */
export declare const TlsVersion: {
    SSL3: number[];
    TLS1_0: number[];
    TLS1_1: number[];
    TLS1_2: number[];
    TLS1_3: number[];
};
/**
 * Utility functions for TLS protocol operations
 */
export declare class TlsUtils {
    /**
     * Checks if a buffer contains a TLS handshake record
     * @param buffer The buffer to check
     * @returns true if the buffer starts with a TLS handshake record
     */
    static isTlsHandshake(buffer: Buffer): boolean;
    /**
     * Checks if a buffer contains TLS application data
     * @param buffer The buffer to check
     * @returns true if the buffer starts with a TLS application data record
     */
    static isTlsApplicationData(buffer: Buffer): boolean;
    /**
     * Checks if a buffer contains a TLS alert record
     * @param buffer The buffer to check
     * @returns true if the buffer starts with a TLS alert record
     */
    static isTlsAlert(buffer: Buffer): boolean;
    /**
     * Checks if a buffer contains a TLS ClientHello message
     * @param buffer The buffer to check
     * @returns true if the buffer appears to be a ClientHello message
     */
    static isClientHello(buffer: Buffer): boolean;
    /**
     * Gets the record length from a TLS record header
     * @param buffer Buffer containing a TLS record
     * @returns The record length if the buffer is valid, -1 otherwise
     */
    static getTlsRecordLength(buffer: Buffer): number;
    /**
     * Creates a connection ID based on source/destination information
     * Used to track fragmented ClientHello messages across multiple packets
     *
     * @param connectionInfo Object containing connection identifiers
     * @returns A string ID for the connection
     */
    static createConnectionId(connectionInfo: {
        sourceIp?: string;
        sourcePort?: number;
        destIp?: string;
        destPort?: number;
    }): string;
}