UNPKG

54.1 kBTypeScriptView Raw
1// Type definitions for node-forge 1.3
2// Project: https://github.com/digitalbazaar/forge
3// Definitions by: Seth Westphal <https://github.com/westy92>
4// Kay Schecker <https://github.com/flynetworks>
5// Aakash Goenka <https://github.com/a-k-g>
6// Rafal2228 <https://github.com/rafal2228>
7// Beeno Tung <https://github.com/beenotung>
8// Joe Flateau <https://github.com/joeflateau>
9// timhwang21 <https://github.com/timhwang21>
10// Anders Kaseorg <https://github.com/andersk>
11// Sascha Zarhuber <https://github.com/saschazar21>
12// Rogier Schouten <https://github.com/rogierschouten>
13// Ivan Aseev <https://github.com/aseevia>
14// Wiktor Kwapisiewicz <https://github.com/wiktor-k>
15// Ligia Frangello <https://github.com/frangello>
16// Dmitry Avezov <https://github.com/avezov>
17// Jose Fuentes <https://github.com/j-fuentes>
18// Anya Reyes <https://github.com/darkade>
19// Tino <https://github.com/tino-247>
20// BendingBender <https://github.com/BendingBender>
21// Definitions: https://github.com/DefinitelyTyped/DefinitelyTyped
22// Minimum TypeScript Version: 3.9
23
24/// <reference types="node" />
25
26declare module 'node-forge' {
27 type Byte = number;
28 type Bytes = string;
29 type Hex = string;
30 type Base64 = string;
31 type Utf8 = string;
32 type OID = string;
33 type Encoding = 'raw' | 'utf8';
34
35 namespace jsbn {
36 interface RandomGenerator {
37 nextBytes(bytes: number[]): void;
38 }
39 class BigInteger {
40 static ZERO: BigInteger;
41 static ONE: BigInteger;
42 constructor(a: null);
43 constructor(a: number, c: RandomGenerator);
44 constructor(a: number, b: number, c: RandomGenerator);
45 constructor(a: string, b?: number);
46 constructor(a: number[], b?: number);
47 constructor(a: BigInteger);
48 data: number[];
49 t: number;
50 s: number;
51 am(i: number, x: number, w: BigInteger, j: number, c: number, n: number): number;
52 toString(b?: number): string;
53 bitLength(): number;
54 negate(): BigInteger;
55 abs(): BigInteger;
56 compareTo(a: BigInteger): number;
57 bitLength(): number;
58 mod(a: BigInteger): BigInteger;
59 modPowInt(e: number, m: BigInteger): BigInteger;
60 clone(): BigInteger;
61 intValue(): number;
62 byteValue(): number;
63 shortValue(): number;
64 signum(): number;
65 toByteArray(): number[];
66 equals(a: BigInteger): boolean;
67 min(a: BigInteger): BigInteger;
68 max(a: BigInteger): BigInteger;
69 and(a: BigInteger): BigInteger;
70 or(a: BigInteger): BigInteger;
71 xor(a: BigInteger): BigInteger;
72 andNot(a: BigInteger): BigInteger;
73 not(): BigInteger;
74 shiftLeft(n: number): BigInteger;
75 shiftRight(n: number): BigInteger;
76 getLowestSetBit(): number;
77 bitCount(): number;
78 testBit(n: number): boolean;
79 clearBit(n: number): BigInteger;
80 flipBit(n: number): BigInteger;
81 add(a: BigInteger): BigInteger;
82 subtract(a: BigInteger): BigInteger;
83 multiply(a: BigInteger): BigInteger;
84 squareTo(a: BigInteger): BigInteger;
85 divide(a: BigInteger): BigInteger;
86 remainder(a: BigInteger): BigInteger;
87 divideAndRemainder(a: BigInteger): BigInteger[]; // Array of 2 items
88 pow(e: number): BigInteger;
89 modPow(e: BigInteger, m: BigInteger): BigInteger;
90 gcd(a: BigInteger): BigInteger;
91 modInverse(m: BigInteger): BigInteger;
92 isProbablePrime(t: number): boolean;
93 }
94 }
95
96 namespace rc2 {
97 type pad_function = (blockSize: number, buffer: util.ByteBuffer, decrypt: boolean) => boolean;
98 interface cipher {
99 start(iv: util.ByteBuffer | string | null, output?: util.ByteBuffer): void;
100 update(input: util.ByteBuffer): void;
101 finish(pad?: pad_function): boolean;
102 output: util.ByteBuffer;
103 }
104
105 function expandKey(key: string | util.ByteBuffer, effKeyBits?: number): util.ByteBuffer;
106 function startEncrypting(
107 key: string | util.ByteBuffer,
108 iv: util.ByteBuffer | Byte[] | Bytes,
109 output: util.ByteBuffer | null,
110 ): rc2.cipher;
111 function createEncryptionCipher(key: string | util.ByteBuffer, bits?: number): rc2.cipher;
112 function startDecrypting(
113 key: string | util.ByteBuffer,
114 iv: util.ByteBuffer | Byte[] | Bytes,
115 output: util.ByteBuffer | null,
116 ): rc2.cipher;
117 function createDecryptionCipher(key: string | util.ByteBuffer, bits?: number): rc2.cipher;
118 }
119
120 namespace kem {
121 namespace rsa {
122 interface kem {
123 /**
124 * Generates a secret key and its encapsulation.
125 *
126 * @param publicKey the RSA public key to encrypt with.
127 * @param keyLength the length, in bytes, of the secret key to generate.
128 */
129 encrypt(publicKey: pki.rsa.PublicKey, keyLength: number): EncryptResult;
130 /**
131 * Decrypts an encapsulated secret key.
132 *
133 * @param privateKey the RSA private key to decrypt with.
134 * @param encapsulation the ciphertext for generating the secret key, as a binary-encoded
135 * string of bytes.
136 * @param keyLength the length, in bytes, of the secret key to generate.
137 *
138 * @return the secret key as a binary-encoded string of bytes.
139 */
140 decrypt(privateKey: pki.rsa.PrivateKey, encapsulation: string, keyLength: number): string;
141 }
142
143 interface random {
144 getBytesSync(count: number): Bytes;
145 }
146
147 interface Options {
148 /**
149 * A custom crypto-secure pseudo-random number generator to use.
150 */
151 prng?: random | undefined;
152 }
153
154 /**
155 * Creates an RSA KEM API object for generating a secret asymmetric key.
156 *
157 * The symmetric key may be generated via a call to 'encrypt', which will
158 * produce a ciphertext to be transmitted to the recipient and a key to be
159 * kept secret. The ciphertext is a parameter to be passed to 'decrypt' which
160 * will produce the same secret key for the recipient to use to decrypt a
161 * message that was encrypted with the secret key.
162 *
163 * @param kdf the KDF API to use (eg: `new forge.kem.kdf1()`).
164 * @param options the options to use.
165 */
166 function create(kdf: KDF, options?: Options): kem;
167 }
168
169 interface EncryptResult {
170 /**
171 * The ciphertext for generating the secret key, as a binary-encoded string of bytes.
172 */
173 encapsulation: string;
174 /**
175 * The secret key to use for encrypting a message.
176 */
177 key: string;
178 }
179
180 interface KDF {
181 /**
182 * Generate a key of the specified length.
183 *
184 * @param x the binary-encoded byte string to generate a key from.
185 * @param length the number of bytes to generate (the size of the key).
186 *
187 * @return the key as a binary-encoded string.
188 */
189 generate(x: string, length: number): string;
190 }
191
192 /**
193 * Creates a key derivation API object that implements KDF1 per ISO 18033-2.
194 *
195 * @param md the hash API to use.
196 * @param digestLength a digest length that must be positive and less than or equal to `md.digestLength`.
197 *
198 * @return a KDF1 API object.
199 */
200 class kdf1 implements KDF {
201 constructor(md: md.MessageDigest, digestLength?: number);
202 /**
203 * Generate a key of the specified length.
204 *
205 * @param x the binary-encoded byte string to generate a key from.
206 * @param length the number of bytes to generate (the size of the key).
207 *
208 * @return the key as a binary-encoded string.
209 */
210 generate(x: string, length: number): string;
211 }
212
213 /**
214 * Creates a key derivation API object that implements KDF2 per ISO 18033-2.
215 *
216 * @param md the hash API to use.
217 * @param digestLength a digest length that must be positive and less than or equal to `md.digestLength`.
218 *
219 * @return a KDF2 API object.
220 */
221 class kdf2 implements KDF {
222 constructor(md: md.MessageDigest, digestLength?: number);
223 /**
224 * Generate a key of the specified length.
225 *
226 * @param x the binary-encoded byte string to generate a key from.
227 * @param length the number of bytes to generate (the size of the key).
228 *
229 * @return the key as a binary-encoded string.
230 */
231 generate(x: string, length: number): string;
232 }
233 }
234
235 namespace pem {
236 interface EncodeOptions {
237 maxline?: number | undefined;
238 }
239
240 interface ObjectPEM {
241 type: string;
242 body: Bytes;
243 procType?: any;
244 contentDomain?: any;
245 dekInfo?: any;
246 headers?: any[] | undefined;
247 }
248
249 function encode(msg: ObjectPEM, options?: EncodeOptions): string;
250 function decode(str: string): ObjectPEM[];
251 }
252
253 namespace pki {
254 type PEM = string;
255 type PublicKey = rsa.PublicKey | ed25519.Key;
256 type PrivateKey = rsa.PrivateKey | ed25519.Key;
257 type EncryptionOptions = {
258 algorithm?: 'aes128' | 'aes192' | 'aes256' | '3des' | undefined;
259 count?: number | undefined;
260 saltSize?: number | undefined;
261 prfAlgorithm?: 'sha1' | 'sha224' | 'sha256' | 'sha384' | 'sha512' | undefined;
262 legacy?: boolean | undefined;
263 };
264
265 interface ByteBufferFingerprintOptions {
266 /**
267 * @description The type of fingerprint. If not specified, defaults to 'RSAPublicKey'
268 */
269 type?: 'SubjectPublicKeyInfo' | 'RSAPublicKey' | undefined;
270 /**
271 * @description the delimiter to use between bytes for `hex` encoded output
272 */
273 delimiter?: string | undefined;
274 /**
275 * @description if not specified defaults to `md.md5`
276 */
277 md?: md.MessageDigest | undefined;
278 }
279
280 interface HexFingerprintOptions extends ByteBufferFingerprintOptions {
281 /**
282 * @description if not specified, the function will return `ByteStringBuffer`
283 */
284 encoding: 'hex';
285 }
286
287 interface BinaryFingerprintOptions extends ByteBufferFingerprintOptions {
288 /**
289 * @description if not specified, the function will return `ByteStringBuffer`
290 */
291 encoding: 'binary';
292 }
293
294 interface KeyPair {
295 publicKey: PublicKey;
296 privateKey: PrivateKey;
297 }
298
299 interface oids {
300 [key: string]: string;
301 }
302 var oids: oids;
303
304 namespace rsa {
305 type EncryptionScheme = 'RSAES-PKCS1-V1_5' | 'RSA-OAEP' | 'RAW' | 'NONE' | null;
306 type SignatureScheme = 'RSASSA-PKCS1-V1_5' | pss.PSS | 'NONE' | null;
307
308 interface PublicKey {
309 n: jsbn.BigInteger;
310 e: jsbn.BigInteger;
311 encrypt(data: Bytes, scheme?: EncryptionScheme, schemeOptions?: any): Bytes;
312 verify(digest: Bytes, signature: Bytes, scheme?: SignatureScheme): boolean;
313 }
314
315 interface PrivateKey {
316 n: jsbn.BigInteger;
317 e: jsbn.BigInteger;
318 d: jsbn.BigInteger;
319 p: jsbn.BigInteger;
320 q: jsbn.BigInteger;
321 dP: jsbn.BigInteger;
322 dQ: jsbn.BigInteger;
323 qInv: jsbn.BigInteger;
324 decrypt(data: Bytes, scheme?: EncryptionScheme, schemeOptions?: any): Bytes;
325 sign(md: md.MessageDigest | Bytes, scheme?: SignatureScheme): Bytes;
326 }
327
328 interface KeyPair {
329 publicKey: PublicKey;
330 privateKey: PrivateKey;
331 }
332
333 interface GenerateKeyPairOptions {
334 bits?: number | undefined;
335 e?: number | undefined;
336 workerScript?: string | undefined;
337 workers?: number | undefined;
338 workLoad?: number | undefined;
339 prng?: any;
340 algorithm?: string | undefined;
341 }
342
343 function setPublicKey(n: jsbn.BigInteger, e: jsbn.BigInteger): PublicKey;
344
345 function setPrivateKey(
346 n: jsbn.BigInteger,
347 e: jsbn.BigInteger,
348 d: jsbn.BigInteger,
349 p: jsbn.BigInteger,
350 q: jsbn.BigInteger,
351 dP: jsbn.BigInteger,
352 dQ: jsbn.BigInteger,
353 qInv: jsbn.BigInteger,
354 ): PrivateKey;
355
356 function generateKeyPair(
357 bits?: number,
358 e?: number,
359 callback?: (err: Error, keypair: KeyPair) => void,
360 ): KeyPair;
361 function generateKeyPair(
362 options?: GenerateKeyPairOptions,
363 callback?: (err: Error, keypair: KeyPair) => void,
364 ): KeyPair;
365 }
366
367 namespace ed25519 {
368 type NativeBuffer = Buffer | Uint8Array;
369 type Key = NativeBuffer;
370
371 type ToNativeBufferParameters =
372 | {
373 message: NativeBuffer | util.ByteBuffer;
374 }
375 | {
376 message: string;
377 encoding: 'binary' | 'utf8';
378 };
379
380 // `string`s will be converted by toNativeBuffer with `encoding: 'binary'`
381 type BinaryBuffer = NativeBuffer | util.ByteBuffer | string;
382
383 namespace constants {
384 const PUBLIC_KEY_BYTE_LENGTH = 32;
385 const PRIVATE_KEY_BYTE_LENGTH = 64;
386 const SEED_BYTE_LENGTH = 32;
387 const SIGN_BYTE_LENGTH = 64;
388 const HASH_BYTE_LENGTH = 64;
389 }
390
391 // generateKeyPair does not currently accept `util.ByteBuffer` as the seed.
392 function generateKeyPair(options?: { seed?: NativeBuffer | string | undefined }): {
393 publicKey: NativeBuffer;
394 privateKey: NativeBuffer;
395 };
396
397 function privateKeyFromAsn1(obj: asn1.Asn1): { privateKeyBytes: NativeBuffer };
398
399 function publicKeyFromAsn1(obj: asn1.Asn1): NativeBuffer;
400
401 function publicKeyFromPrivateKey(options: { privateKey: BinaryBuffer }): NativeBuffer;
402
403 function sign(
404 options: ToNativeBufferParameters & {
405 privateKey: BinaryBuffer;
406 },
407 ): NativeBuffer;
408
409 function verify(
410 options: ToNativeBufferParameters & {
411 signature: BinaryBuffer;
412 publicKey: BinaryBuffer;
413 },
414 ): boolean;
415 }
416
417 interface CertificateFieldOptions {
418 name?: string | undefined;
419 type?: string | undefined;
420 shortName?: string | undefined;
421 }
422
423 interface CertificateField extends CertificateFieldOptions {
424 valueConstructed?: boolean | undefined;
425 valueTagClass?: asn1.Class | undefined;
426 value?: any[] | string | undefined;
427 extensions?: any[] | undefined;
428 }
429
430 interface Certificate {
431 version: number;
432 serialNumber: string;
433 signatureOid: string;
434 signature: any;
435 siginfo: {
436 algorithmOid: string;
437 parameters: any;
438 };
439 validity: {
440 notBefore: Date;
441 notAfter: Date;
442 };
443 issuer: {
444 getField(sn: string | CertificateFieldOptions): any;
445 addField(attr: CertificateField): void;
446 attributes: CertificateField[];
447 hash: any;
448 };
449 subject: {
450 getField(sn: string | CertificateFieldOptions): any;
451 addField(attr: CertificateField): void;
452 attributes: CertificateField[];
453 hash: any;
454 };
455 extensions: any[];
456 privateKey: PrivateKey;
457 publicKey: PublicKey;
458 md: md.MessageDigest;
459 signatureParameters: any;
460 tbsCertificate: asn1.Asn1;
461 /**
462 * Sets the subject of this certificate.
463 *
464 * @param attrs the array of subject attributes to use.
465 * @param uniqueId an optional a unique ID to use.
466 */
467 setSubject(attrs: CertificateField[], uniqueId?: string): void;
468 /**
469 * Sets the issuer of this certificate.
470 *
471 * @param attrs the array of subject attributes to use.
472 * @param uniqueId an optional a unique ID to use.
473 */
474 setIssuer(attrs: CertificateField[], uniqueId?: string): void;
475 /**
476 * Sets the extensions of this certificate.
477 *
478 * @param exts the array of extensions to use.
479 */
480 setExtensions(exts: any[]): void;
481 /**
482 * Gets an extension by its name or id.
483 *
484 * @param options the name to use or an object with:
485 * name the name to use.
486 * id the id to use.
487 *
488 * @return the extension or null if not found.
489 */
490 getExtension(options: string | { name: string } | { id: number }): {} | undefined;
491
492 /**
493 * Signs this certificate using the given private key.
494 *
495 * @param key the private key to sign with.
496 * @param md the message digest object to use (defaults to forge.md.sha1).
497 */
498 sign(key: pki.PrivateKey, md?: md.MessageDigest): void;
499 /**
500 * Attempts verify the signature on the passed certificate using this
501 * certificate's public key.
502 *
503 * @param child the certificate to verify.
504 *
505 * @return true if verified, false if not.
506 */
507 verify(child: Certificate): boolean;
508
509 /**
510 * Returns true if this certificate's issuer matches the passed
511 * certificate's subject. Note that no signature check is performed.
512 *
513 * @param parent the certificate to check.
514 *
515 * @return true if this certificate's issuer matches the passed certificate's
516 * subject.
517 */
518 isIssuer(parent: Certificate): boolean;
519
520 /**
521 * Returns true if this certificate's subject matches the issuer of the
522 * given certificate). Note that not signature check is performed.
523 *
524 * @param child the certificate to check.
525 *
526 * @return true if this certificate's subject matches the passed
527 * certificate's issuer.
528 */
529 issued(child: Certificate): boolean;
530
531 /**
532 * Generates the subjectKeyIdentifier for this certificate as byte buffer.
533 *
534 * @return the subjectKeyIdentifier for this certificate as byte buffer.
535 */
536 generateSubjectKeyIdentifier(): util.ByteStringBuffer;
537
538 /**
539 * Verifies the subjectKeyIdentifier extension value for this certificate
540 * against its public key. If no extension is found, false will be
541 * returned.
542 *
543 * @return true if verified, false if not.
544 */
545 verifySubjectKeyIdentifier(): boolean;
546 }
547
548 interface CertificateRequest extends Certificate {
549 /**
550 * Gets an issuer or subject attribute from its name, type, or short name.
551 *
552 * @param opts a short name string or an object with:
553 * shortName the short name for the attribute.
554 * name the name for the attribute.
555 * type the type for the attribute.
556 *
557 * @return the attribute.
558 */
559 getAttribute(opts: string | GetAttributeOpts): Attribute | null;
560 }
561
562 /**
563 * Attribute members to search on; any one hit will return the attribute
564 */
565 interface GetAttributeOpts {
566 /**
567 * OID
568 */
569 type?: string | undefined;
570 /**
571 * Long name
572 */
573 name?: string | undefined;
574 /**
575 * Short name
576 */
577 shortName?: string | undefined;
578 }
579
580 interface Attribute {
581 /**
582 * e.g. challengePassword
583 */
584 name: string;
585 /**
586 * Short name, if available (e.g. 'CN' for 'commonName')
587 */
588 shortName?: string | undefined;
589 /**
590 * OID, e.g. '1.2.840.113549.1.9.7'
591 */
592 type: string;
593 /**
594 * Attribute value
595 */
596 value: any;
597 /**
598 * Attribute value data type
599 */
600 valueTagClass: number;
601 /**
602 * Extensions
603 */
604 extensions?: any[] | undefined;
605 }
606
607 interface CAStore {
608 addCertificate(cert: Certificate | string): void;
609 hasCertificate(cert: Certificate | string): boolean;
610 removeCertificate(cert: Certificate | string): Certificate | null;
611 listAllCertificates(): pki.Certificate[];
612 getIssuer(subject: Certificate): Certificate | null;
613 getBySubject(subject: string): Certificate | null;
614 }
615
616 function certificateFromAsn1(obj: asn1.Asn1, computeHash?: boolean): Certificate;
617
618 function certificationRequestFromAsn1(obj: asn1.Asn1, computeHash?: boolean): Certificate;
619
620 function certificateToAsn1(cert: Certificate): asn1.Asn1;
621
622 function certificationRequestToAsn1(cert: Certificate): asn1.Asn1;
623
624 function decryptRsaPrivateKey(pem: PEM, passphrase?: string): rsa.PrivateKey;
625
626 function createCertificate(): Certificate;
627
628 function certificationRequestToPem(cert: Certificate, maxline?: number): PEM;
629
630 function certificationRequestFromPem(pem: PEM, computeHash?: boolean, strict?: boolean): Certificate;
631
632 function createCertificationRequest(): CertificateRequest;
633
634 function certificateToPem(cert: Certificate, maxline?: number): PEM;
635
636 function certificateFromPem(pem: PEM, computeHash?: boolean, strict?: boolean): Certificate;
637
638 function createCaStore(certs?: ReadonlyArray<Certificate | pki.PEM>): CAStore;
639
640 function verifyCertificateChain(
641 caStore: CAStore,
642 chain: Certificate[],
643 options?:
644 | ((verified: boolean | string, depth: number, certs: Certificate[]) => boolean)
645 | {
646 verify?:
647 | ((verified: boolean | string, depth: number, certs: Certificate[]) => boolean)
648 | undefined;
649 validityCheckDate?: Date | null | undefined;
650 },
651 ): boolean;
652
653 function pemToDer(pem: PEM): util.ByteStringBuffer;
654
655 function privateKeyToPem(key: PrivateKey, maxline?: number): PEM;
656
657 function privateKeyInfoToPem(key: asn1.Asn1, maxline?: number): PEM;
658
659 function publicKeyToPem(key: PublicKey, maxline?: number): PEM;
660
661 function publicKeyToRSAPublicKeyPem(key: PublicKey, maxline?: number): PEM;
662
663 function publicKeyFromPem(pem: PEM): rsa.PublicKey;
664
665 function privateKeyFromPem(pem: PEM): rsa.PrivateKey;
666
667 function decryptPrivateKeyInfo(obj: asn1.Asn1, password: string): asn1.Asn1;
668
669 function encryptPrivateKeyInfo(obj: asn1.Asn1, password: string, options?: EncryptionOptions): asn1.Asn1;
670
671 function encryptedPrivateKeyFromPem(pem: PEM): asn1.Asn1;
672
673 function encryptedPrivateKeyToPem(obj: asn1.Asn1): PEM;
674
675 function decryptRsaPrivateKey(pem: PEM, password: string): rsa.PrivateKey;
676
677 function encryptRsaPrivateKey(privateKey: PrivateKey, password: string, options?: EncryptionOptions): PEM;
678
679 function privateKeyFromAsn1(privateKey: asn1.Asn1): PrivateKey;
680
681 function privateKeyToAsn1(privateKey: PrivateKey): asn1.Asn1;
682
683 function publicKeyFromAsn1(publicKey: asn1.Asn1): PublicKey;
684
685 function publicKeyToAsn1(publicKey: PublicKey): asn1.Asn1;
686
687 function publicKeyToRSAPublicKey(publicKey: PublicKey): any;
688
689 const setRsaPublicKey: typeof pki.rsa.setPublicKey;
690
691 const setRsaPrivateKey: typeof pki.rsa.setPrivateKey;
692
693 function wrapRsaPrivateKey(privateKey: asn1.Asn1): asn1.Asn1;
694
695 function getPublicKeyFingerprint(
696 publicKey: PublicKey,
697 options?: ByteBufferFingerprintOptions,
698 ): util.ByteStringBuffer;
699 function getPublicKeyFingerprint(publicKey: PublicKey, options: HexFingerprintOptions): Hex;
700 function getPublicKeyFingerprint(publicKey: PublicKey, options: BinaryFingerprintOptions): Bytes;
701 }
702
703 namespace random {
704 function getBytes(count: number, callback?: (err: Error | null, bytes: Bytes) => any): void;
705 function getBytesSync(count: number): Bytes;
706 type CB = (_: any, seed: string) => void;
707 interface Random {
708 seedFileSync: (needed: number) => string;
709 seedFile: (needed: number, cb: CB) => void;
710 }
711 function createInstance(): Random;
712 }
713
714 namespace ssh {
715 interface FingerprintOptions {
716 /**
717 * @description the delimiter to use between bytes for `hex` encoded output
718 */
719 delimiter?: string | undefined;
720 /**
721 * @description if not specified, the function will return `ByteStringBuffer`
722 */
723 encoding?: 'hex' | 'binary' | undefined;
724 /**
725 * @description if not specified defaults to `md.md5`
726 */
727 md?: md.MessageDigest | undefined;
728 }
729
730 /**
731 * @description Encodes a private RSA key as an OpenSSH file
732 */
733 function privateKeyToOpenSSH(privateKey: pki.PrivateKey, passphrase?: string): string;
734
735 /**
736 * @description Encodes (and optionally encrypts) a private RSA key as a Putty PPK file
737 */
738 function privateKeyToPutty(privateKey: pki.PrivateKey, passphrase?: string, comment?: string): string;
739
740 /**
741 * @description Encodes a public RSA key as an OpenSSH file
742 */
743 function publicKeyToOpenSSH(publicKey: pki.PublicKey, comment?: string): string | pki.PEM;
744
745 /**
746 * @description Gets the SSH fingerprint for the given public key
747 */
748 function getPublicKeyFingerprint(
749 publicKey: pki.PublicKey,
750 options?: FingerprintOptions,
751 ): util.ByteStringBuffer | Hex | string;
752 }
753
754 namespace asn1 {
755 enum Class {
756 UNIVERSAL = 0x00,
757 APPLICATION = 0x40,
758 CONTEXT_SPECIFIC = 0x80,
759 PRIVATE = 0xc0,
760 }
761
762 enum Type {
763 NONE = 0,
764 BOOLEAN = 1,
765 INTEGER = 2,
766 BITSTRING = 3,
767 OCTETSTRING = 4,
768 NULL = 5,
769 OID = 6,
770 ODESC = 7,
771 EXTERNAL = 8,
772 REAL = 9,
773 ENUMERATED = 10,
774 EMBEDDED = 11,
775 UTF8 = 12,
776 ROID = 13,
777 SEQUENCE = 16,
778 SET = 17,
779 PRINTABLESTRING = 19,
780 IA5STRING = 22,
781 UTCTIME = 23,
782 GENERALIZEDTIME = 24,
783 BMPSTRING = 30,
784 }
785
786 interface Asn1 {
787 tagClass: Class;
788 type: Type;
789 constructed: boolean;
790 composed: boolean;
791 value: Bytes | Asn1[];
792 }
793
794 function create(tagClass: Class, type: Type, constructed: boolean, value: Bytes | Asn1[]): Asn1;
795 function fromDer(bytes: Bytes | util.ByteBuffer, strict?: boolean): Asn1;
796 function toDer(obj: Asn1): util.ByteBuffer;
797 function oidToDer(oid: OID): util.ByteStringBuffer;
798 function derToOid(der: util.ByteStringBuffer): OID;
799 }
800
801 namespace util {
802 function isArray(x: any): boolean;
803 function isArrayBuffer(x: any): boolean;
804 function isArrayBufferView(x: any): boolean;
805
806 interface ArrayBufferView {
807 buffer: ArrayBuffer;
808 byteLength: number;
809 }
810
811 type ByteBuffer = ByteStringBuffer;
812 class ByteStringBuffer {
813 constructor(bytes?: Bytes | ArrayBuffer | ArrayBufferView | ByteStringBuffer);
814 data: string;
815 read: number;
816 length(): number;
817 isEmpty(): boolean;
818 putByte(byte: Byte): ByteStringBuffer;
819 fillWithByte(byte: Byte, n: number): ByteStringBuffer;
820 putBytes(bytes: Bytes): ByteStringBuffer;
821 putString(str: string): ByteStringBuffer;
822 putInt16(int: number): ByteStringBuffer;
823 putInt24(int: number): ByteStringBuffer;
824 putInt32(int: number): ByteStringBuffer;
825 putInt16Le(int: number): ByteStringBuffer;
826 putInt24Le(int: number): ByteStringBuffer;
827 putInt32Le(int: number): ByteStringBuffer;
828 putInt(int: number, numOfBits: number): ByteStringBuffer;
829 putSignedInt(int: number, numOfBits: number): ByteStringBuffer;
830 putBuffer(buffer: ByteStringBuffer): ByteStringBuffer;
831 getByte(): number;
832 getInt16(): number;
833 getInt24(): number;
834 getInt32(): number;
835 getInt16Le(): number;
836 getInt24Le(): number;
837 getInt32Le(): number;
838 getInt(numOfBits: number): number;
839 getSignedInt(numOfBits: number): number;
840 getBytes(count?: number): Bytes;
841 bytes(count?: number): Bytes;
842 at(index: number): Byte;
843 setAt(index: number, byte: number): ByteStringBuffer;
844 last(): Byte;
845 copy(): ByteStringBuffer;
846 compact(): ByteStringBuffer;
847 clear(): ByteStringBuffer;
848 truncate(): ByteStringBuffer;
849 toHex(): Hex;
850 toString(): string;
851 }
852
853 function fillString(char: string, count: number): string;
854 function xorBytes(bytes1: string, bytes2: string, count: number): string;
855 function hexToBytes(hex: Hex): Bytes;
856 function bytesToHex(bytes: Bytes): Hex;
857 function int32ToBytes(int: number): Bytes;
858 function encode64(bytes: Bytes, maxline?: number): Base64;
859 function decode64(encoded: Base64): Bytes;
860 function encodeUtf8(str: string): Utf8;
861 function decodeUtf8(encoded: Utf8): string;
862
863 function createBuffer(): ByteBuffer;
864 function createBuffer(
865 input: Bytes | ArrayBuffer | ArrayBufferView | ByteStringBuffer,
866 encoding?: Encoding,
867 ): ByteBuffer;
868
869 namespace binary {
870 namespace raw {
871 function encode(x: Uint8Array): Bytes;
872 function decode(str: Bytes, output?: Uint8Array, offset?: number): Uint8Array;
873 }
874 namespace hex {
875 function encode(bytes: Bytes | ArrayBuffer | ArrayBufferView | ByteStringBuffer): Hex;
876 function decode(hex: Hex, output?: Uint8Array, offset?: number): Uint8Array;
877 }
878 namespace base64 {
879 function encode(input: Uint8Array, maxline?: number): Base64;
880 function decode(input: Base64, output?: Uint8Array, offset?: number): Uint8Array;
881 }
882 }
883
884 namespace text {
885 namespace utf8 {
886 function encode(str: string, output?: Uint8Array, offset?: number): Uint8Array;
887 function decode(bytes: Uint8Array): Utf8;
888 }
889 namespace utf16 {
890 function encode(str: string, output?: Uint8Array, offset?: number): Uint8Array;
891 function decode(bytes: Uint8Array): string;
892 }
893 }
894 }
895
896 namespace pkcs12 {
897 interface BagsFilter {
898 localKeyId?: string | undefined;
899 localKeyIdHex?: string | undefined;
900 friendlyName?: string | undefined;
901 bagType?: string | undefined;
902 }
903
904 interface Bag {
905 type: string;
906 attributes: any;
907 key?: pki.PrivateKey | undefined;
908 cert?: pki.Certificate | undefined;
909 asn1: asn1.Asn1;
910 }
911
912 interface Pkcs12Pfx {
913 version: string;
914 safeContents: {
915 encrypted: boolean;
916 safeBags: Bag[];
917 }[];
918 getBags: (filter: BagsFilter) => {
919 [key: string]: Bag[] | undefined;
920 localKeyId?: Bag[] | undefined;
921 friendlyName?: Bag[] | undefined;
922 };
923 getBagsByFriendlyName: (fiendlyName: string, bagType: string) => Bag[];
924 getBagsByLocalKeyId: (localKeyId: string, bagType: string) => Bag[];
925 }
926
927 function pkcs12FromAsn1(obj: any, strict?: boolean, password?: string): Pkcs12Pfx;
928 function pkcs12FromAsn1(obj: any, password?: string): Pkcs12Pfx;
929
930 function toPkcs12Asn1(
931 key: pki.PrivateKey | null,
932 cert: pki.Certificate | pki.Certificate[],
933 password: string | null,
934 options?: {
935 algorithm?: 'aes128' | 'aes192' | 'aes256' | '3des' | undefined;
936 count?: number | undefined;
937 saltSize?: number | undefined;
938 useMac?: boolean | undefined;
939 localKeyId?: Hex | undefined;
940 friendlyName?: string | undefined;
941 generateLocalKeyId?: boolean | undefined;
942 },
943 ): asn1.Asn1;
944
945 function generateKey(
946 password: string | null | undefined,
947 salt: util.ByteBuffer,
948 id: Byte,
949 iter: number,
950 n: number,
951 md?: md.MessageDigest,
952 ): util.ByteBuffer;
953 }
954
955 namespace pkcs7 {
956 interface PkcsSignedData {
957 content?: string | util.ByteBuffer | undefined;
958 contentInfo?: { value: any[] } | undefined;
959
960 certificates: pki.Certificate[];
961
962 addCertificate(certificate: pki.Certificate | string): void;
963 addSigner(options: {
964 key: pki.rsa.PrivateKey | string;
965 certificate: pki.Certificate | string;
966 digestAlgorithm: string;
967 authenticatedAttributes?: { type: string; value?: string | undefined }[] | undefined;
968 }): void;
969 sign(options?: { detached?: boolean | undefined }): void;
970 toAsn1(): asn1.Asn1;
971 }
972
973 function createSignedData(): PkcsSignedData;
974
975 interface PkcsEnvelopedData {
976 content?: string | util.ByteBuffer | undefined;
977 addRecipient(certificate: pki.Certificate): void;
978 encrypt(): void;
979 toAsn1(): asn1.Asn1;
980 }
981
982 function createEnvelopedData(): PkcsEnvelopedData;
983
984 /** When a PKCS#7 object has been created by reading from a message, the raw captured object is joined */
985 type Captured<T> = T & {
986 rawCapture: any;
987 };
988
989 /**
990 * Converts a PKCS#7 message to PEM format.
991 *
992 * @param msg The PKCS#7 message object
993 * @param maxline The maximum characters per line, defaults to 64.
994 *
995 * @return The PEM-formatted PKCS#7 message.
996 */
997 function messageToPem(msg: PkcsSignedData, maxline?: number): string;
998
999 /**
1000 * Converts a PKCS#7 message from PEM format.
1001 *
1002 * @param pem the PEM-formatted PKCS#7 message.
1003 *
1004 * @return the PKCS#7 message.
1005 */
1006 function messageFromPem(pem: pki.PEM): Captured<PkcsEnvelopedData | PkcsSignedData>;
1007
1008 /**
1009 * Converts a PKCS#7 message from an ASN.1 object.
1010 *
1011 * @param asn the ASN.1 representation of a ContentInfo.
1012 *
1013 * @return the PKCS#7 message.
1014 */
1015 function messageFromAsn1(asn: asn1.Asn1): Captured<PkcsEnvelopedData | PkcsSignedData>;
1016 }
1017
1018 namespace pkcs5 {
1019 function pbkdf2(password: string, salt: string, iterations: number, keySize: number): string;
1020 function pbkdf2(
1021 password: string,
1022 salt: string,
1023 iterations: number,
1024 keySize: number,
1025 messageDigest: md.MessageDigest | md.Algorithm,
1026 ): string;
1027 function pbkdf2(
1028 password: string,
1029 salt: string,
1030 iterations: number,
1031 keySize: number,
1032 callback: (err: Error | null, dk: string | null) => any,
1033 ): void;
1034 function pbkdf2(
1035 password: string,
1036 salt: string,
1037 iterations: number,
1038 keySize: number,
1039 messageDigest?: md.MessageDigest | md.Algorithm,
1040 callback?: (err: Error | null, dk: string) => any,
1041 ): void;
1042 }
1043
1044 const md: {
1045 sha1: {
1046 create(): md.sha1.MessageDigest;
1047 };
1048 sha256: {
1049 create(): md.sha256.MessageDigest;
1050 };
1051 sha512: {
1052 create<TAlg extends md.sha512.AlgorithmSelection = md.sha512.AlgorithmSelection.Sha512>(
1053 /** @default 'SHA-512' */
1054 algorithm?: TAlg,
1055 ): TAlg extends md.sha512.AlgorithmSelection.Sha384
1056 ? md.sha512.Sha384MessageDigest
1057 : TAlg extends md.sha512.AlgorithmSelection.Sha512224
1058 ? md.sha512.Sha512224MessageDigest
1059 : TAlg extends md.sha512.AlgorithmSelection.Sha512256
1060 ? md.sha512.Sha512256MessageDigest
1061 : TAlg extends md.sha512.AlgorithmSelection.Sha512
1062 ? md.sha512.Sha512MessageDigest
1063 : never;
1064 sha224: {
1065 create(): md.sha512.Sha512224MessageDigest;
1066 };
1067 sha256: {
1068 create(): md.sha512.Sha512256MessageDigest;
1069 };
1070 sha384: {
1071 create(): md.sha512.Sha384MessageDigest;
1072 };
1073 };
1074 sha384: typeof md.sha512.sha384;
1075 'sha512/224': typeof md.sha512.sha224;
1076 'sha512/256': typeof md.sha512.sha256;
1077 md5: {
1078 create(): md.md5.MessageDigest;
1079 };
1080 algorithms: {
1081 md5: typeof md.md5;
1082 sha1: typeof md.sha1;
1083 sha256: typeof md.sha256;
1084 sha384: typeof md.sha384;
1085 sha512: typeof md.sha512;
1086 'sha512/224': typeof md['sha512/224'];
1087 'sha512/256': typeof md['sha512/256'];
1088 };
1089 };
1090
1091 const md5: typeof md.md5;
1092 const sha1: typeof md.sha1;
1093 const sha256: typeof md.sha256;
1094 const sha384: typeof md.sha384;
1095 const sha512: typeof md.sha512;
1096
1097 namespace md {
1098 type Algorithm = md5.Algorithm | sha1.Algorithm | sha256.Algorithm | sha512.Algorithm;
1099
1100 interface MessageDigest {
1101 readonly algorithm: Algorithm;
1102 readonly blockLength: number;
1103 readonly digestLength: number;
1104 messageLength: number;
1105 fullMessageLength: number[] | null;
1106 readonly messageLengthSize: number;
1107 update(msg: string, encoding?: Encoding): this;
1108 digest(): util.ByteStringBuffer;
1109 }
1110
1111 namespace md5 {
1112 type Algorithm = 'md5';
1113
1114 interface MessageDigest extends md.MessageDigest {
1115 readonly algorithm: Algorithm;
1116 readonly blockLength: 64;
1117 readonly digestLength: 16;
1118 readonly messageLengthSize: 8;
1119 }
1120 }
1121
1122 namespace sha1 {
1123 type Algorithm = 'sha1';
1124
1125 interface MessageDigest extends md.MessageDigest {
1126 readonly algorithm: Algorithm;
1127 readonly blockLength: 64;
1128 readonly digestLength: 20;
1129 readonly messageLengthSize: 8;
1130 }
1131 }
1132
1133 namespace sha256 {
1134 type Algorithm = 'sha256';
1135
1136 interface MessageDigest extends md.MessageDigest {
1137 readonly algorithm: Algorithm;
1138 readonly blockLength: 64;
1139 readonly digestLength: 32;
1140 readonly messageLengthSize: 8;
1141 }
1142 }
1143
1144 namespace sha512 {
1145 type Algorithm = Algorithm.Sha384 | Algorithm.Sha512 | Algorithm.Sha512224 | Algorithm.Sha512256;
1146 namespace Algorithm {
1147 type Sha384 = 'sha384';
1148 type Sha512 = 'sha512';
1149 type Sha512224 = 'sha512/224';
1150 type Sha512256 = 'sha512/256';
1151 }
1152
1153 type AlgorithmSelection =
1154 | AlgorithmSelection.Sha384
1155 | AlgorithmSelection.Sha512
1156 | AlgorithmSelection.Sha512224
1157 | AlgorithmSelection.Sha512256;
1158 namespace AlgorithmSelection {
1159 type Sha384 = 'SHA-384';
1160 type Sha512 = 'SHA-512';
1161 type Sha512224 = 'SHA-512/224';
1162 type Sha512256 = 'SHA-512/256';
1163 }
1164
1165 interface MessageDigest extends md.MessageDigest {
1166 readonly algorithm: Algorithm;
1167 readonly blockLength: 128;
1168 readonly messageLengthSize: 16;
1169 }
1170
1171 interface Sha512224MessageDigest extends MessageDigest {
1172 readonly algorithm: Algorithm.Sha512224;
1173 readonly digestLength: 28;
1174 }
1175
1176 interface Sha512256MessageDigest extends MessageDigest {
1177 readonly algorithm: Algorithm.Sha512256;
1178 readonly digestLength: 32;
1179 }
1180
1181 interface Sha384MessageDigest extends MessageDigest {
1182 readonly algorithm: Algorithm.Sha384;
1183 readonly digestLength: 48;
1184 }
1185
1186 interface Sha512MessageDigest extends MessageDigest {
1187 readonly algorithm: Algorithm.Sha512;
1188 readonly digestLength: 64;
1189 }
1190 }
1191 }
1192
1193 namespace hmac {
1194 type Algorithm = md.Algorithm;
1195
1196 interface HMAC {
1197 digest(): util.ByteBuffer;
1198 getMac(): util.ByteBuffer;
1199 start(md: Algorithm | md.MessageDigest, key: string | util.ByteBuffer | null): void;
1200 update(bytes: string): void;
1201 }
1202
1203 function create(): HMAC;
1204 }
1205
1206 namespace cipher {
1207 type Algorithm =
1208 | 'AES-ECB'
1209 | 'AES-CBC'
1210 | 'AES-CFB'
1211 | 'AES-OFB'
1212 | 'AES-CTR'
1213 | 'AES-GCM'
1214 | '3DES-ECB'
1215 | '3DES-CBC'
1216 | 'DES-ECB'
1217 | 'DES-CBC';
1218
1219 function createCipher(algorithm: Algorithm, payload: util.ByteBuffer | Bytes): BlockCipher;
1220 function createDecipher(algorithm: Algorithm, payload: util.ByteBuffer | Bytes): BlockCipher;
1221
1222 interface StartOptions {
1223 iv?: util.ByteBuffer | Byte[] | Bytes | undefined;
1224 tag?: util.ByteStringBuffer | undefined;
1225 tagLength?: number | undefined;
1226 additionalData?: string | undefined;
1227 }
1228
1229 interface BlockCipher {
1230 start: (options?: StartOptions) => void;
1231 update: (payload: util.ByteBuffer) => void;
1232 finish: () => boolean;
1233 output: util.ByteStringBuffer;
1234 mode: Mode;
1235 }
1236
1237 interface Mode {
1238 tag: util.ByteStringBuffer;
1239 }
1240 }
1241
1242 namespace pss {
1243 type PSS = any;
1244
1245 function create(any: any): PSS;
1246 }
1247
1248 namespace mgf {
1249 namespace mgf1 {
1250 function create(any: any): any;
1251 }
1252 }
1253
1254 namespace tls {
1255 interface ProtocolVersion {
1256 major: Byte;
1257 minor: Byte;
1258 }
1259
1260 const Versions: ProtocolVersion[];
1261 const SupportedVersions: ProtocolVersion[];
1262 const Version: ProtocolVersion;
1263
1264 const MaxFragment: number;
1265
1266 enum ConnectionEnd {
1267 server = 0,
1268 client = 1,
1269 }
1270
1271 enum PRFAlgorithm {
1272 tls_prf_sha256 = 0,
1273 }
1274
1275 enum BulkCipherAlgorithm {
1276 rc4 = 0,
1277 des3 = 1,
1278 aes = 2,
1279 }
1280
1281 enum CipherType {
1282 stream = 0,
1283 block = 1,
1284 aead = 2,
1285 }
1286
1287 enum MACAlgorithm {
1288 hmac_md5 = 0,
1289 hmac_sha1 = 1,
1290 hmac_sha256 = 2,
1291 hmac_sha384 = 3,
1292 hmac_sha512 = 4,
1293 }
1294
1295 enum CompressionMethod {
1296 none = 0,
1297 deflate = 1,
1298 }
1299
1300 enum ContentType {
1301 change_cipher_spec = 20,
1302 alert = 21,
1303 handshake = 22,
1304 application_data = 23,
1305 heartbeat = 24,
1306 }
1307
1308 enum HandshakeType {
1309 hello_request = 0,
1310 client_hello = 1,
1311 server_hello = 2,
1312 certificate = 11,
1313 server_key_exchange = 12,
1314 certificate_request = 13,
1315 server_hello_done = 14,
1316 certificate_verify = 15,
1317 client_key_exchange = 16,
1318 finished = 20,
1319 }
1320
1321 namespace Alert {
1322 enum Level {
1323 warning = 1,
1324 fatal = 2,
1325 }
1326
1327 enum Description {
1328 close_notify = 0,
1329 unexpected_message = 10,
1330 bad_record_mac = 20,
1331 decryption_failed = 21,
1332 record_overflow = 22,
1333 decompression_failure = 30,
1334 handshake_failure = 40,
1335 bad_certificate = 42,
1336 unsupported_certificate = 43,
1337 certificate_revoked = 44,
1338 certificate_expired = 45,
1339 certificate_unknown = 46,
1340 illegal_parameter = 47,
1341 unknown_ca = 48,
1342 access_denied = 49,
1343 decode_error = 50,
1344 decrypt_error = 51,
1345 export_restriction = 60,
1346 protocol_version = 70,
1347 insufficient_security = 71,
1348 internal_error = 80,
1349 user_canceled = 90,
1350 no_renegotiation = 100,
1351 }
1352 }
1353
1354 enum HeartbeatMessageType {
1355 heartbeat_request = 1,
1356 heartbeat_response = 2,
1357 }
1358
1359 interface CipherSuite {
1360 id: [Byte, Byte];
1361 name: string;
1362 }
1363
1364 const CipherSuites: { [name: string]: CipherSuite };
1365
1366 interface CertificateRequest {
1367 certificate_types: util.ByteBuffer;
1368 certificate_authorities: util.ByteBuffer;
1369 }
1370
1371 type ConnectionState = any;
1372
1373 interface Connection {
1374 version: ProtocolVersion;
1375 entity: ConnectionEnd;
1376 sessionId: Bytes | null;
1377 caStore: pki.CAStore;
1378 sessionCache: SessionCache | null;
1379 cipherSuites: CipherSuite[];
1380 connected(conn: Connection): void;
1381 virtualHost: string | null;
1382 verifyClient: boolean;
1383 verify(conn: Connection, verified: Verified, depth: number, certs: pki.Certificate[]): Verified;
1384 getCertificate:
1385 | ((conn: Connection, hint: CertificateRequest | string[]) => pki.PEM | ReadonlyArray<pki.PEM>)
1386 | null;
1387 getPrivateKey: ((conn: Connection, certificate: pki.Certificate) => pki.PEM) | null;
1388 getSignature:
1389 | ((conn: Connection, bytes: Bytes, callback: (conn: Connection, bytes: Bytes) => void) => void)
1390 | null;
1391 input: util.ByteBuffer;
1392 tlsData: util.ByteBuffer;
1393 data: util.ByteBuffer;
1394 tlsDataReady(conn: Connection): void;
1395 dataReady(conn: Connection): void;
1396 heartbeatReceived: ((conn: Connection, payload: util.ByteBuffer) => void) | undefined;
1397 closed(conn: Connection): void;
1398 error(conn: Connection, error: TLSError): void;
1399 deflate: ((inBytes: Bytes) => Bytes) | null;
1400 inflate: ((inBytes: Bytes) => Bytes) | null;
1401 reset(clearFail?: boolean): void;
1402 record: Record | null;
1403 session: Session | null;
1404 peerCertificate: pki.Certificate | null;
1405 state: { pending: ConnectionState | null; current: ConnectionState };
1406 expect: number;
1407 fragmented: Record | null;
1408 records: Record[];
1409 open: boolean;
1410 handshakes: number;
1411 handshaking: boolean;
1412 isConnected: boolean;
1413 fail: boolean;
1414 handshake(sessionId?: Bytes | null): void;
1415 process(data: Bytes): number;
1416 prepare(data: Bytes): boolean;
1417 prepareHeartbeatRequest(payload: Bytes | util.ByteBuffer, payloadLength?: number): boolean;
1418 close(clearFail?: boolean): Connection;
1419 }
1420
1421 interface Record {
1422 type: ContentType;
1423 version: ProtocolVersion;
1424 length: number;
1425 fragment: util.ByteBuffer;
1426 ready?: boolean | undefined;
1427 }
1428
1429 interface Session {
1430 version: ProtocolVersion | null;
1431 extensions: { [_: string]: object };
1432 cipherSuite: CipherSuite | null;
1433 compressionMethod: CompressionMethod | null;
1434 serverCertificate: pki.Certificate | null;
1435 clientCertificate: pki.Certificate | null;
1436 md5: md.MessageDigest;
1437 sha1: md.MessageDigest;
1438 }
1439
1440 interface SessionCache {
1441 cache: { [key: string]: Session };
1442 capacity: number;
1443 order: [Hex];
1444 getSession(sessionId: Bytes): Session;
1445 setSession(sessionId: Bytes, session: Session): void;
1446 }
1447
1448 function createSessionCache(cache?: SessionCache | { [key: string]: Session }, capacity?: number): SessionCache;
1449
1450 interface Alert {
1451 level: Alert.Level;
1452 description: Alert.Description;
1453 }
1454
1455 interface TLSError extends Error {
1456 message: string;
1457 send: boolean;
1458 origin: 'server' | 'client';
1459 alert: Alert;
1460 }
1461
1462 type Verified = true | { message?: string | undefined; alert?: Alert.Description | undefined };
1463
1464 function createConnection(options: {
1465 server?: boolean | undefined;
1466 sessionId?: Bytes | null | undefined;
1467 caStore?: pki.CAStore | ReadonlyArray<pki.Certificate> | undefined;
1468 sessionCache?: SessionCache | { [key: string]: Session } | undefined;
1469 cipherSuites?: CipherSuite[] | undefined;
1470 connected(conn: Connection): void;
1471 virtualHost?: string | undefined;
1472 verifyClient?: boolean | undefined;
1473 verify?(conn: Connection, verified: Verified, depth: number, certs: pki.Certificate[]): Verified;
1474 getCertificate?(conn: Connection, hint: CertificateRequest | string[]): pki.PEM | ReadonlyArray<pki.PEM>;
1475 getPrivateKey?(conn: Connection, certificate: pki.Certificate): pki.PEM;
1476 getSignature?(conn: Connection, bytes: Bytes, callback: (conn: Connection, bytes: Bytes) => void): void;
1477 tlsDataReady(conn: Connection): void;
1478 dataReady(conn: Connection): void;
1479 heartbeatReceived?(conn: Connection, payload: util.ByteBuffer): void;
1480 closed(conn: Connection): void;
1481 error(conn: Connection, error: TLSError): void;
1482 deflate?(inBytes: Bytes): Bytes;
1483 inflate?(inBytes: Bytes): Bytes;
1484 }): Connection;
1485
1486 function prf_tls1(secret: string, label: string, seed: string, length: number): util.ByteBuffer;
1487
1488 function hmac_sha1(
1489 key: string | ReadonlyArray<Byte> | util.ByteBuffer,
1490 seqNum: [number, number],
1491 record: Record,
1492 ): Bytes;
1493 }
1494}
1495
\No newline at end of file