tls: make deprecated tls.createSecurePair() use public API

Make the deprecated `tls.createSecurePair()` method use other public
APIs only (`TLSSocket` in particular).

Since `tls.createSecurePair()` has been runtime-deprecated only
since Node 8, it probably isn’t quite time to remove it yet,
but this patch removes almost all of the code complexity that
is retained by it.

The API, as it is documented, is retained. However, it is very likely
that some users have come to rely on parts of undocumented API
of the `SecurePair` class, especially since some of the existing
tests checked for those. Therefore, this should definitely be
considered a breaking change.

PR-URL: #17882
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Minwoo Jung <minwoo@nodesource.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Tiancheng "Timothy" Gu <timothygu99@gmail.com>

lib/internal/streams/duplexpair.js

@@ -0,0 +1,42 @@
+'use strict';
+const { Duplex } = require('stream');
+
+const kCallback = Symbol('Callback');
+const kOtherSide = Symbol('Other');
+
+class DuplexSocket extends Duplex {
+  constructor() {
+    super();
+    this[kCallback] = null;
+    this[kOtherSide] = null;
+  }
+
+  _read() {
+    const callback = this[kCallback];
+    if (callback) {
+      this[kCallback] = null;
+      callback();
+    }
+  }
+
+  _write(chunk, encoding, callback) {
+    this[kOtherSide][kCallback] = callback;
+    this[kOtherSide].push(chunk);
+  }
+
+  _final(callback) {
+    this[kOtherSide].on('end', callback);
+    this[kOtherSide].push(null);
+  }
+}
+
+class DuplexPair {
+  constructor() {
+    this.socket1 = new DuplexSocket();
+    this.socket2 = new DuplexSocket();
+    this.socket1[kOtherSide] = this.socket2;
+    this.socket2[kOtherSide] = this.socket1;
+  }
+}
+
+module.exports = DuplexPair;

lib/tls.js

@@ -31,6 +31,8 @@ const net = require('net');
 const url = require('url');
 const binding = process.binding('crypto');
 const Buffer = require('buffer').Buffer;
+const EventEmitter = require('events');
+const DuplexPair = require('internal/streams/duplexpair');
 const canonicalizeIP = process.binding('cares_wrap').canonicalizeIP;
 
 // Allow {CLIENT_RENEG_LIMIT} client-initiated session renegotiations
@@ -230,6 +232,33 @@ exports.checkServerIdentity = function checkServerIdentity(host, cert) {
   }
 };
 
+
+class SecurePair extends EventEmitter {
+  constructor(secureContext = exports.createSecureContext(),
+              isServer = false,
+              requestCert = !isServer,
+              rejectUnauthorized = false,
+              options = {}) {
+    super();
+    const { socket1, socket2 } = new DuplexPair();
+
+    this.server = options.server;
+    this.credentials = secureContext;
+
+    this.encrypted = socket1;
+    this.cleartext = new exports.TLSSocket(socket2, Object.assign({
+      secureContext, isServer, requestCert, rejectUnauthorized
+    }, options));
+    this.cleartext.once('secure', () => this.emit('secure'));
+  }
+
+  destroy() {
+    this.cleartext.destroy();
+    this.encrypted.destroy();
+  }
+}
+
+
 exports.parseCertString = internalUtil.deprecate(
   internalTLS.parseCertString,
   'tls.parseCertString() is deprecated. ' +
@@ -243,5 +272,9 @@ exports.Server = require('_tls_wrap').Server;
 exports.createServer = require('_tls_wrap').createServer;
 exports.connect = require('_tls_wrap').connect;
 
-// Deprecated: DEP0064
-exports.createSecurePair = require('_tls_legacy').createSecurePair;
+exports.createSecurePair = internalUtil.deprecate(
+  function createSecurePair(...args) {
+    return new SecurePair(...args);
+  },
+  'tls.createSecurePair() is deprecated. Please use ' +
+  'tls.TLSSocket instead.', 'DEP0064');

node.gyp

@@ -69,7 +69,6 @@
       'lib/timers.js',
       'lib/tls.js',
       'lib/_tls_common.js',
-      'lib/_tls_legacy.js',
       'lib/_tls_wrap.js',
       'lib/tty.js',
       'lib/url.js',
@@ -140,6 +139,7 @@
       'lib/internal/streams/lazy_transform.js',
       'lib/internal/streams/async_iterator.js',
       'lib/internal/streams/BufferList.js',
+      'lib/internal/streams/duplexpair.js',
       'lib/internal/streams/legacy.js',
       'lib/internal/streams/destroy.js',
       'lib/internal/wrap_js_stream.js',

src/async_wrap.h

@@ -67,7 +67,6 @@ namespace node {
 
 #if HAVE_OPENSSL
 #define NODE_ASYNC_CRYPTO_PROVIDER_TYPES(V)                                   \
-  V(SSLCONNECTION)                                                            \
   V(PBKDF2REQUEST)                                                            \
   V(RANDOMBYTESREQUEST)                                                       \
   V(TLSWRAP)

src/env.h

@@ -193,14 +193,12 @@ class ModuleWrap;
   V(onheaders_string, "onheaders")                                            \
   V(onmessage_string, "onmessage")                                            \
   V(onnewsession_string, "onnewsession")                                      \
-  V(onnewsessiondone_string, "onnewsessiondone")                              \
   V(onocspresponse_string, "onocspresponse")                                  \
   V(ongoawaydata_string, "ongoawaydata")                                      \
   V(onpriority_string, "onpriority")                                          \
   V(onread_string, "onread")                                                  \
   V(onreadstart_string, "onreadstart")                                        \
   V(onreadstop_string, "onreadstop")                                          \
-  V(onselect_string, "onselect")                                              \
   V(onsettings_string, "onsettings")                                          \
   V(onshutdown_string, "onshutdown")                                          \
   V(onsignal_string, "onsignal")                                              \
@@ -224,15 +222,13 @@ class ModuleWrap;
   V(raw_string, "raw")                                                        \
   V(read_host_object_string, "_readHostObject")                               \
   V(readable_string, "readable")                                              \
-  V(received_shutdown_string, "receivedShutdown")                             \
   V(refresh_string, "refresh")                                                \
   V(regexp_string, "regexp")                                                  \
   V(rename_string, "rename")                                                  \
   V(replacement_string, "replacement")                                        \
   V(retry_string, "retry")                                                    \
   V(serial_string, "serial")                                                  \
   V(scopeid_string, "scopeid")                                                \
-  V(sent_shutdown_string, "sentShutdown")                                     \
   V(serial_number_string, "serialNumber")                                     \
   V(service_string, "service")                                                \
   V(servername_string, "servername")                                          \