@azure/keyvault-keys 4.10.1-alpha.20250702.2 → 4.10.1-alpha.20250722.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (100) hide show
  1. package/dist/browser/cryptography/remoteCryptographyProvider.js +34 -11
  2. package/dist/browser/cryptography/remoteCryptographyProvider.js.map +1 -1
  3. package/dist/browser/cryptographyClient.js +12 -5
  4. package/dist/browser/cryptographyClient.js.map +1 -1
  5. package/dist/browser/generated/src/api/keyVaultContext.js +12 -9
  6. package/dist/browser/generated/src/api/keyVaultContext.js.map +1 -1
  7. package/dist/browser/generated/src/api/operations.js +229 -78
  8. package/dist/browser/generated/src/api/operations.js.map +1 -1
  9. package/dist/browser/generated/src/keyVaultClient.js +8 -3
  10. package/dist/browser/generated/src/keyVaultClient.js.map +1 -1
  11. package/dist/browser/generated/src/static-helpers/pagingHelpers.js +31 -50
  12. package/dist/browser/generated/src/static-helpers/pagingHelpers.js.map +1 -1
  13. package/dist/browser/generated/src/static-helpers/urlTemplate.js +2 -2
  14. package/dist/browser/generated/src/static-helpers/urlTemplate.js.map +1 -1
  15. package/dist/browser/identifier.js +4 -1
  16. package/dist/browser/identifier.js.map +1 -1
  17. package/dist/browser/index.js +43 -29
  18. package/dist/browser/index.js.map +1 -1
  19. package/dist/browser/lro/delete/operation.js +3 -0
  20. package/dist/browser/lro/delete/operation.js.map +1 -1
  21. package/dist/browser/lro/delete/poller.js +4 -1
  22. package/dist/browser/lro/delete/poller.js.map +1 -1
  23. package/dist/browser/lro/keyVaultKeyPoller.js +6 -8
  24. package/dist/browser/lro/keyVaultKeyPoller.js.map +1 -1
  25. package/dist/browser/lro/recover/operation.js +5 -2
  26. package/dist/browser/lro/recover/operation.js.map +1 -1
  27. package/dist/browser/lro/recover/poller.js +4 -1
  28. package/dist/browser/lro/recover/poller.js.map +1 -1
  29. package/dist/browser/transformations.js +30 -41
  30. package/dist/browser/transformations.js.map +1 -1
  31. package/dist/commonjs/cryptography/aesCryptographyProvider.js +29 -29
  32. package/dist/commonjs/cryptography/aesCryptographyProvider.js.map +1 -1
  33. package/dist/commonjs/cryptography/remoteCryptographyProvider.js +34 -11
  34. package/dist/commonjs/cryptography/remoteCryptographyProvider.js.map +1 -1
  35. package/dist/commonjs/cryptography/rsaCryptographyProvider.js +39 -36
  36. package/dist/commonjs/cryptography/rsaCryptographyProvider.js.map +1 -1
  37. package/dist/commonjs/cryptographyClient.js +12 -5
  38. package/dist/commonjs/cryptographyClient.js.map +1 -1
  39. package/dist/commonjs/generated/src/api/keyVaultContext.js +12 -9
  40. package/dist/commonjs/generated/src/api/keyVaultContext.js.map +1 -1
  41. package/dist/commonjs/generated/src/api/operations.js +229 -78
  42. package/dist/commonjs/generated/src/api/operations.js.map +1 -1
  43. package/dist/commonjs/generated/src/keyVaultClient.js +8 -3
  44. package/dist/commonjs/generated/src/keyVaultClient.js.map +1 -1
  45. package/dist/commonjs/generated/src/static-helpers/pagingHelpers.js +31 -50
  46. package/dist/commonjs/generated/src/static-helpers/pagingHelpers.js.map +1 -1
  47. package/dist/commonjs/generated/src/static-helpers/urlTemplate.js +2 -2
  48. package/dist/commonjs/generated/src/static-helpers/urlTemplate.js.map +1 -1
  49. package/dist/commonjs/identifier.js +4 -1
  50. package/dist/commonjs/identifier.js.map +1 -1
  51. package/dist/commonjs/index.js +43 -29
  52. package/dist/commonjs/index.js.map +1 -1
  53. package/dist/commonjs/lro/delete/operation.js +3 -0
  54. package/dist/commonjs/lro/delete/operation.js.map +1 -1
  55. package/dist/commonjs/lro/delete/poller.js +4 -1
  56. package/dist/commonjs/lro/delete/poller.js.map +1 -1
  57. package/dist/commonjs/lro/keyVaultKeyPoller.js +6 -8
  58. package/dist/commonjs/lro/keyVaultKeyPoller.js.map +1 -1
  59. package/dist/commonjs/lro/recover/operation.js +5 -2
  60. package/dist/commonjs/lro/recover/operation.js.map +1 -1
  61. package/dist/commonjs/lro/recover/poller.js +4 -1
  62. package/dist/commonjs/lro/recover/poller.js.map +1 -1
  63. package/dist/commonjs/transformations.js +30 -41
  64. package/dist/commonjs/transformations.js.map +1 -1
  65. package/dist/commonjs/tsdoc-metadata.json +11 -11
  66. package/dist/esm/cryptography/aesCryptographyProvider.js +26 -26
  67. package/dist/esm/cryptography/aesCryptographyProvider.js.map +1 -1
  68. package/dist/esm/cryptography/remoteCryptographyProvider.js +34 -11
  69. package/dist/esm/cryptography/remoteCryptographyProvider.js.map +1 -1
  70. package/dist/esm/cryptography/rsaCryptographyProvider.js +39 -36
  71. package/dist/esm/cryptography/rsaCryptographyProvider.js.map +1 -1
  72. package/dist/esm/cryptographyClient.js +12 -5
  73. package/dist/esm/cryptographyClient.js.map +1 -1
  74. package/dist/esm/generated/src/api/keyVaultContext.js +12 -9
  75. package/dist/esm/generated/src/api/keyVaultContext.js.map +1 -1
  76. package/dist/esm/generated/src/api/operations.js +229 -78
  77. package/dist/esm/generated/src/api/operations.js.map +1 -1
  78. package/dist/esm/generated/src/keyVaultClient.js +8 -3
  79. package/dist/esm/generated/src/keyVaultClient.js.map +1 -1
  80. package/dist/esm/generated/src/static-helpers/pagingHelpers.js +31 -50
  81. package/dist/esm/generated/src/static-helpers/pagingHelpers.js.map +1 -1
  82. package/dist/esm/generated/src/static-helpers/urlTemplate.js +2 -2
  83. package/dist/esm/generated/src/static-helpers/urlTemplate.js.map +1 -1
  84. package/dist/esm/identifier.js +4 -1
  85. package/dist/esm/identifier.js.map +1 -1
  86. package/dist/esm/index.js +43 -29
  87. package/dist/esm/index.js.map +1 -1
  88. package/dist/esm/lro/delete/operation.js +3 -0
  89. package/dist/esm/lro/delete/operation.js.map +1 -1
  90. package/dist/esm/lro/delete/poller.js +4 -1
  91. package/dist/esm/lro/delete/poller.js.map +1 -1
  92. package/dist/esm/lro/keyVaultKeyPoller.js +6 -8
  93. package/dist/esm/lro/keyVaultKeyPoller.js.map +1 -1
  94. package/dist/esm/lro/recover/operation.js +5 -2
  95. package/dist/esm/lro/recover/operation.js.map +1 -1
  96. package/dist/esm/lro/recover/poller.js +4 -1
  97. package/dist/esm/lro/recover/poller.js.map +1 -1
  98. package/dist/esm/transformations.js +30 -41
  99. package/dist/esm/transformations.js.map +1 -1
  100. package/package.json +2 -2
package/dist/commonjs/cryptography/rsaCryptographyProvider.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"rsaCryptographyProvider.js","sourceRoot":"","sources":["../../../src/cryptography/rsaCryptographyProvider.ts"],"names":[],"mappings":";AAAA,uCAAuC;AACvC,kCAAkC;;;AAElC,yCAAsE;AACtE,6CAA4C;AAC5C,2CAA2C;AAoB3C,qDAAmD;AAEnD,2CAAgE;AAEhE;;GAEG;AACH,MAAa,uBAAuB;IAClC,YAAY,GAAe;QAmH3B;;WAEG;QACK,yBAAoB,GAAa;YACvC,QAAQ;YACR,UAAU;YACV,OAAO;YACP,OAAO;YACP,OAAO;YACP,OAAO;YACP,OAAO;YACP,OAAO;SACR,CAAC;QAEF;;WAEG;QACK,yBAAoB,GAAoC;YAC9D,SAAS;YACT,SAAS;YACT,YAAY;SACb,CAAC;QAEF;;;WAGG;QACH,sCAAiC,GAA4B;YAC3D,KAAK,EAAE,QAAQ;YACf,KAAK,EAAE,QAAQ;YACf,KAAK,EAAE,QAAQ;YACf,KAAK,EAAE,QAAQ;YACf,KAAK,EAAE,QAAQ;YACf,KAAK,EAAE,QAAQ;SAChB,CAAC;QApJA,IAAI,CAAC,GAAG,GAAG,GAAG,CAAC;IACjB,CAAC;IAED,WAAW,CAAC,SAAiB,EAAE,SAAwC;QACrE,OAAO,CACL,IAAI,CAAC,oBAAoB,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,IAAI,CAAC,oBAAoB,CAAC,QAAQ,CAAC,SAAS,CAAC,CAC/F,CAAC;IACJ,CAAC;IAED,OAAO,CAAC,iBAAoC,EAAE,QAAyB;QACrE,IAAI,CAAC,WAAW,EAAE,CAAC;QACnB,MAAM,MAAM,GAAG,IAAA,gCAAe,EAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAEzC,MAAM,OAAO,GACX,iBAAiB,CAAC,SAAS,KAAK,QAAQ,CAAC,CAAC,CAAC,6BAAiB,CAAC,CAAC,CAAC,kCAAsB,CAAC;QAExF,OAAO,OAAO,CAAC,OAAO,CAAC;YACrB,SAAS,EAAE,iBAAiB,CAAC,SAAS;YACtC,KAAK,EAAE,IAAI,CAAC,GAAG,CAAC,GAAG;YACnB,MAAM,EAAE,IAAA,2BAAa,EACnB,EAAE,GAAG,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,EACjC,MAAM,CAAC,IAAI,CAAC,iBAAiB,CAAC,SAAS,CAAC,CACzC;SACF,CAAC,CAAC;IACL,CAAC;IAED,OAAO,CACL,kBAAqC,EACrC,QAAyB;QAEzB,MAAM,IAAI,6CAAiC,CACzC,uDAAuD,CACxD,CAAC;IACJ,CAAC;IAED,OAAO,CACL,SAA2B,EAC3B,SAAqB,EACrB,QAAyB;QAEzB,IAAI,CAAC,WAAW,EAAE,CAAC;QACnB,MAAM,MAAM,GAAG,IAAA,gCAAe,EAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAEzC,MAAM,OAAO,GAAG,SAAS,KAAK,QAAQ,CAAC,CAAC,CAAC,6BAAiB,CAAC,CAAC,CAAC,kCAAsB,CAAC;QAEpF,OAAO,OAAO,CAAC,OAAO,CAAC;YACrB,SAAS,EAAE,SAA6B;YACxC,MAAM,EAAE,IAAA,2BAAa,EAAC,EAAE,GAAG,EAAE,MAAM,EAAE,OAAO,EAAE,EAAE,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YACvE,KAAK,EAAE,IAAI,CAAC,GAAG,CAAC,GAAG;SACpB,CAAC,CAAC;IACL,CAAC;IAED,SAAS,CACP,UAA4B,EAC5B,aAAyB,EACzB,QAA2B;QAE3B,MAAM,IAAI,6CAAiC,CACzC,6DAA6D,CAC9D,CAAC;IACJ,CAAC;IAED,IAAI,CACF,UAA8B,EAC9B,OAAmB,EACnB,QAAsB;QAEtB,MAAM,IAAI,6CAAiC,CACzC,6DAA6D,CAC9D,CAAC;IACJ,CAAC;IAED,QAAQ,CACN,UAA8B,EAC9B,KAAiB,EACjB,QAAsB;QAEtB,MAAM,IAAI,6CAAiC,CACzC,oEAAoE,CACrE,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,MAAM,CACV,UAA8B,EAC9B,OAAmB,EACnB,UAAsB,EACtB,QAAwB;QAExB,MAAM,IAAI,6CAAiC,CACzC,+DAA+D,CAChE,CAAC;IACJ,CAAC;IAED,UAAU,CACR,SAA6B,EAC7B,IAAgB,EAChB,SAAqB,EACrB,QAAwB;QAExB,IAAI,CAAC,WAAW,EAAE,CAAC;QACnB,MAAM,MAAM,GAAG,IAAA,gCAAe,EAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAEzC,MAAM,QAAQ,GAAG,IAAA,wBAAY,EAAC,SAAS,EAAE,IAAI,CAAC,CAAC;QAC/C,OAAO,OAAO,CAAC,OAAO,CAAC;YACrB,MAAM,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YACvD,KAAK,EAAE,IAAI,CAAC,GAAG,CAAC,GAAG;SACpB,CAAC,CAAC;IACL,CAAC;IA2CO,WAAW;;QACjB,IACE,IAAI,CAAC,GAAG;YACR,CAAA,MAAA,IAAI,CAAC,GAAG,CAAC,GAAG,0CAAE,WAAW,EAAE,MAAK,KAAK;YACrC,CAAA,MAAA,IAAI,CAAC,GAAG,CAAC,GAAG,0CAAE,WAAW,EAAE,MAAK,SAAS,EACzC,CAAC;YACD,MAAM,IAAI,KAAK,CAAC,2CAA2C,CAAC,CAAC;QAC/D,CAAC;IACH,CAAC;CACF;AAjKD,0DAiKC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport { RSA_PKCS1_OAEP_PADDING, RSA_PKCS1_PADDING } from \"constants\";\nimport { publicEncrypt } from \"node:crypto\";\nimport { createVerify } from \"./crypto.js\";\nimport type {\n DecryptOptions,\n DecryptParameters,\n DecryptResult,\n EncryptOptions,\n EncryptParameters,\n EncryptResult,\n JsonWebKey,\n KeyWrapAlgorithm,\n SignOptions,\n SignResult,\n SignatureAlgorithm,\n UnwrapKeyOptions,\n UnwrapResult,\n VerifyOptions,\n VerifyResult,\n WrapKeyOptions,\n WrapResult,\n} from \"../index.js\";\nimport { convertJWKtoPEM } from \"./conversions.js\";\nimport type { CryptographyProvider, CryptographyProviderOperation } from \"./models.js\";\nimport { LocalCryptographyUnsupportedError } from \"./models.js\";\n\n/**\n * An RSA cryptography provider supporting RSA algorithms.\n */\nexport class RsaCryptographyProvider implements CryptographyProvider {\n constructor(key: JsonWebKey) {\n this.key = key;\n }\n\n isSupported(algorithm: string, operation: CryptographyProviderOperation): boolean {\n return (\n this.applicableAlgorithms.includes(algorithm) && this.applicableOperations.includes(operation)\n );\n }\n\n encrypt(encryptParameters: EncryptParameters, _options?: EncryptOptions): Promise<EncryptResult> {\n this.ensureValid();\n const keyPEM = convertJWKtoPEM(this.key);\n\n const padding =\n encryptParameters.algorithm === \"RSA1_5\" ? RSA_PKCS1_PADDING : RSA_PKCS1_OAEP_PADDING;\n\n return Promise.resolve({\n algorithm: encryptParameters.algorithm,\n keyID: this.key.kid,\n result: publicEncrypt(\n { key: keyPEM, padding: padding },\n Buffer.from(encryptParameters.plaintext),\n ),\n });\n }\n\n decrypt(\n _decryptParameters: DecryptParameters,\n _options?: DecryptOptions,\n ): Promise<DecryptResult> {\n throw new LocalCryptographyUnsupportedError(\n \"Decrypting using a local JsonWebKey is not supported.\",\n );\n }\n\n wrapKey(\n algorithm: KeyWrapAlgorithm,\n keyToWrap: Uint8Array,\n _options?: WrapKeyOptions,\n ): Promise<WrapResult> {\n this.ensureValid();\n const keyPEM = convertJWKtoPEM(this.key);\n\n const padding = algorithm === \"RSA1_5\" ? RSA_PKCS1_PADDING : RSA_PKCS1_OAEP_PADDING;\n\n return Promise.resolve({\n algorithm: algorithm as KeyWrapAlgorithm,\n result: publicEncrypt({ key: keyPEM, padding }, Buffer.from(keyToWrap)),\n keyID: this.key.kid,\n });\n }\n\n unwrapKey(\n _algorithm: KeyWrapAlgorithm,\n _encryptedKey: Uint8Array,\n _options?: UnwrapKeyOptions,\n ): Promise<UnwrapResult> {\n throw new LocalCryptographyUnsupportedError(\n \"Unwrapping a key using a local JsonWebKey is not supported.\",\n );\n }\n\n sign(\n _algorithm: SignatureAlgorithm,\n _digest: Uint8Array,\n _options?: SignOptions,\n ): Promise<SignResult> {\n throw new LocalCryptographyUnsupportedError(\n \"Signing a digest using a local JsonWebKey is not supported.\",\n );\n }\n\n signData(\n _algorithm: SignatureAlgorithm,\n _data: Uint8Array,\n _options?: SignOptions,\n ): Promise<SignResult> {\n throw new LocalCryptographyUnsupportedError(\n \"Signing a block of data using a local JsonWebKey is not supported.\",\n );\n }\n\n async verify(\n _algorithm: SignatureAlgorithm,\n _digest: Uint8Array,\n _signature: Uint8Array,\n _options?: VerifyOptions,\n ): Promise<VerifyResult> {\n throw new LocalCryptographyUnsupportedError(\n \"Verifying a digest using a local JsonWebKey is not supported.\",\n );\n }\n\n verifyData(\n algorithm: SignatureAlgorithm,\n data: Uint8Array,\n signature: Uint8Array,\n _options?: VerifyOptions,\n ): Promise<VerifyResult> {\n this.ensureValid();\n const keyPEM = convertJWKtoPEM(this.key);\n\n const verifier = createVerify(algorithm, data);\n return Promise.resolve({\n result: verifier.verify(keyPEM, Buffer.from(signature)),\n keyID: this.key.kid,\n });\n }\n\n /**\n * The {@link JsonWebKey} used to perform crypto operations.\n */\n private key: JsonWebKey;\n\n /**\n * The set of algorithms this provider supports\n */\n private applicableAlgorithms: string[] = [\n \"RSA1_5\",\n \"RSA-OAEP\",\n \"PS256\",\n \"RS256\",\n \"PS384\",\n \"RS384\",\n \"PS512\",\n \"RS512\",\n ];\n\n /**\n * The set of operations this provider supports\n */\n private applicableOperations: CryptographyProviderOperation[] = [\n \"encrypt\",\n \"wrapKey\",\n \"verifyData\",\n ];\n\n /**\n * Mapping between signature algorithms and their corresponding hash algorithms. Externally used for testing.\n * @internal\n */\n signatureAlgorithmToHashAlgorithm: { [s: string]: string } = {\n PS256: \"SHA256\",\n RS256: \"SHA256\",\n PS384: \"SHA384\",\n RS384: \"SHA384\",\n PS512: \"SHA512\",\n RS512: \"SHA512\",\n };\n\n private ensureValid(): void {\n if (\n this.key &&\n this.key.kty?.toUpperCase() !== \"RSA\" &&\n this.key.kty?.toUpperCase() !== \"RSA-HSM\"\n ) {\n throw new Error(\"Key type does not match the algorithm RSA\");\n }\n }\n}\n"]}
1
+ {"version":3,"file":"rsaCryptographyProvider.js","sourceRoot":"","sources":["../../../src/cryptography/rsaCryptographyProvider.ts"],"names":[],"mappings":";AAAA,uCAAuC;AACvC,kCAAkC;;;AAElC,yCAAsE;AACtE,6CAA4C;AAC5C,2CAA2C;AAoB3C,qDAAmD;AAEnD,2CAAgE;AAEhE;;GAEG;AACH,MAAa,uBAAuB;IAClC,YAAY,GAAe;QACzB,IAAI,CAAC,GAAG,GAAG,GAAG,CAAC;IACjB,CAAC;IAED,WAAW,CAAC,SAAiB,EAAE,SAAwC;QACrE,OAAO,CACL,IAAI,CAAC,oBAAoB,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,IAAI,CAAC,oBAAoB,CAAC,QAAQ,CAAC,SAAS,CAAC,CAC/F,CAAC;IACJ,CAAC;IAED,OAAO,CAAC,iBAAoC,EAAE,QAAyB;QACrE,IAAI,CAAC,WAAW,EAAE,CAAC;QACnB,MAAM,MAAM,GAAG,IAAA,gCAAe,EAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAEzC,MAAM,OAAO,GACX,iBAAiB,CAAC,SAAS,KAAK,QAAQ,CAAC,CAAC,CAAC,6BAAiB,CAAC,CAAC,CAAC,kCAAsB,CAAC;QAExF,OAAO,OAAO,CAAC,OAAO,CAAC;YACrB,SAAS,EAAE,iBAAiB,CAAC,SAAS;YACtC,KAAK,EAAE,IAAI,CAAC,GAAG,CAAC,GAAG;YACnB,MAAM,EAAE,IAAA,2BAAa,EACnB,EAAE,GAAG,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,EACjC,MAAM,CAAC,IAAI,CAAC,iBAAiB,CAAC,SAAS,CAAC,CACzC;SACF,CAAC,CAAC;IACL,CAAC;IAED,OAAO,CACL,kBAAqC,EACrC,QAAyB;QAEzB,MAAM,IAAI,6CAAiC,CACzC,uDAAuD,CACxD,CAAC;IACJ,CAAC;IAED,OAAO,CACL,SAA2B,EAC3B,SAAqB,EACrB,QAAyB;QAEzB,IAAI,CAAC,WAAW,EAAE,CAAC;QACnB,MAAM,MAAM,GAAG,IAAA,gCAAe,EAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAEzC,MAAM,OAAO,GAAG,SAAS,KAAK,QAAQ,CAAC,CAAC,CAAC,6BAAiB,CAAC,CAAC,CAAC,kCAAsB,CAAC;QAEpF,OAAO,OAAO,CAAC,OAAO,CAAC;YACrB,SAAS,EAAE,SAA6B;YACxC,MAAM,EAAE,IAAA,2BAAa,EAAC,EAAE,GAAG,EAAE,MAAM,EAAE,OAAO,EAAE,EAAE,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YACvE,KAAK,EAAE,IAAI,CAAC,GAAG,CAAC,GAAG;SACpB,CAAC,CAAC;IACL,CAAC;IAED,SAAS,CACP,UAA4B,EAC5B,aAAyB,EACzB,QAA2B;QAE3B,MAAM,IAAI,6CAAiC,CACzC,6DAA6D,CAC9D,CAAC;IACJ,CAAC;IAED,IAAI,CACF,UAA8B,EAC9B,OAAmB,EACnB,QAAsB;QAEtB,MAAM,IAAI,6CAAiC,CACzC,6DAA6D,CAC9D,CAAC;IACJ,CAAC;IAED,QAAQ,CACN,UAA8B,EAC9B,KAAiB,EACjB,QAAsB;QAEtB,MAAM,IAAI,6CAAiC,CACzC,oEAAoE,CACrE,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,MAAM,CACV,UAA8B,EAC9B,OAAmB,EACnB,UAAsB,EACtB,QAAwB;QAExB,MAAM,IAAI,6CAAiC,CACzC,+DAA+D,CAChE,CAAC;IACJ,CAAC;IAED,UAAU,CACR,SAA6B,EAC7B,IAAgB,EAChB,SAAqB,EACrB,QAAwB;QAExB,IAAI,CAAC,WAAW,EAAE,CAAC;QACnB,MAAM,MAAM,GAAG,IAAA,gCAAe,EAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAEzC,MAAM,QAAQ,GAAG,IAAA,wBAAY,EAAC,SAAS,EAAE,IAAI,CAAC,CAAC;QAC/C,OAAO,OAAO,CAAC,OAAO,CAAC;YACrB,MAAM,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YACvD,KAAK,EAAE,IAAI,CAAC,GAAG,CAAC,GAAG;SACpB,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACK,GAAG,CAAa;IAExB;;OAEG;IACK,oBAAoB,GAAa;QACvC,QAAQ;QACR,UAAU;QACV,OAAO;QACP,OAAO;QACP,OAAO;QACP,OAAO;QACP,OAAO;QACP,OAAO;KACR,CAAC;IAEF;;OAEG;IACK,oBAAoB,GAAoC;QAC9D,SAAS;QACT,SAAS;QACT,YAAY;KACb,CAAC;IAEF;;;OAGG;IACH,iCAAiC,GAA4B;QAC3D,KAAK,EAAE,QAAQ;QACf,KAAK,EAAE,QAAQ;QACf,KAAK,EAAE,QAAQ;QACf,KAAK,EAAE,QAAQ;QACf,KAAK,EAAE,QAAQ;QACf,KAAK,EAAE,QAAQ;KAChB,CAAC;IAEM,WAAW;QACjB,IACE,IAAI,CAAC,GAAG;YACR,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,WAAW,EAAE,KAAK,KAAK;YACrC,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,WAAW,EAAE,KAAK,SAAS,EACzC,CAAC;YACD,MAAM,IAAI,KAAK,CAAC,2CAA2C,CAAC,CAAC;QAC/D,CAAC;IACH,CAAC;CACF;AAjKD,0DAiKC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport { RSA_PKCS1_OAEP_PADDING, RSA_PKCS1_PADDING } from \"constants\";\nimport { publicEncrypt } from \"node:crypto\";\nimport { createVerify } from \"./crypto.js\";\nimport type {\n DecryptOptions,\n DecryptParameters,\n DecryptResult,\n EncryptOptions,\n EncryptParameters,\n EncryptResult,\n JsonWebKey,\n KeyWrapAlgorithm,\n SignOptions,\n SignResult,\n SignatureAlgorithm,\n UnwrapKeyOptions,\n UnwrapResult,\n VerifyOptions,\n VerifyResult,\n WrapKeyOptions,\n WrapResult,\n} from \"../index.js\";\nimport { convertJWKtoPEM } from \"./conversions.js\";\nimport type { CryptographyProvider, CryptographyProviderOperation } from \"./models.js\";\nimport { LocalCryptographyUnsupportedError } from \"./models.js\";\n\n/**\n * An RSA cryptography provider supporting RSA algorithms.\n */\nexport class RsaCryptographyProvider implements CryptographyProvider {\n constructor(key: JsonWebKey) {\n this.key = key;\n }\n\n isSupported(algorithm: string, operation: CryptographyProviderOperation): boolean {\n return (\n this.applicableAlgorithms.includes(algorithm) && this.applicableOperations.includes(operation)\n );\n }\n\n encrypt(encryptParameters: EncryptParameters, _options?: EncryptOptions): Promise<EncryptResult> {\n this.ensureValid();\n const keyPEM = convertJWKtoPEM(this.key);\n\n const padding =\n encryptParameters.algorithm === \"RSA1_5\" ? RSA_PKCS1_PADDING : RSA_PKCS1_OAEP_PADDING;\n\n return Promise.resolve({\n algorithm: encryptParameters.algorithm,\n keyID: this.key.kid,\n result: publicEncrypt(\n { key: keyPEM, padding: padding },\n Buffer.from(encryptParameters.plaintext),\n ),\n });\n }\n\n decrypt(\n _decryptParameters: DecryptParameters,\n _options?: DecryptOptions,\n ): Promise<DecryptResult> {\n throw new LocalCryptographyUnsupportedError(\n \"Decrypting using a local JsonWebKey is not supported.\",\n );\n }\n\n wrapKey(\n algorithm: KeyWrapAlgorithm,\n keyToWrap: Uint8Array,\n _options?: WrapKeyOptions,\n ): Promise<WrapResult> {\n this.ensureValid();\n const keyPEM = convertJWKtoPEM(this.key);\n\n const padding = algorithm === \"RSA1_5\" ? RSA_PKCS1_PADDING : RSA_PKCS1_OAEP_PADDING;\n\n return Promise.resolve({\n algorithm: algorithm as KeyWrapAlgorithm,\n result: publicEncrypt({ key: keyPEM, padding }, Buffer.from(keyToWrap)),\n keyID: this.key.kid,\n });\n }\n\n unwrapKey(\n _algorithm: KeyWrapAlgorithm,\n _encryptedKey: Uint8Array,\n _options?: UnwrapKeyOptions,\n ): Promise<UnwrapResult> {\n throw new LocalCryptographyUnsupportedError(\n \"Unwrapping a key using a local JsonWebKey is not supported.\",\n );\n }\n\n sign(\n _algorithm: SignatureAlgorithm,\n _digest: Uint8Array,\n _options?: SignOptions,\n ): Promise<SignResult> {\n throw new LocalCryptographyUnsupportedError(\n \"Signing a digest using a local JsonWebKey is not supported.\",\n );\n }\n\n signData(\n _algorithm: SignatureAlgorithm,\n _data: Uint8Array,\n _options?: SignOptions,\n ): Promise<SignResult> {\n throw new LocalCryptographyUnsupportedError(\n \"Signing a block of data using a local JsonWebKey is not supported.\",\n );\n }\n\n async verify(\n _algorithm: SignatureAlgorithm,\n _digest: Uint8Array,\n _signature: Uint8Array,\n _options?: VerifyOptions,\n ): Promise<VerifyResult> {\n throw new LocalCryptographyUnsupportedError(\n \"Verifying a digest using a local JsonWebKey is not supported.\",\n );\n }\n\n verifyData(\n algorithm: SignatureAlgorithm,\n data: Uint8Array,\n signature: Uint8Array,\n _options?: VerifyOptions,\n ): Promise<VerifyResult> {\n this.ensureValid();\n const keyPEM = convertJWKtoPEM(this.key);\n\n const verifier = createVerify(algorithm, data);\n return Promise.resolve({\n result: verifier.verify(keyPEM, Buffer.from(signature)),\n keyID: this.key.kid,\n });\n }\n\n /**\n * The {@link JsonWebKey} used to perform crypto operations.\n */\n private key: JsonWebKey;\n\n /**\n * The set of algorithms this provider supports\n */\n private applicableAlgorithms: string[] = [\n \"RSA1_5\",\n \"RSA-OAEP\",\n \"PS256\",\n \"RS256\",\n \"PS384\",\n \"RS384\",\n \"PS512\",\n \"RS512\",\n ];\n\n /**\n * The set of operations this provider supports\n */\n private applicableOperations: CryptographyProviderOperation[] = [\n \"encrypt\",\n \"wrapKey\",\n \"verifyData\",\n ];\n\n /**\n * Mapping between signature algorithms and their corresponding hash algorithms. Externally used for testing.\n * @internal\n */\n signatureAlgorithmToHashAlgorithm: { [s: string]: string } = {\n PS256: \"SHA256\",\n RS256: \"SHA256\",\n PS384: \"SHA384\",\n RS384: \"SHA384\",\n PS512: \"SHA512\",\n RS512: \"SHA512\",\n };\n\n private ensureValid(): void {\n if (\n this.key &&\n this.key.kty?.toUpperCase() !== \"RSA\" &&\n this.key.kty?.toUpperCase() !== \"RSA-HSM\"\n ) {\n throw new Error(\"Key type does not match the algorithm RSA\");\n }\n }\n}\n"]}
package/dist/commonjs/cryptographyClient.js CHANGED
@@ -16,6 +16,14 @@ const log_js_1 = require("./log.js");
16
16
  * or a local {@link JsonWebKey}.
17
17
  */
18
18
  class CryptographyClient {
19
+ /**
20
+ * The key the CryptographyClient currently holds.
21
+ */
22
+ key;
23
+ /**
24
+ * The remote provider, which would be undefined if used in local mode.
25
+ */
26
+ remoteProvider;
19
27
  /**
20
28
  * Internal constructor implementation for either local or Key Vault backed keys.
21
29
  * @param key - The key to use during cryptography tasks.
@@ -50,8 +58,7 @@ class CryptographyClient {
50
58
  * The base URL to the vault. If a local {@link JsonWebKey} is used vaultUrl will be empty.
51
59
  */
52
60
  get vaultUrl() {
53
- var _a;
54
- return ((_a = this.remoteProvider) === null || _a === void 0 ? void 0 : _a.vaultUrl) || "";
61
+ return this.remoteProvider?.vaultUrl || "";
55
62
  }
56
63
  /**
57
64
  * The ID of the key used to perform cryptographic operations for the client.
@@ -475,6 +482,7 @@ class CryptographyClient {
475
482
  }
476
483
  return this.key;
477
484
  }
485
+ providers;
478
486
  /**
479
487
  * Gets the provider that support this algorithm and operation.
480
488
  * The available providers are ordered by priority such that the first provider that supports this
@@ -504,7 +512,6 @@ class CryptographyClient {
504
512
  return providers[0];
505
513
  }
506
514
  ensureValid(key, operation) {
507
- var _a;
508
515
  if (key.kind === "KeyVaultKey") {
509
516
  const keyOps = key.value.keyOperations;
510
517
  const { notBefore, expiresOn } = key.value.properties;
@@ -517,13 +524,13 @@ class CryptographyClient {
517
524
  throw new Error(`Key ${key.value.id} expired at ${expiresOn.toISOString()}`);
518
525
  }
519
526
  // Check Key operations
520
- if (operation && keyOps && !(keyOps === null || keyOps === void 0 ? void 0 : keyOps.includes(operation))) {
527
+ if (operation && keyOps && !keyOps?.includes(operation)) {
521
528
  throw new Error(`Operation ${operation} is not supported on key ${key.value.id}`);
522
529
  }
523
530
  }
524
531
  else if (key.kind === "JsonWebKey") {
525
532
  // Check JsonWebKey Key operations
526
- if (operation && key.value.keyOps && !((_a = key.value.keyOps) === null || _a === void 0 ? void 0 : _a.includes(operation))) {
533
+ if (operation && key.value.keyOps && !key.value.keyOps?.includes(operation)) {
527
534
  throw new Error(`Operation ${operation} is not supported on key ${key.value.kid}`);
528
535
  }
529
536
  }
package/dist/commonjs/cryptographyClient.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"cryptographyClient.js","sourceRoot":"","sources":["../../src/cryptographyClient.ts"],"names":[],"mappings":";AAAA,uCAAuC;AACvC,kCAAkC;;;AAWlC,mDAAqD;AAuBrD,gGAA0F;AAC1F,wDAAuD;AAEvD,0FAAoF;AACpF,0FAAoF;AACpF,6CAA6C;AAC7C,kEAAwD;AACxD,qCAAkC;AAElC;;;GAGG;AACH,MAAa,kBAAkB;IAoE7B;;;;OAIG;IACH,YACE,GAAsC,EACtC,UAA4B,EAC5B,kBAA6C,EAAE;QAE/C,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;YAC5B,uCAAuC;YACvC,IAAI,CAAC,GAAG,GAAG;gBACT,IAAI,EAAE,YAAY;gBAClB,KAAK,EAAE,GAAG;aACX,CAAC;YACF,IAAI,CAAC,cAAc,GAAG,IAAI,0DAA0B,CAAC,GAAG,EAAE,UAAW,EAAE,eAAe,CAAC,CAAC;QAC1F,CAAC;aAAM,IAAI,MAAM,IAAI,GAAG,EAAE,CAAC;YACzB,4CAA4C;YAC5C,IAAI,CAAC,GAAG,GAAG;gBACT,IAAI,EAAE,aAAa;gBACnB,KAAK,EAAE,GAAG;aACX,CAAC;YACF,IAAI,CAAC,cAAc,GAAG,IAAI,0DAA0B,CAAC,GAAG,EAAE,UAAW,EAAE,eAAe,CAAC,CAAC;QAC1F,CAAC;aAAM,CAAC;YACN,wCAAwC;YACxC,IAAI,CAAC,GAAG,GAAG;gBACT,IAAI,EAAE,YAAY;gBAClB,KAAK,EAAE,GAAG;aACX,CAAC;QACJ,CAAC;IACH,CAAC;IAED;;OAEG;IACH,IAAI,QAAQ;;QACV,OAAO,CAAA,MAAA,IAAI,CAAC,cAAc,0CAAE,QAAQ,KAAI,EAAE,CAAC;IAC7C,CAAC;IAED;;OAEG;IACH,IAAI,KAAK;QACP,IAAI,IAAI,CAAC,GAAG,CAAC,IAAI,KAAK,YAAY,IAAI,IAAI,CAAC,GAAG,CAAC,IAAI,KAAK,sBAAsB,EAAE,CAAC;YAC/E,OAAO,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC;QACxB,CAAC;aAAM,IAAI,IAAI,CAAC,GAAG,CAAC,IAAI,KAAK,aAAa,EAAE,CAAC;YAC3C,OAAO,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC;QAC3B,CAAC;aAAM,CAAC;YACN,OAAO,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC;QAC5B,CAAC;IACH,CAAC;IAoEM,OAAO,CACZ,GAAG,IAEmD;QAEtD,MAAM,CAAC,UAAU,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC,4BAA4B,CAAC,IAAI,CAAC,CAAC;QACtE,OAAO,0BAAa,CAAC,QAAQ,CAAC,4BAA4B,EAAE,OAAO,EAAE,KAAK,EAAE,cAAc,EAAE,EAAE;YAC5F,IAAI,CAAC,WAAW,CAAC,MAAM,IAAI,CAAC,QAAQ,CAAC,cAAc,CAAC,EAAE,kCAAkB,CAAC,OAAO,CAAC,CAAC;YAClF,IAAI,CAAC,YAAY,CAAC,UAAU,CAAC,CAAC;YAC9B,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,SAAS,EAAE,UAAU,CAAC,SAAS,EAAE,cAAc,CAAC,CAAC;YACzF,IAAI,CAAC;gBACH,OAAO,QAAQ,CAAC,OAAO,CAAC,UAAU,EAAE,cAAc,CAAC,CAAC;YACtD,CAAC;YAAC,OAAO,KAAU,EAAE,CAAC;gBACpB,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;oBACxB,OAAO,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC,UAAU,EAAE,cAAc,CAAC,CAAC;gBACjE,CAAC;gBACD,MAAM,KAAK,CAAC;YACd,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC;IAEO,YAAY,CAAC,UAA6B;QAChD,uFAAuF;QACvF,MAAM,qBAAqB,GAAgC;YACzD,SAAS;YACT,YAAY;YACZ,SAAS;YACT,YAAY;YACZ,SAAS;YACT,YAAY;SACb,CAAC;QAEF,IAAI,UAAU,CAAC,SAAS,IAAI,qBAAqB,EAAE,CAAC;YAClD,IAAI,CAAC;gBACH,MAAM,SAAS,GAAG,UAAqC,CAAC;gBACxD,IAAI,CAAC,SAAS,CAAC,EAAE,EAAE,CAAC;oBAClB,SAAS,CAAC,EAAE,GAAG,IAAA,uBAAW,EAAC,EAAE,CAAC,CAAC;gBACjC,CAAC;YACH,CAAC;YAAC,OAAO,CAAM,EAAE,CAAC;gBAChB,MAAM,IAAI,KAAK,CACb,yCAAyC,UAAU,CAAC,SAAS,yDAAyD,CAAC,CAAC,OAAO,EAAE,CAClI,CAAC;YACJ,CAAC;QACH,CAAC;IACH,CAAC;IAED;;;OAGG;IACK,4BAA4B,CAClC,IAAkF;QAElF,IAAI,OAAO,IAAI,CAAC,CAAC,CAAC,KAAK,QAAQ,EAAE,CAAC;YAChC,4CAA4C;YAC5C,OAAO;gBACL;oBACE,SAAS,EAAE,IAAI,CAAC,CAAC,CAAC;oBAClB,SAAS,EAAE,IAAI,CAAC,CAAC,CAAC;iBACE;gBACtB,IAAI,CAAC,CAAC,CAAC,IAAI,EAAE;aACd,CAAC;QACJ,CAAC;aAAM,CAAC;YACN,sEAAsE;YACtE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,EAAE,CAAmB,CAAC,CAAC;QACtD,CAAC;IACH,CAAC;IAqFM,OAAO,CACZ,GAAG,IAEmD;QAEtD,MAAM,CAAC,UAAU,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC,4BAA4B,CAAC,IAAI,CAAC,CAAC;QAEtE,OAAO,0BAAa,CAAC,QAAQ,CAAC,4BAA4B,EAAE,OAAO,EAAE,KAAK,EAAE,cAAc,EAAE,EAAE;YAC5F,IAAI,CAAC,WAAW,CAAC,MAAM,IAAI,CAAC,QAAQ,CAAC,cAAc,CAAC,EAAE,kCAAkB,CAAC,OAAO,CAAC,CAAC;YAClF,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,SAAS,EAAE,UAAU,CAAC,SAAS,EAAE,cAAc,CAAC,CAAC;YACzF,IAAI,CAAC;gBACH,OAAO,QAAQ,CAAC,OAAO,CAAC,UAAU,EAAE,cAAc,CAAC,CAAC;YACtD,CAAC;YAAC,OAAO,KAAU,EAAE,CAAC;gBACpB,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;oBACxB,OAAO,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC,UAAU,EAAE,cAAc,CAAC,CAAC;gBACjE,CAAC;gBACD,MAAM,KAAK,CAAC;YACd,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;;OAGG;IACK,4BAA4B,CAClC,IAAkF;QAElF,IAAI,OAAO,IAAI,CAAC,CAAC,CAAC,KAAK,QAAQ,EAAE,CAAC;YAChC,qDAAqD;YACrD,OAAO;gBACL;oBACE,SAAS,EAAE,IAAI,CAAC,CAAC,CAAC;oBAClB,UAAU,EAAE,IAAI,CAAC,CAAC,CAAC;iBACC;gBACtB,IAAI,CAAC,CAAC,CAAC,IAAI,EAAE;aACd,CAAC;QACJ,CAAC;aAAM,CAAC;YACN,gFAAgF;YAChF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,EAAE,CAAmB,CAAC,CAAC;QACtD,CAAC;IACH,CAAC;IAED;;;;;;;;;;;;;;;;;;;;;;;;OAwBG;IACI,OAAO,CACZ,SAA2B,EAC3B,GAAe,EACf,UAA0B,EAAE;QAE5B,OAAO,0BAAa,CAAC,QAAQ,CAAC,4BAA4B,EAAE,OAAO,EAAE,KAAK,EAAE,cAAc,EAAE,EAAE;YAC5F,IAAI,CAAC,WAAW,CAAC,MAAM,IAAI,CAAC,QAAQ,CAAC,cAAc,CAAC,EAAE,kCAAkB,CAAC,OAAO,CAAC,CAAC;YAClF,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,SAAS,EAAE,SAAS,EAAE,cAAc,CAAC,CAAC;YAC9E,IAAI,CAAC;gBACH,OAAO,QAAQ,CAAC,OAAO,CAAC,SAAS,EAAE,GAAG,EAAE,cAAc,CAAC,CAAC;YAC1D,CAAC;YAAC,OAAO,GAAQ,EAAE,CAAC;gBAClB,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;oBACxB,OAAO,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC,SAAS,EAAE,GAAG,EAAE,OAAO,CAAC,CAAC;gBAC9D,CAAC;gBACD,MAAM,GAAG,CAAC;YACZ,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;;;;;;;;;;;;;;;;;;;;;;;;;;OA2BG;IACI,SAAS,CACd,SAA2B,EAC3B,YAAwB,EACxB,UAA4B,EAAE;QAE9B,OAAO,0BAAa,CAAC,QAAQ,CAC3B,8BAA8B,EAC9B,OAAO,EACP,KAAK,EAAE,cAAc,EAAE,EAAE;YACvB,IAAI,CAAC,WAAW,CAAC,MAAM,IAAI,CAAC,QAAQ,CAAC,cAAc,CAAC,EAAE,kCAAkB,CAAC,SAAS,CAAC,CAAC;YACpF,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,WAAW,EAAE,SAAS,EAAE,cAAc,CAAC,CAAC;YAChF,IAAI,CAAC;gBACH,OAAO,QAAQ,CAAC,SAAS,CAAC,SAAS,EAAE,YAAY,EAAE,cAAc,CAAC,CAAC;YACrE,CAAC;YAAC,OAAO,GAAQ,EAAE,CAAC;gBAClB,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;oBACxB,OAAO,IAAI,CAAC,cAAc,CAAC,SAAS,CAAC,SAAS,EAAE,YAAY,EAAE,OAAO,CAAC,CAAC;gBACzE,CAAC;gBACD,MAAM,GAAG,CAAC;YACZ,CAAC;QACH,CAAC,CACF,CAAC;IACJ,CAAC;IAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OA+BG;IACI,IAAI,CACT,SAA6B,EAC7B,MAAkB,EAClB,UAAuB,EAAE;QAEzB,OAAO,0BAAa,CAAC,QAAQ,CAAC,yBAAyB,EAAE,OAAO,EAAE,KAAK,EAAE,cAAc,EAAE,EAAE;YACzF,IAAI,CAAC,WAAW,CAAC,MAAM,IAAI,CAAC,QAAQ,CAAC,cAAc,CAAC,EAAE,kCAAkB,CAAC,IAAI,CAAC,CAAC;YAC/E,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,SAAS,EAAE,cAAc,CAAC,CAAC;YAC3E,IAAI,CAAC;gBACH,OAAO,QAAQ,CAAC,IAAI,CAAC,SAAS,EAAE,MAAM,EAAE,cAAc,CAAC,CAAC;YAC1D,CAAC;YAAC,OAAO,GAAQ,EAAE,CAAC;gBAClB,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;oBACxB,OAAO,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,SAAS,EAAE,MAAM,EAAE,cAAc,CAAC,CAAC;gBACrE,CAAC;gBACD,MAAM,GAAG,CAAC;YACZ,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OAiCG;IACI,MAAM,CACX,SAA6B,EAC7B,MAAkB,EAClB,SAAqB,EACrB,UAAyB,EAAE;QAE3B,OAAO,0BAAa,CAAC,QAAQ,CAAC,2BAA2B,EAAE,OAAO,EAAE,KAAK,EAAE,cAAc,EAAE,EAAE;YAC3F,IAAI,CAAC,WAAW,CAAC,MAAM,IAAI,CAAC,QAAQ,CAAC,cAAc,CAAC,EAAE,kCAAkB,CAAC,MAAM,CAAC,CAAC;YACjF,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,QAAQ,EAAE,SAAS,EAAE,cAAc,CAAC,CAAC;YAC7E,IAAI,CAAC;gBACH,OAAO,QAAQ,CAAC,MAAM,CAAC,SAAS,EAAE,MAAM,EAAE,SAAS,EAAE,cAAc,CAAC,CAAC;YACvE,CAAC;YAAC,OAAO,GAAQ,EAAE,CAAC;gBAClB,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;oBACxB,OAAO,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,SAAS,EAAE,MAAM,EAAE,SAAS,EAAE,cAAc,CAAC,CAAC;gBAClF,CAAC;gBACD,MAAM,GAAG,CAAC;YACZ,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;;;;;;;;;;;;;;;;;;;;;;;OAwBG;IACI,QAAQ,CACb,SAA6B,EAC7B,IAAgB;IAChB,8DAA8D;IAC9D,UAAuB,EAAE;QAEzB,OAAO,0BAAa,CAAC,QAAQ,CAC3B,6BAA6B,EAC7B,OAAO,EACP,KAAK,EAAE,cAAc,EAAE,EAAE;YACvB,IAAI,CAAC,WAAW,CAAC,MAAM,IAAI,CAAC,QAAQ,CAAC,cAAc,CAAC,EAAE,kCAAkB,CAAC,IAAI,CAAC,CAAC;YAC/E,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,UAAU,EAAE,SAAS,EAAE,cAAc,CAAC,CAAC;YAC/E,IAAI,CAAC;gBACH,OAAO,QAAQ,CAAC,QAAQ,CAAC,SAAS,EAAE,IAAI,EAAE,cAAc,CAAC,CAAC;YAC5D,CAAC;YAAC,OAAO,GAAQ,EAAE,CAAC;gBAClB,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;oBACxB,OAAO,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,SAAS,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC;gBAChE,CAAC;gBACD,MAAM,GAAG,CAAC;YACZ,CAAC;QACH,CAAC,CACF,CAAC;IACJ,CAAC;IAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OA8BG;IACI,UAAU,CACf,SAA6B,EAC7B,IAAgB,EAChB,SAAqB;IACrB,8DAA8D;IAC9D,UAAyB,EAAE;QAE3B,OAAO,0BAAa,CAAC,QAAQ,CAC3B,+BAA+B,EAC/B,OAAO,EACP,KAAK,EAAE,cAAc,EAAE,EAAE;YACvB,IAAI,CAAC,WAAW,CAAC,MAAM,IAAI,CAAC,QAAQ,CAAC,cAAc,CAAC,EAAE,kCAAkB,CAAC,MAAM,CAAC,CAAC;YACjF,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,YAAY,EAAE,SAAS,EAAE,cAAc,CAAC,CAAC;YACjF,IAAI,CAAC;gBACH,OAAO,QAAQ,CAAC,UAAU,CAAC,SAAS,EAAE,IAAI,EAAE,SAAS,EAAE,cAAc,CAAC,CAAC;YACzE,CAAC;YAAC,OAAO,GAAQ,EAAE,CAAC;gBAClB,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;oBACxB,OAAO,IAAI,CAAC,cAAc,CAAC,UAAU,CAAC,SAAS,EAAE,IAAI,EAAE,SAAS,EAAE,cAAc,CAAC,CAAC;gBACpF,CAAC;gBACD,MAAM,GAAG,CAAC;YACZ,CAAC;QACH,CAAC,CACF,CAAC;IACJ,CAAC;IAED;;;OAGG;IACK,KAAK,CAAC,cAAc,CAAC,OAAsB;QACjD,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;QAEzC,QAAQ,GAAG,CAAC,IAAI,EAAE,CAAC;YACjB,KAAK,YAAY;gBACf,OAAO,GAAG,CAAC,KAAK,CAAC;YACnB,KAAK,aAAa;gBAChB,OAAO,GAAG,CAAC,KAAK,CAAC,GAAI,CAAC;YACxB;gBACE,OAAO,SAAS,CAAC;QACrB,CAAC;IACH,CAAC;IAED;;;;OAIG;IACK,KAAK,CAAC,QAAQ,CAA6B,OAAU;QAC3D,IAAI,IAAI,CAAC,GAAG,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;YACnC,0DAA0D;YAC1D,IAAI,GAA4B,CAAC;YACjC,IAAI,CAAC;gBACH,GAAG,GAAG,MAAM,IAAI,CAAC,cAAe,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;YACnD,CAAC;YAAC,OAAO,CAAU,EAAE,CAAC;gBACpB,IAAI,IAAA,gCAAW,EAAC,CAAC,CAAC,IAAI,CAAC,CAAC,UAAU,KAAK,GAAG,EAAE,CAAC;oBAC3C,4FAA4F;oBAC5F,sGAAsG;oBACtG,eAAM,CAAC,OAAO,CACZ,gCAAgC,IAAI,CAAC,GAAG,CAAC,KAAK,qCAAqC,CACpF,CAAC;oBACF,IAAI,CAAC,GAAG,GAAG,EAAE,IAAI,EAAE,sBAAsB,EAAE,KAAK,EAAE,IAAI,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC;gBACrE,CAAC;qBAAM,CAAC;oBACN,MAAM,CAAC,CAAC;gBACV,CAAC;YACH,CAAC;YAED,IAAI,GAAG,EAAE,CAAC;gBACR,IAAI,CAAC,GAAG,GAAG,EAAE,IAAI,EAAE,aAAa,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC;YACjD,CAAC;QACH,CAAC;QAED,OAAO,IAAI,CAAC,GAAG,CAAC;IAClB,CAAC;IAGD;;;;;;OAMG;IACK,KAAK,CAAC,WAAW,CACvB,SAAwC,EACxC,SAAiB,EACjB,OAAU;QAEV,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC;YACpB,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC;YACvD,IAAI,CAAC,SAAS,GAAG,EAAE,CAAC;YAEpB,uCAAuC;YACvC,IAAI,WAAW,EAAE,CAAC;gBAChB,IAAI,CAAC,SAAS,CAAC,IAAI,CACjB,IAAI,oDAAuB,CAAC,WAAW,CAAC,EACxC,IAAI,oDAAuB,CAAC,WAAW,CAAC,CACzC,CAAC;YACJ,CAAC;YAED,2FAA2F;YAC3F,qGAAqG;YACrG,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;gBACxB,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;YAC3C,CAAC;QACH,CAAC;QAED,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,CAAC,SAAS,EAAE,SAAS,CAAC,CAAC,CAAC;QAEpF,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC3B,MAAM,IAAI,KAAK,CACb,iCAAiC,SAAS,sBAAsB,SAAS,KACvE,IAAI,CAAC,GAAG,CAAC,IAAI,KAAK,YAAY,CAAC,CAAC,CAAC,0BAA0B,CAAC,CAAC,CAAC,EAChE,EAAE,CACH,CAAC;QACJ,CAAC;QAED,uDAAuD;QACvD,OAAO,SAAS,CAAC,CAAC,CAAC,CAAC;IACtB,CAAC;IAEO,WAAW,CAAC,GAA0B,EAAE,SAAwB;;QACtE,IAAI,GAAG,CAAC,IAAI,KAAK,aAAa,EAAE,CAAC;YAC/B,MAAM,MAAM,GAAG,GAAG,CAAC,KAAK,CAAC,aAAa,CAAC;YACvC,MAAM,EAAE,SAAS,EAAE,SAAS,EAAE,GAAG,GAAG,CAAC,KAAK,CAAC,UAAU,CAAC;YACtD,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;YAEvB,gCAAgC;YAChC,IAAI,SAAS,IAAI,GAAG,GAAG,SAAS,EAAE,CAAC;gBACjC,MAAM,IAAI,KAAK,CAAC,OAAO,GAAG,CAAC,KAAK,CAAC,EAAE,yBAAyB,SAAS,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;YACzF,CAAC;YAED,IAAI,SAAS,IAAI,GAAG,GAAG,SAAS,EAAE,CAAC;gBACjC,MAAM,IAAI,KAAK,CAAC,OAAO,GAAG,CAAC,KAAK,CAAC,EAAE,eAAe,SAAS,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;YAC/E,CAAC;YAED,uBAAuB;YACvB,IAAI,SAAS,IAAI,MAAM,IAAI,CAAC,CAAA,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,QAAQ,CAAC,SAAS,CAAC,CAAA,EAAE,CAAC;gBACxD,MAAM,IAAI,KAAK,CAAC,aAAa,SAAS,4BAA4B,GAAG,CAAC,KAAK,CAAC,EAAE,EAAE,CAAC,CAAC;YACpF,CAAC;QACH,CAAC;aAAM,IAAI,GAAG,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;YACrC,kCAAkC;YAClC,IAAI,SAAS,IAAI,GAAG,CAAC,KAAK,CAAC,MAAM,IAAI,CAAC,CAAA,MAAA,GAAG,CAAC,KAAK,CAAC,MAAM,0CAAE,QAAQ,CAAC,SAAS,CAAC,CAAA,EAAE,CAAC;gBAC5E,MAAM,IAAI,KAAK,CAAC,aAAa,SAAS,4BAA4B,GAAG,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC;YACrF,CAAC;QACH,CAAC;IACH,CAAC;CACF;AAvyBD,gDAuyBC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { OperationOptions } from \"@azure-rest/core-client\";\nimport type { TokenCredential } from \"@azure/core-auth\";\nimport type {\n CryptographyClientOptions,\n GetKeyOptions,\n JsonWebKey,\n KeyOperation,\n KeyVaultKey,\n} from \"./keysModels.js\";\nimport { KnownKeyOperations } from \"./keysModels.js\";\nimport type {\n AesCbcEncryptParameters,\n AesCbcEncryptionAlgorithm,\n CryptographyClientKey,\n DecryptOptions,\n DecryptParameters,\n DecryptResult,\n EncryptOptions,\n EncryptParameters,\n EncryptResult,\n EncryptionAlgorithm,\n KeyWrapAlgorithm,\n SignOptions,\n SignResult,\n SignatureAlgorithm,\n UnwrapKeyOptions,\n UnwrapResult,\n VerifyOptions,\n VerifyResult,\n WrapKeyOptions,\n WrapResult,\n} from \"./cryptographyClientModels.js\";\nimport { RemoteCryptographyProvider } from \"./cryptography/remoteCryptographyProvider.js\";\nimport { randomBytes } from \"./cryptography/crypto.js\";\nimport type { CryptographyProvider, CryptographyProviderOperation } from \"./cryptography/models.js\";\nimport { RsaCryptographyProvider } from \"./cryptography/rsaCryptographyProvider.js\";\nimport { AesCryptographyProvider } from \"./cryptography/aesCryptographyProvider.js\";\nimport { tracingClient } from \"./tracing.js\";\nimport { isRestError } from \"@azure/core-rest-pipeline\";\nimport { logger } from \"./log.js\";\n\n/**\n * A client used to perform cryptographic operations on an Azure Key vault key\n * or a local {@link JsonWebKey}.\n */\nexport class CryptographyClient {\n /**\n * The key the CryptographyClient currently holds.\n */\n private key: CryptographyClientKey;\n\n /**\n * The remote provider, which would be undefined if used in local mode.\n */\n private remoteProvider?: RemoteCryptographyProvider;\n\n /**\n * Constructs a new instance of the Cryptography client for the given key\n *\n * Example usage:\n * ```ts snippet:ReadmeSampleCreateCryptographyClient\n * import { DefaultAzureCredential } from \"@azure/identity\";\n * import { KeyClient, CryptographyClient } from \"@azure/keyvault-keys\";\n *\n * const credential = new DefaultAzureCredential();\n *\n * const vaultName = \"<YOUR KEYVAULT NAME>\";\n * const url = `https://${vaultName}.vault.azure.net`;\n *\n * const client = new KeyClient(url, credential);\n *\n * // Create or retrieve a key from the keyvault\n * const myKey = await client.createKey(\"MyKey\", \"RSA\");\n *\n * // Lastly, create our cryptography client and connect to the service\n * const cryptographyClient = new CryptographyClient(myKey, credential);\n * ```\n * @param key - The key to use during cryptography tasks. You can also pass the identifier of the key i.e its url here.\n * @param credential - An object that implements the `TokenCredential` interface used to authenticate requests to the service. Use the \\@azure/identity package to create a credential that suits your needs.\n * @param pipelineOptions - Pipeline options used to configure Key Vault API requests.\n * Omit this parameter to use the default pipeline configuration.\n */\n constructor(\n key: string | KeyVaultKey,\n credential: TokenCredential,\n pipelineOptions?: CryptographyClientOptions,\n );\n /**\n * Constructs a new instance of the Cryptography client for the given key in local mode.\n *\n * Example usage:\n * ```ts snippet:ReadmeSampleCreateCryptographyClientLocal\n * import { CryptographyClient } from \"@azure/keyvault-keys\";\n *\n * const jsonWebKey = {\n * kty: \"RSA\",\n * kid: \"test-key-123\",\n * use: \"sig\",\n * alg: \"RS256\",\n * n: new Uint8Array([112, 34, 56, 98, 123, 244, 200, 99]),\n * e: new Uint8Array([1, 0, 1]),\n * d: new Uint8Array([45, 67, 89, 23, 144, 200, 76, 233]),\n * p: new Uint8Array([34, 89, 100, 77, 204, 56, 29, 77]),\n * q: new Uint8Array([78, 99, 201, 45, 188, 34, 67, 90]),\n * dp: new Uint8Array([23, 45, 78, 56, 200, 144, 32, 67]),\n * dq: new Uint8Array([12, 67, 89, 144, 99, 56, 23, 45]),\n * qi: new Uint8Array([78, 90, 45, 201, 34, 67, 120, 55]),\n * };\n * const client = new CryptographyClient(jsonWebKey);\n * ```\n * @param key - The JsonWebKey to use during cryptography operations.\n */\n constructor(key: JsonWebKey);\n /**\n * Internal constructor implementation for either local or Key Vault backed keys.\n * @param key - The key to use during cryptography tasks.\n * @param credential - Teh credential to use when constructing a Key Vault Cryptography client.\n */\n constructor(\n key: string | KeyVaultKey | JsonWebKey,\n credential?: TokenCredential,\n pipelineOptions: CryptographyClientOptions = {},\n ) {\n if (typeof key === \"string\") {\n // Key URL for remote-local operations.\n this.key = {\n kind: \"identifier\",\n value: key,\n };\n this.remoteProvider = new RemoteCryptographyProvider(key, credential!, pipelineOptions);\n } else if (\"name\" in key) {\n // KeyVault key for remote-local operations.\n this.key = {\n kind: \"KeyVaultKey\",\n value: key,\n };\n this.remoteProvider = new RemoteCryptographyProvider(key, credential!, pipelineOptions);\n } else {\n // JsonWebKey for local-only operations.\n this.key = {\n kind: \"JsonWebKey\",\n value: key,\n };\n }\n }\n\n /**\n * The base URL to the vault. If a local {@link JsonWebKey} is used vaultUrl will be empty.\n */\n get vaultUrl(): string {\n return this.remoteProvider?.vaultUrl || \"\";\n }\n\n /**\n * The ID of the key used to perform cryptographic operations for the client.\n */\n get keyID(): string | undefined {\n if (this.key.kind === \"identifier\" || this.key.kind === \"remoteOnlyIdentifier\") {\n return this.key.value;\n } else if (this.key.kind === \"KeyVaultKey\") {\n return this.key.value.id;\n } else {\n return this.key.value.kid;\n }\n }\n\n /**\n * Encrypts the given plaintext with the specified encryption parameters.\n * Depending on the algorithm set in the encryption parameters, the set of possible encryption parameters will change.\n *\n * Example usage:\n * ```ts snippet:ReadmeSampleEncrypt\n * import { DefaultAzureCredential } from \"@azure/identity\";\n * import { KeyClient, CryptographyClient } from \"@azure/keyvault-keys\";\n *\n * const credential = new DefaultAzureCredential();\n *\n * const vaultName = \"<YOUR KEYVAULT NAME>\";\n * const url = `https://${vaultName}.vault.azure.net`;\n *\n * const client = new KeyClient(url, credential);\n *\n * const myKey = await client.createKey(\"MyKey\", \"RSA\");\n * const cryptographyClient = new CryptographyClient(myKey.id, credential);\n *\n * const encryptResult = await cryptographyClient.encrypt({\n * algorithm: \"RSA1_5\",\n * plaintext: Buffer.from(\"My Message\"),\n * });\n * console.log(\"encrypt result: \", encryptResult.result);\n * ```\n * @param encryptParameters - The encryption parameters, keyed on the encryption algorithm chosen.\n * @param options - Additional options.\n */\n public encrypt(\n encryptParameters: EncryptParameters,\n options?: EncryptOptions,\n ): Promise<EncryptResult>;\n /**\n * Encrypts the given plaintext with the specified cryptography algorithm\n *\n * Example usage:\n * ```ts snippet:ReadmeSampleEncrypt\n * import { DefaultAzureCredential } from \"@azure/identity\";\n * import { KeyClient, CryptographyClient } from \"@azure/keyvault-keys\";\n *\n * const credential = new DefaultAzureCredential();\n *\n * const vaultName = \"<YOUR KEYVAULT NAME>\";\n * const url = `https://${vaultName}.vault.azure.net`;\n *\n * const client = new KeyClient(url, credential);\n *\n * const myKey = await client.createKey(\"MyKey\", \"RSA\");\n * const cryptographyClient = new CryptographyClient(myKey.id, credential);\n *\n * const encryptResult = await cryptographyClient.encrypt({\n * algorithm: \"RSA1_5\",\n * plaintext: Buffer.from(\"My Message\"),\n * });\n * console.log(\"encrypt result: \", encryptResult.result);\n * ```\n * @param algorithm - The algorithm to use.\n * @param plaintext - The text to encrypt.\n * @param options - Additional options.\n * @deprecated Use `encrypt({ algorithm, plaintext }, options)` instead.\n */\n public encrypt(\n algorithm: EncryptionAlgorithm,\n plaintext: Uint8Array,\n options?: EncryptOptions,\n ): Promise<EncryptResult>;\n public encrypt(\n ...args:\n | [EncryptParameters, EncryptOptions?]\n | [EncryptionAlgorithm, Uint8Array, EncryptOptions?]\n ): Promise<EncryptResult> {\n const [parameters, options] = this.disambiguateEncryptArguments(args);\n return tracingClient.withSpan(\"CryptographyClient.encrypt\", options, async (updatedOptions) => {\n this.ensureValid(await this.fetchKey(updatedOptions), KnownKeyOperations.Encrypt);\n this.initializeIV(parameters);\n const provider = await this.getProvider(\"encrypt\", parameters.algorithm, updatedOptions);\n try {\n return provider.encrypt(parameters, updatedOptions);\n } catch (error: any) {\n if (this.remoteProvider) {\n return this.remoteProvider.encrypt(parameters, updatedOptions);\n }\n throw error;\n }\n });\n }\n\n private initializeIV(parameters: EncryptParameters): void {\n // For AES-GCM the service **must** generate the IV, so we only populate it for AES-CBC\n const algorithmsRequiringIV: AesCbcEncryptionAlgorithm[] = [\n \"A128CBC\",\n \"A128CBCPAD\",\n \"A192CBC\",\n \"A192CBCPAD\",\n \"A256CBC\",\n \"A256CBCPAD\",\n ];\n\n if (parameters.algorithm in algorithmsRequiringIV) {\n try {\n const cbcParams = parameters as AesCbcEncryptParameters;\n if (!cbcParams.iv) {\n cbcParams.iv = randomBytes(16);\n }\n } catch (e: any) {\n throw new Error(\n `Unable to initialize IV for algorithm ${parameters.algorithm}. You may pass a valid IV to avoid this error. Error: ${e.message}`,\n );\n }\n }\n }\n\n /**\n * Standardizes the arguments of multiple overloads into a single shape.\n * @param args - The encrypt arguments\n */\n private disambiguateEncryptArguments(\n args: [EncryptParameters, EncryptOptions?] | [string, Uint8Array, EncryptOptions?],\n ): [EncryptParameters, EncryptOptions] {\n if (typeof args[0] === \"string\") {\n // Sample shape: [\"RSA1_5\", buffer, options]\n return [\n {\n algorithm: args[0],\n plaintext: args[1],\n } as EncryptParameters,\n args[2] || {},\n ];\n } else {\n // Sample shape: [{ algorithm: \"RSA1_5\", plaintext: buffer }, options]\n return [args[0], (args[1] || {}) as EncryptOptions];\n }\n }\n\n /**\n * Decrypts the given ciphertext with the specified decryption parameters.\n * Depending on the algorithm used in the decryption parameters, the set of possible decryption parameters will change.\n *\n * Microsoft recommends you not use CBC without first ensuring the integrity of the ciphertext using, for example, an HMAC. See https://learn.microsoft.com/dotnet/standard/security/vulnerabilities-cbc-mode for more information.\n *\n * Example usage:\n * ```ts snippet:ReadmeSampleDecrypt\n * import { DefaultAzureCredential } from \"@azure/identity\";\n * import { KeyClient, CryptographyClient } from \"@azure/keyvault-keys\";\n *\n * const credential = new DefaultAzureCredential();\n *\n * const vaultName = \"<YOUR KEYVAULT NAME>\";\n * const url = `https://${vaultName}.vault.azure.net`;\n *\n * const client = new KeyClient(url, credential);\n *\n * const myKey = await client.createKey(\"MyKey\", \"RSA\");\n * const cryptographyClient = new CryptographyClient(myKey.id, credential);\n *\n * const encryptResult = await cryptographyClient.encrypt({\n * algorithm: \"RSA1_5\",\n * plaintext: Buffer.from(\"My Message\"),\n * });\n * console.log(\"encrypt result: \", encryptResult.result);\n *\n * const decryptResult = await cryptographyClient.decrypt({\n * algorithm: \"RSA1_5\",\n * ciphertext: encryptResult.result,\n * });\n * console.log(\"decrypt result: \", decryptResult.result.toString());\n * ```\n * @param decryptParameters - The decryption parameters.\n * @param options - Additional options.\n */\n public async decrypt(\n decryptParameters: DecryptParameters,\n options?: DecryptOptions,\n ): Promise<DecryptResult>;\n /**\n * Decrypts the given ciphertext with the specified cryptography algorithm\n *\n * Example usage:\n * ```ts snippet:ReadmeSampleDecrypt\n * import { DefaultAzureCredential } from \"@azure/identity\";\n * import { KeyClient, CryptographyClient } from \"@azure/keyvault-keys\";\n *\n * const credential = new DefaultAzureCredential();\n *\n * const vaultName = \"<YOUR KEYVAULT NAME>\";\n * const url = `https://${vaultName}.vault.azure.net`;\n *\n * const client = new KeyClient(url, credential);\n *\n * const myKey = await client.createKey(\"MyKey\", \"RSA\");\n * const cryptographyClient = new CryptographyClient(myKey.id, credential);\n *\n * const encryptResult = await cryptographyClient.encrypt({\n * algorithm: \"RSA1_5\",\n * plaintext: Buffer.from(\"My Message\"),\n * });\n * console.log(\"encrypt result: \", encryptResult.result);\n *\n * const decryptResult = await cryptographyClient.decrypt({\n * algorithm: \"RSA1_5\",\n * ciphertext: encryptResult.result,\n * });\n * console.log(\"decrypt result: \", decryptResult.result.toString());\n * ```\n *\n * Microsoft recommends you not use CBC without first ensuring the integrity of the ciphertext using, for example, an HMAC. See https://learn.microsoft.com/dotnet/standard/security/vulnerabilities-cbc-mode for more information.\n *\n * @param algorithm - The algorithm to use.\n * @param ciphertext - The text to decrypt.\n * @param options - Additional options.\n * @deprecated Use `decrypt({ algorithm, ciphertext }, options)` instead.\n */\n public decrypt(\n algorithm: EncryptionAlgorithm,\n ciphertext: Uint8Array,\n options?: DecryptOptions,\n ): Promise<DecryptResult>;\n public decrypt(\n ...args:\n | [DecryptParameters, DecryptOptions?]\n | [EncryptionAlgorithm, Uint8Array, DecryptOptions?]\n ): Promise<DecryptResult> {\n const [parameters, options] = this.disambiguateDecryptArguments(args);\n\n return tracingClient.withSpan(\"CryptographyClient.decrypt\", options, async (updatedOptions) => {\n this.ensureValid(await this.fetchKey(updatedOptions), KnownKeyOperations.Decrypt);\n const provider = await this.getProvider(\"decrypt\", parameters.algorithm, updatedOptions);\n try {\n return provider.decrypt(parameters, updatedOptions);\n } catch (error: any) {\n if (this.remoteProvider) {\n return this.remoteProvider.decrypt(parameters, updatedOptions);\n }\n throw error;\n }\n });\n }\n\n /**\n * Standardizes the arguments of multiple overloads into a single shape.\n * @param args - The decrypt arguments\n */\n private disambiguateDecryptArguments(\n args: [DecryptParameters, DecryptOptions?] | [string, Uint8Array, DecryptOptions?],\n ): [DecryptParameters, DecryptOptions] {\n if (typeof args[0] === \"string\") {\n // Sample shape: [\"RSA1_5\", encryptedBuffer, options]\n return [\n {\n algorithm: args[0],\n ciphertext: args[1],\n } as DecryptParameters,\n args[2] || {},\n ];\n } else {\n // Sample shape: [{ algorithm: \"RSA1_5\", ciphertext: encryptedBuffer }, options]\n return [args[0], (args[1] || {}) as DecryptOptions];\n }\n }\n\n /**\n * Wraps the given key using the specified cryptography algorithm\n *\n * Example usage:\n * ```ts snippet:ReadmeSampleWrapKey\n * import { DefaultAzureCredential } from \"@azure/identity\";\n * import { KeyClient, CryptographyClient } from \"@azure/keyvault-keys\";\n *\n * const credential = new DefaultAzureCredential();\n *\n * const vaultName = \"<YOUR KEYVAULT NAME>\";\n * const url = `https://${vaultName}.vault.azure.net`;\n *\n * const client = new KeyClient(url, credential);\n *\n * const myKey = await client.createKey(\"MyKey\", \"RSA\");\n * const cryptographyClient = new CryptographyClient(myKey, credential);\n *\n * const wrapResult = await cryptographyClient.wrapKey(\"RSA-OAEP\", Buffer.from(\"My Key\"));\n * console.log(\"wrap result:\", wrapResult.result);\n * ```\n * @param algorithm - The encryption algorithm to use to wrap the given key.\n * @param key - The key to wrap.\n * @param options - Additional options.\n */\n public wrapKey(\n algorithm: KeyWrapAlgorithm,\n key: Uint8Array,\n options: WrapKeyOptions = {},\n ): Promise<WrapResult> {\n return tracingClient.withSpan(\"CryptographyClient.wrapKey\", options, async (updatedOptions) => {\n this.ensureValid(await this.fetchKey(updatedOptions), KnownKeyOperations.WrapKey);\n const provider = await this.getProvider(\"wrapKey\", algorithm, updatedOptions);\n try {\n return provider.wrapKey(algorithm, key, updatedOptions);\n } catch (err: any) {\n if (this.remoteProvider) {\n return this.remoteProvider.wrapKey(algorithm, key, options);\n }\n throw err;\n }\n });\n }\n\n /**\n * Unwraps the given wrapped key using the specified cryptography algorithm\n *\n * Example usage:\n * ```ts snippet:ReadmeSampleUnwrapKey\n * import { DefaultAzureCredential } from \"@azure/identity\";\n * import { KeyClient, CryptographyClient } from \"@azure/keyvault-keys\";\n *\n * const credential = new DefaultAzureCredential();\n *\n * const vaultName = \"<YOUR KEYVAULT NAME>\";\n * const url = `https://${vaultName}.vault.azure.net`;\n *\n * const client = new KeyClient(url, credential);\n *\n * const myKey = await client.createKey(\"MyKey\", \"RSA\");\n * const cryptographyClient = new CryptographyClient(myKey, credential);\n *\n * const wrapResult = await cryptographyClient.wrapKey(\"RSA-OAEP\", Buffer.from(\"My Key\"));\n * console.log(\"wrap result:\", wrapResult.result);\n *\n * const unwrapResult = await cryptographyClient.unwrapKey(\"RSA-OAEP\", wrapResult.result);\n * console.log(\"unwrap result: \", unwrapResult.result);\n * ```\n * @param algorithm - The decryption algorithm to use to unwrap the key.\n * @param encryptedKey - The encrypted key to unwrap.\n * @param options - Additional options.\n */\n public unwrapKey(\n algorithm: KeyWrapAlgorithm,\n encryptedKey: Uint8Array,\n options: UnwrapKeyOptions = {},\n ): Promise<UnwrapResult> {\n return tracingClient.withSpan(\n \"CryptographyClient.unwrapKey\",\n options,\n async (updatedOptions) => {\n this.ensureValid(await this.fetchKey(updatedOptions), KnownKeyOperations.UnwrapKey);\n const provider = await this.getProvider(\"unwrapKey\", algorithm, updatedOptions);\n try {\n return provider.unwrapKey(algorithm, encryptedKey, updatedOptions);\n } catch (err: any) {\n if (this.remoteProvider) {\n return this.remoteProvider.unwrapKey(algorithm, encryptedKey, options);\n }\n throw err;\n }\n },\n );\n }\n\n /**\n * Cryptographically sign the digest of a message\n *\n * Example usage:\n * ```ts snippet:ReadmeSampleSign\n * import { DefaultAzureCredential } from \"@azure/identity\";\n * import { KeyClient, CryptographyClient } from \"@azure/keyvault-keys\";\n * import { createHash } from \"node:crypto\";\n *\n * const credential = new DefaultAzureCredential();\n *\n * const vaultName = \"<YOUR KEYVAULT NAME>\";\n * const url = `https://${vaultName}.vault.azure.net`;\n *\n * const client = new KeyClient(url, credential);\n *\n * let myKey = await client.createKey(\"MyKey\", \"RSA\");\n * const cryptographyClient = new CryptographyClient(myKey, credential);\n *\n * const signatureValue = \"MySignature\";\n * const hash = createHash(\"sha256\");\n *\n * const digest = hash.update(signatureValue).digest();\n * console.log(\"digest: \", digest);\n *\n * const signResult = await cryptographyClient.sign(\"RS256\", digest);\n * console.log(\"sign result: \", signResult.result);\n * ```\n * @param algorithm - The signing algorithm to use.\n * @param digest - The digest of the data to sign.\n * @param options - Additional options.\n */\n public sign(\n algorithm: SignatureAlgorithm,\n digest: Uint8Array,\n options: SignOptions = {},\n ): Promise<SignResult> {\n return tracingClient.withSpan(\"CryptographyClient.sign\", options, async (updatedOptions) => {\n this.ensureValid(await this.fetchKey(updatedOptions), KnownKeyOperations.Sign);\n const provider = await this.getProvider(\"sign\", algorithm, updatedOptions);\n try {\n return provider.sign(algorithm, digest, updatedOptions);\n } catch (err: any) {\n if (this.remoteProvider) {\n return this.remoteProvider.sign(algorithm, digest, updatedOptions);\n }\n throw err;\n }\n });\n }\n\n /**\n * Verify the signed message digest\n *\n * Example usage:\n * ```ts snippet:ReadmeSampleVerify\n * import { DefaultAzureCredential } from \"@azure/identity\";\n * import { KeyClient, CryptographyClient } from \"@azure/keyvault-keys\";\n * import { createHash } from \"node:crypto\";\n *\n * const credential = new DefaultAzureCredential();\n *\n * const vaultName = \"<YOUR KEYVAULT NAME>\";\n * const url = `https://${vaultName}.vault.azure.net`;\n *\n * const client = new KeyClient(url, credential);\n *\n * const myKey = await client.createKey(\"MyKey\", \"RSA\");\n * const cryptographyClient = new CryptographyClient(myKey, credential);\n *\n * const hash = createHash(\"sha256\");\n * hash.update(\"My Message\");\n * const digest = hash.digest();\n *\n * const signResult = await cryptographyClient.sign(\"RS256\", digest);\n * console.log(\"sign result: \", signResult.result);\n *\n * const verifyResult = await cryptographyClient.verify(\"RS256\", digest, signResult.result);\n * console.log(\"verify result: \", verifyResult.result);\n * ```\n * @param algorithm - The signing algorithm to use to verify with.\n * @param digest - The digest to verify.\n * @param signature - The signature to verify the digest against.\n * @param options - Additional options.\n */\n public verify(\n algorithm: SignatureAlgorithm,\n digest: Uint8Array,\n signature: Uint8Array,\n options: VerifyOptions = {},\n ): Promise<VerifyResult> {\n return tracingClient.withSpan(\"CryptographyClient.verify\", options, async (updatedOptions) => {\n this.ensureValid(await this.fetchKey(updatedOptions), KnownKeyOperations.Verify);\n const provider = await this.getProvider(\"verify\", algorithm, updatedOptions);\n try {\n return provider.verify(algorithm, digest, signature, updatedOptions);\n } catch (err: any) {\n if (this.remoteProvider) {\n return this.remoteProvider.verify(algorithm, digest, signature, updatedOptions);\n }\n throw err;\n }\n });\n }\n\n /**\n * Cryptographically sign a block of data\n *\n * Example usage:\n * ```ts snippet:ReadmeSampleSignData\n * import { DefaultAzureCredential } from \"@azure/identity\";\n * import { KeyClient, CryptographyClient } from \"@azure/keyvault-keys\";\n *\n * const credential = new DefaultAzureCredential();\n *\n * const vaultName = \"<YOUR KEYVAULT NAME>\";\n * const url = `https://${vaultName}.vault.azure.net`;\n *\n * const client = new KeyClient(url, credential);\n *\n * const myKey = await client.createKey(\"MyKey\", \"RSA\");\n * const cryptographyClient = new CryptographyClient(myKey, credential);\n *\n * const signResult = await cryptographyClient.signData(\"RS256\", Buffer.from(\"My Message\"));\n * console.log(\"sign result: \", signResult.result);\n * ```\n * @param algorithm - The signing algorithm to use.\n * @param data - The data to sign.\n * @param options - Additional options.\n */\n public signData(\n algorithm: SignatureAlgorithm,\n data: Uint8Array,\n // eslint-disable-next-line @azure/azure-sdk/ts-naming-options\n options: SignOptions = {},\n ): Promise<SignResult> {\n return tracingClient.withSpan(\n \"CryptographyClient.signData\",\n options,\n async (updatedOptions) => {\n this.ensureValid(await this.fetchKey(updatedOptions), KnownKeyOperations.Sign);\n const provider = await this.getProvider(\"signData\", algorithm, updatedOptions);\n try {\n return provider.signData(algorithm, data, updatedOptions);\n } catch (err: any) {\n if (this.remoteProvider) {\n return this.remoteProvider.signData(algorithm, data, options);\n }\n throw err;\n }\n },\n );\n }\n\n /**\n * Verify the signed block of data\n *\n * Example usage:\n * ```ts snippet:ReadmeSampleVerifyData\n * import { DefaultAzureCredential } from \"@azure/identity\";\n * import { KeyClient, CryptographyClient } from \"@azure/keyvault-keys\";\n *\n * const credential = new DefaultAzureCredential();\n *\n * const vaultName = \"<YOUR KEYVAULT NAME>\";\n * const url = `https://${vaultName}.vault.azure.net`;\n *\n * const client = new KeyClient(url, credential);\n *\n * const myKey = await client.createKey(\"MyKey\", \"RSA\");\n * const cryptographyClient = new CryptographyClient(myKey, credential);\n *\n * const buffer = Buffer.from(\"My Message\");\n *\n * const signResult = await cryptographyClient.signData(\"RS256\", buffer);\n * console.log(\"sign result: \", signResult.result);\n *\n * const verifyResult = await cryptographyClient.verifyData(\"RS256\", buffer, signResult.result);\n * console.log(\"verify result: \", verifyResult.result);\n * ```\n * @param algorithm - The algorithm to use to verify with.\n * @param data - The signed block of data to verify.\n * @param signature - The signature to verify the block against.\n * @param options - Additional options.\n */\n public verifyData(\n algorithm: SignatureAlgorithm,\n data: Uint8Array,\n signature: Uint8Array,\n // eslint-disable-next-line @azure/azure-sdk/ts-naming-options\n options: VerifyOptions = {},\n ): Promise<VerifyResult> {\n return tracingClient.withSpan(\n \"CryptographyClient.verifyData\",\n options,\n async (updatedOptions) => {\n this.ensureValid(await this.fetchKey(updatedOptions), KnownKeyOperations.Verify);\n const provider = await this.getProvider(\"verifyData\", algorithm, updatedOptions);\n try {\n return provider.verifyData(algorithm, data, signature, updatedOptions);\n } catch (err: any) {\n if (this.remoteProvider) {\n return this.remoteProvider.verifyData(algorithm, data, signature, updatedOptions);\n }\n throw err;\n }\n },\n );\n }\n\n /**\n * Retrieves the {@link JsonWebKey} from the Key Vault, if possible. Returns undefined if the key could not be retrieved due to insufficient permissions.\n * @param options - The additional options.\n */\n private async getKeyMaterial(options: GetKeyOptions): Promise<JsonWebKey | undefined> {\n const key = await this.fetchKey(options);\n\n switch (key.kind) {\n case \"JsonWebKey\":\n return key.value;\n case \"KeyVaultKey\":\n return key.value.key!;\n default:\n return undefined;\n }\n }\n\n /**\n * Returns the underlying key used for cryptographic operations.\n * If needed, attempts to fetch the key from KeyVault and exchanges the ID for the actual key.\n * @param options - The additional options.\n */\n private async fetchKey<T extends OperationOptions>(options: T): Promise<CryptographyClientKey> {\n if (this.key.kind === \"identifier\") {\n // Exchange the identifier with the actual key when needed\n let key: KeyVaultKey | undefined;\n try {\n key = await this.remoteProvider!.getKey(options);\n } catch (e: unknown) {\n if (isRestError(e) && e.statusCode === 403) {\n // If we don't have permission to get the key, we'll fall back to using the remote provider.\n // Marking the key as a remoteOnlyIdentifier will ensure that we don't attempt to fetch the key again.\n logger.verbose(\n `Permission denied to get key ${this.key.value}. Falling back to remote operation.`,\n );\n this.key = { kind: \"remoteOnlyIdentifier\", value: this.key.value };\n } else {\n throw e;\n }\n }\n\n if (key) {\n this.key = { kind: \"KeyVaultKey\", value: key };\n }\n }\n\n return this.key;\n }\n\n private providers?: CryptographyProvider[];\n /**\n * Gets the provider that support this algorithm and operation.\n * The available providers are ordered by priority such that the first provider that supports this\n * operation is the one we should use.\n * @param operation - The {@link KeyOperation}.\n * @param algorithm - The algorithm to use.\n */\n private async getProvider<T extends OperationOptions>(\n operation: CryptographyProviderOperation,\n algorithm: string,\n options: T,\n ): Promise<CryptographyProvider> {\n if (!this.providers) {\n const keyMaterial = await this.getKeyMaterial(options);\n this.providers = [];\n\n // Add local crypto providers as needed\n if (keyMaterial) {\n this.providers.push(\n new RsaCryptographyProvider(keyMaterial),\n new AesCryptographyProvider(keyMaterial),\n );\n }\n\n // If the remote provider exists, we're in hybrid-mode. Otherwise we're in local-only mode.\n // If we're in hybrid mode the remote provider is used as a catch-all and should be last in the list.\n if (this.remoteProvider) {\n this.providers.push(this.remoteProvider);\n }\n }\n\n const providers = this.providers.filter((p) => p.isSupported(algorithm, operation));\n\n if (providers.length === 0) {\n throw new Error(\n `Unable to support operation: \"${operation}\" with algorithm: \"${algorithm}\" ${\n this.key.kind === \"JsonWebKey\" ? \"using a local JsonWebKey\" : \"\"\n }`,\n );\n }\n\n // Return the first provider that supports this request\n return providers[0];\n }\n\n private ensureValid(key: CryptographyClientKey, operation?: KeyOperation): void {\n if (key.kind === \"KeyVaultKey\") {\n const keyOps = key.value.keyOperations;\n const { notBefore, expiresOn } = key.value.properties;\n const now = new Date();\n\n // Check KeyVault Key Expiration\n if (notBefore && now < notBefore) {\n throw new Error(`Key ${key.value.id} can't be used before ${notBefore.toISOString()}`);\n }\n\n if (expiresOn && now > expiresOn) {\n throw new Error(`Key ${key.value.id} expired at ${expiresOn.toISOString()}`);\n }\n\n // Check Key operations\n if (operation && keyOps && !keyOps?.includes(operation)) {\n throw new Error(`Operation ${operation} is not supported on key ${key.value.id}`);\n }\n } else if (key.kind === \"JsonWebKey\") {\n // Check JsonWebKey Key operations\n if (operation && key.value.keyOps && !key.value.keyOps?.includes(operation)) {\n throw new Error(`Operation ${operation} is not supported on key ${key.value.kid}`);\n }\n }\n }\n}\n"]}
1
+ {"version":3,"file":"cryptographyClient.js","sourceRoot":"","sources":["../../src/cryptographyClient.ts"],"names":[],"mappings":";AAAA,uCAAuC;AACvC,kCAAkC;;;AAWlC,mDAAqD;AAuBrD,gGAA0F;AAC1F,wDAAuD;AAEvD,0FAAoF;AACpF,0FAAoF;AACpF,6CAA6C;AAC7C,kEAAwD;AACxD,qCAAkC;AAElC;;;GAGG;AACH,MAAa,kBAAkB;IAC7B;;OAEG;IACK,GAAG,CAAwB;IAEnC;;OAEG;IACK,cAAc,CAA8B;IA2DpD;;;;OAIG;IACH,YACE,GAAsC,EACtC,UAA4B,EAC5B,kBAA6C,EAAE;QAE/C,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;YAC5B,uCAAuC;YACvC,IAAI,CAAC,GAAG,GAAG;gBACT,IAAI,EAAE,YAAY;gBAClB,KAAK,EAAE,GAAG;aACX,CAAC;YACF,IAAI,CAAC,cAAc,GAAG,IAAI,0DAA0B,CAAC,GAAG,EAAE,UAAW,EAAE,eAAe,CAAC,CAAC;QAC1F,CAAC;aAAM,IAAI,MAAM,IAAI,GAAG,EAAE,CAAC;YACzB,4CAA4C;YAC5C,IAAI,CAAC,GAAG,GAAG;gBACT,IAAI,EAAE,aAAa;gBACnB,KAAK,EAAE,GAAG;aACX,CAAC;YACF,IAAI,CAAC,cAAc,GAAG,IAAI,0DAA0B,CAAC,GAAG,EAAE,UAAW,EAAE,eAAe,CAAC,CAAC;QAC1F,CAAC;aAAM,CAAC;YACN,wCAAwC;YACxC,IAAI,CAAC,GAAG,GAAG;gBACT,IAAI,EAAE,YAAY;gBAClB,KAAK,EAAE,GAAG;aACX,CAAC;QACJ,CAAC;IACH,CAAC;IAED;;OAEG;IACH,IAAI,QAAQ;QACV,OAAO,IAAI,CAAC,cAAc,EAAE,QAAQ,IAAI,EAAE,CAAC;IAC7C,CAAC;IAED;;OAEG;IACH,IAAI,KAAK;QACP,IAAI,IAAI,CAAC,GAAG,CAAC,IAAI,KAAK,YAAY,IAAI,IAAI,CAAC,GAAG,CAAC,IAAI,KAAK,sBAAsB,EAAE,CAAC;YAC/E,OAAO,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC;QACxB,CAAC;aAAM,IAAI,IAAI,CAAC,GAAG,CAAC,IAAI,KAAK,aAAa,EAAE,CAAC;YAC3C,OAAO,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC;QAC3B,CAAC;aAAM,CAAC;YACN,OAAO,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC;QAC5B,CAAC;IACH,CAAC;IAoEM,OAAO,CACZ,GAAG,IAEmD;QAEtD,MAAM,CAAC,UAAU,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC,4BAA4B,CAAC,IAAI,CAAC,CAAC;QACtE,OAAO,0BAAa,CAAC,QAAQ,CAAC,4BAA4B,EAAE,OAAO,EAAE,KAAK,EAAE,cAAc,EAAE,EAAE;YAC5F,IAAI,CAAC,WAAW,CAAC,MAAM,IAAI,CAAC,QAAQ,CAAC,cAAc,CAAC,EAAE,kCAAkB,CAAC,OAAO,CAAC,CAAC;YAClF,IAAI,CAAC,YAAY,CAAC,UAAU,CAAC,CAAC;YAC9B,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,SAAS,EAAE,UAAU,CAAC,SAAS,EAAE,cAAc,CAAC,CAAC;YACzF,IAAI,CAAC;gBACH,OAAO,QAAQ,CAAC,OAAO,CAAC,UAAU,EAAE,cAAc,CAAC,CAAC;YACtD,CAAC;YAAC,OAAO,KAAU,EAAE,CAAC;gBACpB,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;oBACxB,OAAO,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC,UAAU,EAAE,cAAc,CAAC,CAAC;gBACjE,CAAC;gBACD,MAAM,KAAK,CAAC;YACd,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC;IAEO,YAAY,CAAC,UAA6B;QAChD,uFAAuF;QACvF,MAAM,qBAAqB,GAAgC;YACzD,SAAS;YACT,YAAY;YACZ,SAAS;YACT,YAAY;YACZ,SAAS;YACT,YAAY;SACb,CAAC;QAEF,IAAI,UAAU,CAAC,SAAS,IAAI,qBAAqB,EAAE,CAAC;YAClD,IAAI,CAAC;gBACH,MAAM,SAAS,GAAG,UAAqC,CAAC;gBACxD,IAAI,CAAC,SAAS,CAAC,EAAE,EAAE,CAAC;oBAClB,SAAS,CAAC,EAAE,GAAG,IAAA,uBAAW,EAAC,EAAE,CAAC,CAAC;gBACjC,CAAC;YACH,CAAC;YAAC,OAAO,CAAM,EAAE,CAAC;gBAChB,MAAM,IAAI,KAAK,CACb,yCAAyC,UAAU,CAAC,SAAS,yDAAyD,CAAC,CAAC,OAAO,EAAE,CAClI,CAAC;YACJ,CAAC;QACH,CAAC;IACH,CAAC;IAED;;;OAGG;IACK,4BAA4B,CAClC,IAAkF;QAElF,IAAI,OAAO,IAAI,CAAC,CAAC,CAAC,KAAK,QAAQ,EAAE,CAAC;YAChC,4CAA4C;YAC5C,OAAO;gBACL;oBACE,SAAS,EAAE,IAAI,CAAC,CAAC,CAAC;oBAClB,SAAS,EAAE,IAAI,CAAC,CAAC,CAAC;iBACE;gBACtB,IAAI,CAAC,CAAC,CAAC,IAAI,EAAE;aACd,CAAC;QACJ,CAAC;aAAM,CAAC;YACN,sEAAsE;YACtE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,EAAE,CAAmB,CAAC,CAAC;QACtD,CAAC;IACH,CAAC;IAqFM,OAAO,CACZ,GAAG,IAEmD;QAEtD,MAAM,CAAC,UAAU,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC,4BAA4B,CAAC,IAAI,CAAC,CAAC;QAEtE,OAAO,0BAAa,CAAC,QAAQ,CAAC,4BAA4B,EAAE,OAAO,EAAE,KAAK,EAAE,cAAc,EAAE,EAAE;YAC5F,IAAI,CAAC,WAAW,CAAC,MAAM,IAAI,CAAC,QAAQ,CAAC,cAAc,CAAC,EAAE,kCAAkB,CAAC,OAAO,CAAC,CAAC;YAClF,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,SAAS,EAAE,UAAU,CAAC,SAAS,EAAE,cAAc,CAAC,CAAC;YACzF,IAAI,CAAC;gBACH,OAAO,QAAQ,CAAC,OAAO,CAAC,UAAU,EAAE,cAAc,CAAC,CAAC;YACtD,CAAC;YAAC,OAAO,KAAU,EAAE,CAAC;gBACpB,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;oBACxB,OAAO,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC,UAAU,EAAE,cAAc,CAAC,CAAC;gBACjE,CAAC;gBACD,MAAM,KAAK,CAAC;YACd,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;;OAGG;IACK,4BAA4B,CAClC,IAAkF;QAElF,IAAI,OAAO,IAAI,CAAC,CAAC,CAAC,KAAK,QAAQ,EAAE,CAAC;YAChC,qDAAqD;YACrD,OAAO;gBACL;oBACE,SAAS,EAAE,IAAI,CAAC,CAAC,CAAC;oBAClB,UAAU,EAAE,IAAI,CAAC,CAAC,CAAC;iBACC;gBACtB,IAAI,CAAC,CAAC,CAAC,IAAI,EAAE;aACd,CAAC;QACJ,CAAC;aAAM,CAAC;YACN,gFAAgF;YAChF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,EAAE,CAAmB,CAAC,CAAC;QACtD,CAAC;IACH,CAAC;IAED;;;;;;;;;;;;;;;;;;;;;;;;OAwBG;IACI,OAAO,CACZ,SAA2B,EAC3B,GAAe,EACf,UAA0B,EAAE;QAE5B,OAAO,0BAAa,CAAC,QAAQ,CAAC,4BAA4B,EAAE,OAAO,EAAE,KAAK,EAAE,cAAc,EAAE,EAAE;YAC5F,IAAI,CAAC,WAAW,CAAC,MAAM,IAAI,CAAC,QAAQ,CAAC,cAAc,CAAC,EAAE,kCAAkB,CAAC,OAAO,CAAC,CAAC;YAClF,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,SAAS,EAAE,SAAS,EAAE,cAAc,CAAC,CAAC;YAC9E,IAAI,CAAC;gBACH,OAAO,QAAQ,CAAC,OAAO,CAAC,SAAS,EAAE,GAAG,EAAE,cAAc,CAAC,CAAC;YAC1D,CAAC;YAAC,OAAO,GAAQ,EAAE,CAAC;gBAClB,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;oBACxB,OAAO,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC,SAAS,EAAE,GAAG,EAAE,OAAO,CAAC,CAAC;gBAC9D,CAAC;gBACD,MAAM,GAAG,CAAC;YACZ,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;;;;;;;;;;;;;;;;;;;;;;;;;;OA2BG;IACI,SAAS,CACd,SAA2B,EAC3B,YAAwB,EACxB,UAA4B,EAAE;QAE9B,OAAO,0BAAa,CAAC,QAAQ,CAC3B,8BAA8B,EAC9B,OAAO,EACP,KAAK,EAAE,cAAc,EAAE,EAAE;YACvB,IAAI,CAAC,WAAW,CAAC,MAAM,IAAI,CAAC,QAAQ,CAAC,cAAc,CAAC,EAAE,kCAAkB,CAAC,SAAS,CAAC,CAAC;YACpF,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,WAAW,EAAE,SAAS,EAAE,cAAc,CAAC,CAAC;YAChF,IAAI,CAAC;gBACH,OAAO,QAAQ,CAAC,SAAS,CAAC,SAAS,EAAE,YAAY,EAAE,cAAc,CAAC,CAAC;YACrE,CAAC;YAAC,OAAO,GAAQ,EAAE,CAAC;gBAClB,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;oBACxB,OAAO,IAAI,CAAC,cAAc,CAAC,SAAS,CAAC,SAAS,EAAE,YAAY,EAAE,OAAO,CAAC,CAAC;gBACzE,CAAC;gBACD,MAAM,GAAG,CAAC;YACZ,CAAC;QACH,CAAC,CACF,CAAC;IACJ,CAAC;IAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OA+BG;IACI,IAAI,CACT,SAA6B,EAC7B,MAAkB,EAClB,UAAuB,EAAE;QAEzB,OAAO,0BAAa,CAAC,QAAQ,CAAC,yBAAyB,EAAE,OAAO,EAAE,KAAK,EAAE,cAAc,EAAE,EAAE;YACzF,IAAI,CAAC,WAAW,CAAC,MAAM,IAAI,CAAC,QAAQ,CAAC,cAAc,CAAC,EAAE,kCAAkB,CAAC,IAAI,CAAC,CAAC;YAC/E,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,SAAS,EAAE,cAAc,CAAC,CAAC;YAC3E,IAAI,CAAC;gBACH,OAAO,QAAQ,CAAC,IAAI,CAAC,SAAS,EAAE,MAAM,EAAE,cAAc,CAAC,CAAC;YAC1D,CAAC;YAAC,OAAO,GAAQ,EAAE,CAAC;gBAClB,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;oBACxB,OAAO,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,SAAS,EAAE,MAAM,EAAE,cAAc,CAAC,CAAC;gBACrE,CAAC;gBACD,MAAM,GAAG,CAAC;YACZ,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OAiCG;IACI,MAAM,CACX,SAA6B,EAC7B,MAAkB,EAClB,SAAqB,EACrB,UAAyB,EAAE;QAE3B,OAAO,0BAAa,CAAC,QAAQ,CAAC,2BAA2B,EAAE,OAAO,EAAE,KAAK,EAAE,cAAc,EAAE,EAAE;YAC3F,IAAI,CAAC,WAAW,CAAC,MAAM,IAAI,CAAC,QAAQ,CAAC,cAAc,CAAC,EAAE,kCAAkB,CAAC,MAAM,CAAC,CAAC;YACjF,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,QAAQ,EAAE,SAAS,EAAE,cAAc,CAAC,CAAC;YAC7E,IAAI,CAAC;gBACH,OAAO,QAAQ,CAAC,MAAM,CAAC,SAAS,EAAE,MAAM,EAAE,SAAS,EAAE,cAAc,CAAC,CAAC;YACvE,CAAC;YAAC,OAAO,GAAQ,EAAE,CAAC;gBAClB,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;oBACxB,OAAO,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,SAAS,EAAE,MAAM,EAAE,SAAS,EAAE,cAAc,CAAC,CAAC;gBAClF,CAAC;gBACD,MAAM,GAAG,CAAC;YACZ,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;;;;;;;;;;;;;;;;;;;;;;;OAwBG;IACI,QAAQ,CACb,SAA6B,EAC7B,IAAgB;IAChB,8DAA8D;IAC9D,UAAuB,EAAE;QAEzB,OAAO,0BAAa,CAAC,QAAQ,CAC3B,6BAA6B,EAC7B,OAAO,EACP,KAAK,EAAE,cAAc,EAAE,EAAE;YACvB,IAAI,CAAC,WAAW,CAAC,MAAM,IAAI,CAAC,QAAQ,CAAC,cAAc,CAAC,EAAE,kCAAkB,CAAC,IAAI,CAAC,CAAC;YAC/E,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,UAAU,EAAE,SAAS,EAAE,cAAc,CAAC,CAAC;YAC/E,IAAI,CAAC;gBACH,OAAO,QAAQ,CAAC,QAAQ,CAAC,SAAS,EAAE,IAAI,EAAE,cAAc,CAAC,CAAC;YAC5D,CAAC;YAAC,OAAO,GAAQ,EAAE,CAAC;gBAClB,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;oBACxB,OAAO,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,SAAS,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC;gBAChE,CAAC;gBACD,MAAM,GAAG,CAAC;YACZ,CAAC;QACH,CAAC,CACF,CAAC;IACJ,CAAC;IAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OA8BG;IACI,UAAU,CACf,SAA6B,EAC7B,IAAgB,EAChB,SAAqB;IACrB,8DAA8D;IAC9D,UAAyB,EAAE;QAE3B,OAAO,0BAAa,CAAC,QAAQ,CAC3B,+BAA+B,EAC/B,OAAO,EACP,KAAK,EAAE,cAAc,EAAE,EAAE;YACvB,IAAI,CAAC,WAAW,CAAC,MAAM,IAAI,CAAC,QAAQ,CAAC,cAAc,CAAC,EAAE,kCAAkB,CAAC,MAAM,CAAC,CAAC;YACjF,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,YAAY,EAAE,SAAS,EAAE,cAAc,CAAC,CAAC;YACjF,IAAI,CAAC;gBACH,OAAO,QAAQ,CAAC,UAAU,CAAC,SAAS,EAAE,IAAI,EAAE,SAAS,EAAE,cAAc,CAAC,CAAC;YACzE,CAAC;YAAC,OAAO,GAAQ,EAAE,CAAC;gBAClB,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;oBACxB,OAAO,IAAI,CAAC,cAAc,CAAC,UAAU,CAAC,SAAS,EAAE,IAAI,EAAE,SAAS,EAAE,cAAc,CAAC,CAAC;gBACpF,CAAC;gBACD,MAAM,GAAG,CAAC;YACZ,CAAC;QACH,CAAC,CACF,CAAC;IACJ,CAAC;IAED;;;OAGG;IACK,KAAK,CAAC,cAAc,CAAC,OAAsB;QACjD,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;QAEzC,QAAQ,GAAG,CAAC,IAAI,EAAE,CAAC;YACjB,KAAK,YAAY;gBACf,OAAO,GAAG,CAAC,KAAK,CAAC;YACnB,KAAK,aAAa;gBAChB,OAAO,GAAG,CAAC,KAAK,CAAC,GAAI,CAAC;YACxB;gBACE,OAAO,SAAS,CAAC;QACrB,CAAC;IACH,CAAC;IAED;;;;OAIG;IACK,KAAK,CAAC,QAAQ,CAA6B,OAAU;QAC3D,IAAI,IAAI,CAAC,GAAG,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;YACnC,0DAA0D;YAC1D,IAAI,GAA4B,CAAC;YACjC,IAAI,CAAC;gBACH,GAAG,GAAG,MAAM,IAAI,CAAC,cAAe,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;YACnD,CAAC;YAAC,OAAO,CAAU,EAAE,CAAC;gBACpB,IAAI,IAAA,gCAAW,EAAC,CAAC,CAAC,IAAI,CAAC,CAAC,UAAU,KAAK,GAAG,EAAE,CAAC;oBAC3C,4FAA4F;oBAC5F,sGAAsG;oBACtG,eAAM,CAAC,OAAO,CACZ,gCAAgC,IAAI,CAAC,GAAG,CAAC,KAAK,qCAAqC,CACpF,CAAC;oBACF,IAAI,CAAC,GAAG,GAAG,EAAE,IAAI,EAAE,sBAAsB,EAAE,KAAK,EAAE,IAAI,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC;gBACrE,CAAC;qBAAM,CAAC;oBACN,MAAM,CAAC,CAAC;gBACV,CAAC;YACH,CAAC;YAED,IAAI,GAAG,EAAE,CAAC;gBACR,IAAI,CAAC,GAAG,GAAG,EAAE,IAAI,EAAE,aAAa,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC;YACjD,CAAC;QACH,CAAC;QAED,OAAO,IAAI,CAAC,GAAG,CAAC;IAClB,CAAC;IAEO,SAAS,CAA0B;IAC3C;;;;;;OAMG;IACK,KAAK,CAAC,WAAW,CACvB,SAAwC,EACxC,SAAiB,EACjB,OAAU;QAEV,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC;YACpB,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC;YACvD,IAAI,CAAC,SAAS,GAAG,EAAE,CAAC;YAEpB,uCAAuC;YACvC,IAAI,WAAW,EAAE,CAAC;gBAChB,IAAI,CAAC,SAAS,CAAC,IAAI,CACjB,IAAI,oDAAuB,CAAC,WAAW,CAAC,EACxC,IAAI,oDAAuB,CAAC,WAAW,CAAC,CACzC,CAAC;YACJ,CAAC;YAED,2FAA2F;YAC3F,qGAAqG;YACrG,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;gBACxB,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;YAC3C,CAAC;QACH,CAAC;QAED,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,CAAC,SAAS,EAAE,SAAS,CAAC,CAAC,CAAC;QAEpF,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC3B,MAAM,IAAI,KAAK,CACb,iCAAiC,SAAS,sBAAsB,SAAS,KACvE,IAAI,CAAC,GAAG,CAAC,IAAI,KAAK,YAAY,CAAC,CAAC,CAAC,0BAA0B,CAAC,CAAC,CAAC,EAChE,EAAE,CACH,CAAC;QACJ,CAAC;QAED,uDAAuD;QACvD,OAAO,SAAS,CAAC,CAAC,CAAC,CAAC;IACtB,CAAC;IAEO,WAAW,CAAC,GAA0B,EAAE,SAAwB;QACtE,IAAI,GAAG,CAAC,IAAI,KAAK,aAAa,EAAE,CAAC;YAC/B,MAAM,MAAM,GAAG,GAAG,CAAC,KAAK,CAAC,aAAa,CAAC;YACvC,MAAM,EAAE,SAAS,EAAE,SAAS,EAAE,GAAG,GAAG,CAAC,KAAK,CAAC,UAAU,CAAC;YACtD,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;YAEvB,gCAAgC;YAChC,IAAI,SAAS,IAAI,GAAG,GAAG,SAAS,EAAE,CAAC;gBACjC,MAAM,IAAI,KAAK,CAAC,OAAO,GAAG,CAAC,KAAK,CAAC,EAAE,yBAAyB,SAAS,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;YACzF,CAAC;YAED,IAAI,SAAS,IAAI,GAAG,GAAG,SAAS,EAAE,CAAC;gBACjC,MAAM,IAAI,KAAK,CAAC,OAAO,GAAG,CAAC,KAAK,CAAC,EAAE,eAAe,SAAS,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;YAC/E,CAAC;YAED,uBAAuB;YACvB,IAAI,SAAS,IAAI,MAAM,IAAI,CAAC,MAAM,EAAE,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;gBACxD,MAAM,IAAI,KAAK,CAAC,aAAa,SAAS,4BAA4B,GAAG,CAAC,KAAK,CAAC,EAAE,EAAE,CAAC,CAAC;YACpF,CAAC;QACH,CAAC;aAAM,IAAI,GAAG,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;YACrC,kCAAkC;YAClC,IAAI,SAAS,IAAI,GAAG,CAAC,KAAK,CAAC,MAAM,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,EAAE,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;gBAC5E,MAAM,IAAI,KAAK,CAAC,aAAa,SAAS,4BAA4B,GAAG,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC;YACrF,CAAC;QACH,CAAC;IACH,CAAC;CACF;AAvyBD,gDAuyBC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { OperationOptions } from \"@azure-rest/core-client\";\nimport type { TokenCredential } from \"@azure/core-auth\";\nimport type {\n CryptographyClientOptions,\n GetKeyOptions,\n JsonWebKey,\n KeyOperation,\n KeyVaultKey,\n} from \"./keysModels.js\";\nimport { KnownKeyOperations } from \"./keysModels.js\";\nimport type {\n AesCbcEncryptParameters,\n AesCbcEncryptionAlgorithm,\n CryptographyClientKey,\n DecryptOptions,\n DecryptParameters,\n DecryptResult,\n EncryptOptions,\n EncryptParameters,\n EncryptResult,\n EncryptionAlgorithm,\n KeyWrapAlgorithm,\n SignOptions,\n SignResult,\n SignatureAlgorithm,\n UnwrapKeyOptions,\n UnwrapResult,\n VerifyOptions,\n VerifyResult,\n WrapKeyOptions,\n WrapResult,\n} from \"./cryptographyClientModels.js\";\nimport { RemoteCryptographyProvider } from \"./cryptography/remoteCryptographyProvider.js\";\nimport { randomBytes } from \"./cryptography/crypto.js\";\nimport type { CryptographyProvider, CryptographyProviderOperation } from \"./cryptography/models.js\";\nimport { RsaCryptographyProvider } from \"./cryptography/rsaCryptographyProvider.js\";\nimport { AesCryptographyProvider } from \"./cryptography/aesCryptographyProvider.js\";\nimport { tracingClient } from \"./tracing.js\";\nimport { isRestError } from \"@azure/core-rest-pipeline\";\nimport { logger } from \"./log.js\";\n\n/**\n * A client used to perform cryptographic operations on an Azure Key vault key\n * or a local {@link JsonWebKey}.\n */\nexport class CryptographyClient {\n /**\n * The key the CryptographyClient currently holds.\n */\n private key: CryptographyClientKey;\n\n /**\n * The remote provider, which would be undefined if used in local mode.\n */\n private remoteProvider?: RemoteCryptographyProvider;\n\n /**\n * Constructs a new instance of the Cryptography client for the given key\n *\n * Example usage:\n * ```ts snippet:ReadmeSampleCreateCryptographyClient\n * import { DefaultAzureCredential } from \"@azure/identity\";\n * import { KeyClient, CryptographyClient } from \"@azure/keyvault-keys\";\n *\n * const credential = new DefaultAzureCredential();\n *\n * const vaultName = \"<YOUR KEYVAULT NAME>\";\n * const url = `https://${vaultName}.vault.azure.net`;\n *\n * const client = new KeyClient(url, credential);\n *\n * // Create or retrieve a key from the keyvault\n * const myKey = await client.createKey(\"MyKey\", \"RSA\");\n *\n * // Lastly, create our cryptography client and connect to the service\n * const cryptographyClient = new CryptographyClient(myKey, credential);\n * ```\n * @param key - The key to use during cryptography tasks. You can also pass the identifier of the key i.e its url here.\n * @param credential - An object that implements the `TokenCredential` interface used to authenticate requests to the service. Use the \\@azure/identity package to create a credential that suits your needs.\n * @param pipelineOptions - Pipeline options used to configure Key Vault API requests.\n * Omit this parameter to use the default pipeline configuration.\n */\n constructor(\n key: string | KeyVaultKey,\n credential: TokenCredential,\n pipelineOptions?: CryptographyClientOptions,\n );\n /**\n * Constructs a new instance of the Cryptography client for the given key in local mode.\n *\n * Example usage:\n * ```ts snippet:ReadmeSampleCreateCryptographyClientLocal\n * import { CryptographyClient } from \"@azure/keyvault-keys\";\n *\n * const jsonWebKey = {\n * kty: \"RSA\",\n * kid: \"test-key-123\",\n * use: \"sig\",\n * alg: \"RS256\",\n * n: new Uint8Array([112, 34, 56, 98, 123, 244, 200, 99]),\n * e: new Uint8Array([1, 0, 1]),\n * d: new Uint8Array([45, 67, 89, 23, 144, 200, 76, 233]),\n * p: new Uint8Array([34, 89, 100, 77, 204, 56, 29, 77]),\n * q: new Uint8Array([78, 99, 201, 45, 188, 34, 67, 90]),\n * dp: new Uint8Array([23, 45, 78, 56, 200, 144, 32, 67]),\n * dq: new Uint8Array([12, 67, 89, 144, 99, 56, 23, 45]),\n * qi: new Uint8Array([78, 90, 45, 201, 34, 67, 120, 55]),\n * };\n * const client = new CryptographyClient(jsonWebKey);\n * ```\n * @param key - The JsonWebKey to use during cryptography operations.\n */\n constructor(key: JsonWebKey);\n /**\n * Internal constructor implementation for either local or Key Vault backed keys.\n * @param key - The key to use during cryptography tasks.\n * @param credential - Teh credential to use when constructing a Key Vault Cryptography client.\n */\n constructor(\n key: string | KeyVaultKey | JsonWebKey,\n credential?: TokenCredential,\n pipelineOptions: CryptographyClientOptions = {},\n ) {\n if (typeof key === \"string\") {\n // Key URL for remote-local operations.\n this.key = {\n kind: \"identifier\",\n value: key,\n };\n this.remoteProvider = new RemoteCryptographyProvider(key, credential!, pipelineOptions);\n } else if (\"name\" in key) {\n // KeyVault key for remote-local operations.\n this.key = {\n kind: \"KeyVaultKey\",\n value: key,\n };\n this.remoteProvider = new RemoteCryptographyProvider(key, credential!, pipelineOptions);\n } else {\n // JsonWebKey for local-only operations.\n this.key = {\n kind: \"JsonWebKey\",\n value: key,\n };\n }\n }\n\n /**\n * The base URL to the vault. If a local {@link JsonWebKey} is used vaultUrl will be empty.\n */\n get vaultUrl(): string {\n return this.remoteProvider?.vaultUrl || \"\";\n }\n\n /**\n * The ID of the key used to perform cryptographic operations for the client.\n */\n get keyID(): string | undefined {\n if (this.key.kind === \"identifier\" || this.key.kind === \"remoteOnlyIdentifier\") {\n return this.key.value;\n } else if (this.key.kind === \"KeyVaultKey\") {\n return this.key.value.id;\n } else {\n return this.key.value.kid;\n }\n }\n\n /**\n * Encrypts the given plaintext with the specified encryption parameters.\n * Depending on the algorithm set in the encryption parameters, the set of possible encryption parameters will change.\n *\n * Example usage:\n * ```ts snippet:ReadmeSampleEncrypt\n * import { DefaultAzureCredential } from \"@azure/identity\";\n * import { KeyClient, CryptographyClient } from \"@azure/keyvault-keys\";\n *\n * const credential = new DefaultAzureCredential();\n *\n * const vaultName = \"<YOUR KEYVAULT NAME>\";\n * const url = `https://${vaultName}.vault.azure.net`;\n *\n * const client = new KeyClient(url, credential);\n *\n * const myKey = await client.createKey(\"MyKey\", \"RSA\");\n * const cryptographyClient = new CryptographyClient(myKey.id, credential);\n *\n * const encryptResult = await cryptographyClient.encrypt({\n * algorithm: \"RSA1_5\",\n * plaintext: Buffer.from(\"My Message\"),\n * });\n * console.log(\"encrypt result: \", encryptResult.result);\n * ```\n * @param encryptParameters - The encryption parameters, keyed on the encryption algorithm chosen.\n * @param options - Additional options.\n */\n public encrypt(\n encryptParameters: EncryptParameters,\n options?: EncryptOptions,\n ): Promise<EncryptResult>;\n /**\n * Encrypts the given plaintext with the specified cryptography algorithm\n *\n * Example usage:\n * ```ts snippet:ReadmeSampleEncrypt\n * import { DefaultAzureCredential } from \"@azure/identity\";\n * import { KeyClient, CryptographyClient } from \"@azure/keyvault-keys\";\n *\n * const credential = new DefaultAzureCredential();\n *\n * const vaultName = \"<YOUR KEYVAULT NAME>\";\n * const url = `https://${vaultName}.vault.azure.net`;\n *\n * const client = new KeyClient(url, credential);\n *\n * const myKey = await client.createKey(\"MyKey\", \"RSA\");\n * const cryptographyClient = new CryptographyClient(myKey.id, credential);\n *\n * const encryptResult = await cryptographyClient.encrypt({\n * algorithm: \"RSA1_5\",\n * plaintext: Buffer.from(\"My Message\"),\n * });\n * console.log(\"encrypt result: \", encryptResult.result);\n * ```\n * @param algorithm - The algorithm to use.\n * @param plaintext - The text to encrypt.\n * @param options - Additional options.\n * @deprecated Use `encrypt({ algorithm, plaintext }, options)` instead.\n */\n public encrypt(\n algorithm: EncryptionAlgorithm,\n plaintext: Uint8Array,\n options?: EncryptOptions,\n ): Promise<EncryptResult>;\n public encrypt(\n ...args:\n | [EncryptParameters, EncryptOptions?]\n | [EncryptionAlgorithm, Uint8Array, EncryptOptions?]\n ): Promise<EncryptResult> {\n const [parameters, options] = this.disambiguateEncryptArguments(args);\n return tracingClient.withSpan(\"CryptographyClient.encrypt\", options, async (updatedOptions) => {\n this.ensureValid(await this.fetchKey(updatedOptions), KnownKeyOperations.Encrypt);\n this.initializeIV(parameters);\n const provider = await this.getProvider(\"encrypt\", parameters.algorithm, updatedOptions);\n try {\n return provider.encrypt(parameters, updatedOptions);\n } catch (error: any) {\n if (this.remoteProvider) {\n return this.remoteProvider.encrypt(parameters, updatedOptions);\n }\n throw error;\n }\n });\n }\n\n private initializeIV(parameters: EncryptParameters): void {\n // For AES-GCM the service **must** generate the IV, so we only populate it for AES-CBC\n const algorithmsRequiringIV: AesCbcEncryptionAlgorithm[] = [\n \"A128CBC\",\n \"A128CBCPAD\",\n \"A192CBC\",\n \"A192CBCPAD\",\n \"A256CBC\",\n \"A256CBCPAD\",\n ];\n\n if (parameters.algorithm in algorithmsRequiringIV) {\n try {\n const cbcParams = parameters as AesCbcEncryptParameters;\n if (!cbcParams.iv) {\n cbcParams.iv = randomBytes(16);\n }\n } catch (e: any) {\n throw new Error(\n `Unable to initialize IV for algorithm ${parameters.algorithm}. You may pass a valid IV to avoid this error. Error: ${e.message}`,\n );\n }\n }\n }\n\n /**\n * Standardizes the arguments of multiple overloads into a single shape.\n * @param args - The encrypt arguments\n */\n private disambiguateEncryptArguments(\n args: [EncryptParameters, EncryptOptions?] | [string, Uint8Array, EncryptOptions?],\n ): [EncryptParameters, EncryptOptions] {\n if (typeof args[0] === \"string\") {\n // Sample shape: [\"RSA1_5\", buffer, options]\n return [\n {\n algorithm: args[0],\n plaintext: args[1],\n } as EncryptParameters,\n args[2] || {},\n ];\n } else {\n // Sample shape: [{ algorithm: \"RSA1_5\", plaintext: buffer }, options]\n return [args[0], (args[1] || {}) as EncryptOptions];\n }\n }\n\n /**\n * Decrypts the given ciphertext with the specified decryption parameters.\n * Depending on the algorithm used in the decryption parameters, the set of possible decryption parameters will change.\n *\n * Microsoft recommends you not use CBC without first ensuring the integrity of the ciphertext using, for example, an HMAC. See https://learn.microsoft.com/dotnet/standard/security/vulnerabilities-cbc-mode for more information.\n *\n * Example usage:\n * ```ts snippet:ReadmeSampleDecrypt\n * import { DefaultAzureCredential } from \"@azure/identity\";\n * import { KeyClient, CryptographyClient } from \"@azure/keyvault-keys\";\n *\n * const credential = new DefaultAzureCredential();\n *\n * const vaultName = \"<YOUR KEYVAULT NAME>\";\n * const url = `https://${vaultName}.vault.azure.net`;\n *\n * const client = new KeyClient(url, credential);\n *\n * const myKey = await client.createKey(\"MyKey\", \"RSA\");\n * const cryptographyClient = new CryptographyClient(myKey.id, credential);\n *\n * const encryptResult = await cryptographyClient.encrypt({\n * algorithm: \"RSA1_5\",\n * plaintext: Buffer.from(\"My Message\"),\n * });\n * console.log(\"encrypt result: \", encryptResult.result);\n *\n * const decryptResult = await cryptographyClient.decrypt({\n * algorithm: \"RSA1_5\",\n * ciphertext: encryptResult.result,\n * });\n * console.log(\"decrypt result: \", decryptResult.result.toString());\n * ```\n * @param decryptParameters - The decryption parameters.\n * @param options - Additional options.\n */\n public async decrypt(\n decryptParameters: DecryptParameters,\n options?: DecryptOptions,\n ): Promise<DecryptResult>;\n /**\n * Decrypts the given ciphertext with the specified cryptography algorithm\n *\n * Example usage:\n * ```ts snippet:ReadmeSampleDecrypt\n * import { DefaultAzureCredential } from \"@azure/identity\";\n * import { KeyClient, CryptographyClient } from \"@azure/keyvault-keys\";\n *\n * const credential = new DefaultAzureCredential();\n *\n * const vaultName = \"<YOUR KEYVAULT NAME>\";\n * const url = `https://${vaultName}.vault.azure.net`;\n *\n * const client = new KeyClient(url, credential);\n *\n * const myKey = await client.createKey(\"MyKey\", \"RSA\");\n * const cryptographyClient = new CryptographyClient(myKey.id, credential);\n *\n * const encryptResult = await cryptographyClient.encrypt({\n * algorithm: \"RSA1_5\",\n * plaintext: Buffer.from(\"My Message\"),\n * });\n * console.log(\"encrypt result: \", encryptResult.result);\n *\n * const decryptResult = await cryptographyClient.decrypt({\n * algorithm: \"RSA1_5\",\n * ciphertext: encryptResult.result,\n * });\n * console.log(\"decrypt result: \", decryptResult.result.toString());\n * ```\n *\n * Microsoft recommends you not use CBC without first ensuring the integrity of the ciphertext using, for example, an HMAC. See https://learn.microsoft.com/dotnet/standard/security/vulnerabilities-cbc-mode for more information.\n *\n * @param algorithm - The algorithm to use.\n * @param ciphertext - The text to decrypt.\n * @param options - Additional options.\n * @deprecated Use `decrypt({ algorithm, ciphertext }, options)` instead.\n */\n public decrypt(\n algorithm: EncryptionAlgorithm,\n ciphertext: Uint8Array,\n options?: DecryptOptions,\n ): Promise<DecryptResult>;\n public decrypt(\n ...args:\n | [DecryptParameters, DecryptOptions?]\n | [EncryptionAlgorithm, Uint8Array, DecryptOptions?]\n ): Promise<DecryptResult> {\n const [parameters, options] = this.disambiguateDecryptArguments(args);\n\n return tracingClient.withSpan(\"CryptographyClient.decrypt\", options, async (updatedOptions) => {\n this.ensureValid(await this.fetchKey(updatedOptions), KnownKeyOperations.Decrypt);\n const provider = await this.getProvider(\"decrypt\", parameters.algorithm, updatedOptions);\n try {\n return provider.decrypt(parameters, updatedOptions);\n } catch (error: any) {\n if (this.remoteProvider) {\n return this.remoteProvider.decrypt(parameters, updatedOptions);\n }\n throw error;\n }\n });\n }\n\n /**\n * Standardizes the arguments of multiple overloads into a single shape.\n * @param args - The decrypt arguments\n */\n private disambiguateDecryptArguments(\n args: [DecryptParameters, DecryptOptions?] | [string, Uint8Array, DecryptOptions?],\n ): [DecryptParameters, DecryptOptions] {\n if (typeof args[0] === \"string\") {\n // Sample shape: [\"RSA1_5\", encryptedBuffer, options]\n return [\n {\n algorithm: args[0],\n ciphertext: args[1],\n } as DecryptParameters,\n args[2] || {},\n ];\n } else {\n // Sample shape: [{ algorithm: \"RSA1_5\", ciphertext: encryptedBuffer }, options]\n return [args[0], (args[1] || {}) as DecryptOptions];\n }\n }\n\n /**\n * Wraps the given key using the specified cryptography algorithm\n *\n * Example usage:\n * ```ts snippet:ReadmeSampleWrapKey\n * import { DefaultAzureCredential } from \"@azure/identity\";\n * import { KeyClient, CryptographyClient } from \"@azure/keyvault-keys\";\n *\n * const credential = new DefaultAzureCredential();\n *\n * const vaultName = \"<YOUR KEYVAULT NAME>\";\n * const url = `https://${vaultName}.vault.azure.net`;\n *\n * const client = new KeyClient(url, credential);\n *\n * const myKey = await client.createKey(\"MyKey\", \"RSA\");\n * const cryptographyClient = new CryptographyClient(myKey, credential);\n *\n * const wrapResult = await cryptographyClient.wrapKey(\"RSA-OAEP\", Buffer.from(\"My Key\"));\n * console.log(\"wrap result:\", wrapResult.result);\n * ```\n * @param algorithm - The encryption algorithm to use to wrap the given key.\n * @param key - The key to wrap.\n * @param options - Additional options.\n */\n public wrapKey(\n algorithm: KeyWrapAlgorithm,\n key: Uint8Array,\n options: WrapKeyOptions = {},\n ): Promise<WrapResult> {\n return tracingClient.withSpan(\"CryptographyClient.wrapKey\", options, async (updatedOptions) => {\n this.ensureValid(await this.fetchKey(updatedOptions), KnownKeyOperations.WrapKey);\n const provider = await this.getProvider(\"wrapKey\", algorithm, updatedOptions);\n try {\n return provider.wrapKey(algorithm, key, updatedOptions);\n } catch (err: any) {\n if (this.remoteProvider) {\n return this.remoteProvider.wrapKey(algorithm, key, options);\n }\n throw err;\n }\n });\n }\n\n /**\n * Unwraps the given wrapped key using the specified cryptography algorithm\n *\n * Example usage:\n * ```ts snippet:ReadmeSampleUnwrapKey\n * import { DefaultAzureCredential } from \"@azure/identity\";\n * import { KeyClient, CryptographyClient } from \"@azure/keyvault-keys\";\n *\n * const credential = new DefaultAzureCredential();\n *\n * const vaultName = \"<YOUR KEYVAULT NAME>\";\n * const url = `https://${vaultName}.vault.azure.net`;\n *\n * const client = new KeyClient(url, credential);\n *\n * const myKey = await client.createKey(\"MyKey\", \"RSA\");\n * const cryptographyClient = new CryptographyClient(myKey, credential);\n *\n * const wrapResult = await cryptographyClient.wrapKey(\"RSA-OAEP\", Buffer.from(\"My Key\"));\n * console.log(\"wrap result:\", wrapResult.result);\n *\n * const unwrapResult = await cryptographyClient.unwrapKey(\"RSA-OAEP\", wrapResult.result);\n * console.log(\"unwrap result: \", unwrapResult.result);\n * ```\n * @param algorithm - The decryption algorithm to use to unwrap the key.\n * @param encryptedKey - The encrypted key to unwrap.\n * @param options - Additional options.\n */\n public unwrapKey(\n algorithm: KeyWrapAlgorithm,\n encryptedKey: Uint8Array,\n options: UnwrapKeyOptions = {},\n ): Promise<UnwrapResult> {\n return tracingClient.withSpan(\n \"CryptographyClient.unwrapKey\",\n options,\n async (updatedOptions) => {\n this.ensureValid(await this.fetchKey(updatedOptions), KnownKeyOperations.UnwrapKey);\n const provider = await this.getProvider(\"unwrapKey\", algorithm, updatedOptions);\n try {\n return provider.unwrapKey(algorithm, encryptedKey, updatedOptions);\n } catch (err: any) {\n if (this.remoteProvider) {\n return this.remoteProvider.unwrapKey(algorithm, encryptedKey, options);\n }\n throw err;\n }\n },\n );\n }\n\n /**\n * Cryptographically sign the digest of a message\n *\n * Example usage:\n * ```ts snippet:ReadmeSampleSign\n * import { DefaultAzureCredential } from \"@azure/identity\";\n * import { KeyClient, CryptographyClient } from \"@azure/keyvault-keys\";\n * import { createHash } from \"node:crypto\";\n *\n * const credential = new DefaultAzureCredential();\n *\n * const vaultName = \"<YOUR KEYVAULT NAME>\";\n * const url = `https://${vaultName}.vault.azure.net`;\n *\n * const client = new KeyClient(url, credential);\n *\n * let myKey = await client.createKey(\"MyKey\", \"RSA\");\n * const cryptographyClient = new CryptographyClient(myKey, credential);\n *\n * const signatureValue = \"MySignature\";\n * const hash = createHash(\"sha256\");\n *\n * const digest = hash.update(signatureValue).digest();\n * console.log(\"digest: \", digest);\n *\n * const signResult = await cryptographyClient.sign(\"RS256\", digest);\n * console.log(\"sign result: \", signResult.result);\n * ```\n * @param algorithm - The signing algorithm to use.\n * @param digest - The digest of the data to sign.\n * @param options - Additional options.\n */\n public sign(\n algorithm: SignatureAlgorithm,\n digest: Uint8Array,\n options: SignOptions = {},\n ): Promise<SignResult> {\n return tracingClient.withSpan(\"CryptographyClient.sign\", options, async (updatedOptions) => {\n this.ensureValid(await this.fetchKey(updatedOptions), KnownKeyOperations.Sign);\n const provider = await this.getProvider(\"sign\", algorithm, updatedOptions);\n try {\n return provider.sign(algorithm, digest, updatedOptions);\n } catch (err: any) {\n if (this.remoteProvider) {\n return this.remoteProvider.sign(algorithm, digest, updatedOptions);\n }\n throw err;\n }\n });\n }\n\n /**\n * Verify the signed message digest\n *\n * Example usage:\n * ```ts snippet:ReadmeSampleVerify\n * import { DefaultAzureCredential } from \"@azure/identity\";\n * import { KeyClient, CryptographyClient } from \"@azure/keyvault-keys\";\n * import { createHash } from \"node:crypto\";\n *\n * const credential = new DefaultAzureCredential();\n *\n * const vaultName = \"<YOUR KEYVAULT NAME>\";\n * const url = `https://${vaultName}.vault.azure.net`;\n *\n * const client = new KeyClient(url, credential);\n *\n * const myKey = await client.createKey(\"MyKey\", \"RSA\");\n * const cryptographyClient = new CryptographyClient(myKey, credential);\n *\n * const hash = createHash(\"sha256\");\n * hash.update(\"My Message\");\n * const digest = hash.digest();\n *\n * const signResult = await cryptographyClient.sign(\"RS256\", digest);\n * console.log(\"sign result: \", signResult.result);\n *\n * const verifyResult = await cryptographyClient.verify(\"RS256\", digest, signResult.result);\n * console.log(\"verify result: \", verifyResult.result);\n * ```\n * @param algorithm - The signing algorithm to use to verify with.\n * @param digest - The digest to verify.\n * @param signature - The signature to verify the digest against.\n * @param options - Additional options.\n */\n public verify(\n algorithm: SignatureAlgorithm,\n digest: Uint8Array,\n signature: Uint8Array,\n options: VerifyOptions = {},\n ): Promise<VerifyResult> {\n return tracingClient.withSpan(\"CryptographyClient.verify\", options, async (updatedOptions) => {\n this.ensureValid(await this.fetchKey(updatedOptions), KnownKeyOperations.Verify);\n const provider = await this.getProvider(\"verify\", algorithm, updatedOptions);\n try {\n return provider.verify(algorithm, digest, signature, updatedOptions);\n } catch (err: any) {\n if (this.remoteProvider) {\n return this.remoteProvider.verify(algorithm, digest, signature, updatedOptions);\n }\n throw err;\n }\n });\n }\n\n /**\n * Cryptographically sign a block of data\n *\n * Example usage:\n * ```ts snippet:ReadmeSampleSignData\n * import { DefaultAzureCredential } from \"@azure/identity\";\n * import { KeyClient, CryptographyClient } from \"@azure/keyvault-keys\";\n *\n * const credential = new DefaultAzureCredential();\n *\n * const vaultName = \"<YOUR KEYVAULT NAME>\";\n * const url = `https://${vaultName}.vault.azure.net`;\n *\n * const client = new KeyClient(url, credential);\n *\n * const myKey = await client.createKey(\"MyKey\", \"RSA\");\n * const cryptographyClient = new CryptographyClient(myKey, credential);\n *\n * const signResult = await cryptographyClient.signData(\"RS256\", Buffer.from(\"My Message\"));\n * console.log(\"sign result: \", signResult.result);\n * ```\n * @param algorithm - The signing algorithm to use.\n * @param data - The data to sign.\n * @param options - Additional options.\n */\n public signData(\n algorithm: SignatureAlgorithm,\n data: Uint8Array,\n // eslint-disable-next-line @azure/azure-sdk/ts-naming-options\n options: SignOptions = {},\n ): Promise<SignResult> {\n return tracingClient.withSpan(\n \"CryptographyClient.signData\",\n options,\n async (updatedOptions) => {\n this.ensureValid(await this.fetchKey(updatedOptions), KnownKeyOperations.Sign);\n const provider = await this.getProvider(\"signData\", algorithm, updatedOptions);\n try {\n return provider.signData(algorithm, data, updatedOptions);\n } catch (err: any) {\n if (this.remoteProvider) {\n return this.remoteProvider.signData(algorithm, data, options);\n }\n throw err;\n }\n },\n );\n }\n\n /**\n * Verify the signed block of data\n *\n * Example usage:\n * ```ts snippet:ReadmeSampleVerifyData\n * import { DefaultAzureCredential } from \"@azure/identity\";\n * import { KeyClient, CryptographyClient } from \"@azure/keyvault-keys\";\n *\n * const credential = new DefaultAzureCredential();\n *\n * const vaultName = \"<YOUR KEYVAULT NAME>\";\n * const url = `https://${vaultName}.vault.azure.net`;\n *\n * const client = new KeyClient(url, credential);\n *\n * const myKey = await client.createKey(\"MyKey\", \"RSA\");\n * const cryptographyClient = new CryptographyClient(myKey, credential);\n *\n * const buffer = Buffer.from(\"My Message\");\n *\n * const signResult = await cryptographyClient.signData(\"RS256\", buffer);\n * console.log(\"sign result: \", signResult.result);\n *\n * const verifyResult = await cryptographyClient.verifyData(\"RS256\", buffer, signResult.result);\n * console.log(\"verify result: \", verifyResult.result);\n * ```\n * @param algorithm - The algorithm to use to verify with.\n * @param data - The signed block of data to verify.\n * @param signature - The signature to verify the block against.\n * @param options - Additional options.\n */\n public verifyData(\n algorithm: SignatureAlgorithm,\n data: Uint8Array,\n signature: Uint8Array,\n // eslint-disable-next-line @azure/azure-sdk/ts-naming-options\n options: VerifyOptions = {},\n ): Promise<VerifyResult> {\n return tracingClient.withSpan(\n \"CryptographyClient.verifyData\",\n options,\n async (updatedOptions) => {\n this.ensureValid(await this.fetchKey(updatedOptions), KnownKeyOperations.Verify);\n const provider = await this.getProvider(\"verifyData\", algorithm, updatedOptions);\n try {\n return provider.verifyData(algorithm, data, signature, updatedOptions);\n } catch (err: any) {\n if (this.remoteProvider) {\n return this.remoteProvider.verifyData(algorithm, data, signature, updatedOptions);\n }\n throw err;\n }\n },\n );\n }\n\n /**\n * Retrieves the {@link JsonWebKey} from the Key Vault, if possible. Returns undefined if the key could not be retrieved due to insufficient permissions.\n * @param options - The additional options.\n */\n private async getKeyMaterial(options: GetKeyOptions): Promise<JsonWebKey | undefined> {\n const key = await this.fetchKey(options);\n\n switch (key.kind) {\n case \"JsonWebKey\":\n return key.value;\n case \"KeyVaultKey\":\n return key.value.key!;\n default:\n return undefined;\n }\n }\n\n /**\n * Returns the underlying key used for cryptographic operations.\n * If needed, attempts to fetch the key from KeyVault and exchanges the ID for the actual key.\n * @param options - The additional options.\n */\n private async fetchKey<T extends OperationOptions>(options: T): Promise<CryptographyClientKey> {\n if (this.key.kind === \"identifier\") {\n // Exchange the identifier with the actual key when needed\n let key: KeyVaultKey | undefined;\n try {\n key = await this.remoteProvider!.getKey(options);\n } catch (e: unknown) {\n if (isRestError(e) && e.statusCode === 403) {\n // If we don't have permission to get the key, we'll fall back to using the remote provider.\n // Marking the key as a remoteOnlyIdentifier will ensure that we don't attempt to fetch the key again.\n logger.verbose(\n `Permission denied to get key ${this.key.value}. Falling back to remote operation.`,\n );\n this.key = { kind: \"remoteOnlyIdentifier\", value: this.key.value };\n } else {\n throw e;\n }\n }\n\n if (key) {\n this.key = { kind: \"KeyVaultKey\", value: key };\n }\n }\n\n return this.key;\n }\n\n private providers?: CryptographyProvider[];\n /**\n * Gets the provider that support this algorithm and operation.\n * The available providers are ordered by priority such that the first provider that supports this\n * operation is the one we should use.\n * @param operation - The {@link KeyOperation}.\n * @param algorithm - The algorithm to use.\n */\n private async getProvider<T extends OperationOptions>(\n operation: CryptographyProviderOperation,\n algorithm: string,\n options: T,\n ): Promise<CryptographyProvider> {\n if (!this.providers) {\n const keyMaterial = await this.getKeyMaterial(options);\n this.providers = [];\n\n // Add local crypto providers as needed\n if (keyMaterial) {\n this.providers.push(\n new RsaCryptographyProvider(keyMaterial),\n new AesCryptographyProvider(keyMaterial),\n );\n }\n\n // If the remote provider exists, we're in hybrid-mode. Otherwise we're in local-only mode.\n // If we're in hybrid mode the remote provider is used as a catch-all and should be last in the list.\n if (this.remoteProvider) {\n this.providers.push(this.remoteProvider);\n }\n }\n\n const providers = this.providers.filter((p) => p.isSupported(algorithm, operation));\n\n if (providers.length === 0) {\n throw new Error(\n `Unable to support operation: \"${operation}\" with algorithm: \"${algorithm}\" ${\n this.key.kind === \"JsonWebKey\" ? \"using a local JsonWebKey\" : \"\"\n }`,\n );\n }\n\n // Return the first provider that supports this request\n return providers[0];\n }\n\n private ensureValid(key: CryptographyClientKey, operation?: KeyOperation): void {\n if (key.kind === \"KeyVaultKey\") {\n const keyOps = key.value.keyOperations;\n const { notBefore, expiresOn } = key.value.properties;\n const now = new Date();\n\n // Check KeyVault Key Expiration\n if (notBefore && now < notBefore) {\n throw new Error(`Key ${key.value.id} can't be used before ${notBefore.toISOString()}`);\n }\n\n if (expiresOn && now > expiresOn) {\n throw new Error(`Key ${key.value.id} expired at ${expiresOn.toISOString()}`);\n }\n\n // Check Key operations\n if (operation && keyOps && !keyOps?.includes(operation)) {\n throw new Error(`Operation ${operation} is not supported on key ${key.value.id}`);\n }\n } else if (key.kind === \"JsonWebKey\") {\n // Check JsonWebKey Key operations\n if (operation && key.value.keyOps && !key.value.keyOps?.includes(operation)) {\n throw new Error(`Operation ${operation} is not supported on key ${key.value.kid}`);\n }\n }\n }\n}\n"]}
package/dist/commonjs/generated/src/api/keyVaultContext.js CHANGED
@@ -3,26 +3,29 @@
3
3
  // Licensed under the MIT License.
4
4
  Object.defineProperty(exports, "__esModule", { value: true });
5
5
  exports.createKeyVault = createKeyVault;
6
- const tslib_1 = require("tslib");
7
6
  const logger_js_1 = require("../logger.js");
8
7
  const core_client_1 = require("@azure-rest/core-client");
9
8
  /** The key vault client performs cryptographic key operations and vault operations against the Key Vault service. */
10
9
  function createKeyVault(endpointParam, credential, options = {}) {
11
- var _a, _b, _c, _d, _e, _f, _g, _h;
12
- const endpointUrl = (_b = (_a = options.endpoint) !== null && _a !== void 0 ? _a : options.baseUrl) !== null && _b !== void 0 ? _b : String(endpointParam);
13
- const prefixFromOptions = (_c = options === null || options === void 0 ? void 0 : options.userAgentOptions) === null || _c === void 0 ? void 0 : _c.userAgentPrefix;
10
+ const endpointUrl = options.endpoint ?? options.baseUrl ?? String(endpointParam);
11
+ const prefixFromOptions = options?.userAgentOptions?.userAgentPrefix;
14
12
  const userAgentInfo = `azsdk-js-keyvault-keys/1.0.0-beta.1`;
15
13
  const userAgentPrefix = prefixFromOptions
16
14
  ? `${prefixFromOptions} azsdk-js-api ${userAgentInfo}`
17
15
  : `azsdk-js-api ${userAgentInfo}`;
18
- const _j = Object.assign(Object.assign({}, options), { userAgentOptions: { userAgentPrefix }, loggingOptions: { logger: (_e = (_d = options.loggingOptions) === null || _d === void 0 ? void 0 : _d.logger) !== null && _e !== void 0 ? _e : logger_js_1.logger.info }, credentials: {
19
- scopes: (_g = (_f = options.credentials) === null || _f === void 0 ? void 0 : _f.scopes) !== null && _g !== void 0 ? _g : [
16
+ const { apiVersion: _, ...updatedOptions } = {
17
+ ...options,
18
+ userAgentOptions: { userAgentPrefix },
19
+ loggingOptions: { logger: options.loggingOptions?.logger ?? logger_js_1.logger.info },
20
+ credentials: {
21
+ scopes: options.credentials?.scopes ?? [
20
22
  "https://vault.azure.net/.default",
21
23
  ],
22
- } }), { apiVersion: _ } = _j, updatedOptions = tslib_1.__rest(_j, ["apiVersion"]);
24
+ },
25
+ };
23
26
  const clientContext = (0, core_client_1.getClient)(endpointUrl, credential, updatedOptions);
24
27
  clientContext.pipeline.removePolicy({ name: "ApiVersionPolicy" });
25
- const apiVersion = (_h = options.apiVersion) !== null && _h !== void 0 ? _h : "7.6";
28
+ const apiVersion = options.apiVersion ?? "7.6";
26
29
  clientContext.pipeline.addPolicy({
27
30
  name: "ClientApiVersionPolicy",
28
31
  sendRequest: (req, next) => {
@@ -35,6 +38,6 @@ function createKeyVault(endpointParam, credential, options = {}) {
35
38
  return next(req);
36
39
  },
37
40
  });
38
- return Object.assign(Object.assign({}, clientContext), { apiVersion });
41
+ return { ...clientContext, apiVersion };
39
42
  }
40
43
  //# sourceMappingURL=keyVaultContext.js.map
package/dist/commonjs/generated/src/api/keyVaultContext.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"keyVaultContext.js","sourceRoot":"","sources":["../../../../../src/generated/src/api/keyVaultContext.ts"],"names":[],"mappings":";AAAA,uCAAuC;AACvC,kCAAkC;;AAsBlC,wCAyCC;;AA7DD,4CAAsC;AAEtC,yDAA2E;AAiB3E,qHAAqH;AACrH,SAAgB,cAAc,CAC5B,aAAqB,EACrB,UAA2B,EAC3B,UAAwC,EAAE;;IAE1C,MAAM,WAAW,GACf,MAAA,MAAA,OAAO,CAAC,QAAQ,mCAAI,OAAO,CAAC,OAAO,mCAAI,MAAM,CAAC,aAAa,CAAC,CAAC;IAC/D,MAAM,iBAAiB,GAAG,MAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,gBAAgB,0CAAE,eAAe,CAAC;IACrE,MAAM,aAAa,GAAG,qCAAqC,CAAC;IAC5D,MAAM,eAAe,GAAG,iBAAiB;QACvC,CAAC,CAAC,GAAG,iBAAiB,iBAAiB,aAAa,EAAE;QACtD,CAAC,CAAC,gBAAgB,aAAa,EAAE,CAAC;IACpC,MAAM,qCACD,OAAO,KACV,gBAAgB,EAAE,EAAE,eAAe,EAAE,EACrC,cAAc,EAAE,EAAE,MAAM,EAAE,MAAA,MAAA,OAAO,CAAC,cAAc,0CAAE,MAAM,mCAAI,kBAAM,CAAC,IAAI,EAAE,EACzE,WAAW,EAAE;YACX,MAAM,EAAE,MAAA,MAAA,OAAO,CAAC,WAAW,0CAAE,MAAM,mCAAI;gBACrC,kCAAkC;aACnC;SACF,GACF,EATK,EAAE,UAAU,EAAE,CAAC,OASpB,EATyB,cAAc,sBAAlC,cAAoC,CASzC,CAAC;IACF,MAAM,aAAa,GAAG,IAAA,uBAAS,EAAC,WAAW,EAAE,UAAU,EAAE,cAAc,CAAC,CAAC;IACzE,aAAa,CAAC,QAAQ,CAAC,YAAY,CAAC,EAAE,IAAI,EAAE,kBAAkB,EAAE,CAAC,CAAC;IAClE,MAAM,UAAU,GAAG,MAAA,OAAO,CAAC,UAAU,mCAAI,KAAK,CAAC;IAC/C,aAAa,CAAC,QAAQ,CAAC,SAAS,CAAC;QAC/B,IAAI,EAAE,wBAAwB;QAC9B,WAAW,EAAE,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE;YACzB,qDAAqD;YACrD,yEAAyE;YACzE,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;YAC7B,IAAI,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,aAAa,CAAC,EAAE,CAAC;gBACzC,GAAG,CAAC,GAAG,GAAG,GAAG,GAAG,CAAC,GAAG,GAClB,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,YAAY,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GACzD,eAAe,UAAU,EAAE,CAAC;YAC9B,CAAC;YAED,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC;QACnB,CAAC;KACF,CAAC,CAAC;IACH,OAAO,gCAAK,aAAa,KAAE,UAAU,GAAqB,CAAC;AAC7D,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport { logger } from \"../logger.js\";\nimport { KnownVersions } from \"../models/models.js\";\nimport { Client, ClientOptions, getClient } from \"@azure-rest/core-client\";\nimport { TokenCredential } from \"@azure/core-auth\";\n\n/** The key vault client performs cryptographic key operations and vault operations against the Key Vault service. */\nexport interface KeyVaultContext extends Client {\n /** The API version to use for this operation. */\n /** Known values of {@link KnownVersions} that the service accepts. */\n apiVersion: string;\n}\n\n/** Optional parameters for the client. */\nexport interface KeyVaultClientOptionalParams extends ClientOptions {\n /** The API version to use for this operation. */\n /** Known values of {@link KnownVersions} that the service accepts. */\n apiVersion?: string;\n}\n\n/** The key vault client performs cryptographic key operations and vault operations against the Key Vault service. */\nexport function createKeyVault(\n endpointParam: string,\n credential: TokenCredential,\n options: KeyVaultClientOptionalParams = {},\n): KeyVaultContext {\n const endpointUrl =\n options.endpoint ?? options.baseUrl ?? String(endpointParam);\n const prefixFromOptions = options?.userAgentOptions?.userAgentPrefix;\n const userAgentInfo = `azsdk-js-keyvault-keys/1.0.0-beta.1`;\n const userAgentPrefix = prefixFromOptions\n ? `${prefixFromOptions} azsdk-js-api ${userAgentInfo}`\n : `azsdk-js-api ${userAgentInfo}`;\n const { apiVersion: _, ...updatedOptions } = {\n ...options,\n userAgentOptions: { userAgentPrefix },\n loggingOptions: { logger: options.loggingOptions?.logger ?? logger.info },\n credentials: {\n scopes: options.credentials?.scopes ?? [\n \"https://vault.azure.net/.default\",\n ],\n },\n };\n const clientContext = getClient(endpointUrl, credential, updatedOptions);\n clientContext.pipeline.removePolicy({ name: \"ApiVersionPolicy\" });\n const apiVersion = options.apiVersion ?? \"7.6\";\n clientContext.pipeline.addPolicy({\n name: \"ClientApiVersionPolicy\",\n sendRequest: (req, next) => {\n // Use the apiVersion defined in request url directly\n // Append one if there is no apiVersion and we have one at client options\n const url = new URL(req.url);\n if (!url.searchParams.get(\"api-version\")) {\n req.url = `${req.url}${\n Array.from(url.searchParams.keys()).length > 0 ? \"&\" : \"?\"\n }api-version=${apiVersion}`;\n }\n\n return next(req);\n },\n });\n return { ...clientContext, apiVersion } as KeyVaultContext;\n}\n"]}
1
+ {"version":3,"file":"keyVaultContext.js","sourceRoot":"","sources":["../../../../../src/generated/src/api/keyVaultContext.ts"],"names":[],"mappings":";AAAA,uCAAuC;AACvC,kCAAkC;;AAsBlC,wCAyCC;AA7DD,4CAAsC;AAEtC,yDAA2E;AAiB3E,qHAAqH;AACrH,SAAgB,cAAc,CAC5B,aAAqB,EACrB,UAA2B,EAC3B,UAAwC,EAAE;IAE1C,MAAM,WAAW,GACf,OAAO,CAAC,QAAQ,IAAI,OAAO,CAAC,OAAO,IAAI,MAAM,CAAC,aAAa,CAAC,CAAC;IAC/D,MAAM,iBAAiB,GAAG,OAAO,EAAE,gBAAgB,EAAE,eAAe,CAAC;IACrE,MAAM,aAAa,GAAG,qCAAqC,CAAC;IAC5D,MAAM,eAAe,GAAG,iBAAiB;QACvC,CAAC,CAAC,GAAG,iBAAiB,iBAAiB,aAAa,EAAE;QACtD,CAAC,CAAC,gBAAgB,aAAa,EAAE,CAAC;IACpC,MAAM,EAAE,UAAU,EAAE,CAAC,EAAE,GAAG,cAAc,EAAE,GAAG;QAC3C,GAAG,OAAO;QACV,gBAAgB,EAAE,EAAE,eAAe,EAAE;QACrC,cAAc,EAAE,EAAE,MAAM,EAAE,OAAO,CAAC,cAAc,EAAE,MAAM,IAAI,kBAAM,CAAC,IAAI,EAAE;QACzE,WAAW,EAAE;YACX,MAAM,EAAE,OAAO,CAAC,WAAW,EAAE,MAAM,IAAI;gBACrC,kCAAkC;aACnC;SACF;KACF,CAAC;IACF,MAAM,aAAa,GAAG,IAAA,uBAAS,EAAC,WAAW,EAAE,UAAU,EAAE,cAAc,CAAC,CAAC;IACzE,aAAa,CAAC,QAAQ,CAAC,YAAY,CAAC,EAAE,IAAI,EAAE,kBAAkB,EAAE,CAAC,CAAC;IAClE,MAAM,UAAU,GAAG,OAAO,CAAC,UAAU,IAAI,KAAK,CAAC;IAC/C,aAAa,CAAC,QAAQ,CAAC,SAAS,CAAC;QAC/B,IAAI,EAAE,wBAAwB;QAC9B,WAAW,EAAE,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE;YACzB,qDAAqD;YACrD,yEAAyE;YACzE,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;YAC7B,IAAI,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,aAAa,CAAC,EAAE,CAAC;gBACzC,GAAG,CAAC,GAAG,GAAG,GAAG,GAAG,CAAC,GAAG,GAClB,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,YAAY,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GACzD,eAAe,UAAU,EAAE,CAAC;YAC9B,CAAC;YAED,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC;QACnB,CAAC;KACF,CAAC,CAAC;IACH,OAAO,EAAE,GAAG,aAAa,EAAE,UAAU,EAAqB,CAAC;AAC7D,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport { logger } from \"../logger.js\";\nimport { KnownVersions } from \"../models/models.js\";\nimport { Client, ClientOptions, getClient } from \"@azure-rest/core-client\";\nimport { TokenCredential } from \"@azure/core-auth\";\n\n/** The key vault client performs cryptographic key operations and vault operations against the Key Vault service. */\nexport interface KeyVaultContext extends Client {\n /** The API version to use for this operation. */\n /** Known values of {@link KnownVersions} that the service accepts. */\n apiVersion: string;\n}\n\n/** Optional parameters for the client. */\nexport interface KeyVaultClientOptionalParams extends ClientOptions {\n /** The API version to use for this operation. */\n /** Known values of {@link KnownVersions} that the service accepts. */\n apiVersion?: string;\n}\n\n/** The key vault client performs cryptographic key operations and vault operations against the Key Vault service. */\nexport function createKeyVault(\n endpointParam: string,\n credential: TokenCredential,\n options: KeyVaultClientOptionalParams = {},\n): KeyVaultContext {\n const endpointUrl =\n options.endpoint ?? options.baseUrl ?? String(endpointParam);\n const prefixFromOptions = options?.userAgentOptions?.userAgentPrefix;\n const userAgentInfo = `azsdk-js-keyvault-keys/1.0.0-beta.1`;\n const userAgentPrefix = prefixFromOptions\n ? `${prefixFromOptions} azsdk-js-api ${userAgentInfo}`\n : `azsdk-js-api ${userAgentInfo}`;\n const { apiVersion: _, ...updatedOptions } = {\n ...options,\n userAgentOptions: { userAgentPrefix },\n loggingOptions: { logger: options.loggingOptions?.logger ?? logger.info },\n credentials: {\n scopes: options.credentials?.scopes ?? [\n \"https://vault.azure.net/.default\",\n ],\n },\n };\n const clientContext = getClient(endpointUrl, credential, updatedOptions);\n clientContext.pipeline.removePolicy({ name: \"ApiVersionPolicy\" });\n const apiVersion = options.apiVersion ?? \"7.6\";\n clientContext.pipeline.addPolicy({\n name: \"ClientApiVersionPolicy\",\n sendRequest: (req, next) => {\n // Use the apiVersion defined in request url directly\n // Append one if there is no apiVersion and we have one at client options\n const url = new URL(req.url);\n if (!url.searchParams.get(\"api-version\")) {\n req.url = `${req.url}${\n Array.from(url.searchParams.keys()).length > 0 ? \"&\" : \"?\"\n }api-version=${apiVersion}`;\n }\n\n return next(req);\n },\n });\n return { ...clientContext, apiVersion } as KeyVaultContext;\n}\n"]}