UNPKG

41.2 kBTypeScriptView Raw
1// Type definitions for node-forge 0.10.0
2// Project: https://github.com/digitalbazaar/forge
3// Definitions by: Seth Westphal <https://github.com/westy92>
4// Kay Schecker <https://github.com/flynetworks>
5// Aakash Goenka <https://github.com/a-k-g>
6// Rafal2228 <https://github.com/rafal2228>
7// Beeno Tung <https://github.com/beenotung>
8// Joe Flateau <https://github.com/joeflateau>
9// Nikita Koryabkin <https://github.com/Apologiz>
10// timhwang21 <https://github.com/timhwang21>
11// supaiku0 <https://github.com/supaiku0>
12// Anders Kaseorg <https://github.com/andersk>
13// Sascha Zarhuber <https://github.com/saschazar21>
14// Rogier Schouten <https://github.com/rogierschouten>
15// Ivan Aseev <https://github.com/aseevia>
16// Wiktor Kwapisiewicz <https://github.com/wiktor-k>
17// Ligia Frangello <https://github.com/frangello>
18// Dmitry Avezov <https://github.com/avezov>
19// Jose Fuentes <https://github.com/j-fuentes>
20// Anya Reyes <https://github.com/darkade>
21// Definitions: https://github.com/DefinitelyTyped/DefinitelyTyped
22// TypeScript Version: 2.6
23
24/// <reference types="node" />
25
26declare module "node-forge" {
27 type Byte = number;
28 type Bytes = string;
29 type Hex = string;
30 type Base64 = string;
31 type Utf8 = string;
32 type OID = string;
33 type Encoding = "raw" | "utf8";
34
35 namespace jsbn {
36 interface RandomGenerator {
37 nextBytes(bytes: number[]): void;
38 }
39 class BigInteger {
40 static ZERO: BigInteger;
41 static ONE: BigInteger;
42 constructor(a: null);
43 constructor(a: number, c: RandomGenerator);
44 constructor(a: number, b: number, c: RandomGenerator);
45 constructor(a: string, b?: number);
46 constructor(a: number[], b?: number);
47 constructor(a: BigInteger);
48 data: number[];
49 t: number;
50 s: number;
51 am(i: number, x: number, w: BigInteger, j: number, c: number, n: number): number;
52 toString(b?: number): string;
53 bitLength(): number;
54 negate(): BigInteger;
55 abs(): BigInteger;
56 compareTo(a: BigInteger): number;
57 bitLength(): number;
58 mod(a: BigInteger): BigInteger;
59 modPowInt(e: number, m: BigInteger): BigInteger;
60 clone(): BigInteger;
61 intValue(): number;
62 byteValue(): number;
63 shortValue(): number;
64 signum(): number;
65 toByteArray(): number[];
66 equals(a: BigInteger): boolean;
67 min(a: BigInteger): BigInteger;
68 max(a: BigInteger): BigInteger;
69 and(a: BigInteger): BigInteger;
70 or(a: BigInteger): BigInteger;
71 xor(a: BigInteger): BigInteger;
72 andNot(a: BigInteger): BigInteger;
73 not(): BigInteger;
74 shiftLeft(n: number): BigInteger;
75 shiftRight(n: number): BigInteger;
76 getLowestSetBit(): number;
77 bitCount(): number;
78 testBit(n: number): boolean;
79 clearBit(n: number): BigInteger
80 flipBit(n: number): BigInteger
81 add(a: BigInteger): BigInteger;
82 subtract(a: BigInteger): BigInteger;
83 multiply(a: BigInteger): BigInteger;
84 square(): BigInteger;
85 divide(a: BigInteger): BigInteger;
86 remainder(a: BigInteger): BigInteger;
87 divideAndRemainder(a: BigInteger): BigInteger[]; // Array of 2 items
88 pow(e: number): BigInteger;
89 modPow(e: BigInteger, m: BigInteger): BigInteger;
90 gcd(a: BigInteger): BigInteger;
91 modInverse(m: BigInteger): BigInteger;
92 isProbablePrime(t: number): boolean;
93 }
94 }
95
96 namespace pem {
97
98 interface EncodeOptions {
99 maxline?: number | undefined;
100 }
101
102 interface ObjectPEM {
103 type: string;
104 body: Bytes;
105 procType?: any;
106 contentDomain?: any;
107 dekInfo?: any;
108 headers?: any[] | undefined;
109 }
110
111 function encode(msg: ObjectPEM, options?: EncodeOptions): string;
112 function decode(str: string): ObjectPEM[];
113 }
114
115 namespace pki {
116 type PEM = string;
117 type PublicKey = rsa.PublicKey | ed25519.Key;
118 type PrivateKey = rsa.PrivateKey | ed25519.Key;
119 type EncryptionOptions = {
120 algorithm?: 'aes128' | 'aes192' | 'aes256' | '3des' | undefined;
121 count?: number | undefined;
122 saltSize?: number | undefined;
123 prfAlgorithm?: 'sha1' | 'sha224' | 'sha256' | 'sha384' | 'sha512' | undefined;
124 legacy?: boolean | undefined;
125 };
126
127 interface ByteBufferFingerprintOptions {
128 /**
129 * @description The type of fingerprint. If not specified, defaults to 'RSAPublicKey'
130 */
131 type?: 'SubjectPublicKeyInfo' | 'RSAPublicKey' | undefined;
132 /**
133 * @description the delimiter to use between bytes for `hex` encoded output
134 */
135 delimiter?: string | undefined;
136 /**
137 * @description if not specified defaults to `md.md5`
138 */
139 md?: md.MessageDigest | undefined;
140 }
141
142 interface HexFingerprintOptions extends ByteBufferFingerprintOptions {
143 /**
144 * @description if not specified, the function will return `ByteStringBuffer`
145 */
146 encoding: 'hex';
147 }
148
149 interface BinaryFingerprintOptions extends ByteBufferFingerprintOptions {
150 /**
151 * @description if not specified, the function will return `ByteStringBuffer`
152 */
153 encoding: 'binary';
154 }
155
156 interface KeyPair {
157 publicKey: PublicKey;
158 privateKey: PrivateKey;
159 }
160
161 interface oids {
162 [key: string]: string;
163 }
164 var oids: oids;
165
166 namespace rsa {
167 type EncryptionScheme = 'RSAES-PKCS1-V1_5' | 'RSA-OAEP' | 'RAW' | 'NONE' | null;
168 type SignatureScheme = 'RSASSA-PKCS1-V1_5' | pss.PSS | 'NONE' | null;
169
170 interface PublicKey {
171 n: jsbn.BigInteger;
172 e: jsbn.BigInteger;
173 encrypt(data: Bytes, scheme?: EncryptionScheme, schemeOptions?: any): Bytes;
174 verify(digest: Bytes, signature: Bytes, scheme?: SignatureScheme): boolean;
175 }
176
177 interface PrivateKey {
178 n: jsbn.BigInteger;
179 e: jsbn.BigInteger;
180 d: jsbn.BigInteger;
181 p: jsbn.BigInteger;
182 q: jsbn.BigInteger;
183 dP: jsbn.BigInteger;
184 dQ: jsbn.BigInteger;
185 qInv: jsbn.BigInteger;
186 decrypt(data: Bytes, scheme?: EncryptionScheme, schemeOptions?: any): Bytes;
187 sign(md: md.MessageDigest, scheme?: SignatureScheme): Bytes;
188 }
189
190 interface KeyPair {
191 publicKey: PublicKey;
192 privateKey: PrivateKey;
193 }
194
195 interface GenerateKeyPairOptions {
196 bits?: number | undefined;
197 e?: number | undefined;
198 workerScript?: string | undefined;
199 workers?: number | undefined;
200 workLoad?: number | undefined;
201 prng?: any;
202 algorithm?: string | undefined;
203 }
204
205 function setPublicKey(n: jsbn.BigInteger, e: jsbn.BigInteger): PublicKey;
206
207 function generateKeyPair(bits?: number, e?: number, callback?: (err: Error, keypair: KeyPair) => void): KeyPair;
208 function generateKeyPair(options?: GenerateKeyPairOptions, callback?: (err: Error, keypair: KeyPair) => void): KeyPair;
209 }
210
211 namespace ed25519 {
212 type NativeBuffer = Buffer | Uint8Array;
213 type Key = NativeBuffer;
214
215 type ToNativeBufferParameters = {
216 message: NativeBuffer | util.ByteBuffer
217 } | {
218 message: string;
219 encoding: 'binary' | 'utf8';
220 };
221
222 // `string`s will be converted by toNativeBuffer with `encoding: 'binary'`
223 type BinaryBuffer = NativeBuffer | util.ByteBuffer | string;
224
225 namespace constants {
226 const PUBLIC_KEY_BYTE_LENGTH = 32;
227 const PRIVATE_KEY_BYTE_LENGTH = 64;
228 const SEED_BYTE_LENGTH = 32;
229 const SIGN_BYTE_LENGTH = 64;
230 const HASH_BYTE_LENGTH = 64;
231 }
232
233 // generateKeyPair does not currently accept `util.ByteBuffer` as the seed.
234 function generateKeyPair(options?: { seed?: NativeBuffer | string | undefined }): {
235 publicKey: NativeBuffer;
236 privateKey: NativeBuffer;
237 };
238
239 function publicKeyFromPrivateKey(options: { privateKey: BinaryBuffer }): NativeBuffer;
240
241 function sign(options: ToNativeBufferParameters & {
242 privateKey: BinaryBuffer
243 }): NativeBuffer;
244
245 function verify(options: ToNativeBufferParameters & {
246 signature: BinaryBuffer,
247 publicKey: BinaryBuffer
248 }): boolean;
249 }
250
251 interface CertificateFieldOptions {
252 name?: string | undefined;
253 type?: string | undefined;
254 shortName?: string | undefined;
255 }
256
257 interface CertificateField extends CertificateFieldOptions {
258 valueConstructed?: boolean | undefined;
259 valueTagClass?: asn1.Class | undefined;
260 value?: any[] | string | undefined;
261 extensions?: any[] | undefined;
262 }
263
264
265 interface Certificate {
266 version: number;
267 serialNumber: string;
268 signature: any;
269 siginfo: any;
270 validity: {
271 notBefore: Date;
272 notAfter: Date;
273 };
274 issuer: {
275 getField(sn: string | CertificateFieldOptions): any;
276 addField(attr: CertificateField): void;
277 attributes: any[];
278 hash: any;
279 };
280 subject: {
281 getField(sn: string | CertificateFieldOptions): any;
282 addField(attr: CertificateField): void;
283 attributes: any[];
284 hash: any;
285 };
286 extensions: any[];
287 privateKey: PrivateKey;
288 publicKey: PublicKey;
289 md: any;
290 /**
291 * Sets the subject of this certificate.
292 *
293 * @param attrs the array of subject attributes to use.
294 * @param uniqueId an optional a unique ID to use.
295 */
296 setSubject(attrs: CertificateField[], uniqueId?: string): void;
297 /**
298 * Sets the issuer of this certificate.
299 *
300 * @param attrs the array of subject attributes to use.
301 * @param uniqueId an optional a unique ID to use.
302 */
303 setIssuer(attrs: CertificateField[], uniqueId?: string): void;
304 /**
305 * Sets the extensions of this certificate.
306 *
307 * @param exts the array of extensions to use.
308 */
309 setExtensions(exts: any[]): void;
310 /**
311 * Gets an extension by its name or id.
312 *
313 * @param options the name to use or an object with:
314 * name the name to use.
315 * id the id to use.
316 *
317 * @return the extension or null if not found.
318 */
319 getExtension(options: string | {name: string;} | {id: number;}): {} | undefined;
320
321 /**
322 * Signs this certificate using the given private key.
323 *
324 * @param key the private key to sign with.
325 * @param md the message digest object to use (defaults to forge.md.sha1).
326 */
327 sign(key: pki.PrivateKey, md?: md.MessageDigest): void;
328 /**
329 * Attempts verify the signature on the passed certificate using this
330 * certificate's public key.
331 *
332 * @param child the certificate to verify.
333 *
334 * @return true if verified, false if not.
335 */
336 verify(child: Certificate): boolean;
337
338 /**
339 * Gets an issuer or subject attribute from its name, type, or short name.
340 *
341 * @param options a short name string or an object with:
342 * shortName the short name for the attribute.
343 * name the name for the attribute.
344 * type the type for the attribute.
345 *
346 * @return the attribute.
347 */
348 getAttribute(opts: string | GetAttributeOpts): Attribute | null;
349
350 /**
351 * Returns true if this certificate's issuer matches the passed
352 * certificate's subject. Note that no signature check is performed.
353 *
354 * @param parent the certificate to check.
355 *
356 * @return true if this certificate's issuer matches the passed certificate's
357 * subject.
358 */
359 isIssuer(parent: Certificate): boolean;
360
361 /**
362 * Returns true if this certificate's subject matches the issuer of the
363 * given certificate). Note that not signature check is performed.
364 *
365 * @param child the certificate to check.
366 *
367 * @return true if this certificate's subject matches the passed
368 * certificate's issuer.
369 */
370 issued(child: Certificate): boolean;
371 }
372
373 /**
374 * Attribute members to search on; any one hit will return the attribute
375 */
376 interface GetAttributeOpts {
377 /**
378 * OID
379 */
380 type?: string | undefined;
381 /**
382 * Long name
383 */
384 name?: string | undefined;
385 /**
386 * Short name
387 */
388 shortName?: string | undefined;
389 }
390
391 interface Attribute {
392 /**
393 * e.g. challengePassword
394 */
395 name: string;
396 /**
397 * Short name, if available (e.g. 'CN' for 'commonName')
398 */
399 shortName?: string | undefined;
400 /**
401 * OID, e.g. '1.2.840.113549.1.9.7'
402 */
403 type: string;
404 /**
405 * Attribute value
406 */
407 value: any;
408 /**
409 * Attribute value data type
410 */
411 valueTagClass: number;
412 /**
413 * Extensions
414 */
415 extensions?: any[] | undefined
416 }
417
418 interface CAStore {
419 addCertificate(cert: Certificate | string): void;
420 hasCertificate(cert: Certificate | string): boolean;
421 removeCertificate(cert: Certificate | string): Certificate | null;
422 listAllCertificates(): pki.Certificate[];
423 getIssuer(subject: Certificate): Certificate | null;
424 getBySubject(subject: string): Certificate | null;
425 }
426
427 function certificateFromAsn1(obj: asn1.Asn1, computeHash?: boolean): Certificate;
428
429 function certificationRequestFromAsn1(obj: asn1.Asn1, computeHash?: boolean): Certificate;
430
431 function certificateToAsn1(cert: Certificate): asn1.Asn1;
432
433 function certificationRequestToAsn1(cert: Certificate): asn1.Asn1;
434
435 function decryptRsaPrivateKey(pem: PEM, passphrase?: string): rsa.PrivateKey;
436
437 function createCertificate(): Certificate;
438
439 function certificationRequestToPem(cert: Certificate, maxline?: number): PEM;
440
441 function certificationRequestFromPem(pem: PEM, computeHash?: boolean, strict?: boolean): Certificate;
442
443 function createCertificationRequest(): Certificate;
444
445 function certificateToPem(cert: Certificate, maxline?: number): PEM;
446
447 function certificateFromPem(pem: PEM, computeHash?: boolean, strict?: boolean): Certificate;
448
449 function createCaStore(certs?: ReadonlyArray<Certificate | pki.PEM>): CAStore;
450
451 function verifyCertificateChain(
452 caStore: CAStore,
453 chain: Certificate[],
454 options?: ((verified: boolean | string, depth: number, certs: Certificate[]) => boolean) | {
455 verify?: ((verified: boolean | string, depth: number, certs: Certificate[]) => boolean) | undefined,
456 validityCheckDate?: Date | null | undefined
457 }): boolean;
458
459 function pemToDer(pem: PEM): util.ByteStringBuffer;
460
461 function privateKeyToPem(key: PrivateKey, maxline?: number): PEM;
462
463 function privateKeyInfoToPem(key: asn1.Asn1, maxline?: number): PEM;
464
465 function publicKeyToPem(key: PublicKey, maxline?: number): PEM;
466
467 function publicKeyToRSAPublicKeyPem(key: PublicKey, maxline?: number): PEM;
468
469 function publicKeyFromPem(pem: PEM): rsa.PublicKey;
470
471 function privateKeyFromPem(pem: PEM): rsa.PrivateKey;
472
473 function decryptPrivateKeyInfo(obj: asn1.Asn1, password: string): asn1.Asn1;
474
475 function encryptPrivateKeyInfo(obj: asn1.Asn1, password: string, options?: EncryptionOptions): asn1.Asn1;
476
477 function encryptedPrivateKeyFromPem(pem: PEM): asn1.Asn1;
478
479 function encryptedPrivateKeyToPem(obj: asn1.Asn1): PEM;
480
481 function decryptRsaPrivateKey(pem: PEM, password: string): rsa.PrivateKey;
482
483 function encryptRsaPrivateKey(privateKey: PrivateKey, password: string, options?: EncryptionOptions): PEM;
484
485 function privateKeyFromAsn1(privateKey: asn1.Asn1): PrivateKey;
486
487 function privateKeyToAsn1(privateKey: PrivateKey): asn1.Asn1;
488
489 function publicKeyFromAsn1(publicKey: asn1.Asn1): PublicKey;
490
491 function publicKeyToAsn1(publicKey: PublicKey): asn1.Asn1;
492
493 function publicKeyToRSAPublicKey(publicKey: PublicKey): any;
494
495 type setRsaPublicKey = typeof rsa.setPublicKey;
496
497 function wrapRsaPrivateKey(privateKey: asn1.Asn1): asn1.Asn1;
498
499 function getPublicKeyFingerprint(publicKey: PublicKey, options?: ByteBufferFingerprintOptions): util.ByteStringBuffer;
500 function getPublicKeyFingerprint(publicKey: PublicKey, options: HexFingerprintOptions): Hex;
501 function getPublicKeyFingerprint(publicKey: PublicKey, options: BinaryFingerprintOptions): Bytes;
502 }
503
504 namespace random {
505 function getBytes(count: number, callback?: (err: Error | null, bytes: Bytes) => any): Bytes;
506 function getBytesSync(count: number): Bytes;
507 type CB = (_: any, seed: string) => void;
508 interface Random {
509 seedFileSync: (needed: number) => string;
510 seedFile: (needed: number, cb: CB) => void;
511 }
512 function createInstance(): Random;
513 }
514
515 namespace ssh {
516 interface FingerprintOptions {
517 /**
518 * @description the delimiter to use between bytes for `hex` encoded output
519 */
520 delimiter?: string | undefined;
521 /**
522 * @description if not specified, the function will return `ByteStringBuffer`
523 */
524 encoding?: 'hex' | 'binary' | undefined;
525 /**
526 * @description if not specified defaults to `md.md5`
527 */
528 md?: md.MessageDigest | undefined;
529 }
530
531 /**
532 * @description Encodes a private RSA key as an OpenSSH file
533 */
534 function privateKeyToOpenSSH(privateKey: pki.PrivateKey, passphrase?: string): string;
535
536 /**
537 * @description Encodes (and optionally encrypts) a private RSA key as a Putty PPK file
538 */
539 function privateKeyToPutty(privateKey: pki.PrivateKey, passphrase?: string, comment?: string): string;
540
541 /**
542 * @description Encodes a public RSA key as an OpenSSH file
543 */
544 function publicKeyToOpenSSH(publicKey: pki.PublicKey, comment?: string): string | pki.PEM;
545
546 /**
547 * @description Gets the SSH fingerprint for the given public key
548 */
549 function getPublicKeyFingerprint(publicKey: pki.PublicKey, options?: FingerprintOptions): util.ByteStringBuffer | Hex | string;
550 }
551
552 namespace asn1 {
553 enum Class {
554 UNIVERSAL = 0x00,
555 APPLICATION = 0x40,
556 CONTEXT_SPECIFIC = 0x80,
557 PRIVATE = 0xC0,
558 }
559
560 enum Type {
561 NONE = 0,
562 BOOLEAN = 1,
563 INTEGER = 2,
564 BITSTRING = 3,
565 OCTETSTRING = 4,
566 NULL = 5,
567 OID = 6,
568 ODESC = 7,
569 EXTERNAL = 8,
570 REAL = 9,
571 ENUMERATED = 10,
572 EMBEDDED = 11,
573 UTF8 = 12,
574 ROID = 13,
575 SEQUENCE = 16,
576 SET = 17,
577 PRINTABLESTRING = 19,
578 IA5STRING = 22,
579 UTCTIME = 23,
580 GENERALIZEDTIME = 24,
581 BMPSTRING = 30,
582 }
583
584 interface Asn1 {
585 tagClass: Class;
586 type: Type;
587 constructed: boolean;
588 composed: boolean;
589 value: Bytes | Asn1[];
590 }
591
592 function create(tagClass: Class, type: Type, constructed: boolean, value: Bytes | Asn1[]): Asn1;
593 function fromDer(bytes: Bytes | util.ByteBuffer, strict?: boolean): Asn1;
594 function toDer(obj: Asn1): util.ByteBuffer;
595 function oidToDer(oid: OID): util.ByteStringBuffer;
596 function derToOid(der: util.ByteStringBuffer): OID;
597 }
598
599 namespace util {
600 function isArray(x: any): boolean;
601 function isArrayBuffer(x: any): boolean;
602 function isArrayBufferView(x: any): boolean;
603
604 interface ArrayBufferView {
605 buffer: ArrayBuffer;
606 byteLength: number;
607 }
608
609 type ByteBuffer = ByteStringBuffer;
610 class ByteStringBuffer {
611 constructor(bytes?: Bytes | ArrayBuffer | ArrayBufferView | ByteStringBuffer);
612 data: string;
613 read: number;
614 length(): number;
615 isEmpty(): boolean;
616 putByte(byte: Byte): ByteStringBuffer;
617 fillWithByte(byte: Byte, n: number): ByteStringBuffer;
618 putBytes(bytes: Bytes): ByteStringBuffer;
619 putString(str: string): ByteStringBuffer;
620 putInt16(int: number): ByteStringBuffer;
621 putInt24(int: number): ByteStringBuffer;
622 putInt32(int: number): ByteStringBuffer;
623 putInt16Le(int: number): ByteStringBuffer;
624 putInt24Le(int: number): ByteStringBuffer;
625 putInt32Le(int: number): ByteStringBuffer;
626 putInt(int: number, numOfBits: number): ByteStringBuffer;
627 putSignedInt(int: number, numOfBits: number): ByteStringBuffer;
628 putBuffer(buffer: ByteStringBuffer): ByteStringBuffer;
629 getByte(): number;
630 getInt16(): number;
631 getInt24(): number;
632 getInt32(): number;
633 getInt16Le(): number;
634 getInt24Le(): number;
635 getInt32Le(): number;
636 getInt(numOfBits: number): number;
637 getSignedInt(numOfBits: number): number;
638 getBytes(count?: number): Bytes;
639 bytes(count?: number): Bytes;
640 at(index: number): Byte;
641 setAt(index: number, byte: number): ByteStringBuffer;
642 last(): Byte;
643 copy(): ByteStringBuffer;
644 compact(): ByteStringBuffer;
645 clear(): ByteStringBuffer;
646 truncate(): ByteStringBuffer;
647 toHex(): Hex;
648 toString(): string;
649 }
650
651 function fillString(char: string, count: number): string;
652 function xorBytes(bytes1: string, bytes2: string, count: number): string;
653 function hexToBytes(hex: Hex): Bytes;
654 function bytesToHex(bytes: Bytes): Hex;
655 function int32ToBytes(int: number): Bytes;
656 function encode64(bytes: Bytes, maxline?: number): Base64;
657 function decode64(encoded: Base64): Bytes;
658 function encodeUtf8(str: string): Utf8;
659 function decodeUtf8(encoded: Utf8): string;
660
661 function createBuffer(): ByteBuffer;
662 function createBuffer(input: Bytes | ArrayBuffer | ArrayBufferView | ByteStringBuffer, encoding?: Encoding): ByteBuffer;
663
664 namespace binary {
665 namespace raw {
666 function encode(x: Uint8Array): Bytes;
667 function decode(str: Bytes, output?: Uint8Array, offset?: number): Uint8Array;
668 }
669 namespace hex {
670 function encode(bytes: Bytes | ArrayBuffer | ArrayBufferView | ByteStringBuffer): Hex;
671 function decode(hex: Hex, output?: Uint8Array, offset?: number): Uint8Array;
672 }
673 namespace base64 {
674 function encode(input: Uint8Array, maxline?: number): Base64;
675 function decode(input: Base64, output?: Uint8Array, offset?: number): Uint8Array;
676 }
677 }
678
679 namespace text {
680 namespace utf8 {
681 function encode(str: string, output?: Uint8Array, offset?: number): Uint8Array;
682 function decode(bytes: Uint8Array): Utf8;
683 }
684 namespace utf16 {
685 function encode(str: string, output?: Uint8Array, offset?: number): Uint8Array;
686 function decode(bytes: Uint8Array): string;
687 }
688 }
689 }
690
691 namespace pkcs12 {
692
693 interface BagsFilter {
694 localKeyId?: string | undefined;
695 localKeyIdHex?: string | undefined;
696 friendlyName?: string | undefined;
697 bagType?: string | undefined;
698 }
699
700 interface Bag {
701 type: string;
702 attributes: any;
703 key?: pki.PrivateKey | undefined;
704 cert?: pki.Certificate | undefined;
705 asn1: asn1.Asn1
706 }
707
708 interface Pkcs12Pfx {
709 version: string;
710 safeContents: {
711 encrypted: boolean;
712 safeBags: Bag[];
713 }[];
714 getBags: (filter: BagsFilter) => {
715 [key: string]: Bag[] | undefined;
716 localKeyId?: Bag[] | undefined;
717 friendlyName?: Bag[] | undefined;
718 };
719 getBagsByFriendlyName: (fiendlyName: string, bagType: string) => Bag[]
720 getBagsByLocalKeyId: (localKeyId: string, bagType: string) => Bag[]
721 }
722
723 function pkcs12FromAsn1(obj: any, strict?: boolean, password?: string): Pkcs12Pfx;
724 function pkcs12FromAsn1(obj: any, password?: string): Pkcs12Pfx;
725
726 function toPkcs12Asn1(
727 key: pki.PrivateKey,
728 cert: pki.Certificate | pki.Certificate[],
729 password: string | null,
730 options?: {
731 algorithm?: 'aes128' | 'aes192' | 'aes256' | '3des' | undefined,
732 count?: number | undefined,
733 saltSize?: number | undefined,
734 useMac?: boolean | undefined,
735 localKeyId?: Hex | undefined,
736 friendlyName?: string | undefined,
737 generateLocalKeyId?: boolean | undefined,
738 },
739 ): asn1.Asn1;
740
741 function generateKey(
742 password: string | null | undefined,
743 salt: util.ByteBuffer,
744 id: Byte,
745 iter: number,
746 n: number,
747 md?: md.MessageDigest,
748 ): util.ByteBuffer;
749 }
750
751 namespace pkcs7 {
752 interface PkcsSignedData {
753 content?: string | util.ByteBuffer | undefined;
754 contentInfo?: { value: any[] } | undefined;
755
756 certificates: pki.Certificate[];
757
758 addCertificate(certificate: pki.Certificate | string): void;
759 addSigner(options: {
760 key: pki.rsa.PrivateKey | string;
761 certificate: pki.Certificate | string;
762 digestAlgorithm: string;
763 authenticatedAttributes?: { type: string; value?: string | undefined }[] | undefined;
764 }): void;
765 sign(options?:{
766 detached?: boolean | undefined
767 }): void;
768 toAsn1(): asn1.Asn1;
769 }
770
771 function createSignedData(): PkcsSignedData;
772
773 interface PkcsEnvelopedData {
774 content?: string | util.ByteBuffer | undefined;
775 addRecipient(certificate: pki.Certificate): void;
776 encrypt(): void;
777 toAsn1(): asn1.Asn1;
778 }
779
780 function createEnvelopedData(): PkcsEnvelopedData;
781
782 function messageToPem(msg: PkcsSignedData, maxline?: number): string;
783
784 function messageFromPem(pem: pki.PEM): PkcsEnvelopedData | PkcsSignedData;
785 }
786
787 namespace pkcs5 {
788 function pbkdf2(password: string, salt: string, iterations: number, keySize: number): string;
789 function pbkdf2(password: string, salt: string, iterations: number, keySize: number, messageDigest: md.MessageDigest): string;
790 function pbkdf2(password: string, salt: string, iterations: number, keySize: number, callback: (err: Error | null, dk: string | null) => any): void;
791 function pbkdf2(password: string, salt: string, iterations: number, keySize: number, messageDigest?: md.MessageDigest, callback?: (err: Error | null, dk: string | null) => any): void;
792 }
793
794 namespace md {
795
796 interface MessageDigest {
797 update(msg: string, encoding?: Encoding): MessageDigest;
798 digest(): util.ByteStringBuffer;
799 }
800
801 namespace sha1 {
802 function create(): MessageDigest;
803 }
804
805 namespace sha256 {
806 function create(): MessageDigest;
807 }
808
809 namespace sha384 {
810 function create(): MessageDigest;
811 }
812
813 namespace sha512 {
814 function create(): MessageDigest;
815 }
816
817 namespace md5 {
818 function create(): MessageDigest;
819 }
820
821 namespace hmac {
822 }
823 }
824
825 namespace hmac {
826
827 type Algorithm = "sha1" | "md5" | "sha256" | "sha512";
828
829 interface HMAC {
830 digest(): util.ByteBuffer;
831 getMact(): util.ByteBuffer;
832 start(md: Algorithm, key: string | util.ByteBuffer | null): void;
833 update(bytes: string | util.ByteBuffer | Buffer): void;
834 }
835
836 function create(): HMAC;
837 }
838
839 namespace cipher {
840
841 type Algorithm = "AES-ECB" | "AES-CBC" | "AES-CFB" | "AES-OFB" | "AES-CTR" | "AES-GCM" | "3DES-ECB" | "3DES-CBC" | "DES-ECB" | "DES-CBC";
842
843 function createCipher(algorithm: Algorithm, payload: util.ByteBuffer | Bytes): BlockCipher;
844 function createDecipher(algorithm: Algorithm, payload: util.ByteBuffer | Bytes): BlockCipher;
845
846 interface StartOptions {
847 iv?: util.ByteBuffer | Byte[] | Bytes | undefined;
848 tag?: util.ByteStringBuffer | undefined;
849 tagLength?: number | undefined;
850 additionalData?: string | undefined;
851 }
852
853 interface BlockCipher {
854 start: (options?: StartOptions) => void;
855 update: (payload: util.ByteBuffer) => void;
856 finish: () => boolean;
857 output: util.ByteStringBuffer;
858 mode: Mode;
859 }
860
861 interface Mode {
862 tag: util.ByteStringBuffer;
863 }
864 }
865
866 namespace pss {
867 type PSS = any;
868
869 function create(any: any): PSS;
870 }
871
872 namespace mgf {
873 namespace mgf1 {
874 function create(any: any): any;
875 }
876 }
877
878 namespace tls {
879 interface ProtocolVersion {
880 major: Byte;
881 minor: Byte;
882 }
883
884 const Versions: ProtocolVersion[];
885 const SupportedVersions: ProtocolVersion[];
886 const Version: ProtocolVersion;
887
888 const MaxFragment: number;
889
890 enum ConnectionEnd {
891 server = 0,
892 client = 1,
893 }
894
895 enum PRFAlgorithm {
896 tls_prf_sha256 = 0,
897 }
898
899 enum BulkCipherAlgorithm {
900 rc4 = 0,
901 des3 = 1,
902 aes = 2,
903 }
904
905 enum CipherType {
906 stream = 0,
907 block = 1,
908 aead = 2,
909 }
910
911 enum MACAlgorithm {
912 hmac_md5 = 0,
913 hmac_sha1 = 1,
914 hmac_sha256 = 2,
915 hmac_sha384 = 3,
916 hmac_sha512 = 4,
917 }
918
919 enum CompressionMethod {
920 none = 0,
921 deflate = 1,
922 }
923
924 enum ContentType {
925 change_cipher_spec = 20,
926 alert = 21,
927 handshake = 22,
928 application_data = 23,
929 heartbeat = 24,
930 }
931
932 enum HandshakeType {
933 hello_request = 0,
934 client_hello = 1,
935 server_hello = 2,
936 certificate = 11,
937 server_key_exchange = 12,
938 certificate_request = 13,
939 server_hello_done = 14,
940 certificate_verify = 15,
941 client_key_exchange = 16,
942 finished = 20,
943 }
944
945 namespace Alert {
946 enum Level {
947 warning = 1,
948 fatal = 2,
949 }
950
951 enum Description {
952 close_notify = 0,
953 unexpected_message = 10,
954 bad_record_mac = 20,
955 decryption_failed = 21,
956 record_overflow = 22,
957 decompression_failure = 30,
958 handshake_failure = 40,
959 bad_certificate = 42,
960 unsupported_certificate = 43,
961 certificate_revoked = 44,
962 certificate_expired = 45,
963 certificate_unknown = 46,
964 illegal_parameter = 47,
965 unknown_ca = 48,
966 access_denied = 49,
967 decode_error = 50,
968 decrypt_error = 51,
969 export_restriction = 60,
970 protocol_version = 70,
971 insufficient_security = 71,
972 internal_error = 80,
973 user_canceled = 90,
974 no_renegotiation = 100,
975 }
976 }
977
978 enum HeartbeatMessageType {
979 heartbeat_request = 1,
980 heartbeat_response = 2,
981 }
982
983 interface CipherSuite {
984 id: [Byte, Byte];
985 name: string;
986 }
987
988 const CipherSuites: { [name: string]: CipherSuite };
989
990 interface CertificateRequest {
991 certificate_types: util.ByteBuffer;
992 certificate_authorities: util.ByteBuffer;
993 }
994
995 type ConnectionState = any;
996
997 interface Connection {
998 version: ProtocolVersion;
999 entity: ConnectionEnd;
1000 sessionId: Bytes | null;
1001 caStore: pki.CAStore;
1002 sessionCache: SessionCache | null;
1003 cipherSuites: CipherSuite[];
1004 connected(conn: Connection): void;
1005 virtualHost: string | null;
1006 verifyClient: boolean;
1007 verify(
1008 conn: Connection,
1009 verified: Verified,
1010 depth: number,
1011 certs: pki.Certificate[]
1012 ): Verified;
1013 getCertificate:
1014 | ((
1015 conn: Connection,
1016 hint: CertificateRequest | string[]
1017 ) => pki.PEM | ReadonlyArray<pki.PEM>)
1018 | null;
1019 getPrivateKey:
1020 | ((conn: Connection, certificate: pki.Certificate) => pki.PEM)
1021 | null;
1022 getSignature:
1023 | ((
1024 conn: Connection,
1025 bytes: Bytes,
1026 callback: (conn: Connection, bytes: Bytes) => void
1027 ) => void)
1028 | null;
1029 input: util.ByteBuffer;
1030 tlsData: util.ByteBuffer;
1031 data: util.ByteBuffer;
1032 tlsDataReady(conn: Connection): void;
1033 dataReady(conn: Connection): void;
1034 heartbeatReceived:
1035 | ((conn: Connection, payload: util.ByteBuffer) => void)
1036 | undefined;
1037 closed(conn: Connection): void;
1038 error(conn: Connection, error: TLSError): void;
1039 deflate: ((inBytes: Bytes) => Bytes) | null;
1040 inflate: ((inBytes: Bytes) => Bytes) | null;
1041 reset(clearFail?: boolean): void;
1042 record: Record | null;
1043 session: Session | null;
1044 peerCertificate: pki.Certificate | null;
1045 state: { pending: ConnectionState | null; current: ConnectionState };
1046 expect: number;
1047 fragmented: Record | null;
1048 records: Record[];
1049 open: boolean;
1050 handshakes: number;
1051 handshaking: boolean;
1052 isConnected: boolean;
1053 fail: boolean;
1054 handshake(sessionId?: Bytes | null): void;
1055 process(data: Bytes): number;
1056 prepare(data: Bytes): boolean;
1057 prepareHeartbeatRequest(
1058 payload: Bytes | util.ByteBuffer,
1059 payloadLength?: number
1060 ): boolean;
1061 close(clearFail?: boolean): Connection;
1062 }
1063
1064 interface Record {
1065 type: ContentType;
1066 version: ProtocolVersion;
1067 length: number;
1068 fragment: util.ByteBuffer;
1069 ready?: boolean | undefined;
1070 }
1071
1072 interface Session {
1073 version: ProtocolVersion | null;
1074 extensions: { [_: string]: object };
1075 cipherSuite: CipherSuite | null;
1076 compressionMethod: CompressionMethod | null;
1077 serverCertificate: pki.Certificate | null;
1078 clientCertificate: pki.Certificate | null;
1079 md5: md.MessageDigest;
1080 sha1: md.MessageDigest;
1081 }
1082
1083 interface SessionCache {
1084 cache: { [key: string]: Session };
1085 capacity: number;
1086 order: [Hex];
1087 getSession(sessionId: Bytes): Session;
1088 setSession(sessionId: Bytes, session: Session): void;
1089 }
1090
1091 function createSessionCache(
1092 cache?: SessionCache | { [key: string]: Session },
1093 capacity?: number
1094 ): SessionCache;
1095
1096 interface Alert {
1097 level: Alert.Level;
1098 description: Alert.Description;
1099 }
1100
1101 interface TLSError extends Error {
1102 message: string;
1103 send: boolean;
1104 origin: "server" | "client";
1105 alert: Alert;
1106 }
1107
1108 type Verified = true | { message?: string | undefined; alert?: Alert.Description | undefined };
1109
1110 function createConnection(options: {
1111 server?: boolean | undefined;
1112 sessionId?: Bytes | null | undefined;
1113 caStore?: pki.CAStore | ReadonlyArray<pki.Certificate> | undefined;
1114 sessionCache?: SessionCache | { [key: string]: Session } | undefined;
1115 cipherSuites?: CipherSuite[] | undefined;
1116 connected(conn: Connection): void;
1117 virtualHost?: string | undefined;
1118 verifyClient?: boolean | undefined;
1119 verify?(
1120 conn: Connection,
1121 verified: Verified,
1122 depth: number,
1123 certs: pki.Certificate[]
1124 ): Verified;
1125 getCertificate?(
1126 conn: Connection,
1127 hint: CertificateRequest | string[]
1128 ): pki.PEM | ReadonlyArray<pki.PEM>;
1129 getPrivateKey?(conn: Connection, certificate: pki.Certificate): pki.PEM;
1130 getSignature?(
1131 conn: Connection,
1132 bytes: Bytes,
1133 callback: (conn: Connection, bytes: Bytes) => void
1134 ): void;
1135 tlsDataReady(conn: Connection): void;
1136 dataReady(conn: Connection): void;
1137 heartbeatReceived?(conn: Connection, payload: util.ByteBuffer): void;
1138 closed(conn: Connection): void;
1139 error(conn: Connection, error: TLSError): void;
1140 deflate?(inBytes: Bytes): Bytes;
1141 inflate?(inBytes: Bytes): Bytes;
1142 }): Connection;
1143
1144 function prf_tls1(
1145 secret: string,
1146 label: string,
1147 seed: string,
1148 length: number
1149 ): util.ByteBuffer;
1150
1151 function hmac_sha1(
1152 key: string | ReadonlyArray<Byte> | util.ByteBuffer,
1153 seqNum: [number, number],
1154 record: Record
1155 ): Bytes;
1156 }
1157}
1158
\No newline at end of file