feat: ErrorWebSocketConnectionTLS

Author: amydevs

src/WebSocketConnection.ts

@@ -220,12 +220,17 @@ class WebSocketConnection {
     isBinary: boolean,
   ) => {
     if (!isBinary || data instanceof Array) {
+      const reason = "WebSocket received data received that wasn't binary";
       this.dispatchEvent(
         new events.EventWebSocketConnectionError({
           detail: new errors.ErrorWebSocketConnectionLocal(
-            "data received isn't binary",
+            reason,
             {
               cause: new errors.ErrorWebSocketUndefinedBehaviour(),
+              data: {
+                errorCode: utils.ConnectionErrorCode.InternalServerError,
+                reason
+              }
             },
           ),
         }),
@@ -243,12 +248,17 @@ class WebSocketConnection {
       remainder = postStreamIdRemainder;
     } catch (e) {
       // TODO: domain specific error
+      const reason = "Parsing streamId failed"
       this.dispatchEvent(
-        new events.EventWebSocketConnectionError('parsing StreamId failed', {
+        new events.EventWebSocketConnectionError({
           detail: new errors.ErrorWebSocketConnectionLocal(
-            "data received isn't binary",
+            reason,
             {
               cause: e,
+              data: {
+                errorCode: utils.ConnectionErrorCode.InternalServerError,
+                reason
+              }
             },
           ),
         }),
@@ -331,14 +341,12 @@ class WebSocketConnection {
     const errorCode = utils.ConnectionErrorCode.InternalServerError;
     const reason = 'An error occurred on the underlying WebSocket instance';
     this.closeSocket(errorCode, reason);
-    const e_ = new errors.ErrorWebSocketConnectionLocal(reason, {
+    const e_ = new errors.ErrorWebSocketConnectionInternal(reason, {
+      cause: err,
       data: {
         errorCode,
         reason,
       },
-      cause: new errors.ErrorWebSocketConnectionInternal(reason, {
-        cause: err,
-      }),
     });
     this.dispatchEvent(
       new events.EventWebSocketConnectionError({
@@ -506,20 +514,57 @@ class WebSocketConnection {
     }
     // Handle connection failure - Dispatch ConnectionError -> ConnectionClose -> rejectSecureEstablishedP
     const openErrorHandler = (e) => {
-      const errorCode = utils.ConnectionErrorCode.InternalServerError;
-      const reason = 'WebSocket could not open due to internal error';
+      let e_: errors.ErrorWebSocketConnection<any>;
+      let reason: string;
+      let errorCode: number;
+      switch (e.code) {
+        case "UNABLE_TO_VERIFY_LEAF_SIGNATURE":
+          errorCode = utils.ConnectionErrorCode.TLSHandshake;
+          reason = 'WebSocket could not open due to failure to verify a peer\'s TLS certificate';
+          e_ = new errors.ErrorWebSocketConnectionLocalTLS(
+            reason,
+            {
+              cause: e,
+              data: {
+                errorCode,
+                reason,
+              }
+            }
+          );
+          break;
+        case "ECONNRESET":
+          reason = 'WebSocket could not open due to socket closure by peer';
+          errorCode = utils.ConnectionErrorCode.AbnormalClosure,
+          e_ = new errors.ErrorWebSocketConnectionPeer(
+            reason,
+            {
+              cause: e,
+              data: {
+                errorCode,
+                reason
+              }
+            }
+          );
+          break;
+        default:
+          reason = 'WebSocket could not open due to internal error';
+          errorCode = utils.ConnectionErrorCode.InternalServerError,
+          e_ = new errors.ErrorWebSocketConnectionLocal(
+            reason,
+            {
+              cause: e,
+              data: {
+                errorCode,
+                reason
+              }
+            }
+          );
+          break;
+      }
       this.closeSocket(errorCode, reason);
       this.dispatchEvent(
         new events.EventWebSocketConnectionError({
-          detail: new errors.ErrorWebSocketConnectionLocal(reason, {
-            cause: new errors.ErrorWebSocketConnectionInternal(reason, {
-              cause: e,
-            }),
-            data: {
-              errorCode,
-              reason,
-            },
-          }),
+          detail: e_
         }),
       );
     };
@@ -555,8 +600,11 @@ class WebSocketConnection {
           const errorCode = utils.ConnectionErrorCode.TLSHandshake;
           const reason =
             'Failed connection due to custom verification callback';
-          this.closeSocket(errorCode, reason);
-          const e_ = new errors.ErrorWebSocketConnectionLocal(reason, {
+          // request.destroy() will make the socket dispatch a 'close' event,
+          // so I'm setting socketLocallyClosed to true, as that is what is happening.
+          this.socketLocallyClosed = true;
+          request.destroy(e);
+          const e_ = new errors.ErrorWebSocketConnectionLocalTLS(reason, {
             cause: e,
             data: {
               errorCode,
@@ -578,6 +626,7 @@ class WebSocketConnection {
     try {
       await Promise.race([this.secureEstablishedP, abortP]);
     } catch (e) {
+      // This happens if a timeout occurs.
       if (ctx.signal.aborted) {
         const errorCode = utils.ConnectionErrorCode.ProtocolError;
         const reason =

src/WebSocketServer.ts

@@ -355,7 +355,8 @@ class WebSocketServer {
             await this.config.verifyCallback(peerCertChain, ca);
             return done(true);
           } catch (e) {
-            return done(false, 525, 'TLS Handshake Failed');
+            info.req.destroy(e);
+            return;
           }
         }
         done(true);

src/errors.ts

@@ -1,4 +1,5 @@
-import { AbstractError } from '@matrixai/errors';
+import { AbstractError, POJO } from '@matrixai/errors';
+import { ConnectionError } from './types';
 
 class ErrorWebSocket<T> extends AbstractError<T> {
   static description = 'WebSocket error';
@@ -70,12 +71,42 @@ class ErrorWebSocketConnectionInternal<T> extends ErrorWebSocketConnection<T> {
   static description = 'WebSocket Connection internal error';
 }
 
+/**
+ * Note that TlsFail error codes are documented here:
+ * https://github.com/google/boringssl/blob/master/include/openssl/ssl.h
+ */
 class ErrorWebSocketConnectionLocal<T> extends ErrorWebSocketConnection<T> {
   static description = 'WebSocket Connection local error';
+  declare data: POJO & ConnectionError;
+  constructor(
+    message: string = '',
+    options: {
+      timestamp?: Date;
+      data: POJO & ConnectionError;
+      cause?: T;
+    }
+  ) {
+    super(message, options);
+  }
+}
+
+class ErrorWebSocketConnectionLocalTLS<T> extends ErrorWebSocketConnectionLocal<T> {
+  static description = 'WebSocket Connection local TLS error';
 }
 
 class ErrorWebSocketConnectionPeer<T> extends ErrorWebSocketConnection<T> {
   static description = 'WebSocket Connection peer error';
+  declare data: POJO & ConnectionError;
+  constructor(
+    message: string = '',
+    options: {
+      timestamp?: Date;
+      data: POJO & ConnectionError;
+      cause?: T;
+    }
+  ) {
+    super(message, options);
+  }
 }
 
 // Stream
@@ -145,6 +176,7 @@ export {
   ErrorWebSocketConnectionStartTimeOut,
   ErrorWebSocketConnectionKeepAliveTimeOut,
   ErrorWebSocketConnectionLocal,
+  ErrorWebSocketConnectionLocalTLS,
   ErrorWebSocketConnectionPeer,
   ErrorWebSocketConnectionInternal,
   ErrorWebSocketStream,

src/types.ts

@@ -162,6 +162,11 @@ interface Parsed<T> {
   remainder: Uint8Array;
 }
 
+type ConnectionError = {
+  errorCode: number;
+  reason: string;
+};
+
 export type {
   Opaque,
   Callback,
@@ -180,4 +185,5 @@ export type {
   WebSocketClientConfigInput,
   WebSocketServerConfigInput,
   Parsed,
+  ConnectionError
 };

tests/WebSocketClient.test.ts

@@ -109,8 +109,8 @@ describe(WebSocketClient.name, () => {
           },
         }),
       ).rejects.toHaveProperty(
-        ['cause', 'name'],
-        errors.ErrorWebSocketConnectionInternal.name,
+        ['name'],
+        errors.ErrorWebSocketConnectionLocal.name,
       );
     });
     test('client times out with ctx timer while starting', async () => {
@@ -393,7 +393,7 @@ describe(WebSocketClient.name, () => {
             verifyPeer: true,
           },
         }),
-      ).toReject();
+      ).rejects.toHaveProperty('name', errors.ErrorWebSocketConnectionLocalTLS.name);
       await server.stop();
     });
     test('graceful failure verifying client', async () => {
@@ -422,7 +422,7 @@ describe(WebSocketClient.name, () => {
             verifyPeer: false,
           },
         }),
-      ).toReject();
+      ).rejects.toHaveProperty('name', errors.ErrorWebSocketConnectionPeer.name);
 
       await server.stop();
     });
@@ -440,6 +440,7 @@ describe(WebSocketClient.name, () => {
       await server.start({
         host: localhost,
       });
+      server.addEventListener(errors.ErrorWebSocketConnectionLocalTLS.name, (e) => console.log(e))
       // Connection should fail
       await expect(
         WebSocketClient.createWebSocketClient({
@@ -452,7 +453,7 @@ describe(WebSocketClient.name, () => {
             verifyPeer: true,
           },
         }),
-      ).toReject();
+      ).rejects.toHaveProperty('name', errors.ErrorWebSocketConnectionLocalTLS.name);
 
       await server.stop();
     });
@@ -617,10 +618,7 @@ describe(WebSocketClient.name, () => {
             verifyPeer: false,
           },
         }),
-      ).rejects.toHaveProperty(
-        ['cause', 'name'],
-        errors.ErrorWebSocketConnectionInternal.name,
-      );
+      ).rejects.toHaveProperty('name', 'ErrorWebSocketConnectionPeer');
 
       // // Server connection is never emitted
       await Promise.race([