function Server() {
var options, self = this;
this.sessions = [];
if (typeof arguments[0] == 'function') {
options = {};
this.on('session', arguments[0]);
} else {
options = arguments[0] || {};
if (typeof arguments[1] == 'function') {
this.on('session', arguments[1]);
}
}
net.Server.call(this, options, function(socket) {
var session = new Session({socket: socket});
session.server = self;
self.sessions.push(session);
socket.on('close', function() {
self.sessions.splice(self.sessions.indexOf(socket), 1);
});
self.emit('session', session);
});
}
function RpcServer(opts) {
assert.object(opts, 'options');
assert.object(opts.log, 'options.log');
assert.number(opts.program, 'options.program');
var v = opts.version;
if (typeof (v) === 'number')
v = [v];
assert.arrayOfNumber(v, 'options.version');
net.Server.call(this, opts);
this.log = opts.log.child({
component: 'RpcServer'
}, true);
this.name = opts.name || 'RpcServer';
this.program = opts.program;
this.rpc_table = {};
this.saved_handlers = [];
this.version = v.slice();
this.on('connection', onConnection.bind(this));
}
const net = require("net");
const server = new net.Server();
server.on('listening', function () {
console.log("server.listening");
});
// On new incoming client connection
server.on('connection', function (socket) {
console.log("server.connection");
socket.on('error', function (err) {
console.log(["server.connection.error", err]);
socket.end();
});
socket.on('end', function () {
console.log("server.connection.end");
});
socket.on('data', function (data) {
console.log(["server.connection.data", data]);
socket.write("COPY: " + data + "\n");
});
socket.write("ORIG: Hello my children\n");
console.log("server.sendHelloWorld");
});
server.listen(4711);
/**
* A SOCKS4a server based on net.Server
*
* @constructor
* @extends net.Server
*/
function Server(){
net.Server.apply(this, arguments);
var self = this,
base = net.Server.prototype;
/**
* Handles the socket connection, creates a SocksRequest object, and dispatches events.
*
* @param {Socket} socket
*/
function handle(socket){
socket.once('data', function(buffer){
var req = new SocksRequest(buffer, socket);
if(!req.valid){
return socket.end();
}
var eventName = getCommandName(req.command);
if(listenerCount(self, 'connection') > 0 || listenerCount(self, eventName) > 0){
base.emit.call(self, 'connection', req); // Note that we call emit of the base class
self.emit(eventName, req);
}
else{
self.proxyRequest(req);
}
});
};
/**
* Returns the name of the command given its numeric code
*
* @param {Number} code
* @returns {string}
*/
function getCommandName(code){
switch(code){
case command.CONNECT:
return 'connect';
break;
case command.BIND:
return 'bind';
break;
case command.UDP_ASSOCIATE:
return 'udpassociate';
break;
default:
return '';
break;
}
};
/**
* Emit function is overwritten so that events can be listened for without actually adding a listener, if
* listeners were added then they could be accidentally removed by user code. It is also useful to postpone the
* dispatch of some events.
*
* @param {String} event
* @param {Socket} socket
*/
this.emit = function(event, socket){
if(event == 'connection'){
// Instead of dispatching the event, the handle() function will be called. The event MIGHT be emitted
// from within handle() if some criteria are met.
handle(socket);
}
else{
base.emit.apply(self, arguments);
}
};
};
// TODO: support anonymous (nocert) and PSK
// AUTHENTICATION MODES
//
// There are several levels of authentication that TLS/SSL supports.
// Read more about this in "man SSL_set_verify".
//
// 1. The server sends a certificate to the client but does not request a
// cert from the client. This is common for most HTTPS servers. The browser
// can verify the identity of the server, but the server does not know who
// the client is. Authenticating the client is usually done over HTTP using
// login boxes and cookies and stuff.
//
// 2. The server sends a cert to the client and requests that the client
// also send it a cert. The client knows who the server is and the server is
// requesting the client also identify themselves. There are several
// outcomes:
//
// A) verifyError returns null meaning the client's certificate is signed
// by one of the server's CAs. The server know's the client idenity now
// and the client is authorized.
//
// B) For some reason the client's certificate is not acceptable -
// verifyError returns a string indicating the problem. The server can
// either (i) reject the client or (ii) allow the client to connect as an
// unauthorized connection.
//
// The mode is controlled by two boolean variables.
//
// requestCert
// If true the server requests a certificate from client connections. For
// the common HTTPS case, users will want this to be false, which is what
// it defaults to.
//
// rejectUnauthorized
// If true clients whose certificates are invalid for any reason will not
// be allowed to make connections. If false, they will simply be marked as
// unauthorized but secure communication will continue. By default this is
// true.
//
//
//
// Options:
// - requestCert. Send verify request. Default to false.
// - rejectUnauthorized. Boolean, default to true.
// - key. string.
// - cert: string.
// - ca: string or array of strings.
//
// emit 'secureConnection'
// function (cleartextStream, encryptedStream) { }
//
// 'cleartextStream' has the boolean property 'authorized' to determine if
// it was verified by the CA. If 'authorized' is false, a property
// 'authorizationError' is set on cleartextStream and has the possible
// values:
//
// "UNABLE_TO_GET_ISSUER_CERT", "UNABLE_TO_GET_CRL",
// "UNABLE_TO_DECRYPT_CERT_SIGNATURE", "UNABLE_TO_DECRYPT_CRL_SIGNATURE",
// "UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY", "CERT_SIGNATURE_FAILURE",
// "CRL_SIGNATURE_FAILURE", "CERT_NOT_YET_VALID" "CERT_HAS_EXPIRED",
// "CRL_NOT_YET_VALID", "CRL_HAS_EXPIRED" "ERROR_IN_CERT_NOT_BEFORE_FIELD",
// "ERROR_IN_CERT_NOT_AFTER_FIELD", "ERROR_IN_CRL_LAST_UPDATE_FIELD",
// "ERROR_IN_CRL_NEXT_UPDATE_FIELD", "OUT_OF_MEM",
// "DEPTH_ZERO_SELF_SIGNED_CERT", "SELF_SIGNED_CERT_IN_CHAIN",
// "UNABLE_TO_GET_ISSUER_CERT_LOCALLY", "UNABLE_TO_VERIFY_LEAF_SIGNATURE",
// "CERT_CHAIN_TOO_LONG", "CERT_REVOKED" "INVALID_CA",
// "PATH_LENGTH_EXCEEDED", "INVALID_PURPOSE" "CERT_UNTRUSTED",
// "CERT_REJECTED"
//
//
// TODO:
// cleartext.credentials (by mirroring from pair object)
// cleartext.getCertificate() (by mirroring from pair.credentials.context)
function Server(/* [options], listener */) {
var options, listener;
if (typeof arguments[0] == 'object') {
options = arguments[0];
listener = arguments[1];
} else if (typeof arguments[0] == 'function') {
options = {};
listener = arguments[0];
}
if (!(this instanceof Server)) return new Server(options, listener);
this._contexts = [];
var self = this;
// Handle option defaults:
this.setOptions(options);
if (!self.pfx && (!self.cert || !self.key)) {
throw new Error('Missing PFX or certificate + private key.');
}
var sharedCreds = crypto.createCredentials({
pfx: self.pfx,
key: self.key,
passphrase: self.passphrase,
cert: self.cert,
ca: self.ca,
ciphers: self.ciphers || DEFAULT_CIPHERS,
secureProtocol: self.secureProtocol,
secureOptions: self.secureOptions,
crl: self.crl,
sessionIdContext: self.sessionIdContext
});
var timeout = options.handshakeTimeout || (120 * 1000);
if (typeof timeout !== 'number') {
throw new TypeError('handshakeTimeout must be a number');
}
// constructor call
net.Server.call(this, function(socket) {
var creds = crypto.createCredentials(null, sharedCreds.context);
var pair = new SecurePair(creds,
true,
self.requestCert,
self.rejectUnauthorized,
{
server: self,
NPNProtocols: self.NPNProtocols,
SNICallback: self.SNICallback,
// Stream options
cleartext: self._cleartext,
encrypted: self._encrypted
});
var cleartext = pipe(pair, socket);
cleartext._controlReleased = false;
function listener() {
pair.emit('error', new Error('TLS handshake timeout'));
}
if (timeout > 0) {
socket.setTimeout(timeout, listener);
}
pair.once('secure', function() {
socket.setTimeout(0, listener);
pair.cleartext.authorized = false;
pair.cleartext.npnProtocol = pair.npnProtocol;
pair.cleartext.servername = pair.servername;
if (!self.requestCert) {
cleartext._controlReleased = true;
self.emit('secureConnection', pair.cleartext, pair.encrypted);
} else {
var verifyError = pair.ssl.verifyError();
if (verifyError) {
pair.cleartext.authorizationError = verifyError.message;
if (self.rejectUnauthorized) {
socket.destroy();
pair.destroy();
} else {
cleartext._controlReleased = true;
self.emit('secureConnection', pair.cleartext, pair.encrypted);
}
} else {
pair.cleartext.authorized = true;
cleartext._controlReleased = true;
self.emit('secureConnection', pair.cleartext, pair.encrypted);
}
}
});
pair.on('error', function(err) {
self.emit('clientError', err, this);
});
});
if (listener) {
this.on('secureConnection', listener);
}
}
/**
* Creates a proxy server that will forward a hostname to a specific address.
*
* @returns {net.Server}
*/
function Server () {
var self = this
var servers = this._servers = {}
// Setup server.
net.Server.call(this, handleConnection)
// Don't timeout requests.
this.timeout = 0
/**
* Function to handle a new connection.
* Adds an eventlistener to wait for data.
*
* @param {net.Socket|tls.TLSSocket} socket
*/
function handleConnection (socket) {
socket.once('error', handleEnd)
socket.once('data', handleData)
}
/**
* Function to listen for initial request data.
* Attempts to proxy request based on hostname.
*
* @param {Buffer} data
*/
function handleData (data) {
var socket = this
// Handle incomming registering server.
if (isLocal(socket.remoteAddress) && data[0] === 123) {
Object.assign(servers, JSON.parse(data))
self.emit('heartbeat', servers)
return
}
// Check for secure requests.
var secure = data[0] === 22
// Parse the hostname.
var host = normalizeHost(secure ? parseSNI(data) : parseHeader(data))
// Find the server.
var address = servers[host || 'default']
if (address == null) return socket.end()
// Begin proxy to address.
var proxy = net
.connect(address)
.setTimeout(Number.MAX_VALUE)
proxy.once('error', handleError)
socket.once('error', handleError)
proxy.write(data)
socket.pipe(proxy).pipe(socket)
/**
* Gracefully handle net errors.
*
* @param {Error} err
*/
function handleError (err) {
switch (err.code) {
case 'ECONNREFUSED':
// Server not up anymore.
self.remove(address.hosts)
break
case 'ECONNRESET':
// Unimportant socket error.
break
default:
console.error(err)
break
}
if (this === proxy) socket.emit('error', err)
proxy.end()
}
}
}
// USE OR OTHER DEALINGS IN THE SOFTWARE.
var assert = require('assert');
var common = require('../common');
var fork = require('child_process').fork;
var net = require('net');
var socketCloses = 0;
var N = 10;
var n = fork(common.fixturesDir + '/fork2.js');
var messageCount = 0;
var server = new net.Server(function(c) {
console.log('PARENT got connection');
c.destroy();
});
server.listen(common.PORT, /* backlog */ 9, function() {
console.log('PARENT send child server handle');
n.send({ hello: 'world' }, server._handle);
});
function makeConnections() {
for (var i = 0; i < N; i++) {
var socket = net.connect(common.PORT, function() {
console.log('CLIENT connected');
});
socket.on('close', function() {
socketCloses++;
got: function(message, handle, emit) {
var server = new net.Server();
server.listen(handle, function() {
emit(server);
});
}
server.listen(port, function() {
server.once('close', function() {
resolve(port);
});
server.close();
});
var msg = require('./messages');
var net = require('net');
var s = new net.Server();
var ms = msg.listen(s);
ms.on('connection', function(msgs) {
msgs.on('message', console.log);
});
s.listen(9000);
var net = require("net"); //nodejs version of imports
var server = new net.Server(); // a new raw tcp server
server.on("connection", function(client) { // on connection event, when someone connects
console.log("server connections: " + server.connections); // write number of connection to the command line
client.on("data", function (data) { //event when a client writes data to the server
console.log("Server received data: " + data); // log what the client sent
});
});
server.listen(10000, "localhost"); // listen on port 10000, localhost
setInterval(function () {
var connection = net.connect(10000, "localhost", function() { // connect to the server we made
console.log("client connected");
setInterval(function () { // every 1000ms,
connection.write("er-mah-gerd");// write to the connection
}, 1000);//the 1000 is the delay in between the anon function calls
});
}, 1000);// add another connection every second
/*
for 100 connections it used about 13M or ram
my raspberry Pi made it up to 508 con
*/
var socket = net.createConnection(port, host);
console.log('Socket created.');
socket.on('data', function(data) {
// Log the response from the HTTP server.
const net = require('net')
const chalk = require('chalk')
const Packetizer = require('./services/network/packetizer')
const Session = require('./packets/Session')
const fs = require('fs')
config = require('./config')
packets = {}
clients = {}
require('./db')
require('./services/http')
const server = new net.Server()
fs.readdir('./packets/client', (err, files) => {
files.forEach(file => {
let packet = require(`./packets/client/${file}`)
packets[packet.code] = Object.assign({
name: file
}, packet)
packets[file] = packet
})
fs.readdir('./packets/server', (err, files) => {
files.forEach(file => {
let packet = require(`./packets/server/${file}`)
packets[packet.code] = Object.assign({
name: file
}, packet)
packets[file] = packet
// TODO: support anonymous (nocert) and PSK
// AUTHENTICATION MODES
//
// There are several levels of authentication that TLS/SSL supports.
// Read more about this in "man SSL_set_verify".
//
// 1. The server sends a certificate to the client but does not request a
// cert from the client. This is common for most HTTPS servers. The browser
// can verify the identity of the server, but the server does not know who
// the client is. Authenticating the client is usually done over HTTP using
// login boxes and cookies and stuff.
//
// 2. The server sends a cert to the client and requests that the client
// also send it a cert. The client knows who the server is and the server is
// requesting the client also identify themselves. There are several
// outcomes:
//
// A) verifyError returns null meaning the client's certificate is signed
// by one of the server's CAs. The server know's the client idenity now
// and the client is authorized.
//
// B) For some reason the client's certificate is not acceptable -
// verifyError returns a string indicating the problem. The server can
// either (i) reject the client or (ii) allow the client to connect as an
// unauthorized connection.
//
// The mode is controlled by two boolean variables.
//
// requestCert
// If true the server requests a certificate from client connections. For
// the common HTTPS case, users will want this to be false, which is what
// it defaults to.
//
// rejectUnauthorized
// If true clients whose certificates are invalid for any reason will not
// be allowed to make connections. If false, they will simply be marked as
// unauthorized but secure communication will continue. By default this is
// true.
//
//
//
// Options:
// - requestCert. Send verify request. Default to false.
// - rejectUnauthorized. Boolean, default to true.
// - key. string.
// - cert: string.
// - ca: string or array of strings.
// - sessionTimeout: integer.
//
// emit 'secureConnection'
// function (tlsSocket) { }
//
// "UNABLE_TO_GET_ISSUER_CERT", "UNABLE_TO_GET_CRL",
// "UNABLE_TO_DECRYPT_CERT_SIGNATURE", "UNABLE_TO_DECRYPT_CRL_SIGNATURE",
// "UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY", "CERT_SIGNATURE_FAILURE",
// "CRL_SIGNATURE_FAILURE", "CERT_NOT_YET_VALID" "CERT_HAS_EXPIRED",
// "CRL_NOT_YET_VALID", "CRL_HAS_EXPIRED" "ERROR_IN_CERT_NOT_BEFORE_FIELD",
// "ERROR_IN_CERT_NOT_AFTER_FIELD", "ERROR_IN_CRL_LAST_UPDATE_FIELD",
// "ERROR_IN_CRL_NEXT_UPDATE_FIELD", "OUT_OF_MEM",
// "DEPTH_ZERO_SELF_SIGNED_CERT", "SELF_SIGNED_CERT_IN_CHAIN",
// "UNABLE_TO_GET_ISSUER_CERT_LOCALLY", "UNABLE_TO_VERIFY_LEAF_SIGNATURE",
// "CERT_CHAIN_TOO_LONG", "CERT_REVOKED" "INVALID_CA",
// "PATH_LENGTH_EXCEEDED", "INVALID_PURPOSE" "CERT_UNTRUSTED",
// "CERT_REJECTED"
//
function Server(/* [options], listener */) {
var options, listener;
if (util.isObject(arguments[0])) {
options = arguments[0];
listener = arguments[1];
} else if (util.isFunction(arguments[0])) {
options = {};
listener = arguments[0];
}
if (!(this instanceof Server)) return new Server(options, listener);
this._contexts = [];
var self = this;
// Handle option defaults:
this.setOptions(options);
if (!self.pfx && (!self.cert || !self.key)) {
throw new Error('Missing PFX or certificate + private key.');
}
var sharedCreds = crypto.createCredentials({
pfx: self.pfx,
key: self.key,
passphrase: self.passphrase,
cert: self.cert,
ca: self.ca,
ciphers: self.ciphers || tls.DEFAULT_CIPHERS,
secureProtocol: self.secureProtocol,
secureOptions: self.secureOptions,
crl: self.crl,
sessionIdContext: self.sessionIdContext
});
this._sharedCreds = sharedCreds;
var timeout = options.handshakeTimeout || (120 * 1000);
if (!util.isNumber(timeout)) {
throw new TypeError('handshakeTimeout must be a number');
}
if (self.sessionTimeout) {
sharedCreds.context.setSessionTimeout(self.sessionTimeout);
}
if (self.ticketKeys) {
sharedCreds.context.setTicketKeys(self.ticketKeys);
}
// constructor call
net.Server.call(this, function(raw_socket) {
var socket = new TLSSocket(raw_socket, {
credentials: sharedCreds,
isServer: true,
server: self,
requestCert: self.requestCert,
rejectUnauthorized: self.rejectUnauthorized,
handshakeTimeout: timeout,
NPNProtocols: self.NPNProtocols,
SNICallback: options.SNICallback || SNICallback
});
socket.on('secure', function() {
if (socket._requestCert) {
var verifyError = socket.ssl.verifyError();
if (verifyError) {
socket.authorizationError = verifyError.message;
if (socket._rejectUnauthorized)
socket.destroy();
} else {
socket.authorized = true;
}
}
if (!socket.destroyed && socket._releaseControl())
self.emit('secureConnection', socket);
});
socket.on('_tlsError', function(err) {
if (!socket._controlReleased)
self.emit('clientError', err, socket);
});
});
if (listener) {
this.on('secureConnection', listener);
}
}
function AbstractSocketServer(connectionListener) {
net.Server.call(this, connectionListener);
}
connect: function() {
if (this.__isConnected === false) {
if (lychee.debug === true) {
console.log('lychee.net.Server: Connected to ' + this.host + ':' + this.port);
}
var that = this;
var server = new _net.Server({
allowHalfOpen: true,
pauseOnConnect: true
});
server.on('connection', function(socket) {
var host = socket.remoteAddress || socket.server._connectionKey.split(':')[1];
var port = socket.remotePort || socket.server._connectionKey.split(':')[2];
var remote = new that.remote({
codec: that.codec,
host: host,
port: port,
type: that.type
});
remote.bind('connect', function() {
that.trigger('connect', [ this ]);
});
remote.bind('disconnect', function() {
that.trigger('disconnect', [ this ]);
});
remote.connect(socket);
});
server.on('error', function() {
this.close();
});
server.on('close', function() {
that.__isConnected = false;
that.__server = null;
});
server.listen(this.port, this.host);
this.__server = server;
this.__isConnected = true;
return true;
}
return false;
},
function Server (requestListener) {
net.Server.call(this);
this.addListener("request", requestListener);
this.addListener("connection", connectionListener);
}
server.listen(port, host, function () {
server.close();
callback();
});
function Server() {
net.Server.call(this);
this._realmData = makeRealmData([]);
}
function Server() {
net.Server.call(this);
}
s.on("end", function() {
mockServer.emit("end");
});
},
got(message, handle, emit) {
emit(handle);
}
},
'net.Server': {
simultaneousAccepts: true,
send(message, server, options) {
return server._handle;
},
got(message, handle, emit) {
var server = new net.Server();
server.listen(handle, () => {
emit(server);
});
}
},
'net.Socket': {
send(message, socket, options) {
if (!socket._handle)
return;
// if the socket was created by net.Server
if (socket.server) {
// the worker should keep track of the socket
message.key = socket.server._connectionKey;
mockServer.recite = function(stuff) {
mockServer.emit("recite", stuff);
}
// TODO: support anonymous (nocert) and PSK
// AUTHENTICATION MODES
//
// There are several levels of authentication that TLS/SSL supports.
// Read more about this in "man SSL_set_verify".
//
// 1. The server sends a certificate to the client but does not request a
// cert from the client. This is common for most HTTPS servers. The browser
// can verify the identity of the server, but the server does not know who
// the client is. Authenticating the client is usually done over HTTP using
// login boxes and cookies and stuff.
//
// 2. The server sends a cert to the client and requests that the client
// also send it a cert. The client knows who the server is and the server is
// requesting the client also identify themselves. There are several
// outcomes:
//
// A) verifyError returns null meaning the client's certificate is signed
// by one of the server's CAs. The server know's the client idenity now
// and the client is authorized.
//
// B) For some reason the client's certificate is not acceptable -
// verifyError returns a string indicating the problem. The server can
// either (i) reject the client or (ii) allow the client to connect as an
// unauthorized connection.
//
// The mode is controlled by two boolean variables.
//
// requestCert
// If true the server requests a certificate from client connections. For
// the common HTTPS case, users will want this to be false, which is what
// it defaults to.
//
// rejectUnauthorized
// If true clients whose certificates are invalid for any reason will not
// be allowed to make connections. If false, they will simply be marked as
// unauthorized but secure communication will continue. By default this is
// true.
//
//
//
// Options:
// - requestCert. Send verify request. Default to false.
// - rejectUnauthorized. Boolean, default to true.
// - key. string.
// - cert: string.
// - ca: string or array of strings.
// - sessionTimeout: integer.
//
// emit 'secureConnection'
// function (tlsSocket) { }
//
// "UNABLE_TO_GET_ISSUER_CERT", "UNABLE_TO_GET_CRL",
// "UNABLE_TO_DECRYPT_CERT_SIGNATURE", "UNABLE_TO_DECRYPT_CRL_SIGNATURE",
// "UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY", "CERT_SIGNATURE_FAILURE",
// "CRL_SIGNATURE_FAILURE", "CERT_NOT_YET_VALID" "CERT_HAS_EXPIRED",
// "CRL_NOT_YET_VALID", "CRL_HAS_EXPIRED" "ERROR_IN_CERT_NOT_BEFORE_FIELD",
// "ERROR_IN_CERT_NOT_AFTER_FIELD", "ERROR_IN_CRL_LAST_UPDATE_FIELD",
// "ERROR_IN_CRL_NEXT_UPDATE_FIELD", "OUT_OF_MEM",
// "DEPTH_ZERO_SELF_SIGNED_CERT", "SELF_SIGNED_CERT_IN_CHAIN",
// "UNABLE_TO_GET_ISSUER_CERT_LOCALLY", "UNABLE_TO_VERIFY_LEAF_SIGNATURE",
// "CERT_CHAIN_TOO_LONG", "CERT_REVOKED" "INVALID_CA",
// "PATH_LENGTH_EXCEEDED", "INVALID_PURPOSE" "CERT_UNTRUSTED",
// "CERT_REJECTED"
//
function Server(/* [options], listener */) {
var options, listener;
if (arguments[0] !== null && typeof arguments[0] === 'object') {
options = arguments[0];
listener = arguments[1];
} else if (typeof arguments[0] === 'function') {
options = {};
listener = arguments[0];
}
if (!(this instanceof Server)) return new Server(options, listener);
this._contexts = [];
var self = this;
// Handle option defaults:
this.setOptions(options);
var sharedCreds = tls.createSecureContext({
pfx: self.pfx,
key: self.key,
passphrase: self.passphrase,
cert: self.cert,
ca: self.ca,
ciphers: self.ciphers,
ecdhCurve: self.ecdhCurve,
dhparam: self.dhparam,
secureProtocol: self.secureProtocol,
secureOptions: self.secureOptions,
honorCipherOrder: self.honorCipherOrder,
crl: self.crl,
sessionIdContext: self.sessionIdContext
});
this._sharedCreds = sharedCreds;
var timeout = options.handshakeTimeout || (120 * 1000);
if (typeof timeout !== 'number') {
throw new TypeError('handshakeTimeout must be a number');
}
if (self.sessionTimeout) {
sharedCreds.context.setSessionTimeout(self.sessionTimeout);
}
if (self.ticketKeys) {
sharedCreds.context.setTicketKeys(self.ticketKeys);
}
// constructor call
net.Server.call(this, function(raw_socket) {
var socket = new TLSSocket(raw_socket, {
secureContext: sharedCreds,
isServer: true,
server: self,
requestCert: self.requestCert,
rejectUnauthorized: self.rejectUnauthorized,
handshakeTimeout: timeout,
NPNProtocols: self.NPNProtocols,
SNICallback: options.SNICallback || SNICallback
});
socket.on('secure', function() {
if (socket._requestCert) {
var verifyError = socket._handle.verifyError();
if (verifyError) {
socket.authorizationError = verifyError.code;
if (socket._rejectUnauthorized)
socket.destroy();
} else {
socket.authorized = true;
}
}
if (!socket.destroyed && socket._releaseControl())
self.emit('secureConnection', socket);
});
var errorEmitted = false;
socket.on('close', function() {
// Emit ECONNRESET
if (!socket._controlReleased && !errorEmitted) {
errorEmitted = true;
var connReset = new Error('socket hang up');
connReset.code = 'ECONNRESET';
self.emit('clientError', connReset, socket);
}
});
socket.on('_tlsError', function(err) {
if (!socket._controlReleased && !errorEmitted) {
errorEmitted = true;
self.emit('clientError', err, socket);
}
});
});
if (listener) {
this.on('secureConnection', listener);
}
}
server.listen(zonecontrol, function () {
server.unref();
t.ok(fs.existsSync(zonecontrol), zonecontrol + ' exists');
t.end();
});
// TODO: support anonymous (nocert) and PSK
// AUTHENTICATION MODES
//
// There are several levels of authentication that TLS/SSL supports.
// Read more about this in "man SSL_set_verify".
//
// 1. The server sends a certificate to the client but does not request a
// cert from the client. This is common for most HTTPS servers. The browser
// can verify the identity of the server, but the server does not know who
// the client is. Authenticating the client is usually done over HTTP using
// login boxes and cookies and stuff.
//
// 2. The server sends a cert to the client and requests that the client
// also send it a cert. The client knows who the server is and the server is
// requesting the client also identify themselves. There are several
// outcomes:
//
// A) verifyError returns null meaning the client's certificate is signed
// by one of the server's CAs. The server know's the client idenity now
// and the client is authorized.
//
// B) For some reason the client's certificate is not acceptable -
// verifyError returns a string indicating the problem. The server can
// either (i) reject the client or (ii) allow the client to connect as an
// unauthorized connection.
//
// The mode is controlled by two boolean variables.
//
// requestCert
// If true the server requests a certificate from client connections. For
// the common HTTPS case, users will want this to be false, which is what
// it defaults to.
//
// rejectUnauthorized
// If true clients whose certificates are invalid for any reason will not
// be allowed to make connections. If false, they will simply be marked as
// unauthorized but secure communication will continue. By default this is
// false.
//
//
//
// Options:
// - requestCert. Send verify request. Default to false.
// - rejectUnauthorized. Boolean, default to false.
// - key. string.
// - cert: string.
// - ca: string or array of strings.
//
// emit 'secureConnection'
// function (cleartextStream, encryptedStream) { }
//
// 'cleartextStream' has the boolean property 'authorized' to determine if
// it was verified by the CA. If 'authorized' is false, a property
// 'authorizationError' is set on cleartextStream and has the possible
// values:
//
// "UNABLE_TO_GET_ISSUER_CERT", "UNABLE_TO_GET_CRL",
// "UNABLE_TO_DECRYPT_CERT_SIGNATURE", "UNABLE_TO_DECRYPT_CRL_SIGNATURE",
// "UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY", "CERT_SIGNATURE_FAILURE",
// "CRL_SIGNATURE_FAILURE", "CERT_NOT_YET_VALID" "CERT_HAS_EXPIRED",
// "CRL_NOT_YET_VALID", "CRL_HAS_EXPIRED" "ERROR_IN_CERT_NOT_BEFORE_FIELD",
// "ERROR_IN_CERT_NOT_AFTER_FIELD", "ERROR_IN_CRL_LAST_UPDATE_FIELD",
// "ERROR_IN_CRL_NEXT_UPDATE_FIELD", "OUT_OF_MEM",
// "DEPTH_ZERO_SELF_SIGNED_CERT", "SELF_SIGNED_CERT_IN_CHAIN",
// "UNABLE_TO_GET_ISSUER_CERT_LOCALLY", "UNABLE_TO_VERIFY_LEAF_SIGNATURE",
// "CERT_CHAIN_TOO_LONG", "CERT_REVOKED" "INVALID_CA",
// "PATH_LENGTH_EXCEEDED", "INVALID_PURPOSE" "CERT_UNTRUSTED",
// "CERT_REJECTED"
//
//
// TODO:
// cleartext.credentials (by mirroring from pair object)
// cleartext.getCertificate() (by mirroring from pair.credentials.context)
function Server(/* [options], listener */) {
var options, listener;
if (typeof arguments[0] == 'object') {
options = arguments[0];
listener = arguments[1];
} else if (typeof arguments[0] == 'function') {
options = {};
listener = arguments[0];
}
if (!(this instanceof Server)) return new Server(options, listener);
var self = this;
// constructor call
net.Server.call(this, function(socket) {
var creds = crypto.createCredentials(
{ key: self.key, cert: self.cert, ca: self.ca });
//creds.context.setCiphers('RC4-SHA:AES128-SHA:AES256-SHA');
var pair = new SecurePair(creds,
true,
self.requestCert,
self.rejectUnauthorized);
var cleartext = pipe(pair, socket);
cleartext._controlReleased = false;
pair.on('secure', function() {
pair.cleartext.authorized = false;
if (!self.requestCert) {
cleartext._controlReleased = true;
self.emit('secureConnection', pair.cleartext, pair.encrypted);
} else {
var verifyError = pair._ssl.verifyError();
if (verifyError) {
pair.cleartext.authorizationError = verifyError;
if (self.rejectUnauthorized) {
socket.destroy();
pair._destroy();
} else {
cleartext._controlReleased = true;
self.emit('secureConnection', pair.cleartext, pair.encrypted);
}
} else {
pair.cleartext.authorized = true;
cleartext._controlReleased = true;
self.emit('secureConnection', pair.cleartext, pair.encrypted);
}
}
});
});
if (listener) {
this.on('secureConnection', listener);
}
// Handle option defaults:
this.setOptions(options);
}
function Server() {
net.Server.call(this);
Server._commonSetup.call(this);
}
// TODO: support anonymous (nocert) and PSK
// AUTHENTICATION MODES
//
// There are several levels of authentication that TLS/SSL supports.
// Read more about this in "man SSL_set_verify".
//
// 1. The server sends a certificate to the client but does not request a
// cert from the client. This is common for most HTTPS servers. The browser
// can verify the identity of the server, but the server does not know who
// the client is. Authenticating the client is usually done over HTTP using
// login boxes and cookies and stuff.
//
// 2. The server sends a cert to the client and requests that the client
// also send it a cert. The client knows who the server is and the server is
// requesting the client also identify themselves. There are several
// outcomes:
//
// A) verifyError returns null meaning the client's certificate is signed
// by one of the server's CAs. The server know's the client idenity now
// and the client is authorized.
//
// B) For some reason the client's certificate is not acceptable -
// verifyError returns a string indicating the problem. The server can
// either (i) reject the client or (ii) allow the client to connect as an
// unauthorized connection.
//
// The mode is controlled by two boolean variables.
//
// requestCert
// If true the server requests a certificate from client connections. For
// the common HTTPS case, users will want this to be false, which is what
// it defaults to.
//
// rejectUnauthorized
// If true clients whose certificates are invalid for any reason will not
// be allowed to make connections. If false, they will simply be marked as
// unauthorized but secure communication will continue. By default this is
// false.
//
//
//
// Options:
// - requestCert. Send verify request. Default to false.
// - rejectUnauthorized. Boolean, default to false.
// - key. string.
// - cert: string.
// - ca: string or array of strings.
//
// emit 'secureConnection'
// function (cleartextStream, encryptedStream) { }
//
// 'cleartextStream' has the boolean property 'authorized' to determine if
// it was verified by the CA. If 'authorized' is false, a property
// 'authorizationError' is set on cleartextStream and has the possible
// values:
//
// "UNABLE_TO_GET_ISSUER_CERT", "UNABLE_TO_GET_CRL",
// "UNABLE_TO_DECRYPT_CERT_SIGNATURE", "UNABLE_TO_DECRYPT_CRL_SIGNATURE",
// "UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY", "CERT_SIGNATURE_FAILURE",
// "CRL_SIGNATURE_FAILURE", "CERT_NOT_YET_VALID" "CERT_HAS_EXPIRED",
// "CRL_NOT_YET_VALID", "CRL_HAS_EXPIRED" "ERROR_IN_CERT_NOT_BEFORE_FIELD",
// "ERROR_IN_CERT_NOT_AFTER_FIELD", "ERROR_IN_CRL_LAST_UPDATE_FIELD",
// "ERROR_IN_CRL_NEXT_UPDATE_FIELD", "OUT_OF_MEM",
// "DEPTH_ZERO_SELF_SIGNED_CERT", "SELF_SIGNED_CERT_IN_CHAIN",
// "UNABLE_TO_GET_ISSUER_CERT_LOCALLY", "UNABLE_TO_VERIFY_LEAF_SIGNATURE",
// "CERT_CHAIN_TOO_LONG", "CERT_REVOKED" "INVALID_CA",
// "PATH_LENGTH_EXCEEDED", "INVALID_PURPOSE" "CERT_UNTRUSTED",
// "CERT_REJECTED"
//
//
// TODO:
// cleartext.credentials (by mirroring from pair object)
// cleartext.getCertificate() (by mirroring from pair.credentials.context)
function Server(/* [options], listener */) {
var options, listener;
if (typeof arguments[0] == 'object') {
options = arguments[0];
listener = arguments[1];
} else if (typeof arguments[0] == 'function') {
options = {};
listener = arguments[0];
}
if (!(this instanceof Server)) return new Server(options, listener);
this._contexts = [];
var self = this;
// Handle option defaults:
this.setOptions(options);
var sharedCreds = crypto.createCredentials({
pfx: self.pfx,
key: self.key,
passphrase: self.passphrase,
cert: self.cert,
ca: self.ca,
ciphers: self.ciphers || 'RC4-SHA:AES128-SHA:AES256-SHA',
secureProtocol: self.secureProtocol,
secureOptions: self.secureOptions,
crl: self.crl,
sessionIdContext: self.sessionIdContext
});
// constructor call
net.Server.call(this, function(socket) {
var creds = crypto.createCredentials(null, sharedCreds.context);
var pair = new SecurePair(creds,
true,
self.requestCert,
self.rejectUnauthorized,
{
NPNProtocols: self.NPNProtocols,
SNICallback: self.SNICallback
});
var cleartext = pipe(pair, socket);
cleartext._controlReleased = false;
pair.on('secure', function() {
pair.cleartext.authorized = false;
pair.cleartext.npnProtocol = pair.npnProtocol;
pair.cleartext.servername = pair.servername;
if (!self.requestCert) {
cleartext._controlReleased = true;
self.emit('secureConnection', pair.cleartext, pair.encrypted);
} else {
var verifyError = pair.ssl.verifyError();
if (verifyError) {
pair.cleartext.authorizationError = verifyError;
if (self.rejectUnauthorized) {
socket.destroy();
pair.destroy();
} else {
cleartext._controlReleased = true;
self.emit('secureConnection', pair.cleartext, pair.encrypted);
}
} else {
pair.cleartext.authorized = true;
cleartext._controlReleased = true;
self.emit('secureConnection', pair.cleartext, pair.encrypted);
}
}
});
pair.on('error', function(err) {
self.emit('clientError', err);
});
});
if (listener) {
this.on('secureConnection', listener);
}
}
// AUTHENTICATION MODES
//
// There are several levels of authentication that TLS/SSL supports.
// Read more about this in "man SSL_set_verify".
//
// 1. The server sends a certificate to the client but does not request a
// cert from the client. This is common for most HTTPS servers. The browser
// can verify the identity of the server, but the server does not know who
// the client is. Authenticating the client is usually done over HTTP using
// login boxes and cookies and stuff.
//
// 2. The server sends a cert to the client and requests that the client
// also send it a cert. The client knows who the server is and the server is
// requesting the client also identify themselves. There are several
// outcomes:
//
// A) verifyError returns null meaning the client's certificate is signed
// by one of the server's CAs. The server now knows the client's identity
// and the client is authorized.
//
// B) For some reason the client's certificate is not acceptable -
// verifyError returns a string indicating the problem. The server can
// either (i) reject the client or (ii) allow the client to connect as an
// unauthorized connection.
//
// The mode is controlled by two boolean variables.
//
// requestCert
// If true the server requests a certificate from client connections. For
// the common HTTPS case, users will want this to be false, which is what
// it defaults to.
//
// rejectUnauthorized
// If true clients whose certificates are invalid for any reason will not
// be allowed to make connections. If false, they will simply be marked as
// unauthorized but secure communication will continue. By default this is
// true.
//
//
//
// Options:
// - requestCert. Send verify request. Default to false.
// - rejectUnauthorized. Boolean, default to true.
// - key. string.
// - cert: string.
// - clientCertEngine: string.
// - ca: string or array of strings.
// - sessionTimeout: integer.
//
// emit 'secureConnection'
// function (tlsSocket) { }
//
// "UNABLE_TO_GET_ISSUER_CERT", "UNABLE_TO_GET_CRL",
// "UNABLE_TO_DECRYPT_CERT_SIGNATURE", "UNABLE_TO_DECRYPT_CRL_SIGNATURE",
// "UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY", "CERT_SIGNATURE_FAILURE",
// "CRL_SIGNATURE_FAILURE", "CERT_NOT_YET_VALID" "CERT_HAS_EXPIRED",
// "CRL_NOT_YET_VALID", "CRL_HAS_EXPIRED" "ERROR_IN_CERT_NOT_BEFORE_FIELD",
// "ERROR_IN_CERT_NOT_AFTER_FIELD", "ERROR_IN_CRL_LAST_UPDATE_FIELD",
// "ERROR_IN_CRL_NEXT_UPDATE_FIELD", "OUT_OF_MEM",
// "DEPTH_ZERO_SELF_SIGNED_CERT", "SELF_SIGNED_CERT_IN_CHAIN",
// "UNABLE_TO_GET_ISSUER_CERT_LOCALLY", "UNABLE_TO_VERIFY_LEAF_SIGNATURE",
// "CERT_CHAIN_TOO_LONG", "CERT_REVOKED" "INVALID_CA",
// "PATH_LENGTH_EXCEEDED", "INVALID_PURPOSE" "CERT_UNTRUSTED",
// "CERT_REJECTED"
//
function Server(options, listener) {
if (!(this instanceof Server))
return new Server(options, listener);
if (typeof options === 'function') {
listener = options;
options = {};
} else if (options == null || typeof options === 'object') {
options = options || {};
} else {
throw new ERR_INVALID_ARG_TYPE('options', 'Object', options);
}
this._contexts = [];
// Handle option defaults:
this.setOptions(options);
this._sharedCreds = tls.createSecureContext({
pfx: this.pfx,
key: this.key,
passphrase: this.passphrase,
cert: this.cert,
clientCertEngine: this.clientCertEngine,
ca: this.ca,
ciphers: this.ciphers,
ecdhCurve: this.ecdhCurve,
dhparam: this.dhparam,
secureProtocol: this.secureProtocol,
secureOptions: this.secureOptions,
honorCipherOrder: this.honorCipherOrder,
crl: this.crl,
sessionIdContext: this.sessionIdContext
});
this[kHandshakeTimeout] = options.handshakeTimeout || (120 * 1000);
this[kSNICallback] = options.SNICallback;
if (typeof this[kHandshakeTimeout] !== 'number') {
throw new ERR_INVALID_ARG_TYPE(
'options.handshakeTimeout', 'number', options.handshakeTimeout);
}
if (this[kSNICallback] && typeof this[kSNICallback] !== 'function') {
throw new ERR_INVALID_ARG_TYPE(
'options.SNICallback', 'function', options.SNICallback);
}
if (this.sessionTimeout) {
this._sharedCreds.context.setSessionTimeout(this.sessionTimeout);
}
if (this.ticketKeys) {
this._sharedCreds.context.setTicketKeys(this.ticketKeys);
}
// constructor call
net.Server.call(this, tlsConnectionListener);
if (listener) {
this.on('secureConnection', listener);
}
}
var net = require('net');
var out = console.error;
var server = new net.Server();
server.on("error", function(e) {
out("server error:", e);
});
server.on("connection", function(socket) {
out("connection:", socket);
socket.on("data", function(data) {
out("data from client: ", data)
});
socket.write("hi from the server, your fd is "+socket.fd);
});
server.listen("/tmp/sockplay");
// Flags: --experimental-worker
'use strict';
const common = require('../common');
const assert = require('assert');
const { Worker, isMainThread, parentPort } = require('worker_threads');
const { Server } = require('net');
const fs = require('fs');
if (isMainThread) {
const w = new Worker(__filename);
let fd = null;
w.on('message', common.mustCall((fd_) => {
assert.strictEqual(typeof fd_, 'number');
fd = fd_;
}));
w.on('exit', common.mustCall((code) => {
if (fd === -1) {
// This happens when server sockets don’t have file descriptors,
// i.e. on Windows.
return;
}
common.expectsError(() => fs.fstatSync(fd),
{ code: 'EBADF' });
}));
} else {
const server = new Server();
server.listen(0);
parentPort.postMessage(server._handle.fd);
server.unref();
}