import * as express from "express"; import { ValidateCallback } from "./types"; import qs from "qs"; export declare type Profile = { issuer?: string; sessionIndex?: string; nameID?: string | null; nameIDFormat?: string; nameQualifier?: string; spNameQualifier?: string; ID?: string; mail?: string; email?: string; getAssertionXml(): string; getAssertion(): object; getSamlResponseXml(): string; } & { [attributeName: string]: unknown; }; export declare type VerifiedCallback = (err: Error | null, user?: any, loggedOf?: boolean) => void; export interface CacheProvider { save(key: string | null, value: any, callback: (err: Error | null, cacheItem: CacheItem | null) => void | null): void; get(key: string, callback: (err: Error | null, value: any) => void | null): void; remove(key: string, callback: (err: Error | null, key: string | null) => void | null): void; } export interface RequestWithUser extends express.Request { user?: Profile; samlLogoutRequest?: any; } export interface CacheItem { createdAt: number; value: any; } export declare type CertCallback = (callback: (err: Error | null, cert?: string | string[]) => void) => void; export interface SAMLOptions { callbackUrl?: string; path?: string; protocol?: string; host?: string; entryPoint: string; issuer: string; privateCert?: string; cert?: string | string[] | CertCallback; decryptionPvk?: string; signatureAlgorithm: 'sha1' | 'sha256' | 'sha512'; additionalParams?: any; additionalAuthorizeParams?: any; identifierFormat?: string; acceptedClockSkewMs: number; attributeConsumingServiceIndex?: string; disableRequestedAuthnContext?: boolean; authnContext: string[] | string; forceAuthn?: boolean; skipRequestCompression?: boolean; authnRequestBinding?: string; RACComparison?: 'exact' | 'minimum' | 'maximum' | 'better'; providerName?: string; passive?: boolean; idpIssuer?: string; audience?: string; validateInResponseTo?: boolean; requestIdExpirationPeriodMs: number; cacheProvider: CacheProvider; name?: string; passReqToCallback?: boolean; logoutUrl?: string; additionalLogoutParams?: any; logoutCallbackUrl?: string; disableRequestACSUrl?: boolean; xmlSignatureTransforms: string[]; digestAlgorithm: string; organization?: { name: string; displayName: string; url: string; }; } interface NameID { value: string | null; format: string | false | 0; } export declare class SAML { options: SAMLOptions; cacheProvider: CacheProvider; constructor(options: SAMLOptions); initialize(options: Partial): SAMLOptions; getProtocol({ protocol }: express.Request): string; getCallbackUrl(req: express.Request): string; generateUniqueID(): string; generateInstant(): string; signRequest(samlMessage: any): void; generateAuthorizeRequest(req: express.Request, isPassive: boolean | undefined, isHttpPostBinding: boolean, callback: (err: Error | null, r?: string) => void): void; generateLogoutRequest({ user }: RequestWithUser): Promise; generateLogoutResponse(req: express.Request, { ID }: { ID: string; }): string; requestToUrl(request: string | null, response: string | null, operation: string, additionalParameters: any, callback: (err: Error | null, url?: string) => void): void; getAdditionalParams({ query, body }: express.Request, operation: string, overrideParams?: any): any; getAuthorizeUrl(req: express.Request, options: { passive?: boolean; additionalParams: any; }, callback: (err: Error | null, url?: string) => void): void; getAuthorizeForm(req: express.Request, callback: (err: Error | null, data?: string) => void): void; getLogoutUrl(req: RequestWithUser, options: { additionalParams?: any; }, callback: (err: Error | null, url?: string) => void): Promise; getLogoutResponseUrl(req: RequestWithUser, options: { additionalParams: any; }, callback: (err: Error | null, url?: string) => void): void; certToPEM(cert: string): string; certsToCheck(): Promise; validateSignature(fullXml: string, currentNode: Element, certs: string[]): boolean; validateSignatureForCert(signature: string, cert: string, fullXml: string, currentNode: Element): boolean; validatePostResponse({ SAMLResponse }: any, callback: ValidateCallback): void; validateInResponseTo(inResponseTo: string | null): Promise; validateRedirect(container: qs.ParsedQs, originalQuery: string | null, callback: ValidateCallback): void; hasValidSignatureForRedirect({ Signature, SigAlg }: any, originalQuery: string): Promise; validateSignatureForRedirect(urlString: string, signature: string, alg: string, cert: string): boolean; verifyLogoutRequest({ LogoutRequest }: any): void; verifyLogoutResponse({ LogoutResponse }: any): Promise; verifyIssuer({ Issuer }: any): void; processValidlySignedAssertion(xml: string, samlResponseXml: string, inResponseTo: string | null, callback: ValidateCallback): void; checkTimestampsValidityError(nowMs: number, notBefore: string, notOnOrAfter: string): Error | null; checkAudienceValidityError(expectedAudience: string, audienceRestrictions: any): any; validatePostRequest({ SAMLRequest }: any, callback: ValidateCallback): void; getNameID({ options }: SAML, doc: Document, callback: (err: Error | null, nameID?: NameID) => void): any; generateServiceProviderMetadata(decryptionCert: string | null, signingCert: string): string; keyToPEM(key: string): string; } export {};