import { Observable } from 'rxjs';
import { AjaxError, AjaxRequest } from 'rxjs/ajax';
import { CimStreamOptions, CimStreamResponse } from '../data/cim-stream';
import { HttpStatusCode } from '../data/http-constants';
import { PowerShellStreamResponse } from '../data/powershell-stream';
import { RpcForwardResponse } from '../rpc/forward/rpc-forward-model';
import { Rpc } from '../rpc/rpc';
import { RpcRelationshipType } from '../rpc/rpc-base';
import { RpcServiceForwarder } from '../rpc/rpc-forwarder';
import { SignedHttpRequestToken, SignOnManager, SignOnTokenResponse } from './sign-on-manager';
/**
 * Defines the response from an Authorization Handler
 */
export interface AuthorizationCredentials {
    username: string;
    password: string;
    applyToAllNodes?: boolean;
    useLaps?: boolean;
    lapsLocalAdminName?: string;
}
/**
 * Defines the response the AuthorizationManager returns from getToken
 */
export interface AuthorizationTokenResponse {
    token: AuthorizationToken;
    appliesTo?: string | string[];
}
/**
 * Defines an authorizationToken
 */
export interface AuthorizationToken {
    value: string;
    username: string;
    useLaps: boolean;
    lapsLocalAdminName: string;
}
/**
 * The create authorization token options
 */
export interface CreateAuthorizationTokenOptions {
    password?: string;
    username?: string;
    useLaps?: boolean;
    lapsLocalAdminName?: string;
}
/**
 * The extra error data of original cause.
 */
export interface NodeAuthorizationErrorData {
    statusCode: HttpStatusCode;
    errorCode: string;
    errorMessage: string;
}
/**
 * Defines a handler that takes a nodeName and returns authorization credentials
 */
export declare type NodeAuthorizationHandler = (nodeName?: string | string[], errorData?: NodeAuthorizationErrorData) => Observable<AuthorizationCredentials>;
/**
 * Defines properties that will be provided to child instances on a forward init request
 */
export interface AuthorizationManagerInitProperties {
    manageAsToken: AuthorizationToken;
    nodeTokens: MsftSme.StringMap<AuthorizationToken>;
    nodePowershellEndpoints: MsftSme.StringMap<string>;
    signOnToken: SignedHttpRequestToken;
}
/**
 * Authorization Manager class. Handles SME authentication for service requests.
 */
export declare class AuthorizationManager extends RpcServiceForwarder {
    private authorize;
    /**
     * Cache key for session storage of authorization cache
     */
    private static cacheKey;
    /**
     * If no laps local admin name is defined, it will default to 'administrator'
     */
    static defaultLapsLocalAdminName: string;
    private static rpcCommands;
    /**
     * Create a map of nodeNames to token objects to hold node specific tokens.
     */
    nodeTokens: MsftSme.StringMap<AuthorizationToken>;
    /**
     * The sign on operation manager.
     */
    signOnManager: SignOnManager;
    /**
     * The backing store fro the manageAsToken
     */
    private token;
    /**
     * The JSON Web Key. Single string with JSON.stringify format.
     */
    private jwk;
    /**
     * Credentials expiration time, used to determine the lifetime of new tokens. Value in milliseconds.
     */
    private credentialsExpirationTimeInMs;
    /**
     * Underlying implementation subject for credentialExpiration observable
     */
    private credentialExpirationChangedSubject;
    /**
     * Observable that emits whenever the credentials expiration has changed
     */
    credentialExpirationChanged: Observable<number>;
    /**
     * Set the admin configured expiration time in milliseconds
     * If this is not set it will be defaulted to 365 days.
     */
    set authExpirationInMs(expirationTimeInMs: number);
    /**
     * The logon user returned by gateway's api/user
     */
    private logOnUser;
    /**
     * Sets logon user and caches the value
     */
    set shellLogOnUser(username: string);
    /**
     * The mapping of connections to PowershellEndpoints
     */
    private nodePowershellEndpoints;
    /**
     * The token awaiter subject.
     */
    private tokenAwaiter;
    /**
     * The subject observable of sign on token awaiter.
     */
    private signOnTokenAwaiter;
    /**
     * Sets the current manage as token
     * If running with an Rpc child, notify of the change
     */
    set manageAsToken(token: AuthorizationToken);
    /**
     * Gets the current manage as token
     */
    get manageAsToken(): AuthorizationToken;
    /**
     * Sets the gateway encryption certificate JWK.
     * If this is not set by Shell/Add-Connection, it will send clear text password.
     */
    set gatewayJwk(jwk: string);
    /**
     * Observable that emits whenever the gateways Jwk has changed
     */
    readonly gatewayJwkChanged: Observable<string>;
    /**
     * Underlying implementation subject for gatewayJwkChanged observable
     */
    private gatewayJwkChangedSubject;
    /**
     * Gets the gateway encryption certificate JWK.
     */
    get gatewayJwk(): string;
    /**
     * Gets an observable the emits when the authorization token is ready
     */
    get authAwaiter(): Observable<AuthorizationTokenResponse>;
    /**
     * Initializes a new instance of the Authorization Manager class
     * @param authorize An AuthorizationHandler with which to retrieve user credentials
     * @param rpc The rpc to forward auth requests to a parent window
     */
    constructor(authorize: NodeAuthorizationHandler, rpc: Rpc);
    /**
     * defines the conditions under which the AuthorizationManager can handle an ajax error
     */
    canHandleAjaxFailure(code: HttpStatusCode, error: AjaxError): boolean;
    /**
     * When canHandle returns true for an ajax error, this method can be called to handle that error.
     */
    handleAjaxFailure(code: HttpStatusCode, request: AjaxRequest, error: AjaxError, nodeName?: string): Observable<AjaxRequest>;
    /**
     * Check if it can handle the error.
     *
     * @param response the response of CIM stream query.
     */
    canHandleStreamFailure(response: CimStreamResponse): boolean;
    /**
     * When canHandle returns true for an ajax error, this method can be called to handle that error.
     */
    handleStreamFailure(nodeName: string, options: CimStreamOptions, response: CimStreamResponse | PowerShellStreamResponse): Observable<CimStreamOptions>;
    saveJeaContext(nodeName: string, endpoint: string): void;
    getJeaEndpoint(nodeName: string): string;
    /**
     * Associates a node to use a specified JEA endpoint
     */
    setJeaEndpoint(nodeName: string, endpoint: string): void;
    /**
     * Calls the authorize method and gets a new token.
     * If running as a child, the token comes from the parent windows service
     */
    getNewToken(nodeName: string): Observable<AuthorizationTokenResponse>;
    getNewToken(nodeNames: string[]): Observable<AuthorizationTokenResponse>;
    getNewToken(nodeName: string, errorData: NodeAuthorizationErrorData): Observable<AuthorizationTokenResponse>;
    getNewToken(nodeNames: string[], errorData: NodeAuthorizationErrorData): Observable<AuthorizationTokenResponse>;
    refreshSignOnToken(): Observable<SignOnTokenResponse>;
    /**
     * Forward Sign On Token to child frame.
     */
    forwardSignOnToken(): void;
    /**
     * @deprecated use createSecureToken() after configured gatewayJwk property.
     *
     * Creates a token from the given options that may be used for node authentication
     * @param options The token creation options
     */
    createToken(options: CreateAuthorizationTokenOptions, passwordEncryptedWith?: string): AuthorizationToken;
    /**
     * Creates a secure token from the given options that may be used for node authentication
     *
     * @param options The token creation options
     */
    createSecureToken(options: CreateAuthorizationTokenOptions): Observable<AuthorizationToken>;
    /**
     * Get the saved Auth token for a node.
     *
     * @param nodeName The nodeName to get token for.
     */
    getSavedNodeToken(nodeName: string): AuthorizationToken;
    /**
     * Sets a token on the given nodes
     * @param token The token to use for the given nodes
     * @param nodeName The names of the nodes to set the token for. If empty or null, the token will be used as the global manageAs token
     * @returns an Observable indicating that the token has been set.
     */
    setNodeTokens(token: AuthorizationToken, nodeNames?: string[]): Observable<void>;
    /**
     * Adds a authorization header to a request given a node with a manageAsToken
     * @param request The request to add headers to
     * @param nodeName optional. The node to add headers for if not provided, the global token will be used
     * @param token optional. The token to use for the headers. if provided, the nodeName is not used.
     */
    addAuthorizationRequestHeader(request: AjaxRequest, nodeName?: string, token?: AuthorizationToken): void;
    /**
     * Create token headers.
     *
     * @param nodeName the node name.
     * @param token the token to override current setting (optional).
     */
    createTokenHeaders(nodeName: string, token?: AuthorizationToken): MsftSme.StringMap<string>;
    /**
     * Adds a authorization header to a request given a node with a manageAsToken
     */
    addAuthorizationTokensToMultiPartBody(body: string[], nodeName?: string, token?: AuthorizationToken): void;
    resetAllTokens(): void;
    /**
     * Encrypts a string value using the jwk from the gateway
     */
    encrypt(value: string): Observable<string>;
    /**
     * Called on a child service instance when onForwardInit returns from the parent
     * @param data The response from the forwardInit call
     */
    protected onForwardInitResponse(data: RpcForwardResponse<AuthorizationManagerInitProperties>): void;
    /**
     * Called when a new instance of the service in another window is initialized and needs to synchronize with its parent
     * @param from The RpcRelationshipType that this request is from
     * @returns an observable for the all the values needed to initialize the service
     */
    protected onForwardInit(): Observable<AuthorizationManagerInitProperties>;
    /**
     * Called when the forwarded services counterpart wants to get data from the parent
     * @param from The RpcRelationshipType that this request is from
     * @param name The name of the method to forward to
     * @param args The arguments of the method
     * @returns an observable for the result of the method call
     */
    protected onForwardExecute(from: RpcRelationshipType, name: string, args: any[]): Observable<any>;
    /**
     * Called when the forwarded services counterpart sends a notify message
     * @param from The RpcRelationshipType that this request is from
     * @param name The name of the property to change
     * @param value The new value of the property
     * @returns an observable that completes when the property has been changed.
     */
    protected onForwardNotify(from: RpcRelationshipType, name: string, value: any): Observable<void>;
    /**
     * Creates a secure token from the given options that may be used for node authentication
     *
     * @param options The token creation options
     */
    private secureToken;
    /**
     * Completes the token awaiter
     */
    private completeTokenAwaiter;
    /**
     * Completes the sign on token awaiter
     */
    private completeSignOnTokenAwaiter;
    /**
     * Gets the error data.
     * @param code the http status code.
     * @param error the AJAX error object.
     */
    private getErrorData;
    /**
     * Updates the authorization cache. Does nothing if we are not running in shell
     */
    private updateCache;
}
