diff options
Diffstat (limited to 'lib/crypto.js')
| -rw-r--r-- | lib/crypto.js | 121 |
1 files changed, 121 insertions, 0 deletions
diff --git a/lib/crypto.js b/lib/crypto.js index 2f0a00b15..602f0d567 100644 --- a/lib/crypto.js +++ b/lib/crypto.js @@ -58,6 +58,127 @@ exports._toBuf = toBuf; var assert = require('assert'); var StringDecoder = require('string_decoder').StringDecoder; +var CONTEXT_DEFAULT_OPTIONS = undefined; + +function getSecureOptions(secureProtocol, secureOptions) { + if (CONTEXT_DEFAULT_OPTIONS === undefined) { + CONTEXT_DEFAULT_OPTIONS = 0; + + if (!binding.SSL3_ENABLE) + CONTEXT_DEFAULT_OPTIONS |= constants.SSL_OP_NO_SSLv3; + + if (!binding.SSL2_ENABLE) + CONTEXT_DEFAULT_OPTIONS |= constants.SSL_OP_NO_SSLv2; + } + + if (secureOptions === undefined) { + if (secureProtocol === undefined || + secureProtocol === 'SSLv23_method' || + secureProtocol === 'SSLv23_server_method' || + secureProtocol === 'SSLv23_client_method') { + secureOptions |= CONTEXT_DEFAULT_OPTIONS; + } + } + + return secureOptions; +} +exports._getSecureOptions = getSecureOptions; + + +function Credentials(secureProtocol, flags, context) { + if (!(this instanceof Credentials)) { + return new Credentials(secureProtocol, flags, context); + } + + if (!crypto) { + throw new Error('node.js not compiled with openssl crypto support.'); + } + + if (context) { + this.context = context; + } else { + this.context = new SecureContext(); + + if (secureProtocol) { + this.context.init(secureProtocol); + } else { + this.context.init(); + } + } + + flags = getSecureOptions(secureProtocol, flags); + + this.context.setOptions(flags); +} + +exports.Credentials = Credentials; + + +exports.createCredentials = function(options, context) { + if (!options) options = {}; + + var c = new Credentials(options.secureProtocol, + options.secureOptions, + context); + + if (context) return c; + + if (options.key) { + if (options.passphrase) { + c.context.setKey(options.key, options.passphrase); + } else { + c.context.setKey(options.key); + } + } + + if (options.cert) c.context.setCert(options.cert); + + if (options.ciphers) c.context.setCiphers(options.ciphers); + + if (options.ca) { + if (Array.isArray(options.ca)) { + for (var i = 0, len = options.ca.length; i < len; i++) { + c.context.addCACert(options.ca[i]); + } + } else { + c.context.addCACert(options.ca); + } + } else { + c.context.addRootCerts(); + } + + if (options.crl) { + if (Array.isArray(options.crl)) { + for (var i = 0, len = options.crl.length; i < len; i++) { + c.context.addCRL(options.crl[i]); + } + } else { + c.context.addCRL(options.crl); + } + } + + if (options.sessionIdContext) { + c.context.setSessionIdContext(options.sessionIdContext); + } + + if (options.pfx) { + var pfx = options.pfx; + var passphrase = options.passphrase; + + pfx = toBuf(pfx); + if (passphrase) + passphrase = toBuf(passphrase); + + if (passphrase) { + c.context.loadPKCS12(pfx, passphrase); + } else { + c.context.loadPKCS12(pfx); + } + } + + return c; +}; + function LazyTransform(options) { this._options = options; |