ts/mail/delivery/smtpserver/secure-server.ts

/**
 * Secure SMTP Server Utility Functions
 * Provides helper functions for creating and managing secure TLS server
 */

import * as plugins from '../../../plugins.js';
import { 
  loadCertificatesFromString, 
  generateSelfSignedCertificates,
  createTlsOptions,
  type ICertificateData
} from './certificate-utils.js';
import { SmtpLogger } from './utils/logging.js';

/**
 * Create a secure TLS server for direct TLS connections
 * @param options - TLS certificate options
 * @returns A configured TLS server or undefined if TLS is not available
 */
export function createSecureTlsServer(options: {
  key: string;
  cert: string;
  ca?: string;
}): plugins.tls.Server | undefined {
  try {
    // Log the creation attempt
    SmtpLogger.info('Creating secure TLS server for direct connections');
    
    // Load certificates from strings
    let certificates: ICertificateData;
    try {
      certificates = loadCertificatesFromString({
        key: options.key,
        cert: options.cert,
        ca: options.ca
      });
      
      SmtpLogger.info('Successfully loaded TLS certificates for secure server');
    } catch (certificateError) {
      SmtpLogger.warn(`Failed to load certificates, using self-signed: ${certificateError instanceof Error ? certificateError.message : String(certificateError)}`);
      certificates = generateSelfSignedCertificates();
    }
    
    // Create server-side TLS options
    const tlsOptions = createTlsOptions(certificates, true);
    
    // Log details for debugging
    SmtpLogger.debug('Creating secure server with options', {
      certificates: {
        keyLength: certificates.key.length,
        certLength: certificates.cert.length,
        caLength: certificates.ca ? certificates.ca.length : 0
      },
      tlsOptions: {
        minVersion: tlsOptions.minVersion,
        maxVersion: tlsOptions.maxVersion,
        ciphers: tlsOptions.ciphers?.substring(0, 50) + '...' // Truncate long cipher list
      }
    });
    
    // Create the TLS server
    const server = new plugins.tls.Server(tlsOptions);
    
    // Set up error handlers
    server.on('error', (err) => {
      SmtpLogger.error(`Secure server error: ${err.message}`, {
        component: 'secure-server',
        error: err,
        stack: err.stack
      });
    });
    
    // Log secure connections
    server.on('secureConnection', (socket) => {
      const protocol = socket.getProtocol();
      const cipher = socket.getCipher();
      
      SmtpLogger.info('New direct TLS connection established', {
        component: 'secure-server',
        remoteAddress: socket.remoteAddress,
        remotePort: socket.remotePort,
        protocol: protocol || 'unknown',
        cipher: cipher?.name || 'unknown'
      });
    });
    
    return server;
  } catch (error) {
    SmtpLogger.error(`Failed to create secure TLS server: ${error instanceof Error ? error.message : String(error)}`, {
      component: 'secure-server',
      error: error instanceof Error ? error : new Error(String(error)),
      stack: error instanceof Error ? error.stack : 'No stack trace available'
    });
    
    return undefined;
  }
}
initial 2025-10-24 08:09:29 +00:00			`/**`
			`* Secure SMTP Server Utility Functions`
			`* Provides helper functions for creating and managing secure TLS server`
			`*/`

feat(rust): scaffold Rust workspace and fix TypeScript build errors - Add @git.zone/tsrust with linux_amd64/linux_arm64 cross-compilation - Scaffold Rust workspace with 5 crates: mailer-core, mailer-smtp, mailer-security, mailer-napi, mailer-bin - Fix all TypeScript compilation errors for upgraded dependencies (smartfile v13, mailauth v4.13, smartproxy v23) - Replace smartfile.fs/memory with @push.rocks/smartfs throughout codebase - Fix .ts import extensions to .js for NodeNext module resolution - Update DKIMSignOptions usage to match mailauth v4.13 API - Add MTA error classes with permissive signatures for legacy SMTP client - Replace removed DcRouter/StorageManager/deliverability imports with local interfaces 2026-02-10 15:31:31 +00:00			`import * as plugins from '../../../plugins.js';`
initial 2025-10-24 08:09:29 +00:00			`import {`
			`loadCertificatesFromString,`
			`generateSelfSignedCertificates,`
			`createTlsOptions,`
			`type ICertificateData`
feat(rust): scaffold Rust workspace and fix TypeScript build errors - Add @git.zone/tsrust with linux_amd64/linux_arm64 cross-compilation - Scaffold Rust workspace with 5 crates: mailer-core, mailer-smtp, mailer-security, mailer-napi, mailer-bin - Fix all TypeScript compilation errors for upgraded dependencies (smartfile v13, mailauth v4.13, smartproxy v23) - Replace smartfile.fs/memory with @push.rocks/smartfs throughout codebase - Fix .ts import extensions to .js for NodeNext module resolution - Update DKIMSignOptions usage to match mailauth v4.13 API - Add MTA error classes with permissive signatures for legacy SMTP client - Replace removed DcRouter/StorageManager/deliverability imports with local interfaces 2026-02-10 15:31:31 +00:00			`} from './certificate-utils.js';`
			`import { SmtpLogger } from './utils/logging.js';`
initial 2025-10-24 08:09:29 +00:00
			`/**`
			`* Create a secure TLS server for direct TLS connections`
			`* @param options - TLS certificate options`
			`* @returns A configured TLS server or undefined if TLS is not available`
			`*/`
			`export function createSecureTlsServer(options: {`
			`key: string;`
			`cert: string;`
			`ca?: string;`
			`}): plugins.tls.Server \| undefined {`
			`try {`
			`// Log the creation attempt`
			`SmtpLogger.info('Creating secure TLS server for direct connections');`

			`// Load certificates from strings`
			`let certificates: ICertificateData;`
			`try {`
			`certificates = loadCertificatesFromString({`
			`key: options.key,`
			`cert: options.cert,`
			`ca: options.ca`
			`});`

			`SmtpLogger.info('Successfully loaded TLS certificates for secure server');`
			`} catch (certificateError) {`
			SmtpLogger.warn(`Failed to load certificates, using self-signed: ${certificateError instanceof Error ? certificateError.message : String(certificateError)}`);
			`certificates = generateSelfSignedCertificates();`
			`}`

			`// Create server-side TLS options`
			`const tlsOptions = createTlsOptions(certificates, true);`

			`// Log details for debugging`
			`SmtpLogger.debug('Creating secure server with options', {`
			`certificates: {`
			`keyLength: certificates.key.length,`
			`certLength: certificates.cert.length,`
			`caLength: certificates.ca ? certificates.ca.length : 0`
			`},`
			`tlsOptions: {`
			`minVersion: tlsOptions.minVersion,`
			`maxVersion: tlsOptions.maxVersion,`
			`ciphers: tlsOptions.ciphers?.substring(0, 50) + '...' // Truncate long cipher list`
			`}`
			`});`

			`// Create the TLS server`
			`const server = new plugins.tls.Server(tlsOptions);`

			`// Set up error handlers`
			`server.on('error', (err) => {`
			SmtpLogger.error(`Secure server error: ${err.message}`, {
			`component: 'secure-server',`
			`error: err,`
			`stack: err.stack`
			`});`
			`});`

			`// Log secure connections`
			`server.on('secureConnection', (socket) => {`
			`const protocol = socket.getProtocol();`
			`const cipher = socket.getCipher();`

			`SmtpLogger.info('New direct TLS connection established', {`
			`component: 'secure-server',`
			`remoteAddress: socket.remoteAddress,`
			`remotePort: socket.remotePort,`
			`protocol: protocol \|\| 'unknown',`
			`cipher: cipher?.name \|\| 'unknown'`
			`});`
			`});`

			`return server;`
			`} catch (error) {`
			SmtpLogger.error(`Failed to create secure TLS server: ${error instanceof Error ? error.message : String(error)}`, {
			`component: 'secure-server',`
			`error: error instanceof Error ? error : new Error(String(error)),`
			`stack: error instanceof Error ? error.stack : 'No stack trace available'`
			`});`

			`return undefined;`
			`}`
			`}`