@nokinc-flur/sdk 1.1.2 → 1.1.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.cjs +455 -147
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.cts +659 -110
- package/dist/index.d.ts +659 -110
- package/dist/index.js +441 -143
- package/dist/index.js.map +1 -1
- package/package.json +1 -1
package/dist/index.d.ts
CHANGED
|
@@ -1245,20 +1245,19 @@ declare function canonicalJSONBytes(value: unknown): Uint8Array;
|
|
|
1245
1245
|
*/
|
|
1246
1246
|
declare function constantTimeEqual(a: Uint8Array, b: Uint8Array): boolean;
|
|
1247
1247
|
|
|
1248
|
-
type Ed25519KeyPair = {
|
|
1249
|
-
privateKey: Uint8Array;
|
|
1250
|
-
publicKey: Uint8Array;
|
|
1251
|
-
};
|
|
1252
|
-
declare function generateKeyPair(): Ed25519KeyPair;
|
|
1253
|
-
declare function publicKeyFromPrivate(privateKey: Uint8Array): Uint8Array;
|
|
1254
|
-
declare function sign(message: Uint8Array, privateKey: Uint8Array): Uint8Array;
|
|
1255
|
-
declare function verify(message: Uint8Array, signature: Uint8Array, publicKey: Uint8Array): boolean;
|
|
1256
1248
|
/**
|
|
1257
|
-
*
|
|
1258
|
-
*
|
|
1249
|
+
* Offline Authorization Certificate (OAC) — P-256 edition (Stage 2c).
|
|
1250
|
+
*
|
|
1251
|
+
* Previous wire format used raw 32-byte Ed25519 hex device keys and 64-byte
|
|
1252
|
+
* hex Ed25519 signatures. The cutover keeps the JSON field names but moves
|
|
1253
|
+
* to base64:
|
|
1254
|
+
* - `devicePublicKey` : SubjectPublicKeyInfo DER, base64 (P-256, ~124 chars).
|
|
1255
|
+
* - `issuerSig` : ASN.1 DER ECDSA(SHA-256) signature, base64 (~96 chars).
|
|
1256
|
+
*
|
|
1257
|
+
* `issuerPrivateKey` is a raw 32-byte P-256 scalar (Uint8Array) — same shape as
|
|
1258
|
+
* the SDK's other P-256 helpers. `issuerPublicKey` (for verification) is now a
|
|
1259
|
+
* base64 SPKI DER string, matching the rest of the migrated SDK surface.
|
|
1259
1260
|
*/
|
|
1260
|
-
declare function signCanonical(value: unknown, privateKey: Uint8Array): Uint8Array;
|
|
1261
|
-
declare function verifyCanonical(value: unknown, signature: Uint8Array, publicKey: Uint8Array): boolean;
|
|
1262
1261
|
|
|
1263
1262
|
declare const OAC_DEFAULT_PER_TX_KOBO = 500000;
|
|
1264
1263
|
declare const OAC_DEFAULT_CUMULATIVE_KOBO = 2000000;
|
|
@@ -1266,6 +1265,7 @@ declare const OAC_DEFAULT_VALIDITY_MS: number;
|
|
|
1266
1265
|
declare const OACSchema: z.ZodEffects<z.ZodEffects<z.ZodObject<{
|
|
1267
1266
|
userId: z.ZodString;
|
|
1268
1267
|
deviceId: z.ZodString;
|
|
1268
|
+
/** SubjectPublicKeyInfo DER, base64 (P-256). */
|
|
1269
1269
|
devicePublicKey: z.ZodString;
|
|
1270
1270
|
perTxCapKobo: z.ZodNumber;
|
|
1271
1271
|
cumulativeCapKobo: z.ZodNumber;
|
|
@@ -1273,6 +1273,7 @@ declare const OACSchema: z.ZodEffects<z.ZodEffects<z.ZodObject<{
|
|
|
1273
1273
|
validUntilMs: z.ZodNumber;
|
|
1274
1274
|
counterSeed: z.ZodNumber;
|
|
1275
1275
|
nonce: z.ZodString;
|
|
1276
|
+
/** ASN.1 DER ECDSA(SHA-256) signature, base64. */
|
|
1276
1277
|
issuerSig: z.ZodString;
|
|
1277
1278
|
}, "strip", z.ZodTypeAny, {
|
|
1278
1279
|
userId: string;
|
|
@@ -1346,7 +1347,8 @@ type UnsignedOAC = Omit<OAC, 'issuerSig'>;
|
|
|
1346
1347
|
declare function buildOAC(input: {
|
|
1347
1348
|
userId: string;
|
|
1348
1349
|
deviceId: string;
|
|
1349
|
-
|
|
1350
|
+
/** SPKI DER base64 string (P-256). */
|
|
1351
|
+
devicePublicKey: string;
|
|
1350
1352
|
perTxCapKobo?: number;
|
|
1351
1353
|
cumulativeCapKobo?: number;
|
|
1352
1354
|
validFromMs: number;
|
|
@@ -1355,11 +1357,25 @@ declare function buildOAC(input: {
|
|
|
1355
1357
|
nonce: string;
|
|
1356
1358
|
}): UnsignedOAC;
|
|
1357
1359
|
declare function signOAC(unsigned: UnsignedOAC, issuerPrivateKey: Uint8Array): OAC;
|
|
1358
|
-
declare function verifyOAC(oac: OAC,
|
|
1360
|
+
declare function verifyOAC(oac: OAC, issuerPublicKeySpkiB64: string): boolean;
|
|
1359
1361
|
|
|
1360
1362
|
declare function encodeBase45(bytes: Uint8Array): string;
|
|
1361
1363
|
declare function decodeBase45(s: string): Uint8Array;
|
|
1362
1364
|
|
|
1365
|
+
/**
|
|
1366
|
+
* Offline payment messages — P-256 edition (Stage 2c).
|
|
1367
|
+
*
|
|
1368
|
+
* Wire-shape change vs. the previous Ed25519 hex format:
|
|
1369
|
+
* - `merchantSig`, `payerSig` : ASN.1 DER ECDSA(SHA-256) signature, base64.
|
|
1370
|
+
* - device signing keys are passed as raw 32-byte P-256 scalars (Uint8Array);
|
|
1371
|
+
* issuer-side verification arguments use SPKI DER base64 strings.
|
|
1372
|
+
*
|
|
1373
|
+
* Note: `verifyPaymentRequest` and `verifyAuthorization` take the *issuer*
|
|
1374
|
+
* public key (SPKI b64) — they re-verify the merchant/payer OAC against the
|
|
1375
|
+
* issuer, then verify the merchant/payer signature against the device key
|
|
1376
|
+
* embedded in their OAC.
|
|
1377
|
+
*/
|
|
1378
|
+
|
|
1363
1379
|
declare const OfflinePaymentRequestSchema: z.ZodObject<{
|
|
1364
1380
|
reference: z.ZodString;
|
|
1365
1381
|
amountKobo: z.ZodNumber;
|
|
@@ -1755,14 +1771,14 @@ declare function buildPaymentRequest(input: {
|
|
|
1755
1771
|
expiresAtMs: number;
|
|
1756
1772
|
}): UnsignedOfflinePaymentRequest;
|
|
1757
1773
|
declare function signPaymentRequest(unsigned: UnsignedOfflinePaymentRequest, merchantDevicePrivateKey: Uint8Array): OfflinePaymentRequest;
|
|
1758
|
-
declare function verifyPaymentRequest(req: OfflinePaymentRequest,
|
|
1774
|
+
declare function verifyPaymentRequest(req: OfflinePaymentRequest, issuerPublicKeySpkiB64: string): boolean;
|
|
1759
1775
|
declare function buildAuthorization(input: {
|
|
1760
1776
|
request: OfflinePaymentRequest;
|
|
1761
1777
|
payerOAC: OAC;
|
|
1762
1778
|
payerCounter: number;
|
|
1763
1779
|
}): UnsignedOfflinePaymentAuthorization;
|
|
1764
1780
|
declare function signAuthorization(unsigned: UnsignedOfflinePaymentAuthorization, payerDevicePrivateKey: Uint8Array): OfflinePaymentAuthorization;
|
|
1765
|
-
declare function verifyAuthorization(auth: OfflinePaymentAuthorization,
|
|
1781
|
+
declare function verifyAuthorization(auth: OfflinePaymentAuthorization, issuerPublicKeySpkiB64: string): boolean;
|
|
1766
1782
|
declare function encodePaymentRequestQR(req: OfflinePaymentRequest): string;
|
|
1767
1783
|
declare function decodePaymentRequestQR(s: string): OfflinePaymentRequest;
|
|
1768
1784
|
declare function encodeAuthorizationQR(auth: OfflinePaymentAuthorization): string;
|
|
@@ -2208,8 +2224,8 @@ declare const PassSchema: z.ZodEffects<z.ZodObject<{
|
|
|
2208
2224
|
nonce: z.ZodString;
|
|
2209
2225
|
/** Device id this pass is bound to (FK to backend `device_keys`). */
|
|
2210
2226
|
holderDeviceId: z.ZodString;
|
|
2211
|
-
/**
|
|
2212
|
-
* is verified against this key — it is the security-critical binding. */
|
|
2227
|
+
/** SubjectPublicKeyInfo DER (P-256) of the bound device, base64. The redemption
|
|
2228
|
+
* signature is verified against this key — it is the security-critical binding. */
|
|
2213
2229
|
holderDevicePubkey: z.ZodString;
|
|
2214
2230
|
/** Optional fixed amount for monetary passes (vouchers, gift cards) in kobo. */
|
|
2215
2231
|
amountKobo: z.ZodOptional<z.ZodNumber>;
|
|
@@ -2219,6 +2235,7 @@ declare const PassSchema: z.ZodEffects<z.ZodObject<{
|
|
|
2219
2235
|
counterSeed: z.ZodNumber;
|
|
2220
2236
|
/** Optional cumulative spend cap in kobo across all redemptions of this pass. */
|
|
2221
2237
|
cumulativeCapKobo: z.ZodOptional<z.ZodNumber>;
|
|
2238
|
+
/** ASN.1 DER ECDSA P-256 signature, base64. */
|
|
2222
2239
|
issuerSig: z.ZodString;
|
|
2223
2240
|
}, "strip", z.ZodTypeAny, {
|
|
2224
2241
|
nonce: string;
|
|
@@ -2320,7 +2337,7 @@ type BuildPassInput = {
|
|
|
2320
2337
|
};
|
|
2321
2338
|
declare function buildPass(input: BuildPassInput): UnsignedPass;
|
|
2322
2339
|
declare function signPass(unsigned: UnsignedPass, issuerPrivateKey: Uint8Array): Pass;
|
|
2323
|
-
declare function verifyPass(pass: Pass,
|
|
2340
|
+
declare function verifyPass(pass: Pass, issuerPublicKeySpkiB64: string): boolean;
|
|
2324
2341
|
/**
|
|
2325
2342
|
* Validity window check is done separately from signature verification so callers can
|
|
2326
2343
|
* decide their clock-skew tolerance.
|
|
@@ -2432,6 +2449,7 @@ declare const RedemptionSchema: z.ZodObject<{
|
|
|
2432
2449
|
/** Amount being redeemed in kobo (0 for non-monetary passes like ride tickets). */
|
|
2433
2450
|
amountKobo: z.ZodNumber;
|
|
2434
2451
|
nonce: z.ZodString;
|
|
2452
|
+
/** ASN.1 DER ECDSA P-256 signature over canonicalJSONBytes(unsigned), base64. */
|
|
2435
2453
|
holderSig: z.ZodString;
|
|
2436
2454
|
}, "strip", z.ZodTypeAny, {
|
|
2437
2455
|
nonce: string;
|
|
@@ -2513,7 +2531,7 @@ declare function signRedemption(unsigned: UnsignedRedemption, holderDevicePrivat
|
|
|
2513
2531
|
* 3. The redemption is signed by that bound device key.
|
|
2514
2532
|
* 4. The redemption counter is strictly greater than pass.counterSeed.
|
|
2515
2533
|
*/
|
|
2516
|
-
declare function verifyRedemption(r: Redemption,
|
|
2534
|
+
declare function verifyRedemption(r: Redemption, issuerPublicKeySpkiB64: string): boolean;
|
|
2517
2535
|
|
|
2518
2536
|
declare const RECEIPT_CHANNELS: readonly ["cash", "pass"];
|
|
2519
2537
|
type ReceiptChannel = (typeof RECEIPT_CHANNELS)[number];
|
|
@@ -2540,6 +2558,7 @@ declare const ReceiptSchema: z.ZodEffects<z.ZodObject<{
|
|
|
2540
2558
|
issuedAtMs: z.ZodNumber;
|
|
2541
2559
|
issuerId: z.ZodString;
|
|
2542
2560
|
payload: z.ZodRecord<z.ZodString, z.ZodUnion<[z.ZodString, z.ZodNumber, z.ZodBoolean, z.ZodNull]>>;
|
|
2561
|
+
/** ASN.1 DER ECDSA P-256 signature, base64. */
|
|
2543
2562
|
issuerSig: z.ZodString;
|
|
2544
2563
|
}, "strip", z.ZodTypeAny, {
|
|
2545
2564
|
currency: string;
|
|
@@ -2611,7 +2630,7 @@ type BuildReceiptInput = {
|
|
|
2611
2630
|
};
|
|
2612
2631
|
declare function buildReceipt(input: BuildReceiptInput): UnsignedReceipt;
|
|
2613
2632
|
declare function signReceipt(unsigned: UnsignedReceipt, issuerPrivateKey: Uint8Array): Receipt;
|
|
2614
|
-
declare function verifyReceipt(r: Receipt,
|
|
2633
|
+
declare function verifyReceipt(r: Receipt, issuerPublicKeySpkiB64: string): boolean;
|
|
2615
2634
|
|
|
2616
2635
|
type PassesClientOptions = {
|
|
2617
2636
|
baseUrl: string;
|
|
@@ -2621,7 +2640,7 @@ type PassesClientOptions = {
|
|
|
2621
2640
|
type IssuePassInput = {
|
|
2622
2641
|
/** Device this pass is bound to. Required (BE-19). */
|
|
2623
2642
|
holderDeviceId: string;
|
|
2624
|
-
/**
|
|
2643
|
+
/** P-256 SubjectPublicKeyInfo DER public key (base64) of the bound device. Required (BE-19). */
|
|
2625
2644
|
holderDevicePubkey: string;
|
|
2626
2645
|
/** Pass kind (server may default for templated flows). */
|
|
2627
2646
|
kind: PassKind;
|
|
@@ -2677,8 +2696,8 @@ type PassesClient = {
|
|
|
2677
2696
|
redeemPass: (passId: string, redemption: Redemption) => Promise<Pass>;
|
|
2678
2697
|
redeemPassWithReceipt: (passId: string, redemption: Redemption, receipt: AtomicRedeemReceiptInput) => Promise<AtomicRedeemResponse>;
|
|
2679
2698
|
revokePass: (passId: string, input: RevokePassInput) => Promise<Pass>;
|
|
2680
|
-
/** Local
|
|
2681
|
-
verifyPass: (pass: Pass,
|
|
2699
|
+
/** Local P-256 ECDSA verification of a pass envelope under the supplied issuer SPKI base64 key. */
|
|
2700
|
+
verifyPass: (pass: Pass, issuerPublicKeySpkiB64: string) => boolean;
|
|
2682
2701
|
};
|
|
2683
2702
|
declare function createPassesClient(opts: PassesClientOptions): PassesClient;
|
|
2684
2703
|
|
|
@@ -2722,8 +2741,8 @@ type ReceiptsClient = {
|
|
|
2722
2741
|
/** Look up a pass-channel receipt by its originating passRedemptionId. */
|
|
2723
2742
|
getByPassRedemptionId: (passRedemptionId: string) => Promise<Receipt>;
|
|
2724
2743
|
listForUser: (input: ListReceiptsInput) => Promise<ListReceiptsResponse>;
|
|
2725
|
-
/** Local
|
|
2726
|
-
verifyReceipt: (receipt: Receipt,
|
|
2744
|
+
/** Local P-256 ECDSA verification of a receipt envelope under the supplied issuer SPKI base64 key. */
|
|
2745
|
+
verifyReceipt: (receipt: Receipt, issuerPublicKeySpkiB64: string) => boolean;
|
|
2727
2746
|
};
|
|
2728
2747
|
declare function createReceiptsClient(opts: ReceiptsClientOptions): ReceiptsClient;
|
|
2729
2748
|
|
|
@@ -2841,14 +2860,14 @@ type AccountsClient = {
|
|
|
2841
2860
|
declare function createAccountsClient(opts: AccountsClientOptions): AccountsClient;
|
|
2842
2861
|
|
|
2843
2862
|
/**
|
|
2844
|
-
* Consumer-side
|
|
2863
|
+
* Consumer-side Offline Collect SDK client.
|
|
2845
2864
|
*
|
|
2846
2865
|
* Wraps the backend `/v1/me/offline/*` routes (session-bearer auth ONLY —
|
|
2847
|
-
* NOT partner HMAC). These power the
|
|
2866
|
+
* NOT partner HMAC). These power the payer authorization side of Flur Offline Collect:
|
|
2848
2867
|
* - register/list/revoke device signing keys
|
|
2849
|
-
* -
|
|
2868
|
+
* - provision / refresh / release a hold-backed offline allowance
|
|
2850
2869
|
* - read offline status (current hold + active OAC)
|
|
2851
|
-
* - submit a signed offline
|
|
2870
|
+
* - submit a signed offline collection claim for settlement
|
|
2852
2871
|
*
|
|
2853
2872
|
* Schemas mirror `flur-backend/src/offline-consumer/types.ts`.
|
|
2854
2873
|
*/
|
|
@@ -2864,11 +2883,65 @@ declare const RegisterDeviceKeyInputSchema: z.ZodObject<{
|
|
|
2864
2883
|
publicKeyHex: string;
|
|
2865
2884
|
}>;
|
|
2866
2885
|
type RegisterDeviceKeyInput = z.infer<typeof RegisterDeviceKeyInputSchema>;
|
|
2886
|
+
declare const AttestationSecurityLevelSchema: z.ZodEnum<["STRONGBOX", "TEE", "SECURE_ENCLAVE", "SOFTWARE"]>;
|
|
2887
|
+
type AttestationSecurityLevel = z.infer<typeof AttestationSecurityLevelSchema>;
|
|
2888
|
+
declare const DeviceKeyAlgSchema: z.ZodLiteral<"p256">;
|
|
2889
|
+
type DeviceKeyAlg = z.infer<typeof DeviceKeyAlgSchema>;
|
|
2890
|
+
declare const RegisterDeviceKeyP256InputSchema: z.ZodObject<{
|
|
2891
|
+
deviceId: z.ZodString;
|
|
2892
|
+
/** P-256 SubjectPublicKeyInfo DER, base64. */
|
|
2893
|
+
publicKeySpkiB64: z.ZodString;
|
|
2894
|
+
/** Base64 of the server-issued enrollment challenge string. */
|
|
2895
|
+
challengeB64: z.ZodString;
|
|
2896
|
+
/** iOS App Attest payload or Android X.509 Key Attestation chain. */
|
|
2897
|
+
attestationChainB64: z.ZodArray<z.ZodString, "many">;
|
|
2898
|
+
securityLevel: z.ZodEnum<["STRONGBOX", "TEE", "SECURE_ENCLAVE", "SOFTWARE"]>;
|
|
2899
|
+
}, "strip", z.ZodTypeAny, {
|
|
2900
|
+
deviceId: string;
|
|
2901
|
+
publicKeySpkiB64: string;
|
|
2902
|
+
challengeB64: string;
|
|
2903
|
+
attestationChainB64: string[];
|
|
2904
|
+
securityLevel: "STRONGBOX" | "TEE" | "SECURE_ENCLAVE" | "SOFTWARE";
|
|
2905
|
+
}, {
|
|
2906
|
+
deviceId: string;
|
|
2907
|
+
publicKeySpkiB64: string;
|
|
2908
|
+
challengeB64: string;
|
|
2909
|
+
attestationChainB64: string[];
|
|
2910
|
+
securityLevel: "STRONGBOX" | "TEE" | "SECURE_ENCLAVE" | "SOFTWARE";
|
|
2911
|
+
}>;
|
|
2912
|
+
type RegisterDeviceKeyP256Input = z.infer<typeof RegisterDeviceKeyP256InputSchema>;
|
|
2913
|
+
declare const P256EnrollmentChallengeInputSchema: z.ZodObject<{
|
|
2914
|
+
deviceId: z.ZodString;
|
|
2915
|
+
}, "strip", z.ZodTypeAny, {
|
|
2916
|
+
deviceId: string;
|
|
2917
|
+
}, {
|
|
2918
|
+
deviceId: string;
|
|
2919
|
+
}>;
|
|
2920
|
+
type P256EnrollmentChallengeInput = z.infer<typeof P256EnrollmentChallengeInputSchema>;
|
|
2921
|
+
declare const P256EnrollmentChallengeResultSchema: z.ZodObject<{
|
|
2922
|
+
challenge: z.ZodString;
|
|
2923
|
+
expiresAtMs: z.ZodNumber;
|
|
2924
|
+
}, "strip", z.ZodTypeAny, {
|
|
2925
|
+
expiresAtMs: number;
|
|
2926
|
+
challenge: string;
|
|
2927
|
+
}, {
|
|
2928
|
+
expiresAtMs: number;
|
|
2929
|
+
challenge: string;
|
|
2930
|
+
}>;
|
|
2931
|
+
type P256EnrollmentChallengeResult = z.infer<typeof P256EnrollmentChallengeResultSchema>;
|
|
2867
2932
|
declare const DeviceKeyRecordSchema: z.ZodObject<{
|
|
2868
2933
|
id: z.ZodString;
|
|
2869
2934
|
userId: z.ZodString;
|
|
2870
2935
|
deviceId: z.ZodString;
|
|
2871
|
-
|
|
2936
|
+
/** Always 'p256' on the consumer offline rail. Field retained for forward-compat. */
|
|
2937
|
+
alg: z.ZodDefault<z.ZodLiteral<"p256">>;
|
|
2938
|
+
/** Legacy ed25519 hex key. Always null on new records (kept for back-compat reads). */
|
|
2939
|
+
publicKeyHex: z.ZodDefault<z.ZodNullable<z.ZodString>>;
|
|
2940
|
+
/** P-256 SubjectPublicKeyInfo DER, base64. Required for new records. */
|
|
2941
|
+
publicKeySpkiB64: z.ZodDefault<z.ZodNullable<z.ZodString>>;
|
|
2942
|
+
securityLevel: z.ZodDefault<z.ZodNullable<z.ZodEnum<["STRONGBOX", "TEE", "SECURE_ENCLAVE", "SOFTWARE"]>>>;
|
|
2943
|
+
hardwareBacked: z.ZodDefault<z.ZodBoolean>;
|
|
2944
|
+
attestedAtMs: z.ZodDefault<z.ZodNullable<z.ZodNumber>>;
|
|
2872
2945
|
createdAtMs: z.ZodNumber;
|
|
2873
2946
|
revokedAtMs: z.ZodNullable<z.ZodNumber>;
|
|
2874
2947
|
}, "strip", z.ZodTypeAny, {
|
|
@@ -2877,14 +2950,24 @@ declare const DeviceKeyRecordSchema: z.ZodObject<{
|
|
|
2877
2950
|
id: string;
|
|
2878
2951
|
createdAtMs: number;
|
|
2879
2952
|
revokedAtMs: number | null;
|
|
2880
|
-
publicKeyHex: string;
|
|
2953
|
+
publicKeyHex: string | null;
|
|
2954
|
+
publicKeySpkiB64: string | null;
|
|
2955
|
+
securityLevel: "STRONGBOX" | "TEE" | "SECURE_ENCLAVE" | "SOFTWARE" | null;
|
|
2956
|
+
alg: "p256";
|
|
2957
|
+
hardwareBacked: boolean;
|
|
2958
|
+
attestedAtMs: number | null;
|
|
2881
2959
|
}, {
|
|
2882
2960
|
userId: string;
|
|
2883
2961
|
deviceId: string;
|
|
2884
2962
|
id: string;
|
|
2885
2963
|
createdAtMs: number;
|
|
2886
2964
|
revokedAtMs: number | null;
|
|
2887
|
-
publicKeyHex
|
|
2965
|
+
publicKeyHex?: string | null | undefined;
|
|
2966
|
+
publicKeySpkiB64?: string | null | undefined;
|
|
2967
|
+
securityLevel?: "STRONGBOX" | "TEE" | "SECURE_ENCLAVE" | "SOFTWARE" | null | undefined;
|
|
2968
|
+
alg?: "p256" | undefined;
|
|
2969
|
+
hardwareBacked?: boolean | undefined;
|
|
2970
|
+
attestedAtMs?: number | null | undefined;
|
|
2888
2971
|
}>;
|
|
2889
2972
|
type DeviceKeyRecord = z.infer<typeof DeviceKeyRecordSchema>;
|
|
2890
2973
|
declare const ConsumerOACSchema: z.ZodObject<{
|
|
@@ -2892,7 +2975,10 @@ declare const ConsumerOACSchema: z.ZodObject<{
|
|
|
2892
2975
|
issuerId: z.ZodString;
|
|
2893
2976
|
userId: z.ZodString;
|
|
2894
2977
|
deviceId: z.ZodString;
|
|
2895
|
-
|
|
2978
|
+
/** Always 'p256'. Field retained for forward-compat. */
|
|
2979
|
+
alg: z.ZodDefault<z.ZodLiteral<"p256">>;
|
|
2980
|
+
/** P-256 SubjectPublicKeyInfo DER, base64. */
|
|
2981
|
+
devicePubkeySpkiB64: z.ZodString;
|
|
2896
2982
|
perTxCapKobo: z.ZodNumber;
|
|
2897
2983
|
cumulativeCapKobo: z.ZodNumber;
|
|
2898
2984
|
currency: z.ZodString;
|
|
@@ -2911,8 +2997,9 @@ declare const ConsumerOACSchema: z.ZodObject<{
|
|
|
2911
2997
|
counterSeed: number;
|
|
2912
2998
|
issuedAtMs: number;
|
|
2913
2999
|
issuerId: string;
|
|
3000
|
+
alg: "p256";
|
|
2914
3001
|
oacId: string;
|
|
2915
|
-
|
|
3002
|
+
devicePubkeySpkiB64: string;
|
|
2916
3003
|
}, {
|
|
2917
3004
|
userId: string;
|
|
2918
3005
|
deviceId: string;
|
|
@@ -2925,7 +3012,8 @@ declare const ConsumerOACSchema: z.ZodObject<{
|
|
|
2925
3012
|
issuedAtMs: number;
|
|
2926
3013
|
issuerId: string;
|
|
2927
3014
|
oacId: string;
|
|
2928
|
-
|
|
3015
|
+
devicePubkeySpkiB64: string;
|
|
3016
|
+
alg?: "p256" | undefined;
|
|
2929
3017
|
}>;
|
|
2930
3018
|
type ConsumerOAC = z.infer<typeof ConsumerOACSchema>;
|
|
2931
3019
|
declare const SignedConsumerOACSchema: z.ZodObject<{
|
|
@@ -2934,7 +3022,10 @@ declare const SignedConsumerOACSchema: z.ZodObject<{
|
|
|
2934
3022
|
issuerId: z.ZodString;
|
|
2935
3023
|
userId: z.ZodString;
|
|
2936
3024
|
deviceId: z.ZodString;
|
|
2937
|
-
|
|
3025
|
+
/** Always 'p256'. Field retained for forward-compat. */
|
|
3026
|
+
alg: z.ZodDefault<z.ZodLiteral<"p256">>;
|
|
3027
|
+
/** P-256 SubjectPublicKeyInfo DER, base64. */
|
|
3028
|
+
devicePubkeySpkiB64: z.ZodString;
|
|
2938
3029
|
perTxCapKobo: z.ZodNumber;
|
|
2939
3030
|
cumulativeCapKobo: z.ZodNumber;
|
|
2940
3031
|
currency: z.ZodString;
|
|
@@ -2953,8 +3044,9 @@ declare const SignedConsumerOACSchema: z.ZodObject<{
|
|
|
2953
3044
|
counterSeed: number;
|
|
2954
3045
|
issuedAtMs: number;
|
|
2955
3046
|
issuerId: string;
|
|
3047
|
+
alg: "p256";
|
|
2956
3048
|
oacId: string;
|
|
2957
|
-
|
|
3049
|
+
devicePubkeySpkiB64: string;
|
|
2958
3050
|
}, {
|
|
2959
3051
|
userId: string;
|
|
2960
3052
|
deviceId: string;
|
|
@@ -2967,10 +3059,13 @@ declare const SignedConsumerOACSchema: z.ZodObject<{
|
|
|
2967
3059
|
issuedAtMs: number;
|
|
2968
3060
|
issuerId: string;
|
|
2969
3061
|
oacId: string;
|
|
2970
|
-
|
|
3062
|
+
devicePubkeySpkiB64: string;
|
|
3063
|
+
alg?: "p256" | undefined;
|
|
2971
3064
|
}>;
|
|
3065
|
+
/** ASN.1 DER ECDSA P-256 issuer signature, base64. */
|
|
2972
3066
|
issuerSig: z.ZodString;
|
|
2973
|
-
|
|
3067
|
+
/** Issuer's P-256 public key as SubjectPublicKeyInfo DER, base64. */
|
|
3068
|
+
issuerPublicKeySpkiB64: z.ZodString;
|
|
2974
3069
|
}, "strip", z.ZodTypeAny, {
|
|
2975
3070
|
issuerSig: string;
|
|
2976
3071
|
oac: {
|
|
@@ -2984,10 +3079,11 @@ declare const SignedConsumerOACSchema: z.ZodObject<{
|
|
|
2984
3079
|
counterSeed: number;
|
|
2985
3080
|
issuedAtMs: number;
|
|
2986
3081
|
issuerId: string;
|
|
3082
|
+
alg: "p256";
|
|
2987
3083
|
oacId: string;
|
|
2988
|
-
|
|
3084
|
+
devicePubkeySpkiB64: string;
|
|
2989
3085
|
};
|
|
2990
|
-
|
|
3086
|
+
issuerPublicKeySpkiB64: string;
|
|
2991
3087
|
}, {
|
|
2992
3088
|
issuerSig: string;
|
|
2993
3089
|
oac: {
|
|
@@ -3002,9 +3098,10 @@ declare const SignedConsumerOACSchema: z.ZodObject<{
|
|
|
3002
3098
|
issuedAtMs: number;
|
|
3003
3099
|
issuerId: string;
|
|
3004
3100
|
oacId: string;
|
|
3005
|
-
|
|
3101
|
+
devicePubkeySpkiB64: string;
|
|
3102
|
+
alg?: "p256" | undefined;
|
|
3006
3103
|
};
|
|
3007
|
-
|
|
3104
|
+
issuerPublicKeySpkiB64: string;
|
|
3008
3105
|
}>;
|
|
3009
3106
|
type SignedConsumerOAC = z.infer<typeof SignedConsumerOACSchema>;
|
|
3010
3107
|
declare const OACRecordSchema: z.ZodObject<{
|
|
@@ -3013,7 +3110,10 @@ declare const OACRecordSchema: z.ZodObject<{
|
|
|
3013
3110
|
issuerId: z.ZodString;
|
|
3014
3111
|
userId: z.ZodString;
|
|
3015
3112
|
deviceId: z.ZodString;
|
|
3016
|
-
|
|
3113
|
+
/** Always 'p256'. Field retained for forward-compat. */
|
|
3114
|
+
alg: z.ZodDefault<z.ZodLiteral<"p256">>;
|
|
3115
|
+
/** P-256 SubjectPublicKeyInfo DER, base64. */
|
|
3116
|
+
devicePubkeySpkiB64: z.ZodString;
|
|
3017
3117
|
perTxCapKobo: z.ZodNumber;
|
|
3018
3118
|
cumulativeCapKobo: z.ZodNumber;
|
|
3019
3119
|
currency: z.ZodString;
|
|
@@ -3032,8 +3132,9 @@ declare const OACRecordSchema: z.ZodObject<{
|
|
|
3032
3132
|
counterSeed: number;
|
|
3033
3133
|
issuedAtMs: number;
|
|
3034
3134
|
issuerId: string;
|
|
3135
|
+
alg: "p256";
|
|
3035
3136
|
oacId: string;
|
|
3036
|
-
|
|
3137
|
+
devicePubkeySpkiB64: string;
|
|
3037
3138
|
}, {
|
|
3038
3139
|
userId: string;
|
|
3039
3140
|
deviceId: string;
|
|
@@ -3046,10 +3147,13 @@ declare const OACRecordSchema: z.ZodObject<{
|
|
|
3046
3147
|
issuedAtMs: number;
|
|
3047
3148
|
issuerId: string;
|
|
3048
3149
|
oacId: string;
|
|
3049
|
-
|
|
3150
|
+
devicePubkeySpkiB64: string;
|
|
3151
|
+
alg?: "p256" | undefined;
|
|
3050
3152
|
}>;
|
|
3153
|
+
/** ASN.1 DER ECDSA P-256 issuer signature, base64. */
|
|
3051
3154
|
issuerSig: z.ZodString;
|
|
3052
|
-
|
|
3155
|
+
/** Issuer's P-256 public key as SubjectPublicKeyInfo DER, base64. */
|
|
3156
|
+
issuerPublicKeySpkiB64: z.ZodString;
|
|
3053
3157
|
} & {
|
|
3054
3158
|
currentOfflineSpentKobo: z.ZodNumber;
|
|
3055
3159
|
status: z.ZodEnum<["active", "superseded", "expired", "revoked", "disabling", "draining", "closed"]>;
|
|
@@ -3071,10 +3175,11 @@ declare const OACRecordSchema: z.ZodObject<{
|
|
|
3071
3175
|
counterSeed: number;
|
|
3072
3176
|
issuedAtMs: number;
|
|
3073
3177
|
issuerId: string;
|
|
3178
|
+
alg: "p256";
|
|
3074
3179
|
oacId: string;
|
|
3075
|
-
|
|
3180
|
+
devicePubkeySpkiB64: string;
|
|
3076
3181
|
};
|
|
3077
|
-
|
|
3182
|
+
issuerPublicKeySpkiB64: string;
|
|
3078
3183
|
currentOfflineSpentKobo: number;
|
|
3079
3184
|
supersededAtMs: number | null;
|
|
3080
3185
|
holdId?: string | null | undefined;
|
|
@@ -3094,9 +3199,10 @@ declare const OACRecordSchema: z.ZodObject<{
|
|
|
3094
3199
|
issuedAtMs: number;
|
|
3095
3200
|
issuerId: string;
|
|
3096
3201
|
oacId: string;
|
|
3097
|
-
|
|
3202
|
+
devicePubkeySpkiB64: string;
|
|
3203
|
+
alg?: "p256" | undefined;
|
|
3098
3204
|
};
|
|
3099
|
-
|
|
3205
|
+
issuerPublicKeySpkiB64: string;
|
|
3100
3206
|
currentOfflineSpentKobo: number;
|
|
3101
3207
|
supersededAtMs: number | null;
|
|
3102
3208
|
holdId?: string | null | undefined;
|
|
@@ -3145,6 +3251,29 @@ declare const EnableOfflineInputSchema: z.ZodObject<{
|
|
|
3145
3251
|
partnerId?: string | undefined;
|
|
3146
3252
|
}>;
|
|
3147
3253
|
type EnableOfflineInput = z.infer<typeof EnableOfflineInputSchema>;
|
|
3254
|
+
declare const ProvisionOfflineAllowanceInputSchema: z.ZodObject<{
|
|
3255
|
+
deviceId: z.ZodString;
|
|
3256
|
+
amountKobo: z.ZodNumber;
|
|
3257
|
+
perTxCapKobo: z.ZodOptional<z.ZodNumber>;
|
|
3258
|
+
ttlMs: z.ZodOptional<z.ZodNumber>;
|
|
3259
|
+
installId: z.ZodString;
|
|
3260
|
+
partnerId: z.ZodOptional<z.ZodString>;
|
|
3261
|
+
}, "strip", z.ZodTypeAny, {
|
|
3262
|
+
deviceId: string;
|
|
3263
|
+
amountKobo: number;
|
|
3264
|
+
installId: string;
|
|
3265
|
+
perTxCapKobo?: number | undefined;
|
|
3266
|
+
ttlMs?: number | undefined;
|
|
3267
|
+
partnerId?: string | undefined;
|
|
3268
|
+
}, {
|
|
3269
|
+
deviceId: string;
|
|
3270
|
+
amountKobo: number;
|
|
3271
|
+
installId: string;
|
|
3272
|
+
perTxCapKobo?: number | undefined;
|
|
3273
|
+
ttlMs?: number | undefined;
|
|
3274
|
+
partnerId?: string | undefined;
|
|
3275
|
+
}>;
|
|
3276
|
+
type ProvisionOfflineAllowanceInput = EnableOfflineInput;
|
|
3148
3277
|
declare const DisableOfflineInputSchema: z.ZodObject<{
|
|
3149
3278
|
deviceId: z.ZodString;
|
|
3150
3279
|
installId: z.ZodOptional<z.ZodString>;
|
|
@@ -3283,7 +3412,10 @@ declare const EnableOfflineResultSchema: z.ZodObject<{
|
|
|
3283
3412
|
issuerId: z.ZodString;
|
|
3284
3413
|
userId: z.ZodString;
|
|
3285
3414
|
deviceId: z.ZodString;
|
|
3286
|
-
|
|
3415
|
+
/** Always 'p256'. Field retained for forward-compat. */
|
|
3416
|
+
alg: z.ZodDefault<z.ZodLiteral<"p256">>;
|
|
3417
|
+
/** P-256 SubjectPublicKeyInfo DER, base64. */
|
|
3418
|
+
devicePubkeySpkiB64: z.ZodString;
|
|
3287
3419
|
perTxCapKobo: z.ZodNumber;
|
|
3288
3420
|
cumulativeCapKobo: z.ZodNumber;
|
|
3289
3421
|
currency: z.ZodString;
|
|
@@ -3302,8 +3434,9 @@ declare const EnableOfflineResultSchema: z.ZodObject<{
|
|
|
3302
3434
|
counterSeed: number;
|
|
3303
3435
|
issuedAtMs: number;
|
|
3304
3436
|
issuerId: string;
|
|
3437
|
+
alg: "p256";
|
|
3305
3438
|
oacId: string;
|
|
3306
|
-
|
|
3439
|
+
devicePubkeySpkiB64: string;
|
|
3307
3440
|
}, {
|
|
3308
3441
|
userId: string;
|
|
3309
3442
|
deviceId: string;
|
|
@@ -3316,10 +3449,13 @@ declare const EnableOfflineResultSchema: z.ZodObject<{
|
|
|
3316
3449
|
issuedAtMs: number;
|
|
3317
3450
|
issuerId: string;
|
|
3318
3451
|
oacId: string;
|
|
3319
|
-
|
|
3452
|
+
devicePubkeySpkiB64: string;
|
|
3453
|
+
alg?: "p256" | undefined;
|
|
3320
3454
|
}>;
|
|
3455
|
+
/** ASN.1 DER ECDSA P-256 issuer signature, base64. */
|
|
3321
3456
|
issuerSig: z.ZodString;
|
|
3322
|
-
|
|
3457
|
+
/** Issuer's P-256 public key as SubjectPublicKeyInfo DER, base64. */
|
|
3458
|
+
issuerPublicKeySpkiB64: z.ZodString;
|
|
3323
3459
|
} & {
|
|
3324
3460
|
currentOfflineSpentKobo: z.ZodNumber;
|
|
3325
3461
|
status: z.ZodEnum<["active", "superseded", "expired", "revoked", "disabling", "draining", "closed"]>;
|
|
@@ -3341,10 +3477,11 @@ declare const EnableOfflineResultSchema: z.ZodObject<{
|
|
|
3341
3477
|
counterSeed: number;
|
|
3342
3478
|
issuedAtMs: number;
|
|
3343
3479
|
issuerId: string;
|
|
3480
|
+
alg: "p256";
|
|
3344
3481
|
oacId: string;
|
|
3345
|
-
|
|
3482
|
+
devicePubkeySpkiB64: string;
|
|
3346
3483
|
};
|
|
3347
|
-
|
|
3484
|
+
issuerPublicKeySpkiB64: string;
|
|
3348
3485
|
currentOfflineSpentKobo: number;
|
|
3349
3486
|
supersededAtMs: number | null;
|
|
3350
3487
|
holdId?: string | null | undefined;
|
|
@@ -3364,9 +3501,10 @@ declare const EnableOfflineResultSchema: z.ZodObject<{
|
|
|
3364
3501
|
issuedAtMs: number;
|
|
3365
3502
|
issuerId: string;
|
|
3366
3503
|
oacId: string;
|
|
3367
|
-
|
|
3504
|
+
devicePubkeySpkiB64: string;
|
|
3505
|
+
alg?: "p256" | undefined;
|
|
3368
3506
|
};
|
|
3369
|
-
|
|
3507
|
+
issuerPublicKeySpkiB64: string;
|
|
3370
3508
|
currentOfflineSpentKobo: number;
|
|
3371
3509
|
supersededAtMs: number | null;
|
|
3372
3510
|
holdId?: string | null | undefined;
|
|
@@ -3387,10 +3525,11 @@ declare const EnableOfflineResultSchema: z.ZodObject<{
|
|
|
3387
3525
|
counterSeed: number;
|
|
3388
3526
|
issuedAtMs: number;
|
|
3389
3527
|
issuerId: string;
|
|
3528
|
+
alg: "p256";
|
|
3390
3529
|
oacId: string;
|
|
3391
|
-
|
|
3530
|
+
devicePubkeySpkiB64: string;
|
|
3392
3531
|
};
|
|
3393
|
-
|
|
3532
|
+
issuerPublicKeySpkiB64: string;
|
|
3394
3533
|
currentOfflineSpentKobo: number;
|
|
3395
3534
|
supersededAtMs: number | null;
|
|
3396
3535
|
holdId?: string | null | undefined;
|
|
@@ -3432,9 +3571,10 @@ declare const EnableOfflineResultSchema: z.ZodObject<{
|
|
|
3432
3571
|
issuedAtMs: number;
|
|
3433
3572
|
issuerId: string;
|
|
3434
3573
|
oacId: string;
|
|
3435
|
-
|
|
3574
|
+
devicePubkeySpkiB64: string;
|
|
3575
|
+
alg?: "p256" | undefined;
|
|
3436
3576
|
};
|
|
3437
|
-
|
|
3577
|
+
issuerPublicKeySpkiB64: string;
|
|
3438
3578
|
currentOfflineSpentKobo: number;
|
|
3439
3579
|
supersededAtMs: number | null;
|
|
3440
3580
|
holdId?: string | null | undefined;
|
|
@@ -3461,6 +3601,260 @@ declare const EnableOfflineResultSchema: z.ZodObject<{
|
|
|
3461
3601
|
};
|
|
3462
3602
|
}>;
|
|
3463
3603
|
type EnableOfflineResult = z.infer<typeof EnableOfflineResultSchema>;
|
|
3604
|
+
declare const ProvisionOfflineAllowanceResultSchema: z.ZodObject<{
|
|
3605
|
+
hold: z.ZodObject<{
|
|
3606
|
+
holdId: z.ZodString;
|
|
3607
|
+
userId: z.ZodString;
|
|
3608
|
+
deviceId: z.ZodString;
|
|
3609
|
+
partnerId: z.ZodString;
|
|
3610
|
+
adapterKind: z.ZodString;
|
|
3611
|
+
externalHoldRef: z.ZodNullable<z.ZodString>;
|
|
3612
|
+
amountKobo: z.ZodNumber;
|
|
3613
|
+
capturedKobo: z.ZodNumber;
|
|
3614
|
+
releasedKobo: z.ZodNumber;
|
|
3615
|
+
remainingKobo: z.ZodNumber;
|
|
3616
|
+
currency: z.ZodString;
|
|
3617
|
+
status: z.ZodEnum<["placing", "active", "disabling", "draining", "closed", "revoked", "failed"]>;
|
|
3618
|
+
installId: z.ZodNullable<z.ZodString>;
|
|
3619
|
+
drainDeadlineMs: z.ZodNumber;
|
|
3620
|
+
disableRequestedAtMs: z.ZodNullable<z.ZodNumber>;
|
|
3621
|
+
createdAtMs: z.ZodNumber;
|
|
3622
|
+
closedAtMs: z.ZodNullable<z.ZodNumber>;
|
|
3623
|
+
isTrusted: z.ZodOptional<z.ZodBoolean>;
|
|
3624
|
+
}, "strip", z.ZodTypeAny, {
|
|
3625
|
+
status: "active" | "closed" | "failed" | "revoked" | "disabling" | "draining" | "placing";
|
|
3626
|
+
userId: string;
|
|
3627
|
+
deviceId: string;
|
|
3628
|
+
currency: string;
|
|
3629
|
+
createdAtMs: number;
|
|
3630
|
+
amountKobo: number;
|
|
3631
|
+
holdId: string;
|
|
3632
|
+
installId: string | null;
|
|
3633
|
+
partnerId: string;
|
|
3634
|
+
adapterKind: string;
|
|
3635
|
+
externalHoldRef: string | null;
|
|
3636
|
+
capturedKobo: number;
|
|
3637
|
+
releasedKobo: number;
|
|
3638
|
+
remainingKobo: number;
|
|
3639
|
+
drainDeadlineMs: number;
|
|
3640
|
+
disableRequestedAtMs: number | null;
|
|
3641
|
+
closedAtMs: number | null;
|
|
3642
|
+
isTrusted?: boolean | undefined;
|
|
3643
|
+
}, {
|
|
3644
|
+
status: "active" | "closed" | "failed" | "revoked" | "disabling" | "draining" | "placing";
|
|
3645
|
+
userId: string;
|
|
3646
|
+
deviceId: string;
|
|
3647
|
+
currency: string;
|
|
3648
|
+
createdAtMs: number;
|
|
3649
|
+
amountKobo: number;
|
|
3650
|
+
holdId: string;
|
|
3651
|
+
installId: string | null;
|
|
3652
|
+
partnerId: string;
|
|
3653
|
+
adapterKind: string;
|
|
3654
|
+
externalHoldRef: string | null;
|
|
3655
|
+
capturedKobo: number;
|
|
3656
|
+
releasedKobo: number;
|
|
3657
|
+
remainingKobo: number;
|
|
3658
|
+
drainDeadlineMs: number;
|
|
3659
|
+
disableRequestedAtMs: number | null;
|
|
3660
|
+
closedAtMs: number | null;
|
|
3661
|
+
isTrusted?: boolean | undefined;
|
|
3662
|
+
}>;
|
|
3663
|
+
oac: z.ZodObject<{
|
|
3664
|
+
oac: z.ZodObject<{
|
|
3665
|
+
oacId: z.ZodString;
|
|
3666
|
+
issuerId: z.ZodString;
|
|
3667
|
+
userId: z.ZodString;
|
|
3668
|
+
deviceId: z.ZodString;
|
|
3669
|
+
/** Always 'p256'. Field retained for forward-compat. */
|
|
3670
|
+
alg: z.ZodDefault<z.ZodLiteral<"p256">>;
|
|
3671
|
+
/** P-256 SubjectPublicKeyInfo DER, base64. */
|
|
3672
|
+
devicePubkeySpkiB64: z.ZodString;
|
|
3673
|
+
perTxCapKobo: z.ZodNumber;
|
|
3674
|
+
cumulativeCapKobo: z.ZodNumber;
|
|
3675
|
+
currency: z.ZodString;
|
|
3676
|
+
validFromMs: z.ZodNumber;
|
|
3677
|
+
validUntilMs: z.ZodNumber;
|
|
3678
|
+
counterSeed: z.ZodNumber;
|
|
3679
|
+
issuedAtMs: z.ZodNumber;
|
|
3680
|
+
}, "strip", z.ZodTypeAny, {
|
|
3681
|
+
userId: string;
|
|
3682
|
+
deviceId: string;
|
|
3683
|
+
currency: string;
|
|
3684
|
+
perTxCapKobo: number;
|
|
3685
|
+
cumulativeCapKobo: number;
|
|
3686
|
+
validFromMs: number;
|
|
3687
|
+
validUntilMs: number;
|
|
3688
|
+
counterSeed: number;
|
|
3689
|
+
issuedAtMs: number;
|
|
3690
|
+
issuerId: string;
|
|
3691
|
+
alg: "p256";
|
|
3692
|
+
oacId: string;
|
|
3693
|
+
devicePubkeySpkiB64: string;
|
|
3694
|
+
}, {
|
|
3695
|
+
userId: string;
|
|
3696
|
+
deviceId: string;
|
|
3697
|
+
currency: string;
|
|
3698
|
+
perTxCapKobo: number;
|
|
3699
|
+
cumulativeCapKobo: number;
|
|
3700
|
+
validFromMs: number;
|
|
3701
|
+
validUntilMs: number;
|
|
3702
|
+
counterSeed: number;
|
|
3703
|
+
issuedAtMs: number;
|
|
3704
|
+
issuerId: string;
|
|
3705
|
+
oacId: string;
|
|
3706
|
+
devicePubkeySpkiB64: string;
|
|
3707
|
+
alg?: "p256" | undefined;
|
|
3708
|
+
}>;
|
|
3709
|
+
/** ASN.1 DER ECDSA P-256 issuer signature, base64. */
|
|
3710
|
+
issuerSig: z.ZodString;
|
|
3711
|
+
/** Issuer's P-256 public key as SubjectPublicKeyInfo DER, base64. */
|
|
3712
|
+
issuerPublicKeySpkiB64: z.ZodString;
|
|
3713
|
+
} & {
|
|
3714
|
+
currentOfflineSpentKobo: z.ZodNumber;
|
|
3715
|
+
status: z.ZodEnum<["active", "superseded", "expired", "revoked", "disabling", "draining", "closed"]>;
|
|
3716
|
+
supersededAtMs: z.ZodNullable<z.ZodNumber>;
|
|
3717
|
+
revokedAtMs: z.ZodNullable<z.ZodNumber>;
|
|
3718
|
+
holdId: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
3719
|
+
}, "strip", z.ZodTypeAny, {
|
|
3720
|
+
status: "active" | "closed" | "expired" | "revoked" | "superseded" | "disabling" | "draining";
|
|
3721
|
+
issuerSig: string;
|
|
3722
|
+
revokedAtMs: number | null;
|
|
3723
|
+
oac: {
|
|
3724
|
+
userId: string;
|
|
3725
|
+
deviceId: string;
|
|
3726
|
+
currency: string;
|
|
3727
|
+
perTxCapKobo: number;
|
|
3728
|
+
cumulativeCapKobo: number;
|
|
3729
|
+
validFromMs: number;
|
|
3730
|
+
validUntilMs: number;
|
|
3731
|
+
counterSeed: number;
|
|
3732
|
+
issuedAtMs: number;
|
|
3733
|
+
issuerId: string;
|
|
3734
|
+
alg: "p256";
|
|
3735
|
+
oacId: string;
|
|
3736
|
+
devicePubkeySpkiB64: string;
|
|
3737
|
+
};
|
|
3738
|
+
issuerPublicKeySpkiB64: string;
|
|
3739
|
+
currentOfflineSpentKobo: number;
|
|
3740
|
+
supersededAtMs: number | null;
|
|
3741
|
+
holdId?: string | null | undefined;
|
|
3742
|
+
}, {
|
|
3743
|
+
status: "active" | "closed" | "expired" | "revoked" | "superseded" | "disabling" | "draining";
|
|
3744
|
+
issuerSig: string;
|
|
3745
|
+
revokedAtMs: number | null;
|
|
3746
|
+
oac: {
|
|
3747
|
+
userId: string;
|
|
3748
|
+
deviceId: string;
|
|
3749
|
+
currency: string;
|
|
3750
|
+
perTxCapKobo: number;
|
|
3751
|
+
cumulativeCapKobo: number;
|
|
3752
|
+
validFromMs: number;
|
|
3753
|
+
validUntilMs: number;
|
|
3754
|
+
counterSeed: number;
|
|
3755
|
+
issuedAtMs: number;
|
|
3756
|
+
issuerId: string;
|
|
3757
|
+
oacId: string;
|
|
3758
|
+
devicePubkeySpkiB64: string;
|
|
3759
|
+
alg?: "p256" | undefined;
|
|
3760
|
+
};
|
|
3761
|
+
issuerPublicKeySpkiB64: string;
|
|
3762
|
+
currentOfflineSpentKobo: number;
|
|
3763
|
+
supersededAtMs: number | null;
|
|
3764
|
+
holdId?: string | null | undefined;
|
|
3765
|
+
}>;
|
|
3766
|
+
}, "strip", z.ZodTypeAny, {
|
|
3767
|
+
oac: {
|
|
3768
|
+
status: "active" | "closed" | "expired" | "revoked" | "superseded" | "disabling" | "draining";
|
|
3769
|
+
issuerSig: string;
|
|
3770
|
+
revokedAtMs: number | null;
|
|
3771
|
+
oac: {
|
|
3772
|
+
userId: string;
|
|
3773
|
+
deviceId: string;
|
|
3774
|
+
currency: string;
|
|
3775
|
+
perTxCapKobo: number;
|
|
3776
|
+
cumulativeCapKobo: number;
|
|
3777
|
+
validFromMs: number;
|
|
3778
|
+
validUntilMs: number;
|
|
3779
|
+
counterSeed: number;
|
|
3780
|
+
issuedAtMs: number;
|
|
3781
|
+
issuerId: string;
|
|
3782
|
+
alg: "p256";
|
|
3783
|
+
oacId: string;
|
|
3784
|
+
devicePubkeySpkiB64: string;
|
|
3785
|
+
};
|
|
3786
|
+
issuerPublicKeySpkiB64: string;
|
|
3787
|
+
currentOfflineSpentKobo: number;
|
|
3788
|
+
supersededAtMs: number | null;
|
|
3789
|
+
holdId?: string | null | undefined;
|
|
3790
|
+
};
|
|
3791
|
+
hold: {
|
|
3792
|
+
status: "active" | "closed" | "failed" | "revoked" | "disabling" | "draining" | "placing";
|
|
3793
|
+
userId: string;
|
|
3794
|
+
deviceId: string;
|
|
3795
|
+
currency: string;
|
|
3796
|
+
createdAtMs: number;
|
|
3797
|
+
amountKobo: number;
|
|
3798
|
+
holdId: string;
|
|
3799
|
+
installId: string | null;
|
|
3800
|
+
partnerId: string;
|
|
3801
|
+
adapterKind: string;
|
|
3802
|
+
externalHoldRef: string | null;
|
|
3803
|
+
capturedKobo: number;
|
|
3804
|
+
releasedKobo: number;
|
|
3805
|
+
remainingKobo: number;
|
|
3806
|
+
drainDeadlineMs: number;
|
|
3807
|
+
disableRequestedAtMs: number | null;
|
|
3808
|
+
closedAtMs: number | null;
|
|
3809
|
+
isTrusted?: boolean | undefined;
|
|
3810
|
+
};
|
|
3811
|
+
}, {
|
|
3812
|
+
oac: {
|
|
3813
|
+
status: "active" | "closed" | "expired" | "revoked" | "superseded" | "disabling" | "draining";
|
|
3814
|
+
issuerSig: string;
|
|
3815
|
+
revokedAtMs: number | null;
|
|
3816
|
+
oac: {
|
|
3817
|
+
userId: string;
|
|
3818
|
+
deviceId: string;
|
|
3819
|
+
currency: string;
|
|
3820
|
+
perTxCapKobo: number;
|
|
3821
|
+
cumulativeCapKobo: number;
|
|
3822
|
+
validFromMs: number;
|
|
3823
|
+
validUntilMs: number;
|
|
3824
|
+
counterSeed: number;
|
|
3825
|
+
issuedAtMs: number;
|
|
3826
|
+
issuerId: string;
|
|
3827
|
+
oacId: string;
|
|
3828
|
+
devicePubkeySpkiB64: string;
|
|
3829
|
+
alg?: "p256" | undefined;
|
|
3830
|
+
};
|
|
3831
|
+
issuerPublicKeySpkiB64: string;
|
|
3832
|
+
currentOfflineSpentKobo: number;
|
|
3833
|
+
supersededAtMs: number | null;
|
|
3834
|
+
holdId?: string | null | undefined;
|
|
3835
|
+
};
|
|
3836
|
+
hold: {
|
|
3837
|
+
status: "active" | "closed" | "failed" | "revoked" | "disabling" | "draining" | "placing";
|
|
3838
|
+
userId: string;
|
|
3839
|
+
deviceId: string;
|
|
3840
|
+
currency: string;
|
|
3841
|
+
createdAtMs: number;
|
|
3842
|
+
amountKobo: number;
|
|
3843
|
+
holdId: string;
|
|
3844
|
+
installId: string | null;
|
|
3845
|
+
partnerId: string;
|
|
3846
|
+
adapterKind: string;
|
|
3847
|
+
externalHoldRef: string | null;
|
|
3848
|
+
capturedKobo: number;
|
|
3849
|
+
releasedKobo: number;
|
|
3850
|
+
remainingKobo: number;
|
|
3851
|
+
drainDeadlineMs: number;
|
|
3852
|
+
disableRequestedAtMs: number | null;
|
|
3853
|
+
closedAtMs: number | null;
|
|
3854
|
+
isTrusted?: boolean | undefined;
|
|
3855
|
+
};
|
|
3856
|
+
}>;
|
|
3857
|
+
type ProvisionOfflineAllowanceResult = EnableOfflineResult;
|
|
3464
3858
|
declare const DisableOfflineResultSchema: z.ZodObject<{
|
|
3465
3859
|
hold: z.ZodObject<{
|
|
3466
3860
|
holdId: z.ZodString;
|
|
@@ -3635,7 +4029,10 @@ declare const OfflineStatusResultSchema: z.ZodObject<{
|
|
|
3635
4029
|
issuerId: z.ZodString;
|
|
3636
4030
|
userId: z.ZodString;
|
|
3637
4031
|
deviceId: z.ZodString;
|
|
3638
|
-
|
|
4032
|
+
/** Always 'p256'. Field retained for forward-compat. */
|
|
4033
|
+
alg: z.ZodDefault<z.ZodLiteral<"p256">>;
|
|
4034
|
+
/** P-256 SubjectPublicKeyInfo DER, base64. */
|
|
4035
|
+
devicePubkeySpkiB64: z.ZodString;
|
|
3639
4036
|
perTxCapKobo: z.ZodNumber;
|
|
3640
4037
|
cumulativeCapKobo: z.ZodNumber;
|
|
3641
4038
|
currency: z.ZodString;
|
|
@@ -3654,8 +4051,9 @@ declare const OfflineStatusResultSchema: z.ZodObject<{
|
|
|
3654
4051
|
counterSeed: number;
|
|
3655
4052
|
issuedAtMs: number;
|
|
3656
4053
|
issuerId: string;
|
|
4054
|
+
alg: "p256";
|
|
3657
4055
|
oacId: string;
|
|
3658
|
-
|
|
4056
|
+
devicePubkeySpkiB64: string;
|
|
3659
4057
|
}, {
|
|
3660
4058
|
userId: string;
|
|
3661
4059
|
deviceId: string;
|
|
@@ -3668,10 +4066,13 @@ declare const OfflineStatusResultSchema: z.ZodObject<{
|
|
|
3668
4066
|
issuedAtMs: number;
|
|
3669
4067
|
issuerId: string;
|
|
3670
4068
|
oacId: string;
|
|
3671
|
-
|
|
4069
|
+
devicePubkeySpkiB64: string;
|
|
4070
|
+
alg?: "p256" | undefined;
|
|
3672
4071
|
}>;
|
|
4072
|
+
/** ASN.1 DER ECDSA P-256 issuer signature, base64. */
|
|
3673
4073
|
issuerSig: z.ZodString;
|
|
3674
|
-
|
|
4074
|
+
/** Issuer's P-256 public key as SubjectPublicKeyInfo DER, base64. */
|
|
4075
|
+
issuerPublicKeySpkiB64: z.ZodString;
|
|
3675
4076
|
} & {
|
|
3676
4077
|
currentOfflineSpentKobo: z.ZodNumber;
|
|
3677
4078
|
status: z.ZodEnum<["active", "superseded", "expired", "revoked", "disabling", "draining", "closed"]>;
|
|
@@ -3693,10 +4094,11 @@ declare const OfflineStatusResultSchema: z.ZodObject<{
|
|
|
3693
4094
|
counterSeed: number;
|
|
3694
4095
|
issuedAtMs: number;
|
|
3695
4096
|
issuerId: string;
|
|
4097
|
+
alg: "p256";
|
|
3696
4098
|
oacId: string;
|
|
3697
|
-
|
|
4099
|
+
devicePubkeySpkiB64: string;
|
|
3698
4100
|
};
|
|
3699
|
-
|
|
4101
|
+
issuerPublicKeySpkiB64: string;
|
|
3700
4102
|
currentOfflineSpentKobo: number;
|
|
3701
4103
|
supersededAtMs: number | null;
|
|
3702
4104
|
holdId?: string | null | undefined;
|
|
@@ -3716,9 +4118,10 @@ declare const OfflineStatusResultSchema: z.ZodObject<{
|
|
|
3716
4118
|
issuedAtMs: number;
|
|
3717
4119
|
issuerId: string;
|
|
3718
4120
|
oacId: string;
|
|
3719
|
-
|
|
4121
|
+
devicePubkeySpkiB64: string;
|
|
4122
|
+
alg?: "p256" | undefined;
|
|
3720
4123
|
};
|
|
3721
|
-
|
|
4124
|
+
issuerPublicKeySpkiB64: string;
|
|
3722
4125
|
currentOfflineSpentKobo: number;
|
|
3723
4126
|
supersededAtMs: number | null;
|
|
3724
4127
|
holdId?: string | null | undefined;
|
|
@@ -3739,10 +4142,11 @@ declare const OfflineStatusResultSchema: z.ZodObject<{
|
|
|
3739
4142
|
counterSeed: number;
|
|
3740
4143
|
issuedAtMs: number;
|
|
3741
4144
|
issuerId: string;
|
|
4145
|
+
alg: "p256";
|
|
3742
4146
|
oacId: string;
|
|
3743
|
-
|
|
4147
|
+
devicePubkeySpkiB64: string;
|
|
3744
4148
|
};
|
|
3745
|
-
|
|
4149
|
+
issuerPublicKeySpkiB64: string;
|
|
3746
4150
|
currentOfflineSpentKobo: number;
|
|
3747
4151
|
supersededAtMs: number | null;
|
|
3748
4152
|
holdId?: string | null | undefined;
|
|
@@ -3784,9 +4188,10 @@ declare const OfflineStatusResultSchema: z.ZodObject<{
|
|
|
3784
4188
|
issuedAtMs: number;
|
|
3785
4189
|
issuerId: string;
|
|
3786
4190
|
oacId: string;
|
|
3787
|
-
|
|
4191
|
+
devicePubkeySpkiB64: string;
|
|
4192
|
+
alg?: "p256" | undefined;
|
|
3788
4193
|
};
|
|
3789
|
-
|
|
4194
|
+
issuerPublicKeySpkiB64: string;
|
|
3790
4195
|
currentOfflineSpentKobo: number;
|
|
3791
4196
|
supersededAtMs: number | null;
|
|
3792
4197
|
holdId?: string | null | undefined;
|
|
@@ -3820,7 +4225,10 @@ declare const OfflineStateResultSchema: z.ZodObject<{
|
|
|
3820
4225
|
issuerId: z.ZodString;
|
|
3821
4226
|
userId: z.ZodString;
|
|
3822
4227
|
deviceId: z.ZodString;
|
|
3823
|
-
|
|
4228
|
+
/** Always 'p256'. Field retained for forward-compat. */
|
|
4229
|
+
alg: z.ZodDefault<z.ZodLiteral<"p256">>;
|
|
4230
|
+
/** P-256 SubjectPublicKeyInfo DER, base64. */
|
|
4231
|
+
devicePubkeySpkiB64: z.ZodString;
|
|
3824
4232
|
perTxCapKobo: z.ZodNumber;
|
|
3825
4233
|
cumulativeCapKobo: z.ZodNumber;
|
|
3826
4234
|
currency: z.ZodString;
|
|
@@ -3839,8 +4247,9 @@ declare const OfflineStateResultSchema: z.ZodObject<{
|
|
|
3839
4247
|
counterSeed: number;
|
|
3840
4248
|
issuedAtMs: number;
|
|
3841
4249
|
issuerId: string;
|
|
4250
|
+
alg: "p256";
|
|
3842
4251
|
oacId: string;
|
|
3843
|
-
|
|
4252
|
+
devicePubkeySpkiB64: string;
|
|
3844
4253
|
}, {
|
|
3845
4254
|
userId: string;
|
|
3846
4255
|
deviceId: string;
|
|
@@ -3853,10 +4262,13 @@ declare const OfflineStateResultSchema: z.ZodObject<{
|
|
|
3853
4262
|
issuedAtMs: number;
|
|
3854
4263
|
issuerId: string;
|
|
3855
4264
|
oacId: string;
|
|
3856
|
-
|
|
4265
|
+
devicePubkeySpkiB64: string;
|
|
4266
|
+
alg?: "p256" | undefined;
|
|
3857
4267
|
}>;
|
|
4268
|
+
/** ASN.1 DER ECDSA P-256 issuer signature, base64. */
|
|
3858
4269
|
issuerSig: z.ZodString;
|
|
3859
|
-
|
|
4270
|
+
/** Issuer's P-256 public key as SubjectPublicKeyInfo DER, base64. */
|
|
4271
|
+
issuerPublicKeySpkiB64: z.ZodString;
|
|
3860
4272
|
} & {
|
|
3861
4273
|
currentOfflineSpentKobo: z.ZodNumber;
|
|
3862
4274
|
status: z.ZodEnum<["active", "superseded", "expired", "revoked", "disabling", "draining", "closed"]>;
|
|
@@ -3878,10 +4290,11 @@ declare const OfflineStateResultSchema: z.ZodObject<{
|
|
|
3878
4290
|
counterSeed: number;
|
|
3879
4291
|
issuedAtMs: number;
|
|
3880
4292
|
issuerId: string;
|
|
4293
|
+
alg: "p256";
|
|
3881
4294
|
oacId: string;
|
|
3882
|
-
|
|
4295
|
+
devicePubkeySpkiB64: string;
|
|
3883
4296
|
};
|
|
3884
|
-
|
|
4297
|
+
issuerPublicKeySpkiB64: string;
|
|
3885
4298
|
currentOfflineSpentKobo: number;
|
|
3886
4299
|
supersededAtMs: number | null;
|
|
3887
4300
|
holdId?: string | null | undefined;
|
|
@@ -3901,9 +4314,10 @@ declare const OfflineStateResultSchema: z.ZodObject<{
|
|
|
3901
4314
|
issuedAtMs: number;
|
|
3902
4315
|
issuerId: string;
|
|
3903
4316
|
oacId: string;
|
|
3904
|
-
|
|
4317
|
+
devicePubkeySpkiB64: string;
|
|
4318
|
+
alg?: "p256" | undefined;
|
|
3905
4319
|
};
|
|
3906
|
-
|
|
4320
|
+
issuerPublicKeySpkiB64: string;
|
|
3907
4321
|
currentOfflineSpentKobo: number;
|
|
3908
4322
|
supersededAtMs: number | null;
|
|
3909
4323
|
holdId?: string | null | undefined;
|
|
@@ -3924,10 +4338,11 @@ declare const OfflineStateResultSchema: z.ZodObject<{
|
|
|
3924
4338
|
counterSeed: number;
|
|
3925
4339
|
issuedAtMs: number;
|
|
3926
4340
|
issuerId: string;
|
|
4341
|
+
alg: "p256";
|
|
3927
4342
|
oacId: string;
|
|
3928
|
-
|
|
4343
|
+
devicePubkeySpkiB64: string;
|
|
3929
4344
|
};
|
|
3930
|
-
|
|
4345
|
+
issuerPublicKeySpkiB64: string;
|
|
3931
4346
|
currentOfflineSpentKobo: number;
|
|
3932
4347
|
supersededAtMs: number | null;
|
|
3933
4348
|
holdId?: string | null | undefined;
|
|
@@ -3949,9 +4364,10 @@ declare const OfflineStateResultSchema: z.ZodObject<{
|
|
|
3949
4364
|
issuedAtMs: number;
|
|
3950
4365
|
issuerId: string;
|
|
3951
4366
|
oacId: string;
|
|
3952
|
-
|
|
4367
|
+
devicePubkeySpkiB64: string;
|
|
4368
|
+
alg?: "p256" | undefined;
|
|
3953
4369
|
};
|
|
3954
|
-
|
|
4370
|
+
issuerPublicKeySpkiB64: string;
|
|
3955
4371
|
currentOfflineSpentKobo: number;
|
|
3956
4372
|
supersededAtMs: number | null;
|
|
3957
4373
|
holdId?: string | null | undefined;
|
|
@@ -3959,6 +4375,8 @@ declare const OfflineStateResultSchema: z.ZodObject<{
|
|
|
3959
4375
|
}>;
|
|
3960
4376
|
type OfflineStateResult = z.infer<typeof OfflineStateResultSchema>;
|
|
3961
4377
|
declare const ConsumerPaymentClaimSchema: z.ZodObject<{
|
|
4378
|
+
/** Always 'p256'. Retained for forward-compat and as an explicit domain marker. */
|
|
4379
|
+
alg: z.ZodDefault<z.ZodLiteral<"p256">>;
|
|
3962
4380
|
oacId: z.ZodString;
|
|
3963
4381
|
encounterId: z.ZodOptional<z.ZodString>;
|
|
3964
4382
|
payerUserId: z.ZodString;
|
|
@@ -3971,10 +4389,10 @@ declare const ConsumerPaymentClaimSchema: z.ZodObject<{
|
|
|
3971
4389
|
occurredAtMs: z.ZodNumber;
|
|
3972
4390
|
completedAtMs: z.ZodOptional<z.ZodNumber>;
|
|
3973
4391
|
contextId: z.ZodOptional<z.ZodString>;
|
|
3974
|
-
|
|
3975
|
-
|
|
3976
|
-
|
|
3977
|
-
|
|
4392
|
+
payerPubkeySpkiB64: z.ZodString;
|
|
4393
|
+
payerSignatureDerB64: z.ZodString;
|
|
4394
|
+
payeePubkeySpkiB64: z.ZodOptional<z.ZodString>;
|
|
4395
|
+
payeeSignatureDerB64: z.ZodOptional<z.ZodString>;
|
|
3978
4396
|
}, "strip", z.ZodTypeAny, {
|
|
3979
4397
|
currency: string;
|
|
3980
4398
|
amountKobo: number;
|
|
@@ -3983,15 +4401,16 @@ declare const ConsumerPaymentClaimSchema: z.ZodObject<{
|
|
|
3983
4401
|
payerNonce: string;
|
|
3984
4402
|
payeeNonce: string;
|
|
3985
4403
|
occurredAtMs: number;
|
|
3986
|
-
|
|
4404
|
+
alg: "p256";
|
|
3987
4405
|
oacId: string;
|
|
3988
4406
|
payerDeviceId: string;
|
|
3989
|
-
|
|
4407
|
+
payerPubkeySpkiB64: string;
|
|
4408
|
+
payerSignatureDerB64: string;
|
|
3990
4409
|
encounterId?: string | undefined;
|
|
3991
4410
|
completedAtMs?: number | undefined;
|
|
3992
4411
|
contextId?: string | undefined;
|
|
3993
|
-
|
|
3994
|
-
|
|
4412
|
+
payeePubkeySpkiB64?: string | undefined;
|
|
4413
|
+
payeeSignatureDerB64?: string | undefined;
|
|
3995
4414
|
}, {
|
|
3996
4415
|
amountKobo: number;
|
|
3997
4416
|
payerUserId: string;
|
|
@@ -3999,16 +4418,17 @@ declare const ConsumerPaymentClaimSchema: z.ZodObject<{
|
|
|
3999
4418
|
payerNonce: string;
|
|
4000
4419
|
payeeNonce: string;
|
|
4001
4420
|
occurredAtMs: number;
|
|
4002
|
-
payerSignature: string;
|
|
4003
4421
|
oacId: string;
|
|
4004
4422
|
payerDeviceId: string;
|
|
4005
|
-
|
|
4423
|
+
payerPubkeySpkiB64: string;
|
|
4424
|
+
payerSignatureDerB64: string;
|
|
4006
4425
|
currency?: string | undefined;
|
|
4007
4426
|
encounterId?: string | undefined;
|
|
4008
4427
|
completedAtMs?: number | undefined;
|
|
4009
4428
|
contextId?: string | undefined;
|
|
4010
|
-
|
|
4011
|
-
|
|
4429
|
+
alg?: "p256" | undefined;
|
|
4430
|
+
payeePubkeySpkiB64?: string | undefined;
|
|
4431
|
+
payeeSignatureDerB64?: string | undefined;
|
|
4012
4432
|
}>;
|
|
4013
4433
|
type ConsumerPaymentClaim = z.infer<typeof ConsumerPaymentClaimSchema>;
|
|
4014
4434
|
declare const ConsumerSettlementSchema: z.ZodObject<{
|
|
@@ -4023,6 +4443,7 @@ declare const ConsumerSettlementSchema: z.ZodObject<{
|
|
|
4023
4443
|
status: z.ZodEnum<["SETTLED", "REVIEW"]>;
|
|
4024
4444
|
reviewReason: z.ZodNullable<z.ZodString>;
|
|
4025
4445
|
ledgerRef: z.ZodNullable<z.ZodString>;
|
|
4446
|
+
/** ASN.1 DER ECDSA P-256 issuer signature, base64. */
|
|
4026
4447
|
issuerSig: z.ZodString;
|
|
4027
4448
|
createdAtMs: z.ZodNumber;
|
|
4028
4449
|
}, "strip", z.ZodTypeAny, {
|
|
@@ -4068,6 +4489,7 @@ declare const ConsumerSettleResultSchema: z.ZodObject<{
|
|
|
4068
4489
|
status: z.ZodEnum<["SETTLED", "REVIEW"]>;
|
|
4069
4490
|
reviewReason: z.ZodNullable<z.ZodString>;
|
|
4070
4491
|
ledgerRef: z.ZodNullable<z.ZodString>;
|
|
4492
|
+
/** ASN.1 DER ECDSA P-256 issuer signature, base64. */
|
|
4071
4493
|
issuerSig: z.ZodString;
|
|
4072
4494
|
createdAtMs: z.ZodNumber;
|
|
4073
4495
|
}, "strip", z.ZodTypeAny, {
|
|
@@ -4158,10 +4580,13 @@ type MeOfflineClientOptions = {
|
|
|
4158
4580
|
};
|
|
4159
4581
|
type MeOfflineClient = {
|
|
4160
4582
|
registerDeviceKey: (input: RegisterDeviceKeyInput) => Promise<DeviceKeyRecord>;
|
|
4583
|
+
issueP256EnrollmentChallenge: (input: P256EnrollmentChallengeInput) => Promise<P256EnrollmentChallengeResult>;
|
|
4584
|
+
registerDeviceKeyP256: (input: RegisterDeviceKeyP256Input) => Promise<DeviceKeyRecord>;
|
|
4161
4585
|
listDeviceKeys: () => Promise<{
|
|
4162
4586
|
items: DeviceKeyRecord[];
|
|
4163
4587
|
}>;
|
|
4164
4588
|
revokeDeviceKey: (input: RevokeDeviceKeyInput) => Promise<void>;
|
|
4589
|
+
provisionAllowance: (input: ProvisionOfflineAllowanceInput) => Promise<ProvisionOfflineAllowanceResult>;
|
|
4165
4590
|
enable: (input: EnableOfflineInput) => Promise<EnableOfflineResult>;
|
|
4166
4591
|
refresh: (input: IssueOACInput) => Promise<OACRecord>;
|
|
4167
4592
|
disable: (input: DisableOfflineInput) => Promise<DisableOfflineResult>;
|
|
@@ -4171,6 +4596,127 @@ type MeOfflineClient = {
|
|
|
4171
4596
|
};
|
|
4172
4597
|
declare function createMeOfflineClient(opts: MeOfflineClientOptions): MeOfflineClient;
|
|
4173
4598
|
|
|
4599
|
+
/**
|
|
4600
|
+
* Offline-claim signer abstraction for Flur.
|
|
4601
|
+
*
|
|
4602
|
+
* Why this exists:
|
|
4603
|
+
* - Mobile clients sign payment claims with a hardware-backed P-256 key
|
|
4604
|
+
* (iOS Secure Enclave / Android Keystore StrongBox). Native modules
|
|
4605
|
+
* implement that custody, not this file.
|
|
4606
|
+
* - Server-side partners, test harnesses, and custodied integrators need a
|
|
4607
|
+
* *software* P-256 signer with the same surface so the SDK contract is
|
|
4608
|
+
* uniform.
|
|
4609
|
+
* - Both producers and verifiers (consumer mobile, partner backend, Flur
|
|
4610
|
+
* backend) must agree byte-for-byte on what gets signed. That's the job
|
|
4611
|
+
* of `canonicalClaimSigningPayload` / `canonicalClaimSigningBytes`.
|
|
4612
|
+
*
|
|
4613
|
+
* Wire format (P-256, hardware-backed):
|
|
4614
|
+
* - Public key: SubjectPublicKeyInfo DER, base64. Same format the
|
|
4615
|
+
* Apple/Android native modules return.
|
|
4616
|
+
* - Signature: ASN.1 DER ECDSA(SHA-256) signature, base64.
|
|
4617
|
+
*
|
|
4618
|
+
* Domain separation:
|
|
4619
|
+
* - V2 payload binds `alg='p256'` and is tagged with `CLAIM_DOMAIN_V2`.
|
|
4620
|
+
* The legacy ed25519 V1 path has been removed; the migration to P-256
|
|
4621
|
+
* is final.
|
|
4622
|
+
*/
|
|
4623
|
+
/**
|
|
4624
|
+
* V2 canonical claim domain. Must match the backend's V2 verifier exactly.
|
|
4625
|
+
* Bumped from `flur:consumer-offline:v1:claim` so a payer's V2 hardware
|
|
4626
|
+
* signature is non-replayable against a legacy V1 verifier and vice-versa.
|
|
4627
|
+
*/
|
|
4628
|
+
declare const CLAIM_DOMAIN_V2: "flur:consumer-offline:v2:claim";
|
|
4629
|
+
type OfflineClaimAlgorithm = 'p256';
|
|
4630
|
+
/**
|
|
4631
|
+
* Inputs the SDK accepts to build canonical signing bytes.
|
|
4632
|
+
*
|
|
4633
|
+
* Optional fields default to `null` inside the canonical payload, so callers
|
|
4634
|
+
* that omit them still produce stable, deterministic bytes.
|
|
4635
|
+
*/
|
|
4636
|
+
interface CanonicalClaimInput {
|
|
4637
|
+
alg: OfflineClaimAlgorithm;
|
|
4638
|
+
oacId: string;
|
|
4639
|
+
payerUserId: string;
|
|
4640
|
+
payeeUserId: string;
|
|
4641
|
+
payerDeviceId: string;
|
|
4642
|
+
payerNonce: string;
|
|
4643
|
+
payeeNonce: string;
|
|
4644
|
+
amountKobo: number;
|
|
4645
|
+
currency: string;
|
|
4646
|
+
occurredAtMs: number;
|
|
4647
|
+
completedAtMs?: number | null;
|
|
4648
|
+
contextId?: string | null;
|
|
4649
|
+
}
|
|
4650
|
+
/** Public key + signature pair from a signer. */
|
|
4651
|
+
interface SignerPublicKey {
|
|
4652
|
+
alg: OfflineClaimAlgorithm;
|
|
4653
|
+
/** SubjectPublicKeyInfo DER, base64. */
|
|
4654
|
+
publicKey: string;
|
|
4655
|
+
}
|
|
4656
|
+
interface ClaimSignature {
|
|
4657
|
+
alg: OfflineClaimAlgorithm;
|
|
4658
|
+
/** ASN.1 DER ECDSA(SHA-256) signature, base64. */
|
|
4659
|
+
signature: string;
|
|
4660
|
+
}
|
|
4661
|
+
/** Abstract signer interface. Software and native impls both honour this. */
|
|
4662
|
+
interface OfflineClaimSigner {
|
|
4663
|
+
readonly alg: OfflineClaimAlgorithm;
|
|
4664
|
+
getPublicKey(): Promise<SignerPublicKey>;
|
|
4665
|
+
sign(bytes: Uint8Array): Promise<ClaimSignature>;
|
|
4666
|
+
}
|
|
4667
|
+
/**
|
|
4668
|
+
* The exact object that gets canonical-JSON-encoded and signed.
|
|
4669
|
+
*
|
|
4670
|
+
* Key ordering doesn't matter for the *output* because `canonicalJSONBytes`
|
|
4671
|
+
* sorts keys lexicographically — but the field SET and value normalization
|
|
4672
|
+
* must match the backend verifier byte-for-byte. Treat this function as the
|
|
4673
|
+
* cryptographic contract.
|
|
4674
|
+
*/
|
|
4675
|
+
declare function canonicalClaimSigningPayload(claim: CanonicalClaimInput): {
|
|
4676
|
+
domain: typeof CLAIM_DOMAIN_V2;
|
|
4677
|
+
alg: OfflineClaimAlgorithm;
|
|
4678
|
+
oacId: string;
|
|
4679
|
+
payerUserId: string;
|
|
4680
|
+
payeeUserId: string;
|
|
4681
|
+
payerDeviceId: string;
|
|
4682
|
+
payerNonce: string;
|
|
4683
|
+
payeeNonce: string;
|
|
4684
|
+
amountKobo: number;
|
|
4685
|
+
currency: string;
|
|
4686
|
+
occurredAtMs: number;
|
|
4687
|
+
completedAtMs: number | null;
|
|
4688
|
+
contextId: string | null;
|
|
4689
|
+
};
|
|
4690
|
+
/** Bytes the signer must operate on. */
|
|
4691
|
+
declare function canonicalClaimSigningBytes(claim: CanonicalClaimInput): Uint8Array;
|
|
4692
|
+
/**
|
|
4693
|
+
* Software P-256 signer. Useful for:
|
|
4694
|
+
* - test harnesses
|
|
4695
|
+
* - Node integrators that issue claims server-side (custodied wallets)
|
|
4696
|
+
* - simulators where Secure Enclave / StrongBox is unavailable
|
|
4697
|
+
*
|
|
4698
|
+
* The hardware-backed equivalent (mobile) implements the same interface
|
|
4699
|
+
* but defers key storage and signing to the OS secure element.
|
|
4700
|
+
*/
|
|
4701
|
+
declare function createSoftwareP256Signer(privateKey: Uint8Array): OfflineClaimSigner;
|
|
4702
|
+
interface VerifyClaimSignatureInput {
|
|
4703
|
+
alg: OfflineClaimAlgorithm;
|
|
4704
|
+
bytes: Uint8Array;
|
|
4705
|
+
signature: string;
|
|
4706
|
+
publicKey: string;
|
|
4707
|
+
}
|
|
4708
|
+
/**
|
|
4709
|
+
* Verifier the backend, partners, and self-checks all share. Returns a plain
|
|
4710
|
+
* boolean — callers should treat `false` and thrown errors uniformly as
|
|
4711
|
+
* "not authenticated".
|
|
4712
|
+
*/
|
|
4713
|
+
declare function verifyClaimSignature(input: VerifyClaimSignatureInput): boolean;
|
|
4714
|
+
|
|
4715
|
+
declare const OFFLINE_CLAIM_SMS_PREFIX: "FLURC1.";
|
|
4716
|
+
declare function encodeOfflineClaimSmsMessage(claim: ConsumerPaymentClaim): string;
|
|
4717
|
+
declare function decodeOfflineClaimSmsMessage(message: string): ConsumerPaymentClaim;
|
|
4718
|
+
declare function extractOfflineClaimSmsToken(message: string): string | null;
|
|
4719
|
+
|
|
4174
4720
|
/**
|
|
4175
4721
|
* Partner-funded wallet rails SDK.
|
|
4176
4722
|
*
|
|
@@ -4943,11 +5489,12 @@ declare function createPartnerProfileAdminClient(opts: PartnerProfileAdminClient
|
|
|
4943
5489
|
* data: <artifact body> // type-specific, validated by registered schema
|
|
4944
5490
|
* }
|
|
4945
5491
|
*
|
|
4946
|
-
* Signature:
|
|
5492
|
+
* Signature: P-256 ECDSA (SHA-256) over canonicalJSONBytes(body), ASN.1 DER, base64.
|
|
4947
5493
|
*
|
|
4948
5494
|
* Design notes:
|
|
4949
5495
|
* - URI scheme `flur://v1/...` is the single transport for all signed artifacts.
|
|
4950
|
-
* - Scanners route on the path segment; verifiers look up the issuer/kid public key
|
|
5496
|
+
* - Scanners route on the path segment; verifiers look up the issuer/kid public key
|
|
5497
|
+
* (SubjectPublicKeyInfo DER, base64) from the backend device-key registry.
|
|
4951
5498
|
* - Pure NIBSS NQR payments remain unchanged; this envelope rides separately.
|
|
4952
5499
|
*/
|
|
4953
5500
|
declare const FLUR_ARTIFACT_URI_SCHEME = "flur";
|
|
@@ -4984,6 +5531,7 @@ type ArtifactBody<T = unknown> = ArtifactHeader & {
|
|
|
4984
5531
|
};
|
|
4985
5532
|
type SignedArtifact<T = unknown> = {
|
|
4986
5533
|
body: ArtifactBody<T>;
|
|
5534
|
+
/** ASN.1 DER ECDSA P-256 signature, base64 (standard, not url-safe). */
|
|
4987
5535
|
sig: string;
|
|
4988
5536
|
};
|
|
4989
5537
|
declare class FlurArtifactError extends Error {
|
|
@@ -5007,6 +5555,7 @@ type DecodedArtifactUri = {
|
|
|
5007
5555
|
type: string;
|
|
5008
5556
|
bodyBytes: Uint8Array;
|
|
5009
5557
|
body: ArtifactBody;
|
|
5558
|
+
/** ASN.1 DER ECDSA P-256 signature, base64 (standard). */
|
|
5010
5559
|
sig: string;
|
|
5011
5560
|
};
|
|
5012
5561
|
declare function decodeArtifactUri(uri: string): DecodedArtifactUri;
|
|
@@ -5016,7 +5565,7 @@ type VerifyArtifactOptions = {
|
|
|
5016
5565
|
/** When true (default), reject artifacts whose `exp` is in the past. */
|
|
5017
5566
|
enforceExpiry?: boolean;
|
|
5018
5567
|
};
|
|
5019
|
-
declare function verifyArtifactSignature(decoded: DecodedArtifactUri,
|
|
5568
|
+
declare function verifyArtifactSignature(decoded: DecodedArtifactUri, publicKeySpkiB64: string, options?: VerifyArtifactOptions): boolean;
|
|
5020
5569
|
|
|
5021
5570
|
/**
|
|
5022
5571
|
* Registry of all Flur v1 signed artifact types.
|
|
@@ -5674,17 +6223,17 @@ declare const IdentityArtifactSchema: z.ZodObject<{
|
|
|
5674
6223
|
claimValueHash: z.ZodString;
|
|
5675
6224
|
attestedAtMs: z.ZodNumber;
|
|
5676
6225
|
}, "strip", z.ZodTypeAny, {
|
|
6226
|
+
attestedAtMs: number;
|
|
5677
6227
|
attestationId: string;
|
|
5678
6228
|
subjectId: string;
|
|
5679
6229
|
claimType: "phone_verified" | "email_verified" | "bvn_verified" | "kyc_tier" | "age_band";
|
|
5680
6230
|
claimValueHash: string;
|
|
5681
|
-
attestedAtMs: number;
|
|
5682
6231
|
}, {
|
|
6232
|
+
attestedAtMs: number;
|
|
5683
6233
|
attestationId: string;
|
|
5684
6234
|
subjectId: string;
|
|
5685
6235
|
claimType: "phone_verified" | "email_verified" | "bvn_verified" | "kyc_tier" | "age_band";
|
|
5686
6236
|
claimValueHash: string;
|
|
5687
|
-
attestedAtMs: number;
|
|
5688
6237
|
}>;
|
|
5689
6238
|
declare const ARTIFACT_BODY_SCHEMAS: {
|
|
5690
6239
|
readonly offline_payment_authorization: z.ZodObject<{
|
|
@@ -6314,17 +6863,17 @@ declare const ARTIFACT_BODY_SCHEMAS: {
|
|
|
6314
6863
|
claimValueHash: z.ZodString;
|
|
6315
6864
|
attestedAtMs: z.ZodNumber;
|
|
6316
6865
|
}, "strip", z.ZodTypeAny, {
|
|
6866
|
+
attestedAtMs: number;
|
|
6317
6867
|
attestationId: string;
|
|
6318
6868
|
subjectId: string;
|
|
6319
6869
|
claimType: "phone_verified" | "email_verified" | "bvn_verified" | "kyc_tier" | "age_band";
|
|
6320
6870
|
claimValueHash: string;
|
|
6321
|
-
attestedAtMs: number;
|
|
6322
6871
|
}, {
|
|
6872
|
+
attestedAtMs: number;
|
|
6323
6873
|
attestationId: string;
|
|
6324
6874
|
subjectId: string;
|
|
6325
6875
|
claimType: "phone_verified" | "email_verified" | "bvn_verified" | "kyc_tier" | "age_band";
|
|
6326
6876
|
claimValueHash: string;
|
|
6327
|
-
attestedAtMs: number;
|
|
6328
6877
|
}>;
|
|
6329
6878
|
};
|
|
6330
6879
|
/** Artifact types whose body schema is fully specified and safe to dispatch. */
|
|
@@ -6364,14 +6913,14 @@ type VerifiedArtifact<T = unknown> = {
|
|
|
6364
6913
|
*
|
|
6365
6914
|
* - Parses the URI and envelope header.
|
|
6366
6915
|
* - Validates the body against the registered Zod schema.
|
|
6367
|
-
* - Verifies the
|
|
6916
|
+
* - Verifies the P-256 ECDSA(SHA-256) DER signature against the supplied public key.
|
|
6368
6917
|
* - Enforces expiry unless `options.enforceExpiry === false`.
|
|
6369
6918
|
*
|
|
6370
6919
|
* The caller is responsible for resolving the public key from (issuer, kid)
|
|
6371
6920
|
* against the backend device-key registry, and for enforcing nonce uniqueness
|
|
6372
6921
|
* via the artifact_nonces store.
|
|
6373
6922
|
*/
|
|
6374
|
-
declare function verifyArtifactUri<T = unknown>(uri: string,
|
|
6923
|
+
declare function verifyArtifactUri<T = unknown>(uri: string, publicKeySpkiB64: string, options?: VerifyArtifactOptions): VerifiedArtifact<T>;
|
|
6375
6924
|
declare function createReceiptArtifactUri(input: {
|
|
6376
6925
|
issuer: string;
|
|
6377
6926
|
keyId: string;
|
|
@@ -6444,4 +6993,4 @@ declare function createOfflinePaymentAuthorizationArtifactUri(input: {
|
|
|
6444
6993
|
}>;
|
|
6445
6994
|
};
|
|
6446
6995
|
|
|
6447
|
-
export { ACCOUNT_STATUSES, ACCOUNT_TYPES, ADDITIONAL_DATA_SUBFIELD, ARTIFACT_BODY_SCHEMAS, ARTIFACT_TYPES, type Account, type AccountActivityItem, type AccountMembership, AccountMembershipSchema, AccountSchema, type AccountStatus, type AccountSummaryResponse, type AccountType, type AccountsClient, type AccountsClientOptions, type AddMemberInput, type AdditionalData, type ApiCredentialPublic, ApiCredentialPublicSchema, type ApiCredentialsAdminClient, type ArtifactBody, type ArtifactHeader, ArtifactHeaderSchema, type ArtifactType, type AtomicRedeemReceiptInput, type AtomicRedeemResponse, type AuthLogoutInput, type AuthRefreshInput, type AuthRefreshResponse, type AuthorizeSendWithBiometricInput, type AuthorizedOptions, type BiometricSigner, type BuildPassInput, type BuildReceiptInput, type BuildRedemptionInput, COLLECTION_INTENT_STATUSES, COLLECTION_PAYMENT_STATUSES, CUSTODIAL_MODES, type CashNamespace, type CollectionIntent, CollectionIntentSchema, type CollectionPayment, type CollectionPaymentResult, CollectionPaymentResultSchema, CollectionPaymentSchema, type CollectionReportSummary, CollectionReportSummarySchema, type CollectionStatement, CollectionStatementSchema, type CollectionsClient, type CollectionsClientOptions, type ConsumerCollectionsClient, type ConsumerOAC, type OACRecord as ConsumerOACRecord, OACRecordSchema as ConsumerOACRecordSchema, ConsumerOACSchema, type ConsumerPaymentClaim, ConsumerPaymentClaimSchema, type ConsumerSettleResult, ConsumerSettleResultSchema, type ConsumerSettlement, ConsumerSettlementSchema, type ConsumerWithdrawalsClient, type ConsumerWithdrawalsClientOptions, type CreateBusinessAccountInput, type CreateCollectionIntentInput, CreateCollectionIntentInputSchema, type CreatePayLinkResponse, type CreatePayoutDestinationInput, CreatePayoutDestinationInputSchema, type CreatePayoutInput, CreatePayoutInputSchema, type CreateTransferOptions, type CreateWithdrawalInput, CreateWithdrawalInputSchema, type CreateWithdrawalResult, CreateWithdrawalResultSchema, type CustodialMode, type DecodedArtifactUri, type DeviceKeyRecord, DeviceKeyRecordSchema, type DeviceTrustState, type DisableOfflineInput, DisableOfflineInputSchema, type DisableOfflineResult, DisableOfflineResultSchema, type
|
|
6996
|
+
export { ACCOUNT_STATUSES, ACCOUNT_TYPES, ADDITIONAL_DATA_SUBFIELD, ARTIFACT_BODY_SCHEMAS, ARTIFACT_TYPES, type Account, type AccountActivityItem, type AccountMembership, AccountMembershipSchema, AccountSchema, type AccountStatus, type AccountSummaryResponse, type AccountType, type AccountsClient, type AccountsClientOptions, type AddMemberInput, type AdditionalData, type ApiCredentialPublic, ApiCredentialPublicSchema, type ApiCredentialsAdminClient, type ArtifactBody, type ArtifactHeader, ArtifactHeaderSchema, type ArtifactType, type AtomicRedeemReceiptInput, type AtomicRedeemResponse, type AttestationSecurityLevel, AttestationSecurityLevelSchema, type AuthLogoutInput, type AuthRefreshInput, type AuthRefreshResponse, type AuthorizeSendWithBiometricInput, type AuthorizedOptions, type BiometricSigner, type BuildPassInput, type BuildReceiptInput, type BuildRedemptionInput, CLAIM_DOMAIN_V2, COLLECTION_INTENT_STATUSES, COLLECTION_PAYMENT_STATUSES, CUSTODIAL_MODES, type CanonicalClaimInput, type CashNamespace, type ClaimSignature, type CollectionIntent, CollectionIntentSchema, type CollectionPayment, type CollectionPaymentResult, CollectionPaymentResultSchema, CollectionPaymentSchema, type CollectionReportSummary, CollectionReportSummarySchema, type CollectionStatement, CollectionStatementSchema, type CollectionsClient, type CollectionsClientOptions, type ConsumerCollectionsClient, type ConsumerOAC, type OACRecord as ConsumerOACRecord, OACRecordSchema as ConsumerOACRecordSchema, ConsumerOACSchema, type ConsumerPaymentClaim, ConsumerPaymentClaimSchema, type ConsumerSettleResult, ConsumerSettleResultSchema, type ConsumerSettlement, ConsumerSettlementSchema, type ConsumerWithdrawalsClient, type ConsumerWithdrawalsClientOptions, type CreateBusinessAccountInput, type CreateCollectionIntentInput, CreateCollectionIntentInputSchema, type CreatePayLinkResponse, type CreatePayoutDestinationInput, CreatePayoutDestinationInputSchema, type CreatePayoutInput, CreatePayoutInputSchema, type CreateTransferOptions, type CreateWithdrawalInput, CreateWithdrawalInputSchema, type CreateWithdrawalResult, CreateWithdrawalResultSchema, type CustodialMode, type DecodedArtifactUri, type DeviceKeyAlg, DeviceKeyAlgSchema, type DeviceKeyRecord, DeviceKeyRecordSchema, type DeviceTrustState, type DisableOfflineInput, DisableOfflineInputSchema, type DisableOfflineResult, DisableOfflineResultSchema, type EnableOfflineInput, EnableOfflineInputSchema, type EnableOfflineResult, EnableOfflineResultSchema, FIELD, FLUR_ARTIFACT_URI_PREFIX, FLUR_ARTIFACT_URI_SCHEME, FLUR_ARTIFACT_VERSION, FlurApiError, FlurArtifactError, FlurCapExceededError, FlurClient, type FlurClientOptions, FlurError, type FlurErrorCode, FlurExpiredError, type FlurHandle, type FlurInitOptions, type FlurOfflineSettlementsClient, type FlurPartnerClient, type FlurPaymentEvent, FlurReplayError, HARDENED_ARTIFACT_TYPES, type HmacFetchOptions, IdentityArtifactSchema, type IngestFundingResult, IngestFundingResultSchema, type IssueOACInput, IssueOACInputSchema, type IssueOfflineTokenInput, type IssuePassInput, type IssueReceiptInput, LedgerJournalEntryArtifactSchema, type ListPassesInput, type ListPassesResponse, type ListPayoutDestinationsResult, ListPayoutDestinationsResultSchema, type ListReceiptsInput, type ListReceiptsResponse, type ListTransactionsOptions, MEMBERSHIP_ROLES, MERCHANT_PAYOUT_STATUSES, MERCHANT_PROFILE_STATUSES, type MeOfflineClient, type MeOfflineClientOptions, type MembershipRole, type MerchantAccountInfo, type MerchantPayout, MerchantPayoutSchema, type MerchantProfile, MerchantProfileSchema, type MintedApiCredential, MintedApiCredentialSchema, type Money, NGN_CURRENCY_CODE, NG_COUNTRY_CODE, NQRParseError, type NQRPayloadInput, NqrPaymentRequestArtifactSchema, type OAC, OACSchema, OAC_DEFAULT_CUMULATIVE_KOBO, OAC_DEFAULT_PER_TX_KOBO, OAC_DEFAULT_VALIDITY_MS, OFFLINE_CLAIM_SMS_PREFIX, type OfflineClaimAlgorithm, OfflineClaimArtifactSchema, type OfflineClaimSigner, type OfflineHoldRecord, OfflineHoldRecordSchema, type OfflinePaymentAuthorization, type OfflinePaymentAuthorizationArtifact, OfflinePaymentAuthorizationArtifactSchema, OfflinePaymentAuthorizationSchema, type OfflinePaymentRequest, OfflinePaymentRequestSchema, type OfflineStateResult, OfflineStateResultSchema, type OfflineStatusResult, OfflineStatusResultSchema, type OfflineToken, OfflineTokenSchema, type OnboardingCompleteInput, type OnboardingCompleteResponse, type OnboardingFallback, type OnboardingRiskReason, type OnboardingStartInput, type OnboardingStartResponse, type P256EnrollmentChallengeInput, P256EnrollmentChallengeInputSchema, type P256EnrollmentChallengeResult, P256EnrollmentChallengeResultSchema, PARTNER_FUNDING_DIRECTIONS, PARTNER_FUNDING_STATUSES, PARTNER_KINDS, PARTNER_PROFILE_STATUSES, PARTNER_SCOPES, PASS_KINDS, PASS_STATES, PAYLOAD_FORMAT_INDICATOR_VALUE, PAYOUT_DESTINATION_STATUSES, POINT_OF_INITIATION, type ParsedNQR, type PartnerClientOptions, type PartnerCollectionsClient, type PartnerFunding, type PartnerFundingClient, type PartnerFundingDirection, type PartnerFundingEventInput, PartnerFundingEventInputSchema, PartnerFundingSchema, type PartnerFundingStatus, type PartnerKind, type PartnerProfile, type PartnerProfileAdminClient, type PartnerProfileAdminClientOptions, PartnerProfileSchema, type PartnerProfileStatus, type PartnerScope, type PartnerSignResult, type Pass, PassArtifactSchema, type PassKind, type PassMetadata, PassMetadataSchema, PassSchema, type PassState, type PassesClient, type PassesClientOptions, type PayCollectionInput, PayCollectionInputSchema, type PayCollectionOptions, type PayCollectionResponse, type PaymentClaim, PaymentClaimSchema, PaymentIntentArtifactSchema, type PayoutDestination, PayoutDestinationSchema, type PayoutDestinationStatus, type PayoutEventInput, PayoutEventInputSchema, type PinSetInput, type PinVerifyInput, type ProviderEventInput, ProviderEventInputSchema, type ProviderEventRecord, ProviderEventRecordSchema, type ProvisionOfflineAllowanceInput, ProvisionOfflineAllowanceInputSchema, type ProvisionOfflineAllowanceResult, ProvisionOfflineAllowanceResultSchema, type PublicCollectionIntent, PublicCollectionIntentSchema, type PushPlatform, type PushRegisterInput, RECEIPT_CHANNELS, RECEIPT_KINDS, REPLAY_WINDOW_MS, type Receipt, type ReceiptArtifact, ReceiptArtifactSchema, type ReceiptChannel, type ReceiptKind, type ReceiptPayload, ReceiptPayloadSchema, ReceiptSchema, type ReceiptsClient, type ReceiptsClientOptions, type RecipientResolveInput, type RecipientResolveResponse, type ReconciliationReport, ReconciliationReportSchema, type RecordPayoutEventResult, RecordPayoutEventResultSchema, type RedeemPassResponse, type Redemption, RedemptionSchema, type RegisterDeviceInput, type RegisterDeviceKeyInput, RegisterDeviceKeyInputSchema, type RegisterDeviceKeyP256Input, RegisterDeviceKeyP256InputSchema, type RegisterDeviceResponse, type RegisterSendDeviceKeyInput, type ResolveCollectionOptions, type ResolveCollectionResponse, type ResolvePayLinkResponse, ReversalRecordArtifactSchema, RevokeDeviceKeyInputSchema, type RevokePassInput, type RoutingHint, SETTLEMENT_SCHEDULES, type SendChallengeInput, type SendChallengeResponse, type SendMoneyInput, type SendMoneyOptions, type SendVerifyInput, type SendVerifyResponse, type SettleResponse, SettleResponseSchema, type Settlement, SettlementRecordArtifactSchema, SettlementSchema, type SignedArtifact, type SignedConsumerOAC, SignedConsumerOACSchema, type SignerPublicKey, StatementArtifactSchema, type SubscribeOptions, type TLVField, type TransactionDetailResponse, type TransactionDirection, type TransactionsListResponse, type TransferInput, type TransferResponse, type TransferStatus, type UnsignedOAC, type UnsignedOfflinePaymentAuthorization, type UnsignedOfflinePaymentRequest, type UnsignedPass, type UnsignedReceipt, type UnsignedRedemption, type UpsertMerchantProfileInput, UpsertMerchantProfileInputSchema, type UpsertPartnerProfileInput, UpsertPartnerProfileInputSchema, type VerifiedArtifact, type VerifyArtifactOptions, type VerifyClaimSignatureInput, WITHDRAWAL_STATES, type Withdrawal, WithdrawalSchema, type WithdrawalState, base64UrlDecode, base64UrlEncode, bodySha256Hex, buildArtifactBody, buildAuthorization, buildOAC, buildPass, buildPaymentRequest, buildReceipt, buildRedemption, canonicalClaimSigningBytes, canonicalClaimSigningPayload, canonicalJSONBytes, canonicalJSONStringify, canonicalRequestString, computeEncounterId, constantTimeEqual, crc16ccitt, crc16ccittHex, createAccountsClient, createApiCredentialsAdminClient, createArtifactUri, createCollectionsClient, createConsumerCollectionsClient, createConsumerWithdrawalsClient, createFlurPartnerClient, createHmacFetch, createMeOfflineClient, createOfflinePaymentAuthorizationArtifactUri, createOfflineSettlementsClient, createPartnerCollectionsClient, createPartnerFundingClient, createPartnerProfileAdminClient, createPassesClient, createReceiptArtifactUri, createReceiptsClient, createSoftwareP256Signer, decodeArtifactUri, decodeAuthorizationQR, decodeBase45, decodeOfflineClaimSmsMessage, decodePaymentRequestQR, encodeArtifactUri, encodeAuthorizationQR, encodeBase45, encodeNQR, encodeOfflineClaimSmsMessage, encodePaymentRequestQR, extractOfflineClaimSmsToken, formatAmount, generateDynamicQR, generateStaticQR, init, isHardenedArtifactType, isKnownArtifactType, isPassWithinValidity, moneyMinorToNumber, normalizeE164, parseAmountInput, parseNQR, parseQR, readTLV, routingHint, signArtifact, signAuthorization, signOAC, signPartnerRequest, signPass, signPaymentRequest, signReceipt, signRedemption, signRequestHMAC, verifyArtifactSignature, verifyArtifactUri, verifyAuthorization, verifyClaimSignature, verifyOAC, verifyPass, verifyPaymentRequest, verifyReceipt, verifyRedemption, verifyRequestHMAC, writeTLV };
|