tls: move legacy code into own file

PR-URL: #39333 Reviewed-By: Matteo Collina <[email protected]> Reviewed-By: Antoine du Hamel <[email protected]>

Author: ronag

lib/_tls_common.js

@@ -52,8 +52,11 @@ const{
 
 const{
  configSecureContext,
+}=require('internal/tls/secure-context');
+
+const{
  parseCertString,
-}=require('internal/tls');
+}=require('internal/tls/parse-cert-string');
 
 functiontoV(which,v,def){
 if(v==null)v=def;

lib/internal/streams/duplexpair.js

@@ -0,0 +1,35 @@
+'use strict';
+
+const{
+ ArrayIsArray,
+ ArrayPrototypeForEach,
+ ArrayPrototypePush,
+ StringPrototypeIndexOf,
+ StringPrototypeSlice,
+ StringPrototypeSplit,
+ ObjectCreate,
+}=primordials;
+
+// Example:
+// C=US\nST=CA\nL=SF\nO=Joyent\nOU=Node.js\nCN=ca1\[email protected]
+functionparseCertString(s){
+constout=ObjectCreate(null);
+ArrayPrototypeForEach(StringPrototypeSplit(s,'\n'),(part)=>{
+constsepIndex=StringPrototypeIndexOf(part,'=');
+if(sepIndex>0){
+constkey=StringPrototypeSlice(part,0,sepIndex);
+constvalue=StringPrototypeSlice(part,sepIndex+1);
+if(keyinout){
+if(!ArrayIsArray(out[key])){
+out[key]=[out[key]];
+}
+ArrayPrototypePush(out[key],value);
+}else{
+out[key]=value;
+}
+}
+});
+returnout;
+}
+
+exports.parseCertString=parseCertString;

lib/internal/tls/parse-cert-string.js

@@ -5,12 +5,8 @@ const{
  ArrayPrototypeFilter,
  ArrayPrototypeForEach,
  ArrayPrototypeJoin,
- ArrayPrototypePush,
- StringPrototypeIndexOf,
- StringPrototypeSlice,
  StringPrototypeSplit,
  StringPrototypeStartsWith,
- ObjectCreate,
 }=primordials;
 
 const{
@@ -42,28 +38,6 @@ const{
 },
 }=internalBinding('constants');
 
-// Example:
-// C=US\nST=CA\nL=SF\nO=Joyent\nOU=Node.js\nCN=ca1\[email protected]
-functionparseCertString(s){
-constout=ObjectCreate(null);
-ArrayPrototypeForEach(StringPrototypeSplit(s,'\n'),(part)=>{
-constsepIndex=StringPrototypeIndexOf(part,'=');
-if(sepIndex>0){
-constkey=StringPrototypeSlice(part,0,sepIndex);
-constvalue=StringPrototypeSlice(part,sepIndex+1);
-if(keyinout){
-if(!ArrayIsArray(out[key])){
-out[key]=[out[key]];
-}
-ArrayPrototypePush(out[key],value);
-}else{
-out[key]=value;
-}
-}
-});
-returnout;
-}
-
 functiongetDefaultEcdhCurve(){
 // We do it this way because DEFAULT_ECDH_CURVE can be
 // changed by users, so we need to grab the current
@@ -340,5 +314,4 @@ function configSecureContext(context, options ={}, name = 'options'){
 
 module.exports={
  configSecureContext,
- parseCertString,
 };

lib/internal/tls.js lib/internal/tls/secure-context.jslib/internal/tls.js renamed to lib/internal/tls/secure-context.js

@@ -0,0 +1,86 @@
+'use strict';
+
+constEventEmitter=require('events');
+const{ Duplex }=require('stream');
+const_tls_wrap=require('_tls_wrap');
+const_tls_common=require('_tls_common');
+
+const{
+ Symbol,
+ ReflectConstruct,
+}=primordials;
+
+constkCallback=Symbol('Callback');
+constkOtherSide=Symbol('Other');
+
+classDuplexSocketextendsDuplex{
+constructor(){
+super();
+this[kCallback]=null;
+this[kOtherSide]=null;
+}
+
+_read(){
+constcallback=this[kCallback];
+if(callback){
+this[kCallback]=null;
+callback();
+}
+}
+
+_write(chunk,encoding,callback){
+if(chunk.length===0){
+process.nextTick(callback);
+}else{
+this[kOtherSide].push(chunk);
+this[kOtherSide][kCallback]=callback;
+}
+}
+
+_final(callback){
+this[kOtherSide].on('end',callback);
+this[kOtherSide].push(null);
+}
+}
+
+classDuplexPair{
+constructor(){
+this.socket1=newDuplexSocket();
+this.socket2=newDuplexSocket();
+this.socket1[kOtherSide]=this.socket2;
+this.socket2[kOtherSide]=this.socket1;
+}
+}
+
+classSecurePairextendsEventEmitter{
+constructor(secureContext=_tls_common.createSecureContext(),
+isServer=false,
+requestCert=!isServer,
+rejectUnauthorized=false,
+options={}){
+super();
+const{ socket1, socket2 }=newDuplexPair();
+
+this.server=options.server;
+this.credentials=secureContext;
+
+this.encrypted=socket1;
+this.cleartext=new_tls_wrap.TLSSocket(socket2,{
+ secureContext,
+ isServer,
+ requestCert,
+ rejectUnauthorized,
+ ...options
+});
+this.cleartext.once('secure',()=>this.emit('secure'));
+}
+
+destroy(){
+this.cleartext.destroy();
+this.encrypted.destroy();
+}
+}
+
+exports.createSecurePair=functioncreateSecurePair(...args){
+returnReflectConstruct(SecurePair,args);
+};

lib/internal/tls/secure-pair.js

@@ -32,7 +32,6 @@ const{
  ArrayPrototypeSome,
  ObjectDefineProperty,
  ObjectFreeze,
- ReflectConstruct,
  RegExpPrototypeTest,
  StringFromCharCode,
  StringPrototypeCharCodeAt,
@@ -50,19 +49,18 @@ const{
 }=require('internal/errors').codes;
 constinternalUtil=require('internal/util');
 internalUtil.assertCrypto();
-constinternalTLS=require('internal/tls');
 const{ isArrayBufferView }=require('internal/util/types');
 
 constnet=require('net');
 const{ getOptionValue }=require('internal/options');
 const{ getRootCertificates, getSSLCiphers }=internalBinding('crypto');
 const{ Buffer }=require('buffer');
-constEventEmitter=require('events');
 const{URL}=require('internal/url');
-constDuplexPair=require('internal/streams/duplexpair');
 const{ canonicalizeIP }=internalBinding('cares_wrap');
 const_tls_common=require('_tls_common');
 const_tls_wrap=require('_tls_wrap');
+const{ createSecurePair }=require('internal/tls/secure-pair');
+const{ parseCertString }=require('internal/tls/parse-cert-string');
 
 // Allow{CLIENT_RENEG_LIMIT} client-initiated session renegotiations
 // every{CLIENT_RENEG_WINDOW} seconds. An error event is emitted if more
@@ -300,53 +298,20 @@ exports.checkServerIdentity = function checkServerIdentity(hostname, cert){
 }
 };
 
-
-classSecurePairextendsEventEmitter{
-constructor(secureContext=exports.createSecureContext(),
-isServer=false,
-requestCert=!isServer,
-rejectUnauthorized=false,
-options={}){
-super();
-const{ socket1, socket2 }=newDuplexPair();
-
-this.server=options.server;
-this.credentials=secureContext;
-
-this.encrypted=socket1;
-this.cleartext=newexports.TLSSocket(socket2,{
- secureContext,
- isServer,
- requestCert,
- rejectUnauthorized,
- ...options
-});
-this.cleartext.once('secure',()=>this.emit('secure'));
-}
-
-destroy(){
-this.cleartext.destroy();
-this.encrypted.destroy();
-}
-}
-
-
-exports.parseCertString=internalUtil.deprecate(
-internalTLS.parseCertString,
-'tls.parseCertString() is deprecated. '+
-'Please use querystring.parse() instead.',
-'DEP0076');
-
 exports.createSecureContext=_tls_common.createSecureContext;
 exports.SecureContext=_tls_common.SecureContext;
 exports.TLSSocket=_tls_wrap.TLSSocket;
 exports.Server=_tls_wrap.Server;
 exports.createServer=_tls_wrap.createServer;
 exports.connect=_tls_wrap.connect;
 
+exports.parseCertString=internalUtil.deprecate(
+parseCertString,
+'tls.parseCertString() is deprecated. '+
+'Please use querystring.parse() instead.',
+'DEP0076');
+
 exports.createSecurePair=internalUtil.deprecate(
-functioncreateSecurePair(...args){
-returnReflectConstruct(SecurePair,args);
-},
+createSecurePair,
 'tls.createSecurePair() is deprecated. Please use '+
 'tls.TLSSocket instead.','DEP0064');

lib/tls.js

@@ -99,7 +99,9 @@ void NativeModuleLoader::InitializeModuleCategories(){
 "tls",
 "_tls_common",
 "_tls_wrap",
-"internal/tls",
+"internal/tls/secure-pair",
+"internal/tls/parse-cert-string",
+"internal/tls/secure-context",
 "internal/http2/core",
 "internal/http2/compat",
 "internal/policy/manifest",

src/node_native_module.cc

@@ -11,7 +11,7 @@ const{
 }=require('../common/hijackstdio');
 constassert=require('assert');
 // Flags: --expose-internals
-constinternalTLS=require('internal/tls');
+const{ parseCertString }=require('internal/tls/parse-cert-string');
 consttls=require('tls');
 
 constnoOutput=common.mustNotCall();
@@ -20,7 +20,7 @@ hijackStderr(noOutput);
 {
 constsingles='C=US\nST=CA\nL=SF\nO=Node.js Foundation\nOU=Node.js\n'+
 'CN=ca1\[email protected]';
-constsinglesOut=internalTLS.parseCertString(singles);
+constsinglesOut=parseCertString(singles);
 assert.deepStrictEqual(singlesOut,{
 __proto__: null,
 C: 'US',
@@ -36,7 +36,7 @@ hijackStderr(noOutput);
 {
 constdoubles='OU=Domain Control Validated\nOU=PositiveSSL Wildcard\n'+
 'CN=*.nodejs.org';
-constdoublesOut=internalTLS.parseCertString(doubles);
+constdoublesOut=parseCertString(doubles);
 assert.deepStrictEqual(doublesOut,{
 __proto__: null,
 OU: ['Domain Control Validated','PositiveSSL Wildcard'],
@@ -46,7 +46,7 @@ hijackStderr(noOutput);
 
 {
 constinvalid='fhqwhgads';
-constinvalidOut=internalTLS.parseCertString(invalid);
+constinvalidOut=parseCertString(invalid);
 assert.deepStrictEqual(invalidOut,{__proto__: null});
 }
 
@@ -55,7 +55,7 @@ hijackStderr(noOutput);
 constexpected=Object.create(null);
 expected.__proto__='mostly harmless';
 expected.hasOwnProperty='not a function';
-assert.deepStrictEqual(internalTLS.parseCertString(input),expected);
+assert.deepStrictEqual(parseCertString(input),expected);
 }
 
 restoreStderr();