/// import type * as Net from 'net'; import Forge from '@vilic/node-forge'; import type { InLogContext } from '../../@log/index.js'; import { type ReadTLSResult } from '../@sniffing.js'; import type { RouteCandidate, Router } from '../router/index.js'; import type { TunnelServer } from '../tunnel-server.js'; export type TLSProxyBridgeCAOptions = { cert: Forge.pki.Certificate; key: Forge.pki.PrivateKey; }; export type TLSProxyBridgeOptions = { ca: TLSProxyBridgeCAOptions; }; export declare class TLSProxyBridge { readonly tunnelServer: TunnelServer; readonly router: Router; readonly ca: { cert: Forge.pki.Certificate; key: Forge.pki.PrivateKey; }; private certKeyPair; constructor(tunnelServer: TunnelServer, router: Router, { ca }: TLSProxyBridgeOptions); private knownALPNProtocolMap; /** * Note: using this method suggests referer sniffing will happen. */ connect(context: InLogContext, connectSocket: Net.Socket, host: string, port: number, { serverName, alpnProtocols }: ReadTLSResult, route: RouteCandidate | undefined): Promise; private performOptimisticConnect; private performHTTPConnect; private setupRightSecureProxySocket; private setupLeftSecureProxySocket; private pipeLeftRightSecureProxySockets; private p2pCertificateStateMap; private getP2PCertificate; private createP2PCertificate; private requireP2PCertificateForKnownRemote; private updateALPNProtocol; }