UNPKG

52.8 kBTypeScriptView Raw
1// Type definitions for node-forge 1.3
2// Project: https://github.com/digitalbazaar/forge
3// Definitions by: Seth Westphal <https://github.com/westy92>
4// Kay Schecker <https://github.com/flynetworks>
5// Aakash Goenka <https://github.com/a-k-g>
6// Rafal2228 <https://github.com/rafal2228>
7// Beeno Tung <https://github.com/beenotung>
8// Joe Flateau <https://github.com/joeflateau>
9// timhwang21 <https://github.com/timhwang21>
10// Anders Kaseorg <https://github.com/andersk>
11// Sascha Zarhuber <https://github.com/saschazar21>
12// Rogier Schouten <https://github.com/rogierschouten>
13// Ivan Aseev <https://github.com/aseevia>
14// Wiktor Kwapisiewicz <https://github.com/wiktor-k>
15// Ligia Frangello <https://github.com/frangello>
16// Dmitry Avezov <https://github.com/avezov>
17// Jose Fuentes <https://github.com/j-fuentes>
18// Anya Reyes <https://github.com/darkade>
19// Tino <https://github.com/tino-247>
20// BendingBender <https://github.com/BendingBender>
21// Definitions: https://github.com/DefinitelyTyped/DefinitelyTyped
22
23/// <reference types="node" />
24
25declare module 'node-forge' {
26 type Byte = number;
27 type Bytes = string;
28 type Hex = string;
29 type Base64 = string;
30 type Utf8 = string;
31 type OID = string;
32 type Encoding = 'raw' | 'utf8';
33
34 namespace jsbn {
35 interface RandomGenerator {
36 nextBytes(bytes: number[]): void;
37 }
38 class BigInteger {
39 static ZERO: BigInteger;
40 static ONE: BigInteger;
41 constructor(a: null);
42 constructor(a: number, c: RandomGenerator);
43 constructor(a: number, b: number, c: RandomGenerator);
44 constructor(a: string, b?: number);
45 constructor(a: number[], b?: number);
46 constructor(a: BigInteger);
47 data: number[];
48 t: number;
49 s: number;
50 am(i: number, x: number, w: BigInteger, j: number, c: number, n: number): number;
51 toString(b?: number): string;
52 bitLength(): number;
53 negate(): BigInteger;
54 abs(): BigInteger;
55 compareTo(a: BigInteger): number;
56 bitLength(): number;
57 mod(a: BigInteger): BigInteger;
58 modPowInt(e: number, m: BigInteger): BigInteger;
59 clone(): BigInteger;
60 intValue(): number;
61 byteValue(): number;
62 shortValue(): number;
63 signum(): number;
64 toByteArray(): number[];
65 equals(a: BigInteger): boolean;
66 min(a: BigInteger): BigInteger;
67 max(a: BigInteger): BigInteger;
68 and(a: BigInteger): BigInteger;
69 or(a: BigInteger): BigInteger;
70 xor(a: BigInteger): BigInteger;
71 andNot(a: BigInteger): BigInteger;
72 not(): BigInteger;
73 shiftLeft(n: number): BigInteger;
74 shiftRight(n: number): BigInteger;
75 getLowestSetBit(): number;
76 bitCount(): number;
77 testBit(n: number): boolean;
78 clearBit(n: number): BigInteger;
79 flipBit(n: number): BigInteger;
80 add(a: BigInteger): BigInteger;
81 subtract(a: BigInteger): BigInteger;
82 multiply(a: BigInteger): BigInteger;
83 squareTo(a: BigInteger): BigInteger;
84 divide(a: BigInteger): BigInteger;
85 remainder(a: BigInteger): BigInteger;
86 divideAndRemainder(a: BigInteger): BigInteger[]; // Array of 2 items
87 pow(e: number): BigInteger;
88 modPow(e: BigInteger, m: BigInteger): BigInteger;
89 gcd(a: BigInteger): BigInteger;
90 modInverse(m: BigInteger): BigInteger;
91 isProbablePrime(t: number): boolean;
92 }
93 }
94
95 namespace rc2 {
96 type pad_function = (blockSize: number, buffer: util.ByteBuffer, decrypt: boolean) => boolean;
97 interface cipher {
98 start(iv: util.ByteBuffer | string | null, output?: util.ByteBuffer): void;
99 update(input: util.ByteBuffer): void;
100 finish(pad?: pad_function): boolean;
101 output: util.ByteBuffer;
102 }
103
104 function expandKey(key: string | util.ByteBuffer, effKeyBits?: number): util.ByteBuffer;
105 function startEncrypting(
106 key: string | util.ByteBuffer,
107 iv: util.ByteBuffer | Byte[] | Bytes,
108 output: util.ByteBuffer | null,
109 ): rc2.cipher;
110 function createEncryptionCipher(key: string | util.ByteBuffer, bits?: number): rc2.cipher;
111 function startDecrypting(
112 key: string | util.ByteBuffer,
113 iv: util.ByteBuffer | Byte[] | Bytes,
114 output: util.ByteBuffer | null,
115 ): rc2.cipher;
116 function createDecryptionCipher(key: string | util.ByteBuffer, bits?: number): rc2.cipher;
117 }
118
119 namespace kem {
120 namespace rsa {
121 interface kem {
122 /**
123 * Generates a secret key and its encapsulation.
124 *
125 * @param publicKey the RSA public key to encrypt with.
126 * @param keyLength the length, in bytes, of the secret key to generate.
127 */
128 encrypt(publicKey: pki.rsa.PublicKey, keyLength: number): EncryptResult;
129 /**
130 * Decrypts an encapsulated secret key.
131 *
132 * @param privateKey the RSA private key to decrypt with.
133 * @param encapsulation the ciphertext for generating the secret key, as a binary-encoded
134 * string of bytes.
135 * @param keyLength the length, in bytes, of the secret key to generate.
136 *
137 * @return the secret key as a binary-encoded string of bytes.
138 */
139 decrypt(privateKey: pki.rsa.PrivateKey, encapsulation: string, keyLength: number): string;
140 }
141
142 interface random {
143 getBytesSync(count: number): Bytes;
144 }
145
146 interface Options {
147 /**
148 * A custom crypto-secure pseudo-random number generator to use.
149 */
150 prng?: random | undefined;
151 }
152
153 /**
154 * Creates an RSA KEM API object for generating a secret asymmetric key.
155 *
156 * The symmetric key may be generated via a call to 'encrypt', which will
157 * produce a ciphertext to be transmitted to the recipient and a key to be
158 * kept secret. The ciphertext is a parameter to be passed to 'decrypt' which
159 * will produce the same secret key for the recipient to use to decrypt a
160 * message that was encrypted with the secret key.
161 *
162 * @param kdf the KDF API to use (eg: `new forge.kem.kdf1()`).
163 * @param options the options to use.
164 */
165 function create(kdf: KDF, options?: Options): kem;
166 }
167
168 interface EncryptResult {
169 /**
170 * The ciphertext for generating the secret key, as a binary-encoded string of bytes.
171 */
172 encapsulation: string;
173 /**
174 * The secret key to use for encrypting a message.
175 */
176 key: string;
177 }
178
179 interface KDF {
180 /**
181 * Generate a key of the specified length.
182 *
183 * @param x the binary-encoded byte string to generate a key from.
184 * @param length the number of bytes to generate (the size of the key).
185 *
186 * @return the key as a binary-encoded string.
187 */
188 generate(x: string, length: number): string;
189 }
190
191 /**
192 * Creates a key derivation API object that implements KDF1 per ISO 18033-2.
193 *
194 * @param md the hash API to use.
195 * @param digestLength a digest length that must be positive and less than or equal to `md.digestLength`.
196 *
197 * @return a KDF1 API object.
198 */
199 class kdf1 implements KDF {
200 constructor(md: md.MessageDigest, digestLength?: number);
201 /**
202 * Generate a key of the specified length.
203 *
204 * @param x the binary-encoded byte string to generate a key from.
205 * @param length the number of bytes to generate (the size of the key).
206 *
207 * @return the key as a binary-encoded string.
208 */
209 generate(x: string, length: number): string;
210 }
211
212 /**
213 * Creates a key derivation API object that implements KDF2 per ISO 18033-2.
214 *
215 * @param md the hash API to use.
216 * @param digestLength a digest length that must be positive and less than or equal to `md.digestLength`.
217 *
218 * @return a KDF2 API object.
219 */
220 class kdf2 implements KDF {
221 constructor(md: md.MessageDigest, digestLength?: number);
222 /**
223 * Generate a key of the specified length.
224 *
225 * @param x the binary-encoded byte string to generate a key from.
226 * @param length the number of bytes to generate (the size of the key).
227 *
228 * @return the key as a binary-encoded string.
229 */
230 generate(x: string, length: number): string;
231 }
232 }
233
234 namespace pem {
235 interface EncodeOptions {
236 maxline?: number | undefined;
237 }
238
239 interface ObjectPEM {
240 type: string;
241 body: Bytes;
242 procType?: any;
243 contentDomain?: any;
244 dekInfo?: any;
245 headers?: any[] | undefined;
246 }
247
248 function encode(msg: ObjectPEM, options?: EncodeOptions): string;
249 function decode(str: string): ObjectPEM[];
250 }
251
252 namespace pki {
253 type PEM = string;
254 type PublicKey = rsa.PublicKey | ed25519.Key;
255 type PrivateKey = rsa.PrivateKey | ed25519.Key;
256 type EncryptionOptions = {
257 algorithm?: 'aes128' | 'aes192' | 'aes256' | '3des' | undefined;
258 count?: number | undefined;
259 saltSize?: number | undefined;
260 prfAlgorithm?: 'sha1' | 'sha224' | 'sha256' | 'sha384' | 'sha512' | undefined;
261 legacy?: boolean | undefined;
262 };
263
264 interface ByteBufferFingerprintOptions {
265 /**
266 * @description The type of fingerprint. If not specified, defaults to 'RSAPublicKey'
267 */
268 type?: 'SubjectPublicKeyInfo' | 'RSAPublicKey' | undefined;
269 /**
270 * @description the delimiter to use between bytes for `hex` encoded output
271 */
272 delimiter?: string | undefined;
273 /**
274 * @description if not specified defaults to `md.md5`
275 */
276 md?: md.MessageDigest | undefined;
277 }
278
279 interface HexFingerprintOptions extends ByteBufferFingerprintOptions {
280 /**
281 * @description if not specified, the function will return `ByteStringBuffer`
282 */
283 encoding: 'hex';
284 }
285
286 interface BinaryFingerprintOptions extends ByteBufferFingerprintOptions {
287 /**
288 * @description if not specified, the function will return `ByteStringBuffer`
289 */
290 encoding: 'binary';
291 }
292
293 interface KeyPair {
294 publicKey: PublicKey;
295 privateKey: PrivateKey;
296 }
297
298 interface oids {
299 [key: string]: string;
300 }
301 var oids: oids;
302
303 namespace rsa {
304 type EncryptionScheme = 'RSAES-PKCS1-V1_5' | 'RSA-OAEP' | 'RAW' | 'NONE' | null;
305 type SignatureScheme = 'RSASSA-PKCS1-V1_5' | pss.PSS | 'NONE' | null;
306
307 interface PublicKey {
308 n: jsbn.BigInteger;
309 e: jsbn.BigInteger;
310 encrypt(data: Bytes, scheme?: EncryptionScheme, schemeOptions?: any): Bytes;
311 verify(digest: Bytes, signature: Bytes, scheme?: SignatureScheme): boolean;
312 }
313
314 interface PrivateKey {
315 n: jsbn.BigInteger;
316 e: jsbn.BigInteger;
317 d: jsbn.BigInteger;
318 p: jsbn.BigInteger;
319 q: jsbn.BigInteger;
320 dP: jsbn.BigInteger;
321 dQ: jsbn.BigInteger;
322 qInv: jsbn.BigInteger;
323 decrypt(data: Bytes, scheme?: EncryptionScheme, schemeOptions?: any): Bytes;
324 sign(md: md.MessageDigest | Bytes, scheme?: SignatureScheme): Bytes;
325 }
326
327 interface KeyPair {
328 publicKey: PublicKey;
329 privateKey: PrivateKey;
330 }
331
332 interface GenerateKeyPairOptions {
333 bits?: number | undefined;
334 e?: number | undefined;
335 workerScript?: string | undefined;
336 workers?: number | undefined;
337 workLoad?: number | undefined;
338 prng?: any;
339 algorithm?: string | undefined;
340 }
341
342 function setPublicKey(n: jsbn.BigInteger, e: jsbn.BigInteger): PublicKey;
343
344 function generateKeyPair(
345 bits?: number,
346 e?: number,
347 callback?: (err: Error, keypair: KeyPair) => void,
348 ): KeyPair;
349 function generateKeyPair(
350 options?: GenerateKeyPairOptions,
351 callback?: (err: Error, keypair: KeyPair) => void,
352 ): KeyPair;
353 }
354
355 namespace ed25519 {
356 type NativeBuffer = Buffer | Uint8Array;
357 type Key = NativeBuffer;
358
359 type ToNativeBufferParameters =
360 | {
361 message: NativeBuffer | util.ByteBuffer;
362 }
363 | {
364 message: string;
365 encoding: 'binary' | 'utf8';
366 };
367
368 // `string`s will be converted by toNativeBuffer with `encoding: 'binary'`
369 type BinaryBuffer = NativeBuffer | util.ByteBuffer | string;
370
371 namespace constants {
372 const PUBLIC_KEY_BYTE_LENGTH = 32;
373 const PRIVATE_KEY_BYTE_LENGTH = 64;
374 const SEED_BYTE_LENGTH = 32;
375 const SIGN_BYTE_LENGTH = 64;
376 const HASH_BYTE_LENGTH = 64;
377 }
378
379 // generateKeyPair does not currently accept `util.ByteBuffer` as the seed.
380 function generateKeyPair(options?: { seed?: NativeBuffer | string | undefined }): {
381 publicKey: NativeBuffer;
382 privateKey: NativeBuffer;
383 };
384
385 function privateKeyFromAsn1(obj: asn1.Asn1): { privateKeyBytes: NativeBuffer };
386
387 function publicKeyFromAsn1(obj: asn1.Asn1): NativeBuffer;
388
389 function publicKeyFromPrivateKey(options: { privateKey: BinaryBuffer }): NativeBuffer;
390
391 function sign(
392 options: ToNativeBufferParameters & {
393 privateKey: BinaryBuffer;
394 },
395 ): NativeBuffer;
396
397 function verify(
398 options: ToNativeBufferParameters & {
399 signature: BinaryBuffer;
400 publicKey: BinaryBuffer;
401 },
402 ): boolean;
403 }
404
405 interface CertificateFieldOptions {
406 name?: string | undefined;
407 type?: string | undefined;
408 shortName?: string | undefined;
409 }
410
411 interface CertificateField extends CertificateFieldOptions {
412 valueConstructed?: boolean | undefined;
413 valueTagClass?: asn1.Class | undefined;
414 value?: any[] | string | undefined;
415 extensions?: any[] | undefined;
416 }
417
418 interface Certificate {
419 version: number;
420 serialNumber: string;
421 signature: any;
422 siginfo: any;
423 validity: {
424 notBefore: Date;
425 notAfter: Date;
426 };
427 issuer: {
428 getField(sn: string | CertificateFieldOptions): any;
429 addField(attr: CertificateField): void;
430 attributes: CertificateField[];
431 hash: any;
432 };
433 subject: {
434 getField(sn: string | CertificateFieldOptions): any;
435 addField(attr: CertificateField): void;
436 attributes: CertificateField[];
437 hash: any;
438 };
439 extensions: any[];
440 privateKey: PrivateKey;
441 publicKey: PublicKey;
442 md: any;
443 /**
444 * Sets the subject of this certificate.
445 *
446 * @param attrs the array of subject attributes to use.
447 * @param uniqueId an optional a unique ID to use.
448 */
449 setSubject(attrs: CertificateField[], uniqueId?: string): void;
450 /**
451 * Sets the issuer of this certificate.
452 *
453 * @param attrs the array of subject attributes to use.
454 * @param uniqueId an optional a unique ID to use.
455 */
456 setIssuer(attrs: CertificateField[], uniqueId?: string): void;
457 /**
458 * Sets the extensions of this certificate.
459 *
460 * @param exts the array of extensions to use.
461 */
462 setExtensions(exts: any[]): void;
463 /**
464 * Gets an extension by its name or id.
465 *
466 * @param options the name to use or an object with:
467 * name the name to use.
468 * id the id to use.
469 *
470 * @return the extension or null if not found.
471 */
472 getExtension(options: string | { name: string } | { id: number }): {} | undefined;
473
474 /**
475 * Signs this certificate using the given private key.
476 *
477 * @param key the private key to sign with.
478 * @param md the message digest object to use (defaults to forge.md.sha1).
479 */
480 sign(key: pki.PrivateKey, md?: md.MessageDigest): void;
481 /**
482 * Attempts verify the signature on the passed certificate using this
483 * certificate's public key.
484 *
485 * @param child the certificate to verify.
486 *
487 * @return true if verified, false if not.
488 */
489 verify(child: Certificate): boolean;
490
491 /**
492 * Returns true if this certificate's issuer matches the passed
493 * certificate's subject. Note that no signature check is performed.
494 *
495 * @param parent the certificate to check.
496 *
497 * @return true if this certificate's issuer matches the passed certificate's
498 * subject.
499 */
500 isIssuer(parent: Certificate): boolean;
501
502 /**
503 * Returns true if this certificate's subject matches the issuer of the
504 * given certificate). Note that not signature check is performed.
505 *
506 * @param child the certificate to check.
507 *
508 * @return true if this certificate's subject matches the passed
509 * certificate's issuer.
510 */
511 issued(child: Certificate): boolean;
512 }
513
514 interface CertificateRequest extends Certificate {
515 /**
516 * Gets an issuer or subject attribute from its name, type, or short name.
517 *
518 * @param opts a short name string or an object with:
519 * shortName the short name for the attribute.
520 * name the name for the attribute.
521 * type the type for the attribute.
522 *
523 * @return the attribute.
524 */
525 getAttribute(opts: string | GetAttributeOpts): Attribute | null;
526 }
527
528 /**
529 * Attribute members to search on; any one hit will return the attribute
530 */
531 interface GetAttributeOpts {
532 /**
533 * OID
534 */
535 type?: string | undefined;
536 /**
537 * Long name
538 */
539 name?: string | undefined;
540 /**
541 * Short name
542 */
543 shortName?: string | undefined;
544 }
545
546 interface Attribute {
547 /**
548 * e.g. challengePassword
549 */
550 name: string;
551 /**
552 * Short name, if available (e.g. 'CN' for 'commonName')
553 */
554 shortName?: string | undefined;
555 /**
556 * OID, e.g. '1.2.840.113549.1.9.7'
557 */
558 type: string;
559 /**
560 * Attribute value
561 */
562 value: any;
563 /**
564 * Attribute value data type
565 */
566 valueTagClass: number;
567 /**
568 * Extensions
569 */
570 extensions?: any[] | undefined;
571 }
572
573 interface CAStore {
574 addCertificate(cert: Certificate | string): void;
575 hasCertificate(cert: Certificate | string): boolean;
576 removeCertificate(cert: Certificate | string): Certificate | null;
577 listAllCertificates(): pki.Certificate[];
578 getIssuer(subject: Certificate): Certificate | null;
579 getBySubject(subject: string): Certificate | null;
580 }
581
582 function certificateFromAsn1(obj: asn1.Asn1, computeHash?: boolean): Certificate;
583
584 function certificationRequestFromAsn1(obj: asn1.Asn1, computeHash?: boolean): Certificate;
585
586 function certificateToAsn1(cert: Certificate): asn1.Asn1;
587
588 function certificationRequestToAsn1(cert: Certificate): asn1.Asn1;
589
590 function decryptRsaPrivateKey(pem: PEM, passphrase?: string): rsa.PrivateKey;
591
592 function createCertificate(): Certificate;
593
594 function certificationRequestToPem(cert: Certificate, maxline?: number): PEM;
595
596 function certificationRequestFromPem(pem: PEM, computeHash?: boolean, strict?: boolean): Certificate;
597
598 function createCertificationRequest(): CertificateRequest;
599
600 function certificateToPem(cert: Certificate, maxline?: number): PEM;
601
602 function certificateFromPem(pem: PEM, computeHash?: boolean, strict?: boolean): Certificate;
603
604 function createCaStore(certs?: ReadonlyArray<Certificate | pki.PEM>): CAStore;
605
606 function verifyCertificateChain(
607 caStore: CAStore,
608 chain: Certificate[],
609 options?:
610 | ((verified: boolean | string, depth: number, certs: Certificate[]) => boolean)
611 | {
612 verify?:
613 | ((verified: boolean | string, depth: number, certs: Certificate[]) => boolean)
614 | undefined;
615 validityCheckDate?: Date | null | undefined;
616 },
617 ): boolean;
618
619 function pemToDer(pem: PEM): util.ByteStringBuffer;
620
621 function privateKeyToPem(key: PrivateKey, maxline?: number): PEM;
622
623 function privateKeyInfoToPem(key: asn1.Asn1, maxline?: number): PEM;
624
625 function publicKeyToPem(key: PublicKey, maxline?: number): PEM;
626
627 function publicKeyToRSAPublicKeyPem(key: PublicKey, maxline?: number): PEM;
628
629 function publicKeyFromPem(pem: PEM): rsa.PublicKey;
630
631 function privateKeyFromPem(pem: PEM): rsa.PrivateKey;
632
633 function decryptPrivateKeyInfo(obj: asn1.Asn1, password: string): asn1.Asn1;
634
635 function encryptPrivateKeyInfo(obj: asn1.Asn1, password: string, options?: EncryptionOptions): asn1.Asn1;
636
637 function encryptedPrivateKeyFromPem(pem: PEM): asn1.Asn1;
638
639 function encryptedPrivateKeyToPem(obj: asn1.Asn1): PEM;
640
641 function decryptRsaPrivateKey(pem: PEM, password: string): rsa.PrivateKey;
642
643 function encryptRsaPrivateKey(privateKey: PrivateKey, password: string, options?: EncryptionOptions): PEM;
644
645 function privateKeyFromAsn1(privateKey: asn1.Asn1): PrivateKey;
646
647 function privateKeyToAsn1(privateKey: PrivateKey): asn1.Asn1;
648
649 function publicKeyFromAsn1(publicKey: asn1.Asn1): PublicKey;
650
651 function publicKeyToAsn1(publicKey: PublicKey): asn1.Asn1;
652
653 function publicKeyToRSAPublicKey(publicKey: PublicKey): any;
654
655 type setRsaPublicKey = typeof rsa.setPublicKey;
656
657 function wrapRsaPrivateKey(privateKey: asn1.Asn1): asn1.Asn1;
658
659 function getPublicKeyFingerprint(
660 publicKey: PublicKey,
661 options?: ByteBufferFingerprintOptions,
662 ): util.ByteStringBuffer;
663 function getPublicKeyFingerprint(publicKey: PublicKey, options: HexFingerprintOptions): Hex;
664 function getPublicKeyFingerprint(publicKey: PublicKey, options: BinaryFingerprintOptions): Bytes;
665 }
666
667 namespace random {
668 function getBytes(count: number, callback?: (err: Error | null, bytes: Bytes) => any): void;
669 function getBytesSync(count: number): Bytes;
670 type CB = (_: any, seed: string) => void;
671 interface Random {
672 seedFileSync: (needed: number) => string;
673 seedFile: (needed: number, cb: CB) => void;
674 }
675 function createInstance(): Random;
676 }
677
678 namespace ssh {
679 interface FingerprintOptions {
680 /**
681 * @description the delimiter to use between bytes for `hex` encoded output
682 */
683 delimiter?: string | undefined;
684 /**
685 * @description if not specified, the function will return `ByteStringBuffer`
686 */
687 encoding?: 'hex' | 'binary' | undefined;
688 /**
689 * @description if not specified defaults to `md.md5`
690 */
691 md?: md.MessageDigest | undefined;
692 }
693
694 /**
695 * @description Encodes a private RSA key as an OpenSSH file
696 */
697 function privateKeyToOpenSSH(privateKey: pki.PrivateKey, passphrase?: string): string;
698
699 /**
700 * @description Encodes (and optionally encrypts) a private RSA key as a Putty PPK file
701 */
702 function privateKeyToPutty(privateKey: pki.PrivateKey, passphrase?: string, comment?: string): string;
703
704 /**
705 * @description Encodes a public RSA key as an OpenSSH file
706 */
707 function publicKeyToOpenSSH(publicKey: pki.PublicKey, comment?: string): string | pki.PEM;
708
709 /**
710 * @description Gets the SSH fingerprint for the given public key
711 */
712 function getPublicKeyFingerprint(
713 publicKey: pki.PublicKey,
714 options?: FingerprintOptions,
715 ): util.ByteStringBuffer | Hex | string;
716 }
717
718 namespace asn1 {
719 enum Class {
720 UNIVERSAL = 0x00,
721 APPLICATION = 0x40,
722 CONTEXT_SPECIFIC = 0x80,
723 PRIVATE = 0xc0,
724 }
725
726 enum Type {
727 NONE = 0,
728 BOOLEAN = 1,
729 INTEGER = 2,
730 BITSTRING = 3,
731 OCTETSTRING = 4,
732 NULL = 5,
733 OID = 6,
734 ODESC = 7,
735 EXTERNAL = 8,
736 REAL = 9,
737 ENUMERATED = 10,
738 EMBEDDED = 11,
739 UTF8 = 12,
740 ROID = 13,
741 SEQUENCE = 16,
742 SET = 17,
743 PRINTABLESTRING = 19,
744 IA5STRING = 22,
745 UTCTIME = 23,
746 GENERALIZEDTIME = 24,
747 BMPSTRING = 30,
748 }
749
750 interface Asn1 {
751 tagClass: Class;
752 type: Type;
753 constructed: boolean;
754 composed: boolean;
755 value: Bytes | Asn1[];
756 }
757
758 function create(tagClass: Class, type: Type, constructed: boolean, value: Bytes | Asn1[]): Asn1;
759 function fromDer(bytes: Bytes | util.ByteBuffer, strict?: boolean): Asn1;
760 function toDer(obj: Asn1): util.ByteBuffer;
761 function oidToDer(oid: OID): util.ByteStringBuffer;
762 function derToOid(der: util.ByteStringBuffer): OID;
763 }
764
765 namespace util {
766 function isArray(x: any): boolean;
767 function isArrayBuffer(x: any): boolean;
768 function isArrayBufferView(x: any): boolean;
769
770 interface ArrayBufferView {
771 buffer: ArrayBuffer;
772 byteLength: number;
773 }
774
775 type ByteBuffer = ByteStringBuffer;
776 class ByteStringBuffer {
777 constructor(bytes?: Bytes | ArrayBuffer | ArrayBufferView | ByteStringBuffer);
778 data: string;
779 read: number;
780 length(): number;
781 isEmpty(): boolean;
782 putByte(byte: Byte): ByteStringBuffer;
783 fillWithByte(byte: Byte, n: number): ByteStringBuffer;
784 putBytes(bytes: Bytes): ByteStringBuffer;
785 putString(str: string): ByteStringBuffer;
786 putInt16(int: number): ByteStringBuffer;
787 putInt24(int: number): ByteStringBuffer;
788 putInt32(int: number): ByteStringBuffer;
789 putInt16Le(int: number): ByteStringBuffer;
790 putInt24Le(int: number): ByteStringBuffer;
791 putInt32Le(int: number): ByteStringBuffer;
792 putInt(int: number, numOfBits: number): ByteStringBuffer;
793 putSignedInt(int: number, numOfBits: number): ByteStringBuffer;
794 putBuffer(buffer: ByteStringBuffer): ByteStringBuffer;
795 getByte(): number;
796 getInt16(): number;
797 getInt24(): number;
798 getInt32(): number;
799 getInt16Le(): number;
800 getInt24Le(): number;
801 getInt32Le(): number;
802 getInt(numOfBits: number): number;
803 getSignedInt(numOfBits: number): number;
804 getBytes(count?: number): Bytes;
805 bytes(count?: number): Bytes;
806 at(index: number): Byte;
807 setAt(index: number, byte: number): ByteStringBuffer;
808 last(): Byte;
809 copy(): ByteStringBuffer;
810 compact(): ByteStringBuffer;
811 clear(): ByteStringBuffer;
812 truncate(): ByteStringBuffer;
813 toHex(): Hex;
814 toString(): string;
815 }
816
817 function fillString(char: string, count: number): string;
818 function xorBytes(bytes1: string, bytes2: string, count: number): string;
819 function hexToBytes(hex: Hex): Bytes;
820 function bytesToHex(bytes: Bytes): Hex;
821 function int32ToBytes(int: number): Bytes;
822 function encode64(bytes: Bytes, maxline?: number): Base64;
823 function decode64(encoded: Base64): Bytes;
824 function encodeUtf8(str: string): Utf8;
825 function decodeUtf8(encoded: Utf8): string;
826
827 function createBuffer(): ByteBuffer;
828 function createBuffer(
829 input: Bytes | ArrayBuffer | ArrayBufferView | ByteStringBuffer,
830 encoding?: Encoding,
831 ): ByteBuffer;
832
833 namespace binary {
834 namespace raw {
835 function encode(x: Uint8Array): Bytes;
836 function decode(str: Bytes, output?: Uint8Array, offset?: number): Uint8Array;
837 }
838 namespace hex {
839 function encode(bytes: Bytes | ArrayBuffer | ArrayBufferView | ByteStringBuffer): Hex;
840 function decode(hex: Hex, output?: Uint8Array, offset?: number): Uint8Array;
841 }
842 namespace base64 {
843 function encode(input: Uint8Array, maxline?: number): Base64;
844 function decode(input: Base64, output?: Uint8Array, offset?: number): Uint8Array;
845 }
846 }
847
848 namespace text {
849 namespace utf8 {
850 function encode(str: string, output?: Uint8Array, offset?: number): Uint8Array;
851 function decode(bytes: Uint8Array): Utf8;
852 }
853 namespace utf16 {
854 function encode(str: string, output?: Uint8Array, offset?: number): Uint8Array;
855 function decode(bytes: Uint8Array): string;
856 }
857 }
858 }
859
860 namespace pkcs12 {
861 interface BagsFilter {
862 localKeyId?: string | undefined;
863 localKeyIdHex?: string | undefined;
864 friendlyName?: string | undefined;
865 bagType?: string | undefined;
866 }
867
868 interface Bag {
869 type: string;
870 attributes: any;
871 key?: pki.PrivateKey | undefined;
872 cert?: pki.Certificate | undefined;
873 asn1: asn1.Asn1;
874 }
875
876 interface Pkcs12Pfx {
877 version: string;
878 safeContents: {
879 encrypted: boolean;
880 safeBags: Bag[];
881 }[];
882 getBags: (filter: BagsFilter) => {
883 [key: string]: Bag[] | undefined;
884 localKeyId?: Bag[] | undefined;
885 friendlyName?: Bag[] | undefined;
886 };
887 getBagsByFriendlyName: (fiendlyName: string, bagType: string) => Bag[];
888 getBagsByLocalKeyId: (localKeyId: string, bagType: string) => Bag[];
889 }
890
891 function pkcs12FromAsn1(obj: any, strict?: boolean, password?: string): Pkcs12Pfx;
892 function pkcs12FromAsn1(obj: any, password?: string): Pkcs12Pfx;
893
894 function toPkcs12Asn1(
895 key: pki.PrivateKey | null,
896 cert: pki.Certificate | pki.Certificate[],
897 password: string | null,
898 options?: {
899 algorithm?: 'aes128' | 'aes192' | 'aes256' | '3des' | undefined;
900 count?: number | undefined;
901 saltSize?: number | undefined;
902 useMac?: boolean | undefined;
903 localKeyId?: Hex | undefined;
904 friendlyName?: string | undefined;
905 generateLocalKeyId?: boolean | undefined;
906 },
907 ): asn1.Asn1;
908
909 function generateKey(
910 password: string | null | undefined,
911 salt: util.ByteBuffer,
912 id: Byte,
913 iter: number,
914 n: number,
915 md?: md.MessageDigest,
916 ): util.ByteBuffer;
917 }
918
919 namespace pkcs7 {
920 interface PkcsSignedData {
921 content?: string | util.ByteBuffer | undefined;
922 contentInfo?: { value: any[] } | undefined;
923
924 certificates: pki.Certificate[];
925
926 addCertificate(certificate: pki.Certificate | string): void;
927 addSigner(options: {
928 key: pki.rsa.PrivateKey | string;
929 certificate: pki.Certificate | string;
930 digestAlgorithm: string;
931 authenticatedAttributes?: { type: string; value?: string | undefined }[] | undefined;
932 }): void;
933 sign(options?: { detached?: boolean | undefined }): void;
934 toAsn1(): asn1.Asn1;
935 }
936
937 function createSignedData(): PkcsSignedData;
938
939 interface PkcsEnvelopedData {
940 content?: string | util.ByteBuffer | undefined;
941 addRecipient(certificate: pki.Certificate): void;
942 encrypt(): void;
943 toAsn1(): asn1.Asn1;
944 }
945
946 function createEnvelopedData(): PkcsEnvelopedData;
947
948 /** When a PKCS#7 object has been created by reading from a message, the raw captured object is joined */
949 type Captured<T> = T & {
950 rawCapture: any;
951 };
952
953 /**
954 * Converts a PKCS#7 message to PEM format.
955 *
956 * @param msg The PKCS#7 message object
957 * @param maxline The maximum characters per line, defaults to 64.
958 *
959 * @return The PEM-formatted PKCS#7 message.
960 */
961 function messageToPem(msg: PkcsSignedData, maxline?: number): string;
962
963 /**
964 * Converts a PKCS#7 message from PEM format.
965 *
966 * @param pem the PEM-formatted PKCS#7 message.
967 *
968 * @return the PKCS#7 message.
969 */
970 function messageFromPem(pem: pki.PEM): Captured<PkcsEnvelopedData | PkcsSignedData>;
971
972 /**
973 * Converts a PKCS#7 message from an ASN.1 object.
974 *
975 * @param asn the ASN.1 representation of a ContentInfo.
976 *
977 * @return the PKCS#7 message.
978 */
979 function messageFromAsn1(asn: asn1.Asn1): Captured<PkcsEnvelopedData | PkcsSignedData>;
980 }
981
982 namespace pkcs5 {
983 function pbkdf2(password: string, salt: string, iterations: number, keySize: number): string;
984 function pbkdf2(
985 password: string,
986 salt: string,
987 iterations: number,
988 keySize: number,
989 messageDigest: md.MessageDigest | md.Algorithm,
990 ): string;
991 function pbkdf2(
992 password: string,
993 salt: string,
994 iterations: number,
995 keySize: number,
996 callback: (err: Error | null, dk: string | null) => any,
997 ): void;
998 function pbkdf2(
999 password: string,
1000 salt: string,
1001 iterations: number,
1002 keySize: number,
1003 messageDigest?: md.MessageDigest | md.Algorithm,
1004 callback?: (err: Error | null, dk: string) => any,
1005 ): void;
1006 }
1007
1008 const md: {
1009 sha1: {
1010 create(): md.sha1.MessageDigest;
1011 };
1012 sha256: {
1013 create(): md.sha256.MessageDigest;
1014 };
1015 sha512: {
1016 create<TAlg extends md.sha512.AlgorithmSelection = md.sha512.AlgorithmSelection.Sha512>(
1017 /** @default 'SHA-512' */
1018 algorithm?: TAlg,
1019 ): TAlg extends md.sha512.AlgorithmSelection.Sha384
1020 ? md.sha512.Sha384MessageDigest
1021 : TAlg extends md.sha512.AlgorithmSelection.Sha512224
1022 ? md.sha512.Sha512224MessageDigest
1023 : TAlg extends md.sha512.AlgorithmSelection.Sha512256
1024 ? md.sha512.Sha512256MessageDigest
1025 : TAlg extends md.sha512.AlgorithmSelection.Sha512
1026 ? md.sha512.Sha512MessageDigest
1027 : never;
1028 sha224: {
1029 create(): md.sha512.Sha512224MessageDigest;
1030 };
1031 sha256: {
1032 create(): md.sha512.Sha512256MessageDigest;
1033 };
1034 sha384: {
1035 create(): md.sha512.Sha384MessageDigest;
1036 };
1037 };
1038 sha384: typeof md.sha512.sha384;
1039 'sha512/224': typeof md.sha512.sha224;
1040 'sha512/256': typeof md.sha512.sha256;
1041 md5: {
1042 create(): md.md5.MessageDigest;
1043 };
1044 algorithms: {
1045 md5: typeof md.md5;
1046 sha1: typeof md.sha1;
1047 sha256: typeof md.sha256;
1048 sha384: typeof md.sha384;
1049 sha512: typeof md.sha512;
1050 'sha512/224': typeof md['sha512/224'];
1051 'sha512/256': typeof md['sha512/256'];
1052 };
1053 };
1054
1055 const md5: typeof md.md5;
1056 const sha1: typeof md.sha1;
1057 const sha256: typeof md.sha256;
1058 const sha384: typeof md.sha384;
1059 const sha512: typeof md.sha512;
1060
1061 namespace md {
1062 type Algorithm = md5.Algorithm | sha1.Algorithm | sha256.Algorithm | sha512.Algorithm;
1063
1064 interface MessageDigest {
1065 readonly algorithm: Algorithm;
1066 readonly blockLength: number;
1067 readonly digestLength: number;
1068 messageLength: number;
1069 fullMessageLength: number[] | null;
1070 readonly messageLengthSize: number;
1071 update(msg: string, encoding?: Encoding): this;
1072 digest(): util.ByteStringBuffer;
1073 }
1074
1075 namespace md5 {
1076 type Algorithm = 'md5';
1077
1078 interface MessageDigest extends md.MessageDigest {
1079 readonly algorithm: Algorithm;
1080 readonly blockLength: 64;
1081 readonly digestLength: 16;
1082 readonly messageLengthSize: 8;
1083 }
1084 }
1085
1086 namespace sha1 {
1087 type Algorithm = 'sha1';
1088
1089 interface MessageDigest extends md.MessageDigest {
1090 readonly algorithm: Algorithm;
1091 readonly blockLength: 64;
1092 readonly digestLength: 20;
1093 readonly messageLengthSize: 8;
1094 }
1095 }
1096
1097 namespace sha256 {
1098 type Algorithm = 'sha256';
1099
1100 interface MessageDigest extends md.MessageDigest {
1101 readonly algorithm: Algorithm;
1102 readonly blockLength: 64;
1103 readonly digestLength: 32;
1104 readonly messageLengthSize: 8;
1105 }
1106 }
1107
1108 namespace sha512 {
1109 type Algorithm = Algorithm.Sha384 | Algorithm.Sha512 | Algorithm.Sha512224 | Algorithm.Sha512256;
1110 namespace Algorithm {
1111 type Sha384 = 'sha384';
1112 type Sha512 = 'sha512';
1113 type Sha512224 = 'sha512/224';
1114 type Sha512256 = 'sha512/256';
1115 }
1116
1117 type AlgorithmSelection =
1118 | AlgorithmSelection.Sha384
1119 | AlgorithmSelection.Sha512
1120 | AlgorithmSelection.Sha512224
1121 | AlgorithmSelection.Sha512256;
1122 namespace AlgorithmSelection {
1123 type Sha384 = 'SHA-384';
1124 type Sha512 = 'SHA-512';
1125 type Sha512224 = 'SHA-512/224';
1126 type Sha512256 = 'SHA-512/256';
1127 }
1128
1129 interface MessageDigest extends md.MessageDigest {
1130 readonly algorithm: Algorithm;
1131 readonly blockLength: 128;
1132 readonly messageLengthSize: 16;
1133 }
1134
1135 interface Sha512224MessageDigest extends MessageDigest {
1136 readonly algorithm: Algorithm.Sha512224;
1137 readonly digestLength: 28;
1138 }
1139
1140 interface Sha512256MessageDigest extends MessageDigest {
1141 readonly algorithm: Algorithm.Sha512256;
1142 readonly digestLength: 32;
1143 }
1144
1145 interface Sha384MessageDigest extends MessageDigest {
1146 readonly algorithm: Algorithm.Sha384;
1147 readonly digestLength: 48;
1148 }
1149
1150 interface Sha512MessageDigest extends MessageDigest {
1151 readonly algorithm: Algorithm.Sha512;
1152 readonly digestLength: 64;
1153 }
1154 }
1155 }
1156
1157 namespace hmac {
1158 type Algorithm = md.Algorithm;
1159
1160 interface HMAC {
1161 digest(): util.ByteBuffer;
1162 getMac(): util.ByteBuffer;
1163 start(md: Algorithm | md.MessageDigest, key: string | util.ByteBuffer | null): void;
1164 update(bytes: string): void;
1165 }
1166
1167 function create(): HMAC;
1168 }
1169
1170 namespace cipher {
1171 type Algorithm =
1172 | 'AES-ECB'
1173 | 'AES-CBC'
1174 | 'AES-CFB'
1175 | 'AES-OFB'
1176 | 'AES-CTR'
1177 | 'AES-GCM'
1178 | '3DES-ECB'
1179 | '3DES-CBC'
1180 | 'DES-ECB'
1181 | 'DES-CBC';
1182
1183 function createCipher(algorithm: Algorithm, payload: util.ByteBuffer | Bytes): BlockCipher;
1184 function createDecipher(algorithm: Algorithm, payload: util.ByteBuffer | Bytes): BlockCipher;
1185
1186 interface StartOptions {
1187 iv?: util.ByteBuffer | Byte[] | Bytes | undefined;
1188 tag?: util.ByteStringBuffer | undefined;
1189 tagLength?: number | undefined;
1190 additionalData?: string | undefined;
1191 }
1192
1193 interface BlockCipher {
1194 start: (options?: StartOptions) => void;
1195 update: (payload: util.ByteBuffer) => void;
1196 finish: () => boolean;
1197 output: util.ByteStringBuffer;
1198 mode: Mode;
1199 }
1200
1201 interface Mode {
1202 tag: util.ByteStringBuffer;
1203 }
1204 }
1205
1206 namespace pss {
1207 type PSS = any;
1208
1209 function create(any: any): PSS;
1210 }
1211
1212 namespace mgf {
1213 namespace mgf1 {
1214 function create(any: any): any;
1215 }
1216 }
1217
1218 namespace tls {
1219 interface ProtocolVersion {
1220 major: Byte;
1221 minor: Byte;
1222 }
1223
1224 const Versions: ProtocolVersion[];
1225 const SupportedVersions: ProtocolVersion[];
1226 const Version: ProtocolVersion;
1227
1228 const MaxFragment: number;
1229
1230 enum ConnectionEnd {
1231 server = 0,
1232 client = 1,
1233 }
1234
1235 enum PRFAlgorithm {
1236 tls_prf_sha256 = 0,
1237 }
1238
1239 enum BulkCipherAlgorithm {
1240 rc4 = 0,
1241 des3 = 1,
1242 aes = 2,
1243 }
1244
1245 enum CipherType {
1246 stream = 0,
1247 block = 1,
1248 aead = 2,
1249 }
1250
1251 enum MACAlgorithm {
1252 hmac_md5 = 0,
1253 hmac_sha1 = 1,
1254 hmac_sha256 = 2,
1255 hmac_sha384 = 3,
1256 hmac_sha512 = 4,
1257 }
1258
1259 enum CompressionMethod {
1260 none = 0,
1261 deflate = 1,
1262 }
1263
1264 enum ContentType {
1265 change_cipher_spec = 20,
1266 alert = 21,
1267 handshake = 22,
1268 application_data = 23,
1269 heartbeat = 24,
1270 }
1271
1272 enum HandshakeType {
1273 hello_request = 0,
1274 client_hello = 1,
1275 server_hello = 2,
1276 certificate = 11,
1277 server_key_exchange = 12,
1278 certificate_request = 13,
1279 server_hello_done = 14,
1280 certificate_verify = 15,
1281 client_key_exchange = 16,
1282 finished = 20,
1283 }
1284
1285 namespace Alert {
1286 enum Level {
1287 warning = 1,
1288 fatal = 2,
1289 }
1290
1291 enum Description {
1292 close_notify = 0,
1293 unexpected_message = 10,
1294 bad_record_mac = 20,
1295 decryption_failed = 21,
1296 record_overflow = 22,
1297 decompression_failure = 30,
1298 handshake_failure = 40,
1299 bad_certificate = 42,
1300 unsupported_certificate = 43,
1301 certificate_revoked = 44,
1302 certificate_expired = 45,
1303 certificate_unknown = 46,
1304 illegal_parameter = 47,
1305 unknown_ca = 48,
1306 access_denied = 49,
1307 decode_error = 50,
1308 decrypt_error = 51,
1309 export_restriction = 60,
1310 protocol_version = 70,
1311 insufficient_security = 71,
1312 internal_error = 80,
1313 user_canceled = 90,
1314 no_renegotiation = 100,
1315 }
1316 }
1317
1318 enum HeartbeatMessageType {
1319 heartbeat_request = 1,
1320 heartbeat_response = 2,
1321 }
1322
1323 interface CipherSuite {
1324 id: [Byte, Byte];
1325 name: string;
1326 }
1327
1328 const CipherSuites: { [name: string]: CipherSuite };
1329
1330 interface CertificateRequest {
1331 certificate_types: util.ByteBuffer;
1332 certificate_authorities: util.ByteBuffer;
1333 }
1334
1335 type ConnectionState = any;
1336
1337 interface Connection {
1338 version: ProtocolVersion;
1339 entity: ConnectionEnd;
1340 sessionId: Bytes | null;
1341 caStore: pki.CAStore;
1342 sessionCache: SessionCache | null;
1343 cipherSuites: CipherSuite[];
1344 connected(conn: Connection): void;
1345 virtualHost: string | null;
1346 verifyClient: boolean;
1347 verify(conn: Connection, verified: Verified, depth: number, certs: pki.Certificate[]): Verified;
1348 getCertificate:
1349 | ((conn: Connection, hint: CertificateRequest | string[]) => pki.PEM | ReadonlyArray<pki.PEM>)
1350 | null;
1351 getPrivateKey: ((conn: Connection, certificate: pki.Certificate) => pki.PEM) | null;
1352 getSignature:
1353 | ((conn: Connection, bytes: Bytes, callback: (conn: Connection, bytes: Bytes) => void) => void)
1354 | null;
1355 input: util.ByteBuffer;
1356 tlsData: util.ByteBuffer;
1357 data: util.ByteBuffer;
1358 tlsDataReady(conn: Connection): void;
1359 dataReady(conn: Connection): void;
1360 heartbeatReceived: ((conn: Connection, payload: util.ByteBuffer) => void) | undefined;
1361 closed(conn: Connection): void;
1362 error(conn: Connection, error: TLSError): void;
1363 deflate: ((inBytes: Bytes) => Bytes) | null;
1364 inflate: ((inBytes: Bytes) => Bytes) | null;
1365 reset(clearFail?: boolean): void;
1366 record: Record | null;
1367 session: Session | null;
1368 peerCertificate: pki.Certificate | null;
1369 state: { pending: ConnectionState | null; current: ConnectionState };
1370 expect: number;
1371 fragmented: Record | null;
1372 records: Record[];
1373 open: boolean;
1374 handshakes: number;
1375 handshaking: boolean;
1376 isConnected: boolean;
1377 fail: boolean;
1378 handshake(sessionId?: Bytes | null): void;
1379 process(data: Bytes): number;
1380 prepare(data: Bytes): boolean;
1381 prepareHeartbeatRequest(payload: Bytes | util.ByteBuffer, payloadLength?: number): boolean;
1382 close(clearFail?: boolean): Connection;
1383 }
1384
1385 interface Record {
1386 type: ContentType;
1387 version: ProtocolVersion;
1388 length: number;
1389 fragment: util.ByteBuffer;
1390 ready?: boolean | undefined;
1391 }
1392
1393 interface Session {
1394 version: ProtocolVersion | null;
1395 extensions: { [_: string]: object };
1396 cipherSuite: CipherSuite | null;
1397 compressionMethod: CompressionMethod | null;
1398 serverCertificate: pki.Certificate | null;
1399 clientCertificate: pki.Certificate | null;
1400 md5: md.MessageDigest;
1401 sha1: md.MessageDigest;
1402 }
1403
1404 interface SessionCache {
1405 cache: { [key: string]: Session };
1406 capacity: number;
1407 order: [Hex];
1408 getSession(sessionId: Bytes): Session;
1409 setSession(sessionId: Bytes, session: Session): void;
1410 }
1411
1412 function createSessionCache(cache?: SessionCache | { [key: string]: Session }, capacity?: number): SessionCache;
1413
1414 interface Alert {
1415 level: Alert.Level;
1416 description: Alert.Description;
1417 }
1418
1419 interface TLSError extends Error {
1420 message: string;
1421 send: boolean;
1422 origin: 'server' | 'client';
1423 alert: Alert;
1424 }
1425
1426 type Verified = true | { message?: string | undefined; alert?: Alert.Description | undefined };
1427
1428 function createConnection(options: {
1429 server?: boolean | undefined;
1430 sessionId?: Bytes | null | undefined;
1431 caStore?: pki.CAStore | ReadonlyArray<pki.Certificate> | undefined;
1432 sessionCache?: SessionCache | { [key: string]: Session } | undefined;
1433 cipherSuites?: CipherSuite[] | undefined;
1434 connected(conn: Connection): void;
1435 virtualHost?: string | undefined;
1436 verifyClient?: boolean | undefined;
1437 verify?(conn: Connection, verified: Verified, depth: number, certs: pki.Certificate[]): Verified;
1438 getCertificate?(conn: Connection, hint: CertificateRequest | string[]): pki.PEM | ReadonlyArray<pki.PEM>;
1439 getPrivateKey?(conn: Connection, certificate: pki.Certificate): pki.PEM;
1440 getSignature?(conn: Connection, bytes: Bytes, callback: (conn: Connection, bytes: Bytes) => void): void;
1441 tlsDataReady(conn: Connection): void;
1442 dataReady(conn: Connection): void;
1443 heartbeatReceived?(conn: Connection, payload: util.ByteBuffer): void;
1444 closed(conn: Connection): void;
1445 error(conn: Connection, error: TLSError): void;
1446 deflate?(inBytes: Bytes): Bytes;
1447 inflate?(inBytes: Bytes): Bytes;
1448 }): Connection;
1449
1450 function prf_tls1(secret: string, label: string, seed: string, length: number): util.ByteBuffer;
1451
1452 function hmac_sha1(
1453 key: string | ReadonlyArray<Byte> | util.ByteBuffer,
1454 seqNum: [number, number],
1455 record: Record,
1456 ): Bytes;
1457 }
1458}
1459
\No newline at end of file