UNPKG

54.2 kBTypeScriptView Raw
1// Type definitions for node-forge 1.3
2// Project: https://github.com/digitalbazaar/forge
3// Definitions by: Seth Westphal <https://github.com/westy92>
4// Kay Schecker <https://github.com/flynetworks>
5// Aakash Goenka <https://github.com/a-k-g>
6// Rafal2228 <https://github.com/rafal2228>
7// Beeno Tung <https://github.com/beenotung>
8// Joe Flateau <https://github.com/joeflateau>
9// timhwang21 <https://github.com/timhwang21>
10// Anders Kaseorg <https://github.com/andersk>
11// Sascha Zarhuber <https://github.com/saschazar21>
12// Rogier Schouten <https://github.com/rogierschouten>
13// Ivan Aseev <https://github.com/aseevia>
14// Wiktor Kwapisiewicz <https://github.com/wiktor-k>
15// Ligia Frangello <https://github.com/frangello>
16// Dmitry Avezov <https://github.com/avezov>
17// Jose Fuentes <https://github.com/j-fuentes>
18// Anya Reyes <https://github.com/darkade>
19// Tino <https://github.com/tino-247>
20// BendingBender <https://github.com/BendingBender>
21// Definitions: https://github.com/DefinitelyTyped/DefinitelyTyped
22// Minimum TypeScript Version: 3.9
23
24/// <reference types="node" />
25
26declare module 'node-forge' {
27 type Byte = number;
28 type Bytes = string;
29 type Hex = string;
30 type Base64 = string;
31 type Utf8 = string;
32 type OID = string;
33 type Encoding = 'raw' | 'utf8';
34
35 namespace jsbn {
36 interface RandomGenerator {
37 nextBytes(bytes: number[]): void;
38 }
39 class BigInteger {
40 static ZERO: BigInteger;
41 static ONE: BigInteger;
42 constructor(a: null);
43 constructor(a: number, c: RandomGenerator);
44 constructor(a: number, b: number, c: RandomGenerator);
45 constructor(a: string, b?: number);
46 constructor(a: number[], b?: number);
47 constructor(a: BigInteger);
48 data: number[];
49 t: number;
50 s: number;
51 am(i: number, x: number, w: BigInteger, j: number, c: number, n: number): number;
52 toString(b?: number): string;
53 bitLength(): number;
54 negate(): BigInteger;
55 abs(): BigInteger;
56 compareTo(a: BigInteger): number;
57 bitLength(): number;
58 mod(a: BigInteger): BigInteger;
59 modPowInt(e: number, m: BigInteger): BigInteger;
60 clone(): BigInteger;
61 intValue(): number;
62 byteValue(): number;
63 shortValue(): number;
64 signum(): number;
65 toByteArray(): number[];
66 equals(a: BigInteger): boolean;
67 min(a: BigInteger): BigInteger;
68 max(a: BigInteger): BigInteger;
69 and(a: BigInteger): BigInteger;
70 or(a: BigInteger): BigInteger;
71 xor(a: BigInteger): BigInteger;
72 andNot(a: BigInteger): BigInteger;
73 not(): BigInteger;
74 shiftLeft(n: number): BigInteger;
75 shiftRight(n: number): BigInteger;
76 getLowestSetBit(): number;
77 bitCount(): number;
78 testBit(n: number): boolean;
79 clearBit(n: number): BigInteger;
80 flipBit(n: number): BigInteger;
81 add(a: BigInteger): BigInteger;
82 subtract(a: BigInteger): BigInteger;
83 multiply(a: BigInteger): BigInteger;
84 squareTo(a: BigInteger): BigInteger;
85 divide(a: BigInteger): BigInteger;
86 remainder(a: BigInteger): BigInteger;
87 divideAndRemainder(a: BigInteger): BigInteger[]; // Array of 2 items
88 pow(e: number): BigInteger;
89 modPow(e: BigInteger, m: BigInteger): BigInteger;
90 gcd(a: BigInteger): BigInteger;
91 modInverse(m: BigInteger): BigInteger;
92 isProbablePrime(t: number): boolean;
93 }
94 }
95
96 namespace rc2 {
97 type pad_function = (blockSize: number, buffer: util.ByteBuffer, decrypt: boolean) => boolean;
98 interface cipher {
99 start(iv: util.ByteBuffer | string | null, output?: util.ByteBuffer): void;
100 update(input: util.ByteBuffer): void;
101 finish(pad?: pad_function): boolean;
102 output: util.ByteBuffer;
103 }
104
105 function expandKey(key: string | util.ByteBuffer, effKeyBits?: number): util.ByteBuffer;
106 function startEncrypting(
107 key: string | util.ByteBuffer,
108 iv: util.ByteBuffer | Byte[] | Bytes,
109 output: util.ByteBuffer | null,
110 ): rc2.cipher;
111 function createEncryptionCipher(key: string | util.ByteBuffer, bits?: number): rc2.cipher;
112 function startDecrypting(
113 key: string | util.ByteBuffer,
114 iv: util.ByteBuffer | Byte[] | Bytes,
115 output: util.ByteBuffer | null,
116 ): rc2.cipher;
117 function createDecryptionCipher(key: string | util.ByteBuffer, bits?: number): rc2.cipher;
118 }
119
120 namespace kem {
121 namespace rsa {
122 interface kem {
123 /**
124 * Generates a secret key and its encapsulation.
125 *
126 * @param publicKey the RSA public key to encrypt with.
127 * @param keyLength the length, in bytes, of the secret key to generate.
128 */
129 encrypt(publicKey: pki.rsa.PublicKey, keyLength: number): EncryptResult;
130 /**
131 * Decrypts an encapsulated secret key.
132 *
133 * @param privateKey the RSA private key to decrypt with.
134 * @param encapsulation the ciphertext for generating the secret key, as a binary-encoded
135 * string of bytes.
136 * @param keyLength the length, in bytes, of the secret key to generate.
137 *
138 * @return the secret key as a binary-encoded string of bytes.
139 */
140 decrypt(privateKey: pki.rsa.PrivateKey, encapsulation: string, keyLength: number): string;
141 }
142
143 interface random {
144 getBytesSync(count: number): Bytes;
145 }
146
147 interface Options {
148 /**
149 * A custom crypto-secure pseudo-random number generator to use.
150 */
151 prng?: random | undefined;
152 }
153
154 /**
155 * Creates an RSA KEM API object for generating a secret asymmetric key.
156 *
157 * The symmetric key may be generated via a call to 'encrypt', which will
158 * produce a ciphertext to be transmitted to the recipient and a key to be
159 * kept secret. The ciphertext is a parameter to be passed to 'decrypt' which
160 * will produce the same secret key for the recipient to use to decrypt a
161 * message that was encrypted with the secret key.
162 *
163 * @param kdf the KDF API to use (eg: `new forge.kem.kdf1()`).
164 * @param options the options to use.
165 */
166 function create(kdf: KDF, options?: Options): kem;
167 }
168
169 interface EncryptResult {
170 /**
171 * The ciphertext for generating the secret key, as a binary-encoded string of bytes.
172 */
173 encapsulation: string;
174 /**
175 * The secret key to use for encrypting a message.
176 */
177 key: string;
178 }
179
180 interface KDF {
181 /**
182 * Generate a key of the specified length.
183 *
184 * @param x the binary-encoded byte string to generate a key from.
185 * @param length the number of bytes to generate (the size of the key).
186 *
187 * @return the key as a binary-encoded string.
188 */
189 generate(x: string, length: number): string;
190 }
191
192 /**
193 * Creates a key derivation API object that implements KDF1 per ISO 18033-2.
194 *
195 * @param md the hash API to use.
196 * @param digestLength a digest length that must be positive and less than or equal to `md.digestLength`.
197 *
198 * @return a KDF1 API object.
199 */
200 class kdf1 implements KDF {
201 constructor(md: md.MessageDigest, digestLength?: number);
202 /**
203 * Generate a key of the specified length.
204 *
205 * @param x the binary-encoded byte string to generate a key from.
206 * @param length the number of bytes to generate (the size of the key).
207 *
208 * @return the key as a binary-encoded string.
209 */
210 generate(x: string, length: number): string;
211 }
212
213 /**
214 * Creates a key derivation API object that implements KDF2 per ISO 18033-2.
215 *
216 * @param md the hash API to use.
217 * @param digestLength a digest length that must be positive and less than or equal to `md.digestLength`.
218 *
219 * @return a KDF2 API object.
220 */
221 class kdf2 implements KDF {
222 constructor(md: md.MessageDigest, digestLength?: number);
223 /**
224 * Generate a key of the specified length.
225 *
226 * @param x the binary-encoded byte string to generate a key from.
227 * @param length the number of bytes to generate (the size of the key).
228 *
229 * @return the key as a binary-encoded string.
230 */
231 generate(x: string, length: number): string;
232 }
233 }
234
235 namespace pem {
236 interface EncodeOptions {
237 maxline?: number | undefined;
238 }
239
240 interface ObjectPEM {
241 type: string;
242 body: Bytes;
243 procType?: any;
244 contentDomain?: any;
245 dekInfo?: any;
246 headers?: any[] | undefined;
247 }
248
249 function encode(msg: ObjectPEM, options?: EncodeOptions): string;
250 function decode(str: string): ObjectPEM[];
251 }
252
253 namespace pki {
254 type PEM = string;
255 type PublicKey = rsa.PublicKey | ed25519.Key;
256 type PrivateKey = rsa.PrivateKey | ed25519.Key;
257 type EncryptionOptions = {
258 algorithm?: 'aes128' | 'aes192' | 'aes256' | '3des' | undefined;
259 count?: number | undefined;
260 saltSize?: number | undefined;
261 prfAlgorithm?: 'sha1' | 'sha224' | 'sha256' | 'sha384' | 'sha512' | undefined;
262 legacy?: boolean | undefined;
263 };
264
265 interface ByteBufferFingerprintOptions {
266 /**
267 * @description The type of fingerprint. If not specified, defaults to 'RSAPublicKey'
268 */
269 type?: 'SubjectPublicKeyInfo' | 'RSAPublicKey' | undefined;
270 /**
271 * @description the delimiter to use between bytes for `hex` encoded output
272 */
273 delimiter?: string | undefined;
274 /**
275 * @description if not specified defaults to `md.md5`
276 */
277 md?: md.MessageDigest | undefined;
278 }
279
280 interface HexFingerprintOptions extends ByteBufferFingerprintOptions {
281 /**
282 * @description if not specified, the function will return `ByteStringBuffer`
283 */
284 encoding: 'hex';
285 }
286
287 interface BinaryFingerprintOptions extends ByteBufferFingerprintOptions {
288 /**
289 * @description if not specified, the function will return `ByteStringBuffer`
290 */
291 encoding: 'binary';
292 }
293
294 interface KeyPair {
295 publicKey: PublicKey;
296 privateKey: PrivateKey;
297 }
298
299 interface oids {
300 [key: string]: string;
301 }
302 var oids: oids;
303
304 namespace rsa {
305 type EncryptionScheme = 'RSAES-PKCS1-V1_5' | 'RSA-OAEP' | 'RAW' | 'NONE' | null;
306 type SignatureScheme = 'RSASSA-PKCS1-V1_5' | pss.PSS | 'NONE' | null;
307
308 interface PublicKey {
309 n: jsbn.BigInteger;
310 e: jsbn.BigInteger;
311 encrypt(data: Bytes, scheme?: EncryptionScheme, schemeOptions?: any): Bytes;
312 verify(digest: Bytes, signature: Bytes, scheme?: SignatureScheme): boolean;
313 }
314
315 interface PrivateKey {
316 n: jsbn.BigInteger;
317 e: jsbn.BigInteger;
318 d: jsbn.BigInteger;
319 p: jsbn.BigInteger;
320 q: jsbn.BigInteger;
321 dP: jsbn.BigInteger;
322 dQ: jsbn.BigInteger;
323 qInv: jsbn.BigInteger;
324 decrypt(data: Bytes, scheme?: EncryptionScheme, schemeOptions?: any): Bytes;
325 sign(md: md.MessageDigest | Bytes, scheme?: SignatureScheme): Bytes;
326 }
327
328 interface KeyPair {
329 publicKey: PublicKey;
330 privateKey: PrivateKey;
331 }
332
333 interface GenerateKeyPairOptions {
334 bits?: number | undefined;
335 e?: number | undefined;
336 workerScript?: string | undefined;
337 workers?: number | undefined;
338 workLoad?: number | undefined;
339 prng?: any;
340 algorithm?: string | undefined;
341 }
342
343 function setPublicKey(n: jsbn.BigInteger, e: jsbn.BigInteger): PublicKey;
344
345 function setPrivateKey(
346 n: jsbn.BigInteger,
347 e: jsbn.BigInteger,
348 d: jsbn.BigInteger,
349 p: jsbn.BigInteger,
350 q: jsbn.BigInteger,
351 dP: jsbn.BigInteger,
352 dQ: jsbn.BigInteger,
353 qInv: jsbn.BigInteger,
354 ): PrivateKey;
355
356 function generateKeyPair(
357 bits?: number,
358 e?: number,
359 callback?: (err: Error, keypair: KeyPair) => void,
360 ): KeyPair;
361 function generateKeyPair(
362 options?: GenerateKeyPairOptions,
363 callback?: (err: Error, keypair: KeyPair) => void,
364 ): KeyPair;
365 }
366
367 namespace ed25519 {
368 type NativeBuffer = Buffer | Uint8Array;
369 type Key = NativeBuffer;
370
371 type ToNativeBufferParameters =
372 | {
373 md: md.MessageDigest;
374 }
375 | {
376 message: NativeBuffer | util.ByteBuffer;
377 }
378 | {
379 message: string;
380 encoding: 'binary' | 'utf8';
381 };
382
383 // `string`s will be converted by toNativeBuffer with `encoding: 'binary'`
384 type BinaryBuffer = NativeBuffer | util.ByteBuffer | string;
385
386 namespace constants {
387 const PUBLIC_KEY_BYTE_LENGTH = 32;
388 const PRIVATE_KEY_BYTE_LENGTH = 64;
389 const SEED_BYTE_LENGTH = 32;
390 const SIGN_BYTE_LENGTH = 64;
391 const HASH_BYTE_LENGTH = 64;
392 }
393
394 // generateKeyPair does not currently accept `util.ByteBuffer` as the seed.
395 function generateKeyPair(options?: { seed?: NativeBuffer | string | undefined }): {
396 publicKey: NativeBuffer;
397 privateKey: NativeBuffer;
398 };
399
400 function privateKeyFromAsn1(obj: asn1.Asn1): { privateKeyBytes: NativeBuffer };
401
402 function publicKeyFromAsn1(obj: asn1.Asn1): NativeBuffer;
403
404 function publicKeyFromPrivateKey(options: { privateKey: BinaryBuffer }): NativeBuffer;
405
406 function sign(
407 options: ToNativeBufferParameters & {
408 privateKey: BinaryBuffer;
409 },
410 ): NativeBuffer;
411
412 function verify(
413 options: ToNativeBufferParameters & {
414 signature: BinaryBuffer;
415 publicKey: BinaryBuffer;
416 },
417 ): boolean;
418 }
419
420 interface CertificateFieldOptions {
421 name?: string | undefined;
422 type?: string | undefined;
423 shortName?: string | undefined;
424 }
425
426 interface CertificateField extends CertificateFieldOptions {
427 valueConstructed?: boolean | undefined;
428 valueTagClass?: asn1.Class | undefined;
429 value?: any[] | string | undefined;
430 extensions?: any[] | undefined;
431 }
432
433 interface Certificate {
434 version: number;
435 serialNumber: string;
436 signatureOid: string;
437 signature: any;
438 siginfo: {
439 algorithmOid: string;
440 parameters: any;
441 };
442 validity: {
443 notBefore: Date;
444 notAfter: Date;
445 };
446 issuer: {
447 getField(sn: string | CertificateFieldOptions): any;
448 addField(attr: CertificateField): void;
449 attributes: CertificateField[];
450 hash: any;
451 };
452 subject: {
453 getField(sn: string | CertificateFieldOptions): any;
454 addField(attr: CertificateField): void;
455 attributes: CertificateField[];
456 hash: any;
457 };
458 extensions: any[];
459 privateKey: PrivateKey;
460 publicKey: PublicKey;
461 md: md.MessageDigest;
462 signatureParameters: any;
463 tbsCertificate: asn1.Asn1;
464 /**
465 * Sets the subject of this certificate.
466 *
467 * @param attrs the array of subject attributes to use.
468 * @param uniqueId an optional a unique ID to use.
469 */
470 setSubject(attrs: CertificateField[], uniqueId?: string): void;
471 /**
472 * Sets the issuer of this certificate.
473 *
474 * @param attrs the array of subject attributes to use.
475 * @param uniqueId an optional a unique ID to use.
476 */
477 setIssuer(attrs: CertificateField[], uniqueId?: string): void;
478 /**
479 * Sets the extensions of this certificate.
480 *
481 * @param exts the array of extensions to use.
482 */
483 setExtensions(exts: any[]): void;
484 /**
485 * Gets an extension by its name or id.
486 *
487 * @param options the name to use or an object with:
488 * name the name to use.
489 * id the id to use.
490 *
491 * @return the extension or null if not found.
492 */
493 getExtension(options: string | { name: string } | { id: number }): {} | undefined;
494
495 /**
496 * Signs this certificate using the given private key.
497 *
498 * @param key the private key to sign with.
499 * @param md the message digest object to use (defaults to forge.md.sha1).
500 */
501 sign(key: pki.PrivateKey, md?: md.MessageDigest): void;
502 /**
503 * Attempts verify the signature on the passed certificate using this
504 * certificate's public key.
505 *
506 * @param child the certificate to verify.
507 *
508 * @return true if verified, false if not.
509 */
510 verify(child: Certificate): boolean;
511
512 /**
513 * Returns true if this certificate's issuer matches the passed
514 * certificate's subject. Note that no signature check is performed.
515 *
516 * @param parent the certificate to check.
517 *
518 * @return true if this certificate's issuer matches the passed certificate's
519 * subject.
520 */
521 isIssuer(parent: Certificate): boolean;
522
523 /**
524 * Returns true if this certificate's subject matches the issuer of the
525 * given certificate). Note that not signature check is performed.
526 *
527 * @param child the certificate to check.
528 *
529 * @return true if this certificate's subject matches the passed
530 * certificate's issuer.
531 */
532 issued(child: Certificate): boolean;
533
534 /**
535 * Generates the subjectKeyIdentifier for this certificate as byte buffer.
536 *
537 * @return the subjectKeyIdentifier for this certificate as byte buffer.
538 */
539 generateSubjectKeyIdentifier(): util.ByteStringBuffer;
540
541 /**
542 * Verifies the subjectKeyIdentifier extension value for this certificate
543 * against its public key. If no extension is found, false will be
544 * returned.
545 *
546 * @return true if verified, false if not.
547 */
548 verifySubjectKeyIdentifier(): boolean;
549 }
550
551 interface CertificateRequest extends Certificate {
552 /**
553 * Gets an issuer or subject attribute from its name, type, or short name.
554 *
555 * @param opts a short name string or an object with:
556 * shortName the short name for the attribute.
557 * name the name for the attribute.
558 * type the type for the attribute.
559 *
560 * @return the attribute.
561 */
562 getAttribute(opts: string | GetAttributeOpts): Attribute | null;
563 }
564
565 /**
566 * Attribute members to search on; any one hit will return the attribute
567 */
568 interface GetAttributeOpts {
569 /**
570 * OID
571 */
572 type?: string | undefined;
573 /**
574 * Long name
575 */
576 name?: string | undefined;
577 /**
578 * Short name
579 */
580 shortName?: string | undefined;
581 }
582
583 interface Attribute {
584 /**
585 * e.g. challengePassword
586 */
587 name: string;
588 /**
589 * Short name, if available (e.g. 'CN' for 'commonName')
590 */
591 shortName?: string | undefined;
592 /**
593 * OID, e.g. '1.2.840.113549.1.9.7'
594 */
595 type: string;
596 /**
597 * Attribute value
598 */
599 value: any;
600 /**
601 * Attribute value data type
602 */
603 valueTagClass: number;
604 /**
605 * Extensions
606 */
607 extensions?: any[] | undefined;
608 }
609
610 interface CAStore {
611 addCertificate(cert: Certificate | string): void;
612 hasCertificate(cert: Certificate | string): boolean;
613 removeCertificate(cert: Certificate | string): Certificate | null;
614 listAllCertificates(): pki.Certificate[];
615 getIssuer(subject: Certificate): Certificate | null;
616 getBySubject(subject: string): Certificate | null;
617 }
618
619 function certificateFromAsn1(obj: asn1.Asn1, computeHash?: boolean): Certificate;
620
621 function certificationRequestFromAsn1(obj: asn1.Asn1, computeHash?: boolean): Certificate;
622
623 function certificateToAsn1(cert: Certificate): asn1.Asn1;
624
625 function certificationRequestToAsn1(cert: Certificate): asn1.Asn1;
626
627 function decryptRsaPrivateKey(pem: PEM, passphrase?: string): rsa.PrivateKey;
628
629 function createCertificate(): Certificate;
630
631 function certificationRequestToPem(cert: Certificate, maxline?: number): PEM;
632
633 function certificationRequestFromPem(pem: PEM, computeHash?: boolean, strict?: boolean): Certificate;
634
635 function createCertificationRequest(): CertificateRequest;
636
637 function certificateToPem(cert: Certificate, maxline?: number): PEM;
638
639 function certificateFromPem(pem: PEM, computeHash?: boolean, strict?: boolean): Certificate;
640
641 function createCaStore(certs?: ReadonlyArray<Certificate | pki.PEM>): CAStore;
642
643 function verifyCertificateChain(
644 caStore: CAStore,
645 chain: Certificate[],
646 options?:
647 | ((verified: boolean | string, depth: number, certs: Certificate[]) => boolean)
648 | {
649 verify?:
650 | ((verified: boolean | string, depth: number, certs: Certificate[]) => boolean)
651 | undefined;
652 validityCheckDate?: Date | null | undefined;
653 },
654 ): boolean;
655
656 function pemToDer(pem: PEM): util.ByteStringBuffer;
657
658 function privateKeyToPem(key: PrivateKey, maxline?: number): PEM;
659
660 function privateKeyInfoToPem(key: asn1.Asn1, maxline?: number): PEM;
661
662 function publicKeyToPem(key: PublicKey, maxline?: number): PEM;
663
664 function publicKeyToRSAPublicKeyPem(key: PublicKey, maxline?: number): PEM;
665
666 function publicKeyFromPem(pem: PEM): rsa.PublicKey;
667
668 function privateKeyFromPem(pem: PEM): rsa.PrivateKey;
669
670 function decryptPrivateKeyInfo(obj: asn1.Asn1, password: string): asn1.Asn1;
671
672 function encryptPrivateKeyInfo(obj: asn1.Asn1, password: string, options?: EncryptionOptions): asn1.Asn1;
673
674 function encryptedPrivateKeyFromPem(pem: PEM): asn1.Asn1;
675
676 function encryptedPrivateKeyToPem(obj: asn1.Asn1): PEM;
677
678 function decryptRsaPrivateKey(pem: PEM, password: string): rsa.PrivateKey;
679
680 function encryptRsaPrivateKey(privateKey: PrivateKey, password: string, options?: EncryptionOptions): PEM;
681
682 function privateKeyFromAsn1(privateKey: asn1.Asn1): PrivateKey;
683
684 function privateKeyToAsn1(privateKey: PrivateKey): asn1.Asn1;
685
686 function publicKeyFromAsn1(publicKey: asn1.Asn1): PublicKey;
687
688 function publicKeyToAsn1(publicKey: PublicKey): asn1.Asn1;
689
690 function publicKeyToRSAPublicKey(publicKey: PublicKey): any;
691
692 const setRsaPublicKey: typeof pki.rsa.setPublicKey;
693
694 const setRsaPrivateKey: typeof pki.rsa.setPrivateKey;
695
696 function wrapRsaPrivateKey(privateKey: asn1.Asn1): asn1.Asn1;
697
698 function getPublicKeyFingerprint(
699 publicKey: PublicKey,
700 options?: ByteBufferFingerprintOptions,
701 ): util.ByteStringBuffer;
702 function getPublicKeyFingerprint(publicKey: PublicKey, options: HexFingerprintOptions): Hex;
703 function getPublicKeyFingerprint(publicKey: PublicKey, options: BinaryFingerprintOptions): Bytes;
704 }
705
706 namespace random {
707 function getBytes(count: number, callback?: (err: Error | null, bytes: Bytes) => any): void;
708 function getBytesSync(count: number): Bytes;
709 type CB = (_: any, seed: string) => void;
710 interface Random {
711 seedFileSync: (needed: number) => string;
712 seedFile: (needed: number, cb: CB) => void;
713 }
714 function createInstance(): Random;
715 }
716
717 namespace ssh {
718 interface FingerprintOptions {
719 /**
720 * @description the delimiter to use between bytes for `hex` encoded output
721 */
722 delimiter?: string | undefined;
723 /**
724 * @description if not specified, the function will return `ByteStringBuffer`
725 */
726 encoding?: 'hex' | 'binary' | undefined;
727 /**
728 * @description if not specified defaults to `md.md5`
729 */
730 md?: md.MessageDigest | undefined;
731 }
732
733 /**
734 * @description Encodes a private RSA key as an OpenSSH file
735 */
736 function privateKeyToOpenSSH(privateKey: pki.PrivateKey, passphrase?: string): string;
737
738 /**
739 * @description Encodes (and optionally encrypts) a private RSA key as a Putty PPK file
740 */
741 function privateKeyToPutty(privateKey: pki.PrivateKey, passphrase?: string, comment?: string): string;
742
743 /**
744 * @description Encodes a public RSA key as an OpenSSH file
745 */
746 function publicKeyToOpenSSH(publicKey: pki.PublicKey, comment?: string): string | pki.PEM;
747
748 /**
749 * @description Gets the SSH fingerprint for the given public key
750 */
751 function getPublicKeyFingerprint(
752 publicKey: pki.PublicKey,
753 options?: FingerprintOptions,
754 ): util.ByteStringBuffer | Hex | string;
755 }
756
757 namespace asn1 {
758 enum Class {
759 UNIVERSAL = 0x00,
760 APPLICATION = 0x40,
761 CONTEXT_SPECIFIC = 0x80,
762 PRIVATE = 0xc0,
763 }
764
765 enum Type {
766 NONE = 0,
767 BOOLEAN = 1,
768 INTEGER = 2,
769 BITSTRING = 3,
770 OCTETSTRING = 4,
771 NULL = 5,
772 OID = 6,
773 ODESC = 7,
774 EXTERNAL = 8,
775 REAL = 9,
776 ENUMERATED = 10,
777 EMBEDDED = 11,
778 UTF8 = 12,
779 ROID = 13,
780 SEQUENCE = 16,
781 SET = 17,
782 PRINTABLESTRING = 19,
783 IA5STRING = 22,
784 UTCTIME = 23,
785 GENERALIZEDTIME = 24,
786 BMPSTRING = 30,
787 }
788
789 interface Asn1 {
790 tagClass: Class;
791 type: Type;
792 constructed: boolean;
793 composed: boolean;
794 value: Bytes | Asn1[];
795 }
796
797 function create(tagClass: Class, type: Type, constructed: boolean, value: Bytes | Asn1[]): Asn1;
798 function fromDer(bytes: Bytes | util.ByteBuffer, strict?: boolean): Asn1;
799 function toDer(obj: Asn1): util.ByteBuffer;
800 function oidToDer(oid: OID): util.ByteStringBuffer;
801 function derToOid(der: util.ByteStringBuffer): OID;
802 }
803
804 namespace util {
805 function isArray(x: any): boolean;
806 function isArrayBuffer(x: any): boolean;
807 function isArrayBufferView(x: any): boolean;
808
809 interface ArrayBufferView {
810 buffer: ArrayBuffer;
811 byteLength: number;
812 }
813
814 type ByteBuffer = ByteStringBuffer;
815 class ByteStringBuffer {
816 constructor(bytes?: Bytes | ArrayBuffer | ArrayBufferView | ByteStringBuffer);
817 data: string;
818 read: number;
819 length(): number;
820 isEmpty(): boolean;
821 putByte(byte: Byte): ByteStringBuffer;
822 fillWithByte(byte: Byte, n: number): ByteStringBuffer;
823 putBytes(bytes: Bytes): ByteStringBuffer;
824 putString(str: string): ByteStringBuffer;
825 putInt16(int: number): ByteStringBuffer;
826 putInt24(int: number): ByteStringBuffer;
827 putInt32(int: number): ByteStringBuffer;
828 putInt16Le(int: number): ByteStringBuffer;
829 putInt24Le(int: number): ByteStringBuffer;
830 putInt32Le(int: number): ByteStringBuffer;
831 putInt(int: number, numOfBits: number): ByteStringBuffer;
832 putSignedInt(int: number, numOfBits: number): ByteStringBuffer;
833 putBuffer(buffer: ByteStringBuffer): ByteStringBuffer;
834 getByte(): number;
835 getInt16(): number;
836 getInt24(): number;
837 getInt32(): number;
838 getInt16Le(): number;
839 getInt24Le(): number;
840 getInt32Le(): number;
841 getInt(numOfBits: number): number;
842 getSignedInt(numOfBits: number): number;
843 getBytes(count?: number): Bytes;
844 bytes(count?: number): Bytes;
845 at(index: number): Byte;
846 setAt(index: number, byte: number): ByteStringBuffer;
847 last(): Byte;
848 copy(): ByteStringBuffer;
849 compact(): ByteStringBuffer;
850 clear(): ByteStringBuffer;
851 truncate(): ByteStringBuffer;
852 toHex(): Hex;
853 toString(): string;
854 }
855
856 function fillString(char: string, count: number): string;
857 function xorBytes(bytes1: string, bytes2: string, count: number): string;
858 function hexToBytes(hex: Hex): Bytes;
859 function bytesToHex(bytes: Bytes): Hex;
860 function int32ToBytes(int: number): Bytes;
861 function encode64(bytes: Bytes, maxline?: number): Base64;
862 function decode64(encoded: Base64): Bytes;
863 function encodeUtf8(str: string): Utf8;
864 function decodeUtf8(encoded: Utf8): string;
865
866 function createBuffer(): ByteBuffer;
867 function createBuffer(
868 input: Bytes | ArrayBuffer | ArrayBufferView | ByteStringBuffer,
869 encoding?: Encoding,
870 ): ByteBuffer;
871
872 namespace binary {
873 namespace raw {
874 function encode(x: Uint8Array): Bytes;
875 function decode(str: Bytes, output?: Uint8Array, offset?: number): Uint8Array;
876 }
877 namespace hex {
878 function encode(bytes: Bytes | ArrayBuffer | ArrayBufferView | ByteStringBuffer): Hex;
879 function decode(hex: Hex, output?: Uint8Array, offset?: number): Uint8Array;
880 }
881 namespace base64 {
882 function encode(input: Uint8Array, maxline?: number): Base64;
883 function decode(input: Base64, output?: Uint8Array, offset?: number): Uint8Array;
884 }
885 }
886
887 namespace text {
888 namespace utf8 {
889 function encode(str: string, output?: Uint8Array, offset?: number): Uint8Array;
890 function decode(bytes: Uint8Array): Utf8;
891 }
892 namespace utf16 {
893 function encode(str: string, output?: Uint8Array, offset?: number): Uint8Array;
894 function decode(bytes: Uint8Array): string;
895 }
896 }
897 }
898
899 namespace pkcs12 {
900 interface BagsFilter {
901 localKeyId?: string | undefined;
902 localKeyIdHex?: string | undefined;
903 friendlyName?: string | undefined;
904 bagType?: string | undefined;
905 }
906
907 interface Bag {
908 type: string;
909 attributes: any;
910 key?: pki.PrivateKey | undefined;
911 cert?: pki.Certificate | undefined;
912 asn1: asn1.Asn1;
913 }
914
915 interface Pkcs12Pfx {
916 version: string;
917 safeContents: {
918 encrypted: boolean;
919 safeBags: Bag[];
920 }[];
921 getBags: (filter: BagsFilter) => {
922 [key: string]: Bag[] | undefined;
923 localKeyId?: Bag[] | undefined;
924 friendlyName?: Bag[] | undefined;
925 };
926 getBagsByFriendlyName: (fiendlyName: string, bagType: string) => Bag[];
927 getBagsByLocalKeyId: (localKeyId: string, bagType: string) => Bag[];
928 }
929
930 function pkcs12FromAsn1(obj: any, strict?: boolean, password?: string): Pkcs12Pfx;
931 function pkcs12FromAsn1(obj: any, password?: string): Pkcs12Pfx;
932
933 function toPkcs12Asn1(
934 key: pki.PrivateKey | null,
935 cert: pki.Certificate | pki.Certificate[],
936 password: string | null,
937 options?: {
938 algorithm?: 'aes128' | 'aes192' | 'aes256' | '3des' | undefined;
939 count?: number | undefined;
940 saltSize?: number | undefined;
941 useMac?: boolean | undefined;
942 localKeyId?: Hex | undefined;
943 friendlyName?: string | undefined;
944 generateLocalKeyId?: boolean | undefined;
945 },
946 ): asn1.Asn1;
947
948 function generateKey(
949 password: string | null | undefined,
950 salt: util.ByteBuffer,
951 id: Byte,
952 iter: number,
953 n: number,
954 md?: md.MessageDigest,
955 ): util.ByteBuffer;
956 }
957
958 namespace pkcs7 {
959 interface PkcsSignedData {
960 content?: string | util.ByteBuffer | undefined;
961 contentInfo?: { value: any[] } | undefined;
962
963 certificates: pki.Certificate[];
964
965 addCertificate(certificate: pki.Certificate | string): void;
966 addSigner(options: {
967 key: pki.rsa.PrivateKey | string;
968 certificate: pki.Certificate | string;
969 digestAlgorithm: string;
970 authenticatedAttributes?: { type: string; value?: string | undefined }[] | undefined;
971 }): void;
972 sign(options?: { detached?: boolean | undefined }): void;
973 toAsn1(): asn1.Asn1;
974 }
975
976 function createSignedData(): PkcsSignedData;
977
978 interface PkcsEnvelopedData {
979 content?: string | util.ByteBuffer | undefined;
980 addRecipient(certificate: pki.Certificate): void;
981 encrypt(): void;
982 toAsn1(): asn1.Asn1;
983 }
984
985 function createEnvelopedData(): PkcsEnvelopedData;
986
987 /** When a PKCS#7 object has been created by reading from a message, the raw captured object is joined */
988 type Captured<T> = T & {
989 rawCapture: any;
990 };
991
992 /**
993 * Converts a PKCS#7 message to PEM format.
994 *
995 * @param msg The PKCS#7 message object
996 * @param maxline The maximum characters per line, defaults to 64.
997 *
998 * @return The PEM-formatted PKCS#7 message.
999 */
1000 function messageToPem(msg: PkcsSignedData, maxline?: number): string;
1001
1002 /**
1003 * Converts a PKCS#7 message from PEM format.
1004 *
1005 * @param pem the PEM-formatted PKCS#7 message.
1006 *
1007 * @return the PKCS#7 message.
1008 */
1009 function messageFromPem(pem: pki.PEM): Captured<PkcsEnvelopedData | PkcsSignedData>;
1010
1011 /**
1012 * Converts a PKCS#7 message from an ASN.1 object.
1013 *
1014 * @param asn the ASN.1 representation of a ContentInfo.
1015 *
1016 * @return the PKCS#7 message.
1017 */
1018 function messageFromAsn1(asn: asn1.Asn1): Captured<PkcsEnvelopedData | PkcsSignedData>;
1019 }
1020
1021 namespace pkcs5 {
1022 function pbkdf2(password: string, salt: string, iterations: number, keySize: number): string;
1023 function pbkdf2(
1024 password: string,
1025 salt: string,
1026 iterations: number,
1027 keySize: number,
1028 messageDigest: md.MessageDigest | md.Algorithm,
1029 ): string;
1030 function pbkdf2(
1031 password: string,
1032 salt: string,
1033 iterations: number,
1034 keySize: number,
1035 callback: (err: Error | null, dk: string | null) => any,
1036 ): void;
1037 function pbkdf2(
1038 password: string,
1039 salt: string,
1040 iterations: number,
1041 keySize: number,
1042 messageDigest?: md.MessageDigest | md.Algorithm,
1043 callback?: (err: Error | null, dk: string) => any,
1044 ): void;
1045 }
1046
1047 const md: {
1048 sha1: {
1049 create(): md.sha1.MessageDigest;
1050 };
1051 sha256: {
1052 create(): md.sha256.MessageDigest;
1053 };
1054 sha512: {
1055 create<TAlg extends md.sha512.AlgorithmSelection = md.sha512.AlgorithmSelection.Sha512>(
1056 /** @default 'SHA-512' */
1057 algorithm?: TAlg,
1058 ): TAlg extends md.sha512.AlgorithmSelection.Sha384
1059 ? md.sha512.Sha384MessageDigest
1060 : TAlg extends md.sha512.AlgorithmSelection.Sha512224
1061 ? md.sha512.Sha512224MessageDigest
1062 : TAlg extends md.sha512.AlgorithmSelection.Sha512256
1063 ? md.sha512.Sha512256MessageDigest
1064 : TAlg extends md.sha512.AlgorithmSelection.Sha512
1065 ? md.sha512.Sha512MessageDigest
1066 : never;
1067 sha224: {
1068 create(): md.sha512.Sha512224MessageDigest;
1069 };
1070 sha256: {
1071 create(): md.sha512.Sha512256MessageDigest;
1072 };
1073 sha384: {
1074 create(): md.sha512.Sha384MessageDigest;
1075 };
1076 };
1077 sha384: typeof md.sha512.sha384;
1078 'sha512/224': typeof md.sha512.sha224;
1079 'sha512/256': typeof md.sha512.sha256;
1080 md5: {
1081 create(): md.md5.MessageDigest;
1082 };
1083 algorithms: {
1084 md5: typeof md.md5;
1085 sha1: typeof md.sha1;
1086 sha256: typeof md.sha256;
1087 sha384: typeof md.sha384;
1088 sha512: typeof md.sha512;
1089 'sha512/224': typeof md['sha512/224'];
1090 'sha512/256': typeof md['sha512/256'];
1091 };
1092 };
1093
1094 const md5: typeof md.md5;
1095 const sha1: typeof md.sha1;
1096 const sha256: typeof md.sha256;
1097 const sha384: typeof md.sha384;
1098 const sha512: typeof md.sha512;
1099
1100 namespace md {
1101 type Algorithm = md5.Algorithm | sha1.Algorithm | sha256.Algorithm | sha512.Algorithm;
1102
1103 interface MessageDigest {
1104 readonly algorithm: Algorithm;
1105 readonly blockLength: number;
1106 readonly digestLength: number;
1107 messageLength: number;
1108 fullMessageLength: number[] | null;
1109 readonly messageLengthSize: number;
1110 update(msg: string, encoding?: Encoding): this;
1111 digest(): util.ByteStringBuffer;
1112 }
1113
1114 namespace md5 {
1115 type Algorithm = 'md5';
1116
1117 interface MessageDigest extends md.MessageDigest {
1118 readonly algorithm: Algorithm;
1119 readonly blockLength: 64;
1120 readonly digestLength: 16;
1121 readonly messageLengthSize: 8;
1122 }
1123 }
1124
1125 namespace sha1 {
1126 type Algorithm = 'sha1';
1127
1128 interface MessageDigest extends md.MessageDigest {
1129 readonly algorithm: Algorithm;
1130 readonly blockLength: 64;
1131 readonly digestLength: 20;
1132 readonly messageLengthSize: 8;
1133 }
1134 }
1135
1136 namespace sha256 {
1137 type Algorithm = 'sha256';
1138
1139 interface MessageDigest extends md.MessageDigest {
1140 readonly algorithm: Algorithm;
1141 readonly blockLength: 64;
1142 readonly digestLength: 32;
1143 readonly messageLengthSize: 8;
1144 }
1145 }
1146
1147 namespace sha512 {
1148 type Algorithm = Algorithm.Sha384 | Algorithm.Sha512 | Algorithm.Sha512224 | Algorithm.Sha512256;
1149 namespace Algorithm {
1150 type Sha384 = 'sha384';
1151 type Sha512 = 'sha512';
1152 type Sha512224 = 'sha512/224';
1153 type Sha512256 = 'sha512/256';
1154 }
1155
1156 type AlgorithmSelection =
1157 | AlgorithmSelection.Sha384
1158 | AlgorithmSelection.Sha512
1159 | AlgorithmSelection.Sha512224
1160 | AlgorithmSelection.Sha512256;
1161 namespace AlgorithmSelection {
1162 type Sha384 = 'SHA-384';
1163 type Sha512 = 'SHA-512';
1164 type Sha512224 = 'SHA-512/224';
1165 type Sha512256 = 'SHA-512/256';
1166 }
1167
1168 interface MessageDigest extends md.MessageDigest {
1169 readonly algorithm: Algorithm;
1170 readonly blockLength: 128;
1171 readonly messageLengthSize: 16;
1172 }
1173
1174 interface Sha512224MessageDigest extends MessageDigest {
1175 readonly algorithm: Algorithm.Sha512224;
1176 readonly digestLength: 28;
1177 }
1178
1179 interface Sha512256MessageDigest extends MessageDigest {
1180 readonly algorithm: Algorithm.Sha512256;
1181 readonly digestLength: 32;
1182 }
1183
1184 interface Sha384MessageDigest extends MessageDigest {
1185 readonly algorithm: Algorithm.Sha384;
1186 readonly digestLength: 48;
1187 }
1188
1189 interface Sha512MessageDigest extends MessageDigest {
1190 readonly algorithm: Algorithm.Sha512;
1191 readonly digestLength: 64;
1192 }
1193 }
1194 }
1195
1196 namespace hmac {
1197 type Algorithm = md.Algorithm;
1198
1199 interface HMAC {
1200 digest(): util.ByteBuffer;
1201 getMac(): util.ByteBuffer;
1202 start(md: Algorithm | md.MessageDigest, key: string | util.ByteBuffer | null): void;
1203 update(bytes: string): void;
1204 }
1205
1206 function create(): HMAC;
1207 }
1208
1209 namespace cipher {
1210 type Algorithm =
1211 | 'AES-ECB'
1212 | 'AES-CBC'
1213 | 'AES-CFB'
1214 | 'AES-OFB'
1215 | 'AES-CTR'
1216 | 'AES-GCM'
1217 | '3DES-ECB'
1218 | '3DES-CBC'
1219 | 'DES-ECB'
1220 | 'DES-CBC';
1221
1222 function createCipher(algorithm: Algorithm, payload: util.ByteBuffer | Bytes): BlockCipher;
1223 function createDecipher(algorithm: Algorithm, payload: util.ByteBuffer | Bytes): BlockCipher;
1224
1225 interface StartOptions {
1226 iv?: util.ByteBuffer | Byte[] | Bytes | undefined;
1227 tag?: util.ByteStringBuffer | undefined;
1228 tagLength?: number | undefined;
1229 additionalData?: string | undefined;
1230 }
1231
1232 interface BlockCipher {
1233 start: (options?: StartOptions) => void;
1234 update: (payload: util.ByteBuffer) => void;
1235 finish: () => boolean;
1236 output: util.ByteStringBuffer;
1237 mode: Mode;
1238 }
1239
1240 interface Mode {
1241 tag: util.ByteStringBuffer;
1242 }
1243 }
1244
1245 namespace pss {
1246 type PSS = any;
1247
1248 function create(any: any): PSS;
1249 }
1250
1251 namespace mgf {
1252 namespace mgf1 {
1253 function create(any: any): any;
1254 }
1255 }
1256
1257 namespace tls {
1258 interface ProtocolVersion {
1259 major: Byte;
1260 minor: Byte;
1261 }
1262
1263 const Versions: ProtocolVersion[];
1264 const SupportedVersions: ProtocolVersion[];
1265 const Version: ProtocolVersion;
1266
1267 const MaxFragment: number;
1268
1269 enum ConnectionEnd {
1270 server = 0,
1271 client = 1,
1272 }
1273
1274 enum PRFAlgorithm {
1275 tls_prf_sha256 = 0,
1276 }
1277
1278 enum BulkCipherAlgorithm {
1279 rc4 = 0,
1280 des3 = 1,
1281 aes = 2,
1282 }
1283
1284 enum CipherType {
1285 stream = 0,
1286 block = 1,
1287 aead = 2,
1288 }
1289
1290 enum MACAlgorithm {
1291 hmac_md5 = 0,
1292 hmac_sha1 = 1,
1293 hmac_sha256 = 2,
1294 hmac_sha384 = 3,
1295 hmac_sha512 = 4,
1296 }
1297
1298 enum CompressionMethod {
1299 none = 0,
1300 deflate = 1,
1301 }
1302
1303 enum ContentType {
1304 change_cipher_spec = 20,
1305 alert = 21,
1306 handshake = 22,
1307 application_data = 23,
1308 heartbeat = 24,
1309 }
1310
1311 enum HandshakeType {
1312 hello_request = 0,
1313 client_hello = 1,
1314 server_hello = 2,
1315 certificate = 11,
1316 server_key_exchange = 12,
1317 certificate_request = 13,
1318 server_hello_done = 14,
1319 certificate_verify = 15,
1320 client_key_exchange = 16,
1321 finished = 20,
1322 }
1323
1324 namespace Alert {
1325 enum Level {
1326 warning = 1,
1327 fatal = 2,
1328 }
1329
1330 enum Description {
1331 close_notify = 0,
1332 unexpected_message = 10,
1333 bad_record_mac = 20,
1334 decryption_failed = 21,
1335 record_overflow = 22,
1336 decompression_failure = 30,
1337 handshake_failure = 40,
1338 bad_certificate = 42,
1339 unsupported_certificate = 43,
1340 certificate_revoked = 44,
1341 certificate_expired = 45,
1342 certificate_unknown = 46,
1343 illegal_parameter = 47,
1344 unknown_ca = 48,
1345 access_denied = 49,
1346 decode_error = 50,
1347 decrypt_error = 51,
1348 export_restriction = 60,
1349 protocol_version = 70,
1350 insufficient_security = 71,
1351 internal_error = 80,
1352 user_canceled = 90,
1353 no_renegotiation = 100,
1354 }
1355 }
1356
1357 enum HeartbeatMessageType {
1358 heartbeat_request = 1,
1359 heartbeat_response = 2,
1360 }
1361
1362 interface CipherSuite {
1363 id: [Byte, Byte];
1364 name: string;
1365 }
1366
1367 const CipherSuites: { [name: string]: CipherSuite };
1368
1369 interface CertificateRequest {
1370 certificate_types: util.ByteBuffer;
1371 certificate_authorities: util.ByteBuffer;
1372 }
1373
1374 type ConnectionState = any;
1375
1376 interface Connection {
1377 version: ProtocolVersion;
1378 entity: ConnectionEnd;
1379 sessionId: Bytes | null;
1380 caStore: pki.CAStore;
1381 sessionCache: SessionCache | null;
1382 cipherSuites: CipherSuite[];
1383 connected(conn: Connection): void;
1384 virtualHost: string | null;
1385 verifyClient: boolean;
1386 verify(conn: Connection, verified: Verified, depth: number, certs: pki.Certificate[]): Verified;
1387 getCertificate:
1388 | ((conn: Connection, hint: CertificateRequest | string[]) => pki.PEM | ReadonlyArray<pki.PEM>)
1389 | null;
1390 getPrivateKey: ((conn: Connection, certificate: pki.Certificate) => pki.PEM) | null;
1391 getSignature:
1392 | ((conn: Connection, bytes: Bytes, callback: (conn: Connection, bytes: Bytes) => void) => void)
1393 | null;
1394 input: util.ByteBuffer;
1395 tlsData: util.ByteBuffer;
1396 data: util.ByteBuffer;
1397 tlsDataReady(conn: Connection): void;
1398 dataReady(conn: Connection): void;
1399 heartbeatReceived: ((conn: Connection, payload: util.ByteBuffer) => void) | undefined;
1400 closed(conn: Connection): void;
1401 error(conn: Connection, error: TLSError): void;
1402 deflate: ((inBytes: Bytes) => Bytes) | null;
1403 inflate: ((inBytes: Bytes) => Bytes) | null;
1404 reset(clearFail?: boolean): void;
1405 record: Record | null;
1406 session: Session | null;
1407 peerCertificate: pki.Certificate | null;
1408 state: { pending: ConnectionState | null; current: ConnectionState };
1409 expect: number;
1410 fragmented: Record | null;
1411 records: Record[];
1412 open: boolean;
1413 handshakes: number;
1414 handshaking: boolean;
1415 isConnected: boolean;
1416 fail: boolean;
1417 handshake(sessionId?: Bytes | null): void;
1418 process(data: Bytes): number;
1419 prepare(data: Bytes): boolean;
1420 prepareHeartbeatRequest(payload: Bytes | util.ByteBuffer, payloadLength?: number): boolean;
1421 close(clearFail?: boolean): Connection;
1422 }
1423
1424 interface Record {
1425 type: ContentType;
1426 version: ProtocolVersion;
1427 length: number;
1428 fragment: util.ByteBuffer;
1429 ready?: boolean | undefined;
1430 }
1431
1432 interface Session {
1433 version: ProtocolVersion | null;
1434 extensions: { [_: string]: object };
1435 cipherSuite: CipherSuite | null;
1436 compressionMethod: CompressionMethod | null;
1437 serverCertificate: pki.Certificate | null;
1438 clientCertificate: pki.Certificate | null;
1439 md5: md.MessageDigest;
1440 sha1: md.MessageDigest;
1441 }
1442
1443 interface SessionCache {
1444 cache: { [key: string]: Session };
1445 capacity: number;
1446 order: [Hex];
1447 getSession(sessionId: Bytes): Session;
1448 setSession(sessionId: Bytes, session: Session): void;
1449 }
1450
1451 function createSessionCache(cache?: SessionCache | { [key: string]: Session }, capacity?: number): SessionCache;
1452
1453 interface Alert {
1454 level: Alert.Level;
1455 description: Alert.Description;
1456 }
1457
1458 interface TLSError extends Error {
1459 message: string;
1460 send: boolean;
1461 origin: 'server' | 'client';
1462 alert: Alert;
1463 }
1464
1465 type Verified = true | { message?: string | undefined; alert?: Alert.Description | undefined };
1466
1467 function createConnection(options: {
1468 server?: boolean | undefined;
1469 sessionId?: Bytes | null | undefined;
1470 caStore?: pki.CAStore | ReadonlyArray<pki.Certificate> | undefined;
1471 sessionCache?: SessionCache | { [key: string]: Session } | undefined;
1472 cipherSuites?: CipherSuite[] | undefined;
1473 connected(conn: Connection): void;
1474 virtualHost?: string | undefined;
1475 verifyClient?: boolean | undefined;
1476 verify?(conn: Connection, verified: Verified, depth: number, certs: pki.Certificate[]): Verified;
1477 getCertificate?(conn: Connection, hint: CertificateRequest | string[]): pki.PEM | ReadonlyArray<pki.PEM>;
1478 getPrivateKey?(conn: Connection, certificate: pki.Certificate): pki.PEM;
1479 getSignature?(conn: Connection, bytes: Bytes, callback: (conn: Connection, bytes: Bytes) => void): void;
1480 tlsDataReady(conn: Connection): void;
1481 dataReady(conn: Connection): void;
1482 heartbeatReceived?(conn: Connection, payload: util.ByteBuffer): void;
1483 closed(conn: Connection): void;
1484 error(conn: Connection, error: TLSError): void;
1485 deflate?(inBytes: Bytes): Bytes;
1486 inflate?(inBytes: Bytes): Bytes;
1487 }): Connection;
1488
1489 function prf_tls1(secret: string, label: string, seed: string, length: number): util.ByteBuffer;
1490
1491 function hmac_sha1(
1492 key: string | ReadonlyArray<Byte> | util.ByteBuffer,
1493 seqNum: [number, number],
1494 record: Record,
1495 ): Bytes;
1496 }
1497}
1498
\No newline at end of file