UNPKG

57.2 kBTypeScriptView Raw
1/// <reference types="node" />
2
3declare module "node-forge" {
4 type Byte = number;
5 type Bytes = string;
6 type Hex = string;
7 type Base64 = string;
8 type Utf8 = string;
9 type OID = string;
10 type Encoding = "raw" | "utf8";
11
12 namespace jsbn {
13 interface RandomGenerator {
14 nextBytes(bytes: number[]): void;
15 }
16 class BigInteger {
17 static ZERO: BigInteger;
18 static ONE: BigInteger;
19 constructor(a: null);
20 constructor(a: number, c: RandomGenerator);
21 constructor(a: number, b: number, c: RandomGenerator);
22 constructor(a: string, b?: number);
23 constructor(a: number[], b?: number);
24 constructor(a: BigInteger);
25 data: number[];
26 t: number;
27 s: number;
28 am(i: number, x: number, w: BigInteger, j: number, c: number, n: number): number;
29 toString(b?: number): string;
30 bitLength(): number;
31 negate(): BigInteger;
32 abs(): BigInteger;
33 compareTo(a: BigInteger): number;
34 bitLength(): number;
35 mod(a: BigInteger): BigInteger;
36 modPowInt(e: number, m: BigInteger): BigInteger;
37 clone(): BigInteger;
38 intValue(): number;
39 byteValue(): number;
40 shortValue(): number;
41 signum(): number;
42 toByteArray(): number[];
43 equals(a: BigInteger): boolean;
44 min(a: BigInteger): BigInteger;
45 max(a: BigInteger): BigInteger;
46 and(a: BigInteger): BigInteger;
47 or(a: BigInteger): BigInteger;
48 xor(a: BigInteger): BigInteger;
49 andNot(a: BigInteger): BigInteger;
50 not(): BigInteger;
51 shiftLeft(n: number): BigInteger;
52 shiftRight(n: number): BigInteger;
53 getLowestSetBit(): number;
54 bitCount(): number;
55 testBit(n: number): boolean;
56 clearBit(n: number): BigInteger;
57 flipBit(n: number): BigInteger;
58 add(a: BigInteger): BigInteger;
59 subtract(a: BigInteger): BigInteger;
60 multiply(a: BigInteger): BigInteger;
61 squareTo(a: BigInteger): BigInteger;
62 divide(a: BigInteger): BigInteger;
63 remainder(a: BigInteger): BigInteger;
64 divideAndRemainder(a: BigInteger): BigInteger[]; // Array of 2 items
65 pow(e: number): BigInteger;
66 modPow(e: BigInteger, m: BigInteger): BigInteger;
67 gcd(a: BigInteger): BigInteger;
68 modInverse(m: BigInteger): BigInteger;
69 isProbablePrime(t: number): boolean;
70 }
71 }
72
73 namespace rc2 {
74 type pad_function = (blockSize: number, buffer: util.ByteBuffer, decrypt: boolean) => boolean;
75 interface cipher {
76 start(iv: util.ByteBuffer | string | null, output?: util.ByteBuffer): void;
77 update(input: util.ByteBuffer): void;
78 finish(pad?: pad_function): boolean;
79 output: util.ByteBuffer;
80 }
81
82 function expandKey(key: string | util.ByteBuffer, effKeyBits?: number): util.ByteBuffer;
83 function startEncrypting(
84 key: string | util.ByteBuffer,
85 iv: util.ByteBuffer | Byte[] | Bytes,
86 output: util.ByteBuffer | null,
87 ): rc2.cipher;
88 function createEncryptionCipher(key: string | util.ByteBuffer, bits?: number): rc2.cipher;
89 function startDecrypting(
90 key: string | util.ByteBuffer,
91 iv: util.ByteBuffer | Byte[] | Bytes,
92 output: util.ByteBuffer | null,
93 ): rc2.cipher;
94 function createDecryptionCipher(key: string | util.ByteBuffer, bits?: number): rc2.cipher;
95 }
96
97 namespace kem {
98 namespace rsa {
99 interface kem {
100 /**
101 * Generates a secret key and its encapsulation.
102 *
103 * @param publicKey the RSA public key to encrypt with.
104 * @param keyLength the length, in bytes, of the secret key to generate.
105 */
106 encrypt(publicKey: pki.rsa.PublicKey, keyLength: number): EncryptResult;
107 /**
108 * Decrypts an encapsulated secret key.
109 *
110 * @param privateKey the RSA private key to decrypt with.
111 * @param encapsulation the ciphertext for generating the secret key, as a binary-encoded
112 * string of bytes.
113 * @param keyLength the length, in bytes, of the secret key to generate.
114 *
115 * @return the secret key as a binary-encoded string of bytes.
116 */
117 decrypt(privateKey: pki.rsa.PrivateKey, encapsulation: string, keyLength: number): string;
118 }
119
120 interface random {
121 getBytesSync(count: number): Bytes;
122 }
123
124 interface Options {
125 /**
126 * A custom crypto-secure pseudo-random number generator to use.
127 */
128 prng?: random | undefined;
129 }
130
131 /**
132 * Creates an RSA KEM API object for generating a secret asymmetric key.
133 *
134 * The symmetric key may be generated via a call to 'encrypt', which will
135 * produce a ciphertext to be transmitted to the recipient and a key to be
136 * kept secret. The ciphertext is a parameter to be passed to 'decrypt' which
137 * will produce the same secret key for the recipient to use to decrypt a
138 * message that was encrypted with the secret key.
139 *
140 * @param kdf the KDF API to use (eg: `new forge.kem.kdf1()`).
141 * @param options the options to use.
142 */
143 function create(kdf: KDF, options?: Options): kem;
144 }
145
146 interface EncryptResult {
147 /**
148 * The ciphertext for generating the secret key, as a binary-encoded string of bytes.
149 */
150 encapsulation: string;
151 /**
152 * The secret key to use for encrypting a message.
153 */
154 key: string;
155 }
156
157 interface KDF {
158 /**
159 * Generate a key of the specified length.
160 *
161 * @param x the binary-encoded byte string to generate a key from.
162 * @param length the number of bytes to generate (the size of the key).
163 *
164 * @return the key as a binary-encoded string.
165 */
166 generate(x: string, length: number): string;
167 }
168
169 /**
170 * Creates a key derivation API object that implements KDF1 per ISO 18033-2.
171 *
172 * @param md the hash API to use.
173 * @param digestLength a digest length that must be positive and less than or equal to `md.digestLength`.
174 *
175 * @return a KDF1 API object.
176 */
177 class kdf1 implements KDF {
178 constructor(md: md.MessageDigest, digestLength?: number);
179 /**
180 * Generate a key of the specified length.
181 *
182 * @param x the binary-encoded byte string to generate a key from.
183 * @param length the number of bytes to generate (the size of the key).
184 *
185 * @return the key as a binary-encoded string.
186 */
187 generate(x: string, length: number): string;
188 }
189
190 /**
191 * Creates a key derivation API object that implements KDF2 per ISO 18033-2.
192 *
193 * @param md the hash API to use.
194 * @param digestLength a digest length that must be positive and less than or equal to `md.digestLength`.
195 *
196 * @return a KDF2 API object.
197 */
198 class kdf2 implements KDF {
199 constructor(md: md.MessageDigest, digestLength?: number);
200 /**
201 * Generate a key of the specified length.
202 *
203 * @param x the binary-encoded byte string to generate a key from.
204 * @param length the number of bytes to generate (the size of the key).
205 *
206 * @return the key as a binary-encoded string.
207 */
208 generate(x: string, length: number): string;
209 }
210 }
211
212 namespace pem {
213 interface EncodeOptions {
214 maxline?: number | undefined;
215 }
216
217 interface ObjectPEM {
218 type: string;
219 body: Bytes;
220 procType?: any;
221 contentDomain?: any;
222 dekInfo?: any;
223 headers?: any[] | undefined;
224 }
225
226 function encode(msg: ObjectPEM, options?: EncodeOptions): string;
227 function decode(str: string): ObjectPEM[];
228 }
229
230 namespace pki {
231 type PEM = string;
232 type PublicKey = rsa.PublicKey | ed25519.Key;
233 type PrivateKey = rsa.PrivateKey | ed25519.Key;
234 type EncryptionOptions = {
235 algorithm?: "aes128" | "aes192" | "aes256" | "3des" | undefined;
236 count?: number | undefined;
237 saltSize?: number | undefined;
238 prfAlgorithm?: "sha1" | "sha224" | "sha256" | "sha384" | "sha512" | undefined;
239 legacy?: boolean | undefined;
240 };
241
242 interface ByteBufferFingerprintOptions {
243 /**
244 * @description The type of fingerprint. If not specified, defaults to 'RSAPublicKey'
245 */
246 type?: "SubjectPublicKeyInfo" | "RSAPublicKey" | undefined;
247 /**
248 * @description the delimiter to use between bytes for `hex` encoded output
249 */
250 delimiter?: string | undefined;
251 /**
252 * @description if not specified defaults to `md.md5`
253 */
254 md?: md.MessageDigest | undefined;
255 }
256
257 interface HexFingerprintOptions extends ByteBufferFingerprintOptions {
258 /**
259 * @description if not specified, the function will return `ByteStringBuffer`
260 */
261 encoding: "hex";
262 }
263
264 interface BinaryFingerprintOptions extends ByteBufferFingerprintOptions {
265 /**
266 * @description if not specified, the function will return `ByteStringBuffer`
267 */
268 encoding: "binary";
269 }
270
271 interface KeyPair {
272 publicKey: PublicKey;
273 privateKey: PrivateKey;
274 }
275
276 interface oids {
277 [key: string]: string;
278 }
279 var oids: oids;
280
281 namespace rsa {
282 type EncryptionScheme = "RSAES-PKCS1-V1_5" | "RSA-OAEP" | "RAW" | "NONE" | null;
283 type SignatureScheme = "RSASSA-PKCS1-V1_5" | pss.PSS | "NONE" | null;
284
285 interface PublicKey {
286 n: jsbn.BigInteger;
287 e: jsbn.BigInteger;
288 encrypt(data: Bytes, scheme?: EncryptionScheme, schemeOptions?: any): Bytes;
289 verify(digest: Bytes, signature: Bytes, scheme?: SignatureScheme): boolean;
290 }
291
292 interface PrivateKey {
293 n: jsbn.BigInteger;
294 e: jsbn.BigInteger;
295 d: jsbn.BigInteger;
296 p: jsbn.BigInteger;
297 q: jsbn.BigInteger;
298 dP: jsbn.BigInteger;
299 dQ: jsbn.BigInteger;
300 qInv: jsbn.BigInteger;
301 decrypt(data: Bytes, scheme?: EncryptionScheme, schemeOptions?: any): Bytes;
302 sign(md: md.MessageDigest | Bytes, scheme?: SignatureScheme): Bytes;
303 }
304
305 interface KeyPair {
306 publicKey: PublicKey;
307 privateKey: PrivateKey;
308 }
309
310 interface GenerateKeyPairOptions {
311 bits?: number | undefined;
312 e?: number | undefined;
313 workerScript?: string | undefined;
314 workers?: number | undefined;
315 workLoad?: number | undefined;
316 prng?: any;
317 algorithm?: string | undefined;
318 }
319
320 function setPublicKey(n: jsbn.BigInteger, e: jsbn.BigInteger): PublicKey;
321
322 function setPrivateKey(
323 n: jsbn.BigInteger,
324 e: jsbn.BigInteger,
325 d: jsbn.BigInteger,
326 p: jsbn.BigInteger,
327 q: jsbn.BigInteger,
328 dP: jsbn.BigInteger,
329 dQ: jsbn.BigInteger,
330 qInv: jsbn.BigInteger,
331 ): PrivateKey;
332
333 function generateKeyPair(
334 bits?: number,
335 e?: number,
336 callback?: (err: Error, keypair: KeyPair) => void,
337 ): KeyPair;
338 function generateKeyPair(
339 options?: GenerateKeyPairOptions,
340 callback?: (err: Error, keypair: KeyPair) => void,
341 ): KeyPair;
342 }
343
344 namespace ed25519 {
345 type NativeBuffer = Buffer | Uint8Array;
346 type Key = NativeBuffer;
347
348 type ToNativeBufferParameters =
349 | {
350 md: md.MessageDigest;
351 }
352 | {
353 message: NativeBuffer | util.ByteBuffer;
354 }
355 | {
356 message: string;
357 encoding: "binary" | "utf8";
358 };
359
360 // `string`s will be converted by toNativeBuffer with `encoding: 'binary'`
361 type BinaryBuffer = NativeBuffer | util.ByteBuffer | string;
362
363 namespace constants {
364 const PUBLIC_KEY_BYTE_LENGTH = 32;
365 const PRIVATE_KEY_BYTE_LENGTH = 64;
366 const SEED_BYTE_LENGTH = 32;
367 const SIGN_BYTE_LENGTH = 64;
368 const HASH_BYTE_LENGTH = 64;
369 }
370
371 // generateKeyPair does not currently accept `util.ByteBuffer` as the seed.
372 function generateKeyPair(options?: { seed?: NativeBuffer | string | undefined }): {
373 publicKey: NativeBuffer;
374 privateKey: NativeBuffer;
375 };
376
377 function privateKeyFromAsn1(obj: asn1.Asn1): { privateKeyBytes: NativeBuffer };
378
379 function publicKeyFromAsn1(obj: asn1.Asn1): NativeBuffer;
380
381 function publicKeyFromPrivateKey(options: { privateKey: BinaryBuffer }): NativeBuffer;
382
383 function sign(
384 options: ToNativeBufferParameters & {
385 privateKey: BinaryBuffer;
386 },
387 ): NativeBuffer;
388
389 function verify(
390 options: ToNativeBufferParameters & {
391 signature: BinaryBuffer;
392 publicKey: BinaryBuffer;
393 },
394 ): boolean;
395 }
396
397 interface CertificateFieldOptions {
398 name?: string | undefined;
399 type?: string | undefined;
400 shortName?: string | undefined;
401 }
402
403 interface CertificateField extends CertificateFieldOptions {
404 valueConstructed?: boolean | undefined;
405 valueTagClass?: asn1.Class | undefined;
406 value?: any[] | string | undefined;
407 extensions?: any[] | undefined;
408 }
409
410 interface Certificate {
411 version: number;
412 serialNumber: string;
413 signatureOid: string;
414 signature: any;
415 siginfo: {
416 algorithmOid: string;
417 parameters: any;
418 };
419 validity: {
420 notBefore: Date;
421 notAfter: Date;
422 };
423 issuer: {
424 getField(sn: string | CertificateFieldOptions): any;
425 addField(attr: CertificateField): void;
426 attributes: CertificateField[];
427 hash: any;
428 };
429 subject: {
430 getField(sn: string | CertificateFieldOptions): any;
431 addField(attr: CertificateField): void;
432 attributes: CertificateField[];
433 hash: any;
434 };
435 extensions: any[];
436 privateKey: PrivateKey;
437 publicKey: PublicKey;
438 md: md.MessageDigest;
439 signatureParameters: any;
440 tbsCertificate: asn1.Asn1;
441 /**
442 * Sets the subject of this certificate.
443 *
444 * @param attrs the array of subject attributes to use.
445 * @param uniqueId an optional a unique ID to use.
446 */
447 setSubject(attrs: CertificateField[], uniqueId?: string): void;
448 /**
449 * Sets the issuer of this certificate.
450 *
451 * @param attrs the array of subject attributes to use.
452 * @param uniqueId an optional a unique ID to use.
453 */
454 setIssuer(attrs: CertificateField[], uniqueId?: string): void;
455 /**
456 * Sets the extensions of this certificate.
457 *
458 * @param exts the array of extensions to use.
459 */
460 setExtensions(exts: any[]): void;
461 /**
462 * Gets an extension by its name or id.
463 *
464 * @param options the name to use or an object with:
465 * name the name to use.
466 * id the id to use.
467 *
468 * @return the extension or null if not found.
469 */
470 getExtension(options: string | { name: string } | { id: number }): {} | undefined;
471
472 /**
473 * Signs this certificate using the given private key.
474 *
475 * @param key the private key to sign with.
476 * @param md the message digest object to use (defaults to forge.md.sha1).
477 */
478 sign(key: pki.PrivateKey, md?: md.MessageDigest): void;
479 /**
480 * Attempts verify the signature on the passed certificate using this
481 * certificate's public key.
482 *
483 * @param child the certificate to verify.
484 *
485 * @return true if verified, false if not.
486 */
487 verify(child: Certificate): boolean;
488
489 /**
490 * Returns true if this certificate's issuer matches the passed
491 * certificate's subject. Note that no signature check is performed.
492 *
493 * @param parent the certificate to check.
494 *
495 * @return true if this certificate's issuer matches the passed certificate's
496 * subject.
497 */
498 isIssuer(parent: Certificate): boolean;
499
500 /**
501 * Returns true if this certificate's subject matches the issuer of the
502 * given certificate). Note that not signature check is performed.
503 *
504 * @param child the certificate to check.
505 *
506 * @return true if this certificate's subject matches the passed
507 * certificate's issuer.
508 */
509 issued(child: Certificate): boolean;
510
511 /**
512 * Generates the subjectKeyIdentifier for this certificate as byte buffer.
513 *
514 * @return the subjectKeyIdentifier for this certificate as byte buffer.
515 */
516 generateSubjectKeyIdentifier(): util.ByteStringBuffer;
517
518 /**
519 * Verifies the subjectKeyIdentifier extension value for this certificate
520 * against its public key. If no extension is found, false will be
521 * returned.
522 *
523 * @return true if verified, false if not.
524 */
525 verifySubjectKeyIdentifier(): boolean;
526 }
527
528 interface CertificateSigningRequest {
529 version: number;
530 signatureOid: string | null;
531 signature: any;
532 siginfo: {
533 algorithmOid: string | null;
534 };
535 subject: {
536 getField(sn: string | CertificateFieldOptions): any;
537 addField(attr: CertificateField): void;
538 attributes: CertificateField[];
539 hash: any;
540 };
541 publicKey: PublicKey | null;
542 attributes: CertificateField[];
543 /**
544 * Gets an issuer or subject attribute from its name, type, or short name.
545 *
546 * @param opts a short name string or an object with:
547 * shortName the short name for the attribute.
548 * name the name for the attribute.
549 * type the type for the attribute.
550 *
551 * @return the attribute.
552 */
553 getAttribute(sn: string | GetAttributeOpts): Attribute | null;
554 addAttribute(attr: CertificateField): void;
555 md: md.MessageDigest | null;
556 signatureParameters: any;
557 certificationRequestInfo: asn1.Asn1 | null;
558
559 /**
560 * Sets the subject of this csr.
561 *
562 * @param attrs the array of subject attributes to use.
563 * @param uniqueId an optional a unique ID to use.
564 */
565 setSubject(attrs: CertificateField[]): void;
566 setAttributes(attrs: CertificateField[]): void;
567 /**
568 * Signs this csr using the given private key.
569 *
570 * @param key the private key to sign with.
571 * @param md the message digest object to use (defaults to forge.md.sha1).
572 */
573 sign(key: pki.PrivateKey, md?: md.MessageDigest): void;
574 /**
575 * Attempts verify the signature on this csr using this
576 * csr's public key.
577 *
578 * @return true if verified, false if not.
579 */
580 verify(): boolean;
581 }
582
583 /**
584 * Attribute members to search on; any one hit will return the attribute
585 */
586 interface GetAttributeOpts {
587 /**
588 * OID
589 */
590 type?: string | undefined;
591 /**
592 * Long name
593 */
594 name?: string | undefined;
595 /**
596 * Short name
597 */
598 shortName?: string | undefined;
599 }
600
601 interface Attribute {
602 /**
603 * e.g. challengePassword
604 */
605 name: string;
606 /**
607 * Short name, if available (e.g. 'CN' for 'commonName')
608 */
609 shortName?: string | undefined;
610 /**
611 * OID, e.g. '1.2.840.113549.1.9.7'
612 */
613 type: string;
614 /**
615 * Attribute value
616 */
617 value: any;
618 /**
619 * Attribute value data type
620 */
621 valueTagClass: number;
622 /**
623 * Extensions
624 */
625 extensions?: any[] | undefined;
626 }
627
628 interface CAStore {
629 addCertificate(cert: Certificate | string): void;
630 hasCertificate(cert: Certificate | string): boolean;
631 removeCertificate(cert: Certificate | string): Certificate | null;
632 listAllCertificates(): pki.Certificate[];
633 getIssuer(subject: Certificate): Certificate | null;
634 getBySubject(subject: string): Certificate | null;
635 }
636
637 function certificateFromAsn1(obj: asn1.Asn1, computeHash?: boolean): Certificate;
638
639 function certificationRequestFromAsn1(obj: asn1.Asn1, computeHash?: boolean): CertificateSigningRequest;
640
641 function certificateToAsn1(cert: Certificate): asn1.Asn1;
642
643 function certificationRequestToAsn1(cert: CertificateSigningRequest): asn1.Asn1;
644
645 function decryptRsaPrivateKey(pem: PEM, passphrase?: string): rsa.PrivateKey;
646
647 function createCertificate(): Certificate;
648
649 function certificationRequestToPem(csr: CertificateSigningRequest, maxline?: number): PEM;
650
651 function certificationRequestFromPem(
652 pem: PEM,
653 computeHash?: boolean,
654 strict?: boolean,
655 ): CertificateSigningRequest;
656
657 function createCertificationRequest(): CertificateSigningRequest;
658
659 function certificateToPem(cert: Certificate, maxline?: number): PEM;
660
661 function certificateFromPem(pem: PEM, computeHash?: boolean, strict?: boolean): Certificate;
662
663 function createCaStore(certs?: ReadonlyArray<Certificate | pki.PEM>): CAStore;
664
665 function verifyCertificateChain(
666 caStore: CAStore,
667 chain: Certificate[],
668 options?:
669 | ((verified: boolean | string, depth: number, certs: Certificate[]) => boolean)
670 | {
671 verify?:
672 | ((verified: boolean | string, depth: number, certs: Certificate[]) => boolean)
673 | undefined;
674 validityCheckDate?: Date | null | undefined;
675 },
676 ): boolean;
677
678 function pemToDer(pem: PEM): util.ByteStringBuffer;
679
680 function privateKeyToPem(key: PrivateKey, maxline?: number): PEM;
681
682 function privateKeyInfoToPem(key: asn1.Asn1, maxline?: number): PEM;
683
684 function publicKeyToPem(key: PublicKey, maxline?: number): PEM;
685
686 function publicKeyToRSAPublicKeyPem(key: PublicKey, maxline?: number): PEM;
687
688 function publicKeyFromPem(pem: PEM): rsa.PublicKey;
689
690 function privateKeyFromPem(pem: PEM): rsa.PrivateKey;
691
692 function decryptPrivateKeyInfo(obj: asn1.Asn1, password: string): asn1.Asn1;
693
694 function encryptPrivateKeyInfo(obj: asn1.Asn1, password: string, options?: EncryptionOptions): asn1.Asn1;
695
696 function encryptedPrivateKeyFromPem(pem: PEM): asn1.Asn1;
697
698 function encryptedPrivateKeyToPem(obj: asn1.Asn1): PEM;
699
700 function decryptRsaPrivateKey(pem: PEM, password: string): rsa.PrivateKey;
701
702 function encryptRsaPrivateKey(privateKey: PrivateKey, password: string, options?: EncryptionOptions): PEM;
703
704 function privateKeyFromAsn1(privateKey: asn1.Asn1): rsa.PrivateKey;
705
706 function privateKeyToAsn1(privateKey: PrivateKey): asn1.Asn1;
707
708 function publicKeyFromAsn1(publicKey: asn1.Asn1): rsa.PublicKey;
709
710 function publicKeyToAsn1(publicKey: PublicKey): asn1.Asn1;
711
712 function publicKeyToRSAPublicKey(publicKey: PublicKey): any;
713
714 const setRsaPublicKey: typeof pki.rsa.setPublicKey;
715
716 const setRsaPrivateKey: typeof pki.rsa.setPrivateKey;
717
718 function wrapRsaPrivateKey(privateKey: asn1.Asn1): asn1.Asn1;
719
720 function getPublicKeyFingerprint(
721 publicKey: PublicKey,
722 options?: ByteBufferFingerprintOptions,
723 ): util.ByteStringBuffer;
724 function getPublicKeyFingerprint(publicKey: PublicKey, options: HexFingerprintOptions): Hex;
725 function getPublicKeyFingerprint(publicKey: PublicKey, options: BinaryFingerprintOptions): Bytes;
726 }
727
728 namespace random {
729 function getBytes(count: number, callback?: (err: Error | null, bytes: Bytes) => any): void;
730 function getBytesSync(count: number): Bytes;
731 type CB = (_: any, seed: string) => void;
732 interface Random {
733 seedFileSync: (needed: number) => string;
734 seedFile: (needed: number, cb: CB) => void;
735 }
736 function createInstance(): Random;
737 }
738
739 namespace ssh {
740 interface FingerprintOptions {
741 /**
742 * @description the delimiter to use between bytes for `hex` encoded output
743 */
744 delimiter?: string | undefined;
745 /**
746 * @description if not specified, the function will return `ByteStringBuffer`
747 */
748 encoding?: "hex" | "binary" | undefined;
749 /**
750 * @description if not specified defaults to `md.md5`
751 */
752 md?: md.MessageDigest | undefined;
753 }
754
755 /**
756 * @description Encodes a private RSA key as an OpenSSH file
757 */
758 function privateKeyToOpenSSH(privateKey: pki.PrivateKey, passphrase?: string): string;
759
760 /**
761 * @description Encodes (and optionally encrypts) a private RSA key as a Putty PPK file
762 */
763 function privateKeyToPutty(privateKey: pki.PrivateKey, passphrase?: string, comment?: string): string;
764
765 /**
766 * @description Encodes a public RSA key as an OpenSSH file
767 */
768 function publicKeyToOpenSSH(publicKey: pki.PublicKey, comment?: string): string | pki.PEM;
769
770 /**
771 * @description Gets the SSH fingerprint for the given public key
772 */
773 function getPublicKeyFingerprint(
774 publicKey: pki.PublicKey,
775 options?: FingerprintOptions,
776 ): util.ByteStringBuffer | Hex | string;
777 }
778
779 namespace asn1 {
780 enum Class {
781 UNIVERSAL = 0x00,
782 APPLICATION = 0x40,
783 CONTEXT_SPECIFIC = 0x80,
784 PRIVATE = 0xc0,
785 }
786
787 enum Type {
788 NONE = 0,
789 BOOLEAN = 1,
790 INTEGER = 2,
791 BITSTRING = 3,
792 OCTETSTRING = 4,
793 NULL = 5,
794 OID = 6,
795 ODESC = 7,
796 EXTERNAL = 8,
797 REAL = 9,
798 ENUMERATED = 10,
799 EMBEDDED = 11,
800 UTF8 = 12,
801 ROID = 13,
802 SEQUENCE = 16,
803 SET = 17,
804 PRINTABLESTRING = 19,
805 IA5STRING = 22,
806 UTCTIME = 23,
807 GENERALIZEDTIME = 24,
808 BMPSTRING = 30,
809 }
810
811 interface Asn1 {
812 tagClass: Class;
813 type: Type;
814 constructed: boolean;
815 composed: boolean;
816 value: Bytes | Asn1[];
817 }
818
819 function create(tagClass: Class, type: Type, constructed: boolean, value: Bytes | Asn1[]): Asn1;
820 function fromDer(bytes: Bytes | util.ByteBuffer, strict?: boolean): Asn1;
821 function toDer(obj: Asn1): util.ByteBuffer;
822
823 /**
824 * Converts an OID dot-separated string to a byte buffer. The byte buffer
825 * contains only the DER-encoded value, not any tag or length bytes.
826 *
827 * @param oid the OID dot-separated string.
828 *
829 * @return the byte buffer.
830 */
831 function oidToDer(oid: OID): util.ByteBuffer;
832
833 /**
834 * Converts a DER-encoded byte buffer to an OID dot-separated string. The
835 * byte buffer should contain only the DER-encoded value, not any tag or
836 * length bytes.
837 *
838 * @param bytes the byte buffer.
839 *
840 * @return the OID dot-separated string.
841 */
842 function derToOid(bytes: Bytes | util.ByteBuffer): OID;
843
844 function integerToDer(int: number): util.ByteBuffer;
845 function derToInteger(bytes: Bytes | util.ByteBuffer): number;
846
847 function dateToUtcTime(date: Date | string): Bytes;
848 function utcTimeToDate(bytes: Bytes): Date;
849
850 function dateToGeneralizedTime(date: Date | string): Bytes;
851 function generalizedTimeToDate(bytes: Bytes): Date;
852 }
853
854 namespace util {
855 function isArray(x: any): boolean;
856 function isArrayBuffer(x: any): boolean;
857 function isArrayBufferView(x: any): boolean;
858
859 interface ArrayBufferView {
860 buffer: ArrayBuffer;
861 byteLength: number;
862 }
863
864 type ByteBuffer = ByteStringBuffer;
865 class ByteStringBuffer {
866 constructor(bytes?: Bytes | ArrayBuffer | ArrayBufferView | ByteStringBuffer);
867 data: string;
868 read: number;
869 length(): number;
870 isEmpty(): boolean;
871 putByte(byte: Byte): ByteStringBuffer;
872 fillWithByte(byte: Byte, n: number): ByteStringBuffer;
873 putBytes(bytes: Bytes): ByteStringBuffer;
874 putString(str: string): ByteStringBuffer;
875 putInt16(int: number): ByteStringBuffer;
876 putInt24(int: number): ByteStringBuffer;
877 putInt32(int: number): ByteStringBuffer;
878 putInt16Le(int: number): ByteStringBuffer;
879 putInt24Le(int: number): ByteStringBuffer;
880 putInt32Le(int: number): ByteStringBuffer;
881 putInt(int: number, numOfBits: number): ByteStringBuffer;
882 putSignedInt(int: number, numOfBits: number): ByteStringBuffer;
883 putBuffer(buffer: ByteStringBuffer): ByteStringBuffer;
884 getByte(): number;
885 getInt16(): number;
886 getInt24(): number;
887 getInt32(): number;
888 getInt16Le(): number;
889 getInt24Le(): number;
890 getInt32Le(): number;
891 getInt(numOfBits: number): number;
892 getSignedInt(numOfBits: number): number;
893 getBytes(count?: number): Bytes;
894 bytes(count?: number): Bytes;
895 at(index: number): Byte;
896 setAt(index: number, byte: number): ByteStringBuffer;
897 last(): Byte;
898 copy(): ByteStringBuffer;
899 compact(): ByteStringBuffer;
900 clear(): ByteStringBuffer;
901 truncate(): ByteStringBuffer;
902 toHex(): Hex;
903 toString(): string;
904 }
905
906 function fillString(char: string, count: number): string;
907 function xorBytes(bytes1: string, bytes2: string, count: number): string;
908 function hexToBytes(hex: Hex): Bytes;
909 function bytesToHex(bytes: Bytes): Hex;
910 function int32ToBytes(int: number): Bytes;
911 function encode64(bytes: Bytes, maxline?: number): Base64;
912 function decode64(encoded: Base64): Bytes;
913 function encodeUtf8(str: string): Utf8;
914 function decodeUtf8(encoded: Utf8): string;
915
916 function createBuffer(): ByteBuffer;
917 function createBuffer(
918 input: Bytes | ArrayBuffer | ArrayBufferView | ByteStringBuffer,
919 encoding?: Encoding,
920 ): ByteBuffer;
921
922 namespace binary {
923 namespace raw {
924 function encode(x: Uint8Array): Bytes;
925 function decode(str: Bytes, output?: Uint8Array, offset?: number): Uint8Array;
926 }
927 namespace hex {
928 function encode(bytes: Bytes | ArrayBuffer | ArrayBufferView | ByteStringBuffer): Hex;
929 function decode(hex: Hex, output?: Uint8Array, offset?: number): Uint8Array;
930 }
931 namespace base64 {
932 function encode(input: Uint8Array, maxline?: number): Base64;
933 function decode(input: Base64, output?: Uint8Array, offset?: number): Uint8Array;
934 }
935 }
936
937 namespace text {
938 namespace utf8 {
939 function encode(str: string, output?: Uint8Array, offset?: number): Uint8Array;
940 function decode(bytes: Uint8Array): Utf8;
941 }
942 namespace utf16 {
943 function encode(str: string, output?: Uint8Array, offset?: number): Uint8Array;
944 function decode(bytes: Uint8Array): string;
945 }
946 }
947 }
948
949 namespace pkcs12 {
950 interface BagsFilter {
951 localKeyId?: string | undefined;
952 localKeyIdHex?: string | undefined;
953 friendlyName?: string | undefined;
954 bagType?: string | undefined;
955 }
956
957 interface Bag {
958 type: string;
959 attributes: any;
960 key?: pki.PrivateKey | undefined;
961 cert?: pki.Certificate | undefined;
962 asn1: asn1.Asn1;
963 }
964
965 interface Pkcs12Pfx {
966 version: string;
967 safeContents: Array<{
968 encrypted: boolean;
969 safeBags: Bag[];
970 }>;
971 getBags: (filter: BagsFilter) => {
972 [key: string]: Bag[] | undefined;
973 localKeyId?: Bag[] | undefined;
974 friendlyName?: Bag[] | undefined;
975 };
976 getBagsByFriendlyName: (fiendlyName: string, bagType: string) => Bag[];
977 getBagsByLocalKeyId: (localKeyId: string, bagType: string) => Bag[];
978 }
979
980 function pkcs12FromAsn1(obj: any, strict?: boolean, password?: string): Pkcs12Pfx;
981 function pkcs12FromAsn1(obj: any, password?: string): Pkcs12Pfx;
982
983 function toPkcs12Asn1(
984 key: pki.PrivateKey | null,
985 cert: pki.Certificate | pki.Certificate[],
986 password: string | null,
987 options?: {
988 algorithm?: "aes128" | "aes192" | "aes256" | "3des" | undefined;
989 count?: number | undefined;
990 saltSize?: number | undefined;
991 useMac?: boolean | undefined;
992 localKeyId?: Hex | undefined;
993 friendlyName?: string | undefined;
994 generateLocalKeyId?: boolean | undefined;
995 },
996 ): asn1.Asn1;
997
998 function generateKey(
999 password: string | null | undefined,
1000 salt: util.ByteBuffer,
1001 id: Byte,
1002 iter: number,
1003 n: number,
1004 md?: md.MessageDigest,
1005 ): util.ByteBuffer;
1006 }
1007
1008 namespace pkcs7 {
1009 interface PkcsSignedData {
1010 content?: string | util.ByteBuffer | undefined;
1011 contentInfo?: { value: any[] } | undefined;
1012
1013 certificates: pki.Certificate[];
1014
1015 addCertificate(certificate: pki.Certificate | string): void;
1016 addSigner(options: {
1017 key: pki.rsa.PrivateKey | string;
1018 certificate: pki.Certificate | string;
1019 digestAlgorithm: string;
1020 authenticatedAttributes?: Array<{ type: string; value?: string | undefined }> | undefined;
1021 }): void;
1022 sign(options?: { detached?: boolean | undefined }): void;
1023 toAsn1(): asn1.Asn1;
1024 }
1025
1026 function createSignedData(): PkcsSignedData;
1027
1028 interface Recipient {
1029 version: number;
1030 issuer: pki.CertificateField[];
1031 serialNumber: Hex;
1032 encryptedContent: {
1033 algorithm: OID;
1034 parameter: Bytes;
1035 content: Bytes;
1036 };
1037 }
1038
1039 interface PkcsEnvelopedData {
1040 content?: string | util.ByteBuffer | undefined;
1041 recipients: Recipient[];
1042
1043 /**
1044 * Add (another) entity to list of recipients.
1045 *
1046 * @param certificate The certificate of the entity to add.
1047 */
1048 addRecipient(certificate: pki.Certificate): void;
1049 /**
1050 * Encrypt enveloped content.
1051 *
1052 * This function supports two optional arguments, cipher and key, which
1053 * can be used to influence symmetric encryption. Unless cipher is
1054 * provided, the cipher specified in encryptedContent.algorithm is used
1055 * (defaults to AES-256-CBC). If no key is provided, encryptedContent.key
1056 * is (re-)used. If that one's not set, a random key will be generated
1057 * automatically.
1058 *
1059 * @param [key] The key to be used for symmetric encryption.
1060 * @param [cipher] The OID of the symmetric cipher to use.
1061 */
1062 encrypt(key?: util.ByteBuffer, cipher?: OID): void;
1063
1064 /**
1065 * Find recipient by X.509 certificate's issuer and serialNumber.
1066 *
1067 * @param cert the certificate with the issuer to look for.
1068 *
1069 * @return the recipient object, or `null` if no match.
1070 */
1071 findRecipient(cert: pki.Certificate): Recipient | null;
1072 /**
1073 * Decrypt enveloped content
1074 *
1075 * @param recipient The recipient object related to the private key
1076 * @param privKey The (RSA) private key object
1077 */
1078 decrypt(recipient: Recipient, privKey: pki.rsa.PrivateKey): void;
1079
1080 toAsn1(): asn1.Asn1;
1081 }
1082
1083 function createEnvelopedData(): PkcsEnvelopedData;
1084
1085 /** When a PKCS#7 object has been created by reading from a message, the raw captured object is joined */
1086 type Captured<T> = T & {
1087 rawCapture: any;
1088 };
1089
1090 /**
1091 * Converts a PKCS#7 message to PEM format.
1092 *
1093 * @param msg The PKCS#7 message object
1094 * @param maxline The maximum characters per line, defaults to 64.
1095 *
1096 * @return The PEM-formatted PKCS#7 message.
1097 */
1098 function messageToPem(msg: PkcsSignedData, maxline?: number): string;
1099
1100 /**
1101 * Converts a PKCS#7 message from PEM format.
1102 *
1103 * @param pem the PEM-formatted PKCS#7 message.
1104 *
1105 * @return the PKCS#7 message.
1106 */
1107 function messageFromPem(pem: pki.PEM): Captured<PkcsEnvelopedData | PkcsSignedData>;
1108
1109 /**
1110 * Converts a PKCS#7 message from an ASN.1 object.
1111 *
1112 * @param asn the ASN.1 representation of a ContentInfo.
1113 *
1114 * @return the PKCS#7 message.
1115 */
1116 function messageFromAsn1(asn: asn1.Asn1): Captured<PkcsEnvelopedData | PkcsSignedData>;
1117 }
1118
1119 namespace pkcs5 {
1120 function pbkdf2(password: string, salt: string, iterations: number, keySize: number): string;
1121 function pbkdf2(
1122 password: string,
1123 salt: string,
1124 iterations: number,
1125 keySize: number,
1126 messageDigest: md.MessageDigest | md.Algorithm,
1127 ): string;
1128 function pbkdf2(
1129 password: string,
1130 salt: string,
1131 iterations: number,
1132 keySize: number,
1133 callback: (err: Error | null, dk: string | null) => any,
1134 ): void;
1135 function pbkdf2(
1136 password: string,
1137 salt: string,
1138 iterations: number,
1139 keySize: number,
1140 messageDigest?: md.MessageDigest | md.Algorithm,
1141 callback?: (err: Error | null, dk: string) => any,
1142 ): void;
1143 }
1144
1145 const md: {
1146 sha1: {
1147 create(): md.sha1.MessageDigest;
1148 };
1149 sha256: {
1150 create(): md.sha256.MessageDigest;
1151 };
1152 sha512: {
1153 create<TAlg extends md.sha512.AlgorithmSelection = md.sha512.AlgorithmSelection.Sha512>(
1154 /** @default 'SHA-512' */
1155 algorithm?: TAlg,
1156 ): TAlg extends md.sha512.AlgorithmSelection.Sha384 ? md.sha512.Sha384MessageDigest
1157 : TAlg extends md.sha512.AlgorithmSelection.Sha512224 ? md.sha512.Sha512224MessageDigest
1158 : TAlg extends md.sha512.AlgorithmSelection.Sha512256 ? md.sha512.Sha512256MessageDigest
1159 : TAlg extends md.sha512.AlgorithmSelection.Sha512 ? md.sha512.Sha512MessageDigest
1160 : never;
1161 sha224: {
1162 create(): md.sha512.Sha512224MessageDigest;
1163 };
1164 sha256: {
1165 create(): md.sha512.Sha512256MessageDigest;
1166 };
1167 sha384: {
1168 create(): md.sha512.Sha384MessageDigest;
1169 };
1170 };
1171 sha384: typeof md.sha512.sha384;
1172 "sha512/224": typeof md.sha512.sha224;
1173 "sha512/256": typeof md.sha512.sha256;
1174 md5: {
1175 create(): md.md5.MessageDigest;
1176 };
1177 algorithms: {
1178 md5: typeof md.md5;
1179 sha1: typeof md.sha1;
1180 sha256: typeof md.sha256;
1181 sha384: typeof md.sha384;
1182 sha512: typeof md.sha512;
1183 "sha512/224": (typeof md)["sha512/224"];
1184 "sha512/256": (typeof md)["sha512/256"];
1185 };
1186 };
1187
1188 const md5: typeof md.md5;
1189 const sha1: typeof md.sha1;
1190 const sha256: typeof md.sha256;
1191 const sha384: typeof md.sha384;
1192 const sha512: typeof md.sha512;
1193
1194 namespace md {
1195 type Algorithm = md5.Algorithm | sha1.Algorithm | sha256.Algorithm | sha512.Algorithm;
1196
1197 interface MessageDigest {
1198 readonly algorithm: Algorithm;
1199 readonly blockLength: number;
1200 readonly digestLength: number;
1201 messageLength: number;
1202 fullMessageLength: number[] | null;
1203 readonly messageLengthSize: number;
1204 update(msg: string, encoding?: Encoding): this;
1205 digest(): util.ByteStringBuffer;
1206 }
1207
1208 namespace md5 {
1209 type Algorithm = "md5";
1210
1211 interface MessageDigest extends md.MessageDigest {
1212 readonly algorithm: Algorithm;
1213 readonly blockLength: 64;
1214 readonly digestLength: 16;
1215 readonly messageLengthSize: 8;
1216 }
1217 }
1218
1219 namespace sha1 {
1220 type Algorithm = "sha1";
1221
1222 interface MessageDigest extends md.MessageDigest {
1223 readonly algorithm: Algorithm;
1224 readonly blockLength: 64;
1225 readonly digestLength: 20;
1226 readonly messageLengthSize: 8;
1227 }
1228 }
1229
1230 namespace sha256 {
1231 type Algorithm = "sha256";
1232
1233 interface MessageDigest extends md.MessageDigest {
1234 readonly algorithm: Algorithm;
1235 readonly blockLength: 64;
1236 readonly digestLength: 32;
1237 readonly messageLengthSize: 8;
1238 }
1239 }
1240
1241 namespace sha512 {
1242 type Algorithm = Algorithm.Sha384 | Algorithm.Sha512 | Algorithm.Sha512224 | Algorithm.Sha512256;
1243 namespace Algorithm {
1244 type Sha384 = "sha384";
1245 type Sha512 = "sha512";
1246 type Sha512224 = "sha512/224";
1247 type Sha512256 = "sha512/256";
1248 }
1249
1250 type AlgorithmSelection =
1251 | AlgorithmSelection.Sha384
1252 | AlgorithmSelection.Sha512
1253 | AlgorithmSelection.Sha512224
1254 | AlgorithmSelection.Sha512256;
1255 namespace AlgorithmSelection {
1256 type Sha384 = "SHA-384";
1257 type Sha512 = "SHA-512";
1258 type Sha512224 = "SHA-512/224";
1259 type Sha512256 = "SHA-512/256";
1260 }
1261
1262 interface MessageDigest extends md.MessageDigest {
1263 readonly algorithm: Algorithm;
1264 readonly blockLength: 128;
1265 readonly messageLengthSize: 16;
1266 }
1267
1268 interface Sha512224MessageDigest extends MessageDigest {
1269 readonly algorithm: Algorithm.Sha512224;
1270 readonly digestLength: 28;
1271 }
1272
1273 interface Sha512256MessageDigest extends MessageDigest {
1274 readonly algorithm: Algorithm.Sha512256;
1275 readonly digestLength: 32;
1276 }
1277
1278 interface Sha384MessageDigest extends MessageDigest {
1279 readonly algorithm: Algorithm.Sha384;
1280 readonly digestLength: 48;
1281 }
1282
1283 interface Sha512MessageDigest extends MessageDigest {
1284 readonly algorithm: Algorithm.Sha512;
1285 readonly digestLength: 64;
1286 }
1287 }
1288 }
1289
1290 namespace hmac {
1291 type Algorithm = md.Algorithm;
1292
1293 interface HMAC {
1294 digest(): util.ByteBuffer;
1295 getMac(): util.ByteBuffer;
1296 start(md: Algorithm | md.MessageDigest, key: string | util.ByteBuffer | null): void;
1297 update(bytes: string): void;
1298 }
1299
1300 function create(): HMAC;
1301 }
1302
1303 namespace cipher {
1304 type Algorithm =
1305 | "AES-ECB"
1306 | "AES-CBC"
1307 | "AES-CFB"
1308 | "AES-OFB"
1309 | "AES-CTR"
1310 | "AES-GCM"
1311 | "3DES-ECB"
1312 | "3DES-CBC"
1313 | "DES-ECB"
1314 | "DES-CBC";
1315
1316 function createCipher(algorithm: Algorithm, payload: util.ByteBuffer | Bytes): BlockCipher;
1317 function createDecipher(algorithm: Algorithm, payload: util.ByteBuffer | Bytes): BlockCipher;
1318
1319 interface StartOptions {
1320 iv?: util.ByteBuffer | Byte[] | Bytes | undefined;
1321 tag?: util.ByteStringBuffer | undefined;
1322 tagLength?: number | undefined;
1323 additionalData?: string | undefined;
1324 }
1325
1326 interface BlockCipher {
1327 start: (options?: StartOptions) => void;
1328 update: (payload: util.ByteBuffer) => void;
1329 finish: () => boolean;
1330 output: util.ByteStringBuffer;
1331 mode: Mode;
1332 }
1333
1334 interface Mode {
1335 tag: util.ByteStringBuffer;
1336 }
1337 }
1338
1339 namespace pss {
1340 type PSS = any;
1341
1342 function create(any: any): PSS;
1343 }
1344
1345 namespace mgf {
1346 namespace mgf1 {
1347 function create(any: any): any;
1348 }
1349 }
1350
1351 namespace tls {
1352 interface ProtocolVersion {
1353 major: Byte;
1354 minor: Byte;
1355 }
1356
1357 const Versions: ProtocolVersion[];
1358 const SupportedVersions: ProtocolVersion[];
1359 const Version: ProtocolVersion;
1360
1361 const MaxFragment: number;
1362
1363 enum ConnectionEnd {
1364 server = 0,
1365 client = 1,
1366 }
1367
1368 enum PRFAlgorithm {
1369 tls_prf_sha256 = 0,
1370 }
1371
1372 enum BulkCipherAlgorithm {
1373 rc4 = 0,
1374 des3 = 1,
1375 aes = 2,
1376 }
1377
1378 enum CipherType {
1379 stream = 0,
1380 block = 1,
1381 aead = 2,
1382 }
1383
1384 enum MACAlgorithm {
1385 hmac_md5 = 0,
1386 hmac_sha1 = 1,
1387 hmac_sha256 = 2,
1388 hmac_sha384 = 3,
1389 hmac_sha512 = 4,
1390 }
1391
1392 enum CompressionMethod {
1393 none = 0,
1394 deflate = 1,
1395 }
1396
1397 enum ContentType {
1398 change_cipher_spec = 20,
1399 alert = 21,
1400 handshake = 22,
1401 application_data = 23,
1402 heartbeat = 24,
1403 }
1404
1405 enum HandshakeType {
1406 hello_request = 0,
1407 client_hello = 1,
1408 server_hello = 2,
1409 certificate = 11,
1410 server_key_exchange = 12,
1411 certificate_request = 13,
1412 server_hello_done = 14,
1413 certificate_verify = 15,
1414 client_key_exchange = 16,
1415 finished = 20,
1416 }
1417
1418 namespace Alert {
1419 enum Level {
1420 warning = 1,
1421 fatal = 2,
1422 }
1423
1424 enum Description {
1425 close_notify = 0,
1426 unexpected_message = 10,
1427 bad_record_mac = 20,
1428 decryption_failed = 21,
1429 record_overflow = 22,
1430 decompression_failure = 30,
1431 handshake_failure = 40,
1432 bad_certificate = 42,
1433 unsupported_certificate = 43,
1434 certificate_revoked = 44,
1435 certificate_expired = 45,
1436 certificate_unknown = 46,
1437 illegal_parameter = 47,
1438 unknown_ca = 48,
1439 access_denied = 49,
1440 decode_error = 50,
1441 decrypt_error = 51,
1442 export_restriction = 60,
1443 protocol_version = 70,
1444 insufficient_security = 71,
1445 internal_error = 80,
1446 user_canceled = 90,
1447 no_renegotiation = 100,
1448 }
1449 }
1450
1451 enum HeartbeatMessageType {
1452 heartbeat_request = 1,
1453 heartbeat_response = 2,
1454 }
1455
1456 interface CipherSuite {
1457 id: [Byte, Byte];
1458 name: string;
1459 }
1460
1461 const CipherSuites: { [name: string]: CipherSuite };
1462
1463 interface CertificateRequest {
1464 certificate_types: util.ByteBuffer;
1465 certificate_authorities: util.ByteBuffer;
1466 }
1467
1468 type ConnectionState = any;
1469
1470 interface Connection {
1471 version: ProtocolVersion;
1472 entity: ConnectionEnd;
1473 sessionId: Bytes | null;
1474 caStore: pki.CAStore;
1475 sessionCache: SessionCache | null;
1476 cipherSuites: CipherSuite[];
1477 connected(conn: Connection): void;
1478 virtualHost: string | null;
1479 verifyClient: boolean;
1480 verify(conn: Connection, verified: Verified, depth: number, certs: pki.Certificate[]): Verified;
1481 getCertificate:
1482 | ((conn: Connection, hint: CertificateRequest | string[]) => pki.PEM | readonly pki.PEM[])
1483 | null;
1484 getPrivateKey: ((conn: Connection, certificate: pki.Certificate) => pki.PEM) | null;
1485 getSignature:
1486 | ((conn: Connection, bytes: Bytes, callback: (conn: Connection, bytes: Bytes) => void) => void)
1487 | null;
1488 input: util.ByteBuffer;
1489 tlsData: util.ByteBuffer;
1490 data: util.ByteBuffer;
1491 tlsDataReady(conn: Connection): void;
1492 dataReady(conn: Connection): void;
1493 heartbeatReceived: ((conn: Connection, payload: util.ByteBuffer) => void) | undefined;
1494 closed(conn: Connection): void;
1495 error(conn: Connection, error: TLSError): void;
1496 deflate: ((inBytes: Bytes) => Bytes) | null;
1497 inflate: ((inBytes: Bytes) => Bytes) | null;
1498 reset(clearFail?: boolean): void;
1499 record: Record | null;
1500 session: Session | null;
1501 peerCertificate: pki.Certificate | null;
1502 state: { pending: ConnectionState | null; current: ConnectionState };
1503 expect: number;
1504 fragmented: Record | null;
1505 records: Record[];
1506 open: boolean;
1507 handshakes: number;
1508 handshaking: boolean;
1509 isConnected: boolean;
1510 fail: boolean;
1511 handshake(sessionId?: Bytes | null): void;
1512 process(data: Bytes): number;
1513 prepare(data: Bytes): boolean;
1514 prepareHeartbeatRequest(payload: Bytes | util.ByteBuffer, payloadLength?: number): boolean;
1515 close(clearFail?: boolean): Connection;
1516 }
1517
1518 interface Record {
1519 type: ContentType;
1520 version: ProtocolVersion;
1521 length: number;
1522 fragment: util.ByteBuffer;
1523 ready?: boolean | undefined;
1524 }
1525
1526 interface Session {
1527 version: ProtocolVersion | null;
1528 extensions: { [_: string]: object };
1529 cipherSuite: CipherSuite | null;
1530 compressionMethod: CompressionMethod | null;
1531 serverCertificate: pki.Certificate | null;
1532 clientCertificate: pki.Certificate | null;
1533 md5: md.MessageDigest;
1534 sha1: md.MessageDigest;
1535 }
1536
1537 interface SessionCache {
1538 cache: { [key: string]: Session };
1539 capacity: number;
1540 order: [Hex];
1541 getSession(sessionId: Bytes): Session;
1542 setSession(sessionId: Bytes, session: Session): void;
1543 }
1544
1545 function createSessionCache(cache?: SessionCache | { [key: string]: Session }, capacity?: number): SessionCache;
1546
1547 interface Alert {
1548 level: Alert.Level;
1549 description: Alert.Description;
1550 }
1551
1552 interface TLSError extends Error {
1553 message: string;
1554 send: boolean;
1555 origin: "server" | "client";
1556 alert: Alert;
1557 }
1558
1559 type Verified = true | { message?: string | undefined; alert?: Alert.Description | undefined };
1560
1561 function createConnection(options: {
1562 server?: boolean | undefined;
1563 sessionId?: Bytes | null | undefined;
1564 caStore?: pki.CAStore | readonly pki.Certificate[] | undefined;
1565 sessionCache?: SessionCache | { [key: string]: Session } | undefined;
1566 cipherSuites?: CipherSuite[] | undefined;
1567 connected(conn: Connection): void;
1568 virtualHost?: string | undefined;
1569 verifyClient?: boolean | undefined;
1570 verify?(conn: Connection, verified: Verified, depth: number, certs: pki.Certificate[]): Verified;
1571 getCertificate?(conn: Connection, hint: CertificateRequest | string[]): pki.PEM | readonly pki.PEM[];
1572 getPrivateKey?(conn: Connection, certificate: pki.Certificate): pki.PEM;
1573 getSignature?(conn: Connection, bytes: Bytes, callback: (conn: Connection, bytes: Bytes) => void): void;
1574 tlsDataReady(conn: Connection): void;
1575 dataReady(conn: Connection): void;
1576 heartbeatReceived?(conn: Connection, payload: util.ByteBuffer): void;
1577 closed(conn: Connection): void;
1578 error(conn: Connection, error: TLSError): void;
1579 deflate?(inBytes: Bytes): Bytes;
1580 inflate?(inBytes: Bytes): Bytes;
1581 }): Connection;
1582
1583 function prf_tls1(secret: string, label: string, seed: string, length: number): util.ByteBuffer;
1584
1585 function hmac_sha1(
1586 key: string | readonly Byte[] | util.ByteBuffer,
1587 seqNum: [number, number],
1588 record: Record,
1589 ): Bytes;
1590 }
1591}
1592
\No newline at end of file