reOptions } = options; if (honorCipherOrder) secureOptions |= SSL_OP_CIPHER_SERVER_PREFERENCE; const c = new SecureContext(secureProtocol, secureOptions, minVersion, maxVersion); configSecureContext(c.context, options); return c; } // Translate some fields from the handle's C-friendly format into more idiomatic // javascript object representations before passing them back to the user. Can // be used on any cert object, but changing the name would be semver-major. function translatePeerCertificate(c) { if (!c) return null; // TODO(tniessen): can we remove parseCertString without breaking anything? if (typeof c.issuer === 'string') c.issuer = parseCertString(c.issuer); if (c.issuerCertificate != null && c.issuerCertificate !== c) { c.issuerCertificate = translatePeerCertificate(c.issuerCertificate); } // TODO(tniessen): can we remove parseCertString without breaking anything? if (typeof c.subject === 'string') c.subject = parseCertString(c.subject); if (c.infoAccess != null) { const info = c.infoAccess; c.infoAccess = ObjectCreate(null); // XXX: More key validation? StringPrototypeReplace(info, /([^\n:]*):([^\n]*)(?:\n|$)/g, (all, key, val) => { if (val.charCodeAt(0) === 0x22) { // The translatePeerCertificate function is only // used on internally created legacy certificate // objects, and any value that contains a quote // will always be a valid JSON string literal, // so this should never throw. val = JSONParse(val); } if (key in c.infoAccess) ArrayPrototypePush(c.infoAccess[key], val); else c.infoAccess[key] = [val]; }); } return c; } module.exports = { SecureContext, createSecureContext, translatePeerCertificate, };