/// <reference types="node" />
import { EventEmitter } from 'events';
import { CryptoEngine } from '../security/CryptoEngine';
export interface User {
    id: string;
    username: string;
    email: string;
    firstName: string;
    lastName: string;
    roles: string[];
    permissions: string[];
    department: string;
    isActive: boolean;
    lastLogin: Date;
    mfaEnabled: boolean;
    metadata?: Record<string, any>;
}
export interface AuthenticationConfig {
    oauth2?: OAuth2Config;
    saml?: SAMLConfig;
    ldap?: LDAPConfig;
    mfa?: MFAConfig;
    rbac?: RBACConfig;
    session?: SessionConfig;
}
export interface OAuth2Config {
    clientId: string;
    clientSecret: string;
    callbackURL: string;
    scopes: string[];
    provider: 'microsoft' | 'google' | 'github' | 'okta' | 'auth0' | 'custom';
    authorizationURL?: string;
    tokenURL?: string;
    userInfoURL?: string;
    pkce?: boolean;
}
export interface SAMLConfig {
    entityId: string;
    ssoURL: string;
    certificate: string;
    privateKey?: string;
    callbackURL: string;
    signatureAlgorithm?: string;
}
export interface LDAPConfig {
    url: string;
    bindDN: string;
    bindPassword: string;
    baseDN: string;
    usernameAttribute: string;
    emailAttribute: string;
}
export interface MFAConfig {
    enabled: boolean;
    issuer: string;
    window: number;
    backupCodes: boolean;
}
export interface RBACConfig {
    roles: Role[];
    permissions: Permission[];
}
export interface SessionConfig {
    secret: string;
    maxAge: number;
    secure: boolean;
    httpOnly: boolean;
    sameSite: 'strict' | 'lax' | 'none';
}
export interface Role {
    id: string;
    name: string;
    description: string;
    permissions: string[];
}
export interface Permission {
    id: string;
    name: string;
    description: string;
    resource: string;
    action: string;
}
declare abstract class BaseAuthProvider extends EventEmitter {
    protected config: any;
    protected crypto: CryptoEngine;
    constructor(config: any);
    abstract authenticate(credentials: any): Promise<User | null>;
    abstract validateToken(token: string): Promise<User | null>;
    abstract refresh(refreshToken: string): Promise<{
        accessToken: string;
        refreshToken: string;
    } | null>;
}
declare class OAuth2Provider extends BaseAuthProvider {
    private clientId;
    private clientSecret;
    private redirectUri;
    private scope;
    constructor(config: OAuth2Config);
    generateAuthURL(state: string, codeChallenge?: string): string;
    private getAuthorizationURL;
    private getTokenURL;
    private getUserInfoURL;
    authenticate(credentials: {
        code: string;
        state: string;
        codeVerifier?: string;
    }): Promise<User | null>;
    validateToken(token: string): Promise<User | null>;
    refresh(refreshToken: string): Promise<{
        accessToken: string;
        refreshToken: string;
    } | null>;
    private exchangeCodeForTokens;
    private getUserInfo;
    private mapUserInfo;
}
declare class SAMLProvider extends BaseAuthProvider {
    constructor(config: SAMLConfig);
    authenticate(credentials: {
        samlResponse: string;
    }): Promise<User | null>;
    validateToken(token: string): Promise<User | null>;
    refresh(refreshToken: string): Promise<{
        accessToken: string;
        refreshToken: string;
    } | null>;
    private validateSAMLResponse;
    private parseSAMLResponse;
}
declare class MFAManager {
    private totpSecrets;
    private backupCodes;
    enableMFA(userId: string): Promise<{
        secret: string;
        qrCode: string;
        backupCodes: string[];
    }>;
    verifyMFA(userId: string, token: string): boolean;
    private generateBackupCodes;
}
declare class RBACManager {
    private roles;
    private permissions;
    private userRoles;
    createRole(role: Role): void;
    createPermission(permission: Permission): void;
    assignRole(userId: string, roleId: string): boolean;
    hasPermission(userId: string, resource: string, action: string): boolean;
}
declare class SessionManager {
    private sessions;
    private config;
    constructor(config: SessionConfig);
    createSession(userId: string, user: User): string;
    getSession(sessionId: string): any | null;
    destroySession(sessionId: string): boolean;
}
declare class EnterpriseAuthManager extends EventEmitter {
    private config;
    private oauth2Provider?;
    private samlProvider?;
    private mfaManager;
    private rbacManager;
    private sessionManager;
    constructor(config: AuthenticationConfig);
    authenticate(method: 'oauth2' | 'saml', credentials: any): Promise<{
        user: User;
        sessionId: string;
    } | null>;
    getMFAManager(): MFAManager;
    getRBACManager(): RBACManager;
    getSessionManager(): SessionManager;
}
export { BaseAuthProvider, OAuth2Provider, SAMLProvider, MFAManager, RBACManager, SessionManager, EnterpriseAuthManager };
//# sourceMappingURL=EnterpriseAuth.d.ts.map