import * as dntShim from "../_dnt.shims.js";
import { type TracerProvider } from "@opentelemetry/api";
import type { DocumentLoader } from "../runtime/docloader.js";
import { DataIntegrityProof, Multikey, type Object } from "../vocab/vocab.js";
import { type KeyCache } from "./key.js";
/**
 * Options for {@link createProof}.
 * @since 0.10.0
 */
export interface CreateProofOptions {
    /**
     * The context loader for loading remote JSON-LD contexts.
     */
    contextLoader?: DocumentLoader;
    /**
     * The JSON-LD context to use for serializing the object to sign.
     */
    context?: string | Record<string, string> | (string | Record<string, string>)[];
    /**
     * The time when the proof was created.  If not specified, the current time
     * will be used.
     */
    created?: dntShim.Temporal.Instant;
}
/**
 * Creates a proof for the given object.
 * @param object The object to create a proof for.
 * @param privateKey The private key to sign the proof with.
 * @param keyId The key ID to use in the proof. It will be used by the verifier.
 * @param options Additional options.  See also {@link CreateProofOptions}.
 * @returns The created proof.
 * @throws {TypeError} If the private key is invalid or unsupported.
 * @since 0.10.0
 */
export declare function createProof(object: Object, privateKey: dntShim.CryptoKey, keyId: URL, { contextLoader, context, created }?: CreateProofOptions): Promise<DataIntegrityProof>;
/**
 * Options for {@link signObject}.
 * @since 0.10.0
 */
export interface SignObjectOptions extends CreateProofOptions {
    /**
     * The document loader for loading remote JSON-LD documents.
     */
    documentLoader?: DocumentLoader;
    /**
     * The OpenTelemetry tracer provider.  If omitted, the global tracer provider
     * is used.
     * @since 1.3.0
     */
    tracerProvider?: TracerProvider;
}
/**
 * Signs the given object with the private key and returns the signed object.
 * @param object The object to create a proof for.
 * @param privateKey The private key to sign the proof with.
 * @param keyId The key ID to use in the proof. It will be used by the verifier.
 * @param options Additional options.  See also {@link SignObjectOptions}.
 * @returns The signed object.
 * @throws {TypeError} If the private key is invalid or unsupported.
 * @since 0.10.0
 */
export declare function signObject<T extends Object>(object: T, privateKey: dntShim.CryptoKey, keyId: URL, options?: SignObjectOptions): Promise<T>;
/**
 * Options for {@link verifyProof}.
 * @since 0.10.0
 */
export interface VerifyProofOptions {
    /**
     * The context loader for loading remote JSON-LD contexts.
     */
    contextLoader?: DocumentLoader;
    /**
     * The document loader for loading remote JSON-LD documents.
     */
    documentLoader?: DocumentLoader;
    /**
     * The key cache to use for caching public keys.
     * @since 0.12.0
     */
    keyCache?: KeyCache;
    /**
     * The OpenTelemetry tracer provider.  If omitted, the global tracer provider
     * is used.
     * @since 1.3.0
     */
    tracerProvider?: TracerProvider;
}
/**
 * Verifies the given proof for the object.
 * @param jsonLd The JSON-LD object to verify the proof for.  If it contains
 *               any proofs, they will be ignored.
 * @param proof The proof to verify.
 * @param options Additional options.  See also {@link VerifyProofOptions}.
 * @returns The public key that was used to sign the proof, or `null` if the
 *          proof is invalid.
 * @since 0.10.0
 */
export declare function verifyProof(jsonLd: unknown, proof: DataIntegrityProof, options?: VerifyProofOptions): Promise<Multikey | null>;
/**
 * Options for {@link verifyObject}.
 * @since 0.10.0
 */
export interface VerifyObjectOptions extends VerifyProofOptions {
}
/**
 * Verifies the given object.  It will verify all the proofs in the object,
 * and succeed only if all the proofs are valid and all attributions and
 * actors are authenticated by the proofs.
 * @typeParam T The type of the object to verify.
 * @param cls The class of the object to verify.  It must be a subclass of
 *            the {@link Object}.
 * @param jsonLd The JSON-LD object to verify.  It's assumed that the object
 *               is a compacted JSON-LD representation of a `T` with `@context`.
 * @param options Additional options.  See also {@link VerifyObjectOptions}.
 * @returns The object if it's verified, or `null` if it's not.
 * @throws {TypeError} If the object is invalid or unsupported.
 * @since 0.10.0
 */
export declare function verifyObject<T extends Object>(cls: (new (...args: any[]) => T) & {
    fromJsonLd(jsonLd: unknown, options: VerifyObjectOptions): Promise<T>;
}, jsonLd: unknown, options?: VerifyObjectOptions): Promise<T | null>;
//# sourceMappingURL=proof.d.ts.map