aboutsummaryrefslogtreecommitdiff
path: root/src/js/out/InternalModuleRegistryConstants.h
diff options
context:
space:
mode:
authorGravatar Ciro Spaciari <ciro.spaciari@gmail.com> 2023-09-07 02:23:24 -0300
committerGravatar GitHub <noreply@github.com> 2023-09-06 22:23:24 -0700
commit4360ec83b4146e15344b304573795f084f86a7c2 (patch)
treed2df0876f7885b856632d5bdcee06835c63787fe /src/js/out/InternalModuleRegistryConstants.h
parent3b9829f17134a21790f1524f3391409f385dfee9 (diff)
downloadbun-4360ec83b4146e15344b304573795f084f86a7c2.tar.gz
bun-4360ec83b4146e15344b304573795f084f86a7c2.tar.zst
bun-4360ec83b4146e15344b304573795f084f86a7c2.zip
feat(fetch) rejectUnauthorized and checkServerIdentity (#4514)
* enable root certs on fetch * rebase * fix lookup * some fixes and improvements * fmt * more fixes * more fixes * check detached onHandshake * fix promise case * fix cert non-Native * add fetch tls tests * more one test
Diffstat (limited to 'src/js/out/InternalModuleRegistryConstants.h')
-rw-r--r--src/js/out/InternalModuleRegistryConstants.h6
1 files changed, 3 insertions, 3 deletions
diff --git a/src/js/out/InternalModuleRegistryConstants.h b/src/js/out/InternalModuleRegistryConstants.h
index 2d1f7d99d..5e476aa1c 100644
--- a/src/js/out/InternalModuleRegistryConstants.h
+++ b/src/js/out/InternalModuleRegistryConstants.h
@@ -174,7 +174,7 @@ static constexpr ASCIILiteral NodeTimersPromisesCode = "(function (){\"use stric
//
//
-static constexpr ASCIILiteral NodeTLSCode = "(function (){\"use strict\";// src/js/out/tmp/node/tls.ts\nvar parseCertString = function() {\n throwNotImplemented(\"Not implemented\");\n}, isValidTLSArray = function(obj) {\n if (typeof obj === \"string\" || isTypedArray(obj) || obj instanceof ArrayBuffer || obj instanceof Blob)\n return !0;\n if (Array.isArray(obj)) {\n for (var i = 0;i < obj.length; i++)\n if (typeof obj !== \"string\" && !isTypedArray(obj) && !(obj instanceof ArrayBuffer) && !(obj instanceof Blob))\n return !1;\n return !0;\n }\n}, unfqdn = function(host2) {\n return RegExpPrototypeSymbolReplace.call(/[.]$/, host2, \"\");\n}, toLowerCase = function(c) {\n return StringFromCharCode.call(32 + StringPrototypeCharCodeAt.call(c, 0));\n}, splitHost = function(host2) {\n return StringPrototypeSplit.call(RegExpPrototypeSymbolReplace.call(/[A-Z]/g, unfqdn(host2), toLowerCase), \".\");\n}, check = function(hostParts, pattern, wildcards) {\n if (!pattern)\n return !1;\n const patternParts = splitHost(pattern);\n if (hostParts.length !== patternParts.length)\n return !1;\n if (ArrayPrototypeIncludes.call(patternParts, \"\"))\n return !1;\n const isBad = (s) => RegExpPrototypeExec.call(/[^\\u0021-\\u007F]/u, s) !== null;\n if (ArrayPrototypeSome.call(patternParts, isBad))\n return !1;\n for (let i = hostParts.length - 1;i > 0; i -= 1)\n if (hostParts[i] !== patternParts[i])\n return !1;\n const hostSubdomain = hostParts[0], patternSubdomain = patternParts[0], patternSubdomainParts = StringPrototypeSplit.call(patternSubdomain, \"*\");\n if (patternSubdomainParts.length === 1 || StringPrototypeIncludes.call(patternSubdomain, \"xn--\"))\n return hostSubdomain === patternSubdomain;\n if (!wildcards)\n return !1;\n if (patternSubdomainParts.length > 2)\n return !1;\n if (patternParts.length <= 2)\n return !1;\n const { 0: prefix, 1: suffix } = patternSubdomainParts;\n if (prefix.length + suffix.length > hostSubdomain.length)\n return !1;\n if (!StringPrototypeStartsWith.call(hostSubdomain, prefix))\n return !1;\n if (!StringPrototypeEndsWith.call(hostSubdomain, suffix))\n return !1;\n return !0;\n}, splitEscapedAltNames = function(altNames) {\n const result = [];\n let currentToken = \"\", offset = 0;\n while (offset !== altNames.length) {\n const nextSep = StringPrototypeIndexOf.call(altNames, \", \", offset), nextQuote = StringPrototypeIndexOf.call(altNames, '\"', offset);\n if (nextQuote !== -1 && (nextSep === -1 || nextQuote < nextSep)) {\n currentToken += StringPrototypeSubstring.call(altNames, offset, nextQuote);\n const match = RegExpPrototypeExec.call(jsonStringPattern, StringPrototypeSubstring.call(altNames, nextQuote));\n if (!match) {\n let error = new SyntaxError(\"ERR_TLS_CERT_ALTNAME_FORMAT: Invalid subject alternative name string\");\n throw error.name = ERR_TLS_CERT_ALTNAME_FORMAT, error;\n }\n currentToken += JSON.parse(match[0]), offset = nextQuote + match[0].length;\n } else if (nextSep !== -1)\n currentToken += StringPrototypeSubstring.call(altNames, offset, nextSep), ArrayPrototypePush.call(result, currentToken), currentToken = \"\", offset = nextSep + 2;\n else\n currentToken += StringPrototypeSubstring.call(altNames, offset), offset = altNames.length;\n }\n return ArrayPrototypePush.call(result, currentToken), result;\n}, checkServerIdentity = function(hostname, cert) {\n const { subject, subjectaltname: altNames } = cert, dnsNames = [], ips = [];\n if (hostname = \"\" + hostname, altNames) {\n const splitAltNames = StringPrototypeIncludes.call(altNames, '\"') \? splitEscapedAltNames(altNames) : StringPrototypeSplit.call(altNames, \", \");\n ArrayPrototypeForEach.call(splitAltNames, (name) => {\n if (StringPrototypeStartsWith.call(name, \"DNS:\"))\n ArrayPrototypePush.call(dnsNames, StringPrototypeSlice.call(name, 4));\n else if (StringPrototypeStartsWith.call(name, \"IP Address:\"))\n ArrayPrototypePush.call(ips, canonicalizeIP(StringPrototypeSlice.call(name, 11)));\n });\n }\n let valid = !1, reason = \"Unknown reason\";\n if (hostname = unfqdn(hostname), net.isIP(hostname)) {\n if (valid = ArrayPrototypeIncludes.call(ips, canonicalizeIP(hostname)), !valid)\n reason = `IP: ${hostname} is not in the cert's list: ` + ArrayPrototypeJoin.call(ips, \", \");\n } else if (dnsNames.length > 0 || subject\?.CN) {\n const hostParts = splitHost(hostname), wildcard = (pattern) => check(hostParts, pattern, !0);\n if (dnsNames.length > 0) {\n if (valid = ArrayPrototypeSome.call(dnsNames, wildcard), !valid)\n reason = `Host: ${hostname}. is not in the cert's altnames: ${altNames}`;\n } else {\n const cn = subject.CN;\n if (Array.isArray(cn))\n valid = ArrayPrototypeSome.call(cn, wildcard);\n else if (cn)\n valid = wildcard(cn);\n if (!valid)\n reason = `Host: ${hostname}. is not cert's CN: ${cn}`;\n }\n } else\n reason = \"Cert does not contain a DNS name\";\n if (!valid) {\n let error = new Error(`ERR_TLS_CERT_ALTNAME_INVALID: Hostname/IP does not match certificate's altnames: ${reason}`);\n return error.name = \"ERR_TLS_CERT_ALTNAME_INVALID\", error.reason = reason, error.host = host, error.cert = cert, error;\n }\n}, SecureContext = function(options) {\n return new InternalSecureContext(options);\n}, createSecureContext = function(options) {\n return new SecureContext(options);\n}, translatePeerCertificate = function(c) {\n if (!c)\n return null;\n if (c.issuerCertificate != null && c.issuerCertificate !== c)\n c.issuerCertificate = translatePeerCertificate(c.issuerCertificate);\n if (c.infoAccess != null) {\n const info = c.infoAccess;\n c.infoAccess = { __proto__: null }, RegExpPrototypeSymbolReplace.call(/([^\\n:]*):([^\\n]*)(\?:\\n|$)/g, info, (all, key, val) => {\n if (val.charCodeAt(0) === 34)\n val = JSONParse(val);\n if (key in c.infoAccess)\n ArrayPrototypePush.call(c.infoAccess[key], val);\n else\n c.infoAccess[key] = [val];\n });\n }\n return c;\n}, createServer = function(options, connectionListener) {\n return new Server(options, connectionListener);\n}, getCiphers = function() {\n return DEFAULT_CIPHERS.split(\":\");\n}, convertProtocols = function(protocols) {\n const lens = new Array(protocols.length), buff = Buffer.allocUnsafe(ArrayPrototypeReduce.call(protocols, (p, c, i) => {\n const len = Buffer.byteLength(c);\n if (len > 255)\n @throwRangeError(\"The byte length of the protocol at index \" + `${i} exceeds the maximum length.`, \"<= 255\", len, !0);\n return lens[i] = len, p + 1 + len;\n }, 0));\n let offset = 0;\n for (let i = 0, c = protocols.length;i < c; i++)\n buff[offset++] = lens[i], buff.write(protocols[i], offset), offset += lens[i];\n return buff;\n}, convertALPNProtocols = function(protocols, out) {\n if (Array.isArray(protocols))\n out.ALPNProtocols = convertProtocols(protocols);\n else if (isTypedArray(protocols))\n out.ALPNProtocols = Buffer.from(protocols);\n else if (isArrayBufferView(protocols))\n out.ALPNProtocols = Buffer.from(protocols.buffer.slice(protocols.byteOffset, protocols.byteOffset + protocols.byteLength));\n else if (Buffer.isBuffer(protocols))\n out.ALPNProtocols = protocols;\n}, $, { isArrayBufferView, isTypedArray } = @requireNativeModule(\"node:util/types\"), net = @getInternalField(@internalModuleRegistry, 25) || @createInternalModuleById(25), { Server: NetServer, [Symbol.for(\"::bunternal::\")]: InternalTCPSocket } = net, bunSocketInternal = Symbol.for(\"::bunnetsocketinternal::\"), { rootCertificates, canonicalizeIP } = globalThis[globalThis.Symbol.for('Bun.lazy')](\"internal/tls\"), SymbolReplace = Symbol.replace, RegExpPrototypeSymbolReplace = RegExp.prototype[SymbolReplace], RegExpPrototypeExec = RegExp.prototype.exec, StringPrototypeStartsWith = String.prototype.startsWith, StringPrototypeSlice = String.prototype.slice, StringPrototypeIncludes = String.prototype.includes, StringPrototypeSplit = String.prototype.split, StringPrototypeIndexOf = String.prototype.indexOf, StringPrototypeSubstring = String.prototype.substring, StringPrototypeEndsWith = String.prototype.endsWith, StringFromCharCode = String.fromCharCode, StringPrototypeCharCodeAt = String.prototype.charCodeAt, ArrayPrototypeIncludes = Array.prototype.includes, ArrayPrototypeJoin = Array.prototype.join, ArrayPrototypeForEach = Array.prototype.forEach, ArrayPrototypePush = Array.prototype.push, ArrayPrototypeSome = Array.prototype.some, ArrayPrototypeReduce = Array.prototype.reduce, jsonStringPattern = /^\"(\?:[^\"\\\\\\u0000-\\u001f]|\\\\(\?:[\"\\\\/bfnrt]|u[0-9a-fA-F]{4}))*\"/, InternalSecureContext = class SecureContext2 {\n context;\n constructor(options) {\n const context = {};\n if (options) {\n let key = options.key;\n if (key) {\n if (!isValidTLSArray(key))\n @throwTypeError(\"key argument must be an string, Buffer, TypedArray, BunFile or an array containing string, Buffer, TypedArray or BunFile\");\n this.key = key;\n }\n let cert = options.cert;\n if (cert) {\n if (!isValidTLSArray(cert))\n @throwTypeError(\"cert argument must be an string, Buffer, TypedArray, BunFile or an array containing string, Buffer, TypedArray or BunFile\");\n this.cert = cert;\n }\n let ca = options.ca;\n if (ca) {\n if (!isValidTLSArray(ca))\n @throwTypeError(\"ca argument must be an string, Buffer, TypedArray, BunFile or an array containing string, Buffer, TypedArray or BunFile\");\n this.ca = ca;\n }\n let passphrase = options.passphrase;\n if (passphrase && typeof passphrase !== \"string\")\n @throwTypeError(\"passphrase argument must be an string\");\n this.passphrase = passphrase;\n let servername = options.servername;\n if (servername && typeof servername !== \"string\")\n @throwTypeError(\"servername argument must be an string\");\n this.servername = servername;\n let secureOptions = options.secureOptions || 0;\n if (secureOptions && typeof secureOptions !== \"number\")\n @throwTypeError(\"secureOptions argument must be an number\");\n this.secureOptions = secureOptions;\n }\n this.context = context;\n }\n}, buntls = Symbol.for(\"::buntls::\"), SocketClass, TLSSocket = function(InternalTLSSocket) {\n return SocketClass = InternalTLSSocket, Object.defineProperty(SocketClass.prototype, Symbol.toStringTag, {\n value: \"TLSSocket\",\n enumerable: !1\n }), Object.defineProperty(function Socket(options) {\n return new InternalTLSSocket(options);\n }, Symbol.hasInstance, {\n value(instance) {\n return instance instanceof InternalTLSSocket;\n }\n });\n}(class TLSSocket2 extends InternalTCPSocket {\n #secureContext;\n ALPNProtocols;\n #socket;\n #checkServerIdentity;\n #session;\n constructor(socket, options) {\n super(socket instanceof InternalTCPSocket \? options : options || socket);\n if (options = options || socket || {}, typeof options === \"object\") {\n const { ALPNProtocols } = options;\n if (ALPNProtocols)\n convertALPNProtocols(ALPNProtocols, this);\n if (socket instanceof InternalTCPSocket)\n this.#socket = socket;\n }\n this.#secureContext = options.secureContext || createSecureContext(options), this.authorized = !1, this.secureConnecting = !0, this._secureEstablished = !1, this._securePending = !0, this.#checkServerIdentity = options.checkServerIdentity || checkServerIdentity, this.#session = options.session || null;\n }\n _secureEstablished = !1;\n _securePending = !0;\n _newSessionPending;\n _controlReleased;\n secureConnecting = !1;\n _SNICallback;\n servername;\n authorized = !1;\n authorizationError;\n #renegotiationDisabled = !1;\n encrypted = !0;\n _start() {\n this.connect();\n }\n getSession() {\n return this[bunSocketInternal]\?.getSession();\n }\n getEphemeralKeyInfo() {\n return this[bunSocketInternal]\?.getEphemeralKeyInfo();\n }\n getCipher() {\n return this[bunSocketInternal]\?.getCipher();\n }\n getSharedSigalgs() {\n return this[bunSocketInternal]\?.getSharedSigalgs();\n }\n getProtocol() {\n return this[bunSocketInternal]\?.getTLSVersion();\n }\n getFinished() {\n return this[bunSocketInternal]\?.getTLSFinishedMessage() || void 0;\n }\n getPeerFinished() {\n return this[bunSocketInternal]\?.getTLSPeerFinishedMessage() || void 0;\n }\n isSessionReused() {\n return !!this.#session;\n }\n renegotiate() {\n if (this.#renegotiationDisabled) {\n const error = new Error(\"ERR_TLS_RENEGOTIATION_DISABLED: TLS session renegotiation disabled for this socket\");\n throw error.name = \"ERR_TLS_RENEGOTIATION_DISABLED\", error;\n }\n throw Error(\"Not implented in Bun yet\");\n }\n disableRenegotiation() {\n this.#renegotiationDisabled = !0;\n }\n getTLSTicket() {\n return this[bunSocketInternal]\?.getTLSTicket();\n }\n exportKeyingMaterial(length, label, context) {\n if (context)\n return this[bunSocketInternal]\?.exportKeyingMaterial(length, label, context);\n return this[bunSocketInternal]\?.exportKeyingMaterial(length, label);\n }\n setMaxSendFragment(size) {\n return this[bunSocketInternal]\?.setMaxSendFragment(size) || !1;\n }\n enableTrace() {\n }\n setServername(name) {\n if (this.isServer) {\n let error = new Error(\"ERR_TLS_SNI_FROM_SERVER: Cannot issue SNI from a TLS server-side socket\");\n throw error.name = \"ERR_TLS_SNI_FROM_SERVER\", error;\n }\n this.servername = name, this[bunSocketInternal]\?.setServername(name);\n }\n setSession(session) {\n if (this.#session = session, typeof session === \"string\")\n session = Buffer.from(session, \"latin1\");\n return this[bunSocketInternal]\?.setSession(session);\n }\n getPeerCertificate(abbreviated) {\n const cert = arguments.length < 1 \? this[bunSocketInternal]\?.getPeerCertificate() : this[bunSocketInternal]\?.getPeerCertificate(abbreviated);\n if (cert)\n return translatePeerCertificate(cert);\n }\n getCertificate() {\n const cert = this[bunSocketInternal]\?.getCertificate();\n if (cert)\n return translatePeerCertificate(cert);\n }\n getPeerX509Certificate() {\n throw Error(\"Not implented in Bun yet\");\n }\n getX509Certificate() {\n throw Error(\"Not implented in Bun yet\");\n }\n get alpnProtocol() {\n return this[bunSocketInternal]\?.alpnProtocol;\n }\n [buntls](port, host2) {\n return {\n socket: this.#socket,\n ALPNProtocols: this.ALPNProtocols,\n serverName: this.servername || host2 || \"localhost\",\n checkServerIdentity: this.#checkServerIdentity,\n session: this.#session,\n ...this.#secureContext\n };\n }\n});\n\nclass Server extends NetServer {\n key;\n cert;\n ca;\n passphrase;\n secureOptions;\n _rejectUnauthorized;\n _requestCert;\n servername;\n ALPNProtocols;\n constructor(options, secureConnectionListener) {\n super(options, secureConnectionListener);\n this.setSecureContext(options);\n }\n setSecureContext(options) {\n if (options instanceof InternalSecureContext)\n options = options.context;\n if (options) {\n const { ALPNProtocols } = options;\n if (ALPNProtocols)\n convertALPNProtocols(ALPNProtocols, this);\n let key = options.key;\n if (key) {\n if (!isValidTLSArray(key))\n @throwTypeError(\"key argument must be an string, Buffer, TypedArray, BunFile or an array containing string, Buffer, TypedArray or BunFile\");\n this.key = key;\n }\n let cert = options.cert;\n if (cert) {\n if (!isValidTLSArray(cert))\n @throwTypeError(\"cert argument must be an string, Buffer, TypedArray, BunFile or an array containing string, Buffer, TypedArray or BunFile\");\n this.cert = cert;\n }\n let ca = options.ca;\n if (ca) {\n if (!isValidTLSArray(ca))\n @throwTypeError(\"ca argument must be an string, Buffer, TypedArray, BunFile or an array containing string, Buffer, TypedArray or BunFile\");\n this.ca = ca;\n }\n let passphrase = options.passphrase;\n if (passphrase && typeof passphrase !== \"string\")\n @throwTypeError(\"passphrase argument must be an string\");\n this.passphrase = passphrase;\n let servername = options.servername;\n if (servername && typeof servername !== \"string\")\n @throwTypeError(\"servername argument must be an string\");\n this.servername = servername;\n let secureOptions = options.secureOptions || 0;\n if (secureOptions && typeof secureOptions !== \"number\")\n @throwTypeError(\"secureOptions argument must be an number\");\n this.secureOptions = secureOptions;\n const requestCert = options.requestCert || !1;\n if (requestCert)\n this._requestCert = requestCert;\n else\n this._requestCert = void 0;\n const rejectUnauthorized = options.rejectUnauthorized || !1;\n if (rejectUnauthorized)\n this._rejectUnauthorized = rejectUnauthorized;\n else\n this._rejectUnauthorized = void 0;\n }\n }\n getTicketKeys() {\n throw Error(\"Not implented in Bun yet\");\n }\n setTicketKeys() {\n throw Error(\"Not implented in Bun yet\");\n }\n [buntls](port, host2, isClient) {\n return [\n {\n serverName: this.servername || host2 || \"localhost\",\n key: this.key,\n cert: this.cert,\n ca: this.ca,\n passphrase: this.passphrase,\n secureOptions: this.secureOptions,\n rejectUnauthorized: isClient \? !1 : this._rejectUnauthorized,\n requestCert: isClient \? !1 : this._requestCert,\n ALPNProtocols: this.ALPNProtocols\n },\n SocketClass\n ];\n }\n}\nvar CLIENT_RENEG_LIMIT = 3, CLIENT_RENEG_WINDOW = 600, DEFAULT_ECDH_CURVE = \"auto\", DEFAULT_CIPHERS = \"DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256\", DEFAULT_MIN_VERSION = \"TLSv1.2\", DEFAULT_MAX_VERSION = \"TLSv1.3\", createConnection = (port, host2, connectListener) => {\n if (typeof port === \"object\") {\n port.checkServerIdentity;\n const { ALPNProtocols } = port;\n if (ALPNProtocols)\n convertALPNProtocols(ALPNProtocols, port);\n return new TLSSocket(port).connect(port, host2, connectListener);\n }\n return new TLSSocket().connect(port, host2, connectListener);\n}, connect = createConnection;\n$ = {\n CLIENT_RENEG_LIMIT,\n CLIENT_RENEG_WINDOW,\n connect,\n convertALPNProtocols,\n createConnection,\n createSecureContext,\n createServer,\n DEFAULT_CIPHERS,\n DEFAULT_ECDH_CURVE,\n DEFAULT_MAX_VERSION,\n DEFAULT_MIN_VERSION,\n getCiphers,\n parseCertString,\n SecureContext,\n Server,\n TLSSocket,\n checkServerIdentity,\n rootCertificates\n};\nreturn $})\n"_s;
+static constexpr ASCIILiteral NodeTLSCode = "(function (){\"use strict\";// src/js/out/tmp/node/tls.ts\nvar parseCertString = function() {\n throwNotImplemented(\"Not implemented\");\n}, isValidTLSArray = function(obj) {\n if (typeof obj === \"string\" || isTypedArray(obj) || obj instanceof ArrayBuffer || obj instanceof Blob)\n return !0;\n if (Array.isArray(obj)) {\n for (var i = 0;i < obj.length; i++)\n if (typeof obj !== \"string\" && !isTypedArray(obj) && !(obj instanceof ArrayBuffer) && !(obj instanceof Blob))\n return !1;\n return !0;\n }\n}, unfqdn = function(host) {\n return RegExpPrototypeSymbolReplace.call(/[.]$/, host, \"\");\n}, toLowerCase = function(c) {\n return StringFromCharCode.call(32 + StringPrototypeCharCodeAt.call(c, 0));\n}, splitHost = function(host) {\n return StringPrototypeSplit.call(RegExpPrototypeSymbolReplace.call(/[A-Z]/g, unfqdn(host), toLowerCase), \".\");\n}, check = function(hostParts, pattern, wildcards) {\n if (!pattern)\n return !1;\n const patternParts = splitHost(pattern);\n if (hostParts.length !== patternParts.length)\n return !1;\n if (ArrayPrototypeIncludes.call(patternParts, \"\"))\n return !1;\n const isBad = (s) => RegExpPrototypeExec.call(/[^\\u0021-\\u007F]/u, s) !== null;\n if (ArrayPrototypeSome.call(patternParts, isBad))\n return !1;\n for (let i = hostParts.length - 1;i > 0; i -= 1)\n if (hostParts[i] !== patternParts[i])\n return !1;\n const hostSubdomain = hostParts[0], patternSubdomain = patternParts[0], patternSubdomainParts = StringPrototypeSplit.call(patternSubdomain, \"*\");\n if (patternSubdomainParts.length === 1 || StringPrototypeIncludes.call(patternSubdomain, \"xn--\"))\n return hostSubdomain === patternSubdomain;\n if (!wildcards)\n return !1;\n if (patternSubdomainParts.length > 2)\n return !1;\n if (patternParts.length <= 2)\n return !1;\n const { 0: prefix, 1: suffix } = patternSubdomainParts;\n if (prefix.length + suffix.length > hostSubdomain.length)\n return !1;\n if (!StringPrototypeStartsWith.call(hostSubdomain, prefix))\n return !1;\n if (!StringPrototypeEndsWith.call(hostSubdomain, suffix))\n return !1;\n return !0;\n}, splitEscapedAltNames = function(altNames) {\n const result = [];\n let currentToken = \"\", offset = 0;\n while (offset !== altNames.length) {\n const nextSep = StringPrototypeIndexOf.call(altNames, \", \", offset), nextQuote = StringPrototypeIndexOf.call(altNames, '\"', offset);\n if (nextQuote !== -1 && (nextSep === -1 || nextQuote < nextSep)) {\n currentToken += StringPrototypeSubstring.call(altNames, offset, nextQuote);\n const match = RegExpPrototypeExec.call(jsonStringPattern, StringPrototypeSubstring.call(altNames, nextQuote));\n if (!match) {\n let error = new SyntaxError(\"ERR_TLS_CERT_ALTNAME_FORMAT: Invalid subject alternative name string\");\n throw error.name = ERR_TLS_CERT_ALTNAME_FORMAT, error;\n }\n currentToken += JSON.parse(match[0]), offset = nextQuote + match[0].length;\n } else if (nextSep !== -1)\n currentToken += StringPrototypeSubstring.call(altNames, offset, nextSep), ArrayPrototypePush.call(result, currentToken), currentToken = \"\", offset = nextSep + 2;\n else\n currentToken += StringPrototypeSubstring.call(altNames, offset), offset = altNames.length;\n }\n return ArrayPrototypePush.call(result, currentToken), result;\n}, checkServerIdentity = function(hostname, cert) {\n const { subject, subjectaltname: altNames } = cert, dnsNames = [], ips = [];\n if (hostname = \"\" + hostname, altNames) {\n const splitAltNames = StringPrototypeIncludes.call(altNames, '\"') \? splitEscapedAltNames(altNames) : StringPrototypeSplit.call(altNames, \", \");\n ArrayPrototypeForEach.call(splitAltNames, (name) => {\n if (StringPrototypeStartsWith.call(name, \"DNS:\"))\n ArrayPrototypePush.call(dnsNames, StringPrototypeSlice.call(name, 4));\n else if (StringPrototypeStartsWith.call(name, \"IP Address:\"))\n ArrayPrototypePush.call(ips, canonicalizeIP(StringPrototypeSlice.call(name, 11)));\n });\n }\n let valid = !1, reason = \"Unknown reason\";\n if (hostname = unfqdn(hostname), net.isIP(hostname)) {\n if (valid = ArrayPrototypeIncludes.call(ips, canonicalizeIP(hostname)), !valid)\n reason = `IP: ${hostname} is not in the cert's list: ` + ArrayPrototypeJoin.call(ips, \", \");\n } else if (dnsNames.length > 0 || subject\?.CN) {\n const hostParts = splitHost(hostname), wildcard = (pattern) => check(hostParts, pattern, !0);\n if (dnsNames.length > 0) {\n if (valid = ArrayPrototypeSome.call(dnsNames, wildcard), !valid)\n reason = `Host: ${hostname}. is not in the cert's altnames: ${altNames}`;\n } else {\n const cn = subject.CN;\n if (Array.isArray(cn))\n valid = ArrayPrototypeSome.call(cn, wildcard);\n else if (cn)\n valid = wildcard(cn);\n if (!valid)\n reason = `Host: ${hostname}. is not cert's CN: ${cn}`;\n }\n } else\n reason = \"Cert does not contain a DNS name\";\n if (!valid) {\n let error = new Error(`ERR_TLS_CERT_ALTNAME_INVALID: Hostname/IP does not match certificate's altnames: ${reason}`);\n return error.name = \"ERR_TLS_CERT_ALTNAME_INVALID\", error.reason = reason, error.host = hostname, error.cert = cert, error;\n }\n}, SecureContext = function(options) {\n return new InternalSecureContext(options);\n}, createSecureContext = function(options) {\n return new SecureContext(options);\n}, translatePeerCertificate = function(c) {\n if (!c)\n return null;\n if (c.issuerCertificate != null && c.issuerCertificate !== c)\n c.issuerCertificate = translatePeerCertificate(c.issuerCertificate);\n if (c.infoAccess != null) {\n const info = c.infoAccess;\n c.infoAccess = { __proto__: null }, RegExpPrototypeSymbolReplace.call(/([^\\n:]*):([^\\n]*)(\?:\\n|$)/g, info, (all, key, val) => {\n if (val.charCodeAt(0) === 34)\n val = JSONParse(val);\n if (key in c.infoAccess)\n ArrayPrototypePush.call(c.infoAccess[key], val);\n else\n c.infoAccess[key] = [val];\n });\n }\n return c;\n}, createServer = function(options, connectionListener) {\n return new Server(options, connectionListener);\n}, getCiphers = function() {\n return DEFAULT_CIPHERS.split(\":\");\n}, convertProtocols = function(protocols) {\n const lens = new Array(protocols.length), buff = Buffer.allocUnsafe(ArrayPrototypeReduce.call(protocols, (p, c, i) => {\n const len = Buffer.byteLength(c);\n if (len > 255)\n @throwRangeError(\"The byte length of the protocol at index \" + `${i} exceeds the maximum length.`, \"<= 255\", len, !0);\n return lens[i] = len, p + 1 + len;\n }, 0));\n let offset = 0;\n for (let i = 0, c = protocols.length;i < c; i++)\n buff[offset++] = lens[i], buff.write(protocols[i], offset), offset += lens[i];\n return buff;\n}, convertALPNProtocols = function(protocols, out) {\n if (Array.isArray(protocols))\n out.ALPNProtocols = convertProtocols(protocols);\n else if (isTypedArray(protocols))\n out.ALPNProtocols = Buffer.from(protocols);\n else if (isArrayBufferView(protocols))\n out.ALPNProtocols = Buffer.from(protocols.buffer.slice(protocols.byteOffset, protocols.byteOffset + protocols.byteLength));\n else if (Buffer.isBuffer(protocols))\n out.ALPNProtocols = protocols;\n}, $, { isArrayBufferView, isTypedArray } = @requireNativeModule(\"node:util/types\"), net = @getInternalField(@internalModuleRegistry, 25) || @createInternalModuleById(25), { Server: NetServer, [Symbol.for(\"::bunternal::\")]: InternalTCPSocket } = net, bunSocketInternal = Symbol.for(\"::bunnetsocketinternal::\"), { rootCertificates, canonicalizeIP } = globalThis[globalThis.Symbol.for('Bun.lazy')](\"internal/tls\"), SymbolReplace = Symbol.replace, RegExpPrototypeSymbolReplace = RegExp.prototype[SymbolReplace], RegExpPrototypeExec = RegExp.prototype.exec, StringPrototypeStartsWith = String.prototype.startsWith, StringPrototypeSlice = String.prototype.slice, StringPrototypeIncludes = String.prototype.includes, StringPrototypeSplit = String.prototype.split, StringPrototypeIndexOf = String.prototype.indexOf, StringPrototypeSubstring = String.prototype.substring, StringPrototypeEndsWith = String.prototype.endsWith, StringFromCharCode = String.fromCharCode, StringPrototypeCharCodeAt = String.prototype.charCodeAt, ArrayPrototypeIncludes = Array.prototype.includes, ArrayPrototypeJoin = Array.prototype.join, ArrayPrototypeForEach = Array.prototype.forEach, ArrayPrototypePush = Array.prototype.push, ArrayPrototypeSome = Array.prototype.some, ArrayPrototypeReduce = Array.prototype.reduce, jsonStringPattern = /^\"(\?:[^\"\\\\\\u0000-\\u001f]|\\\\(\?:[\"\\\\/bfnrt]|u[0-9a-fA-F]{4}))*\"/, InternalSecureContext = class SecureContext2 {\n context;\n constructor(options) {\n const context = {};\n if (options) {\n let key = options.key;\n if (key) {\n if (!isValidTLSArray(key))\n @throwTypeError(\"key argument must be an string, Buffer, TypedArray, BunFile or an array containing string, Buffer, TypedArray or BunFile\");\n this.key = key;\n }\n let cert = options.cert;\n if (cert) {\n if (!isValidTLSArray(cert))\n @throwTypeError(\"cert argument must be an string, Buffer, TypedArray, BunFile or an array containing string, Buffer, TypedArray or BunFile\");\n this.cert = cert;\n }\n let ca = options.ca;\n if (ca) {\n if (!isValidTLSArray(ca))\n @throwTypeError(\"ca argument must be an string, Buffer, TypedArray, BunFile or an array containing string, Buffer, TypedArray or BunFile\");\n this.ca = ca;\n }\n let passphrase = options.passphrase;\n if (passphrase && typeof passphrase !== \"string\")\n @throwTypeError(\"passphrase argument must be an string\");\n this.passphrase = passphrase;\n let servername = options.servername;\n if (servername && typeof servername !== \"string\")\n @throwTypeError(\"servername argument must be an string\");\n this.servername = servername;\n let secureOptions = options.secureOptions || 0;\n if (secureOptions && typeof secureOptions !== \"number\")\n @throwTypeError(\"secureOptions argument must be an number\");\n this.secureOptions = secureOptions;\n }\n this.context = context;\n }\n}, buntls = Symbol.for(\"::buntls::\"), SocketClass, TLSSocket = function(InternalTLSSocket) {\n return SocketClass = InternalTLSSocket, Object.defineProperty(SocketClass.prototype, Symbol.toStringTag, {\n value: \"TLSSocket\",\n enumerable: !1\n }), Object.defineProperty(function Socket(options) {\n return new InternalTLSSocket(options);\n }, Symbol.hasInstance, {\n value(instance) {\n return instance instanceof InternalTLSSocket;\n }\n });\n}(class TLSSocket2 extends InternalTCPSocket {\n #secureContext;\n ALPNProtocols;\n #socket;\n #checkServerIdentity;\n #session;\n constructor(socket, options) {\n super(socket instanceof InternalTCPSocket \? options : options || socket);\n if (options = options || socket || {}, typeof options === \"object\") {\n const { ALPNProtocols } = options;\n if (ALPNProtocols)\n convertALPNProtocols(ALPNProtocols, this);\n if (socket instanceof InternalTCPSocket)\n this.#socket = socket;\n }\n this.#secureContext = options.secureContext || createSecureContext(options), this.authorized = !1, this.secureConnecting = !0, this._secureEstablished = !1, this._securePending = !0, this.#checkServerIdentity = options.checkServerIdentity || checkServerIdentity, this.#session = options.session || null;\n }\n _secureEstablished = !1;\n _securePending = !0;\n _newSessionPending;\n _controlReleased;\n secureConnecting = !1;\n _SNICallback;\n servername;\n authorized = !1;\n authorizationError;\n #renegotiationDisabled = !1;\n encrypted = !0;\n _start() {\n this.connect();\n }\n getSession() {\n return this[bunSocketInternal]\?.getSession();\n }\n getEphemeralKeyInfo() {\n return this[bunSocketInternal]\?.getEphemeralKeyInfo();\n }\n getCipher() {\n return this[bunSocketInternal]\?.getCipher();\n }\n getSharedSigalgs() {\n return this[bunSocketInternal]\?.getSharedSigalgs();\n }\n getProtocol() {\n return this[bunSocketInternal]\?.getTLSVersion();\n }\n getFinished() {\n return this[bunSocketInternal]\?.getTLSFinishedMessage() || void 0;\n }\n getPeerFinished() {\n return this[bunSocketInternal]\?.getTLSPeerFinishedMessage() || void 0;\n }\n isSessionReused() {\n return !!this.#session;\n }\n renegotiate() {\n if (this.#renegotiationDisabled) {\n const error = new Error(\"ERR_TLS_RENEGOTIATION_DISABLED: TLS session renegotiation disabled for this socket\");\n throw error.name = \"ERR_TLS_RENEGOTIATION_DISABLED\", error;\n }\n throw Error(\"Not implented in Bun yet\");\n }\n disableRenegotiation() {\n this.#renegotiationDisabled = !0;\n }\n getTLSTicket() {\n return this[bunSocketInternal]\?.getTLSTicket();\n }\n exportKeyingMaterial(length, label, context) {\n if (context)\n return this[bunSocketInternal]\?.exportKeyingMaterial(length, label, context);\n return this[bunSocketInternal]\?.exportKeyingMaterial(length, label);\n }\n setMaxSendFragment(size) {\n return this[bunSocketInternal]\?.setMaxSendFragment(size) || !1;\n }\n enableTrace() {\n }\n setServername(name) {\n if (this.isServer) {\n let error = new Error(\"ERR_TLS_SNI_FROM_SERVER: Cannot issue SNI from a TLS server-side socket\");\n throw error.name = \"ERR_TLS_SNI_FROM_SERVER\", error;\n }\n this.servername = name, this[bunSocketInternal]\?.setServername(name);\n }\n setSession(session) {\n if (this.#session = session, typeof session === \"string\")\n session = Buffer.from(session, \"latin1\");\n return this[bunSocketInternal]\?.setSession(session);\n }\n getPeerCertificate(abbreviated) {\n const cert = arguments.length < 1 \? this[bunSocketInternal]\?.getPeerCertificate() : this[bunSocketInternal]\?.getPeerCertificate(abbreviated);\n if (cert)\n return translatePeerCertificate(cert);\n }\n getCertificate() {\n const cert = this[bunSocketInternal]\?.getCertificate();\n if (cert)\n return translatePeerCertificate(cert);\n }\n getPeerX509Certificate() {\n throw Error(\"Not implented in Bun yet\");\n }\n getX509Certificate() {\n throw Error(\"Not implented in Bun yet\");\n }\n get alpnProtocol() {\n return this[bunSocketInternal]\?.alpnProtocol;\n }\n [buntls](port, host) {\n return {\n socket: this.#socket,\n ALPNProtocols: this.ALPNProtocols,\n serverName: this.servername || host || \"localhost\",\n checkServerIdentity: this.#checkServerIdentity,\n session: this.#session,\n ...this.#secureContext\n };\n }\n});\n\nclass Server extends NetServer {\n key;\n cert;\n ca;\n passphrase;\n secureOptions;\n _rejectUnauthorized;\n _requestCert;\n servername;\n ALPNProtocols;\n constructor(options, secureConnectionListener) {\n super(options, secureConnectionListener);\n this.setSecureContext(options);\n }\n setSecureContext(options) {\n if (options instanceof InternalSecureContext)\n options = options.context;\n if (options) {\n const { ALPNProtocols } = options;\n if (ALPNProtocols)\n convertALPNProtocols(ALPNProtocols, this);\n let key = options.key;\n if (key) {\n if (!isValidTLSArray(key))\n @throwTypeError(\"key argument must be an string, Buffer, TypedArray, BunFile or an array containing string, Buffer, TypedArray or BunFile\");\n this.key = key;\n }\n let cert = options.cert;\n if (cert) {\n if (!isValidTLSArray(cert))\n @throwTypeError(\"cert argument must be an string, Buffer, TypedArray, BunFile or an array containing string, Buffer, TypedArray or BunFile\");\n this.cert = cert;\n }\n let ca = options.ca;\n if (ca) {\n if (!isValidTLSArray(ca))\n @throwTypeError(\"ca argument must be an string, Buffer, TypedArray, BunFile or an array containing string, Buffer, TypedArray or BunFile\");\n this.ca = ca;\n }\n let passphrase = options.passphrase;\n if (passphrase && typeof passphrase !== \"string\")\n @throwTypeError(\"passphrase argument must be an string\");\n this.passphrase = passphrase;\n let servername = options.servername;\n if (servername && typeof servername !== \"string\")\n @throwTypeError(\"servername argument must be an string\");\n this.servername = servername;\n let secureOptions = options.secureOptions || 0;\n if (secureOptions && typeof secureOptions !== \"number\")\n @throwTypeError(\"secureOptions argument must be an number\");\n this.secureOptions = secureOptions;\n const requestCert = options.requestCert || !1;\n if (requestCert)\n this._requestCert = requestCert;\n else\n this._requestCert = void 0;\n const rejectUnauthorized = options.rejectUnauthorized || !1;\n if (rejectUnauthorized)\n this._rejectUnauthorized = rejectUnauthorized;\n else\n this._rejectUnauthorized = void 0;\n }\n }\n getTicketKeys() {\n throw Error(\"Not implented in Bun yet\");\n }\n setTicketKeys() {\n throw Error(\"Not implented in Bun yet\");\n }\n [buntls](port, host, isClient) {\n return [\n {\n serverName: this.servername || host || \"localhost\",\n key: this.key,\n cert: this.cert,\n ca: this.ca,\n passphrase: this.passphrase,\n secureOptions: this.secureOptions,\n rejectUnauthorized: isClient \? !1 : this._rejectUnauthorized,\n requestCert: isClient \? !1 : this._requestCert,\n ALPNProtocols: this.ALPNProtocols\n },\n SocketClass\n ];\n }\n}\nvar CLIENT_RENEG_LIMIT = 3, CLIENT_RENEG_WINDOW = 600, DEFAULT_ECDH_CURVE = \"auto\", DEFAULT_CIPHERS = \"DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256\", DEFAULT_MIN_VERSION = \"TLSv1.2\", DEFAULT_MAX_VERSION = \"TLSv1.3\", createConnection = (port, host, connectListener) => {\n if (typeof port === \"object\") {\n port.checkServerIdentity;\n const { ALPNProtocols } = port;\n if (ALPNProtocols)\n convertALPNProtocols(ALPNProtocols, port);\n return new TLSSocket(port).connect(port, host, connectListener);\n }\n return new TLSSocket().connect(port, host, connectListener);\n}, connect = createConnection;\n$ = {\n CLIENT_RENEG_LIMIT,\n CLIENT_RENEG_WINDOW,\n connect,\n convertALPNProtocols,\n createConnection,\n createSecureContext,\n createServer,\n DEFAULT_CIPHERS,\n DEFAULT_ECDH_CURVE,\n DEFAULT_MAX_VERSION,\n DEFAULT_MIN_VERSION,\n getCiphers,\n parseCertString,\n SecureContext,\n Server,\n TLSSocket,\n checkServerIdentity,\n rootCertificates\n};\nreturn $})\n"_s;
//
//
@@ -415,7 +415,7 @@ static constexpr ASCIILiteral NodeTimersPromisesCode = "(function (){\"use stric
//
//
-static constexpr ASCIILiteral NodeTLSCode = "(function (){\"use strict\";// src/js/out/tmp/node/tls.ts\nvar parseCertString = function() {\n throwNotImplemented(\"Not implemented\");\n}, isValidTLSArray = function(obj) {\n if (typeof obj === \"string\" || isTypedArray(obj) || obj instanceof ArrayBuffer || obj instanceof Blob)\n return !0;\n if (Array.isArray(obj)) {\n for (var i = 0;i < obj.length; i++)\n if (typeof obj !== \"string\" && !isTypedArray(obj) && !(obj instanceof ArrayBuffer) && !(obj instanceof Blob))\n return !1;\n return !0;\n }\n}, unfqdn = function(host2) {\n return RegExpPrototypeSymbolReplace.call(/[.]$/, host2, \"\");\n}, toLowerCase = function(c) {\n return StringFromCharCode.call(32 + StringPrototypeCharCodeAt.call(c, 0));\n}, splitHost = function(host2) {\n return StringPrototypeSplit.call(RegExpPrototypeSymbolReplace.call(/[A-Z]/g, unfqdn(host2), toLowerCase), \".\");\n}, check = function(hostParts, pattern, wildcards) {\n if (!pattern)\n return !1;\n const patternParts = splitHost(pattern);\n if (hostParts.length !== patternParts.length)\n return !1;\n if (ArrayPrototypeIncludes.call(patternParts, \"\"))\n return !1;\n const isBad = (s) => RegExpPrototypeExec.call(/[^\\u0021-\\u007F]/u, s) !== null;\n if (ArrayPrototypeSome.call(patternParts, isBad))\n return !1;\n for (let i = hostParts.length - 1;i > 0; i -= 1)\n if (hostParts[i] !== patternParts[i])\n return !1;\n const hostSubdomain = hostParts[0], patternSubdomain = patternParts[0], patternSubdomainParts = StringPrototypeSplit.call(patternSubdomain, \"*\");\n if (patternSubdomainParts.length === 1 || StringPrototypeIncludes.call(patternSubdomain, \"xn--\"))\n return hostSubdomain === patternSubdomain;\n if (!wildcards)\n return !1;\n if (patternSubdomainParts.length > 2)\n return !1;\n if (patternParts.length <= 2)\n return !1;\n const { 0: prefix, 1: suffix } = patternSubdomainParts;\n if (prefix.length + suffix.length > hostSubdomain.length)\n return !1;\n if (!StringPrototypeStartsWith.call(hostSubdomain, prefix))\n return !1;\n if (!StringPrototypeEndsWith.call(hostSubdomain, suffix))\n return !1;\n return !0;\n}, splitEscapedAltNames = function(altNames) {\n const result = [];\n let currentToken = \"\", offset = 0;\n while (offset !== altNames.length) {\n const nextSep = StringPrototypeIndexOf.call(altNames, \", \", offset), nextQuote = StringPrototypeIndexOf.call(altNames, '\"', offset);\n if (nextQuote !== -1 && (nextSep === -1 || nextQuote < nextSep)) {\n currentToken += StringPrototypeSubstring.call(altNames, offset, nextQuote);\n const match = RegExpPrototypeExec.call(jsonStringPattern, StringPrototypeSubstring.call(altNames, nextQuote));\n if (!match) {\n let error = new SyntaxError(\"ERR_TLS_CERT_ALTNAME_FORMAT: Invalid subject alternative name string\");\n throw error.name = ERR_TLS_CERT_ALTNAME_FORMAT, error;\n }\n currentToken += JSON.parse(match[0]), offset = nextQuote + match[0].length;\n } else if (nextSep !== -1)\n currentToken += StringPrototypeSubstring.call(altNames, offset, nextSep), ArrayPrototypePush.call(result, currentToken), currentToken = \"\", offset = nextSep + 2;\n else\n currentToken += StringPrototypeSubstring.call(altNames, offset), offset = altNames.length;\n }\n return ArrayPrototypePush.call(result, currentToken), result;\n}, checkServerIdentity = function(hostname, cert) {\n const { subject, subjectaltname: altNames } = cert, dnsNames = [], ips = [];\n if (hostname = \"\" + hostname, altNames) {\n const splitAltNames = StringPrototypeIncludes.call(altNames, '\"') \? splitEscapedAltNames(altNames) : StringPrototypeSplit.call(altNames, \", \");\n ArrayPrototypeForEach.call(splitAltNames, (name) => {\n if (StringPrototypeStartsWith.call(name, \"DNS:\"))\n ArrayPrototypePush.call(dnsNames, StringPrototypeSlice.call(name, 4));\n else if (StringPrototypeStartsWith.call(name, \"IP Address:\"))\n ArrayPrototypePush.call(ips, canonicalizeIP(StringPrototypeSlice.call(name, 11)));\n });\n }\n let valid = !1, reason = \"Unknown reason\";\n if (hostname = unfqdn(hostname), net.isIP(hostname)) {\n if (valid = ArrayPrototypeIncludes.call(ips, canonicalizeIP(hostname)), !valid)\n reason = `IP: ${hostname} is not in the cert's list: ` + ArrayPrototypeJoin.call(ips, \", \");\n } else if (dnsNames.length > 0 || subject\?.CN) {\n const hostParts = splitHost(hostname), wildcard = (pattern) => check(hostParts, pattern, !0);\n if (dnsNames.length > 0) {\n if (valid = ArrayPrototypeSome.call(dnsNames, wildcard), !valid)\n reason = `Host: ${hostname}. is not in the cert's altnames: ${altNames}`;\n } else {\n const cn = subject.CN;\n if (Array.isArray(cn))\n valid = ArrayPrototypeSome.call(cn, wildcard);\n else if (cn)\n valid = wildcard(cn);\n if (!valid)\n reason = `Host: ${hostname}. is not cert's CN: ${cn}`;\n }\n } else\n reason = \"Cert does not contain a DNS name\";\n if (!valid) {\n let error = new Error(`ERR_TLS_CERT_ALTNAME_INVALID: Hostname/IP does not match certificate's altnames: ${reason}`);\n return error.name = \"ERR_TLS_CERT_ALTNAME_INVALID\", error.reason = reason, error.host = host, error.cert = cert, error;\n }\n}, SecureContext = function(options) {\n return new InternalSecureContext(options);\n}, createSecureContext = function(options) {\n return new SecureContext(options);\n}, translatePeerCertificate = function(c) {\n if (!c)\n return null;\n if (c.issuerCertificate != null && c.issuerCertificate !== c)\n c.issuerCertificate = translatePeerCertificate(c.issuerCertificate);\n if (c.infoAccess != null) {\n const info = c.infoAccess;\n c.infoAccess = { __proto__: null }, RegExpPrototypeSymbolReplace.call(/([^\\n:]*):([^\\n]*)(\?:\\n|$)/g, info, (all, key, val) => {\n if (val.charCodeAt(0) === 34)\n val = JSONParse(val);\n if (key in c.infoAccess)\n ArrayPrototypePush.call(c.infoAccess[key], val);\n else\n c.infoAccess[key] = [val];\n });\n }\n return c;\n}, createServer = function(options, connectionListener) {\n return new Server(options, connectionListener);\n}, getCiphers = function() {\n return DEFAULT_CIPHERS.split(\":\");\n}, convertProtocols = function(protocols) {\n const lens = new Array(protocols.length), buff = Buffer.allocUnsafe(ArrayPrototypeReduce.call(protocols, (p, c, i) => {\n const len = Buffer.byteLength(c);\n if (len > 255)\n @throwRangeError(\"The byte length of the protocol at index \" + `${i} exceeds the maximum length.`, \"<= 255\", len, !0);\n return lens[i] = len, p + 1 + len;\n }, 0));\n let offset = 0;\n for (let i = 0, c = protocols.length;i < c; i++)\n buff[offset++] = lens[i], buff.write(protocols[i], offset), offset += lens[i];\n return buff;\n}, convertALPNProtocols = function(protocols, out) {\n if (Array.isArray(protocols))\n out.ALPNProtocols = convertProtocols(protocols);\n else if (isTypedArray(protocols))\n out.ALPNProtocols = Buffer.from(protocols);\n else if (isArrayBufferView(protocols))\n out.ALPNProtocols = Buffer.from(protocols.buffer.slice(protocols.byteOffset, protocols.byteOffset + protocols.byteLength));\n else if (Buffer.isBuffer(protocols))\n out.ALPNProtocols = protocols;\n}, $, { isArrayBufferView, isTypedArray } = @requireNativeModule(\"node:util/types\"), net = @getInternalField(@internalModuleRegistry, 25) || @createInternalModuleById(25), { Server: NetServer, [Symbol.for(\"::bunternal::\")]: InternalTCPSocket } = net, bunSocketInternal = Symbol.for(\"::bunnetsocketinternal::\"), { rootCertificates, canonicalizeIP } = globalThis[globalThis.Symbol.for('Bun.lazy')](\"internal/tls\"), SymbolReplace = Symbol.replace, RegExpPrototypeSymbolReplace = RegExp.prototype[SymbolReplace], RegExpPrototypeExec = RegExp.prototype.exec, StringPrototypeStartsWith = String.prototype.startsWith, StringPrototypeSlice = String.prototype.slice, StringPrototypeIncludes = String.prototype.includes, StringPrototypeSplit = String.prototype.split, StringPrototypeIndexOf = String.prototype.indexOf, StringPrototypeSubstring = String.prototype.substring, StringPrototypeEndsWith = String.prototype.endsWith, StringFromCharCode = String.fromCharCode, StringPrototypeCharCodeAt = String.prototype.charCodeAt, ArrayPrototypeIncludes = Array.prototype.includes, ArrayPrototypeJoin = Array.prototype.join, ArrayPrototypeForEach = Array.prototype.forEach, ArrayPrototypePush = Array.prototype.push, ArrayPrototypeSome = Array.prototype.some, ArrayPrototypeReduce = Array.prototype.reduce, jsonStringPattern = /^\"(\?:[^\"\\\\\\u0000-\\u001f]|\\\\(\?:[\"\\\\/bfnrt]|u[0-9a-fA-F]{4}))*\"/, InternalSecureContext = class SecureContext2 {\n context;\n constructor(options) {\n const context = {};\n if (options) {\n let key = options.key;\n if (key) {\n if (!isValidTLSArray(key))\n @throwTypeError(\"key argument must be an string, Buffer, TypedArray, BunFile or an array containing string, Buffer, TypedArray or BunFile\");\n this.key = key;\n }\n let cert = options.cert;\n if (cert) {\n if (!isValidTLSArray(cert))\n @throwTypeError(\"cert argument must be an string, Buffer, TypedArray, BunFile or an array containing string, Buffer, TypedArray or BunFile\");\n this.cert = cert;\n }\n let ca = options.ca;\n if (ca) {\n if (!isValidTLSArray(ca))\n @throwTypeError(\"ca argument must be an string, Buffer, TypedArray, BunFile or an array containing string, Buffer, TypedArray or BunFile\");\n this.ca = ca;\n }\n let passphrase = options.passphrase;\n if (passphrase && typeof passphrase !== \"string\")\n @throwTypeError(\"passphrase argument must be an string\");\n this.passphrase = passphrase;\n let servername = options.servername;\n if (servername && typeof servername !== \"string\")\n @throwTypeError(\"servername argument must be an string\");\n this.servername = servername;\n let secureOptions = options.secureOptions || 0;\n if (secureOptions && typeof secureOptions !== \"number\")\n @throwTypeError(\"secureOptions argument must be an number\");\n this.secureOptions = secureOptions;\n }\n this.context = context;\n }\n}, buntls = Symbol.for(\"::buntls::\"), SocketClass, TLSSocket = function(InternalTLSSocket) {\n return SocketClass = InternalTLSSocket, Object.defineProperty(SocketClass.prototype, Symbol.toStringTag, {\n value: \"TLSSocket\",\n enumerable: !1\n }), Object.defineProperty(function Socket(options) {\n return new InternalTLSSocket(options);\n }, Symbol.hasInstance, {\n value(instance) {\n return instance instanceof InternalTLSSocket;\n }\n });\n}(class TLSSocket2 extends InternalTCPSocket {\n #secureContext;\n ALPNProtocols;\n #socket;\n #checkServerIdentity;\n #session;\n constructor(socket, options) {\n super(socket instanceof InternalTCPSocket \? options : options || socket);\n if (options = options || socket || {}, typeof options === \"object\") {\n const { ALPNProtocols } = options;\n if (ALPNProtocols)\n convertALPNProtocols(ALPNProtocols, this);\n if (socket instanceof InternalTCPSocket)\n this.#socket = socket;\n }\n this.#secureContext = options.secureContext || createSecureContext(options), this.authorized = !1, this.secureConnecting = !0, this._secureEstablished = !1, this._securePending = !0, this.#checkServerIdentity = options.checkServerIdentity || checkServerIdentity, this.#session = options.session || null;\n }\n _secureEstablished = !1;\n _securePending = !0;\n _newSessionPending;\n _controlReleased;\n secureConnecting = !1;\n _SNICallback;\n servername;\n authorized = !1;\n authorizationError;\n #renegotiationDisabled = !1;\n encrypted = !0;\n _start() {\n this.connect();\n }\n getSession() {\n return this[bunSocketInternal]\?.getSession();\n }\n getEphemeralKeyInfo() {\n return this[bunSocketInternal]\?.getEphemeralKeyInfo();\n }\n getCipher() {\n return this[bunSocketInternal]\?.getCipher();\n }\n getSharedSigalgs() {\n return this[bunSocketInternal]\?.getSharedSigalgs();\n }\n getProtocol() {\n return this[bunSocketInternal]\?.getTLSVersion();\n }\n getFinished() {\n return this[bunSocketInternal]\?.getTLSFinishedMessage() || void 0;\n }\n getPeerFinished() {\n return this[bunSocketInternal]\?.getTLSPeerFinishedMessage() || void 0;\n }\n isSessionReused() {\n return !!this.#session;\n }\n renegotiate() {\n if (this.#renegotiationDisabled) {\n const error = new Error(\"ERR_TLS_RENEGOTIATION_DISABLED: TLS session renegotiation disabled for this socket\");\n throw error.name = \"ERR_TLS_RENEGOTIATION_DISABLED\", error;\n }\n throw Error(\"Not implented in Bun yet\");\n }\n disableRenegotiation() {\n this.#renegotiationDisabled = !0;\n }\n getTLSTicket() {\n return this[bunSocketInternal]\?.getTLSTicket();\n }\n exportKeyingMaterial(length, label, context) {\n if (context)\n return this[bunSocketInternal]\?.exportKeyingMaterial(length, label, context);\n return this[bunSocketInternal]\?.exportKeyingMaterial(length, label);\n }\n setMaxSendFragment(size) {\n return this[bunSocketInternal]\?.setMaxSendFragment(size) || !1;\n }\n enableTrace() {\n }\n setServername(name) {\n if (this.isServer) {\n let error = new Error(\"ERR_TLS_SNI_FROM_SERVER: Cannot issue SNI from a TLS server-side socket\");\n throw error.name = \"ERR_TLS_SNI_FROM_SERVER\", error;\n }\n this.servername = name, this[bunSocketInternal]\?.setServername(name);\n }\n setSession(session) {\n if (this.#session = session, typeof session === \"string\")\n session = Buffer.from(session, \"latin1\");\n return this[bunSocketInternal]\?.setSession(session);\n }\n getPeerCertificate(abbreviated) {\n const cert = arguments.length < 1 \? this[bunSocketInternal]\?.getPeerCertificate() : this[bunSocketInternal]\?.getPeerCertificate(abbreviated);\n if (cert)\n return translatePeerCertificate(cert);\n }\n getCertificate() {\n const cert = this[bunSocketInternal]\?.getCertificate();\n if (cert)\n return translatePeerCertificate(cert);\n }\n getPeerX509Certificate() {\n throw Error(\"Not implented in Bun yet\");\n }\n getX509Certificate() {\n throw Error(\"Not implented in Bun yet\");\n }\n get alpnProtocol() {\n return this[bunSocketInternal]\?.alpnProtocol;\n }\n [buntls](port, host2) {\n return {\n socket: this.#socket,\n ALPNProtocols: this.ALPNProtocols,\n serverName: this.servername || host2 || \"localhost\",\n checkServerIdentity: this.#checkServerIdentity,\n session: this.#session,\n ...this.#secureContext\n };\n }\n});\n\nclass Server extends NetServer {\n key;\n cert;\n ca;\n passphrase;\n secureOptions;\n _rejectUnauthorized;\n _requestCert;\n servername;\n ALPNProtocols;\n constructor(options, secureConnectionListener) {\n super(options, secureConnectionListener);\n this.setSecureContext(options);\n }\n setSecureContext(options) {\n if (options instanceof InternalSecureContext)\n options = options.context;\n if (options) {\n const { ALPNProtocols } = options;\n if (ALPNProtocols)\n convertALPNProtocols(ALPNProtocols, this);\n let key = options.key;\n if (key) {\n if (!isValidTLSArray(key))\n @throwTypeError(\"key argument must be an string, Buffer, TypedArray, BunFile or an array containing string, Buffer, TypedArray or BunFile\");\n this.key = key;\n }\n let cert = options.cert;\n if (cert) {\n if (!isValidTLSArray(cert))\n @throwTypeError(\"cert argument must be an string, Buffer, TypedArray, BunFile or an array containing string, Buffer, TypedArray or BunFile\");\n this.cert = cert;\n }\n let ca = options.ca;\n if (ca) {\n if (!isValidTLSArray(ca))\n @throwTypeError(\"ca argument must be an string, Buffer, TypedArray, BunFile or an array containing string, Buffer, TypedArray or BunFile\");\n this.ca = ca;\n }\n let passphrase = options.passphrase;\n if (passphrase && typeof passphrase !== \"string\")\n @throwTypeError(\"passphrase argument must be an string\");\n this.passphrase = passphrase;\n let servername = options.servername;\n if (servername && typeof servername !== \"string\")\n @throwTypeError(\"servername argument must be an string\");\n this.servername = servername;\n let secureOptions = options.secureOptions || 0;\n if (secureOptions && typeof secureOptions !== \"number\")\n @throwTypeError(\"secureOptions argument must be an number\");\n this.secureOptions = secureOptions;\n const requestCert = options.requestCert || !1;\n if (requestCert)\n this._requestCert = requestCert;\n else\n this._requestCert = void 0;\n const rejectUnauthorized = options.rejectUnauthorized || !1;\n if (rejectUnauthorized)\n this._rejectUnauthorized = rejectUnauthorized;\n else\n this._rejectUnauthorized = void 0;\n }\n }\n getTicketKeys() {\n throw Error(\"Not implented in Bun yet\");\n }\n setTicketKeys() {\n throw Error(\"Not implented in Bun yet\");\n }\n [buntls](port, host2, isClient) {\n return [\n {\n serverName: this.servername || host2 || \"localhost\",\n key: this.key,\n cert: this.cert,\n ca: this.ca,\n passphrase: this.passphrase,\n secureOptions: this.secureOptions,\n rejectUnauthorized: isClient \? !1 : this._rejectUnauthorized,\n requestCert: isClient \? !1 : this._requestCert,\n ALPNProtocols: this.ALPNProtocols\n },\n SocketClass\n ];\n }\n}\nvar CLIENT_RENEG_LIMIT = 3, CLIENT_RENEG_WINDOW = 600, DEFAULT_ECDH_CURVE = \"auto\", DEFAULT_CIPHERS = \"DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256\", DEFAULT_MIN_VERSION = \"TLSv1.2\", DEFAULT_MAX_VERSION = \"TLSv1.3\", createConnection = (port, host2, connectListener) => {\n if (typeof port === \"object\") {\n port.checkServerIdentity;\n const { ALPNProtocols } = port;\n if (ALPNProtocols)\n convertALPNProtocols(ALPNProtocols, port);\n return new TLSSocket(port).connect(port, host2, connectListener);\n }\n return new TLSSocket().connect(port, host2, connectListener);\n}, connect = createConnection;\n$ = {\n CLIENT_RENEG_LIMIT,\n CLIENT_RENEG_WINDOW,\n connect,\n convertALPNProtocols,\n createConnection,\n createSecureContext,\n createServer,\n DEFAULT_CIPHERS,\n DEFAULT_ECDH_CURVE,\n DEFAULT_MAX_VERSION,\n DEFAULT_MIN_VERSION,\n getCiphers,\n parseCertString,\n SecureContext,\n Server,\n TLSSocket,\n checkServerIdentity,\n rootCertificates\n};\nreturn $})\n"_s;
+static constexpr ASCIILiteral NodeTLSCode = "(function (){\"use strict\";// src/js/out/tmp/node/tls.ts\nvar parseCertString = function() {\n throwNotImplemented(\"Not implemented\");\n}, isValidTLSArray = function(obj) {\n if (typeof obj === \"string\" || isTypedArray(obj) || obj instanceof ArrayBuffer || obj instanceof Blob)\n return !0;\n if (Array.isArray(obj)) {\n for (var i = 0;i < obj.length; i++)\n if (typeof obj !== \"string\" && !isTypedArray(obj) && !(obj instanceof ArrayBuffer) && !(obj instanceof Blob))\n return !1;\n return !0;\n }\n}, unfqdn = function(host) {\n return RegExpPrototypeSymbolReplace.call(/[.]$/, host, \"\");\n}, toLowerCase = function(c) {\n return StringFromCharCode.call(32 + StringPrototypeCharCodeAt.call(c, 0));\n}, splitHost = function(host) {\n return StringPrototypeSplit.call(RegExpPrototypeSymbolReplace.call(/[A-Z]/g, unfqdn(host), toLowerCase), \".\");\n}, check = function(hostParts, pattern, wildcards) {\n if (!pattern)\n return !1;\n const patternParts = splitHost(pattern);\n if (hostParts.length !== patternParts.length)\n return !1;\n if (ArrayPrototypeIncludes.call(patternParts, \"\"))\n return !1;\n const isBad = (s) => RegExpPrototypeExec.call(/[^\\u0021-\\u007F]/u, s) !== null;\n if (ArrayPrototypeSome.call(patternParts, isBad))\n return !1;\n for (let i = hostParts.length - 1;i > 0; i -= 1)\n if (hostParts[i] !== patternParts[i])\n return !1;\n const hostSubdomain = hostParts[0], patternSubdomain = patternParts[0], patternSubdomainParts = StringPrototypeSplit.call(patternSubdomain, \"*\");\n if (patternSubdomainParts.length === 1 || StringPrototypeIncludes.call(patternSubdomain, \"xn--\"))\n return hostSubdomain === patternSubdomain;\n if (!wildcards)\n return !1;\n if (patternSubdomainParts.length > 2)\n return !1;\n if (patternParts.length <= 2)\n return !1;\n const { 0: prefix, 1: suffix } = patternSubdomainParts;\n if (prefix.length + suffix.length > hostSubdomain.length)\n return !1;\n if (!StringPrototypeStartsWith.call(hostSubdomain, prefix))\n return !1;\n if (!StringPrototypeEndsWith.call(hostSubdomain, suffix))\n return !1;\n return !0;\n}, splitEscapedAltNames = function(altNames) {\n const result = [];\n let currentToken = \"\", offset = 0;\n while (offset !== altNames.length) {\n const nextSep = StringPrototypeIndexOf.call(altNames, \", \", offset), nextQuote = StringPrototypeIndexOf.call(altNames, '\"', offset);\n if (nextQuote !== -1 && (nextSep === -1 || nextQuote < nextSep)) {\n currentToken += StringPrototypeSubstring.call(altNames, offset, nextQuote);\n const match = RegExpPrototypeExec.call(jsonStringPattern, StringPrototypeSubstring.call(altNames, nextQuote));\n if (!match) {\n let error = new SyntaxError(\"ERR_TLS_CERT_ALTNAME_FORMAT: Invalid subject alternative name string\");\n throw error.name = ERR_TLS_CERT_ALTNAME_FORMAT, error;\n }\n currentToken += JSON.parse(match[0]), offset = nextQuote + match[0].length;\n } else if (nextSep !== -1)\n currentToken += StringPrototypeSubstring.call(altNames, offset, nextSep), ArrayPrototypePush.call(result, currentToken), currentToken = \"\", offset = nextSep + 2;\n else\n currentToken += StringPrototypeSubstring.call(altNames, offset), offset = altNames.length;\n }\n return ArrayPrototypePush.call(result, currentToken), result;\n}, checkServerIdentity = function(hostname, cert) {\n const { subject, subjectaltname: altNames } = cert, dnsNames = [], ips = [];\n if (hostname = \"\" + hostname, altNames) {\n const splitAltNames = StringPrototypeIncludes.call(altNames, '\"') \? splitEscapedAltNames(altNames) : StringPrototypeSplit.call(altNames, \", \");\n ArrayPrototypeForEach.call(splitAltNames, (name) => {\n if (StringPrototypeStartsWith.call(name, \"DNS:\"))\n ArrayPrototypePush.call(dnsNames, StringPrototypeSlice.call(name, 4));\n else if (StringPrototypeStartsWith.call(name, \"IP Address:\"))\n ArrayPrototypePush.call(ips, canonicalizeIP(StringPrototypeSlice.call(name, 11)));\n });\n }\n let valid = !1, reason = \"Unknown reason\";\n if (hostname = unfqdn(hostname), net.isIP(hostname)) {\n if (valid = ArrayPrototypeIncludes.call(ips, canonicalizeIP(hostname)), !valid)\n reason = `IP: ${hostname} is not in the cert's list: ` + ArrayPrototypeJoin.call(ips, \", \");\n } else if (dnsNames.length > 0 || subject\?.CN) {\n const hostParts = splitHost(hostname), wildcard = (pattern) => check(hostParts, pattern, !0);\n if (dnsNames.length > 0) {\n if (valid = ArrayPrototypeSome.call(dnsNames, wildcard), !valid)\n reason = `Host: ${hostname}. is not in the cert's altnames: ${altNames}`;\n } else {\n const cn = subject.CN;\n if (Array.isArray(cn))\n valid = ArrayPrototypeSome.call(cn, wildcard);\n else if (cn)\n valid = wildcard(cn);\n if (!valid)\n reason = `Host: ${hostname}. is not cert's CN: ${cn}`;\n }\n } else\n reason = \"Cert does not contain a DNS name\";\n if (!valid) {\n let error = new Error(`ERR_TLS_CERT_ALTNAME_INVALID: Hostname/IP does not match certificate's altnames: ${reason}`);\n return error.name = \"ERR_TLS_CERT_ALTNAME_INVALID\", error.reason = reason, error.host = hostname, error.cert = cert, error;\n }\n}, SecureContext = function(options) {\n return new InternalSecureContext(options);\n}, createSecureContext = function(options) {\n return new SecureContext(options);\n}, translatePeerCertificate = function(c) {\n if (!c)\n return null;\n if (c.issuerCertificate != null && c.issuerCertificate !== c)\n c.issuerCertificate = translatePeerCertificate(c.issuerCertificate);\n if (c.infoAccess != null) {\n const info = c.infoAccess;\n c.infoAccess = { __proto__: null }, RegExpPrototypeSymbolReplace.call(/([^\\n:]*):([^\\n]*)(\?:\\n|$)/g, info, (all, key, val) => {\n if (val.charCodeAt(0) === 34)\n val = JSONParse(val);\n if (key in c.infoAccess)\n ArrayPrototypePush.call(c.infoAccess[key], val);\n else\n c.infoAccess[key] = [val];\n });\n }\n return c;\n}, createServer = function(options, connectionListener) {\n return new Server(options, connectionListener);\n}, getCiphers = function() {\n return DEFAULT_CIPHERS.split(\":\");\n}, convertProtocols = function(protocols) {\n const lens = new Array(protocols.length), buff = Buffer.allocUnsafe(ArrayPrototypeReduce.call(protocols, (p, c, i) => {\n const len = Buffer.byteLength(c);\n if (len > 255)\n @throwRangeError(\"The byte length of the protocol at index \" + `${i} exceeds the maximum length.`, \"<= 255\", len, !0);\n return lens[i] = len, p + 1 + len;\n }, 0));\n let offset = 0;\n for (let i = 0, c = protocols.length;i < c; i++)\n buff[offset++] = lens[i], buff.write(protocols[i], offset), offset += lens[i];\n return buff;\n}, convertALPNProtocols = function(protocols, out) {\n if (Array.isArray(protocols))\n out.ALPNProtocols = convertProtocols(protocols);\n else if (isTypedArray(protocols))\n out.ALPNProtocols = Buffer.from(protocols);\n else if (isArrayBufferView(protocols))\n out.ALPNProtocols = Buffer.from(protocols.buffer.slice(protocols.byteOffset, protocols.byteOffset + protocols.byteLength));\n else if (Buffer.isBuffer(protocols))\n out.ALPNProtocols = protocols;\n}, $, { isArrayBufferView, isTypedArray } = @requireNativeModule(\"node:util/types\"), net = @getInternalField(@internalModuleRegistry, 25) || @createInternalModuleById(25), { Server: NetServer, [Symbol.for(\"::bunternal::\")]: InternalTCPSocket } = net, bunSocketInternal = Symbol.for(\"::bunnetsocketinternal::\"), { rootCertificates, canonicalizeIP } = globalThis[globalThis.Symbol.for('Bun.lazy')](\"internal/tls\"), SymbolReplace = Symbol.replace, RegExpPrototypeSymbolReplace = RegExp.prototype[SymbolReplace], RegExpPrototypeExec = RegExp.prototype.exec, StringPrototypeStartsWith = String.prototype.startsWith, StringPrototypeSlice = String.prototype.slice, StringPrototypeIncludes = String.prototype.includes, StringPrototypeSplit = String.prototype.split, StringPrototypeIndexOf = String.prototype.indexOf, StringPrototypeSubstring = String.prototype.substring, StringPrototypeEndsWith = String.prototype.endsWith, StringFromCharCode = String.fromCharCode, StringPrototypeCharCodeAt = String.prototype.charCodeAt, ArrayPrototypeIncludes = Array.prototype.includes, ArrayPrototypeJoin = Array.prototype.join, ArrayPrototypeForEach = Array.prototype.forEach, ArrayPrototypePush = Array.prototype.push, ArrayPrototypeSome = Array.prototype.some, ArrayPrototypeReduce = Array.prototype.reduce, jsonStringPattern = /^\"(\?:[^\"\\\\\\u0000-\\u001f]|\\\\(\?:[\"\\\\/bfnrt]|u[0-9a-fA-F]{4}))*\"/, InternalSecureContext = class SecureContext2 {\n context;\n constructor(options) {\n const context = {};\n if (options) {\n let key = options.key;\n if (key) {\n if (!isValidTLSArray(key))\n @throwTypeError(\"key argument must be an string, Buffer, TypedArray, BunFile or an array containing string, Buffer, TypedArray or BunFile\");\n this.key = key;\n }\n let cert = options.cert;\n if (cert) {\n if (!isValidTLSArray(cert))\n @throwTypeError(\"cert argument must be an string, Buffer, TypedArray, BunFile or an array containing string, Buffer, TypedArray or BunFile\");\n this.cert = cert;\n }\n let ca = options.ca;\n if (ca) {\n if (!isValidTLSArray(ca))\n @throwTypeError(\"ca argument must be an string, Buffer, TypedArray, BunFile or an array containing string, Buffer, TypedArray or BunFile\");\n this.ca = ca;\n }\n let passphrase = options.passphrase;\n if (passphrase && typeof passphrase !== \"string\")\n @throwTypeError(\"passphrase argument must be an string\");\n this.passphrase = passphrase;\n let servername = options.servername;\n if (servername && typeof servername !== \"string\")\n @throwTypeError(\"servername argument must be an string\");\n this.servername = servername;\n let secureOptions = options.secureOptions || 0;\n if (secureOptions && typeof secureOptions !== \"number\")\n @throwTypeError(\"secureOptions argument must be an number\");\n this.secureOptions = secureOptions;\n }\n this.context = context;\n }\n}, buntls = Symbol.for(\"::buntls::\"), SocketClass, TLSSocket = function(InternalTLSSocket) {\n return SocketClass = InternalTLSSocket, Object.defineProperty(SocketClass.prototype, Symbol.toStringTag, {\n value: \"TLSSocket\",\n enumerable: !1\n }), Object.defineProperty(function Socket(options) {\n return new InternalTLSSocket(options);\n }, Symbol.hasInstance, {\n value(instance) {\n return instance instanceof InternalTLSSocket;\n }\n });\n}(class TLSSocket2 extends InternalTCPSocket {\n #secureContext;\n ALPNProtocols;\n #socket;\n #checkServerIdentity;\n #session;\n constructor(socket, options) {\n super(socket instanceof InternalTCPSocket \? options : options || socket);\n if (options = options || socket || {}, typeof options === \"object\") {\n const { ALPNProtocols } = options;\n if (ALPNProtocols)\n convertALPNProtocols(ALPNProtocols, this);\n if (socket instanceof InternalTCPSocket)\n this.#socket = socket;\n }\n this.#secureContext = options.secureContext || createSecureContext(options), this.authorized = !1, this.secureConnecting = !0, this._secureEstablished = !1, this._securePending = !0, this.#checkServerIdentity = options.checkServerIdentity || checkServerIdentity, this.#session = options.session || null;\n }\n _secureEstablished = !1;\n _securePending = !0;\n _newSessionPending;\n _controlReleased;\n secureConnecting = !1;\n _SNICallback;\n servername;\n authorized = !1;\n authorizationError;\n #renegotiationDisabled = !1;\n encrypted = !0;\n _start() {\n this.connect();\n }\n getSession() {\n return this[bunSocketInternal]\?.getSession();\n }\n getEphemeralKeyInfo() {\n return this[bunSocketInternal]\?.getEphemeralKeyInfo();\n }\n getCipher() {\n return this[bunSocketInternal]\?.getCipher();\n }\n getSharedSigalgs() {\n return this[bunSocketInternal]\?.getSharedSigalgs();\n }\n getProtocol() {\n return this[bunSocketInternal]\?.getTLSVersion();\n }\n getFinished() {\n return this[bunSocketInternal]\?.getTLSFinishedMessage() || void 0;\n }\n getPeerFinished() {\n return this[bunSocketInternal]\?.getTLSPeerFinishedMessage() || void 0;\n }\n isSessionReused() {\n return !!this.#session;\n }\n renegotiate() {\n if (this.#renegotiationDisabled) {\n const error = new Error(\"ERR_TLS_RENEGOTIATION_DISABLED: TLS session renegotiation disabled for this socket\");\n throw error.name = \"ERR_TLS_RENEGOTIATION_DISABLED\", error;\n }\n throw Error(\"Not implented in Bun yet\");\n }\n disableRenegotiation() {\n this.#renegotiationDisabled = !0;\n }\n getTLSTicket() {\n return this[bunSocketInternal]\?.getTLSTicket();\n }\n exportKeyingMaterial(length, label, context) {\n if (context)\n return this[bunSocketInternal]\?.exportKeyingMaterial(length, label, context);\n return this[bunSocketInternal]\?.exportKeyingMaterial(length, label);\n }\n setMaxSendFragment(size) {\n return this[bunSocketInternal]\?.setMaxSendFragment(size) || !1;\n }\n enableTrace() {\n }\n setServername(name) {\n if (this.isServer) {\n let error = new Error(\"ERR_TLS_SNI_FROM_SERVER: Cannot issue SNI from a TLS server-side socket\");\n throw error.name = \"ERR_TLS_SNI_FROM_SERVER\", error;\n }\n this.servername = name, this[bunSocketInternal]\?.setServername(name);\n }\n setSession(session) {\n if (this.#session = session, typeof session === \"string\")\n session = Buffer.from(session, \"latin1\");\n return this[bunSocketInternal]\?.setSession(session);\n }\n getPeerCertificate(abbreviated) {\n const cert = arguments.length < 1 \? this[bunSocketInternal]\?.getPeerCertificate() : this[bunSocketInternal]\?.getPeerCertificate(abbreviated);\n if (cert)\n return translatePeerCertificate(cert);\n }\n getCertificate() {\n const cert = this[bunSocketInternal]\?.getCertificate();\n if (cert)\n return translatePeerCertificate(cert);\n }\n getPeerX509Certificate() {\n throw Error(\"Not implented in Bun yet\");\n }\n getX509Certificate() {\n throw Error(\"Not implented in Bun yet\");\n }\n get alpnProtocol() {\n return this[bunSocketInternal]\?.alpnProtocol;\n }\n [buntls](port, host) {\n return {\n socket: this.#socket,\n ALPNProtocols: this.ALPNProtocols,\n serverName: this.servername || host || \"localhost\",\n checkServerIdentity: this.#checkServerIdentity,\n session: this.#session,\n ...this.#secureContext\n };\n }\n});\n\nclass Server extends NetServer {\n key;\n cert;\n ca;\n passphrase;\n secureOptions;\n _rejectUnauthorized;\n _requestCert;\n servername;\n ALPNProtocols;\n constructor(options, secureConnectionListener) {\n super(options, secureConnectionListener);\n this.setSecureContext(options);\n }\n setSecureContext(options) {\n if (options instanceof InternalSecureContext)\n options = options.context;\n if (options) {\n const { ALPNProtocols } = options;\n if (ALPNProtocols)\n convertALPNProtocols(ALPNProtocols, this);\n let key = options.key;\n if (key) {\n if (!isValidTLSArray(key))\n @throwTypeError(\"key argument must be an string, Buffer, TypedArray, BunFile or an array containing string, Buffer, TypedArray or BunFile\");\n this.key = key;\n }\n let cert = options.cert;\n if (cert) {\n if (!isValidTLSArray(cert))\n @throwTypeError(\"cert argument must be an string, Buffer, TypedArray, BunFile or an array containing string, Buffer, TypedArray or BunFile\");\n this.cert = cert;\n }\n let ca = options.ca;\n if (ca) {\n if (!isValidTLSArray(ca))\n @throwTypeError(\"ca argument must be an string, Buffer, TypedArray, BunFile or an array containing string, Buffer, TypedArray or BunFile\");\n this.ca = ca;\n }\n let passphrase = options.passphrase;\n if (passphrase && typeof passphrase !== \"string\")\n @throwTypeError(\"passphrase argument must be an string\");\n this.passphrase = passphrase;\n let servername = options.servername;\n if (servername && typeof servername !== \"string\")\n @throwTypeError(\"servername argument must be an string\");\n this.servername = servername;\n let secureOptions = options.secureOptions || 0;\n if (secureOptions && typeof secureOptions !== \"number\")\n @throwTypeError(\"secureOptions argument must be an number\");\n this.secureOptions = secureOptions;\n const requestCert = options.requestCert || !1;\n if (requestCert)\n this._requestCert = requestCert;\n else\n this._requestCert = void 0;\n const rejectUnauthorized = options.rejectUnauthorized || !1;\n if (rejectUnauthorized)\n this._rejectUnauthorized = rejectUnauthorized;\n else\n this._rejectUnauthorized = void 0;\n }\n }\n getTicketKeys() {\n throw Error(\"Not implented in Bun yet\");\n }\n setTicketKeys() {\n throw Error(\"Not implented in Bun yet\");\n }\n [buntls](port, host, isClient) {\n return [\n {\n serverName: this.servername || host || \"localhost\",\n key: this.key,\n cert: this.cert,\n ca: this.ca,\n passphrase: this.passphrase,\n secureOptions: this.secureOptions,\n rejectUnauthorized: isClient \? !1 : this._rejectUnauthorized,\n requestCert: isClient \? !1 : this._requestCert,\n ALPNProtocols: this.ALPNProtocols\n },\n SocketClass\n ];\n }\n}\nvar CLIENT_RENEG_LIMIT = 3, CLIENT_RENEG_WINDOW = 600, DEFAULT_ECDH_CURVE = \"auto\", DEFAULT_CIPHERS = \"DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256\", DEFAULT_MIN_VERSION = \"TLSv1.2\", DEFAULT_MAX_VERSION = \"TLSv1.3\", createConnection = (port, host, connectListener) => {\n if (typeof port === \"object\") {\n port.checkServerIdentity;\n const { ALPNProtocols } = port;\n if (ALPNProtocols)\n convertALPNProtocols(ALPNProtocols, port);\n return new TLSSocket(port).connect(port, host, connectListener);\n }\n return new TLSSocket().connect(port, host, connectListener);\n}, connect = createConnection;\n$ = {\n CLIENT_RENEG_LIMIT,\n CLIENT_RENEG_WINDOW,\n connect,\n convertALPNProtocols,\n createConnection,\n createSecureContext,\n createServer,\n DEFAULT_CIPHERS,\n DEFAULT_ECDH_CURVE,\n DEFAULT_MAX_VERSION,\n DEFAULT_MIN_VERSION,\n getCiphers,\n parseCertString,\n SecureContext,\n Server,\n TLSSocket,\n checkServerIdentity,\n rootCertificates\n};\nreturn $})\n"_s;
//
//
@@ -657,7 +657,7 @@ static constexpr ASCIILiteral NodeTimersPromisesCode = "(function (){\"use stric
//
//
-static constexpr ASCIILiteral NodeTLSCode = "(function (){\"use strict\";// src/js/out/tmp/node/tls.ts\nvar parseCertString = function() {\n throwNotImplemented(\"Not implemented\");\n}, isValidTLSArray = function(obj) {\n if (typeof obj === \"string\" || isTypedArray(obj) || obj instanceof ArrayBuffer || obj instanceof Blob)\n return !0;\n if (Array.isArray(obj)) {\n for (var i = 0;i < obj.length; i++)\n if (typeof obj !== \"string\" && !isTypedArray(obj) && !(obj instanceof ArrayBuffer) && !(obj instanceof Blob))\n return !1;\n return !0;\n }\n}, unfqdn = function(host2) {\n return RegExpPrototypeSymbolReplace.call(/[.]$/, host2, \"\");\n}, toLowerCase = function(c) {\n return StringFromCharCode.call(32 + StringPrototypeCharCodeAt.call(c, 0));\n}, splitHost = function(host2) {\n return StringPrototypeSplit.call(RegExpPrototypeSymbolReplace.call(/[A-Z]/g, unfqdn(host2), toLowerCase), \".\");\n}, check = function(hostParts, pattern, wildcards) {\n if (!pattern)\n return !1;\n const patternParts = splitHost(pattern);\n if (hostParts.length !== patternParts.length)\n return !1;\n if (ArrayPrototypeIncludes.call(patternParts, \"\"))\n return !1;\n const isBad = (s) => RegExpPrototypeExec.call(/[^\\u0021-\\u007F]/u, s) !== null;\n if (ArrayPrototypeSome.call(patternParts, isBad))\n return !1;\n for (let i = hostParts.length - 1;i > 0; i -= 1)\n if (hostParts[i] !== patternParts[i])\n return !1;\n const hostSubdomain = hostParts[0], patternSubdomain = patternParts[0], patternSubdomainParts = StringPrototypeSplit.call(patternSubdomain, \"*\");\n if (patternSubdomainParts.length === 1 || StringPrototypeIncludes.call(patternSubdomain, \"xn--\"))\n return hostSubdomain === patternSubdomain;\n if (!wildcards)\n return !1;\n if (patternSubdomainParts.length > 2)\n return !1;\n if (patternParts.length <= 2)\n return !1;\n const { 0: prefix, 1: suffix } = patternSubdomainParts;\n if (prefix.length + suffix.length > hostSubdomain.length)\n return !1;\n if (!StringPrototypeStartsWith.call(hostSubdomain, prefix))\n return !1;\n if (!StringPrototypeEndsWith.call(hostSubdomain, suffix))\n return !1;\n return !0;\n}, splitEscapedAltNames = function(altNames) {\n const result = [];\n let currentToken = \"\", offset = 0;\n while (offset !== altNames.length) {\n const nextSep = StringPrototypeIndexOf.call(altNames, \", \", offset), nextQuote = StringPrototypeIndexOf.call(altNames, '\"', offset);\n if (nextQuote !== -1 && (nextSep === -1 || nextQuote < nextSep)) {\n currentToken += StringPrototypeSubstring.call(altNames, offset, nextQuote);\n const match = RegExpPrototypeExec.call(jsonStringPattern, StringPrototypeSubstring.call(altNames, nextQuote));\n if (!match) {\n let error = new SyntaxError(\"ERR_TLS_CERT_ALTNAME_FORMAT: Invalid subject alternative name string\");\n throw error.name = ERR_TLS_CERT_ALTNAME_FORMAT, error;\n }\n currentToken += JSON.parse(match[0]), offset = nextQuote + match[0].length;\n } else if (nextSep !== -1)\n currentToken += StringPrototypeSubstring.call(altNames, offset, nextSep), ArrayPrototypePush.call(result, currentToken), currentToken = \"\", offset = nextSep + 2;\n else\n currentToken += StringPrototypeSubstring.call(altNames, offset), offset = altNames.length;\n }\n return ArrayPrototypePush.call(result, currentToken), result;\n}, checkServerIdentity = function(hostname, cert) {\n const { subject, subjectaltname: altNames } = cert, dnsNames = [], ips = [];\n if (hostname = \"\" + hostname, altNames) {\n const splitAltNames = StringPrototypeIncludes.call(altNames, '\"') \? splitEscapedAltNames(altNames) : StringPrototypeSplit.call(altNames, \", \");\n ArrayPrototypeForEach.call(splitAltNames, (name) => {\n if (StringPrototypeStartsWith.call(name, \"DNS:\"))\n ArrayPrototypePush.call(dnsNames, StringPrototypeSlice.call(name, 4));\n else if (StringPrototypeStartsWith.call(name, \"IP Address:\"))\n ArrayPrototypePush.call(ips, canonicalizeIP(StringPrototypeSlice.call(name, 11)));\n });\n }\n let valid = !1, reason = \"Unknown reason\";\n if (hostname = unfqdn(hostname), net.isIP(hostname)) {\n if (valid = ArrayPrototypeIncludes.call(ips, canonicalizeIP(hostname)), !valid)\n reason = `IP: ${hostname} is not in the cert's list: ` + ArrayPrototypeJoin.call(ips, \", \");\n } else if (dnsNames.length > 0 || subject\?.CN) {\n const hostParts = splitHost(hostname), wildcard = (pattern) => check(hostParts, pattern, !0);\n if (dnsNames.length > 0) {\n if (valid = ArrayPrototypeSome.call(dnsNames, wildcard), !valid)\n reason = `Host: ${hostname}. is not in the cert's altnames: ${altNames}`;\n } else {\n const cn = subject.CN;\n if (Array.isArray(cn))\n valid = ArrayPrototypeSome.call(cn, wildcard);\n else if (cn)\n valid = wildcard(cn);\n if (!valid)\n reason = `Host: ${hostname}. is not cert's CN: ${cn}`;\n }\n } else\n reason = \"Cert does not contain a DNS name\";\n if (!valid) {\n let error = new Error(`ERR_TLS_CERT_ALTNAME_INVALID: Hostname/IP does not match certificate's altnames: ${reason}`);\n return error.name = \"ERR_TLS_CERT_ALTNAME_INVALID\", error.reason = reason, error.host = host, error.cert = cert, error;\n }\n}, SecureContext = function(options) {\n return new InternalSecureContext(options);\n}, createSecureContext = function(options) {\n return new SecureContext(options);\n}, translatePeerCertificate = function(c) {\n if (!c)\n return null;\n if (c.issuerCertificate != null && c.issuerCertificate !== c)\n c.issuerCertificate = translatePeerCertificate(c.issuerCertificate);\n if (c.infoAccess != null) {\n const info = c.infoAccess;\n c.infoAccess = { __proto__: null }, RegExpPrototypeSymbolReplace.call(/([^\\n:]*):([^\\n]*)(\?:\\n|$)/g, info, (all, key, val) => {\n if (val.charCodeAt(0) === 34)\n val = JSONParse(val);\n if (key in c.infoAccess)\n ArrayPrototypePush.call(c.infoAccess[key], val);\n else\n c.infoAccess[key] = [val];\n });\n }\n return c;\n}, createServer = function(options, connectionListener) {\n return new Server(options, connectionListener);\n}, getCiphers = function() {\n return DEFAULT_CIPHERS.split(\":\");\n}, convertProtocols = function(protocols) {\n const lens = new Array(protocols.length), buff = Buffer.allocUnsafe(ArrayPrototypeReduce.call(protocols, (p, c, i) => {\n const len = Buffer.byteLength(c);\n if (len > 255)\n @throwRangeError(\"The byte length of the protocol at index \" + `${i} exceeds the maximum length.`, \"<= 255\", len, !0);\n return lens[i] = len, p + 1 + len;\n }, 0));\n let offset = 0;\n for (let i = 0, c = protocols.length;i < c; i++)\n buff[offset++] = lens[i], buff.write(protocols[i], offset), offset += lens[i];\n return buff;\n}, convertALPNProtocols = function(protocols, out) {\n if (Array.isArray(protocols))\n out.ALPNProtocols = convertProtocols(protocols);\n else if (isTypedArray(protocols))\n out.ALPNProtocols = Buffer.from(protocols);\n else if (isArrayBufferView(protocols))\n out.ALPNProtocols = Buffer.from(protocols.buffer.slice(protocols.byteOffset, protocols.byteOffset + protocols.byteLength));\n else if (Buffer.isBuffer(protocols))\n out.ALPNProtocols = protocols;\n}, $, { isArrayBufferView, isTypedArray } = @requireNativeModule(\"node:util/types\"), net = @getInternalField(@internalModuleRegistry, 25) || @createInternalModuleById(25), { Server: NetServer, [Symbol.for(\"::bunternal::\")]: InternalTCPSocket } = net, bunSocketInternal = Symbol.for(\"::bunnetsocketinternal::\"), { rootCertificates, canonicalizeIP } = globalThis[globalThis.Symbol.for('Bun.lazy')](\"internal/tls\"), SymbolReplace = Symbol.replace, RegExpPrototypeSymbolReplace = RegExp.prototype[SymbolReplace], RegExpPrototypeExec = RegExp.prototype.exec, StringPrototypeStartsWith = String.prototype.startsWith, StringPrototypeSlice = String.prototype.slice, StringPrototypeIncludes = String.prototype.includes, StringPrototypeSplit = String.prototype.split, StringPrototypeIndexOf = String.prototype.indexOf, StringPrototypeSubstring = String.prototype.substring, StringPrototypeEndsWith = String.prototype.endsWith, StringFromCharCode = String.fromCharCode, StringPrototypeCharCodeAt = String.prototype.charCodeAt, ArrayPrototypeIncludes = Array.prototype.includes, ArrayPrototypeJoin = Array.prototype.join, ArrayPrototypeForEach = Array.prototype.forEach, ArrayPrototypePush = Array.prototype.push, ArrayPrototypeSome = Array.prototype.some, ArrayPrototypeReduce = Array.prototype.reduce, jsonStringPattern = /^\"(\?:[^\"\\\\\\u0000-\\u001f]|\\\\(\?:[\"\\\\/bfnrt]|u[0-9a-fA-F]{4}))*\"/, InternalSecureContext = class SecureContext2 {\n context;\n constructor(options) {\n const context = {};\n if (options) {\n let key = options.key;\n if (key) {\n if (!isValidTLSArray(key))\n @throwTypeError(\"key argument must be an string, Buffer, TypedArray, BunFile or an array containing string, Buffer, TypedArray or BunFile\");\n this.key = key;\n }\n let cert = options.cert;\n if (cert) {\n if (!isValidTLSArray(cert))\n @throwTypeError(\"cert argument must be an string, Buffer, TypedArray, BunFile or an array containing string, Buffer, TypedArray or BunFile\");\n this.cert = cert;\n }\n let ca = options.ca;\n if (ca) {\n if (!isValidTLSArray(ca))\n @throwTypeError(\"ca argument must be an string, Buffer, TypedArray, BunFile or an array containing string, Buffer, TypedArray or BunFile\");\n this.ca = ca;\n }\n let passphrase = options.passphrase;\n if (passphrase && typeof passphrase !== \"string\")\n @throwTypeError(\"passphrase argument must be an string\");\n this.passphrase = passphrase;\n let servername = options.servername;\n if (servername && typeof servername !== \"string\")\n @throwTypeError(\"servername argument must be an string\");\n this.servername = servername;\n let secureOptions = options.secureOptions || 0;\n if (secureOptions && typeof secureOptions !== \"number\")\n @throwTypeError(\"secureOptions argument must be an number\");\n this.secureOptions = secureOptions;\n }\n this.context = context;\n }\n}, buntls = Symbol.for(\"::buntls::\"), SocketClass, TLSSocket = function(InternalTLSSocket) {\n return SocketClass = InternalTLSSocket, Object.defineProperty(SocketClass.prototype, Symbol.toStringTag, {\n value: \"TLSSocket\",\n enumerable: !1\n }), Object.defineProperty(function Socket(options) {\n return new InternalTLSSocket(options);\n }, Symbol.hasInstance, {\n value(instance) {\n return instance instanceof InternalTLSSocket;\n }\n });\n}(class TLSSocket2 extends InternalTCPSocket {\n #secureContext;\n ALPNProtocols;\n #socket;\n #checkServerIdentity;\n #session;\n constructor(socket, options) {\n super(socket instanceof InternalTCPSocket \? options : options || socket);\n if (options = options || socket || {}, typeof options === \"object\") {\n const { ALPNProtocols } = options;\n if (ALPNProtocols)\n convertALPNProtocols(ALPNProtocols, this);\n if (socket instanceof InternalTCPSocket)\n this.#socket = socket;\n }\n this.#secureContext = options.secureContext || createSecureContext(options), this.authorized = !1, this.secureConnecting = !0, this._secureEstablished = !1, this._securePending = !0, this.#checkServerIdentity = options.checkServerIdentity || checkServerIdentity, this.#session = options.session || null;\n }\n _secureEstablished = !1;\n _securePending = !0;\n _newSessionPending;\n _controlReleased;\n secureConnecting = !1;\n _SNICallback;\n servername;\n authorized = !1;\n authorizationError;\n #renegotiationDisabled = !1;\n encrypted = !0;\n _start() {\n this.connect();\n }\n getSession() {\n return this[bunSocketInternal]\?.getSession();\n }\n getEphemeralKeyInfo() {\n return this[bunSocketInternal]\?.getEphemeralKeyInfo();\n }\n getCipher() {\n return this[bunSocketInternal]\?.getCipher();\n }\n getSharedSigalgs() {\n return this[bunSocketInternal]\?.getSharedSigalgs();\n }\n getProtocol() {\n return this[bunSocketInternal]\?.getTLSVersion();\n }\n getFinished() {\n return this[bunSocketInternal]\?.getTLSFinishedMessage() || void 0;\n }\n getPeerFinished() {\n return this[bunSocketInternal]\?.getTLSPeerFinishedMessage() || void 0;\n }\n isSessionReused() {\n return !!this.#session;\n }\n renegotiate() {\n if (this.#renegotiationDisabled) {\n const error = new Error(\"ERR_TLS_RENEGOTIATION_DISABLED: TLS session renegotiation disabled for this socket\");\n throw error.name = \"ERR_TLS_RENEGOTIATION_DISABLED\", error;\n }\n throw Error(\"Not implented in Bun yet\");\n }\n disableRenegotiation() {\n this.#renegotiationDisabled = !0;\n }\n getTLSTicket() {\n return this[bunSocketInternal]\?.getTLSTicket();\n }\n exportKeyingMaterial(length, label, context) {\n if (context)\n return this[bunSocketInternal]\?.exportKeyingMaterial(length, label, context);\n return this[bunSocketInternal]\?.exportKeyingMaterial(length, label);\n }\n setMaxSendFragment(size) {\n return this[bunSocketInternal]\?.setMaxSendFragment(size) || !1;\n }\n enableTrace() {\n }\n setServername(name) {\n if (this.isServer) {\n let error = new Error(\"ERR_TLS_SNI_FROM_SERVER: Cannot issue SNI from a TLS server-side socket\");\n throw error.name = \"ERR_TLS_SNI_FROM_SERVER\", error;\n }\n this.servername = name, this[bunSocketInternal]\?.setServername(name);\n }\n setSession(session) {\n if (this.#session = session, typeof session === \"string\")\n session = Buffer.from(session, \"latin1\");\n return this[bunSocketInternal]\?.setSession(session);\n }\n getPeerCertificate(abbreviated) {\n const cert = arguments.length < 1 \? this[bunSocketInternal]\?.getPeerCertificate() : this[bunSocketInternal]\?.getPeerCertificate(abbreviated);\n if (cert)\n return translatePeerCertificate(cert);\n }\n getCertificate() {\n const cert = this[bunSocketInternal]\?.getCertificate();\n if (cert)\n return translatePeerCertificate(cert);\n }\n getPeerX509Certificate() {\n throw Error(\"Not implented in Bun yet\");\n }\n getX509Certificate() {\n throw Error(\"Not implented in Bun yet\");\n }\n get alpnProtocol() {\n return this[bunSocketInternal]\?.alpnProtocol;\n }\n [buntls](port, host2) {\n return {\n socket: this.#socket,\n ALPNProtocols: this.ALPNProtocols,\n serverName: this.servername || host2 || \"localhost\",\n checkServerIdentity: this.#checkServerIdentity,\n session: this.#session,\n ...this.#secureContext\n };\n }\n});\n\nclass Server extends NetServer {\n key;\n cert;\n ca;\n passphrase;\n secureOptions;\n _rejectUnauthorized;\n _requestCert;\n servername;\n ALPNProtocols;\n constructor(options, secureConnectionListener) {\n super(options, secureConnectionListener);\n this.setSecureContext(options);\n }\n setSecureContext(options) {\n if (options instanceof InternalSecureContext)\n options = options.context;\n if (options) {\n const { ALPNProtocols } = options;\n if (ALPNProtocols)\n convertALPNProtocols(ALPNProtocols, this);\n let key = options.key;\n if (key) {\n if (!isValidTLSArray(key))\n @throwTypeError(\"key argument must be an string, Buffer, TypedArray, BunFile or an array containing string, Buffer, TypedArray or BunFile\");\n this.key = key;\n }\n let cert = options.cert;\n if (cert) {\n if (!isValidTLSArray(cert))\n @throwTypeError(\"cert argument must be an string, Buffer, TypedArray, BunFile or an array containing string, Buffer, TypedArray or BunFile\");\n this.cert = cert;\n }\n let ca = options.ca;\n if (ca) {\n if (!isValidTLSArray(ca))\n @throwTypeError(\"ca argument must be an string, Buffer, TypedArray, BunFile or an array containing string, Buffer, TypedArray or BunFile\");\n this.ca = ca;\n }\n let passphrase = options.passphrase;\n if (passphrase && typeof passphrase !== \"string\")\n @throwTypeError(\"passphrase argument must be an string\");\n this.passphrase = passphrase;\n let servername = options.servername;\n if (servername && typeof servername !== \"string\")\n @throwTypeError(\"servername argument must be an string\");\n this.servername = servername;\n let secureOptions = options.secureOptions || 0;\n if (secureOptions && typeof secureOptions !== \"number\")\n @throwTypeError(\"secureOptions argument must be an number\");\n this.secureOptions = secureOptions;\n const requestCert = options.requestCert || !1;\n if (requestCert)\n this._requestCert = requestCert;\n else\n this._requestCert = void 0;\n const rejectUnauthorized = options.rejectUnauthorized || !1;\n if (rejectUnauthorized)\n this._rejectUnauthorized = rejectUnauthorized;\n else\n this._rejectUnauthorized = void 0;\n }\n }\n getTicketKeys() {\n throw Error(\"Not implented in Bun yet\");\n }\n setTicketKeys() {\n throw Error(\"Not implented in Bun yet\");\n }\n [buntls](port, host2, isClient) {\n return [\n {\n serverName: this.servername || host2 || \"localhost\",\n key: this.key,\n cert: this.cert,\n ca: this.ca,\n passphrase: this.passphrase,\n secureOptions: this.secureOptions,\n rejectUnauthorized: isClient \? !1 : this._rejectUnauthorized,\n requestCert: isClient \? !1 : this._requestCert,\n ALPNProtocols: this.ALPNProtocols\n },\n SocketClass\n ];\n }\n}\nvar CLIENT_RENEG_LIMIT = 3, CLIENT_RENEG_WINDOW = 600, DEFAULT_ECDH_CURVE = \"auto\", DEFAULT_CIPHERS = \"DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256\", DEFAULT_MIN_VERSION = \"TLSv1.2\", DEFAULT_MAX_VERSION = \"TLSv1.3\", createConnection = (port, host2, connectListener) => {\n if (typeof port === \"object\") {\n port.checkServerIdentity;\n const { ALPNProtocols } = port;\n if (ALPNProtocols)\n convertALPNProtocols(ALPNProtocols, port);\n return new TLSSocket(port).connect(port, host2, connectListener);\n }\n return new TLSSocket().connect(port, host2, connectListener);\n}, connect = createConnection;\n$ = {\n CLIENT_RENEG_LIMIT,\n CLIENT_RENEG_WINDOW,\n connect,\n convertALPNProtocols,\n createConnection,\n createSecureContext,\n createServer,\n DEFAULT_CIPHERS,\n DEFAULT_ECDH_CURVE,\n DEFAULT_MAX_VERSION,\n DEFAULT_MIN_VERSION,\n getCiphers,\n parseCertString,\n SecureContext,\n Server,\n TLSSocket,\n checkServerIdentity,\n rootCertificates\n};\nreturn $})\n"_s;
+static constexpr ASCIILiteral NodeTLSCode = "(function (){\"use strict\";// src/js/out/tmp/node/tls.ts\nvar parseCertString = function() {\n throwNotImplemented(\"Not implemented\");\n}, isValidTLSArray = function(obj) {\n if (typeof obj === \"string\" || isTypedArray(obj) || obj instanceof ArrayBuffer || obj instanceof Blob)\n return !0;\n if (Array.isArray(obj)) {\n for (var i = 0;i < obj.length; i++)\n if (typeof obj !== \"string\" && !isTypedArray(obj) && !(obj instanceof ArrayBuffer) && !(obj instanceof Blob))\n return !1;\n return !0;\n }\n}, unfqdn = function(host) {\n return RegExpPrototypeSymbolReplace.call(/[.]$/, host, \"\");\n}, toLowerCase = function(c) {\n return StringFromCharCode.call(32 + StringPrototypeCharCodeAt.call(c, 0));\n}, splitHost = function(host) {\n return StringPrototypeSplit.call(RegExpPrototypeSymbolReplace.call(/[A-Z]/g, unfqdn(host), toLowerCase), \".\");\n}, check = function(hostParts, pattern, wildcards) {\n if (!pattern)\n return !1;\n const patternParts = splitHost(pattern);\n if (hostParts.length !== patternParts.length)\n return !1;\n if (ArrayPrototypeIncludes.call(patternParts, \"\"))\n return !1;\n const isBad = (s) => RegExpPrototypeExec.call(/[^\\u0021-\\u007F]/u, s) !== null;\n if (ArrayPrototypeSome.call(patternParts, isBad))\n return !1;\n for (let i = hostParts.length - 1;i > 0; i -= 1)\n if (hostParts[i] !== patternParts[i])\n return !1;\n const hostSubdomain = hostParts[0], patternSubdomain = patternParts[0], patternSubdomainParts = StringPrototypeSplit.call(patternSubdomain, \"*\");\n if (patternSubdomainParts.length === 1 || StringPrototypeIncludes.call(patternSubdomain, \"xn--\"))\n return hostSubdomain === patternSubdomain;\n if (!wildcards)\n return !1;\n if (patternSubdomainParts.length > 2)\n return !1;\n if (patternParts.length <= 2)\n return !1;\n const { 0: prefix, 1: suffix } = patternSubdomainParts;\n if (prefix.length + suffix.length > hostSubdomain.length)\n return !1;\n if (!StringPrototypeStartsWith.call(hostSubdomain, prefix))\n return !1;\n if (!StringPrototypeEndsWith.call(hostSubdomain, suffix))\n return !1;\n return !0;\n}, splitEscapedAltNames = function(altNames) {\n const result = [];\n let currentToken = \"\", offset = 0;\n while (offset !== altNames.length) {\n const nextSep = StringPrototypeIndexOf.call(altNames, \", \", offset), nextQuote = StringPrototypeIndexOf.call(altNames, '\"', offset);\n if (nextQuote !== -1 && (nextSep === -1 || nextQuote < nextSep)) {\n currentToken += StringPrototypeSubstring.call(altNames, offset, nextQuote);\n const match = RegExpPrototypeExec.call(jsonStringPattern, StringPrototypeSubstring.call(altNames, nextQuote));\n if (!match) {\n let error = new SyntaxError(\"ERR_TLS_CERT_ALTNAME_FORMAT: Invalid subject alternative name string\");\n throw error.name = ERR_TLS_CERT_ALTNAME_FORMAT, error;\n }\n currentToken += JSON.parse(match[0]), offset = nextQuote + match[0].length;\n } else if (nextSep !== -1)\n currentToken += StringPrototypeSubstring.call(altNames, offset, nextSep), ArrayPrototypePush.call(result, currentToken), currentToken = \"\", offset = nextSep + 2;\n else\n currentToken += StringPrototypeSubstring.call(altNames, offset), offset = altNames.length;\n }\n return ArrayPrototypePush.call(result, currentToken), result;\n}, checkServerIdentity = function(hostname, cert) {\n const { subject, subjectaltname: altNames } = cert, dnsNames = [], ips = [];\n if (hostname = \"\" + hostname, altNames) {\n const splitAltNames = StringPrototypeIncludes.call(altNames, '\"') \? splitEscapedAltNames(altNames) : StringPrototypeSplit.call(altNames, \", \");\n ArrayPrototypeForEach.call(splitAltNames, (name) => {\n if (StringPrototypeStartsWith.call(name, \"DNS:\"))\n ArrayPrototypePush.call(dnsNames, StringPrototypeSlice.call(name, 4));\n else if (StringPrototypeStartsWith.call(name, \"IP Address:\"))\n ArrayPrototypePush.call(ips, canonicalizeIP(StringPrototypeSlice.call(name, 11)));\n });\n }\n let valid = !1, reason = \"Unknown reason\";\n if (hostname = unfqdn(hostname), net.isIP(hostname)) {\n if (valid = ArrayPrototypeIncludes.call(ips, canonicalizeIP(hostname)), !valid)\n reason = `IP: ${hostname} is not in the cert's list: ` + ArrayPrototypeJoin.call(ips, \", \");\n } else if (dnsNames.length > 0 || subject\?.CN) {\n const hostParts = splitHost(hostname), wildcard = (pattern) => check(hostParts, pattern, !0);\n if (dnsNames.length > 0) {\n if (valid = ArrayPrototypeSome.call(dnsNames, wildcard), !valid)\n reason = `Host: ${hostname}. is not in the cert's altnames: ${altNames}`;\n } else {\n const cn = subject.CN;\n if (Array.isArray(cn))\n valid = ArrayPrototypeSome.call(cn, wildcard);\n else if (cn)\n valid = wildcard(cn);\n if (!valid)\n reason = `Host: ${hostname}. is not cert's CN: ${cn}`;\n }\n } else\n reason = \"Cert does not contain a DNS name\";\n if (!valid) {\n let error = new Error(`ERR_TLS_CERT_ALTNAME_INVALID: Hostname/IP does not match certificate's altnames: ${reason}`);\n return error.name = \"ERR_TLS_CERT_ALTNAME_INVALID\", error.reason = reason, error.host = hostname, error.cert = cert, error;\n }\n}, SecureContext = function(options) {\n return new InternalSecureContext(options);\n}, createSecureContext = function(options) {\n return new SecureContext(options);\n}, translatePeerCertificate = function(c) {\n if (!c)\n return null;\n if (c.issuerCertificate != null && c.issuerCertificate !== c)\n c.issuerCertificate = translatePeerCertificate(c.issuerCertificate);\n if (c.infoAccess != null) {\n const info = c.infoAccess;\n c.infoAccess = { __proto__: null }, RegExpPrototypeSymbolReplace.call(/([^\\n:]*):([^\\n]*)(\?:\\n|$)/g, info, (all, key, val) => {\n if (val.charCodeAt(0) === 34)\n val = JSONParse(val);\n if (key in c.infoAccess)\n ArrayPrototypePush.call(c.infoAccess[key], val);\n else\n c.infoAccess[key] = [val];\n });\n }\n return c;\n}, createServer = function(options, connectionListener) {\n return new Server(options, connectionListener);\n}, getCiphers = function() {\n return DEFAULT_CIPHERS.split(\":\");\n}, convertProtocols = function(protocols) {\n const lens = new Array(protocols.length), buff = Buffer.allocUnsafe(ArrayPrototypeReduce.call(protocols, (p, c, i) => {\n const len = Buffer.byteLength(c);\n if (len > 255)\n @throwRangeError(\"The byte length of the protocol at index \" + `${i} exceeds the maximum length.`, \"<= 255\", len, !0);\n return lens[i] = len, p + 1 + len;\n }, 0));\n let offset = 0;\n for (let i = 0, c = protocols.length;i < c; i++)\n buff[offset++] = lens[i], buff.write(protocols[i], offset), offset += lens[i];\n return buff;\n}, convertALPNProtocols = function(protocols, out) {\n if (Array.isArray(protocols))\n out.ALPNProtocols = convertProtocols(protocols);\n else if (isTypedArray(protocols))\n out.ALPNProtocols = Buffer.from(protocols);\n else if (isArrayBufferView(protocols))\n out.ALPNProtocols = Buffer.from(protocols.buffer.slice(protocols.byteOffset, protocols.byteOffset + protocols.byteLength));\n else if (Buffer.isBuffer(protocols))\n out.ALPNProtocols = protocols;\n}, $, { isArrayBufferView, isTypedArray } = @requireNativeModule(\"node:util/types\"), net = @getInternalField(@internalModuleRegistry, 25) || @createInternalModuleById(25), { Server: NetServer, [Symbol.for(\"::bunternal::\")]: InternalTCPSocket } = net, bunSocketInternal = Symbol.for(\"::bunnetsocketinternal::\"), { rootCertificates, canonicalizeIP } = globalThis[globalThis.Symbol.for('Bun.lazy')](\"internal/tls\"), SymbolReplace = Symbol.replace, RegExpPrototypeSymbolReplace = RegExp.prototype[SymbolReplace], RegExpPrototypeExec = RegExp.prototype.exec, StringPrototypeStartsWith = String.prototype.startsWith, StringPrototypeSlice = String.prototype.slice, StringPrototypeIncludes = String.prototype.includes, StringPrototypeSplit = String.prototype.split, StringPrototypeIndexOf = String.prototype.indexOf, StringPrototypeSubstring = String.prototype.substring, StringPrototypeEndsWith = String.prototype.endsWith, StringFromCharCode = String.fromCharCode, StringPrototypeCharCodeAt = String.prototype.charCodeAt, ArrayPrototypeIncludes = Array.prototype.includes, ArrayPrototypeJoin = Array.prototype.join, ArrayPrototypeForEach = Array.prototype.forEach, ArrayPrototypePush = Array.prototype.push, ArrayPrototypeSome = Array.prototype.some, ArrayPrototypeReduce = Array.prototype.reduce, jsonStringPattern = /^\"(\?:[^\"\\\\\\u0000-\\u001f]|\\\\(\?:[\"\\\\/bfnrt]|u[0-9a-fA-F]{4}))*\"/, InternalSecureContext = class SecureContext2 {\n context;\n constructor(options) {\n const context = {};\n if (options) {\n let key = options.key;\n if (key) {\n if (!isValidTLSArray(key))\n @throwTypeError(\"key argument must be an string, Buffer, TypedArray, BunFile or an array containing string, Buffer, TypedArray or BunFile\");\n this.key = key;\n }\n let cert = options.cert;\n if (cert) {\n if (!isValidTLSArray(cert))\n @throwTypeError(\"cert argument must be an string, Buffer, TypedArray, BunFile or an array containing string, Buffer, TypedArray or BunFile\");\n this.cert = cert;\n }\n let ca = options.ca;\n if (ca) {\n if (!isValidTLSArray(ca))\n @throwTypeError(\"ca argument must be an string, Buffer, TypedArray, BunFile or an array containing string, Buffer, TypedArray or BunFile\");\n this.ca = ca;\n }\n let passphrase = options.passphrase;\n if (passphrase && typeof passphrase !== \"string\")\n @throwTypeError(\"passphrase argument must be an string\");\n this.passphrase = passphrase;\n let servername = options.servername;\n if (servername && typeof servername !== \"string\")\n @throwTypeError(\"servername argument must be an string\");\n this.servername = servername;\n let secureOptions = options.secureOptions || 0;\n if (secureOptions && typeof secureOptions !== \"number\")\n @throwTypeError(\"secureOptions argument must be an number\");\n this.secureOptions = secureOptions;\n }\n this.context = context;\n }\n}, buntls = Symbol.for(\"::buntls::\"), SocketClass, TLSSocket = function(InternalTLSSocket) {\n return SocketClass = InternalTLSSocket, Object.defineProperty(SocketClass.prototype, Symbol.toStringTag, {\n value: \"TLSSocket\",\n enumerable: !1\n }), Object.defineProperty(function Socket(options) {\n return new InternalTLSSocket(options);\n }, Symbol.hasInstance, {\n value(instance) {\n return instance instanceof InternalTLSSocket;\n }\n });\n}(class TLSSocket2 extends InternalTCPSocket {\n #secureContext;\n ALPNProtocols;\n #socket;\n #checkServerIdentity;\n #session;\n constructor(socket, options) {\n super(socket instanceof InternalTCPSocket \? options : options || socket);\n if (options = options || socket || {}, typeof options === \"object\") {\n const { ALPNProtocols } = options;\n if (ALPNProtocols)\n convertALPNProtocols(ALPNProtocols, this);\n if (socket instanceof InternalTCPSocket)\n this.#socket = socket;\n }\n this.#secureContext = options.secureContext || createSecureContext(options), this.authorized = !1, this.secureConnecting = !0, this._secureEstablished = !1, this._securePending = !0, this.#checkServerIdentity = options.checkServerIdentity || checkServerIdentity, this.#session = options.session || null;\n }\n _secureEstablished = !1;\n _securePending = !0;\n _newSessionPending;\n _controlReleased;\n secureConnecting = !1;\n _SNICallback;\n servername;\n authorized = !1;\n authorizationError;\n #renegotiationDisabled = !1;\n encrypted = !0;\n _start() {\n this.connect();\n }\n getSession() {\n return this[bunSocketInternal]\?.getSession();\n }\n getEphemeralKeyInfo() {\n return this[bunSocketInternal]\?.getEphemeralKeyInfo();\n }\n getCipher() {\n return this[bunSocketInternal]\?.getCipher();\n }\n getSharedSigalgs() {\n return this[bunSocketInternal]\?.getSharedSigalgs();\n }\n getProtocol() {\n return this[bunSocketInternal]\?.getTLSVersion();\n }\n getFinished() {\n return this[bunSocketInternal]\?.getTLSFinishedMessage() || void 0;\n }\n getPeerFinished() {\n return this[bunSocketInternal]\?.getTLSPeerFinishedMessage() || void 0;\n }\n isSessionReused() {\n return !!this.#session;\n }\n renegotiate() {\n if (this.#renegotiationDisabled) {\n const error = new Error(\"ERR_TLS_RENEGOTIATION_DISABLED: TLS session renegotiation disabled for this socket\");\n throw error.name = \"ERR_TLS_RENEGOTIATION_DISABLED\", error;\n }\n throw Error(\"Not implented in Bun yet\");\n }\n disableRenegotiation() {\n this.#renegotiationDisabled = !0;\n }\n getTLSTicket() {\n return this[bunSocketInternal]\?.getTLSTicket();\n }\n exportKeyingMaterial(length, label, context) {\n if (context)\n return this[bunSocketInternal]\?.exportKeyingMaterial(length, label, context);\n return this[bunSocketInternal]\?.exportKeyingMaterial(length, label);\n }\n setMaxSendFragment(size) {\n return this[bunSocketInternal]\?.setMaxSendFragment(size) || !1;\n }\n enableTrace() {\n }\n setServername(name) {\n if (this.isServer) {\n let error = new Error(\"ERR_TLS_SNI_FROM_SERVER: Cannot issue SNI from a TLS server-side socket\");\n throw error.name = \"ERR_TLS_SNI_FROM_SERVER\", error;\n }\n this.servername = name, this[bunSocketInternal]\?.setServername(name);\n }\n setSession(session) {\n if (this.#session = session, typeof session === \"string\")\n session = Buffer.from(session, \"latin1\");\n return this[bunSocketInternal]\?.setSession(session);\n }\n getPeerCertificate(abbreviated) {\n const cert = arguments.length < 1 \? this[bunSocketInternal]\?.getPeerCertificate() : this[bunSocketInternal]\?.getPeerCertificate(abbreviated);\n if (cert)\n return translatePeerCertificate(cert);\n }\n getCertificate() {\n const cert = this[bunSocketInternal]\?.getCertificate();\n if (cert)\n return translatePeerCertificate(cert);\n }\n getPeerX509Certificate() {\n throw Error(\"Not implented in Bun yet\");\n }\n getX509Certificate() {\n throw Error(\"Not implented in Bun yet\");\n }\n get alpnProtocol() {\n return this[bunSocketInternal]\?.alpnProtocol;\n }\n [buntls](port, host) {\n return {\n socket: this.#socket,\n ALPNProtocols: this.ALPNProtocols,\n serverName: this.servername || host || \"localhost\",\n checkServerIdentity: this.#checkServerIdentity,\n session: this.#session,\n ...this.#secureContext\n };\n }\n});\n\nclass Server extends NetServer {\n key;\n cert;\n ca;\n passphrase;\n secureOptions;\n _rejectUnauthorized;\n _requestCert;\n servername;\n ALPNProtocols;\n constructor(options, secureConnectionListener) {\n super(options, secureConnectionListener);\n this.setSecureContext(options);\n }\n setSecureContext(options) {\n if (options instanceof InternalSecureContext)\n options = options.context;\n if (options) {\n const { ALPNProtocols } = options;\n if (ALPNProtocols)\n convertALPNProtocols(ALPNProtocols, this);\n let key = options.key;\n if (key) {\n if (!isValidTLSArray(key))\n @throwTypeError(\"key argument must be an string, Buffer, TypedArray, BunFile or an array containing string, Buffer, TypedArray or BunFile\");\n this.key = key;\n }\n let cert = options.cert;\n if (cert) {\n if (!isValidTLSArray(cert))\n @throwTypeError(\"cert argument must be an string, Buffer, TypedArray, BunFile or an array containing string, Buffer, TypedArray or BunFile\");\n this.cert = cert;\n }\n let ca = options.ca;\n if (ca) {\n if (!isValidTLSArray(ca))\n @throwTypeError(\"ca argument must be an string, Buffer, TypedArray, BunFile or an array containing string, Buffer, TypedArray or BunFile\");\n this.ca = ca;\n }\n let passphrase = options.passphrase;\n if (passphrase && typeof passphrase !== \"string\")\n @throwTypeError(\"passphrase argument must be an string\");\n this.passphrase = passphrase;\n let servername = options.servername;\n if (servername && typeof servername !== \"string\")\n @throwTypeError(\"servername argument must be an string\");\n this.servername = servername;\n let secureOptions = options.secureOptions || 0;\n if (secureOptions && typeof secureOptions !== \"number\")\n @throwTypeError(\"secureOptions argument must be an number\");\n this.secureOptions = secureOptions;\n const requestCert = options.requestCert || !1;\n if (requestCert)\n this._requestCert = requestCert;\n else\n this._requestCert = void 0;\n const rejectUnauthorized = options.rejectUnauthorized || !1;\n if (rejectUnauthorized)\n this._rejectUnauthorized = rejectUnauthorized;\n else\n this._rejectUnauthorized = void 0;\n }\n }\n getTicketKeys() {\n throw Error(\"Not implented in Bun yet\");\n }\n setTicketKeys() {\n throw Error(\"Not implented in Bun yet\");\n }\n [buntls](port, host, isClient) {\n return [\n {\n serverName: this.servername || host || \"localhost\",\n key: this.key,\n cert: this.cert,\n ca: this.ca,\n passphrase: this.passphrase,\n secureOptions: this.secureOptions,\n rejectUnauthorized: isClient \? !1 : this._rejectUnauthorized,\n requestCert: isClient \? !1 : this._requestCert,\n ALPNProtocols: this.ALPNProtocols\n },\n SocketClass\n ];\n }\n}\nvar CLIENT_RENEG_LIMIT = 3, CLIENT_RENEG_WINDOW = 600, DEFAULT_ECDH_CURVE = \"auto\", DEFAULT_CIPHERS = \"DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256\", DEFAULT_MIN_VERSION = \"TLSv1.2\", DEFAULT_MAX_VERSION = \"TLSv1.3\", createConnection = (port, host, connectListener) => {\n if (typeof port === \"object\") {\n port.checkServerIdentity;\n const { ALPNProtocols } = port;\n if (ALPNProtocols)\n convertALPNProtocols(ALPNProtocols, port);\n return new TLSSocket(port).connect(port, host, connectListener);\n }\n return new TLSSocket().connect(port, host, connectListener);\n}, connect = createConnection;\n$ = {\n CLIENT_RENEG_LIMIT,\n CLIENT_RENEG_WINDOW,\n connect,\n convertALPNProtocols,\n createConnection,\n createSecureContext,\n createServer,\n DEFAULT_CIPHERS,\n DEFAULT_ECDH_CURVE,\n DEFAULT_MAX_VERSION,\n DEFAULT_MIN_VERSION,\n getCiphers,\n parseCertString,\n SecureContext,\n Server,\n TLSSocket,\n checkServerIdentity,\n rootCertificates\n};\nreturn $})\n"_s;
//
//
generated by cgit v1.2.3 (git 2.39.1) at 2025-06-29 23:09:45 +0000