UNPKG

35.7 kBTypeScriptView Raw
1// Type definitions for node-forge 0.9.1
2// Project: https://github.com/digitalbazaar/forge
3// Definitions by: Seth Westphal <https://github.com/westy92>
4// Kay Schecker <https://github.com/flynetworks>
5// Aakash Goenka <https://github.com/a-k-g>
6// Rafal2228 <https://github.com/rafal2228>
7// Beeno Tung <https://github.com/beenotung>
8// Joe Flateau <https://github.com/joeflateau>
9// Nikita Koryabkin <https://github.com/Apologiz>
10// timhwang21 <https://github.com/timhwang21>
11// supaiku0 <https://github.com/supaiku0>
12// Anders Kaseorg <https://github.com/andersk>
13// Sascha Zarhuber <https://github.com/saschazar21>
14// Rogier Schouten <https://github.com/rogierschouten>
15// Definitions: https://github.com/DefinitelyTyped/DefinitelyTyped
16// TypeScript Version: 2.6
17
18/// <reference types="node" />
19
20declare module "node-forge" {
21 type Byte = number;
22 type Bytes = string;
23 type Hex = string;
24 type Base64 = string;
25 type Utf8 = string;
26 type OID = string;
27 type Encoding = "raw" | "utf8";
28
29 namespace jsbn {
30 class BigInteger {
31 data: number[];
32 t: number;
33 s: number;
34 toString(): string;
35 }
36 }
37
38 namespace pem {
39
40 interface EncodeOptions {
41 maxline?: number;
42 }
43
44 interface ObjectPEM {
45 type: string;
46 body: Bytes;
47 procType?: any;
48 contentDomain?: any;
49 dekInfo?: any;
50 headers?: any[];
51 }
52
53 function encode(msg: ObjectPEM, options?: EncodeOptions): string;
54 function decode(str: string): ObjectPEM[];
55 }
56
57 namespace pki {
58 type PEM = string;
59 type PublicKey = rsa.PublicKey | ed25519.Key;
60 type PrivateKey = rsa.PrivateKey | ed25519.Key;
61 type EncryptionOptions = {
62 algorithm?: 'aes128' | 'aes192' | 'aes256' | '3des';
63 count?: number;
64 saltSize?: number;
65 prfAlgorithm?: 'sha1' | 'sha224' | 'sha256' | 'sha384' | 'sha512';
66 legacy?: boolean;
67 };
68
69 interface ByteBufferFingerprintOptions {
70 /**
71 * @description The type of fingerprint. If not specified, defaults to 'RSAPublicKey'
72 */
73 type?: 'SubjectPublicKeyInfo' | 'RSAPublicKey';
74 /**
75 * @description the delimiter to use between bytes for `hex` encoded output
76 */
77 delimiter?: string;
78 /**
79 * @description if not specified defaults to `md.md5`
80 */
81 md?: md.MessageDigest;
82 }
83
84 interface HexFingerprintOptions extends ByteBufferFingerprintOptions {
85 /**
86 * @description if not specified, the function will return `ByteStringBuffer`
87 */
88 encoding: 'hex';
89 }
90
91 interface BinaryFingerprintOptions extends ByteBufferFingerprintOptions {
92 /**
93 * @description if not specified, the function will return `ByteStringBuffer`
94 */
95 encoding: 'binary';
96 }
97
98 interface KeyPair {
99 publicKey: PublicKey;
100 privateKey: PrivateKey;
101 }
102
103 interface oids {
104 [key: string]: string;
105 }
106 var oids: oids;
107
108 namespace rsa {
109 type EncryptionScheme = 'RSAES-PKCS1-V1_5' | 'RSA-OAEP' | 'RAW' | 'NONE' | null;
110 type SignatureScheme = 'RSASSA-PKCS1-V1_5' | pss.PSS | 'NONE' | null;
111
112 interface PublicKey {
113 n: jsbn.BigInteger;
114 e: jsbn.BigInteger;
115 encrypt(data: Bytes, scheme?: EncryptionScheme, schemeOptions?: any): Bytes;
116 verify(digest: Bytes, signature: Bytes, scheme?: SignatureScheme): boolean;
117 }
118
119 interface PrivateKey {
120 n: jsbn.BigInteger;
121 e: jsbn.BigInteger;
122 d: jsbn.BigInteger;
123 p: jsbn.BigInteger;
124 q: jsbn.BigInteger;
125 dP: jsbn.BigInteger;
126 dQ: jsbn.BigInteger;
127 qInv: jsbn.BigInteger;
128 decrypt(data: Bytes, scheme?: EncryptionScheme, schemeOptions?: any): Bytes;
129 sign(md: md.MessageDigest, scheme?: SignatureScheme): Bytes;
130 }
131
132 interface KeyPair {
133 publicKey: PublicKey;
134 privateKey: PrivateKey;
135 }
136
137 interface GenerateKeyPairOptions {
138 bits?: number;
139 e?: number;
140 workerScript?: string;
141 workers?: number;
142 workLoad?: number;
143 prng?: any;
144 algorithm?: string;
145 }
146
147 function setPublicKey(n: jsbn.BigInteger, e: jsbn.BigInteger): PublicKey;
148
149 function generateKeyPair(bits?: number, e?: number, callback?: (err: Error, keypair: KeyPair) => void): KeyPair;
150 function generateKeyPair(options?: GenerateKeyPairOptions, callback?: (err: Error, keypair: KeyPair) => void): KeyPair;
151 }
152
153 namespace ed25519 {
154 type NativeBuffer = Buffer | Uint8Array;
155 type Key = NativeBuffer;
156
157 type ToNativeBufferParameters = {
158 message: NativeBuffer | util.ByteBuffer
159 } | {
160 message: string;
161 encoding: 'binary' | 'utf8';
162 };
163
164 // `string`s will be converted by toNativeBuffer with `encoding: 'binary'`
165 type BinaryBuffer = NativeBuffer | util.ByteBuffer | string;
166
167 namespace constants {
168 const PUBLIC_KEY_BYTE_LENGTH = 32;
169 const PRIVATE_KEY_BYTE_LENGTH = 64;
170 const SEED_BYTE_LENGTH = 32;
171 const SIGN_BYTE_LENGTH = 64;
172 const HASH_BYTE_LENGTH = 64;
173 }
174
175 // generateKeyPair does not currently accept `util.ByteBuffer` as the seed.
176 function generateKeyPair(options?: { seed?: NativeBuffer | string }): {
177 publicKey: NativeBuffer;
178 privateKey: NativeBuffer;
179 };
180
181 function publicKeyFromPrivateKey(options: { privateKey: BinaryBuffer }): NativeBuffer;
182
183 function sign(options: ToNativeBufferParameters & {
184 privateKey: BinaryBuffer
185 }): NativeBuffer;
186
187 function verify(options: ToNativeBufferParameters & {
188 signature: BinaryBuffer,
189 publicKey: BinaryBuffer
190 }): boolean;
191 }
192
193 interface CertificateFieldOptions {
194 name?: string;
195 type?: string;
196 shortName?: string;
197 }
198
199 interface CertificateField extends CertificateFieldOptions {
200 valueConstructed?: boolean;
201 valueTagClass?: asn1.Class;
202 value?: any[] | string;
203 extensions?: any[];
204 }
205
206
207 interface Certificate {
208 version: number;
209 serialNumber: string;
210 signature: any;
211 siginfo: any;
212 validity: {
213 notBefore: Date;
214 notAfter: Date;
215 };
216 issuer: {
217 getField(sn: string | CertificateFieldOptions): any;
218 addField(attr: CertificateField): void;
219 attributes: any[];
220 hash: any;
221 };
222 subject: {
223 getField(sn: string | CertificateFieldOptions): any;
224 addField(attr: CertificateField): void;
225 attributes: any[];
226 hash: any;
227 };
228 extensions: any[];
229 privateKey: PrivateKey;
230 publicKey: PublicKey;
231 md: any;
232 /**
233 * Sets the subject of this certificate.
234 *
235 * @param attrs the array of subject attributes to use.
236 * @param uniqueId an optional a unique ID to use.
237 */
238 setSubject(attrs: CertificateField[], uniqueId?: string): void;
239 /**
240 * Sets the issuer of this certificate.
241 *
242 * @param attrs the array of subject attributes to use.
243 * @param uniqueId an optional a unique ID to use.
244 */
245 setIssuer(attrs: CertificateField[], uniqueId?: string): void;
246 /**
247 * Sets the extensions of this certificate.
248 *
249 * @param exts the array of extensions to use.
250 */
251 setExtensions(exts: any[]): void;
252 /**
253 * Gets an extension by its name or id.
254 *
255 * @param options the name to use or an object with:
256 * name the name to use.
257 * id the id to use.
258 *
259 * @return the extension or null if not found.
260 */
261 getExtension(options: string | {name: string;} | {id: number;}): {} | undefined;
262
263 /**
264 * Signs this certificate using the given private key.
265 *
266 * @param key the private key to sign with.
267 * @param md the message digest object to use (defaults to forge.md.sha1).
268 */
269 sign(key: pki.PrivateKey, md?: md.MessageDigest): void;
270 /**
271 * Attempts verify the signature on the passed certificate using this
272 * certificate's public key.
273 *
274 * @param child the certificate to verify.
275 *
276 * @return true if verified, false if not.
277 */
278 verify(child: Certificate): boolean;
279
280 /**
281 * Gets an issuer or subject attribute from its name, type, or short name.
282 *
283 * @param options a short name string or an object with:
284 * shortName the short name for the attribute.
285 * name the name for the attribute.
286 * type the type for the attribute.
287 *
288 * @return the attribute.
289 */
290 getAttribute(opts: string | GetAttributeOpts): Attribute | null;
291 }
292
293 /**
294 * Attribute members to search on; any one hit will return the attribute
295 */
296 interface GetAttributeOpts {
297 /**
298 * OID
299 */
300 type?: string;
301 /**
302 * Long name
303 */
304 name?: string;
305 /**
306 * Short name
307 */
308 shortName?: string;
309 }
310
311 interface Attribute {
312 /**
313 * e.g. challengePassword
314 */
315 name: string;
316 /**
317 * Short name, if available (e.g. 'CN' for 'commonName')
318 */
319 shortName?: string;
320 /**
321 * OID, e.g. '1.2.840.113549.1.9.7'
322 */
323 type: string;
324 /**
325 * Attribute value
326 */
327 value: any;
328 /**
329 * Attribute value data type
330 */
331 valueTagClass: number;
332 /**
333 * Extensions
334 */
335 extensions?: any[]
336 }
337
338 interface CAStore {
339 addCertificate(cert: Certificate | string): void;
340 hasCertificate(cert: Certificate | string): boolean;
341 removeCertificate(cert: Certificate | string): Certificate | null;
342 listAllCertificates(): pki.Certificate[];
343 getIssuer(subject: Certificate): Certificate | null;
344 getBySubject(subject: string): Certificate | null;
345 }
346
347 function certificateFromAsn1(obj: asn1.Asn1, computeHash?: boolean): Certificate;
348
349 function certificateToAsn1(cert: Certificate): asn1.Asn1;
350
351 function decryptRsaPrivateKey(pem: PEM, passphrase?: string): PrivateKey;
352
353 function createCertificate(): Certificate;
354
355 function certificationRequestToPem(cert: Certificate, maxline?: number): PEM;
356
357 function certificationRequestFromPem(pem: PEM, computeHash?: boolean, strict?: boolean): Certificate;
358
359 function createCertificationRequest(): Certificate;
360
361 function certificateToPem(cert: Certificate, maxline?: number): PEM;
362
363 function certificateFromPem(pem: PEM, computeHash?: boolean, strict?: boolean): Certificate;
364
365 function createCaStore(certs?: ReadonlyArray<Certificate | pki.PEM>): CAStore;
366
367 function verifyCertificateChain(caStore: CAStore, chain: Certificate[], customVerifyCallback?: (verified: boolean | string, depth: number, chain: Certificate[]) => boolean): boolean;
368
369 function pemToDer(pem: PEM): util.ByteStringBuffer;
370
371 function privateKeyToPem(key: PrivateKey, maxline?: number): PEM;
372
373 function privateKeyInfoToPem(key: asn1.Asn1, maxline?: number): PEM;
374
375 function publicKeyToPem(key: PublicKey, maxline?: number): PEM;
376
377 function publicKeyFromPem(pem: PEM): PublicKey;
378
379 function privateKeyFromPem(pem: PEM): PrivateKey;
380
381 function decryptPrivateKeyInfo(obj: asn1.Asn1, password: string): asn1.Asn1;
382
383 function encryptPrivateKeyInfo(obj: asn1.Asn1, password: string, options?: EncryptionOptions): asn1.Asn1;
384
385 function encryptedPrivateKeyFromPem(pem: PEM): asn1.Asn1;
386
387 function encryptedPrivateKeyToPem(obj: asn1.Asn1): PEM;
388
389 function decryptRsaPrivateKey(pem: PEM, password: string): PrivateKey;
390
391 function encryptRsaPrivateKey(privateKey: PrivateKey, password: string, options?: EncryptionOptions): PEM;
392
393 function privateKeyFromAsn1(privateKey: asn1.Asn1): PrivateKey;
394
395 function privateKeyToAsn1(privateKey: PrivateKey): asn1.Asn1;
396
397 function publicKeyFromAsn1(publicKey: asn1.Asn1): PublicKey;
398
399 function publicKeyToAsn1(publicKey: PublicKey): asn1.Asn1;
400
401 function publicKeyToRSAPublicKey(publicKey: PublicKey): any;
402
403 type setRsaPublicKey = typeof rsa.setPublicKey;
404
405 function wrapRsaPrivateKey(privateKey: asn1.Asn1): asn1.Asn1;
406
407 function getPublicKeyFingerprint(publicKey: PublicKey, options?: ByteBufferFingerprintOptions): util.ByteStringBuffer;
408 function getPublicKeyFingerprint(publicKey: PublicKey, options: HexFingerprintOptions): Hex;
409 function getPublicKeyFingerprint(publicKey: PublicKey, options: BinaryFingerprintOptions): Bytes;
410 }
411
412 namespace random {
413 function getBytes(count: number, callback?: (bytes: Bytes) => any): Bytes;
414 function getBytesSync(count: number): Bytes;
415 type CB = (_: any, seed: string) => void;
416 interface Random {
417 seedFileSync: (needed: number) => string;
418 seedFile: (needed: number, cb: CB) => void;
419 }
420 function createInstance(): Random;
421 }
422
423 namespace ssh {
424 interface FingerprintOptions {
425 /**
426 * @description the delimiter to use between bytes for `hex` encoded output
427 */
428 delimiter?: string;
429 /**
430 * @description if not specified, the function will return `ByteStringBuffer`
431 */
432 encoding?: 'hex' | 'binary';
433 /**
434 * @description if not specified defaults to `md.md5`
435 */
436 md?: md.MessageDigest;
437 }
438
439 /**
440 * @description Encodes a private RSA key as an OpenSSH file
441 */
442 function privateKeyToOpenSSH(privateKey: pki.PrivateKey, passphrase?: string): string;
443
444 /**
445 * @description Encodes (and optionally encrypts) a private RSA key as a Putty PPK file
446 */
447 function privateKeyToPutty(privateKey: pki.PrivateKey, passphrase?: string, comment?: string): string;
448
449 /**
450 * @description Encodes a public RSA key as an OpenSSH file
451 */
452 function publicKeyToOpenSSH(publicKey: pki.PublicKey, comment?: string): string | pki.PEM;
453
454 /**
455 * @description Gets the SSH fingerprint for the given public key
456 */
457 function getPublicKeyFingerprint(publicKey: pki.PublicKey, options?: FingerprintOptions): util.ByteStringBuffer | Hex | string;
458 }
459
460 namespace asn1 {
461 enum Class {
462 UNIVERSAL = 0x00,
463 APPLICATION = 0x40,
464 CONTEXT_SPECIFIC = 0x80,
465 PRIVATE = 0xC0,
466 }
467
468 enum Type {
469 NONE = 0,
470 BOOLEAN = 1,
471 INTEGER = 2,
472 BITSTRING = 3,
473 OCTETSTRING = 4,
474 NULL = 5,
475 OID = 6,
476 ODESC = 7,
477 EXTERNAL = 8,
478 REAL = 9,
479 ENUMERATED = 10,
480 EMBEDDED = 11,
481 UTF8 = 12,
482 ROID = 13,
483 SEQUENCE = 16,
484 SET = 17,
485 PRINTABLESTRING = 19,
486 IA5STRING = 22,
487 UTCTIME = 23,
488 GENERALIZEDTIME = 24,
489 BMPSTRING = 30,
490 }
491
492 interface Asn1 {
493 tagClass: Class;
494 type: Type;
495 constructed: boolean;
496 composed: boolean;
497 value: Bytes | Asn1[];
498 }
499
500 function create(tagClass: Class, type: Type, constructed: boolean, value: Bytes | Asn1[]): Asn1;
501 function fromDer(bytes: Bytes | util.ByteBuffer, strict?: boolean): Asn1;
502 function toDer(obj: Asn1): util.ByteBuffer;
503 function oidToDer(oid: OID): util.ByteStringBuffer;
504 function derToOid(der: util.ByteStringBuffer): OID;
505 }
506
507 namespace util {
508 function isArray(x: any): boolean;
509 function isArrayBuffer(x: any): boolean;
510 function isArrayBufferView(x: any): boolean;
511
512 interface ArrayBufferView {
513 buffer: ArrayBuffer;
514 byteLength: number;
515 }
516
517 type ByteBuffer = ByteStringBuffer;
518 class ByteStringBuffer {
519 constructor(bytes?: Bytes | ArrayBuffer | ArrayBufferView | ByteStringBuffer);
520 data: string;
521 read: number;
522 length(): number;
523 isEmpty(): boolean;
524 putByte(byte: Byte): ByteStringBuffer;
525 fillWithByte(byte: Byte, n: number): ByteStringBuffer;
526 putBytes(bytes: Bytes): ByteStringBuffer;
527 putString(str: string): ByteStringBuffer;
528 putInt16(int: number): ByteStringBuffer;
529 putInt24(int: number): ByteStringBuffer;
530 putInt32(int: number): ByteStringBuffer;
531 putInt16Le(int: number): ByteStringBuffer;
532 putInt24Le(int: number): ByteStringBuffer;
533 putInt32Le(int: number): ByteStringBuffer;
534 putInt(int: number, numOfBits: number): ByteStringBuffer;
535 putSignedInt(int: number, numOfBits: number): ByteStringBuffer;
536 putBuffer(buffer: ByteStringBuffer): ByteStringBuffer;
537 getByte(): number;
538 getInt16(): number;
539 getInt24(): number;
540 getInt32(): number;
541 getInt16Le(): number;
542 getInt24Le(): number;
543 getInt32Le(): number;
544 getInt(numOfBits: number): number;
545 getSignedInt(numOfBits: number): number;
546 getBytes(count?: number): Bytes;
547 bytes(count?: number): Bytes;
548 at(index: number): Byte;
549 setAt(index: number, byte: number): ByteStringBuffer;
550 last(): Byte;
551 copy(): ByteStringBuffer;
552 compact(): ByteStringBuffer;
553 clear(): ByteStringBuffer;
554 truncate(): ByteStringBuffer;
555 toHex(): Hex;
556 toString(): string;
557 }
558
559 function fillString(char: string, count: number): string;
560 function xorBytes(bytes1: string, bytes2: string, count: number): string;
561 function hexToBytes(hex: Hex): Bytes;
562 function bytesToHex(bytes: Bytes): Hex;
563 function int32ToBytes(int: number): Bytes;
564 function encode64(bytes: Bytes, maxline?: number): Base64;
565 function decode64(encoded: Base64): Bytes;
566 function encodeUtf8(str: string): Utf8;
567 function decodeUtf8(encoded: Utf8): string;
568
569 function createBuffer(): ByteBuffer;
570 function createBuffer(input: Bytes | ArrayBuffer | ArrayBufferView | ByteStringBuffer, encoding?: Encoding): ByteBuffer;
571
572 namespace binary {
573 namespace raw {
574 function encode(x: Uint8Array): Bytes;
575 function decode(str: Bytes, output?: Uint8Array, offset?: number): Uint8Array;
576 }
577 namespace hex {
578 function encode(bytes: Bytes | ArrayBuffer | ArrayBufferView | ByteStringBuffer): Hex;
579 function decode(hex: Hex, output?: Uint8Array, offset?: number): Uint8Array;
580 }
581 namespace base64 {
582 function encode(input: Uint8Array, maxline?: number): Base64;
583 function decode(input: Base64, output?: Uint8Array, offset?: number): Uint8Array;
584 }
585 }
586
587 namespace text {
588 namespace utf8 {
589 function encode(str: string, output?: Uint8Array, offset?: number): Uint8Array;
590 function decode(bytes: Uint8Array): Utf8;
591 }
592 namespace utf16 {
593 function encode(str: string, output?: Uint8Array, offset?: number): Uint8Array;
594 function decode(bytes: Uint8Array): string;
595 }
596 }
597 }
598
599 namespace pkcs12 {
600
601 interface BagsFilter {
602 localKeyId?: string;
603 localKeyIdHex?: string;
604 friendlyName?: string;
605 bagType?: string;
606 }
607
608 interface Bag {
609 type: string;
610 attributes: any;
611 key?: pki.PrivateKey;
612 cert?: pki.Certificate;
613 asn1: asn1.Asn1
614 }
615
616 interface Pkcs12Pfx {
617 version: string;
618 safeContents: {
619 encrypted: boolean;
620 safeBags: Bag[];
621 }[];
622 getBags: (filter: BagsFilter) => {
623 [key: string]: Bag[] | undefined;
624 localKeyId?: Bag[];
625 friendlyName?: Bag[];
626 };
627 getBagsByFriendlyName: (fiendlyName: string, bagType: string) => Bag[]
628 getBagsByLocalKeyId: (localKeyId: string, bagType: string) => Bag[]
629 }
630
631 function pkcs12FromAsn1(obj: any, strict?: boolean, password?: string): Pkcs12Pfx;
632 function pkcs12FromAsn1(obj: any, password?: string): Pkcs12Pfx;
633
634 function toPkcs12Asn1(
635 key: pki.PrivateKey,
636 cert: pki.Certificate | pki.Certificate[],
637 password: string | null,
638 options?: {
639 algorithm?: 'aes128' | 'aes192' | 'aes256' | '3des',
640 count?: number,
641 saltSize?: number,
642 useMac?: boolean,
643 localKeyId?: Hex,
644 friendlyName?: string,
645 generateLocalKeyId?: boolean,
646 },
647 ): asn1.Asn1;
648
649 function generateKey(
650 password: string | null | undefined,
651 salt: util.ByteBuffer,
652 id: Byte,
653 iter: number,
654 n: number,
655 md?: md.MessageDigest,
656 ): util.ByteBuffer;
657 }
658
659 namespace pkcs7 {
660 interface PkcsSignedData {
661 content?: string | util.ByteBuffer;
662 contentInfo?: { value: any[] };
663
664 addCertificate(certificate: pki.Certificate | string): void;
665 addSigner(options: {
666 key: string;
667 certificate: pki.Certificate | string;
668 digestAlgorithm: string;
669 authenticatedAttributes: { type: string; value?: string }[];
670 }): void;
671 sign(options?:{
672 detached?: boolean
673 }): void;
674 toAsn1(): asn1.Asn1;
675 }
676
677 function createSignedData(): PkcsSignedData;
678 }
679
680 namespace pkcs5 {
681 function pbkdf2(password: string, salt: string, iterations: number, keySize: number): string;
682 function pbkdf2(password: string, salt: string, iterations: number, keySize: number, messageDigest: md.MessageDigest): string;
683 function pbkdf2(password: string, salt: string, iterations: number, keySize: number, callback: (err: Error | null, dk: string | null) => any): void;
684 function pbkdf2(password: string, salt: string, iterations: number, keySize: number, messageDigest?: md.MessageDigest, callback?: (err: Error | null, dk: string | null) => any): void;
685 }
686
687 namespace md {
688
689 interface MessageDigest {
690 update(msg: string, encoding?: Encoding): MessageDigest;
691 digest(): util.ByteStringBuffer;
692 }
693
694 namespace sha1 {
695 function create(): MessageDigest;
696 }
697
698 namespace sha256 {
699 function create(): MessageDigest;
700 }
701
702 namespace sha384 {
703 function create(): MessageDigest;
704 }
705
706 namespace sha512 {
707 function create(): MessageDigest;
708 }
709
710 namespace md5 {
711 function create(): MessageDigest;
712 }
713
714 namespace hmac {
715 }
716 }
717
718 namespace hmac {
719
720 type Algorithm = "sha1" | "md5" | "sha256";
721
722 interface HMAC {
723 digest(): util.ByteBuffer;
724 getMact(): util.ByteBuffer;
725 start(md: Algorithm, key: string | util.ByteBuffer | null): void;
726 update(bytes: string | util.ByteBuffer | Buffer): void;
727 }
728
729 function create(): HMAC;
730 }
731
732 namespace cipher {
733
734 type Algorithm = "AES-ECB" | "AES-CBC" | "AES-CFB" | "AES-OFB" | "AES-CTR" | "AES-GCM" | "3DES-ECB" | "3DES-CBC" | "DES-ECB" | "DES-CBC";
735
736 function createCipher(algorithm: Algorithm, payload: util.ByteBuffer | Bytes): BlockCipher;
737 function createDecipher(algorithm: Algorithm, payload: util.ByteBuffer | Bytes): BlockCipher;
738
739 interface StartOptions {
740 iv?: util.ByteBuffer | Byte[] | Bytes;
741 tag?: util.ByteStringBuffer;
742 tagLength?: number;
743 additionalData?: string;
744 }
745
746 interface BlockCipher {
747 start: (options?: StartOptions) => void;
748 update: (payload: util.ByteBuffer) => void;
749 finish: () => boolean;
750 output: util.ByteStringBuffer;
751 mode: Mode;
752 }
753
754 interface Mode {
755 tag: util.ByteStringBuffer;
756 }
757 }
758
759 namespace pss {
760 type PSS = any;
761
762 function create(any: any): PSS;
763 }
764
765 namespace mgf {
766 namespace mgf1 {
767 function create(any: any): any;
768 }
769 }
770
771 namespace tls {
772 interface ProtocolVersion {
773 major: Byte;
774 minor: Byte;
775 }
776
777 const Versions: ProtocolVersion[];
778 const SupportedVersions: ProtocolVersion[];
779 const Version: ProtocolVersion;
780
781 const MaxFragment: number;
782
783 enum ConnectionEnd {
784 server = 0,
785 client = 1,
786 }
787
788 enum PRFAlgorithm {
789 tls_prf_sha256 = 0,
790 }
791
792 enum BulkCipherAlgorithm {
793 rc4 = 0,
794 des3 = 1,
795 aes = 2,
796 }
797
798 enum CipherType {
799 stream = 0,
800 block = 1,
801 aead = 2,
802 }
803
804 enum MACAlgorithm {
805 hmac_md5 = 0,
806 hmac_sha1 = 1,
807 hmac_sha256 = 2,
808 hmac_sha384 = 3,
809 hmac_sha512 = 4,
810 }
811
812 enum CompressionMethod {
813 none = 0,
814 deflate = 1,
815 }
816
817 enum ContentType {
818 change_cipher_spec = 20,
819 alert = 21,
820 handshake = 22,
821 application_data = 23,
822 heartbeat = 24,
823 }
824
825 enum HandshakeType {
826 hello_request = 0,
827 client_hello = 1,
828 server_hello = 2,
829 certificate = 11,
830 server_key_exchange = 12,
831 certificate_request = 13,
832 server_hello_done = 14,
833 certificate_verify = 15,
834 client_key_exchange = 16,
835 finished = 20,
836 }
837
838 namespace Alert {
839 enum Level {
840 warning = 1,
841 fatal = 2,
842 }
843
844 enum Description {
845 close_notify = 0,
846 unexpected_message = 10,
847 bad_record_mac = 20,
848 decryption_failed = 21,
849 record_overflow = 22,
850 decompression_failure = 30,
851 handshake_failure = 40,
852 bad_certificate = 42,
853 unsupported_certificate = 43,
854 certificate_revoked = 44,
855 certificate_expired = 45,
856 certificate_unknown = 46,
857 illegal_parameter = 47,
858 unknown_ca = 48,
859 access_denied = 49,
860 decode_error = 50,
861 decrypt_error = 51,
862 export_restriction = 60,
863 protocol_version = 70,
864 insufficient_security = 71,
865 internal_error = 80,
866 user_canceled = 90,
867 no_renegotiation = 100,
868 }
869 }
870
871 enum HeartbeatMessageType {
872 heartbeat_request = 1,
873 heartbeat_response = 2,
874 }
875
876 interface CipherSuite {
877 id: [Byte, Byte];
878 name: string;
879 }
880
881 const CipherSuites: { [name: string]: CipherSuite };
882
883 interface CertificateRequest {
884 certificate_types: util.ByteBuffer;
885 certificate_authorities: util.ByteBuffer;
886 }
887
888 type ConnectionState = any;
889
890 interface Connection {
891 version: ProtocolVersion;
892 entity: ConnectionEnd;
893 sessionId: Bytes | null;
894 caStore: pki.CAStore;
895 sessionCache: SessionCache | null;
896 cipherSuites: CipherSuite[];
897 connected(conn: Connection): void;
898 virtualHost: string | null;
899 verifyClient: boolean;
900 verify(
901 conn: Connection,
902 verified: Verified,
903 depth: number,
904 certs: pki.Certificate[]
905 ): Verified;
906 getCertificate:
907 | ((
908 conn: Connection,
909 hint: CertificateRequest | string[]
910 ) => pki.PEM | ReadonlyArray<pki.PEM>)
911 | null;
912 getPrivateKey:
913 | ((conn: Connection, certificate: pki.Certificate) => pki.PEM)
914 | null;
915 getSignature:
916 | ((
917 conn: Connection,
918 bytes: Bytes,
919 callback: (conn: Connection, bytes: Bytes) => void
920 ) => void)
921 | null;
922 input: util.ByteBuffer;
923 tlsData: util.ByteBuffer;
924 data: util.ByteBuffer;
925 tlsDataReady(conn: Connection): void;
926 dataReady(conn: Connection): void;
927 heartbeatReceived:
928 | ((conn: Connection, payload: util.ByteBuffer) => void)
929 | undefined;
930 closed(conn: Connection): void;
931 error(conn: Connection, error: TLSError): void;
932 deflate: ((inBytes: Bytes) => Bytes) | null;
933 inflate: ((inBytes: Bytes) => Bytes) | null;
934 reset(clearFail?: boolean): void;
935 record: Record | null;
936 session: Session | null;
937 peerCertificate: pki.Certificate | null;
938 state: { pending: ConnectionState | null; current: ConnectionState };
939 expect: number;
940 fragmented: Record | null;
941 records: Record[];
942 open: boolean;
943 handshakes: number;
944 handshaking: boolean;
945 isConnected: boolean;
946 fail: boolean;
947 handshake(sessionId?: Bytes | null): void;
948 process(data: Bytes): number;
949 prepare(data: Bytes): boolean;
950 prepareHeartbeatRequest(
951 payload: Bytes | util.ByteBuffer,
952 payloadLength?: number
953 ): boolean;
954 close(clearFail?: boolean): Connection;
955 }
956
957 interface Record {
958 type: ContentType;
959 version: ProtocolVersion;
960 length: number;
961 fragment: util.ByteBuffer;
962 ready?: boolean;
963 }
964
965 interface Session {
966 version: ProtocolVersion | null;
967 extensions: { [_: string]: object };
968 cipherSuite: CipherSuite | null;
969 compressionMethod: CompressionMethod | null;
970 serverCertificate: pki.Certificate | null;
971 clientCertificate: pki.Certificate | null;
972 md5: md.MessageDigest;
973 sha1: md.MessageDigest;
974 }
975
976 interface SessionCache {
977 cache: { [key: string]: Session };
978 capacity: number;
979 order: [Hex];
980 getSession(sessionId: Bytes): Session;
981 setSession(sessionId: Bytes, session: Session): void;
982 }
983
984 function createSessionCache(
985 cache?: SessionCache | { [key: string]: Session },
986 capacity?: number
987 ): SessionCache;
988
989 interface Alert {
990 level: Alert.Level;
991 description: Alert.Description;
992 }
993
994 interface TLSError extends Error {
995 message: string;
996 send: boolean;
997 origin: "server" | "client";
998 alert: Alert;
999 }
1000
1001 type Verified = true | { message?: string; alert?: Alert.Description };
1002
1003 function createConnection(options: {
1004 server?: boolean;
1005 sessionId?: Bytes | null;
1006 caStore?: pki.CAStore | ReadonlyArray<pki.Certificate>;
1007 sessionCache?: SessionCache | { [key: string]: Session };
1008 cipherSuites?: CipherSuite[];
1009 connected(conn: Connection): void;
1010 virtualHost?: string;
1011 verifyClient?: boolean;
1012 verify?(
1013 conn: Connection,
1014 verified: Verified,
1015 depth: number,
1016 certs: pki.Certificate[]
1017 ): Verified;
1018 getCertificate?(
1019 conn: Connection,
1020 hint: CertificateRequest | string[]
1021 ): pki.PEM | ReadonlyArray<pki.PEM>;
1022 getPrivateKey?(conn: Connection, certificate: pki.Certificate): pki.PEM;
1023 getSignature?(
1024 conn: Connection,
1025 bytes: Bytes,
1026 callback: (conn: Connection, bytes: Bytes) => void
1027 ): void;
1028 tlsDataReady(conn: Connection): void;
1029 dataReady(conn: Connection): void;
1030 heartbeatReceived?(conn: Connection, payload: util.ByteBuffer): void;
1031 closed(conn: Connection): void;
1032 error(conn: Connection, error: TLSError): void;
1033 deflate?(inBytes: Bytes): Bytes;
1034 inflate?(inBytes: Bytes): Bytes;
1035 }): Connection;
1036
1037 function prf_tls1(
1038 secret: string,
1039 label: string,
1040 seed: string,
1041 length: number
1042 ): util.ByteBuffer;
1043
1044 function hmac_sha1(
1045 key: string | ReadonlyArray<Byte> | util.ByteBuffer,
1046 seqNum: [number, number],
1047 record: Record
1048 ): Bytes;
1049 }
1050}
1051
\No newline at end of file