neo4j-driver-bolt-connection - npm Package Compare versions

Comparing version 5.18.0 to 5.19.0

lib/channel/browser/index.js

@@ -22,5 +22,6 @@ "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.HostNameResolver = exports.Channel = void 0;
+exports.ClientCertificatesLoader = exports.HostNameResolver = exports.Channel = void 0;
 var browser_channel_1 = __importDefault(require("./browser-channel"));
 var browser_host_name_resolver_1 = __importDefault(require("./browser-host-name-resolver"));
+var browser_client_certificates_loader_1 = __importDefault(require("./browser-client-certificates-loader"));
 /*
@@ -38,1 +39,2 @@
 exports.HostNameResolver = browser_host_name_resolver_1.default;
+exports.ClientCertificatesLoader = browser_client_certificates_loader_1.default;

lib/channel/channel-config.js

@@ -43,4 +43,5 @@ "use strict";
      * @param {string} connectionErrorCode the default error code to use on connection errors.
+     * @param {object} clientCertificate the client certificate
      */
-    function ChannelConfig(address, driverConfig, connectionErrorCode) {
+    function ChannelConfig(address, driverConfig, connectionErrorCode, clientCertificate) {
         this.address = address;
@@ -53,2 +54,3 @@ this.encrypted = extractEncrypted(driverConfig);
         this.connectionTimeout = driverConfig.connectionTimeout;
+        this.clientCertificate = clientCertificate;
     }
@@ -55,0 +57,0 @@ return ChannelConfig;

lib/channel/deno/deno-channel.js

@@ -272,2 +272,3 @@ "use strict";
                         }
+                        assertNotClientCertificates(config);
                         return [4 /*yield*/, Promise.all(config.trustedCertificates.map(function (f) { return Deno.readTextFile(f); }))];
@@ -286,2 +287,3 @@ case 1:
     TRUST_SYSTEM_CA_SIGNED_CERTIFICATES: function (config) {
+        assertNotClientCertificates(config);
         return Deno.connectTls({
@@ -299,2 +301,13 @@ hostname: config.address.resolvedHost(),
 };
+function assertNotClientCertificates(config) {
+    return __awaiter(this, void 0, void 0, function () {
+        return __generator(this, function (_a) {
+            if (config.clientCertificate != null) {
+                throw (0, neo4j_driver_core_1.newError)('clientCertificates are not supported in DenoJS since the API does not ' +
+                    'support its configuration. See, https://deno.land/api@v1.29.0?s=Deno.ConnectTlsOptions.');
+            }
+            return [2 /*return*/];
+        });
+    });
+}
 function _connect(config) {
@@ -301,0 +314,0 @@ return __awaiter(this, void 0, void 0, function () {

lib/channel/deno/index.js

@@ -22,5 +22,6 @@ "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.HostNameResolver = exports.Channel = void 0;
+exports.ClientCertificatesLoader = exports.HostNameResolver = exports.Channel = void 0;
 var deno_channel_1 = __importDefault(require("./deno-channel"));
 var deno_host_name_resolver_1 = __importDefault(require("./deno-host-name-resolver"));
+var deno_client_certificates_loader_1 = __importDefault(require("./deno-client-certificates-loader"));
 /*
@@ -38,1 +39,2 @@
 exports.HostNameResolver = deno_host_name_resolver_1.default;
+exports.ClientCertificatesLoader = deno_client_certificates_loader_1.default;

lib/channel/node/index.js

@@ -22,5 +22,6 @@ "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.HostNameResolver = exports.Channel = void 0;
+exports.ClientCertificatesLoader = exports.HostNameResolver = exports.Channel = void 0;
 var node_channel_1 = __importDefault(require("./node-channel"));
 var node_host_name_resolver_1 = __importDefault(require("./node-host-name-resolver"));
+var node_client_certificates_loader_1 = __importDefault(require("./node-client-certificates-loader"));
 /*
@@ -38,1 +39,2 @@
 exports.HostNameResolver = node_host_name_resolver_1.default;
+exports.ClientCertificatesLoader = node_client_certificates_loader_1.default;

lib/channel/node/node-channel.js

 "use strict";
+var __assign = (this && this.__assign) || function () {
+    __assign = Object.assign || function(t) {
+        for (var s, i = 1, n = arguments.length; i < n; i++) {
+            s = arguments[i];
+            for (var p in s) if (Object.prototype.hasOwnProperty.call(s, p))
+                t[p] = s[p];
+        }
+        return t;
+    };
+    return __assign.apply(this, arguments);
+};
 var __importDefault = (this && this.__importDefault) || function (mod) {
@@ -43,3 +54,3 @@ return (mod && mod.__esModule) ? mod : { "default": mod };
         }
-        var tlsOpts = newTlsOptions(config.address.host(), config.trustedCertificates.map(function (f) { return fs_1.default.readFileSync(f); }));
+        var tlsOpts = newTlsOptions(config.address.host(), config.trustedCertificates.map(function (f) { return fs_1.default.readFileSync(f); }), config.clientCertificate);
         var socket = tls_1.default.connect(config.address.port(), config.address.resolvedHost(), tlsOpts, function () {
@@ -65,3 +76,3 @@ if (!socket.authorized) {
     TRUST_SYSTEM_CA_SIGNED_CERTIFICATES: function (config, onSuccess, onFailure) {
-        var tlsOpts = newTlsOptions(config.address.host());
+        var tlsOpts = newTlsOptions(config.address.host(), undefined, config.clientCertificate);
         var socket = tls_1.default.connect(config.address.port(), config.address.resolvedHost(), tlsOpts, function () {
@@ -88,3 +99,3 @@ if (!socket.authorized) {
     TRUST_ALL_CERTIFICATES: function (config, onSuccess, onFailure) {
-        var tlsOpts = newTlsOptions(config.address.host());
+        var tlsOpts = newTlsOptions(config.address.host(), undefined, config.clientCertificate);
         var socket = tls_1.default.connect(config.address.port(), config.address.resolvedHost(), tlsOpts, function () {
@@ -160,11 +171,12 @@ var certificate = socket.getPeerCertificate();
  * @param {string|undefined} ca an optional CA.
+ * @param {string|undefined} cert an optional client cert.
+ * @param {string|undefined} key an optional client cert key.
+ * @param {string|undefined} passphrase an optional client cert passphrase
  * @return {Object} a new options object.
  */
-function newTlsOptions(hostname, ca) {
+function newTlsOptions(hostname, ca, clientCertificate) {
     if (ca === void 0) { ca = undefined; }
-    return {
-        rejectUnauthorized: false,
-        servername: hostname,
-        ca: ca // optional CA useful for TRUST_CUSTOM_CA_SIGNED_CERTIFICATES trust mode
-    };
+    if (clientCertificate === void 0) { clientCertificate = undefined; }
+    return __assign({ rejectUnauthorized: false, servername: hostname, // server name for the SNI (Server Name Indication) TLS extension
+        ca: ca }, clientCertificate);
 }
@@ -171,0 +183,0 @@ /**

lib/connection-provider/connection-provider-direct.js

@@ -130,3 +130,3 @@ "use strict";
                 switch (_a.label) {
-                    case 0: return [4 /*yield*/, (0, connection_1.createChannelConnection)(this._address, this._config, this._createConnectionErrorHandler(), this._log)];
+                    case 0: return [4 /*yield*/, this._createChannelConnection(this._address)];
                     case 1:
@@ -133,0 +133,0 @@ connection = _a.sent();

lib/connection-provider/connection-provider-pooled.js

@@ -127,2 +127,3 @@ "use strict";
 var liveness_check_provider_1 = __importDefault(require("./liveness-check-provider"));
+var client_certificate_holder_1 = __importDefault(require("./client-certificate-holder"));
 var SERVICE_UNAVAILABLE = neo4j_driver_core_1.error.SERVICE_UNAVAILABLE;
@@ -150,2 +151,3 @@ var AUTHENTICATION_ERRORS = [
         _this._log = log;
+        _this._clientCertificateHolder = new client_certificate_holder_1.default({ clientCertificateProvider: _this._config.clientCertificate });
         _this._authenticationProvider = new authentication_provider_1.default({ authTokenManager: authTokenManager, userAgent: userAgent, boltAgent: boltAgent });
@@ -157,5 +159,17 @@ _this._livenessCheckProvider = new liveness_check_provider_1.default({ connectionLivenessCheckTimeout: config.connectionLivenessCheckTimeout });
             createChannelConnectionHook ||
-                (function (address) {
-                    return (0, connection_1.createChannelConnection)(address, _this._config, _this._createConnectionErrorHandler(), _this._log);
-                });
+                (function (address) { return __awaiter(_this, void 0, void 0, function () {
+                    var _a, _b;
+                    return __generator(this, function (_c) {
+                        switch (_c.label) {
+                            case 0:
+                                _a = connection_1.createChannelConnection;
+                                _b = [address,
+                                    this._config,
+                                    this._createConnectionErrorHandler(),
+                                    this._log];
+                                return [4 /*yield*/, this._clientCertificateHolder.getClientCertificate()];
+                            case 1: return [2 /*return*/, _a.apply(void 0, _b.concat([_c.sent()]))];
+                        }
+                    });
+                }); });
         _this._connectionPool = newPool({
@@ -177,2 +191,9 @@ create: _this._createConnection.bind(_this),
     };
+    PooledConnectionProvider.prototype._getClientCertificate = function () {
+        return __awaiter(this, void 0, void 0, function () {
+            return __generator(this, function (_a) {
+                return [2 /*return*/, this._config.clientCertificate.getClientCertificate()];
+            });
+        });
+    };
     /**
@@ -179,0 +200,0 @@ * Create a new connection and initialize it.

lib/connection-provider/connection-provider-routing.js

@@ -160,5 +160,17 @@ "use strict";
         var id = _a.id, address = _a.address, routingContext = _a.routingContext, hostNameResolver = _a.hostNameResolver, config = _a.config, log = _a.log, userAgent = _a.userAgent, boltAgent = _a.boltAgent, authTokenManager = _a.authTokenManager, routingTablePurgeDelay = _a.routingTablePurgeDelay, newPool = _a.newPool;
-        var _this = _super.call(this, { id: id, config: config, log: log, userAgent: userAgent, boltAgent: boltAgent, authTokenManager: authTokenManager, newPool: newPool }, function (address) {
-            return (0, connection_1.createChannelConnection)(address, _this._config, _this._createConnectionErrorHandler(), _this._log, _this._routingContext);
-        }) || this;
+        var _this = _super.call(this, { id: id, config: config, log: log, userAgent: userAgent, boltAgent: boltAgent, authTokenManager: authTokenManager, newPool: newPool }, function (address) { return __awaiter(_this, void 0, void 0, function () {
+            var _a, _b;
+            return __generator(this, function (_c) {
+                switch (_c.label) {
+                    case 0:
+                        _a = connection_1.createChannelConnection;
+                        _b = [address,
+                            this._config,
+                            this._createConnectionErrorHandler(),
+                            this._log];
+                        return [4 /*yield*/, this._clientCertificateHolder.getClientCertificate()];
+                    case 1: return [2 /*return*/, _a.apply(void 0, _b.concat([_c.sent(), this._routingContext]))];
+                }
+            });
+        }); }) || this;
         _this._routingContext = __assign(__assign({}, routingContext), { address: address.toString() });
@@ -286,3 +298,3 @@ _this._seedRouter = address;
                         _a.trys.push([3, 6, , 7]);
-                        return [4 /*yield*/, (0, connection_1.createChannelConnection)(addresses[i], this._config, this._createConnectionErrorHandler(), this._log)];
+                        return [4 /*yield*/, this._createChannelConnection(addresses[i])];
                     case 4:
@@ -289,0 +301,0 @@ connection = _a.sent();

lib/connection/connection-channel.js

@@ -87,8 +87,9 @@ "use strict";
  * @param {Logger} log - configured logger.
+ * @param {clientCertificate} clientCertificate - configured client certificate
  * @return {Connection} - new connection.
  */
-function createChannelConnection(address, config, errorHandler, log, serversideRouting, createChannel) {
+function createChannelConnection(address, config, errorHandler, log, clientCertificate, serversideRouting, createChannel) {
     if (serversideRouting === void 0) { serversideRouting = null; }
     if (createChannel === void 0) { createChannel = function (channelConfig) { return new channel_1.Channel(channelConfig); }; }
-    var channelConfig = new channel_1.ChannelConfig(address, config, errorHandler.errorCode());
+    var channelConfig = new channel_1.ChannelConfig(address, config, errorHandler.errorCode(), clientCertificate);
     var channel = createChannel(channelConfig);
@@ -95,0 +96,0 @@ return bolt_1.default.handshake(channel, log)

package.json

 {
   "name": "neo4j-driver-bolt-connection",
-  "version": "5.18.0",
+  "version": "5.19.0",
   "description": "Implements the connection with the Neo4j Database using the Bolt Protocol",
@@ -43,6 +43,6 @@ "main": "lib/index.js",
     "buffer": "^6.0.3",
-    "neo4j-driver-core": "5.18.0",
+    "neo4j-driver-core": "5.19.0",
     "string_decoder": "^1.3.0"
   },
-  "gitHead": "4bd77f61af7153d08fae4a957bfff3ce22e64265"
+  "gitHead": "8a7dc18c3190258f7afead83a0bdc04b138010f4"
 }

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

626573

increased by3.62%

Number of package files

95

increased by4.4%

Lines of code

13370

increased by3.22%

Worsened metrics

Number of low supply chain risk alerts

2

increased by100%

Dependency changes

• + Addedneo4j-driver-core@5.19.0(transitive)

• - Removedneo4j-driver-core@5.18.0(transitive)

• Updatedneo4j-driver-core@5.19.0