import * as pulumi from "@pulumi/pulumi";
/**
 * ## Example Usage
 *
 * *Using default settings*
 *
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as azuread from "@pulumi/azuread";
 *
 * const example = new azuread.Application("example", {displayName: "example"});
 * const exampleServicePrincipal = new azuread.ServicePrincipal("example", {clientId: example.clientId});
 * const exampleServicePrincipalTokenSigningCertificate = new azuread.ServicePrincipalTokenSigningCertificate("example", {servicePrincipalId: exampleServicePrincipal.id});
 * ```
 *
 * *Using custom settings*
 *
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as azuread from "@pulumi/azuread";
 *
 * const example = new azuread.Application("example", {displayName: "example"});
 * const exampleServicePrincipal = new azuread.ServicePrincipal("example", {clientId: example.clientId});
 * const exampleServicePrincipalTokenSigningCertificate = new azuread.ServicePrincipalTokenSigningCertificate("example", {
 *     servicePrincipalId: exampleServicePrincipal.id,
 *     displayName: "CN=example.com",
 *     endDate: "2023-05-01T01:02:03Z",
 * });
 * ```
 *
 * ## Import
 *
 * Token signing certificates can be imported using the object ID of the associated service principal and the key ID of the verify certificate credential, e.g.
 *
 * ```sh
 * $ pulumi import azuread:index/servicePrincipalTokenSigningCertificate:ServicePrincipalTokenSigningCertificate example 00000000-0000-0000-0000-000000000000/tokenSigningCertificate/11111111-1111-1111-1111-111111111111
 * ```
 *
 * -> This ID format is unique to Terraform and is composed of the service principal's object ID, the string "tokenSigningCertificate" and the verify certificate's key ID in the format `{ServicePrincipalObjectId}/tokenSigningCertificate/{CertificateKeyId}`.
 */
export declare class ServicePrincipalTokenSigningCertificate extends pulumi.CustomResource {
    /**
     * Get an existing ServicePrincipalTokenSigningCertificate resource's state with the given name, ID, and optional extra
     * properties used to qualify the lookup.
     *
     * @param name The _unique_ name of the resulting resource.
     * @param id The _unique_ provider ID of the resource to lookup.
     * @param state Any extra arguments used during the lookup.
     * @param opts Optional settings to control the behavior of the CustomResource.
     */
    static get(name: string, id: pulumi.Input<pulumi.ID>, state?: ServicePrincipalTokenSigningCertificateState, opts?: pulumi.CustomResourceOptions): ServicePrincipalTokenSigningCertificate;
    /**
     * Returns true if the given object is an instance of ServicePrincipalTokenSigningCertificate.  This is designed to work even
     * when multiple copies of the Pulumi SDK have been loaded into the same process.
     */
    static isInstance(obj: any): obj is ServicePrincipalTokenSigningCertificate;
    /**
     * Specifies a friendly name for the certificate. Must start with `CN=`. Changing this field forces a new resource to be created.
     *
     * > If not specified, it will default to `CN=Microsoft Azure Federated SSO Certificate`.
     */
    readonly displayName: pulumi.Output<string>;
    /**
     * The end date until which the token signing certificate is valid, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). Changing this field forces a new resource to be created.
     */
    readonly endDate: pulumi.Output<string>;
    /**
     * A UUID used to uniquely identify the verify certificate.
     */
    readonly keyId: pulumi.Output<string>;
    /**
     * The ID of the service principal for which this certificate should be created. Changing this field forces a new resource to be created.
     */
    readonly servicePrincipalId: pulumi.Output<string>;
    /**
     * The start date from which the certificate is valid, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`).
     */
    readonly startDate: pulumi.Output<string>;
    /**
     * A SHA-1 generated thumbprint of the token signing certificate, which can be used to set the preferred signing certificate for a service principal.
     */
    readonly thumbprint: pulumi.Output<string>;
    /**
     * The certificate data, which is PEM encoded but does not include the header `-----BEGIN CERTIFICATE-----\n` or the footer `\n-----END CERTIFICATE-----`.
     */
    readonly value: pulumi.Output<string>;
    /**
     * Create a ServicePrincipalTokenSigningCertificate resource with the given unique name, arguments, and options.
     *
     * @param name The _unique_ name of the resource.
     * @param args The arguments to use to populate this resource's properties.
     * @param opts A bag of options that control this resource's behavior.
     */
    constructor(name: string, args: ServicePrincipalTokenSigningCertificateArgs, opts?: pulumi.CustomResourceOptions);
}
/**
 * Input properties used for looking up and filtering ServicePrincipalTokenSigningCertificate resources.
 */
export interface ServicePrincipalTokenSigningCertificateState {
    /**
     * Specifies a friendly name for the certificate. Must start with `CN=`. Changing this field forces a new resource to be created.
     *
     * > If not specified, it will default to `CN=Microsoft Azure Federated SSO Certificate`.
     */
    displayName?: pulumi.Input<string>;
    /**
     * The end date until which the token signing certificate is valid, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). Changing this field forces a new resource to be created.
     */
    endDate?: pulumi.Input<string>;
    /**
     * A UUID used to uniquely identify the verify certificate.
     */
    keyId?: pulumi.Input<string>;
    /**
     * The ID of the service principal for which this certificate should be created. Changing this field forces a new resource to be created.
     */
    servicePrincipalId?: pulumi.Input<string>;
    /**
     * The start date from which the certificate is valid, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`).
     */
    startDate?: pulumi.Input<string>;
    /**
     * A SHA-1 generated thumbprint of the token signing certificate, which can be used to set the preferred signing certificate for a service principal.
     */
    thumbprint?: pulumi.Input<string>;
    /**
     * The certificate data, which is PEM encoded but does not include the header `-----BEGIN CERTIFICATE-----\n` or the footer `\n-----END CERTIFICATE-----`.
     */
    value?: pulumi.Input<string>;
}
/**
 * The set of arguments for constructing a ServicePrincipalTokenSigningCertificate resource.
 */
export interface ServicePrincipalTokenSigningCertificateArgs {
    /**
     * Specifies a friendly name for the certificate. Must start with `CN=`. Changing this field forces a new resource to be created.
     *
     * > If not specified, it will default to `CN=Microsoft Azure Federated SSO Certificate`.
     */
    displayName?: pulumi.Input<string>;
    /**
     * The end date until which the token signing certificate is valid, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). Changing this field forces a new resource to be created.
     */
    endDate?: pulumi.Input<string>;
    /**
     * The ID of the service principal for which this certificate should be created. Changing this field forces a new resource to be created.
     */
    servicePrincipalId: pulumi.Input<string>;
}