@voice-ping/cognitive-services-speech
Version:
VoicePing Cognitive Services Speech SDK for JavaScript forked from Microsoft
416 lines (414 loc) • 21.5 kB
JavaScript
"use strict";
// Copyright (c) Microsoft Corporation. All rights reserved.
// Licensed under the MIT license.
var __assign = (this && this.__assign) || function () {
__assign = Object.assign || function(t) {
for (var s, i = 1, n = arguments.length; i < n; i++) {
s = arguments[i];
for (var p in s) if (Object.prototype.hasOwnProperty.call(s, p))
t[p] = s[p];
}
return t;
};
return __assign.apply(this, arguments);
};
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
return new (P || (P = Promise))(function (resolve, reject) {
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
step((generator = generator.apply(thisArg, _arguments || [])).next());
});
};
var __generator = (this && this.__generator) || function (thisArg, body) {
var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g;
return g = { next: verb(0), "throw": verb(1), "return": verb(2) }, typeof Symbol === "function" && (g[Symbol.iterator] = function() { return this; }), g;
function verb(n) { return function (v) { return step([n, v]); }; }
function step(op) {
if (f) throw new TypeError("Generator is already executing.");
while (_) try {
if (f = 1, y && (t = op[0] & 2 ? y["return"] : op[0] ? y["throw"] || ((t = y["return"]) && t.call(y), 0) : y.next) && !(t = t.call(y, op[1])).done) return t;
if (y = 0, t) op = [op[0] & 2, t.value];
switch (op[0]) {
case 0: case 1: t = op; break;
case 4: _.label++; return { value: op[1], done: false };
case 5: _.label++; y = op[1]; op = [0]; continue;
case 7: op = _.ops.pop(); _.trys.pop(); continue;
default:
if (!(t = _.trys, t = t.length > 0 && t[t.length - 1]) && (op[0] === 6 || op[0] === 2)) { _ = 0; continue; }
if (op[0] === 3 && (!t || (op[1] > t[0] && op[1] < t[3]))) { _.label = op[1]; break; }
if (op[0] === 6 && _.label < t[1]) { _.label = t[1]; t = op; break; }
if (t && _.label < t[2]) { _.label = t[2]; _.ops.push(op); break; }
if (t[2]) _.ops.pop();
_.trys.pop(); continue;
}
op = body.call(thisArg, _);
} catch (e) { op = [6, e]; y = 0; } finally { f = t = 0; }
if (op[0] & 5) throw op[1]; return { value: op[0] ? op[1] : void 0, done: true };
}
};
var __importStar = (this && this.__importStar) || function (mod) {
if (mod && mod.__esModule) return mod;
var result = {};
if (mod != null) for (var k in mod) if (Object.hasOwnProperty.call(mod, k)) result[k] = mod[k];
result["default"] = mod;
return result;
};
var __importDefault = (this && this.__importDefault) || function (mod) {
return (mod && mod.__esModule) ? mod : { "default": mod };
};
Object.defineProperty(exports, "__esModule", { value: true });
var tls = __importStar(require("tls"));
var url = __importStar(require("url"));
var ocsp = __importStar(require("../../external/ocsp/ocsp"));
var Exports_1 = require("../common/Exports");
var agent_base_1 = __importDefault(require("agent-base"));
// @ts-ignore
var async_disk_cache_1 = __importDefault(require("async-disk-cache"));
var https_proxy_agent_1 = __importDefault(require("https-proxy-agent"));
var OCSPEvents_1 = require("../common/OCSPEvents");
var CertCheckAgent = /** @class */ (function () {
function CertCheckAgent(proxyInfo) {
if (!!proxyInfo) {
this.privProxyInfo = proxyInfo;
}
// Initialize this here to allow tests to set the env variable before the cache is constructed.
if (!CertCheckAgent.privDiskCache) {
CertCheckAgent.privDiskCache = new async_disk_cache_1.default("microsoft-cognitiveservices-speech-sdk-cache", { supportBuffer: true, location: (typeof process !== "undefined" && !!process.env.SPEECH_OCSP_CACHE_ROOT) ? process.env.SPEECH_OCSP_CACHE_ROOT : undefined });
}
}
// Test hook to force the disk cache to be recreated.
CertCheckAgent.forceReinitDiskCache = function () {
CertCheckAgent.privDiskCache = undefined;
CertCheckAgent.privMemCache = {};
};
CertCheckAgent.prototype.GetAgent = function (disableStapling) {
var agent = new agent_base_1.default.Agent(this.CreateConnection);
if (this.privProxyInfo !== undefined &&
this.privProxyInfo.HostName !== undefined &&
this.privProxyInfo.Port > 0) {
var proxyName = "privProxyInfo";
agent[proxyName] = this.privProxyInfo;
}
return agent;
};
CertCheckAgent.GetProxyAgent = function (proxyInfo) {
var httpProxyOptions = {
host: proxyInfo.HostName,
port: proxyInfo.Port,
};
if (!!proxyInfo.UserName) {
httpProxyOptions.headers = {
"Proxy-Authentication": "Basic " + new Buffer(proxyInfo.UserName + ":" + (proxyInfo.Password === undefined) ? "" : proxyInfo.Password).toString("base64"),
};
}
else {
httpProxyOptions.headers = {};
}
httpProxyOptions.headers.requestOCSP = "true";
var httpProxyAgent = new https_proxy_agent_1.default(httpProxyOptions);
return httpProxyAgent;
};
CertCheckAgent.OCSPCheck = function (socketPromise, proxyInfo) {
return __awaiter(this, void 0, void 0, function () {
var ocspRequest, stapling, resolved, socket, tlsSocket;
var _this = this;
return __generator(this, function (_a) {
switch (_a.label) {
case 0:
resolved = false;
return [4 /*yield*/, socketPromise];
case 1:
socket = _a.sent();
socket.cork();
tlsSocket = socket;
return [2 /*return*/, new Promise(function (resolve, reject) {
socket.on("OCSPResponse", function (data) {
if (!!data) {
_this.onEvent(new Exports_1.OCSPStapleReceivedEvent());
stapling = data;
}
});
socket.on("error", function (error) {
if (!resolved) {
resolved = true;
socket.destroy();
reject(error);
}
});
tlsSocket.on("secure", function () { return __awaiter(_this, void 0, void 0, function () {
var peer, issuer, sig, cacheEntry, e_1;
return __generator(this, function (_a) {
switch (_a.label) {
case 0:
peer = tlsSocket.getPeerCertificate(true);
_a.label = 1;
case 1:
_a.trys.push([1, 6, , 7]);
return [4 /*yield*/, this.GetIssuer(peer)];
case 2:
issuer = _a.sent();
// We always need a request to verify the response.
ocspRequest = ocsp.request.generate(peer.raw, issuer.raw);
sig = ocspRequest.id.toString("hex");
if (!!stapling) return [3 /*break*/, 4];
return [4 /*yield*/, CertCheckAgent.GetResponseFromCache(sig, ocspRequest, proxyInfo)];
case 3:
cacheEntry = _a.sent();
stapling = cacheEntry;
_a.label = 4;
case 4: return [4 /*yield*/, this.VerifyOCSPResponse(stapling, ocspRequest, proxyInfo)];
case 5:
_a.sent();
socket.uncork();
resolved = true;
resolve(socket);
return [3 /*break*/, 7];
case 6:
e_1 = _a.sent();
socket.destroy();
resolved = true;
reject(e_1);
return [3 /*break*/, 7];
case 7: return [2 /*return*/];
}
});
}); });
})];
}
});
});
};
CertCheckAgent.GetIssuer = function (peer) {
if (peer.issuerCertificate) {
return Promise.resolve(peer.issuerCertificate);
}
return new Promise(function (resolve, reject) {
var ocspAgent = new ocsp.Agent({});
ocspAgent.fetchIssuer(peer, null, function (error, value) {
if (!!error) {
reject(error);
return;
}
resolve(value);
});
});
};
CertCheckAgent.GetResponseFromCache = function (signature, ocspRequest, proxyInfo) {
return __awaiter(this, void 0, void 0, function () {
var cachedResponse, diskCacheResponse, error_1, cachedOcspResponse, tbsData, cachedStartTime, cachedNextTime, minUpdate;
var _this = this;
return __generator(this, function (_a) {
switch (_a.label) {
case 0:
cachedResponse = CertCheckAgent.privMemCache[signature];
if (!!cachedResponse) {
this.onEvent(new Exports_1.OCSPMemoryCacheHitEvent(signature));
}
if (!!cachedResponse) return [3 /*break*/, 4];
_a.label = 1;
case 1:
_a.trys.push([1, 3, , 4]);
return [4 /*yield*/, CertCheckAgent.privDiskCache.get(signature)];
case 2:
diskCacheResponse = _a.sent();
if (!!diskCacheResponse.isCached) {
CertCheckAgent.onEvent(new Exports_1.OCSPDiskCacheHitEvent(signature));
CertCheckAgent.StoreMemoryCacheEntry(signature, diskCacheResponse.value);
cachedResponse = diskCacheResponse.value;
}
return [3 /*break*/, 4];
case 3:
error_1 = _a.sent();
cachedResponse = null;
return [3 /*break*/, 4];
case 4:
if (!cachedResponse) {
return [2 /*return*/, cachedResponse];
}
try {
cachedOcspResponse = ocsp.utils.parseResponse(cachedResponse);
tbsData = cachedOcspResponse.value.tbsResponseData;
if (tbsData.responses.length < 1) {
this.onEvent(new Exports_1.OCSPCacheFetchErrorEvent(signature, "Not enough data in cached response"));
return [2 /*return*/];
}
cachedStartTime = tbsData.responses[0].thisUpdate;
cachedNextTime = tbsData.responses[0].nextUpdate;
if (cachedNextTime < (Date.now() + this.testTimeOffset - 60000)) {
// Cached entry has expired.
this.onEvent(new Exports_1.OCSPCacheEntryExpiredEvent(signature, cachedNextTime));
cachedResponse = null;
}
else {
minUpdate = Math.min(24 * 60 * 60 * 1000, (cachedNextTime - cachedStartTime) / 2);
if ((cachedNextTime - (Date.now() + this.testTimeOffset)) < minUpdate) {
this.onEvent(new Exports_1.OCSPCacheEntryNeedsRefreshEvent(signature, cachedStartTime, cachedNextTime));
this.UpdateCache(ocspRequest, proxyInfo).catch(function (error) {
// Well, not much we can do here.
_this.onEvent(new OCSPEvents_1.OCSPCacheUpdateErrorEvent(signature, error.toString()));
});
}
else {
this.onEvent(new Exports_1.OCSPCacheHitEvent(signature, cachedStartTime, cachedNextTime));
}
}
}
catch (error) {
this.onEvent(new Exports_1.OCSPCacheFetchErrorEvent(signature, error));
cachedResponse = null;
}
if (!cachedResponse) {
this.onEvent(new Exports_1.OCSPCacheMissEvent(signature));
}
return [2 /*return*/, cachedResponse];
}
});
});
};
CertCheckAgent.VerifyOCSPResponse = function (cacheValue, ocspRequest, proxyInfo) {
return __awaiter(this, void 0, void 0, function () {
var ocspResponse, sig;
var _this = this;
return __generator(this, function (_a) {
switch (_a.label) {
case 0:
ocspResponse = cacheValue;
sig = ocspRequest.certID.toString("hex");
if (!!ocspResponse) return [3 /*break*/, 2];
return [4 /*yield*/, CertCheckAgent.GetOCSPResponse(ocspRequest, proxyInfo)];
case 1:
ocspResponse = _a.sent();
_a.label = 2;
case 2: return [2 /*return*/, new Promise(function (resolve, reject) {
ocsp.verify({ request: ocspRequest, response: ocspResponse }, function (error, result) {
if (!!error) {
CertCheckAgent.onEvent(new Exports_1.OCSPVerificationFailedEvent(ocspRequest.id.toString("hex"), error));
// Bad Cached Value? One more try without the cache.
if (!!cacheValue) {
_this.VerifyOCSPResponse(null, ocspRequest, proxyInfo).then(function () {
resolve();
}, function (error) {
reject(error);
});
}
else {
reject(error);
}
}
else {
if (!cacheValue) {
CertCheckAgent.StoreCacheEntry(ocspRequest.id.toString("hex"), ocspResponse);
}
resolve();
}
});
})];
}
});
});
};
CertCheckAgent.UpdateCache = function (req, proxyInfo) {
return __awaiter(this, void 0, void 0, function () {
var signature, rawResponse;
return __generator(this, function (_a) {
switch (_a.label) {
case 0:
signature = req.id.toString("hex");
this.onEvent(new Exports_1.OCSPCacheUpdateNeededEvent(signature));
return [4 /*yield*/, this.GetOCSPResponse(req, proxyInfo)];
case 1:
rawResponse = _a.sent();
this.StoreCacheEntry(signature, rawResponse);
this.onEvent(new Exports_1.OCSPCacheUpdatehCompleteEvent(req.id.toString("hex")));
return [2 /*return*/];
}
});
});
};
CertCheckAgent.StoreCacheEntry = function (sig, rawResponse) {
this.StoreMemoryCacheEntry(sig, rawResponse);
this.StoreDiskCacheEntry(sig, rawResponse);
};
CertCheckAgent.StoreMemoryCacheEntry = function (sig, rawResponse) {
this.privMemCache[sig] = rawResponse;
this.onEvent(new Exports_1.OCSPMemoryCacheStoreEvent(sig));
};
CertCheckAgent.StoreDiskCacheEntry = function (sig, rawResponse) {
var _this = this;
this.privDiskCache.set(sig, rawResponse).then(function () {
_this.onEvent(new Exports_1.OCSPDiskCacheStoreEvent(sig));
});
};
CertCheckAgent.GetOCSPResponse = function (req, proxyInfo) {
var _this = this;
var ocspMethod = "1.3.6.1.5.5.7.48.1";
var options = {};
if (!!proxyInfo) {
var agent = CertCheckAgent.GetProxyAgent(proxyInfo);
options.agent = agent;
}
return new Promise(function (resolve, reject) {
ocsp.utils.getAuthorityInfo(req.cert, ocspMethod, function (error, uri) {
if (error) {
reject(error);
return;
}
var parsedUri = url.parse(uri);
options = __assign(__assign({}, options), parsedUri);
ocsp.utils.getResponse(options, req.data, function (error, raw) {
if (error) {
reject(error);
return;
}
_this.onEvent(new Exports_1.OCSPResponseRetrievedEvent(req.certID.toString("hex")));
resolve(raw);
});
});
});
};
CertCheckAgent.prototype.CreateConnection = function (request, options) {
var enableOCSP = (typeof process !== "undefined" && process.env.NODE_TLS_REJECT_UNAUTHORIZED !== "0" && process.env.SPEECH_CONDUCT_OCSP_CHECK !== "0") && options.secureEndpoint;
var socketPromise;
options = __assign(__assign({}, options), {
requestOCSP: !CertCheckAgent.forceDisableOCSPStapling,
servername: options.host
});
if (!!this.privProxyInfo) {
var httpProxyAgent = CertCheckAgent.GetProxyAgent(this.privProxyInfo);
var baseAgent_1 = httpProxyAgent;
socketPromise = new Promise(function (resolve, reject) {
baseAgent_1.callback(request, options, function (error, socket) {
if (!!error) {
reject(error);
}
else {
resolve(socket);
}
});
});
}
else {
socketPromise = Promise.resolve(tls.connect(options));
}
if (!!enableOCSP) {
return CertCheckAgent.OCSPCheck(socketPromise, this.privProxyInfo);
}
else {
return socketPromise;
}
};
// Test hook to enable forcing expiration / refresh to happen.
CertCheckAgent.testTimeOffset = 0;
// Test hook to disable stapling for cache testing.
CertCheckAgent.forceDisableOCSPStapling = false;
// An in memory cache for recived responses.
CertCheckAgent.privMemCache = {};
CertCheckAgent.onEvent = function (event) {
Exports_1.Events.instance.onEvent(event);
};
return CertCheckAgent;
}());
exports.CertCheckAgent = CertCheckAgent;
//# sourceMappingURL=CertChecks.js.map