version 0.0.5 to include alert

Author: Srabutdotcom

deno.json

@@ -1,6 +1,6 @@
 {
   "name": "@tls/enum",
-  "version": "0.0.4",
+  "version": "0.0.5",
   "exports": "./src/mod.ts",
   "publish": {
     "exclude": ["dist/"]

src/alert.js

@@ -0,0 +1,216 @@
+// deno-lint-ignore-file no-slow-types
+// @ts-self-types="../type/alert.d.ts"
+
+import { Enum } from "./enum.js";
+
+/**
+ * Represents alert levels in the protocol
+ * @see https://datatracker.ietf.org/doc/html/rfc8446#section-6
+ */
+export class AlertLevel extends Enum {
+
+   /** @type {AlertLevel} warning level (1) */
+   static WARNING = new AlertLevel('WARNING', 1);
+
+   /** @type {AlertLevel} fatal level (2) */
+   static FATAL = new AlertLevel('FATAL', 2);
+
+   /**
+    * check octet and return valid AlertLevel  
+    *
+    * @static
+    * @param {Uint8Array} octet
+    * @returns {AlertLevel }
+    */
+   static parse(octet) {
+      return AlertLevel.fromValue(octet[0]) ?? Error(`Unknown ${octet[0]} AlertLevel type`);
+   }
+
+   /**return 8 */
+   get bit() { return 8 }
+}
+
+
+/**
+ * Enum class representing various TLS alert descriptions based on RFC 8446.
+ * @see https://datatracker.ietf.org/doc/html/rfc8446#section-6
+ */
+export class AlertDescription extends Enum {
+   /**
+    * This alert notifies the recipient that the sender will not send any more messages on this connection. Any data received after a closure alert has been received MUST be ignored.
+    */
+   static CLOSE_NOTIFY = new AlertDescription("CLOSE_NOTIFY", 0);
+
+   /**
+    * An inappropriate message (e.g., the wrong handshake message, premature Application Data, etc.) was received. This alert should never be observed in communication between proper implementations.
+    */
+   static UNEXPECTED_MESSAGE = new AlertDescription("UNEXPECTED_MESSAGE", 10);
+
+   /**
+    * This alert is returned if a record is received which cannot be deprotected. Because AEAD algorithms combine decryption and verification, this alert is used for all deprotection failures.
+    */
+   static BAD_RECORD_MAC = new AlertDescription("BAD_RECORD_MAC", 20);
+
+   /**
+    * A TLSCiphertext record was received that had a length more than 2^14 + 256 bytes or a record decrypted to a TLSPlaintext record with more than 2^14 bytes.
+    */
+   static RECORD_OVERFLOW = new AlertDescription("RECORD_OVERFLOW", 22);
+
+   /**
+    * Receipt of a 'handshake_failure' alert message indicates that the sender was unable to negotiate an acceptable set of security parameters given the options available.
+    */
+   static HANDSHAKE_FAILURE = new AlertDescription("HANDSHAKE_FAILURE", 40);
+
+   /**
+    * A certificate was corrupt or contained signatures that did not verify correctly.
+    */
+   static BAD_CERTIFICATE = new AlertDescription("BAD_CERTIFICATE", 42);
+
+   /**
+    * A certificate was of an unsupported type.
+    */
+   static UNSUPPORTED_CERTIFICATE = new AlertDescription("UNSUPPORTED_CERTIFICATE", 43);
+
+   /**
+    * A certificate was revoked by its signer.
+    */
+   static CERTIFICATE_REVOKED = new AlertDescription("CERTIFICATE_REVOKED", 44);
+
+   /**
+    * A certificate has expired or is not currently valid.
+    */
+   static CERTIFICATE_EXPIRED = new AlertDescription("CERTIFICATE_EXPIRED", 45);
+
+   /**
+    * Some other issue arose in processing the certificate, rendering it unacceptable.
+    */
+   static CERTIFICATE_UNKNOWN = new AlertDescription("CERTIFICATE_UNKNOWN", 46);
+
+   /**
+    * A field in the handshake was incorrect or inconsistent with other fields.
+    */
+   static ILLEGAL_PARAMETER = new AlertDescription("ILLEGAL_PARAMETER", 47);
+
+   /**
+    * A valid certificate chain or partial chain was received, but the CA certificate could not be located or matched with a known trust anchor.
+    */
+   static UNKNOWN_CA = new AlertDescription("UNKNOWN_CA", 48);
+
+   /**
+    * A valid certificate or PSK was received, but access control was applied, and the sender decided not to proceed with negotiation.
+    */
+   static ACCESS_DENIED = new AlertDescription("ACCESS_DENIED", 49);
+
+   /**
+    * A message could not be decoded because some field was out of range or the length of the message was incorrect.
+    */
+   static DECODE_ERROR = new AlertDescription("DECODE_ERROR", 50);
+
+   /**
+    * A handshake cryptographic operation failed, including verification or validation issues.
+    */
+   static DECRYPT_ERROR = new AlertDescription("DECRYPT_ERROR", 51);
+
+   /**
+    * The protocol version the peer has attempted to negotiate is recognized but not supported.
+    */
+   static PROTOCOL_VERSION = new AlertDescription("PROTOCOL_VERSION", 70);
+
+   /**
+    * A negotiation has failed because the server requires parameters more secure than those supported by the client.
+    */
+   static INSUFFICIENT_SECURITY = new AlertDescription("INSUFFICIENT_SECURITY", 71);
+
+   /**
+    * An internal error unrelated to the peer or protocol correctness makes it impossible to continue.
+    */
+   static INTERNAL_ERROR = new AlertDescription("INTERNAL_ERROR", 80);
+   
+   /**
+    * Sent by a server in response to an invalid
+     connection retry attempt from a client (see [RFC7507]).
+    */
+   static INAPPROPRIATE_FALLBACK = new AlertDescription("INAPPROPRIATE_FALLBACK", 86)
+
+   /**
+    * This alert notifies the recipient that the sender is canceling the handshake for reasons unrelated to a protocol failure.
+    */
+   static USER_CANCELED = new AlertDescription("USER_CANCELED", 90);
+
+   /**
+    * Sent when a mandatory extension for the negotiated TLS version or other parameters is missing.
+    */
+   static MISSING_EXTENSION = new AlertDescription("MISSING_EXTENSION", 109);
+
+   /**
+    * Sent when an extension is included in a message where it is prohibited.
+    */
+   static UNSUPPORTED_EXTENSION = new AlertDescription("UNSUPPORTED_EXTENSION", 110);
+
+   /**
+    * Sent when no server exists identified by the client-provided 'server_name' extension.
+    */
+   static UNRECOGNIZED_NAME = new AlertDescription("UNRECOGNIZED_NAME", 112);
+
+   
+   /**
+    * Sent by clients when an invalid or
+     unacceptable OCSP response is provided by the server via the
+     "status_request" extension (see [RFC6066]).
+    */
+   static BAD_CERTIFICATE_STATUS_RESPONSE = new AlertDescription("BAD_CERTIFICATE_STATUS_RESPONSE", 113)
+
+   /**
+    * Sent when PSK key establishment is desired, but no acceptable PSK identity is provided by the client.
+    */
+   static UNKNOWN_PSK_IDENTITY = new AlertDescription("UNKNOWN_PSK_IDENTITY", 115);
+
+   /**
+    * Sent when a client certificate is required but none was provided.
+    */
+   static CERTIFICATE_REQUIRED = new AlertDescription("CERTIFICATE_REQUIRED", 116);
+
+   /**
+    * Sent when the client advertises only unsupported protocols in the 'application_layer_protocol_negotiation' extension.
+    */
+   static NO_APPLICATION_PROTOCOL = new AlertDescription("NO_APPLICATION_PROTOCOL", 120);
+   static DECRYPTION_FAILED_RESERVED = new AlertDescription("DECRYPTION_FAILED_RESERVED", 21)
+   static DECOMPRESSION_FAILURE_RESERVED = new AlertDescription("DECOMPRESSION_FAILURE_RESERVED", 30)
+   static NO_CERTIFICATE_RESERVED = new AlertDescription("NO_CERTIFICATE_RESERVED", 41)
+   static EXPORT_RESTRICTION_RESERVED = new AlertDescription("EXPORT_RESTRICTION_RESERVED", 60)
+   static NO_RENEGOTIATION_RESERVED = new AlertDescription("NO_RENEGOTIATION_RESERVED", 100)
+   static CERTIFICATE_UNOBTAINABLE_RESERVED = new AlertDescription("CERTIFICATE_UNOBTAINABLE_RESERVED", 111)
+   static BAD_CERTIFICATE_HASH_VALUE_RESERVED = new AlertDescription("BAD_CERTIFICATE_HASH_VALUE_RESERVED", 114)
+
+   /**
+    * check octet and return valid AlertDescription  
+    *
+    * @static
+    * @param {Uint8Array} octet
+    * @returns {AlertDescription }
+    */
+   static parse(octet) {
+      return AlertDescription.fromValue(octet[0]) ?? Error(`Unknown ${octet[0]} AlertDescription type`);
+   }
+
+   /**return 8 */
+   get bit() { return 8 }
+
+   get level() {
+      const warning = [
+         0,   // CLOSE_NOTIFY
+         90,  // USER_CANCELED
+         21,  // DECRYPTION_FAILED_RESERVED
+         41,  // NO_CERTIFICATE_RESERVED
+         60,  // EXPORT_RESTRICTION_RESERVED
+         30,  // DECOMPRESSION_FAILURE_RESERVED
+         100, // NO_RENEGOTIATION_RESERVED
+         111, // CERTIFICATE_UNOBTAINABLE_RESERVED
+         114  // BAD_CERTIFICATE_HASH_VALUE_RESERVED
+      ]
+      if(warning.includes(this.value))return AlertLevel.WARNING
+      return AlertLevel.FATAL
+   }
+}
+
+//npx -p typescript tsc ./src/alert.js --declaration --allowJs --emitDeclarationOnly --lib ESNext --outDir ./dist

src/contentype.js

@@ -0,0 +1,35 @@
+// deno-lint-ignore-file no-slow-types
+// @ts-self-types="../type/contentype.d.ts"
+
+import { Enum } from "./enum.js";
+
+
+/**
+ * The higher-level protocol used to process the enclosed
+      fragment
+ * @see https://datatracker.ietf.org/doc/html/rfc8446#section-5.1
+ * @export
+ * @extends {Enum}
+ */
+export class ContentType extends Enum {
+   static INVALID = new ContentType('INVALID', 0);
+   static CHANGE_CIPHER_SPEC = new ContentType('CHANGE_CIPHER_SPEC', 20);
+   static ALERT = new ContentType('ALERT', 21);
+   static HANDSHAKE = new ContentType('HANDSHAKE', 22);
+   static APPLICATION_DATA = new ContentType('APPLICATION_DATA', 23);
+   /**
+    * check octet and return valid ContentType  
+    *
+    * @static
+    * @param {Uint8Array} octet
+    * @returns {ContentType }
+    */
+   static parse(octet) {
+      return ContentType.fromValue(octet[0]) ?? Error(`Unknown ${octet[0]} ContentType type`);
+   }
+
+   /**return 8 */
+   get bit() { return 8 }
+}
+
+//npx -p typescript tsc ./src/contentype.js --declaration --allowJs --emitDeclarationOnly --lib ESNext --outDir ./dist

src/keyupdate.js

@@ -0,0 +1,32 @@
+// deno-lint-ignore-file no-slow-types
+// @ts-self-types="../type/keyupdate.d.ts"
+
+import { Enum } from "./enum.js";
+
+/**
+ * KeyUpdateRequest - @see https://datatracker.ietf.org/doc/html/rfc8446#section-4.6.3
+ * Indicates whether the recipient of the KeyUpdate
+      should respond with its own KeyUpdate.  If an implementation
+      receives any other value, it MUST terminate the connection with an
+      "illegal_parameter" alert.
+ */
+export class KeyUpdateRequest  extends Enum {
+   static UPDATE_NOT_REQUESTED = new KeyUpdateRequest('UPDATE_NOT_REQUESTED', 0);
+   static UPDATE_REQUESTED = new KeyUpdateRequest('UPDATE_REQUESTED', 1);
+   /**
+    * check octet and return valid KeyUpdateRequest  
+    *
+    * @static
+    * @param {Uint8Array} octet
+    * @returns {KeyUpdateRequest }
+    */
+   static parse(octet) {
+      return KeyUpdateRequest.fromValue(octet[0]) ?? Error(`Unknown ${octet[0]} KeyUpdateRequest type`);
+   }
+
+   /**return 8 */
+   get bit() { return 8 }
+
+}
+
+// npx -p typescript tsc ./src/keyupdate.js --declaration --allowJs --emitDeclarationOnly --lib ESNext --outDir ./dist

src/pskmode.js

@@ -1,10 +1,10 @@
 // deno-lint-ignore-file no-slow-types
-// @ts-self-types="../type/namedgroup.d.ts"
+// @ts-self-types="../type/pskmode.d.ts"
 
 import { Enum } from "./enum.js";
 
 /**
- * Supported groups - @see https://datatracker.ietf.org/doc/html/rfc8446#section-4.2.7.
+ * PskKeyExchangeMode - @see https://datatracker.ietf.org/doc/html/rfc8446#section-4.4.2
  */
 export class PskKeyExchangeMode  extends Enum {
    /**psk_ke:  PSK-only key establishment.  In this mode, the server

test/alert_test.js

@@ -0,0 +1,47 @@
+import { AlertDescription } from "../src/alert.js";
+import { assertEquals } from "jsr:@std/assert";
+
+Deno.test(
+   "AlertDescription",
+   () => {
+      const tls13AlertDescriptionValues = [
+         0,   // CLOSE_NOTIFY
+         10,  // UNEXPECTED_MESSAGE
+         20,  // BAD_RECORD_MAC
+         21,  // DECRYPTION_FAILED_RESERVED
+         22,  // RECORD_OVERFLOW
+         30,  // DECOMPRESSION_FAILURE_RESERVED
+         40,  // HANDSHAKE_FAILURE
+         41,  // NO_CERTIFICATE_RESERVED
+         42,  // BAD_CERTIFICATE
+         43,  // UNSUPPORTED_CERTIFICATE
+         44,  // CERTIFICATE_REVOKED
+         45,  // CERTIFICATE_EXPIRED
+         46,  // CERTIFICATE_UNKNOWN
+         47,  // ILLEGAL_PARAMETER
+         48,  // UNKNOWN_CA
+         49,  // ACCESS_DENIED
+         50,  // DECODE_ERROR
+         51,  // DECRYPT_ERROR
+         60,  // EXPORT_RESTRICTION_RESERVED
+         70,  // PROTOCOL_VERSION
+         71,  // INSUFFICIENT_SECURITY
+         80,  // INTERNAL_ERROR
+         86,  // INAPPROPRIATE_FALLBACK
+         90,  // USER_CANCELED
+         100, // NO_RENEGOTIATION_RESERVED
+         109, // MISSING_EXTENSION
+         110, // UNSUPPORTED_EXTENSION
+         111, // CERTIFICATE_UNOBTAINABLE_RESERVED
+         112, // UNRECOGNIZED_NAME
+         113, // BAD_CERTIFICATE_STATUS_RESPONSE
+         114, // BAD_CERTIFICATE_HASH_VALUE_RESERVED
+         115, // UNKNOWN_PSK_IDENTITY
+         116, // CERTIFICATE_REQUIRED
+         120  // NO_APPLICATION_PROTOCOL
+      ];
+
+      assertEquals(AlertDescription.values().map(e => e.value).sort((a, b) => a - b), tls13AlertDescriptionValues);
+   }
+)
+