import * as dntShim from "../_dnt.shims.js";
import { type TracerProvider } from "@opentelemetry/api";
import type { DocumentLoader } from "../runtime/docloader.js";
import { CryptographicKey } from "../vocab/vocab.js";
import { type KeyCache } from "./key.js";
/**
 * Options for {@link signRequest}.
 * @since 1.3.0
 */
export interface SignRequestOptions {
    /**
     * The OpenTelemetry tracer provider.  If omitted, the global tracer provider
     * is used.
     */
    tracerProvider?: TracerProvider;
}
/**
 * Signs a request using the given private key.
 * @param request The request to sign.
 * @param privateKey The private key to use for signing.
 * @param keyId The key ID to use for the signature.  It will be used by the
 *              verifier.
 * @returns The signed request.
 * @throws {TypeError} If the private key is invalid or unsupported.
 */
export declare function signRequest(request: Request, privateKey: dntShim.CryptoKey, keyId: URL, options?: SignRequestOptions): Promise<Request>;
/**
 * Options for {@link verifyRequest}.
 */
export interface VerifyRequestOptions {
    /**
     * The document loader to use for fetching the public key.
     */
    documentLoader?: DocumentLoader;
    /**
     * The context loader to use for JSON-LD context retrieval.
     */
    contextLoader?: DocumentLoader;
    /**
     * The time window to allow for the request date.  The actual time window is
     * twice the value of this option, with the current time as the center.
     * Or if it is `false`, no time check is performed.
     *
     * An hour by default.
     */
    timeWindow?: dntShim.Temporal.Duration | dntShim.Temporal.DurationLike | false;
    /**
     * The current time.  If not specified, the current time is used.  This is
     * useful for testing.
     */
    currentTime?: dntShim.Temporal.Instant;
    /**
     * The key cache to use for caching public keys.
     * @since 0.12.0
     */
    keyCache?: KeyCache;
    /**
     * The OpenTelemetry tracer provider.  If omitted, the global tracer provider
     * is used.
     * @since 1.3.0
     */
    tracerProvider?: TracerProvider;
}
/**
 * Verifies the signature of a request.
 *
 * Note that this function consumes the request body, so it should not be used
 * if the request body is already consumed.  Consuming the request body after
 * calling this function is okay, since this function clones the request
 * under the hood.
 *
 * @param request The request to verify.
 * @param options Options for verifying the request.
 * @returns The public key of the verified signature, or `null` if the signature
 *          could not be verified.
 */
export declare function verifyRequest(request: Request, options?: VerifyRequestOptions): Promise<CryptographicKey | null>;
//# sourceMappingURL=http.d.ts.map