Starship
/
node-radius-server
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

feat: add debug pkg to reduce output

Browse Source
master
simon 4 years ago
parent 42a05b069f
commit 9fe25a8b49
9 changed files with 67 additions and 203 deletions
Show Stats Download Patch File Download Diff File

4
package-lock.json generated
Unescape View File

@ -866,7 +866,6 @@
"version": "4.1.1", "version": "4.1.1",
"resolved": "https://registry.npmjs.org/debug/-/debug-4.1.1.tgz", "resolved": "https://registry.npmjs.org/debug/-/debug-4.1.1.tgz",
"integrity": "sha512-pYAIzeRo8J6KPEaJ0VWOh5Pzkbw/RetuzehGM7QRRX5he4fPHx2rdKMB256ehJCkX+XRQm16eZLqLNS8RSZXZw==", "integrity": "sha512-pYAIzeRo8J6KPEaJ0VWOh5Pzkbw/RetuzehGM7QRRX5he4fPHx2rdKMB256ehJCkX+XRQm16eZLqLNS8RSZXZw==",
"dev": true,
"requires": { "requires": {
"ms": "^2.1.1" "ms": "^2.1.1"
} }
@ -2494,8 +2493,7 @@
"ms": { "ms": {
"version": "2.1.2", "version": "2.1.2",
"resolved": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz", "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz",
"integrity": "sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w==", "integrity": "sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w=="
"dev": true
}, },
"multimap": { "multimap": {
"version": "1.1.0", "version": "1.1.0",

12
package.json
Unescape View File

@ -3,22 +3,24 @@
"description": "radius server for google LDAP and TTLT", "description": "radius server for google LDAP and TTLT",
"version": "0.0.1", "version": "0.0.1",
"scripts": { "scripts": {
"start": "/home/simon/Dev/others/node/node dist/app.js", "debug": "DEBUG=radius:* ../node/node dist/app.js",
"start": "../node/node dist/app.js",
"build": "tsc", "build": "tsc",
"dev": "ts-node src/app.ts", "dev": "ts-node src/app.ts",
"test-ttls-pap": "eapol_test -c ./ttls-pap.conf -s testing123", "test-ttls-pap": "eapol_test -c ./ttls-pap.conf -s testing123",
"create-certificate": "sh ./ssl/create.sh && sh ./ssl/sign.sh" "create-certificate": "sh ./ssl/create.sh && sh ./ssl/sign.sh"
}, },
"dependencies": { "dependencies": {
"native-duplexpair": "^1.0.0", "debug": "^4.1.1",
"ldapjs": "^1.0.2", "ldapjs": "^1.0.2",
"md5": "^2.2.1",
"native-duplexpair": "^1.0.0",
"node-cache": "^5.1.0", "node-cache": "^5.1.0",
"passport-ldapauth": "^2.1.3",
"radius": "~1.1.4", "radius": "~1.1.4",
"ts-node": "^8.6.2", "ts-node": "^8.6.2",
"type-cacheable": "^4.0.0", "type-cacheable": "^4.0.0",
"yargs": "~15.1.0", "yargs": "~15.1.0"
"md5": "^2.2.1",
"passport-ldapauth": "^2.1.3"
}, },
"license": "GPLv3", "license": "GPLv3",
"devDependencies": { "devDependencies": {

12
src/auth/google-ldap.ts
Unescape View File

@ -1,10 +1,12 @@
import * as NodeCache from 'node-cache'; import * as NodeCache from 'node-cache';
import { Client, createClient } from 'ldapjs'; import { Client, createClient } from 'ldapjs';
import debug from 'debug';
import { IAuthentication } from '../types/Authentication'; import { IAuthentication } from '../types/Authentication';
const usernameFields = ['posixUid', 'mail']; const usernameFields = ['posixUid', 'mail'];
const log = debug('radius:auth:ldap');
// TLS: // TLS:
// https://github.com/ldapjs/node-ldapjs/issues/307 // https://github.com/ldapjs/node-ldapjs/issues/307
@ -41,7 +43,7 @@ export class GoogleLDAPAuth implements IAuthentication {
} }
res.on('searchEntry', function(entry) { res.on('searchEntry', function(entry) {
// console.log('entry: ' + JSON.stringify(entry.object)); // log('entry: ' + JSON.stringify(entry.object));
usernameFields.forEach(field => { usernameFields.forEach(field => {
const index = entry.object[field] as string; const index = entry.object[field] as string;
dns[index] = entry.object.dn; dns[index] = entry.object.dn;
@ -49,7 +51,7 @@ export class GoogleLDAPAuth implements IAuthentication {
}); });
res.on('searchReference', function(referral) { res.on('searchReference', function(referral) {
console.log(`referral: ${referral.uris.join()}`); log(`referral: ${referral.uris.join()}`);
}); });
res.on('error', function(ldapErr) { res.on('error', function(ldapErr) {
@ -58,11 +60,11 @@ export class GoogleLDAPAuth implements IAuthentication {
}); });
res.on('end', result => { res.on('end', result => {
console.log(`ldap status: ${result?.status}`); log(`ldap status: ${result?.status}`);
// replace with new dns // replace with new dns
this.allValidDNsCache = dns; this.allValidDNsCache = dns;
// console.log('allValidDNsCache', this.allValidDNsCache); // log('allValidDNsCache', this.allValidDNsCache);
resolve(); resolve();
}); });
} }
@ -84,7 +86,7 @@ export class GoogleLDAPAuth implements IAuthentication {
let dnsFetched = false; let dnsFetched = false;
if (!this.lastDNsFetch || this.lastDNsFetch < cacheValidTime || forceFetching) { if (!this.lastDNsFetch || this.lastDNsFetch < cacheValidTime || forceFetching) {
console.log('fetching dns'); log('fetching dns');
await this.fetchDNs(); await this.fetchDNs();
dnsFetched = true; dnsFetched = true;
} }

42
src/radius/RadiusService.ts
Unescape View File

@ -18,47 +18,9 @@ export class RadiusService {
const packet = radius.decode({ packet: msg, secret: this.secret }); const packet = radius.decode({ packet: msg, secret: this.secret });
if (packet.code !== 'Access-Request') { if (packet.code !== 'Access-Request') {
console.log('unknown packet type: ', packet.code); console.error('unknown packet type: ', packet.code);
return undefined; return undefined;
} }
// console.log('packet.attributes', packet.attributes);
// console.log('rinfo', rinfo);
/*
const checkAuth = async (
username: string,
password: string,
additionalAuthHandler?: AdditionalAuthHandler
) => {
console.log(`Access-Request for ${username}`);
let success = false;
try {
await this.authentication.authenticate(username, password);
success = true;
} catch (err) {
console.error(err);
}
const attributes: any[] = [];
if (additionalAuthHandler) {
await additionalAuthHandler(success, { packet, attributes, secret: this.secret });
}
const response = radius.encode_response({
packet,
code: success ? 'Access-Accept' : 'Access-Reject',
secret: this.secret,
attributes
});
console.log(`Sending ${success ? 'accept' : 'reject'} for user ${username}`);
this.server.sendToClient(response, rinfo.port, rinfo.address, function(err, _bytes) {
if (err) {
console.log('Error sending response to ', rinfo);
}
});
}; */
let response: IPacketHandlerResult; let response: IPacketHandlerResult;
@ -67,7 +29,7 @@ export class RadiusService {
throw new Error('no packet handlers registered'); throw new Error('no packet handlers registered');
} }
// process packet handlers until we get a response // process packet handlers until we get a response from one
do { do {
/* response is of type IPacketHandlerResult */ /* response is of type IPacketHandlerResult */
response = await this.radiusPacketHandlers[i].handlePacket(packet.attributes, packet); response = await this.radiusPacketHandlers[i].handlePacket(packet.attributes, packet);

15
src/radius/handler/EAPPacketHandler.ts
Unescape View File

@ -2,6 +2,7 @@
import * as NodeCache from 'node-cache'; import * as NodeCache from 'node-cache';
import { RadiusPacket } from 'radius'; import { RadiusPacket } from 'radius';
import debug from 'debug';
import { EAPTTLS } from './eapMethods/EAPTTLS'; import { EAPTTLS } from './eapMethods/EAPTTLS';
import { makeid } from '../../helpers'; import { makeid } from '../../helpers';
import { import {
@ -12,6 +13,8 @@ import {
import { IAuthentication } from '../../types/Authentication'; import { IAuthentication } from '../../types/Authentication';
import { IEAPMethod } from '../../types/EAPMethod'; import { IEAPMethod } from '../../types/EAPMethod';
const log = debug('radius:eap');
export class EAPPacketHandler implements IPacketHandler { export class EAPPacketHandler implements IPacketHandler {
private eapMethods: IEAPMethod[] = []; private eapMethods: IEAPMethod[] = [];
@ -124,7 +127,7 @@ export class EAPPacketHandler implements IPacketHandler {
case 2: // for response case 2: // for response
switch (type) { switch (type) {
case 1: // identifiy case 1: // identifiy
console.log('>>>>>>>>>>>> REQUEST FROM CLIENT: IDENTIFY', {}); log('>>>>>>>>>>>> REQUEST FROM CLIENT: IDENTIFY', {});
// start identify // start identify
if (currentState.validMethods.length > 0) { if (currentState.validMethods.length > 0) {
return currentState.validMethods[0].identify(identifier, stateID); return currentState.validMethods[0].identify(identifier, stateID);
@ -132,11 +135,11 @@ export class EAPPacketHandler implements IPacketHandler {
return this.buildEAPResponse(identifier, 3); return this.buildEAPResponse(identifier, 3);
case 2: // notification case 2: // notification
console.log('>>>>>>>>>>>> REQUEST FROM CLIENT: notification', {}); log('>>>>>>>>>>>> REQUEST FROM CLIENT: notification', {});
console.info('notification'); console.info('notification');
break; break;
case 4: // md5-challenge case 4: // md5-challenge
console.log('>>>>>>>>>>>> REQUEST FROM CLIENT: md5-challenge', {}); log('>>>>>>>>>>>> REQUEST FROM CLIENT: md5-challenge', {});
console.info('md5-challenge'); console.info('md5-challenge');
break; break;
@ -145,6 +148,8 @@ export class EAPPacketHandler implements IPacketHandler {
break; break;
case 3: // nak case 3: // nak
if (data) { if (data) {
// if there is data, each data octect reprsents a eap method the clients supports,
// kick out all unsupported ones
const supportedEAPMethods: number[] = []; const supportedEAPMethods: number[] = [];
for (const supportedMethod of data) { for (const supportedMethod of data) {
supportedEAPMethods.push(supportedMethod); supportedEAPMethods.push(supportedMethod);
@ -180,10 +185,10 @@ export class EAPPacketHandler implements IPacketHandler {
} }
break; break;
case 3: case 3:
console.log('Client Auth Success'); log('Client Auth Success');
break; break;
case 4: case 4:
console.log('Client Auth FAILURE'); log('Client Auth FAILURE');
break; break;
default: default:
} }

137
src/radius/handler/eapMethods/EAPTTLS.ts
Unescape View File

@ -2,6 +2,7 @@
import * as tls from 'tls'; import * as tls from 'tls';
import * as NodeCache from 'node-cache'; import * as NodeCache from 'node-cache';
import { RadiusPacket } from 'radius'; import { RadiusPacket } from 'radius';
import debug from 'debug';
import { encodeTunnelPW, ITLSServer, startTLSServer } from '../../../tls/crypt'; import { encodeTunnelPW, ITLSServer, startTLSServer } from '../../../tls/crypt';
import { ResponseAuthHandler } from '../../../types/Handler'; import { ResponseAuthHandler } from '../../../types/Handler';
import { PAPChallenge } from './challenges/PAPChallenge'; import { PAPChallenge } from './challenges/PAPChallenge';
@ -11,94 +12,15 @@ import { IEAPMethod } from '../../../types/EAPMethod';
import { IAuthentication } from '../../../types/Authentication'; import { IAuthentication } from '../../../types/Authentication';
import { secret } from '../../../../config'; import { secret } from '../../../../config';
const log = debug('radius:eap:ttls');
interface IEAPResponseHandlers { interface IEAPResponseHandlers {
response: (respData?: Buffer, msgType?: number) => void; response: (respData?: Buffer, msgType?: number) => void;
checkAuth: ResponseAuthHandler; checkAuth: ResponseAuthHandler;
} }
/* const handlers = {
response: (EAPMessage: Buffer) => {
const attributes: any = [['State', Buffer.from(state)]];
let sentDataSize = 0;
do {
if (EAPMessage.length > 0) {
attributes.push([
'EAP-Message',
EAPMessage.slice(sentDataSize, sentDataSize + MAX_RADIUS_ATTRIBUTE_SIZE)
]);
sentDataSize += MAX_RADIUS_ATTRIBUTE_SIZE;
}
} while (sentDataSize < EAPMessage.length);
const response = radius.encode_response({
packet,
code: 'Access-Challenge',
secret: this.secret,
attributes
});
waitForNextMsg[state] = newDeferredPromise();
server.sendToClient(
response,
rinfo.port,
rinfo.address,
function(err, _bytes) {
if (err) {
console.log('Error sending response to ', rinfo);
}
},
state
);
return waitForNextMsg[state].promise;
},
checkAuth
};
const attributes: any = [['State', Buffer.from(stateID)]];
let sentDataSize = 0;
do {
if (EAPMessage.length > 0) {
attributes.push([
'EAP-Message',
EAPMessage.slice(sentDataSize, sentDataSize + MAX_RADIUS_ATTRIBUTE_SIZE)
]);
sentDataSize += MAX_RADIUS_ATTRIBUTE_SIZE;
}
} while (sentDataSize < EAPMessage.length);
const response = radius.encode_response({
packet,
code: 'Access-Challenge',
secret: this.secret,
attributes
});
waitForNextMsg[stateID] = newDeferredPromise();
server.sendToClient(
response,
rinfo.port,
rinfo.address,
function(err, _bytes) {
if (err) {
console.log('Error sending response to ', rinfo);
}
},
stateID
);
return waitForNextMsg[stateID].promise;
*/
/* if (waitForNextMsg[state]) {
const identifier = attributes['EAP-Message'].slice(1, 2).readUInt8(0); // .toString('hex');
waitForNextMsg[state].resolve({ response: handlers.response, identifier });
} */
function tlsHasExportKeyingMaterial( function tlsHasExportKeyingMaterial(
tlsSocket: any tlsSocket
): tlsSocket is { ): tlsSocket is {
exportKeyingMaterial: (length: number, label: string, context?: Buffer) => Buffer; exportKeyingMaterial: (length: number, label: string, context?: Buffer) => Buffer;
} { } {
@ -132,7 +54,7 @@ export class EAPTTLS implements IEAPMethod {
newResponse = true newResponse = true
): IPacketHandlerResult { ): IPacketHandlerResult {
const maxSize = (MAX_RADIUS_ATTRIBUTE_SIZE - 5) * 4; const maxSize = (MAX_RADIUS_ATTRIBUTE_SIZE - 5) * 4;
console.log('maxSize', maxSize); log('maxSize', maxSize);
/* it's the first one and we have more, therefore include length */ /* it's the first one and we have more, therefore include length */
const includeLength = data && newResponse && data.length > maxSize; const includeLength = data && newResponse && data.length > maxSize;
@ -187,7 +109,7 @@ export class EAPTTLS implements IEAPMethod {
// set EAP length header // set EAP length header
resBuffer.writeUInt16BE(resBuffer.byteLength, 2); resBuffer.writeUInt16BE(resBuffer.byteLength, 2);
console.log('<<<<<<<<<<<< EAP RESPONSE TO CLIENT', { log('<<<<<<<<<<<< EAP RESPONSE TO CLIENT', {
code: 1, code: 1,
identifier: identifier + 1, identifier: identifier + 1,
includeLength, includeLength,
@ -298,50 +220,19 @@ export class EAPTTLS implements IEAPMethod {
attributes.push(['User-Name', packet.attributes['User-Name']]); attributes.push(['User-Name', packet.attributes['User-Name']]);
} }
/*
if (sess->eap_if->eapKeyDataLen > 64) {
len = 32;
} else {
len = sess->eap_if->eapKeyDataLen / 2;
}
*/
if (tlsHasExportKeyingMaterial(socket)) { if (tlsHasExportKeyingMaterial(socket)) {
const keyingMaterial = (socket as any).exportKeyingMaterial(128, 'ttls keying material'); const keyingMaterial = (socket as any).exportKeyingMaterial(128, 'ttls keying material');
// console.log('keyingMaterial', keyingMaterial);
// eapKeyData + len
attributes.push([ attributes.push([
'Vendor-Specific', 'Vendor-Specific',
311, 311,
[ [[16, encodeTunnelPW(keyingMaterial.slice(64), (packet as any).authenticator, secret)]]
[
16,
encodeTunnelPW(
keyingMaterial.slice(64),
(packet as any).authenticator,
// params.packet.attributes['Message-Authenticator'],
secret
)
]
]
]); // MS-MPPE-Send-Key ]); // MS-MPPE-Send-Key
// eapKeyData
attributes.push([ attributes.push([
'Vendor-Specific', 'Vendor-Specific',
311, 311,
[ [[17, encodeTunnelPW(keyingMaterial.slice(0, 64), (packet as any).authenticator, secret)]]
[
17,
encodeTunnelPW(
keyingMaterial.slice(0, 64),
(packet as any).authenticator,
// params.packet.attributes['Message-Authenticator'],
secret
)
]
]
]); // MS-MPPE-Recv-Key ]); // MS-MPPE-Recv-Key
} else { } else {
console.error( console.error(
@ -365,7 +256,7 @@ export class EAPTTLS implements IEAPMethod {
// check if no data package is there and we have something in the queue, if so.. empty the queue first // check if no data package is there and we have something in the queue, if so.. empty the queue first
if (!data || data.length === 0) { if (!data || data.length === 0) {
console.warn( log(
`>>>>>>>>>>>> REQUEST FROM CLIENT: EAP TTLS, ACK / NACK (no data, just a confirmation, ID: ${identifier})` `>>>>>>>>>>>> REQUEST FROM CLIENT: EAP TTLS, ACK / NACK (no data, just a confirmation, ID: ${identifier})`
); );
const queuedData = this.queueData.get(stateID); const queuedData = this.queueData.get(stateID);
@ -376,7 +267,7 @@ export class EAPTTLS implements IEAPMethod {
return {}; return {};
} }
console.log('>>>>>>>>>>>> REQUEST FROM CLIENT: EAP TTLS', { log('>>>>>>>>>>>> REQUEST FROM CLIENT: EAP TTLS', {
// flags: `00000000${flags.toString(2)}`.substr(-8), // flags: `00000000${flags.toString(2)}`.substr(-8),
decodedFlags, decodedFlags,
identifier, identifier,
@ -393,7 +284,7 @@ export class EAPTTLS implements IEAPMethod {
connection.events.on('end', () => { connection.events.on('end', () => {
// cleanup socket // cleanup socket
console.log('ENDING SOCKET'); log('ENDING SOCKET');
this.openTLSSockets.del(stateID); this.openTLSSockets.del(stateID);
}); });
} }
@ -422,12 +313,12 @@ export class EAPTTLS implements IEAPMethod {
} }
break; break;
default: default:
console.log('data', incomingData); log('data', incomingData);
console.log('data str', incomingData.toString()); log('data str', incomingData.toString());
// currentConnection!.events.emit('end'); // currentConnection!.events.emit('end');
console.log('UNSUPPORTED AUTH TYPE, requesting PAP'); log('UNSUPPORTED AUTH TYPE, requesting PAP');
// throw new Error(`unsupported auth type${type}`); // throw new Error(`unsupported auth type${type}`);
sendResponsePromise.resolve( sendResponsePromise.resolve(
this.buildEAPTTLSResponse(identifier, 3, 0, stateID, Buffer.from([1])) this.buildEAPTTLSResponse(identifier, 3, 0, stateID, Buffer.from([1]))

11
src/radius/handler/eapMethods/challenges/PAPChallenge.ts
Unescape View File

@ -1,5 +1,8 @@
import debug from 'debug';
import { IEAPChallenge } from '../../../../types/EAPChallenge'; import { IEAPChallenge } from '../../../../types/EAPChallenge';
const log = debug('radius:eap:papchallenge');
export class PAPChallenge implements IEAPChallenge { export class PAPChallenge implements IEAPChallenge {
// i couldn't find any documentation about it, therefore best guess how this is processed... // i couldn't find any documentation about it, therefore best guess how this is processed...
// http://www.networksorcery.com/enp/rfc/rfc1334.txt ? // http://www.networksorcery.com/enp/rfc/rfc1334.txt ?
@ -7,7 +10,7 @@ export class PAPChallenge implements IEAPChallenge {
decode(data: Buffer) { decode(data: Buffer) {
const usrNameLength = data.slice(7, 8).readUInt8(0); const usrNameLength = data.slice(7, 8).readUInt8(0);
const user = data.slice(8, usrNameLength); const user = data.slice(8, usrNameLength);
console.log('user', user, user.toString().trim()); log('user', user, user.toString().trim());
let pwdStart = usrNameLength; // data.slice(usrNameLength); let pwdStart = usrNameLength; // data.slice(usrNameLength);
const passwordDelimeter = Buffer.from([0x02, 0x40, 0x00, 0x00]); const passwordDelimeter = Buffer.from([0x02, 0x40, 0x00, 0x00]);
@ -27,14 +30,14 @@ export class PAPChallenge implements IEAPChallenge {
if (!found) { if (!found) {
throw new Error("couldn't extract password"); throw new Error("couldn't extract password");
} }
// console.log('pwdStart+passwordDelimeter.length', pwdStart+passwordDelimeter.length); // log('pwdStart+passwordDelimeter.length', pwdStart+passwordDelimeter.length);
// console.log('length', pwdStart + data.readUInt8(pwdStart+passwordDelimeter.length)); // log('length', pwdStart + data.readUInt8(pwdStart+passwordDelimeter.length));
// first byte is a length property.. we ignore for now // first byte is a length property.. we ignore for now
pwd = data.slice(pwdStart + passwordDelimeter.length + 1); // , pwdStart+ data.readUInt8(pwdStart+passwordDelimeter.length)); pwd = data.slice(pwdStart + passwordDelimeter.length + 1); // , pwdStart+ data.readUInt8(pwdStart+passwordDelimeter.length));
// trim pwd // trim pwd
pwd = pwd.slice(0, pwd.indexOf(0x00)); pwd = pwd.slice(0, pwd.indexOf(0x00));
console.log('pwd', pwd, pwd.toString().trim().length, pwd.toString()); log('pwd', pwd, pwd.toString().trim().length, pwd.toString());
return { return {
username: user.toString(), username: user.toString(),

2
src/server/UDPServer.ts
Unescape View File

@ -60,8 +60,6 @@ export class UDPServer extends events.EventEmitter implements IServer {
}); });
this.server.on('message', (_msg, rinfo) => { this.server.on('message', (_msg, rinfo) => {
console.log('incoming message 2');
// message retrieved, reset timeout handler // message retrieved, reset timeout handler
const identifierForRetry = `${rinfo.address}:${rinfo.port}`; const identifierForRetry = `${rinfo.address}:${rinfo.port}`;
if (this.timeout[identifierForRetry]) { if (this.timeout[identifierForRetry]) {

35
src/tls/crypt.ts
Unescape View File

@ -4,9 +4,12 @@ import { createSecureContext } from 'tls';
import * as crypto from 'crypto'; import * as crypto from 'crypto';
import * as DuplexPair from 'native-duplexpair'; import * as DuplexPair from 'native-duplexpair';
import * as constants from 'constants'; import * as constants from 'constants';
import debug from 'debug';
import { makeid } from '../helpers'; import { makeid } from '../helpers';
import * as config from '../../config'; import * as config from '../../config';
const log = debug('radius:tls');
// https://nodejs.org/api/tls.html // https://nodejs.org/api/tls.html
const tlsOptions: tls.SecureContextOptions = { const tlsOptions: tls.SecureContextOptions = {
...config.certificate, ...config.certificate,
@ -17,7 +20,7 @@ const tlsOptions: tls.SecureContextOptions = {
// secureOptions: // secureOptions:
// ecdhCurve: 'auto' // ecdhCurve: 'auto'
}; };
console.log('tlsOptions', tlsOptions); log('tlsOptions', tlsOptions);
const secureContext = createSecureContext(tlsOptions); const secureContext = createSecureContext(tlsOptions);
export interface ITLSServer { export interface ITLSServer {
@ -45,7 +48,7 @@ export function startTLSServer(): ITLSServer {
}); });
encrypted.on('data', (data: Buffer) => { encrypted.on('data', (data: Buffer) => {
// console.log('encrypted data', data, data.toString()); // log('encrypted data', data, data.toString());
emitter.emit('response', data); emitter.emit('response', data);
}); });
@ -53,42 +56,42 @@ export function startTLSServer(): ITLSServer {
const cipher = cleartext.getCipher(); const cipher = cleartext.getCipher();
/* /*
console.log('Authorized', cleartext.authorized); log('Authorized', cleartext.authorized);
console.log('getTLSTicket', cleartext.getTLSTicket()); log('getTLSTicket', cleartext.getTLSTicket());
console.log('getEphemeralKeyInfo', cleartext.getEphemeralKeyInfo()); log('getEphemeralKeyInfo', cleartext.getEphemeralKeyInfo());
console.log('getPeerCertificate', cleartext.getPeerCertificate()); log('getPeerCertificate', cleartext.getPeerCertificate());
console.log('getSharedSigalgs', cleartext.getSharedSigalgs()); log('getSharedSigalgs', cleartext.getSharedSigalgs());
console.log('getCertificate', cleartext.getCertificate()); log('getCertificate', cleartext.getCertificate());
console.log('getSession', cleartext.getSession()); log('getSession', cleartext.getSession());
*/ */
if (cipher) { if (cipher) {
console.log(`TLS negotiated (${cipher.name}, ${cipher.version})`); log(`TLS negotiated (${cipher.name}, ${cipher.version})`);
} }
cleartext.on('data', (data: Buffer) => { cleartext.on('data', (data: Buffer) => {
// console.log('cleartext data', data, data.toString()); // log('cleartext data', data, data.toString());
emitter.emit('incoming', data); emitter.emit('incoming', data);
}); });
cleartext.once('close', (_data: Buffer) => { cleartext.once('close', (_data: Buffer) => {
console.log('cleartext close'); log('cleartext close');
emitter.emit('end'); emitter.emit('end');
}); });
cleartext.on('keylog', line => { cleartext.on('keylog', line => {
console.log('############ KEYLOG #############', line); log('############ KEYLOG #############', line);
// cleartext.getTicketKeys() // cleartext.getTicketKeys()
}); });
console.log('*********** new client connection established / secured ********'); log('*********** new client connection established / secured ********');
// this.emit('secure', securePair.cleartext); // this.emit('secure', securePair.cleartext);
// this.encryptAllFutureTraffic(); // this.encryptAllFutureTraffic();
console.log('GET FINSIHED', cleartext.getFinished()); log('GET FINSIHED', cleartext.getFinished());
}); });
cleartext.on('error', (err?: Error) => { cleartext.on('error', (err?: Error) => {
console.log('cleartext error', err); log('cleartext error', err);
encrypted.destroy(); encrypted.destroy();
cleartext.destroy(err); cleartext.destroy(err);

Write Preview
Loading…
Cancel
Save