///
import type * as Net from 'net';
import Forge from '@vilic/node-forge';
import type { InLogContext } from '../../@log/index.js';
import { type ReadTLSResult } from '../@sniffing.js';
import type { RouteCandidate, Router } from '../router/index.js';
import type { TunnelServer } from '../tunnel-server.js';
export type TLSProxyBridgeCAOptions = {
cert: Forge.pki.Certificate;
key: Forge.pki.PrivateKey;
};
export type TLSProxyBridgeOptions = {
ca: TLSProxyBridgeCAOptions;
};
export declare class TLSProxyBridge {
readonly tunnelServer: TunnelServer;
readonly router: Router;
readonly ca: {
cert: Forge.pki.Certificate;
key: Forge.pki.PrivateKey;
};
private certKeyPair;
constructor(tunnelServer: TunnelServer, router: Router, { ca }: TLSProxyBridgeOptions);
private knownALPNProtocolMap;
/**
* Note: using this method suggests referer sniffing will happen.
*/
connect(context: InLogContext, connectSocket: Net.Socket, host: string, port: number, { serverName, alpnProtocols }: ReadTLSResult, route: RouteCandidate | undefined): Promise;
private performOptimisticConnect;
private performHTTPConnect;
private setupRightSecureProxySocket;
private setupLeftSecureProxySocket;
private pipeLeftRightSecureProxySockets;
private p2pCertificateStateMap;
private getP2PCertificate;
private createP2PCertificate;
private requireP2PCertificateForKnownRemote;
private updateALPNProtocol;
}