[KiwiIRC.git] / server / lib / starttls.js

// Target API:
//
//  var s = require('net').createStream(25, 'smtp.example.com');
//  s.on('connect', function() {
//   require('starttls')(s, options, function() {
//      if (!s.authorized) {
//        s.destroy();
//        return;
//      }
//
//      s.end("hello world\n");
//    });
//  });
//
//
module.exports = function starttls(socket, options, cb) {

  var sslcontext = require('crypto').createCredentials(options);

  var pair = require('tls').createSecurePair(sslcontext, false);

  var cleartext = pipe(pair, socket);

  pair.on('secure', function() {
    var verifyError = pair.ssl.verifyError();

    if (verifyError) {
      cleartext.authorized = false;
      cleartext.authorizationError = verifyError;
    } else {
      cleartext.authorized = true;
    }

    if (cb) cb();
  });

  cleartext._controlReleased = true;
  return cleartext;
};


function pipe(pair, socket) {
  pair.encrypted.pipe(socket);
  socket.pipe(pair.encrypted);

  pair.fd = socket.fd;
  var cleartext = pair.cleartext;
  cleartext.socket = socket;
  cleartext.encrypted = pair.encrypted;
  cleartext.authorized = false;

  function onerror(e) {
    if (cleartext._controlReleased) {
      cleartext.emit('error', e);
    }
  }

  function onclose() {
    socket.removeListener('error', onerror);
    socket.removeListener('close', onclose);
  }

  socket.on('error', onerror);
  socket.on('close', onclose);

  return cleartext;
}
Commit	Line	Data
4136eb38 JA	1	// Target API:
	2	//
	3	// var s = require('net').createStream(25, 'smtp.example.com');
	4	// s.on('connect', function() {
	5	// require('starttls')(s, options, function() {
	6	// if (!s.authorized) {
	7	// s.destroy();
	8	// return;
	9	// }
	10	//
	11	// s.end("hello world\n");
	12	// });
	13	// });
	14	//
	15	//
	16	module.exports = function starttls(socket, options, cb) {
	17
	18	var sslcontext = require('crypto').createCredentials(options);
	19
	20	var pair = require('tls').createSecurePair(sslcontext, false);
	21
	22	var cleartext = pipe(pair, socket);
	23
	24	pair.on('secure', function() {
	25	var verifyError = pair.ssl.verifyError();
	26
	27	if (verifyError) {
	28	cleartext.authorized = false;
	29	cleartext.authorizationError = verifyError;
	30	} else {
	31	cleartext.authorized = true;
	32	}
	33
	34	if (cb) cb();
	35	});
	36
	37	cleartext._controlReleased = true;
	38	return cleartext;
	39	};
	40
	41
	42	function pipe(pair, socket) {
	43	pair.encrypted.pipe(socket);
	44	socket.pipe(pair.encrypted);
	45
	46	pair.fd = socket.fd;
	47	var cleartext = pair.cleartext;
	48	cleartext.socket = socket;
	49	cleartext.encrypted = pair.encrypted;
	50	cleartext.authorized = false;
	51
	52	function onerror(e) {
	53	if (cleartext._controlReleased) {
	54	cleartext.emit('error', e);
	55	}
	56	}
	57
	58	function onclose() {
	59	socket.removeListener('error', onerror);
	60	socket.removeListener('close', onclose);
	61	}
	62
	63	socket.on('error', onerror);
	64	socket.on('close', onclose);
65
66	return cleartext;
67	}
68