/**
* @packageDocumentation
* Utilities for safely generating locally-trusted and machine-specific X.509 certificates for local development
*/
///
/**
* The CA public key as a buffer
* @public
*/
export declare interface CaBuffer {
/** CA public key */
ca: Buffer;
}
/**
* The cert authority's path on disk
* @public
*/
export declare interface CaPath {
/** CA cert path on disk */
caPath: string;
}
/**
* Request an SSL certificate for the given app name signed by the devcert root
* certificate authority. If devcert has previously generated a certificate for
* that app name on this machine, it will reuse that certificate.
*
* If this is the first time devcert is being run on this machine, it will
* generate and attempt to install a root certificate authority.
*
* If `options.getCaBuffer` is true, return value will include the ca certificate data
* as \{ ca: Buffer \}
*
* If `options.getCaPath` is true, return value will include the ca certificate path
* as \{ caPath: string \}
*
* @public
* @param commonName - common name for certificate
* @param alternativeNames - alternate names for the certificate
* @param options - cert generation options
* @param partialCertOptions - certificate options
*/
export declare function certificateFor>(commonName: string, alternativeNames: string[], options?: O, partialCertOptions?: CO): Promise>;
/**
* {@inheritdoc (certificateFor:1)}
* @public
*/
export declare function certificateFor>(commonName: string, options?: O, partialCertOptions?: CO): Promise>;
/**
* Certificate options
* @public
*/
export declare interface CertOptions {
/** Number of days before the CA expires */
caCertExpiry: number;
/** Number of days before the domain certificate expires */
domainCertExpiry: number;
}
/**
* Closes the remote server
* @param hostname - hostname of the remote machine
* @param port - port to connect the remote machine
*
* @public
*/
export declare function closeRemoteServer(hostname: string, port: number): Promise;
/* Excluded from this release type: configuredDomains */
/**
* Domain cert public and private keys as buffers
* @public
*/
export declare interface DomainData {
/** private key */
key: Buffer;
/** public key (cert) */
cert: Buffer;
}
/* Excluded from this release type: getCertExpirationInfo */
/**
* Returns the remote box's certificate
* @param hostname - hostname of the remote machine
* @param port - port to connect the remote machine
*
* @public
*/
export declare function getRemoteCertificate(hostname: string, port: number): Promise;
/**
* Check whether a certificate with a given common_name has been installed
*
* @public
* @param commonName - commonName of certificate whose existence is being checked
*/
export declare function hasCertificateFor(commonName: string): boolean;
/**
* A return value containing the CA public key
* @public
*/
export declare type IReturnCa = O['getCaBuffer'] extends true ? CaBuffer : false;
/**
* A return value containing the CA path on disk
* @public
*/
export declare type IReturnCaPath = O['getCaPath'] extends true ? CaPath : false;
/**
* A return value containing the CA public key, CA path on disk, and domain cert info
* @public
*/
export declare type IReturnData = DomainData & IReturnCa & IReturnCaPath;
/**
* An interface that allows consuming apps to display logging on their side by
* passing in the logging mechanism of their choice
* @public
*/
export declare interface Logger {
/**
* info logging
*/
log: typeof console.log;
/**
* warn logging
*/
warn: typeof console.warn;
/**
* error logging
*/
error: typeof console.error;
}
/**
* Cert generation options
*
* @public
*/
export declare interface Options {
/** Return the CA certificate data? */
getCaBuffer?: boolean;
/** Return the path to the CA certificate? */
getCaPath?: boolean;
/** If `certutil` is not installed already (for updating nss databases; e.g. firefox), do not attempt to install it */
skipCertutilInstall?: boolean;
/** Do not update your systems host file with the domain name of the certificate */
skipHostsFile?: boolean;
/** User interface hooks */
ui?: UserInterface;
/** Number of business days before domain cert expiry before automatic revoke and renew */
renewalBufferInBusinessDays?: number;
}
/**
* Remove a certificate and revoke it from the OpenSSL cert database
* @public
* @param commonName - commonName of cert to remove
*/
export declare function removeAndRevokeDomainCert(commonName: string): Promise;
/**
* Remove a certificate
* @public
* @param commonName - commonName of cert to remove
* @deprecated please use {@link removeAndRevokeDomainCert | removeAndRevokeDomainCert} to ensure that the OpenSSL cert removal is handled properly
*/
export declare function removeDomain(commonName: string): void;
/* Excluded from this release type: _trustCertsOnRemote */
/**
* Trust the remote hosts's certificate on local machine.
* This function would ssh into the remote host, get the certificate
* and trust the local machine from where this function is getting called from.
* @public
* @param hostname - hostname of the remote machine
* @param certPath - file path to store the cert
* @param TrustRemoteOptions - TrustRemoteOptions options
*/
export declare function trustRemoteMachine(hostname: string, certPath: string, { port, useLocalhostForRemote, renewalBufferInBusinessDays, logger }?: Partial): Promise<{
mustRenew: boolean;
}>;
/* Excluded from this release type: _trustRemoteMachine */
/**
* Remote certificate trust options
*
* @public
*/
export declare interface TrustRemoteOptions {
/**
* port number for the remote server.
*/
port: number;
/**
* use localhost for connecting to remote server
*/
useLocalhostForRemote: boolean;
/**
* remaining business days validity.
*/
renewalBufferInBusinessDays: number;
/**
* Logger interface to suppport logging mechanism on the onsumer side.
*/
logger?: Logger;
/**
* function to close the remote server.
*/
closeRemoteFunc: typeof closeRemoteServer;
}
/**
* Remove as much of the devcert files and state as we can. This is necessary
* when generating a new root certificate, and should be available to API
* consumers as well.
*
* Not all of it will be removable. If certutil is not installed, we'll leave
* Firefox alone. We try to remove files with maximum permissions, and if that
* fails, we'll silently fail.
*
* It's also possible that the command to untrust will not work, and we'll
* silently fail that as well; with no existing certificates anymore, the
* security exposure there is minimal.
*
* @public
*/
export declare function uninstall(): void;
/**
* Untrust the certificate for a given file path.
* @public
* @param filePath - file path of the cert
*/
export declare function untrustMachineByCertificate(certPath: string): void;
/**
* A representation of several parts of the local system that the user interacts with
* @public
*/
export declare interface UserInterface {
/** Get the disk encryption password (windows only) */
getWindowsEncryptionPassword(): string | Promise;
/** Deliver a warning to the user without using certutil (linux only) */
warnChromeOnLinuxWithoutCertutil(): void | Promise;
/** Close firefox */
closeFirefoxBeforeContinuing(): void | Promise;
/** Begin the process of approving a cert through firefix */
startFirefoxWizard(certificateHost: string): void | Promise;
/** Load the cert approval page in the user's local firefox */
firefoxWizardPromptPage(certificateURL: string): string | Promise;
/** Wait for the user to complete the firefox cert approval wizard */
waitForFirefoxWizard(): void | Promise;
}
export { }