import * as E from "fp-ts/lib/Either";
import * as O from "fp-ts/lib/Option";
import * as TE from "fp-ts/lib/TaskEither";
import * as t from "io-ts";
import { SamlConfig } from "passport-saml";
import { MultiSamlConfig } from "passport-saml/multiSamlStrategy";
import { Builder } from "xml2js";
import { SPID_USER_ATTRIBUTES } from "../config";
import { EventTracker } from "..";
import { ILollipopParams } from "../types/lollipop";
import { IServiceProviderConfig } from "./middleware";
import { IIssueInstantWithAuthnContextCR } from "./saml";
export type SamlAttributeT = keyof typeof SPID_USER_ATTRIBUTES;
export declare const SAML_NAMESPACE: {
    ASSERTION: string;
    PROTOCOL: string;
    SPID: string;
    XMLDSIG: string;
};
export declare const XML_TAGS: {
    LANG: string;
};
export declare const SPID_TAGS: {
    ENTITY_TYPE: string;
    FISCAL_CODE: string;
    IPA_CODE: string;
    VAT_NUMBER: string;
};
export declare const ISSUER_FORMAT = "urn:oasis:names:tc:SAML:2.0:nameid-format:entity";
export declare const ERROR_SAML_RESPONSE_MISSING = "Missing SAMLResponse in ACS";
export declare const InfoNotAvailable = "NOT AVAILABLE";
/**
 * If an eventHandler and a feature flag are provided this function logs the timing deltas.
 * This is useful to monitor the timings and to adjust the clockSkewMs variable
 */
export declare const extractAndLogTimings: (startTime: number, idpIssuer: string, requestId: string, clockSkewMs?: number, eventHandler?: EventTracker, hasClockSkewLoggingEvent?: boolean) => (info: IIssueInstantWithAuthnContextCR) => TE.TaskEither<never, void>;
export declare const notSignedWithHmacPredicate: <B extends Element>(b: B) => E.Either<Error, B>;
export declare const safeXMLParseFromString: (doc: string) => O.Option<Document>;
export declare const getXmlFromSamlResponse: (body: unknown) => O.Option<Document>;
/**
 * Extract StatusMessage from SAML response
 *
 * ie. for <StatusMessage>ErrorCode nr22</StatusMessage>
 * returns "22"
 */
export declare const getErrorCodeFromResponse: (doc: Document) => O.Option<string>;
/**
 * Extracts the issuer field from the response body.
 */
export declare const getSamlIssuer: (doc: Document) => O.Option<string>;
export declare const getIDFromRequest: (requestXML: string) => O.Option<string>;
/**
 * Reads dates information in x509 certificate
 * and logs remaining time to its expiration date.
 *
 * @param samlCert x509 certificate as string
 */
export declare const logSamlCertExpiration: (samlCert: string) => void;
/**
 * This method extracts the correct IDP metadata
 * from the passport strategy options.
 *
 * It's executed for every SPID login (when passport
 * middleware is configured) and when generating
 * the Service Provider metadata.
 */
export declare const getSamlOptions: MultiSamlConfig["getSamlOptions"];
export declare const getMetadataTamperer: (xmlBuilder: Builder, serviceProviderConfig: IServiceProviderConfig, samlConfig: SamlConfig) => (generateXml: string) => TE.TaskEither<Error, string>;
export declare const getAuthorizeRequestTamperer: (xmlBuilder: Builder, samlConfig: SamlConfig) => (generateXml: string, lollipopParams?: ILollipopParams) => TE.TaskEither<Error, string>;
export declare const validateIssuer: (fatherElement: Element, idpIssuer: string) => E.Either<Error, Element>;
export declare const mainAttributeValidation: (validationTimestamp: number) => (requestOrAssertion: Element, acceptedClockSkewMs?: number) => E.Either<Error, Date>;
export declare const isEmptyNode: (element: Element) => boolean;
export declare const TransformError: t.TypeC<{
    idpIssuer: t.StringC;
    message: t.StringC;
    numberOfTransforms: t.NumberC;
}>;
export type TransformError = t.TypeOf<typeof TransformError>;
export declare const transformsValidation: (targetElement: Element, idpIssuer: string) => E.Either<TransformError, Element>;
export declare const assertionValidation: (validationTimestamp: number) => (Assertion: Element, samlConfig: SamlConfig, InResponseTo: string, requestAuthnContextClassRef: string) => E.Either<Error, HTMLCollectionOf<Element>>;
