Spaces:
Configuration error
Configuration error
| /** | |
| * Socket wrapping functions for TLS. | |
| * | |
| * @author Dave Longley | |
| * | |
| * Copyright (c) 2009-2012 Digital Bazaar, Inc. | |
| */ | |
| var forge = require('./forge'); | |
| require('./tls'); | |
| /** | |
| * Wraps a forge.net socket with a TLS layer. | |
| * | |
| * @param options: | |
| * sessionId: a session ID to reuse, null for a new connection if no session | |
| * cache is provided or it is empty. | |
| * caStore: an array of certificates to trust. | |
| * sessionCache: a session cache to use. | |
| * cipherSuites: an optional array of cipher suites to use, see | |
| * tls.CipherSuites. | |
| * socket: the socket to wrap. | |
| * virtualHost: the virtual server name to use in a TLS SNI extension. | |
| * verify: a handler used to custom verify certificates in the chain. | |
| * getCertificate: an optional callback used to get a certificate. | |
| * getPrivateKey: an optional callback used to get a private key. | |
| * getSignature: an optional callback used to get a signature. | |
| * deflate: function(inBytes) if provided, will deflate TLS records using | |
| * the deflate algorithm if the server supports it. | |
| * inflate: function(inBytes) if provided, will inflate TLS records using | |
| * the deflate algorithm if the server supports it. | |
| * | |
| * @return the TLS-wrapped socket. | |
| */ | |
| forge.tls.wrapSocket = function(options) { | |
| // get raw socket | |
| var socket = options.socket; | |
| // create TLS socket | |
| var tlsSocket = { | |
| id: socket.id, | |
| // set handlers | |
| connected: socket.connected || function(e) {}, | |
| closed: socket.closed || function(e) {}, | |
| data: socket.data || function(e) {}, | |
| error: socket.error || function(e) {} | |
| }; | |
| // create TLS connection | |
| var c = forge.tls.createConnection({ | |
| server: false, | |
| sessionId: options.sessionId || null, | |
| caStore: options.caStore || [], | |
| sessionCache: options.sessionCache || null, | |
| cipherSuites: options.cipherSuites || null, | |
| virtualHost: options.virtualHost, | |
| verify: options.verify, | |
| getCertificate: options.getCertificate, | |
| getPrivateKey: options.getPrivateKey, | |
| getSignature: options.getSignature, | |
| deflate: options.deflate, | |
| inflate: options.inflate, | |
| connected: function(c) { | |
| // first handshake complete, call handler | |
| if(c.handshakes === 1) { | |
| tlsSocket.connected({ | |
| id: socket.id, | |
| type: 'connect', | |
| bytesAvailable: c.data.length() | |
| }); | |
| } | |
| }, | |
| tlsDataReady: function(c) { | |
| // send TLS data over socket | |
| return socket.send(c.tlsData.getBytes()); | |
| }, | |
| dataReady: function(c) { | |
| // indicate application data is ready | |
| tlsSocket.data({ | |
| id: socket.id, | |
| type: 'socketData', | |
| bytesAvailable: c.data.length() | |
| }); | |
| }, | |
| closed: function(c) { | |
| // close socket | |
| socket.close(); | |
| }, | |
| error: function(c, e) { | |
| // send error, close socket | |
| tlsSocket.error({ | |
| id: socket.id, | |
| type: 'tlsError', | |
| message: e.message, | |
| bytesAvailable: 0, | |
| error: e | |
| }); | |
| socket.close(); | |
| } | |
| }); | |
| // handle doing handshake after connecting | |
| socket.connected = function(e) { | |
| c.handshake(options.sessionId); | |
| }; | |
| // handle closing TLS connection | |
| socket.closed = function(e) { | |
| if(c.open && c.handshaking) { | |
| // error | |
| tlsSocket.error({ | |
| id: socket.id, | |
| type: 'ioError', | |
| message: 'Connection closed during handshake.', | |
| bytesAvailable: 0 | |
| }); | |
| } | |
| c.close(); | |
| // call socket handler | |
| tlsSocket.closed({ | |
| id: socket.id, | |
| type: 'close', | |
| bytesAvailable: 0 | |
| }); | |
| }; | |
| // handle error on socket | |
| socket.error = function(e) { | |
| // error | |
| tlsSocket.error({ | |
| id: socket.id, | |
| type: e.type, | |
| message: e.message, | |
| bytesAvailable: 0 | |
| }); | |
| c.close(); | |
| }; | |
| // handle receiving raw TLS data from socket | |
| var _requiredBytes = 0; | |
| socket.data = function(e) { | |
| // drop data if connection not open | |
| if(!c.open) { | |
| socket.receive(e.bytesAvailable); | |
| } else { | |
| // only receive if there are enough bytes available to | |
| // process a record | |
| if(e.bytesAvailable >= _requiredBytes) { | |
| var count = Math.max(e.bytesAvailable, _requiredBytes); | |
| var data = socket.receive(count); | |
| if(data !== null) { | |
| _requiredBytes = c.process(data); | |
| } | |
| } | |
| } | |
| }; | |
| /** | |
| * Destroys this socket. | |
| */ | |
| tlsSocket.destroy = function() { | |
| socket.destroy(); | |
| }; | |
| /** | |
| * Sets this socket's TLS session cache. This should be called before | |
| * the socket is connected or after it is closed. | |
| * | |
| * The cache is an object mapping session IDs to internal opaque state. | |
| * An application might need to change the cache used by a particular | |
| * tlsSocket between connections if it accesses multiple TLS hosts. | |
| * | |
| * @param cache the session cache to use. | |
| */ | |
| tlsSocket.setSessionCache = function(cache) { | |
| c.sessionCache = tls.createSessionCache(cache); | |
| }; | |
| /** | |
| * Connects this socket. | |
| * | |
| * @param options: | |
| * host: the host to connect to. | |
| * port: the port to connect to. | |
| * policyPort: the policy port to use (if non-default), 0 to | |
| * use the flash default. | |
| * policyUrl: the policy file URL to use (instead of port). | |
| */ | |
| tlsSocket.connect = function(options) { | |
| socket.connect(options); | |
| }; | |
| /** | |
| * Closes this socket. | |
| */ | |
| tlsSocket.close = function() { | |
| c.close(); | |
| }; | |
| /** | |
| * Determines if the socket is connected or not. | |
| * | |
| * @return true if connected, false if not. | |
| */ | |
| tlsSocket.isConnected = function() { | |
| return c.isConnected && socket.isConnected(); | |
| }; | |
| /** | |
| * Writes bytes to this socket. | |
| * | |
| * @param bytes the bytes (as a string) to write. | |
| * | |
| * @return true on success, false on failure. | |
| */ | |
| tlsSocket.send = function(bytes) { | |
| return c.prepare(bytes); | |
| }; | |
| /** | |
| * Reads bytes from this socket (non-blocking). Fewer than the number of | |
| * bytes requested may be read if enough bytes are not available. | |
| * | |
| * This method should be called from the data handler if there are enough | |
| * bytes available. To see how many bytes are available, check the | |
| * 'bytesAvailable' property on the event in the data handler or call the | |
| * bytesAvailable() function on the socket. If the browser is msie, then the | |
| * bytesAvailable() function should be used to avoid race conditions. | |
| * Otherwise, using the property on the data handler's event may be quicker. | |
| * | |
| * @param count the maximum number of bytes to read. | |
| * | |
| * @return the bytes read (as a string) or null on error. | |
| */ | |
| tlsSocket.receive = function(count) { | |
| return c.data.getBytes(count); | |
| }; | |
| /** | |
| * Gets the number of bytes available for receiving on the socket. | |
| * | |
| * @return the number of bytes available for receiving. | |
| */ | |
| tlsSocket.bytesAvailable = function() { | |
| return c.data.length(); | |
| }; | |
| return tlsSocket; | |
| }; | |