/**
 * @packageDocumentation
 * Utilities for safely generating locally-trusted and machine-specific X.509 certificates for local development
 */

/// <reference types="node" />

/**
 * The CA public key as a buffer
 * @public
 */
export declare interface CaBuffer {
    /** CA public key */
    ca: Buffer;
}

/**
 * The cert authority's path on disk
 * @public
 */
export declare interface CaPath {
    /** CA cert path on disk */
    caPath: string;
}

/**
 * Request an SSL certificate for the given app name signed by the devcert root
 * certificate authority. If devcert has previously generated a certificate for
 * that app name on this machine, it will reuse that certificate.
 *
 * If this is the first time devcert is being run on this machine, it will
 * generate and attempt to install a root certificate authority.
 *
 * If `options.getCaBuffer` is true, return value will include the ca certificate data
 * as \{ ca: Buffer \}
 *
 * If `options.getCaPath` is true, return value will include the ca certificate path
 * as \{ caPath: string \}
 *
 * @public
 * @param commonName - common name for certificate
 * @param alternativeNames - alternate names for the certificate
 * @param options - cert generation options
 * @param partialCertOptions - certificate options
 */
export declare function certificateFor<O extends Options, CO extends Partial<CertOptions>>(commonName: string, alternativeNames: string[], options?: O, partialCertOptions?: CO): Promise<IReturnData<O>>;

/**
 * {@inheritdoc (certificateFor:1)}
 * @public
 */
export declare function certificateFor<O extends Options, CO extends Partial<CertOptions>>(commonName: string, options?: O, partialCertOptions?: CO): Promise<IReturnData<O>>;

/**
 * Certificate options
 * @public
 */
export declare interface CertOptions {
    /** Number of days before the CA expires */
    caCertExpiry: number;
    /** Number of days before the domain certificate expires */
    domainCertExpiry: number;
}

/**
 * Closes the remote server
 * @param hostname - hostname of the remote machine
 * @param port - port to connect the remote machine
 *
 * @public
 */
export declare function closeRemoteServer(hostname: string, port: number): Promise<string>;

/**
 * Get a list of domains that certifiates have been generated for
 * @alpha
 */
export declare function configuredDomains(): string[];

/**
 * Domain cert public and private keys as buffers
 * @public
 */
export declare interface DomainData {
    /** private key */
    key: Buffer;
    /** public key (cert) */
    cert: Buffer;
}

/**
 * Get the expiration and recommended renewal dates, for the latest issued
 * cert for a given common_name
 *
 * @alpha
 * @param commonName - common_name of cert whose expiration info is desired
 * @param renewalBufferInBusinessDays - number of business days before cert expiration, to start indicating that it should be renewed
 */
export declare function getCertExpirationInfo(commonName: string, renewalBufferInBusinessDays?: number): {
    mustRenew: boolean;
    renewBy: Date;
    expireAt: Date;
};

/**
 * Returns the remote box's certificate
 * @param hostname - hostname of the remote machine
 * @param port - port to connect the remote machine
 *
 * @public
 */
export declare function getRemoteCertificate(hostname: string, port: number): Promise<string>;

/**
 * Check whether a certificate with a given common_name has been installed
 *
 * @public
 * @param commonName - commonName of certificate whose existence is being checked
 */
export declare function hasCertificateFor(commonName: string): boolean;

/**
 * A return value containing the CA public key
 * @public
 */
export declare type IReturnCa<O extends Options> = O['getCaBuffer'] extends true ? CaBuffer : false;

/**
 * A return value containing the CA path on disk
 * @public
 */
export declare type IReturnCaPath<O extends Options> = O['getCaPath'] extends true ? CaPath : false;

/**
 * A return value containing the CA public key, CA path on disk, and domain cert info
 * @public
 */
export declare type IReturnData<O extends Options = {}> = DomainData & IReturnCa<O> & IReturnCaPath<O>;

/**
 * An interface that allows consuming apps to display logging on their side by
 * passing in the logging mechanism of their choice
 * @public
 */
export declare interface Logger {
    /**
     * info logging
     */
    log: typeof console.log;
    /**
     * warn logging
     */
    warn: typeof console.warn;
    /**
     * error logging
     */
    error: typeof console.error;
}

/**
 * Cert generation options
 *
 * @public
 */
export declare interface Options {
    /** Return the CA certificate data? */
    getCaBuffer?: boolean;
    /** Return the path to the CA certificate? */
    getCaPath?: boolean;
    /** If `certutil` is not installed already (for updating nss databases; e.g. firefox), do not attempt to install it */
    skipCertutilInstall?: boolean;
    /** Do not update your systems host file with the domain name of the certificate */
    skipHostsFile?: boolean;
    /** User interface hooks */
    ui?: UserInterface;
    /** Number of business days before domain cert expiry before automatic revoke and renew */
    renewalBufferInBusinessDays?: number;
}

/**
 * Remove a certificate and revoke it from the OpenSSL cert database
 * @public
 * @param commonName - commonName of cert to remove
 */
export declare function removeAndRevokeDomainCert(commonName: string): Promise<void>;

/**
 * Remove a certificate
 * @public
 * @param commonName - commonName of cert to remove
 * @deprecated please use {@link removeAndRevokeDomainCert | removeAndRevokeDomainCert} to ensure that the OpenSSL cert removal is handled properly
 */
export declare function removeDomain(commonName: string): void;

/**
 * Trust the certificate for a given hostname and port and add
 * the returned cert to the local trust store.
 * @param hostname - hostname of the remote machine
 * @param port - port to connect the remote machine
 * @param certPath - file path to store the cert
 *
 * @internal
 */
export declare function _trustCertsOnRemote(machineDetails: {
    hostname: string;
    port: number;
    certPath: string;
}, certDetails: {
    renewalBufferInBusinessDays: number;
}, injections?: {
    getRemoteCertsFunc: typeof getRemoteCertificate;
}): Promise<{
    mustRenew: boolean;
}>;

/**
 * Trust the remote hosts's certificate on local machine.
 * This function would ssh into the remote host, get the certificate
 * and trust the local machine from where this function is getting called from.
 * @public
 * @param hostname - hostname of the remote machine
 * @param certPath - file path to store the cert
 * @param TrustRemoteOptions - TrustRemoteOptions options
 */
export declare function trustRemoteMachine(hostname: string, certPath: string, { port, useLocalhostForRemote, renewalBufferInBusinessDays, logger }?: Partial<TrustRemoteOptions>): Promise<{
    mustRenew: boolean;
}>;

/**
 * For a given hostname and certpath,gets the certificate from the remote server,
 * stores it at the provided certPath,
 * trusts certificate from remote machine and closes the remote server.
 *
 * @param hostname - hostname of the remote machine
 * @param certPath - file path to store the cert
 * @param TrustRemoteOptions - TrustRemoteOptions options
 *
 * @internal
 */
export declare function _trustRemoteMachine(hostname: string, certPath: string, { port, renewalBufferInBusinessDays, logger, closeRemoteFunc }?: Partial<TrustRemoteOptions>, trustCertsOnRemoteFunc?: typeof _trustCertsOnRemote): Promise<boolean>;

/**
 * Remote certificate trust options
 *
 * @public
 */
export declare interface TrustRemoteOptions {
    /**
     * port number for the remote server.
     */
    port: number;
    /**
     * use localhost for connecting to remote server
     */
    useLocalhostForRemote: boolean;
    /**
     * remaining business days validity.
     */
    renewalBufferInBusinessDays: number;
    /**
     * Logger interface to suppport logging mechanism on the onsumer side.
     */
    logger?: Logger;
    /**
     * function to close the remote server.
     */
    closeRemoteFunc: typeof closeRemoteServer;
}

/**
 * Remove as much of the devcert files and state as we can. This is necessary
 * when generating a new root certificate, and should be available to API
 * consumers as well.
 *
 * Not all of it will be removable. If certutil is not installed, we'll leave
 * Firefox alone. We try to remove files with maximum permissions, and if that
 * fails, we'll silently fail.
 *
 * It's also possible that the command to untrust will not work, and we'll
 * silently fail that as well; with no existing certificates anymore, the
 * security exposure there is minimal.
 *
 * @public
 */
export declare function uninstall(): void;

/**
 * Untrust the certificate for a given file path.
 * @public
 * @param filePath - file path of the cert
 */
export declare function untrustMachineByCertificate(certPath: string): void;

/**
 * A representation of several parts of the local system that the user interacts with
 * @public
 */
export declare interface UserInterface {
    /** Get the disk encryption password (windows only) */
    getWindowsEncryptionPassword(): string | Promise<string>;
    /** Deliver a warning to the user without using certutil (linux only) */
    warnChromeOnLinuxWithoutCertutil(): void | Promise<void>;
    /** Close firefox */
    closeFirefoxBeforeContinuing(): void | Promise<void>;
    /** Begin the process of approving a cert through firefix */
    startFirefoxWizard(certificateHost: string): void | Promise<void>;
    /** Load the cert approval page in the user's local firefox */
    firefoxWizardPromptPage(certificateURL: string): string | Promise<string>;
    /** Wait for the user to complete the firefox cert approval wizard */
    waitForFirefoxWizard(): void | Promise<void>;
}

export { }