AuthorizedTransfer

Defined in: ootle/src/stealth/authorizer.ts:322

The post-WalletStealthAuthorizer.prepare handle.

Owns the hydrated spec, the resolved stealth inputs, and the single seal keypair shared across one-time authorizations and the seal signature. Constructed only via WalletStealthAuthorizer.prepare — there is no way to obtain one without preparing first, so seal / createAuthorizations no longer need a prepared guard.

Constructors

Constructor

new AuthorizedTransfer(params): AuthorizedTransfer

Defined in: ootle/src/stealth/authorizer.ts:342

Parameters

params

AuthorizedTransferParams

Returns

AuthorizedTransfer

Methods

addSignature()

addSignature(signature): this

Defined in: ootle/src/stealth/authorizer.ts:439

Append an extra signature for a genuine external co-signer to be included when sealing. The account-key signature is added automatically at seal unless mustSignWithAccountKey is false.

Do NOT pass the per-input one-time spend-key authorizations here — they are produced (memoized) by createAuthorizations and auto-included by seal exactly once. Re-adding them via this method would double-count them in the sealed tx, which the engine rejects.

Parameters

signature

TransactionSignature

Returns

this

---

createAuthorizations()

createAuthorizations(): Promise<TransactionAuthorization[]>

Defined in: ootle/src/stealth/authorizer.ts:386

Produce the one-time spend-key authorizations for the stealth inputs (empty for a revealed-only transfer).

For each resolved input, picks the owner’s signer from the wallet and calls its addStealthSignature(unsignedJson, publicNonce, sealPublicKey, { crypto }) — which derives the one-time spend scalar via stealthDhSecret and signs the tx hash. The secret stays in the signer (never pulled into the transfer).

Uses this transfer’s shared seal public key (getSealPublicKey) — the same one seal uses — so every signature is over the same tx hash. The tx hashed is spec.unsignedTx (already resolved by the builder); seal does not re-resolve, so the hashes match.

Memoized. The authorizations are computed on the first call and cached; every subsequent call — including the internal one from seal — returns the same array, never re-signing with a fresh random nonce. Calling this before seal cannot double-count, because seal reuses the cache. Callers therefore must not feed these one-time authorizations to addSignature — they are auto-included exactly once at seal time.

Returns

Promise<TransactionAuthorization[]>

Throws

if a stealth-input owner has no signer registered.

Throws

if a stealth-input owner’s signer cannot produce one-time stealth signatures (lacks addStealthSignature).

---

getSealPublicKey()

getSealPublicKey(): Uint8Array

Defined in: ootle/src/stealth/authorizer.ts:352

The shared seal signer public key (fixed for this transfer’s lifetime).

Returns

Uint8Array

---

getSpec()

getSpec(): StealthTransferSpec

Defined in: ootle/src/stealth/authorizer.ts:357

The hydrated, post-prepare spec (balance proof filled, instruction patched).

Returns

StealthTransferSpec

---

seal()

seal(): Promise<string>

Defined in: ootle/src/stealth/authorizer.ts:463

Sign and seal the (prepared) transfer into a TransactionEnvelope.

Composes, over a SINGLE shared seal keypair:

• the account-key signature (unless mustSignWithAccountKey is false);
• the per-input one-time spend-key authorizations — included exactly once per stealth input via createAuthorizations’s memoized cache, whether or not the caller invoked createAuthorizations first; callers must NOT also re-add them via addSignature;
• any addSignature extras (e.g. genuine external co-signers).

All of these — and the seal signature itself — hash the tx with the same seal public key, so every signature verifies against the same hash. The tx is not re-resolved here (the builder already resolved it in prepare()); re-resolving could change the hash and invalidate the already-computed one-time authorizations.

Returns

Promise<string>

Throws

when a stealth-input owner has no signer registered.

Throws

when a stealth-input signer cannot produce one-time signatures.