import { LedgerHash } from '../common/ledger-hash';
/**
 * Sha256 hash that holds information about a Ledger Request.
 *
 * Pattern:  "<hash value>:<protected headers, comma separated>"
 *
 */
export type LedgerRequestHash = LedgerHash | `${LedgerHash}:${string}`;
/**
 * Represents a signed JWT issued to authenticate and allow users for transactioning
 * to ledger.
 */
export type LedgerJWTPayload = {
    /**
     * JWT Issuer.
     * Represents a client identifier.
     *
     * @see [RFC7519#section-4.1.1](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.1)
     */
    iss: string;
    /**
     * JWT Subject.
     * Represents a user identifier, public key or handle of the user (signer).
     *
     * @see [RFC7519#section-4.1.2](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.2)
     */
    sub: string;
    /**
     * JWT Audience.
     * Represents a recipient for which a token is intended, ledger public key or handle
     *
     * @see [RFC7519#section-4.1.3](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.3).
     * */
    aud: string;
    /**
     * JWT Issued At.
     * Time at which a token was issued, seconds since epoch
     *
     * @see [RFC7519#section-4.1.6](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.6)
     */
    iat: number;
    /**
     * JWT Expiration Time.
     * Time after which a token expires, seconds since epoch.
     *
     * @see [RFC7519#section-4.1.4](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.4)
     */
    exp: number;
    /**
     * JWT ID
     * Unique id of the token, can be used to prevent replay attacks
     *
     * @see [RFC7519#section-4.1.7](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.7)
     */
    jti?: string;
    /**
     * Custom JWT Claim.
     * Ledger request hash that enables request content validation
     *
     * Steps to generate its value:
     *
     * 1) Create an object representing a request
     *     `{
     *        url: "<request URL, including query params>",
     *        method: "<HTTP method, uppercase>", // for example POST
     *        headers: {
     *          // Any protected headers or null if no headers should be protected
     *          // key/value pairs, keys should be lowercaed, for example "content-type": "application/json"
     *        },
     *        body: {
     *          // Request body or null. This should be an object in case of JSON.
     *        }
     *     }`
     * 2) Serialize the request
     * 3) Hash the serialized request
     * 4) Sufix the hash with comma-separeted protected headers. For example:
     *
     *   4.1) if Content-Type and X-Api-Key headers are protected
     *    hsh = "3da5df75f03a365b0bc4f53946c77f017aa4fd03ba49977fb7ceb8d75f65cb8f:content-type,x-api-key"
     *
     *   4.2) if there are no protected headers, only hash should be included
     *    hsh = "3da5df75f03a365b0bc4f53946c77f017aa4fd03ba49977fb7ceb8d75f65cb8f"
     */
    hsh?: LedgerRequestHash;
};
/**
 * Ledger JWT protected headers
 */
export type LedgerJWTHeader = {
    /**
     * JWT Signature Algorithm.
     */
    alg: string;
    /**
     * JWT Signature verification key id.
     *
     * It supports either a public key or a
     * signer handle.
     * In case of a signer handle is provided,
     * ledger tries to find the record in the database
     * and retrieve its public key to verify the signature.
     */
    kid: string;
};