@nokinc-flur/sdk 1.1.3 → 1.1.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.cjs +294 -235
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.cts +233 -498
- package/dist/index.d.ts +233 -498
- package/dist/index.js +292 -230
- package/dist/index.js.map +1 -1
- package/package.json +1 -1
package/dist/index.d.cts
CHANGED
|
@@ -1245,20 +1245,19 @@ declare function canonicalJSONBytes(value: unknown): Uint8Array;
|
|
|
1245
1245
|
*/
|
|
1246
1246
|
declare function constantTimeEqual(a: Uint8Array, b: Uint8Array): boolean;
|
|
1247
1247
|
|
|
1248
|
-
type Ed25519KeyPair = {
|
|
1249
|
-
privateKey: Uint8Array;
|
|
1250
|
-
publicKey: Uint8Array;
|
|
1251
|
-
};
|
|
1252
|
-
declare function generateKeyPair(): Ed25519KeyPair;
|
|
1253
|
-
declare function publicKeyFromPrivate(privateKey: Uint8Array): Uint8Array;
|
|
1254
|
-
declare function sign(message: Uint8Array, privateKey: Uint8Array): Uint8Array;
|
|
1255
|
-
declare function verify(message: Uint8Array, signature: Uint8Array, publicKey: Uint8Array): boolean;
|
|
1256
1248
|
/**
|
|
1257
|
-
*
|
|
1258
|
-
*
|
|
1249
|
+
* Offline Authorization Certificate (OAC) — P-256 edition (Stage 2c).
|
|
1250
|
+
*
|
|
1251
|
+
* Previous wire format used raw 32-byte Ed25519 hex device keys and 64-byte
|
|
1252
|
+
* hex Ed25519 signatures. The cutover keeps the JSON field names but moves
|
|
1253
|
+
* to base64:
|
|
1254
|
+
* - `devicePublicKey` : SubjectPublicKeyInfo DER, base64 (P-256, ~124 chars).
|
|
1255
|
+
* - `issuerSig` : ASN.1 DER ECDSA(SHA-256) signature, base64 (~96 chars).
|
|
1256
|
+
*
|
|
1257
|
+
* `issuerPrivateKey` is a raw 32-byte P-256 scalar (Uint8Array) — same shape as
|
|
1258
|
+
* the SDK's other P-256 helpers. `issuerPublicKey` (for verification) is now a
|
|
1259
|
+
* base64 SPKI DER string, matching the rest of the migrated SDK surface.
|
|
1259
1260
|
*/
|
|
1260
|
-
declare function signCanonical(value: unknown, privateKey: Uint8Array): Uint8Array;
|
|
1261
|
-
declare function verifyCanonical(value: unknown, signature: Uint8Array, publicKey: Uint8Array): boolean;
|
|
1262
1261
|
|
|
1263
1262
|
declare const OAC_DEFAULT_PER_TX_KOBO = 500000;
|
|
1264
1263
|
declare const OAC_DEFAULT_CUMULATIVE_KOBO = 2000000;
|
|
@@ -1266,6 +1265,7 @@ declare const OAC_DEFAULT_VALIDITY_MS: number;
|
|
|
1266
1265
|
declare const OACSchema: z.ZodEffects<z.ZodEffects<z.ZodObject<{
|
|
1267
1266
|
userId: z.ZodString;
|
|
1268
1267
|
deviceId: z.ZodString;
|
|
1268
|
+
/** SubjectPublicKeyInfo DER, base64 (P-256). */
|
|
1269
1269
|
devicePublicKey: z.ZodString;
|
|
1270
1270
|
perTxCapKobo: z.ZodNumber;
|
|
1271
1271
|
cumulativeCapKobo: z.ZodNumber;
|
|
@@ -1273,6 +1273,7 @@ declare const OACSchema: z.ZodEffects<z.ZodEffects<z.ZodObject<{
|
|
|
1273
1273
|
validUntilMs: z.ZodNumber;
|
|
1274
1274
|
counterSeed: z.ZodNumber;
|
|
1275
1275
|
nonce: z.ZodString;
|
|
1276
|
+
/** ASN.1 DER ECDSA(SHA-256) signature, base64. */
|
|
1276
1277
|
issuerSig: z.ZodString;
|
|
1277
1278
|
}, "strip", z.ZodTypeAny, {
|
|
1278
1279
|
userId: string;
|
|
@@ -1346,7 +1347,8 @@ type UnsignedOAC = Omit<OAC, 'issuerSig'>;
|
|
|
1346
1347
|
declare function buildOAC(input: {
|
|
1347
1348
|
userId: string;
|
|
1348
1349
|
deviceId: string;
|
|
1349
|
-
|
|
1350
|
+
/** SPKI DER base64 string (P-256). */
|
|
1351
|
+
devicePublicKey: string;
|
|
1350
1352
|
perTxCapKobo?: number;
|
|
1351
1353
|
cumulativeCapKobo?: number;
|
|
1352
1354
|
validFromMs: number;
|
|
@@ -1355,11 +1357,25 @@ declare function buildOAC(input: {
|
|
|
1355
1357
|
nonce: string;
|
|
1356
1358
|
}): UnsignedOAC;
|
|
1357
1359
|
declare function signOAC(unsigned: UnsignedOAC, issuerPrivateKey: Uint8Array): OAC;
|
|
1358
|
-
declare function verifyOAC(oac: OAC,
|
|
1360
|
+
declare function verifyOAC(oac: OAC, issuerPublicKeySpkiB64: string): boolean;
|
|
1359
1361
|
|
|
1360
1362
|
declare function encodeBase45(bytes: Uint8Array): string;
|
|
1361
1363
|
declare function decodeBase45(s: string): Uint8Array;
|
|
1362
1364
|
|
|
1365
|
+
/**
|
|
1366
|
+
* Offline payment messages — P-256 edition (Stage 2c).
|
|
1367
|
+
*
|
|
1368
|
+
* Wire-shape change vs. the previous Ed25519 hex format:
|
|
1369
|
+
* - `merchantSig`, `payerSig` : ASN.1 DER ECDSA(SHA-256) signature, base64.
|
|
1370
|
+
* - device signing keys are passed as raw 32-byte P-256 scalars (Uint8Array);
|
|
1371
|
+
* issuer-side verification arguments use SPKI DER base64 strings.
|
|
1372
|
+
*
|
|
1373
|
+
* Note: `verifyPaymentRequest` and `verifyAuthorization` take the *issuer*
|
|
1374
|
+
* public key (SPKI b64) — they re-verify the merchant/payer OAC against the
|
|
1375
|
+
* issuer, then verify the merchant/payer signature against the device key
|
|
1376
|
+
* embedded in their OAC.
|
|
1377
|
+
*/
|
|
1378
|
+
|
|
1363
1379
|
declare const OfflinePaymentRequestSchema: z.ZodObject<{
|
|
1364
1380
|
reference: z.ZodString;
|
|
1365
1381
|
amountKobo: z.ZodNumber;
|
|
@@ -1755,14 +1771,14 @@ declare function buildPaymentRequest(input: {
|
|
|
1755
1771
|
expiresAtMs: number;
|
|
1756
1772
|
}): UnsignedOfflinePaymentRequest;
|
|
1757
1773
|
declare function signPaymentRequest(unsigned: UnsignedOfflinePaymentRequest, merchantDevicePrivateKey: Uint8Array): OfflinePaymentRequest;
|
|
1758
|
-
declare function verifyPaymentRequest(req: OfflinePaymentRequest,
|
|
1774
|
+
declare function verifyPaymentRequest(req: OfflinePaymentRequest, issuerPublicKeySpkiB64: string): boolean;
|
|
1759
1775
|
declare function buildAuthorization(input: {
|
|
1760
1776
|
request: OfflinePaymentRequest;
|
|
1761
1777
|
payerOAC: OAC;
|
|
1762
1778
|
payerCounter: number;
|
|
1763
1779
|
}): UnsignedOfflinePaymentAuthorization;
|
|
1764
1780
|
declare function signAuthorization(unsigned: UnsignedOfflinePaymentAuthorization, payerDevicePrivateKey: Uint8Array): OfflinePaymentAuthorization;
|
|
1765
|
-
declare function verifyAuthorization(auth: OfflinePaymentAuthorization,
|
|
1781
|
+
declare function verifyAuthorization(auth: OfflinePaymentAuthorization, issuerPublicKeySpkiB64: string): boolean;
|
|
1766
1782
|
declare function encodePaymentRequestQR(req: OfflinePaymentRequest): string;
|
|
1767
1783
|
declare function decodePaymentRequestQR(s: string): OfflinePaymentRequest;
|
|
1768
1784
|
declare function encodeAuthorizationQR(auth: OfflinePaymentAuthorization): string;
|
|
@@ -2208,8 +2224,8 @@ declare const PassSchema: z.ZodEffects<z.ZodObject<{
|
|
|
2208
2224
|
nonce: z.ZodString;
|
|
2209
2225
|
/** Device id this pass is bound to (FK to backend `device_keys`). */
|
|
2210
2226
|
holderDeviceId: z.ZodString;
|
|
2211
|
-
/**
|
|
2212
|
-
* is verified against this key — it is the security-critical binding. */
|
|
2227
|
+
/** SubjectPublicKeyInfo DER (P-256) of the bound device, base64. The redemption
|
|
2228
|
+
* signature is verified against this key — it is the security-critical binding. */
|
|
2213
2229
|
holderDevicePubkey: z.ZodString;
|
|
2214
2230
|
/** Optional fixed amount for monetary passes (vouchers, gift cards) in kobo. */
|
|
2215
2231
|
amountKobo: z.ZodOptional<z.ZodNumber>;
|
|
@@ -2219,6 +2235,7 @@ declare const PassSchema: z.ZodEffects<z.ZodObject<{
|
|
|
2219
2235
|
counterSeed: z.ZodNumber;
|
|
2220
2236
|
/** Optional cumulative spend cap in kobo across all redemptions of this pass. */
|
|
2221
2237
|
cumulativeCapKobo: z.ZodOptional<z.ZodNumber>;
|
|
2238
|
+
/** ASN.1 DER ECDSA P-256 signature, base64. */
|
|
2222
2239
|
issuerSig: z.ZodString;
|
|
2223
2240
|
}, "strip", z.ZodTypeAny, {
|
|
2224
2241
|
nonce: string;
|
|
@@ -2320,7 +2337,7 @@ type BuildPassInput = {
|
|
|
2320
2337
|
};
|
|
2321
2338
|
declare function buildPass(input: BuildPassInput): UnsignedPass;
|
|
2322
2339
|
declare function signPass(unsigned: UnsignedPass, issuerPrivateKey: Uint8Array): Pass;
|
|
2323
|
-
declare function verifyPass(pass: Pass,
|
|
2340
|
+
declare function verifyPass(pass: Pass, issuerPublicKeySpkiB64: string): boolean;
|
|
2324
2341
|
/**
|
|
2325
2342
|
* Validity window check is done separately from signature verification so callers can
|
|
2326
2343
|
* decide their clock-skew tolerance.
|
|
@@ -2432,6 +2449,7 @@ declare const RedemptionSchema: z.ZodObject<{
|
|
|
2432
2449
|
/** Amount being redeemed in kobo (0 for non-monetary passes like ride tickets). */
|
|
2433
2450
|
amountKobo: z.ZodNumber;
|
|
2434
2451
|
nonce: z.ZodString;
|
|
2452
|
+
/** ASN.1 DER ECDSA P-256 signature over canonicalJSONBytes(unsigned), base64. */
|
|
2435
2453
|
holderSig: z.ZodString;
|
|
2436
2454
|
}, "strip", z.ZodTypeAny, {
|
|
2437
2455
|
nonce: string;
|
|
@@ -2513,7 +2531,7 @@ declare function signRedemption(unsigned: UnsignedRedemption, holderDevicePrivat
|
|
|
2513
2531
|
* 3. The redemption is signed by that bound device key.
|
|
2514
2532
|
* 4. The redemption counter is strictly greater than pass.counterSeed.
|
|
2515
2533
|
*/
|
|
2516
|
-
declare function verifyRedemption(r: Redemption,
|
|
2534
|
+
declare function verifyRedemption(r: Redemption, issuerPublicKeySpkiB64: string): boolean;
|
|
2517
2535
|
|
|
2518
2536
|
declare const RECEIPT_CHANNELS: readonly ["cash", "pass"];
|
|
2519
2537
|
type ReceiptChannel = (typeof RECEIPT_CHANNELS)[number];
|
|
@@ -2540,6 +2558,7 @@ declare const ReceiptSchema: z.ZodEffects<z.ZodObject<{
|
|
|
2540
2558
|
issuedAtMs: z.ZodNumber;
|
|
2541
2559
|
issuerId: z.ZodString;
|
|
2542
2560
|
payload: z.ZodRecord<z.ZodString, z.ZodUnion<[z.ZodString, z.ZodNumber, z.ZodBoolean, z.ZodNull]>>;
|
|
2561
|
+
/** ASN.1 DER ECDSA P-256 signature, base64. */
|
|
2543
2562
|
issuerSig: z.ZodString;
|
|
2544
2563
|
}, "strip", z.ZodTypeAny, {
|
|
2545
2564
|
currency: string;
|
|
@@ -2611,7 +2630,7 @@ type BuildReceiptInput = {
|
|
|
2611
2630
|
};
|
|
2612
2631
|
declare function buildReceipt(input: BuildReceiptInput): UnsignedReceipt;
|
|
2613
2632
|
declare function signReceipt(unsigned: UnsignedReceipt, issuerPrivateKey: Uint8Array): Receipt;
|
|
2614
|
-
declare function verifyReceipt(r: Receipt,
|
|
2633
|
+
declare function verifyReceipt(r: Receipt, issuerPublicKeySpkiB64: string): boolean;
|
|
2615
2634
|
|
|
2616
2635
|
type PassesClientOptions = {
|
|
2617
2636
|
baseUrl: string;
|
|
@@ -2621,7 +2640,7 @@ type PassesClientOptions = {
|
|
|
2621
2640
|
type IssuePassInput = {
|
|
2622
2641
|
/** Device this pass is bound to. Required (BE-19). */
|
|
2623
2642
|
holderDeviceId: string;
|
|
2624
|
-
/**
|
|
2643
|
+
/** P-256 SubjectPublicKeyInfo DER public key (base64) of the bound device. Required (BE-19). */
|
|
2625
2644
|
holderDevicePubkey: string;
|
|
2626
2645
|
/** Pass kind (server may default for templated flows). */
|
|
2627
2646
|
kind: PassKind;
|
|
@@ -2677,8 +2696,8 @@ type PassesClient = {
|
|
|
2677
2696
|
redeemPass: (passId: string, redemption: Redemption) => Promise<Pass>;
|
|
2678
2697
|
redeemPassWithReceipt: (passId: string, redemption: Redemption, receipt: AtomicRedeemReceiptInput) => Promise<AtomicRedeemResponse>;
|
|
2679
2698
|
revokePass: (passId: string, input: RevokePassInput) => Promise<Pass>;
|
|
2680
|
-
/** Local
|
|
2681
|
-
verifyPass: (pass: Pass,
|
|
2699
|
+
/** Local P-256 ECDSA verification of a pass envelope under the supplied issuer SPKI base64 key. */
|
|
2700
|
+
verifyPass: (pass: Pass, issuerPublicKeySpkiB64: string) => boolean;
|
|
2682
2701
|
};
|
|
2683
2702
|
declare function createPassesClient(opts: PassesClientOptions): PassesClient;
|
|
2684
2703
|
|
|
@@ -2722,8 +2741,8 @@ type ReceiptsClient = {
|
|
|
2722
2741
|
/** Look up a pass-channel receipt by its originating passRedemptionId. */
|
|
2723
2742
|
getByPassRedemptionId: (passRedemptionId: string) => Promise<Receipt>;
|
|
2724
2743
|
listForUser: (input: ListReceiptsInput) => Promise<ListReceiptsResponse>;
|
|
2725
|
-
/** Local
|
|
2726
|
-
verifyReceipt: (receipt: Receipt,
|
|
2744
|
+
/** Local P-256 ECDSA verification of a receipt envelope under the supplied issuer SPKI base64 key. */
|
|
2745
|
+
verifyReceipt: (receipt: Receipt, issuerPublicKeySpkiB64: string) => boolean;
|
|
2727
2746
|
};
|
|
2728
2747
|
declare function createReceiptsClient(opts: ReceiptsClientOptions): ReceiptsClient;
|
|
2729
2748
|
|
|
@@ -2866,7 +2885,7 @@ declare const RegisterDeviceKeyInputSchema: z.ZodObject<{
|
|
|
2866
2885
|
type RegisterDeviceKeyInput = z.infer<typeof RegisterDeviceKeyInputSchema>;
|
|
2867
2886
|
declare const AttestationSecurityLevelSchema: z.ZodEnum<["STRONGBOX", "TEE", "SECURE_ENCLAVE", "SOFTWARE"]>;
|
|
2868
2887
|
type AttestationSecurityLevel = z.infer<typeof AttestationSecurityLevelSchema>;
|
|
2869
|
-
declare const DeviceKeyAlgSchema: z.
|
|
2888
|
+
declare const DeviceKeyAlgSchema: z.ZodLiteral<"p256">;
|
|
2870
2889
|
type DeviceKeyAlg = z.infer<typeof DeviceKeyAlgSchema>;
|
|
2871
2890
|
declare const RegisterDeviceKeyP256InputSchema: z.ZodObject<{
|
|
2872
2891
|
deviceId: z.ZodString;
|
|
@@ -2914,8 +2933,11 @@ declare const DeviceKeyRecordSchema: z.ZodObject<{
|
|
|
2914
2933
|
id: z.ZodString;
|
|
2915
2934
|
userId: z.ZodString;
|
|
2916
2935
|
deviceId: z.ZodString;
|
|
2917
|
-
|
|
2936
|
+
/** Always 'p256' on the consumer offline rail. Field retained for forward-compat. */
|
|
2937
|
+
alg: z.ZodDefault<z.ZodLiteral<"p256">>;
|
|
2938
|
+
/** Legacy ed25519 hex key. Always null on new records (kept for back-compat reads). */
|
|
2918
2939
|
publicKeyHex: z.ZodDefault<z.ZodNullable<z.ZodString>>;
|
|
2940
|
+
/** P-256 SubjectPublicKeyInfo DER, base64. Required for new records. */
|
|
2919
2941
|
publicKeySpkiB64: z.ZodDefault<z.ZodNullable<z.ZodString>>;
|
|
2920
2942
|
securityLevel: z.ZodDefault<z.ZodNullable<z.ZodEnum<["STRONGBOX", "TEE", "SECURE_ENCLAVE", "SOFTWARE"]>>>;
|
|
2921
2943
|
hardwareBacked: z.ZodDefault<z.ZodBoolean>;
|
|
@@ -2931,7 +2953,7 @@ declare const DeviceKeyRecordSchema: z.ZodObject<{
|
|
|
2931
2953
|
publicKeyHex: string | null;
|
|
2932
2954
|
publicKeySpkiB64: string | null;
|
|
2933
2955
|
securityLevel: "STRONGBOX" | "TEE" | "SECURE_ENCLAVE" | "SOFTWARE" | null;
|
|
2934
|
-
alg: "
|
|
2956
|
+
alg: "p256";
|
|
2935
2957
|
hardwareBacked: boolean;
|
|
2936
2958
|
attestedAtMs: number | null;
|
|
2937
2959
|
}, {
|
|
@@ -2943,19 +2965,20 @@ declare const DeviceKeyRecordSchema: z.ZodObject<{
|
|
|
2943
2965
|
publicKeyHex?: string | null | undefined;
|
|
2944
2966
|
publicKeySpkiB64?: string | null | undefined;
|
|
2945
2967
|
securityLevel?: "STRONGBOX" | "TEE" | "SECURE_ENCLAVE" | "SOFTWARE" | null | undefined;
|
|
2946
|
-
alg?: "
|
|
2968
|
+
alg?: "p256" | undefined;
|
|
2947
2969
|
hardwareBacked?: boolean | undefined;
|
|
2948
2970
|
attestedAtMs?: number | null | undefined;
|
|
2949
2971
|
}>;
|
|
2950
2972
|
type DeviceKeyRecord = z.infer<typeof DeviceKeyRecordSchema>;
|
|
2951
|
-
declare const ConsumerOACSchema: z.
|
|
2973
|
+
declare const ConsumerOACSchema: z.ZodObject<{
|
|
2952
2974
|
oacId: z.ZodString;
|
|
2953
2975
|
issuerId: z.ZodString;
|
|
2954
2976
|
userId: z.ZodString;
|
|
2955
2977
|
deviceId: z.ZodString;
|
|
2956
|
-
|
|
2957
|
-
|
|
2958
|
-
|
|
2978
|
+
/** Always 'p256'. Field retained for forward-compat. */
|
|
2979
|
+
alg: z.ZodDefault<z.ZodLiteral<"p256">>;
|
|
2980
|
+
/** P-256 SubjectPublicKeyInfo DER, base64. */
|
|
2981
|
+
devicePubkeySpkiB64: z.ZodString;
|
|
2959
2982
|
perTxCapKobo: z.ZodNumber;
|
|
2960
2983
|
cumulativeCapKobo: z.ZodNumber;
|
|
2961
2984
|
currency: z.ZodString;
|
|
@@ -2974,10 +2997,9 @@ declare const ConsumerOACSchema: z.ZodEffects<z.ZodObject<{
|
|
|
2974
2997
|
counterSeed: number;
|
|
2975
2998
|
issuedAtMs: number;
|
|
2976
2999
|
issuerId: string;
|
|
3000
|
+
alg: "p256";
|
|
2977
3001
|
oacId: string;
|
|
2978
|
-
|
|
2979
|
-
devicePubkeyHex?: string | undefined;
|
|
2980
|
-
devicePubkeySpkiB64?: string | undefined;
|
|
3002
|
+
devicePubkeySpkiB64: string;
|
|
2981
3003
|
}, {
|
|
2982
3004
|
userId: string;
|
|
2983
3005
|
deviceId: string;
|
|
@@ -2990,50 +3012,20 @@ declare const ConsumerOACSchema: z.ZodEffects<z.ZodObject<{
|
|
|
2990
3012
|
issuedAtMs: number;
|
|
2991
3013
|
issuerId: string;
|
|
2992
3014
|
oacId: string;
|
|
2993
|
-
|
|
2994
|
-
|
|
2995
|
-
devicePubkeySpkiB64?: string | undefined;
|
|
2996
|
-
}>, {
|
|
2997
|
-
userId: string;
|
|
2998
|
-
deviceId: string;
|
|
2999
|
-
currency: string;
|
|
3000
|
-
perTxCapKobo: number;
|
|
3001
|
-
cumulativeCapKobo: number;
|
|
3002
|
-
validFromMs: number;
|
|
3003
|
-
validUntilMs: number;
|
|
3004
|
-
counterSeed: number;
|
|
3005
|
-
issuedAtMs: number;
|
|
3006
|
-
issuerId: string;
|
|
3007
|
-
oacId: string;
|
|
3008
|
-
alg?: "ed25519" | "p256" | undefined;
|
|
3009
|
-
devicePubkeyHex?: string | undefined;
|
|
3010
|
-
devicePubkeySpkiB64?: string | undefined;
|
|
3011
|
-
}, {
|
|
3012
|
-
userId: string;
|
|
3013
|
-
deviceId: string;
|
|
3014
|
-
currency: string;
|
|
3015
|
-
perTxCapKobo: number;
|
|
3016
|
-
cumulativeCapKobo: number;
|
|
3017
|
-
validFromMs: number;
|
|
3018
|
-
validUntilMs: number;
|
|
3019
|
-
counterSeed: number;
|
|
3020
|
-
issuedAtMs: number;
|
|
3021
|
-
issuerId: string;
|
|
3022
|
-
oacId: string;
|
|
3023
|
-
alg?: "ed25519" | "p256" | undefined;
|
|
3024
|
-
devicePubkeyHex?: string | undefined;
|
|
3025
|
-
devicePubkeySpkiB64?: string | undefined;
|
|
3015
|
+
devicePubkeySpkiB64: string;
|
|
3016
|
+
alg?: "p256" | undefined;
|
|
3026
3017
|
}>;
|
|
3027
3018
|
type ConsumerOAC = z.infer<typeof ConsumerOACSchema>;
|
|
3028
3019
|
declare const SignedConsumerOACSchema: z.ZodObject<{
|
|
3029
|
-
oac: z.
|
|
3020
|
+
oac: z.ZodObject<{
|
|
3030
3021
|
oacId: z.ZodString;
|
|
3031
3022
|
issuerId: z.ZodString;
|
|
3032
3023
|
userId: z.ZodString;
|
|
3033
3024
|
deviceId: z.ZodString;
|
|
3034
|
-
|
|
3035
|
-
|
|
3036
|
-
|
|
3025
|
+
/** Always 'p256'. Field retained for forward-compat. */
|
|
3026
|
+
alg: z.ZodDefault<z.ZodLiteral<"p256">>;
|
|
3027
|
+
/** P-256 SubjectPublicKeyInfo DER, base64. */
|
|
3028
|
+
devicePubkeySpkiB64: z.ZodString;
|
|
3037
3029
|
perTxCapKobo: z.ZodNumber;
|
|
3038
3030
|
cumulativeCapKobo: z.ZodNumber;
|
|
3039
3031
|
currency: z.ZodString;
|
|
@@ -3052,40 +3044,9 @@ declare const SignedConsumerOACSchema: z.ZodObject<{
|
|
|
3052
3044
|
counterSeed: number;
|
|
3053
3045
|
issuedAtMs: number;
|
|
3054
3046
|
issuerId: string;
|
|
3047
|
+
alg: "p256";
|
|
3055
3048
|
oacId: string;
|
|
3056
|
-
|
|
3057
|
-
devicePubkeyHex?: string | undefined;
|
|
3058
|
-
devicePubkeySpkiB64?: string | undefined;
|
|
3059
|
-
}, {
|
|
3060
|
-
userId: string;
|
|
3061
|
-
deviceId: string;
|
|
3062
|
-
currency: string;
|
|
3063
|
-
perTxCapKobo: number;
|
|
3064
|
-
cumulativeCapKobo: number;
|
|
3065
|
-
validFromMs: number;
|
|
3066
|
-
validUntilMs: number;
|
|
3067
|
-
counterSeed: number;
|
|
3068
|
-
issuedAtMs: number;
|
|
3069
|
-
issuerId: string;
|
|
3070
|
-
oacId: string;
|
|
3071
|
-
alg?: "ed25519" | "p256" | undefined;
|
|
3072
|
-
devicePubkeyHex?: string | undefined;
|
|
3073
|
-
devicePubkeySpkiB64?: string | undefined;
|
|
3074
|
-
}>, {
|
|
3075
|
-
userId: string;
|
|
3076
|
-
deviceId: string;
|
|
3077
|
-
currency: string;
|
|
3078
|
-
perTxCapKobo: number;
|
|
3079
|
-
cumulativeCapKobo: number;
|
|
3080
|
-
validFromMs: number;
|
|
3081
|
-
validUntilMs: number;
|
|
3082
|
-
counterSeed: number;
|
|
3083
|
-
issuedAtMs: number;
|
|
3084
|
-
issuerId: string;
|
|
3085
|
-
oacId: string;
|
|
3086
|
-
alg?: "ed25519" | "p256" | undefined;
|
|
3087
|
-
devicePubkeyHex?: string | undefined;
|
|
3088
|
-
devicePubkeySpkiB64?: string | undefined;
|
|
3049
|
+
devicePubkeySpkiB64: string;
|
|
3089
3050
|
}, {
|
|
3090
3051
|
userId: string;
|
|
3091
3052
|
deviceId: string;
|
|
@@ -3098,12 +3059,13 @@ declare const SignedConsumerOACSchema: z.ZodObject<{
|
|
|
3098
3059
|
issuedAtMs: number;
|
|
3099
3060
|
issuerId: string;
|
|
3100
3061
|
oacId: string;
|
|
3101
|
-
|
|
3102
|
-
|
|
3103
|
-
devicePubkeySpkiB64?: string | undefined;
|
|
3062
|
+
devicePubkeySpkiB64: string;
|
|
3063
|
+
alg?: "p256" | undefined;
|
|
3104
3064
|
}>;
|
|
3065
|
+
/** ASN.1 DER ECDSA P-256 issuer signature, base64. */
|
|
3105
3066
|
issuerSig: z.ZodString;
|
|
3106
|
-
|
|
3067
|
+
/** Issuer's P-256 public key as SubjectPublicKeyInfo DER, base64. */
|
|
3068
|
+
issuerPublicKeySpkiB64: z.ZodString;
|
|
3107
3069
|
}, "strip", z.ZodTypeAny, {
|
|
3108
3070
|
issuerSig: string;
|
|
3109
3071
|
oac: {
|
|
@@ -3117,12 +3079,11 @@ declare const SignedConsumerOACSchema: z.ZodObject<{
|
|
|
3117
3079
|
counterSeed: number;
|
|
3118
3080
|
issuedAtMs: number;
|
|
3119
3081
|
issuerId: string;
|
|
3082
|
+
alg: "p256";
|
|
3120
3083
|
oacId: string;
|
|
3121
|
-
|
|
3122
|
-
devicePubkeyHex?: string | undefined;
|
|
3123
|
-
devicePubkeySpkiB64?: string | undefined;
|
|
3084
|
+
devicePubkeySpkiB64: string;
|
|
3124
3085
|
};
|
|
3125
|
-
|
|
3086
|
+
issuerPublicKeySpkiB64: string;
|
|
3126
3087
|
}, {
|
|
3127
3088
|
issuerSig: string;
|
|
3128
3089
|
oac: {
|
|
@@ -3137,22 +3098,22 @@ declare const SignedConsumerOACSchema: z.ZodObject<{
|
|
|
3137
3098
|
issuedAtMs: number;
|
|
3138
3099
|
issuerId: string;
|
|
3139
3100
|
oacId: string;
|
|
3140
|
-
|
|
3141
|
-
|
|
3142
|
-
devicePubkeySpkiB64?: string | undefined;
|
|
3101
|
+
devicePubkeySpkiB64: string;
|
|
3102
|
+
alg?: "p256" | undefined;
|
|
3143
3103
|
};
|
|
3144
|
-
|
|
3104
|
+
issuerPublicKeySpkiB64: string;
|
|
3145
3105
|
}>;
|
|
3146
3106
|
type SignedConsumerOAC = z.infer<typeof SignedConsumerOACSchema>;
|
|
3147
3107
|
declare const OACRecordSchema: z.ZodObject<{
|
|
3148
|
-
oac: z.
|
|
3108
|
+
oac: z.ZodObject<{
|
|
3149
3109
|
oacId: z.ZodString;
|
|
3150
3110
|
issuerId: z.ZodString;
|
|
3151
3111
|
userId: z.ZodString;
|
|
3152
3112
|
deviceId: z.ZodString;
|
|
3153
|
-
|
|
3154
|
-
|
|
3155
|
-
|
|
3113
|
+
/** Always 'p256'. Field retained for forward-compat. */
|
|
3114
|
+
alg: z.ZodDefault<z.ZodLiteral<"p256">>;
|
|
3115
|
+
/** P-256 SubjectPublicKeyInfo DER, base64. */
|
|
3116
|
+
devicePubkeySpkiB64: z.ZodString;
|
|
3156
3117
|
perTxCapKobo: z.ZodNumber;
|
|
3157
3118
|
cumulativeCapKobo: z.ZodNumber;
|
|
3158
3119
|
currency: z.ZodString;
|
|
@@ -3171,10 +3132,9 @@ declare const OACRecordSchema: z.ZodObject<{
|
|
|
3171
3132
|
counterSeed: number;
|
|
3172
3133
|
issuedAtMs: number;
|
|
3173
3134
|
issuerId: string;
|
|
3135
|
+
alg: "p256";
|
|
3174
3136
|
oacId: string;
|
|
3175
|
-
|
|
3176
|
-
devicePubkeyHex?: string | undefined;
|
|
3177
|
-
devicePubkeySpkiB64?: string | undefined;
|
|
3137
|
+
devicePubkeySpkiB64: string;
|
|
3178
3138
|
}, {
|
|
3179
3139
|
userId: string;
|
|
3180
3140
|
deviceId: string;
|
|
@@ -3187,42 +3147,13 @@ declare const OACRecordSchema: z.ZodObject<{
|
|
|
3187
3147
|
issuedAtMs: number;
|
|
3188
3148
|
issuerId: string;
|
|
3189
3149
|
oacId: string;
|
|
3190
|
-
|
|
3191
|
-
|
|
3192
|
-
devicePubkeySpkiB64?: string | undefined;
|
|
3193
|
-
}>, {
|
|
3194
|
-
userId: string;
|
|
3195
|
-
deviceId: string;
|
|
3196
|
-
currency: string;
|
|
3197
|
-
perTxCapKobo: number;
|
|
3198
|
-
cumulativeCapKobo: number;
|
|
3199
|
-
validFromMs: number;
|
|
3200
|
-
validUntilMs: number;
|
|
3201
|
-
counterSeed: number;
|
|
3202
|
-
issuedAtMs: number;
|
|
3203
|
-
issuerId: string;
|
|
3204
|
-
oacId: string;
|
|
3205
|
-
alg?: "ed25519" | "p256" | undefined;
|
|
3206
|
-
devicePubkeyHex?: string | undefined;
|
|
3207
|
-
devicePubkeySpkiB64?: string | undefined;
|
|
3208
|
-
}, {
|
|
3209
|
-
userId: string;
|
|
3210
|
-
deviceId: string;
|
|
3211
|
-
currency: string;
|
|
3212
|
-
perTxCapKobo: number;
|
|
3213
|
-
cumulativeCapKobo: number;
|
|
3214
|
-
validFromMs: number;
|
|
3215
|
-
validUntilMs: number;
|
|
3216
|
-
counterSeed: number;
|
|
3217
|
-
issuedAtMs: number;
|
|
3218
|
-
issuerId: string;
|
|
3219
|
-
oacId: string;
|
|
3220
|
-
alg?: "ed25519" | "p256" | undefined;
|
|
3221
|
-
devicePubkeyHex?: string | undefined;
|
|
3222
|
-
devicePubkeySpkiB64?: string | undefined;
|
|
3150
|
+
devicePubkeySpkiB64: string;
|
|
3151
|
+
alg?: "p256" | undefined;
|
|
3223
3152
|
}>;
|
|
3153
|
+
/** ASN.1 DER ECDSA P-256 issuer signature, base64. */
|
|
3224
3154
|
issuerSig: z.ZodString;
|
|
3225
|
-
|
|
3155
|
+
/** Issuer's P-256 public key as SubjectPublicKeyInfo DER, base64. */
|
|
3156
|
+
issuerPublicKeySpkiB64: z.ZodString;
|
|
3226
3157
|
} & {
|
|
3227
3158
|
currentOfflineSpentKobo: z.ZodNumber;
|
|
3228
3159
|
status: z.ZodEnum<["active", "superseded", "expired", "revoked", "disabling", "draining", "closed"]>;
|
|
@@ -3244,12 +3175,11 @@ declare const OACRecordSchema: z.ZodObject<{
|
|
|
3244
3175
|
counterSeed: number;
|
|
3245
3176
|
issuedAtMs: number;
|
|
3246
3177
|
issuerId: string;
|
|
3178
|
+
alg: "p256";
|
|
3247
3179
|
oacId: string;
|
|
3248
|
-
|
|
3249
|
-
devicePubkeyHex?: string | undefined;
|
|
3250
|
-
devicePubkeySpkiB64?: string | undefined;
|
|
3180
|
+
devicePubkeySpkiB64: string;
|
|
3251
3181
|
};
|
|
3252
|
-
|
|
3182
|
+
issuerPublicKeySpkiB64: string;
|
|
3253
3183
|
currentOfflineSpentKobo: number;
|
|
3254
3184
|
supersededAtMs: number | null;
|
|
3255
3185
|
holdId?: string | null | undefined;
|
|
@@ -3269,11 +3199,10 @@ declare const OACRecordSchema: z.ZodObject<{
|
|
|
3269
3199
|
issuedAtMs: number;
|
|
3270
3200
|
issuerId: string;
|
|
3271
3201
|
oacId: string;
|
|
3272
|
-
|
|
3273
|
-
|
|
3274
|
-
devicePubkeySpkiB64?: string | undefined;
|
|
3202
|
+
devicePubkeySpkiB64: string;
|
|
3203
|
+
alg?: "p256" | undefined;
|
|
3275
3204
|
};
|
|
3276
|
-
|
|
3205
|
+
issuerPublicKeySpkiB64: string;
|
|
3277
3206
|
currentOfflineSpentKobo: number;
|
|
3278
3207
|
supersededAtMs: number | null;
|
|
3279
3208
|
holdId?: string | null | undefined;
|
|
@@ -3478,14 +3407,15 @@ declare const EnableOfflineResultSchema: z.ZodObject<{
|
|
|
3478
3407
|
isTrusted?: boolean | undefined;
|
|
3479
3408
|
}>;
|
|
3480
3409
|
oac: z.ZodObject<{
|
|
3481
|
-
oac: z.
|
|
3410
|
+
oac: z.ZodObject<{
|
|
3482
3411
|
oacId: z.ZodString;
|
|
3483
3412
|
issuerId: z.ZodString;
|
|
3484
3413
|
userId: z.ZodString;
|
|
3485
3414
|
deviceId: z.ZodString;
|
|
3486
|
-
|
|
3487
|
-
|
|
3488
|
-
|
|
3415
|
+
/** Always 'p256'. Field retained for forward-compat. */
|
|
3416
|
+
alg: z.ZodDefault<z.ZodLiteral<"p256">>;
|
|
3417
|
+
/** P-256 SubjectPublicKeyInfo DER, base64. */
|
|
3418
|
+
devicePubkeySpkiB64: z.ZodString;
|
|
3489
3419
|
perTxCapKobo: z.ZodNumber;
|
|
3490
3420
|
cumulativeCapKobo: z.ZodNumber;
|
|
3491
3421
|
currency: z.ZodString;
|
|
@@ -3504,10 +3434,9 @@ declare const EnableOfflineResultSchema: z.ZodObject<{
|
|
|
3504
3434
|
counterSeed: number;
|
|
3505
3435
|
issuedAtMs: number;
|
|
3506
3436
|
issuerId: string;
|
|
3437
|
+
alg: "p256";
|
|
3507
3438
|
oacId: string;
|
|
3508
|
-
|
|
3509
|
-
devicePubkeyHex?: string | undefined;
|
|
3510
|
-
devicePubkeySpkiB64?: string | undefined;
|
|
3439
|
+
devicePubkeySpkiB64: string;
|
|
3511
3440
|
}, {
|
|
3512
3441
|
userId: string;
|
|
3513
3442
|
deviceId: string;
|
|
@@ -3520,42 +3449,13 @@ declare const EnableOfflineResultSchema: z.ZodObject<{
|
|
|
3520
3449
|
issuedAtMs: number;
|
|
3521
3450
|
issuerId: string;
|
|
3522
3451
|
oacId: string;
|
|
3523
|
-
|
|
3524
|
-
|
|
3525
|
-
devicePubkeySpkiB64?: string | undefined;
|
|
3526
|
-
}>, {
|
|
3527
|
-
userId: string;
|
|
3528
|
-
deviceId: string;
|
|
3529
|
-
currency: string;
|
|
3530
|
-
perTxCapKobo: number;
|
|
3531
|
-
cumulativeCapKobo: number;
|
|
3532
|
-
validFromMs: number;
|
|
3533
|
-
validUntilMs: number;
|
|
3534
|
-
counterSeed: number;
|
|
3535
|
-
issuedAtMs: number;
|
|
3536
|
-
issuerId: string;
|
|
3537
|
-
oacId: string;
|
|
3538
|
-
alg?: "ed25519" | "p256" | undefined;
|
|
3539
|
-
devicePubkeyHex?: string | undefined;
|
|
3540
|
-
devicePubkeySpkiB64?: string | undefined;
|
|
3541
|
-
}, {
|
|
3542
|
-
userId: string;
|
|
3543
|
-
deviceId: string;
|
|
3544
|
-
currency: string;
|
|
3545
|
-
perTxCapKobo: number;
|
|
3546
|
-
cumulativeCapKobo: number;
|
|
3547
|
-
validFromMs: number;
|
|
3548
|
-
validUntilMs: number;
|
|
3549
|
-
counterSeed: number;
|
|
3550
|
-
issuedAtMs: number;
|
|
3551
|
-
issuerId: string;
|
|
3552
|
-
oacId: string;
|
|
3553
|
-
alg?: "ed25519" | "p256" | undefined;
|
|
3554
|
-
devicePubkeyHex?: string | undefined;
|
|
3555
|
-
devicePubkeySpkiB64?: string | undefined;
|
|
3452
|
+
devicePubkeySpkiB64: string;
|
|
3453
|
+
alg?: "p256" | undefined;
|
|
3556
3454
|
}>;
|
|
3455
|
+
/** ASN.1 DER ECDSA P-256 issuer signature, base64. */
|
|
3557
3456
|
issuerSig: z.ZodString;
|
|
3558
|
-
|
|
3457
|
+
/** Issuer's P-256 public key as SubjectPublicKeyInfo DER, base64. */
|
|
3458
|
+
issuerPublicKeySpkiB64: z.ZodString;
|
|
3559
3459
|
} & {
|
|
3560
3460
|
currentOfflineSpentKobo: z.ZodNumber;
|
|
3561
3461
|
status: z.ZodEnum<["active", "superseded", "expired", "revoked", "disabling", "draining", "closed"]>;
|
|
@@ -3577,12 +3477,11 @@ declare const EnableOfflineResultSchema: z.ZodObject<{
|
|
|
3577
3477
|
counterSeed: number;
|
|
3578
3478
|
issuedAtMs: number;
|
|
3579
3479
|
issuerId: string;
|
|
3480
|
+
alg: "p256";
|
|
3580
3481
|
oacId: string;
|
|
3581
|
-
|
|
3582
|
-
devicePubkeyHex?: string | undefined;
|
|
3583
|
-
devicePubkeySpkiB64?: string | undefined;
|
|
3482
|
+
devicePubkeySpkiB64: string;
|
|
3584
3483
|
};
|
|
3585
|
-
|
|
3484
|
+
issuerPublicKeySpkiB64: string;
|
|
3586
3485
|
currentOfflineSpentKobo: number;
|
|
3587
3486
|
supersededAtMs: number | null;
|
|
3588
3487
|
holdId?: string | null | undefined;
|
|
@@ -3602,11 +3501,10 @@ declare const EnableOfflineResultSchema: z.ZodObject<{
|
|
|
3602
3501
|
issuedAtMs: number;
|
|
3603
3502
|
issuerId: string;
|
|
3604
3503
|
oacId: string;
|
|
3605
|
-
|
|
3606
|
-
|
|
3607
|
-
devicePubkeySpkiB64?: string | undefined;
|
|
3504
|
+
devicePubkeySpkiB64: string;
|
|
3505
|
+
alg?: "p256" | undefined;
|
|
3608
3506
|
};
|
|
3609
|
-
|
|
3507
|
+
issuerPublicKeySpkiB64: string;
|
|
3610
3508
|
currentOfflineSpentKobo: number;
|
|
3611
3509
|
supersededAtMs: number | null;
|
|
3612
3510
|
holdId?: string | null | undefined;
|
|
@@ -3627,12 +3525,11 @@ declare const EnableOfflineResultSchema: z.ZodObject<{
|
|
|
3627
3525
|
counterSeed: number;
|
|
3628
3526
|
issuedAtMs: number;
|
|
3629
3527
|
issuerId: string;
|
|
3528
|
+
alg: "p256";
|
|
3630
3529
|
oacId: string;
|
|
3631
|
-
|
|
3632
|
-
devicePubkeyHex?: string | undefined;
|
|
3633
|
-
devicePubkeySpkiB64?: string | undefined;
|
|
3530
|
+
devicePubkeySpkiB64: string;
|
|
3634
3531
|
};
|
|
3635
|
-
|
|
3532
|
+
issuerPublicKeySpkiB64: string;
|
|
3636
3533
|
currentOfflineSpentKobo: number;
|
|
3637
3534
|
supersededAtMs: number | null;
|
|
3638
3535
|
holdId?: string | null | undefined;
|
|
@@ -3674,11 +3571,10 @@ declare const EnableOfflineResultSchema: z.ZodObject<{
|
|
|
3674
3571
|
issuedAtMs: number;
|
|
3675
3572
|
issuerId: string;
|
|
3676
3573
|
oacId: string;
|
|
3677
|
-
|
|
3678
|
-
|
|
3679
|
-
devicePubkeySpkiB64?: string | undefined;
|
|
3574
|
+
devicePubkeySpkiB64: string;
|
|
3575
|
+
alg?: "p256" | undefined;
|
|
3680
3576
|
};
|
|
3681
|
-
|
|
3577
|
+
issuerPublicKeySpkiB64: string;
|
|
3682
3578
|
currentOfflineSpentKobo: number;
|
|
3683
3579
|
supersededAtMs: number | null;
|
|
3684
3580
|
holdId?: string | null | undefined;
|
|
@@ -3765,14 +3661,15 @@ declare const ProvisionOfflineAllowanceResultSchema: z.ZodObject<{
|
|
|
3765
3661
|
isTrusted?: boolean | undefined;
|
|
3766
3662
|
}>;
|
|
3767
3663
|
oac: z.ZodObject<{
|
|
3768
|
-
oac: z.
|
|
3664
|
+
oac: z.ZodObject<{
|
|
3769
3665
|
oacId: z.ZodString;
|
|
3770
3666
|
issuerId: z.ZodString;
|
|
3771
3667
|
userId: z.ZodString;
|
|
3772
3668
|
deviceId: z.ZodString;
|
|
3773
|
-
|
|
3774
|
-
|
|
3775
|
-
|
|
3669
|
+
/** Always 'p256'. Field retained for forward-compat. */
|
|
3670
|
+
alg: z.ZodDefault<z.ZodLiteral<"p256">>;
|
|
3671
|
+
/** P-256 SubjectPublicKeyInfo DER, base64. */
|
|
3672
|
+
devicePubkeySpkiB64: z.ZodString;
|
|
3776
3673
|
perTxCapKobo: z.ZodNumber;
|
|
3777
3674
|
cumulativeCapKobo: z.ZodNumber;
|
|
3778
3675
|
currency: z.ZodString;
|
|
@@ -3791,10 +3688,9 @@ declare const ProvisionOfflineAllowanceResultSchema: z.ZodObject<{
|
|
|
3791
3688
|
counterSeed: number;
|
|
3792
3689
|
issuedAtMs: number;
|
|
3793
3690
|
issuerId: string;
|
|
3691
|
+
alg: "p256";
|
|
3794
3692
|
oacId: string;
|
|
3795
|
-
|
|
3796
|
-
devicePubkeyHex?: string | undefined;
|
|
3797
|
-
devicePubkeySpkiB64?: string | undefined;
|
|
3693
|
+
devicePubkeySpkiB64: string;
|
|
3798
3694
|
}, {
|
|
3799
3695
|
userId: string;
|
|
3800
3696
|
deviceId: string;
|
|
@@ -3807,42 +3703,13 @@ declare const ProvisionOfflineAllowanceResultSchema: z.ZodObject<{
|
|
|
3807
3703
|
issuedAtMs: number;
|
|
3808
3704
|
issuerId: string;
|
|
3809
3705
|
oacId: string;
|
|
3810
|
-
|
|
3811
|
-
|
|
3812
|
-
devicePubkeySpkiB64?: string | undefined;
|
|
3813
|
-
}>, {
|
|
3814
|
-
userId: string;
|
|
3815
|
-
deviceId: string;
|
|
3816
|
-
currency: string;
|
|
3817
|
-
perTxCapKobo: number;
|
|
3818
|
-
cumulativeCapKobo: number;
|
|
3819
|
-
validFromMs: number;
|
|
3820
|
-
validUntilMs: number;
|
|
3821
|
-
counterSeed: number;
|
|
3822
|
-
issuedAtMs: number;
|
|
3823
|
-
issuerId: string;
|
|
3824
|
-
oacId: string;
|
|
3825
|
-
alg?: "ed25519" | "p256" | undefined;
|
|
3826
|
-
devicePubkeyHex?: string | undefined;
|
|
3827
|
-
devicePubkeySpkiB64?: string | undefined;
|
|
3828
|
-
}, {
|
|
3829
|
-
userId: string;
|
|
3830
|
-
deviceId: string;
|
|
3831
|
-
currency: string;
|
|
3832
|
-
perTxCapKobo: number;
|
|
3833
|
-
cumulativeCapKobo: number;
|
|
3834
|
-
validFromMs: number;
|
|
3835
|
-
validUntilMs: number;
|
|
3836
|
-
counterSeed: number;
|
|
3837
|
-
issuedAtMs: number;
|
|
3838
|
-
issuerId: string;
|
|
3839
|
-
oacId: string;
|
|
3840
|
-
alg?: "ed25519" | "p256" | undefined;
|
|
3841
|
-
devicePubkeyHex?: string | undefined;
|
|
3842
|
-
devicePubkeySpkiB64?: string | undefined;
|
|
3706
|
+
devicePubkeySpkiB64: string;
|
|
3707
|
+
alg?: "p256" | undefined;
|
|
3843
3708
|
}>;
|
|
3709
|
+
/** ASN.1 DER ECDSA P-256 issuer signature, base64. */
|
|
3844
3710
|
issuerSig: z.ZodString;
|
|
3845
|
-
|
|
3711
|
+
/** Issuer's P-256 public key as SubjectPublicKeyInfo DER, base64. */
|
|
3712
|
+
issuerPublicKeySpkiB64: z.ZodString;
|
|
3846
3713
|
} & {
|
|
3847
3714
|
currentOfflineSpentKobo: z.ZodNumber;
|
|
3848
3715
|
status: z.ZodEnum<["active", "superseded", "expired", "revoked", "disabling", "draining", "closed"]>;
|
|
@@ -3864,12 +3731,11 @@ declare const ProvisionOfflineAllowanceResultSchema: z.ZodObject<{
|
|
|
3864
3731
|
counterSeed: number;
|
|
3865
3732
|
issuedAtMs: number;
|
|
3866
3733
|
issuerId: string;
|
|
3734
|
+
alg: "p256";
|
|
3867
3735
|
oacId: string;
|
|
3868
|
-
|
|
3869
|
-
devicePubkeyHex?: string | undefined;
|
|
3870
|
-
devicePubkeySpkiB64?: string | undefined;
|
|
3736
|
+
devicePubkeySpkiB64: string;
|
|
3871
3737
|
};
|
|
3872
|
-
|
|
3738
|
+
issuerPublicKeySpkiB64: string;
|
|
3873
3739
|
currentOfflineSpentKobo: number;
|
|
3874
3740
|
supersededAtMs: number | null;
|
|
3875
3741
|
holdId?: string | null | undefined;
|
|
@@ -3889,11 +3755,10 @@ declare const ProvisionOfflineAllowanceResultSchema: z.ZodObject<{
|
|
|
3889
3755
|
issuedAtMs: number;
|
|
3890
3756
|
issuerId: string;
|
|
3891
3757
|
oacId: string;
|
|
3892
|
-
|
|
3893
|
-
|
|
3894
|
-
devicePubkeySpkiB64?: string | undefined;
|
|
3758
|
+
devicePubkeySpkiB64: string;
|
|
3759
|
+
alg?: "p256" | undefined;
|
|
3895
3760
|
};
|
|
3896
|
-
|
|
3761
|
+
issuerPublicKeySpkiB64: string;
|
|
3897
3762
|
currentOfflineSpentKobo: number;
|
|
3898
3763
|
supersededAtMs: number | null;
|
|
3899
3764
|
holdId?: string | null | undefined;
|
|
@@ -3914,12 +3779,11 @@ declare const ProvisionOfflineAllowanceResultSchema: z.ZodObject<{
|
|
|
3914
3779
|
counterSeed: number;
|
|
3915
3780
|
issuedAtMs: number;
|
|
3916
3781
|
issuerId: string;
|
|
3782
|
+
alg: "p256";
|
|
3917
3783
|
oacId: string;
|
|
3918
|
-
|
|
3919
|
-
devicePubkeyHex?: string | undefined;
|
|
3920
|
-
devicePubkeySpkiB64?: string | undefined;
|
|
3784
|
+
devicePubkeySpkiB64: string;
|
|
3921
3785
|
};
|
|
3922
|
-
|
|
3786
|
+
issuerPublicKeySpkiB64: string;
|
|
3923
3787
|
currentOfflineSpentKobo: number;
|
|
3924
3788
|
supersededAtMs: number | null;
|
|
3925
3789
|
holdId?: string | null | undefined;
|
|
@@ -3961,11 +3825,10 @@ declare const ProvisionOfflineAllowanceResultSchema: z.ZodObject<{
|
|
|
3961
3825
|
issuedAtMs: number;
|
|
3962
3826
|
issuerId: string;
|
|
3963
3827
|
oacId: string;
|
|
3964
|
-
|
|
3965
|
-
|
|
3966
|
-
devicePubkeySpkiB64?: string | undefined;
|
|
3828
|
+
devicePubkeySpkiB64: string;
|
|
3829
|
+
alg?: "p256" | undefined;
|
|
3967
3830
|
};
|
|
3968
|
-
|
|
3831
|
+
issuerPublicKeySpkiB64: string;
|
|
3969
3832
|
currentOfflineSpentKobo: number;
|
|
3970
3833
|
supersededAtMs: number | null;
|
|
3971
3834
|
holdId?: string | null | undefined;
|
|
@@ -4161,14 +4024,15 @@ declare const OfflineStatusResultSchema: z.ZodObject<{
|
|
|
4161
4024
|
isTrusted?: boolean | undefined;
|
|
4162
4025
|
}>>;
|
|
4163
4026
|
active: z.ZodNullable<z.ZodObject<{
|
|
4164
|
-
oac: z.
|
|
4027
|
+
oac: z.ZodObject<{
|
|
4165
4028
|
oacId: z.ZodString;
|
|
4166
4029
|
issuerId: z.ZodString;
|
|
4167
4030
|
userId: z.ZodString;
|
|
4168
4031
|
deviceId: z.ZodString;
|
|
4169
|
-
|
|
4170
|
-
|
|
4171
|
-
|
|
4032
|
+
/** Always 'p256'. Field retained for forward-compat. */
|
|
4033
|
+
alg: z.ZodDefault<z.ZodLiteral<"p256">>;
|
|
4034
|
+
/** P-256 SubjectPublicKeyInfo DER, base64. */
|
|
4035
|
+
devicePubkeySpkiB64: z.ZodString;
|
|
4172
4036
|
perTxCapKobo: z.ZodNumber;
|
|
4173
4037
|
cumulativeCapKobo: z.ZodNumber;
|
|
4174
4038
|
currency: z.ZodString;
|
|
@@ -4187,10 +4051,9 @@ declare const OfflineStatusResultSchema: z.ZodObject<{
|
|
|
4187
4051
|
counterSeed: number;
|
|
4188
4052
|
issuedAtMs: number;
|
|
4189
4053
|
issuerId: string;
|
|
4054
|
+
alg: "p256";
|
|
4190
4055
|
oacId: string;
|
|
4191
|
-
|
|
4192
|
-
devicePubkeyHex?: string | undefined;
|
|
4193
|
-
devicePubkeySpkiB64?: string | undefined;
|
|
4056
|
+
devicePubkeySpkiB64: string;
|
|
4194
4057
|
}, {
|
|
4195
4058
|
userId: string;
|
|
4196
4059
|
deviceId: string;
|
|
@@ -4203,42 +4066,13 @@ declare const OfflineStatusResultSchema: z.ZodObject<{
|
|
|
4203
4066
|
issuedAtMs: number;
|
|
4204
4067
|
issuerId: string;
|
|
4205
4068
|
oacId: string;
|
|
4206
|
-
|
|
4207
|
-
|
|
4208
|
-
devicePubkeySpkiB64?: string | undefined;
|
|
4209
|
-
}>, {
|
|
4210
|
-
userId: string;
|
|
4211
|
-
deviceId: string;
|
|
4212
|
-
currency: string;
|
|
4213
|
-
perTxCapKobo: number;
|
|
4214
|
-
cumulativeCapKobo: number;
|
|
4215
|
-
validFromMs: number;
|
|
4216
|
-
validUntilMs: number;
|
|
4217
|
-
counterSeed: number;
|
|
4218
|
-
issuedAtMs: number;
|
|
4219
|
-
issuerId: string;
|
|
4220
|
-
oacId: string;
|
|
4221
|
-
alg?: "ed25519" | "p256" | undefined;
|
|
4222
|
-
devicePubkeyHex?: string | undefined;
|
|
4223
|
-
devicePubkeySpkiB64?: string | undefined;
|
|
4224
|
-
}, {
|
|
4225
|
-
userId: string;
|
|
4226
|
-
deviceId: string;
|
|
4227
|
-
currency: string;
|
|
4228
|
-
perTxCapKobo: number;
|
|
4229
|
-
cumulativeCapKobo: number;
|
|
4230
|
-
validFromMs: number;
|
|
4231
|
-
validUntilMs: number;
|
|
4232
|
-
counterSeed: number;
|
|
4233
|
-
issuedAtMs: number;
|
|
4234
|
-
issuerId: string;
|
|
4235
|
-
oacId: string;
|
|
4236
|
-
alg?: "ed25519" | "p256" | undefined;
|
|
4237
|
-
devicePubkeyHex?: string | undefined;
|
|
4238
|
-
devicePubkeySpkiB64?: string | undefined;
|
|
4069
|
+
devicePubkeySpkiB64: string;
|
|
4070
|
+
alg?: "p256" | undefined;
|
|
4239
4071
|
}>;
|
|
4072
|
+
/** ASN.1 DER ECDSA P-256 issuer signature, base64. */
|
|
4240
4073
|
issuerSig: z.ZodString;
|
|
4241
|
-
|
|
4074
|
+
/** Issuer's P-256 public key as SubjectPublicKeyInfo DER, base64. */
|
|
4075
|
+
issuerPublicKeySpkiB64: z.ZodString;
|
|
4242
4076
|
} & {
|
|
4243
4077
|
currentOfflineSpentKobo: z.ZodNumber;
|
|
4244
4078
|
status: z.ZodEnum<["active", "superseded", "expired", "revoked", "disabling", "draining", "closed"]>;
|
|
@@ -4260,12 +4094,11 @@ declare const OfflineStatusResultSchema: z.ZodObject<{
|
|
|
4260
4094
|
counterSeed: number;
|
|
4261
4095
|
issuedAtMs: number;
|
|
4262
4096
|
issuerId: string;
|
|
4097
|
+
alg: "p256";
|
|
4263
4098
|
oacId: string;
|
|
4264
|
-
|
|
4265
|
-
devicePubkeyHex?: string | undefined;
|
|
4266
|
-
devicePubkeySpkiB64?: string | undefined;
|
|
4099
|
+
devicePubkeySpkiB64: string;
|
|
4267
4100
|
};
|
|
4268
|
-
|
|
4101
|
+
issuerPublicKeySpkiB64: string;
|
|
4269
4102
|
currentOfflineSpentKobo: number;
|
|
4270
4103
|
supersededAtMs: number | null;
|
|
4271
4104
|
holdId?: string | null | undefined;
|
|
@@ -4285,11 +4118,10 @@ declare const OfflineStatusResultSchema: z.ZodObject<{
|
|
|
4285
4118
|
issuedAtMs: number;
|
|
4286
4119
|
issuerId: string;
|
|
4287
4120
|
oacId: string;
|
|
4288
|
-
|
|
4289
|
-
|
|
4290
|
-
devicePubkeySpkiB64?: string | undefined;
|
|
4121
|
+
devicePubkeySpkiB64: string;
|
|
4122
|
+
alg?: "p256" | undefined;
|
|
4291
4123
|
};
|
|
4292
|
-
|
|
4124
|
+
issuerPublicKeySpkiB64: string;
|
|
4293
4125
|
currentOfflineSpentKobo: number;
|
|
4294
4126
|
supersededAtMs: number | null;
|
|
4295
4127
|
holdId?: string | null | undefined;
|
|
@@ -4310,12 +4142,11 @@ declare const OfflineStatusResultSchema: z.ZodObject<{
|
|
|
4310
4142
|
counterSeed: number;
|
|
4311
4143
|
issuedAtMs: number;
|
|
4312
4144
|
issuerId: string;
|
|
4145
|
+
alg: "p256";
|
|
4313
4146
|
oacId: string;
|
|
4314
|
-
|
|
4315
|
-
devicePubkeyHex?: string | undefined;
|
|
4316
|
-
devicePubkeySpkiB64?: string | undefined;
|
|
4147
|
+
devicePubkeySpkiB64: string;
|
|
4317
4148
|
};
|
|
4318
|
-
|
|
4149
|
+
issuerPublicKeySpkiB64: string;
|
|
4319
4150
|
currentOfflineSpentKobo: number;
|
|
4320
4151
|
supersededAtMs: number | null;
|
|
4321
4152
|
holdId?: string | null | undefined;
|
|
@@ -4357,11 +4188,10 @@ declare const OfflineStatusResultSchema: z.ZodObject<{
|
|
|
4357
4188
|
issuedAtMs: number;
|
|
4358
4189
|
issuerId: string;
|
|
4359
4190
|
oacId: string;
|
|
4360
|
-
|
|
4361
|
-
|
|
4362
|
-
devicePubkeySpkiB64?: string | undefined;
|
|
4191
|
+
devicePubkeySpkiB64: string;
|
|
4192
|
+
alg?: "p256" | undefined;
|
|
4363
4193
|
};
|
|
4364
|
-
|
|
4194
|
+
issuerPublicKeySpkiB64: string;
|
|
4365
4195
|
currentOfflineSpentKobo: number;
|
|
4366
4196
|
supersededAtMs: number | null;
|
|
4367
4197
|
holdId?: string | null | undefined;
|
|
@@ -4390,14 +4220,15 @@ declare const OfflineStatusResultSchema: z.ZodObject<{
|
|
|
4390
4220
|
type OfflineStatusResult = z.infer<typeof OfflineStatusResultSchema>;
|
|
4391
4221
|
declare const OfflineStateResultSchema: z.ZodObject<{
|
|
4392
4222
|
active: z.ZodNullable<z.ZodObject<{
|
|
4393
|
-
oac: z.
|
|
4223
|
+
oac: z.ZodObject<{
|
|
4394
4224
|
oacId: z.ZodString;
|
|
4395
4225
|
issuerId: z.ZodString;
|
|
4396
4226
|
userId: z.ZodString;
|
|
4397
4227
|
deviceId: z.ZodString;
|
|
4398
|
-
|
|
4399
|
-
|
|
4400
|
-
|
|
4228
|
+
/** Always 'p256'. Field retained for forward-compat. */
|
|
4229
|
+
alg: z.ZodDefault<z.ZodLiteral<"p256">>;
|
|
4230
|
+
/** P-256 SubjectPublicKeyInfo DER, base64. */
|
|
4231
|
+
devicePubkeySpkiB64: z.ZodString;
|
|
4401
4232
|
perTxCapKobo: z.ZodNumber;
|
|
4402
4233
|
cumulativeCapKobo: z.ZodNumber;
|
|
4403
4234
|
currency: z.ZodString;
|
|
@@ -4416,10 +4247,9 @@ declare const OfflineStateResultSchema: z.ZodObject<{
|
|
|
4416
4247
|
counterSeed: number;
|
|
4417
4248
|
issuedAtMs: number;
|
|
4418
4249
|
issuerId: string;
|
|
4250
|
+
alg: "p256";
|
|
4419
4251
|
oacId: string;
|
|
4420
|
-
|
|
4421
|
-
devicePubkeyHex?: string | undefined;
|
|
4422
|
-
devicePubkeySpkiB64?: string | undefined;
|
|
4252
|
+
devicePubkeySpkiB64: string;
|
|
4423
4253
|
}, {
|
|
4424
4254
|
userId: string;
|
|
4425
4255
|
deviceId: string;
|
|
@@ -4432,42 +4262,13 @@ declare const OfflineStateResultSchema: z.ZodObject<{
|
|
|
4432
4262
|
issuedAtMs: number;
|
|
4433
4263
|
issuerId: string;
|
|
4434
4264
|
oacId: string;
|
|
4435
|
-
|
|
4436
|
-
|
|
4437
|
-
devicePubkeySpkiB64?: string | undefined;
|
|
4438
|
-
}>, {
|
|
4439
|
-
userId: string;
|
|
4440
|
-
deviceId: string;
|
|
4441
|
-
currency: string;
|
|
4442
|
-
perTxCapKobo: number;
|
|
4443
|
-
cumulativeCapKobo: number;
|
|
4444
|
-
validFromMs: number;
|
|
4445
|
-
validUntilMs: number;
|
|
4446
|
-
counterSeed: number;
|
|
4447
|
-
issuedAtMs: number;
|
|
4448
|
-
issuerId: string;
|
|
4449
|
-
oacId: string;
|
|
4450
|
-
alg?: "ed25519" | "p256" | undefined;
|
|
4451
|
-
devicePubkeyHex?: string | undefined;
|
|
4452
|
-
devicePubkeySpkiB64?: string | undefined;
|
|
4453
|
-
}, {
|
|
4454
|
-
userId: string;
|
|
4455
|
-
deviceId: string;
|
|
4456
|
-
currency: string;
|
|
4457
|
-
perTxCapKobo: number;
|
|
4458
|
-
cumulativeCapKobo: number;
|
|
4459
|
-
validFromMs: number;
|
|
4460
|
-
validUntilMs: number;
|
|
4461
|
-
counterSeed: number;
|
|
4462
|
-
issuedAtMs: number;
|
|
4463
|
-
issuerId: string;
|
|
4464
|
-
oacId: string;
|
|
4465
|
-
alg?: "ed25519" | "p256" | undefined;
|
|
4466
|
-
devicePubkeyHex?: string | undefined;
|
|
4467
|
-
devicePubkeySpkiB64?: string | undefined;
|
|
4265
|
+
devicePubkeySpkiB64: string;
|
|
4266
|
+
alg?: "p256" | undefined;
|
|
4468
4267
|
}>;
|
|
4268
|
+
/** ASN.1 DER ECDSA P-256 issuer signature, base64. */
|
|
4469
4269
|
issuerSig: z.ZodString;
|
|
4470
|
-
|
|
4270
|
+
/** Issuer's P-256 public key as SubjectPublicKeyInfo DER, base64. */
|
|
4271
|
+
issuerPublicKeySpkiB64: z.ZodString;
|
|
4471
4272
|
} & {
|
|
4472
4273
|
currentOfflineSpentKobo: z.ZodNumber;
|
|
4473
4274
|
status: z.ZodEnum<["active", "superseded", "expired", "revoked", "disabling", "draining", "closed"]>;
|
|
@@ -4489,12 +4290,11 @@ declare const OfflineStateResultSchema: z.ZodObject<{
|
|
|
4489
4290
|
counterSeed: number;
|
|
4490
4291
|
issuedAtMs: number;
|
|
4491
4292
|
issuerId: string;
|
|
4293
|
+
alg: "p256";
|
|
4492
4294
|
oacId: string;
|
|
4493
|
-
|
|
4494
|
-
devicePubkeyHex?: string | undefined;
|
|
4495
|
-
devicePubkeySpkiB64?: string | undefined;
|
|
4295
|
+
devicePubkeySpkiB64: string;
|
|
4496
4296
|
};
|
|
4497
|
-
|
|
4297
|
+
issuerPublicKeySpkiB64: string;
|
|
4498
4298
|
currentOfflineSpentKobo: number;
|
|
4499
4299
|
supersededAtMs: number | null;
|
|
4500
4300
|
holdId?: string | null | undefined;
|
|
@@ -4514,11 +4314,10 @@ declare const OfflineStateResultSchema: z.ZodObject<{
|
|
|
4514
4314
|
issuedAtMs: number;
|
|
4515
4315
|
issuerId: string;
|
|
4516
4316
|
oacId: string;
|
|
4517
|
-
|
|
4518
|
-
|
|
4519
|
-
devicePubkeySpkiB64?: string | undefined;
|
|
4317
|
+
devicePubkeySpkiB64: string;
|
|
4318
|
+
alg?: "p256" | undefined;
|
|
4520
4319
|
};
|
|
4521
|
-
|
|
4320
|
+
issuerPublicKeySpkiB64: string;
|
|
4522
4321
|
currentOfflineSpentKobo: number;
|
|
4523
4322
|
supersededAtMs: number | null;
|
|
4524
4323
|
holdId?: string | null | undefined;
|
|
@@ -4539,12 +4338,11 @@ declare const OfflineStateResultSchema: z.ZodObject<{
|
|
|
4539
4338
|
counterSeed: number;
|
|
4540
4339
|
issuedAtMs: number;
|
|
4541
4340
|
issuerId: string;
|
|
4341
|
+
alg: "p256";
|
|
4542
4342
|
oacId: string;
|
|
4543
|
-
|
|
4544
|
-
devicePubkeyHex?: string | undefined;
|
|
4545
|
-
devicePubkeySpkiB64?: string | undefined;
|
|
4343
|
+
devicePubkeySpkiB64: string;
|
|
4546
4344
|
};
|
|
4547
|
-
|
|
4345
|
+
issuerPublicKeySpkiB64: string;
|
|
4548
4346
|
currentOfflineSpentKobo: number;
|
|
4549
4347
|
supersededAtMs: number | null;
|
|
4550
4348
|
holdId?: string | null | undefined;
|
|
@@ -4566,20 +4364,19 @@ declare const OfflineStateResultSchema: z.ZodObject<{
|
|
|
4566
4364
|
issuedAtMs: number;
|
|
4567
4365
|
issuerId: string;
|
|
4568
4366
|
oacId: string;
|
|
4569
|
-
|
|
4570
|
-
|
|
4571
|
-
devicePubkeySpkiB64?: string | undefined;
|
|
4367
|
+
devicePubkeySpkiB64: string;
|
|
4368
|
+
alg?: "p256" | undefined;
|
|
4572
4369
|
};
|
|
4573
|
-
|
|
4370
|
+
issuerPublicKeySpkiB64: string;
|
|
4574
4371
|
currentOfflineSpentKobo: number;
|
|
4575
4372
|
supersededAtMs: number | null;
|
|
4576
4373
|
holdId?: string | null | undefined;
|
|
4577
4374
|
} | null;
|
|
4578
4375
|
}>;
|
|
4579
4376
|
type OfflineStateResult = z.infer<typeof OfflineStateResultSchema>;
|
|
4580
|
-
declare const ConsumerPaymentClaimSchema: z.
|
|
4581
|
-
/**
|
|
4582
|
-
alg: z.
|
|
4377
|
+
declare const ConsumerPaymentClaimSchema: z.ZodObject<{
|
|
4378
|
+
/** Always 'p256'. Retained for forward-compat and as an explicit domain marker. */
|
|
4379
|
+
alg: z.ZodDefault<z.ZodLiteral<"p256">>;
|
|
4583
4380
|
oacId: z.ZodString;
|
|
4584
4381
|
encounterId: z.ZodOptional<z.ZodString>;
|
|
4585
4382
|
payerUserId: z.ZodString;
|
|
@@ -4592,12 +4389,8 @@ declare const ConsumerPaymentClaimSchema: z.ZodEffects<z.ZodObject<{
|
|
|
4592
4389
|
occurredAtMs: z.ZodNumber;
|
|
4593
4390
|
completedAtMs: z.ZodOptional<z.ZodNumber>;
|
|
4594
4391
|
contextId: z.ZodOptional<z.ZodString>;
|
|
4595
|
-
|
|
4596
|
-
|
|
4597
|
-
payeePubkeyHex: z.ZodOptional<z.ZodString>;
|
|
4598
|
-
payeeSignature: z.ZodOptional<z.ZodString>;
|
|
4599
|
-
payerPubkeySpkiB64: z.ZodOptional<z.ZodString>;
|
|
4600
|
-
payerSignatureDerB64: z.ZodOptional<z.ZodString>;
|
|
4392
|
+
payerPubkeySpkiB64: z.ZodString;
|
|
4393
|
+
payerSignatureDerB64: z.ZodString;
|
|
4601
4394
|
payeePubkeySpkiB64: z.ZodOptional<z.ZodString>;
|
|
4602
4395
|
payeeSignatureDerB64: z.ZodOptional<z.ZodString>;
|
|
4603
4396
|
}, "strip", z.ZodTypeAny, {
|
|
@@ -4608,62 +4401,14 @@ declare const ConsumerPaymentClaimSchema: z.ZodEffects<z.ZodObject<{
|
|
|
4608
4401
|
payerNonce: string;
|
|
4609
4402
|
payeeNonce: string;
|
|
4610
4403
|
occurredAtMs: number;
|
|
4404
|
+
alg: "p256";
|
|
4611
4405
|
oacId: string;
|
|
4612
4406
|
payerDeviceId: string;
|
|
4407
|
+
payerPubkeySpkiB64: string;
|
|
4408
|
+
payerSignatureDerB64: string;
|
|
4613
4409
|
encounterId?: string | undefined;
|
|
4614
4410
|
completedAtMs?: number | undefined;
|
|
4615
4411
|
contextId?: string | undefined;
|
|
4616
|
-
payerSignature?: string | undefined;
|
|
4617
|
-
payeeSignature?: string | undefined;
|
|
4618
|
-
alg?: "ed25519" | "p256" | undefined;
|
|
4619
|
-
payerPubkeyHex?: string | undefined;
|
|
4620
|
-
payeePubkeyHex?: string | undefined;
|
|
4621
|
-
payerPubkeySpkiB64?: string | undefined;
|
|
4622
|
-
payerSignatureDerB64?: string | undefined;
|
|
4623
|
-
payeePubkeySpkiB64?: string | undefined;
|
|
4624
|
-
payeeSignatureDerB64?: string | undefined;
|
|
4625
|
-
}, {
|
|
4626
|
-
amountKobo: number;
|
|
4627
|
-
payerUserId: string;
|
|
4628
|
-
payeeUserId: string;
|
|
4629
|
-
payerNonce: string;
|
|
4630
|
-
payeeNonce: string;
|
|
4631
|
-
occurredAtMs: number;
|
|
4632
|
-
oacId: string;
|
|
4633
|
-
payerDeviceId: string;
|
|
4634
|
-
currency?: string | undefined;
|
|
4635
|
-
encounterId?: string | undefined;
|
|
4636
|
-
completedAtMs?: number | undefined;
|
|
4637
|
-
contextId?: string | undefined;
|
|
4638
|
-
payerSignature?: string | undefined;
|
|
4639
|
-
payeeSignature?: string | undefined;
|
|
4640
|
-
alg?: "ed25519" | "p256" | undefined;
|
|
4641
|
-
payerPubkeyHex?: string | undefined;
|
|
4642
|
-
payeePubkeyHex?: string | undefined;
|
|
4643
|
-
payerPubkeySpkiB64?: string | undefined;
|
|
4644
|
-
payerSignatureDerB64?: string | undefined;
|
|
4645
|
-
payeePubkeySpkiB64?: string | undefined;
|
|
4646
|
-
payeeSignatureDerB64?: string | undefined;
|
|
4647
|
-
}>, {
|
|
4648
|
-
currency: string;
|
|
4649
|
-
amountKobo: number;
|
|
4650
|
-
payerUserId: string;
|
|
4651
|
-
payeeUserId: string;
|
|
4652
|
-
payerNonce: string;
|
|
4653
|
-
payeeNonce: string;
|
|
4654
|
-
occurredAtMs: number;
|
|
4655
|
-
oacId: string;
|
|
4656
|
-
payerDeviceId: string;
|
|
4657
|
-
encounterId?: string | undefined;
|
|
4658
|
-
completedAtMs?: number | undefined;
|
|
4659
|
-
contextId?: string | undefined;
|
|
4660
|
-
payerSignature?: string | undefined;
|
|
4661
|
-
payeeSignature?: string | undefined;
|
|
4662
|
-
alg?: "ed25519" | "p256" | undefined;
|
|
4663
|
-
payerPubkeyHex?: string | undefined;
|
|
4664
|
-
payeePubkeyHex?: string | undefined;
|
|
4665
|
-
payerPubkeySpkiB64?: string | undefined;
|
|
4666
|
-
payerSignatureDerB64?: string | undefined;
|
|
4667
4412
|
payeePubkeySpkiB64?: string | undefined;
|
|
4668
4413
|
payeeSignatureDerB64?: string | undefined;
|
|
4669
4414
|
}, {
|
|
@@ -4675,17 +4420,13 @@ declare const ConsumerPaymentClaimSchema: z.ZodEffects<z.ZodObject<{
|
|
|
4675
4420
|
occurredAtMs: number;
|
|
4676
4421
|
oacId: string;
|
|
4677
4422
|
payerDeviceId: string;
|
|
4423
|
+
payerPubkeySpkiB64: string;
|
|
4424
|
+
payerSignatureDerB64: string;
|
|
4678
4425
|
currency?: string | undefined;
|
|
4679
4426
|
encounterId?: string | undefined;
|
|
4680
4427
|
completedAtMs?: number | undefined;
|
|
4681
4428
|
contextId?: string | undefined;
|
|
4682
|
-
|
|
4683
|
-
payeeSignature?: string | undefined;
|
|
4684
|
-
alg?: "ed25519" | "p256" | undefined;
|
|
4685
|
-
payerPubkeyHex?: string | undefined;
|
|
4686
|
-
payeePubkeyHex?: string | undefined;
|
|
4687
|
-
payerPubkeySpkiB64?: string | undefined;
|
|
4688
|
-
payerSignatureDerB64?: string | undefined;
|
|
4429
|
+
alg?: "p256" | undefined;
|
|
4689
4430
|
payeePubkeySpkiB64?: string | undefined;
|
|
4690
4431
|
payeeSignatureDerB64?: string | undefined;
|
|
4691
4432
|
}>;
|
|
@@ -4702,6 +4443,7 @@ declare const ConsumerSettlementSchema: z.ZodObject<{
|
|
|
4702
4443
|
status: z.ZodEnum<["SETTLED", "REVIEW"]>;
|
|
4703
4444
|
reviewReason: z.ZodNullable<z.ZodString>;
|
|
4704
4445
|
ledgerRef: z.ZodNullable<z.ZodString>;
|
|
4446
|
+
/** ASN.1 DER ECDSA P-256 issuer signature, base64. */
|
|
4705
4447
|
issuerSig: z.ZodString;
|
|
4706
4448
|
createdAtMs: z.ZodNumber;
|
|
4707
4449
|
}, "strip", z.ZodTypeAny, {
|
|
@@ -4747,6 +4489,7 @@ declare const ConsumerSettleResultSchema: z.ZodObject<{
|
|
|
4747
4489
|
status: z.ZodEnum<["SETTLED", "REVIEW"]>;
|
|
4748
4490
|
reviewReason: z.ZodNullable<z.ZodString>;
|
|
4749
4491
|
ledgerRef: z.ZodNullable<z.ZodString>;
|
|
4492
|
+
/** ASN.1 DER ECDSA P-256 issuer signature, base64. */
|
|
4750
4493
|
issuerSig: z.ZodString;
|
|
4751
4494
|
createdAtMs: z.ZodNumber;
|
|
4752
4495
|
}, "strip", z.ZodTypeAny, {
|
|
@@ -4860,24 +4603,22 @@ declare function createMeOfflineClient(opts: MeOfflineClientOptions): MeOfflineC
|
|
|
4860
4603
|
* - Mobile clients sign payment claims with a hardware-backed P-256 key
|
|
4861
4604
|
* (iOS Secure Enclave / Android Keystore StrongBox). Native modules
|
|
4862
4605
|
* implement that custody, not this file.
|
|
4863
|
-
* - Server-side partners, test harnesses, and
|
|
4864
|
-
*
|
|
4606
|
+
* - Server-side partners, test harnesses, and custodied integrators need a
|
|
4607
|
+
* *software* P-256 signer with the same surface so the SDK contract is
|
|
4865
4608
|
* uniform.
|
|
4866
4609
|
* - Both producers and verifiers (consumer mobile, partner backend, Flur
|
|
4867
4610
|
* backend) must agree byte-for-byte on what gets signed. That's the job
|
|
4868
4611
|
* of `canonicalClaimSigningPayload` / `canonicalClaimSigningBytes`.
|
|
4869
4612
|
*
|
|
4870
|
-
* Wire format
|
|
4871
|
-
* -
|
|
4872
|
-
*
|
|
4873
|
-
*
|
|
4874
|
-
* Apple/Android native modules return.
|
|
4613
|
+
* Wire format (P-256, hardware-backed):
|
|
4614
|
+
* - Public key: SubjectPublicKeyInfo DER, base64. Same format the
|
|
4615
|
+
* Apple/Android native modules return.
|
|
4616
|
+
* - Signature: ASN.1 DER ECDSA(SHA-256) signature, base64.
|
|
4875
4617
|
*
|
|
4876
4618
|
* Domain separation:
|
|
4877
|
-
* - V2 payload binds `alg` and is tagged with `CLAIM_DOMAIN_V2`.
|
|
4878
|
-
*
|
|
4879
|
-
*
|
|
4880
|
-
* migration plan.
|
|
4619
|
+
* - V2 payload binds `alg='p256'` and is tagged with `CLAIM_DOMAIN_V2`.
|
|
4620
|
+
* The legacy ed25519 V1 path has been removed; the migration to P-256
|
|
4621
|
+
* is final.
|
|
4881
4622
|
*/
|
|
4882
4623
|
/**
|
|
4883
4624
|
* V2 canonical claim domain. Must match the backend's V2 verifier exactly.
|
|
@@ -4885,7 +4626,7 @@ declare function createMeOfflineClient(opts: MeOfflineClientOptions): MeOfflineC
|
|
|
4885
4626
|
* signature is non-replayable against a legacy V1 verifier and vice-versa.
|
|
4886
4627
|
*/
|
|
4887
4628
|
declare const CLAIM_DOMAIN_V2: "flur:consumer-offline:v2:claim";
|
|
4888
|
-
type OfflineClaimAlgorithm = '
|
|
4629
|
+
type OfflineClaimAlgorithm = 'p256';
|
|
4889
4630
|
/**
|
|
4890
4631
|
* Inputs the SDK accepts to build canonical signing bytes.
|
|
4891
4632
|
*
|
|
@@ -4906,21 +4647,15 @@ interface CanonicalClaimInput {
|
|
|
4906
4647
|
completedAtMs?: number | null;
|
|
4907
4648
|
contextId?: string | null;
|
|
4908
4649
|
}
|
|
4909
|
-
/** Public key + signature pair from a signer.
|
|
4650
|
+
/** Public key + signature pair from a signer. */
|
|
4910
4651
|
interface SignerPublicKey {
|
|
4911
4652
|
alg: OfflineClaimAlgorithm;
|
|
4912
|
-
/**
|
|
4913
|
-
* For `ed25519`: 32-byte raw key, lowercase hex (64 chars).
|
|
4914
|
-
* For `p256`: SubjectPublicKeyInfo DER, base64.
|
|
4915
|
-
*/
|
|
4653
|
+
/** SubjectPublicKeyInfo DER, base64. */
|
|
4916
4654
|
publicKey: string;
|
|
4917
4655
|
}
|
|
4918
4656
|
interface ClaimSignature {
|
|
4919
4657
|
alg: OfflineClaimAlgorithm;
|
|
4920
|
-
/**
|
|
4921
|
-
* For `ed25519`: 64-byte raw signature, lowercase hex (128 chars).
|
|
4922
|
-
* For `p256`: ASN.1 DER ECDSA signature, base64.
|
|
4923
|
-
*/
|
|
4658
|
+
/** ASN.1 DER ECDSA(SHA-256) signature, base64. */
|
|
4924
4659
|
signature: string;
|
|
4925
4660
|
}
|
|
4926
4661
|
/** Abstract signer interface. Software and native impls both honour this. */
|
|
@@ -4954,14 +4689,6 @@ declare function canonicalClaimSigningPayload(claim: CanonicalClaimInput): {
|
|
|
4954
4689
|
};
|
|
4955
4690
|
/** Bytes the signer must operate on. */
|
|
4956
4691
|
declare function canonicalClaimSigningBytes(claim: CanonicalClaimInput): Uint8Array;
|
|
4957
|
-
/**
|
|
4958
|
-
* Legacy / test-only Ed25519 signer. NOT for production money on phones —
|
|
4959
|
-
* the on-device key is software and exfiltratable. Used by:
|
|
4960
|
-
* - the historical V1 backend path
|
|
4961
|
-
* - Node/server tests
|
|
4962
|
-
* - server-side partners that issue claims from their own backend
|
|
4963
|
-
*/
|
|
4964
|
-
declare function createSoftwareEd25519Signer(privateKey: Uint8Array): OfflineClaimSigner;
|
|
4965
4692
|
/**
|
|
4966
4693
|
* Software P-256 signer. Useful for:
|
|
4967
4694
|
* - test harnesses
|
|
@@ -4985,6 +4712,11 @@ interface VerifyClaimSignatureInput {
|
|
|
4985
4712
|
*/
|
|
4986
4713
|
declare function verifyClaimSignature(input: VerifyClaimSignatureInput): boolean;
|
|
4987
4714
|
|
|
4715
|
+
declare const OFFLINE_CLAIM_SMS_PREFIX: "FLURC1.";
|
|
4716
|
+
declare function encodeOfflineClaimSmsMessage(claim: ConsumerPaymentClaim): string;
|
|
4717
|
+
declare function decodeOfflineClaimSmsMessage(message: string): ConsumerPaymentClaim;
|
|
4718
|
+
declare function extractOfflineClaimSmsToken(message: string): string | null;
|
|
4719
|
+
|
|
4988
4720
|
/**
|
|
4989
4721
|
* Partner-funded wallet rails SDK.
|
|
4990
4722
|
*
|
|
@@ -5757,11 +5489,12 @@ declare function createPartnerProfileAdminClient(opts: PartnerProfileAdminClient
|
|
|
5757
5489
|
* data: <artifact body> // type-specific, validated by registered schema
|
|
5758
5490
|
* }
|
|
5759
5491
|
*
|
|
5760
|
-
* Signature:
|
|
5492
|
+
* Signature: P-256 ECDSA (SHA-256) over canonicalJSONBytes(body), ASN.1 DER, base64.
|
|
5761
5493
|
*
|
|
5762
5494
|
* Design notes:
|
|
5763
5495
|
* - URI scheme `flur://v1/...` is the single transport for all signed artifacts.
|
|
5764
|
-
* - Scanners route on the path segment; verifiers look up the issuer/kid public key
|
|
5496
|
+
* - Scanners route on the path segment; verifiers look up the issuer/kid public key
|
|
5497
|
+
* (SubjectPublicKeyInfo DER, base64) from the backend device-key registry.
|
|
5765
5498
|
* - Pure NIBSS NQR payments remain unchanged; this envelope rides separately.
|
|
5766
5499
|
*/
|
|
5767
5500
|
declare const FLUR_ARTIFACT_URI_SCHEME = "flur";
|
|
@@ -5798,6 +5531,7 @@ type ArtifactBody<T = unknown> = ArtifactHeader & {
|
|
|
5798
5531
|
};
|
|
5799
5532
|
type SignedArtifact<T = unknown> = {
|
|
5800
5533
|
body: ArtifactBody<T>;
|
|
5534
|
+
/** ASN.1 DER ECDSA P-256 signature, base64 (standard, not url-safe). */
|
|
5801
5535
|
sig: string;
|
|
5802
5536
|
};
|
|
5803
5537
|
declare class FlurArtifactError extends Error {
|
|
@@ -5821,6 +5555,7 @@ type DecodedArtifactUri = {
|
|
|
5821
5555
|
type: string;
|
|
5822
5556
|
bodyBytes: Uint8Array;
|
|
5823
5557
|
body: ArtifactBody;
|
|
5558
|
+
/** ASN.1 DER ECDSA P-256 signature, base64 (standard). */
|
|
5824
5559
|
sig: string;
|
|
5825
5560
|
};
|
|
5826
5561
|
declare function decodeArtifactUri(uri: string): DecodedArtifactUri;
|
|
@@ -5830,7 +5565,7 @@ type VerifyArtifactOptions = {
|
|
|
5830
5565
|
/** When true (default), reject artifacts whose `exp` is in the past. */
|
|
5831
5566
|
enforceExpiry?: boolean;
|
|
5832
5567
|
};
|
|
5833
|
-
declare function verifyArtifactSignature(decoded: DecodedArtifactUri,
|
|
5568
|
+
declare function verifyArtifactSignature(decoded: DecodedArtifactUri, publicKeySpkiB64: string, options?: VerifyArtifactOptions): boolean;
|
|
5834
5569
|
|
|
5835
5570
|
/**
|
|
5836
5571
|
* Registry of all Flur v1 signed artifact types.
|
|
@@ -7178,14 +6913,14 @@ type VerifiedArtifact<T = unknown> = {
|
|
|
7178
6913
|
*
|
|
7179
6914
|
* - Parses the URI and envelope header.
|
|
7180
6915
|
* - Validates the body against the registered Zod schema.
|
|
7181
|
-
* - Verifies the
|
|
6916
|
+
* - Verifies the P-256 ECDSA(SHA-256) DER signature against the supplied public key.
|
|
7182
6917
|
* - Enforces expiry unless `options.enforceExpiry === false`.
|
|
7183
6918
|
*
|
|
7184
6919
|
* The caller is responsible for resolving the public key from (issuer, kid)
|
|
7185
6920
|
* against the backend device-key registry, and for enforcing nonce uniqueness
|
|
7186
6921
|
* via the artifact_nonces store.
|
|
7187
6922
|
*/
|
|
7188
|
-
declare function verifyArtifactUri<T = unknown>(uri: string,
|
|
6923
|
+
declare function verifyArtifactUri<T = unknown>(uri: string, publicKeySpkiB64: string, options?: VerifyArtifactOptions): VerifiedArtifact<T>;
|
|
7189
6924
|
declare function createReceiptArtifactUri(input: {
|
|
7190
6925
|
issuer: string;
|
|
7191
6926
|
keyId: string;
|
|
@@ -7258,4 +6993,4 @@ declare function createOfflinePaymentAuthorizationArtifactUri(input: {
|
|
|
7258
6993
|
}>;
|
|
7259
6994
|
};
|
|
7260
6995
|
|
|
7261
|
-
export { ACCOUNT_STATUSES, ACCOUNT_TYPES, ADDITIONAL_DATA_SUBFIELD, ARTIFACT_BODY_SCHEMAS, ARTIFACT_TYPES, type Account, type AccountActivityItem, type AccountMembership, AccountMembershipSchema, AccountSchema, type AccountStatus, type AccountSummaryResponse, type AccountType, type AccountsClient, type AccountsClientOptions, type AddMemberInput, type AdditionalData, type ApiCredentialPublic, ApiCredentialPublicSchema, type ApiCredentialsAdminClient, type ArtifactBody, type ArtifactHeader, ArtifactHeaderSchema, type ArtifactType, type AtomicRedeemReceiptInput, type AtomicRedeemResponse, type AttestationSecurityLevel, AttestationSecurityLevelSchema, type AuthLogoutInput, type AuthRefreshInput, type AuthRefreshResponse, type AuthorizeSendWithBiometricInput, type AuthorizedOptions, type BiometricSigner, type BuildPassInput, type BuildReceiptInput, type BuildRedemptionInput, CLAIM_DOMAIN_V2, COLLECTION_INTENT_STATUSES, COLLECTION_PAYMENT_STATUSES, CUSTODIAL_MODES, type CanonicalClaimInput, type CashNamespace, type ClaimSignature, type CollectionIntent, CollectionIntentSchema, type CollectionPayment, type CollectionPaymentResult, CollectionPaymentResultSchema, CollectionPaymentSchema, type CollectionReportSummary, CollectionReportSummarySchema, type CollectionStatement, CollectionStatementSchema, type CollectionsClient, type CollectionsClientOptions, type ConsumerCollectionsClient, type ConsumerOAC, type OACRecord as ConsumerOACRecord, OACRecordSchema as ConsumerOACRecordSchema, ConsumerOACSchema, type ConsumerPaymentClaim, ConsumerPaymentClaimSchema, type ConsumerSettleResult, ConsumerSettleResultSchema, type ConsumerSettlement, ConsumerSettlementSchema, type ConsumerWithdrawalsClient, type ConsumerWithdrawalsClientOptions, type CreateBusinessAccountInput, type CreateCollectionIntentInput, CreateCollectionIntentInputSchema, type CreatePayLinkResponse, type CreatePayoutDestinationInput, CreatePayoutDestinationInputSchema, type CreatePayoutInput, CreatePayoutInputSchema, type CreateTransferOptions, type CreateWithdrawalInput, CreateWithdrawalInputSchema, type CreateWithdrawalResult, CreateWithdrawalResultSchema, type CustodialMode, type DecodedArtifactUri, type DeviceKeyAlg, DeviceKeyAlgSchema, type DeviceKeyRecord, DeviceKeyRecordSchema, type DeviceTrustState, type DisableOfflineInput, DisableOfflineInputSchema, type DisableOfflineResult, DisableOfflineResultSchema, type
|
|
6996
|
+
export { ACCOUNT_STATUSES, ACCOUNT_TYPES, ADDITIONAL_DATA_SUBFIELD, ARTIFACT_BODY_SCHEMAS, ARTIFACT_TYPES, type Account, type AccountActivityItem, type AccountMembership, AccountMembershipSchema, AccountSchema, type AccountStatus, type AccountSummaryResponse, type AccountType, type AccountsClient, type AccountsClientOptions, type AddMemberInput, type AdditionalData, type ApiCredentialPublic, ApiCredentialPublicSchema, type ApiCredentialsAdminClient, type ArtifactBody, type ArtifactHeader, ArtifactHeaderSchema, type ArtifactType, type AtomicRedeemReceiptInput, type AtomicRedeemResponse, type AttestationSecurityLevel, AttestationSecurityLevelSchema, type AuthLogoutInput, type AuthRefreshInput, type AuthRefreshResponse, type AuthorizeSendWithBiometricInput, type AuthorizedOptions, type BiometricSigner, type BuildPassInput, type BuildReceiptInput, type BuildRedemptionInput, CLAIM_DOMAIN_V2, COLLECTION_INTENT_STATUSES, COLLECTION_PAYMENT_STATUSES, CUSTODIAL_MODES, type CanonicalClaimInput, type CashNamespace, type ClaimSignature, type CollectionIntent, CollectionIntentSchema, type CollectionPayment, type CollectionPaymentResult, CollectionPaymentResultSchema, CollectionPaymentSchema, type CollectionReportSummary, CollectionReportSummarySchema, type CollectionStatement, CollectionStatementSchema, type CollectionsClient, type CollectionsClientOptions, type ConsumerCollectionsClient, type ConsumerOAC, type OACRecord as ConsumerOACRecord, OACRecordSchema as ConsumerOACRecordSchema, ConsumerOACSchema, type ConsumerPaymentClaim, ConsumerPaymentClaimSchema, type ConsumerSettleResult, ConsumerSettleResultSchema, type ConsumerSettlement, ConsumerSettlementSchema, type ConsumerWithdrawalsClient, type ConsumerWithdrawalsClientOptions, type CreateBusinessAccountInput, type CreateCollectionIntentInput, CreateCollectionIntentInputSchema, type CreatePayLinkResponse, type CreatePayoutDestinationInput, CreatePayoutDestinationInputSchema, type CreatePayoutInput, CreatePayoutInputSchema, type CreateTransferOptions, type CreateWithdrawalInput, CreateWithdrawalInputSchema, type CreateWithdrawalResult, CreateWithdrawalResultSchema, type CustodialMode, type DecodedArtifactUri, type DeviceKeyAlg, DeviceKeyAlgSchema, type DeviceKeyRecord, DeviceKeyRecordSchema, type DeviceTrustState, type DisableOfflineInput, DisableOfflineInputSchema, type DisableOfflineResult, DisableOfflineResultSchema, type EnableOfflineInput, EnableOfflineInputSchema, type EnableOfflineResult, EnableOfflineResultSchema, FIELD, FLUR_ARTIFACT_URI_PREFIX, FLUR_ARTIFACT_URI_SCHEME, FLUR_ARTIFACT_VERSION, FlurApiError, FlurArtifactError, FlurCapExceededError, FlurClient, type FlurClientOptions, FlurError, type FlurErrorCode, FlurExpiredError, type FlurHandle, type FlurInitOptions, type FlurOfflineSettlementsClient, type FlurPartnerClient, type FlurPaymentEvent, FlurReplayError, HARDENED_ARTIFACT_TYPES, type HmacFetchOptions, IdentityArtifactSchema, type IngestFundingResult, IngestFundingResultSchema, type IssueOACInput, IssueOACInputSchema, type IssueOfflineTokenInput, type IssuePassInput, type IssueReceiptInput, LedgerJournalEntryArtifactSchema, type ListPassesInput, type ListPassesResponse, type ListPayoutDestinationsResult, ListPayoutDestinationsResultSchema, type ListReceiptsInput, type ListReceiptsResponse, type ListTransactionsOptions, MEMBERSHIP_ROLES, MERCHANT_PAYOUT_STATUSES, MERCHANT_PROFILE_STATUSES, type MeOfflineClient, type MeOfflineClientOptions, type MembershipRole, type MerchantAccountInfo, type MerchantPayout, MerchantPayoutSchema, type MerchantProfile, MerchantProfileSchema, type MintedApiCredential, MintedApiCredentialSchema, type Money, NGN_CURRENCY_CODE, NG_COUNTRY_CODE, NQRParseError, type NQRPayloadInput, NqrPaymentRequestArtifactSchema, type OAC, OACSchema, OAC_DEFAULT_CUMULATIVE_KOBO, OAC_DEFAULT_PER_TX_KOBO, OAC_DEFAULT_VALIDITY_MS, OFFLINE_CLAIM_SMS_PREFIX, type OfflineClaimAlgorithm, OfflineClaimArtifactSchema, type OfflineClaimSigner, type OfflineHoldRecord, OfflineHoldRecordSchema, type OfflinePaymentAuthorization, type OfflinePaymentAuthorizationArtifact, OfflinePaymentAuthorizationArtifactSchema, OfflinePaymentAuthorizationSchema, type OfflinePaymentRequest, OfflinePaymentRequestSchema, type OfflineStateResult, OfflineStateResultSchema, type OfflineStatusResult, OfflineStatusResultSchema, type OfflineToken, OfflineTokenSchema, type OnboardingCompleteInput, type OnboardingCompleteResponse, type OnboardingFallback, type OnboardingRiskReason, type OnboardingStartInput, type OnboardingStartResponse, type P256EnrollmentChallengeInput, P256EnrollmentChallengeInputSchema, type P256EnrollmentChallengeResult, P256EnrollmentChallengeResultSchema, PARTNER_FUNDING_DIRECTIONS, PARTNER_FUNDING_STATUSES, PARTNER_KINDS, PARTNER_PROFILE_STATUSES, PARTNER_SCOPES, PASS_KINDS, PASS_STATES, PAYLOAD_FORMAT_INDICATOR_VALUE, PAYOUT_DESTINATION_STATUSES, POINT_OF_INITIATION, type ParsedNQR, type PartnerClientOptions, type PartnerCollectionsClient, type PartnerFunding, type PartnerFundingClient, type PartnerFundingDirection, type PartnerFundingEventInput, PartnerFundingEventInputSchema, PartnerFundingSchema, type PartnerFundingStatus, type PartnerKind, type PartnerProfile, type PartnerProfileAdminClient, type PartnerProfileAdminClientOptions, PartnerProfileSchema, type PartnerProfileStatus, type PartnerScope, type PartnerSignResult, type Pass, PassArtifactSchema, type PassKind, type PassMetadata, PassMetadataSchema, PassSchema, type PassState, type PassesClient, type PassesClientOptions, type PayCollectionInput, PayCollectionInputSchema, type PayCollectionOptions, type PayCollectionResponse, type PaymentClaim, PaymentClaimSchema, PaymentIntentArtifactSchema, type PayoutDestination, PayoutDestinationSchema, type PayoutDestinationStatus, type PayoutEventInput, PayoutEventInputSchema, type PinSetInput, type PinVerifyInput, type ProviderEventInput, ProviderEventInputSchema, type ProviderEventRecord, ProviderEventRecordSchema, type ProvisionOfflineAllowanceInput, ProvisionOfflineAllowanceInputSchema, type ProvisionOfflineAllowanceResult, ProvisionOfflineAllowanceResultSchema, type PublicCollectionIntent, PublicCollectionIntentSchema, type PushPlatform, type PushRegisterInput, RECEIPT_CHANNELS, RECEIPT_KINDS, REPLAY_WINDOW_MS, type Receipt, type ReceiptArtifact, ReceiptArtifactSchema, type ReceiptChannel, type ReceiptKind, type ReceiptPayload, ReceiptPayloadSchema, ReceiptSchema, type ReceiptsClient, type ReceiptsClientOptions, type RecipientResolveInput, type RecipientResolveResponse, type ReconciliationReport, ReconciliationReportSchema, type RecordPayoutEventResult, RecordPayoutEventResultSchema, type RedeemPassResponse, type Redemption, RedemptionSchema, type RegisterDeviceInput, type RegisterDeviceKeyInput, RegisterDeviceKeyInputSchema, type RegisterDeviceKeyP256Input, RegisterDeviceKeyP256InputSchema, type RegisterDeviceResponse, type RegisterSendDeviceKeyInput, type ResolveCollectionOptions, type ResolveCollectionResponse, type ResolvePayLinkResponse, ReversalRecordArtifactSchema, RevokeDeviceKeyInputSchema, type RevokePassInput, type RoutingHint, SETTLEMENT_SCHEDULES, type SendChallengeInput, type SendChallengeResponse, type SendMoneyInput, type SendMoneyOptions, type SendVerifyInput, type SendVerifyResponse, type SettleResponse, SettleResponseSchema, type Settlement, SettlementRecordArtifactSchema, SettlementSchema, type SignedArtifact, type SignedConsumerOAC, SignedConsumerOACSchema, type SignerPublicKey, StatementArtifactSchema, type SubscribeOptions, type TLVField, type TransactionDetailResponse, type TransactionDirection, type TransactionsListResponse, type TransferInput, type TransferResponse, type TransferStatus, type UnsignedOAC, type UnsignedOfflinePaymentAuthorization, type UnsignedOfflinePaymentRequest, type UnsignedPass, type UnsignedReceipt, type UnsignedRedemption, type UpsertMerchantProfileInput, UpsertMerchantProfileInputSchema, type UpsertPartnerProfileInput, UpsertPartnerProfileInputSchema, type VerifiedArtifact, type VerifyArtifactOptions, type VerifyClaimSignatureInput, WITHDRAWAL_STATES, type Withdrawal, WithdrawalSchema, type WithdrawalState, base64UrlDecode, base64UrlEncode, bodySha256Hex, buildArtifactBody, buildAuthorization, buildOAC, buildPass, buildPaymentRequest, buildReceipt, buildRedemption, canonicalClaimSigningBytes, canonicalClaimSigningPayload, canonicalJSONBytes, canonicalJSONStringify, canonicalRequestString, computeEncounterId, constantTimeEqual, crc16ccitt, crc16ccittHex, createAccountsClient, createApiCredentialsAdminClient, createArtifactUri, createCollectionsClient, createConsumerCollectionsClient, createConsumerWithdrawalsClient, createFlurPartnerClient, createHmacFetch, createMeOfflineClient, createOfflinePaymentAuthorizationArtifactUri, createOfflineSettlementsClient, createPartnerCollectionsClient, createPartnerFundingClient, createPartnerProfileAdminClient, createPassesClient, createReceiptArtifactUri, createReceiptsClient, createSoftwareP256Signer, decodeArtifactUri, decodeAuthorizationQR, decodeBase45, decodeOfflineClaimSmsMessage, decodePaymentRequestQR, encodeArtifactUri, encodeAuthorizationQR, encodeBase45, encodeNQR, encodeOfflineClaimSmsMessage, encodePaymentRequestQR, extractOfflineClaimSmsToken, formatAmount, generateDynamicQR, generateStaticQR, init, isHardenedArtifactType, isKnownArtifactType, isPassWithinValidity, moneyMinorToNumber, normalizeE164, parseAmountInput, parseNQR, parseQR, readTLV, routingHint, signArtifact, signAuthorization, signOAC, signPartnerRequest, signPass, signPaymentRequest, signReceipt, signRedemption, signRequestHMAC, verifyArtifactSignature, verifyArtifactUri, verifyAuthorization, verifyClaimSignature, verifyOAC, verifyPass, verifyPaymentRequest, verifyReceipt, verifyRedemption, verifyRequestHMAC, writeTLV };
|