import type { JSONRPCRequest } from '@matrixai/rpc';
import type { ClientRPCRequestParams } from './types.js';
import type SessionManager from '../sessions/SessionManager.js';
import type { SessionToken } from '../sessions/types.js';
import type KeyRing from '../keys/KeyRing.js';
import type { NodeId } from '../ids/index.js';
declare function authenticate(sessionManager: SessionManager, keyRing: KeyRing, message: JSONRPCRequest<ClientRPCRequestParams>): Promise<string>;
declare function decodeAuth(messageParams: ClientRPCRequestParams): SessionToken | undefined;
declare function encodeAuthFromPassword(password: string): string;
/**
 * Encodes an Authorization header from session token
 * Assumes token is already encoded
 * Will mutate metadata if it is passed in
 */
declare function encodeAuthFromSession(token: SessionToken): string;
/**
 * Decodes an Authorization header to session token
 * The server is expected to only provide bearer tokens
 */
declare function decodeAuthToSession(messageParams: ClientRPCRequestParams): SessionToken | undefined;
/**
 * Verify the server certificate chain when connecting to it from a client
 * This is a custom verification intended to verify that the server owned
 * the relevant NodeId.
 * It is possible that the server has a new NodeId. In that case we will
 * verify that the new NodeId is the true descendant of the target NodeId.
 */
declare function verifyServerCertificateChain(nodeIds: Array<NodeId>, certs: Array<Uint8Array>): Promise<NodeId>;
export { authenticate, decodeAuth, encodeAuthFromPassword, encodeAuthFromSession, decodeAuthToSession, verifyServerCertificateChain, };