diff --git a/sorbet/rbi/gems/openssl@3.1.0.rbi b/sorbet/rbi/gems/openssl@3.1.0.rbi
new file mode 100644
index 0000000..e55cdf4
--- /dev/null
+++ b/sorbet/rbi/gems/openssl@3.1.0.rbi
@@ -0,0 +1,1703 @@
+# typed: false
+
+# DO NOT EDIT MANUALLY
+# This is an autogenerated file for types exported from the `openssl` gem.
+# Please instead update this file by running `bin/tapioca gem openssl`.
+
+# --
+# Add double dispatch to Integer
+# ++
+class Integer < ::Numeric
+ # Casts an Integer as an OpenSSL::BN
+ #
+ # See `man bn` for more info.
+ #
+ # source://openssl//openssl/bn.rb#37
+ def to_bn; end
+end
+
+module OpenSSL
+ private
+
+ # Returns a Digest subclass by _name_
+ #
+ # require 'openssl'
+ #
+ # OpenSSL::Digest("MD5")
+ # # => OpenSSL::Digest::MD5
+ #
+ # Digest("Foo")
+ # # => NameError: wrong constant name Foo
+ #
+ # source://openssl//openssl/digest.rb#67
+ def Digest(name); end
+
+ class << self
+ # Returns a Digest subclass by _name_
+ #
+ # require 'openssl'
+ #
+ # OpenSSL::Digest("MD5")
+ # # => OpenSSL::Digest::MD5
+ #
+ # Digest("Foo")
+ # # => NameError: wrong constant name Foo
+ #
+ # source://openssl//openssl/digest.rb#67
+ def Digest(name); end
+
+ # call-seq:
+ # OpenSSL.secure_compare(string, string) -> boolean
+ #
+ # Constant time memory comparison. Inputs are hashed using SHA-256 to mask
+ # the length of the secret. Returns +true+ if the strings are identical,
+ # +false+ otherwise.
+ #
+ # source://openssl//openssl.rb#32
+ def secure_compare(a, b); end
+ end
+end
+
+class OpenSSL::BN
+ include ::Comparable
+
+ # source://openssl//openssl/bn.rb#20
+ def pretty_print(q); end
+end
+
+# OpenSSL IO buffering mix-in module.
+#
+# This module allows an OpenSSL::SSL::SSLSocket to behave like an IO.
+#
+# You typically won't use this module directly, you can see it implemented in
+# OpenSSL::SSL::SSLSocket.
+module OpenSSL::Buffering
+ include ::Enumerable
+
+ # Creates an instance of OpenSSL's buffering IO module.
+ #
+ # source://openssl//openssl/buffering.rb#63
+ def initialize(*_arg0); end
+
+ # Writes _s_ to the stream. _s_ will be converted to a String using
+ # +.to_s+ method.
+ #
+ # source://openssl//openssl/buffering.rb#422
+ def <<(s); end
+
+ # Closes the SSLSocket and flushes any unwritten data.
+ #
+ # source://openssl//openssl/buffering.rb#483
+ def close; end
+
+ # Executes the block for every line in the stream where lines are separated
+ # by _eol_.
+ #
+ # See also #gets
+ #
+ # source://openssl//openssl/buffering.rb#259
+ def each(eol = T.unsafe(nil)); end
+
+ # Calls the given block once for each byte in the stream.
+ #
+ # source://openssl//openssl/buffering.rb#300
+ def each_byte; end
+
+ # Executes the block for every line in the stream where lines are separated
+ # by _eol_.
+ #
+ # See also #gets
+ #
+ # source://openssl//openssl/buffering.rb#259
+ def each_line(eol = T.unsafe(nil)); end
+
+ # Returns true if the stream is at file which means there is no more data to
+ # be read.
+ #
+ # @return [Boolean]
+ #
+ # source://openssl//openssl/buffering.rb#331
+ def eof; end
+
+ # Returns true if the stream is at file which means there is no more data to
+ # be read.
+ #
+ # @return [Boolean]
+ #
+ # source://openssl//openssl/buffering.rb#331
+ def eof?; end
+
+ # Flushes buffered data to the SSLSocket.
+ #
+ # source://openssl//openssl/buffering.rb#471
+ def flush; end
+
+ # call-seq:
+ # ssl.getbyte => 81
+ #
+ # Get the next 8bit byte from `ssl`. Returns `nil` on EOF
+ #
+ # source://openssl//openssl/buffering.rb#108
+ def getbyte; end
+
+ # Reads one character from the stream. Returns nil if called at end of
+ # file.
+ #
+ # source://openssl//openssl/buffering.rb#293
+ def getc; end
+
+ # Reads the next "line" from the stream. Lines are separated by _eol_. If
+ # _limit_ is provided the result will not be longer than the given number of
+ # bytes.
+ #
+ # _eol_ may be a String or Regexp.
+ #
+ # Unlike IO#gets the line read will not be assigned to +$_+.
+ #
+ # Unlike IO#gets the separator must be provided if a limit is provided.
+ #
+ # source://openssl//openssl/buffering.rb#235
+ def gets(eol = T.unsafe(nil), limit = T.unsafe(nil)); end
+
+ # Writes _args_ to the stream.
+ #
+ # See IO#print for full details.
+ #
+ # source://openssl//openssl/buffering.rb#450
+ def print(*args); end
+
+ # Formats and writes to the stream converting parameters under control of
+ # the format string.
+ #
+ # See Kernel#sprintf for format string details.
+ #
+ # source://openssl//openssl/buffering.rb#463
+ def printf(s, *args); end
+
+ # Writes _args_ to the stream along with a record separator.
+ #
+ # See IO#puts for full details.
+ #
+ # source://openssl//openssl/buffering.rb#432
+ def puts(*args); end
+
+ # Reads _size_ bytes from the stream. If _buf_ is provided it must
+ # reference a string which will receive the data.
+ #
+ # See IO#read for full details.
+ #
+ # source://openssl//openssl/buffering.rb#119
+ def read(size = T.unsafe(nil), buf = T.unsafe(nil)); end
+
+ # Reads at most _maxlen_ bytes in the non-blocking manner.
+ #
+ # When no data can be read without blocking it raises
+ # OpenSSL::SSL::SSLError extended by IO::WaitReadable or IO::WaitWritable.
+ #
+ # IO::WaitReadable means SSL needs to read internally so read_nonblock
+ # should be called again when the underlying IO is readable.
+ #
+ # IO::WaitWritable means SSL needs to write internally so read_nonblock
+ # should be called again after the underlying IO is writable.
+ #
+ # OpenSSL::Buffering#read_nonblock needs two rescue clause as follows:
+ #
+ # # emulates blocking read (readpartial).
+ # begin
+ # result = ssl.read_nonblock(maxlen)
+ # rescue IO::WaitReadable
+ # IO.select([io])
+ # retry
+ # rescue IO::WaitWritable
+ # IO.select(nil, [io])
+ # retry
+ # end
+ #
+ # Note that one reason that read_nonblock writes to the underlying IO is
+ # when the peer requests a new TLS/SSL handshake. See openssl the FAQ for
+ # more details. http://www.openssl.org/support/faq.html
+ #
+ # By specifying a keyword argument _exception_ to +false+, you can indicate
+ # that read_nonblock should not raise an IO::Wait*able exception, but
+ # return the symbol +:wait_writable+ or +:wait_readable+ instead. At EOF,
+ # it will return +nil+ instead of raising EOFError.
+ #
+ # source://openssl//openssl/buffering.rb#204
+ def read_nonblock(maxlen, buf = T.unsafe(nil), exception: T.unsafe(nil)); end
+
+ # Reads a one-character string from the stream. Raises an EOFError at end
+ # of file.
+ #
+ # @raise [EOFError]
+ #
+ # source://openssl//openssl/buffering.rb#310
+ def readchar; end
+
+ # Reads a line from the stream which is separated by _eol_.
+ #
+ # Raises EOFError if at end of file.
+ #
+ # @raise [EOFError]
+ #
+ # source://openssl//openssl/buffering.rb#284
+ def readline(eol = T.unsafe(nil)); end
+
+ # Reads lines from the stream which are separated by _eol_.
+ #
+ # See also #gets
+ #
+ # source://openssl//openssl/buffering.rb#271
+ def readlines(eol = T.unsafe(nil)); end
+
+ # Reads at most _maxlen_ bytes from the stream. If _buf_ is provided it
+ # must reference a string which will receive the data.
+ #
+ # See IO#readpartial for full details.
+ #
+ # source://openssl//openssl/buffering.rb#146
+ def readpartial(maxlen, buf = T.unsafe(nil)); end
+
+ # The "sync mode" of the SSLSocket.
+ #
+ # See IO#sync for full details.
+ #
+ # source://openssl//openssl/buffering.rb#53
+ def sync; end
+
+ # The "sync mode" of the SSLSocket.
+ #
+ # See IO#sync for full details.
+ #
+ # source://openssl//openssl/buffering.rb#53
+ def sync=(_arg0); end
+
+ # Pushes character _c_ back onto the stream such that a subsequent buffered
+ # character read will return it.
+ #
+ # Unlike IO#getc multiple bytes may be pushed back onto the stream.
+ #
+ # Has no effect on unbuffered reads (such as #sysread).
+ #
+ # source://openssl//openssl/buffering.rb#323
+ def ungetc(c); end
+
+ # Writes _s_ to the stream. If the argument is not a String it will be
+ # converted using +.to_s+ method. Returns the number of bytes written.
+ #
+ # source://openssl//openssl/buffering.rb#369
+ def write(*s); end
+
+ # Writes _s_ in the non-blocking manner.
+ #
+ # If there is buffered data, it is flushed first. This may block.
+ #
+ # write_nonblock returns number of bytes written to the SSL connection.
+ #
+ # When no data can be written without blocking it raises
+ # OpenSSL::SSL::SSLError extended by IO::WaitReadable or IO::WaitWritable.
+ #
+ # IO::WaitReadable means SSL needs to read internally so write_nonblock
+ # should be called again after the underlying IO is readable.
+ #
+ # IO::WaitWritable means SSL needs to write internally so write_nonblock
+ # should be called again after underlying IO is writable.
+ #
+ # So OpenSSL::Buffering#write_nonblock needs two rescue clause as follows.
+ #
+ # # emulates blocking write.
+ # begin
+ # result = ssl.write_nonblock(str)
+ # rescue IO::WaitReadable
+ # IO.select([io])
+ # retry
+ # rescue IO::WaitWritable
+ # IO.select(nil, [io])
+ # retry
+ # end
+ #
+ # Note that one reason that write_nonblock reads from the underlying IO
+ # is when the peer requests a new TLS/SSL handshake. See the openssl FAQ
+ # for more details. http://www.openssl.org/support/faq.html
+ #
+ # By specifying a keyword argument _exception_ to +false+, you can indicate
+ # that write_nonblock should not raise an IO::Wait*able exception, but
+ # return the symbol +:wait_writable+ or +:wait_readable+ instead.
+ #
+ # source://openssl//openssl/buffering.rb#413
+ def write_nonblock(s, exception: T.unsafe(nil)); end
+
+ private
+
+ # Consumes _size_ bytes from the buffer
+ #
+ # source://openssl//openssl/buffering.rb#91
+ def consume_rbuff(size = T.unsafe(nil)); end
+
+ # Writes _s_ to the buffer. When the buffer is full or #sync is true the
+ # buffer is flushed to the underlying socket.
+ #
+ # source://openssl//openssl/buffering.rb#346
+ def do_write(s); end
+
+ # Fills the buffer from the underlying SSLSocket
+ #
+ # source://openssl//openssl/buffering.rb#78
+ def fill_rbuff; end
+end
+
+# A buffer which will retain binary encoding.
+class OpenSSL::Buffering::Buffer < ::String
+ # @return [Buffer] a new instance of Buffer
+ #
+ # source://openssl//openssl/buffering.rb#29
+ def initialize; end
+
+ # source://openssl//openssl/buffering.rb#35
+ def <<(string); end
+
+ # source://openssl//openssl/buffering.rb#35
+ def concat(string); end
+end
+
+# source://openssl//openssl/buffering.rb#27
+OpenSSL::Buffering::Buffer::BINARY = T.let(T.unsafe(nil), Encoding)
+
+class OpenSSL::Cipher
+ # call-seq:
+ # cipher.random_iv -> iv
+ #
+ # Generate a random IV with OpenSSL::Random.random_bytes and sets it to the
+ # cipher, and returns it.
+ #
+ # You must call #encrypt or #decrypt before calling this method.
+ #
+ # source://openssl//openssl/cipher.rb#55
+ def random_iv; end
+
+ # call-seq:
+ # cipher.random_key -> key
+ #
+ # Generate a random key with OpenSSL::Random.random_bytes and sets it to
+ # the cipher, and returns it.
+ #
+ # You must call #encrypt or #decrypt before calling this method.
+ #
+ # source://openssl//openssl/cipher.rb#43
+ def random_key; end
+end
+
+class OpenSSL::Cipher::AES < ::OpenSSL::Cipher
+ # source://openssl//openssl/cipher.rb#19
+ def initialize(*args); end
+end
+
+class OpenSSL::Cipher::AES128 < ::OpenSSL::Cipher
+ # source://openssl//openssl/cipher.rb#29
+ def initialize(mode = T.unsafe(nil)); end
+end
+
+class OpenSSL::Cipher::AES192 < ::OpenSSL::Cipher
+ # source://openssl//openssl/cipher.rb#29
+ def initialize(mode = T.unsafe(nil)); end
+end
+
+class OpenSSL::Cipher::AES256 < ::OpenSSL::Cipher
+ # source://openssl//openssl/cipher.rb#29
+ def initialize(mode = T.unsafe(nil)); end
+end
+
+class OpenSSL::Cipher::BF < ::OpenSSL::Cipher
+ # source://openssl//openssl/cipher.rb#19
+ def initialize(*args); end
+end
+
+class OpenSSL::Cipher::CAST5 < ::OpenSSL::Cipher
+ # source://openssl//openssl/cipher.rb#19
+ def initialize(*args); end
+end
+
+# Deprecated.
+#
+# This class is only provided for backwards compatibility.
+# Use OpenSSL::Cipher.
+class OpenSSL::Cipher::Cipher < ::OpenSSL::Cipher; end
+
+class OpenSSL::Cipher::DES < ::OpenSSL::Cipher
+ # source://openssl//openssl/cipher.rb#19
+ def initialize(*args); end
+end
+
+class OpenSSL::Cipher::IDEA < ::OpenSSL::Cipher
+ # source://openssl//openssl/cipher.rb#19
+ def initialize(*args); end
+end
+
+class OpenSSL::Cipher::RC2 < ::OpenSSL::Cipher
+ # source://openssl//openssl/cipher.rb#19
+ def initialize(*args); end
+end
+
+class OpenSSL::Cipher::RC4 < ::OpenSSL::Cipher
+ # source://openssl//openssl/cipher.rb#19
+ def initialize(*args); end
+end
+
+class OpenSSL::Cipher::RC5 < ::OpenSSL::Cipher
+ # source://openssl//openssl/cipher.rb#19
+ def initialize(*args); end
+end
+
+class OpenSSL::Config
+ include ::Enumerable
+end
+
+class OpenSSL::Digest < ::Digest::Class
+ class << self
+ # Return the hash value computed with _name_ Digest. _name_ is either the
+ # long name or short name of a supported digest algorithm.
+ #
+ # === Examples
+ #
+ # OpenSSL::Digest.digest("SHA256", "abc")
+ #
+ # which is equivalent to:
+ #
+ # OpenSSL::Digest.digest('SHA256', "abc")
+ #
+ # source://openssl//openssl/digest.rb#29
+ def digest(name, data); end
+ end
+end
+
+# Deprecated.
+#
+# This class is only provided for backwards compatibility.
+# Use OpenSSL::Digest instead.
+class OpenSSL::Digest::Digest < ::OpenSSL::Digest; end
+
+class OpenSSL::Digest::MD4 < ::OpenSSL::Digest
+ # source://openssl//openssl/digest.rb#35
+ def initialize(data = T.unsafe(nil)); end
+
+ class << self
+ # source://openssl//openssl/digest.rb#41
+ def digest(data); end
+
+ # source://openssl//openssl/digest.rb#42
+ def hexdigest(data); end
+ end
+end
+
+class OpenSSL::Digest::MD5 < ::OpenSSL::Digest
+ # source://openssl//openssl/digest.rb#35
+ def initialize(data = T.unsafe(nil)); end
+
+ class << self
+ # source://openssl//openssl/digest.rb#41
+ def digest(data); end
+
+ # source://openssl//openssl/digest.rb#42
+ def hexdigest(data); end
+ end
+end
+
+class OpenSSL::Digest::RIPEMD160 < ::OpenSSL::Digest
+ # source://openssl//openssl/digest.rb#35
+ def initialize(data = T.unsafe(nil)); end
+
+ class << self
+ # source://openssl//openssl/digest.rb#41
+ def digest(data); end
+
+ # source://openssl//openssl/digest.rb#42
+ def hexdigest(data); end
+ end
+end
+
+class OpenSSL::Digest::SHA1 < ::OpenSSL::Digest
+ # source://openssl//openssl/digest.rb#35
+ def initialize(data = T.unsafe(nil)); end
+
+ class << self
+ # source://openssl//openssl/digest.rb#41
+ def digest(data); end
+
+ # source://openssl//openssl/digest.rb#42
+ def hexdigest(data); end
+ end
+end
+
+class OpenSSL::Digest::SHA224 < ::OpenSSL::Digest
+ # source://openssl//openssl/digest.rb#35
+ def initialize(data = T.unsafe(nil)); end
+
+ class << self
+ # source://openssl//openssl/digest.rb#41
+ def digest(data); end
+
+ # source://openssl//openssl/digest.rb#42
+ def hexdigest(data); end
+ end
+end
+
+class OpenSSL::Digest::SHA256 < ::OpenSSL::Digest
+ # source://openssl//openssl/digest.rb#35
+ def initialize(data = T.unsafe(nil)); end
+
+ class << self
+ # source://openssl//openssl/digest.rb#41
+ def digest(data); end
+
+ # source://openssl//openssl/digest.rb#42
+ def hexdigest(data); end
+ end
+end
+
+class OpenSSL::Digest::SHA384 < ::OpenSSL::Digest
+ # source://openssl//openssl/digest.rb#35
+ def initialize(data = T.unsafe(nil)); end
+
+ class << self
+ # source://openssl//openssl/digest.rb#41
+ def digest(data); end
+
+ # source://openssl//openssl/digest.rb#42
+ def hexdigest(data); end
+ end
+end
+
+class OpenSSL::Digest::SHA512 < ::OpenSSL::Digest
+ # source://openssl//openssl/digest.rb#35
+ def initialize(data = T.unsafe(nil)); end
+
+ class << self
+ # source://openssl//openssl/digest.rb#41
+ def digest(data); end
+
+ # source://openssl//openssl/digest.rb#42
+ def hexdigest(data); end
+ end
+end
+
+class OpenSSL::HMAC
+ # Securely compare with another HMAC instance in constant time.
+ #
+ # source://openssl//openssl/hmac.rb#6
+ def ==(other); end
+
+ # :call-seq:
+ # hmac.base64digest -> string
+ #
+ # Returns the authentication code an a Base64-encoded string.
+ #
+ # source://openssl//openssl/hmac.rb#17
+ def base64digest; end
+
+ class << self
+ # :call-seq:
+ # HMAC.base64digest(digest, key, data) -> aString
+ #
+ # Returns the authentication code as a Base64-encoded string. The _digest_
+ # parameter specifies the digest algorithm to use. This may be a String
+ # representing the algorithm name or an instance of OpenSSL::Digest.
+ #
+ # === Example
+ # key = 'key'
+ # data = 'The quick brown fox jumps over the lazy dog'
+ #
+ # hmac = OpenSSL::HMAC.base64digest('SHA1', key, data)
+ # #=> "3nybhbi3iqa8ino29wqQcBydtNk="
+ #
+ # source://openssl//openssl/hmac.rb#73
+ def base64digest(digest, key, data); end
+
+ # :call-seq:
+ # HMAC.digest(digest, key, data) -> aString
+ #
+ # Returns the authentication code as a binary string. The _digest_ parameter
+ # specifies the digest algorithm to use. This may be a String representing
+ # the algorithm name or an instance of OpenSSL::Digest.
+ #
+ # === Example
+ # key = 'key'
+ # data = 'The quick brown fox jumps over the lazy dog'
+ #
+ # hmac = OpenSSL::HMAC.digest('SHA1', key, data)
+ # #=> "\xDE|\x9B\x85\xB8\xB7\x8A\xA6\xBC\x8Az6\xF7\n\x90p\x1C\x9D\xB4\xD9"
+ #
+ # source://openssl//openssl/hmac.rb#35
+ def digest(digest, key, data); end
+
+ # :call-seq:
+ # HMAC.hexdigest(digest, key, data) -> aString
+ #
+ # Returns the authentication code as a hex-encoded string. The _digest_
+ # parameter specifies the digest algorithm to use. This may be a String
+ # representing the algorithm name or an instance of OpenSSL::Digest.
+ #
+ # === Example
+ # key = 'key'
+ # data = 'The quick brown fox jumps over the lazy dog'
+ #
+ # hmac = OpenSSL::HMAC.hexdigest('SHA1', key, data)
+ # #=> "de7c9b85b8b78aa6bc8a7a36f70a90701c9db4d9"
+ #
+ # source://openssl//openssl/hmac.rb#54
+ def hexdigest(digest, key, data); end
+ end
+end
+
+module OpenSSL::Marshal
+ mixes_in_class_methods ::OpenSSL::Marshal::ClassMethods
+
+ # source://openssl//openssl/marshal.rb#26
+ def _dump(_level); end
+
+ class << self
+ # @private
+ #
+ # source://openssl//openssl/marshal.rb#16
+ def included(base); end
+ end
+end
+
+module OpenSSL::Marshal::ClassMethods
+ # source://openssl//openssl/marshal.rb#21
+ def _load(string); end
+end
+
+module OpenSSL::PKCS5
+ private
+
+ # OpenSSL::PKCS5.pbkdf2_hmac has been renamed to OpenSSL::KDF.pbkdf2_hmac.
+ # This method is provided for backwards compatibility.
+ #
+ # source://openssl//openssl/pkcs5.rb#13
+ def pbkdf2_hmac(pass, salt, iter, keylen, digest); end
+
+ # source://openssl//openssl/pkcs5.rb#18
+ def pbkdf2_hmac_sha1(pass, salt, iter, keylen); end
+
+ class << self
+ # OpenSSL::PKCS5.pbkdf2_hmac has been renamed to OpenSSL::KDF.pbkdf2_hmac.
+ # This method is provided for backwards compatibility.
+ #
+ # source://openssl//openssl/pkcs5.rb#13
+ def pbkdf2_hmac(pass, salt, iter, keylen, digest); end
+
+ # source://openssl//openssl/pkcs5.rb#18
+ def pbkdf2_hmac_sha1(pass, salt, iter, keylen); end
+ end
+end
+
+class OpenSSL::PKey::DH < ::OpenSSL::PKey::PKey
+ include ::OpenSSL::Marshal
+ extend ::OpenSSL::Marshal::ClassMethods
+
+ # :call-seq:
+ # dh.compute_key(pub_bn) -> string
+ #
+ # Returns a String containing a shared secret computed from the other
+ # party's public value.
+ #
+ # This method is provided for backwards compatibility, and calls #derive
+ # internally.
+ #
+ # === Parameters
+ # * _pub_bn_ is a OpenSSL::BN, *not* the DH instance returned by
+ # DH#public_key as that contains the DH parameters only.
+ #
+ # source://openssl//openssl/pkey.rb#49
+ def compute_key(pub_bn); end
+
+ # :call-seq:
+ # dh.generate_key! -> self
+ #
+ # Generates a private and public key unless a private key already exists.
+ # If this DH instance was generated from public \DH parameters (e.g. by
+ # encoding the result of DH#public_key), then this method needs to be
+ # called first in order to generate the per-session keys before performing
+ # the actual key exchange.
+ #
+ # Deprecated in version 3.0. This method is incompatible with
+ # OpenSSL 3.0.0 or later.
+ #
+ # See also OpenSSL::PKey.generate_key.
+ #
+ # Example:
+ # # DEPRECATED USAGE: This will not work on OpenSSL 3.0 or later
+ # dh0 = OpenSSL::PKey::DH.new(2048)
+ # dh = dh0.public_key # #public_key only copies the DH parameters (contrary to the name)
+ # dh.generate_key!
+ # puts dh.private? # => true
+ # puts dh0.pub_key == dh.pub_key #=> false
+ #
+ # # With OpenSSL::PKey.generate_key
+ # dh0 = OpenSSL::PKey::DH.new(2048)
+ # dh = OpenSSL::PKey.generate_key(dh0)
+ # puts dh0.pub_key == dh.pub_key #=> false
+ #
+ # source://openssl//openssl/pkey.rb#91
+ def generate_key!; end
+
+ # :call-seq:
+ # dh.public_key -> dhnew
+ #
+ # Returns a new DH instance that carries just the \DH parameters.
+ #
+ # Contrary to the method name, the returned DH object contains only
+ # parameters and not the public key.
+ #
+ # This method is provided for backwards compatibility. In most cases, there
+ # is no need to call this method.
+ #
+ # For the purpose of re-generating the key pair while keeping the
+ # parameters, check OpenSSL::PKey.generate_key.
+ #
+ # Example:
+ # # OpenSSL::PKey::DH.generate by default generates a random key pair
+ # dh1 = OpenSSL::PKey::DH.generate(2048)
+ # p dh1.priv_key #=> #
+ # dhcopy = dh1.public_key
+ # p dhcopy.priv_key #=> nil
+ #
+ # source://openssl//openssl/pkey.rb#33
+ def public_key; end
+
+ class << self
+ # :call-seq:
+ # DH.generate(size, generator = 2) -> dh
+ #
+ # Creates a new DH instance from scratch by generating random parameters
+ # and a key pair.
+ #
+ # See also OpenSSL::PKey.generate_parameters and
+ # OpenSSL::PKey.generate_key.
+ #
+ # +size+::
+ # The desired key size in bits.
+ # +generator+::
+ # The generator.
+ #
+ # source://openssl//openssl/pkey.rb#118
+ def generate(size, generator = T.unsafe(nil), &blk); end
+
+ # Handle DH.new(size, generator) form here; new(str) and new() forms
+ # are handled by #initialize
+ #
+ # source://openssl//openssl/pkey.rb#128
+ def new(*args, &blk); end
+ end
+end
+
+class OpenSSL::PKey::DSA < ::OpenSSL::PKey::PKey
+ include ::OpenSSL::Marshal
+ extend ::OpenSSL::Marshal::ClassMethods
+
+ # :call-seq:
+ # dsa.public_key -> dsanew
+ #
+ # Returns a new DSA instance that carries just the \DSA parameters and the
+ # public key.
+ #
+ # This method is provided for backwards compatibility. In most cases, there
+ # is no need to call this method.
+ #
+ # For the purpose of serializing the public key, to PEM or DER encoding of
+ # X.509 SubjectPublicKeyInfo format, check PKey#public_to_pem and
+ # PKey#public_to_der.
+ #
+ # source://openssl//openssl/pkey.rb#153
+ def public_key; end
+
+ # :call-seq:
+ # dsa.syssign(string) -> string
+ #
+ # Computes and returns the \DSA signature of +string+, where +string+ is
+ # expected to be an already-computed message digest of the original input
+ # data. The signature is issued using the private key of this DSA instance.
+ #
+ # Deprecated in version 3.0.
+ # Consider using PKey::PKey#sign_raw and PKey::PKey#verify_raw instead.
+ #
+ # +string+::
+ # A message digest of the original input data to be signed.
+ #
+ # Example:
+ # dsa = OpenSSL::PKey::DSA.new(2048)
+ # doc = "Sign me"
+ # digest = OpenSSL::Digest.digest('SHA1', doc)
+ #
+ # # With legacy #syssign and #sysverify:
+ # sig = dsa.syssign(digest)
+ # p dsa.sysverify(digest, sig) #=> true
+ #
+ # # With #sign_raw and #verify_raw:
+ # sig = dsa.sign_raw(nil, digest)
+ # p dsa.verify_raw(nil, sig, digest) #=> true
+ #
+ # source://openssl//openssl/pkey.rb#220
+ def syssign(string); end
+
+ # :call-seq:
+ # dsa.sysverify(digest, sig) -> true | false
+ #
+ # Verifies whether the signature is valid given the message digest input.
+ # It does so by validating +sig+ using the public key of this DSA instance.
+ #
+ # Deprecated in version 3.0.
+ # Consider using PKey::PKey#sign_raw and PKey::PKey#verify_raw instead.
+ #
+ # +digest+::
+ # A message digest of the original input data to be signed.
+ # +sig+::
+ # A \DSA signature value.
+ #
+ # source://openssl//openssl/pkey.rb#243
+ def sysverify(digest, sig); end
+
+ class << self
+ # :call-seq:
+ # DSA.generate(size) -> dsa
+ #
+ # Creates a new DSA instance by generating a private/public key pair
+ # from scratch.
+ #
+ # See also OpenSSL::PKey.generate_parameters and
+ # OpenSSL::PKey.generate_key.
+ #
+ # +size+::
+ # The desired key size in bits.
+ #
+ # source://openssl//openssl/pkey.rb#169
+ def generate(size, &blk); end
+
+ # Handle DSA.new(size) form here; new(str) and new() forms
+ # are handled by #initialize
+ #
+ # source://openssl//openssl/pkey.rb#186
+ def new(*args, &blk); end
+ end
+end
+
+class OpenSSL::PKey::EC < ::OpenSSL::PKey::PKey
+ include ::OpenSSL::Marshal
+ extend ::OpenSSL::Marshal::ClassMethods
+
+ # :call-seq:
+ # ec.dh_compute_key(pubkey) -> string
+ #
+ # Derives a shared secret by ECDH. _pubkey_ must be an instance of
+ # OpenSSL::PKey::EC::Point and must belong to the same group.
+ #
+ # This method is provided for backwards compatibility, and calls #derive
+ # internally.
+ #
+ # source://openssl//openssl/pkey.rb#284
+ def dh_compute_key(pubkey); end
+
+ # :call-seq:
+ # key.dsa_sign_asn1(data) -> String
+ #
+ # Deprecated in version 3.0.
+ # Consider using PKey::PKey#sign_raw and PKey::PKey#verify_raw instead.
+ #
+ # source://openssl//openssl/pkey.rb#259
+ def dsa_sign_asn1(data); end
+
+ # :call-seq:
+ # key.dsa_verify_asn1(data, sig) -> true | false
+ #
+ # Deprecated in version 3.0.
+ # Consider using PKey::PKey#sign_raw and PKey::PKey#verify_raw instead.
+ #
+ # source://openssl//openssl/pkey.rb#270
+ def dsa_verify_asn1(data, sig); end
+end
+
+class OpenSSL::PKey::EC::Point
+ # :call-seq:
+ # point.to_bn([conversion_form]) -> OpenSSL::BN
+ #
+ # Returns the octet string representation of the EC point as an instance of
+ # OpenSSL::BN.
+ #
+ # If _conversion_form_ is not given, the _point_conversion_form_ attribute
+ # set to the group is used.
+ #
+ # See #to_octet_string for more information.
+ #
+ # source://openssl//openssl/pkey.rb#307
+ def to_bn(conversion_form = T.unsafe(nil)); end
+end
+
+class OpenSSL::PKey::RSA < ::OpenSSL::PKey::PKey
+ include ::OpenSSL::Marshal
+ extend ::OpenSSL::Marshal::ClassMethods
+
+ # :call-seq:
+ # rsa.private_decrypt(string) -> String
+ # rsa.private_decrypt(string, padding) -> String
+ #
+ # Decrypt +string+, which has been encrypted with the public key, with the
+ # private key. +padding+ defaults to PKCS1_PADDING, which is known to be
+ # insecure but is kept for backwards compatibility.
+ #
+ # Deprecated in version 3.0.
+ # Consider using PKey::PKey#encrypt and PKey::PKey#decrypt instead.
+ #
+ # source://openssl//openssl/pkey.rb#439
+ def private_decrypt(data, padding = T.unsafe(nil)); end
+
+ # :call-seq:
+ # rsa.private_encrypt(string) -> String
+ # rsa.private_encrypt(string, padding) -> String
+ #
+ # Encrypt +string+ with the private key. +padding+ defaults to
+ # PKCS1_PADDING, which is known to be insecure but is kept for backwards
+ # compatibility. The encrypted string output can be decrypted using
+ # #public_decrypt.
+ #
+ # Deprecated in version 3.0.
+ # Consider using PKey::PKey#sign_raw and PKey::PKey#verify_raw, and
+ # PKey::PKey#verify_recover instead.
+ #
+ # source://openssl//openssl/pkey.rb#373
+ def private_encrypt(string, padding = T.unsafe(nil)); end
+
+ # :call-seq:
+ # rsa.public_decrypt(string) -> String
+ # rsa.public_decrypt(string, padding) -> String
+ #
+ # Decrypt +string+, which has been encrypted with the private key, with the
+ # public key. +padding+ defaults to PKCS1_PADDING which is known to be
+ # insecure but is kept for backwards compatibility.
+ #
+ # Deprecated in version 3.0.
+ # Consider using PKey::PKey#sign_raw and PKey::PKey#verify_raw, and
+ # PKey::PKey#verify_recover instead.
+ #
+ # source://openssl//openssl/pkey.rb#396
+ def public_decrypt(string, padding = T.unsafe(nil)); end
+
+ # :call-seq:
+ # rsa.public_encrypt(string) -> String
+ # rsa.public_encrypt(string, padding) -> String
+ #
+ # Encrypt +string+ with the public key. +padding+ defaults to
+ # PKCS1_PADDING, which is known to be insecure but is kept for backwards
+ # compatibility. The encrypted string output can be decrypted using
+ # #private_decrypt.
+ #
+ # Deprecated in version 3.0.
+ # Consider using PKey::PKey#encrypt and PKey::PKey#decrypt instead.
+ #
+ # source://openssl//openssl/pkey.rb#418
+ def public_encrypt(data, padding = T.unsafe(nil)); end
+
+ # :call-seq:
+ # rsa.public_key -> rsanew
+ #
+ # Returns a new RSA instance that carries just the public key components.
+ #
+ # This method is provided for backwards compatibility. In most cases, there
+ # is no need to call this method.
+ #
+ # For the purpose of serializing the public key, to PEM or DER encoding of
+ # X.509 SubjectPublicKeyInfo format, check PKey#public_to_pem and
+ # PKey#public_to_der.
+ #
+ # source://openssl//openssl/pkey.rb#327
+ def public_key; end
+
+ private
+
+ # source://openssl//openssl/pkey.rb#456
+ def translate_padding_mode(num); end
+
+ class << self
+ # :call-seq:
+ # RSA.generate(size, exponent = 65537) -> RSA
+ #
+ # Generates an \RSA keypair.
+ #
+ # See also OpenSSL::PKey.generate_key.
+ #
+ # +size+::
+ # The desired key size in bits.
+ # +exponent+::
+ # An odd Integer, normally 3, 17, or 65537.
+ #
+ # source://openssl//openssl/pkey.rb#343
+ def generate(size, exp = T.unsafe(nil), &blk); end
+
+ # Handle RSA.new(size, exponent) form here; new(str) and new() forms
+ # are handled by #initialize
+ #
+ # source://openssl//openssl/pkey.rb#352
+ def new(*args, &blk); end
+ end
+end
+
+module OpenSSL::SSL
+ private
+
+ # source://openssl//openssl/ssl.rb#276
+ def verify_certificate_identity(cert, hostname); end
+
+ # source://openssl//openssl/ssl.rb#309
+ def verify_hostname(hostname, san); end
+
+ # source://openssl//openssl/ssl.rb#342
+ def verify_wildcard(domain_component, san_component); end
+
+ class << self
+ # source://openssl//openssl/ssl.rb#276
+ def verify_certificate_identity(cert, hostname); end
+
+ # source://openssl//openssl/ssl.rb#309
+ def verify_hostname(hostname, san); end
+
+ # source://openssl//openssl/ssl.rb#342
+ def verify_wildcard(domain_component, san_component); end
+ end
+end
+
+class OpenSSL::SSL::SSLContext
+ # call-seq:
+ # SSLContext.new -> ctx
+ # SSLContext.new(:TLSv1) -> ctx
+ # SSLContext.new("SSLv23") -> ctx
+ #
+ # Creates a new SSL context.
+ #
+ # If an argument is given, #ssl_version= is called with the value. Note
+ # that this form is deprecated. New applications should use #min_version=
+ # and #max_version= as necessary.
+ #
+ # @return [SSLContext] a new instance of SSLContext
+ #
+ # source://openssl//openssl/ssl.rb#127
+ def initialize(version = T.unsafe(nil)); end
+
+ # call-seq:
+ # ctx.max_version = OpenSSL::SSL::TLS1_2_VERSION
+ # ctx.max_version = :TLS1_2
+ # ctx.max_version = nil
+ #
+ # Sets the upper bound of the supported SSL/TLS protocol version. See
+ # #min_version= for the possible values.
+ #
+ # source://openssl//openssl/ssl.rb#190
+ def max_version=(version); end
+
+ # call-seq:
+ # ctx.min_version = OpenSSL::SSL::TLS1_2_VERSION
+ # ctx.min_version = :TLS1_2
+ # ctx.min_version = nil
+ #
+ # Sets the lower bound on the supported SSL/TLS protocol version. The
+ # version may be specified by an integer constant named
+ # OpenSSL::SSL::*_VERSION, a Symbol, or +nil+ which means "any version".
+ #
+ # Be careful that you don't overwrite OpenSSL::SSL::OP_NO_{SSL,TLS}v*
+ # options by #options= once you have called #min_version= or
+ # #max_version=.
+ #
+ # === Example
+ # ctx = OpenSSL::SSL::SSLContext.new
+ # ctx.min_version = OpenSSL::SSL::TLS1_1_VERSION
+ # ctx.max_version = OpenSSL::SSL::TLS1_2_VERSION
+ #
+ # sock = OpenSSL::SSL::SSLSocket.new(tcp_sock, ctx)
+ # sock.connect # Initiates a connection using either TLS 1.1 or TLS 1.2
+ #
+ # source://openssl//openssl/ssl.rb#178
+ def min_version=(version); end
+
+ # A callback invoked at connect time to distinguish between multiple
+ # server names.
+ #
+ # The callback is invoked with an SSLSocket and a server name. The
+ # callback must return an SSLContext for the server name or nil.
+ #
+ # source://openssl//openssl/ssl.rb#115
+ def servername_cb; end
+
+ # A callback invoked at connect time to distinguish between multiple
+ # server names.
+ #
+ # The callback is invoked with an SSLSocket and a server name. The
+ # callback must return an SSLContext for the server name or nil.
+ #
+ # source://openssl//openssl/ssl.rb#115
+ def servername_cb=(_arg0); end
+
+ # call-seq:
+ # ctx.set_params(params = {}) -> params
+ #
+ # Sets saner defaults optimized for the use with HTTP-like protocols.
+ #
+ # If a Hash _params_ is given, the parameters are overridden with it.
+ # The keys in _params_ must be assignment methods on SSLContext.
+ #
+ # If the verify_mode is not VERIFY_NONE and ca_file, ca_path and
+ # cert_store are not set then the system default certificate store is
+ # used.
+ #
+ # source://openssl//openssl/ssl.rb#146
+ def set_params(params = T.unsafe(nil)); end
+
+ # call-seq:
+ # ctx.ssl_version = :TLSv1
+ # ctx.ssl_version = "SSLv23"
+ #
+ # Sets the SSL/TLS protocol version for the context. This forces
+ # connections to use only the specified protocol version. This is
+ # deprecated and only provided for backwards compatibility. Use
+ # #min_version= and #max_version= instead.
+ #
+ # === History
+ # As the name hints, this used to call the SSL_CTX_set_ssl_version()
+ # function which sets the SSL method used for connections created from
+ # the context. As of Ruby/OpenSSL 2.1, this accessor method is
+ # implemented to call #min_version= and #max_version= instead.
+ #
+ # source://openssl//openssl/ssl.rb#209
+ def ssl_version=(meth); end
+
+ # A callback invoked when DH parameters are required for ephemeral DH key
+ # exchange.
+ #
+ # The callback is invoked with the SSLSocket, a
+ # flag indicating the use of an export cipher and the keylength
+ # required.
+ #
+ # The callback must return an OpenSSL::PKey::DH instance of the correct
+ # key length.
+ #
+ # Deprecated in version 3.0. Use #tmp_dh= instead.
+ #
+ # source://openssl//openssl/ssl.rb#108
+ def tmp_dh_callback; end
+
+ # A callback invoked when DH parameters are required for ephemeral DH key
+ # exchange.
+ #
+ # The callback is invoked with the SSLSocket, a
+ # flag indicating the use of an export cipher and the keylength
+ # required.
+ #
+ # The callback must return an OpenSSL::PKey::DH instance of the correct
+ # key length.
+ #
+ # Deprecated in version 3.0. Use #tmp_dh= instead.
+ #
+ # source://openssl//openssl/ssl.rb#108
+ def tmp_dh_callback=(_arg0); end
+end
+
+# source://openssl//openssl/ssl.rb#37
+OpenSSL::SSL::SSLContext::DEFAULT_2048 = T.let(T.unsafe(nil), OpenSSL::PKey::DH)
+
+# source://openssl//openssl/ssl.rb#49
+OpenSSL::SSL::SSLContext::DEFAULT_TMP_DH_CALLBACK = T.let(T.unsafe(nil), Proc)
+
+# The list of available SSL/TLS methods. This constant is only provided
+# for backwards compatibility.
+#
+# source://openssl//openssl/ssl.rb#235
+OpenSSL::SSL::SSLContext::METHODS = T.let(T.unsafe(nil), Array)
+
+# source://openssl//openssl/ssl.rb#223
+OpenSSL::SSL::SSLContext::METHODS_MAP = T.let(T.unsafe(nil), Hash)
+
+class OpenSSL::SSL::SSLErrorWaitReadable < ::OpenSSL::SSL::SSLError
+ include ::IO::WaitReadable
+end
+
+class OpenSSL::SSL::SSLErrorWaitWritable < ::OpenSSL::SSL::SSLError
+ include ::IO::WaitWritable
+end
+
+# SSLServer represents a TCP/IP server socket with Secure Sockets Layer.
+class OpenSSL::SSL::SSLServer
+ include ::OpenSSL::SSL::SocketForwarder
+
+ # Creates a new instance of SSLServer.
+ # * _srv_ is an instance of TCPServer.
+ # * _ctx_ is an instance of OpenSSL::SSL::SSLContext.
+ #
+ # @return [SSLServer] a new instance of SSLServer
+ #
+ # source://openssl//openssl/ssl.rb#491
+ def initialize(svr, ctx); end
+
+ # Works similar to TCPServer#accept.
+ #
+ # source://openssl//openssl/ssl.rb#519
+ def accept; end
+
+ # See IO#close for details.
+ #
+ # source://openssl//openssl/ssl.rb#540
+ def close; end
+
+ # See TCPServer#listen for details.
+ #
+ # source://openssl//openssl/ssl.rb#509
+ def listen(backlog = T.unsafe(nil)); end
+
+ # See BasicSocket#shutdown for details.
+ #
+ # source://openssl//openssl/ssl.rb#514
+ def shutdown(how = T.unsafe(nil)); end
+
+ # When true then #accept works exactly the same as TCPServer#accept
+ #
+ # source://openssl//openssl/ssl.rb#486
+ def start_immediately; end
+
+ # When true then #accept works exactly the same as TCPServer#accept
+ #
+ # source://openssl//openssl/ssl.rb#486
+ def start_immediately=(_arg0); end
+
+ # Returns the TCPServer passed to the SSLServer when initialized.
+ #
+ # source://openssl//openssl/ssl.rb#504
+ def to_io; end
+end
+
+class OpenSSL::SSL::SSLSocket
+ include ::Enumerable
+ include ::OpenSSL::Buffering
+ include ::OpenSSL::SSL::SocketForwarder
+
+ # The SSLContext object used in this connection.
+ #
+ # source://openssl//openssl/ssl.rb#371
+ def context; end
+
+ # Returns the value of attribute hostname.
+ #
+ # source://openssl//openssl/ssl.rb#364
+ def hostname; end
+
+ # The underlying IO object.
+ #
+ # source://openssl//openssl/ssl.rb#367
+ def io; end
+
+ # call-seq:
+ # ssl.post_connection_check(hostname) -> true
+ #
+ # Perform hostname verification following RFC 6125.
+ #
+ # This method MUST be called after calling #connect to ensure that the
+ # hostname of a remote peer has been verified.
+ #
+ # source://openssl//openssl/ssl.rb#397
+ def post_connection_check(hostname); end
+
+ # call-seq:
+ # ssl.session -> aSession
+ #
+ # Returns the SSLSession object currently used, or nil if the session is
+ # not established.
+ #
+ # source://openssl//openssl/ssl.rb#418
+ def session; end
+
+ # Whether to close the underlying socket as well, when the SSL/TLS
+ # connection is shut down. This defaults to +false+.
+ #
+ # source://openssl//openssl/ssl.rb#375
+ def sync_close; end
+
+ # Whether to close the underlying socket as well, when the SSL/TLS
+ # connection is shut down. This defaults to +false+.
+ #
+ # source://openssl//openssl/ssl.rb#375
+ def sync_close=(_arg0); end
+
+ # call-seq:
+ # ssl.sysclose => nil
+ #
+ # Sends "close notify" to the peer and tries to shut down the SSL
+ # connection gracefully.
+ #
+ # If sync_close is set to +true+, the underlying IO is also closed.
+ #
+ # source://openssl//openssl/ssl.rb#384
+ def sysclose; end
+
+ # The underlying IO object.
+ #
+ # source://openssl//openssl/ssl.rb#367
+ def to_io; end
+
+ private
+
+ # source://openssl//openssl/ssl.rb#432
+ def client_cert_cb; end
+
+ # source://openssl//openssl/ssl.rb#444
+ def session_get_cb; end
+
+ # source://openssl//openssl/ssl.rb#440
+ def session_new_cb; end
+
+ # source://openssl//openssl/ssl.rb#436
+ def tmp_dh_callback; end
+
+ # @return [Boolean]
+ #
+ # source://openssl//openssl/ssl.rb#426
+ def using_anon_cipher?; end
+
+ class << self
+ # call-seq:
+ # open(remote_host, remote_port, local_host=nil, local_port=nil, context: nil)
+ #
+ # Creates a new instance of SSLSocket.
+ # _remote\_host_ and _remote\_port_ are used to open TCPSocket.
+ # If _local\_host_ and _local\_port_ are specified,
+ # then those parameters are used on the local end to establish the connection.
+ # If _context_ is provided,
+ # the SSL Sockets initial params will be taken from the context.
+ #
+ # === Examples
+ #
+ # sock = OpenSSL::SSL::SSLSocket.open('localhost', 443)
+ # sock.connect # Initiates a connection to localhost:443
+ #
+ # with SSLContext:
+ #
+ # ctx = OpenSSL::SSL::SSLContext.new
+ # sock = OpenSSL::SSL::SSLSocket.open('localhost', 443, context: ctx)
+ # sock.connect # Initiates a connection to localhost:443 with SSLContext
+ #
+ # source://openssl//openssl/ssl.rb#470
+ def open(remote_host, remote_port, local_host = T.unsafe(nil), local_port = T.unsafe(nil), context: T.unsafe(nil)); end
+ end
+end
+
+module OpenSSL::SSL::SocketForwarder
+ # source://openssl//openssl/ssl.rb#247
+ def addr; end
+
+ # @return [Boolean]
+ #
+ # source://openssl//openssl/ssl.rb#267
+ def closed?; end
+
+ # source://openssl//openssl/ssl.rb#271
+ def do_not_reverse_lookup=(flag); end
+
+ # source://openssl//openssl/ssl.rb#263
+ def fcntl(*args); end
+
+ # The file descriptor for the socket.
+ #
+ # source://openssl//openssl/ssl.rb#243
+ def fileno; end
+
+ # source://openssl//openssl/ssl.rb#259
+ def getsockopt(level, optname); end
+
+ # source://openssl//openssl/ssl.rb#251
+ def peeraddr; end
+
+ # source://openssl//openssl/ssl.rb#255
+ def setsockopt(level, optname, optval); end
+end
+
+module OpenSSL::Timestamp; end
+
+class OpenSSL::Timestamp::Factory
+ def additional_certs; end
+ def additional_certs=(_arg0); end
+ def allowed_digests; end
+ def allowed_digests=(_arg0); end
+ def create_timestamp(_arg0, _arg1, _arg2); end
+ def default_policy_id; end
+ def default_policy_id=(_arg0); end
+ def gen_time; end
+ def gen_time=(_arg0); end
+ def serial_number; end
+ def serial_number=(_arg0); end
+end
+
+class OpenSSL::Timestamp::Request
+ def initialize(*_arg0); end
+
+ def algorithm; end
+ def algorithm=(_arg0); end
+ def cert_requested=(_arg0); end
+ def cert_requested?; end
+ def message_imprint; end
+ def message_imprint=(_arg0); end
+ def nonce; end
+ def nonce=(_arg0); end
+ def policy_id; end
+ def policy_id=(_arg0); end
+ def to_der; end
+ def version; end
+ def version=(_arg0); end
+end
+
+class OpenSSL::Timestamp::Response
+ def initialize(_arg0); end
+
+ def failure_info; end
+ def status; end
+ def status_text; end
+ def to_der; end
+ def token; end
+ def token_info; end
+ def tsa_certificate; end
+ def verify(*_arg0); end
+end
+
+class OpenSSL::Timestamp::TimestampError < ::OpenSSL::OpenSSLError; end
+
+class OpenSSL::Timestamp::TokenInfo
+ def initialize(_arg0); end
+
+ def algorithm; end
+ def gen_time; end
+ def message_imprint; end
+ def nonce; end
+ def ordering; end
+ def policy_id; end
+ def serial_number; end
+ def to_der; end
+ def version; end
+end
+
+class OpenSSL::X509::Attribute
+ include ::OpenSSL::Marshal
+ extend ::OpenSSL::Marshal::ClassMethods
+
+ # source://openssl//openssl/x509.rb#330
+ def ==(other); end
+end
+
+class OpenSSL::X509::CRL
+ include ::OpenSSL::Marshal
+ include ::OpenSSL::X509::Extension::Helpers
+ include ::OpenSSL::X509::Extension::AuthorityKeyIdentifier
+ extend ::OpenSSL::Marshal::ClassMethods
+
+ # source://openssl//openssl/x509.rb#369
+ def ==(other); end
+end
+
+class OpenSSL::X509::Certificate
+ include ::OpenSSL::Marshal
+ include ::OpenSSL::X509::Extension::Helpers
+ include ::OpenSSL::X509::Extension::SubjectKeyIdentifier
+ include ::OpenSSL::X509::Extension::AuthorityKeyIdentifier
+ include ::OpenSSL::X509::Extension::CRLDistributionPoints
+ include ::OpenSSL::X509::Extension::AuthorityInfoAccess
+ extend ::OpenSSL::Marshal::ClassMethods
+
+ # source://openssl//openssl/x509.rb#349
+ def pretty_print(q); end
+
+ class << self
+ # source://openssl//openssl/x509.rb#360
+ def load_file(path); end
+ end
+end
+
+class OpenSSL::X509::Extension
+ include ::OpenSSL::Marshal
+ extend ::OpenSSL::Marshal::ClassMethods
+
+ # source://openssl//openssl/x509.rb#48
+ def ==(other); end
+
+ # source://openssl//openssl/x509.rb#64
+ def to_a; end
+
+ # {"oid"=>sn|ln, "value"=>value, "critical"=>true|false}
+ #
+ # source://openssl//openssl/x509.rb#60
+ def to_h; end
+
+ # "oid = critical, value"
+ #
+ # source://openssl//openssl/x509.rb#53
+ def to_s; end
+end
+
+module OpenSSL::X509::Extension::AuthorityInfoAccess
+ include ::OpenSSL::X509::Extension::Helpers
+
+ # Get the information and services for the issuer from the certificate's
+ # authority information access extension exteension, as described in RFC5280
+ # Section 4.2.2.1.
+ #
+ # Returns an array of strings or nil or raises ASN1::ASN1Error.
+ #
+ # source://openssl//openssl/x509.rb#162
+ def ca_issuer_uris; end
+
+ # Get the URIs for OCSP from the certificate's authority information access
+ # extension exteension, as described in RFC5280 Section 4.2.2.1.
+ #
+ # Returns an array of strings or nil or raises ASN1::ASN1Error.
+ #
+ # source://openssl//openssl/x509.rb#177
+ def ocsp_uris; end
+
+ private
+
+ # source://openssl//openssl/x509.rb#190
+ def parse_aia_asn1; end
+end
+
+module OpenSSL::X509::Extension::AuthorityKeyIdentifier
+ include ::OpenSSL::X509::Extension::Helpers
+
+ # Get the issuing certificate's key identifier from the
+ # authorityKeyIdentifier extension, as described in RFC5280
+ # Section 4.2.1.1
+ #
+ # Returns the binary String keyIdentifier or nil or raises
+ # ASN1::ASN1Error.
+ #
+ # source://openssl//openssl/x509.rb#104
+ def authority_key_identifier; end
+end
+
+module OpenSSL::X509::Extension::CRLDistributionPoints
+ include ::OpenSSL::X509::Extension::Helpers
+
+ # Get the distributionPoint fullName URI from the certificate's CRL
+ # distribution points extension, as described in RFC5280 Section
+ # 4.2.1.13
+ #
+ # Returns an array of strings or nil or raises ASN1::ASN1Error.
+ #
+ # source://openssl//openssl/x509.rb#129
+ def crl_uris; end
+end
+
+module OpenSSL::X509::Extension::Helpers
+ # source://openssl//openssl/x509.rb#69
+ def find_extension(oid); end
+end
+
+module OpenSSL::X509::Extension::SubjectKeyIdentifier
+ include ::OpenSSL::X509::Extension::Helpers
+
+ # Get the subject's key identifier from the subjectKeyIdentifier
+ # exteension, as described in RFC5280 Section 4.2.1.2.
+ #
+ # Returns the binary String key identifier or nil or raises
+ # ASN1::ASN1Error.
+ #
+ # source://openssl//openssl/x509.rb#82
+ def subject_key_identifier; end
+end
+
+class OpenSSL::X509::Name
+ include ::Comparable
+ include ::OpenSSL::Marshal
+ extend ::OpenSSL::Marshal::ClassMethods
+
+ # source://openssl//openssl/x509.rb#319
+ def pretty_print(q); end
+
+ class << self
+ # Parses the string representation of a distinguished name. Two
+ # different forms are supported:
+ #
+ # - \OpenSSL format (X509_NAME_oneline()) used by
+ # #to_s. For example: /DC=com/DC=example/CN=nobody
+ # - \OpenSSL format (X509_NAME_print())
+ # used by #to_s(OpenSSL::X509::Name::COMPAT). For example:
+ # DC=com, DC=example, CN=nobody
+ #
+ # Neither of them is standardized and has quirks and inconsistencies
+ # in handling of escaped characters or multi-valued RDNs.
+ #
+ # Use of this method is discouraged in new applications. See
+ # Name.parse_rfc2253 and #to_utf8 for the alternative.
+ #
+ # source://openssl//openssl/x509.rb#305
+ def parse(str, template = T.unsafe(nil)); end
+
+ # Parses the string representation of a distinguished name. Two
+ # different forms are supported:
+ #
+ # - \OpenSSL format (X509_NAME_oneline()) used by
+ # #to_s. For example: /DC=com/DC=example/CN=nobody
+ # - \OpenSSL format (X509_NAME_print())
+ # used by #to_s(OpenSSL::X509::Name::COMPAT). For example:
+ # DC=com, DC=example, CN=nobody
+ #
+ # Neither of them is standardized and has quirks and inconsistencies
+ # in handling of escaped characters or multi-valued RDNs.
+ #
+ # Use of this method is discouraged in new applications. See
+ # Name.parse_rfc2253 and #to_utf8 for the alternative.
+ #
+ # source://openssl//openssl/x509.rb#305
+ def parse_openssl(str, template = T.unsafe(nil)); end
+
+ # Parses the UTF-8 string representation of a distinguished name,
+ # according to RFC 2253.
+ #
+ # See also #to_utf8 for the opposite operation.
+ #
+ # source://openssl//openssl/x509.rb#286
+ def parse_rfc2253(str, template = T.unsafe(nil)); end
+ end
+end
+
+module OpenSSL::X509::Name::RFC2253DN
+ private
+
+ # source://openssl//openssl/x509.rb#237
+ def expand_hexstring(str); end
+
+ # source://openssl//openssl/x509.rb#225
+ def expand_pair(str); end
+
+ # source://openssl//openssl/x509.rb#244
+ def expand_value(str1, str2, str3); end
+
+ # source://openssl//openssl/x509.rb#251
+ def scan(dn); end
+
+ class << self
+ # source://openssl//openssl/x509.rb#237
+ def expand_hexstring(str); end
+
+ # source://openssl//openssl/x509.rb#225
+ def expand_pair(str); end
+
+ # source://openssl//openssl/x509.rb#244
+ def expand_value(str1, str2, str3); end
+
+ # source://openssl//openssl/x509.rb#251
+ def scan(dn); end
+ end
+end
+
+class OpenSSL::X509::Request
+ include ::OpenSSL::Marshal
+ extend ::OpenSSL::Marshal::ClassMethods
+
+ # source://openssl//openssl/x509.rb#385
+ def ==(other); end
+end
+
+class OpenSSL::X509::Revoked
+ # source://openssl//openssl/x509.rb#376
+ def ==(other); end
+end
diff --git a/sorbet/rbi/gems/pdf-reader@2.11.0.rbi b/sorbet/rbi/gems/pdf-reader@2.11.0.rbi
index d85e330..0ba2837 100644
--- a/sorbet/rbi/gems/pdf-reader@2.11.0.rbi
+++ b/sorbet/rbi/gems/pdf-reader@2.11.0.rbi
@@ -2075,7 +2075,7 @@ class PDF::Reader::ObjectHash
# Useful for apps that want to extract data from specific pages.
#
# source://pdf-reader//lib/pdf/reader/object_hash.rb#468
- sig { returns(T::Array[PDF::Reader::Reference]) }
+ sig { returns(T::Array[T.any(PDF::Reader::Reference, T::Hash[Symbol, T.untyped])]) }
def page_references; end
# Returns the value of attribute pdf_version.
diff --git a/sorbet/rbi/shims/io.rbi b/sorbet/rbi/shims/io.rbi
new file mode 100644
index 0000000..67a81e0
--- /dev/null
+++ b/sorbet/rbi/shims/io.rbi
@@ -0,0 +1,14 @@
+# typed: true
+
+class IO
+ sig do
+ params(
+ src: T.any(String, IO, Tempfile, StringIO),
+ dst: T.any(String, IO, Tempfile, StringIO),
+ copy_length: Integer,
+ src_offset: Integer,
+ )
+ .returns(Integer)
+ end
+ def self.copy_stream(src, dst, copy_length = T.unsafe(nil), src_offset = T.unsafe(nil)); end
+end
diff --git a/sorbet/rbi/shims/pdf_reader.rbi b/sorbet/rbi/shims/pdf_reader.rbi
new file mode 100644
index 0000000..a8fd7cd
--- /dev/null
+++ b/sorbet/rbi/shims/pdf_reader.rbi
@@ -0,0 +1,6 @@
+# typed: true
+
+class PDF::Reader::ObjectHash
+ sig { returns(T::Array[PDF::Reader::Reference]) }
+ def page_references; end
+end