lib: deprecate _tls_common and _tls_wrap

doc/api/deprecations.md

@@ -3899,6 +3899,20 @@ of built-in modules. This was incomplete and matched the already deprecated
 `repl._builtinLibs` ([DEP0142][]) instead it's better to rely
 upon `require('node:module').builtinModules`.
 
+### DEP0192: `require('node:_tls_common')` and `require('node:_tls_wrap')`
+
+<!-- YAML
+changes:
+  - version: REPLACEME
+    pr-url: https://github.com/nodejs/node/pull/57643
+    description: Runtime deprecation.
+-->
+
+Type: Runtime
+
+The `node:_tls_common` and `node:_tls_wrap` modules are deprecated as they should be considered
+an internal nodejs implementation rather than a public facing API, use `node:tls` instead.
+
 [DEP0142]: #dep0142-repl_builtinlibs
 [NIST SP 800-38D]: https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38d.pdf
 [RFC 6066]: https://tools.ietf.org/html/rfc6066#section-3

lib/_tls_common.js

@@ -1,156 +1,10 @@
-// Copyright Joyent, Inc. and other Node contributors.
-//
-// Permission is hereby granted, free of charge, to any person obtaining a
-// copy of this software and associated documentation files (the
-// "Software"), to deal in the Software without restriction, including
-// without limitation the rights to use, copy, modify, merge, publish,
-// distribute, sublicense, and/or sell copies of the Software, and to permit
-// persons to whom the Software is furnished to do so, subject to the
-// following conditions:
-//
-// The above copyright notice and this permission notice shall be included
-// in all copies or substantial portions of the Software.
-//
-// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
-// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN
-// NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
-// DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
-// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE
-// USE OR OTHER DEALINGS IN THE SOFTWARE.
-
 'use strict';
 
-const {
-  JSONParse,
-} = primordials;
-
-const tls = require('tls');
-
-const {
-  codes: {
-    ERR_TLS_INVALID_PROTOCOL_VERSION,
-    ERR_TLS_PROTOCOL_VERSION_CONFLICT,
-  },
-} = require('internal/errors');
-
-const {
-  crypto: {
-    SSL_OP_CIPHER_SERVER_PREFERENCE,
-    TLS1_VERSION,
-    TLS1_1_VERSION,
-    TLS1_2_VERSION,
-    TLS1_3_VERSION,
-  },
-} = internalBinding('constants');
-
-const {
-  kEmptyObject,
-} = require('internal/util');
-
-const {
-  validateInteger,
-} = require('internal/validators');
-
-const {
-  configSecureContext,
-} = require('internal/tls/secure-context');
-
-function toV(which, v, def) {
-  v ??= def;
-  if (v === 'TLSv1') return TLS1_VERSION;
-  if (v === 'TLSv1.1') return TLS1_1_VERSION;
-  if (v === 'TLSv1.2') return TLS1_2_VERSION;
-  if (v === 'TLSv1.3') return TLS1_3_VERSION;
-  throw new ERR_TLS_INVALID_PROTOCOL_VERSION(v, which);
-}
-
-const {
-  SecureContext: NativeSecureContext,
-} = internalBinding('crypto');
-
-function SecureContext(secureProtocol, secureOptions, minVersion, maxVersion) {
-  if (!(this instanceof SecureContext)) {
-    return new SecureContext(secureProtocol, secureOptions, minVersion,
-                             maxVersion);
-  }
-
-  if (secureProtocol) {
-    if (minVersion != null)
-      throw new ERR_TLS_PROTOCOL_VERSION_CONFLICT(minVersion, secureProtocol);
-    if (maxVersion != null)
-      throw new ERR_TLS_PROTOCOL_VERSION_CONFLICT(maxVersion, secureProtocol);
-  }
-
-  this.context = new NativeSecureContext();
-  this.context.init(secureProtocol,
-                    toV('minimum', minVersion, tls.DEFAULT_MIN_VERSION),
-                    toV('maximum', maxVersion, tls.DEFAULT_MAX_VERSION));
-
-  if (secureOptions) {
-    validateInteger(secureOptions, 'secureOptions');
-    this.context.setOptions(secureOptions);
-  }
-}
-
-function createSecureContext(options) {
-  options ||= kEmptyObject;
-  const {
-    honorCipherOrder,
-    minVersion,
-    maxVersion,
-    secureProtocol,
-  } = options;
-
-  let { secureOptions } = options;
-
-  if (honorCipherOrder)
-    secureOptions |= SSL_OP_CIPHER_SERVER_PREFERENCE;
-
-  const c = new SecureContext(secureProtocol, secureOptions,
-                              minVersion, maxVersion);
-
-  configSecureContext(c.context, options);
-
-  return c;
-}
-
-// Translate some fields from the handle's C-friendly format into more idiomatic
-// javascript object representations before passing them back to the user.  Can
-// be used on any cert object, but changing the name would be semver-major.
-function translatePeerCertificate(c) {
-  if (!c)
-    return null;
-
-  if (c.issuerCertificate != null && c.issuerCertificate !== c) {
-    c.issuerCertificate = translatePeerCertificate(c.issuerCertificate);
-  }
-  if (c.infoAccess != null) {
-    const info = c.infoAccess;
-    c.infoAccess = { __proto__: null };
-
-    // XXX: More key validation?
-    info.replace(/([^\n:]*):([^\n]*)(?:\n|$)/g,
-                 (all, key, val) => {
-                   if (val.charCodeAt(0) === 0x22) {
-                     // The translatePeerCertificate function is only
-                     // used on internally created legacy certificate
-                     // objects, and any value that contains a quote
-                     // will always be a valid JSON string literal,
-                     // so this should never throw.
-                     val = JSONParse(val);
-                   }
-                   if (key in c.infoAccess)
-                     c.infoAccess[key].push(val);
-                   else
-                     c.infoAccess[key] = [val];
-                 });
-  }
-  return c;
-}
-
+const { SecureContext, createSecureContext, translatePeerCertificate } = require('internal/tls/common');
 module.exports = {
   SecureContext,
   createSecureContext,
   translatePeerCertificate,
 };
+process.emitWarning('The _tls_common module is deprecated.',
+                    'DeprecationWarning', 'DEP0192');