/**
 * @file RTCCertificate.ts
 * @description DTLS certificate implementation for WebRTC.
 * @module dtls/RTCCertificate
 *
 * Implements the W3C RTCCertificate interface
 * (https://www.w3.org/TR/webrtc/#rtccertificate-interface). Certificate and key
 * generation are handled by src/crypto/x509.ts.
 */
import * as crypto from 'crypto';
/**
 * RTCDtlsFingerprint - DTLS certificate fingerprint
 */
export interface RTCDtlsFingerprint {
    /** Hash algorithm (e.g., 'sha-256') */
    algorithm: string;
    /** Fingerprint value (colon-separated hex) */
    value: string;
}
/** Internal certificate data held by an {@link RTCCertificate}. */
interface CertData {
    certDer: Buffer | null;
    privateKey: crypto.KeyObject | string;
    publicKey: crypto.KeyObject | string;
    expires: number;
    hash?: string;
}
/** Options accepted by {@link RTCCertificate.generateCertificate}. */
interface RTCGenerateCertificateOptions {
    /** Common name for the certificate */
    name?: string;
    /** Expiration time in ms (default: 30 days from now) */
    expires?: number;
    /** Days until expiration */
    days?: number;
    /** Hash algorithm */
    hash?: string;
}
/** Key parameters accepted by {@link RTCCertificate.isSupportedKeyParams}. */
interface RTCCertificateKeyParams {
    type: string;
    rsaModulusLength?: number;
    namedCurve?: string;
}
/** PEM serialization produced by {@link RTCCertificate.toPEM}. */
interface RTCCertificatePEM {
    pemPrivateKey: string;
    pemCertificate: string;
}
/**
 * @class RTCCertificate
 * @description Represents a certificate used for DTLS in WebRTC.
 * The certificate includes a key pair and expiration time.
 *
 * @example
 * // Generate a certificate
 * const cert = await RTCCertificate.generateCertificate();
 * console.log('Expires:', new Date(cert.expires));
 * console.log('Fingerprints:', cert.getFingerprints());
 *
 * @example
 * // Generate with custom expiration
 * const cert = await RTCCertificate.generateCertificate({
 *   name: 'my-peer',
 *   expires: Date.now() + (90 * 24 * 60 * 60 * 1000) // 90 days
 * });
 */
declare class RTCCertificate {
    #private;
    /**
     * Create an RTCCertificate instance.
     * Use generateCertificate() static method instead of calling directly.
     * @param certData - Internal certificate data
     * @private
     */
    constructor(certData: CertData);
    /**
     * Get the DER-encoded X.509 certificate.
     * Used by the DTLS handshake to transmit the local certificate.
     * @internal
     */
    getCertificateDer(): Buffer | null;
    /**
     * Get the expiration time.
     * @returns Expiration time in milliseconds since epoch (DOMTimeStamp)
     */
    get expires(): number;
    /**
     * Get the certificate fingerprints.
     * Returns an array of fingerprints for the certificate chain.
     * For self-signed certificates, this returns a single fingerprint.
     *
     * @returns Array of fingerprint objects
     */
    getFingerprints(): RTCDtlsFingerprint[];
    /**
     * Get the private key as a Node crypto KeyObject (for the DTLS handshake).
     * @internal
     */
    getPrivateKeyObject(): crypto.KeyObject;
    /**
     * Get the private key in PEM format.
     * @returns PEM-encoded private key
     * @internal
     */
    getPrivateKey(): string;
    /**
     * Get the public key in PEM format.
     * @returns PEM-encoded public key
     * @internal
     */
    getPublicKey(): string;
    /**
     * Convert to PEM format (for serialization/storage).
     * The certificate is exported as a PEM-wrapped DER X.509 certificate.
     * @returns Object with pemPrivateKey and pemCertificate
     */
    toPEM(): RTCCertificatePEM;
    /**
     * Check if the certificate has expired.
     * @returns True if expired, false otherwise
     */
    isExpired(): boolean;
    /**
     * Generate a new RTCCertificate asynchronously.
     *
     * @param options - Generation options
     * @returns Promise resolving to generated certificate
     *
     * @example
     * const cert = await RTCCertificate.generateCertificate({
     *   name: 'my-app',
     *   expires: Date.now() + (90 * 24 * 60 * 60 * 1000) // 90 days
     * });
     */
    static generateCertificate(options?: RTCGenerateCertificateOptions): Promise<RTCCertificate>;
    /**
     * Create a certificate from PEM strings.
     *
     * @param pemPrivateKey - PEM-encoded private key
     * @param pemCertificate - PEM-encoded certificate (or public key)
     * @param expires - Expiration time in ms (default: 30 days from now)
     * @returns Certificate instance
     *
     * @example
     * const cert = RTCCertificate.fromPEM(
     *   privateKeyPEM,
     *   publicKeyPEM,
     *   Date.now() + (30 * 24 * 60 * 60 * 1000)
     * );
     */
    static fromPEM(pemPrivateKey: string, pemCertificate: string, expires?: number): RTCCertificate;
    /**
     * Check if key parameters are supported.
     * Currently supports RSA with 1024-4096 bits and ECDSA.
     *
     * @param keyParams - Key parameters
     * @returns True if supported, false otherwise
     */
    static isSupportedKeyParams(keyParams: RTCCertificateKeyParams): boolean;
}
export default RTCCertificate;
export { RTCCertificate };