1 | // Type definitions for pem 1.14
|
2 | // Project: https://github.com/Dexus/pem
|
3 | // Definitions by: Aurelia Fenderson-Peters <https://github.com/PopeFelix>, Anthony Trinh <https://github.com/tony19>, Ruslan Arkhipau <https://github.com/DethAriel>
|
4 | // Definitions: https://github.com/DefinitelyTyped/DefinitelyTyped
|
5 | /// <reference types="node" />
|
6 |
|
7 | export {};
|
8 |
|
9 | type TypedArray =
|
10 | | Int8Array
|
11 | | Uint8Array
|
12 | | Uint8ClampedArray
|
13 | | Int16Array
|
14 | | Uint16Array
|
15 | | Int32Array
|
16 | | Uint32Array
|
17 | | Float32Array
|
18 | | Float64Array;
|
19 |
|
20 | export interface ModuleConfiguration {
|
21 | /**
|
22 | * Path to OpenSSL binaries
|
23 | */
|
24 | pathOpenSSL: string;
|
25 | }
|
26 |
|
27 | export type PrivateKeyCipher =
|
28 | | 'aes128'
|
29 | | 'aes192'
|
30 | | 'aes256'
|
31 | | 'camellia128'
|
32 | | 'camellia192'
|
33 | | 'camellia256'
|
34 | | 'des'
|
35 | | 'des3'
|
36 | | 'idea'
|
37 | | string; // allow for additions in future
|
38 |
|
39 | export interface PrivateKeyCreationOptions {
|
40 | cipher: PrivateKeyCipher;
|
41 | password: string;
|
42 | }
|
43 |
|
44 | export interface Pkcs12CreationOptions {
|
45 | cipher?: PrivateKeyCipher | undefined;
|
46 | clientKeyPassword?: string | undefined;
|
47 | certFiles?: string[] | undefined;
|
48 | }
|
49 |
|
50 | export interface Pkcs12ReadOptions {
|
51 | p12Password?: string | undefined;
|
52 | clientKeyPassword?: string | undefined;
|
53 | }
|
54 |
|
55 | export type HashFunction = 'md5' | 'sha1' | 'sha256' | string;
|
56 | export interface CSRCreationOptions {
|
57 | /**
|
58 | * Optional client key to use
|
59 | */
|
60 | clientKey?: string | undefined;
|
61 | clientKeyPassword?: string | undefined;
|
62 | /**
|
63 | * If clientKey is undefined, bit size to use for generating a new key (defaults to 2048)
|
64 | */
|
65 | keyBitsize?: number | undefined;
|
66 | /**
|
67 | * Hash function to use, defaults to sha256
|
68 | */
|
69 | hash?: HashFunction | undefined;
|
70 | /**
|
71 | * CSR country field
|
72 | */
|
73 | country?: string | undefined;
|
74 | /**
|
75 | * CSR state field
|
76 | */
|
77 | state?: string | undefined;
|
78 | /**
|
79 | * CSR locality field
|
80 | */
|
81 | locality?: string | undefined;
|
82 | /**
|
83 | * CSR organization field
|
84 | */
|
85 | organization?: string | undefined;
|
86 | /**
|
87 | * CSR organizational unit field
|
88 | */
|
89 | organizationUnit?: string | undefined;
|
90 | /**
|
91 | * CSR common name field, defaults to 'localhost'
|
92 | */
|
93 | commonName?: string | undefined;
|
94 | /**
|
95 | * CSR email address field
|
96 | */
|
97 | emailAddress?: string | undefined;
|
98 | /**
|
99 | * CSR config file
|
100 | */
|
101 | csrConfigFile?: string | undefined;
|
102 | /**
|
103 | * A list of subjectAltNames in the subjectAltName field
|
104 | */
|
105 | altNames?: string[] | undefined;
|
106 | }
|
107 |
|
108 | export interface CertificateCreationOptions extends CSRCreationOptions {
|
109 | /**
|
110 | * Private key for signing the certificate, if not defined a new one is generated
|
111 | */
|
112 | serviceKey?: string | undefined;
|
113 | /**
|
114 | * Password of the service key
|
115 | */
|
116 | serviceKeyPassword?: string | undefined;
|
117 | serviceCertificate?: any;
|
118 | serial?: any;
|
119 | /**
|
120 | * If set to true and serviceKey is not defined, use clientKey for signing
|
121 | */
|
122 | selfSigned?: boolean | undefined;
|
123 | /**
|
124 | * CSR for the certificate, if not defined a new one is generated from the provided parameters
|
125 | */
|
126 | csr?: string | undefined;
|
127 | /**
|
128 | * Certificate expire time in days, defaults to 365
|
129 | */
|
130 | days?: number | undefined;
|
131 | /**
|
132 | * Password of the client key
|
133 | */
|
134 | clientKeyPassword?: string | undefined;
|
135 | /**
|
136 | * extension config file - without '-extensions v3_req'
|
137 | */
|
138 | extFile?: string | undefined;
|
139 | /**
|
140 | * extension config file - with '-extensions v3_req'
|
141 | */
|
142 | config?: string | undefined;
|
143 | }
|
144 |
|
145 | export interface CertificateCreationResult {
|
146 | certificate: any;
|
147 | csr: string;
|
148 | clientKey: string;
|
149 | serviceKey: string;
|
150 | }
|
151 |
|
152 | export interface CertificateSubjectReadResult {
|
153 | country: string;
|
154 | state: string;
|
155 | locality: string;
|
156 | organization: string;
|
157 | organizationUnit: string;
|
158 | commonName: string;
|
159 | emailAddress: string;
|
160 | }
|
161 |
|
162 | export interface Pkcs12ReadResult {
|
163 | key: string;
|
164 | cert: string;
|
165 | ca: string[];
|
166 | }
|
167 |
|
168 | export type Callback<T> = (error: any, result: T) => any;
|
169 |
|
170 | /**
|
171 | * Creates a private key
|
172 | *
|
173 | * @param [keyBitsize=2048] Size of the key, defaults to 2048bit (can also be a function)
|
174 | * @param [options] private key encryption settings, defaults to empty object (no enryption)
|
175 | * @param callback Callback function with an error object and {key}
|
176 | */
|
177 | export function createPrivateKey(
|
178 | keyBitsize: number,
|
179 | options: PrivateKeyCreationOptions,
|
180 | callback: Callback<{ key: string }>,
|
181 | ): void;
|
182 | export function createPrivateKey(
|
183 | optionsOrKeyBitsize: number | PrivateKeyCreationOptions,
|
184 | callback: Callback<{ key: string }>,
|
185 | ): void;
|
186 | export function createPrivateKey(callback: Callback<{ key: string }>): void;
|
187 |
|
188 | /**
|
189 | * Creates a dhparam key
|
190 | *
|
191 | * @param [keyBitsize=512] Size of the key, defaults to 512bit
|
192 | * @param callback Callback function with an error object and {dhparam}
|
193 | */
|
194 | export function createDhparam(keyBitsize: number, callback: Callback<{ dhparam: string }>): void;
|
195 | export function createDhparam(callback: Callback<{ dhparam: string }>): void;
|
196 |
|
197 | /**
|
198 | * Creates a ecparam key
|
199 | *
|
200 | * @param [keyName=secp256k1] Name of the key, defaults to secp256k1
|
201 | * @param [paramEnc=explicit] Encoding of the elliptic curve parameters, defaults to explicit
|
202 | * @param [noOut=false] This option inhibits the output of the encoded version of the parameters.
|
203 | * @param callback Callback function with an error object and {ecparam}
|
204 | */
|
205 | export function createEcparam(keyName: string, paramEnc: string, noOut: boolean, callback: Callback<{ ecparam: string }>): void;
|
206 | export function createEcparam(callback: Callback<{ ecparam: string }>): void;
|
207 |
|
208 | /**
|
209 | * Creates a Certificate Signing Request
|
210 | *
|
211 | * If options.clientKey is undefined, a new key is created automatically. The used key is included
|
212 | * in the callback return as clientKey
|
213 | *
|
214 | * @param [options] Optional options object
|
215 | * @param callback Callback function with an error object and {csr, clientKey}
|
216 | */
|
217 | export function createCSR(options: CSRCreationOptions, callback: Callback<{ csr: string; clientKey: string }>): void;
|
218 | export function createCSR(callback: Callback<{ csr: string; clientKey: string }>): void;
|
219 |
|
220 | /**
|
221 | * Creates a certificate based on a CSR. If CSR is not defined, a new one
|
222 | * will be generated automatically. For CSR generation all the options values
|
223 | * can be used as with createCSR.
|
224 | *
|
225 | * @param [CertificateCreationOptions] Optional options object
|
226 | * @param callback Callback function with an error object and {certificate, csr, clientKey, serviceKey}
|
227 | */
|
228 | export function createCertificate(
|
229 | options: CertificateCreationOptions,
|
230 | callback: Callback<CertificateCreationResult>,
|
231 | ): void;
|
232 | export function createCertificate(callback: Callback<CertificateCreationResult>): void;
|
233 |
|
234 | /**
|
235 | * Reads subject data from a certificate or a CSR
|
236 | *
|
237 | * @param certificate PEM encoded CSR or certificate
|
238 | * @param callback Callback function with an error object and {country, state, locality, organization, organizationUnit, commonName, emailAddress}
|
239 | */
|
240 | export function readCertificateInfo(certificate: string, callback: Callback<CertificateSubjectReadResult>): void;
|
241 | export function readCertificateInfo(callback: Callback<CertificateSubjectReadResult>): void;
|
242 |
|
243 | /**
|
244 | * Exports a public key from a private key, CSR or certificate
|
245 | *
|
246 | * @param certificate PEM encoded private key, CSR or certificate
|
247 | * @param callback Callback function with an error object and {publicKey}
|
248 | */
|
249 | export function getPublicKey(certificate: string, callback: Callback<{ publicKey: string }>): void;
|
250 | export function getPublicKey(callback: Callback<{ publicKey: string }>): void;
|
251 |
|
252 | /**
|
253 | * Gets the fingerprint for a certificate
|
254 | *
|
255 | * @param certificate PEM encoded certificate
|
256 | * @param hash Hash function to use (either md5 sha1 or sha256, defaults to sha256)
|
257 | * @param callback Callback function with an error object and {fingerprint}
|
258 | */
|
259 | export function getFingerprint(
|
260 | certificate: string,
|
261 | hash: HashFunction,
|
262 | callback: Callback<{ fingerprint: string }>,
|
263 | ): void;
|
264 | export function getFingerprint(certificate: string, callback: Callback<{ fingerprint: string }>): void;
|
265 | export function getFingerprint(callback: Callback<{ fingerprint: string }>): void;
|
266 |
|
267 | /**
|
268 | * Gets the modulus from a certificate, a CSR or a private key
|
269 | *
|
270 | * @param certificate PEM encoded, CSR PEM encoded, or private key
|
271 | * @param password password for the certificate
|
272 | * @param callback Callback function with an error object and {modulus}
|
273 | */
|
274 | export function getModulus(certificate: string, password: string, callback: Callback<{ modulus: any }>): void;
|
275 | export function getModulus(certificate: string, callback: Callback<{ modulus: any }>): void;
|
276 |
|
277 | /**
|
278 | * Gets the size and prime of DH parameters
|
279 | *
|
280 | * @param dh DH parameters PEM encoded
|
281 | * @param callback Callback function with an error object and {size, prime}
|
282 | */
|
283 | export function getDhparamInfo(dh: string, callback: Callback<{ size: any; prime: any }>): void;
|
284 |
|
285 | /**
|
286 | * Exports private key and certificate to a PKCS12 keystore
|
287 | *
|
288 | * @param key PEM encoded private key
|
289 | * @param certificate PEM encoded certificate
|
290 | * @param password Password of the result PKCS12 file
|
291 | * @param [options] object of cipher and optional client key password {cipher:'aes128', clientKeyPassword: 'xxx'}
|
292 | * @param callback Callback function with an error object and {pkcs12}
|
293 | */
|
294 | export function createPkcs12(
|
295 | key: string,
|
296 | certificate: string,
|
297 | password: string,
|
298 | options: Pkcs12CreationOptions,
|
299 | callback: Callback<{ pkcs12: any }>,
|
300 | ): void;
|
301 | export function createPkcs12(
|
302 | key: string,
|
303 | certificate: string,
|
304 | password: string,
|
305 | callback: Callback<{ pkcs12: any }>,
|
306 | ): void;
|
307 |
|
308 | /**
|
309 | * Reads private key and certificate from a PKCS12 keystore
|
310 | * @param callback Callback function with an error object and {pkcs12}
|
311 | * @returns the result of the callback
|
312 | */
|
313 | export function readPkcs12(
|
314 | bufferOrPath: Buffer | string,
|
315 | options: Pkcs12ReadOptions,
|
316 | callback: Callback<Pkcs12ReadResult>,
|
317 | ): any;
|
318 | export function readPkcs12(bufferOrPath: Buffer | string, callback: Callback<Pkcs12ReadResult>): any;
|
319 |
|
320 | /**
|
321 | * Verifies the signing chain of the passed certificate
|
322 | *
|
323 | * @param certificate PEM encoded certificate
|
324 | * @param ca List of CA certificates
|
325 | * @param callback Callback function with an error object and a boolean valid
|
326 | */
|
327 | export function verifySigningChain(certificate: string, ca: string[], callback: Callback<boolean>): void;
|
328 |
|
329 | /**
|
330 | * Check a certificate
|
331 | *
|
332 | * @param certificate PEM encoded certificate
|
333 | * @param [passphrase] password for the certificate
|
334 | * @param callback Callback function with an error object and a boolean valid
|
335 | */
|
336 | export function checkCertificate(certificate: string, passphrase: string, callback: Callback<boolean>): void;
|
337 | export function checkCertificate(certificate: string, callback: Callback<boolean>): void;
|
338 |
|
339 | /**
|
340 | * check a PKCS#12 file (.pfx or.p12)
|
341 | *
|
342 | * @param bufferOrPath PKCS#12 certificate
|
343 | * @param [passphrase] optional passphrase which will be used to open the keystore
|
344 | * @param callback Callback function with an error object and a boolean valid
|
345 | */
|
346 | export function checkPkcs12(bufferOrPath: Buffer | string, passphrase: string, callback: Callback<boolean>): void;
|
347 | export function checkPkcs12(bufferOrPath: Buffer | string, callback: Callback<boolean>): void;
|
348 |
|
349 | /**
|
350 | * config the pem module
|
351 | */
|
352 | export function config(options: ModuleConfiguration): void;
|
353 |
|
354 | export namespace promisified {
|
355 | /**
|
356 | * Creates a private key
|
357 | *
|
358 | * @param [keyBitsize=2048] Size of the key, defaults to 2048bit (can also be a function)
|
359 | * @param [options] private key encryption settings, defaults to empty object (no enryption)
|
360 | * @returns
|
361 | */
|
362 | function createPrivateKey(keyBitsize: number, options: PrivateKeyCreationOptions): Promise<{ key: string }>;
|
363 | function createPrivateKey(optionsOrKeyBitsize?: number | PrivateKeyCreationOptions): Promise<{ key: string }>;
|
364 |
|
365 | /**
|
366 | * Creates a dhparam key
|
367 | *
|
368 | * @param [keyBitsize=512] Size of the key, defaults to 512bit
|
369 | * @returns
|
370 | */
|
371 | function createDhparam(keyBitsize?: number): Promise<{ dhparam: string }>;
|
372 |
|
373 | /**
|
374 | * Creates a ecparam key
|
375 | *
|
376 | * @param [keyName=secp256k1] Name of the key, defaults to secp256k1
|
377 | * @param [paramEnc=explicit] Encoding of the elliptic curve parameters, defaults to explicit
|
378 | * @param [noOut=false] This option inhibits the output of the encoded version of the parameters.
|
379 | * @returns
|
380 | */
|
381 | function createEcparam(keyName?: string, paramEnc?: string, noOut?: boolean): Promise<{ ecparam: string }>;
|
382 |
|
383 | /**
|
384 | * Creates a Certificate Signing Request
|
385 | *
|
386 | * If options.clientKey is undefined, a new key is created automatically. The used key is included
|
387 | * in the callback return as clientKey
|
388 | *
|
389 | * @param [options] Optional options object
|
390 | * @returns
|
391 | */
|
392 | function createCSR(options?: CSRCreationOptions): Promise<{ csr: string; clientKey: string }>;
|
393 |
|
394 | /**
|
395 | * Creates a certificate based on a CSR. If CSR is not defined, a new one
|
396 | * will be generated automatically. For CSR generation all the options values
|
397 | * can be used as with createCSR.
|
398 | *
|
399 | * @param [CertificateCreationOptions] Optional options object
|
400 | * @returns
|
401 | */
|
402 | function createCertificate(options?: CertificateCreationOptions): Promise<CertificateCreationResult>;
|
403 |
|
404 | /**
|
405 | * Reads subject data from a certificate or a CSR
|
406 | *
|
407 | * @param certificate PEM encoded CSR or certificate
|
408 | * @returns
|
409 | */
|
410 | function readCertificateInfo(certificate: string): Promise<CertificateSubjectReadResult>;
|
411 |
|
412 | /**
|
413 | * Exports a public key from a private key, CSR or certificate
|
414 | *
|
415 | * @param certificate PEM encoded private key, CSR or certificate
|
416 | * @returns
|
417 | */
|
418 | function getPublicKey(certificate: string): Promise<{ publicKey: string }>;
|
419 |
|
420 | /**
|
421 | * Gets the fingerprint for a certificate
|
422 | *
|
423 | * @param certificate PEM encoded certificate
|
424 | * @param hash Hash function to use (either md5 sha1 or sha256, defaults to sha256)
|
425 | * @returns
|
426 | */
|
427 | function getFingerprint(
|
428 | certificate: string | Buffer | DataView | TypedArray,
|
429 | hash?: HashFunction,
|
430 | ): Promise<{ fingerprint: string }>;
|
431 |
|
432 | /**
|
433 | * Gets the modulus from a certificate, a CSR or a private key
|
434 | *
|
435 | * @param certificate PEM encoded, CSR PEM encoded, or private key
|
436 | * @param password password for the certificate
|
437 | * @returns
|
438 | */
|
439 | function getModulus(certificate: string, password?: string): Promise<{ modulus: any }>;
|
440 |
|
441 | /**
|
442 | * Gets the size and prime of DH parameters
|
443 | *
|
444 | * @param dh DH parameters PEM encoded
|
445 | * @returns
|
446 | */
|
447 | function getDhparamInfo(dh: string): Promise<{ size: any; prime: any }>;
|
448 |
|
449 | /**
|
450 | * Exports private key and certificate to a PKCS12 keystore
|
451 | *
|
452 | * @param key PEM encoded private key
|
453 | * @param certificate PEM encoded certificate
|
454 | * @param password Password of the result PKCS12 file
|
455 | * @param [options] object of cipher and optional client key password {cipher:'aes128', clientKeyPassword: 'xxx'}
|
456 | * @returns
|
457 | */
|
458 | function createPkcs12(
|
459 | key: string,
|
460 | certificate: string,
|
461 | password: string,
|
462 | options?: Pkcs12CreationOptions,
|
463 | ): Promise<{ pkcs12: any }>;
|
464 |
|
465 | /**
|
466 | * Reads private key and certificate from a PKCS12 keystore
|
467 | * @returns
|
468 | */
|
469 | function readPkcs12(bufferOrPath: Buffer | string, options?: Pkcs12ReadOptions): Promise<Pkcs12ReadResult>;
|
470 |
|
471 | /**
|
472 | * Check a certificate
|
473 | *
|
474 | * @param certificate PEM encoded certificate
|
475 | * @param [passphrase] password for the certificate
|
476 | * @returns
|
477 | */
|
478 | function checkCertificate(certificate: string, passphrase?: string): Promise<boolean>;
|
479 |
|
480 | /**
|
481 | * check a PKCS#12 file (.pfx or.p12)
|
482 | *
|
483 | * @param bufferOrPath PKCS#12 certificate
|
484 | * @param [passphrase] optional passphrase which will be used to open the keystore
|
485 | * @param callback Callback function with an error object and a boolean valid
|
486 | */
|
487 | function checkPkcs12(bufferOrPath: Buffer | string, passphrase?: string): Promise<boolean>;
|
488 |
|
489 | /**
|
490 | * Verifies the signing chain of the passed certificate
|
491 | *
|
492 | * @param certificate PEM encoded certificate
|
493 | * @param ca List of CA certificates
|
494 | * @returns
|
495 | */
|
496 | function verifySigningChain(certificate: string, ca: string[]): Promise<boolean>;
|
497 | }
|