/**
 * @license
 * Copyright 2022-2026 Matter.js Authors
 * SPDX-License-Identifier: Apache-2.0
 */
import { DerBitString, DerNodeDefinition, DerObject, DerSequenceDefinition, ObjectId } from "#codec/DerCodec.js";
import { Bytes } from "#util/Bytes.js";
import type { Crypto } from "./Crypto.js";
import { Key } from "./Key.js";
export declare namespace X509 {
    /**
     * Sign a certificate.
     */
    function sign(crypto: Crypto, key: Key, cert: UnsignedCertificate): Promise<Certificate>;
    /**
     * Serialize a certificate to PEM.
     */
    function certificateToPem(cert: Certificate | UnsignedCertificate): string;
    /**
     * Serialize a certificate to DER.
     */
    function certificateToDer(cert: Certificate | UnsignedCertificate): AllowSharedBufferSource;
    const KeyUsageFlags: readonly ["digitalSignature", "nonRepudiation", "keyEncipherment", "dataEncipherment", "keyAgreement", "keyCertSign", "cRLSign", "encipherOnly", "decipherOnly"];
    interface KeyUsage extends Partial<Record<(typeof KeyUsageFlags)[number], boolean>> {
    }
    interface DistinguishedName extends Record<string, DerNodeDefinition> {
    }
    interface Extension {
        basicConstraints: {
            isCa: boolean;
            pathLen?: number;
        };
        subjectKeyIdentifier: Bytes;
        keyUsage: KeyUsage;
        extendedKeyUsage?: number[];
        authorityKeyIdentifier: Bytes;
        futureExtension?: Bytes[];
    }
    namespace Extension {
        const BASIC_CONSTRAINTS = 5578003n;
        const KEY_USAGE = 5577999n;
        const EXTENDED_KEY_USAGE = 5578021n;
        const SUBJECT_KEY_IDENTIFIER = 5577998n;
        const AUTHORITY_KEY_IDENTIFIER = 5578019n;
    }
    interface ValidityWindow extends DerSequenceDefinition {
        notBefore: Date;
        notAfter: Date;
    }
    interface EcPublicKey extends DerSequenceDefinition {
        type: {
            algorithm: ObjectId;
            curve: ObjectId;
        };
        bytes: DerBitString;
    }
    interface UnsignedCertificate {
        serialNumber: Bytes;
        signatureAlgorithm: DerObject;
        issuer: DistinguishedName;
        validity: ValidityWindow;
        subject: DistinguishedName;
        publicKey: EcPublicKey;
        extensions: Extension;
    }
    interface Certificate extends UnsignedCertificate {
        signature: Bytes;
    }
    function SubjectKeyIdentifier(identifier: Bytes): DerObject;
    function AuthorityKeyIdentifier(identifier: Bytes): DerObject;
    function BasicConstraints(constraints: any): DerObject;
    function ExtendedKeyUsage(values: number[] | undefined): DerObject | undefined;
    namespace ExtendedKeyUsage {
        const SERVER_AUTH = 3100166514561975041n;
        const CLIENT_AUTH = 3100166514561975042n;
        const CODE_SIGNING = 3100166514561975043n;
        const EMAIL_PROTECTION = 3100166514561975044n;
        const TIME_STAMPING = 3100166514561975048n;
        const OCSP_SIGNING = 3100166514561975049n;
    }
    function KeyUsage(value: number | KeyUsage): DerObject;
}
//# sourceMappingURL=X509.d.ts.map