1 | declare module "tls" {
|
2 | import * as crypto from "crypto";
|
3 | import * as dns from "dns";
|
4 | import * as net from "net";
|
5 | import * as stream from "stream";
|
6 |
|
7 | const CLIENT_RENEG_LIMIT: number;
|
8 | const CLIENT_RENEG_WINDOW: number;
|
9 |
|
10 | interface Certificate {
|
11 | |
12 |
|
13 |
|
14 | C: string;
|
15 | |
16 |
|
17 |
|
18 | ST: string;
|
19 | |
20 |
|
21 |
|
22 | L: string;
|
23 | |
24 |
|
25 |
|
26 | O: string;
|
27 | |
28 |
|
29 |
|
30 | OU: string;
|
31 | |
32 |
|
33 |
|
34 | CN: string;
|
35 | }
|
36 |
|
37 | interface PeerCertificate {
|
38 | subject: Certificate;
|
39 | issuer: Certificate;
|
40 | subjectaltname: string;
|
41 | infoAccess: { [index: string]: string[] | undefined };
|
42 | modulus: string;
|
43 | exponent: string;
|
44 | valid_from: string;
|
45 | valid_to: string;
|
46 | fingerprint: string;
|
47 | fingerprint256: string;
|
48 | ext_key_usage: string[];
|
49 | serialNumber: string;
|
50 | raw: Buffer;
|
51 | }
|
52 |
|
53 | interface DetailedPeerCertificate extends PeerCertificate {
|
54 | issuerCertificate: DetailedPeerCertificate;
|
55 | }
|
56 |
|
57 | interface CipherNameAndProtocol {
|
58 | |
59 |
|
60 |
|
61 | name: string;
|
62 | |
63 |
|
64 |
|
65 | version: string;
|
66 | }
|
67 |
|
68 | interface EphemeralKeyInfo {
|
69 | |
70 |
|
71 |
|
72 | type: string;
|
73 | |
74 |
|
75 |
|
76 | name?: string;
|
77 | |
78 |
|
79 |
|
80 | size: number;
|
81 | }
|
82 |
|
83 | class TLSSocket extends net.Socket {
|
84 | |
85 |
|
86 |
|
87 | constructor(socket: net.Socket, options?: {
|
88 | |
89 |
|
90 |
|
91 | secureContext?: SecureContext,
|
92 | |
93 |
|
94 |
|
95 |
|
96 | isServer?: boolean,
|
97 | |
98 |
|
99 |
|
100 | server?: net.Server,
|
101 | |
102 |
|
103 |
|
104 |
|
105 |
|
106 | requestCert?: boolean,
|
107 | |
108 |
|
109 |
|
110 |
|
111 |
|
112 | rejectUnauthorized?: boolean,
|
113 | |
114 |
|
115 |
|
116 |
|
117 | NPNProtocols?: ReadonlyArray<string> | ReadonlyArray<Buffer> | ReadonlyArray<Uint8Array> | Buffer | Uint8Array,
|
118 | |
119 |
|
120 |
|
121 |
|
122 |
|
123 |
|
124 |
|
125 | ALPNProtocols?: ReadonlyArray<string> | ReadonlyArray<Buffer> | ReadonlyArray<Uint8Array> | Buffer | Uint8Array,
|
126 | |
127 |
|
128 |
|
129 |
|
130 |
|
131 |
|
132 |
|
133 |
|
134 |
|
135 | SNICallback?: (servername: string, cb: (err: Error | null, ctx: SecureContext) => void) => void,
|
136 | |
137 |
|
138 |
|
139 | session?: Buffer,
|
140 | |
141 |
|
142 |
|
143 |
|
144 |
|
145 | requestOCSP?: boolean
|
146 | });
|
147 |
|
148 | /**
|
149 | * A boolean that is true if the peer certificate was signed by one of the specified CAs, otherwise false.
|
150 | */
|
151 | authorized: boolean;
|
152 | /**
|
153 | * The reason why the peer's certificate has not been verified.
|
154 | * This property becomes available only when tlsSocket.authorized === false.
|
155 | */
|
156 | authorizationError: Error;
|
157 | /**
|
158 | * Static boolean value, always true.
|
159 | * May be used to distinguish TLS sockets from regular ones.
|
160 | */
|
161 | encrypted: boolean;
|
162 |
|
163 | /**
|
164 | * String containing the selected ALPN protocol.
|
165 | * When ALPN has no selected protocol, tlsSocket.alpnProtocol equals false.
|
166 | */
|
167 | alpnProtocol?: string;
|
168 |
|
169 | /**
|
170 | * Returns an object representing the cipher name and the SSL/TLS protocol version of the current connection.
|
171 | * @returns Returns an object representing the cipher name
|
172 | * and the SSL/TLS protocol version of the current connection.
|
173 | */
|
174 | getCipher(): CipherNameAndProtocol;
|
175 | /**
|
176 | * Returns an object representing the type, name, and size of parameter
|
177 | * of an ephemeral key exchange in Perfect Forward Secrecy on a client
|
178 | * connection. It returns an empty object when the key exchange is not
|
179 | * ephemeral. As this is only supported on a client socket; null is
|
180 | * returned if called on a server socket. The supported types are 'DH'
|
181 | * and 'ECDH'. The name property is available only when type is 'ECDH'.
|
182 | *
|
183 | * For example: { type: 'ECDH', name: 'prime256v1', size: 256 }.
|
184 | */
|
185 | getEphemeralKeyInfo(): EphemeralKeyInfo | object | null;
|
186 | |
187 |
|
188 |
|
189 |
|
190 |
|
191 |
|
192 |
|
193 |
|
194 |
|
195 |
|
196 |
|
197 |
|
198 |
|
199 |
|
200 | getFinished(): Buffer | undefined;
|
201 | |
202 |
|
203 |
|
204 |
|
205 |
|
206 |
|
207 |
|
208 |
|
209 |
|
210 | getPeerCertificate(detailed: true): DetailedPeerCertificate;
|
211 | getPeerCertificate(detailed?: false): PeerCertificate;
|
212 | getPeerCertificate(detailed?: boolean): PeerCertificate | DetailedPeerCertificate;
|
213 | |
214 |
|
215 |
|
216 |
|
217 |
|
218 |
|
219 |
|
220 |
|
221 |
|
222 |
|
223 |
|
224 |
|
225 |
|
226 |
|
227 | getPeerFinished(): Buffer | undefined;
|
228 | |
229 |
|
230 |
|
231 |
|
232 |
|
233 |
|
234 |
|
235 | getProtocol(): string | null;
|
236 | |
237 |
|
238 |
|
239 |
|
240 | getSession(): any;
|
241 | |
242 |
|
243 |
|
244 |
|
245 |
|
246 | getTLSTicket(): any;
|
247 | |
248 |
|
249 |
|
250 | isSessionReused(): boolean;
|
251 | |
252 |
|
253 |
|
254 |
|
255 |
|
256 |
|
257 |
|
258 |
|
259 |
|
260 |
|
261 | renegotiate(options: { rejectUnauthorized?: boolean, requestCert?: boolean }, callback: (err: Error | null) => void): any;
|
262 | |
263 |
|
264 |
|
265 |
|
266 |
|
267 |
|
268 |
|
269 |
|
270 |
|
271 |
|
272 | setMaxSendFragment(size: number): boolean;
|
273 |
|
274 | |
275 |
|
276 |
|
277 |
|
278 |
|
279 | disableRenegotiation(): void;
|
280 |
|
281 | |
282 |
|
283 |
|
284 |
|
285 |
|
286 | addListener(event: string, listener: (...args: any[]) => void): this;
|
287 | addListener(event: "OCSPResponse", listener: (response: Buffer) => void): this;
|
288 | addListener(event: "secureConnect", listener: () => void): this;
|
289 |
|
290 | emit(event: string | symbol, ...args: any[]): boolean;
|
291 | emit(event: "OCSPResponse", response: Buffer): boolean;
|
292 | emit(event: "secureConnect"): boolean;
|
293 |
|
294 | on(event: string, listener: (...args: any[]) => void): this;
|
295 | on(event: "OCSPResponse", listener: (response: Buffer) => void): this;
|
296 | on(event: "secureConnect", listener: () => void): this;
|
297 |
|
298 | once(event: string, listener: (...args: any[]) => void): this;
|
299 | once(event: "OCSPResponse", listener: (response: Buffer) => void): this;
|
300 | once(event: "secureConnect", listener: () => void): this;
|
301 |
|
302 | prependListener(event: string, listener: (...args: any[]) => void): this;
|
303 | prependListener(event: "OCSPResponse", listener: (response: Buffer) => void): this;
|
304 | prependListener(event: "secureConnect", listener: () => void): this;
|
305 |
|
306 | prependOnceListener(event: string, listener: (...args: any[]) => void): this;
|
307 | prependOnceListener(event: "OCSPResponse", listener: (response: Buffer) => void): this;
|
308 | prependOnceListener(event: "secureConnect", listener: () => void): this;
|
309 | }
|
310 |
|
311 | interface TlsOptions extends SecureContextOptions {
|
312 | handshakeTimeout?: number;
|
313 | requestCert?: boolean;
|
314 | rejectUnauthorized?: boolean;
|
315 | NPNProtocols?: string[] | Buffer[] | Uint8Array[] | Buffer | Uint8Array;
|
316 | ALPNProtocols?: string[] | Buffer[] | Uint8Array[] | Buffer | Uint8Array;
|
317 | SNICallback?: (servername: string, cb: (err: Error | null, ctx: SecureContext) => void) => void;
|
318 | sessionTimeout?: number;
|
319 | ticketKeys?: Buffer;
|
320 | }
|
321 |
|
322 | interface ConnectionOptions extends SecureContextOptions {
|
323 | host?: string;
|
324 | port?: number;
|
325 | path?: string;
|
326 | socket?: net.Socket;
|
327 | rejectUnauthorized?: boolean;
|
328 | NPNProtocols?: string[] | Buffer[] | Uint8Array[] | Buffer | Uint8Array;
|
329 | ALPNProtocols?: string[] | Buffer[] | Uint8Array[] | Buffer | Uint8Array;
|
330 | checkServerIdentity?: typeof checkServerIdentity;
|
331 | servername?: string;
|
332 | session?: Buffer;
|
333 | minDHSize?: number;
|
334 | secureContext?: SecureContext;
|
335 | lookup?: net.LookupFunction;
|
336 | }
|
337 |
|
338 | class Server extends net.Server {
|
339 | |
340 |
|
341 |
|
342 |
|
343 |
|
344 | addContext(hostName: string, credentials: {
|
345 | key: string;
|
346 | cert: string;
|
347 | ca: string;
|
348 | }): void;
|
349 | |
350 |
|
351 |
|
352 | getTicketKeys(): Buffer;
|
353 | |
354 |
|
355 |
|
356 |
|
357 |
|
358 | setTicketKeys(keys: Buffer): void;
|
359 |
|
360 | |
361 |
|
362 |
|
363 |
|
364 |
|
365 |
|
366 |
|
367 |
|
368 | addListener(event: string, listener: (...args: any[]) => void): this;
|
369 | addListener(event: "tlsClientError", listener: (err: Error, tlsSocket: TLSSocket) => void): this;
|
370 | addListener(event: "newSession", listener: (sessionId: any, sessionData: any, callback: (err: Error, resp: Buffer) => void) => void): this;
|
371 | addListener(event: "OCSPRequest", listener: (certificate: Buffer, issuer: Buffer, callback: Function) => void): this;
|
372 | addListener(event: "resumeSession", listener: (sessionId: any, callback: (err: Error, sessionData: any) => void) => void): this;
|
373 | addListener(event: "secureConnection", listener: (tlsSocket: TLSSocket) => void): this;
|
374 |
|
375 | emit(event: string | symbol, ...args: any[]): boolean;
|
376 | emit(event: "tlsClientError", err: Error, tlsSocket: TLSSocket): boolean;
|
377 | emit(event: "newSession", sessionId: any, sessionData: any, callback: (err: Error, resp: Buffer) => void): boolean;
|
378 | emit(event: "OCSPRequest", certificate: Buffer, issuer: Buffer, callback: Function): boolean;
|
379 | emit(event: "resumeSession", sessionId: any, callback: (err: Error, sessionData: any) => void): boolean;
|
380 | emit(event: "secureConnection", tlsSocket: TLSSocket): boolean;
|
381 |
|
382 | on(event: string, listener: (...args: any[]) => void): this;
|
383 | on(event: "tlsClientError", listener: (err: Error, tlsSocket: TLSSocket) => void): this;
|
384 | on(event: "newSession", listener: (sessionId: any, sessionData: any, callback: (err: Error, resp: Buffer) => void) => void): this;
|
385 | on(event: "OCSPRequest", listener: (certificate: Buffer, issuer: Buffer, callback: Function) => void): this;
|
386 | on(event: "resumeSession", listener: (sessionId: any, callback: (err: Error, sessionData: any) => void) => void): this;
|
387 | on(event: "secureConnection", listener: (tlsSocket: TLSSocket) => void): this;
|
388 |
|
389 | once(event: string, listener: (...args: any[]) => void): this;
|
390 | once(event: "tlsClientError", listener: (err: Error, tlsSocket: TLSSocket) => void): this;
|
391 | once(event: "newSession", listener: (sessionId: any, sessionData: any, callback: (err: Error, resp: Buffer) => void) => void): this;
|
392 | once(event: "OCSPRequest", listener: (certificate: Buffer, issuer: Buffer, callback: Function) => void): this;
|
393 | once(event: "resumeSession", listener: (sessionId: any, callback: (err: Error, sessionData: any) => void) => void): this;
|
394 | once(event: "secureConnection", listener: (tlsSocket: TLSSocket) => void): this;
|
395 |
|
396 | prependListener(event: string, listener: (...args: any[]) => void): this;
|
397 | prependListener(event: "tlsClientError", listener: (err: Error, tlsSocket: TLSSocket) => void): this;
|
398 | prependListener(event: "newSession", listener: (sessionId: any, sessionData: any, callback: (err: Error, resp: Buffer) => void) => void): this;
|
399 | prependListener(event: "OCSPRequest", listener: (certificate: Buffer, issuer: Buffer, callback: Function) => void): this;
|
400 | prependListener(event: "resumeSession", listener: (sessionId: any, callback: (err: Error, sessionData: any) => void) => void): this;
|
401 | prependListener(event: "secureConnection", listener: (tlsSocket: TLSSocket) => void): this;
|
402 |
|
403 | prependOnceListener(event: string, listener: (...args: any[]) => void): this;
|
404 | prependOnceListener(event: "tlsClientError", listener: (err: Error, tlsSocket: TLSSocket) => void): this;
|
405 | prependOnceListener(event: "newSession", listener: (sessionId: any, sessionData: any, callback: (err: Error, resp: Buffer) => void) => void): this;
|
406 | prependOnceListener(event: "OCSPRequest", listener: (certificate: Buffer, issuer: Buffer, callback: Function) => void): this;
|
407 | prependOnceListener(event: "resumeSession", listener: (sessionId: any, callback: (err: Error, sessionData: any) => void) => void): this;
|
408 | prependOnceListener(event: "secureConnection", listener: (tlsSocket: TLSSocket) => void): this;
|
409 | }
|
410 |
|
411 | interface SecurePair {
|
412 | encrypted: any;
|
413 | cleartext: any;
|
414 | }
|
415 |
|
416 | interface SecureContextOptions {
|
417 | pfx?: string | Buffer | Array<string | Buffer | Object>;
|
418 | key?: string | Buffer | Array<Buffer | Object>;
|
419 | passphrase?: string;
|
420 | cert?: string | Buffer | Array<string | Buffer>;
|
421 | ca?: string | Buffer | Array<string | Buffer>;
|
422 | ciphers?: string;
|
423 | honorCipherOrder?: boolean;
|
424 | ecdhCurve?: string;
|
425 | clientCertEngine?: string;
|
426 | crl?: string | Buffer | Array<string | Buffer>;
|
427 | dhparam?: string | Buffer;
|
428 | secureOptions?: number;
|
429 | secureProtocol?: string;
|
430 | sessionIdContext?: string;
|
431 | }
|
432 |
|
433 | interface SecureContext {
|
434 | context: any;
|
435 | }
|
436 |
|
437 | |
438 |
|
439 |
|
440 |
|
441 |
|
442 |
|
443 |
|
444 | function checkServerIdentity(host: string, cert: PeerCertificate): Error | undefined;
|
445 | function createServer(options: TlsOptions, secureConnectionListener?: (socket: TLSSocket) => void): Server;
|
446 | function connect(options: ConnectionOptions, secureConnectListener?: () => void): TLSSocket;
|
447 | function connect(port: number, host?: string, options?: ConnectionOptions, secureConnectListener?: () => void): TLSSocket;
|
448 | function connect(port: number, options?: ConnectionOptions, secureConnectListener?: () => void): TLSSocket;
|
449 | function createSecurePair(credentials?: crypto.Credentials, isServer?: boolean, requestCert?: boolean, rejectUnauthorized?: boolean): SecurePair;
|
450 | function createSecureContext(options?: SecureContextOptions): SecureContext;
|
451 | function getCiphers(): string[];
|
452 |
|
453 | |
454 |
|
455 |
|
456 |
|
457 |
|
458 | let DEFAULT_ECDH_CURVE: string;
|
459 | }
|