/** * SPDX-License-Identifier: Apache-2.0 */ import * as x509 from '@peculiar/x509'; import crypto from 'crypto'; import { type SoloLogger } from './logging.js'; import { type NodeAlias, type NodeAliases } from '../types/aliases.js'; import { type NodeKeyObject, type PrivateKeyAndCertificateObject } from '../types/index.js'; import { type ListrTask } from 'listr2'; export declare class KeyManager { private readonly logger?; static SigningKeyAlgo: { name: string; hash: string; publicExponent: Uint8Array; modulusLength: number; }; static SigningKeyUsage: KeyUsage[]; static TLSKeyAlgo: { name: string; hash: string; publicExponent: Uint8Array; modulusLength: number; }; static TLSKeyUsage: KeyUsage[]; static TLSCertKeyUsages: number; static TLSCertKeyExtendedUsages: x509.ExtendedKeyUsage[]; static ECKeyAlgo: { name: string; namedCurve: string; hash: string; }; constructor(logger?: SoloLogger); /** Convert CryptoKey into PEM string */ convertPrivateKeyToPem(privateKey: CryptoKey): Promise; /** * Convert PEM private key into CryptoKey * @param pemStr - PEM string * @param algo - key algorithm * @param [keyUsages] */ convertPemToPrivateKey(pemStr: string, algo: any, keyUsages?: KeyUsage[]): Promise; /** * Return file names for node key * @param nodeAlias * @param keysDir - directory where keys and certs are stored */ prepareNodeKeyFilePaths(nodeAlias: NodeAlias, keysDir: string): PrivateKeyAndCertificateObject; /** * Return file names for TLS key * @param nodeAlias * @param keysDir - directory where keys and certs are stored */ prepareTLSKeyFilePaths(nodeAlias: NodeAlias, keysDir: string): PrivateKeyAndCertificateObject; /** * Store node keys and certs as PEM files * @param nodeAlias * @param nodeKey * @param keysDir - directory where keys and certs are stored * @param nodeKeyFiles * @param [keyName] - optional key type name for logging * @returns a Promise that saves the keys and certs as PEM files */ storeNodeKey(nodeAlias: NodeAlias, nodeKey: NodeKeyObject, keysDir: string, nodeKeyFiles: PrivateKeyAndCertificateObject, keyName?: string): Promise; /** * Load node keys and certs from PEM files * @param nodeAlias * @param keysDir - directory where keys and certs are stored * @param algo - algorithm used for key * @param nodeKeyFiles an object stores privateKeyFile and certificateFile * @param [keyName] - optional key type name for logging * @returns */ loadNodeKey(nodeAlias: NodeAlias, keysDir: string, algo: any, nodeKeyFiles: PrivateKeyAndCertificateObject, keyName?: string): Promise; /** Generate signing key and certificate */ generateSigningKey(nodeAlias: NodeAlias): Promise; /** * Store signing key and certificate * @param nodeAlias * @param nodeKey - an object containing privateKeyPem, certificatePem data * @param keysDir - directory where keys and certs are stored * @returns returns a Promise that saves the keys and certs as PEM files */ storeSigningKey(nodeAlias: NodeAlias, nodeKey: NodeKeyObject, keysDir: string): Promise; /** * Load signing key and certificate * @param nodeAlias * @param keysDir - directory path where pem files are stored */ loadSigningKey(nodeAlias: NodeAlias, keysDir: string): Promise; /** * Generate gRPC TLS key * * It generates TLS keys in PEM format such as below: * hedera-.key * hedera-.crt * * @param nodeAlias * @param distinguishedName distinguished name as: new x509.Name(`CN=${nodeAlias},ST=${state},L=${locality},O=${org},OU=${orgUnit},C=${country}`) */ generateGrpcTlsKey(nodeAlias: NodeAlias, distinguishedName?: x509.Name): Promise; /** * Store TLS key and certificate * @param nodeAlias * @param nodeKey * @param keysDir - directory where keys and certs are stored * @returns a Promise that saves the keys and certs as PEM files */ storeTLSKey(nodeAlias: NodeAlias, nodeKey: NodeKeyObject, keysDir: string): Promise; /** * Load TLS key and certificate * @param nodeAlias * @param keysDir - directory path where pem files are stored */ loadTLSKey(nodeAlias: NodeAlias, keysDir: string): Promise; copyNodeKeysToStaging(nodeKey: PrivateKeyAndCertificateObject, destDir: string): void; copyGossipKeysToStaging(keysDir: string, stagingKeysDir: string, nodeAliases: NodeAliases): void; /** * Return a list of subtasks to generate gossip keys * * WARNING: These tasks MUST run in sequence. * * @param nodeAliases * @param keysDir - keys directory * @param curDate - current date * @param [allNodeAliases] - includes the nodeAliases to get new keys as well as existing nodeAliases that will be included in the public.pfx file * @return a list of subtasks */ taskGenerateGossipKeys(nodeAliases: NodeAliases, keysDir: string, curDate?: Date, allNodeAliases?: NodeAliases | null): ListrTask[]; /** * Return a list of subtasks to generate gRPC TLS keys * * WARNING: These tasks should run in sequence * * @param nodeAliases * @param keysDir keys directory * @param curDate current date * @return return a list of subtasks */ taskGenerateTLSKeys(nodeAliases: NodeAliases, keysDir: string, curDate?: Date): ListrTask[]; /** * Given the path to the PEM certificate (Base64 ASCII), will return the DER (raw binary) bytes * @param pemCertFullPath */ getDerFromPemCertificate(pemCertFullPath: string): Uint8Array; }