export interface CsrResult {
    csrPem: string;
    privateKeyPem: string;
}
export interface P12Result {
    p12Base64: string;
}
/**
 * Generate a 2048-bit RSA key pair and a Certificate Signing Request.
 * The CSR is what Apple needs to create a distribution certificate.
 * The private key must be kept to later create the .p12 file.
 */
export declare function generateCsr(): CsrResult;
/**
 * Create a PKCS#12 (.p12) file from Apple's certificate response and the private key.
 *
 * @param certificateContentBase64 - The `certificateContent` field from Apple's
 *   POST /v1/certificates response (base64-encoded DER certificate)
 * @param privateKeyPem - The PEM-encoded private key from generateCsr()
 * @param password - Optional password for the .p12 file (defaults to DEFAULT_P12_PASSWORD)
 */
/**
 * Extract the Apple team ID from a certificate's subject OU field.
 * More reliable than parsing the certificate name string.
 */
export declare function extractTeamIdFromCert(certificateContentBase64: string): string;
/**
 * Default P12 password. node-forge P12 with empty password is incompatible
 * with macOS `security import` (MAC verification fails). Using a known
 * non-empty password avoids this issue.
 */
export declare const DEFAULT_P12_PASSWORD = "capgo";
export declare function createP12(certificateContentBase64: string, privateKeyPem: string, password?: string): P12Result;