UNPKG

16.5 kBTypeScriptView Raw
1// Type definitions for pem 1.14
2// Project: https://github.com/Dexus/pem
3// Definitions by: Aurelia Fenderson-Peters <https://github.com/PopeFelix>, Anthony Trinh <https://github.com/tony19>, Ruslan Arkhipau <https://github.com/DethAriel>
4// Definitions: https://github.com/DefinitelyTyped/DefinitelyTyped
5/// <reference types="node" />
6
7export {};
8
9type TypedArray =
10 | Int8Array
11 | Uint8Array
12 | Uint8ClampedArray
13 | Int16Array
14 | Uint16Array
15 | Int32Array
16 | Uint32Array
17 | Float32Array
18 | Float64Array;
19
20export interface ModuleConfiguration {
21 /**
22 * Path to OpenSSL binaries
23 */
24 pathOpenSSL: string;
25}
26
27export type PrivateKeyCipher =
28 | 'aes128'
29 | 'aes192'
30 | 'aes256'
31 | 'camellia128'
32 | 'camellia192'
33 | 'camellia256'
34 | 'des'
35 | 'des3'
36 | 'idea'
37 | string; // allow for additions in future
38
39export interface PrivateKeyCreationOptions {
40 cipher: PrivateKeyCipher;
41 password: string;
42}
43
44export interface Pkcs12CreationOptions {
45 cipher?: PrivateKeyCipher | undefined;
46 clientKeyPassword?: string | undefined;
47 certFiles?: string[] | undefined;
48}
49
50export interface Pkcs12ReadOptions {
51 p12Password?: string | undefined;
52 clientKeyPassword?: string | undefined;
53}
54
55export type HashFunction = 'md5' | 'sha1' | 'sha256' | string;
56export interface CSRCreationOptions {
57 /**
58 * Optional client key to use
59 */
60 clientKey?: string | undefined;
61 clientKeyPassword?: string | undefined;
62 /**
63 * If clientKey is undefined, bit size to use for generating a new key (defaults to 2048)
64 */
65 keyBitsize?: number | undefined;
66 /**
67 * Hash function to use, defaults to sha256
68 */
69 hash?: HashFunction | undefined;
70 /**
71 * CSR country field
72 */
73 country?: string | undefined;
74 /**
75 * CSR state field
76 */
77 state?: string | undefined;
78 /**
79 * CSR locality field
80 */
81 locality?: string | undefined;
82 /**
83 * CSR organization field
84 */
85 organization?: string | undefined;
86 /**
87 * CSR organizational unit field
88 */
89 organizationUnit?: string | undefined;
90 /**
91 * CSR common name field, defaults to 'localhost'
92 */
93 commonName?: string | undefined;
94 /**
95 * CSR email address field
96 */
97 emailAddress?: string | undefined;
98 /**
99 * CSR config file
100 */
101 csrConfigFile?: string | undefined;
102 /**
103 * A list of subjectAltNames in the subjectAltName field
104 */
105 altNames?: string[] | undefined;
106}
107
108export interface CertificateCreationOptions extends CSRCreationOptions {
109 /**
110 * Private key for signing the certificate, if not defined a new one is generated
111 */
112 serviceKey?: string | undefined;
113 /**
114 * Password of the service key
115 */
116 serviceKeyPassword?: string | undefined;
117 serviceCertificate?: any;
118 serial?: any;
119 /**
120 * If set to true and serviceKey is not defined, use clientKey for signing
121 */
122 selfSigned?: boolean | undefined;
123 /**
124 * CSR for the certificate, if not defined a new one is generated from the provided parameters
125 */
126 csr?: string | undefined;
127 /**
128 * Certificate expire time in days, defaults to 365
129 */
130 days?: number | undefined;
131 /**
132 * Password of the client key
133 */
134 clientKeyPassword?: string | undefined;
135 /**
136 * extension config file - without '-extensions v3_req'
137 */
138 extFile?: string | undefined;
139 /**
140 * extension config file - with '-extensions v3_req'
141 */
142 config?: string | undefined;
143}
144
145export interface CertificateCreationResult {
146 certificate: any;
147 csr: string;
148 clientKey: string;
149 serviceKey: string;
150}
151
152export interface CertificateSubjectReadResult {
153 country: string;
154 state: string;
155 locality: string;
156 organization: string;
157 organizationUnit: string;
158 commonName: string;
159 emailAddress: string;
160}
161
162export interface Pkcs12ReadResult {
163 key: string;
164 cert: string;
165 ca: string[];
166}
167
168export type Callback<T> = (error: any, result: T) => any;
169
170/**
171 * Creates a private key
172 *
173 * @param [keyBitsize=2048] Size of the key, defaults to 2048bit (can also be a function)
174 * @param [options] private key encryption settings, defaults to empty object (no enryption)
175 * @param callback Callback function with an error object and {key}
176 */
177export function createPrivateKey(
178 keyBitsize: number,
179 options: PrivateKeyCreationOptions,
180 callback: Callback<{ key: string }>,
181): void;
182export function createPrivateKey(
183 optionsOrKeyBitsize: number | PrivateKeyCreationOptions,
184 callback: Callback<{ key: string }>,
185): void;
186export function createPrivateKey(callback: Callback<{ key: string }>): void;
187
188/**
189 * Creates a dhparam key
190 *
191 * @param [keyBitsize=512] Size of the key, defaults to 512bit
192 * @param callback Callback function with an error object and {dhparam}
193 */
194export function createDhparam(keyBitsize: number, callback: Callback<{ dhparam: string }>): void;
195export function createDhparam(callback: Callback<{ dhparam: string }>): void;
196
197/**
198 * Creates a ecparam key
199 *
200 * @param [keyName=secp256k1] Name of the key, defaults to secp256k1
201 * @param [paramEnc=explicit] Encoding of the elliptic curve parameters, defaults to explicit
202 * @param [noOut=false] This option inhibits the output of the encoded version of the parameters.
203 * @param callback Callback function with an error object and {ecparam}
204 */
205export function createEcparam(keyName: string, paramEnc: string, noOut: boolean, callback: Callback<{ ecparam: string }>): void;
206export function createEcparam(callback: Callback<{ ecparam: string }>): void;
207
208/**
209 * Creates a Certificate Signing Request
210 *
211 * If options.clientKey is undefined, a new key is created automatically. The used key is included
212 * in the callback return as clientKey
213 *
214 * @param [options] Optional options object
215 * @param callback Callback function with an error object and {csr, clientKey}
216 */
217export function createCSR(options: CSRCreationOptions, callback: Callback<{ csr: string; clientKey: string }>): void;
218export function createCSR(callback: Callback<{ csr: string; clientKey: string }>): void;
219
220/**
221 * Creates a certificate based on a CSR. If CSR is not defined, a new one
222 * will be generated automatically. For CSR generation all the options values
223 * can be used as with createCSR.
224 *
225 * @param [CertificateCreationOptions] Optional options object
226 * @param callback Callback function with an error object and {certificate, csr, clientKey, serviceKey}
227 */
228export function createCertificate(
229 options: CertificateCreationOptions,
230 callback: Callback<CertificateCreationResult>,
231): void;
232export function createCertificate(callback: Callback<CertificateCreationResult>): void;
233
234/**
235 * Reads subject data from a certificate or a CSR
236 *
237 * @param certificate PEM encoded CSR or certificate
238 * @param callback Callback function with an error object and {country, state, locality, organization, organizationUnit, commonName, emailAddress}
239 */
240export function readCertificateInfo(certificate: string, callback: Callback<CertificateSubjectReadResult>): void;
241export function readCertificateInfo(callback: Callback<CertificateSubjectReadResult>): void;
242
243/**
244 * Exports a public key from a private key, CSR or certificate
245 *
246 * @param certificate PEM encoded private key, CSR or certificate
247 * @param callback Callback function with an error object and {publicKey}
248 */
249export function getPublicKey(certificate: string, callback: Callback<{ publicKey: string }>): void;
250export function getPublicKey(callback: Callback<{ publicKey: string }>): void;
251
252/**
253 * Gets the fingerprint for a certificate
254 *
255 * @param certificate PEM encoded certificate
256 * @param hash Hash function to use (either md5 sha1 or sha256, defaults to sha256)
257 * @param callback Callback function with an error object and {fingerprint}
258 */
259export function getFingerprint(
260 certificate: string,
261 hash: HashFunction,
262 callback: Callback<{ fingerprint: string }>,
263): void;
264export function getFingerprint(certificate: string, callback: Callback<{ fingerprint: string }>): void;
265export function getFingerprint(callback: Callback<{ fingerprint: string }>): void;
266
267/**
268 * Gets the modulus from a certificate, a CSR or a private key
269 *
270 * @param certificate PEM encoded, CSR PEM encoded, or private key
271 * @param password password for the certificate
272 * @param callback Callback function with an error object and {modulus}
273 */
274export function getModulus(certificate: string, password: string, callback: Callback<{ modulus: any }>): void;
275export function getModulus(certificate: string, callback: Callback<{ modulus: any }>): void;
276
277/**
278 * Gets the size and prime of DH parameters
279 *
280 * @param dh DH parameters PEM encoded
281 * @param callback Callback function with an error object and {size, prime}
282 */
283export function getDhparamInfo(dh: string, callback: Callback<{ size: any; prime: any }>): void;
284
285/**
286 * Exports private key and certificate to a PKCS12 keystore
287 *
288 * @param key PEM encoded private key
289 * @param certificate PEM encoded certificate
290 * @param password Password of the result PKCS12 file
291 * @param [options] object of cipher and optional client key password {cipher:'aes128', clientKeyPassword: 'xxx'}
292 * @param callback Callback function with an error object and {pkcs12}
293 */
294export function createPkcs12(
295 key: string,
296 certificate: string,
297 password: string,
298 options: Pkcs12CreationOptions,
299 callback: Callback<{ pkcs12: any }>,
300): void;
301export function createPkcs12(
302 key: string,
303 certificate: string,
304 password: string,
305 callback: Callback<{ pkcs12: any }>,
306): void;
307
308/**
309 * Reads private key and certificate from a PKCS12 keystore
310 * @param callback Callback function with an error object and {pkcs12}
311 * @returns the result of the callback
312 */
313export function readPkcs12(
314 bufferOrPath: Buffer | string,
315 options: Pkcs12ReadOptions,
316 callback: Callback<Pkcs12ReadResult>,
317): any;
318export function readPkcs12(bufferOrPath: Buffer | string, callback: Callback<Pkcs12ReadResult>): any;
319
320/**
321 * Verifies the signing chain of the passed certificate
322 *
323 * @param certificate PEM encoded certificate
324 * @param ca List of CA certificates
325 * @param callback Callback function with an error object and a boolean valid
326 */
327export function verifySigningChain(certificate: string, ca: string[], callback: Callback<boolean>): void;
328
329/**
330 * Check a certificate
331 *
332 * @param certificate PEM encoded certificate
333 * @param [passphrase] password for the certificate
334 * @param callback Callback function with an error object and a boolean valid
335 */
336export function checkCertificate(certificate: string, passphrase: string, callback: Callback<boolean>): void;
337export function checkCertificate(certificate: string, callback: Callback<boolean>): void;
338
339/**
340 * check a PKCS#12 file (.pfx or.p12)
341 *
342 * @param bufferOrPath PKCS#12 certificate
343 * @param [passphrase] optional passphrase which will be used to open the keystore
344 * @param callback Callback function with an error object and a boolean valid
345 */
346export function checkPkcs12(bufferOrPath: Buffer | string, passphrase: string, callback: Callback<boolean>): void;
347export function checkPkcs12(bufferOrPath: Buffer | string, callback: Callback<boolean>): void;
348
349/**
350 * config the pem module
351 */
352export function config(options: ModuleConfiguration): void;
353
354export namespace promisified {
355 /**
356 * Creates a private key
357 *
358 * @param [keyBitsize=2048] Size of the key, defaults to 2048bit (can also be a function)
359 * @param [options] private key encryption settings, defaults to empty object (no enryption)
360 * @returns
361 */
362 function createPrivateKey(keyBitsize: number, options: PrivateKeyCreationOptions): Promise<{ key: string }>;
363 function createPrivateKey(optionsOrKeyBitsize?: number | PrivateKeyCreationOptions): Promise<{ key: string }>;
364
365 /**
366 * Creates a dhparam key
367 *
368 * @param [keyBitsize=512] Size of the key, defaults to 512bit
369 * @returns
370 */
371 function createDhparam(keyBitsize?: number): Promise<{ dhparam: string }>;
372
373 /**
374 * Creates a ecparam key
375 *
376 * @param [keyName=secp256k1] Name of the key, defaults to secp256k1
377 * @param [paramEnc=explicit] Encoding of the elliptic curve parameters, defaults to explicit
378 * @param [noOut=false] This option inhibits the output of the encoded version of the parameters.
379 * @returns
380 */
381 function createEcparam(keyName?: string, paramEnc?: string, noOut?: boolean): Promise<{ ecparam: string }>;
382
383 /**
384 * Creates a Certificate Signing Request
385 *
386 * If options.clientKey is undefined, a new key is created automatically. The used key is included
387 * in the callback return as clientKey
388 *
389 * @param [options] Optional options object
390 * @returns
391 */
392 function createCSR(options?: CSRCreationOptions): Promise<{ csr: string; clientKey: string }>;
393
394 /**
395 * Creates a certificate based on a CSR. If CSR is not defined, a new one
396 * will be generated automatically. For CSR generation all the options values
397 * can be used as with createCSR.
398 *
399 * @param [CertificateCreationOptions] Optional options object
400 * @returns
401 */
402 function createCertificate(options?: CertificateCreationOptions): Promise<CertificateCreationResult>;
403
404 /**
405 * Reads subject data from a certificate or a CSR
406 *
407 * @param certificate PEM encoded CSR or certificate
408 * @returns
409 */
410 function readCertificateInfo(certificate: string): Promise<CertificateSubjectReadResult>;
411
412 /**
413 * Exports a public key from a private key, CSR or certificate
414 *
415 * @param certificate PEM encoded private key, CSR or certificate
416 * @returns
417 */
418 function getPublicKey(certificate: string): Promise<{ publicKey: string }>;
419
420 /**
421 * Gets the fingerprint for a certificate
422 *
423 * @param certificate PEM encoded certificate
424 * @param hash Hash function to use (either md5 sha1 or sha256, defaults to sha256)
425 * @returns
426 */
427 function getFingerprint(
428 certificate: string | Buffer | DataView | TypedArray,
429 hash?: HashFunction,
430 ): Promise<{ fingerprint: string }>;
431
432 /**
433 * Gets the modulus from a certificate, a CSR or a private key
434 *
435 * @param certificate PEM encoded, CSR PEM encoded, or private key
436 * @param password password for the certificate
437 * @returns
438 */
439 function getModulus(certificate: string, password?: string): Promise<{ modulus: any }>;
440
441 /**
442 * Gets the size and prime of DH parameters
443 *
444 * @param dh DH parameters PEM encoded
445 * @returns
446 */
447 function getDhparamInfo(dh: string): Promise<{ size: any; prime: any }>;
448
449 /**
450 * Exports private key and certificate to a PKCS12 keystore
451 *
452 * @param key PEM encoded private key
453 * @param certificate PEM encoded certificate
454 * @param password Password of the result PKCS12 file
455 * @param [options] object of cipher and optional client key password {cipher:'aes128', clientKeyPassword: 'xxx'}
456 * @returns
457 */
458 function createPkcs12(
459 key: string,
460 certificate: string,
461 password: string,
462 options?: Pkcs12CreationOptions,
463 ): Promise<{ pkcs12: any }>;
464
465 /**
466 * Reads private key and certificate from a PKCS12 keystore
467 * @returns
468 */
469 function readPkcs12(bufferOrPath: Buffer | string, options?: Pkcs12ReadOptions): Promise<Pkcs12ReadResult>;
470
471 /**
472 * Check a certificate
473 *
474 * @param certificate PEM encoded certificate
475 * @param [passphrase] password for the certificate
476 * @returns
477 */
478 function checkCertificate(certificate: string, passphrase?: string): Promise<boolean>;
479
480 /**
481 * check a PKCS#12 file (.pfx or.p12)
482 *
483 * @param bufferOrPath PKCS#12 certificate
484 * @param [passphrase] optional passphrase which will be used to open the keystore
485 * @param callback Callback function with an error object and a boolean valid
486 */
487 function checkPkcs12(bufferOrPath: Buffer | string, passphrase?: string): Promise<boolean>;
488
489 /**
490 * Verifies the signing chain of the passed certificate
491 *
492 * @param certificate PEM encoded certificate
493 * @param ca List of CA certificates
494 * @returns
495 */
496 function verifySigningChain(certificate: string, ca: string[]): Promise<boolean>;
497}