WIP - now ca, cert, key options in config

Author: CMCDragonkai

src/config.ts

@@ -1,6 +1,6 @@
 import type { Config as QuicheConfig } from './native/types';
 import { quiche } from './native';
-
+import * as errors from './errors';
 
 type QUICConfig = {
   /**
@@ -133,11 +133,18 @@ const textDecoder = new TextDecoder('utf-8');
 const textEncoder = new TextEncoder();
 
 function buildQuicheConfig(config: QUICConfig): QuicheConfig {
-
-  // This will be passed in as a Optional<Uint8Array>
-
-  // This is a concatenated certificate authority certificates in
-  // PEM format, separated by `\n`
+  if (config.key != null && config.cert == null) {
+    throw new errors.ErrorQUICConfig('The cert option must be set when key is set');
+  } else if (config.key == null && config.cert != null) {
+    throw new errors.ErrorQUICConfig('The key option must be set when cert is set');
+  } else if (config.key != null && config.cert != null) {
+    if (Array.isArray(config.key) && Array.isArray(config.cert)) {
+      if (config.key.length !== config.cert.length) {
+        throw new errors.ErrorQUICConfig('The number of keys must match the number of certs');
+      }
+    }
+  }
+  // This is a concatenated CA certificates in PEM format
   let caPEMBuffer: Uint8Array | undefined;
   if (config.ca != null) {
     let caPEMString = '';
@@ -156,48 +163,51 @@ function buildQuicheConfig(config: QUICConfig): QuicheConfig {
     }
     caPEMBuffer = textEncoder.encode(caPEMString);
   }
-
-  // Setup: [keyPEM, keyPEM, keyPEM]
-  // AND [certChainPem, certChainPEM, certChainPEM]
-  // Then we pass it in
-  // atm, i don't think this actually works
-  // due to lack of this `SSL_CTX_add1_chain_cert` function
-
-
-
-
-  // let certChainPem: Buffer | null = null;
-  // let privKeyPem: Buffer | null = null;
-  // if (config.tlsConfig != null && 'certChainPem' in config.tlsConfig) {
-  //   if (config.tlsConfig.certChainPem != null) {
-  //     certChainPem = Buffer.from(config.tlsConfig.certChainPem);
-  //   }
-  //   if (config.tlsConfig.privKeyPem != null) {
-  //     privKeyPem = Buffer.from(config.tlsConfig.privKeyPem);
-  //   }
-  // }
-
-
-  const quicheConfig: QuicheConfig = quiche.Config.withBoringSslCtx(
-    certChainPem,
-    privKeyPem,
-    config.supportedPrivateKeyAlgos ?? null,
-    caBuffer,
-    config.verifyPeer,
-  );
-  if (config.tlsConfig != null && 'certChainFromPemFile' in config.tlsConfig) {
-    if (config.tlsConfig?.certChainFromPemFile != null) {
-      quicheConfig.loadCertChainFromPemFile(
-        config.tlsConfig.certChainFromPemFile,
-      );
+  // This is an array of private keys in PEM format
+  let keyPEMBuffers: Array<Uint8Array> | undefined;
+  if (config.key != null) {
+    let keyPEMs: Array<string> = [];
+    if (typeof config.key === 'string') {
+      keyPEMs.push(config.key.trim() + '\n');
+    } else if (config.key instanceof Uint8Array) {
+      keyPEMs.push(textDecoder.decode(config.key).trim() + '\n');
+    } else if (Array.isArray(config.key)) {
+      for (const k of config.key) {
+        if (typeof k === 'string') {
+          keyPEMs.push(k.trim() + '\n');
+        } else {
+          keyPEMs.push(textDecoder.decode(k).trim() + '\n');
+        }
+      }
     }
-    if (config.tlsConfig?.privKeyFromPemFile != null) {
-      quicheConfig.loadPrivKeyFromPemFile(config.tlsConfig.privKeyFromPemFile);
+    keyPEMBuffers = keyPEMs.map((k) => textEncoder.encode(k));
+  }
+  // This is an array of certificate chains in PEM format
+  let certChainPEMBuffers: Array<Uint8Array> | undefined;
+  if (config.cert != null) {
+    let certChainPEMs: Array<string> = [];
+    if (typeof config.cert === 'string') {
+      certChainPEMs.push(config.cert.trim() + '\n');
+    } else if (config.cert instanceof Uint8Array) {
+      certChainPEMs.push(textDecoder.decode(config.cert).trim() + '\n');
+    } else if (Array.isArray(config.cert)) {
+      for (const c of config.cert) {
+        if (typeof c === 'string') {
+          certChainPEMs.push(c.trim() + '\n');
+        } else {
+          certChainPEMs.push(textDecoder.decode(c).trim() + '\n');
+        }
+      }
     }
+    certChainPEMBuffers = certChainPEMs.map((c) => textEncoder.encode(c));
   }
-  // if (config.verifyFromPemFile != null) {
-  //   quicheConfig.loadVerifyLocationsFromFile(config.verifyFromPemFile);
-  // }
+  const quicheConfig: QuicheConfig = quiche.Config.withBoringSslCtx(
+    config.verifyPeer,
+    caPEMBuffer,
+    keyPEMBuffers,
+    certChainPEMBuffers,
+    config.sigalgs,
+  );
   if (config.logKeys != null) {
     quicheConfig.logKeys();
   }

src/errors.ts

@@ -4,6 +4,10 @@ class ErrorQUIC<T> extends AbstractError<T> {
   static description = 'QUIC error';
 }
 
+class ErrorQUICConfig<T> extends ErrorQUIC<T> {
+  static description = 'QUIC config error';
+}
+
 class ErrorQUICSocket<T> extends ErrorQUIC<T> {
   static description = 'QUIC Socket error';
 }
@@ -105,6 +109,7 @@ class ErrorQUICUndefinedBehaviour<T> extends ErrorQUIC<T> {
 
 export {
   ErrorQUIC,
+  ErrorQUICConfig,
   ErrorQUICSocket,
   ErrorQUICSocketNotRunning,
   ErrorQUICSocketServerDuplicate,

src/native/types.ts

@@ -44,11 +44,11 @@ interface Config {
 interface ConfigConstructor {
   new (): Config;
   withBoringSslCtx(
-    certPem: Uint8Array | null,
-    keyPem: Uint8Array | null,
-    supportedKeyAlgos: string | null,
-    ca_cert_pem: Uint8Array | null,
-    verify_peer: boolean,
+    verifyPeer: boolean,
+    ca?: Uint8Array | undefined | null,
+    key?: Array<Uint8Array> | undefined | null,
+    cert?: Array<Uint8Array> | undefined | null,
+    sigalgs?: string | undefined | null,
   ): Config;
 }