aws-crt

/// <reference types="node" /> import { NativeResource } from "./native_resource"; import { TlsVersion, SocketType, SocketDomain } from '../common/io'; import { Readable } from 'stream'; export { TlsVersion, SocketType, SocketDomain } from '../common/io'; /** * Convert a native error code into a human-readable string * @param error_code - An error code returned from a native API call, or delivered * via callback. * @see CrtError * * nodejs only. */ export declare function error_code_to_string(error_code: number): string; /** * Convert a native error code into a human-readable identifier * @param error_code - An error code returned from a native API call, or delivered * via callback. * @see CrtError * * nodejs only. */ export declare function error_code_to_name(error_code: number): string; /** The amount of detail that will be logged */ export declare enum LogLevel { /** No logging whatsoever. Equivalent to never calling {@link enable_logging}. */ NONE = 0, /** Only fatals. In practice, this will not do much, as the process will log and then crash (intentionally) if a fatal condition occurs */ FATAL = 1, /** Only errors */ ERROR = 2, /** Only warnings and errors */ WARN = 3, /** Information about connection/stream creation/destruction events */ INFO = 4, /** Enough information to debug the chain of events a given network connection encounters */ DEBUG = 5, /** Everything. Only use this if you really need to know EVERY single call */ TRACE = 6 } /** * Enables logging of the native AWS CRT libraries. * @param level - The logging level to filter to. It is not possible to log less than WARN. * * nodejs only. */ export declare function enable_logging(level: LogLevel): void; /** * Returns true if ALPN is available on this platform natively * @return true if ALPN is supported natively, false otherwise * nodejs only. */ export declare function is_alpn_available(): boolean; /** * Wraps a {@link Readable} for reading by native code, used to stream * data into the AWS CRT libraries. */ export declare class InputStream extends NativeResource { private source; constructor(source: Readable); } /** * Represents native resources required to bootstrap a client connection * Things like a host resolver, event loop group, etc. There should only need * to be 1 of these per application, in most cases. * * nodejs only. */ export declare class ClientBootstrap extends NativeResource { constructor(); } /** * Standard Berkeley socket style options. * * nodejs only. */ export declare class SocketOptions extends NativeResource { constructor(type?: SocketType, domain?: SocketDomain, connect_timeout_ms?: number, keepalive?: boolean, keep_alive_interval_sec?: number, keep_alive_timeout_sec?: number, keep_alive_max_failed_probes?: number); } /** * Options for creating a {@link ClientTlsContext} or {@link ServerTlsContext}. * * nodejs only. */ export declare class TlsContextOptions { /** Minimum version of TLS to support. Uses OS/system default if unspecified. */ min_tls_version: TlsVersion; /** Path to a single file with all trust anchors in it, in PEM format */ ca_filepath?: string; /** Path to directory containing trust anchors. Only used on Unix-style systems. */ ca_dirpath?: string; /** String with all trust anchors in it, in PEM format */ certificate_authority?: string; /** List of ALPN protocols to be used on platforms which support ALPN */ alpn_list: string[]; /** Path to certificate, in PEM format */ certificate_filepath?: string; /** Certificate, in PEM format */ certificate?: string; /** Path to private key, in PEM format */ private_key_filepath?: string; /** Private key, in PEM format */ private_key?: string; /** Path to certificate, in PKCS#12 format. Currently, only supported on OSX */ pkcs12_filepath?: string; /** Password for PKCS#12. Currently, only supported on OSX. */ pkcs12_password?: string; /** * In client mode, this turns off x.509 validation. Don't do this unless you are testing. * It is much better to just override the default trust store and pass the self-signed * certificate as the ca_file argument. * * In server mode, this defaults to false. If you want to enforce mutual TLS on the server, * set this to true. */ verify_peer: boolean; /** * Overrides the default system trust store. * @param ca_dirpath - Only used on Unix-style systems where all trust anchors are * stored in a directory (e.g. /etc/ssl/certs). * @param ca_filepath - Single file containing all trust CAs, in PEM format */ override_default_trust_store_from_path(ca_dirpath?: string, ca_filepath?: string): void; /** * Overrides the default system trust store. * @param certificate_authority - String containing all trust CAs, in PEM format */ override_default_trust_store(certificate_authority: string): void; /** * Creates a client with secure-by-default options, along with a client cert and private key * @param certificate - Client certificate, in PEM format * @param private_key - Client private key, in PEM format */ static create_client_with_mtls(certificate: string, private_key: string): TlsContextOptions; /** * Creates a client with secure-by-default options, along with a client cert and private key * @param certificate_filepath - Path to client certificate, in PEM format * @param private_key_filepath - Path to private key, in PEM format */ static create_client_with_mtls_from_path(certificate_filepath: string, private_key_filepath: string): TlsContextOptions; /** * Creates a TLS context with secure-by-default options, along with a client cert and password * @param pkcs12_filepath - Path to client certificate in PKCS#12 format * @param pkcs12_password - PKCS#12 password */ static create_client_with_mtls_pkcs_from_path(pkcs12_filepath: string, pkcs12_password: string): TlsContextOptions; /** * Creates TLS context with peer verification disabled, along with a certificate and private key * @param certificate_filepath - Path to certificate, in PEM format * @param private_key_filepath - Path to private key, in PEM format * */ static create_server_with_mtls_from_path(certificate_filepath: string, private_key_filepath: string): TlsContextOptions; /** * Creates TLS context with peer verification disabled, along with a certificate and private key * in PKCS#12 format * @param pkcs12_filepath - Path to certificate, in PKCS#12 format * @param pkcs12_password - PKCS#12 Password * */ static create_server_with_mtls_pkcs_from_path(pkcs12_filepath: string, pkcs12_password: string): TlsContextOptions; } /** * TLS context used for client/server TLS communications over sockets. * * @see ClientTlsContext * @see ServerTlsContext * * nodejs only. */ export declare abstract class TlsContext extends NativeResource { constructor(ctx_opt: TlsContextOptions); } /** * TLS context used for client TLS communications over sockets. If no * options are supplied, the context will default to enabling peer verification * only. * * nodejs only. */ export declare class ClientTlsContext extends TlsContext { constructor(ctx_opt?: TlsContextOptions); } /** * TLS context used for server TLS communications over sockets. If no * options are supplied, the context will default to disabling peer verification * only. * * nodejs only. */ export declare class ServerTlsContext extends TlsContext { constructor(ctx_opt?: TlsContextOptions); } /** * TLS options that are unique to a given connection using a shared TlsContext. * * nodejs only. */ export declare class TlsConnectionOptions extends NativeResource { readonly tls_ctx: TlsContext; readonly server_name?: string | undefined; readonly alpn_list: string[]; constructor(tls_ctx: TlsContext, server_name?: string | undefined, alpn_list?: string[]); }