import { KeyLike } from 'jose';
import { WithHeaders } from './WithHeaders.js';
export declare class SignatureBase extends WithHeaders {
    readonly signature: Uint8Array;
    constructor(protectedHeaders: Uint8Array | Map<number, unknown>, unprotectedHeaders: Map<number, unknown>, signature: Uint8Array);
    /**
        This parameter is used to indicate the algorithm used for the
        security processing.  This parameter MUST be authenticated where
        the ability to do so exists.  This support is provided by AEAD
        algorithms or construction (COSE_Sign, COSE_Sign0, COSE_Mac, and
        COSE_Mac0).  This authentication can be done either by placing the
        header in the protected header bucket or as part of the externally
        supplied data.  The value is taken from the "COSE Algorithms"
        registry (see Section 16.4).
     */
    get alg(): number | undefined;
    get algName(): string | undefined;
    /**
        This parameter identifies one piece of data that can be used as
        input to find the needed cryptographic key.  The value of this
        parameter can be matched against the 'kid' member in a COSE_Key
        structure.  Other methods of key distribution can define an
        equivalent field to be matched.  Applications MUST NOT assume that
        'kid' values are unique.  There may be more than one key with the
        same 'kid' value, so all of the keys associated with this 'kid'
        may need to be checked.  The internal structure of 'kid' values is
        not defined and cannot be relied on by applications.  Key
        identifier values are hints about which key to use.  This is not a
        security-critical field.  For this reason, it can be placed in the
        unprotected headers bucket.
     */
    get kid(): Uint8Array | undefined;
    get x5bag(): Uint8Array[] | undefined;
    get x5chain(): Uint8Array[] | undefined;
    /**
     * Verify the x5chain content of a message with a given list of certificate authorities.
     * Returns the publicKey for message validation and
     * the raw x5chain certificate for further processing.
     *
     * @param caRoots the list of certificate authorities in pem format
     * @returns {Promise<{ publicKey: KeyLike, raw: Uint8Array }>
     */
    verifyX509Chain(caRoots: string[]): Promise<{
        publicKey: KeyLike;
        raw: Uint8Array;
    }>;
}