/** * Service name used for keychain operations */ export declare const KEYCHAIN_SERVICE_NAME = "ziti-mcp-server"; /** * Keychain item keys for OpenZiti related tokens and configuration * @readonly * @enum {string} */ export declare const KeychainItem: { /** Access token for OpenZiti Controller Management API */ readonly TOKEN: "OPENZITI_TOKEN"; /** OpenZiti Controller host */ readonly ZITI_CONTROLLER_HOST: "ZITI_CONTROLLER_HOST"; /** IdP domain */ readonly DOMAIN: "OPENZITI_IDP_DOMAIN"; /** OAuth refresh token for obtaining new access tokens */ readonly REFRESH_TOKEN: "OPENZITI_REFRESH_TOKEN"; /** Timestamp when the current token expires */ readonly TOKEN_EXPIRES_AT: "OPENZITI_TOKEN_EXPIRES_AT"; /** Identity certificate from Ziti identity file */ readonly IDENTITY_CERT: "OPENZITI_IDENTITY_CERT"; /** Identity private key from Ziti identity file */ readonly IDENTITY_KEY: "OPENZITI_IDENTITY_KEY"; /** Identity CA certificate from Ziti identity file */ readonly IDENTITY_CA: "OPENZITI_IDENTITY_CA"; /** UPDB username */ readonly UPDB_USERNAME: "OPENZITI_UPDB_USERNAME"; /** UPDB password */ readonly UPDB_PASSWORD: "OPENZITI_UPDB_PASSWORD"; /** Controller CA certificate for trusting self-signed/private CA controllers */ readonly CONTROLLER_CA: "OPENZITI_CONTROLLER_CA"; }; /** * Array of all keychain item keys for operations that need to process all items * @type {string[]} */ export declare const ALL_KEYCHAIN_ITEMS: ("OPENZITI_TOKEN" | "ZITI_CONTROLLER_HOST" | "OPENZITI_IDP_DOMAIN" | "OPENZITI_REFRESH_TOKEN" | "OPENZITI_TOKEN_EXPIRES_AT" | "OPENZITI_IDENTITY_CERT" | "OPENZITI_IDENTITY_KEY" | "OPENZITI_IDENTITY_CA" | "OPENZITI_UPDB_USERNAME" | "OPENZITI_UPDB_PASSWORD" | "OPENZITI_CONTROLLER_CA")[]; /** * Type representing the result of a keychain operation */ export type KeychainOperationResult = { item: string; success: boolean; error?: Error; }; /** * Keychain service for securely storing OpenZiti Controller credentials * Provides type-safe methods for working with OpenZiti Controller tokens and settings */ declare class KeychainService { private serviceName; /** * Creates a new KeychainService instance * @param serviceName - The keychain service name to use */ constructor(serviceName?: string); /** * Store the OpenZiti Controller access token in the keychain * @param token - The access token to store * @returns A promise that resolves to true if successful, false otherwise */ setToken(token: string): Promise; /** * Retrieve the OpenZiti Controller access token from the keychain * @returns A promise that resolves to the access token or null if not found */ getToken(): Promise; /** * Store the OpenZiti Controller host in the keychain * @param host - The host to store * @returns A promise that resolves to true if successful, false otherwise */ setZitiControllerHost(host: string): Promise; /** * Retrieve the OpenZiti Controller host from the keychain * @returns A promise that resolves to the host or null if not found */ getZitiControllerHost(): Promise; /** * Store the OpenZiti Controller host in the keychain * @param host - The host to store * @returns A promise that resolves to true if successful, false otherwise */ setDomain(domain: string): Promise; /** * Retrieve the OpenZiti Controller host from the keychain * @returns A promise that resolves to the host or null if not found */ getDomain(): Promise; /** * Store the OpenZiti Controller refresh token in the keychain * @param refreshToken - The refresh token to store * @returns A promise that resolves to true if successful, false otherwise */ setRefreshToken(refreshToken: string): Promise; /** * Retrieve the OpenZiti Controller refresh token from the keychain * @returns A promise that resolves to the refresh token or null if not found */ getRefreshToken(): Promise; /** * Store the token expiration timestamp in the keychain * @param timestamp - The expiration timestamp in milliseconds since epoch * @returns A promise that resolves to true if successful, false otherwise */ setTokenExpiresAt(timestamp: number): Promise; /** * Retrieve the token expiration timestamp from the keychain * @returns A promise that resolves to the timestamp as a number or null if not found */ getTokenExpiresAt(): Promise; /** * Store the identity certificate in the keychain * @param cert - The PEM-encoded certificate * @returns A promise that resolves to true if successful, false otherwise */ setIdentityCert(cert: string): Promise; /** * Retrieve the identity certificate from the keychain * @returns A promise that resolves to the certificate or null if not found */ getIdentityCert(): Promise; /** * Store the identity private key in the keychain * @param key - The PEM-encoded private key * @returns A promise that resolves to true if successful, false otherwise */ setIdentityKey(key: string): Promise; /** * Retrieve the identity private key from the keychain * @returns A promise that resolves to the key or null if not found */ getIdentityKey(): Promise; /** * Store the identity CA certificate in the keychain * @param ca - The PEM-encoded CA certificate * @returns A promise that resolves to true if successful, false otherwise */ setIdentityCa(ca: string): Promise; /** * Retrieve the identity CA certificate from the keychain * @returns A promise that resolves to the CA certificate or null if not found */ getIdentityCa(): Promise; /** * Store the UPDB username in the keychain * @param username - The UPDB username to store * @returns A promise that resolves to true if successful, false otherwise */ setUpdbUsername(username: string): Promise; /** * Retrieve the UPDB username from the keychain * @returns A promise that resolves to the username or null if not found */ getUpdbUsername(): Promise; /** * Store the UPDB password in the keychain * @param password - The UPDB password to store * @returns A promise that resolves to true if successful, false otherwise */ setUpdbPassword(password: string): Promise; /** * Retrieve the UPDB password from the keychain * @returns A promise that resolves to the password or null if not found */ getUpdbPassword(): Promise; /** * Store the controller CA certificate in the keychain * @param ca - The PEM-encoded CA certificate * @returns A promise that resolves to true if successful, false otherwise */ setControllerCa(ca: string): Promise; /** * Retrieve the controller CA certificate from the keychain * @returns A promise that resolves to the CA certificate or null if not found */ getControllerCa(): Promise; /** * Delete all OpenZiti Controller related items from the keychain * @returns A promise that resolves to an array of results for each deletion operation */ clearAll(): Promise; /** * Delete a specific item from the keychain * @param key - The key to delete * @returns A promise that resolves to true if successful, false otherwise */ delete(key: string): Promise; /** * Internal method to store a value in the system keychain * @param key - The key to store the value under * @param value - The value to store * @returns A promise that resolves to true if successful, false otherwise * @private */ private set; /** * Internal method to retrieve a value from the system keychain * @param key - The key to retrieve * @returns A promise that resolves to the stored value or null if not found * @private */ private get; } export declare const keychain: KeychainService; export {};