dosipas-ts 1.0.0

package/dist/types.d.ts

@@ -0,0 +1,273 @@
+/**
+ * TypeScript types for a decoded UIC barcode ticket with Intercode 6 extensions.
+ *
+ * The top-level type is {@link UicBarcodeTicket} which combines the header envelope,
+ * decoded FCB rail ticket data, and Intercode 6 extension data into a single typed object.
+ */
+/** Fully decoded UIC barcode ticket with resolved Intercode 6 extensions. */
+export interface UicBarcodeTicket {
+    /** Header format string, e.g. "U1" or "U2". */
+    format: string;
+    /** Header version number (1 or 2). */
+    headerVersion: number;
+    /** Level 2 digital signature bytes, if present. */
+    level2Signature?: Uint8Array;
+    /** Security / key metadata from Level 1. */
+    security: SecurityInfo;
+    /** Decoded FCB rail ticket data blocks. */
+    railTickets: RailTicketData[];
+    /** Raw data blocks that were not identified as FCB. */
+    otherDataBlocks: DataBlock[];
+    /** Decoded Intercode 6 dynamic data from Level 2, if present. */
+    dynamicData?: IntercodeDynamicData;
+    /** Raw Level 2 data block, if present. */
+    level2DataBlock?: DataBlock;
+}
+export interface SecurityInfo {
+    securityProviderNum?: number;
+    securityProviderIA5?: string;
+    keyId?: number;
+    level1KeyAlg?: string;
+    level2KeyAlg?: string;
+    level1SigningAlg?: string;
+    level2SigningAlg?: string;
+    level2PublicKey?: Uint8Array;
+    level1Signature?: Uint8Array;
+    endOfValidityYear?: number;
+    endOfValidityDay?: number;
+    endOfValidityTime?: number;
+    validityDuration?: number;
+}
+export interface DataBlock {
+    dataFormat: string;
+    data: Uint8Array;
+}
+export interface RailTicketData {
+    /** FCB version, e.g. 1, 2, or 3. */
+    fcbVersion: number;
+    /** Issuing details. */
+    issuingDetail?: IssuingDetail;
+    /** Traveler information. */
+    travelerDetail?: TravelerDetail;
+    /** Transport document entries. */
+    transportDocument?: TransportDocumentEntry[];
+    /** Control detail. */
+    controlDetail?: ControlDetail;
+    /** The raw decoded object (untyped) for fields not covered above. */
+    raw: Record<string, unknown>;
+}
+export interface IssuingDetail {
+    securityProviderNum?: number;
+    securityProviderIA5?: string;
+    issuerNum?: number;
+    issuerIA5?: string;
+    issuingYear: number;
+    issuingDay: number;
+    issuingTime?: number;
+    issuerName?: string;
+    specimen: boolean;
+    securePaperTicket: boolean;
+    activated: boolean;
+    currency?: string;
+    currencyFract?: number;
+    issuerPNR?: string;
+    /** Decoded Intercode 6 issuing extension, if present. */
+    intercodeIssuing?: IntercodeIssuingData;
+    /** Raw extension data if present but not an Intercode extension. */
+    extension?: ExtensionData;
+}
+export interface ExtensionData {
+    extensionId: string;
+    extensionData: Uint8Array;
+}
+export type RetailChannel = 'smsTicket' | 'mobileApplication' | 'webSite' | 'ticketOffice' | 'depositaryTerminal' | 'onBoardTerminal' | 'ticketVendingMachine';
+export interface ProductRetailerData {
+    retailChannel?: RetailChannel;
+    retailGeneratorId?: number;
+    retailServerId?: number;
+    retailerId?: number;
+    retailPointId?: number;
+}
+export interface IntercodeIssuingData {
+    intercodeVersion: number;
+    intercodeInstanciation: number;
+    networkId: Uint8Array;
+    productRetailer?: ProductRetailerData;
+}
+export interface IntercodeDynamicData {
+    dynamicContentDay: number;
+    dynamicContentTime?: number;
+    dynamicContentUTCOffset?: number;
+    dynamicContentDuration?: number;
+}
+export interface TravelerDetail {
+    traveler?: TravelerInfo[];
+    preferredLanguage?: string;
+    groupName?: string;
+}
+export interface TravelerInfo {
+    firstName?: string;
+    secondName?: string;
+    lastName?: string;
+    idCard?: string;
+    passportId?: string;
+    title?: string;
+    gender?: string;
+    customerIdIA5?: string;
+    customerIdNum?: number;
+    yearOfBirth?: number;
+    monthOfBirth?: number;
+    dayOfBirth?: number;
+    ticketHolder?: boolean;
+    passengerType?: string;
+    passengerWithReducedMobility?: boolean;
+    countryOfResidence?: number;
+    countryOfPassport?: number;
+    dateOfBirth?: string;
+    status?: CustomerStatus[];
+}
+export interface CustomerStatus {
+    statusProviderNum?: number;
+    statusProviderIA5?: string;
+    customerStatus?: number;
+    customerStatusDescr?: string;
+}
+export interface TransportDocumentEntry {
+    /** The variant name of the ticket CHOICE, e.g. "openTicket", "reservation", etc. */
+    ticketType: string;
+    /** Decoded ticket data (type depends on ticketType). */
+    ticket: Record<string, unknown>;
+}
+export interface ControlDetail {
+    identificationByCardReference?: CardReference[];
+    identificationByIdCard?: boolean;
+    identificationByPassportId?: boolean;
+    passportValidationRequired?: boolean;
+    onlineValidationRequired?: boolean;
+    ageCheckRequired?: boolean;
+    reductionCardCheckRequired?: boolean;
+    infoText?: string;
+    includedTickets?: TicketLink[];
+    extension?: ExtensionData;
+}
+export interface CardReference {
+    trailingCardIdNum?: number;
+    trailingCardIdIA5?: string;
+    cardName?: string;
+    cardIdNum?: number;
+    cardIdIA5?: string;
+    leadingCardIdNum?: number;
+    leadingCardIdIA5?: string;
+    cardTypeNum?: number;
+    cardTypeDescr?: string;
+}
+export interface TicketLink {
+    referenceIA5?: string;
+    referenceNum?: number;
+    issuerName?: string;
+    issuerPNR?: string;
+    productOwnerNum?: number;
+    productOwnerIA5?: string;
+    ticketType?: string;
+    linkMode?: string;
+}
+/** Input for encoding a UIC barcode ticket. */
+export interface UicBarcodeTicketInput {
+    /** Header version (1 or 2). Default: 2. */
+    headerVersion?: number;
+    /** RICS code of the security provider. */
+    securityProviderNum?: number;
+    /** Key ID for signature verification. */
+    keyId?: number;
+    /** Level 1 key algorithm OID. */
+    level1KeyAlg?: string;
+    /** Level 2 key algorithm OID. */
+    level2KeyAlg?: string;
+    /** Level 1 signing algorithm OID. */
+    level1SigningAlg?: string;
+    /** Level 2 signing algorithm OID. */
+    level2SigningAlg?: string;
+    /** Level 2 public key bytes. */
+    level2PublicKey?: Uint8Array;
+    /** Level 1 signature bytes (placeholder). */
+    level1Signature?: Uint8Array;
+    /** Level 2 signature bytes (placeholder). */
+    level2Signature?: Uint8Array;
+    /** FCB version (1, 2 or 3). Default: 2. */
+    fcbVersion?: number;
+    /** The rail ticket data to encode. */
+    railTicket: RailTicketInput;
+    /** Intercode 6 dynamic data for Level 2. */
+    dynamicData?: IntercodeDynamicDataInput;
+}
+export interface RailTicketInput {
+    issuingDetail: IssuingDetailInput;
+    travelerDetail?: TravelerDetailInput;
+    transportDocument?: TransportDocumentInput[];
+    controlDetail?: Record<string, unknown>;
+}
+export interface IssuingDetailInput {
+    securityProviderNum?: number;
+    issuerNum?: number;
+    issuingYear: number;
+    issuingDay: number;
+    issuingTime?: number;
+    issuerName?: string;
+    specimen?: boolean;
+    securePaperTicket?: boolean;
+    activated?: boolean;
+    currency?: string;
+    currencyFract?: number;
+    issuerPNR?: string;
+    /** Intercode 6 issuing extension data. */
+    intercodeIssuing?: IntercodeIssuingDataInput;
+}
+export interface IntercodeIssuingDataInput {
+    intercodeVersion?: number;
+    intercodeInstanciation?: number;
+    networkId: Uint8Array;
+    productRetailer?: ProductRetailerData;
+}
+export interface IntercodeDynamicDataInput {
+    /** RICS code for the dataFormat field (e.g. 3703 → "_3703.ID1"). */
+    rics: number;
+    dynamicContentDay?: number;
+    dynamicContentTime?: number;
+    dynamicContentUTCOffset?: number;
+    dynamicContentDuration?: number;
+}
+export interface TravelerDetailInput {
+    traveler?: Partial<TravelerInfo>[];
+    preferredLanguage?: string;
+    groupName?: string;
+}
+export interface TransportDocumentInput {
+    ticketType: string;
+    ticket: Record<string, unknown>;
+}
+/** Result of a signature verification attempt for a single level. */
+export interface SignatureLevelResult {
+    valid: boolean;
+    error?: string;
+    algorithm?: string;
+}
+/** Result of signature verification for both levels. */
+export interface SignatureVerificationResult {
+    level1: SignatureLevelResult;
+    level2: SignatureLevelResult;
+}
+/** Options for signature verification. */
+export interface VerifyOptions {
+    /** Provider for Level 1 public keys (looked up by issuer + keyId). */
+    level1KeyProvider?: Level1KeyProvider;
+    /** Explicit Level 1 public key bytes (alternative to level1KeyProvider). */
+    level1PublicKey?: Uint8Array;
+}
+/** Provider interface for looking up Level 1 public keys. */
+export interface Level1KeyProvider {
+    getPublicKey(securityProvider: {
+        num?: number;
+        ia5?: string;
+    }, keyId: number, keyAlg?: string): Promise<Uint8Array>;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAMH,6EAA6E;AAC7E,MAAM,WAAW,gBAAgB;IAC/B,+CAA+C;IAC/C,MAAM,EAAE,MAAM,CAAC;IACf,sCAAsC;IACtC,aAAa,EAAE,MAAM,CAAC;IACtB,mDAAmD;IACnD,eAAe,CAAC,EAAE,UAAU,CAAC;IAE7B,4CAA4C;IAC5C,QAAQ,EAAE,YAAY,CAAC;IAEvB,2CAA2C;IAC3C,WAAW,EAAE,cAAc,EAAE,CAAC;IAE9B,uDAAuD;IACvD,eAAe,EAAE,SAAS,EAAE,CAAC;IAE7B,iEAAiE;IACjE,WAAW,CAAC,EAAE,oBAAoB,CAAC;IAEnC,0CAA0C;IAC1C,eAAe,CAAC,EAAE,SAAS,CAAC;CAC7B;AAMD,MAAM,WAAW,YAAY;IAC3B,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,eAAe,CAAC,EAAE,UAAU,CAAC;IAC7B,eAAe,CAAC,EAAE,UAAU,CAAC;IAC7B,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,gBAAgB,CAAC,EAAE,MAAM,CAAC;CAC3B;AAMD,MAAM,WAAW,SAAS;IACxB,UAAU,EAAE,MAAM,CAAC;IACnB,IAAI,EAAE,UAAU,CAAC;CAClB;AAMD,MAAM,WAAW,cAAc;IAC7B,oCAAoC;IACpC,UAAU,EAAE,MAAM,CAAC;IACnB,uBAAuB;IACvB,aAAa,CAAC,EAAE,aAAa,CAAC;IAC9B,4BAA4B;IAC5B,cAAc,CAAC,EAAE,cAAc,CAAC;IAChC,kCAAkC;IAClC,iBAAiB,CAAC,EAAE,sBAAsB,EAAE,CAAC;IAC7C,sBAAsB;IACtB,aAAa,CAAC,EAAE,aAAa,CAAC;IAC9B,qEAAqE;IACrE,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CAC9B;AAMD,MAAM,WAAW,aAAa;IAC5B,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,WAAW,EAAE,MAAM,CAAC;IACpB,UAAU,EAAE,MAAM,CAAC;IACnB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,OAAO,CAAC;IAClB,iBAAiB,EAAE,OAAO,CAAC;IAC3B,SAAS,EAAE,OAAO,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,yDAAyD;IACzD,gBAAgB,CAAC,EAAE,oBAAoB,CAAC;IACxC,oEAAoE;IACpE,SAAS,CAAC,EAAE,aAAa,CAAC;CAC3B;AAED,MAAM,WAAW,aAAa;IAC5B,WAAW,EAAE,MAAM,CAAC;IACpB,aAAa,EAAE,UAAU,CAAC;CAC3B;AAMD,MAAM,MAAM,aAAa,GACrB,WAAW,GACX,mBAAmB,GACnB,SAAS,GACT,cAAc,GACd,oBAAoB,GACpB,iBAAiB,GACjB,sBAAsB,CAAC;AAE3B,MAAM,WAAW,mBAAmB;IAClC,aAAa,CAAC,EAAE,aAAa,CAAC;IAC9B,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB;AAED,MAAM,WAAW,oBAAoB;IACnC,gBAAgB,EAAE,MAAM,CAAC;IACzB,sBAAsB,EAAE,MAAM,CAAC;IAC/B,SAAS,EAAE,UAAU,CAAC;IACtB,eAAe,CAAC,EAAE,mBAAmB,CAAC;CACvC;AAED,MAAM,WAAW,oBAAoB;IACnC,iBAAiB,EAAE,MAAM,CAAC;IAC1B,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,uBAAuB,CAAC,EAAE,MAAM,CAAC;IACjC,sBAAsB,CAAC,EAAE,MAAM,CAAC;CACjC;AAMD,MAAM,WAAW,cAAc;IAC7B,QAAQ,CAAC,EAAE,YAAY,EAAE,CAAC;IAC1B,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,YAAY;IAC3B,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,YAAY,CAAC,EAAE,OAAO,CAAC;IACvB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,4BAA4B,CAAC,EAAE,OAAO,CAAC;IACvC,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,MAAM,CAAC,EAAE,cAAc,EAAE,CAAC;CAC3B;AAED,MAAM,WAAW,cAAc;IAC7B,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,mBAAmB,CAAC,EAAE,MAAM,CAAC;CAC9B;AAMD,MAAM,WAAW,sBAAsB;IACrC,oFAAoF;IACpF,UAAU,EAAE,MAAM,CAAC;IACnB,wDAAwD;IACxD,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACjC;AAMD,MAAM,WAAW,aAAa;IAC5B,6BAA6B,CAAC,EAAE,aAAa,EAAE,CAAC;IAChD,sBAAsB,CAAC,EAAE,OAAO,CAAC;IACjC,0BAA0B,CAAC,EAAE,OAAO,CAAC;IACrC,0BAA0B,CAAC,EAAE,OAAO,CAAC;IACrC,wBAAwB,CAAC,EAAE,OAAO,CAAC;IACnC,gBAAgB,CAAC,EAAE,OAAO,CAAC;IAC3B,0BAA0B,CAAC,EAAE,OAAO,CAAC;IACrC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,eAAe,CAAC,EAAE,UAAU,EAAE,CAAC;IAC/B,SAAS,CAAC,EAAE,aAAa,CAAC;CAC3B;AAED,MAAM,WAAW,aAAa;IAC5B,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB;AAED,MAAM,WAAW,UAAU;IACzB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAMD,+CAA+C;AAC/C,MAAM,WAAW,qBAAqB;IACpC,2CAA2C;IAC3C,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,0CAA0C;IAC1C,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,yCAAyC;IACzC,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,iCAAiC;IACjC,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,iCAAiC;IACjC,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,qCAAqC;IACrC,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,qCAAqC;IACrC,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,gCAAgC;IAChC,eAAe,CAAC,EAAE,UAAU,CAAC;IAC7B,6CAA6C;IAC7C,eAAe,CAAC,EAAE,UAAU,CAAC;IAC7B,6CAA6C;IAC7C,eAAe,CAAC,EAAE,UAAU,CAAC;IAC7B,2CAA2C;IAC3C,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,sCAAsC;IACtC,UAAU,EAAE,eAAe,CAAC;IAC5B,4CAA4C;IAC5C,WAAW,CAAC,EAAE,yBAAyB,CAAC;CACzC;AAED,MAAM,WAAW,eAAe;IAC9B,aAAa,EAAE,kBAAkB,CAAC;IAClC,cAAc,CAAC,EAAE,mBAAmB,CAAC;IACrC,iBAAiB,CAAC,EAAE,sBAAsB,EAAE,CAAC;IAC7C,aAAa,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACzC;AAED,MAAM,WAAW,kBAAkB;IACjC,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,WAAW,EAAE,MAAM,CAAC;IACpB,UAAU,EAAE,MAAM,CAAC;IACnB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,iBAAiB,CAAC,EAAE,OAAO,CAAC;IAC5B,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,0CAA0C;IAC1C,gBAAgB,CAAC,EAAE,yBAAyB,CAAC;CAC9C;AAED,MAAM,WAAW,yBAAyB;IACxC,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,sBAAsB,CAAC,EAAE,MAAM,CAAC;IAChC,SAAS,EAAE,UAAU,CAAC;IACtB,eAAe,CAAC,EAAE,mBAAmB,CAAC;CACvC;AAED,MAAM,WAAW,yBAAyB;IACxC,oEAAoE;IACpE,IAAI,EAAE,MAAM,CAAC;IACb,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,uBAAuB,CAAC,EAAE,MAAM,CAAC;IACjC,sBAAsB,CAAC,EAAE,MAAM,CAAC;CACjC;AAED,MAAM,WAAW,mBAAmB;IAClC,QAAQ,CAAC,EAAE,OAAO,CAAC,YAAY,CAAC,EAAE,CAAC;IACnC,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,sBAAsB;IACrC,UAAU,EAAE,MAAM,CAAC;IACnB,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACjC;AAMD,qEAAqE;AACrE,MAAM,WAAW,oBAAoB;IACnC,KAAK,EAAE,OAAO,CAAC;IACf,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,wDAAwD;AACxD,MAAM,WAAW,2BAA2B;IAC1C,MAAM,EAAE,oBAAoB,CAAC;IAC7B,MAAM,EAAE,oBAAoB,CAAC;CAC9B;AAED,0CAA0C;AAC1C,MAAM,WAAW,aAAa;IAC5B,sEAAsE;IACtE,iBAAiB,CAAC,EAAE,iBAAiB,CAAC;IACtC,4EAA4E;IAC5E,eAAe,CAAC,EAAE,UAAU,CAAC;CAC9B;AAED,6DAA6D;AAC7D,MAAM,WAAW,iBAAiB;IAChC,YAAY,CACV,gBAAgB,EAAE;QAAE,GAAG,CAAC,EAAE,MAAM,CAAC;QAAC,GAAG,CAAC,EAAE,MAAM,CAAA;KAAE,EAChD,KAAK,EAAE,MAAM,EACb,MAAM,CAAC,EAAE,MAAM,GACd,OAAO,CAAC,UAAU,CAAC,CAAC;CACxB"}

package/dist/types.js

@@ -0,0 +1,8 @@
+/**
+ * TypeScript types for a decoded UIC barcode ticket with Intercode 6 extensions.
+ *
+ * The top-level type is {@link UicBarcodeTicket} which combines the header envelope,
+ * decoded FCB rail ticket data, and Intercode 6 extension data into a single typed object.
+ */
+export {};
+//# sourceMappingURL=types.js.map

package/dist/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;;;;GAKG"}

package/dist/verifier.d.ts

@@ -0,0 +1,67 @@
+import type { SignatureVerificationResult, VerifyOptions } from './types';
+/**
+ * Verify Level 2 signature on a UIC barcode.
+ *
+ * Level 2 is self-contained: the public key is embedded in the barcode's
+ * `level1Data.level2PublicKey` field.
+ *
+ * @param bytes - Raw barcode payload bytes.
+ * @returns Verification result with valid flag and optional error.
+ */
+export declare function verifyLevel2Signature(bytes: Uint8Array): Promise<{
+    valid: boolean;
+    error?: string;
+    algorithm?: string;
+}>;
+/**
+ * Verify Level 1 signature on a UIC barcode.
+ *
+ * Level 1 requires an externally-provided public key since it is not
+ * embedded in the barcode.
+ *
+ * @param bytes - Raw barcode payload bytes.
+ * @param publicKey - The Level 1 public key bytes.
+ * @returns Verification result with valid flag and optional error.
+ */
+export declare function verifyLevel1Signature(bytes: Uint8Array, publicKey: Uint8Array): Promise<{
+    valid: boolean;
+    error?: string;
+    algorithm?: string;
+}>;
+/**
+ * Verify both Level 1 and Level 2 signatures on a UIC barcode.
+ *
+ * @param bytes - Raw barcode payload bytes.
+ * @param options - Verification options (key provider or explicit key).
+ * @returns Combined verification results for both levels.
+ */
+export declare function verifySignatures(bytes: Uint8Array, options?: VerifyOptions): Promise<SignatureVerificationResult>;
+/**
+ * Parse the UIC public key XML and find a key by issuer code and key ID.
+ *
+ * @param xml - XML string from https://railpublickey.uic.org/download.php
+ * @param issuerCode - The issuer RICS code (securityProviderNum)
+ * @param keyId - The key identifier
+ * @returns The Base64-decoded public key bytes, or null if not found.
+ */
+export declare function findKeyInXml(xml: string, issuerCode: number, keyId: number): Uint8Array | null;
+/**
+ * Parse all keys from the UIC public key XML.
+ *
+ * @param xml - XML string from https://railpublickey.uic.org/download.php
+ * @returns Array of parsed key entries.
+ */
+export declare function parseKeysXml(xml: string): UicPublicKeyEntry[];
+export interface UicPublicKeyEntry {
+    issuerCode: number;
+    id: number;
+    issuerName: string;
+    publicKey: Uint8Array;
+    publicKeyB64: string;
+    signatureAlgorithm: string;
+    versionType: string;
+    barcodeVersion: string;
+    startDate: string;
+    endDate: string;
+}
+//# sourceMappingURL=verifier.d.ts.map

package/dist/verifier.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"verifier.d.ts","sourceRoot":"","sources":["../src/verifier.ts"],"names":[],"mappings":"AAcA,OAAO,KAAK,EACV,2BAA2B,EAE3B,aAAa,EACd,MAAM,SAAS,CAAC;AAgEjB;;;;;;;;GAQG;AACH,wBAAsB,qBAAqB,CACzC,KAAK,EAAE,UAAU,GAChB,OAAO,CAAC;IAAE,KAAK,EAAE,OAAO,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAC;IAAC,SAAS,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC,CA8DjE;AAED;;;;;;;;;GASG;AACH,wBAAsB,qBAAqB,CACzC,KAAK,EAAE,UAAU,EACjB,SAAS,EAAE,UAAU,GACpB,OAAO,CAAC;IAAE,KAAK,EAAE,OAAO,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAC;IAAC,SAAS,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC,CAoEjE;AAED;;;;;;GAMG;AACH,wBAAsB,gBAAgB,CACpC,KAAK,EAAE,UAAU,EACjB,OAAO,CAAC,EAAE,aAAa,GACtB,OAAO,CAAC,2BAA2B,CAAC,CAiCtC;AAED;;;;;;;GAOG;AACH,wBAAgB,YAAY,CAAC,GAAG,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,UAAU,GAAG,IAAI,CAyB9F;AAED;;;;;GAKG;AACH,wBAAgB,YAAY,CAAC,GAAG,EAAE,MAAM,GAAG,iBAAiB,EAAE,CAmC7D;AAED,MAAM,WAAW,iBAAiB;IAChC,UAAU,EAAE,MAAM,CAAC;IACnB,EAAE,EAAE,MAAM,CAAC;IACX,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,UAAU,CAAC;IACtB,YAAY,EAAE,MAAM,CAAC;IACrB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,WAAW,EAAE,MAAM,CAAC;IACpB,cAAc,EAAE,MAAM,CAAC;IACvB,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,MAAM,CAAC;CACjB"}

package/dist/verifier.js

@@ -0,0 +1,309 @@
+/**
+ * Signature verification for UIC barcode tickets.
+ *
+ * Supports two-level signature verification:
+ * - Level 2: self-contained, uses the embedded `level2PublicKey`
+ * - Level 1: requires an external public key (via provider or direct)
+ *
+ * Uses @noble/curves for ECDSA verification (works in both Node.js and browsers).
+ */
+import { p256, p384, p521 } from '@noble/curves/nist.js';
+import { extractSignedData } from './signed-data';
+import { getSigningAlgorithm, getKeyAlgorithm } from './oids';
+import { derToRaw, extractEcPublicKeyPoint } from './signature-utils';
+// UIC barcode signatures may have non-normalized (high-S) values, so we
+// disable the lowS check that @noble/curves enforces by default.
+const VERIFY_OPTS = { lowS: false };
+function getCurveOps(curve) {
+    switch (curve) {
+        case 'P-256':
+            return {
+                verify: (sig, msg, pk) => p256.verify(sig, msg, pk, VERIFY_OPTS),
+                componentLength: 32,
+            };
+        case 'P-384':
+            return {
+                verify: (sig, msg, pk) => p384.verify(sig, msg, pk, VERIFY_OPTS),
+                componentLength: 48,
+            };
+        case 'P-521':
+            return {
+                verify: (sig, msg, pk) => p521.verify(sig, msg, pk, VERIFY_OPTS),
+                componentLength: 66,
+            };
+        default:
+            throw new Error(`Unsupported curve: ${curve}`);
+    }
+}
+// ---------------------------------------------------------------------------
+// ECDSA verification
+// ---------------------------------------------------------------------------
+function verifyEcdsa(signatureBytes, signedData, publicKeyBytes, curve) {
+    const curveOps = getCurveOps(curve);
+    // Convert DER signature to raw (r || s) compact format
+    const rawSig = derToRaw(signatureBytes, curveOps.componentLength);
+    // Extract the raw EC point from potentially SPKI-wrapped key
+    const rawPoint = extractEcPublicKeyPoint(publicKeyBytes);
+    // Verify — @noble/curves hashes the message internally (prehash: true by default)
+    return curveOps.verify(rawSig, signedData, rawPoint);
+}
+// ---------------------------------------------------------------------------
+// Public API
+// ---------------------------------------------------------------------------
+/**
+ * Verify Level 2 signature on a UIC barcode.
+ *
+ * Level 2 is self-contained: the public key is embedded in the barcode's
+ * `level1Data.level2PublicKey` field.
+ *
+ * @param bytes - Raw barcode payload bytes.
+ * @returns Verification result with valid flag and optional error.
+ */
+export async function verifyLevel2Signature(bytes) {
+    try {
+        const extracted = extractSignedData(bytes);
+        const { security } = extracted;
+        if (!security.level2Signature) {
+            return { valid: false, error: 'Missing level 2 signature' };
+        }
+        if (!security.level2PublicKey) {
+            return { valid: false, error: 'Missing level 2 public key' };
+        }
+        // Determine algorithms
+        const sigAlg = security.level2SigningAlg
+            ? getSigningAlgorithm(security.level2SigningAlg)
+            : undefined;
+        const keyAlg = security.level2KeyAlg
+            ? getKeyAlgorithm(security.level2KeyAlg)
+            : undefined;
+        if (!sigAlg) {
+            return {
+                valid: false,
+                error: security.level2SigningAlg
+                    ? `Unsupported signing algorithm: ${security.level2SigningAlg}`
+                    : 'Missing level 2 signing algorithm OID',
+            };
+        }
+        if (sigAlg.type !== 'ECDSA') {
+            return { valid: false, error: `Unsupported signing type for level 2: ${sigAlg.type}` };
+        }
+        const curve = keyAlg?.curve;
+        if (!curve) {
+            return {
+                valid: false,
+                error: security.level2KeyAlg
+                    ? `Cannot determine curve from key algorithm: ${security.level2KeyAlg}`
+                    : 'Missing level 2 key algorithm OID',
+            };
+        }
+        const algorithmDesc = `${sigAlg.type} ${curve} with ${sigAlg.hash}`;
+        const valid = verifyEcdsa(security.level2Signature, extracted.level2SignedBytes, security.level2PublicKey, curve);
+        return {
+            valid,
+            algorithm: algorithmDesc,
+            ...(!valid && { error: `Level 2 signature verification failed (${algorithmDesc})` }),
+        };
+    }
+    catch (e) {
+        return { valid: false, error: e instanceof Error ? e.message : 'Verification failed' };
+    }
+}
+/**
+ * Verify Level 1 signature on a UIC barcode.
+ *
+ * Level 1 requires an externally-provided public key since it is not
+ * embedded in the barcode.
+ *
+ * @param bytes - Raw barcode payload bytes.
+ * @param publicKey - The Level 1 public key bytes.
+ * @returns Verification result with valid flag and optional error.
+ */
+export async function verifyLevel1Signature(bytes, publicKey) {
+    try {
+        const extracted = extractSignedData(bytes);
+        const { security } = extracted;
+        if (!security.level1Signature) {
+            return { valid: false, error: 'Missing level 1 signature' };
+        }
+        // Determine algorithms
+        const sigAlg = security.level1SigningAlg
+            ? getSigningAlgorithm(security.level1SigningAlg)
+            : undefined;
+        const keyAlg = security.level1KeyAlg
+            ? getKeyAlgorithm(security.level1KeyAlg)
+            : undefined;
+        if (!sigAlg) {
+            return {
+                valid: false,
+                error: security.level1SigningAlg
+                    ? `Unsupported signing algorithm: ${security.level1SigningAlg}`
+                    : 'Missing level 1 signing algorithm OID',
+            };
+        }
+        const algorithmDesc = `${sigAlg.type} with ${sigAlg.hash}`;
+        if (sigAlg.type === 'ECDSA') {
+            const curve = keyAlg?.curve;
+            if (!curve) {
+                return {
+                    valid: false,
+                    error: security.level1KeyAlg
+                        ? `Cannot determine curve from key algorithm: ${security.level1KeyAlg}`
+                        : 'Missing level 1 key algorithm OID',
+                };
+            }
+            const l1AlgorithmDesc = `ECDSA ${curve} with ${sigAlg.hash}`;
+            const valid = verifyEcdsa(security.level1Signature, extracted.level1DataBytes, publicKey, curve);
+            return {
+                valid,
+                algorithm: l1AlgorithmDesc,
+                ...(!valid && { error: `Level 1 signature verification failed (${l1AlgorithmDesc})` }),
+            };
+        }
+        if (sigAlg.type === 'DSA') {
+            // DSA is not supported by @noble/curves
+            // DSA signatures use the same DER format but different crypto primitives
+            return {
+                valid: false,
+                error: `DSA verification not supported (algorithm: DSA with ${sigAlg.hash})`,
+                algorithm: algorithmDesc,
+            };
+        }
+        return { valid: false, error: `Unsupported algorithm type: ${sigAlg.type}` };
+    }
+    catch (e) {
+        return { valid: false, error: e instanceof Error ? e.message : 'Verification failed' };
+    }
+}
+/**
+ * Verify both Level 1 and Level 2 signatures on a UIC barcode.
+ *
+ * @param bytes - Raw barcode payload bytes.
+ * @param options - Verification options (key provider or explicit key).
+ * @returns Combined verification results for both levels.
+ */
+export async function verifySignatures(bytes, options) {
+    // Level 2 verification (self-contained)
+    const level2 = await verifyLevel2Signature(bytes);
+    // Level 1 verification (needs external key)
+    let level1;
+    if (options?.level1PublicKey) {
+        level1 = await verifyLevel1Signature(bytes, options.level1PublicKey);
+    }
+    else if (options?.level1KeyProvider) {
+        try {
+            const extracted = extractSignedData(bytes);
+            const { security } = extracted;
+            const pubKey = await options.level1KeyProvider.getPublicKey({ num: security.securityProviderNum, ia5: security.securityProviderIA5 }, security.keyId ?? 0, security.level1KeyAlg);
+            level1 = await verifyLevel1Signature(bytes, pubKey);
+        }
+        catch (e) {
+            level1 = {
+                valid: false,
+                error: `Key provider error: ${e instanceof Error ? e.message : 'unknown error'}`,
+            };
+        }
+    }
+    else {
+        level1 = {
+            valid: false,
+            error: 'No level 1 public key provided (use level1PublicKey or level1KeyProvider)',
+        };
+    }
+    return { level1, level2 };
+}
+/**
+ * Parse the UIC public key XML and find a key by issuer code and key ID.
+ *
+ * @param xml - XML string from https://railpublickey.uic.org/download.php
+ * @param issuerCode - The issuer RICS code (securityProviderNum)
+ * @param keyId - The key identifier
+ * @returns The Base64-decoded public key bytes, or null if not found.
+ */
+export function findKeyInXml(xml, issuerCode, keyId) {
+    // Simple regex-based XML parser (no DOM dependency for Node.js compatibility)
+    const keyRegex = /<key>([\s\S]*?)<\/key>/g;
+    let match;
+    while ((match = keyRegex.exec(xml)) !== null) {
+        const block = match[1];
+        const issuerMatch = block.match(/<issuerCode>\s*(\d+)\s*<\/issuerCode>/);
+        const idMatch = block.match(/<id>\s*(\d+)\s*<\/id>/);
+        const pubKeyMatch = block.match(/<publicKey>\s*([A-Za-z0-9+/=\s]+?)\s*<\/publicKey>/);
+        if (issuerMatch && idMatch && pubKeyMatch) {
+            const xmlIssuerCode = parseInt(issuerMatch[1], 10);
+            const xmlKeyId = parseInt(idMatch[1], 10);
+            if (xmlIssuerCode === issuerCode && xmlKeyId === keyId) {
+                // Base64 decode
+                const b64 = pubKeyMatch[1].replace(/\s+/g, '');
+                return base64ToBytes(b64);
+            }
+        }
+    }
+    return null;
+}
+/**
+ * Parse all keys from the UIC public key XML.
+ *
+ * @param xml - XML string from https://railpublickey.uic.org/download.php
+ * @returns Array of parsed key entries.
+ */
+export function parseKeysXml(xml) {
+    const entries = [];
+    const keyRegex = /<key>([\s\S]*?)<\/key>/g;
+    let match;
+    while ((match = keyRegex.exec(xml)) !== null) {
+        const block = match[1];
+        const issuerCode = extractXmlInt(block, 'issuerCode');
+        const id = extractXmlInt(block, 'id');
+        const issuerName = extractXmlText(block, 'issuerName');
+        const publicKeyB64 = extractXmlText(block, 'publicKey');
+        const signatureAlgorithm = extractXmlText(block, 'signatureAlgorithm');
+        const versionType = extractXmlText(block, 'versionType');
+        const barcodeVersion = extractXmlText(block, 'barcodeVersion');
+        const startDate = extractXmlText(block, 'startDate');
+        const endDate = extractXmlText(block, 'endDate');
+        if (issuerCode != null && id != null && publicKeyB64) {
+            entries.push({
+                issuerCode,
+                id,
+                issuerName: issuerName ?? '',
+                publicKey: base64ToBytes(publicKeyB64.replace(/\s+/g, '')),
+                publicKeyB64: publicKeyB64.replace(/\s+/g, ''),
+                signatureAlgorithm: signatureAlgorithm ?? '',
+                versionType: versionType ?? '',
+                barcodeVersion: barcodeVersion ?? '',
+                startDate: startDate ?? '',
+                endDate: endDate ?? '',
+            });
+        }
+    }
+    return entries;
+}
+// ---------------------------------------------------------------------------
+// Helpers
+// ---------------------------------------------------------------------------
+function extractXmlText(block, tag) {
+    const re = new RegExp(`<${tag}>\\s*([\\s\\S]*?)\\s*</${tag}>`);
+    const m = block.match(re);
+    return m ? m[1].trim() : null;
+}
+function extractXmlInt(block, tag) {
+    const text = extractXmlText(block, tag);
+    if (text === null)
+        return null;
+    const n = parseInt(text, 10);
+    return isNaN(n) ? null : n;
+}
+function base64ToBytes(b64) {
+    // Works in both Node.js and browsers
+    if (typeof atob === 'function') {
+        const binary = atob(b64);
+        const bytes = new Uint8Array(binary.length);
+        for (let i = 0; i < binary.length; i++) {
+            bytes[i] = binary.charCodeAt(i);
+        }
+        return bytes;
+    }
+    // Node.js fallback
+    return new Uint8Array(Buffer.from(b64, 'base64'));
+}
+//# sourceMappingURL=verifier.js.map