export = Service;
/**
 * @typedef {import('../token/Token')} Token
 * @typedef {import('../context/SecurityContext')} SecurityContext
 * @typedef {import('../jwks/Jwks')} Jwks
 * @typedef {import('../error/validation/ValidationError')} ValidationError
 * @typedef {import('../util/Types').ServiceCredentials} ServiceCredentials
 * @typedef {import('../util/Types').ServiceConfig} ServiceConfig
 * @typedef {import('../util/Types').SecurityContextConfig} SecurityContextConfig
 * @typedef {import('../util/Types').TokenFetchOptions} TokenFetchOptions
 * @typedef {import('../util/Types').TokenFetchResponse} TokenFetchResponse
 * @typedef {import('../util/Types').GrantType} GrantType
 */
declare class Service {
    /** @type {import("../util/Types").ExponentialBackoffRetryConfig} */
    static DEFAULT_RETRY_CONFIG: import("../util/Types").ExponentialBackoffRetryConfig;
    /** @type {import("../util/Types").CacheConfig} */
    static DEFAULT_SIGNATURE_CACHE_CONFIG: import("../util/Types").CacheConfig;
    /** @type {import("../util/Types").CacheConfig} */
    static DEFAULT_TOKEN_CACHE_CONFIG: import("../util/Types").CacheConfig;
    /**
     * Minimum remaining token lifetime in seconds for cached tokens.
     * Tokens with less remaining lifetime will be refreshed.
     * @type {number}
     */
    static DEFAULT_TOKEN_CACHE_LEEWAY: number;
    /** @type {ResponseCache} */
    static "__#private@#sharedOidcCache": ResponseCache;
    /**
     * JWKS cache instances shared by Service subclasses indexed by their constructor name.
     * @type {Object.<string, ResponseCache>}
     */
    static "__#private@#sharedJwksCaches": {
        [x: string]: ResponseCache;
    };
    /**
     * Signature cache instances shared by Service subclasses indexed by their constructor name.
     * @type {Object.<string, LRUCache>}
     */
    static "__#private@#sharedSignatureCaches": {
        [x: string]: LRUCache;
    };
    /**
     * Retrieves or creates the signature cache shared by all instances of this Service subclass.
     * @param {import("../util/Types").CacheConfig} config
     * @returns {LRUCache} the shared signature cache
     * @throws {ConfigurationError} if a shared signature cache with a different size has already been created by another Service configuration for the same Service subclass.
     */
    static "__#private@#getSharedSignatureCache"(config: import("../util/Types").CacheConfig): LRUCache;
    /**
     * Builds the configuration of this service based on the provided configuration and default values.
     * @param {ServiceConfig} config
     */
    static buildServiceConfiguration(config: ServiceConfig): import("../util/Types").ServiceConfig;
    /**
     * @param {ServiceCredentials} credentials
     * @param {ServiceConfig} [serviceConfiguration={}]
     */
    constructor(credentials: ServiceCredentials, serviceConfiguration?: ServiceConfig);
    /** @type {ServiceCredentials} */
    credentials: ServiceCredentials;
    /** @type {ServiceConfig} */
    config: ServiceConfig;
    /**
     * Context extensions that will be applied when creating security contexts on this instance.
     * @type {import("../util/Types").ContextExtension<SecurityContext>[]}
     */
    contextExtensions: import("../util/Types").ContextExtension<SecurityContext>[];
    /**
     * @internal
     * Returns the paths of the relevant OIDC endpoints for this service based on
     * custom endpoints from service configuration or default values.
     *
     * @returns {Object.<string, string>} endpoints
     */
    get endpoints(): {
        [x: string]: string;
    };
    /**
     * @internal
     * Sets the OIDC cache shared by all Service instances.
     */
    set oidcCache(cache: import("../cache/ResponseCache"));
    /**
     * @internal
     * Gets the OIDC cache shared by all Service instances.
     *
     * @returns {import("../cache/ResponseCache")} The OIDC cache.
     */
    get oidcCache(): import("../cache/ResponseCache");
    /**
     * @internal
     * Gets the JWKS cache for this Service instance.
     *
     * @returns {import("../cache/ResponseCache")} The JWKS cache.
     */
    get jwksCache(): import("../cache/ResponseCache");
    /**
     * @internal
     * Gets the signature cache for this Service instance.
     *
     * @returns {import("../util/Types").Cache} The signature cache.
     */
    get signatureCache(): import("../util/Types").Cache;
    /**
     * Gets the token fetch cache for this Service instance.
     * Can be used to re-use the cache when creating a second Service instance, e.g.:
     * ```js
     * const service2 = new XsuaaService(credentials, { tokenfetch: { cache: { impl: service1.tokenFetchCache } } });
     * ```
     *
     * @returns {import("../util/Types").Cache} The token fetch cache, or null if token fetch caching is disabled.
     */
    get tokenFetchCache(): import("../util/Types").Cache;
    /**
     * Checks if this service is the recipient of the given token.
     * @param {Token} token
     * @returns {Boolean}
     */
    acceptsTokenAudience(token: Token): boolean;
    /**
     * Called internally to validate the credentials to have the necessary properties before performing a specific action, e.g. token fetch.
     *
     * @internal
     * @param {string} action description of action for which the credentials are being validated.
     * @param {...string} mandatoryProperties mandatory properties that must be present in the credentials.
     * @throws {InvalidCredentialsError} if any of the mandatory properties are missing in the credentials.
     */
    validateCredentials(action: string, ...mandatoryProperties: string[]): void;
    /**
     * Checks if the given token is valid under the given contextConfig.
     * @param {Token} token
     * @param {SecurityContextConfig} contextConfig
     * @throws {ValidationError} if the token is not valid or could not be validated
    */
    validateToken(token: Token, contextConfig: SecurityContextConfig): Promise<void>;
    /**
     * Checks if the given token's signature is valid under the given contextConfig.
     * @param {Token} token
     * @param {SecurityContextConfig} contextConfig
     * @returns {Promise<void>} resolves when token signature is valid, otherwise error is thrown
     * @throws {ValidationError} if the token signature is not valid or could not be validated
     */
    validateTokenSignature(token: Token, contextConfig: SecurityContextConfig): Promise<void>;
    /**
     * @param {object} [requestOptions]
     * @param {string} [requestOptions.correlationId]
     */
    getOpenIDConfiguration({ correlationId }?: {
        correlationId?: string;
    }): Promise<any>;
    /**
     * @param {object} [requestOptions]
     * @param {string} [requestOptions.correlationId]
     */
    fetchOpenIDConfiguration({ correlationId }?: {
        correlationId?: string;
    }): Promise<any>;
    /**
     * Gets a cached client credentials token or fetches a new one if not cached or expired.
     * Uses the token cache configured on this service instance to store token responses.
     * Cached tokens are re-used for subsequent requests with the same parameters.
     * The minimum guaranteed lifetime of returned tokens is 5 minutes.
     * If no token cache is configured on this service instance, the token is fetched directly without caching.
     *
     * @param {TokenFetchOptions} options
     * @returns {Promise<TokenFetchResponse>} response
     */
    getClientCredentialsToken(options?: TokenFetchOptions): Promise<TokenFetchResponse>;
    /**
     * Gets a cached JWT bearer token or fetches a new one if not cached or expired.
     * Uses the token cache configured on this service instance to store token responses.
     * Cached tokens are re-used for subsequent requests with the same parameters.
     * The minimum guaranteed lifetime of returned tokens is 5 minutes.
     * If no token cache is configured on this service instance, the token is fetched directly without caching.
     *
     * @param {String} assertion - JWT bearer token used as assertion
     * @param {TokenFetchOptions} options
     * @returns {Promise<TokenFetchResponse>} response
     */
    getJwtBearerToken(assertion: string, options?: TokenFetchOptions): Promise<TokenFetchResponse>;
    /**
     * Gets a cached password token or fetches a new one if not cached or expired.
     * Uses the token cache configured on this service instance to store token responses.
     * Cached tokens are re-used for subsequent requests with the same parameters.
     * The minimum guaranteed lifetime of returned tokens is 5 minutes.
     * If no token cache is configured on this service instance, the token is fetched directly without caching.
     *
     * @param {String} username
     * @param {String} password
     * @param {TokenFetchOptions} options
     * @returns {Promise<TokenFetchResponse>} response
     */
    getPasswordToken(username: string, password: string, options?: TokenFetchOptions): Promise<TokenFetchResponse>;
    /**
     * Fetches a token from this service with this service's client credentials.
     * @param {TokenFetchOptions} options
     * @returns {Promise<TokenFetchResponse>} response
     */
    fetchClientCredentialsToken(options?: TokenFetchOptions): Promise<TokenFetchResponse>;
    /**
     * Fetches a user token from this service with the given username and password.
     * @param {String} username
     * @param {String} password
     * @param {TokenFetchOptions} options
     * @returns {Promise<TokenFetchResponse>} response
     */
    fetchPasswordToken(username: string, password: string, options?: TokenFetchOptions): Promise<TokenFetchResponse>;
    /**
     * Fetches a JWT bearer token from this service with the given user token as assertion.
     * @param {TokenFetchOptions} options - default timeout is 10 seconds as JWT bearer can be slow
     * @returns {Promise<TokenFetchResponse>} response
     */
    fetchJwtBearerToken(assertion: any, options?: TokenFetchOptions): Promise<TokenFetchResponse>;
    /**
     * Builds a request for this service based on the service configuration and the given request options.
     * For example, the request will use the timeout value from the service configuration if not overridden in the request options.
     *
     * @internal
     * @param {import("node:https").RequestOptions} [requestOptions] - options for the request
     */
    buildRequest(requestOptions?: import("node:https").RequestOptions): {
        checkServerIdentity?: ((hostname: string, cert: import("node:tls").DetailedPeerCertificate) => Error | undefined) | undefined;
        rejectUnauthorized?: boolean | undefined;
        servername?: string | undefined;
        _defaultAgent?: import("node:http").Agent | undefined;
        agent?: import("node:http").Agent | boolean | undefined;
        auth?: string | null | undefined;
        createConnection?: ((options: import("node:http").ClientRequestArgs, oncreate: (err: Error | null, socket: import("node:stream").Duplex) => void) => import("node:stream").Duplex | null | undefined) | undefined;
        defaultPort?: number | string | undefined;
        family?: number | undefined;
        headers?: import("node:http").OutgoingHttpHeaders | readonly string[] | undefined;
        host?: string | null | undefined;
        hostname?: string | null | undefined;
        insecureHTTPParser?: boolean | undefined;
        localAddress?: string | undefined;
        localPort?: number | undefined;
        lookup?: import("node:net").LookupFunction | undefined;
        maxHeaderSize?: number | undefined;
        method?: string | undefined;
        path?: string | null | undefined;
        port?: number | string | null | undefined;
        protocol?: string | null | undefined;
        setDefaultHeaders?: boolean | undefined;
        setHost?: boolean | undefined;
        signal?: AbortSignal | undefined;
        socketPath?: string | undefined;
        timeout: number | undefined;
        uniqueHeaders?: Array<string | string[]> | undefined;
        joinDuplicateHeaders?: boolean | undefined;
        hints?: number | undefined;
        ALPNCallback?: ((arg: {
            servername: string;
            protocols: string[];
        }) => string | undefined) | undefined;
        allowPartialTrustChain?: boolean | undefined;
        ca?: string | Buffer | Array<string | Buffer> | undefined;
        cert?: string | Buffer | Array<string | Buffer> | undefined;
        sigalgs?: string | undefined;
        ciphers?: string | undefined;
        clientCertEngine?: string | undefined;
        crl?: string | Buffer | Array<string | Buffer> | undefined;
        dhparam?: string | Buffer | undefined;
        ecdhCurve?: string | undefined;
        honorCipherOrder?: boolean | undefined;
        key?: string | Buffer | Array<string | Buffer | import("node:tls").KeyObject> | undefined;
        privateKeyEngine?: string | undefined;
        privateKeyIdentifier?: string | undefined;
        maxVersion?: import("node:tls").SecureVersion | undefined;
        minVersion?: import("node:tls").SecureVersion | undefined;
        passphrase?: string | undefined;
        pfx?: string | Buffer | Array<string | Buffer | import("node:tls").PxfObject> | undefined;
        secureOptions?: number | undefined;
        secureProtocol?: string | undefined;
        sessionIdContext?: string | undefined;
        ticketKeys?: Buffer | undefined;
        sessionTimeout?: number | undefined;
        retry: boolean | import("../util/Types").RetryConfig;
    };
    /**
     * Builds a token request for this service with the given grant_type and options.
     *
     * @param {String} grant_type
     * @param {TokenFetchOptions} options
     */
    buildTokenRequest(grant_type: string, options: TokenFetchOptions): {
        checkServerIdentity?: ((hostname: string, cert: import("node:tls").DetailedPeerCertificate) => Error | undefined) | undefined;
        rejectUnauthorized?: boolean | undefined;
        servername?: string | undefined;
        _defaultAgent?: import("node:http").Agent | undefined;
        agent?: import("node:http").Agent | boolean | undefined;
        auth?: string | null | undefined;
        createConnection?: ((options: import("node:http").ClientRequestArgs, oncreate: (err: Error | null, socket: import("node:stream").Duplex) => void) => import("node:stream").Duplex | null | undefined) | undefined;
        defaultPort?: number | string | undefined;
        family?: number | undefined;
        headers?: import("node:http").OutgoingHttpHeaders | readonly string[] | undefined;
        host?: string | null | undefined;
        hostname?: string | null | undefined;
        insecureHTTPParser?: boolean | undefined;
        localAddress?: string | undefined;
        localPort?: number | undefined;
        lookup?: import("node:net").LookupFunction | undefined;
        maxHeaderSize?: number | undefined;
        method?: string | undefined;
        path?: string | null | undefined;
        port?: number | string | null | undefined;
        protocol?: string | null | undefined;
        setDefaultHeaders?: boolean | undefined;
        setHost?: boolean | undefined;
        signal?: AbortSignal | undefined;
        socketPath?: string | undefined;
        timeout: number | undefined;
        uniqueHeaders?: Array<string | string[]> | undefined;
        joinDuplicateHeaders?: boolean | undefined;
        hints?: number | undefined;
        ALPNCallback?: ((arg: {
            servername: string;
            protocols: string[];
        }) => string | undefined) | undefined;
        allowPartialTrustChain?: boolean | undefined;
        ca?: string | Buffer | Array<string | Buffer> | undefined;
        cert?: string | Buffer | Array<string | Buffer> | undefined;
        sigalgs?: string | undefined;
        ciphers?: string | undefined;
        clientCertEngine?: string | undefined;
        crl?: string | Buffer | Array<string | Buffer> | undefined;
        dhparam?: string | Buffer | undefined;
        ecdhCurve?: string | undefined;
        honorCipherOrder?: boolean | undefined;
        key?: string | Buffer | Array<string | Buffer | import("node:tls").KeyObject> | undefined;
        privateKeyEngine?: string | undefined;
        privateKeyIdentifier?: string | undefined;
        maxVersion?: import("node:tls").SecureVersion | undefined;
        minVersion?: import("node:tls").SecureVersion | undefined;
        passphrase?: string | undefined;
        pfx?: string | Buffer | Array<string | Buffer | import("node:tls").PxfObject> | undefined;
        secureOptions?: number | undefined;
        secureProtocol?: string | undefined;
        sessionIdContext?: string | undefined;
        ticketKeys?: Buffer | undefined;
        sessionTimeout?: number | undefined;
        retry: boolean | import("../util/Types").RetryConfig;
    };
    /**
     * Prepares the given request to use this service's client credentials for authentication.
     * Adds clientid and either clientsecret or an mTLS agent based on client certificate, depending on the type of credentials.
     * @param {RequestInit} request
     * @param {URLSearchParams} request.body
     * @param {TokenFetchOptions} options
     */
    addClientAuthentication(request: RequestInit, options?: TokenFetchOptions): void;
    /**
     * Updates the certificate and key in the service credentials for authentication of subsequent requests.
     * @param {String} cert PEM-encoded client certificate
     * @param {String} key PEM-encoded client key
     * @returns {void}
     */
    setCertificateAndKey(cert: string, key: string): void;
    /**
     * Creates a new {@link SecurityContext} from this service with the given token.
     * @abstract
     * @param {String|Token} token as JWT or Token object
     * @param {SecurityContextConfig} contextConfig
     * @returns {Promise<SecurityContext>} securityContext
     */
    createSecurityContext(token: string | Token, contextConfig?: SecurityContextConfig): Promise<SecurityContext>;
    /**
     * Retrieves the JWKS (JSON Web Key Set) for the given token and context configuration.
     *
     * @param {string} token the token for which to retrieve the JWKS.
     * @param {SecurityContextConfig} contextConfig the context configuration object.
     * @returns {Promise<Jwks>} A promise that resolves to the JWKS (JSON Web Key Set) object.
     * @throws {Error} If an error occurs while retrieving the JWKS.
     */
    getJwks(token: string, contextConfig: SecurityContextConfig): Promise<Jwks>;
    /**
     * Determines the URL that can be used for fetching tokens of given grant_type from this service.
     * @abstract
     * @param {GrantType} grant_type
     * @param {Object} options
     * @param {String} options.correlationId
     * @returns {Promise<URL>} URL of the service's token endpoint
     */
    getTokenUrl(grant_type: GrantType, options?: {
        correlationId: string;
    }): Promise<URL>;
    #private;
}
declare namespace Service {
    export { Token, SecurityContext, Jwks, ValidationError, ServiceCredentials, ServiceConfig, SecurityContextConfig, TokenFetchOptions, TokenFetchResponse, GrantType };
}
import ResponseCache = require("../cache/ResponseCache");
import LRUCache = require("../cache/LRUCache");
type Token = import("../token/Token");
type SecurityContext = import("../context/SecurityContext")<any, any>;
type Jwks = import("../jwks/Jwks");
type ValidationError = import("../error/validation/ValidationError");
type ServiceCredentials = import("../util/Types").ServiceCredentials;
type ServiceConfig = import("../util/Types").ServiceConfig;
type SecurityContextConfig = import("../util/Types").SecurityContextConfig;
type TokenFetchOptions = import("../util/Types").TokenFetchOptions;
type TokenFetchResponse = import("../util/Types").TokenFetchResponse;
type GrantType = import("../util/Types").GrantType;
//# sourceMappingURL=Service.d.ts.map