import * as x509 from '@peculiar/x509';
import { type SoloLogger } from './logging/solo-logger.js';
import { type NodeAlias, type NodeAliases } from '../types/aliases.js';
import { type NodeKeyObject, type PrivateKeyAndCertificateObject, type SoloListrTask } from '../types/index.js';
import { NamespaceName } from '../types/namespace/namespace-name.js';
import { type K8Factory } from '../integration/kube/k8-factory.js';
import { webcrypto } from 'node:crypto';
type NodeCryptoKey = webcrypto.CryptoKey;
export declare class KeyManager {
    private readonly logger?;
    private static SigningKeyAlgo;
    static SigningKeyUsage: KeyUsage[];
    static TLSKeyAlgo: {
        name: string;
        hash: string;
        publicExponent: Uint8Array<ArrayBuffer>;
        modulusLength: number;
    };
    static TLSKeyUsage: KeyUsage[];
    static TLSCertKeyUsages: number;
    static TLSCertKeyExtendedUsages: any[];
    static ECKeyAlgo: {
        name: string;
        namedCurve: string;
        hash: string;
    };
    constructor(logger?: SoloLogger);
    /** Convert NodeCryptoKey into PEM string */
    convertPrivateKeyToPem(privateKey: NodeCryptoKey): Promise<any>;
    /**
     * Convert PEM private key into NodeCryptoKey
     * @param pemStr - PEM string
     * @param algo - key algorithm
     * @param [keyUsages]
     */
    convertPemToPrivateKey(pemString: string, algo: any, keyUsages?: KeyUsage[]): Promise<CryptoKey>;
    /**
     * Return file names for node key
     * @param nodeAlias
     * @param keysDirectory - directory where keys and certs are stored
     */
    prepareNodeKeyFilePaths(nodeAlias: NodeAlias, keysDirectory: string): PrivateKeyAndCertificateObject;
    /**
     * Return file names for TLS key
     * @param nodeAlias
     * @param keysDirectory - directory where keys and certs are stored
     */
    prepareTlsKeyFilePaths(nodeAlias: NodeAlias, keysDirectory: string): PrivateKeyAndCertificateObject;
    /**
     * Store node keys and certs as PEM files
     * @param nodeAlias
     * @param nodeKey
     * @param keysDirectory - directory where keys and certs are stored
     * @param nodeKeyFiles
     * @param [keyName] - optional key type name for logging
     * @returns a Promise that saves the keys and certs as PEM files
     */
    storeNodeKey(nodeAlias: NodeAlias, nodeKey: NodeKeyObject, keysDirectory: string, nodeKeyFiles: PrivateKeyAndCertificateObject, keyName?: string): Promise<PrivateKeyAndCertificateObject>;
    /**
     * Load node keys and certs from PEM files
     * @param nodeAlias
     * @param keysDirectory - directory where keys and certs are stored
     * @param algo - algorithm used for key
     * @param nodeKeyFiles an object stores privateKeyFile and certificateFile
     * @param [keyName] - optional key type name for logging
     * @returns
     */
    loadNodeKey(nodeAlias: NodeAlias, keysDirectory: string, algo: any, nodeKeyFiles: PrivateKeyAndCertificateObject, keyName?: string): Promise<NodeKeyObject>;
    /** Generate signing key and certificate */
    generateSigningKey(nodeAlias: NodeAlias): Promise<NodeKeyObject>;
    /**
     * Store signing key and certificate
     * @param nodeAlias
     * @param nodeKey - an object containing privateKeyPem, certificatePem data
     * @param keysDirectory - directory where keys and certs are stored
     * @returns returns a Promise that saves the keys and certs as PEM files
     */
    storeSigningKey(nodeAlias: NodeAlias, nodeKey: NodeKeyObject, keysDirectory: string): Promise<PrivateKeyAndCertificateObject>;
    /**
     * Load signing key and certificate
     * @param nodeAlias
     * @param keysDirectory - directory path where pem files are stored
     */
    loadSigningKey(nodeAlias: NodeAlias, keysDirectory: string): Promise<NodeKeyObject>;
    /**
     * Generate gRPC TLS key
     *
     * It generates TLS keys in PEM format such as below:
     *  hedera-<nodeAlias>.key
     *  hedera-<nodeAlias>.crt
     *
     * @param nodeAlias
     * @param distinguishedName distinguished name as: new x509.Name(`CN=${nodeAlias},ST=${state},L=${locality},O=${org},OU=${orgUnit},C=${country}`)
     */
    generateGrpcTlsKey(nodeAlias: NodeAlias, distinguishedName?: x509.Name): Promise<NodeKeyObject>;
    /**
     * Store TLS key and certificate
     * @param nodeAlias
     * @param nodeKey
     * @param keysDirectory - directory where keys and certs are stored
     * @returns a Promise that saves the keys and certs as PEM files
     */
    storeTLSKey(nodeAlias: NodeAlias, nodeKey: NodeKeyObject, keysDirectory: string): Promise<PrivateKeyAndCertificateObject>;
    /**
     * Load TLS key and certificate
     * @param nodeAlias
     * @param keysDirectory - directory path where pem files are stored
     */
    loadTLSKey(nodeAlias: NodeAlias, keysDirectory: string): Promise<NodeKeyObject>;
    copyNodeKeysToStaging(nodeKey: PrivateKeyAndCertificateObject, destinationDirectory: string): void;
    copyGossipKeysToStaging(keysDirectory: string, stagingKeysDirectory: string, nodeAliases: NodeAliases): void;
    /**
     * Return a list of subtasks to generate gossip keys
     *
     * WARNING: These tasks MUST run in sequence.
     *
     * @param nodeAliases
     * @param keysDirectory - keys directory
     * @param curDate - current date
     * @param [allNodeAliases] - includes the nodeAliases to get new keys as well as existing nodeAliases that will be included in the public.pfx file
     * @returns a list of subtasks
     */
    taskGenerateGossipKeys(nodeAliases: NodeAliases, keysDirectory: string, currentDate?: Date, _allNodeAliases?: NodeAliases | null): SoloListrTask<any>[];
    /**
     *  Return a list of subtasks to generate gRPC TLS keys
     *
     * WARNING: These tasks should run in sequence
     *
     * @param nodeAliases
     * @param keysDirectory keys directory
     * @param curDate current date
     * @returns return a list of subtasks
     */
    taskGenerateTLSKeys(nodeAliases: NodeAliases, keysDirectory: string, currentDate?: Date): SoloListrTask<any>[];
    /**
     * Given the path to the PEM certificate (Base64 ASCII), will return the DER (raw binary) bytes
     * @param pemCertFullPath
     */
    getDerFromPemCertificate(pemCertFullPath: string): Uint8Array<ArrayBuffer>;
    /**
     * Creates a TLS secret in Kubernetes for the Explorer
     * @param k8Factory Kubernetes factory instance
     * @param namespace Namespace to create the secret in
     * @param domainName Domain name for the TLS certificate
     * @param cacheDirectory Directory to store temporary files
     * @param secretName Name of the secret to create
     * @returns Promise<void>
     */
    static createTlsSecret(k8Factory: K8Factory, namespace: NamespaceName, domainName: string, cacheDirectory: string, secretName: string): Promise<void>;
    /**
     * Generates a self-signed TLS certificate and key
     * @param directory Directory to store the certificate and key
     * @param name Common name for the certificate
     * @param expireDays Number of days until the certificate expires
     * @returns Promise with paths to the certificate and key files
     */
    static generateTls(directory: string, name?: string, expireDays?: number): Promise<{
        certificatePath: string;
        keyPath: string;
    }>;
}
export {};