import * as net from 'net'; /** * TlsAlert class for managing TLS alert messages */ export declare class TlsAlert { static readonly LEVEL_WARNING = 1; static readonly LEVEL_FATAL = 2; static readonly CLOSE_NOTIFY = 0; static readonly UNEXPECTED_MESSAGE = 10; static readonly BAD_RECORD_MAC = 20; static readonly DECRYPTION_FAILED = 21; static readonly RECORD_OVERFLOW = 22; static readonly DECOMPRESSION_FAILURE = 30; static readonly HANDSHAKE_FAILURE = 40; static readonly NO_CERTIFICATE = 41; static readonly BAD_CERTIFICATE = 42; static readonly UNSUPPORTED_CERTIFICATE = 43; static readonly CERTIFICATE_REVOKED = 44; static readonly CERTIFICATE_EXPIRED = 47; static readonly CERTIFICATE_UNKNOWN = 48; static readonly ILLEGAL_PARAMETER = 47; static readonly UNKNOWN_CA = 48; static readonly ACCESS_DENIED = 49; static readonly DECODE_ERROR = 50; static readonly DECRYPT_ERROR = 51; static readonly EXPORT_RESTRICTION = 60; static readonly PROTOCOL_VERSION = 70; static readonly INSUFFICIENT_SECURITY = 71; static readonly INTERNAL_ERROR = 80; static readonly INAPPROPRIATE_FALLBACK = 86; static readonly USER_CANCELED = 90; static readonly NO_RENEGOTIATION = 100; static readonly MISSING_EXTENSION = 109; static readonly UNSUPPORTED_EXTENSION = 110; static readonly CERTIFICATE_REQUIRED = 111; static readonly UNRECOGNIZED_NAME = 112; static readonly BAD_CERTIFICATE_STATUS_RESPONSE = 113; static readonly BAD_CERTIFICATE_HASH_VALUE = 114; static readonly UNKNOWN_PSK_IDENTITY = 115; static readonly CERTIFICATE_REQUIRED_1_3 = 116; static readonly NO_APPLICATION_PROTOCOL = 120; /** * Create a TLS alert buffer with the specified level and description code * * @param level Alert level (warning or fatal) * @param description Alert description code * @param tlsVersion TLS version bytes (default is TLS 1.2: 0x0303) * @returns Buffer containing the TLS alert message */ static create(level: number, description: number, tlsVersion?: [number, number]): Buffer; /** * Create a warning-level TLS alert * * @param description Alert description code * @returns Buffer containing the warning-level TLS alert message */ static createWarning(description: number): Buffer; /** * Create a fatal-level TLS alert * * @param description Alert description code * @returns Buffer containing the fatal-level TLS alert message */ static createFatal(description: number): Buffer; /** * Send a TLS alert to a socket and optionally close the connection * * @param socket The socket to send the alert to * @param level Alert level (warning or fatal) * @param description Alert description code * @param closeAfterSend Whether to close the connection after sending the alert * @param closeDelay Milliseconds to wait before closing the connection (default: 200ms) * @returns Promise that resolves when the alert has been sent */ static send(socket: net.Socket, level: number, description: number, closeAfterSend?: boolean, closeDelay?: number): Promise; /** * Pre-defined TLS alert messages */ static readonly alerts: { closeNotify: Buffer; unsupportedExtension: Buffer; certificateRequired: Buffer; unrecognizedName: Buffer; noRenegotiation: Buffer; userCanceled: Buffer; certificateExpiredWarning: Buffer; handshakeFailureWarning: Buffer; insufficientSecurityWarning: Buffer; unexpectedMessage: Buffer; badRecordMac: Buffer; recordOverflow: Buffer; handshakeFailure: Buffer; badCertificate: Buffer; certificateExpired: Buffer; certificateUnknown: Buffer; illegalParameter: Buffer; unknownCA: Buffer; accessDenied: Buffer; decodeError: Buffer; decryptError: Buffer; protocolVersion: Buffer; insufficientSecurity: Buffer; internalError: Buffer; unrecognizedNameFatal: Buffer; }; /** * Utility method to send a warning-level unrecognized_name alert * Specifically designed for SNI issues to encourage the client to retry with SNI * * @param socket The socket to send the alert to * @returns Promise that resolves when the alert has been sent */ static sendSniRequired(socket: net.Socket): Promise; /** * Utility method to send a close_notify alert and close the connection * * @param socket The socket to send the alert to * @param closeDelay Milliseconds to wait before closing the connection (default: 200ms) * @returns Promise that resolves when the alert has been sent and the connection closed */ static sendCloseNotify(socket: net.Socket, closeDelay?: number): Promise; /** * Utility method to send a certificate_expired alert to force new TLS session * * @param socket The socket to send the alert to * @param fatal Whether to send as a fatal alert (default: false) * @param closeAfterSend Whether to close the connection after sending the alert (default: true) * @param closeDelay Milliseconds to wait before closing the connection (default: 200ms) * @returns Promise that resolves when the alert has been sent */ static sendCertificateExpired(socket: net.Socket, fatal?: boolean, closeAfterSend?: boolean, closeDelay?: number): Promise; /** * Send a sequence of alerts to force SNI from clients * This combines multiple alerts to ensure maximum browser compatibility * * @param socket The socket to send the alerts to * @returns Promise that resolves when all alerts have been sent */ static sendForceSniSequence(socket: net.Socket): Promise; /** * Send a fatal level alert that immediately terminates the connection * * @param socket The socket to send the alert to * @param description Alert description code * @param closeDelay Milliseconds to wait before closing the connection (default: 100ms) * @returns Promise that resolves when the alert has been sent and the connection closed */ static sendFatalAndClose(socket: net.Socket, description: number, closeDelay?: number): Promise; }