@stacksjs/tlsx

/** * Configuration options for TLS certificates. */ export declare interface TlsConfig { hostCertCN: string domain: string domains?: string[] altNameIPs: string[] altNameURIs: string[] validityDays: number organizationName: string countryName: string stateName: string localityName: string commonName: string basePath: string certPath: string keyPath: string caCertPath: string subjectAltNames?: SubjectAltName[] rootCA?: { certificate: string, privateKey: string } keyUsage?: { /** * Digital signature key usage. */ digitalSignature: boolean /** * Content commitment key usage. */ contentCommitment: boolean /** * Key encipherment key usage. */ keyEncipherment: boolean /** * Data encipherment key usage. */ dataEncipherment: boolean /** * Key agreement key usage. */ keyAgreement: boolean /** * Key certificate signing key usage. */ keyCertSign: boolean /** * Certificate revocation list signing key usage. */ cRLSign: boolean /** * Key encipherment key usage. */ encipherOnly: boolean /** * Key decipherment key usage. */ decipherOnly: boolean } extKeyUsage?: { /** * Server authentication key usage. */ serverAuth?: boolean /** * Client authentication key usage. */ clientAuth?: boolean /** * Code signing key usage. */ codeSigning?: boolean /** * Email protection key usage. */ emailProtection?: boolean /** * Time stamping key usage. */ timeStamping?: boolean } basicConstraints?: { /** * Certificate authority (CA) flag. */ cA: boolean /** * Path length constraint. */ pathLenConstraint: number } isCA?: boolean certificateAttributes?: Array<{ shortName: string value: string }> verbose: boolean } /** * Subject Alternative Name */ export declare interface SubjectAltName { type: DnsType | IpType | number value?: string ip?: string } /** * Certificate generation options */ export declare interface CertificateOptions { domain?: string domains?: string[] rootCA?: { certificate: string, privateKey: string } hostCertCN?: string altNameIPs?: string[] altNameURIs?: string[] validityDays?: number organizationName?: string countryName?: string stateName?: string localityName?: string commonName?: string subjectAltNames?: SubjectAltName[] keyUsage?: { /** * Digital signature key usage. * * @default false * @example true */ digitalSignature?: boolean /** * Content commitment key usage. * * @default false * @example true */ contentCommitment?: boolean /** * Key encipherment key usage. * * @default false * @example true */ keyEncipherment?: boolean /** * Data encipherment key usage. * * @default false * @example true */ dataEncipherment?: boolean /** * Key agreement key usage. * * @default false * @example true */ keyAgreement?: boolean /** * Key certificate sign key usage. * * @default false * @example true */ keyCertSign?: boolean /** * CRL sign key usage. * * @default false * @example true */ cRLSign?: boolean /** * Encipher only key usage. * * @default false * @example true */ encipherOnly?: boolean /** * Decipher only key usage. * * @default false * @example true */ decipherOnly?: boolean } extKeyUsage?: { /** * Server authentication key usage. * * @default false * @example true */ serverAuth?: boolean /** * Client authentication key usage. * * @default false * @example true */ clientAuth?: boolean /** * Code signing key usage. * * @default false * @example true */ codeSigning?: boolean /** * Email protection key usage. * * @default false * @example true */ emailProtection?: boolean /** * Time-stamping key usage. * @default false * @example true */ timeStamping?: boolean } basicConstraints?: { /** * CA key usage. * * @default false * @example true */ cA?: boolean /** * Path length constraint key usage. * * @default 0 * @example 2 */ pathLenConstraint?: number } isCA?: boolean certificateAttributes?: Array<{ shortName: string value: string }> verbose?: boolean } /** * Certificate details. */ export declare interface CertDetails { subject: Subject issuer: Issuer validFrom: Date validTo: Date serialNumber: string } /** * Options for adding a certificate. */ export declare interface AddCertOption { customCertPath?: string verbose?: boolean } /** * Certificate details. */ export declare interface Certificate { certificate: string privateKey: string notBefore: Date notAfter: Date } /** * Options for generating a CA certificate. */ export declare interface CAOptions extends TlsOption { validityYears?: number keySize?: number organization?: string organizationalUnit?: string commonName?: string extraAttributes?: Array<{ shortName: string value: string }> } /** * Certificate and private key. */ export declare interface Cert { certificate: string privateKey: string } /** * Basic constraints for a certificate. */ export declare interface BasicConstraintsExtension { name: 'basicConstraints' cA: boolean pathLenConstraint?: number critical: boolean } /** * Key usage for a certificate. */ export declare interface KeyUsageExtension { name: 'keyUsage' critical: boolean digitalSignature?: boolean contentCommitment?: boolean keyEncipherment?: boolean dataEncipherment?: boolean keyAgreement?: boolean keyCertSign?: boolean cRLSign?: boolean encipherOnly?: boolean decipherOnly?: boolean } /** * Extended key usage for a certificate. */ export declare interface ExtKeyUsageExtension { name: 'extKeyUsage' serverAuth?: boolean clientAuth?: boolean codeSigning?: boolean emailProtection?: boolean timeStamping?: boolean } /** * Subject alternative name for a certificate. */ export declare interface SubjectAltNameExtension { name: 'subjectAltName' altNames: SubjectAltName[] } declare type DnsType = 2 declare type IpType = 7 declare type Subject = any declare type Issuer = any /** * TLS configuration options. */ export type TlsOption = DeepPartial<TlsConfig> export type DeepPartial<T> = { [P in keyof T]?: DeepPartial<T[P]> } /** * Path to a certificate file. */ export type CertPath = string /** * Random serial number for a certificate. */ export type RandomSerialNumber = string /** * Certificate extension. */ export type CertificateExtension = | BasicConstraintsExtension | KeyUsageExtension | ExtKeyUsageExtension | SubjectAltNameExtension