// Copyright Joyent, Inc. and other Node contributors. // // Permission is hereby granted, free of charge, to any person obtaining a // copy of this software and associated documentation files (the // "Software"), to deal in the Software without restriction, including // without limitation the rights to use, copy, modify, merge, publish, // distribute, sublicense, and/or sell copies of the Software, and to permit // persons to whom the Software is furnished to do so, subject to the // following conditions: // // The above copyright notice and this permission notice shall be included // in all copies or substantial portions of the Software. // // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS // OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN // NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, // DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR // OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE // USE OR OTHER DEALINGS IN THE SOFTWARE. 'use strict'; const { ObjectAssign, ObjectDefineProperty, ObjectSetPrototypeOf, RegExp, Symbol, } = primordials; const { assertCrypto, deprecate } = require('internal/util'); assertCrypto(); const { setImmediate } = require('timers'); const assert = require('internal/assert'); const crypto = require('crypto'); const EE = require('events'); const net = require('net'); const tls = require('tls'); const common = require('_tls_common'); const JSStreamSocket = require('internal/js_stream_socket'); const { Buffer } = require('buffer'); let debug = require('internal/util/debuglog').debuglog('tls', (fn) => { debug = fn; }); const { TCP, constants: TCPConstants } = internalBinding('tcp_wrap'); const tls_wrap = internalBinding('tls_wrap'); const { Pipe, constants: PipeConstants } = internalBinding('pipe_wrap'); const { owner_symbol } = require('internal/async_hooks').symbols; const { isArrayBufferView } = require('internal/util/types'); const { SecureContext: NativeSecureContext } = internalBinding('crypto'); const { connResetException, codes } = require('internal/errors'); const { ERR_INVALID_ARG_TYPE, ERR_INVALID_ARG_VALUE, ERR_INVALID_CALLBACK, ERR_MULTIPLE_CALLBACK, ERR_SOCKET_CLOSED, ERR_TLS_DH_PARAM_SIZE, ERR_TLS_HANDSHAKE_TIMEOUT, ERR_TLS_INVALID_CONTEXT, ERR_TLS_RENEGOTIATION_DISABLED, ERR_TLS_REQUIRED_SERVER_NAME, ERR_TLS_SESSION_ATTACK, ERR_TLS_SNI_FROM_SERVER, ERR_TLS_INVALID_STATE } = codes; const { onpskexchange: kOnPskExchange } = internalBinding('symbols'); const { getOptionValue, getAllowUnauthorized, } = require('internal/options'); const { validateString, validateBuffer, validateUint32 } = require('internal/validators'); const traceTls = getOptionValue('--trace-tls'); const tlsKeylog = getOptionValue('--tls-keylog'); const { appendFile } = require('fs'); const kConnectOptions = Symbol('connect-options'); const kDisableRenegotiation = Symbol('disable-renegotiation'); const kErrorEmitted = Symbol('error-emitted'); const kHandshakeTimeout = Symbol('handshake-timeout'); const kRes = Symbol('res'); const kSNICallback = Symbol('snicallback'); const kEnableTrace = Symbol('enableTrace'); const kPskCallback = Symbol('pskcallback'); const kPskIdentityHint = Symbol('pskidentityhint'); const kPendingSession = Symbol('pendingSession'); const kIsVerified = Symbol('verified'); const noop = () => {}; let ipServernameWarned = false; let tlsTracingWarned = false; // Server side times how long a handshake is taking to protect against slow // handshakes being used for DoS. function onhandshakestart(now) { debug('server onhandshakestart'); const { lastHandshakeTime } = this; assert(now >= lastHandshakeTime, `now (${now}) < lastHandshakeTime (${lastHandshakeTime})`); this.lastHandshakeTime = now; // If this is the first handshake we can skip the rest of the checks. if (lastHandshakeTime === 0) return; if ((now - lastHandshakeTime) >= tls.CLIENT_RENEG_WINDOW * 1000) this.handshakes = 1; else this.handshakes++; const owner = this[owner_symbol]; assert(owner._tlsOptions.isServer); if (this.handshakes > tls.CLIENT_RENEG_LIMIT) { owner._emitTLSError(new ERR_TLS_SESSION_ATTACK()); return; } if (owner[kDisableRenegotiation]) owner._emitTLSError(new ERR_TLS_RENEGOTIATION_DISABLED()); } function onhandshakedone() { debug('server onhandshakedone'); const owner = this[owner_symbol]; assert(owner._tlsOptions.isServer); // `newSession` callback wasn't called yet if (owner._newSessionPending) { owner._securePending = true; return; } owner._finishInit(); } function loadSession(hello) { debug('server onclienthello', 'sessionid.len', hello.sessionId.length, 'ticket?', hello.tlsTicket ); const owner = this[owner_symbol]; let once = false; function onSession(err, session) { debug('server resumeSession callback(err %j, sess? %s)', err, !!session); if (once) return owner.destroy(new ERR_MULTIPLE_CALLBACK()); once = true; if (err) return owner.destroy(err); if (owner._handle === null) return owner.destroy(new ERR_SOCKET_CLOSED()); owner._handle.loadSession(session); // Session is loaded. End the parser to allow handshaking to continue. owner._handle.endParser(); } if (hello.sessionId.length <= 0 || hello.tlsTicket || (owner.server && !owner.server.emit('resumeSession', hello.sessionId, onSession))) { // Sessions without identifiers can't be resumed. // Sessions with tickets can be resumed directly from the ticket, no server // session storage is necessary. // Without a call to a resumeSession listener, a session will never be // loaded, so end the parser to allow handshaking to continue. owner._handle.endParser(); } } function loadSNI(info) { const owner = this[owner_symbol]; const servername = info.servername; if (!servername || !owner._SNICallback) return requestOCSP(owner, info); let once = false; owner._SNICallback(servername, (err, context) => { if (once) return owner.destroy(new ERR_MULTIPLE_CALLBACK()); once = true; if (err) return owner.destroy(err); if (owner._handle === null) return owner.destroy(new ERR_SOCKET_CLOSED()); // TODO(indutny): eventually disallow raw `SecureContext` if (context) owner._handle.sni_context = context.context || context; requestOCSP(owner, info); }); } function requestOCSP(socket, info) { if (!info.OCSPRequest || !socket.server) return requestOCSPDone(socket); let ctx = socket._handle.sni_context; if (!ctx) { ctx = socket.server._sharedCreds; // TLS socket is using a `net.Server` instead of a tls.TLSServer. // Some TLS properties like `server._sharedCreds` will not be present if (!ctx) return requestOCSPDone(socket); } // TODO(indutny): eventually disallow raw `SecureContext` if (ctx.context) ctx = ctx.context; if (socket.server.listenerCount('OCSPRequest') === 0) { return requestOCSPDone(socket); } let once = false; const onOCSP = (err, response) => { debug('server OCSPRequest done', 'handle?', !!socket._handle, 'once?', once, 'response?', !!response, 'err?', err); if (once) return socket.destroy(new ERR_MULTIPLE_CALLBACK()); once = true; if (err) return socket.destroy(err); if (socket._handle === null) return socket.destroy(new ERR_SOCKET_CLOSED()); if (response) socket._handle.setOCSPResponse(response); requestOCSPDone(socket); }; debug('server oncertcb emit OCSPRequest'); socket.server.emit('OCSPRequest', ctx.getCertificate(), ctx.getIssuer(), onOCSP); } function requestOCSPDone(socket) { debug('server certcb done'); try { socket._handle.certCbDone(); } catch (e) { debug('server certcb done errored', e); socket.destroy(e); } } function onnewsessionclient(sessionId, session) { debug('client emit session'); const owner = this[owner_symbol]; if (owner[kIsVerified]) { owner.emit('session', session); } else { owner[kPendingSession] = session; } } function onnewsession(sessionId, session) { debug('onnewsession'); const owner = this[owner_symbol]; // TODO(@sam-github) no server to emit the event on, but handshake won't // continue unless newSessionDone() is called, should it be, or is that // situation unreachable, or only occurring during shutdown? if (!owner.server) return; let once = false; const done = () => { debug('onnewsession done'); if (once) return; once = true; if (owner._handle === null) return owner.destroy(new ERR_SOCKET_CLOSED()); this.newSessionDone(); owner._newSessionPending = false; if (owner._securePending) owner._finishInit(); owner._securePending = false; }; owner._newSessionPending = true; if (!owner.server.emit('newSession', sessionId, session, done)) done(); } function onPskServerCallback(identity, maxPskLen) { const owner = this[owner_symbol]; const ret = owner[kPskCallback](owner, identity); if (ret == null) return undefined; let psk; if (isArrayBufferView(ret)) { psk = ret; } else { if (typeof ret !== 'object') { throw new ERR_INVALID_ARG_TYPE( 'ret', ['Object', 'Buffer', 'TypedArray', 'DataView'], ret ); } psk = ret.psk; validateBuffer(psk, 'psk'); } if (psk.length > maxPskLen) { throw new ERR_INVALID_ARG_VALUE( 'psk', psk, `Pre-shared key exceeds ${maxPskLen} bytes` ); } return psk; } function onPskClientCallback(hint, maxPskLen, maxIdentityLen) { const owner = this[owner_symbol]; const ret = owner[kPskCallback](hint); if (ret == null) return undefined; if (typeof ret !== 'object') throw new ERR_INVALID_ARG_TYPE('ret', 'Object', ret); validateBuffer(ret.psk, 'psk'); if (ret.psk.length > maxPskLen) { throw new ERR_INVALID_ARG_VALUE( 'psk', ret.psk, `Pre-shared key exceeds ${maxPskLen} bytes` ); } validateString(ret.identity, 'identity'); if (Buffer.byteLength(ret.identity) > maxIdentityLen) { throw new ERR_INVALID_ARG_VALUE( 'identity', ret.identity, `PSK identity exceeds ${maxIdentityLen} bytes` ); } return { psk: ret.psk, identity: ret.identity }; } function onkeylog(line) { debug('onkeylog'); this[owner_symbol].emit('keylog', line); } function onocspresponse(resp) { debug('client onocspresponse'); this[owner_symbol].emit('OCSPResponse', resp); } function onerror(err) { const owner = this[owner_symbol]; debug('%s onerror %s had? %j', owner._tlsOptions.isServer ? 'server' : 'client', err, owner._hadError); if (owner._hadError) return; owner._hadError = true; // Destroy socket if error happened before handshake's finish if (!owner._secureEstablished) { // When handshake fails control is not yet released, // so self._tlsError will return null instead of actual error owner.destroy(err); } else if (owner._tlsOptions.isServer && owner._rejectUnauthorized && /peer did not return a certificate/.test(err.message)) { // Ignore server's authorization errors owner.destroy(); } else { // Emit error owner._emitTLSError(err); } } // Used by both client and server TLSSockets to start data flowing from _handle, // read(0) causes a StreamBase::ReadStart, via Socket._read. function initRead(tlsSocket, socket) { debug('%s initRead', tlsSocket._tlsOptions.isServer ? 'server' : 'client', 'handle?', !!tlsSocket._handle, 'buffered?', !!socket && socket.readableLength ); // If we were destroyed already don't bother reading if (!tlsSocket._handle) return; // Socket already has some buffered data - emulate receiving it if (socket && socket.readableLength) { let buf; while ((buf = socket.read()) !== null) tlsSocket._handle.receive(buf); } tlsSocket.read(0); } /** * Provides a wrap of socket stream to do encrypted communication. */ function TLSSocket(socket, opts) { const tlsOptions = { ...opts }; let enableTrace = tlsOptions.enableTrace; if (enableTrace == null) { enableTrace = traceTls; if (enableTrace && !tlsTracingWarned) { tlsTracingWarned = true; process.emitWarning('Enabling --trace-tls can expose sensitive data in ' + 'the resulting log.'); } } else if (typeof enableTrace !== 'boolean') { throw new ERR_INVALID_ARG_TYPE( 'options.enableTrace', 'boolean', enableTrace); } if (tlsOptions.ALPNProtocols) tls.convertALPNProtocols(tlsOptions.ALPNProtocols, tlsOptions); this._tlsOptions = tlsOptions; this._secureEstablished = false; this._securePending = false; this._newSessionPending = false; this._controlReleased = false; this.secureConnecting = true; this._SNICallback = null; this.servername = null; this.alpnProtocol = null; this.authorized = false; this.authorizationError = null; this[kRes] = null; this[kIsVerified] = false; this[kPendingSession] = null; let wrap; if ((socket instanceof net.Socket && socket._handle) || !socket) { // 1. connected socket // 2. no socket, one will be created with net.Socket().connect wrap = socket; } else { // 3. socket has no handle so it is js not c++ // 4. unconnected sockets are wrapped // TLS expects to interact from C++ with a net.Socket that has a C++ stream // handle, but a JS stream doesn't have one. Wrap it up to make it look like // a socket. wrap = new JSStreamSocket(socket); } // Just a documented property to make secure sockets // distinguishable from regular ones. this.encrypted = true; net.Socket.call(this, { handle: this._wrapHandle(wrap), allowHalfOpen: socket ? socket.allowHalfOpen : tlsOptions.allowHalfOpen, pauseOnCreate: tlsOptions.pauseOnConnect, // The readable flag is only needed if pauseOnCreate will be handled. readable: tlsOptions.pauseOnConnect, writable: false }); // Proxy for API compatibility this.ssl = this._handle; // C++ TLSWrap object this.on('error', this._tlsError); this._init(socket, wrap); // Make sure to setup all required properties like: `connecting` before // starting the flow of the data this.readable = true; this.writable = true; if (enableTrace && this._handle) this._handle.enableTrace(); // Read on next tick so the caller has a chance to setup listeners process.nextTick(initRead, this, socket); } ObjectSetPrototypeOf(TLSSocket.prototype, net.Socket.prototype); ObjectSetPrototypeOf(TLSSocket, net.Socket); exports.TLSSocket = TLSSocket; const proxiedMethods = [ 'ref', 'unref', 'open', 'bind', 'listen', 'connect', 'bind6', 'connect6', 'getsockname', 'getpeername', 'setNoDelay', 'setKeepAlive', 'setSimultaneousAccepts', 'setBlocking', // PipeWrap 'setPendingInstances', ]; // Proxy HandleWrap, PipeWrap and TCPWrap methods function makeMethodProxy(name) { return function methodProxy(...args) { if (this._parent[name]) return this._parent[name].apply(this._parent, args); }; } for (const proxiedMethod of proxiedMethods) { tls_wrap.TLSWrap.prototype[proxiedMethod] = makeMethodProxy(proxiedMethod); } tls_wrap.TLSWrap.prototype.close = function close(cb) { let ssl; if (this[owner_symbol]) { ssl = this[owner_symbol].ssl; this[owner_symbol].ssl = null; } // Invoke `destroySSL` on close to clean up possibly pending write requests // that may self-reference TLSWrap, leading to leak const done = () => { if (ssl) { ssl.destroySSL(); if (ssl._secureContext.singleUse) { ssl._secureContext.context.close(); ssl._secureContext.context = null; } } if (cb) cb(); }; if (this._parentWrap && this._parentWrap._handle === this._parent) { this._parentWrap.once('close', done); return this._parentWrap.destroy(); } return this._parent.close(done); }; TLSSocket.prototype.disableRenegotiation = function disableRenegotiation() { this[kDisableRenegotiation] = true; }; TLSSocket.prototype._wrapHandle = function(wrap) { let handle; if (wrap) handle = wrap._handle; const options = this._tlsOptions; if (!handle) { handle = options.pipe ? new Pipe(PipeConstants.SOCKET) : new TCP(TCPConstants.SOCKET); handle[owner_symbol] = this; } // Wrap socket's handle const context = options.secureContext || options.credentials || tls.createSecureContext(options); assert(handle.isStreamBase, 'handle must be a StreamBase'); if (!(context.context instanceof NativeSecureContext)) { throw new ERR_TLS_INVALID_CONTEXT('context'); } const res = tls_wrap.wrap(handle, context.context, !!options.isServer); res._parent = handle; // C++ "wrap" object: TCPWrap, JSStream, ... res._parentWrap = wrap; // JS object: net.Socket, JSStreamSocket, ... res._secureContext = context; res.reading = handle.reading; this[kRes] = res; defineHandleReading(this, handle); this.on('close', onSocketCloseDestroySSL); return res; }; // This eliminates a cyclic reference to TLSWrap // Ref: https://github.com/nodejs/node/commit/f7620fb96d339f704932f9bb9a0dceb9952df2d4 function defineHandleReading(socket, handle) { ObjectDefineProperty(handle, 'reading', { get: () => { return socket[kRes].reading; }, set: (value) => { socket[kRes].reading = value; } }); } function onSocketCloseDestroySSL() { // Make sure we are not doing it on OpenSSL's stack setImmediate(destroySSL, this); this[kRes] = null; } function destroySSL(self) { self._destroySSL(); } TLSSocket.prototype._destroySSL = function _destroySSL() { if (!this.ssl) return; this.ssl.destroySSL(); if (this.ssl._secureContext.singleUse) { this.ssl._secureContext.context.close(); this.ssl._secureContext.context = null; } this.ssl = null; this[kPendingSession] = null; this[kIsVerified] = false; }; // Constructor guts, arbitrarily factored out. let warnOnTlsKeylog = true; let warnOnTlsKeylogError = true; TLSSocket.prototype._init = function(socket, wrap) { const options = this._tlsOptions; const ssl = this._handle; this.server = options.server; debug('%s _init', options.isServer ? 'server' : 'client', 'handle?', !!ssl ); // Clients (!isServer) always request a cert, servers request a client cert // only on explicit configuration. const requestCert = !!options.requestCert || !options.isServer; const rejectUnauthorized = !!options.rejectUnauthorized; this._requestCert = requestCert; this._rejectUnauthorized = rejectUnauthorized; if (requestCert || rejectUnauthorized) ssl.setVerifyMode(requestCert, rejectUnauthorized); // Only call .onkeylog if there is a keylog listener. ssl.onkeylog = onkeylog; this.on('newListener', keylogNewListener); function keylogNewListener(event) { if (event !== 'keylog') return; ssl.enableKeylogCallback(); // Remove this listener since it's no longer needed. this.removeListener('newListener', keylogNewListener); } if (options.isServer) { ssl.onhandshakestart = onhandshakestart; ssl.onhandshakedone = onhandshakedone; ssl.onclienthello = loadSession; ssl.oncertcb = loadSNI; ssl.onnewsession = onnewsession; ssl.lastHandshakeTime = 0; ssl.handshakes = 0; if (this.server) { if (this.server.listenerCount('resumeSession') > 0 || this.server.listenerCount('newSession') > 0) { // Also starts the client hello parser as a side effect. ssl.enableSessionCallbacks(); } if (this.server.listenerCount('OCSPRequest') > 0) ssl.enableCertCb(); } } else { ssl.onhandshakestart = noop; ssl.onhandshakedone = () => { debug('client onhandshakedone'); this._finishInit(); }; ssl.onocspresponse = onocspresponse; if (options.session) ssl.setSession(options.session); ssl.onnewsession = onnewsessionclient; // Only call .onnewsession if there is a session listener. this.on('newListener', newListener); function newListener(event) { if (event !== 'session') return; ssl.enableSessionCallbacks(); // Remove this listener since it's no longer needed. this.removeListener('newListener', newListener); } } if (tlsKeylog) { if (warnOnTlsKeylog) { warnOnTlsKeylog = false; process.emitWarning('Using --tls-keylog makes TLS connections insecure ' + 'by writing secret key material to file ' + tlsKeylog); } this.on('keylog', (line) => { appendFile(tlsKeylog, line, { mode: 0o600 }, (err) => { if (err && warnOnTlsKeylogError) { warnOnTlsKeylogError = false; process.emitWarning('Failed to write TLS keylog (this warning ' + 'will not be repeated): ' + err); } }); }); } ssl.onerror = onerror; // If custom SNICallback was given, or if // there're SNI contexts to perform match against - // set `.onsniselect` callback. if (options.isServer && options.SNICallback && (options.SNICallback !== SNICallback || (options.server && options.server._contexts.length))) { assert(typeof options.SNICallback === 'function'); this._SNICallback = options.SNICallback; ssl.enableCertCb(); } if (options.ALPNProtocols) { // Keep reference in secureContext not to be GC-ed ssl._secureContext.alpnBuffer = options.ALPNProtocols; ssl.setALPNProtocols(ssl._secureContext.alpnBuffer); } if (options.pskCallback && ssl.enablePskCallback) { if (typeof options.pskCallback !== 'function') { throw new ERR_INVALID_ARG_TYPE('pskCallback', 'function', options.pskCallback); } ssl[kOnPskExchange] = options.isServer ? onPskServerCallback : onPskClientCallback; this[kPskCallback] = options.pskCallback; ssl.enablePskCallback(); if (options.pskIdentityHint) { if (typeof options.pskIdentityHint !== 'string') { throw new ERR_INVALID_ARG_TYPE( 'options.pskIdentityHint', 'string', options.pskIdentityHint ); } ssl.setPskIdentityHint(options.pskIdentityHint); } } if (options.handshakeTimeout > 0) this.setTimeout(options.handshakeTimeout, this._handleTimeout); if (socket instanceof net.Socket) { this._parent = socket; // To prevent assertion in afterConnect() and properly kick off readStart this.connecting = socket.connecting || !socket._handle; socket.once('connect', () => { this.connecting = false; this.emit('connect'); }); } // Assume `tls.connect()` if (wrap) { wrap.on('error', (err) => this._emitTLSError(err)); } else { assert(!socket); this.connecting = true; } }; TLSSocket.prototype.renegotiate = function(options, callback) { if (options === null || typeof options !== 'object') throw new ERR_INVALID_ARG_TYPE('options', 'Object', options); if (callback !== undefined && typeof callback !== 'function') throw new ERR_INVALID_CALLBACK(callback); debug('%s renegotiate()', this._tlsOptions.isServer ? 'server' : 'client', 'destroyed?', this.destroyed ); if (this.destroyed) return; let requestCert = !!this._requestCert; let rejectUnauthorized = !!this._rejectUnauthorized; if (options.requestCert !== undefined) requestCert = !!options.requestCert; if (options.rejectUnauthorized !== undefined) rejectUnauthorized = !!options.rejectUnauthorized; if (requestCert !== this._requestCert || rejectUnauthorized !== this._rejectUnauthorized) { this._handle.setVerifyMode(requestCert, rejectUnauthorized); this._requestCert = requestCert; this._rejectUnauthorized = rejectUnauthorized; } // Ensure that we'll cycle through internal openssl's state this.write(''); try { this._handle.renegotiate(); } catch (err) { if (callback) { process.nextTick(callback, err); } return false; } // Ensure that we'll cycle through internal openssl's state this.write(''); if (callback) { this.once('secure', () => callback(null)); } return true; }; TLSSocket.prototype.exportKeyingMaterial = function(length, label, context) { validateUint32(length, 'length', true); validateString(label, 'label'); if (context !== undefined) validateBuffer(context, 'context'); if (!this._secureEstablished) throw new ERR_TLS_INVALID_STATE(); return this._handle.exportKeyingMaterial(length, label, context); }; TLSSocket.prototype.setMaxSendFragment = function setMaxSendFragment(size) { return this._handle.setMaxSendFragment(size) === 1; }; TLSSocket.prototype._handleTimeout = function() { this._emitTLSError(new ERR_TLS_HANDSHAKE_TIMEOUT()); }; TLSSocket.prototype._emitTLSError = function(err) { const e = this._tlsError(err); if (e) this.emit('error', e); }; TLSSocket.prototype._tlsError = function(err) { this.emit('_tlsError', err); if (this._controlReleased) return err; return null; }; TLSSocket.prototype._releaseControl = function() { if (this._controlReleased) return false; this._controlReleased = true; this.removeListener('error', this._tlsError); return true; }; TLSSocket.prototype._finishInit = function() { // Guard against getting onhandshakedone() after .destroy(). // * 1.2: If destroy() during onocspresponse(), then write of next handshake // record fails, the handshake done info callbacks does not occur, and the // socket closes. // * 1.3: The OCSP response comes in the same record that finishes handshake, // so even after .destroy(), the handshake done info callback occurs // immediately after onocspresponse(). Ignore it. if (!this._handle) return; this.alpnProtocol = this._handle.getALPNNegotiatedProtocol(); // The servername could be set by TLSWrap::SelectSNIContextCallback(). if (this.servername === null) { this.servername = this._handle.getServername(); } debug('%s _finishInit', this._tlsOptions.isServer ? 'server' : 'client', 'handle?', !!this._handle, 'alpn', this.alpnProtocol, 'servername', this.servername); this._secureEstablished = true; if (this._tlsOptions.handshakeTimeout > 0) this.setTimeout(0, this._handleTimeout); this.emit('secure'); }; TLSSocket.prototype._start = function() { debug('%s _start', this._tlsOptions.isServer ? 'server' : 'client', 'handle?', !!this._handle, 'connecting?', this.connecting, 'requestOCSP?', !!this._tlsOptions.requestOCSP, ); if (this.connecting) { this.once('connect', this._start); return; } // Socket was destroyed before the connection was established if (!this._handle) return; if (this._tlsOptions.requestOCSP) this._handle.requestOCSP(); this._handle.start(); }; TLSSocket.prototype.setServername = function(name) { validateString(name, 'name'); if (this._tlsOptions.isServer) { throw new ERR_TLS_SNI_FROM_SERVER(); } this._handle.setServername(name); }; TLSSocket.prototype.setSession = function(session) { if (typeof session === 'string') session = Buffer.from(session, 'latin1'); this._handle.setSession(session); }; TLSSocket.prototype.getPeerCertificate = function(detailed) { if (this._handle) { return common.translatePeerCertificate( this._handle.getPeerCertificate(detailed)) || {}; } return null; }; TLSSocket.prototype.getCertificate = function() { if (this._handle) { // It's not a peer cert, but the formatting is identical. return common.translatePeerCertificate( this._handle.getCertificate()) || {}; } return null; }; // Proxy TLSSocket handle methods function makeSocketMethodProxy(name) { return function socketMethodProxy(...args) { if (this._handle) return this._handle[name].apply(this._handle, args); return null; }; } [ 'getCipher', 'getSharedSigalgs', 'getEphemeralKeyInfo', 'getFinished', 'getPeerFinished', 'getProtocol', 'getSession', 'getTLSTicket', 'isSessionReused', 'enableTrace', ].forEach((method) => { TLSSocket.prototype[method] = makeSocketMethodProxy(method); }); // TODO: support anonymous (nocert) function onServerSocketSecure() { if (this._requestCert) { const verifyError = this._handle.verifyError(); if (verifyError) { this.authorizationError = verifyError.code; if (this._rejectUnauthorized) this.destroy(); } else { this.authorized = true; } } if (!this.destroyed && this._releaseControl()) { debug('server emit secureConnection'); this.secureConnecting = false; this._tlsOptions.server.emit('secureConnection', this); } } function onSocketTLSError(err) { if (!this._controlReleased && !this[kErrorEmitted]) { this[kErrorEmitted] = true; debug('server emit tlsClientError:', err); this._tlsOptions.server.emit('tlsClientError', err, this); } } function onSocketKeylog(line) { this._tlsOptions.server.emit('keylog', line, this); } function onSocketClose(err) { // Closed because of error - no need to emit it twice if (err) return; // Emit ECONNRESET if (!this._controlReleased && !this[kErrorEmitted]) { this[kErrorEmitted] = true; const connReset = connResetException('socket hang up'); this._tlsOptions.server.emit('tlsClientError', connReset, this); } } function tlsConnectionListener(rawSocket) { debug('net.Server.on(connection): new TLSSocket'); const socket = new TLSSocket(rawSocket, { secureContext: this._sharedCreds, isServer: true, server: this, requestCert: this.requestCert, rejectUnauthorized: this.rejectUnauthorized, handshakeTimeout: this[kHandshakeTimeout], ALPNProtocols: this.ALPNProtocols, SNICallback: this[kSNICallback] || SNICallback, enableTrace: this[kEnableTrace], pauseOnConnect: this.pauseOnConnect, pskCallback: this[kPskCallback], pskIdentityHint: this[kPskIdentityHint], }); socket.on('secure', onServerSocketSecure); if (this.listenerCount('keylog') > 0) socket.on('keylog', onSocketKeylog); socket[kErrorEmitted] = false; socket.on('close', onSocketClose); socket.on('_tlsError', onSocketTLSError); } // AUTHENTICATION MODES // // There are several levels of authentication that TLS/SSL supports. // Read more about this in "man SSL_set_verify". // // 1. The server sends a certificate to the client but does not request a // cert from the client. This is common for most HTTPS servers. The browser // can verify the identity of the server, but the server does not know who // the client is. Authenticating the client is usually done over HTTP using // login boxes and cookies and stuff. // // 2. The server sends a cert to the client and requests that the client // also send it a cert. The client knows who the server is and the server is // requesting the client also identify themselves. There are several // outcomes: // // A) verifyError returns null meaning the client's certificate is signed // by one of the server's CAs. The server now knows the client's identity // and the client is authorized. // // B) For some reason the client's certificate is not acceptable - // verifyError returns a string indicating the problem. The server can // either (i) reject the client or (ii) allow the client to connect as an // unauthorized connection. // // The mode is controlled by two boolean variables. // // requestCert // If true the server requests a certificate from client connections. For // the common HTTPS case, users will want this to be false, which is what // it defaults to. // // rejectUnauthorized // If true clients whose certificates are invalid for any reason will not // be allowed to make connections. If false, they will simply be marked as // unauthorized but secure communication will continue. By default this is // true. // // // // Options: // - requestCert. Send verify request. Default to false. // - rejectUnauthorized. Boolean, default to true. // - key. string. // - cert: string. // - clientCertEngine: string. // - ca: string or array of strings. // - sessionTimeout: integer. // // emit 'secureConnection' // function (tlsSocket) { } // // "UNABLE_TO_GET_ISSUER_CERT", "UNABLE_TO_GET_CRL", // "UNABLE_TO_DECRYPT_CERT_SIGNATURE", "UNABLE_TO_DECRYPT_CRL_SIGNATURE", // "UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY", "CERT_SIGNATURE_FAILURE", // "CRL_SIGNATURE_FAILURE", "CERT_NOT_YET_VALID" "CERT_HAS_EXPIRED", // "CRL_NOT_YET_VALID", "CRL_HAS_EXPIRED" "ERROR_IN_CERT_NOT_BEFORE_FIELD", // "ERROR_IN_CERT_NOT_AFTER_FIELD", "ERROR_IN_CRL_LAST_UPDATE_FIELD", // "ERROR_IN_CRL_NEXT_UPDATE_FIELD", "OUT_OF_MEM", // "DEPTH_ZERO_SELF_SIGNED_CERT", "SELF_SIGNED_CERT_IN_CHAIN", // "UNABLE_TO_GET_ISSUER_CERT_LOCALLY", "UNABLE_TO_VERIFY_LEAF_SIGNATURE", // "CERT_CHAIN_TOO_LONG", "CERT_REVOKED" "INVALID_CA", // "PATH_LENGTH_EXCEEDED", "INVALID_PURPOSE" "CERT_UNTRUSTED", // "CERT_REJECTED" // function Server(options, listener) { if (!(this instanceof Server)) return new Server(options, listener); if (typeof options === 'function') { listener = options; options = {}; } else if (options == null || typeof options === 'object') { options = options || {}; } else { throw new ERR_INVALID_ARG_TYPE('options', 'Object', options); } this._contexts = []; this.requestCert = options.requestCert === true; this.rejectUnauthorized = options.rejectUnauthorized !== false; if (options.sessionTimeout) this.sessionTimeout = options.sessionTimeout; if (options.ticketKeys) this.ticketKeys = options.ticketKeys; if (options.ALPNProtocols) tls.convertALPNProtocols(options.ALPNProtocols, this); this.setSecureContext(options); this[kHandshakeTimeout] = options.handshakeTimeout || (120 * 1000); this[kSNICallback] = options.SNICallback; this[kPskCallback] = options.pskCallback; this[kPskIdentityHint] = options.pskIdentityHint; if (typeof this[kHandshakeTimeout] !== 'number') { throw new ERR_INVALID_ARG_TYPE( 'options.handshakeTimeout', 'number', options.handshakeTimeout); } if (this[kSNICallback] && typeof this[kSNICallback] !== 'function') { throw new ERR_INVALID_ARG_TYPE( 'options.SNICallback', 'function', options.SNICallback); } if (this[kPskCallback] && typeof this[kPskCallback] !== 'function') { throw new ERR_INVALID_ARG_TYPE( 'options.pskCallback', 'function', options.pskCallback); } if (this[kPskIdentityHint] && typeof this[kPskIdentityHint] !== 'string') { throw new ERR_INVALID_ARG_TYPE( 'options.pskIdentityHint', 'string', options.pskIdentityHint ); } // constructor call net.Server.call(this, options, tlsConnectionListener); if (listener) { this.on('secureConnection', listener); } this[kEnableTrace] = options.enableTrace; } ObjectSetPrototypeOf(Server.prototype, net.Server.prototype); ObjectSetPrototypeOf(Server, net.Server); exports.Server = Server; exports.createServer = function createServer(options, listener) { return new Server(options, listener); }; Server.prototype.setSecureContext = function(options) { if (options === null || typeof options !== 'object') throw new ERR_INVALID_ARG_TYPE('options', 'Object', options); if (options.pfx) this.pfx = options.pfx; else this.pfx = undefined; if (options.key) this.key = options.key; else this.key = undefined; if (options.passphrase) this.passphrase = options.passphrase; else this.passphrase = undefined; if (options.cert) this.cert = options.cert; else this.cert = undefined; if (options.clientCertEngine) this.clientCertEngine = options.clientCertEngine; else this.clientCertEngine = undefined; if (options.ca) this.ca = options.ca; else this.ca = undefined; if (options.minVersion) this.minVersion = options.minVersion; else this.minVersion = undefined; if (options.maxVersion) this.maxVersion = options.maxVersion; else this.maxVersion = undefined; if (options.secureProtocol) this.secureProtocol = options.secureProtocol; else this.secureProtocol = undefined; if (options.crl) this.crl = options.crl; else this.crl = undefined; this.sigalgs = options.sigalgs; if (options.ciphers) this.ciphers = options.ciphers; else this.ciphers = undefined; this.ecdhCurve = options.ecdhCurve; if (options.dhparam) this.dhparam = options.dhparam; else this.dhparam = undefined; if (options.honorCipherOrder !== undefined) this.honorCipherOrder = !!options.honorCipherOrder; else this.honorCipherOrder = true; const secureOptions = options.secureOptions || 0; if (secureOptions) this.secureOptions = secureOptions; else this.secureOptions = undefined; if (options.sessionIdContext) { this.sessionIdContext = options.sessionIdContext; } else { this.sessionIdContext = crypto.createHash('sha1') .update(process.argv.join(' ')) .digest('hex') .slice(0, 32); } if (options.sessionTimeout) this.sessionTimeout = options.sessionTimeout; if (options.ticketKeys) this.ticketKeys = options.ticketKeys; this._sharedCreds = tls.createSecureContext({ pfx: this.pfx, key: this.key, passphrase: this.passphrase, cert: this.cert, clientCertEngine: this.clientCertEngine, ca: this.ca, ciphers: this.ciphers, sigalgs: this.sigalgs, ecdhCurve: this.ecdhCurve, dhparam: this.dhparam, minVersion: this.minVersion, maxVersion: this.maxVersion, secureProtocol: this.secureProtocol, secureOptions: this.secureOptions, honorCipherOrder: this.honorCipherOrder, crl: this.crl, sessionIdContext: this.sessionIdContext, ticketKeys: this.ticketKeys, sessionTimeout: this.sessionTimeout }); }; Server.prototype._getServerData = function() { return { ticketKeys: this.getTicketKeys().toString('hex') }; }; Server.prototype._setServerData = function(data) { this.setTicketKeys(Buffer.from(data.ticketKeys, 'hex')); }; Server.prototype.getTicketKeys = function getTicketKeys() { return this._sharedCreds.context.getTicketKeys(); }; Server.prototype.setTicketKeys = function setTicketKeys(keys) { this._sharedCreds.context.setTicketKeys(keys); }; Server.prototype.setOptions = deprecate(function(options) { this.requestCert = options.requestCert === true; this.rejectUnauthorized = options.rejectUnauthorized !== false; if (options.pfx) this.pfx = options.pfx; if (options.key) this.key = options.key; if (options.passphrase) this.passphrase = options.passphrase; if (options.cert) this.cert = options.cert; if (options.clientCertEngine) this.clientCertEngine = options.clientCertEngine; if (options.ca) this.ca = options.ca; if (options.minVersion) this.minVersion = options.minVersion; if (options.maxVersion) this.maxVersion = options.maxVersion; if (options.secureProtocol) this.secureProtocol = options.secureProtocol; if (options.crl) this.crl = options.crl; if (options.ciphers) this.ciphers = options.ciphers; if (options.ecdhCurve !== undefined) this.ecdhCurve = options.ecdhCurve; if (options.dhparam) this.dhparam = options.dhparam; if (options.sessionTimeout) this.sessionTimeout = options.sessionTimeout; if (options.ticketKeys) this.ticketKeys = options.ticketKeys; const secureOptions = options.secureOptions || 0; if (options.honorCipherOrder !== undefined) this.honorCipherOrder = !!options.honorCipherOrder; else this.honorCipherOrder = true; if (secureOptions) this.secureOptions = secureOptions; if (options.ALPNProtocols) tls.convertALPNProtocols(options.ALPNProtocols, this); if (options.sessionIdContext) { this.sessionIdContext = options.sessionIdContext; } else { this.sessionIdContext = crypto.createHash('sha1') .update(process.argv.join(' ')) .digest('hex') .slice(0, 32); } if (options.pskCallback) this[kPskCallback] = options.pskCallback; if (options.pskIdentityHint) this[kPskIdentityHint] = options.pskIdentityHint; }, 'Server.prototype.setOptions() is deprecated', 'DEP0122'); // SNI Contexts High-Level API Server.prototype.addContext = function(servername, context) { if (!servername) { throw new ERR_TLS_REQUIRED_SERVER_NAME(); } const re = new RegExp('^' + servername.replace(/([.^$+?\-\\[\]{}])/g, '\\$1') .replace(/\*/g, '[^.]*') + '$'); this._contexts.push([re, tls.createSecureContext(context).context]); }; Server.prototype[EE.captureRejectionSymbol] = function( err, event, sock) { switch (event) { case 'secureConnection': sock.destroy(err); break; default: net.Server.prototype[Symbol.for('nodejs.rejection')] .call(this, err, event, sock); } }; function SNICallback(servername, callback) { const contexts = this.server._contexts; for (const elem of contexts) { if (elem[0].test(servername)) { callback(null, elem[1]); return; } } callback(null, undefined); } // Target API: // // let s = tls.connect({port: 8000, host: "google.com"}, function() { // if (!s.authorized) { // s.destroy(); // return; // } // // // s.socket; // // s.end("hello world\n"); // }); // // function normalizeConnectArgs(listArgs) { const args = net._normalizeArgs(listArgs); const options = args[0]; const cb = args[1]; // If args[0] was options, then normalize dealt with it. // If args[0] is port, or args[0], args[1] is host, port, we need to // find the options and merge them in, normalize's options has only // the host/port/path args that it knows about, not the tls options. // This means that options.host overrides a host arg. if (listArgs[1] !== null && typeof listArgs[1] === 'object') { ObjectAssign(options, listArgs[1]); } else if (listArgs[2] !== null && typeof listArgs[2] === 'object') { ObjectAssign(options, listArgs[2]); } return cb ? [options, cb] : [options]; } function onConnectSecure() { const options = this[kConnectOptions]; // Check the size of DHE parameter above minimum requirement // specified in options. const ekeyinfo = this.getEphemeralKeyInfo(); if (ekeyinfo.type === 'DH' && ekeyinfo.size < options.minDHSize) { const err = new ERR_TLS_DH_PARAM_SIZE(ekeyinfo.size); debug('client emit:', err); this.emit('error', err); this.destroy(); return; } let verifyError = this._handle.verifyError(); // Verify that server's identity matches it's certificate's names // Unless server has resumed our existing session if (!verifyError && !this.isSessionReused()) { const hostname = options.servername || options.host || (options.socket && options.socket._host) || 'localhost'; const cert = this.getPeerCertificate(true); verifyError = options.checkServerIdentity(hostname, cert); } if (verifyError) { this.authorized = false; this.authorizationError = verifyError.code || verifyError.message; // rejectUnauthorized property can be explicitly defined as `undefined` // causing the assignment to default value (`true`) fail. Before assigning // it to the tlssock connection options, explicitly check if it is false // and update rejectUnauthorized property. The property gets used by // TLSSocket connection handler to allow or reject connection if // unauthorized. // This check is potentially redundant, however it is better to keep it // in case the option object gets modified somewhere. if (options.rejectUnauthorized !== false) { this.destroy(verifyError); return; } debug('client emit secureConnect. rejectUnauthorized: %s, ' + 'authorizationError: %s', options.rejectUnauthorized, this.authorizationError); this.secureConnecting = false; this.emit('secureConnect'); } else { this.authorized = true; debug('client emit secureConnect. authorized:', this.authorized); this.secureConnecting = false; this.emit('secureConnect'); } this[kIsVerified] = true; const session = this[kPendingSession]; this[kPendingSession] = null; if (session) this.emit('session', session); this.removeListener('end', onConnectEnd); } function onConnectEnd() { // NOTE: This logic is shared with _http_client.js if (!this._hadError) { const options = this[kConnectOptions]; this._hadError = true; const error = connResetException('Client network socket disconnected ' + 'before secure TLS connection was ' + 'established'); error.path = options.path; error.host = options.host; error.port = options.port; error.localAddress = options.localAddress; this.destroy(error); } } // Arguments: [port,] [host,] [options,] [cb] exports.connect = function connect(...args) { args = normalizeConnectArgs(args); let options = args[0]; const cb = args[1]; const allowUnauthorized = getAllowUnauthorized(); options = { rejectUnauthorized: !allowUnauthorized, ciphers: tls.DEFAULT_CIPHERS, checkServerIdentity: tls.checkServerIdentity, minDHSize: 1024, ...options }; if (!options.keepAlive) options.singleUse = true; assert(typeof options.checkServerIdentity === 'function'); assert(typeof options.minDHSize === 'number', 'options.minDHSize is not a number: ' + options.minDHSize); assert(options.minDHSize > 0, 'options.minDHSize is not a positive number: ' + options.minDHSize); const context = options.secureContext || tls.createSecureContext(options); const tlssock = new TLSSocket(options.socket, { allowHalfOpen: options.allowHalfOpen, pipe: !!options.path, secureContext: context, isServer: false, requestCert: true, rejectUnauthorized: options.rejectUnauthorized !== false, session: options.session, ALPNProtocols: options.ALPNProtocols, requestOCSP: options.requestOCSP, enableTrace: options.enableTrace, pskCallback: options.pskCallback, }); // rejectUnauthorized property can be explicitly defined as `undefined` // causing the assignment to default value (`true`) fail. Before assigning // it to the tlssock connection options, explicitly check if it is false // and update rejectUnauthorized property. The property gets used by TLSSocket // connection handler to allow or reject connection if unauthorized options.rejectUnauthorized = options.rejectUnauthorized !== false; tlssock[kConnectOptions] = options; if (cb) tlssock.once('secureConnect', cb); if (!options.socket) { // If user provided the socket, it's their responsibility to manage its // connectivity. If we created one internally, we connect it. if (options.timeout) { tlssock.setTimeout(options.timeout); } tlssock.connect(options, tlssock._start); } tlssock._releaseControl(); if (options.session) tlssock.setSession(options.session); if (options.servername) { if (!ipServernameWarned && net.isIP(options.servername)) { process.emitWarning( 'Setting the TLS ServerName to an IP address is not permitted by ' + 'RFC 6066. This will be ignored in a future version.', 'DeprecationWarning', 'DEP0123' ); ipServernameWarned = true; } tlssock.setServername(options.servername); } if (options.socket) tlssock._start(); tlssock.on('secure', onConnectSecure); tlssock.once('end', onConnectEnd); return tlssock; };