import { PeerCertificate } from "tls";
/**
 * Creates authentication tokens for NTLM or Negotiate handshake using the executing users credentials.
 */
export declare class WinSso {
    private static NEGOTIATE_NTLM2_KEY;
    private authContextId;
    private securityPackage;
    /**
     * Creates an authentication context for SSO.
     * This allocates memory buffers, the freeAuthContext method should be called
     * to free them (on error or after authentication is no longer needed)
     * @param securityPackage The name of the security package (NTLM or Negotiate)
     * @param targetHost The FQDN hostname of the target (optional for NTLM, required for Kerberos)
     * @param peerCert The certificate of the target server
     * (optional, for HTTPS channel binding)
     * @param flags Flags to set in the authentication context
     * If not set, NTML defaults to no flags, while Negotiate defaults to ISC_REQ_MUTUAL_AUTH | ISC_REQ_SEQUENCE_DETECT
     * (optional, allows customizing security features)
     */
    constructor(securityPackage: string, targetHost: string | undefined, peerCert: PeerCertificate | undefined, flags: number | undefined);
    /**
     * Retrieves the username of the logged in user
     * @returns user name including domain
     */
    static getLogonUserName(): string;
    /**
     * Transforms target TLS certificate into a channel binding application data buffer
     * @param peerCert Target TLS certificate
     * @returns Application data buffer
     */
    private getChannelBindingsApplicationData;
    /**
     * Releases all allocated resources for the authorization context.
     * Should be called when the context is no longer required, such as when the
     * socket was closed.
     */
    freeAuthContext(): void;
    /**
     * Creates an authentication request token
     * @returns Raw token buffer
     */
    createAuthRequest(): Buffer;
    /**
     * Creates an authentication request header
     * @returns The www-authenticate header
     */
    createAuthRequestHeader(): string;
    /**
     * Creates an authentication response token
     * @param inTokenHeader The www-authentication header received from the target
     * in response to the authentication request
     * @returns Raw token buffer. May be empty if Negotiate handshake  is complete.
     */
    createAuthResponse(inTokenHeader: string): Buffer;
    private isNtlmV1;
    /**
     * Creates an authentication response header
     * @param inTokenHeader The www-authentication header received from the target
     * in response to the authentication request
     * @returns The www-authenticate header. May be an empty string if Negotiate handshake is complete.
     */
    createAuthResponseHeader(inTokenHeader: string): string;
}