///
import { JsonWebKey } from "crypto";
import { ResultAsync } from "neverthrow";
import { VerifyResult, HttpHeaders } from "../common";
import { VerifySignatureHeaderError } from "../errors";
import { AlgorithmTypes } from "../sign";
export declare type Verifier = {
/**
* A map of the cryptographic keys to use to verify the signatures on an http message. Default
* cryptographic functions will be used
*/
keyMap: {
[keyid: string]: {
alg?: AlgorithmTypes;
key: JsonWebKey;
};
};
} | {
/**
* A Custom verification function to be run agaist each signature on an http message.
*/
verify: (signatureParams: {
keyid: string;
alg: AlgorithmTypes;
}, data: Uint8Array, signature: Uint8Array) => Promise;
};
export declare type VerifySignatureHeaderOptions = {
readonly verifier: Verifier;
/**
* Full url of the request including query parameters
*/
readonly url: string;
/**
* The HTTP request method of the request
*/
readonly method: string;
/**
* Headers of the request
* httpHeaders is filtered during verification to include only the ones form the signature.
*/
readonly httpHeaders: HttpHeaders;
/**
* The body of the request
*/
readonly body?: Record | string;
/**
* Optional field to identify a single signature that should be verified from the signature header. If omitted, this function will attempt to verify all signatures present.
*/
readonly signatureKey?: string;
/**
* Optionally set this field to false if you don't want to fail verification based on the signature being past its expiry timestamp.
* Defaults to true.
*/
readonly verifyExpiry?: boolean;
};
/**
* Verifies a signature header
* Anything wrong with the format will return an error, an exception thrown within verify will return an error
* Otherwise an ok is returned with verified true or false
* @see https://datatracker.ietf.org/doc/html/draft-cavage-http-signatures-12#section-2.5
*/
export declare const verifySignatureHeader: (options: VerifySignatureHeaderOptions) => ResultAsync;