import type { ReadonlyDeep } from 'type-fest'; import * as Native from './Native.js'; import { CDSRequestOptionsType, CDSResponseType } from './net/CDSI.js'; import { ConnectionEventsListener, UnauthenticatedChatConnection, AuthenticatedChatConnection, ChatServiceListener, ProvisioningConnection, ProvisioningConnectionListener } from './net/Chat.js'; import { RegistrationService } from './net/Registration.js'; import { Svr2 } from './net/Svr2.js'; import { SvrB } from './net/SvrB.js'; export * from './net/CDSI.js'; export * from './net/Chat.js'; export * from './net/chat/AuthMessagesService.js'; export * from './net/chat/UnauthBackupsService.js'; export * from './net/chat/UnauthKeysService.js'; export * from './net/chat/UnauthMessagesService.js'; export * from './net/chat/UnauthProfilesService.js'; export * from './net/chat/UnauthUsernamesService.js'; export * from './net/Registration.js'; export * from './net/Svr2.js'; export * from './net/SvrB.js'; export declare enum Environment { Staging = 0, Production = 1 } /** * Build variant for remote config key selection. * * This must match the libsignal-bridge Rust enum of the same name. * * - `Production`: Use for release builds. Only uses base remote config keys without suffixes. * - `Beta`: Use for all other builds (nightly, alpha, internal, public betas). Prefers * keys with a `.beta` suffix, falling back to base keys if the suffixed key is not present. */ export declare enum BuildVariant { Production = 0, Beta = 1 } export type ServiceAuth = { username: string; password: string; }; export type ChatRequest = Readonly<{ verb: string; path: string; headers: ReadonlyArray<[string, string]>; body?: Uint8Array; timeoutMillis?: number; }>; type ConnectionManager = Native.Wrapper; /** Low-level async runtime control, mostly just exported for testing. */ export declare class TokioAsyncContext { readonly _nativeHandle: Native.TokioAsyncContext; constructor(handle: Native.TokioAsyncContext); makeCancellable(abortSignal: AbortSignal | undefined, promise: Native.CancellablePromise): Promise; } export type NetConstructorOptions = Readonly<{ localTestServer?: false; env: Environment; userAgent: string; remoteConfig?: Map; buildVariant?: BuildVariant; } | { localTestServer: true; userAgent: string; TESTING_localServer_chatPort: number; TESTING_localServer_cdsiPort: number; TESTING_localServer_svr2Port: number; TESTING_localServer_svrBPort: number; TESTING_localServer_rootCertificateDer: Uint8Array; TESTING_localServer_httpVersion?: 1 | 2; }>; /** See {@link Net.setProxy()}. */ export type ProxyOptions = { scheme: string; host: string; port?: number; username?: string; password?: string; }; /** The "scheme" for Signal TLS proxies. See {@link Net.setProxy()}. */ export declare const SIGNAL_TLS_PROXY_SCHEME = "org.signal.tls"; export declare const REMOTE_CONFIG_KEYS: readonly ["chatRequestConnectionCheckTimeoutMillis", "useH2ForUnauthChat", "useH2ForAuthChat", "grpc.AccountsAnonymousLookupUsernameHash", "grpc.AccountsAnonymousLookupUsernameLink.2", "grpc.AccountsAnonymousCheckAccountExistence.2", "grpc.MessagesAnonymousSendMultiRecipientMessage.2", "grpc.MessagesAnonymousSendSingleRecipientMessage", "grpc.AttachmentsGetUploadForm", "grpc.MessagesSendMessage", "grpc.BackupsAnonymousGetUploadForm", "chatRequestConnectionCheckTimeoutMillis.beta", "useH2ForUnauthChat.beta", "useH2ForAuthChat.beta", "grpc.AccountsAnonymousLookupUsernameHash.beta", "grpc.AccountsAnonymousLookupUsernameLink.2.beta", "grpc.AccountsAnonymousCheckAccountExistence.2.beta", "grpc.MessagesAnonymousSendMultiRecipientMessage.2.beta", "grpc.MessagesAnonymousSendSingleRecipientMessage.beta", "grpc.AttachmentsGetUploadForm.beta", "grpc.MessagesSendMessage.beta", "grpc.BackupsAnonymousGetUploadForm.beta", "chatPermessageDeflate.prod"]; export declare class Net { private readonly options; private readonly asyncContext; /** Exposed only for testing. */ readonly _connectionManager: ConnectionManager; constructor(options: NetConstructorOptions); /** * Starts the process of connecting to the chat server. * * If this completes successfully, the next call to {@link #connectAuthenticatedChat} may be able * to finish more quickly. If it's incomplete or produces an error, such a call will start from * scratch as usual. Only one preconnect is recorded, so there's no point in calling this more * than once. * * @param options additional options to pass through. * @param options.abortSignal an {@link AbortSignal} that will cancel the connection attempt. */ preconnectChat(options?: { abortSignal?: AbortSignal; }): Promise; /** * Creates a new instance of {@link UnauthenticatedChatConnection}. * * @param listener the listener for incoming events. * @param options additional options to pass through. * @param options.languages If provided, a list of languages in Accept-Language syntax to apply * to all requests made on this connection. Note that "quality weighting" can be left out; the * Signal server will always consider the list to be in priority order. * @param options.abortSignal an {@link AbortSignal} that will cancel the connection attempt. */ connectUnauthenticatedChat(listener: ConnectionEventsListener, options?: { languages?: string[]; abortSignal?: AbortSignal; }): Promise; /** * Creates a new instance of {@link AuthenticatedChatConnection}. * * @param username the identifier for the local device * @param password the password for the local device * @param receiveStories whether or not the local user has Stories enabled, so the server can * filter them out ahead of time * @param listener the listener for incoming events. * @param options additional options to pass through. * @param options.languages If provided, a list of languages in Accept-Language syntax to apply * to all requests made on this connection. Note that "quality weighting" can be left out; the * Signal server will always consider the list to be in priority order. * @param options.abortSignal an {@link AbortSignal} that will cancel the connection attempt. */ connectAuthenticatedChat(username: string, password: string, receiveStories: boolean, listener: ChatServiceListener, options?: { languages?: string[]; abortSignal?: AbortSignal; }): Promise; /** * Creates a new instance of {@link ProvisioningConnection}. * * @param listener the listener for incoming events. * @param options additional options to pass through. * @param options.abortSignal an {@link AbortSignal} that will cancel the connection attempt. */ connectProvisioning(listener: ProvisioningConnectionListener, options?: { abortSignal?: AbortSignal; }): Promise; resumeRegistrationSession({ sessionId, e164, }: { sessionId: string; e164: string; }): Promise; createRegistrationSession({ e164, }: { e164: string; }): Promise; /** * Enables/disables IPv6 for all new connections (until changed). * * The flag is `true` by default. */ setIpv6Enabled(ipv6Enabled: boolean): void; /** * Enables or disables censorship circumvention for all new connections (until changed). * * If CC is enabled, *new* connections and services may try additional routes to the Signal * servers. Existing connections and services will continue with the setting they were created * with. (In particular, changing this setting will not affect any existing * {@link ChatConnection ChatConnections}.) * * CC is off by default. */ setCensorshipCircumventionEnabled(enabled: boolean): void; /** * Sets the proxy host to be used for all new connections (until overridden). * * Sets a server to be used to proxy all new outgoing connections. The proxy can be overridden by * calling this method again or unset by calling {@link #clearProxy}. Omitting the `port` means * the default port for the scheme will be used. * * To specify a Signal transparent TLS proxy, use {@link SIGNAL_TLS_PROXY_SCHEME}, or the * overload that takes a separate domain and port number. * * Throws if the scheme is unsupported or if the provided parameters are invalid for that scheme * (e.g. Signal TLS proxies don't support authentication) */ setProxy(options: Readonly): void; /** * Sets the Signal TLS proxy host to be used for all new connections (until overridden). * * Sets a domain name and port to be used to proxy all new outgoing connections, using a Signal * transparent TLS proxy. The proxy can be overridden by calling this method again or unset by * calling {@link #clearProxy}. * * Throws if the host or port is structurally invalid, such as a port that doesn't fit in u16. */ setProxy(host: string, port?: number): void; /** * Like {@link #setProxy}, but parses the proxy options from a URL. See there for more * information. * * Takes a string rather than a URL so that an *invalid* string can result in disabling * connections until {@link #clearProxy} is called, consistent with other ways {@link #setProxy} * might consider its parameters invalid. * * Throws if the URL contains unnecessary parts (like a query string), or if the resulting options * are not supported. */ setProxyFromUrl(urlString: string): void; /** * Parses a proxy URL into an options object, suitable for passing to {@link #setProxy}. * * It is recommended not to call this directly. Instead, use {@link #setProxyFromUrl}, which will * treat an invalid URL uniformly with one that is structurally valid but unsupported by * libsignal. * * Throws if the URL is known to not be a valid proxy URL; however it's still possible the * resulting options object cannot be used as a proxy. */ static proxyOptionsFromUrl(urlString: string): ProxyOptions; /** * Refuses to make any new connections until a new proxy configuration is set or * {@link #clearProxy} is called. * * Existing connections will not be affected. */ setInvalidProxy(): void; /** * Ensures that future connections will be made directly, not through a proxy. * * Clears any proxy configuration set via {@link #setProxy} or {@link #setInvalidProxy}. If none * was set, calling this method is a no-op. */ clearProxy(): void; /** * Updates libsignal's remote configuration settings. * * The provided configuration map must conform to the following requirements: * - Each key represents an enabled configuration and directly indicates that the setting is enabled. * - Keys must have had the platform-specific prefix (e.g., `"desktop.libsignal."`) removed. * - Entries explicitly disabled by the server must not appear in the map. * - Values originally set to `null` by the server must be represented as empty strings. * - Values should otherwise maintain the same format as they are returned by the server. * * These constraints ensure configurations passed to libsignal precisely reflect enabled * server-provided settings without ambiguity. * * Only new connections made *after* this call will use the new remote config settings. * Existing connections are not affected. * * @deprecated Calling without buildVariant is deprecated. Please explicitly specify BuildVariant.Production or BuildVariant.Beta. * @param remoteConfig A map containing preprocessed libsignal configuration keys and their associated values. */ setRemoteConfig(remoteConfig: ReadonlyMap<(typeof REMOTE_CONFIG_KEYS)[number], string>): void; /** * Updates libsignal's remote configuration settings. * * The provided configuration map must conform to the following requirements: * - Each key represents an enabled configuration and directly indicates that the setting is enabled. * - Keys must have had the platform-specific prefix (e.g., `"desktop.libsignal."`) removed. * - Entries explicitly disabled by the server must not appear in the map. * - Values originally set to `null` by the server must be represented as empty strings. * - Values should otherwise maintain the same format as they are returned by the server. * * These constraints ensure configurations passed to libsignal precisely reflect enabled * server-provided settings without ambiguity. * * Only new connections made *after* this call will use the new remote config settings. * Existing connections are not affected. * * @param remoteConfig A map containing preprocessed libsignal configuration keys and their associated values. * @param buildVariant The build variant (BuildVariant.Production or BuildVariant.Beta) that determines which remote config keys to use. */ setRemoteConfig(remoteConfig: ReadonlyMap<(typeof REMOTE_CONFIG_KEYS)[number], string>, buildVariant: BuildVariant): void; /** * Notifies libsignal that the network has changed. * * This will lead to, e.g. caches being cleared and cooldowns being reset. */ onNetworkChange(): void; cdsiLookup(auth: Readonly, options: ReadonlyDeep): Promise>; /** * Get the SVR-B (Secure Value Recovery for Backups) service for this network instance. * * SVR-B provides forward secrecy for Signal backups, ensuring that even if the user's * Account Entropy Pool or Backup Key is compromised, the attacker cannot * compromise all past backups. This is achieved by storing the forward * secrecy token in a secure enclave inside the SVR-B server, which provably * attests that it only stores a single token at a time for each user. * * @param auth The authentication credentials to use when connecting to the SVR-B server. * @returns An SvrB service instance configured for this network environment * @see {@link SvrB} */ svrB(auth: Readonly): SvrB; /** * Returns an SVR2 service instance for this network configuration. * * SVR2 stores a small piece of data protected by a pin in a secure enclave. * See {@link Svr2} for the storage and restore protocols. * * @param auth The authentication credentials to use when connecting to the SVR2 server. * @returns An Svr2 service instance configured for this network environment. * @see {@link Svr2} */ svr2(auth: Readonly): Svr2; }