/**
 * Vault Storage Service
 *
 * Handles external storage operations for large vault files.
 * Supports S3 and S3-compatible storage (MinIO, Cloudflare R2, etc.)
 */
import type { Logger } from '@credo-ts/core';
import type { S3StorageConfig, VaultStorageReference, PresignedUploadUrl, PresignedDownloadUrl } from './VaultStorageConfig';
/**
 * Vault Storage Service
 *
 * Provides operations for storing and retrieving vault ciphertext
 * from external storage providers like S3.
 */
export declare class VaultStorageService {
    private logger;
    private s3Client?;
    private s3Commands?;
    private s3Presigner?;
    private config?;
    constructor(logger: Logger);
    /**
     * Configure the storage service with S3 settings
     */
    configure(config: S3StorageConfig): Promise<void>;
    /**
     * Check if storage is configured and ready
     */
    isConfigured(): boolean;
    /**
     * Initialize S3 client (lazy loading)
     */
    private initializeS3Client;
    /**
     * Upload vault ciphertext to S3
     *
     * @param ciphertext - Encrypted vault data
     * @param vaultId - Vault identifier
     * @param options - Upload options
     * @returns Storage reference
     */
    upload(ciphertext: Uint8Array, vaultId: string, options?: {
        docId?: string;
        contentType?: string;
        metadata?: Record<string, string>;
    }): Promise<VaultStorageReference>;
    /**
     * Download vault ciphertext from S3
     *
     * @param reference - Storage reference
     * @returns Ciphertext bytes
     */
    download(reference: VaultStorageReference): Promise<Uint8Array>;
    /**
     * Delete vault ciphertext from S3
     *
     * @param reference - Storage reference
     */
    delete(reference: VaultStorageReference): Promise<void>;
    /**
     * Check if a vault exists in storage
     *
     * @param reference - Storage reference
     * @returns True if exists
     */
    exists(reference: VaultStorageReference): Promise<boolean>;
    /**
     * Generate pre-signed URL for upload
     *
     * Used by vault operators to provide upload URLs to clients
     *
     * @param vaultId - Vault identifier
     * @param options - Upload options
     * @returns Pre-signed upload URL
     */
    generateUploadUrl(vaultId: string, options?: {
        contentType?: string;
        maxSize?: number;
        expiresIn?: number;
    }): Promise<PresignedUploadUrl>;
    /**
     * Generate pre-signed URL for download
     *
     * @param reference - Storage reference
     * @param expiresIn - Expiration in seconds
     * @returns Pre-signed download URL
     */
    generateDownloadUrl(reference: VaultStorageReference, expiresIn?: number): Promise<PresignedDownloadUrl>;
    /**
     * Download from a pre-signed URL (for clients without S3 credentials)
     *
     * @param downloadUrl - Pre-signed download URL
     * @param expectedChecksum - Expected checksum for verification
     * @returns Downloaded data
     */
    downloadFromUrl(downloadUrl: string, expectedChecksum?: string): Promise<Uint8Array>;
    /**
     * Upload to a pre-signed URL (for clients without S3 credentials)
     *
     * @param uploadUrl - Pre-signed upload URL
     * @param data - Data to upload
     * @param contentType - Content type
     * @returns Checksum of uploaded data
     */
    uploadToUrl(uploadUrl: string, data: Uint8Array, contentType?: string): Promise<string>;
    /**
     * Compute SHA-256 checksum, encoded as standard base64 (with padding).
     * AWS S3 ChecksumSHA256 expects standard base64, not base64url.
     */
    private computeChecksum;
    /**
     * Build S3 URI from bucket and key
     */
    private buildStorageUri;
    /**
     * Parse S3 URI into bucket and key
     */
    private parseStorageUri;
}