| 1 | /// <reference types="node" />
|
| 2 |
|
| 3 | export {};
|
| 4 |
|
| 5 | type TypedArray =
|
| 6 | | Int8Array
|
| 7 | | Uint8Array
|
| 8 | | Uint8ClampedArray
|
| 9 | | Int16Array
|
| 10 | | Uint16Array
|
| 11 | | Int32Array
|
| 12 | | Uint32Array
|
| 13 | | Float32Array
|
| 14 | | Float64Array;
|
| 15 |
|
| 16 | export interface ModuleConfiguration {
|
| 17 | /**
|
| 18 | * Path to OpenSSL binaries
|
| 19 | */
|
| 20 | pathOpenSSL: string;
|
| 21 | }
|
| 22 |
|
| 23 | export type PrivateKeyCipher =
|
| 24 | | "aes128"
|
| 25 | | "aes192"
|
| 26 | | "aes256"
|
| 27 | | "camellia128"
|
| 28 | | "camellia192"
|
| 29 | | "camellia256"
|
| 30 | | "des"
|
| 31 | | "des3"
|
| 32 | | "idea"
|
| 33 | | string; // allow for additions in future
|
| 34 |
|
| 35 | export interface PrivateKeyCreationOptions {
|
| 36 | cipher: PrivateKeyCipher;
|
| 37 | password: string;
|
| 38 | }
|
| 39 |
|
| 40 | export interface Pkcs12CreationOptions {
|
| 41 | cipher?: PrivateKeyCipher | undefined;
|
| 42 | clientKeyPassword?: string | undefined;
|
| 43 | certFiles?: string[] | undefined;
|
| 44 | }
|
| 45 |
|
| 46 | export interface Pkcs12ReadOptions {
|
| 47 | p12Password?: string | undefined;
|
| 48 | clientKeyPassword?: string | undefined;
|
| 49 | }
|
| 50 |
|
| 51 | export type HashFunction = "md5" | "sha1" | "sha256" | string;
|
| 52 | export interface CSRCreationOptions {
|
| 53 | /**
|
| 54 | * Optional client key to use
|
| 55 | */
|
| 56 | clientKey?: string | undefined;
|
| 57 | clientKeyPassword?: string | undefined;
|
| 58 | /**
|
| 59 | * If clientKey is undefined, bit size to use for generating a new key (defaults to 2048)
|
| 60 | */
|
| 61 | keyBitsize?: number | undefined;
|
| 62 | /**
|
| 63 | * Hash function to use, defaults to sha256
|
| 64 | */
|
| 65 | hash?: HashFunction | undefined;
|
| 66 | /**
|
| 67 | * CSR country field
|
| 68 | */
|
| 69 | country?: string | undefined;
|
| 70 | /**
|
| 71 | * CSR state field
|
| 72 | */
|
| 73 | state?: string | undefined;
|
| 74 | /**
|
| 75 | * CSR locality field
|
| 76 | */
|
| 77 | locality?: string | undefined;
|
| 78 | /**
|
| 79 | * CSR organization field
|
| 80 | */
|
| 81 | organization?: string | undefined;
|
| 82 | /**
|
| 83 | * CSR organizational unit field
|
| 84 | */
|
| 85 | organizationUnit?: string | undefined;
|
| 86 | /**
|
| 87 | * CSR common name field, defaults to 'localhost'
|
| 88 | */
|
| 89 | commonName?: string | undefined;
|
| 90 | /**
|
| 91 | * CSR email address field
|
| 92 | */
|
| 93 | emailAddress?: string | undefined;
|
| 94 | /**
|
| 95 | * CSR config file
|
| 96 | */
|
| 97 | csrConfigFile?: string | undefined;
|
| 98 | /**
|
| 99 | * A list of subjectAltNames in the subjectAltName field
|
| 100 | */
|
| 101 | altNames?: string[] | undefined;
|
| 102 | }
|
| 103 |
|
| 104 | export interface CertificateCreationOptions extends CSRCreationOptions {
|
| 105 | /**
|
| 106 | * Private key for signing the certificate, if not defined a new one is generated
|
| 107 | */
|
| 108 | serviceKey?: string | undefined;
|
| 109 | /**
|
| 110 | * Password of the service key
|
| 111 | */
|
| 112 | serviceKeyPassword?: string | undefined;
|
| 113 | serviceCertificate?: any;
|
| 114 | serial?: any;
|
| 115 | /**
|
| 116 | * If set to true and serviceKey is not defined, use clientKey for signing
|
| 117 | */
|
| 118 | selfSigned?: boolean | undefined;
|
| 119 | /**
|
| 120 | * CSR for the certificate, if not defined a new one is generated from the provided parameters
|
| 121 | */
|
| 122 | csr?: string | undefined;
|
| 123 | /**
|
| 124 | * Certificate expire time in days, defaults to 365
|
| 125 | */
|
| 126 | days?: number | undefined;
|
| 127 | /**
|
| 128 | * Password of the client key
|
| 129 | */
|
| 130 | clientKeyPassword?: string | undefined;
|
| 131 | /**
|
| 132 | * extension config file - without '-extensions v3_req'
|
| 133 | */
|
| 134 | extFile?: string | undefined;
|
| 135 | /**
|
| 136 | * extension config file - with '-extensions v3_req'
|
| 137 | */
|
| 138 | config?: string | undefined;
|
| 139 | }
|
| 140 |
|
| 141 | export interface CertificateCreationResult {
|
| 142 | certificate: any;
|
| 143 | csr: string;
|
| 144 | clientKey: string;
|
| 145 | serviceKey: string;
|
| 146 | }
|
| 147 |
|
| 148 | export interface CertificateSubjectReadResult {
|
| 149 | country: string;
|
| 150 | state: string;
|
| 151 | locality: string;
|
| 152 | organization: string;
|
| 153 | organizationUnit: string;
|
| 154 | commonName: string;
|
| 155 | emailAddress: string;
|
| 156 | }
|
| 157 |
|
| 158 | export interface Pkcs12ReadResult {
|
| 159 | key: string;
|
| 160 | cert: string;
|
| 161 | ca: string[];
|
| 162 | }
|
| 163 |
|
| 164 | export type Callback<T> = (error: any, result: T) => any;
|
| 165 |
|
| 166 | /**
|
| 167 | * Creates a private key
|
| 168 | *
|
| 169 | * @param [keyBitsize=2048] Size of the key, defaults to 2048bit (can also be a function)
|
| 170 | * @param [options] private key encryption settings, defaults to empty object (no enryption)
|
| 171 | * @param callback Callback function with an error object and {key}
|
| 172 | */
|
| 173 | export function createPrivateKey(
|
| 174 | keyBitsize: number,
|
| 175 | options: PrivateKeyCreationOptions,
|
| 176 | callback: Callback<{ key: string }>,
|
| 177 | ): void;
|
| 178 | export function createPrivateKey(
|
| 179 | optionsOrKeyBitsize: number | PrivateKeyCreationOptions,
|
| 180 | callback: Callback<{ key: string }>,
|
| 181 | ): void;
|
| 182 | export function createPrivateKey(callback: Callback<{ key: string }>): void;
|
| 183 |
|
| 184 | /**
|
| 185 | * Creates a dhparam key
|
| 186 | *
|
| 187 | * @param [keyBitsize=512] Size of the key, defaults to 512bit
|
| 188 | * @param callback Callback function with an error object and {dhparam}
|
| 189 | */
|
| 190 | export function createDhparam(keyBitsize: number, callback: Callback<{ dhparam: string }>): void;
|
| 191 | export function createDhparam(callback: Callback<{ dhparam: string }>): void;
|
| 192 |
|
| 193 | /**
|
| 194 | * Creates a ecparam key
|
| 195 | *
|
| 196 | * @param [keyName=secp256k1] Name of the key, defaults to secp256k1
|
| 197 | * @param [paramEnc=explicit] Encoding of the elliptic curve parameters, defaults to explicit
|
| 198 | * @param [noOut=false] This option inhibits the output of the encoded version of the parameters.
|
| 199 | * @param callback Callback function with an error object and {ecparam}
|
| 200 | */
|
| 201 | export function createEcparam(
|
| 202 | keyName: string,
|
| 203 | paramEnc: string,
|
| 204 | noOut: boolean,
|
| 205 | callback: Callback<{ ecparam: string }>,
|
| 206 | ): void;
|
| 207 | export function createEcparam(callback: Callback<{ ecparam: string }>): void;
|
| 208 |
|
| 209 | /**
|
| 210 | * Creates a Certificate Signing Request
|
| 211 | *
|
| 212 | * If options.clientKey is undefined, a new key is created automatically. The used key is included
|
| 213 | * in the callback return as clientKey
|
| 214 | *
|
| 215 | * @param [options] Optional options object
|
| 216 | * @param callback Callback function with an error object and {csr, clientKey}
|
| 217 | */
|
| 218 | export function createCSR(options: CSRCreationOptions, callback: Callback<{ csr: string; clientKey: string }>): void;
|
| 219 | export function createCSR(callback: Callback<{ csr: string; clientKey: string }>): void;
|
| 220 |
|
| 221 | /**
|
| 222 | * Creates a certificate based on a CSR. If CSR is not defined, a new one
|
| 223 | * will be generated automatically. For CSR generation all the options values
|
| 224 | * can be used as with createCSR.
|
| 225 | *
|
| 226 | * @param [CertificateCreationOptions] Optional options object
|
| 227 | * @param callback Callback function with an error object and {certificate, csr, clientKey, serviceKey}
|
| 228 | */
|
| 229 | export function createCertificate(
|
| 230 | options: CertificateCreationOptions,
|
| 231 | callback: Callback<CertificateCreationResult>,
|
| 232 | ): void;
|
| 233 | export function createCertificate(callback: Callback<CertificateCreationResult>): void;
|
| 234 |
|
| 235 | /**
|
| 236 | * Reads subject data from a certificate or a CSR
|
| 237 | *
|
| 238 | * @param certificate PEM encoded CSR or certificate
|
| 239 | * @param callback Callback function with an error object and {country, state, locality, organization, organizationUnit, commonName, emailAddress}
|
| 240 | */
|
| 241 | export function readCertificateInfo(certificate: string, callback: Callback<CertificateSubjectReadResult>): void;
|
| 242 | export function readCertificateInfo(callback: Callback<CertificateSubjectReadResult>): void;
|
| 243 |
|
| 244 | /**
|
| 245 | * Exports a public key from a private key, CSR or certificate
|
| 246 | *
|
| 247 | * @param certificate PEM encoded private key, CSR or certificate
|
| 248 | * @param callback Callback function with an error object and {publicKey}
|
| 249 | */
|
| 250 | export function getPublicKey(certificate: string, callback: Callback<{ publicKey: string }>): void;
|
| 251 | export function getPublicKey(callback: Callback<{ publicKey: string }>): void;
|
| 252 |
|
| 253 | /**
|
| 254 | * Gets the fingerprint for a certificate
|
| 255 | *
|
| 256 | * @param certificate PEM encoded certificate
|
| 257 | * @param hash Hash function to use (either md5 sha1 or sha256, defaults to sha256)
|
| 258 | * @param callback Callback function with an error object and {fingerprint}
|
| 259 | */
|
| 260 | export function getFingerprint(
|
| 261 | certificate: string,
|
| 262 | hash: HashFunction,
|
| 263 | callback: Callback<{ fingerprint: string }>,
|
| 264 | ): void;
|
| 265 | export function getFingerprint(certificate: string, callback: Callback<{ fingerprint: string }>): void;
|
| 266 | export function getFingerprint(callback: Callback<{ fingerprint: string }>): void;
|
| 267 |
|
| 268 | /**
|
| 269 | * Gets the modulus from a certificate, a CSR or a private key
|
| 270 | *
|
| 271 | * @param certificate PEM encoded, CSR PEM encoded, or private key
|
| 272 | * @param password password for the certificate
|
| 273 | * @param callback Callback function with an error object and {modulus}
|
| 274 | */
|
| 275 | export function getModulus(certificate: string, password: string, callback: Callback<{ modulus: any }>): void;
|
| 276 | export function getModulus(certificate: string, callback: Callback<{ modulus: any }>): void;
|
| 277 |
|
| 278 | /**
|
| 279 | * Gets the size and prime of DH parameters
|
| 280 | *
|
| 281 | * @param dh DH parameters PEM encoded
|
| 282 | * @param callback Callback function with an error object and {size, prime}
|
| 283 | */
|
| 284 | export function getDhparamInfo(dh: string, callback: Callback<{ size: any; prime: any }>): void;
|
| 285 |
|
| 286 | /**
|
| 287 | * Exports private key and certificate to a PKCS12 keystore
|
| 288 | *
|
| 289 | * @param key PEM encoded private key
|
| 290 | * @param certificate PEM encoded certificate
|
| 291 | * @param password Password of the result PKCS12 file
|
| 292 | * @param [options] object of cipher and optional client key password {cipher:'aes128', clientKeyPassword: 'xxx'}
|
| 293 | * @param callback Callback function with an error object and {pkcs12}
|
| 294 | */
|
| 295 | export function createPkcs12(
|
| 296 | key: string,
|
| 297 | certificate: string,
|
| 298 | password: string,
|
| 299 | options: Pkcs12CreationOptions,
|
| 300 | callback: Callback<{ pkcs12: any }>,
|
| 301 | ): void;
|
| 302 | export function createPkcs12(
|
| 303 | key: string,
|
| 304 | certificate: string,
|
| 305 | password: string,
|
| 306 | callback: Callback<{ pkcs12: any }>,
|
| 307 | ): void;
|
| 308 |
|
| 309 | /**
|
| 310 | * Reads private key and certificate from a PKCS12 keystore
|
| 311 | * @param callback Callback function with an error object and {pkcs12}
|
| 312 | * @returns the result of the callback
|
| 313 | */
|
| 314 | export function readPkcs12(
|
| 315 | bufferOrPath: Buffer | string,
|
| 316 | options: Pkcs12ReadOptions,
|
| 317 | callback: Callback<Pkcs12ReadResult>,
|
| 318 | ): any;
|
| 319 | export function readPkcs12(bufferOrPath: Buffer | string, callback: Callback<Pkcs12ReadResult>): any;
|
| 320 |
|
| 321 | /**
|
| 322 | * Verifies the signing chain of the passed certificate
|
| 323 | *
|
| 324 | * @param certificate PEM encoded certificate
|
| 325 | * @param ca List of CA certificates
|
| 326 | * @param callback Callback function with an error object and a boolean valid
|
| 327 | */
|
| 328 | export function verifySigningChain(certificate: string, ca: string[], callback: Callback<boolean>): void;
|
| 329 |
|
| 330 | /**
|
| 331 | * Check a certificate
|
| 332 | *
|
| 333 | * @param certificate PEM encoded certificate
|
| 334 | * @param [passphrase] password for the certificate
|
| 335 | * @param callback Callback function with an error object and a boolean valid
|
| 336 | */
|
| 337 | export function checkCertificate(certificate: string, passphrase: string, callback: Callback<boolean>): void;
|
| 338 | export function checkCertificate(certificate: string, callback: Callback<boolean>): void;
|
| 339 |
|
| 340 | /**
|
| 341 | * check a PKCS#12 file (.pfx or.p12)
|
| 342 | *
|
| 343 | * @param bufferOrPath PKCS#12 certificate
|
| 344 | * @param [passphrase] optional passphrase which will be used to open the keystore
|
| 345 | * @param callback Callback function with an error object and a boolean valid
|
| 346 | */
|
| 347 | export function checkPkcs12(bufferOrPath: Buffer | string, passphrase: string, callback: Callback<boolean>): void;
|
| 348 | export function checkPkcs12(bufferOrPath: Buffer | string, callback: Callback<boolean>): void;
|
| 349 |
|
| 350 | /**
|
| 351 | * config the pem module
|
| 352 | */
|
| 353 | export function config(options: ModuleConfiguration): void;
|
| 354 |
|
| 355 | export namespace promisified {
|
| 356 | /**
|
| 357 | * Creates a private key
|
| 358 | *
|
| 359 | * @param [keyBitsize=2048] Size of the key, defaults to 2048bit (can also be a function)
|
| 360 | * @param [options] private key encryption settings, defaults to empty object (no enryption)
|
| 361 | * @returns
|
| 362 | */
|
| 363 | function createPrivateKey(keyBitsize: number, options: PrivateKeyCreationOptions): Promise<{ key: string }>;
|
| 364 | function createPrivateKey(optionsOrKeyBitsize?: number | PrivateKeyCreationOptions): Promise<{ key: string }>;
|
| 365 |
|
| 366 | /**
|
| 367 | * Creates a dhparam key
|
| 368 | *
|
| 369 | * @param [keyBitsize=512] Size of the key, defaults to 512bit
|
| 370 | * @returns
|
| 371 | */
|
| 372 | function createDhparam(keyBitsize?: number): Promise<{ dhparam: string }>;
|
| 373 |
|
| 374 | /**
|
| 375 | * Creates a ecparam key
|
| 376 | *
|
| 377 | * @param [keyName=secp256k1] Name of the key, defaults to secp256k1
|
| 378 | * @param [paramEnc=explicit] Encoding of the elliptic curve parameters, defaults to explicit
|
| 379 | * @param [noOut=false] This option inhibits the output of the encoded version of the parameters.
|
| 380 | * @returns
|
| 381 | */
|
| 382 | function createEcparam(keyName?: string, paramEnc?: string, noOut?: boolean): Promise<{ ecparam: string }>;
|
| 383 |
|
| 384 | /**
|
| 385 | * Creates a Certificate Signing Request
|
| 386 | *
|
| 387 | * If options.clientKey is undefined, a new key is created automatically. The used key is included
|
| 388 | * in the callback return as clientKey
|
| 389 | *
|
| 390 | * @param [options] Optional options object
|
| 391 | * @returns
|
| 392 | */
|
| 393 | function createCSR(options?: CSRCreationOptions): Promise<{ csr: string; clientKey: string }>;
|
| 394 |
|
| 395 | /**
|
| 396 | * Creates a certificate based on a CSR. If CSR is not defined, a new one
|
| 397 | * will be generated automatically. For CSR generation all the options values
|
| 398 | * can be used as with createCSR.
|
| 399 | *
|
| 400 | * @param [CertificateCreationOptions] Optional options object
|
| 401 | * @returns
|
| 402 | */
|
| 403 | function createCertificate(options?: CertificateCreationOptions): Promise<CertificateCreationResult>;
|
| 404 |
|
| 405 | /**
|
| 406 | * Reads subject data from a certificate or a CSR
|
| 407 | *
|
| 408 | * @param certificate PEM encoded CSR or certificate
|
| 409 | * @returns
|
| 410 | */
|
| 411 | function readCertificateInfo(certificate: string): Promise<CertificateSubjectReadResult>;
|
| 412 |
|
| 413 | /**
|
| 414 | * Exports a public key from a private key, CSR or certificate
|
| 415 | *
|
| 416 | * @param certificate PEM encoded private key, CSR or certificate
|
| 417 | * @returns
|
| 418 | */
|
| 419 | function getPublicKey(certificate: string): Promise<{ publicKey: string }>;
|
| 420 |
|
| 421 | /**
|
| 422 | * Gets the fingerprint for a certificate
|
| 423 | *
|
| 424 | * @param certificate PEM encoded certificate
|
| 425 | * @param hash Hash function to use (either md5 sha1 or sha256, defaults to sha256)
|
| 426 | * @returns
|
| 427 | */
|
| 428 | function getFingerprint(
|
| 429 | certificate: string | Buffer | DataView | TypedArray,
|
| 430 | hash?: HashFunction,
|
| 431 | ): Promise<{ fingerprint: string }>;
|
| 432 |
|
| 433 | /**
|
| 434 | * Gets the modulus from a certificate, a CSR or a private key
|
| 435 | *
|
| 436 | * @param certificate PEM encoded, CSR PEM encoded, or private key
|
| 437 | * @param password password for the certificate
|
| 438 | * @returns
|
| 439 | */
|
| 440 | function getModulus(certificate: string, password?: string): Promise<{ modulus: any }>;
|
| 441 |
|
| 442 | /**
|
| 443 | * Gets the size and prime of DH parameters
|
| 444 | *
|
| 445 | * @param dh DH parameters PEM encoded
|
| 446 | * @returns
|
| 447 | */
|
| 448 | function getDhparamInfo(dh: string): Promise<{ size: any; prime: any }>;
|
| 449 |
|
| 450 | /**
|
| 451 | * Exports private key and certificate to a PKCS12 keystore
|
| 452 | *
|
| 453 | * @param key PEM encoded private key
|
| 454 | * @param certificate PEM encoded certificate
|
| 455 | * @param password Password of the result PKCS12 file
|
| 456 | * @param [options] object of cipher and optional client key password {cipher:'aes128', clientKeyPassword: 'xxx'}
|
| 457 | * @returns
|
| 458 | */
|
| 459 | function createPkcs12(
|
| 460 | key: string,
|
| 461 | certificate: string,
|
| 462 | password: string,
|
| 463 | options?: Pkcs12CreationOptions,
|
| 464 | ): Promise<{ pkcs12: any }>;
|
| 465 |
|
| 466 | /**
|
| 467 | * Reads private key and certificate from a PKCS12 keystore
|
| 468 | * @returns
|
| 469 | */
|
| 470 | function readPkcs12(bufferOrPath: Buffer | string, options?: Pkcs12ReadOptions): Promise<Pkcs12ReadResult>;
|
| 471 |
|
| 472 | /**
|
| 473 | * Check a certificate
|
| 474 | *
|
| 475 | * @param certificate PEM encoded certificate
|
| 476 | * @param [passphrase] password for the certificate
|
| 477 | * @returns
|
| 478 | */
|
| 479 | function checkCertificate(certificate: string, passphrase?: string): Promise<boolean>;
|
| 480 |
|
| 481 | /**
|
| 482 | * check a PKCS#12 file (.pfx or.p12)
|
| 483 | *
|
| 484 | * @param bufferOrPath PKCS#12 certificate
|
| 485 | * @param [passphrase] optional passphrase which will be used to open the keystore
|
| 486 | * @param callback Callback function with an error object and a boolean valid
|
| 487 | */
|
| 488 | function checkPkcs12(bufferOrPath: Buffer | string, passphrase?: string): Promise<boolean>;
|
| 489 |
|
| 490 | /**
|
| 491 | * Verifies the signing chain of the passed certificate
|
| 492 | *
|
| 493 | * @param certificate PEM encoded certificate
|
| 494 | * @param ca List of CA certificates
|
| 495 | * @returns
|
| 496 | */
|
| 497 | function verifySigningChain(certificate: string, ca: string[]): Promise<boolean>;
|
| 498 | }
|