import { type Certificate } from "node-opcua-crypto/web";
import type { ICertificateStore } from "node-opcua-common";
import { ObjectRegistry } from "node-opcua-object-registry";
import { CertificateManager } from "node-opcua-pki";
import { type StatusCode, type StatusCodeCallback } from "node-opcua-status-code";
export interface ICertificateManager {
    getTrustStatus(certificate: Certificate): Promise<StatusCode>;
    getTrustStatus(certificate: Certificate, callback: StatusCodeCallback): void;
    checkCertificate(certificate: Certificate): Promise<StatusCode>;
    checkCertificate(certificate: Certificate, callback: StatusCodeCallback): void;
    /**
     *
     * @param certificate
     * @param callback
     */
    trustCertificate(certificate: Certificate, callback: (err?: Error | null) => void): void;
    trustCertificate(certificate: Certificate): Promise<void>;
    rejectCertificate(certificate: Certificate, callback: (err?: Error | null) => void): void;
    rejectCertificate(certificate: Certificate): Promise<void>;
}
export interface OPCUACertificateManagerOptions {
    /**
     * where to store the PKI
     * default %APPDATA%/node-opcua-default
     */
    rootFolder?: null | string;
    automaticallyAcceptUnknownCertificate?: boolean;
    /**
     * the name of the pki store( default value = "pki" )
     *
     * the PKI folder will be <rootFolder>/<name>
     */
    name?: string;
    /**
     *
     */
    keySize?: 2048 | 3072 | 4096;
    /**
     * When `true`, file-system watchers (chokidar) on the PKI
     * folders are disabled.  The initial scan still populates
     * the in-memory indexes but live change detection is off.
     *
     * Useful in test / CI pipelines where many servers start
     * in parallel and the accumulated `fs.watch` handles
     * exhaust the libuv thread-pool.
     *
     * @defaultValue false
     */
    disableFileWatchers?: boolean;
}
export declare class OPCUACertificateManager extends CertificateManager implements ICertificateManager, ICertificateStore {
    #private;
    static defaultCertificateSubject: string;
    static registry: ObjectRegistry;
    referenceCounter: number;
    automaticallyAcceptUnknownCertificate: boolean;
    constructor(options: OPCUACertificateManagerOptions);
    initialize(): Promise<void>;
    initialize(callback: (err?: Error) => void): void;
    dispose(): Promise<void>;
    checkCertificate(certificateChain: Certificate | Certificate[]): Promise<StatusCode>;
    checkCertificate(certificateChain: Certificate | Certificate[], callback: StatusCodeCallback): void;
    getTrustStatus(certificate: Certificate): Promise<StatusCode>;
    getTrustStatus(certificate: Certificate, callback: StatusCodeCallback): void;
}
export declare function getDefaultCertificateManager(name: "PKI" | "UserPKI"): OPCUACertificateManager;