/**
 * Bearer Token - allows delegating access permissions.
 *
 * Bearer tokens let container owners delegate specific permissions to other users.
 * They work like JWTs - limited lifetime and scope.
 */
import { NeoFsV2Acl } from '../gen/acl/types_pb';
import { Table } from '../eacl';
import { Signer } from '@axlabs/neofs-sdk-ts-core/crypto';
/**
 * Token lifetime parameters.
 */
export interface TokenLifetime {
    /** Expiration epoch (last valid epoch) */
    exp: bigint;
    /** Not before epoch (first valid epoch) */
    nbf: bigint;
    /** Issued at epoch */
    iat: bigint;
}
/**
 * BearerToken allows attaching signed EACL rules to requests.
 *
 * Bearer tokens enable container owners to grant temporary or limited
 * access to other users. The token contains:
 * - An EACL table defining the permissions
 * - Target user who can use the token (optional)
 * - Issuer (container owner)
 * - Lifetime (expiration)
 * - Signature from the container owner
 *
 * @example
 * ```typescript
 * // Create a bearer token that allows a friend to read your container
 * const token = new BearerToken()
 *   .setEACL(publicReadEACL(containerId))
 *   .forUser(friendUserId)
 *   .setIssuer(myUserId)
 *   .setLifetime({
 *     iat: currentEpoch,
 *     nbf: currentEpoch,
 *     exp: currentEpoch + 100n, // Valid for 100 epochs
 *   })
 *   .sign(mySigner);
 *
 * // Share the serialized token with your friend
 * const tokenBytes = token.serialize();
 *
 * // Friend can use it in requests
 * await client.object().get(containerId, objectId, { bearerToken: tokenBytes });
 * ```
 */
export declare class BearerToken {
    private _eaclTable?;
    private _targetUser?;
    private _issuer?;
    private _lifetime?;
    private _signature?;
    constructor();
    /** EACL table attached to this token */
    get eaclTable(): Table | undefined;
    /** Target user who can use this token (undefined = any bearer) */
    get targetUser(): Uint8Array | undefined;
    /** Token issuer (container owner) */
    get issuer(): Uint8Array | undefined;
    /** Token lifetime */
    get lifetime(): TokenLifetime | undefined;
    /** Whether the token is signed */
    get isSigned(): boolean;
    /**
     * Set the EACL table that defines permissions.
     */
    setEACL(eacl: Table): this;
    /**
     * Limit the token to a specific user.
     * If not set, any bearer can use the token.
     */
    forUser(userId: Uint8Array): this;
    /**
     * Set the token issuer (container owner).
     */
    setIssuer(issuer: Uint8Array): this;
    /**
     * Set token lifetime.
     */
    setLifetime(lifetime: TokenLifetime): this;
    /**
     * Set expiration epoch.
     */
    setExpiration(exp: bigint): this;
    /**
     * Set not-before epoch.
     */
    setNotBefore(nbf: bigint): this;
    /**
     * Set issued-at epoch.
     */
    setIssuedAt(iat: bigint): this;
    /**
     * Sign the token with the issuer's key.
     * The signer must correspond to the container owner.
     */
    sign(signer: Signer): this;
    /**
     * Verify the token signature.
     */
    verify(): boolean;
    private buildBody;
    /**
     * Convert to protobuf message.
     */
    toProto(): NeoFsV2Acl.BearerTokenImpl;
    /**
     * Serialize to binary format.
     */
    serialize(): Uint8Array;
    /**
     * Create BearerToken from protobuf message.
     */
    static fromProto(proto: NeoFsV2Acl.BearerToken): BearerToken;
    /**
     * Deserialize from binary format.
     */
    static deserialize(data: Uint8Array): BearerToken;
    /**
     * Clone this token.
     */
    clone(): BearerToken;
}