import { X509Certificate } from "node:crypto";
/**
 * Determines if the given header value is in XFCC format.
 * According to Envoy documentation, the Hash property is always set in XFCC format,
 * making it the most reliable indicator.
 * @param {string} headerValue - The header value to check
 * @returns {boolean} true if XFCC format, false if PEM format or other
 */
export function isXfccFormat(headerValue: string): boolean;
/**
 * Parses XFCC (x-forwarded-client-cert) format and extracts the PEM certificate
 * @param {string} xfccHeader - The XFCC header value
 * @returns {string|null} The extracted PEM certificate or null if not found
 */
export function parseXfccToPem(xfccHeader: string): string | null;
/**
 * Splits XFCC string by the specified delimiter while respecting quoted values
 * @param {string} str - The string to split
 * @param {string} delimiter - The delimiter character to split on
 * @returns {string[]} Array of split parts
 */
export function splitXfccString(str: string, delimiter: string): string[];
/**
 * Checks if a character at the given position is escaped by counting preceding backslashes
 * @param {string} str - The string to check
 * @param {number} pos - The position of the character to check
 * @returns {boolean} true if the character is escaped
 */
export function isEscaped(str: string, pos: number): boolean;
/**
 * Extracts the certificate from a single XFCC entry
 * @param {string} xfccEntry - A single XFCC entry
 * @returns {string|null} The extracted PEM certificate or null if not found
 */
export function extractCertFromXfccEntry(xfccEntry: string): string | null;
/**
 * Unquotes and URL decodes the certificate value
 * @param {string} certValue - The quoted and encoded certificate value
 * @returns {string|null} The decoded PEM certificate or null if invalid
 */
export function unquoteAndDecodeCert(certValue: string): string | null;
export declare function parsePemCertificate(pem: any): X509Certificate;
/**
 * Extracts PEM certificate from either CF PEM format header or Envoy XFCC format header
 * @param {string} headerValue - The x-forwarded-client-cert header value
 * @returns {string|null} The PEM certificate or null if not found/invalid
 */
export declare function extractPemFromClientCertHeader(headerValue: string): string | null;
//# sourceMappingURL=certs.d.ts.map