Merge pull request #87 from exoego/tls

Overhaul tls module

Author: exoego

README.md

@@ -42,7 +42,7 @@ The following core Node.js modules (v8.7.0+) have been implemented:
 | [stream](https://nodejs.org/api/stream.html)                 | :heavy_check_mark: |
 | [string-decoder](https://nodejs.org/api/string_decoder.html) | :heavy_check_mark: |
 | [timers](https://nodejs.org/api/timers.html)                 | :heavy_check_mark: |
-| [tls](https://nodejs.org/api/tls.html)                       |                    |
+| [tls](https://nodejs.org/api/tls.html)                       | :heavy_check_mark: |
 | [tty](https://nodejs.org/api/tty.html)                       | :heavy_check_mark: |
 | [url](https://nodejs.org/api/url.html)                       | :heavy_check_mark: |
 | [util](https://nodejs.org/api/util.html)                     | :heavy_check_mark: |

app/current/src/main/scala/io/scalajs/nodejs/tls/ConnectOptions.scala

@@ -0,0 +1,29 @@
+package io.scalajs.nodejs.tls
+
+import io.scalajs.nodejs.buffer.Buffer
+import io.scalajs.nodejs.{net, stream}
+
+import scala.scalajs.js
+
+class ConnectOptions(
+    var host: js.UndefOr[String] = js.undefined,
+    var port: js.UndefOr[Int] = js.undefined,
+    var path: js.UndefOr[String] = js.undefined,
+    var socket: js.UndefOr[stream.IDuplex] = js.undefined,
+    var allowHalfOpen: js.UndefOr[Boolean] = js.undefined,
+    var servername: js.UndefOr[String] = js.undefined,
+    var checkServerIdentity: js.UndefOr[js.Function2[String, TLSCertificate, Any]] = js.undefined,
+    var minDHSize: js.UndefOr[Int] = js.undefined,
+    // TLSSocketOptions
+    var enableTrace: js.UndefOr[Boolean] = js.undefined,
+    var isServer: js.UndefOr[Boolean] = js.undefined,
+    var server: js.UndefOr[net.Server] = js.undefined,
+    var requestCert: js.UndefOr[Boolean] = js.undefined,
+    var rejectUnauthorized: js.UndefOr[Boolean] = js.undefined,
+    var NPNProtocols: js.UndefOr[Boolean] = js.undefined,
+    var ALPNProtocols: js.UndefOr[ALPNProtocols] = js.undefined,
+    var SNICallback: js.UndefOr[js.Function2[String, js.Function, Any]] = js.undefined,
+    var session: js.UndefOr[Buffer] = js.undefined,
+    var requestOCSP: js.UndefOr[Boolean] = js.undefined,
+    var secureContext: js.UndefOr[SecureContext] = js.undefined
+) extends js.Object

app/current/src/main/scala/io/scalajs/nodejs/tls/SecureContextOptions.scala

@@ -14,7 +14,7 @@ class SecureContextOptions(
     var crl: js.UndefOr[SecureData] = js.undefined,
     var dphram: js.UndefOr[String | Buffer] = js.undefined,
     var ecdhCurve: js.UndefOr[String] = js.undefined,
-    var honorCihperOrder: js.UndefOr[Boolean] = js.undefined,
+    var honorCipherOrder: js.UndefOr[Boolean] = js.undefined,
     var key: js.UndefOr[SecureData] = js.undefined,
     var maxVersion: js.UndefOr[String] = js.undefined,
     var minVersion: js.UndefOr[String] = js.undefined,

app/current/src/main/scala/io/scalajs/nodejs/tls/Server.scala

@@ -1,6 +1,7 @@
 package io.scalajs.nodejs
 package tls
 
+import com.thoughtworks.enableIf
 import io.scalajs.nodejs.buffer.Buffer
 
 import scala.scalajs.js
@@ -21,7 +22,10 @@ class Server extends net.Server {
     * @param context  <Object> An object containing any of the possible properties from the tls.createSecureContext()
     *                 options arguments (e.g. key, cert, ca, etc).
     */
-  def addContext(hostname: String, context: js.Any): Unit = js.native
+  def addContext(hostname: String, context: SecureContextOptions): Unit = js.native
+
+  @enableIf(io.scalajs.nodejs.CompilerSwitches.gteNodeJs12)
+  def setSecureContext(context: SecureContextOptions): Unit = js.native
 
   /**
     * Returns a Buffer instance holding the keys currently used for encryption/decryption of the TLS Session Tickets

app/current/src/main/scala/io/scalajs/nodejs/tls/ServerOptions.scala

@@ -20,7 +20,7 @@ class ServerOptions(
     // Options for net.createServers
     val allowHalfOpen: js.UndefOr[Boolean] = js.undefined,
     val pauseOnConnect: js.UndefOr[Boolean] = js.undefined,
-// Options for tls.createSecureContext
+    // Options for tls.createSecureContext
     var ca: js.UndefOr[SecureData] = js.undefined,
     var cert: js.UndefOr[SecureData] = js.undefined,
     var sigalgs: js.UndefOr[String] = js.undefined,
@@ -29,7 +29,7 @@ class ServerOptions(
     var crl: js.UndefOr[SecureData] = js.undefined,
     var dphram: js.UndefOr[String | Buffer] = js.undefined,
     var ecdhCurve: js.UndefOr[String] = js.undefined,
-    var honorCihperOrder: js.UndefOr[Boolean] = js.undefined,
+    var honorCipherOrder: js.UndefOr[Boolean] = js.undefined,
     var key: js.UndefOr[SecureData] = js.undefined,
     var maxVersion: js.UndefOr[String] = js.undefined,
     var minVersion: js.UndefOr[String] = js.undefined,

app/current/src/main/scala/io/scalajs/nodejs/tls/TLSCertificate.scala

@@ -1,7 +1,11 @@
 package io.scalajs.nodejs
 package tls
 
+import io.scalajs.nodejs.buffer.Buffer
+
 import scala.scalajs.js
+import scala.scalajs.js.annotation.JSName
+import scala.scalajs.js.|
 
 /**
   * TLS Certificate
@@ -10,10 +14,42 @@ import scala.scalajs.js
 @js.native
 trait TLSCertificate extends js.Object {
 
-  def subject: js.Any = js.native
+  def raw: Buffer = js.native
+
+  def subject: Subject                  = js.native
+  def issuer: Subject                   = js.native
+  def issuerCertificate: TLSCertificate = js.native
+
+  def valid_from: String = js.native
+  def valid_to: String   = js.native
+
+  def serialNumber: String                        = js.native
+  def fingerprint: String                         = js.native
+  def fingerprint256: String                      = js.native
+  def ext_key_usage: js.Array[String]             = js.native
+  def subjectaltname: String                      = js.native
+  def infoAccess: js.Dictionary[js.Array[String]] = js.native
 
-  def issuer: js.Any = js.native
+  // For RSA and EC keys
+  def pubkey: js.UndefOr[Buffer] = js.native
+  def bits: js.UndefOr[Int]      = js.native
 
-  def issuerCertificate: js.Any = js.native
+  // For RSA keys
+  def exponent: js.UndefOr[String] = js.native
+  def modulus: js.UndefOr[String]  = js.native
 
+  // For EC keys
+  def asn1Curve: js.UndefOr[String] = js.native
+  def nitsCurve: js.UndefOr[String] = js.native
+}
+
+// TODO: Remove js.Array[String] where possible
+@js.native
+trait Subject extends js.Object {
+  @JSName("C") var country: js.UndefOr[String | js.Array[String]]           = js.native
+  @JSName("ST") var stateOrProvince: js.UndefOr[String | js.Array[String]]  = js.native
+  @JSName("L") var locality: js.UndefOr[String | js.Array[String]]          = js.native
+  @JSName("O") var organization: js.UndefOr[String | js.Array[String]]      = js.native
+  @JSName("OU") var organizationUnit: js.UndefOr[String | js.Array[String]] = js.native
+  @JSName("CN") var commonName: js.UndefOr[String | js.Array[String]]       = js.native
 }

app/current/src/main/scala/io/scalajs/nodejs/tls/TLSSocket.scala

@@ -1,11 +1,12 @@
 package io.scalajs.nodejs
 package tls
 
+import com.thoughtworks.enableIf
 import io.scalajs.nodejs.buffer.Buffer
-import io.scalajs.nodejs.net.Socket
 
 import scala.scalajs.js
 import scala.scalajs.js.annotation.JSImport
+import scala.scalajs.js.|
 
 /**
   * The tls.TLSSocket is a subclass of net.Socket that performs transparent encryption of written data
@@ -17,7 +18,21 @@ import scala.scalajs.js.annotation.JSImport
   */
 @js.native
 @JSImport("tls", "TLSSocket")
-class TLSSocket(socket: Socket, options: TLSSocketOptions = js.native) extends net.Socket {
+class TLSSocket(socket: stream.IDuplex, options: TLSSocketOptions = js.native) extends net.Socket {
+
+  def authorizationError: js.UndefOr[Boolean] = js.native
+
+  def authorized: Boolean = js.native
+
+  def disableRenegotiation(): Unit = js.native
+
+  @enableIf(io.scalajs.nodejs.CompilerSwitches.gteNodeJs12)
+  def enableTrace(): Unit = js.native
+
+  def encrypted: Boolean = js.native
+
+  @enableIf(io.scalajs.nodejs.CompilerSwitches.gteNodeJs12)
+  def getCertificate(): TLSCertificate = js.native
 
   /**
     * Returns an object representing the peer's certificate. The returned object has some properties corresponding to
@@ -30,20 +45,32 @@ class TLSSocket(socket: Socket, options: TLSSocketOptions = js.native) extends n
     */
   def getPeerCertificate(detailed: String): TLSCertificate = js.native
 
+  @enableIf(io.scalajs.nodejs.CompilerSwitches.gteNodeJs10)
+  def getPeerFinished(): js.UndefOr[Buffer] = js.native
+
   /**
     * Returns a string containing the negotiated SSL/TLS protocol version of the current connection.
     * The value 'unknown' will be returned for connected sockets that have not completed the handshaking process.
     * The value null will be returned for server sockets or disconnected client sockets.
     * @return a string containing the negotiated SSL/TLS protocol version
     */
-  def getProtocol(): String = js.native
+  def getProtocol(): String | Null = js.native
 
   /**
     * Returns the ASN.1 encoded TLS session or undefined if no session was negotiated.
     * Can be used to speed up handshake establishment when reconnecting to the server.
     * @return the ASN.1 encoded TLS session
     */
-  def getSession(): js.UndefOr[String] = js.native
+  def getSession(): js.UndefOr[Buffer] = js.native
+
+  def getTLSTicket(): Buffer = js.native
+
+  def isSessionReused(): Boolean = js.native
+
+  def renegotiate(options: RenegotiateOptions, callback: js.Function1[io.scalajs.nodejs.Error, Any]): Boolean =
+    js.native
+
+  def setMaxSendFragment(size: Int): Boolean = js.native
 
 }
 
@@ -66,14 +93,20 @@ class TLSSocket(socket: Socket, options: TLSSocketOptions = js.native) extends n
   * @param secureContext      Optional TLS context object created with tls.createSecureContext(). If a secureContext
   *                           is not provided, one will be created by calling tls.createSecureContext() with no options.
   */
-class TLSSocketOptions(val isServer: js.UndefOr[Boolean] = js.undefined,
-                       val server: js.UndefOr[net.Server] = js.undefined,
-                       val requestCert: js.UndefOr[Boolean] = js.undefined,
-                       val rejectUnauthorized: js.UndefOr[Boolean] = js.undefined,
-                       val NPNProtocols: js.UndefOr[Boolean] = js.undefined,
-                       val ALPNProtocols: js.UndefOr[Boolean] = js.undefined,
-                       val SNICallback: js.UndefOr[Boolean] = js.undefined,
-                       val session: js.UndefOr[Buffer] = js.undefined,
-                       val requestOCSP: js.UndefOr[Boolean] = js.undefined,
-                       val secureContext: js.UndefOr[SecureContext] = js.undefined)
+class TLSSocketOptions(var enableTrace: js.UndefOr[Boolean] = js.undefined,
+                       var isServer: js.UndefOr[Boolean] = js.undefined,
+                       var server: js.UndefOr[net.Server] = js.undefined,
+                       var requestCert: js.UndefOr[Boolean] = js.undefined,
+                       var rejectUnauthorized: js.UndefOr[Boolean] = js.undefined,
+                       var NPNProtocols: js.UndefOr[Boolean] = js.undefined,
+                       var ALPNProtocols: js.UndefOr[ALPNProtocols] = js.undefined,
+                       var SNICallback: js.UndefOr[js.Function2[String, js.Function, Any]] = js.undefined,
+                       var session: js.UndefOr[Buffer] = js.undefined,
+                       var requestOCSP: js.UndefOr[Boolean] = js.undefined,
+                       var secureContext: js.UndefOr[SecureContext] = js.undefined)
     extends js.Object
+
+class RenegotiateOptions(
+    var rejectUnauthorized: js.UndefOr[Boolean] = js.undefined,
+    var requestCert: js.UndefOr[Boolean] = js.undefined
+) extends js.Object

app/current/src/main/scala/io/scalajs/nodejs/tls/Tls.scala

@@ -1,6 +1,8 @@
 package io.scalajs.nodejs
 package tls
 
+import com.thoughtworks.enableIf
+
 import scala.scalajs.js
 import scala.scalajs.js.annotation.JSImport
 
@@ -12,25 +14,33 @@ import scala.scalajs.js.annotation.JSImport
 @js.native
 trait Tls extends js.Object {
 
-  /**
-    * Same as tls.connect() except that port and host can be provided as arguments instead of options.
-    * @param port     Default value for options.port.
-    * @param host     Optional default value for options.host.
-    * @param options  See tls.connect().
-    * @param callback See tls.connect().
-    * @example connect(port[, host][, options][, callback])
-    */
-  def connect(port: Int, host: String, options: TlsConnectOptions, callback: js.Function): Unit = js.native
+  def checkServerIdentity(hostname: String, cert: TLSCertificate): js.UndefOr[io.scalajs.nodejs.Error] = js.native
+
+  def connect(options: ConnectOptions, callback: js.Function = js.native): Unit = js.native
 
   def createSecureContext(options: SecureContextOptions = js.native): SecureContext = js.native
 
+  def createServer(options: ServerOptions, secureConnectionListener: js.Function = js.native): Server = js.native
+  def createServer(secureConnectionListener: js.Function): Server                                     = js.native
+  def createServer(): Server                                                                          = js.native
+
+  def getCiphers(): js.Array[String] = js.native
+
+  @enableIf(io.scalajs.nodejs.CompilerSwitches.gteNodeJs12)
+  def rootCertificates: js.Array[String] = js.native
 }
 
 /**
   * TLS Singleton
   */
 @js.native
 @JSImport("tls", JSImport.Namespace)
-object Tls extends Tls
+object Tls extends Tls {
+  def DEFAULT_ECDH_CURVE: String = js.native
+
+  @enableIf(io.scalajs.nodejs.CompilerSwitches.gteNodeJs12)
+  def DEFAULT_MAX_VERSION: String = js.native
 
-class TlsConnectOptions() extends js.Object
+  @enableIf(io.scalajs.nodejs.CompilerSwitches.gteNodeJs12)
+  def DEFAULT_MIN_VERSION: String = js.native
+}

app/current/src/main/scala/io/scalajs/nodejs/tls/package.scala

@@ -3,6 +3,7 @@ package io.scalajs.nodejs
 import io.scalajs.nodejs.buffer.Buffer
 
 import scala.scalajs.js
+import scala.scalajs.js.typedarray.{DataView, TypedArray}
 import scala.scalajs.js.|
 
 package object tls {
@@ -11,4 +12,7 @@ package object tls {
   type SecureData = String | js.Array[String] | Buffer | js.Array[Buffer]
 
   type SecureDataObjectForm = js.Object
+
+  type ALPNProtocols =
+    Buffer | TypedArray[_, _] | DataView | js.Array[String] | js.Array[TypedArray[_, _]] | js.Array[DataView]
 }