@wireapp/core-crypto 0.6.0-rc.3 → 0.6.0-rc.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/README.md CHANGED
@@ -114,7 +114,7 @@ cargo make wasm
114
114
 
115
115
  ### Android / JVM
116
116
 
117
- You can publish the JVM and Android bindings to maven using gradle after you'be build the corresponding target.
117
+ You can publish the JVM and Android bindings to maven using gradle after you've built the corresponding target.
118
118
 
119
119
  ```ignore
120
120
  cd kotlin
package/package.json CHANGED
@@ -1,63 +1,63 @@
1
1
  {
2
- "name": "@wireapp/core-crypto",
3
- "version": "0.6.0-rc.3",
4
- "description": "CoreCrypto bindings for the Web",
5
- "type": "module",
6
- "module": "platforms/web/corecrypto.js",
7
- "types": "platforms/web/corecrypto.d.js",
8
- "scripts": {
9
- "prepare": "npm run build",
10
- "build": "npm run clean && rollup -c crypto-ffi/bindings/js/rollup.config.js",
11
- "build:test": "npm run clean && rollup -c crypto-ffi/bindings/js/rollup.config.test.js",
12
- "clean": "rm -f ./platforms/web/*.{js,ts,wasm,html} && rm -rf ./platforms/web/assets",
13
- "package": "npm run build && npm pack",
14
- "test:raw": "jest -c crypto-ffi/bindings/js/jest.config.js --no-cache --runInBand --verbose",
15
- "test": "npm run build:test && npm run test:raw",
16
- "test:cov": "npm run build:test && jest -c crypto-ffi/bindings/js/jest.config.js --coverage --no-cache --runInBand --verbose"
17
- },
18
- "publishConfig": {
19
- "access": "public"
20
- },
21
- "files": [
22
- "platforms/web"
23
- ],
24
- "keywords": [
25
- "wire",
26
- "e2ee",
27
- "corecrypto",
28
- "mls",
29
- "proteus"
30
- ],
31
- "author": "Mathieu Amiot <amiot.mathieu@gmail.com>",
32
- "license": "GPL-3.0",
33
- "homepage": "https://github.com/wireapp/core-crypto",
34
- "repository": {
35
- "type": "git",
36
- "url": "git@github.com:wireapp/core-crypto.git"
37
- },
38
- "bugs": {
39
- "url": "https://github.com/wireapp/core-crypto/issues"
40
- },
41
- "devDependencies": {
42
- "@rollup/plugin-html": "^0.2.4",
43
- "@types/jest": "^29.0.1",
44
- "@types/jest-dev-server": "^5.0.0",
45
- "@typescript-eslint/eslint-plugin": "^5.36.2",
46
- "@typescript-eslint/parser": "^5.36.2",
47
- "@wasm-tool/rollup-plugin-rust": "^2.3.1",
48
- "dts-bundle-generator": "^6.13.0",
49
- "eslint": "^8.23.1",
50
- "eslint-config-prettier": "^8.5.0",
51
- "eslint-plugin-prettier": "^4.2.1",
52
- "jest": "^29.0.3",
53
- "jest-dev-server": "^6.1.1",
54
- "prettier": "^2.7.1",
55
- "puppeteer": "^17.1.3",
56
- "rollup": "^2.79.0",
57
- "rollup-jest": "^3.0.0",
58
- "rollup-plugin-ts": "^3.0.2",
59
- "ts-jest": "^29.0.0",
60
- "ts-loader": "^9.3.1",
61
- "typescript": "^4.8.3"
62
- }
63
- }
2
+ "name": "@wireapp/core-crypto",
3
+ "version": "0.6.0-rc.5",
4
+ "description": "CoreCrypto bindings for the Web",
5
+ "type": "module",
6
+ "module": "platforms/web/corecrypto.js",
7
+ "types": "platforms/web/corecrypto.d.js",
8
+ "scripts": {
9
+ "prepare": "npm run build",
10
+ "build": "npm run clean && rollup -c crypto-ffi/bindings/js/rollup.config.js",
11
+ "build:test": "npm run clean && rollup -c crypto-ffi/bindings/js/rollup.config.test.js",
12
+ "clean": "rm -f ./platforms/web/*.{js,ts,wasm,html} && rm -rf ./platforms/web/assets",
13
+ "package": "npm run build && npm pack",
14
+ "test:raw": "jest -c crypto-ffi/bindings/js/jest.config.js --no-cache --runInBand --verbose",
15
+ "test": "npm run build:test && npm run test:raw",
16
+ "test:cov": "npm run build:test && jest -c crypto-ffi/bindings/js/jest.config.js --coverage --no-cache --runInBand --verbose"
17
+ },
18
+ "publishConfig": {
19
+ "access": "public"
20
+ },
21
+ "files": [
22
+ "platforms/web"
23
+ ],
24
+ "keywords": [
25
+ "wire",
26
+ "e2ee",
27
+ "corecrypto",
28
+ "mls",
29
+ "proteus"
30
+ ],
31
+ "author": "Mathieu Amiot <amiot.mathieu@gmail.com>",
32
+ "license": "GPL-3.0",
33
+ "homepage": "https://github.com/wireapp/core-crypto",
34
+ "repository": {
35
+ "type": "git",
36
+ "url": "git@github.com:wireapp/core-crypto.git"
37
+ },
38
+ "bugs": {
39
+ "url": "https://github.com/wireapp/core-crypto/issues"
40
+ },
41
+ "devDependencies": {
42
+ "@rollup/plugin-html": "^0.2.4",
43
+ "@types/jest": "^29.0.1",
44
+ "@types/jest-dev-server": "^5.0.0",
45
+ "@typescript-eslint/eslint-plugin": "^5.36.2",
46
+ "@typescript-eslint/parser": "^5.36.2",
47
+ "@wasm-tool/rollup-plugin-rust": "^2.3.1",
48
+ "dts-bundle-generator": "^6.13.0",
49
+ "eslint": "^8.23.1",
50
+ "eslint-config-prettier": "^8.5.0",
51
+ "eslint-plugin-prettier": "^4.2.1",
52
+ "jest": "^29.0.3",
53
+ "jest-dev-server": "^6.1.1",
54
+ "prettier": "^2.7.1",
55
+ "puppeteer": "^17.1.3",
56
+ "rollup": "^2.79.0",
57
+ "rollup-jest": "^3.0.0",
58
+ "rollup-plugin-ts": "^3.0.2",
59
+ "ts-jest": "^29.0.0",
60
+ "ts-loader": "^9.3.1",
61
+ "typescript": "^4.8.3"
62
+ }
63
+ }
@@ -1,34 +1,155 @@
1
+ declare class WireE2eIdentity {
2
+ free(): void;
3
+ /**
4
+ * See [core_crypto::e2e_identity::WireE2eIdentity::directory_response]
5
+ * @param {Uint8Array} directory
6
+ * @returns {any}
7
+ */
8
+ directory_response(directory: Uint8Array): any;
9
+ /**
10
+ * See [core_crypto::e2e_identity::WireE2eIdentity::new_account_request]
11
+ * @param {any} directory
12
+ * @param {string} previous_nonce
13
+ * @returns {Uint8Array}
14
+ */
15
+ new_account_request(directory: any, previous_nonce: string): Uint8Array;
16
+ /**
17
+ * See [core_crypto::e2e_identity::WireE2eIdentity::new_account_response]
18
+ * @param {Uint8Array} account
19
+ * @returns {Uint8Array}
20
+ */
21
+ new_account_response(account: Uint8Array): Uint8Array;
22
+ /**
23
+ * See [core_crypto::e2e_identity::WireE2eIdentity::new_order_request]
24
+ * @param {string} handle
25
+ * @param {string} client_id
26
+ * @param {number} expiry_days
27
+ * @param {any} directory
28
+ * @param {Uint8Array} account
29
+ * @param {string} previous_nonce
30
+ * @returns {Uint8Array}
31
+ */
32
+ new_order_request(handle: string, client_id: string, expiry_days: number, directory: any, account: Uint8Array, previous_nonce: string): Uint8Array;
33
+ /**
34
+ * See [core_crypto::e2e_identity::WireE2eIdentity::new_order_response]
35
+ * @param {Uint8Array} order
36
+ * @returns {any}
37
+ */
38
+ new_order_response(order: Uint8Array): any;
39
+ /**
40
+ * See [core_crypto::e2e_identity::WireE2eIdentity::new_authz_request]
41
+ * @param {string} url
42
+ * @param {Uint8Array} account
43
+ * @param {string} previous_nonce
44
+ * @returns {Uint8Array}
45
+ */
46
+ new_authz_request(url: string, account: Uint8Array, previous_nonce: string): Uint8Array;
47
+ /**
48
+ * See [core_crypto::e2e_identity::WireE2eIdentity::new_authz_response]
49
+ * @param {Uint8Array} authz
50
+ * @returns {any}
51
+ */
52
+ new_authz_response(authz: Uint8Array): any;
53
+ /**
54
+ * See [core_crypto::e2e_identity::WireE2eIdentity::create_dpop_token]
55
+ * @param {string} access_token_url
56
+ * @param {string} user_id
57
+ * @param {bigint} client_id
58
+ * @param {string} domain
59
+ * @param {any} client_id_challenge
60
+ * @param {string} backend_nonce
61
+ * @param {number} expiry_days
62
+ * @returns {string}
63
+ */
64
+ create_dpop_token(access_token_url: string, user_id: string, client_id: bigint, domain: string, client_id_challenge: any, backend_nonce: string, expiry_days: number): string;
65
+ /**
66
+ * See [core_crypto::e2e_identity::WireE2eIdentity::new_challenge_request]
67
+ * @param {any} handle_challenge
68
+ * @param {Uint8Array} account
69
+ * @param {string} previous_nonce
70
+ * @returns {Uint8Array}
71
+ */
72
+ new_challenge_request(handle_challenge: any, account: Uint8Array, previous_nonce: string): Uint8Array;
73
+ /**
74
+ * See [core_crypto::e2e_identity::WireE2eIdentity::new_challenge_response]
75
+ * @param {Uint8Array} challenge
76
+ */
77
+ new_challenge_response(challenge: Uint8Array): void;
78
+ /**
79
+ * See [core_crypto::e2e_identity::WireE2eIdentity::check_order_request]
80
+ * @param {string} order_url
81
+ * @param {Uint8Array} account
82
+ * @param {string} previous_nonce
83
+ * @returns {Uint8Array}
84
+ */
85
+ check_order_request(order_url: string, account: Uint8Array, previous_nonce: string): Uint8Array;
86
+ /**
87
+ * See [core_crypto::e2e_identity::WireE2eIdentity::check_order_response]
88
+ * @param {Uint8Array} order
89
+ * @returns {Uint8Array}
90
+ */
91
+ check_order_response(order: Uint8Array): Uint8Array;
92
+ /**
93
+ * See [core_crypto::e2e_identity::WireE2eIdentity::finalize_request]
94
+ * @param {(Uint8Array)[]} domains
95
+ * @param {Uint8Array} order
96
+ * @param {Uint8Array} account
97
+ * @param {string} previous_nonce
98
+ * @returns {Uint8Array}
99
+ */
100
+ finalize_request(domains: (Uint8Array)[], order: Uint8Array, account: Uint8Array, previous_nonce: string): Uint8Array;
101
+ /**
102
+ * See [core_crypto::e2e_identity::WireE2eIdentity::finalize_response]
103
+ * @param {Uint8Array} finalize
104
+ * @returns {any}
105
+ */
106
+ finalize_response(finalize: Uint8Array): any;
107
+ /**
108
+ * See [core_crypto::e2e_identity::WireE2eIdentity::certificate_request]
109
+ * @param {any} finalize
110
+ * @param {Uint8Array} account
111
+ * @param {string} previous_nonce
112
+ * @returns {Uint8Array}
113
+ */
114
+ certificate_request(finalize: any, account: Uint8Array, previous_nonce: string): Uint8Array;
115
+ /**
116
+ * See [core_crypto::e2e_identity::WireE2eIdentity::certificate_response]
117
+ * @param {string} certificate_chain
118
+ * @returns {(Uint8Array)[]}
119
+ */
120
+ certificate_response(certificate_chain: string): (Uint8Array)[];
121
+ }
1
122
  /**
2
- * see [core_crypto::prelude::CiphersuiteName]
3
- */
123
+ * see [core_crypto::prelude::CiphersuiteName]
124
+ */
4
125
  export declare enum Ciphersuite {
5
126
  /**
6
- * DH KEM x25519 | AES-GCM 128 | SHA2-256 | Ed25519
7
- */
127
+ * DH KEM x25519 | AES-GCM 128 | SHA2-256 | Ed25519
128
+ */
8
129
  MLS_128_DHKEMX25519_AES128GCM_SHA256_Ed25519 = 1,
9
130
  /**
10
- * DH KEM P256 | AES-GCM 128 | SHA2-256 | EcDSA P256
11
- */
131
+ * DH KEM P256 | AES-GCM 128 | SHA2-256 | EcDSA P256
132
+ */
12
133
  MLS_128_DHKEMP256_AES128GCM_SHA256_P256 = 2,
13
134
  /**
14
- * DH KEM x25519 | Chacha20Poly1305 | SHA2-256 | Ed25519
15
- */
135
+ * DH KEM x25519 | Chacha20Poly1305 | SHA2-256 | Ed25519
136
+ */
16
137
  MLS_128_DHKEMX25519_CHACHA20POLY1305_SHA256_Ed25519 = 3,
17
138
  /**
18
- * DH KEM x448 | AES-GCM 256 | SHA2-512 | Ed448
19
- */
139
+ * DH KEM x448 | AES-GCM 256 | SHA2-512 | Ed448
140
+ */
20
141
  MLS_256_DHKEMX448_AES256GCM_SHA512_Ed448 = 4,
21
142
  /**
22
- * DH KEM P521 | AES-GCM 256 | SHA2-512 | EcDSA P521
23
- */
143
+ * DH KEM P521 | AES-GCM 256 | SHA2-512 | EcDSA P521
144
+ */
24
145
  MLS_256_DHKEMP521_AES256GCM_SHA512_P521 = 5,
25
146
  /**
26
- * DH KEM x448 | Chacha20Poly1305 | SHA2-512 | Ed448
27
- */
147
+ * DH KEM x448 | Chacha20Poly1305 | SHA2-512 | Ed448
148
+ */
28
149
  MLS_256_DHKEMX448_CHACHA20POLY1305_SHA512_Ed448 = 6,
29
150
  /**
30
- * DH KEM P384 | AES-GCM 256 | SHA2-384 | EcDSA P384
31
- */
151
+ * DH KEM P384 | AES-GCM 256 | SHA2-384 | EcDSA P384
152
+ */
32
153
  MLS_256_DHKEMP384_AES256GCM_SHA384_P384 = 7
33
154
  }
34
155
  /**
@@ -401,10 +522,11 @@ export interface CoreCryptoCallbacks {
401
522
  * Callback to ensure that the given `clientId` belongs to one of the provided `existingClients`
402
523
  * This basically allows to defer the client ID parsing logic to the caller - because CoreCrypto is oblivious to such things
403
524
  *
525
+ * @param conversationId - id of the group/conversation
404
526
  * @param clientId - id of a client
405
527
  * @param existingClients - all the clients currently within the MLS group
406
528
  */
407
- clientIsExistingGroupUser: (clientId: Uint8Array, existingClients: Uint8Array[]) => boolean;
529
+ clientIsExistingGroupUser: (conversationId: Uint8Array, clientId: Uint8Array, existingClients: Uint8Array[]) => boolean;
408
530
  }
409
531
  /**
410
532
  * Wrapper for the WASM-compiled version of CoreCrypto
@@ -689,7 +811,7 @@ export declare class CoreCrypto {
689
811
  * **CAUTION**: only use this when you had an explicit response from the Delivery Service
690
812
  * e.g. 403. Do not use otherwise e.g. 5xx responses, timeout etc..
691
813
  * **DO NOT** use when Delivery Service responds 409, pending state will be renewed
692
- * in {@link CoreCrypto.decrypt_message}
814
+ * in {@link CoreCrypto.decryptMessage}
693
815
  *
694
816
  * @param conversationId - The group's ID
695
817
  */
@@ -834,7 +956,7 @@ export declare class CoreCrypto {
834
956
  *
835
957
  * @param prekey - the prekey bundle to get the fingerprint from
836
958
  * @returns Hex-encoded public key string
837
- **/
959
+ **/
838
960
  static proteusFingerprintPrekeybundle(prekey: Uint8Array): string;
839
961
  /**
840
962
  * Imports all the data stored by Cryptobox into the CoreCrypto keystore
@@ -842,6 +964,15 @@ export declare class CoreCrypto {
842
964
  * @param storeName - The name of the IndexedDB store where the data is stored
843
965
  */
844
966
  proteusCryptoboxMigrate(storeName: string): Promise<void>;
967
+ /**
968
+ * Creates an enrollment instance with private key material you can use in order to fetch
969
+ * a new x509 certificate from the acme server.
970
+ * Make sure to call [WireE2eIdentity::free] (not yet available) to dispose this instance and its associated
971
+ * keying material.
972
+ *
973
+ * @param ciphersuite - For generating signing key material. Only {@link Ciphersuite.MLS_128_DHKEMX25519_AES128GCM_SHA256_Ed25519} is supported currently
974
+ */
975
+ newAcmeEnrollment(): Promise<WireE2eIdentity>;
845
976
  /**
846
977
  * Returns the current version of {@link CoreCrypto}
847
978
  *
@@ -849,5 +980,261 @@ export declare class CoreCrypto {
849
980
  */
850
981
  static version(): string;
851
982
  }
983
+ type JsonRawData = Uint8Array;
984
+ type AcmeAccount = Uint8Array;
985
+ type AcmeOrder = Uint8Array;
986
+ export declare class WireE2eIdentity {
987
+ #private;
988
+ /** @hidden */
989
+ constructor(e2ei: CoreCryptoFfiTypes.WireE2eIdentity, module: typeof CoreCryptoFfiTypes);
990
+ /**
991
+ * Parses the response from `GET /acme/{provisioner-name}/directory`.
992
+ * Use this {@link AcmeDirectory} in the next step to fetch the first nonce from the acme server. Use
993
+ * {@link AcmeDirectory.newNonce}.
994
+ *
995
+ * @param directory HTTP response body
996
+ * @see https://www.rfc-editor.org/rfc/rfc8555.html#section-7.1.1
997
+ */
998
+ directoryResponse(directory: JsonRawData): AcmeDirectory;
999
+ /**
1000
+ * For creating a new acme account. This returns a signed JWS-alike request body to send to
1001
+ * `POST /acme/{provisioner-name}/new-account`.
1002
+ *
1003
+ * @param directory you got from {@link directoryResponse}
1004
+ * @param previousNonce you got from calling `HEAD {@link AcmeDirectory.newNonce}`
1005
+ * @see https://www.rfc-editor.org/rfc/rfc8555.html#section-7.3
1006
+ */
1007
+ newAccountRequest(directory: AcmeDirectory, previousNonce: string): JsonRawData;
1008
+ /**
1009
+ * Parses the response from `POST /acme/{provisioner-name}/new-account`.
1010
+ * @param account HTTP response body
1011
+ * @see https://www.rfc-editor.org/rfc/rfc8555.html#section-7.3
1012
+ */
1013
+ newAccountResponse(account: JsonRawData): AcmeAccount;
1014
+ /**
1015
+ * Creates a new acme order for the handle (userId + display name) and the clientId.
1016
+ *
1017
+ * @param handle domain of the authorization server e.g. `idp.example.org`
1018
+ * @param clientId domain of the wire-server e.g. `wire.example.org`
1019
+ * @param expiryDays generated x509 certificate expiry
1020
+ * @param directory you got from {@link directoryResponse}
1021
+ * @param account you got from {@link newAccountResponse}
1022
+ * @param previousNonce `replay-nonce` response header from `POST /acme/{provisioner-name}/new-account`
1023
+ * @see https://www.rfc-editor.org/rfc/rfc8555.html#section-7.4
1024
+ */
1025
+ newOrderRequest(handle: string, clientId: string, expiryDays: number, directory: AcmeDirectory, account: AcmeAccount, previousNonce: string): JsonRawData;
1026
+ /**
1027
+ * Parses the response from `POST /acme/{provisioner-name}/new-order`.
1028
+ *
1029
+ * @param order HTTP response body
1030
+ * @see https://www.rfc-editor.org/rfc/rfc8555.html#section-7.4
1031
+ */
1032
+ newOrderResponse(order: JsonRawData): NewAcmeOrder;
1033
+ /**
1034
+ * Creates a new authorization request.
1035
+ *
1036
+ * @param url one of the URL in new order's authorizations (use {@link NewAcmeOrder.authorizations} from {@link newOrderResponse})
1037
+ * @param account you got from {@link newAccountResponse}
1038
+ * @param previousNonce `replay-nonce` response header from `POST /acme/{provisioner-name}/new-order` (or from the
1039
+ * previous to this method if you are creating the second authorization)
1040
+ * @see https://www.rfc-editor.org/rfc/rfc8555.html#section-7.5
1041
+ */
1042
+ newAuthzRequest(url: string, account: AcmeAccount, previousNonce: string): JsonRawData;
1043
+ /**
1044
+ * Parses the response from `POST /acme/{provisioner-name}/authz/{authz-id}`
1045
+ *
1046
+ * You then have to map the challenge from this authorization object. The `client_id_challenge`
1047
+ * will be the one with the `client_id_host` (you supplied to {@link newOrderRequest}) identifier,
1048
+ * the other will be your `handle_challenge`.
1049
+ *
1050
+ * @param authz HTTP response body
1051
+ * @see https://www.rfc-editor.org/rfc/rfc8555.html#section-7.5
1052
+ */
1053
+ newAuthzResponse(authz: JsonRawData): NewAcmeAuthz;
1054
+ /**
1055
+ * Generates a new client Dpop JWT token. It demonstrates proof of possession of the nonces
1056
+ * (from wire-server & acme server) and will be verified by the acme server when verifying the
1057
+ * challenge (in order to deliver a certificate).
1058
+ *
1059
+ * Then send it to `POST /clients/{id}/access-token`
1060
+ * {@link https://staging-nginz-https.zinfra.io/api/swagger-ui/#/default/post_clients__cid__access_token} on wire-server.
1061
+ *
1062
+ * @param accessTokenUrl backend endpoint where this token will be sent. Should be this one {@link https://staging-nginz-https.zinfra.io/api/swagger-ui/#/default/post_clients__cid__access_token}
1063
+ * @param userId an UUIDv4 uniquely identifying the user
1064
+ * @param clientId client identifier
1065
+ * @param domain owning backend domain e.g. `wire.com`
1066
+ * @param clientIdChallenge you found after {@link newAuthzResponse}
1067
+ * @param backendNonce you get by calling `GET /clients/token/nonce` on wire-server as defined here {@link https://staging-nginz-https.zinfra.io/api/swagger-ui/#/default/get_clients__client__nonce}
1068
+ * @param expiryDays token expiry in days
1069
+ */
1070
+ createDpopToken(accessTokenUrl: string, userId: string, clientId: bigint, domain: string, clientIdChallenge: AcmeChallenge, backendNonce: string, expiryDays: number): string;
1071
+ /**
1072
+ * Creates a new challenge request.
1073
+ *
1074
+ * @param handleChallenge you found after {@link newAuthzResponse}
1075
+ * @param account you found after {@link newAccountResponse}
1076
+ * @param previousNonce `replay-nonce` response header from `POST /acme/{provisioner-name}/authz/{authz-id}`
1077
+ * @see https://www.rfc-editor.org/rfc/rfc8555.html#section-7.5.1
1078
+ */
1079
+ newChallengeRequest(handleChallenge: AcmeChallenge, account: AcmeAccount, previousNonce: string): JsonRawData;
1080
+ /**
1081
+ * Parses the response from `POST /acme/{provisioner-name}/challenge/{challenge-id}`.
1082
+ *
1083
+ * @param challenge HTTP response body
1084
+ * @see https://www.rfc-editor.org/rfc/rfc8555.html#section-7.5.1
1085
+ */
1086
+ newChallengeResponse(challenge: JsonRawData): void;
1087
+ /**
1088
+ * Verifies that the previous challenge has been completed.
1089
+ *
1090
+ * @param orderUrl `location` header from http response you got from {@link newOrderResponse}
1091
+ * @param account you found after {@link newAccountResponse}
1092
+ * @param previousNonce `replay-nonce` response header from `POST /acme/{provisioner-name}/challenge/{challenge-id}`
1093
+ * @see https://www.rfc-editor.org/rfc/rfc8555.html#section-7.4
1094
+ */
1095
+ checkOrderRequest(orderUrl: string, account: AcmeAccount, previousNonce: string): JsonRawData;
1096
+ /**
1097
+ * Parses the response from `POST /acme/{provisioner-name}/order/{order-id}`.
1098
+ *
1099
+ * @param order HTTP response body
1100
+ * @see https://www.rfc-editor.org/rfc/rfc8555.html#section-7.4
1101
+ */
1102
+ checkOrderResponse(order: JsonRawData): AcmeOrder;
1103
+ /**
1104
+ * Final step before fetching the certificate.
1105
+ *
1106
+ * @param domains you want to generate a certificate for e.g. `["wire.com"]`
1107
+ * @param order you got from {@link checkOrderResponse}
1108
+ * @param account you found after {@link newAccountResponse}
1109
+ * @param previousNonce `replay-nonce` response header from `POST /acme/{provisioner-name}/order/{order-id}`
1110
+ * @see https://www.rfc-editor.org/rfc/rfc8555.html#section-7.4
1111
+ */
1112
+ finalizeRequest(domains: Uint8Array[], order: AcmeOrder, account: AcmeAccount, previousNonce: string): JsonRawData;
1113
+ /**
1114
+ * Parses the response from `POST /acme/{provisioner-name}/order/{order-id}/finalize`.
1115
+ *
1116
+ * @param finalize HTTP response body
1117
+ * @see https://www.rfc-editor.org/rfc/rfc8555.html#section-7.4
1118
+ */
1119
+ finalizeResponse(finalize: JsonRawData): AcmeFinalize;
1120
+ /**
1121
+ * Creates a request for finally fetching the x509 certificate.
1122
+ *
1123
+ * @param finalize you got from {@link finalizeResponse}
1124
+ * @param account you got from {@link newAccountResponse}
1125
+ * @param previousNonce `replay-nonce` response header from `POST /acme/{provisioner-name}/order/{order-id}/finalize`
1126
+ * @see https://www.rfc-editor.org/rfc/rfc8555.html#section-7.4.2
1127
+ */
1128
+ certificateRequest(finalize: AcmeFinalize, account: AcmeAccount, previousNonce: string): JsonRawData;
1129
+ /**
1130
+ * Parses the response from `POST /acme/{provisioner-name}/certificate/{certificate-id}`.
1131
+ *
1132
+ * @param certificateChain HTTP string response body
1133
+ * @see https://www.rfc-editor.org/rfc/rfc8555.html#section-7.4.2
1134
+ */
1135
+ certificateResponse(certificateChain: string): Uint8Array[];
1136
+ }
1137
+ /**
1138
+ * Holds URLs of all the standard ACME endpoint supported on an ACME server.
1139
+ * @see https://www.rfc-editor.org/rfc/rfc8555.html#section-7.1.1
1140
+ */
1141
+ export interface AcmeDirectory {
1142
+ /**
1143
+ * URL for fetching a new nonce. Use this only for creating a new account.
1144
+ *
1145
+ * @readonly
1146
+ */
1147
+ newNonce: string;
1148
+ /**
1149
+ * URL for creating a new account.
1150
+ *
1151
+ * @readonly
1152
+ */
1153
+ newAccount: string;
1154
+ /**
1155
+ * URL for creating a new order.
1156
+ *
1157
+ * @readonly
1158
+ */
1159
+ newOrder: string;
1160
+ }
1161
+ /**
1162
+ * Result of an order creation
1163
+ * @see https://www.rfc-editor.org/rfc/rfc8555.html#section-7.4
1164
+ */
1165
+ export interface NewAcmeOrder {
1166
+ /**
1167
+ * Contains raw JSON data of this order. This is parsed by the underlying Rust library hence should not be accessed
1168
+ *
1169
+ * @readonly
1170
+ */
1171
+ delegate: Uint8Array;
1172
+ /**
1173
+ * An authorization for each domain to create
1174
+ *
1175
+ * @readonly
1176
+ */
1177
+ authorizations: Uint8Array[];
1178
+ }
1179
+ /**
1180
+ * Result of an authorization creation.
1181
+ * @see https://www.rfc-editor.org/rfc/rfc8555.html#section-7.5
1182
+ */
1183
+ export interface NewAcmeAuthz {
1184
+ /**
1185
+ * DNS entry associated with those challenge
1186
+ *
1187
+ * @readonly
1188
+ */
1189
+ identifier: string;
1190
+ /**
1191
+ * Challenge for the clientId
1192
+ *
1193
+ * @readonly
1194
+ */
1195
+ wireHttpChallenge: AcmeChallenge | null;
1196
+ /**
1197
+ * Challenge for the userId and displayName
1198
+ *
1199
+ * @readonly
1200
+ */
1201
+ wireOidcChallenge: AcmeChallenge | null;
1202
+ }
1203
+ /**
1204
+ * For creating a challenge
1205
+ * @see https://www.rfc-editor.org/rfc/rfc8555.html#section-7.5.1
1206
+ */
1207
+ export interface AcmeChallenge {
1208
+ /**
1209
+ * Contains raw JSON data of this challenge. This is parsed by the underlying Rust library hence should not be accessed
1210
+ *
1211
+ * @readonly
1212
+ */
1213
+ delegate: Uint8Array;
1214
+ /**
1215
+ * URL of this challenge
1216
+ *
1217
+ * @readonly
1218
+ */
1219
+ url: string;
1220
+ }
1221
+ /**
1222
+ * Result from finalize.
1223
+ * @see https://www.rfc-editor.org/rfc/rfc8555.html#section-7.4
1224
+ */
1225
+ export interface AcmeFinalize {
1226
+ /**
1227
+ * Contains raw JSON data of this finalize. This is parsed by the underlying Rust library hence should not be accessed
1228
+ *
1229
+ * @readonly
1230
+ */
1231
+ delegate: Uint8Array;
1232
+ /**
1233
+ * URL of to use for the last request to fetch the x509 certificate
1234
+ *
1235
+ * @readonly
1236
+ */
1237
+ certificateUrl: string;
1238
+ }
852
1239
 
853
1240
  export {};