File Explorer

/proc/self/root/var/runtime/node_modules/@aws-sdk/node_modules/aws-crt/dist/native
This explorer reads the filesystem of the server it runs on, so /workspace/user isn't present here. Browsing and the terminal still work against this server's own disk from /.
0 dirs
54 files
io.js19.0 KB · 465 lines
1"use strict";2/*3 * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.4 * SPDX-License-Identifier: Apache-2.0.5 */6var __importDefault = (this && this.__importDefault) || function (mod) {7    return (mod && mod.__esModule) ? mod : { "default": mod };8};9Object.defineProperty(exports, "__esModule", { value: true });10exports.Pkcs11Lib = exports.TlsConnectionOptions = exports.ServerTlsContext = exports.ClientTlsContext = exports.TlsContext = exports.TlsContextOptions = exports.tls_cipher_preference_is_supported = exports.TlsCipherPreference = exports.SocketOptions = exports.ClientBootstrap = exports.InputStream = exports.is_alpn_available = exports.enable_logging = exports.error_code_to_name = exports.error_code_to_string = exports.SocketDomain = exports.SocketType = exports.TlsVersion = exports.LogLevel = exports.setLogLevel = void 0;11/**12 *13 * A module containing a grab bag of support for core network I/O functionality, including sockets, TLS, DNS, logging,14 * error handling, streams, and connection -> thread mapping.15 *16 * Categories include:17 * - Network: socket configuration18 * - TLS: tls configuration19 * - Logging: logging controls and configuration20 * - IO: everything else21 *22 * @packageDocumentation23 * @module io24 * @mergeTarget25 */26const binding_1 = __importDefault(require("./binding"));27const native_resource_1 = require("./native_resource");28const io_1 = require("../common/io");29// Do not re-export the logging functions in common; they are package-private30var io_2 = require("../common/io");31Object.defineProperty(exports, "setLogLevel", { enumerable: true, get: function () { return io_2.setLogLevel; } });32Object.defineProperty(exports, "LogLevel", { enumerable: true, get: function () { return io_2.LogLevel; } });33Object.defineProperty(exports, "TlsVersion", { enumerable: true, get: function () { return io_2.TlsVersion; } });34Object.defineProperty(exports, "SocketType", { enumerable: true, get: function () { return io_2.SocketType; } });35Object.defineProperty(exports, "SocketDomain", { enumerable: true, get: function () { return io_2.SocketDomain; } });36const error_1 = require("./error");37/**38 * Convert a native error code into a human-readable string39 * @param error_code - An error code returned from a native API call, or delivered40 * via callback.41 * @returns Long-form description of the error42 * @see CrtError43 *44 * nodejs only.45 *46 * @category System47 */48function error_code_to_string(error_code) {49    return binding_1.default.error_code_to_string(error_code);50}51exports.error_code_to_string = error_code_to_string;52/**53 * Convert a native error code into a human-readable identifier54 * @param error_code - An error code returned from a native API call, or delivered55 * via callback.56 * @return error name as a string57 * @see CrtError58 *59 * nodejs only.60 *61 * @category System62 */63function error_code_to_name(error_code) {64    return binding_1.default.error_code_to_name(error_code);65}66exports.error_code_to_name = error_code_to_name;67/**68 * Enables logging of the native AWS CRT libraries.69 * @param level - The logging level to filter to. It is not possible to log less than WARN.70 *71 * nodejs only.72 * @category Logging73 */74function enable_logging(level) {75    binding_1.default.io_logging_enable(level);76    (0, io_1.setLogLevel)(level);77}78exports.enable_logging = enable_logging;79/**80 * Returns true if ALPN is available on this platform natively81 * @return true if ALPN is supported natively, false otherwise82 *83 * nodejs only.84 * @category TLS85*/86function is_alpn_available() {87    return binding_1.default.is_alpn_available();88}89exports.is_alpn_available = is_alpn_available;90/**91 * Wraps a ```Readable``` for reading by native code, used to stream92 *  data into the AWS CRT libraries.93 *94 * nodejs only.95 * @category IO96 */97class InputStream extends native_resource_1.NativeResource {98    constructor(source) {99        super(binding_1.default.io_input_stream_new(16 * 1024));100        this.source = source;101        this.source.on('data', (data) => {102            data = Buffer.isBuffer(data) ? data : Buffer.from(data.toString());103            binding_1.default.io_input_stream_append(this.native_handle(), data);104        });105        this.source.on('end', () => {106            binding_1.default.io_input_stream_append(this.native_handle(), undefined);107        });108    }109}110exports.InputStream = InputStream;111/**112 * Represents native resources required to bootstrap a client connection113 * Things like a host resolver, event loop group, etc. There should only need114 * to be 1 of these per application, in most cases.115 *116 * nodejs only.117 * @category IO118 */119class ClientBootstrap extends native_resource_1.NativeResource {120    constructor() {121        super(binding_1.default.io_client_bootstrap_new());122    }123}124exports.ClientBootstrap = ClientBootstrap;125/**126 * Standard Berkeley socket style options.127 *128 * nodejs only.129 * @category Network130*/131class SocketOptions extends native_resource_1.NativeResource {132    constructor(type = io_1.SocketType.STREAM, domain = io_1.SocketDomain.IPV6, connect_timeout_ms = 5000, keepalive = false, keep_alive_interval_sec = 0, keep_alive_timeout_sec = 0, keep_alive_max_failed_probes = 0) {133        super(binding_1.default.io_socket_options_new(type, domain, connect_timeout_ms, keep_alive_interval_sec, keep_alive_timeout_sec, keep_alive_max_failed_probes, keepalive));134    }135}136exports.SocketOptions = SocketOptions;137/**138 * Each TlsCipherPreference represents an ordered list of TLS Ciphers to use when negotiating a TLS Connection. At139 * present, the ability to configure arbitrary orderings of TLS Ciphers is not allowed, and only a curated list of140 * vetted TlsCipherPref's are exposed.141 */142var TlsCipherPreference;143(function (TlsCipherPreference) {144    /**145     * The underlying platform's default TLS Cipher Preference ordering. This is usually the best option, as it will be146     * automatically updated as the underlying OS or platform changes, and will always be supported on all platforms.147     */148    TlsCipherPreference[TlsCipherPreference["Default"] = 0] = "Default";149    /**150     * A TLS Cipher Preference ordering that supports TLS 1.0 through TLS 1.3, and has Kyber Round 3 as its highest151     * priority post-quantum key exchange algorithm. PQ algorithms in this preference list will always be used in hybrid152     * mode, and will be combined with a classical ECDHE key exchange that is performed in addition to the PQ key153     * exchange. This preference makes a best-effort to negotiate a PQ algorithm, but if the peer does not support any154     * PQ algorithms the TLS connection will fall back to a single classical algorithm for key exchange (such as ECDHE155     * or RSA).156     * NIST has announced that they plan to eventually standardize Kyber. However, the NIST standardization process might157     * introduce minor changes that could cause the final Kyber standard to differ from the Kyber Round 3 implementation158     * available in this preference list.159     */160    TlsCipherPreference[TlsCipherPreference["PQ_TLSv1_0_2021_05"] = 6] = "PQ_TLSv1_0_2021_05";161    /**162     * Recommended default policy with post-quantum algorithm support. This policy may change over time.163     */164    TlsCipherPreference[TlsCipherPreference["PQ_Default"] = 8] = "PQ_Default";165    /**166     * A TLS Cipher Preference ordering that supports TLS 1.2 through TLS 1.3, and does not include CBC cipher suites.167     * It is FIPS-complaint.168     */169    TlsCipherPreference[TlsCipherPreference["TLSv1_2_2025_07"] = 9] = "TLSv1_2_2025_07";170})(TlsCipherPreference = exports.TlsCipherPreference || (exports.TlsCipherPreference = {}));171/**172 * Returns true if the supplied TlsCipherPreference is supported on the current platform, false otherwise.173 *174 * @param tls_cipher_preference - cipher preference to check support for175 *176 * nodejs only.177 * @category TLS178 */179function tls_cipher_preference_is_supported(tls_cipher_preference) {180    return binding_1.default.io_tls_cipher_preference_is_supported(tls_cipher_preference);181}182exports.tls_cipher_preference_is_supported = tls_cipher_preference_is_supported;183/**184 * Options for creating a {@link ClientTlsContext} or {@link ServerTlsContext}.185 *186 * nodejs only.187 * @category TLS188 */189class TlsContextOptions {190    constructor() {191        /** Minimum version of TLS to support. Uses OS/system default if unspecified. */192        this.min_tls_version = io_1.TlsVersion.Default;193        /** List of ALPN protocols to be used on platforms which support ALPN */194        this.alpn_list = [];195        /**196         * In client mode, this turns off x.509 validation. Don't do this unless you are testing.197         * It is much better to just override the default trust store and pass the self-signed198         * certificate as the ca_file argument.199         *200         * In server mode (ServerTlsContext), this defaults to false. If you want to enforce mutual TLS on the server,201         * set this to true.202         */203        this.verify_peer = true;204    }205    /**206     * Overrides the default system trust store.207     * @param ca_dirpath - Only used on Unix-style systems where all trust anchors are208     * stored in a directory (e.g. /etc/ssl/certs).209     * @param ca_filepath - Single file containing all trust CAs, in PEM format210     */211    override_default_trust_store_from_path(ca_dirpath, ca_filepath) {212        this.ca_dirpath = ca_dirpath;213        this.ca_filepath = ca_filepath;214    }215    /**216     * Overrides the default system trust store.217     * @param certificate_authority - String containing all trust CAs, in PEM format218     */219    override_default_trust_store(certificate_authority) {220        this.certificate_authority = certificate_authority;221    }222    /**223     * Create options configured for mutual TLS in client mode,224     * with client certificate and private key provided as in-memory strings.225     * @param certificate - Client certificate file contents, in PEM format226     * @param private_key - Client private key file contents, in PEM format227     *228     * @returns newly configured TlsContextOptions object229     */230    static create_client_with_mtls(certificate, private_key) {231        let opt = new TlsContextOptions();232        opt.certificate = certificate;233        opt.private_key = private_key;234        opt.verify_peer = true;235        return opt;236    }237    /**238     * Create options configured for mutual TLS in client mode,239     * with client certificate and private key provided via filepath.240     * @param certificate_filepath - Path to client certificate, in PEM format241     * @param private_key_filepath - Path to private key, in PEM format242     *243     * @returns newly configured TlsContextOptions object244     */245    static create_client_with_mtls_from_path(certificate_filepath, private_key_filepath) {246        let opt = new TlsContextOptions();247        opt.certificate_filepath = certificate_filepath;248        opt.private_key_filepath = private_key_filepath;249        opt.verify_peer = true;250        return opt;251    }252    /**253     * Create options for mutual TLS in client mode,254     * with client certificate and private key bundled in a single PKCS#12 file.255     * @param pkcs12_filepath - Path to PKCS#12 file containing client certificate and private key.256     * @param pkcs12_password - PKCS#12 password257     *258     * @returns newly configured TlsContextOptions object259    */260    static create_client_with_mtls_pkcs12_from_path(pkcs12_filepath, pkcs12_password) {261        let opt = new TlsContextOptions();262        opt.pkcs12_filepath = pkcs12_filepath;263        opt.pkcs12_password = pkcs12_password;264        opt.verify_peer = true;265        return opt;266    }267    /**268     * @deprecated Renamed [[create_client_with_mtls_pkcs12_from_path]]269     */270    static create_client_with_mtls_pkcs_from_path(pkcs12_filepath, pkcs12_password) {271        return this.create_client_with_mtls_pkcs12_from_path(pkcs12_filepath, pkcs12_password);272    }273    /**274     * Create options configured for mutual TLS in client mode,275     * using a PKCS#11 library for private key operations.276     *277     * NOTE: This configuration only works on Unix devices.278     *279     * @param options - PKCS#11 options280     *281     * @returns newly configured TlsContextOptions object282     */283    static create_client_with_mtls_pkcs11(options) {284        let opt = new TlsContextOptions();285        opt.pkcs11_options = options;286        opt.verify_peer = true;287        return opt;288    }289    /**290     * Create options configured for mutual TLS in client mode,291     * using a certificate in a Windows certificate store.292     *293     * NOTE: Windows only.294     *295     * @param certificate_path - Path to certificate in a Windows certificate store.296     *      The path must use backslashes and end with the certificate's thumbprint.297     *      Example: `CurrentUser\MY\A11F8A9B5DF5B98BA3508FBCA575D09570E0D2C6`298     */299    static create_client_with_mtls_windows_cert_store_path(certificate_path) {300        let opt = new TlsContextOptions();301        opt.windows_cert_store_path = certificate_path;302        opt.verify_peer = true;303        return opt;304    }305    /**306     * Creates TLS context with peer verification disabled, along with a certificate and private key307     * @param certificate_filepath - Path to certificate, in PEM format308     * @param private_key_filepath - Path to private key, in PEM format309     *310     * @returns newly configured TlsContextOptions object311     */312    static create_server_with_mtls_from_path(certificate_filepath, private_key_filepath) {313        let opt = new TlsContextOptions();314        opt.certificate_filepath = certificate_filepath;315        opt.private_key_filepath = private_key_filepath;316        opt.verify_peer = false;317        return opt;318    }319    /**320     * Creates TLS context with peer verification disabled, along with a certificate and private key321     * in PKCS#12 format322     * @param pkcs12_filepath - Path to certificate, in PKCS#12 format323     * @param pkcs12_password - PKCS#12 Password324     *325     * @returns newly configured TlsContextOptions object326     */327    static create_server_with_mtls_pkcs_from_path(pkcs12_filepath, pkcs12_password) {328        let opt = new TlsContextOptions();329        opt.pkcs12_filepath = pkcs12_filepath;330        opt.pkcs12_password = pkcs12_password;331        opt.verify_peer = false;332        return opt;333    }334}335exports.TlsContextOptions = TlsContextOptions;336/**337 * Abstract base TLS context used for client/server TLS communications over sockets.338 *339 * @see ClientTlsContext340 * @see ServerTlsContext341 *342 * nodejs only.343 * @category TLS344 */345class TlsContext extends native_resource_1.NativeResource {346    constructor(ctx_opt) {347        if (ctx_opt == null || ctx_opt == undefined) {348            throw new error_1.CrtError("TlsContext constructor: ctx_opt not defined");349        }350        super(binding_1.default.io_tls_ctx_new(ctx_opt.min_tls_version, ctx_opt.ca_filepath, ctx_opt.ca_dirpath, ctx_opt.certificate_authority, (ctx_opt.alpn_list && ctx_opt.alpn_list.length > 0) ? ctx_opt.alpn_list.join(';') : undefined, ctx_opt.certificate_filepath, ctx_opt.certificate, ctx_opt.private_key_filepath, ctx_opt.private_key, ctx_opt.pkcs12_filepath, ctx_opt.pkcs12_password, ctx_opt.pkcs11_options, ctx_opt.windows_cert_store_path, ctx_opt.tls_cipher_preference, ctx_opt.verify_peer));351    }352}353exports.TlsContext = TlsContext;354/**355 * TLS context used for client TLS communications over sockets. If no356 * options are supplied, the context will default to enabling peer verification357 * only.358 *359 * nodejs only.360 * @category TLS361 */362class ClientTlsContext extends TlsContext {363    constructor(ctx_opt) {364        if (!ctx_opt) {365            ctx_opt = new TlsContextOptions();366            ctx_opt.verify_peer = true;367        }368        super(ctx_opt);369    }370}371exports.ClientTlsContext = ClientTlsContext;372/**373 * TLS context used for server TLS communications over sockets. If no374 * options are supplied, the context will default to disabling peer verification375 * only.376 *377 * nodejs only.378 * @category TLS379 */380class ServerTlsContext extends TlsContext {381    constructor(ctx_opt) {382        if (!ctx_opt) {383            ctx_opt = new TlsContextOptions();384            ctx_opt.verify_peer = false;385        }386        super(ctx_opt);387    }388}389exports.ServerTlsContext = ServerTlsContext;390/**391 * TLS options that are unique to a given connection using a shared TlsContext.392 *393 * nodejs only.394 * @category TLS395 */396class TlsConnectionOptions extends native_resource_1.NativeResource {397    constructor(tls_ctx, server_name, alpn_list = []) {398        if (tls_ctx == null || tls_ctx == undefined) {399            throw new error_1.CrtError("TlsConnectionOptions constructor: tls_ctx not defined");400        }401        super(binding_1.default.io_tls_connection_options_new(tls_ctx.native_handle(), server_name, (alpn_list && alpn_list.length > 0) ? alpn_list.join(';') : undefined));402        this.tls_ctx = tls_ctx;403        this.server_name = server_name;404        this.alpn_list = alpn_list;405    }406}407exports.TlsConnectionOptions = TlsConnectionOptions;408/**409 * Handle to a loaded PKCS#11 library.410 *411 * For most use cases, a single instance of Pkcs11Lib should be used412 * for the lifetime of your application.413 *414 * nodejs only.415 * @category TLS416 */417class Pkcs11Lib extends native_resource_1.NativeResource {418    /**419     * @param path - Path to PKCS#11 library.420     * @param behavior - Specifies how `C_Initialize()` and `C_Finalize()`421     *                   will be called on the PKCS#11 library.422     */423    constructor(path, behavior = Pkcs11Lib.InitializeFinalizeBehavior.DEFAULT) {424        super(binding_1.default.io_pkcs11_lib_new(path, behavior));425    }426    /**427     * Release the PKCS#11 library immediately, without waiting for the GC.428     */429    close() {430        binding_1.default.io_pkcs11_lib_close(this.native_handle());431    }432}433exports.Pkcs11Lib = Pkcs11Lib;434(function (Pkcs11Lib) {435    /**436     * Controls `C_Initialize()` and `C_Finalize()` are called on the PKCS#11 library.437     */438    let InitializeFinalizeBehavior;439    (function (InitializeFinalizeBehavior) {440        /**441         * Default behavior that accommodates most use cases.442         *443         * `C_Initialize()` is called on creation, and "already-initialized"444         * errors are ignored. `C_Finalize()` is never called, just in case445         * another part of your application is still using the PKCS#11 library.446         */447        InitializeFinalizeBehavior[InitializeFinalizeBehavior["DEFAULT"] = 0] = "DEFAULT";448        /**449         * Skip calling `C_Initialize()` and `C_Finalize()`.450         *451         * Use this if your application has already initialized the PKCS#11 library,452         * and you do not want `C_Initialize()` called again.453         */454        InitializeFinalizeBehavior[InitializeFinalizeBehavior["OMIT"] = 1] = "OMIT";455        /**456         * `C_Initialize()` is called on creation and `C_Finalize()` is called on cleanup.457         *458         * If `C_Initialize()` reports that's it's already initialized, this is459         * treated as an error. Use this if you need perfect cleanup (ex: running460         * valgrind with --leak-check).461         */462        InitializeFinalizeBehavior[InitializeFinalizeBehavior["STRICT"] = 2] = "STRICT";463    })(InitializeFinalizeBehavior = Pkcs11Lib.InitializeFinalizeBehavior || (Pkcs11Lib.InitializeFinalizeBehavior = {}));464})(Pkcs11Lib = exports.Pkcs11Lib || (exports.Pkcs11Lib = {}));465//# sourceMappingURL=io.js.map