1 | // Type definitions for PEM 1.9
|
2 | // Project: https://github.com/dexus/pem
|
3 | // Definitions by: Anthony Trinh <https://github.com/tony19>, Ruslan Arkhipau <https://github.com/DethAriel>
|
4 | // Definitions: https://github.com/DefinitelyTyped/DefinitelyTyped
|
5 | /// <reference types="node" />
|
6 |
|
7 | export interface ModuleConfiguration {
|
8 | /**
|
9 | * Path to OpenSSL binaries
|
10 | */
|
11 | pathOpenSSL: string;
|
12 | }
|
13 |
|
14 | export type PrivateKeyCipher = "aes128" | "aes192" | "aes256" | "camellia128" | "camellia192" | "camellia256" | "des" | "des3" | "idea" | string; // allow for additions in future
|
15 |
|
16 | export interface PrivateKeyCreationOptions {
|
17 | cipher: PrivateKeyCipher;
|
18 | password: string;
|
19 | }
|
20 |
|
21 | export interface Pkcs12CreationOptions {
|
22 | cipher?: PrivateKeyCipher;
|
23 | clientKeyPassword?: string;
|
24 | certFiles?: string[];
|
25 | }
|
26 |
|
27 | export interface Pkcs12ReadOptions {
|
28 | p12Password?: string;
|
29 | clientKeyPassword?: string;
|
30 | }
|
31 |
|
32 | export type HashFunction = 'md5' | 'sha1' | 'sha256' | string;
|
33 | export interface CSRCreationOptions {
|
34 | /**
|
35 | * Optional client key to use
|
36 | */
|
37 | clientKey?: string;
|
38 | clientKeyPassword?: string;
|
39 | /**
|
40 | * If clientKey is undefined, bit size to use for generating a new key (defaults to 2048)
|
41 | */
|
42 | keyBitsize?: number;
|
43 | /**
|
44 | * Hash function to use, defaults to sha256
|
45 | */
|
46 | hash?: HashFunction;
|
47 | /**
|
48 | * CSR country field
|
49 | */
|
50 | country?: string;
|
51 | /**
|
52 | * CSR state field
|
53 | */
|
54 | state?: string;
|
55 | /**
|
56 | * CSR locality field
|
57 | */
|
58 | locality?: string;
|
59 | /**
|
60 | * CSR organization field
|
61 | */
|
62 | organization?: string;
|
63 | /**
|
64 | * CSR organizational unit field
|
65 | */
|
66 | organizationUnit?: string;
|
67 | /**
|
68 | * CSR common name field, defaults to 'localhost'
|
69 | */
|
70 | commonName?: string;
|
71 | /**
|
72 | * CSR email address field
|
73 | */
|
74 | emailAddress?: string;
|
75 | /**
|
76 | * CSR config file
|
77 | */
|
78 | csrConfigFile?: string;
|
79 | /**
|
80 | * A list of subjectAltNames in the subjectAltName field
|
81 | */
|
82 | altNames?: string[];
|
83 | }
|
84 |
|
85 | export interface CertificateCreationOptions extends CSRCreationOptions {
|
86 | /**
|
87 | * Private key for signing the certificate, if not defined a new one is generated
|
88 | */
|
89 | serviceKey?: string;
|
90 | /**
|
91 | * Password of the service key
|
92 | */
|
93 | serviceKeyPassword?: string;
|
94 | serviceCertificate?: any;
|
95 | serial?: any;
|
96 | /**
|
97 | * If set to true and serviceKey is not defined, use clientKey for signing
|
98 | */
|
99 | selfSigned?: boolean;
|
100 | /**
|
101 | * CSR for the certificate, if not defined a new one is generated from the provided parameters
|
102 | */
|
103 | csr?: string;
|
104 | /**
|
105 | * Certificate expire time in days, defaults to 365
|
106 | */
|
107 | days?: number;
|
108 | /**
|
109 | * Password of the client key
|
110 | */
|
111 | clientKeyPassword?: string;
|
112 | /**
|
113 | * extension config file - without '-extensions v3_req'
|
114 | */
|
115 | extFile?: string;
|
116 | /**
|
117 | * extension config file - with '-extensions v3_req'
|
118 | */
|
119 | config?: string;
|
120 | }
|
121 |
|
122 | export interface CertificateCreationResult {
|
123 | certificate: any;
|
124 | csr: string;
|
125 | clientKey: string;
|
126 | serviceKey: string;
|
127 | }
|
128 |
|
129 | export interface CertificateSubjectReadResult {
|
130 | country: string;
|
131 | state: string;
|
132 | locality: string;
|
133 | organization: string;
|
134 | organizationUnit: string;
|
135 | commonName: string;
|
136 | emailAddress: string;
|
137 | }
|
138 |
|
139 | export interface Pkcs12ReadResult {
|
140 | key: string;
|
141 | cert: string;
|
142 | ca: string[];
|
143 | }
|
144 |
|
145 | export type Callback<T> = (error: any, result: T) => any;
|
146 |
|
147 | /**
|
148 | * Creates a private key
|
149 | *
|
150 | * @param [keyBitsize=2048] Size of the key, defaults to 2048bit (can also be a function)
|
151 | * @param [options] private key encryption settings, defaults to empty object (no enryption)
|
152 | * @param callback Callback function with an error object and {key}
|
153 | */
|
154 | export function createPrivateKey(keyBitsize: number, options: PrivateKeyCreationOptions, callback: Callback<{ key: string }>): void;
|
155 | export function createPrivateKey(optionsOrKeyBitsize: number | PrivateKeyCreationOptions, callback: Callback<{ key: string }>): void;
|
156 | export function createPrivateKey(callback: Callback<{ key: string }>): void;
|
157 |
|
158 | /**
|
159 | * Creates a dhparam key
|
160 | *
|
161 | * @param [keyBitsize=512] Size of the key, defaults to 512bit
|
162 | * @param callback Callback function with an error object and {dhparam}
|
163 | */
|
164 | export function createDhparam(keyBitsize: number, callback: Callback<{ dhparam: any }>): void;
|
165 | export function createDhparam(callback: Callback<{ dhparam: any }>): void;
|
166 |
|
167 | /**
|
168 | * Creates a Certificate Signing Request
|
169 | *
|
170 | * If options.clientKey is undefined, a new key is created automatically. The used key is included
|
171 | * in the callback return as clientKey
|
172 | *
|
173 | * @param [options] Optional options object
|
174 | * @param callback Callback function with an error object and {csr, clientKey}
|
175 | */
|
176 | export function createCSR(options: CSRCreationOptions, callback: Callback<{ csr: string, clientKey: string }>): void;
|
177 | export function createCSR(callback: Callback<{ csr: string, clientKey: string }>): void;
|
178 |
|
179 | /**
|
180 | * Creates a certificate based on a CSR. If CSR is not defined, a new one
|
181 | * will be generated automatically. For CSR generation all the options values
|
182 | * can be used as with createCSR.
|
183 | *
|
184 | * @param [CertificateCreationOptions] Optional options object
|
185 | * @param callback Callback function with an error object and {certificate, csr, clientKey, serviceKey}
|
186 | */
|
187 | export function createCertificate(options: CertificateCreationOptions, callback: Callback<CertificateCreationResult>): void;
|
188 | export function createCertificate(callback: Callback<CertificateCreationResult>): void;
|
189 |
|
190 | /**
|
191 | * Reads subject data from a certificate or a CSR
|
192 | *
|
193 | * @param certificate PEM encoded CSR or certificate
|
194 | * @param callback Callback function with an error object and {country, state, locality, organization, organizationUnit, commonName, emailAddress}
|
195 | */
|
196 | export function readCertificateInfo(certificate: string, callback: Callback<CertificateSubjectReadResult>): void;
|
197 | export function readCertificateInfo(callback: Callback<CertificateSubjectReadResult>): void;
|
198 |
|
199 | /**
|
200 | * Exports a public key from a private key, CSR or certificate
|
201 | *
|
202 | * @param certificate PEM encoded private key, CSR or certificate
|
203 | * @param callback Callback function with an error object and {publicKey}
|
204 | */
|
205 | export function getPublicKey(certificate: string, callback: Callback<{ publicKey: string }>): void;
|
206 | export function getPublicKey(callback: Callback<{ publicKey: string }>): void;
|
207 |
|
208 | /**
|
209 | * Gets the fingerprint for a certificate
|
210 | *
|
211 | * @param certificate PEM encoded certificate
|
212 | * @param hash Hash function to use (either md5 sha1 or sha256, defaults to sha256)
|
213 | * @param callback Callback function with an error object and {fingerprint}
|
214 | */
|
215 | export function getFingerprint(certificate: string, hash: HashFunction, callback: Callback<{ fingerprint: string }>): void;
|
216 | export function getFingerprint(certificate: string, callback: Callback<{ fingerprint: string }>): void;
|
217 | export function getFingerprint(callback: Callback<{ fingerprint: string }>): void;
|
218 |
|
219 | /**
|
220 | * Gets the modulus from a certificate, a CSR or a private key
|
221 | *
|
222 | * @param certificate PEM encoded, CSR PEM encoded, or private key
|
223 | * @param password password for the certificate
|
224 | * @param callback Callback function with an error object and {modulus}
|
225 | */
|
226 | export function getModulus(certificate: string, password: string, callback: Callback<{ modulus: any }>): void;
|
227 | export function getModulus(certificate: string, callback: Callback<{ modulus: any }>): void;
|
228 |
|
229 | /**
|
230 | * Gets the size and prime of DH parameters
|
231 | *
|
232 | * @param dh DH parameters PEM encoded
|
233 | * @param callback Callback function with an error object and {size, prime}
|
234 | */
|
235 | export function getDhparamInfo(dh: string, callback: Callback<{ size: any, prime: any }>): void;
|
236 |
|
237 | /**
|
238 | * Exports private key and certificate to a PKCS12 keystore
|
239 | *
|
240 | * @param key PEM encoded private key
|
241 | * @param certificate PEM encoded certificate
|
242 | * @param password Password of the result PKCS12 file
|
243 | * @param [options] object of cipher and optional client key password {cipher:'aes128', clientKeyPassword: 'xxx'}
|
244 | * @param callback Callback function with an error object and {pkcs12}
|
245 | */
|
246 | export function createPkcs12(key: string, certificate: string, password: string, options: Pkcs12CreationOptions, callback: Callback<{ pkcs12: any }>): void;
|
247 | export function createPkcs12(key: string, certificate: string, password: string, callback: Callback<{ pkcs12: any }>): void;
|
248 |
|
249 | /**
|
250 | * Reads private key and certificate from a PKCS12 keystore
|
251 | * @param callback Callback function with an error object and {pkcs12}
|
252 | * @returns the result of the callback
|
253 | */
|
254 | export function readPkcs12(bufferOrPath: Buffer | string, options: Pkcs12ReadOptions, callback: Callback<Pkcs12ReadResult>): any;
|
255 | export function readPkcs12(bufferOrPath: Buffer | string, callback: Callback<Pkcs12ReadResult>): any;
|
256 |
|
257 | /**
|
258 | * Verifies the signing chain of the passed certificate
|
259 | *
|
260 | * @param certificate PEM encoded certificate
|
261 | * @param ca List of CA certificates
|
262 | * @param callback Callback function with an error object and a boolean valid
|
263 | */
|
264 | export function verifySigningChain(certificate: string, ca: string[], callback: Callback<boolean>): void;
|
265 |
|
266 | /**
|
267 | * config the pem module
|
268 | */
|
269 | export function config(options: ModuleConfiguration): void;
|