UNPKG

aws-crt

Version:

NodeJS bindings to the aws-c-* libraries

github.com/awslabs/aws-crt-nodejs

awslabs/aws-crt-nodejs

295 lines 11.6 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
"use strict"; /* * Copyright 2010-2018 Amazon.com, Inc. or its affiliates. All Rights Reserved. * * Licensed under the Apache License, Version 2.0 (the "License"). * You may not use this file except in compliance with the License. * A copy of the License is located at * * http://aws.amazon.com/apache2.0 * * or in the "license" file accompanying this file. This file is distributed * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either * express or implied. See the License for the specific language governing * permissions and limitations under the License. */ var __importDefault = (this && this.__importDefault) || function (mod) { return (mod && mod.__esModule) ? mod : { "default": mod }; }; Object.defineProperty(exports, "__esModule", { value: true }); const binding_1 = __importDefault(require("./binding")); const native_resource_1 = require("./native_resource"); const io_1 = require("../common/io"); var io_2 = require("../common/io"); exports.TlsVersion = io_2.TlsVersion; exports.SocketType = io_2.SocketType; exports.SocketDomain = io_2.SocketDomain; /** * Convert a native error code into a human-readable string * @param error_code - An error code returned from a native API call, or delivered * via callback. * @see CrtError * * nodejs only. */ function error_code_to_string(error_code) { return binding_1.default.error_code_to_string(error_code); } exports.error_code_to_string = error_code_to_string; /** * Convert a native error code into a human-readable identifier * @param error_code - An error code returned from a native API call, or delivered * via callback. * @see CrtError * * nodejs only. */ function error_code_to_name(error_code) { return binding_1.default.error_code_to_name(error_code); } exports.error_code_to_name = error_code_to_name; /** The amount of detail that will be logged */ var LogLevel; (function (LogLevel) { /** No logging whatsoever. Equivalent to never calling {@link enable_logging}. */ LogLevel[LogLevel["NONE"] = 0] = "NONE"; /** Only fatals. In practice, this will not do much, as the process will log and then crash (intentionally) if a fatal condition occurs */ LogLevel[LogLevel["FATAL"] = 1] = "FATAL"; /** Only errors */ LogLevel[LogLevel["ERROR"] = 2] = "ERROR"; /** Only warnings and errors */ LogLevel[LogLevel["WARN"] = 3] = "WARN"; /** Information about connection/stream creation/destruction events */ LogLevel[LogLevel["INFO"] = 4] = "INFO"; /** Enough information to debug the chain of events a given network connection encounters */ LogLevel[LogLevel["DEBUG"] = 5] = "DEBUG"; /** Everything. Only use this if you really need to know EVERY single call */ LogLevel[LogLevel["TRACE"] = 6] = "TRACE"; })(LogLevel = exports.LogLevel || (exports.LogLevel = {})); /** * Enables logging of the native AWS CRT libraries. * @param level - The logging level to filter to. It is not possible to log less than WARN. * * nodejs only. */ function enable_logging(level) { binding_1.default.io_logging_enable(level); } exports.enable_logging = enable_logging; /** * Returns true if ALPN is available on this platform natively * @return true if ALPN is supported natively, false otherwise * nodejs only. */ function is_alpn_available() { return binding_1.default.is_alpn_available(); } exports.is_alpn_available = is_alpn_available; /** * Wraps a {@link Readable} for reading by native code, used to stream * data into the AWS CRT libraries. */ class InputStream extends native_resource_1.NativeResource { constructor(source) { super(binding_1.default.io_input_stream_new(16 * 1024)); this.source = source; this.source.on('data', (data) => { data = Buffer.isBuffer(data) ? data : new Buffer(data.toString(), 'utf8'); binding_1.default.io_input_stream_append(this.native_handle(), data); }); this.source.on('end', () => { binding_1.default.io_input_stream_append(this.native_handle(), undefined); }); } } exports.InputStream = InputStream; /** * Represents native resources required to bootstrap a client connection * Things like a host resolver, event loop group, etc. There should only need * to be 1 of these per application, in most cases. * * nodejs only. */ class ClientBootstrap extends native_resource_1.NativeResource { constructor() { super(binding_1.default.io_client_bootstrap_new()); } } exports.ClientBootstrap = ClientBootstrap; /** * Standard Berkeley socket style options. * * nodejs only. */ class SocketOptions extends native_resource_1.NativeResource { constructor(type = io_1.SocketType.STREAM, domain = io_1.SocketDomain.IPV6, connect_timeout_ms = 5000, keepalive = false, keep_alive_interval_sec = 0, keep_alive_timeout_sec = 0, keep_alive_max_failed_probes = 0) { super(binding_1.default.io_socket_options_new(type, domain, connect_timeout_ms, keep_alive_interval_sec, keep_alive_timeout_sec, keep_alive_max_failed_probes, keepalive)); } } exports.SocketOptions = SocketOptions; /** * Options for creating a {@link ClientTlsContext} or {@link ServerTlsContext}. * * nodejs only. */ class TlsContextOptions { constructor() { /** Minimum version of TLS to support. Uses OS/system default if unspecified. */ this.min_tls_version = io_1.TlsVersion.Default; /** List of ALPN protocols to be used on platforms which support ALPN */ this.alpn_list = []; /** * In client mode, this turns off x.509 validation. Don't do this unless you are testing. * It is much better to just override the default trust store and pass the self-signed * certificate as the ca_file argument. * * In server mode, this defaults to false. If you want to enforce mutual TLS on the server, * set this to true. */ this.verify_peer = false; } /** * Overrides the default system trust store. * @param ca_dirpath - Only used on Unix-style systems where all trust anchors are * stored in a directory (e.g. /etc/ssl/certs). * @param ca_filepath - Single file containing all trust CAs, in PEM format */ override_default_trust_store_from_path(ca_dirpath, ca_filepath) { this.ca_dirpath = ca_dirpath; this.ca_filepath = ca_filepath; } /** * Overrides the default system trust store. * @param certificate_authority - String containing all trust CAs, in PEM format */ override_default_trust_store(certificate_authority) { this.certificate_authority = certificate_authority; } /** * Creates a client with secure-by-default options, along with a client cert and private key * @param certificate - Client certificate, in PEM format * @param private_key - Client private key, in PEM format */ static create_client_with_mtls(certificate, private_key) { let opt = new TlsContextOptions(); opt.certificate = certificate; opt.private_key = private_key; opt.verify_peer = true; return opt; } /** * Creates a client with secure-by-default options, along with a client cert and private key * @param certificate_filepath - Path to client certificate, in PEM format * @param private_key_filepath - Path to private key, in PEM format */ static create_client_with_mtls_from_path(certificate_filepath, private_key_filepath) { let opt = new TlsContextOptions(); opt.certificate_filepath = certificate_filepath; opt.private_key_filepath = private_key_filepath; opt.verify_peer = true; return opt; } /** * Creates a TLS context with secure-by-default options, along with a client cert and password * @param pkcs12_filepath - Path to client certificate in PKCS#12 format * @param pkcs12_password - PKCS#12 password */ static create_client_with_mtls_pkcs_from_path(pkcs12_filepath, pkcs12_password) { let opt = new TlsContextOptions(); opt.pkcs12_filepath = pkcs12_filepath; opt.pkcs12_password = pkcs12_password; opt.verify_peer = true; return opt; } /** * Creates TLS context with peer verification disabled, along with a certificate and private key * @param certificate_filepath - Path to certificate, in PEM format * @param private_key_filepath - Path to private key, in PEM format * */ static create_server_with_mtls_from_path(certificate_filepath, private_key_filepath) { let opt = new TlsContextOptions(); opt.certificate_filepath = certificate_filepath; opt.private_key_filepath = private_key_filepath; opt.verify_peer = false; return opt; } /** * Creates TLS context with peer verification disabled, along with a certificate and private key * in PKCS#12 format * @param pkcs12_filepath - Path to certificate, in PKCS#12 format * @param pkcs12_password - PKCS#12 Password * */ static create_server_with_mtls_pkcs_from_path(pkcs12_filepath, pkcs12_password) { let opt = new TlsContextOptions(); opt.pkcs12_filepath = pkcs12_filepath; opt.pkcs12_password = pkcs12_password; opt.verify_peer = false; return opt; } } exports.TlsContextOptions = TlsContextOptions; /** * TLS context used for client/server TLS communications over sockets. * * @see ClientTlsContext * @see ServerTlsContext * * nodejs only. */ class TlsContext extends native_resource_1.NativeResource { constructor(ctx_opt) { super(binding_1.default.io_tls_ctx_new(ctx_opt.min_tls_version, ctx_opt.ca_filepath, ctx_opt.ca_dirpath, ctx_opt.certificate_authority, (ctx_opt.alpn_list && ctx_opt.alpn_list.length > 0) ? ctx_opt.alpn_list.join(';') : undefined, ctx_opt.certificate_filepath, ctx_opt.certificate, ctx_opt.private_key_filepath, ctx_opt.private_key, ctx_opt.pkcs12_filepath, ctx_opt.pkcs12_password, ctx_opt.verify_peer)); } } exports.TlsContext = TlsContext; /** * TLS context used for client TLS communications over sockets. If no * options are supplied, the context will default to enabling peer verification * only. * * nodejs only. */ class ClientTlsContext extends TlsContext { constructor(ctx_opt) { if (!ctx_opt) { ctx_opt = new TlsContextOptions(); ctx_opt.verify_peer = true; } super(ctx_opt); } } exports.ClientTlsContext = ClientTlsContext; /** * TLS context used for server TLS communications over sockets. If no * options are supplied, the context will default to disabling peer verification * only. * * nodejs only. */ class ServerTlsContext extends TlsContext { constructor(ctx_opt) { if (!ctx_opt) { ctx_opt = new TlsContextOptions(); ctx_opt.verify_peer = false; } super(ctx_opt); } } exports.ServerTlsContext = ServerTlsContext; /** * TLS options that are unique to a given connection using a shared TlsContext. * * nodejs only. */ class TlsConnectionOptions extends native_resource_1.NativeResource { constructor(tls_ctx, server_name, alpn_list = []) { super(binding_1.default.io_tls_connection_options_new(tls_ctx.native_handle(), server_name, (alpn_list && alpn_list.length > 0) ? alpn_list.join(';') : undefined)); this.tls_ctx = tls_ctx; this.server_name = server_name; this.alpn_list = alpn_list; } } exports.TlsConnectionOptions = TlsConnectionOptions; //# sourceMappingURL=io.js.map