import { JsonDB } from 'node-json-db';
import { KeyObject, X509Certificate } from 'node:crypto';
import { CertificateMetadata, EUI, KeyUsage } from './certificateMetadata';
/**
 * Specific entry in the JSON db. Indexed by the device EUI and the certificate
 * serial number. The difference between a remote party certificate and device
 * certificate is represented by the presence of the role.
 */
export interface Entry {
    /**
     * Remote party role as defined in the SEC
     */
    role?: number;
    /**
     * PEM encoded X509 certificate
     */
    certificate?: string;
    /**
     * PEM encoded PKCS8 private key
     */
    privateKey?: string;
    /**
     * Optional free form string that can be set. E.g. could be used to store the
     * file name of the certificate (Z1-supplier) or human readable name.
     */
    name?: string;
}
export type PushOptions = {
    name?: string;
} & ({
    certificate: X509Certificate;
    private?: KeyObject;
} | {
    meta: Omit<CertificateMetadata, 'eui'> & {
        eui: string | Uint8Array | EUI;
    };
    private: KeyObject;
});
export type QueryOptions = {
    lookup: 'certificate' | 'privateKey';
} & ({
    serial: bigint;
} | {
    eui: string | Uint8Array | EUI;
    keyUsage: KeyUsage;
    role?: number;
});
export declare function queryOptionsHasEUI(q: QueryOptions): q is {
    eui: string | Uint8Array | EUI;
    keyUsage: KeyUsage;
    role?: number;
    lookup: 'certificate' | 'privateKey';
};
export type MaybeList<T> = T | T[];
export declare class KeyStoreDB {
    protected readonly db: JsonDB;
    protected constructor(filename: string);
    /**
     * Wrap constructor for async operations.
     *
     * @param filename
     * @returns
     */
    static new(filename: string): Promise<KeyStoreDB>;
    /**
     * Search for private key
     *
     * @param options
     */
    query(options: {
        eui: string | Uint8Array | EUI;
        keyUsage: KeyUsage;
        role?: number;
        lookup: 'privateKey';
    }): Promise<null | (CertificateMetadata & {
        name?: string;
        privateKey: KeyObject;
    })[]>;
    /**
     * Search for certificate
     *
     * @param options
     */
    query(options: {
        eui: string | Uint8Array | EUI;
        keyUsage: KeyUsage;
        role?: number;
        lookup: 'certificate';
    }): Promise<null | (CertificateMetadata & {
        name?: string;
        certificate: X509Certificate;
    })[]>;
    /**
     * Lookup private key by certificate serial
     *
     * @param options
     */
    query(options: {
        serial: bigint;
        lookup: 'privateKey';
    }): Promise<null | (CertificateMetadata & {
        name?: string;
        privateKey: KeyObject;
    })>;
    /**
     * Lookup certificate by serial
     *
     * @param options
     */
    query(options: {
        serial: bigint;
        lookup: 'certificate';
    }): Promise<null | (CertificateMetadata & {
        name?: string;
        certificate: X509Certificate;
    })>;
    /**
     * Main interface into key store database
     *
     * @param options
     * @returns
     */
    query(options: QueryOptions): Promise<null | MaybeList<CertificateMetadata & {
        name?: string;
    } & ({
        certificate: X509Certificate;
    } | {
        privateKey: KeyObject;
    })>>;
    push(options: PushOptions): Promise<CertificateMetadata>;
}
//# sourceMappingURL=db.d.ts.map