/**
 * @module
 * JSON Web Algorithms (JWA)
 * https://datatracker.ietf.org/doc/html/rfc7518
 */
declare enum AlgorithmTypes {
    HS256 = "HS256",
    HS384 = "HS384",
    HS512 = "HS512",
    RS256 = "RS256",
    RS384 = "RS384",
    RS512 = "RS512",
    PS256 = "PS256",
    PS384 = "PS384",
    PS512 = "PS512",
    ES256 = "ES256",
    ES384 = "ES384",
    ES512 = "ES512",
    EdDSA = "EdDSA"
}
type SignatureAlgorithm = keyof typeof AlgorithmTypes;

/**
 * @module
 * JSON Web Signature (JWS)
 * https://datatracker.ietf.org/doc/html/rfc7515
 */

type SignatureKey = string | JsonWebKey | CryptoKey;

/**
 * @module
 * Type definitions for JWT utilities.
 */
declare class JwtAlgorithmNotImplemented extends Error {
    constructor(alg: string);
}
declare class JwtTokenInvalid extends Error {
    constructor(token: string);
}
declare class JwtTokenNotBefore extends Error {
    constructor(token: string);
}
declare class JwtTokenExpired extends Error {
    constructor(token: string);
}
declare class JwtTokenIssuedAt extends Error {
    constructor(currentTimestamp: number, iat: number);
}
declare class JwtHeaderInvalid extends Error {
    constructor(header: object);
}
declare class JwtTokenSignatureMismatched extends Error {
    constructor(token: string);
}
declare enum CryptoKeyUsage {
    Encrypt = "encrypt",
    Decrypt = "decrypt",
    Sign = "sign",
    Verify = "verify",
    DeriveKey = "deriveKey",
    DeriveBits = "deriveBits",
    WrapKey = "wrapKey",
    UnwrapKey = "unwrapKey"
}
/**
 * JWT Payload
 */
type JWTPayload = {
    [key: string]: unknown;
    /**
     * The token is checked to ensure it has not expired.
     */
    exp?: number;
    /**
     * The token is checked to ensure it is not being used before a specified time.
     */
    nbf?: number;
    /**
     * The token is checked to ensure it is not issued in the future.
     */
    iat?: number;
};

/**
 * @module
 * JSON Web Token (JWT)
 * https://datatracker.ietf.org/doc/html/rfc7519
 */

/**
 * Interface representing the JWT header.
 */
interface TokenHeader {
    alg: SignatureAlgorithm;
    typ?: 'JWT';
}
/**
 * Signs a JWT payload with a given private key and algorithm.
 * @param payload - The JWT payload to sign.
 * @param privateKey - The private key to sign the payload with.
 * @param alg - The signature algorithm to use (default is 'HS256').
 * @returns The signed JWT as a string.
 * @example
 * const token = await sign({ sub: '1234567890', name: 'John Doe', iat: 1516239022 }, privateKey);
 * console.log(token);
 */
declare const sign: (payload: JWTPayload, privateKey: SignatureKey, alg?: SignatureAlgorithm) => Promise<string>;
/**
 * Verifies a JWT with a given public key and algorithm.
 * @param token - The JWT to verify.
 * @param publicKey - The public key to verify the JWT with.
 * @param alg - The signature algorithm to use (default is 'HS256').
 * @returns The decoded JWT payload if verification is successful.
 * @throws {JwtTokenInvalid} If the token is invalid.
 * @throws {JwtHeaderInvalid} If the token header is invalid.
 * @throws {JwtTokenNotBefore} If the token is not yet valid.
 * @throws {JwtTokenExpired} If the token has expired.
 * @throws {JwtTokenIssuedAt} If the token was issued in the future.
 * @throws {JwtTokenSignatureMismatched} If the token signature does not match.
 * @example
 * const payload = await verify(token, publicKey);
 * console.log(payload);
 */
declare const verify: (token: string, publicKey: SignatureKey, alg?: SignatureAlgorithm) => Promise<JWTPayload>;
/**
 * Decodes a JWT into its header and payload.
 * @param token - The JWT to decode.
 * @returns An object containing the decoded header and payload.
 * @throws {JwtTokenInvalid} If the token is invalid.
 * @example
 * const { header, payload } = decode(token);
 * console.log(header, payload);
 */
declare const decode: (token: string) => {
    header: TokenHeader;
    payload: JWTPayload;
};

declare const jwt: {
    decode: (token: string) => {
        header: TokenHeader;
        payload: JWTPayload;
    };
    sign: (payload: JWTPayload, privateKey: SignatureKey, alg?: SignatureAlgorithm) => Promise<string>;
    verify: (token: string, publicKey: SignatureKey, alg?: SignatureAlgorithm) => Promise<JWTPayload>;
};

export { CryptoKeyUsage, type JWTPayload, JwtAlgorithmNotImplemented, JwtHeaderInvalid, JwtTokenExpired, JwtTokenInvalid, JwtTokenIssuedAt, JwtTokenNotBefore, JwtTokenSignatureMismatched, decode, jwt as default, sign, verify };
