/**
|
* HTTPS is the HTTP protocol over TLS/SSL. In Node.js this is implemented as a
|
* separate module.
|
* @see [source](https://github.com/nodejs/node/blob/v17.0.0/lib/https.js)
|
*/
|
declare module 'https' {
|
import { Duplex } from 'node:stream';
|
import * as tls from 'node:tls';
|
import * as http from 'node:http';
|
import { URL } from 'node:url';
|
type ServerOptions = tls.SecureContextOptions & tls.TlsOptions & http.ServerOptions;
|
type RequestOptions = http.RequestOptions &
|
tls.SecureContextOptions & {
|
rejectUnauthorized?: boolean | undefined; // Defaults to true
|
servername?: string | undefined; // SNI TLS Extension
|
};
|
interface AgentOptions extends http.AgentOptions, tls.ConnectionOptions {
|
rejectUnauthorized?: boolean | undefined;
|
maxCachedSessions?: number | undefined;
|
}
|
/**
|
* An `Agent` object for HTTPS similar to `http.Agent`. See {@link request} for more information.
|
* @since v0.4.5
|
*/
|
class Agent extends http.Agent {
|
constructor(options?: AgentOptions);
|
options: AgentOptions;
|
}
|
interface Server extends http.Server {}
|
/**
|
* See `http.Server` for more information.
|
* @since v0.3.4
|
*/
|
class Server extends tls.Server {
|
constructor(requestListener?: http.RequestListener);
|
constructor(options: ServerOptions, requestListener?: http.RequestListener);
|
addListener(event: string, listener: (...args: any[]) => void): this;
|
addListener(event: 'keylog', listener: (line: Buffer, tlsSocket: tls.TLSSocket) => void): this;
|
addListener(event: 'newSession', listener: (sessionId: Buffer, sessionData: Buffer, callback: (err: Error, resp: Buffer) => void) => void): this;
|
addListener(event: 'OCSPRequest', listener: (certificate: Buffer, issuer: Buffer, callback: (err: Error | null, resp: Buffer) => void) => void): this;
|
addListener(event: 'resumeSession', listener: (sessionId: Buffer, callback: (err: Error, sessionData: Buffer) => void) => void): this;
|
addListener(event: 'secureConnection', listener: (tlsSocket: tls.TLSSocket) => void): this;
|
addListener(event: 'tlsClientError', listener: (err: Error, tlsSocket: tls.TLSSocket) => void): this;
|
addListener(event: 'close', listener: () => void): this;
|
addListener(event: 'connection', listener: (socket: Duplex) => void): this;
|
addListener(event: 'error', listener: (err: Error) => void): this;
|
addListener(event: 'listening', listener: () => void): this;
|
addListener(event: 'checkContinue', listener: http.RequestListener): this;
|
addListener(event: 'checkExpectation', listener: http.RequestListener): this;
|
addListener(event: 'clientError', listener: (err: Error, socket: Duplex) => void): this;
|
addListener(event: 'connect', listener: (req: http.IncomingMessage, socket: Duplex, head: Buffer) => void): this;
|
addListener(event: 'request', listener: http.RequestListener): this;
|
addListener(event: 'upgrade', listener: (req: http.IncomingMessage, socket: Duplex, head: Buffer) => void): this;
|
emit(event: string, ...args: any[]): boolean;
|
emit(event: 'keylog', line: Buffer, tlsSocket: tls.TLSSocket): boolean;
|
emit(event: 'newSession', sessionId: Buffer, sessionData: Buffer, callback: (err: Error, resp: Buffer) => void): boolean;
|
emit(event: 'OCSPRequest', certificate: Buffer, issuer: Buffer, callback: (err: Error | null, resp: Buffer) => void): boolean;
|
emit(event: 'resumeSession', sessionId: Buffer, callback: (err: Error, sessionData: Buffer) => void): boolean;
|
emit(event: 'secureConnection', tlsSocket: tls.TLSSocket): boolean;
|
emit(event: 'tlsClientError', err: Error, tlsSocket: tls.TLSSocket): boolean;
|
emit(event: 'close'): boolean;
|
emit(event: 'connection', socket: Duplex): boolean;
|
emit(event: 'error', err: Error): boolean;
|
emit(event: 'listening'): boolean;
|
emit(event: 'checkContinue', req: http.IncomingMessage, res: http.ServerResponse): boolean;
|
emit(event: 'checkExpectation', req: http.IncomingMessage, res: http.ServerResponse): boolean;
|
emit(event: 'clientError', err: Error, socket: Duplex): boolean;
|
emit(event: 'connect', req: http.IncomingMessage, socket: Duplex, head: Buffer): boolean;
|
emit(event: 'request', req: http.IncomingMessage, res: http.ServerResponse): boolean;
|
emit(event: 'upgrade', req: http.IncomingMessage, socket: Duplex, head: Buffer): boolean;
|
on(event: string, listener: (...args: any[]) => void): this;
|
on(event: 'keylog', listener: (line: Buffer, tlsSocket: tls.TLSSocket) => void): this;
|
on(event: 'newSession', listener: (sessionId: Buffer, sessionData: Buffer, callback: (err: Error, resp: Buffer) => void) => void): this;
|
on(event: 'OCSPRequest', listener: (certificate: Buffer, issuer: Buffer, callback: (err: Error | null, resp: Buffer) => void) => void): this;
|
on(event: 'resumeSession', listener: (sessionId: Buffer, callback: (err: Error, sessionData: Buffer) => void) => void): this;
|
on(event: 'secureConnection', listener: (tlsSocket: tls.TLSSocket) => void): this;
|
on(event: 'tlsClientError', listener: (err: Error, tlsSocket: tls.TLSSocket) => void): this;
|
on(event: 'close', listener: () => void): this;
|
on(event: 'connection', listener: (socket: Duplex) => void): this;
|
on(event: 'error', listener: (err: Error) => void): this;
|
on(event: 'listening', listener: () => void): this;
|
on(event: 'checkContinue', listener: http.RequestListener): this;
|
on(event: 'checkExpectation', listener: http.RequestListener): this;
|
on(event: 'clientError', listener: (err: Error, socket: Duplex) => void): this;
|
on(event: 'connect', listener: (req: http.IncomingMessage, socket: Duplex, head: Buffer) => void): this;
|
on(event: 'request', listener: http.RequestListener): this;
|
on(event: 'upgrade', listener: (req: http.IncomingMessage, socket: Duplex, head: Buffer) => void): this;
|
once(event: string, listener: (...args: any[]) => void): this;
|
once(event: 'keylog', listener: (line: Buffer, tlsSocket: tls.TLSSocket) => void): this;
|
once(event: 'newSession', listener: (sessionId: Buffer, sessionData: Buffer, callback: (err: Error, resp: Buffer) => void) => void): this;
|
once(event: 'OCSPRequest', listener: (certificate: Buffer, issuer: Buffer, callback: (err: Error | null, resp: Buffer) => void) => void): this;
|
once(event: 'resumeSession', listener: (sessionId: Buffer, callback: (err: Error, sessionData: Buffer) => void) => void): this;
|
once(event: 'secureConnection', listener: (tlsSocket: tls.TLSSocket) => void): this;
|
once(event: 'tlsClientError', listener: (err: Error, tlsSocket: tls.TLSSocket) => void): this;
|
once(event: 'close', listener: () => void): this;
|
once(event: 'connection', listener: (socket: Duplex) => void): this;
|
once(event: 'error', listener: (err: Error) => void): this;
|
once(event: 'listening', listener: () => void): this;
|
once(event: 'checkContinue', listener: http.RequestListener): this;
|
once(event: 'checkExpectation', listener: http.RequestListener): this;
|
once(event: 'clientError', listener: (err: Error, socket: Duplex) => void): this;
|
once(event: 'connect', listener: (req: http.IncomingMessage, socket: Duplex, head: Buffer) => void): this;
|
once(event: 'request', listener: http.RequestListener): this;
|
once(event: 'upgrade', listener: (req: http.IncomingMessage, socket: Duplex, head: Buffer) => void): this;
|
prependListener(event: string, listener: (...args: any[]) => void): this;
|
prependListener(event: 'keylog', listener: (line: Buffer, tlsSocket: tls.TLSSocket) => void): this;
|
prependListener(event: 'newSession', listener: (sessionId: Buffer, sessionData: Buffer, callback: (err: Error, resp: Buffer) => void) => void): this;
|
prependListener(event: 'OCSPRequest', listener: (certificate: Buffer, issuer: Buffer, callback: (err: Error | null, resp: Buffer) => void) => void): this;
|
prependListener(event: 'resumeSession', listener: (sessionId: Buffer, callback: (err: Error, sessionData: Buffer) => void) => void): this;
|
prependListener(event: 'secureConnection', listener: (tlsSocket: tls.TLSSocket) => void): this;
|
prependListener(event: 'tlsClientError', listener: (err: Error, tlsSocket: tls.TLSSocket) => void): this;
|
prependListener(event: 'close', listener: () => void): this;
|
prependListener(event: 'connection', listener: (socket: Duplex) => void): this;
|
prependListener(event: 'error', listener: (err: Error) => void): this;
|
prependListener(event: 'listening', listener: () => void): this;
|
prependListener(event: 'checkContinue', listener: http.RequestListener): this;
|
prependListener(event: 'checkExpectation', listener: http.RequestListener): this;
|
prependListener(event: 'clientError', listener: (err: Error, socket: Duplex) => void): this;
|
prependListener(event: 'connect', listener: (req: http.IncomingMessage, socket: Duplex, head: Buffer) => void): this;
|
prependListener(event: 'request', listener: http.RequestListener): this;
|
prependListener(event: 'upgrade', listener: (req: http.IncomingMessage, socket: Duplex, head: Buffer) => void): this;
|
prependOnceListener(event: string, listener: (...args: any[]) => void): this;
|
prependOnceListener(event: 'keylog', listener: (line: Buffer, tlsSocket: tls.TLSSocket) => void): this;
|
prependOnceListener(event: 'newSession', listener: (sessionId: Buffer, sessionData: Buffer, callback: (err: Error, resp: Buffer) => void) => void): this;
|
prependOnceListener(event: 'OCSPRequest', listener: (certificate: Buffer, issuer: Buffer, callback: (err: Error | null, resp: Buffer) => void) => void): this;
|
prependOnceListener(event: 'resumeSession', listener: (sessionId: Buffer, callback: (err: Error, sessionData: Buffer) => void) => void): this;
|
prependOnceListener(event: 'secureConnection', listener: (tlsSocket: tls.TLSSocket) => void): this;
|
prependOnceListener(event: 'tlsClientError', listener: (err: Error, tlsSocket: tls.TLSSocket) => void): this;
|
prependOnceListener(event: 'close', listener: () => void): this;
|
prependOnceListener(event: 'connection', listener: (socket: Duplex) => void): this;
|
prependOnceListener(event: 'error', listener: (err: Error) => void): this;
|
prependOnceListener(event: 'listening', listener: () => void): this;
|
prependOnceListener(event: 'checkContinue', listener: http.RequestListener): this;
|
prependOnceListener(event: 'checkExpectation', listener: http.RequestListener): this;
|
prependOnceListener(event: 'clientError', listener: (err: Error, socket: Duplex) => void): this;
|
prependOnceListener(event: 'connect', listener: (req: http.IncomingMessage, socket: Duplex, head: Buffer) => void): this;
|
prependOnceListener(event: 'request', listener: http.RequestListener): this;
|
prependOnceListener(event: 'upgrade', listener: (req: http.IncomingMessage, socket: Duplex, head: Buffer) => void): this;
|
}
|
/**
|
* ```js
|
* // curl -k https://localhost:8000/
|
* const https = require('https');
|
* const fs = require('fs');
|
*
|
* const options = {
|
* key: fs.readFileSync('test/fixtures/keys/agent2-key.pem'),
|
* cert: fs.readFileSync('test/fixtures/keys/agent2-cert.pem')
|
* };
|
*
|
* https.createServer(options, (req, res) => {
|
* res.writeHead(200);
|
* res.end('hello world\n');
|
* }).listen(8000);
|
* ```
|
*
|
* Or
|
*
|
* ```js
|
* const https = require('https');
|
* const fs = require('fs');
|
*
|
* const options = {
|
* pfx: fs.readFileSync('test/fixtures/test_cert.pfx'),
|
* passphrase: 'sample'
|
* };
|
*
|
* https.createServer(options, (req, res) => {
|
* res.writeHead(200);
|
* res.end('hello world\n');
|
* }).listen(8000);
|
* ```
|
* @since v0.3.4
|
* @param options Accepts `options` from `createServer`, `createSecureContext` and `createServer`.
|
* @param requestListener A listener to be added to the `'request'` event.
|
*/
|
function createServer(requestListener?: http.RequestListener): Server;
|
function createServer(options: ServerOptions, requestListener?: http.RequestListener): Server;
|
/**
|
* Makes a request to a secure web server.
|
*
|
* The following additional `options` from `tls.connect()` are also accepted:`ca`, `cert`, `ciphers`, `clientCertEngine`, `crl`, `dhparam`, `ecdhCurve`,`honorCipherOrder`, `key`, `passphrase`,
|
* `pfx`, `rejectUnauthorized`,`secureOptions`, `secureProtocol`, `servername`, `sessionIdContext`,`highWaterMark`.
|
*
|
* `options` can be an object, a string, or a `URL` object. If `options` is a
|
* string, it is automatically parsed with `new URL()`. If it is a `URL` object, it will be automatically converted to an ordinary `options` object.
|
*
|
* `https.request()` returns an instance of the `http.ClientRequest` class. The `ClientRequest` instance is a writable stream. If one needs to
|
* upload a file with a POST request, then write to the `ClientRequest` object.
|
*
|
* ```js
|
* const https = require('https');
|
*
|
* const options = {
|
* hostname: 'encrypted.google.com',
|
* port: 443,
|
* path: '/',
|
* method: 'GET'
|
* };
|
*
|
* const req = https.request(options, (res) => {
|
* console.log('statusCode:', res.statusCode);
|
* console.log('headers:', res.headers);
|
*
|
* res.on('data', (d) => {
|
* process.stdout.write(d);
|
* });
|
* });
|
*
|
* req.on('error', (e) => {
|
* console.error(e);
|
* });
|
* req.end();
|
* ```
|
*
|
* Example using options from `tls.connect()`:
|
*
|
* ```js
|
* const options = {
|
* hostname: 'encrypted.google.com',
|
* port: 443,
|
* path: '/',
|
* method: 'GET',
|
* key: fs.readFileSync('test/fixtures/keys/agent2-key.pem'),
|
* cert: fs.readFileSync('test/fixtures/keys/agent2-cert.pem')
|
* };
|
* options.agent = new https.Agent(options);
|
*
|
* const req = https.request(options, (res) => {
|
* // ...
|
* });
|
* ```
|
*
|
* Alternatively, opt out of connection pooling by not using an `Agent`.
|
*
|
* ```js
|
* const options = {
|
* hostname: 'encrypted.google.com',
|
* port: 443,
|
* path: '/',
|
* method: 'GET',
|
* key: fs.readFileSync('test/fixtures/keys/agent2-key.pem'),
|
* cert: fs.readFileSync('test/fixtures/keys/agent2-cert.pem'),
|
* agent: false
|
* };
|
*
|
* const req = https.request(options, (res) => {
|
* // ...
|
* });
|
* ```
|
*
|
* Example using a `URL` as `options`:
|
*
|
* ```js
|
* const options = new URL('https://abc:xyz@example.com');
|
*
|
* const req = https.request(options, (res) => {
|
* // ...
|
* });
|
* ```
|
*
|
* Example pinning on certificate fingerprint, or the public key (similar to`pin-sha256`):
|
*
|
* ```js
|
* const tls = require('tls');
|
* const https = require('https');
|
* const crypto = require('crypto');
|
*
|
* function sha256(s) {
|
* return crypto.createHash('sha256').update(s).digest('base64');
|
* }
|
* const options = {
|
* hostname: 'github.com',
|
* port: 443,
|
* path: '/',
|
* method: 'GET',
|
* checkServerIdentity: function(host, cert) {
|
* // Make sure the certificate is issued to the host we are connected to
|
* const err = tls.checkServerIdentity(host, cert);
|
* if (err) {
|
* return err;
|
* }
|
*
|
* // Pin the public key, similar to HPKP pin-sha25 pinning
|
* const pubkey256 = 'pL1+qb9HTMRZJmuC/bB/ZI9d302BYrrqiVuRyW+DGrU=';
|
* if (sha256(cert.pubkey) !== pubkey256) {
|
* const msg = 'Certificate verification error: ' +
|
* `The public key of '${cert.subject.CN}' ` +
|
* 'does not match our pinned fingerprint';
|
* return new Error(msg);
|
* }
|
*
|
* // Pin the exact certificate, rather than the pub key
|
* const cert256 = '25:FE:39:32:D9:63:8C:8A:FC:A1:9A:29:87:' +
|
* 'D8:3E:4C:1D:98:DB:71:E4:1A:48:03:98:EA:22:6A:BD:8B:93:16';
|
* if (cert.fingerprint256 !== cert256) {
|
* const msg = 'Certificate verification error: ' +
|
* `The certificate of '${cert.subject.CN}' ` +
|
* 'does not match our pinned fingerprint';
|
* return new Error(msg);
|
* }
|
*
|
* // This loop is informational only.
|
* // Print the certificate and public key fingerprints of all certs in the
|
* // chain. Its common to pin the public key of the issuer on the public
|
* // internet, while pinning the public key of the service in sensitive
|
* // environments.
|
* do {
|
* console.log('Subject Common Name:', cert.subject.CN);
|
* console.log(' Certificate SHA256 fingerprint:', cert.fingerprint256);
|
*
|
* hash = crypto.createHash('sha256');
|
* console.log(' Public key ping-sha256:', sha256(cert.pubkey));
|
*
|
* lastprint256 = cert.fingerprint256;
|
* cert = cert.issuerCertificate;
|
* } while (cert.fingerprint256 !== lastprint256);
|
*
|
* },
|
* };
|
*
|
* options.agent = new https.Agent(options);
|
* const req = https.request(options, (res) => {
|
* console.log('All OK. Server matched our pinned cert or public key');
|
* console.log('statusCode:', res.statusCode);
|
* // Print the HPKP values
|
* console.log('headers:', res.headers['public-key-pins']);
|
*
|
* res.on('data', (d) => {});
|
* });
|
*
|
* req.on('error', (e) => {
|
* console.error(e.message);
|
* });
|
* req.end();
|
* ```
|
*
|
* Outputs for example:
|
*
|
* ```text
|
* Subject Common Name: github.com
|
* Certificate SHA256 fingerprint: 25:FE:39:32:D9:63:8C:8A:FC:A1:9A:29:87:D8:3E:4C:1D:98:DB:71:E4:1A:48:03:98:EA:22:6A:BD:8B:93:16
|
* Public key ping-sha256: pL1+qb9HTMRZJmuC/bB/ZI9d302BYrrqiVuRyW+DGrU=
|
* Subject Common Name: DigiCert SHA2 Extended Validation Server CA
|
* Certificate SHA256 fingerprint: 40:3E:06:2A:26:53:05:91:13:28:5B:AF:80:A0:D4:AE:42:2C:84:8C:9F:78:FA:D0:1F:C9:4B:C5:B8:7F:EF:1A
|
* Public key ping-sha256: RRM1dGqnDFsCJXBTHky16vi1obOlCgFFn/yOhI/y+ho=
|
* Subject Common Name: DigiCert High Assurance EV Root CA
|
* Certificate SHA256 fingerprint: 74:31:E5:F4:C3:C1:CE:46:90:77:4F:0B:61:E0:54:40:88:3B:A9:A0:1E:D0:0B:A6:AB:D7:80:6E:D3:B1:18:CF
|
* Public key ping-sha256: WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18=
|
* All OK. Server matched our pinned cert or public key
|
* statusCode: 200
|
* headers: max-age=0; pin-sha256="WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18="; pin-sha256="RRM1dGqnDFsCJXBTHky16vi1obOlCgFFn/yOhI/y+ho=";
|
* pin-sha256="k2v657xBsOVe1PQRwOsHsw3bsGT2VzIqz5K+59sNQws="; pin-sha256="K87oWBWM9UZfyddvDfoxL+8lpNyoUB2ptGtn0fv6G2Q="; pin-sha256="IQBnNBEiFuhj+8x6X8XLgh01V9Ic5/V3IRQLNFFc7v4=";
|
* pin-sha256="iie1VXtL7HzAMF+/PVPR9xzT80kQxdZeJ+zduCB3uj0="; pin-sha256="LvRiGEjRqfzurezaWuj8Wie2gyHMrW5Q06LspMnox7A="; includeSubDomains
|
* ```
|
* @since v0.3.6
|
* @param options Accepts all `options` from `request`, with some differences in default values:
|
*/
|
function request(options: RequestOptions | string | URL, callback?: (res: http.IncomingMessage) => void): http.ClientRequest;
|
function request(url: string | URL, options: RequestOptions, callback?: (res: http.IncomingMessage) => void): http.ClientRequest;
|
/**
|
* Like `http.get()` but for HTTPS.
|
*
|
* `options` can be an object, a string, or a `URL` object. If `options` is a
|
* string, it is automatically parsed with `new URL()`. If it is a `URL` object, it will be automatically converted to an ordinary `options` object.
|
*
|
* ```js
|
* const https = require('https');
|
*
|
* https.get('https://encrypted.google.com/', (res) => {
|
* console.log('statusCode:', res.statusCode);
|
* console.log('headers:', res.headers);
|
*
|
* res.on('data', (d) => {
|
* process.stdout.write(d);
|
* });
|
*
|
* }).on('error', (e) => {
|
* console.error(e);
|
* });
|
* ```
|
* @since v0.3.6
|
* @param options Accepts the same `options` as {@link request}, with the `method` always set to `GET`.
|
*/
|
function get(options: RequestOptions | string | URL, callback?: (res: http.IncomingMessage) => void): http.ClientRequest;
|
function get(url: string | URL, options: RequestOptions, callback?: (res: http.IncomingMessage) => void): http.ClientRequest;
|
let globalAgent: Agent;
|
}
|
declare module 'node:https' {
|
export * from 'https';
|
}
|
