UNPKG

@nestjs/common/interfaces/external/https-options.interface.d.ts

Version:

5.03 kBTypeScriptView Raw

1/**
* Interface describing Https Options that can be set.
*
* @see https://nodejs.org/api/tls.html
*
* @publicApi
*/
8export interface HttpsOptions {
  /**
   * PFX or PKCS12 encoded private key and certificate chain. pfx is an alternative
   * to providing key and cert individually. PFX is usually encrypted, if it is,
   * passphrase will be used to decrypt it. Multiple PFX can be provided either
   * as an array of unencrypted PFX buffers, or an array of objects in the form
   * {buf: <string|buffer>[, passphrase: <string>]}. The object form can only
   * occur in an array. object.passphrase is optional. Encrypted PFX will be decrypted
   * with object.passphrase if provided, or options.passphrase if it is not.
   */
  pfx?: any;
  /**
   * Private keys in PEM format. PEM allows the option of private keys being encrypted.
   * Encrypted keys will be decrypted with options.passphrase. Multiple keys using
   * different algorithms can be provided either as an array of unencrypted key
   * strings or buffers, or an array of objects in the form {pem: <string|buffer>[, passphrase: <string>]}.
   * The object form can only occur in an array. object.passphrase is optional.
   * Encrypted keys will be decrypted with object.passphrase if provided, or options.passphrase
   * if it is not
   */
  key?: any;
  /**
   * Shared passphrase used for a single private key and/or a PFX.
   */
  passphrase?: string;
  /**
   * Cert chains in PEM format. One cert chain should be provided per private key.
   * Each cert chain should consist of the PEM formatted certificate for a provided
   * private key, followed by the PEM formatted intermediate certificates (if any),
   * in order, and not including the root CA (the root CA must be pre-known to the
   * peer, see ca). When providing multiple cert chains, they do not have to be
   * in the same order as their private keys in key. If the intermediate certificates
   * are not provided, the peer will not be able to validate the certificate, and
   * the handshake will fail.
   */
  cert?: any;
  /**
   * Optionally override the trusted CA certificates. Default is to trust the well-known
   * CAs curated by Mozilla. Mozilla's CAs are completely replaced when CAs are
   * explicitly specified using this option. The value can be a string or Buffer,
   * or an Array of strings and/or Buffers. Any string or Buffer can contain multiple
   * PEM CAs concatenated together. The peer's certificate must be chainable to
   * a CA trusted by the server for the connection to be authenticated. When using
   * certificates that are not chainable to a well-known CA, the certificate's CA
   * must be explicitly specified as a trusted or the connection will fail to authenticate.
   * If the peer uses a certificate that doesn't match or chain to one of the default
   * CAs, use the ca option to provide a CA certificate that the peer's certificate
   * can match or chain to. For self-signed certificates, the certificate is its
   * own CA, and must be provided. For PEM encoded certificates, supported types
   * are "TRUSTED CERTIFICATE", "X509 CERTIFICATE", and "CERTIFICATE". See also tls.rootCertificates.
   */
  ca?: any;
  /**
   * PEM formatted CRLs (Certificate Revocation Lists).
   */
  crl?: any;
  /**
   * Cipher suite specification, replacing the default. For more information, see
   * modifying the default cipher suite. Permitted ciphers can be obtained via tls.getCiphers().
   * Cipher names must be uppercased in order for OpenSSL to accept them.
   */
  ciphers?: string;
  /**
   * Attempt to use the server's cipher suite preferences instead of the client's.
   * When true, causes SSL_OP_CIPHER_SERVER_PREFERENCE to be set in secureOptions,
   * see OpenSSL Options for more information.
   */
  honorCipherOrder?: boolean;
  /**
   * If true the server will request a certificate from clients that connect and
   * attempt to verify that certificate. Default: false.
   */
  requestCert?: boolean;
  /**
   * If not false the server will reject any connection which is not authorized
   * with the list of supplied CAs. This option only has an effect if requestCert is true. Default: true
   */
  rejectUnauthorized?: boolean;
  /**
   * An array or Buffer of possible NPN protocols. (Protocols should be ordered
   * by their priority).
   */
  NPNProtocols?: any;
  /**
   * A function that will be called if the client supports SNI TLS extension. Two
   * arguments will be passed when called: servername and cb. SNICallback should
   * invoke cb(null, ctx), where ctx is a SecureContext instance. (tls.createSecureContext(...)
   * can be used to get a proper SecureContext.) If SNICallback wasn't provided
   * the default callback with high-level API will be used.
   */
  SNICallback?: (servername: string, cb: (err: Error, ctx: any) => any) => any;
99}

1	`/**`
2	`* Interface describing Https Options that can be set.`
3	`*`
4	`* @see https://nodejs.org/api/tls.html`
5	`*`
6	`* @publicApi`
7	`*/`
8	`export interface HttpsOptions {`
9	`/**`
10	`* PFX or PKCS12 encoded private key and certificate chain. pfx is an alternative`
11	`* to providing key and cert individually. PFX is usually encrypted, if it is,`
12	`* passphrase will be used to decrypt it. Multiple PFX can be provided either`
13	`* as an array of unencrypted PFX buffers, or an array of objects in the form`
14	`* {buf: <string\|buffer>[, passphrase: <string>]}. The object form can only`
15	`* occur in an array. object.passphrase is optional. Encrypted PFX will be decrypted`
16	`* with object.passphrase if provided, or options.passphrase if it is not.`
17	`*/`
18	`pfx?: any;`
19	`/**`
20	`* Private keys in PEM format. PEM allows the option of private keys being encrypted.`
21	`* Encrypted keys will be decrypted with options.passphrase. Multiple keys using`
22	`* different algorithms can be provided either as an array of unencrypted key`
23	`* strings or buffers, or an array of objects in the form {pem: <string\|buffer>[, passphrase: <string>]}.`
24	`* The object form can only occur in an array. object.passphrase is optional.`
25	`* Encrypted keys will be decrypted with object.passphrase if provided, or options.passphrase`
26	`* if it is not`
27	`*/`
28	`key?: any;`
29	`/**`
30	`* Shared passphrase used for a single private key and/or a PFX.`
31	`*/`
32	`passphrase?: string;`
33	`/**`
34	`* Cert chains in PEM format. One cert chain should be provided per private key.`
35	`* Each cert chain should consist of the PEM formatted certificate for a provided`
36	`* private key, followed by the PEM formatted intermediate certificates (if any),`
37	`* in order, and not including the root CA (the root CA must be pre-known to the`
38	`* peer, see ca). When providing multiple cert chains, they do not have to be`
39	`* in the same order as their private keys in key. If the intermediate certificates`
40	`* are not provided, the peer will not be able to validate the certificate, and`
41	`* the handshake will fail.`
42	`*/`
43	`cert?: any;`
44	`/**`
45	`* Optionally override the trusted CA certificates. Default is to trust the well-known`
46	`* CAs curated by Mozilla. Mozilla's CAs are completely replaced when CAs are`
47	`* explicitly specified using this option. The value can be a string or Buffer,`
48	`* or an Array of strings and/or Buffers. Any string or Buffer can contain multiple`
49	`* PEM CAs concatenated together. The peer's certificate must be chainable to`
50	`* a CA trusted by the server for the connection to be authenticated. When using`
51	`* certificates that are not chainable to a well-known CA, the certificate's CA`
52	`* must be explicitly specified as a trusted or the connection will fail to authenticate.`
53	`* If the peer uses a certificate that doesn't match or chain to one of the default`
54	`* CAs, use the ca option to provide a CA certificate that the peer's certificate`
55	`* can match or chain to. For self-signed certificates, the certificate is its`
56	`* own CA, and must be provided. For PEM encoded certificates, supported types`
57	`* are "TRUSTED CERTIFICATE", "X509 CERTIFICATE", and "CERTIFICATE". See also tls.rootCertificates.`
58	`*/`
59	`ca?: any;`
60	`/**`
61	`* PEM formatted CRLs (Certificate Revocation Lists).`
62	`*/`
63	`crl?: any;`
64	`/**`
65	`* Cipher suite specification, replacing the default. For more information, see`
66	`* modifying the default cipher suite. Permitted ciphers can be obtained via tls.getCiphers().`
67	`* Cipher names must be uppercased in order for OpenSSL to accept them.`
68	`*/`
69	`ciphers?: string;`
70	`/**`
71	`* Attempt to use the server's cipher suite preferences instead of the client's.`
72	`* When true, causes SSL_OP_CIPHER_SERVER_PREFERENCE to be set in secureOptions,`
73	`* see OpenSSL Options for more information.`
74	`*/`
75	`honorCipherOrder?: boolean;`
76	`/**`
77	`* If true the server will request a certificate from clients that connect and`
78	`* attempt to verify that certificate. Default: false.`
79	`*/`
80	`requestCert?: boolean;`
81	`/**`
82	`* If not false the server will reject any connection which is not authorized`
83	`* with the list of supplied CAs. This option only has an effect if requestCert is true. Default: true`
84	`*/`
85	`rejectUnauthorized?: boolean;`
86	`/**`
87	`* An array or Buffer of possible NPN protocols. (Protocols should be ordered`
88	`* by their priority).`
89	`*/`
90	`NPNProtocols?: any;`
91	`/**`
92	`* A function that will be called if the client supports SNI TLS extension. Two`
93	`* arguments will be passed when called: servername and cb. SNICallback should`
94	`* invoke cb(null, ctx), where ctx is a SecureContext instance. (tls.createSecureContext(...)`
95	`* can be used to get a proper SecureContext.) If SNICallback wasn't provided`
96	`* the default callback with high-level API will be used.`
97	`*/`
98	`SNICallback?: (servername: string, cb: (err: Error, ctx: any) => any) => any;`
99	`}`