UNPKG

aws-crt

Version:

NodeJS/browser bindings to the aws-c-* libraries

github.com/awslabs/aws-crt-nodejs

awslabs/aws-crt-nodejs

436 lines • 17.3 kB

JavaScript

"use strict"; /* * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. * SPDX-License-Identifier: Apache-2.0. */ var __importDefault = (this && this.__importDefault) || function (mod) { return (mod && mod.__esModule) ? mod : { "default": mod }; }; Object.defineProperty(exports, "__esModule", { value: true }); exports.Pkcs11Lib = exports.TlsConnectionOptions = exports.ServerTlsContext = exports.ClientTlsContext = exports.TlsContext = exports.TlsContextOptions = exports.SocketOptions = exports.ClientBootstrap = exports.InputStream = exports.is_alpn_available = exports.enable_logging = exports.LogLevel = exports.error_code_to_name = exports.error_code_to_string = exports.SocketDomain = exports.SocketType = exports.TlsVersion = void 0; /** * * A module containing a grab bag of support for core network I/O functionality, including sockets, TLS, DNS, logging, * error handling, streams, and connection -> thread mapping. * * Categories include: * - Network: socket configuration * - TLS: tls configuration * - Logging: logging controls and configuration * - IO: everything else * * @packageDocumentation * @module io * @mergeTarget */ const binding_1 = __importDefault(require("./binding")); const native_resource_1 = require("./native_resource"); const io_1 = require("../common/io"); var io_2 = require("../common/io"); Object.defineProperty(exports, "TlsVersion", { enumerable: true, get: function () { return io_2.TlsVersion; } }); Object.defineProperty(exports, "SocketType", { enumerable: true, get: function () { return io_2.SocketType; } }); Object.defineProperty(exports, "SocketDomain", { enumerable: true, get: function () { return io_2.SocketDomain; } }); const error_1 = require("./error"); /** * Convert a native error code into a human-readable string * @param error_code - An error code returned from a native API call, or delivered * via callback. * @returns Long-form description of the error * @see CrtError * * nodejs only. * * @category System */ function error_code_to_string(error_code) { return binding_1.default.error_code_to_string(error_code); } exports.error_code_to_string = error_code_to_string; /** * Convert a native error code into a human-readable identifier * @param error_code - An error code returned from a native API call, or delivered * via callback. * @return error name as a string * @see CrtError * * nodejs only. * * @category System */ function error_code_to_name(error_code) { return binding_1.default.error_code_to_name(error_code); } exports.error_code_to_name = error_code_to_name; /** * The amount of detail that will be logged * @category Logging */ var LogLevel; (function (LogLevel) { /** No logging whatsoever. Equivalent to never calling {@link enable_logging}. */ LogLevel[LogLevel["NONE"] = 0] = "NONE"; /** Only fatals. In practice, this will not do much, as the process will log and then crash (intentionally) if a fatal condition occurs */ LogLevel[LogLevel["FATAL"] = 1] = "FATAL"; /** Only errors */ LogLevel[LogLevel["ERROR"] = 2] = "ERROR"; /** Only warnings and errors */ LogLevel[LogLevel["WARN"] = 3] = "WARN"; /** Information about connection/stream creation/destruction events */ LogLevel[LogLevel["INFO"] = 4] = "INFO"; /** Enough information to debug the chain of events a given network connection encounters */ LogLevel[LogLevel["DEBUG"] = 5] = "DEBUG"; /** Everything. Only use this if you really need to know EVERY single call */ LogLevel[LogLevel["TRACE"] = 6] = "TRACE"; })(LogLevel = exports.LogLevel || (exports.LogLevel = {})); /** * Enables logging of the native AWS CRT libraries. * @param level - The logging level to filter to. It is not possible to log less than WARN. * * nodejs only. * @category Logging */ function enable_logging(level) { binding_1.default.io_logging_enable(level); } exports.enable_logging = enable_logging; /** * Returns true if ALPN is available on this platform natively * @return true if ALPN is supported natively, false otherwise * * nodejs only. * @category TLS */ function is_alpn_available() { return binding_1.default.is_alpn_available(); } exports.is_alpn_available = is_alpn_available; /** * Wraps a ```Readable``` for reading by native code, used to stream * data into the AWS CRT libraries. * * nodejs only. * @category IO */ class InputStream extends native_resource_1.NativeResource { constructor(source) { super(binding_1.default.io_input_stream_new(16 * 1024)); this.source = source; this.source.on('data', (data) => { data = Buffer.isBuffer(data) ? data : Buffer.from(data.toString()); binding_1.default.io_input_stream_append(this.native_handle(), data); }); this.source.on('end', () => { binding_1.default.io_input_stream_append(this.native_handle(), undefined); }); } } exports.InputStream = InputStream; /** * Represents native resources required to bootstrap a client connection * Things like a host resolver, event loop group, etc. There should only need * to be 1 of these per application, in most cases. * * nodejs only. * @category IO */ class ClientBootstrap extends native_resource_1.NativeResource { constructor() { super(binding_1.default.io_client_bootstrap_new()); } } exports.ClientBootstrap = ClientBootstrap; /** * Standard Berkeley socket style options. * * nodejs only. * @category Network */ class SocketOptions extends native_resource_1.NativeResource { constructor(type = io_1.SocketType.STREAM, domain = io_1.SocketDomain.IPV6, connect_timeout_ms = 5000, keepalive = false, keep_alive_interval_sec = 0, keep_alive_timeout_sec = 0, keep_alive_max_failed_probes = 0) { super(binding_1.default.io_socket_options_new(type, domain, connect_timeout_ms, keep_alive_interval_sec, keep_alive_timeout_sec, keep_alive_max_failed_probes, keepalive)); } } exports.SocketOptions = SocketOptions; /** * Options for creating a {@link ClientTlsContext} or {@link ServerTlsContext}. * * nodejs only. * @category TLS */ class TlsContextOptions { constructor() { /** Minimum version of TLS to support. Uses OS/system default if unspecified. */ this.min_tls_version = io_1.TlsVersion.Default; /** List of ALPN protocols to be used on platforms which support ALPN */ this.alpn_list = []; /** * In client mode, this turns off x.509 validation. Don't do this unless you are testing. * It is much better to just override the default trust store and pass the self-signed * certificate as the ca_file argument. * * In server mode (ServerTlsContext), this defaults to false. If you want to enforce mutual TLS on the server, * set this to true. */ this.verify_peer = true; } /** * Overrides the default system trust store. * @param ca_dirpath - Only used on Unix-style systems where all trust anchors are * stored in a directory (e.g. /etc/ssl/certs). * @param ca_filepath - Single file containing all trust CAs, in PEM format */ override_default_trust_store_from_path(ca_dirpath, ca_filepath) { this.ca_dirpath = ca_dirpath; this.ca_filepath = ca_filepath; } /** * Overrides the default system trust store. * @param certificate_authority - String containing all trust CAs, in PEM format */ override_default_trust_store(certificate_authority) { this.certificate_authority = certificate_authority; } /** * Create options configured for mutual TLS in client mode, * with client certificate and private key provided as in-memory strings. * @param certificate - Client certificate file contents, in PEM format * @param private_key - Client private key file contents, in PEM format * * @returns newly configured TlsContextOptions object */ static create_client_with_mtls(certificate, private_key) { let opt = new TlsContextOptions(); opt.certificate = certificate; opt.private_key = private_key; opt.verify_peer = true; return opt; } /** * Create options configured for mutual TLS in client mode, * with client certificate and private key provided via filepath. * @param certificate_filepath - Path to client certificate, in PEM format * @param private_key_filepath - Path to private key, in PEM format * * @returns newly configured TlsContextOptions object */ static create_client_with_mtls_from_path(certificate_filepath, private_key_filepath) { let opt = new TlsContextOptions(); opt.certificate_filepath = certificate_filepath; opt.private_key_filepath = private_key_filepath; opt.verify_peer = true; return opt; } /** * Create options for mutual TLS in client mode, * with client certificate and private key bundled in a single PKCS#12 file. * @param pkcs12_filepath - Path to PKCS#12 file containing client certificate and private key. * @param pkcs12_password - PKCS#12 password * * @returns newly configured TlsContextOptions object */ static create_client_with_mtls_pkcs12_from_path(pkcs12_filepath, pkcs12_password) { let opt = new TlsContextOptions(); opt.pkcs12_filepath = pkcs12_filepath; opt.pkcs12_password = pkcs12_password; opt.verify_peer = true; return opt; } /** * @deprecated Renamed [[create_client_with_mtls_pkcs12_from_path]] */ static create_client_with_mtls_pkcs_from_path(pkcs12_filepath, pkcs12_password) { return this.create_client_with_mtls_pkcs12_from_path(pkcs12_filepath, pkcs12_password); } /** * Create options configured for mutual TLS in client mode, * using a PKCS#11 library for private key operations. * * NOTE: This configuration only works on Unix devices. * * @param options - PKCS#11 options * * @returns newly configured TlsContextOptions object */ static create_client_with_mtls_pkcs11(options) { let opt = new TlsContextOptions(); opt.pkcs11_options = options; opt.verify_peer = true; return opt; } /** * Create options configured for mutual TLS in client mode, * using a certificate in a Windows certificate store. * * NOTE: Windows only. * * @param certificate_path - Path to certificate in a Windows certificate store. * The path must use backslashes and end with the certificate's thumbprint. * Example: `CurrentUser\MY\A11F8A9B5DF5B98BA3508FBCA575D09570E0D2C6` */ static create_client_with_mtls_windows_cert_store_path(certificate_path) { let opt = new TlsContextOptions(); opt.windows_cert_store_path = certificate_path; opt.verify_peer = true; return opt; } /** * Creates TLS context with peer verification disabled, along with a certificate and private key * @param certificate_filepath - Path to certificate, in PEM format * @param private_key_filepath - Path to private key, in PEM format * * @returns newly configured TlsContextOptions object */ static create_server_with_mtls_from_path(certificate_filepath, private_key_filepath) { let opt = new TlsContextOptions(); opt.certificate_filepath = certificate_filepath; opt.private_key_filepath = private_key_filepath; opt.verify_peer = false; return opt; } /** * Creates TLS context with peer verification disabled, along with a certificate and private key * in PKCS#12 format * @param pkcs12_filepath - Path to certificate, in PKCS#12 format * @param pkcs12_password - PKCS#12 Password * * @returns newly configured TlsContextOptions object */ static create_server_with_mtls_pkcs_from_path(pkcs12_filepath, pkcs12_password) { let opt = new TlsContextOptions(); opt.pkcs12_filepath = pkcs12_filepath; opt.pkcs12_password = pkcs12_password; opt.verify_peer = false; return opt; } } exports.TlsContextOptions = TlsContextOptions; /** * Abstract base TLS context used for client/server TLS communications over sockets. * * @see ClientTlsContext * @see ServerTlsContext * * nodejs only. * @category TLS */ class TlsContext extends native_resource_1.NativeResource { constructor(ctx_opt) { if (ctx_opt == null || ctx_opt == undefined) { throw new error_1.CrtError("TlsContext constructor: ctx_opt not defined"); } super(binding_1.default.io_tls_ctx_new(ctx_opt.min_tls_version, ctx_opt.ca_filepath, ctx_opt.ca_dirpath, ctx_opt.certificate_authority, (ctx_opt.alpn_list && ctx_opt.alpn_list.length > 0) ? ctx_opt.alpn_list.join(';') : undefined, ctx_opt.certificate_filepath, ctx_opt.certificate, ctx_opt.private_key_filepath, ctx_opt.private_key, ctx_opt.pkcs12_filepath, ctx_opt.pkcs12_password, ctx_opt.pkcs11_options, ctx_opt.windows_cert_store_path, ctx_opt.verify_peer)); } } exports.TlsContext = TlsContext; /** * TLS context used for client TLS communications over sockets. If no * options are supplied, the context will default to enabling peer verification * only. * * nodejs only. * @category TLS */ class ClientTlsContext extends TlsContext { constructor(ctx_opt) { if (!ctx_opt) { ctx_opt = new TlsContextOptions(); ctx_opt.verify_peer = true; } super(ctx_opt); } } exports.ClientTlsContext = ClientTlsContext; /** * TLS context used for server TLS communications over sockets. If no * options are supplied, the context will default to disabling peer verification * only. * * nodejs only. * @category TLS */ class ServerTlsContext extends TlsContext { constructor(ctx_opt) { if (!ctx_opt) { ctx_opt = new TlsContextOptions(); ctx_opt.verify_peer = false; } super(ctx_opt); } } exports.ServerTlsContext = ServerTlsContext; /** * TLS options that are unique to a given connection using a shared TlsContext. * * nodejs only. * @category TLS */ class TlsConnectionOptions extends native_resource_1.NativeResource { constructor(tls_ctx, server_name, alpn_list = []) { if (tls_ctx == null || tls_ctx == undefined) { throw new error_1.CrtError("TlsConnectionOptions constructor: tls_ctx not defined"); } super(binding_1.default.io_tls_connection_options_new(tls_ctx.native_handle(), server_name, (alpn_list && alpn_list.length > 0) ? alpn_list.join(';') : undefined)); this.tls_ctx = tls_ctx; this.server_name = server_name; this.alpn_list = alpn_list; } } exports.TlsConnectionOptions = TlsConnectionOptions; /** * Handle to a loaded PKCS#11 library. * * For most use cases, a single instance of Pkcs11Lib should be used * for the lifetime of your application. * * nodejs only. * @category TLS */ class Pkcs11Lib extends native_resource_1.NativeResource { /** * @param path - Path to PKCS#11 library. * @param behavior - Specifies how `C_Initialize()` and `C_Finalize()` * will be called on the PKCS#11 library. */ constructor(path, behavior = Pkcs11Lib.InitializeFinalizeBehavior.DEFAULT) { super(binding_1.default.io_pkcs11_lib_new(path, behavior)); } /** * Release the PKCS#11 library immediately, without waiting for the GC. */ close() { binding_1.default.io_pkcs11_lib_close(this.native_handle()); } } exports.Pkcs11Lib = Pkcs11Lib; (function (Pkcs11Lib) { /** * Controls `C_Initialize()` and `C_Finalize()` are called on the PKCS#11 library. */ let InitializeFinalizeBehavior; (function (InitializeFinalizeBehavior) { /** * Default behavior that accommodates most use cases. * * `C_Initialize()` is called on creation, and "already-initialized" * errors are ignored. `C_Finalize()` is never called, just in case * another part of your application is still using the PKCS#11 library. */ InitializeFinalizeBehavior[InitializeFinalizeBehavior["DEFAULT"] = 0] = "DEFAULT"; /** * Skip calling `C_Initialize()` and `C_Finalize()`. * * Use this if your application has already initialized the PKCS#11 library, * and you do not want `C_Initialize()` called again. */ InitializeFinalizeBehavior[InitializeFinalizeBehavior["OMIT"] = 1] = "OMIT"; /** * `C_Initialize()` is called on creation and `C_Finalize()` is called on cleanup. * * If `C_Initialize()` reports that's it's already initialized, this is * treated as an error. Use this if you need perfect cleanup (ex: running * valgrind with --leak-check). */ InitializeFinalizeBehavior[InitializeFinalizeBehavior["STRICT"] = 2] = "STRICT"; })(InitializeFinalizeBehavior = Pkcs11Lib.InitializeFinalizeBehavior || (Pkcs11Lib.InitializeFinalizeBehavior = {})); })(Pkcs11Lib = exports.Pkcs11Lib || (exports.Pkcs11Lib = {})); //# sourceMappingURL=io.js.map