UNPKG

3.86 kBTypeScriptView Raw
1/// <reference types="node" />
2/// <reference types="node" />
3import { ConnectionOptions, PeerCertificate, SecureContext } from 'tls';
4import { CallCredentials } from './call-credentials';
5/**
6 * A callback that will receive the expected hostname and presented peer
7 * certificate as parameters. The callback should return an error to
8 * indicate that the presented certificate is considered invalid and
9 * otherwise returned undefined.
10 */
11export type CheckServerIdentityCallback = (hostname: string, cert: PeerCertificate) => Error | undefined;
12/**
13 * Additional peer verification options that can be set when creating
14 * SSL credentials.
15 */
16export interface VerifyOptions {
17 /**
18 * If set, this callback will be invoked after the usual hostname verification
19 * has been performed on the peer certificate.
20 */
21 checkServerIdentity?: CheckServerIdentityCallback;
22}
23/**
24 * A class that contains credentials for communicating over a channel, as well
25 * as a set of per-call credentials, which are applied to every method call made
26 * over a channel initialized with an instance of this class.
27 */
28export declare abstract class ChannelCredentials {
29 protected callCredentials: CallCredentials;
30 protected constructor(callCredentials?: CallCredentials);
31 /**
32 * Returns a copy of this object with the included set of per-call credentials
33 * expanded to include callCredentials.
34 * @param callCredentials A CallCredentials object to associate with this
35 * instance.
36 */
37 abstract compose(callCredentials: CallCredentials): ChannelCredentials;
38 /**
39 * Gets the set of per-call credentials associated with this instance.
40 */
41 _getCallCredentials(): CallCredentials;
42 /**
43 * Gets a SecureContext object generated from input parameters if this
44 * instance was created with createSsl, or null if this instance was created
45 * with createInsecure.
46 */
47 abstract _getConnectionOptions(): ConnectionOptions | null;
48 /**
49 * Indicates whether this credentials object creates a secure channel.
50 */
51 abstract _isSecure(): boolean;
52 /**
53 * Check whether two channel credentials objects are equal. Two secure
54 * credentials are equal if they were constructed with the same parameters.
55 * @param other The other ChannelCredentials Object
56 */
57 abstract _equals(other: ChannelCredentials): boolean;
58 /**
59 * Return a new ChannelCredentials instance with a given set of credentials.
60 * The resulting instance can be used to construct a Channel that communicates
61 * over TLS.
62 * @param rootCerts The root certificate data.
63 * @param privateKey The client certificate private key, if available.
64 * @param certChain The client certificate key chain, if available.
65 * @param verifyOptions Additional options to modify certificate verification
66 */
67 static createSsl(rootCerts?: Buffer | null, privateKey?: Buffer | null, certChain?: Buffer | null, verifyOptions?: VerifyOptions): ChannelCredentials;
68 /**
69 * Return a new ChannelCredentials instance with credentials created using
70 * the provided secureContext. The resulting instances can be used to
71 * construct a Channel that communicates over TLS. gRPC will not override
72 * anything in the provided secureContext, so the environment variables
73 * GRPC_SSL_CIPHER_SUITES and GRPC_DEFAULT_SSL_ROOTS_FILE_PATH will
74 * not be applied.
75 * @param secureContext The return value of tls.createSecureContext()
76 * @param verifyOptions Additional options to modify certificate verification
77 */
78 static createFromSecureContext(secureContext: SecureContext, verifyOptions?: VerifyOptions): ChannelCredentials;
79 /**
80 * Return a new ChannelCredentials instance with no credentials.
81 */
82 static createInsecure(): ChannelCredentials;
83}