@azure/keyvault-keys 4.10.1-alpha.20250717.1 → 4.10.1-alpha.20250722.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (100) hide show
  1. package/dist/browser/cryptography/remoteCryptographyProvider.js +34 -11
  2. package/dist/browser/cryptography/remoteCryptographyProvider.js.map +1 -1
  3. package/dist/browser/cryptographyClient.js +12 -5
  4. package/dist/browser/cryptographyClient.js.map +1 -1
  5. package/dist/browser/generated/src/api/keyVaultContext.js +12 -9
  6. package/dist/browser/generated/src/api/keyVaultContext.js.map +1 -1
  7. package/dist/browser/generated/src/api/operations.js +229 -78
  8. package/dist/browser/generated/src/api/operations.js.map +1 -1
  9. package/dist/browser/generated/src/keyVaultClient.js +8 -3
  10. package/dist/browser/generated/src/keyVaultClient.js.map +1 -1
  11. package/dist/browser/generated/src/static-helpers/pagingHelpers.js +31 -50
  12. package/dist/browser/generated/src/static-helpers/pagingHelpers.js.map +1 -1
  13. package/dist/browser/generated/src/static-helpers/urlTemplate.js +2 -2
  14. package/dist/browser/generated/src/static-helpers/urlTemplate.js.map +1 -1
  15. package/dist/browser/identifier.js +4 -1
  16. package/dist/browser/identifier.js.map +1 -1
  17. package/dist/browser/index.js +43 -29
  18. package/dist/browser/index.js.map +1 -1
  19. package/dist/browser/lro/delete/operation.js +3 -0
  20. package/dist/browser/lro/delete/operation.js.map +1 -1
  21. package/dist/browser/lro/delete/poller.js +4 -1
  22. package/dist/browser/lro/delete/poller.js.map +1 -1
  23. package/dist/browser/lro/keyVaultKeyPoller.js +6 -8
  24. package/dist/browser/lro/keyVaultKeyPoller.js.map +1 -1
  25. package/dist/browser/lro/recover/operation.js +5 -2
  26. package/dist/browser/lro/recover/operation.js.map +1 -1
  27. package/dist/browser/lro/recover/poller.js +4 -1
  28. package/dist/browser/lro/recover/poller.js.map +1 -1
  29. package/dist/browser/transformations.js +30 -41
  30. package/dist/browser/transformations.js.map +1 -1
  31. package/dist/commonjs/cryptography/aesCryptographyProvider.js +25 -25
  32. package/dist/commonjs/cryptography/aesCryptographyProvider.js.map +1 -1
  33. package/dist/commonjs/cryptography/remoteCryptographyProvider.js +34 -11
  34. package/dist/commonjs/cryptography/remoteCryptographyProvider.js.map +1 -1
  35. package/dist/commonjs/cryptography/rsaCryptographyProvider.js +39 -36
  36. package/dist/commonjs/cryptography/rsaCryptographyProvider.js.map +1 -1
  37. package/dist/commonjs/cryptographyClient.js +12 -5
  38. package/dist/commonjs/cryptographyClient.js.map +1 -1
  39. package/dist/commonjs/generated/src/api/keyVaultContext.js +12 -9
  40. package/dist/commonjs/generated/src/api/keyVaultContext.js.map +1 -1
  41. package/dist/commonjs/generated/src/api/operations.js +229 -78
  42. package/dist/commonjs/generated/src/api/operations.js.map +1 -1
  43. package/dist/commonjs/generated/src/keyVaultClient.js +8 -3
  44. package/dist/commonjs/generated/src/keyVaultClient.js.map +1 -1
  45. package/dist/commonjs/generated/src/static-helpers/pagingHelpers.js +31 -50
  46. package/dist/commonjs/generated/src/static-helpers/pagingHelpers.js.map +1 -1
  47. package/dist/commonjs/generated/src/static-helpers/urlTemplate.js +2 -2
  48. package/dist/commonjs/generated/src/static-helpers/urlTemplate.js.map +1 -1
  49. package/dist/commonjs/identifier.js +4 -1
  50. package/dist/commonjs/identifier.js.map +1 -1
  51. package/dist/commonjs/index.js +43 -29
  52. package/dist/commonjs/index.js.map +1 -1
  53. package/dist/commonjs/lro/delete/operation.js +3 -0
  54. package/dist/commonjs/lro/delete/operation.js.map +1 -1
  55. package/dist/commonjs/lro/delete/poller.js +4 -1
  56. package/dist/commonjs/lro/delete/poller.js.map +1 -1
  57. package/dist/commonjs/lro/keyVaultKeyPoller.js +6 -8
  58. package/dist/commonjs/lro/keyVaultKeyPoller.js.map +1 -1
  59. package/dist/commonjs/lro/recover/operation.js +5 -2
  60. package/dist/commonjs/lro/recover/operation.js.map +1 -1
  61. package/dist/commonjs/lro/recover/poller.js +4 -1
  62. package/dist/commonjs/lro/recover/poller.js.map +1 -1
  63. package/dist/commonjs/transformations.js +30 -41
  64. package/dist/commonjs/transformations.js.map +1 -1
  65. package/dist/commonjs/tsdoc-metadata.json +11 -11
  66. package/dist/esm/cryptography/aesCryptographyProvider.js +25 -25
  67. package/dist/esm/cryptography/aesCryptographyProvider.js.map +1 -1
  68. package/dist/esm/cryptography/remoteCryptographyProvider.js +34 -11
  69. package/dist/esm/cryptography/remoteCryptographyProvider.js.map +1 -1
  70. package/dist/esm/cryptography/rsaCryptographyProvider.js +39 -36
  71. package/dist/esm/cryptography/rsaCryptographyProvider.js.map +1 -1
  72. package/dist/esm/cryptographyClient.js +12 -5
  73. package/dist/esm/cryptographyClient.js.map +1 -1
  74. package/dist/esm/generated/src/api/keyVaultContext.js +12 -9
  75. package/dist/esm/generated/src/api/keyVaultContext.js.map +1 -1
  76. package/dist/esm/generated/src/api/operations.js +229 -78
  77. package/dist/esm/generated/src/api/operations.js.map +1 -1
  78. package/dist/esm/generated/src/keyVaultClient.js +8 -3
  79. package/dist/esm/generated/src/keyVaultClient.js.map +1 -1
  80. package/dist/esm/generated/src/static-helpers/pagingHelpers.js +31 -50
  81. package/dist/esm/generated/src/static-helpers/pagingHelpers.js.map +1 -1
  82. package/dist/esm/generated/src/static-helpers/urlTemplate.js +2 -2
  83. package/dist/esm/generated/src/static-helpers/urlTemplate.js.map +1 -1
  84. package/dist/esm/identifier.js +4 -1
  85. package/dist/esm/identifier.js.map +1 -1
  86. package/dist/esm/index.js +43 -29
  87. package/dist/esm/index.js.map +1 -1
  88. package/dist/esm/lro/delete/operation.js +3 -0
  89. package/dist/esm/lro/delete/operation.js.map +1 -1
  90. package/dist/esm/lro/delete/poller.js +4 -1
  91. package/dist/esm/lro/delete/poller.js.map +1 -1
  92. package/dist/esm/lro/keyVaultKeyPoller.js +6 -8
  93. package/dist/esm/lro/keyVaultKeyPoller.js.map +1 -1
  94. package/dist/esm/lro/recover/operation.js +5 -2
  95. package/dist/esm/lro/recover/operation.js.map +1 -1
  96. package/dist/esm/lro/recover/poller.js +4 -1
  97. package/dist/esm/lro/recover/poller.js.map +1 -1
  98. package/dist/esm/transformations.js +30 -41
  99. package/dist/esm/transformations.js.map +1 -1
  100. package/package.json +2 -2
package/dist/browser/cryptography/remoteCryptographyProvider.js CHANGED
@@ -1,6 +1,5 @@
1
1
  // Copyright (c) Microsoft Corporation.
2
2
  // Licensed under the MIT License.
3
- import { __rest } from "tslib";
4
3
  import { SDK_VERSION } from "../constants.js";
5
4
  import { KeyVaultClient } from "../generated/src/index.js";
6
5
  import { parseKeyVaultKeyIdentifier } from "../identifier.js";
@@ -17,7 +16,6 @@ import { bearerTokenAuthenticationPolicyName } from "@azure/core-rest-pipeline";
17
16
  */
18
17
  export class RemoteCryptographyProvider {
19
18
  constructor(key, credential, pipelineOptions = {}) {
20
- var _a;
21
19
  this.key = key;
22
20
  let keyId;
23
21
  if (typeof key === "string") {
@@ -36,7 +34,7 @@ export class RemoteCryptographyProvider {
36
34
  }
37
35
  this.vaultUrl = parsed.vaultUrl;
38
36
  this.name = parsed.name;
39
- this.version = (_a = parsed.version) !== null && _a !== void 0 ? _a : "";
37
+ this.version = parsed.version ?? "";
40
38
  this.client = getOrInitializeClient(this.vaultUrl, credential, pipelineOptions);
41
39
  }
42
40
  catch (err) {
@@ -49,8 +47,8 @@ export class RemoteCryptographyProvider {
49
47
  return true;
50
48
  }
51
49
  encrypt(encryptParameters, options = {}) {
52
- const { algorithm, plaintext } = encryptParameters, params = __rest(encryptParameters, ["algorithm", "plaintext"]);
53
- const requestOptions = Object.assign(Object.assign({}, options), params);
50
+ const { algorithm, plaintext, ...params } = encryptParameters;
51
+ const requestOptions = { ...options, ...params };
54
52
  return tracingClient.withSpan("RemoteCryptographyProvider.encrypt", requestOptions, async (updatedOptions) => {
55
53
  const result = await this.client.encrypt(this.name, this.version, {
56
54
  algorithm,
@@ -71,8 +69,8 @@ export class RemoteCryptographyProvider {
71
69
  });
72
70
  }
73
71
  decrypt(decryptParameters, options = {}) {
74
- const { algorithm, ciphertext } = decryptParameters, params = __rest(decryptParameters, ["algorithm", "ciphertext"]);
75
- const requestOptions = Object.assign(Object.assign({}, options), params);
72
+ const { algorithm, ciphertext, ...params } = decryptParameters;
73
+ const requestOptions = { ...options, ...params };
76
74
  return tracingClient.withSpan("RemoteCryptographyProvider.decrypt", requestOptions, async (updatedOptions) => {
77
75
  const result = await this.client.decrypt(this.name, this.version, {
78
76
  algorithm,
@@ -156,6 +154,10 @@ export class RemoteCryptographyProvider {
156
154
  return { result: result.result, algorithm, keyID: this.getKeyID() };
157
155
  });
158
156
  }
157
+ /**
158
+ * The base URL to the vault.
159
+ */
160
+ vaultUrl;
159
161
  /**
160
162
  * The ID of the key used to perform cryptographic operations for the client.
161
163
  */
@@ -179,6 +181,24 @@ export class RemoteCryptographyProvider {
179
181
  return this.key;
180
182
  });
181
183
  }
184
+ /**
185
+ * A reference to the auto-generated KeyVault HTTP client.
186
+ */
187
+ client;
188
+ /**
189
+ * A reference to the key used for the cryptographic operations.
190
+ * Based on what was provided to the CryptographyClient constructor,
191
+ * it can be either a string with the URL of a Key Vault Key, or an already parsed {@link KeyVaultKey}.
192
+ */
193
+ key;
194
+ /**
195
+ * Name of the key the client represents
196
+ */
197
+ name;
198
+ /**
199
+ * Version of the key the client represents
200
+ */
201
+ version;
182
202
  /**
183
203
  * Attempts to retrieve the ID of the key.
184
204
  */
@@ -213,14 +233,18 @@ function getOrInitializeClient(vaultUrl, credential, options) {
213
233
  ? `${userAgentOptions.userAgentPrefix} ${libInfo}`
214
234
  : libInfo,
215
235
  };
216
- const internalPipelineOptions = Object.assign(Object.assign({}, options), { apiVersion: options.serviceVersion || LATEST_API_VERSION, loggingOptions: {
236
+ const internalPipelineOptions = {
237
+ ...options,
238
+ apiVersion: options.serviceVersion || LATEST_API_VERSION,
239
+ loggingOptions: {
217
240
  logger: logger.info,
218
241
  additionalAllowedHeaderNames: [
219
242
  "x-ms-keyvault-region",
220
243
  "x-ms-keyvault-network-info",
221
244
  "x-ms-keyvault-service-version",
222
245
  ],
223
- } });
246
+ },
247
+ };
224
248
  const client = new KeyVaultClient(vaultUrl, credential, internalPipelineOptions);
225
249
  client.pipeline.removePolicy({ name: bearerTokenAuthenticationPolicyName });
226
250
  client.pipeline.addPolicy(keyVaultAuthenticationPolicy(credential, options));
@@ -228,8 +252,7 @@ function getOrInitializeClient(vaultUrl, credential, options) {
228
252
  client.pipeline.addPolicy({
229
253
  name: "ContentTypePolicy",
230
254
  sendRequest(request, next) {
231
- var _a;
232
- const contentType = (_a = request.headers.get("Content-Type")) !== null && _a !== void 0 ? _a : "";
255
+ const contentType = request.headers.get("Content-Type") ?? "";
233
256
  if (contentType.startsWith("application/json")) {
234
257
  request.headers.set("Content-Type", "application/json");
235
258
  }
package/dist/browser/cryptography/remoteCryptographyProvider.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"remoteCryptographyProvider.js","sourceRoot":"","sources":["../../../src/cryptography/remoteCryptographyProvider.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;;AAoBlC,OAAO,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAG9C,OAAO,EAAE,cAAc,EAAE,MAAM,2BAA2B,CAAC;AAC3D,OAAO,EAAE,0BAA0B,EAAE,MAAM,kBAAkB,CAAC;AAE9D,OAAO,EAAE,kBAAkB,EAAE,MAAM,kBAAkB,CAAC;AACtD,OAAO,EAAE,mBAAmB,EAAE,MAAM,uBAAuB,CAAC;AAC5D,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAEzC,OAAO,EAAE,MAAM,EAAE,MAAM,WAAW,CAAC;AACnC,OAAO,EAAE,4BAA4B,EAAE,MAAM,wBAAwB,CAAC;AACtE,OAAO,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AAC9C,OAAO,EAAE,mCAAmC,EAAE,MAAM,2BAA2B,CAAC;AAEhF;;;GAGG;AACH,MAAM,OAAO,0BAA0B;IACrC,YACE,GAAyB,EACzB,UAA2B,EAC3B,kBAA6C,EAAE;;QAE/C,IAAI,CAAC,GAAG,GAAG,GAAG,CAAC;QAEf,IAAI,KAAa,CAAC;QAClB,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;YAC5B,KAAK,GAAG,GAAG,CAAC;QACd,CAAC;aAAM,CAAC;YACN,KAAK,GAAG,GAAG,CAAC,EAAG,CAAC;QAClB,CAAC;QAED,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,0BAA0B,CAAC,KAAK,CAAC,CAAC;YACjD,IAAI,MAAM,CAAC,IAAI,KAAK,EAAE,EAAE,CAAC;gBACvB,MAAM,IAAI,KAAK,CAAC,yCAAyC,CAAC,CAAC;YAC7D,CAAC;YAED,IAAI,CAAC,MAAM,CAAC,QAAQ,IAAI,MAAM,CAAC,QAAQ,KAAK,EAAE,EAAE,CAAC;gBAC/C,MAAM,IAAI,KAAK,CAAC,6CAA6C,CAAC,CAAC;YACjE,CAAC;YAED,IAAI,CAAC,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC;YAChC,IAAI,CAAC,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC;YACxB,IAAI,CAAC,OAAO,GAAG,MAAA,MAAM,CAAC,OAAO,mCAAI,EAAE,CAAC;YAEpC,IAAI,CAAC,MAAM,GAAG,qBAAqB,CAAC,IAAI,CAAC,QAAQ,EAAE,UAAU,EAAE,eAAe,CAAC,CAAC;QAClF,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAClB,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YAElB,MAAM,IAAI,KAAK,CAAC,GAAG,KAAK,kCAAkC,CAAC,CAAC;QAC9D,CAAC;IACH,CAAC;IAED,gEAAgE;IAChE,WAAW,CAAC,UAAkB,EAAE,UAAyC;QACvE,OAAO,IAAI,CAAC;IACd,CAAC;IAED,OAAO,CACL,iBAAoC,EACpC,UAA0B,EAAE;QAE5B,MAAM,EAAE,SAAS,EAAE,SAAS,KAAgB,iBAAiB,EAA5B,MAAM,UAAK,iBAAiB,EAAvD,0BAAmC,CAAoB,CAAC;QAC9D,MAAM,cAAc,mCAAQ,OAAO,GAAK,MAAM,CAAE,CAAC;QAEjD,OAAO,aAAa,CAAC,QAAQ,CAC3B,oCAAoC,EACpC,cAAc,EACd,KAAK,EAAE,cAAc,EAAE,EAAE;YACvB,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,OAAO,CACtC,IAAI,CAAC,IAAI,EACT,IAAI,CAAC,OAAO,EACZ;gBACE,SAAS;gBACT,KAAK,EAAE,SAAS;gBAChB,GAAG,EACD,6BAA6B,IAAI,iBAAiB;oBAChD,CAAC,CAAC,iBAAiB,CAAC,2BAA2B;oBAC/C,CAAC,CAAC,SAAS;gBACf,EAAE,EAAE,IAAI,IAAI,iBAAiB,CAAC,CAAC,CAAC,iBAAiB,CAAC,EAAE,CAAC,CAAC,CAAC,SAAS;aACjE,EACD,cAAc,CACf,CAAC;YAEF,OAAO;gBACL,SAAS,EAAE,iBAAiB,CAAC,SAAS;gBACtC,MAAM,EAAE,MAAM,CAAC,MAAO;gBACtB,KAAK,EAAE,IAAI,CAAC,QAAQ,EAAE;gBACtB,2BAA2B,EAAE,MAAM,CAAC,2BAA2B;gBAC/D,iBAAiB,EAAE,MAAM,CAAC,iBAAiB;gBAC3C,EAAE,EAAE,MAAM,CAAC,EAAE;aACd,CAAC;QACJ,CAAC,CACF,CAAC;IACJ,CAAC;IAED,OAAO,CACL,iBAAoC,EACpC,UAA0B,EAAE;QAE5B,MAAM,EAAE,SAAS,EAAE,UAAU,KAAgB,iBAAiB,EAA5B,MAAM,UAAK,iBAAiB,EAAxD,2BAAoC,CAAoB,CAAC;QAC/D,MAAM,cAAc,mCAAQ,OAAO,GAAK,MAAM,CAAE,CAAC;QAEjD,OAAO,aAAa,CAAC,QAAQ,CAC3B,oCAAoC,EACpC,cAAc,EACd,KAAK,EAAE,cAAc,EAAE,EAAE;YACvB,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,OAAO,CACtC,IAAI,CAAC,IAAI,EACT,IAAI,CAAC,OAAO,EACZ;gBACE,SAAS;gBACT,KAAK,EAAE,UAAU;gBACjB,GAAG,EACD,6BAA6B,IAAI,iBAAiB;oBAChD,CAAC,CAAC,iBAAiB,CAAC,2BAA2B;oBAC/C,CAAC,CAAC,SAAS;gBACf,EAAE,EAAE,IAAI,IAAI,iBAAiB,CAAC,CAAC,CAAC,iBAAiB,CAAC,EAAE,CAAC,CAAC,CAAC,SAAS;gBAChE,GAAG,EACD,mBAAmB,IAAI,iBAAiB;oBACtC,CAAC,CAAC,iBAAiB,CAAC,iBAAiB;oBACrC,CAAC,CAAC,SAAS;aAChB,EACD,cAAc,CACf,CAAC;YACF,OAAO;gBACL,MAAM,EAAE,MAAM,CAAC,MAAO;gBACtB,KAAK,EAAE,IAAI,CAAC,QAAQ,EAAE;gBACtB,SAAS;aACV,CAAC;QACJ,CAAC,CACF,CAAC;IACJ,CAAC;IAED,OAAO,CACL,SAA2B,EAC3B,SAAqB,EACrB,UAA0B,EAAE;QAE5B,OAAO,aAAa,CAAC,QAAQ,CAC3B,oCAAoC,EACpC,OAAO,EACP,KAAK,EAAE,cAAc,EAAE,EAAE;YACvB,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,OAAO,CACtC,IAAI,CAAC,IAAI,EACT,IAAI,CAAC,OAAO,EACZ;gBACE,SAAS;gBACT,KAAK,EAAE,SAAS;aACjB,EACD,cAAc,CACf,CAAC;YAEF,OAAO;gBACL,MAAM,EAAE,MAAM,CAAC,MAAO;gBACtB,SAAS;gBACT,KAAK,EAAE,IAAI,CAAC,QAAQ,EAAE;aACvB,CAAC;QACJ,CAAC,CACF,CAAC;IACJ,CAAC;IAED,SAAS,CACP,SAA2B,EAC3B,YAAwB,EACxB,UAA4B,EAAE;QAE9B,OAAO,aAAa,CAAC,QAAQ,CAC3B,sCAAsC,EACtC,OAAO,EACP,KAAK,EAAE,cAAc,EAAE,EAAE;YACvB,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,SAAS,CACxC,IAAI,CAAC,IAAI,EACT,IAAI,CAAC,OAAO,EACZ;gBACE,SAAS;gBACT,KAAK,EAAE,YAAY;aACpB,EACD,cAAc,CACf,CAAC;YAEF,OAAO;gBACL,MAAM,EAAE,MAAM,CAAC,MAAO;gBACtB,SAAS;gBACT,KAAK,EAAE,IAAI,CAAC,QAAQ,EAAE;aACvB,CAAC;QACJ,CAAC,CACF,CAAC;IACJ,CAAC;IAED,IAAI,CAAC,SAAiB,EAAE,MAAkB,EAAE,UAAuB,EAAE;QACnE,OAAO,aAAa,CAAC,QAAQ,CAC3B,iCAAiC,EACjC,OAAO,EACP,KAAK,EAAE,cAAc,EAAE,EAAE;YACvB,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,CACnC,IAAI,CAAC,IAAI,EACT,IAAI,CAAC,OAAO,EACZ;gBACE,SAAS;gBACT,KAAK,EAAE,MAAM;aACd,EACD,cAAc,CACf,CAAC;YAEF,OAAO,EAAE,MAAM,EAAE,MAAM,CAAC,MAAO,EAAE,SAAS,EAAE,KAAK,EAAE,IAAI,CAAC,QAAQ,EAAE,EAAE,CAAC;QACvE,CAAC,CACF,CAAC;IACJ,CAAC;IAED,UAAU,CACR,SAAiB,EACjB,IAAgB,EAChB,SAAqB,EACrB,UAAyB,EAAE;QAE3B,OAAO,aAAa,CAAC,QAAQ,CAC3B,uCAAuC,EACvC,OAAO,EACP,KAAK,EAAE,cAAc,EAAE,EAAE;YACvB,MAAM,IAAI,GAAG,MAAM,UAAU,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC;YAC/C,OAAO,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,IAAI,EAAE,SAAS,EAAE,cAAc,CAAC,CAAC;QACjE,CAAC,CACF,CAAC;IACJ,CAAC;IAED,MAAM,CACJ,SAAiB,EACjB,MAAkB,EAClB,SAAqB,EACrB,UAAyB,EAAE;QAE3B,OAAO,aAAa,CAAC,QAAQ,CAC3B,mCAAmC,EACnC,OAAO,EACP,KAAK,EAAE,cAAc,EAAE,EAAE;YACvB,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,MAAM,CACvC,IAAI,CAAC,IAAI,EACT,IAAI,CAAC,OAAO,EACZ;gBACE,SAAS;gBACT,MAAM;gBACN,SAAS;aACV,EACD,cAAc,CACf,CAAC;YACF,OAAO;gBACL,MAAM,EAAE,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK;gBAC/C,KAAK,EAAE,IAAI,CAAC,QAAQ,EAAE;aACvB,CAAC;QACJ,CAAC,CACF,CAAC;IACJ,CAAC;IAED,QAAQ,CAAC,SAAiB,EAAE,IAAgB,EAAE,UAAuB,EAAE;QACrE,OAAO,aAAa,CAAC,QAAQ,CAC3B,qCAAqC,EACrC,OAAO,EACP,KAAK,EAAE,cAAc,EAAE,EAAE;YACvB,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC;YACjD,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,CACnC,IAAI,CAAC,IAAI,EACT,IAAI,CAAC,OAAO,EACZ;gBACE,SAAS;gBACT,KAAK,EAAE,MAAM;aACd,EACD,cAAc,CACf,CAAC;YACF,OAAO,EAAE,MAAM,EAAE,MAAM,CAAC,MAAO,EAAE,SAAS,EAAE,KAAK,EAAE,IAAI,CAAC,QAAQ,EAAE,EAAE,CAAC;QACvE,CAAC,CACF,CAAC;IACJ,CAAC;IAOD;;OAEG;IACH,IAAI,KAAK;QACP,OAAO,IAAI,CAAC,QAAQ,EAAE,CAAC;IACzB,CAAC;IAED;;;;OAIG;IACH,MAAM,CAAC,UAAyB,EAAE;QAChC,OAAO,aAAa,CAAC,QAAQ,CAC3B,mCAAmC,EACnC,OAAO,EACP,KAAK,EAAE,cAAc,EAAE,EAAE;YACvB,IAAI,OAAO,IAAI,CAAC,GAAG,KAAK,QAAQ,EAAE,CAAC;gBACjC,IAAI,CAAC,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,IAAI,KAAK,EAAE,EAAE,CAAC;oBACnC,MAAM,IAAI,KAAK,CAAC,mCAAmC,CAAC,CAAC;gBACvD,CAAC;gBACD,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,MAAM,CACvC,IAAI,CAAC,IAAI,EACT,OAAO,IAAI,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAC/E,cAAc,CACf,CAAC;gBACF,IAAI,CAAC,GAAG,GAAG,mBAAmB,CAAC,QAAQ,CAAC,CAAC;YAC3C,CAAC;YACD,OAAO,IAAI,CAAC,GAAG,CAAC;QAClB,CAAC,CACF,CAAC;IACJ,CAAC;IAwBD;;OAEG;IACK,QAAQ;QACd,IAAI,GAAG,CAAC;QACR,IAAI,OAAO,IAAI,CAAC,GAAG,KAAK,QAAQ,EAAE,CAAC;YACjC,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;QACpB,CAAC;aAAM,CAAC;YACN,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC;QACjB,CAAC;QAED,OAAO,GAAG,CAAC;IACb,CAAC;CACF;AAED;;;;;;;;GAQG;AACH,SAAS,qBAAqB,CAC5B,QAAgB,EAChB,UAA2B,EAC3B,OAAyE;IAEzE,IAAI,OAAO,CAAC,eAAe,EAAE,CAAC;QAC5B,OAAO,OAAO,CAAC,eAAe,CAAC;IACjC,CAAC;IAED,MAAM,OAAO,GAAG,0BAA0B,WAAW,EAAE,CAAC;IAExD,MAAM,gBAAgB,GAAG,OAAO,CAAC,gBAAgB,CAAC;IAElD,OAAO,CAAC,gBAAgB,GAAG;QACzB,eAAe,EACb,gBAAgB,IAAI,gBAAgB,CAAC,eAAe;YAClD,CAAC,CAAC,GAAG,gBAAgB,CAAC,eAAe,IAAI,OAAO,EAAE;YAClD,CAAC,CAAC,OAAO;KACd,CAAC;IAEF,MAAM,uBAAuB,mCACxB,OAAO,KACV,UAAU,EAAE,OAAO,CAAC,cAAc,IAAI,kBAAkB,EACxD,cAAc,EAAE;YACd,MAAM,EAAE,MAAM,CAAC,IAAI;YACnB,4BAA4B,EAAE;gBAC5B,sBAAsB;gBACtB,4BAA4B;gBAC5B,+BAA+B;aAChC;SACF,GACF,CAAC;IAEF,MAAM,MAAM,GAAG,IAAI,cAAc,CAAC,QAAQ,EAAE,UAAU,EAAE,uBAAuB,CAAC,CAAC;IAEjF,MAAM,CAAC,QAAQ,CAAC,YAAY,CAAC,EAAE,IAAI,EAAE,mCAAmC,EAAE,CAAC,CAAC;IAC5E,MAAM,CAAC,QAAQ,CAAC,SAAS,CAAC,4BAA4B,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC,CAAC;IAC7E,yEAAyE;IACzE,MAAM,CAAC,QAAQ,CAAC,SAAS,CAAC;QACxB,IAAI,EAAE,mBAAmB;QACzB,WAAW,CAAC,OAAO,EAAE,IAAI;;YACvB,MAAM,WAAW,GAAG,MAAA,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,mCAAI,EAAE,CAAC;YAC9D,IAAI,WAAW,CAAC,UAAU,CAAC,kBAAkB,CAAC,EAAE,CAAC;gBAC/C,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,EAAE,kBAAkB,CAAC,CAAC;YAC1D,CAAC;YACD,OAAO,IAAI,CAAC,OAAO,CAAC,CAAC;QACvB,CAAC;KACF,CAAC,CAAC;IAEH,OAAO,MAAM,CAAC;AAChB,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { TokenCredential } from \"@azure/core-auth\";\n\nimport type {\n DecryptOptions,\n DecryptParameters,\n DecryptResult,\n EncryptOptions,\n EncryptParameters,\n EncryptResult,\n KeyWrapAlgorithm,\n SignOptions,\n SignResult,\n UnwrapKeyOptions,\n VerifyOptions,\n VerifyResult,\n WrapKeyOptions,\n WrapResult,\n} from \"../cryptographyClientModels.js\";\nimport { SDK_VERSION } from \"../constants.js\";\nimport type { UnwrapResult } from \"../cryptographyClientModels.js\";\nimport type { KeyVaultClientOptionalParams } from \"../generated/src/index.js\";\nimport { KeyVaultClient } from \"../generated/src/index.js\";\nimport { parseKeyVaultKeyIdentifier } from \"../identifier.js\";\nimport type { CryptographyClientOptions, GetKeyOptions, KeyVaultKey } from \"../keysModels.js\";\nimport { LATEST_API_VERSION } from \"../keysModels.js\";\nimport { getKeyFromKeyBundle } from \"../transformations.js\";\nimport { createHash } from \"./crypto.js\";\nimport type { CryptographyProvider, CryptographyProviderOperation } from \"./models.js\";\nimport { logger } from \"../log.js\";\nimport { keyVaultAuthenticationPolicy } from \"@azure/keyvault-common\";\nimport { tracingClient } from \"../tracing.js\";\nimport { bearerTokenAuthenticationPolicyName } from \"@azure/core-rest-pipeline\";\n\n/**\n * The remote cryptography provider is used to run crypto operations against KeyVault.\n * @internal\n */\nexport class RemoteCryptographyProvider implements CryptographyProvider {\n constructor(\n key: string | KeyVaultKey,\n credential: TokenCredential,\n pipelineOptions: CryptographyClientOptions = {},\n ) {\n this.key = key;\n\n let keyId: string;\n if (typeof key === \"string\") {\n keyId = key;\n } else {\n keyId = key.id!;\n }\n\n try {\n const parsed = parseKeyVaultKeyIdentifier(keyId);\n if (parsed.name === \"\") {\n throw new Error(\"Could not find 'name' of key in key URL\");\n }\n\n if (!parsed.vaultUrl || parsed.vaultUrl === \"\") {\n throw new Error(\"Could not find 'vaultUrl' of key in key URL\");\n }\n\n this.vaultUrl = parsed.vaultUrl;\n this.name = parsed.name;\n this.version = parsed.version ?? \"\";\n\n this.client = getOrInitializeClient(this.vaultUrl, credential, pipelineOptions);\n } catch (err: any) {\n logger.error(err);\n\n throw new Error(`${keyId} is not a valid Key Vault key ID`);\n }\n }\n\n // The remote client supports all algorithms and all operations.\n isSupported(_algorithm: string, _operation: CryptographyProviderOperation): boolean {\n return true;\n }\n\n encrypt(\n encryptParameters: EncryptParameters,\n options: EncryptOptions = {},\n ): Promise<EncryptResult> {\n const { algorithm, plaintext, ...params } = encryptParameters;\n const requestOptions = { ...options, ...params };\n\n return tracingClient.withSpan(\n \"RemoteCryptographyProvider.encrypt\",\n requestOptions,\n async (updatedOptions) => {\n const result = await this.client.encrypt(\n this.name,\n this.version,\n {\n algorithm,\n value: plaintext,\n aad:\n \"additionalAuthenticatedData\" in encryptParameters\n ? encryptParameters.additionalAuthenticatedData\n : undefined,\n iv: \"iv\" in encryptParameters ? encryptParameters.iv : undefined,\n },\n updatedOptions,\n );\n\n return {\n algorithm: encryptParameters.algorithm,\n result: result.result!,\n keyID: this.getKeyID(),\n additionalAuthenticatedData: result.additionalAuthenticatedData,\n authenticationTag: result.authenticationTag,\n iv: result.iv,\n };\n },\n );\n }\n\n decrypt(\n decryptParameters: DecryptParameters,\n options: DecryptOptions = {},\n ): Promise<DecryptResult> {\n const { algorithm, ciphertext, ...params } = decryptParameters;\n const requestOptions = { ...options, ...params };\n\n return tracingClient.withSpan(\n \"RemoteCryptographyProvider.decrypt\",\n requestOptions,\n async (updatedOptions) => {\n const result = await this.client.decrypt(\n this.name,\n this.version,\n {\n algorithm,\n value: ciphertext,\n aad:\n \"additionalAuthenticatedData\" in decryptParameters\n ? decryptParameters.additionalAuthenticatedData\n : undefined,\n iv: \"iv\" in decryptParameters ? decryptParameters.iv : undefined,\n tag:\n \"authenticationTag\" in decryptParameters\n ? decryptParameters.authenticationTag\n : undefined,\n },\n updatedOptions,\n );\n return {\n result: result.result!,\n keyID: this.getKeyID(),\n algorithm,\n };\n },\n );\n }\n\n wrapKey(\n algorithm: KeyWrapAlgorithm,\n keyToWrap: Uint8Array,\n options: WrapKeyOptions = {},\n ): Promise<WrapResult> {\n return tracingClient.withSpan(\n \"RemoteCryptographyProvider.wrapKey\",\n options,\n async (updatedOptions) => {\n const result = await this.client.wrapKey(\n this.name,\n this.version,\n {\n algorithm,\n value: keyToWrap,\n },\n updatedOptions,\n );\n\n return {\n result: result.result!,\n algorithm,\n keyID: this.getKeyID(),\n };\n },\n );\n }\n\n unwrapKey(\n algorithm: KeyWrapAlgorithm,\n encryptedKey: Uint8Array,\n options: UnwrapKeyOptions = {},\n ): Promise<UnwrapResult> {\n return tracingClient.withSpan(\n \"RemoteCryptographyProvider.unwrapKey\",\n options,\n async (updatedOptions) => {\n const result = await this.client.unwrapKey(\n this.name,\n this.version,\n {\n algorithm,\n value: encryptedKey,\n },\n updatedOptions,\n );\n\n return {\n result: result.result!,\n algorithm,\n keyID: this.getKeyID(),\n };\n },\n );\n }\n\n sign(algorithm: string, digest: Uint8Array, options: SignOptions = {}): Promise<SignResult> {\n return tracingClient.withSpan(\n \"RemoteCryptographyProvider.sign\",\n options,\n async (updatedOptions) => {\n const result = await this.client.sign(\n this.name,\n this.version,\n {\n algorithm,\n value: digest,\n },\n updatedOptions,\n );\n\n return { result: result.result!, algorithm, keyID: this.getKeyID() };\n },\n );\n }\n\n verifyData(\n algorithm: string,\n data: Uint8Array,\n signature: Uint8Array,\n options: VerifyOptions = {},\n ): Promise<VerifyResult> {\n return tracingClient.withSpan(\n \"RemoteCryptographyProvider.verifyData\",\n options,\n async (updatedOptions) => {\n const hash = await createHash(algorithm, data);\n return this.verify(algorithm, hash, signature, updatedOptions);\n },\n );\n }\n\n verify(\n algorithm: string,\n digest: Uint8Array,\n signature: Uint8Array,\n options: VerifyOptions = {},\n ): Promise<VerifyResult> {\n return tracingClient.withSpan(\n \"RemoteCryptographyProvider.verify\",\n options,\n async (updatedOptions) => {\n const response = await this.client.verify(\n this.name,\n this.version,\n {\n algorithm,\n digest,\n signature,\n },\n updatedOptions,\n );\n return {\n result: response.value ? response.value : false,\n keyID: this.getKeyID(),\n };\n },\n );\n }\n\n signData(algorithm: string, data: Uint8Array, options: SignOptions = {}): Promise<SignResult> {\n return tracingClient.withSpan(\n \"RemoteCryptographyProvider.signData\",\n options,\n async (updatedOptions) => {\n const digest = await createHash(algorithm, data);\n const result = await this.client.sign(\n this.name,\n this.version,\n {\n algorithm,\n value: digest,\n },\n updatedOptions,\n );\n return { result: result.result!, algorithm, keyID: this.getKeyID() };\n },\n );\n }\n\n /**\n * The base URL to the vault.\n */\n readonly vaultUrl: string;\n\n /**\n * The ID of the key used to perform cryptographic operations for the client.\n */\n get keyId(): string | undefined {\n return this.getKeyID();\n }\n\n /**\n * Gets the {@link KeyVaultKey} used for cryptography operations, fetching it\n * from KeyVault if necessary.\n * @param options - Additional options.\n */\n getKey(options: GetKeyOptions = {}): Promise<KeyVaultKey> {\n return tracingClient.withSpan(\n \"RemoteCryptographyProvider.getKey\",\n options,\n async (updatedOptions) => {\n if (typeof this.key === \"string\") {\n if (!this.name || this.name === \"\") {\n throw new Error(\"getKey requires a key with a name\");\n }\n const response = await this.client.getKey(\n this.name,\n options && options.version ? options.version : this.version ? this.version : \"\",\n updatedOptions,\n );\n this.key = getKeyFromKeyBundle(response);\n }\n return this.key;\n },\n );\n }\n\n /**\n * A reference to the auto-generated KeyVault HTTP client.\n */\n private client: KeyVaultClient;\n\n /**\n * A reference to the key used for the cryptographic operations.\n * Based on what was provided to the CryptographyClient constructor,\n * it can be either a string with the URL of a Key Vault Key, or an already parsed {@link KeyVaultKey}.\n */\n private key: string | KeyVaultKey;\n\n /**\n * Name of the key the client represents\n */\n private name: string;\n\n /**\n * Version of the key the client represents\n */\n private version: string;\n\n /**\n * Attempts to retrieve the ID of the key.\n */\n private getKeyID(): string | undefined {\n let kid;\n if (typeof this.key !== \"string\") {\n kid = this.key.id;\n } else {\n kid = this.key;\n }\n\n return kid;\n }\n}\n\n/**\n * A helper method to either get the passed down generated client or initialize a new one.\n * An already constructed generated client may be passed down from {@link KeyClient} in which case we should reuse it.\n *\n * @internal\n * @param credential - The credential to use when initializing a new client.\n * @param options - The options for constructing a client or the underlying client if one already exists.\n * @returns - A generated client instance\n */\nfunction getOrInitializeClient(\n vaultUrl: string,\n credential: TokenCredential,\n options: CryptographyClientOptions & { generatedClient?: KeyVaultClient },\n): KeyVaultClient {\n if (options.generatedClient) {\n return options.generatedClient;\n }\n\n const libInfo = `azsdk-js-keyvault-keys/${SDK_VERSION}`;\n\n const userAgentOptions = options.userAgentOptions;\n\n options.userAgentOptions = {\n userAgentPrefix:\n userAgentOptions && userAgentOptions.userAgentPrefix\n ? `${userAgentOptions.userAgentPrefix} ${libInfo}`\n : libInfo,\n };\n\n const internalPipelineOptions: KeyVaultClientOptionalParams = {\n ...options,\n apiVersion: options.serviceVersion || LATEST_API_VERSION,\n loggingOptions: {\n logger: logger.info,\n additionalAllowedHeaderNames: [\n \"x-ms-keyvault-region\",\n \"x-ms-keyvault-network-info\",\n \"x-ms-keyvault-service-version\",\n ],\n },\n };\n\n const client = new KeyVaultClient(vaultUrl, credential, internalPipelineOptions);\n\n client.pipeline.removePolicy({ name: bearerTokenAuthenticationPolicyName });\n client.pipeline.addPolicy(keyVaultAuthenticationPolicy(credential, options));\n // Workaround for: https://github.com/Azure/azure-sdk-for-js/issues/31843\n client.pipeline.addPolicy({\n name: \"ContentTypePolicy\",\n sendRequest(request, next) {\n const contentType = request.headers.get(\"Content-Type\") ?? \"\";\n if (contentType.startsWith(\"application/json\")) {\n request.headers.set(\"Content-Type\", \"application/json\");\n }\n return next(request);\n },\n });\n\n return client;\n}\n"]}
1
+ {"version":3,"file":"remoteCryptographyProvider.js","sourceRoot":"","sources":["../../../src/cryptography/remoteCryptographyProvider.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAoBlC,OAAO,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAG9C,OAAO,EAAE,cAAc,EAAE,MAAM,2BAA2B,CAAC;AAC3D,OAAO,EAAE,0BAA0B,EAAE,MAAM,kBAAkB,CAAC;AAE9D,OAAO,EAAE,kBAAkB,EAAE,MAAM,kBAAkB,CAAC;AACtD,OAAO,EAAE,mBAAmB,EAAE,MAAM,uBAAuB,CAAC;AAC5D,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAEzC,OAAO,EAAE,MAAM,EAAE,MAAM,WAAW,CAAC;AACnC,OAAO,EAAE,4BAA4B,EAAE,MAAM,wBAAwB,CAAC;AACtE,OAAO,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AAC9C,OAAO,EAAE,mCAAmC,EAAE,MAAM,2BAA2B,CAAC;AAEhF;;;GAGG;AACH,MAAM,OAAO,0BAA0B;IACrC,YACE,GAAyB,EACzB,UAA2B,EAC3B,kBAA6C,EAAE;QAE/C,IAAI,CAAC,GAAG,GAAG,GAAG,CAAC;QAEf,IAAI,KAAa,CAAC;QAClB,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;YAC5B,KAAK,GAAG,GAAG,CAAC;QACd,CAAC;aAAM,CAAC;YACN,KAAK,GAAG,GAAG,CAAC,EAAG,CAAC;QAClB,CAAC;QAED,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,0BAA0B,CAAC,KAAK,CAAC,CAAC;YACjD,IAAI,MAAM,CAAC,IAAI,KAAK,EAAE,EAAE,CAAC;gBACvB,MAAM,IAAI,KAAK,CAAC,yCAAyC,CAAC,CAAC;YAC7D,CAAC;YAED,IAAI,CAAC,MAAM,CAAC,QAAQ,IAAI,MAAM,CAAC,QAAQ,KAAK,EAAE,EAAE,CAAC;gBAC/C,MAAM,IAAI,KAAK,CAAC,6CAA6C,CAAC,CAAC;YACjE,CAAC;YAED,IAAI,CAAC,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC;YAChC,IAAI,CAAC,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC;YACxB,IAAI,CAAC,OAAO,GAAG,MAAM,CAAC,OAAO,IAAI,EAAE,CAAC;YAEpC,IAAI,CAAC,MAAM,GAAG,qBAAqB,CAAC,IAAI,CAAC,QAAQ,EAAE,UAAU,EAAE,eAAe,CAAC,CAAC;QAClF,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAClB,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YAElB,MAAM,IAAI,KAAK,CAAC,GAAG,KAAK,kCAAkC,CAAC,CAAC;QAC9D,CAAC;IACH,CAAC;IAED,gEAAgE;IAChE,WAAW,CAAC,UAAkB,EAAE,UAAyC;QACvE,OAAO,IAAI,CAAC;IACd,CAAC;IAED,OAAO,CACL,iBAAoC,EACpC,UAA0B,EAAE;QAE5B,MAAM,EAAE,SAAS,EAAE,SAAS,EAAE,GAAG,MAAM,EAAE,GAAG,iBAAiB,CAAC;QAC9D,MAAM,cAAc,GAAG,EAAE,GAAG,OAAO,EAAE,GAAG,MAAM,EAAE,CAAC;QAEjD,OAAO,aAAa,CAAC,QAAQ,CAC3B,oCAAoC,EACpC,cAAc,EACd,KAAK,EAAE,cAAc,EAAE,EAAE;YACvB,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,OAAO,CACtC,IAAI,CAAC,IAAI,EACT,IAAI,CAAC,OAAO,EACZ;gBACE,SAAS;gBACT,KAAK,EAAE,SAAS;gBAChB,GAAG,EACD,6BAA6B,IAAI,iBAAiB;oBAChD,CAAC,CAAC,iBAAiB,CAAC,2BAA2B;oBAC/C,CAAC,CAAC,SAAS;gBACf,EAAE,EAAE,IAAI,IAAI,iBAAiB,CAAC,CAAC,CAAC,iBAAiB,CAAC,EAAE,CAAC,CAAC,CAAC,SAAS;aACjE,EACD,cAAc,CACf,CAAC;YAEF,OAAO;gBACL,SAAS,EAAE,iBAAiB,CAAC,SAAS;gBACtC,MAAM,EAAE,MAAM,CAAC,MAAO;gBACtB,KAAK,EAAE,IAAI,CAAC,QAAQ,EAAE;gBACtB,2BAA2B,EAAE,MAAM,CAAC,2BAA2B;gBAC/D,iBAAiB,EAAE,MAAM,CAAC,iBAAiB;gBAC3C,EAAE,EAAE,MAAM,CAAC,EAAE;aACd,CAAC;QACJ,CAAC,CACF,CAAC;IACJ,CAAC;IAED,OAAO,CACL,iBAAoC,EACpC,UAA0B,EAAE;QAE5B,MAAM,EAAE,SAAS,EAAE,UAAU,EAAE,GAAG,MAAM,EAAE,GAAG,iBAAiB,CAAC;QAC/D,MAAM,cAAc,GAAG,EAAE,GAAG,OAAO,EAAE,GAAG,MAAM,EAAE,CAAC;QAEjD,OAAO,aAAa,CAAC,QAAQ,CAC3B,oCAAoC,EACpC,cAAc,EACd,KAAK,EAAE,cAAc,EAAE,EAAE;YACvB,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,OAAO,CACtC,IAAI,CAAC,IAAI,EACT,IAAI,CAAC,OAAO,EACZ;gBACE,SAAS;gBACT,KAAK,EAAE,UAAU;gBACjB,GAAG,EACD,6BAA6B,IAAI,iBAAiB;oBAChD,CAAC,CAAC,iBAAiB,CAAC,2BAA2B;oBAC/C,CAAC,CAAC,SAAS;gBACf,EAAE,EAAE,IAAI,IAAI,iBAAiB,CAAC,CAAC,CAAC,iBAAiB,CAAC,EAAE,CAAC,CAAC,CAAC,SAAS;gBAChE,GAAG,EACD,mBAAmB,IAAI,iBAAiB;oBACtC,CAAC,CAAC,iBAAiB,CAAC,iBAAiB;oBACrC,CAAC,CAAC,SAAS;aAChB,EACD,cAAc,CACf,CAAC;YACF,OAAO;gBACL,MAAM,EAAE,MAAM,CAAC,MAAO;gBACtB,KAAK,EAAE,IAAI,CAAC,QAAQ,EAAE;gBACtB,SAAS;aACV,CAAC;QACJ,CAAC,CACF,CAAC;IACJ,CAAC;IAED,OAAO,CACL,SAA2B,EAC3B,SAAqB,EACrB,UAA0B,EAAE;QAE5B,OAAO,aAAa,CAAC,QAAQ,CAC3B,oCAAoC,EACpC,OAAO,EACP,KAAK,EAAE,cAAc,EAAE,EAAE;YACvB,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,OAAO,CACtC,IAAI,CAAC,IAAI,EACT,IAAI,CAAC,OAAO,EACZ;gBACE,SAAS;gBACT,KAAK,EAAE,SAAS;aACjB,EACD,cAAc,CACf,CAAC;YAEF,OAAO;gBACL,MAAM,EAAE,MAAM,CAAC,MAAO;gBACtB,SAAS;gBACT,KAAK,EAAE,IAAI,CAAC,QAAQ,EAAE;aACvB,CAAC;QACJ,CAAC,CACF,CAAC;IACJ,CAAC;IAED,SAAS,CACP,SAA2B,EAC3B,YAAwB,EACxB,UAA4B,EAAE;QAE9B,OAAO,aAAa,CAAC,QAAQ,CAC3B,sCAAsC,EACtC,OAAO,EACP,KAAK,EAAE,cAAc,EAAE,EAAE;YACvB,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,SAAS,CACxC,IAAI,CAAC,IAAI,EACT,IAAI,CAAC,OAAO,EACZ;gBACE,SAAS;gBACT,KAAK,EAAE,YAAY;aACpB,EACD,cAAc,CACf,CAAC;YAEF,OAAO;gBACL,MAAM,EAAE,MAAM,CAAC,MAAO;gBACtB,SAAS;gBACT,KAAK,EAAE,IAAI,CAAC,QAAQ,EAAE;aACvB,CAAC;QACJ,CAAC,CACF,CAAC;IACJ,CAAC;IAED,IAAI,CAAC,SAAiB,EAAE,MAAkB,EAAE,UAAuB,EAAE;QACnE,OAAO,aAAa,CAAC,QAAQ,CAC3B,iCAAiC,EACjC,OAAO,EACP,KAAK,EAAE,cAAc,EAAE,EAAE;YACvB,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,CACnC,IAAI,CAAC,IAAI,EACT,IAAI,CAAC,OAAO,EACZ;gBACE,SAAS;gBACT,KAAK,EAAE,MAAM;aACd,EACD,cAAc,CACf,CAAC;YAEF,OAAO,EAAE,MAAM,EAAE,MAAM,CAAC,MAAO,EAAE,SAAS,EAAE,KAAK,EAAE,IAAI,CAAC,QAAQ,EAAE,EAAE,CAAC;QACvE,CAAC,CACF,CAAC;IACJ,CAAC;IAED,UAAU,CACR,SAAiB,EACjB,IAAgB,EAChB,SAAqB,EACrB,UAAyB,EAAE;QAE3B,OAAO,aAAa,CAAC,QAAQ,CAC3B,uCAAuC,EACvC,OAAO,EACP,KAAK,EAAE,cAAc,EAAE,EAAE;YACvB,MAAM,IAAI,GAAG,MAAM,UAAU,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC;YAC/C,OAAO,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,IAAI,EAAE,SAAS,EAAE,cAAc,CAAC,CAAC;QACjE,CAAC,CACF,CAAC;IACJ,CAAC;IAED,MAAM,CACJ,SAAiB,EACjB,MAAkB,EAClB,SAAqB,EACrB,UAAyB,EAAE;QAE3B,OAAO,aAAa,CAAC,QAAQ,CAC3B,mCAAmC,EACnC,OAAO,EACP,KAAK,EAAE,cAAc,EAAE,EAAE;YACvB,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,MAAM,CACvC,IAAI,CAAC,IAAI,EACT,IAAI,CAAC,OAAO,EACZ;gBACE,SAAS;gBACT,MAAM;gBACN,SAAS;aACV,EACD,cAAc,CACf,CAAC;YACF,OAAO;gBACL,MAAM,EAAE,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK;gBAC/C,KAAK,EAAE,IAAI,CAAC,QAAQ,EAAE;aACvB,CAAC;QACJ,CAAC,CACF,CAAC;IACJ,CAAC;IAED,QAAQ,CAAC,SAAiB,EAAE,IAAgB,EAAE,UAAuB,EAAE;QACrE,OAAO,aAAa,CAAC,QAAQ,CAC3B,qCAAqC,EACrC,OAAO,EACP,KAAK,EAAE,cAAc,EAAE,EAAE;YACvB,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC;YACjD,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,CACnC,IAAI,CAAC,IAAI,EACT,IAAI,CAAC,OAAO,EACZ;gBACE,SAAS;gBACT,KAAK,EAAE,MAAM;aACd,EACD,cAAc,CACf,CAAC;YACF,OAAO,EAAE,MAAM,EAAE,MAAM,CAAC,MAAO,EAAE,SAAS,EAAE,KAAK,EAAE,IAAI,CAAC,QAAQ,EAAE,EAAE,CAAC;QACvE,CAAC,CACF,CAAC;IACJ,CAAC;IAED;;OAEG;IACM,QAAQ,CAAS;IAE1B;;OAEG;IACH,IAAI,KAAK;QACP,OAAO,IAAI,CAAC,QAAQ,EAAE,CAAC;IACzB,CAAC;IAED;;;;OAIG;IACH,MAAM,CAAC,UAAyB,EAAE;QAChC,OAAO,aAAa,CAAC,QAAQ,CAC3B,mCAAmC,EACnC,OAAO,EACP,KAAK,EAAE,cAAc,EAAE,EAAE;YACvB,IAAI,OAAO,IAAI,CAAC,GAAG,KAAK,QAAQ,EAAE,CAAC;gBACjC,IAAI,CAAC,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,IAAI,KAAK,EAAE,EAAE,CAAC;oBACnC,MAAM,IAAI,KAAK,CAAC,mCAAmC,CAAC,CAAC;gBACvD,CAAC;gBACD,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,MAAM,CACvC,IAAI,CAAC,IAAI,EACT,OAAO,IAAI,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAC/E,cAAc,CACf,CAAC;gBACF,IAAI,CAAC,GAAG,GAAG,mBAAmB,CAAC,QAAQ,CAAC,CAAC;YAC3C,CAAC;YACD,OAAO,IAAI,CAAC,GAAG,CAAC;QAClB,CAAC,CACF,CAAC;IACJ,CAAC;IAED;;OAEG;IACK,MAAM,CAAiB;IAE/B;;;;OAIG;IACK,GAAG,CAAuB;IAElC;;OAEG;IACK,IAAI,CAAS;IAErB;;OAEG;IACK,OAAO,CAAS;IAExB;;OAEG;IACK,QAAQ;QACd,IAAI,GAAG,CAAC;QACR,IAAI,OAAO,IAAI,CAAC,GAAG,KAAK,QAAQ,EAAE,CAAC;YACjC,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;QACpB,CAAC;aAAM,CAAC;YACN,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC;QACjB,CAAC;QAED,OAAO,GAAG,CAAC;IACb,CAAC;CACF;AAED;;;;;;;;GAQG;AACH,SAAS,qBAAqB,CAC5B,QAAgB,EAChB,UAA2B,EAC3B,OAAyE;IAEzE,IAAI,OAAO,CAAC,eAAe,EAAE,CAAC;QAC5B,OAAO,OAAO,CAAC,eAAe,CAAC;IACjC,CAAC;IAED,MAAM,OAAO,GAAG,0BAA0B,WAAW,EAAE,CAAC;IAExD,MAAM,gBAAgB,GAAG,OAAO,CAAC,gBAAgB,CAAC;IAElD,OAAO,CAAC,gBAAgB,GAAG;QACzB,eAAe,EACb,gBAAgB,IAAI,gBAAgB,CAAC,eAAe;YAClD,CAAC,CAAC,GAAG,gBAAgB,CAAC,eAAe,IAAI,OAAO,EAAE;YAClD,CAAC,CAAC,OAAO;KACd,CAAC;IAEF,MAAM,uBAAuB,GAAiC;QAC5D,GAAG,OAAO;QACV,UAAU,EAAE,OAAO,CAAC,cAAc,IAAI,kBAAkB;QACxD,cAAc,EAAE;YACd,MAAM,EAAE,MAAM,CAAC,IAAI;YACnB,4BAA4B,EAAE;gBAC5B,sBAAsB;gBACtB,4BAA4B;gBAC5B,+BAA+B;aAChC;SACF;KACF,CAAC;IAEF,MAAM,MAAM,GAAG,IAAI,cAAc,CAAC,QAAQ,EAAE,UAAU,EAAE,uBAAuB,CAAC,CAAC;IAEjF,MAAM,CAAC,QAAQ,CAAC,YAAY,CAAC,EAAE,IAAI,EAAE,mCAAmC,EAAE,CAAC,CAAC;IAC5E,MAAM,CAAC,QAAQ,CAAC,SAAS,CAAC,4BAA4B,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC,CAAC;IAC7E,yEAAyE;IACzE,MAAM,CAAC,QAAQ,CAAC,SAAS,CAAC;QACxB,IAAI,EAAE,mBAAmB;QACzB,WAAW,CAAC,OAAO,EAAE,IAAI;YACvB,MAAM,WAAW,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,IAAI,EAAE,CAAC;YAC9D,IAAI,WAAW,CAAC,UAAU,CAAC,kBAAkB,CAAC,EAAE,CAAC;gBAC/C,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,EAAE,kBAAkB,CAAC,CAAC;YAC1D,CAAC;YACD,OAAO,IAAI,CAAC,OAAO,CAAC,CAAC;QACvB,CAAC;KACF,CAAC,CAAC;IAEH,OAAO,MAAM,CAAC;AAChB,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { TokenCredential } from \"@azure/core-auth\";\n\nimport type {\n DecryptOptions,\n DecryptParameters,\n DecryptResult,\n EncryptOptions,\n EncryptParameters,\n EncryptResult,\n KeyWrapAlgorithm,\n SignOptions,\n SignResult,\n UnwrapKeyOptions,\n VerifyOptions,\n VerifyResult,\n WrapKeyOptions,\n WrapResult,\n} from \"../cryptographyClientModels.js\";\nimport { SDK_VERSION } from \"../constants.js\";\nimport type { UnwrapResult } from \"../cryptographyClientModels.js\";\nimport type { KeyVaultClientOptionalParams } from \"../generated/src/index.js\";\nimport { KeyVaultClient } from \"../generated/src/index.js\";\nimport { parseKeyVaultKeyIdentifier } from \"../identifier.js\";\nimport type { CryptographyClientOptions, GetKeyOptions, KeyVaultKey } from \"../keysModels.js\";\nimport { LATEST_API_VERSION } from \"../keysModels.js\";\nimport { getKeyFromKeyBundle } from \"../transformations.js\";\nimport { createHash } from \"./crypto.js\";\nimport type { CryptographyProvider, CryptographyProviderOperation } from \"./models.js\";\nimport { logger } from \"../log.js\";\nimport { keyVaultAuthenticationPolicy } from \"@azure/keyvault-common\";\nimport { tracingClient } from \"../tracing.js\";\nimport { bearerTokenAuthenticationPolicyName } from \"@azure/core-rest-pipeline\";\n\n/**\n * The remote cryptography provider is used to run crypto operations against KeyVault.\n * @internal\n */\nexport class RemoteCryptographyProvider implements CryptographyProvider {\n constructor(\n key: string | KeyVaultKey,\n credential: TokenCredential,\n pipelineOptions: CryptographyClientOptions = {},\n ) {\n this.key = key;\n\n let keyId: string;\n if (typeof key === \"string\") {\n keyId = key;\n } else {\n keyId = key.id!;\n }\n\n try {\n const parsed = parseKeyVaultKeyIdentifier(keyId);\n if (parsed.name === \"\") {\n throw new Error(\"Could not find 'name' of key in key URL\");\n }\n\n if (!parsed.vaultUrl || parsed.vaultUrl === \"\") {\n throw new Error(\"Could not find 'vaultUrl' of key in key URL\");\n }\n\n this.vaultUrl = parsed.vaultUrl;\n this.name = parsed.name;\n this.version = parsed.version ?? \"\";\n\n this.client = getOrInitializeClient(this.vaultUrl, credential, pipelineOptions);\n } catch (err: any) {\n logger.error(err);\n\n throw new Error(`${keyId} is not a valid Key Vault key ID`);\n }\n }\n\n // The remote client supports all algorithms and all operations.\n isSupported(_algorithm: string, _operation: CryptographyProviderOperation): boolean {\n return true;\n }\n\n encrypt(\n encryptParameters: EncryptParameters,\n options: EncryptOptions = {},\n ): Promise<EncryptResult> {\n const { algorithm, plaintext, ...params } = encryptParameters;\n const requestOptions = { ...options, ...params };\n\n return tracingClient.withSpan(\n \"RemoteCryptographyProvider.encrypt\",\n requestOptions,\n async (updatedOptions) => {\n const result = await this.client.encrypt(\n this.name,\n this.version,\n {\n algorithm,\n value: plaintext,\n aad:\n \"additionalAuthenticatedData\" in encryptParameters\n ? encryptParameters.additionalAuthenticatedData\n : undefined,\n iv: \"iv\" in encryptParameters ? encryptParameters.iv : undefined,\n },\n updatedOptions,\n );\n\n return {\n algorithm: encryptParameters.algorithm,\n result: result.result!,\n keyID: this.getKeyID(),\n additionalAuthenticatedData: result.additionalAuthenticatedData,\n authenticationTag: result.authenticationTag,\n iv: result.iv,\n };\n },\n );\n }\n\n decrypt(\n decryptParameters: DecryptParameters,\n options: DecryptOptions = {},\n ): Promise<DecryptResult> {\n const { algorithm, ciphertext, ...params } = decryptParameters;\n const requestOptions = { ...options, ...params };\n\n return tracingClient.withSpan(\n \"RemoteCryptographyProvider.decrypt\",\n requestOptions,\n async (updatedOptions) => {\n const result = await this.client.decrypt(\n this.name,\n this.version,\n {\n algorithm,\n value: ciphertext,\n aad:\n \"additionalAuthenticatedData\" in decryptParameters\n ? decryptParameters.additionalAuthenticatedData\n : undefined,\n iv: \"iv\" in decryptParameters ? decryptParameters.iv : undefined,\n tag:\n \"authenticationTag\" in decryptParameters\n ? decryptParameters.authenticationTag\n : undefined,\n },\n updatedOptions,\n );\n return {\n result: result.result!,\n keyID: this.getKeyID(),\n algorithm,\n };\n },\n );\n }\n\n wrapKey(\n algorithm: KeyWrapAlgorithm,\n keyToWrap: Uint8Array,\n options: WrapKeyOptions = {},\n ): Promise<WrapResult> {\n return tracingClient.withSpan(\n \"RemoteCryptographyProvider.wrapKey\",\n options,\n async (updatedOptions) => {\n const result = await this.client.wrapKey(\n this.name,\n this.version,\n {\n algorithm,\n value: keyToWrap,\n },\n updatedOptions,\n );\n\n return {\n result: result.result!,\n algorithm,\n keyID: this.getKeyID(),\n };\n },\n );\n }\n\n unwrapKey(\n algorithm: KeyWrapAlgorithm,\n encryptedKey: Uint8Array,\n options: UnwrapKeyOptions = {},\n ): Promise<UnwrapResult> {\n return tracingClient.withSpan(\n \"RemoteCryptographyProvider.unwrapKey\",\n options,\n async (updatedOptions) => {\n const result = await this.client.unwrapKey(\n this.name,\n this.version,\n {\n algorithm,\n value: encryptedKey,\n },\n updatedOptions,\n );\n\n return {\n result: result.result!,\n algorithm,\n keyID: this.getKeyID(),\n };\n },\n );\n }\n\n sign(algorithm: string, digest: Uint8Array, options: SignOptions = {}): Promise<SignResult> {\n return tracingClient.withSpan(\n \"RemoteCryptographyProvider.sign\",\n options,\n async (updatedOptions) => {\n const result = await this.client.sign(\n this.name,\n this.version,\n {\n algorithm,\n value: digest,\n },\n updatedOptions,\n );\n\n return { result: result.result!, algorithm, keyID: this.getKeyID() };\n },\n );\n }\n\n verifyData(\n algorithm: string,\n data: Uint8Array,\n signature: Uint8Array,\n options: VerifyOptions = {},\n ): Promise<VerifyResult> {\n return tracingClient.withSpan(\n \"RemoteCryptographyProvider.verifyData\",\n options,\n async (updatedOptions) => {\n const hash = await createHash(algorithm, data);\n return this.verify(algorithm, hash, signature, updatedOptions);\n },\n );\n }\n\n verify(\n algorithm: string,\n digest: Uint8Array,\n signature: Uint8Array,\n options: VerifyOptions = {},\n ): Promise<VerifyResult> {\n return tracingClient.withSpan(\n \"RemoteCryptographyProvider.verify\",\n options,\n async (updatedOptions) => {\n const response = await this.client.verify(\n this.name,\n this.version,\n {\n algorithm,\n digest,\n signature,\n },\n updatedOptions,\n );\n return {\n result: response.value ? response.value : false,\n keyID: this.getKeyID(),\n };\n },\n );\n }\n\n signData(algorithm: string, data: Uint8Array, options: SignOptions = {}): Promise<SignResult> {\n return tracingClient.withSpan(\n \"RemoteCryptographyProvider.signData\",\n options,\n async (updatedOptions) => {\n const digest = await createHash(algorithm, data);\n const result = await this.client.sign(\n this.name,\n this.version,\n {\n algorithm,\n value: digest,\n },\n updatedOptions,\n );\n return { result: result.result!, algorithm, keyID: this.getKeyID() };\n },\n );\n }\n\n /**\n * The base URL to the vault.\n */\n readonly vaultUrl: string;\n\n /**\n * The ID of the key used to perform cryptographic operations for the client.\n */\n get keyId(): string | undefined {\n return this.getKeyID();\n }\n\n /**\n * Gets the {@link KeyVaultKey} used for cryptography operations, fetching it\n * from KeyVault if necessary.\n * @param options - Additional options.\n */\n getKey(options: GetKeyOptions = {}): Promise<KeyVaultKey> {\n return tracingClient.withSpan(\n \"RemoteCryptographyProvider.getKey\",\n options,\n async (updatedOptions) => {\n if (typeof this.key === \"string\") {\n if (!this.name || this.name === \"\") {\n throw new Error(\"getKey requires a key with a name\");\n }\n const response = await this.client.getKey(\n this.name,\n options && options.version ? options.version : this.version ? this.version : \"\",\n updatedOptions,\n );\n this.key = getKeyFromKeyBundle(response);\n }\n return this.key;\n },\n );\n }\n\n /**\n * A reference to the auto-generated KeyVault HTTP client.\n */\n private client: KeyVaultClient;\n\n /**\n * A reference to the key used for the cryptographic operations.\n * Based on what was provided to the CryptographyClient constructor,\n * it can be either a string with the URL of a Key Vault Key, or an already parsed {@link KeyVaultKey}.\n */\n private key: string | KeyVaultKey;\n\n /**\n * Name of the key the client represents\n */\n private name: string;\n\n /**\n * Version of the key the client represents\n */\n private version: string;\n\n /**\n * Attempts to retrieve the ID of the key.\n */\n private getKeyID(): string | undefined {\n let kid;\n if (typeof this.key !== \"string\") {\n kid = this.key.id;\n } else {\n kid = this.key;\n }\n\n return kid;\n }\n}\n\n/**\n * A helper method to either get the passed down generated client or initialize a new one.\n * An already constructed generated client may be passed down from {@link KeyClient} in which case we should reuse it.\n *\n * @internal\n * @param credential - The credential to use when initializing a new client.\n * @param options - The options for constructing a client or the underlying client if one already exists.\n * @returns - A generated client instance\n */\nfunction getOrInitializeClient(\n vaultUrl: string,\n credential: TokenCredential,\n options: CryptographyClientOptions & { generatedClient?: KeyVaultClient },\n): KeyVaultClient {\n if (options.generatedClient) {\n return options.generatedClient;\n }\n\n const libInfo = `azsdk-js-keyvault-keys/${SDK_VERSION}`;\n\n const userAgentOptions = options.userAgentOptions;\n\n options.userAgentOptions = {\n userAgentPrefix:\n userAgentOptions && userAgentOptions.userAgentPrefix\n ? `${userAgentOptions.userAgentPrefix} ${libInfo}`\n : libInfo,\n };\n\n const internalPipelineOptions: KeyVaultClientOptionalParams = {\n ...options,\n apiVersion: options.serviceVersion || LATEST_API_VERSION,\n loggingOptions: {\n logger: logger.info,\n additionalAllowedHeaderNames: [\n \"x-ms-keyvault-region\",\n \"x-ms-keyvault-network-info\",\n \"x-ms-keyvault-service-version\",\n ],\n },\n };\n\n const client = new KeyVaultClient(vaultUrl, credential, internalPipelineOptions);\n\n client.pipeline.removePolicy({ name: bearerTokenAuthenticationPolicyName });\n client.pipeline.addPolicy(keyVaultAuthenticationPolicy(credential, options));\n // Workaround for: https://github.com/Azure/azure-sdk-for-js/issues/31843\n client.pipeline.addPolicy({\n name: \"ContentTypePolicy\",\n sendRequest(request, next) {\n const contentType = request.headers.get(\"Content-Type\") ?? \"\";\n if (contentType.startsWith(\"application/json\")) {\n request.headers.set(\"Content-Type\", \"application/json\");\n }\n return next(request);\n },\n });\n\n return client;\n}\n"]}
package/dist/browser/cryptographyClient.js CHANGED
@@ -13,6 +13,14 @@ import { logger } from "./log.js";
13
13
  * or a local {@link JsonWebKey}.
14
14
  */
15
15
  export class CryptographyClient {
16
+ /**
17
+ * The key the CryptographyClient currently holds.
18
+ */
19
+ key;
20
+ /**
21
+ * The remote provider, which would be undefined if used in local mode.
22
+ */
23
+ remoteProvider;
16
24
  /**
17
25
  * Internal constructor implementation for either local or Key Vault backed keys.
18
26
  * @param key - The key to use during cryptography tasks.
@@ -47,8 +55,7 @@ export class CryptographyClient {
47
55
  * The base URL to the vault. If a local {@link JsonWebKey} is used vaultUrl will be empty.
48
56
  */
49
57
  get vaultUrl() {
50
- var _a;
51
- return ((_a = this.remoteProvider) === null || _a === void 0 ? void 0 : _a.vaultUrl) || "";
58
+ return this.remoteProvider?.vaultUrl || "";
52
59
  }
53
60
  /**
54
61
  * The ID of the key used to perform cryptographic operations for the client.
@@ -472,6 +479,7 @@ export class CryptographyClient {
472
479
  }
473
480
  return this.key;
474
481
  }
482
+ providers;
475
483
  /**
476
484
  * Gets the provider that support this algorithm and operation.
477
485
  * The available providers are ordered by priority such that the first provider that supports this
@@ -501,7 +509,6 @@ export class CryptographyClient {
501
509
  return providers[0];
502
510
  }
503
511
  ensureValid(key, operation) {
504
- var _a;
505
512
  if (key.kind === "KeyVaultKey") {
506
513
  const keyOps = key.value.keyOperations;
507
514
  const { notBefore, expiresOn } = key.value.properties;
@@ -514,13 +521,13 @@ export class CryptographyClient {
514
521
  throw new Error(`Key ${key.value.id} expired at ${expiresOn.toISOString()}`);
515
522
  }
516
523
  // Check Key operations
517
- if (operation && keyOps && !(keyOps === null || keyOps === void 0 ? void 0 : keyOps.includes(operation))) {
524
+ if (operation && keyOps && !keyOps?.includes(operation)) {
518
525
  throw new Error(`Operation ${operation} is not supported on key ${key.value.id}`);
519
526
  }
520
527
  }
521
528
  else if (key.kind === "JsonWebKey") {
522
529
  // Check JsonWebKey Key operations
523
- if (operation && key.value.keyOps && !((_a = key.value.keyOps) === null || _a === void 0 ? void 0 : _a.includes(operation))) {
530
+ if (operation && key.value.keyOps && !key.value.keyOps?.includes(operation)) {
524
531
  throw new Error(`Operation ${operation} is not supported on key ${key.value.kid}`);
525
532
  }
526
533
  }
package/dist/browser/cryptographyClient.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"cryptographyClient.js","sourceRoot":"","sources":["../../src/cryptographyClient.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAWlC,OAAO,EAAE,kBAAkB,EAAE,MAAM,iBAAiB,CAAC;AAuBrD,OAAO,EAAE,0BAA0B,EAAE,MAAM,8CAA8C,CAAC;AAC1F,OAAO,EAAE,WAAW,EAAE,MAAM,0BAA0B,CAAC;AAEvD,OAAO,EAAE,uBAAuB,EAAE,MAAM,2CAA2C,CAAC;AACpF,OAAO,EAAE,uBAAuB,EAAE,MAAM,2CAA2C,CAAC;AACpF,OAAO,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AAC7C,OAAO,EAAE,WAAW,EAAE,MAAM,2BAA2B,CAAC;AACxD,OAAO,EAAE,MAAM,EAAE,MAAM,UAAU,CAAC;AAElC;;;GAGG;AACH,MAAM,OAAO,kBAAkB;IAoE7B;;;;OAIG;IACH,YACE,GAAsC,EACtC,UAA4B,EAC5B,kBAA6C,EAAE;QAE/C,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;YAC5B,uCAAuC;YACvC,IAAI,CAAC,GAAG,GAAG;gBACT,IAAI,EAAE,YAAY;gBAClB,KAAK,EAAE,GAAG;aACX,CAAC;YACF,IAAI,CAAC,cAAc,GAAG,IAAI,0BAA0B,CAAC,GAAG,EAAE,UAAW,EAAE,eAAe,CAAC,CAAC;QAC1F,CAAC;aAAM,IAAI,MAAM,IAAI,GAAG,EAAE,CAAC;YACzB,4CAA4C;YAC5C,IAAI,CAAC,GAAG,GAAG;gBACT,IAAI,EAAE,aAAa;gBACnB,KAAK,EAAE,GAAG;aACX,CAAC;YACF,IAAI,CAAC,cAAc,GAAG,IAAI,0BAA0B,CAAC,GAAG,EAAE,UAAW,EAAE,eAAe,CAAC,CAAC;QAC1F,CAAC;aAAM,CAAC;YACN,wCAAwC;YACxC,IAAI,CAAC,GAAG,GAAG;gBACT,IAAI,EAAE,YAAY;gBAClB,KAAK,EAAE,GAAG;aACX,CAAC;QACJ,CAAC;IACH,CAAC;IAED;;OAEG;IACH,IAAI,QAAQ;;QACV,OAAO,CAAA,MAAA,IAAI,CAAC,cAAc,0CAAE,QAAQ,KAAI,EAAE,CAAC;IAC7C,CAAC;IAED;;OAEG;IACH,IAAI,KAAK;QACP,IAAI,IAAI,CAAC,GAAG,CAAC,IAAI,KAAK,YAAY,IAAI,IAAI,CAAC,GAAG,CAAC,IAAI,KAAK,sBAAsB,EAAE,CAAC;YAC/E,OAAO,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC;QACxB,CAAC;aAAM,IAAI,IAAI,CAAC,GAAG,CAAC,IAAI,KAAK,aAAa,EAAE,CAAC;YAC3C,OAAO,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC;QAC3B,CAAC;aAAM,CAAC;YACN,OAAO,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC;QAC5B,CAAC;IACH,CAAC;IAoEM,OAAO,CACZ,GAAG,IAEmD;QAEtD,MAAM,CAAC,UAAU,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC,4BAA4B,CAAC,IAAI,CAAC,CAAC;QACtE,OAAO,aAAa,CAAC,QAAQ,CAAC,4BAA4B,EAAE,OAAO,EAAE,KAAK,EAAE,cAAc,EAAE,EAAE;YAC5F,IAAI,CAAC,WAAW,CAAC,MAAM,IAAI,CAAC,QAAQ,CAAC,cAAc,CAAC,EAAE,kBAAkB,CAAC,OAAO,CAAC,CAAC;YAClF,IAAI,CAAC,YAAY,CAAC,UAAU,CAAC,CAAC;YAC9B,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,SAAS,EAAE,UAAU,CAAC,SAAS,EAAE,cAAc,CAAC,CAAC;YACzF,IAAI,CAAC;gBACH,OAAO,QAAQ,CAAC,OAAO,CAAC,UAAU,EAAE,cAAc,CAAC,CAAC;YACtD,CAAC;YAAC,OAAO,KAAU,EAAE,CAAC;gBACpB,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;oBACxB,OAAO,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC,UAAU,EAAE,cAAc,CAAC,CAAC;gBACjE,CAAC;gBACD,MAAM,KAAK,CAAC;YACd,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC;IAEO,YAAY,CAAC,UAA6B;QAChD,uFAAuF;QACvF,MAAM,qBAAqB,GAAgC;YACzD,SAAS;YACT,YAAY;YACZ,SAAS;YACT,YAAY;YACZ,SAAS;YACT,YAAY;SACb,CAAC;QAEF,IAAI,UAAU,CAAC,SAAS,IAAI,qBAAqB,EAAE,CAAC;YAClD,IAAI,CAAC;gBACH,MAAM,SAAS,GAAG,UAAqC,CAAC;gBACxD,IAAI,CAAC,SAAS,CAAC,EAAE,EAAE,CAAC;oBAClB,SAAS,CAAC,EAAE,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC;gBACjC,CAAC;YACH,CAAC;YAAC,OAAO,CAAM,EAAE,CAAC;gBAChB,MAAM,IAAI,KAAK,CACb,yCAAyC,UAAU,CAAC,SAAS,yDAAyD,CAAC,CAAC,OAAO,EAAE,CAClI,CAAC;YACJ,CAAC;QACH,CAAC;IACH,CAAC;IAED;;;OAGG;IACK,4BAA4B,CAClC,IAAkF;QAElF,IAAI,OAAO,IAAI,CAAC,CAAC,CAAC,KAAK,QAAQ,EAAE,CAAC;YAChC,4CAA4C;YAC5C,OAAO;gBACL;oBACE,SAAS,EAAE,IAAI,CAAC,CAAC,CAAC;oBAClB,SAAS,EAAE,IAAI,CAAC,CAAC,CAAC;iBACE;gBACtB,IAAI,CAAC,CAAC,CAAC,IAAI,EAAE;aACd,CAAC;QACJ,CAAC;aAAM,CAAC;YACN,sEAAsE;YACtE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,EAAE,CAAmB,CAAC,CAAC;QACtD,CAAC;IACH,CAAC;IAqFM,OAAO,CACZ,GAAG,IAEmD;QAEtD,MAAM,CAAC,UAAU,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC,4BAA4B,CAAC,IAAI,CAAC,CAAC;QAEtE,OAAO,aAAa,CAAC,QAAQ,CAAC,4BAA4B,EAAE,OAAO,EAAE,KAAK,EAAE,cAAc,EAAE,EAAE;YAC5F,IAAI,CAAC,WAAW,CAAC,MAAM,IAAI,CAAC,QAAQ,CAAC,cAAc,CAAC,EAAE,kBAAkB,CAAC,OAAO,CAAC,CAAC;YAClF,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,SAAS,EAAE,UAAU,CAAC,SAAS,EAAE,cAAc,CAAC,CAAC;YACzF,IAAI,CAAC;gBACH,OAAO,QAAQ,CAAC,OAAO,CAAC,UAAU,EAAE,cAAc,CAAC,CAAC;YACtD,CAAC;YAAC,OAAO,KAAU,EAAE,CAAC;gBACpB,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;oBACxB,OAAO,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC,UAAU,EAAE,cAAc,CAAC,CAAC;gBACjE,CAAC;gBACD,MAAM,KAAK,CAAC;YACd,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;;OAGG;IACK,4BAA4B,CAClC,IAAkF;QAElF,IAAI,OAAO,IAAI,CAAC,CAAC,CAAC,KAAK,QAAQ,EAAE,CAAC;YAChC,qDAAqD;YACrD,OAAO;gBACL;oBACE,SAAS,EAAE,IAAI,CAAC,CAAC,CAAC;oBAClB,UAAU,EAAE,IAAI,CAAC,CAAC,CAAC;iBACC;gBACtB,IAAI,CAAC,CAAC,CAAC,IAAI,EAAE;aACd,CAAC;QACJ,CAAC;aAAM,CAAC;YACN,gFAAgF;YAChF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,EAAE,CAAmB,CAAC,CAAC;QACtD,CAAC;IACH,CAAC;IAED;;;;;;;;;;;;;;;;;;;;;;;;OAwBG;IACI,OAAO,CACZ,SAA2B,EAC3B,GAAe,EACf,UAA0B,EAAE;QAE5B,OAAO,aAAa,CAAC,QAAQ,CAAC,4BAA4B,EAAE,OAAO,EAAE,KAAK,EAAE,cAAc,EAAE,EAAE;YAC5F,IAAI,CAAC,WAAW,CAAC,MAAM,IAAI,CAAC,QAAQ,CAAC,cAAc,CAAC,EAAE,kBAAkB,CAAC,OAAO,CAAC,CAAC;YAClF,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,SAAS,EAAE,SAAS,EAAE,cAAc,CAAC,CAAC;YAC9E,IAAI,CAAC;gBACH,OAAO,QAAQ,CAAC,OAAO,CAAC,SAAS,EAAE,GAAG,EAAE,cAAc,CAAC,CAAC;YAC1D,CAAC;YAAC,OAAO,GAAQ,EAAE,CAAC;gBAClB,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;oBACxB,OAAO,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC,SAAS,EAAE,GAAG,EAAE,OAAO,CAAC,CAAC;gBAC9D,CAAC;gBACD,MAAM,GAAG,CAAC;YACZ,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;;;;;;;;;;;;;;;;;;;;;;;;;;OA2BG;IACI,SAAS,CACd,SAA2B,EAC3B,YAAwB,EACxB,UAA4B,EAAE;QAE9B,OAAO,aAAa,CAAC,QAAQ,CAC3B,8BAA8B,EAC9B,OAAO,EACP,KAAK,EAAE,cAAc,EAAE,EAAE;YACvB,IAAI,CAAC,WAAW,CAAC,MAAM,IAAI,CAAC,QAAQ,CAAC,cAAc,CAAC,EAAE,kBAAkB,CAAC,SAAS,CAAC,CAAC;YACpF,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,WAAW,EAAE,SAAS,EAAE,cAAc,CAAC,CAAC;YAChF,IAAI,CAAC;gBACH,OAAO,QAAQ,CAAC,SAAS,CAAC,SAAS,EAAE,YAAY,EAAE,cAAc,CAAC,CAAC;YACrE,CAAC;YAAC,OAAO,GAAQ,EAAE,CAAC;gBAClB,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;oBACxB,OAAO,IAAI,CAAC,cAAc,CAAC,SAAS,CAAC,SAAS,EAAE,YAAY,EAAE,OAAO,CAAC,CAAC;gBACzE,CAAC;gBACD,MAAM,GAAG,CAAC;YACZ,CAAC;QACH,CAAC,CACF,CAAC;IACJ,CAAC;IAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OA+BG;IACI,IAAI,CACT,SAA6B,EAC7B,MAAkB,EAClB,UAAuB,EAAE;QAEzB,OAAO,aAAa,CAAC,QAAQ,CAAC,yBAAyB,EAAE,OAAO,EAAE,KAAK,EAAE,cAAc,EAAE,EAAE;YACzF,IAAI,CAAC,WAAW,CAAC,MAAM,IAAI,CAAC,QAAQ,CAAC,cAAc,CAAC,EAAE,kBAAkB,CAAC,IAAI,CAAC,CAAC;YAC/E,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,SAAS,EAAE,cAAc,CAAC,CAAC;YAC3E,IAAI,CAAC;gBACH,OAAO,QAAQ,CAAC,IAAI,CAAC,SAAS,EAAE,MAAM,EAAE,cAAc,CAAC,CAAC;YAC1D,CAAC;YAAC,OAAO,GAAQ,EAAE,CAAC;gBAClB,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;oBACxB,OAAO,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,SAAS,EAAE,MAAM,EAAE,cAAc,CAAC,CAAC;gBACrE,CAAC;gBACD,MAAM,GAAG,CAAC;YACZ,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OAiCG;IACI,MAAM,CACX,SAA6B,EAC7B,MAAkB,EAClB,SAAqB,EACrB,UAAyB,EAAE;QAE3B,OAAO,aAAa,CAAC,QAAQ,CAAC,2BAA2B,EAAE,OAAO,EAAE,KAAK,EAAE,cAAc,EAAE,EAAE;YAC3F,IAAI,CAAC,WAAW,CAAC,MAAM,IAAI,CAAC,QAAQ,CAAC,cAAc,CAAC,EAAE,kBAAkB,CAAC,MAAM,CAAC,CAAC;YACjF,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,QAAQ,EAAE,SAAS,EAAE,cAAc,CAAC,CAAC;YAC7E,IAAI,CAAC;gBACH,OAAO,QAAQ,CAAC,MAAM,CAAC,SAAS,EAAE,MAAM,EAAE,SAAS,EAAE,cAAc,CAAC,CAAC;YACvE,CAAC;YAAC,OAAO,GAAQ,EAAE,CAAC;gBAClB,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;oBACxB,OAAO,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,SAAS,EAAE,MAAM,EAAE,SAAS,EAAE,cAAc,CAAC,CAAC;gBAClF,CAAC;gBACD,MAAM,GAAG,CAAC;YACZ,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;;;;;;;;;;;;;;;;;;;;;;;OAwBG;IACI,QAAQ,CACb,SAA6B,EAC7B,IAAgB;IAChB,8DAA8D;IAC9D,UAAuB,EAAE;QAEzB,OAAO,aAAa,CAAC,QAAQ,CAC3B,6BAA6B,EAC7B,OAAO,EACP,KAAK,EAAE,cAAc,EAAE,EAAE;YACvB,IAAI,CAAC,WAAW,CAAC,MAAM,IAAI,CAAC,QAAQ,CAAC,cAAc,CAAC,EAAE,kBAAkB,CAAC,IAAI,CAAC,CAAC;YAC/E,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,UAAU,EAAE,SAAS,EAAE,cAAc,CAAC,CAAC;YAC/E,IAAI,CAAC;gBACH,OAAO,QAAQ,CAAC,QAAQ,CAAC,SAAS,EAAE,IAAI,EAAE,cAAc,CAAC,CAAC;YAC5D,CAAC;YAAC,OAAO,GAAQ,EAAE,CAAC;gBAClB,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;oBACxB,OAAO,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,SAAS,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC;gBAChE,CAAC;gBACD,MAAM,GAAG,CAAC;YACZ,CAAC;QACH,CAAC,CACF,CAAC;IACJ,CAAC;IAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OA8BG;IACI,UAAU,CACf,SAA6B,EAC7B,IAAgB,EAChB,SAAqB;IACrB,8DAA8D;IAC9D,UAAyB,EAAE;QAE3B,OAAO,aAAa,CAAC,QAAQ,CAC3B,+BAA+B,EAC/B,OAAO,EACP,KAAK,EAAE,cAAc,EAAE,EAAE;YACvB,IAAI,CAAC,WAAW,CAAC,MAAM,IAAI,CAAC,QAAQ,CAAC,cAAc,CAAC,EAAE,kBAAkB,CAAC,MAAM,CAAC,CAAC;YACjF,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,YAAY,EAAE,SAAS,EAAE,cAAc,CAAC,CAAC;YACjF,IAAI,CAAC;gBACH,OAAO,QAAQ,CAAC,UAAU,CAAC,SAAS,EAAE,IAAI,EAAE,SAAS,EAAE,cAAc,CAAC,CAAC;YACzE,CAAC;YAAC,OAAO,GAAQ,EAAE,CAAC;gBAClB,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;oBACxB,OAAO,IAAI,CAAC,cAAc,CAAC,UAAU,CAAC,SAAS,EAAE,IAAI,EAAE,SAAS,EAAE,cAAc,CAAC,CAAC;gBACpF,CAAC;gBACD,MAAM,GAAG,CAAC;YACZ,CAAC;QACH,CAAC,CACF,CAAC;IACJ,CAAC;IAED;;;OAGG;IACK,KAAK,CAAC,cAAc,CAAC,OAAsB;QACjD,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;QAEzC,QAAQ,GAAG,CAAC,IAAI,EAAE,CAAC;YACjB,KAAK,YAAY;gBACf,OAAO,GAAG,CAAC,KAAK,CAAC;YACnB,KAAK,aAAa;gBAChB,OAAO,GAAG,CAAC,KAAK,CAAC,GAAI,CAAC;YACxB;gBACE,OAAO,SAAS,CAAC;QACrB,CAAC;IACH,CAAC;IAED;;;;OAIG;IACK,KAAK,CAAC,QAAQ,CAA6B,OAAU;QAC3D,IAAI,IAAI,CAAC,GAAG,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;YACnC,0DAA0D;YAC1D,IAAI,GAA4B,CAAC;YACjC,IAAI,CAAC;gBACH,GAAG,GAAG,MAAM,IAAI,CAAC,cAAe,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;YACnD,CAAC;YAAC,OAAO,CAAU,EAAE,CAAC;gBACpB,IAAI,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,UAAU,KAAK,GAAG,EAAE,CAAC;oBAC3C,4FAA4F;oBAC5F,sGAAsG;oBACtG,MAAM,CAAC,OAAO,CACZ,gCAAgC,IAAI,CAAC,GAAG,CAAC,KAAK,qCAAqC,CACpF,CAAC;oBACF,IAAI,CAAC,GAAG,GAAG,EAAE,IAAI,EAAE,sBAAsB,EAAE,KAAK,EAAE,IAAI,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC;gBACrE,CAAC;qBAAM,CAAC;oBACN,MAAM,CAAC,CAAC;gBACV,CAAC;YACH,CAAC;YAED,IAAI,GAAG,EAAE,CAAC;gBACR,IAAI,CAAC,GAAG,GAAG,EAAE,IAAI,EAAE,aAAa,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC;YACjD,CAAC;QACH,CAAC;QAED,OAAO,IAAI,CAAC,GAAG,CAAC;IAClB,CAAC;IAGD;;;;;;OAMG;IACK,KAAK,CAAC,WAAW,CACvB,SAAwC,EACxC,SAAiB,EACjB,OAAU;QAEV,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC;YACpB,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC;YACvD,IAAI,CAAC,SAAS,GAAG,EAAE,CAAC;YAEpB,uCAAuC;YACvC,IAAI,WAAW,EAAE,CAAC;gBAChB,IAAI,CAAC,SAAS,CAAC,IAAI,CACjB,IAAI,uBAAuB,CAAC,WAAW,CAAC,EACxC,IAAI,uBAAuB,CAAC,WAAW,CAAC,CACzC,CAAC;YACJ,CAAC;YAED,2FAA2F;YAC3F,qGAAqG;YACrG,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;gBACxB,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;YAC3C,CAAC;QACH,CAAC;QAED,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,CAAC,SAAS,EAAE,SAAS,CAAC,CAAC,CAAC;QAEpF,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC3B,MAAM,IAAI,KAAK,CACb,iCAAiC,SAAS,sBAAsB,SAAS,KACvE,IAAI,CAAC,GAAG,CAAC,IAAI,KAAK,YAAY,CAAC,CAAC,CAAC,0BAA0B,CAAC,CAAC,CAAC,EAChE,EAAE,CACH,CAAC;QACJ,CAAC;QAED,uDAAuD;QACvD,OAAO,SAAS,CAAC,CAAC,CAAC,CAAC;IACtB,CAAC;IAEO,WAAW,CAAC,GAA0B,EAAE,SAAwB;;QACtE,IAAI,GAAG,CAAC,IAAI,KAAK,aAAa,EAAE,CAAC;YAC/B,MAAM,MAAM,GAAG,GAAG,CAAC,KAAK,CAAC,aAAa,CAAC;YACvC,MAAM,EAAE,SAAS,EAAE,SAAS,EAAE,GAAG,GAAG,CAAC,KAAK,CAAC,UAAU,CAAC;YACtD,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;YAEvB,gCAAgC;YAChC,IAAI,SAAS,IAAI,GAAG,GAAG,SAAS,EAAE,CAAC;gBACjC,MAAM,IAAI,KAAK,CAAC,OAAO,GAAG,CAAC,KAAK,CAAC,EAAE,yBAAyB,SAAS,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;YACzF,CAAC;YAED,IAAI,SAAS,IAAI,GAAG,GAAG,SAAS,EAAE,CAAC;gBACjC,MAAM,IAAI,KAAK,CAAC,OAAO,GAAG,CAAC,KAAK,CAAC,EAAE,eAAe,SAAS,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;YAC/E,CAAC;YAED,uBAAuB;YACvB,IAAI,SAAS,IAAI,MAAM,IAAI,CAAC,CAAA,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,QAAQ,CAAC,SAAS,CAAC,CAAA,EAAE,CAAC;gBACxD,MAAM,IAAI,KAAK,CAAC,aAAa,SAAS,4BAA4B,GAAG,CAAC,KAAK,CAAC,EAAE,EAAE,CAAC,CAAC;YACpF,CAAC;QACH,CAAC;aAAM,IAAI,GAAG,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;YACrC,kCAAkC;YAClC,IAAI,SAAS,IAAI,GAAG,CAAC,KAAK,CAAC,MAAM,IAAI,CAAC,CAAA,MAAA,GAAG,CAAC,KAAK,CAAC,MAAM,0CAAE,QAAQ,CAAC,SAAS,CAAC,CAAA,EAAE,CAAC;gBAC5E,MAAM,IAAI,KAAK,CAAC,aAAa,SAAS,4BAA4B,GAAG,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC;YACrF,CAAC;QACH,CAAC;IACH,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { OperationOptions } from \"@azure-rest/core-client\";\nimport type { TokenCredential } from \"@azure/core-auth\";\nimport type {\n CryptographyClientOptions,\n GetKeyOptions,\n JsonWebKey,\n KeyOperation,\n KeyVaultKey,\n} from \"./keysModels.js\";\nimport { KnownKeyOperations } from \"./keysModels.js\";\nimport type {\n AesCbcEncryptParameters,\n AesCbcEncryptionAlgorithm,\n CryptographyClientKey,\n DecryptOptions,\n DecryptParameters,\n DecryptResult,\n EncryptOptions,\n EncryptParameters,\n EncryptResult,\n EncryptionAlgorithm,\n KeyWrapAlgorithm,\n SignOptions,\n SignResult,\n SignatureAlgorithm,\n UnwrapKeyOptions,\n UnwrapResult,\n VerifyOptions,\n VerifyResult,\n WrapKeyOptions,\n WrapResult,\n} from \"./cryptographyClientModels.js\";\nimport { RemoteCryptographyProvider } from \"./cryptography/remoteCryptographyProvider.js\";\nimport { randomBytes } from \"./cryptography/crypto.js\";\nimport type { CryptographyProvider, CryptographyProviderOperation } from \"./cryptography/models.js\";\nimport { RsaCryptographyProvider } from \"./cryptography/rsaCryptographyProvider.js\";\nimport { AesCryptographyProvider } from \"./cryptography/aesCryptographyProvider.js\";\nimport { tracingClient } from \"./tracing.js\";\nimport { isRestError } from \"@azure/core-rest-pipeline\";\nimport { logger } from \"./log.js\";\n\n/**\n * A client used to perform cryptographic operations on an Azure Key vault key\n * or a local {@link JsonWebKey}.\n */\nexport class CryptographyClient {\n /**\n * The key the CryptographyClient currently holds.\n */\n private key: CryptographyClientKey;\n\n /**\n * The remote provider, which would be undefined if used in local mode.\n */\n private remoteProvider?: RemoteCryptographyProvider;\n\n /**\n * Constructs a new instance of the Cryptography client for the given key\n *\n * Example usage:\n * ```ts snippet:ReadmeSampleCreateCryptographyClient\n * import { DefaultAzureCredential } from \"@azure/identity\";\n * import { KeyClient, CryptographyClient } from \"@azure/keyvault-keys\";\n *\n * const credential = new DefaultAzureCredential();\n *\n * const vaultName = \"<YOUR KEYVAULT NAME>\";\n * const url = `https://${vaultName}.vault.azure.net`;\n *\n * const client = new KeyClient(url, credential);\n *\n * // Create or retrieve a key from the keyvault\n * const myKey = await client.createKey(\"MyKey\", \"RSA\");\n *\n * // Lastly, create our cryptography client and connect to the service\n * const cryptographyClient = new CryptographyClient(myKey, credential);\n * ```\n * @param key - The key to use during cryptography tasks. You can also pass the identifier of the key i.e its url here.\n * @param credential - An object that implements the `TokenCredential` interface used to authenticate requests to the service. Use the \\@azure/identity package to create a credential that suits your needs.\n * @param pipelineOptions - Pipeline options used to configure Key Vault API requests.\n * Omit this parameter to use the default pipeline configuration.\n */\n constructor(\n key: string | KeyVaultKey,\n credential: TokenCredential,\n pipelineOptions?: CryptographyClientOptions,\n );\n /**\n * Constructs a new instance of the Cryptography client for the given key in local mode.\n *\n * Example usage:\n * ```ts snippet:ReadmeSampleCreateCryptographyClientLocal\n * import { CryptographyClient } from \"@azure/keyvault-keys\";\n *\n * const jsonWebKey = {\n * kty: \"RSA\",\n * kid: \"test-key-123\",\n * use: \"sig\",\n * alg: \"RS256\",\n * n: new Uint8Array([112, 34, 56, 98, 123, 244, 200, 99]),\n * e: new Uint8Array([1, 0, 1]),\n * d: new Uint8Array([45, 67, 89, 23, 144, 200, 76, 233]),\n * p: new Uint8Array([34, 89, 100, 77, 204, 56, 29, 77]),\n * q: new Uint8Array([78, 99, 201, 45, 188, 34, 67, 90]),\n * dp: new Uint8Array([23, 45, 78, 56, 200, 144, 32, 67]),\n * dq: new Uint8Array([12, 67, 89, 144, 99, 56, 23, 45]),\n * qi: new Uint8Array([78, 90, 45, 201, 34, 67, 120, 55]),\n * };\n * const client = new CryptographyClient(jsonWebKey);\n * ```\n * @param key - The JsonWebKey to use during cryptography operations.\n */\n constructor(key: JsonWebKey);\n /**\n * Internal constructor implementation for either local or Key Vault backed keys.\n * @param key - The key to use during cryptography tasks.\n * @param credential - Teh credential to use when constructing a Key Vault Cryptography client.\n */\n constructor(\n key: string | KeyVaultKey | JsonWebKey,\n credential?: TokenCredential,\n pipelineOptions: CryptographyClientOptions = {},\n ) {\n if (typeof key === \"string\") {\n // Key URL for remote-local operations.\n this.key = {\n kind: \"identifier\",\n value: key,\n };\n this.remoteProvider = new RemoteCryptographyProvider(key, credential!, pipelineOptions);\n } else if (\"name\" in key) {\n // KeyVault key for remote-local operations.\n this.key = {\n kind: \"KeyVaultKey\",\n value: key,\n };\n this.remoteProvider = new RemoteCryptographyProvider(key, credential!, pipelineOptions);\n } else {\n // JsonWebKey for local-only operations.\n this.key = {\n kind: \"JsonWebKey\",\n value: key,\n };\n }\n }\n\n /**\n * The base URL to the vault. If a local {@link JsonWebKey} is used vaultUrl will be empty.\n */\n get vaultUrl(): string {\n return this.remoteProvider?.vaultUrl || \"\";\n }\n\n /**\n * The ID of the key used to perform cryptographic operations for the client.\n */\n get keyID(): string | undefined {\n if (this.key.kind === \"identifier\" || this.key.kind === \"remoteOnlyIdentifier\") {\n return this.key.value;\n } else if (this.key.kind === \"KeyVaultKey\") {\n return this.key.value.id;\n } else {\n return this.key.value.kid;\n }\n }\n\n /**\n * Encrypts the given plaintext with the specified encryption parameters.\n * Depending on the algorithm set in the encryption parameters, the set of possible encryption parameters will change.\n *\n * Example usage:\n * ```ts snippet:ReadmeSampleEncrypt\n * import { DefaultAzureCredential } from \"@azure/identity\";\n * import { KeyClient, CryptographyClient } from \"@azure/keyvault-keys\";\n *\n * const credential = new DefaultAzureCredential();\n *\n * const vaultName = \"<YOUR KEYVAULT NAME>\";\n * const url = `https://${vaultName}.vault.azure.net`;\n *\n * const client = new KeyClient(url, credential);\n *\n * const myKey = await client.createKey(\"MyKey\", \"RSA\");\n * const cryptographyClient = new CryptographyClient(myKey.id, credential);\n *\n * const encryptResult = await cryptographyClient.encrypt({\n * algorithm: \"RSA1_5\",\n * plaintext: Buffer.from(\"My Message\"),\n * });\n * console.log(\"encrypt result: \", encryptResult.result);\n * ```\n * @param encryptParameters - The encryption parameters, keyed on the encryption algorithm chosen.\n * @param options - Additional options.\n */\n public encrypt(\n encryptParameters: EncryptParameters,\n options?: EncryptOptions,\n ): Promise<EncryptResult>;\n /**\n * Encrypts the given plaintext with the specified cryptography algorithm\n *\n * Example usage:\n * ```ts snippet:ReadmeSampleEncrypt\n * import { DefaultAzureCredential } from \"@azure/identity\";\n * import { KeyClient, CryptographyClient } from \"@azure/keyvault-keys\";\n *\n * const credential = new DefaultAzureCredential();\n *\n * const vaultName = \"<YOUR KEYVAULT NAME>\";\n * const url = `https://${vaultName}.vault.azure.net`;\n *\n * const client = new KeyClient(url, credential);\n *\n * const myKey = await client.createKey(\"MyKey\", \"RSA\");\n * const cryptographyClient = new CryptographyClient(myKey.id, credential);\n *\n * const encryptResult = await cryptographyClient.encrypt({\n * algorithm: \"RSA1_5\",\n * plaintext: Buffer.from(\"My Message\"),\n * });\n * console.log(\"encrypt result: \", encryptResult.result);\n * ```\n * @param algorithm - The algorithm to use.\n * @param plaintext - The text to encrypt.\n * @param options - Additional options.\n * @deprecated Use `encrypt({ algorithm, plaintext }, options)` instead.\n */\n public encrypt(\n algorithm: EncryptionAlgorithm,\n plaintext: Uint8Array,\n options?: EncryptOptions,\n ): Promise<EncryptResult>;\n public encrypt(\n ...args:\n | [EncryptParameters, EncryptOptions?]\n | [EncryptionAlgorithm, Uint8Array, EncryptOptions?]\n ): Promise<EncryptResult> {\n const [parameters, options] = this.disambiguateEncryptArguments(args);\n return tracingClient.withSpan(\"CryptographyClient.encrypt\", options, async (updatedOptions) => {\n this.ensureValid(await this.fetchKey(updatedOptions), KnownKeyOperations.Encrypt);\n this.initializeIV(parameters);\n const provider = await this.getProvider(\"encrypt\", parameters.algorithm, updatedOptions);\n try {\n return provider.encrypt(parameters, updatedOptions);\n } catch (error: any) {\n if (this.remoteProvider) {\n return this.remoteProvider.encrypt(parameters, updatedOptions);\n }\n throw error;\n }\n });\n }\n\n private initializeIV(parameters: EncryptParameters): void {\n // For AES-GCM the service **must** generate the IV, so we only populate it for AES-CBC\n const algorithmsRequiringIV: AesCbcEncryptionAlgorithm[] = [\n \"A128CBC\",\n \"A128CBCPAD\",\n \"A192CBC\",\n \"A192CBCPAD\",\n \"A256CBC\",\n \"A256CBCPAD\",\n ];\n\n if (parameters.algorithm in algorithmsRequiringIV) {\n try {\n const cbcParams = parameters as AesCbcEncryptParameters;\n if (!cbcParams.iv) {\n cbcParams.iv = randomBytes(16);\n }\n } catch (e: any) {\n throw new Error(\n `Unable to initialize IV for algorithm ${parameters.algorithm}. You may pass a valid IV to avoid this error. Error: ${e.message}`,\n );\n }\n }\n }\n\n /**\n * Standardizes the arguments of multiple overloads into a single shape.\n * @param args - The encrypt arguments\n */\n private disambiguateEncryptArguments(\n args: [EncryptParameters, EncryptOptions?] | [string, Uint8Array, EncryptOptions?],\n ): [EncryptParameters, EncryptOptions] {\n if (typeof args[0] === \"string\") {\n // Sample shape: [\"RSA1_5\", buffer, options]\n return [\n {\n algorithm: args[0],\n plaintext: args[1],\n } as EncryptParameters,\n args[2] || {},\n ];\n } else {\n // Sample shape: [{ algorithm: \"RSA1_5\", plaintext: buffer }, options]\n return [args[0], (args[1] || {}) as EncryptOptions];\n }\n }\n\n /**\n * Decrypts the given ciphertext with the specified decryption parameters.\n * Depending on the algorithm used in the decryption parameters, the set of possible decryption parameters will change.\n *\n * Microsoft recommends you not use CBC without first ensuring the integrity of the ciphertext using, for example, an HMAC. See https://learn.microsoft.com/dotnet/standard/security/vulnerabilities-cbc-mode for more information.\n *\n * Example usage:\n * ```ts snippet:ReadmeSampleDecrypt\n * import { DefaultAzureCredential } from \"@azure/identity\";\n * import { KeyClient, CryptographyClient } from \"@azure/keyvault-keys\";\n *\n * const credential = new DefaultAzureCredential();\n *\n * const vaultName = \"<YOUR KEYVAULT NAME>\";\n * const url = `https://${vaultName}.vault.azure.net`;\n *\n * const client = new KeyClient(url, credential);\n *\n * const myKey = await client.createKey(\"MyKey\", \"RSA\");\n * const cryptographyClient = new CryptographyClient(myKey.id, credential);\n *\n * const encryptResult = await cryptographyClient.encrypt({\n * algorithm: \"RSA1_5\",\n * plaintext: Buffer.from(\"My Message\"),\n * });\n * console.log(\"encrypt result: \", encryptResult.result);\n *\n * const decryptResult = await cryptographyClient.decrypt({\n * algorithm: \"RSA1_5\",\n * ciphertext: encryptResult.result,\n * });\n * console.log(\"decrypt result: \", decryptResult.result.toString());\n * ```\n * @param decryptParameters - The decryption parameters.\n * @param options - Additional options.\n */\n public async decrypt(\n decryptParameters: DecryptParameters,\n options?: DecryptOptions,\n ): Promise<DecryptResult>;\n /**\n * Decrypts the given ciphertext with the specified cryptography algorithm\n *\n * Example usage:\n * ```ts snippet:ReadmeSampleDecrypt\n * import { DefaultAzureCredential } from \"@azure/identity\";\n * import { KeyClient, CryptographyClient } from \"@azure/keyvault-keys\";\n *\n * const credential = new DefaultAzureCredential();\n *\n * const vaultName = \"<YOUR KEYVAULT NAME>\";\n * const url = `https://${vaultName}.vault.azure.net`;\n *\n * const client = new KeyClient(url, credential);\n *\n * const myKey = await client.createKey(\"MyKey\", \"RSA\");\n * const cryptographyClient = new CryptographyClient(myKey.id, credential);\n *\n * const encryptResult = await cryptographyClient.encrypt({\n * algorithm: \"RSA1_5\",\n * plaintext: Buffer.from(\"My Message\"),\n * });\n * console.log(\"encrypt result: \", encryptResult.result);\n *\n * const decryptResult = await cryptographyClient.decrypt({\n * algorithm: \"RSA1_5\",\n * ciphertext: encryptResult.result,\n * });\n * console.log(\"decrypt result: \", decryptResult.result.toString());\n * ```\n *\n * Microsoft recommends you not use CBC without first ensuring the integrity of the ciphertext using, for example, an HMAC. See https://learn.microsoft.com/dotnet/standard/security/vulnerabilities-cbc-mode for more information.\n *\n * @param algorithm - The algorithm to use.\n * @param ciphertext - The text to decrypt.\n * @param options - Additional options.\n * @deprecated Use `decrypt({ algorithm, ciphertext }, options)` instead.\n */\n public decrypt(\n algorithm: EncryptionAlgorithm,\n ciphertext: Uint8Array,\n options?: DecryptOptions,\n ): Promise<DecryptResult>;\n public decrypt(\n ...args:\n | [DecryptParameters, DecryptOptions?]\n | [EncryptionAlgorithm, Uint8Array, DecryptOptions?]\n ): Promise<DecryptResult> {\n const [parameters, options] = this.disambiguateDecryptArguments(args);\n\n return tracingClient.withSpan(\"CryptographyClient.decrypt\", options, async (updatedOptions) => {\n this.ensureValid(await this.fetchKey(updatedOptions), KnownKeyOperations.Decrypt);\n const provider = await this.getProvider(\"decrypt\", parameters.algorithm, updatedOptions);\n try {\n return provider.decrypt(parameters, updatedOptions);\n } catch (error: any) {\n if (this.remoteProvider) {\n return this.remoteProvider.decrypt(parameters, updatedOptions);\n }\n throw error;\n }\n });\n }\n\n /**\n * Standardizes the arguments of multiple overloads into a single shape.\n * @param args - The decrypt arguments\n */\n private disambiguateDecryptArguments(\n args: [DecryptParameters, DecryptOptions?] | [string, Uint8Array, DecryptOptions?],\n ): [DecryptParameters, DecryptOptions] {\n if (typeof args[0] === \"string\") {\n // Sample shape: [\"RSA1_5\", encryptedBuffer, options]\n return [\n {\n algorithm: args[0],\n ciphertext: args[1],\n } as DecryptParameters,\n args[2] || {},\n ];\n } else {\n // Sample shape: [{ algorithm: \"RSA1_5\", ciphertext: encryptedBuffer }, options]\n return [args[0], (args[1] || {}) as DecryptOptions];\n }\n }\n\n /**\n * Wraps the given key using the specified cryptography algorithm\n *\n * Example usage:\n * ```ts snippet:ReadmeSampleWrapKey\n * import { DefaultAzureCredential } from \"@azure/identity\";\n * import { KeyClient, CryptographyClient } from \"@azure/keyvault-keys\";\n *\n * const credential = new DefaultAzureCredential();\n *\n * const vaultName = \"<YOUR KEYVAULT NAME>\";\n * const url = `https://${vaultName}.vault.azure.net`;\n *\n * const client = new KeyClient(url, credential);\n *\n * const myKey = await client.createKey(\"MyKey\", \"RSA\");\n * const cryptographyClient = new CryptographyClient(myKey, credential);\n *\n * const wrapResult = await cryptographyClient.wrapKey(\"RSA-OAEP\", Buffer.from(\"My Key\"));\n * console.log(\"wrap result:\", wrapResult.result);\n * ```\n * @param algorithm - The encryption algorithm to use to wrap the given key.\n * @param key - The key to wrap.\n * @param options - Additional options.\n */\n public wrapKey(\n algorithm: KeyWrapAlgorithm,\n key: Uint8Array,\n options: WrapKeyOptions = {},\n ): Promise<WrapResult> {\n return tracingClient.withSpan(\"CryptographyClient.wrapKey\", options, async (updatedOptions) => {\n this.ensureValid(await this.fetchKey(updatedOptions), KnownKeyOperations.WrapKey);\n const provider = await this.getProvider(\"wrapKey\", algorithm, updatedOptions);\n try {\n return provider.wrapKey(algorithm, key, updatedOptions);\n } catch (err: any) {\n if (this.remoteProvider) {\n return this.remoteProvider.wrapKey(algorithm, key, options);\n }\n throw err;\n }\n });\n }\n\n /**\n * Unwraps the given wrapped key using the specified cryptography algorithm\n *\n * Example usage:\n * ```ts snippet:ReadmeSampleUnwrapKey\n * import { DefaultAzureCredential } from \"@azure/identity\";\n * import { KeyClient, CryptographyClient } from \"@azure/keyvault-keys\";\n *\n * const credential = new DefaultAzureCredential();\n *\n * const vaultName = \"<YOUR KEYVAULT NAME>\";\n * const url = `https://${vaultName}.vault.azure.net`;\n *\n * const client = new KeyClient(url, credential);\n *\n * const myKey = await client.createKey(\"MyKey\", \"RSA\");\n * const cryptographyClient = new CryptographyClient(myKey, credential);\n *\n * const wrapResult = await cryptographyClient.wrapKey(\"RSA-OAEP\", Buffer.from(\"My Key\"));\n * console.log(\"wrap result:\", wrapResult.result);\n *\n * const unwrapResult = await cryptographyClient.unwrapKey(\"RSA-OAEP\", wrapResult.result);\n * console.log(\"unwrap result: \", unwrapResult.result);\n * ```\n * @param algorithm - The decryption algorithm to use to unwrap the key.\n * @param encryptedKey - The encrypted key to unwrap.\n * @param options - Additional options.\n */\n public unwrapKey(\n algorithm: KeyWrapAlgorithm,\n encryptedKey: Uint8Array,\n options: UnwrapKeyOptions = {},\n ): Promise<UnwrapResult> {\n return tracingClient.withSpan(\n \"CryptographyClient.unwrapKey\",\n options,\n async (updatedOptions) => {\n this.ensureValid(await this.fetchKey(updatedOptions), KnownKeyOperations.UnwrapKey);\n const provider = await this.getProvider(\"unwrapKey\", algorithm, updatedOptions);\n try {\n return provider.unwrapKey(algorithm, encryptedKey, updatedOptions);\n } catch (err: any) {\n if (this.remoteProvider) {\n return this.remoteProvider.unwrapKey(algorithm, encryptedKey, options);\n }\n throw err;\n }\n },\n );\n }\n\n /**\n * Cryptographically sign the digest of a message\n *\n * Example usage:\n * ```ts snippet:ReadmeSampleSign\n * import { DefaultAzureCredential } from \"@azure/identity\";\n * import { KeyClient, CryptographyClient } from \"@azure/keyvault-keys\";\n * import { createHash } from \"node:crypto\";\n *\n * const credential = new DefaultAzureCredential();\n *\n * const vaultName = \"<YOUR KEYVAULT NAME>\";\n * const url = `https://${vaultName}.vault.azure.net`;\n *\n * const client = new KeyClient(url, credential);\n *\n * let myKey = await client.createKey(\"MyKey\", \"RSA\");\n * const cryptographyClient = new CryptographyClient(myKey, credential);\n *\n * const signatureValue = \"MySignature\";\n * const hash = createHash(\"sha256\");\n *\n * const digest = hash.update(signatureValue).digest();\n * console.log(\"digest: \", digest);\n *\n * const signResult = await cryptographyClient.sign(\"RS256\", digest);\n * console.log(\"sign result: \", signResult.result);\n * ```\n * @param algorithm - The signing algorithm to use.\n * @param digest - The digest of the data to sign.\n * @param options - Additional options.\n */\n public sign(\n algorithm: SignatureAlgorithm,\n digest: Uint8Array,\n options: SignOptions = {},\n ): Promise<SignResult> {\n return tracingClient.withSpan(\"CryptographyClient.sign\", options, async (updatedOptions) => {\n this.ensureValid(await this.fetchKey(updatedOptions), KnownKeyOperations.Sign);\n const provider = await this.getProvider(\"sign\", algorithm, updatedOptions);\n try {\n return provider.sign(algorithm, digest, updatedOptions);\n } catch (err: any) {\n if (this.remoteProvider) {\n return this.remoteProvider.sign(algorithm, digest, updatedOptions);\n }\n throw err;\n }\n });\n }\n\n /**\n * Verify the signed message digest\n *\n * Example usage:\n * ```ts snippet:ReadmeSampleVerify\n * import { DefaultAzureCredential } from \"@azure/identity\";\n * import { KeyClient, CryptographyClient } from \"@azure/keyvault-keys\";\n * import { createHash } from \"node:crypto\";\n *\n * const credential = new DefaultAzureCredential();\n *\n * const vaultName = \"<YOUR KEYVAULT NAME>\";\n * const url = `https://${vaultName}.vault.azure.net`;\n *\n * const client = new KeyClient(url, credential);\n *\n * const myKey = await client.createKey(\"MyKey\", \"RSA\");\n * const cryptographyClient = new CryptographyClient(myKey, credential);\n *\n * const hash = createHash(\"sha256\");\n * hash.update(\"My Message\");\n * const digest = hash.digest();\n *\n * const signResult = await cryptographyClient.sign(\"RS256\", digest);\n * console.log(\"sign result: \", signResult.result);\n *\n * const verifyResult = await cryptographyClient.verify(\"RS256\", digest, signResult.result);\n * console.log(\"verify result: \", verifyResult.result);\n * ```\n * @param algorithm - The signing algorithm to use to verify with.\n * @param digest - The digest to verify.\n * @param signature - The signature to verify the digest against.\n * @param options - Additional options.\n */\n public verify(\n algorithm: SignatureAlgorithm,\n digest: Uint8Array,\n signature: Uint8Array,\n options: VerifyOptions = {},\n ): Promise<VerifyResult> {\n return tracingClient.withSpan(\"CryptographyClient.verify\", options, async (updatedOptions) => {\n this.ensureValid(await this.fetchKey(updatedOptions), KnownKeyOperations.Verify);\n const provider = await this.getProvider(\"verify\", algorithm, updatedOptions);\n try {\n return provider.verify(algorithm, digest, signature, updatedOptions);\n } catch (err: any) {\n if (this.remoteProvider) {\n return this.remoteProvider.verify(algorithm, digest, signature, updatedOptions);\n }\n throw err;\n }\n });\n }\n\n /**\n * Cryptographically sign a block of data\n *\n * Example usage:\n * ```ts snippet:ReadmeSampleSignData\n * import { DefaultAzureCredential } from \"@azure/identity\";\n * import { KeyClient, CryptographyClient } from \"@azure/keyvault-keys\";\n *\n * const credential = new DefaultAzureCredential();\n *\n * const vaultName = \"<YOUR KEYVAULT NAME>\";\n * const url = `https://${vaultName}.vault.azure.net`;\n *\n * const client = new KeyClient(url, credential);\n *\n * const myKey = await client.createKey(\"MyKey\", \"RSA\");\n * const cryptographyClient = new CryptographyClient(myKey, credential);\n *\n * const signResult = await cryptographyClient.signData(\"RS256\", Buffer.from(\"My Message\"));\n * console.log(\"sign result: \", signResult.result);\n * ```\n * @param algorithm - The signing algorithm to use.\n * @param data - The data to sign.\n * @param options - Additional options.\n */\n public signData(\n algorithm: SignatureAlgorithm,\n data: Uint8Array,\n // eslint-disable-next-line @azure/azure-sdk/ts-naming-options\n options: SignOptions = {},\n ): Promise<SignResult> {\n return tracingClient.withSpan(\n \"CryptographyClient.signData\",\n options,\n async (updatedOptions) => {\n this.ensureValid(await this.fetchKey(updatedOptions), KnownKeyOperations.Sign);\n const provider = await this.getProvider(\"signData\", algorithm, updatedOptions);\n try {\n return provider.signData(algorithm, data, updatedOptions);\n } catch (err: any) {\n if (this.remoteProvider) {\n return this.remoteProvider.signData(algorithm, data, options);\n }\n throw err;\n }\n },\n );\n }\n\n /**\n * Verify the signed block of data\n *\n * Example usage:\n * ```ts snippet:ReadmeSampleVerifyData\n * import { DefaultAzureCredential } from \"@azure/identity\";\n * import { KeyClient, CryptographyClient } from \"@azure/keyvault-keys\";\n *\n * const credential = new DefaultAzureCredential();\n *\n * const vaultName = \"<YOUR KEYVAULT NAME>\";\n * const url = `https://${vaultName}.vault.azure.net`;\n *\n * const client = new KeyClient(url, credential);\n *\n * const myKey = await client.createKey(\"MyKey\", \"RSA\");\n * const cryptographyClient = new CryptographyClient(myKey, credential);\n *\n * const buffer = Buffer.from(\"My Message\");\n *\n * const signResult = await cryptographyClient.signData(\"RS256\", buffer);\n * console.log(\"sign result: \", signResult.result);\n *\n * const verifyResult = await cryptographyClient.verifyData(\"RS256\", buffer, signResult.result);\n * console.log(\"verify result: \", verifyResult.result);\n * ```\n * @param algorithm - The algorithm to use to verify with.\n * @param data - The signed block of data to verify.\n * @param signature - The signature to verify the block against.\n * @param options - Additional options.\n */\n public verifyData(\n algorithm: SignatureAlgorithm,\n data: Uint8Array,\n signature: Uint8Array,\n // eslint-disable-next-line @azure/azure-sdk/ts-naming-options\n options: VerifyOptions = {},\n ): Promise<VerifyResult> {\n return tracingClient.withSpan(\n \"CryptographyClient.verifyData\",\n options,\n async (updatedOptions) => {\n this.ensureValid(await this.fetchKey(updatedOptions), KnownKeyOperations.Verify);\n const provider = await this.getProvider(\"verifyData\", algorithm, updatedOptions);\n try {\n return provider.verifyData(algorithm, data, signature, updatedOptions);\n } catch (err: any) {\n if (this.remoteProvider) {\n return this.remoteProvider.verifyData(algorithm, data, signature, updatedOptions);\n }\n throw err;\n }\n },\n );\n }\n\n /**\n * Retrieves the {@link JsonWebKey} from the Key Vault, if possible. Returns undefined if the key could not be retrieved due to insufficient permissions.\n * @param options - The additional options.\n */\n private async getKeyMaterial(options: GetKeyOptions): Promise<JsonWebKey | undefined> {\n const key = await this.fetchKey(options);\n\n switch (key.kind) {\n case \"JsonWebKey\":\n return key.value;\n case \"KeyVaultKey\":\n return key.value.key!;\n default:\n return undefined;\n }\n }\n\n /**\n * Returns the underlying key used for cryptographic operations.\n * If needed, attempts to fetch the key from KeyVault and exchanges the ID for the actual key.\n * @param options - The additional options.\n */\n private async fetchKey<T extends OperationOptions>(options: T): Promise<CryptographyClientKey> {\n if (this.key.kind === \"identifier\") {\n // Exchange the identifier with the actual key when needed\n let key: KeyVaultKey | undefined;\n try {\n key = await this.remoteProvider!.getKey(options);\n } catch (e: unknown) {\n if (isRestError(e) && e.statusCode === 403) {\n // If we don't have permission to get the key, we'll fall back to using the remote provider.\n // Marking the key as a remoteOnlyIdentifier will ensure that we don't attempt to fetch the key again.\n logger.verbose(\n `Permission denied to get key ${this.key.value}. Falling back to remote operation.`,\n );\n this.key = { kind: \"remoteOnlyIdentifier\", value: this.key.value };\n } else {\n throw e;\n }\n }\n\n if (key) {\n this.key = { kind: \"KeyVaultKey\", value: key };\n }\n }\n\n return this.key;\n }\n\n private providers?: CryptographyProvider[];\n /**\n * Gets the provider that support this algorithm and operation.\n * The available providers are ordered by priority such that the first provider that supports this\n * operation is the one we should use.\n * @param operation - The {@link KeyOperation}.\n * @param algorithm - The algorithm to use.\n */\n private async getProvider<T extends OperationOptions>(\n operation: CryptographyProviderOperation,\n algorithm: string,\n options: T,\n ): Promise<CryptographyProvider> {\n if (!this.providers) {\n const keyMaterial = await this.getKeyMaterial(options);\n this.providers = [];\n\n // Add local crypto providers as needed\n if (keyMaterial) {\n this.providers.push(\n new RsaCryptographyProvider(keyMaterial),\n new AesCryptographyProvider(keyMaterial),\n );\n }\n\n // If the remote provider exists, we're in hybrid-mode. Otherwise we're in local-only mode.\n // If we're in hybrid mode the remote provider is used as a catch-all and should be last in the list.\n if (this.remoteProvider) {\n this.providers.push(this.remoteProvider);\n }\n }\n\n const providers = this.providers.filter((p) => p.isSupported(algorithm, operation));\n\n if (providers.length === 0) {\n throw new Error(\n `Unable to support operation: \"${operation}\" with algorithm: \"${algorithm}\" ${\n this.key.kind === \"JsonWebKey\" ? \"using a local JsonWebKey\" : \"\"\n }`,\n );\n }\n\n // Return the first provider that supports this request\n return providers[0];\n }\n\n private ensureValid(key: CryptographyClientKey, operation?: KeyOperation): void {\n if (key.kind === \"KeyVaultKey\") {\n const keyOps = key.value.keyOperations;\n const { notBefore, expiresOn } = key.value.properties;\n const now = new Date();\n\n // Check KeyVault Key Expiration\n if (notBefore && now < notBefore) {\n throw new Error(`Key ${key.value.id} can't be used before ${notBefore.toISOString()}`);\n }\n\n if (expiresOn && now > expiresOn) {\n throw new Error(`Key ${key.value.id} expired at ${expiresOn.toISOString()}`);\n }\n\n // Check Key operations\n if (operation && keyOps && !keyOps?.includes(operation)) {\n throw new Error(`Operation ${operation} is not supported on key ${key.value.id}`);\n }\n } else if (key.kind === \"JsonWebKey\") {\n // Check JsonWebKey Key operations\n if (operation && key.value.keyOps && !key.value.keyOps?.includes(operation)) {\n throw new Error(`Operation ${operation} is not supported on key ${key.value.kid}`);\n }\n }\n }\n}\n"]}
1
+ {"version":3,"file":"cryptographyClient.js","sourceRoot":"","sources":["../../src/cryptographyClient.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAWlC,OAAO,EAAE,kBAAkB,EAAE,MAAM,iBAAiB,CAAC;AAuBrD,OAAO,EAAE,0BAA0B,EAAE,MAAM,8CAA8C,CAAC;AAC1F,OAAO,EAAE,WAAW,EAAE,MAAM,0BAA0B,CAAC;AAEvD,OAAO,EAAE,uBAAuB,EAAE,MAAM,2CAA2C,CAAC;AACpF,OAAO,EAAE,uBAAuB,EAAE,MAAM,2CAA2C,CAAC;AACpF,OAAO,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AAC7C,OAAO,EAAE,WAAW,EAAE,MAAM,2BAA2B,CAAC;AACxD,OAAO,EAAE,MAAM,EAAE,MAAM,UAAU,CAAC;AAElC;;;GAGG;AACH,MAAM,OAAO,kBAAkB;IAC7B;;OAEG;IACK,GAAG,CAAwB;IAEnC;;OAEG;IACK,cAAc,CAA8B;IA2DpD;;;;OAIG;IACH,YACE,GAAsC,EACtC,UAA4B,EAC5B,kBAA6C,EAAE;QAE/C,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;YAC5B,uCAAuC;YACvC,IAAI,CAAC,GAAG,GAAG;gBACT,IAAI,EAAE,YAAY;gBAClB,KAAK,EAAE,GAAG;aACX,CAAC;YACF,IAAI,CAAC,cAAc,GAAG,IAAI,0BAA0B,CAAC,GAAG,EAAE,UAAW,EAAE,eAAe,CAAC,CAAC;QAC1F,CAAC;aAAM,IAAI,MAAM,IAAI,GAAG,EAAE,CAAC;YACzB,4CAA4C;YAC5C,IAAI,CAAC,GAAG,GAAG;gBACT,IAAI,EAAE,aAAa;gBACnB,KAAK,EAAE,GAAG;aACX,CAAC;YACF,IAAI,CAAC,cAAc,GAAG,IAAI,0BAA0B,CAAC,GAAG,EAAE,UAAW,EAAE,eAAe,CAAC,CAAC;QAC1F,CAAC;aAAM,CAAC;YACN,wCAAwC;YACxC,IAAI,CAAC,GAAG,GAAG;gBACT,IAAI,EAAE,YAAY;gBAClB,KAAK,EAAE,GAAG;aACX,CAAC;QACJ,CAAC;IACH,CAAC;IAED;;OAEG;IACH,IAAI,QAAQ;QACV,OAAO,IAAI,CAAC,cAAc,EAAE,QAAQ,IAAI,EAAE,CAAC;IAC7C,CAAC;IAED;;OAEG;IACH,IAAI,KAAK;QACP,IAAI,IAAI,CAAC,GAAG,CAAC,IAAI,KAAK,YAAY,IAAI,IAAI,CAAC,GAAG,CAAC,IAAI,KAAK,sBAAsB,EAAE,CAAC;YAC/E,OAAO,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC;QACxB,CAAC;aAAM,IAAI,IAAI,CAAC,GAAG,CAAC,IAAI,KAAK,aAAa,EAAE,CAAC;YAC3C,OAAO,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC;QAC3B,CAAC;aAAM,CAAC;YACN,OAAO,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC;QAC5B,CAAC;IACH,CAAC;IAoEM,OAAO,CACZ,GAAG,IAEmD;QAEtD,MAAM,CAAC,UAAU,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC,4BAA4B,CAAC,IAAI,CAAC,CAAC;QACtE,OAAO,aAAa,CAAC,QAAQ,CAAC,4BAA4B,EAAE,OAAO,EAAE,KAAK,EAAE,cAAc,EAAE,EAAE;YAC5F,IAAI,CAAC,WAAW,CAAC,MAAM,IAAI,CAAC,QAAQ,CAAC,cAAc,CAAC,EAAE,kBAAkB,CAAC,OAAO,CAAC,CAAC;YAClF,IAAI,CAAC,YAAY,CAAC,UAAU,CAAC,CAAC;YAC9B,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,SAAS,EAAE,UAAU,CAAC,SAAS,EAAE,cAAc,CAAC,CAAC;YACzF,IAAI,CAAC;gBACH,OAAO,QAAQ,CAAC,OAAO,CAAC,UAAU,EAAE,cAAc,CAAC,CAAC;YACtD,CAAC;YAAC,OAAO,KAAU,EAAE,CAAC;gBACpB,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;oBACxB,OAAO,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC,UAAU,EAAE,cAAc,CAAC,CAAC;gBACjE,CAAC;gBACD,MAAM,KAAK,CAAC;YACd,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC;IAEO,YAAY,CAAC,UAA6B;QAChD,uFAAuF;QACvF,MAAM,qBAAqB,GAAgC;YACzD,SAAS;YACT,YAAY;YACZ,SAAS;YACT,YAAY;YACZ,SAAS;YACT,YAAY;SACb,CAAC;QAEF,IAAI,UAAU,CAAC,SAAS,IAAI,qBAAqB,EAAE,CAAC;YAClD,IAAI,CAAC;gBACH,MAAM,SAAS,GAAG,UAAqC,CAAC;gBACxD,IAAI,CAAC,SAAS,CAAC,EAAE,EAAE,CAAC;oBAClB,SAAS,CAAC,EAAE,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC;gBACjC,CAAC;YACH,CAAC;YAAC,OAAO,CAAM,EAAE,CAAC;gBAChB,MAAM,IAAI,KAAK,CACb,yCAAyC,UAAU,CAAC,SAAS,yDAAyD,CAAC,CAAC,OAAO,EAAE,CAClI,CAAC;YACJ,CAAC;QACH,CAAC;IACH,CAAC;IAED;;;OAGG;IACK,4BAA4B,CAClC,IAAkF;QAElF,IAAI,OAAO,IAAI,CAAC,CAAC,CAAC,KAAK,QAAQ,EAAE,CAAC;YAChC,4CAA4C;YAC5C,OAAO;gBACL;oBACE,SAAS,EAAE,IAAI,CAAC,CAAC,CAAC;oBAClB,SAAS,EAAE,IAAI,CAAC,CAAC,CAAC;iBACE;gBACtB,IAAI,CAAC,CAAC,CAAC,IAAI,EAAE;aACd,CAAC;QACJ,CAAC;aAAM,CAAC;YACN,sEAAsE;YACtE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,EAAE,CAAmB,CAAC,CAAC;QACtD,CAAC;IACH,CAAC;IAqFM,OAAO,CACZ,GAAG,IAEmD;QAEtD,MAAM,CAAC,UAAU,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC,4BAA4B,CAAC,IAAI,CAAC,CAAC;QAEtE,OAAO,aAAa,CAAC,QAAQ,CAAC,4BAA4B,EAAE,OAAO,EAAE,KAAK,EAAE,cAAc,EAAE,EAAE;YAC5F,IAAI,CAAC,WAAW,CAAC,MAAM,IAAI,CAAC,QAAQ,CAAC,cAAc,CAAC,EAAE,kBAAkB,CAAC,OAAO,CAAC,CAAC;YAClF,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,SAAS,EAAE,UAAU,CAAC,SAAS,EAAE,cAAc,CAAC,CAAC;YACzF,IAAI,CAAC;gBACH,OAAO,QAAQ,CAAC,OAAO,CAAC,UAAU,EAAE,cAAc,CAAC,CAAC;YACtD,CAAC;YAAC,OAAO,KAAU,EAAE,CAAC;gBACpB,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;oBACxB,OAAO,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC,UAAU,EAAE,cAAc,CAAC,CAAC;gBACjE,CAAC;gBACD,MAAM,KAAK,CAAC;YACd,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;;OAGG;IACK,4BAA4B,CAClC,IAAkF;QAElF,IAAI,OAAO,IAAI,CAAC,CAAC,CAAC,KAAK,QAAQ,EAAE,CAAC;YAChC,qDAAqD;YACrD,OAAO;gBACL;oBACE,SAAS,EAAE,IAAI,CAAC,CAAC,CAAC;oBAClB,UAAU,EAAE,IAAI,CAAC,CAAC,CAAC;iBACC;gBACtB,IAAI,CAAC,CAAC,CAAC,IAAI,EAAE;aACd,CAAC;QACJ,CAAC;aAAM,CAAC;YACN,gFAAgF;YAChF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,EAAE,CAAmB,CAAC,CAAC;QACtD,CAAC;IACH,CAAC;IAED;;;;;;;;;;;;;;;;;;;;;;;;OAwBG;IACI,OAAO,CACZ,SAA2B,EAC3B,GAAe,EACf,UAA0B,EAAE;QAE5B,OAAO,aAAa,CAAC,QAAQ,CAAC,4BAA4B,EAAE,OAAO,EAAE,KAAK,EAAE,cAAc,EAAE,EAAE;YAC5F,IAAI,CAAC,WAAW,CAAC,MAAM,IAAI,CAAC,QAAQ,CAAC,cAAc,CAAC,EAAE,kBAAkB,CAAC,OAAO,CAAC,CAAC;YAClF,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,SAAS,EAAE,SAAS,EAAE,cAAc,CAAC,CAAC;YAC9E,IAAI,CAAC;gBACH,OAAO,QAAQ,CAAC,OAAO,CAAC,SAAS,EAAE,GAAG,EAAE,cAAc,CAAC,CAAC;YAC1D,CAAC;YAAC,OAAO,GAAQ,EAAE,CAAC;gBAClB,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;oBACxB,OAAO,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC,SAAS,EAAE,GAAG,EAAE,OAAO,CAAC,CAAC;gBAC9D,CAAC;gBACD,MAAM,GAAG,CAAC;YACZ,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;;;;;;;;;;;;;;;;;;;;;;;;;;OA2BG;IACI,SAAS,CACd,SAA2B,EAC3B,YAAwB,EACxB,UAA4B,EAAE;QAE9B,OAAO,aAAa,CAAC,QAAQ,CAC3B,8BAA8B,EAC9B,OAAO,EACP,KAAK,EAAE,cAAc,EAAE,EAAE;YACvB,IAAI,CAAC,WAAW,CAAC,MAAM,IAAI,CAAC,QAAQ,CAAC,cAAc,CAAC,EAAE,kBAAkB,CAAC,SAAS,CAAC,CAAC;YACpF,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,WAAW,EAAE,SAAS,EAAE,cAAc,CAAC,CAAC;YAChF,IAAI,CAAC;gBACH,OAAO,QAAQ,CAAC,SAAS,CAAC,SAAS,EAAE,YAAY,EAAE,cAAc,CAAC,CAAC;YACrE,CAAC;YAAC,OAAO,GAAQ,EAAE,CAAC;gBAClB,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;oBACxB,OAAO,IAAI,CAAC,cAAc,CAAC,SAAS,CAAC,SAAS,EAAE,YAAY,EAAE,OAAO,CAAC,CAAC;gBACzE,CAAC;gBACD,MAAM,GAAG,CAAC;YACZ,CAAC;QACH,CAAC,CACF,CAAC;IACJ,CAAC;IAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OA+BG;IACI,IAAI,CACT,SAA6B,EAC7B,MAAkB,EAClB,UAAuB,EAAE;QAEzB,OAAO,aAAa,CAAC,QAAQ,CAAC,yBAAyB,EAAE,OAAO,EAAE,KAAK,EAAE,cAAc,EAAE,EAAE;YACzF,IAAI,CAAC,WAAW,CAAC,MAAM,IAAI,CAAC,QAAQ,CAAC,cAAc,CAAC,EAAE,kBAAkB,CAAC,IAAI,CAAC,CAAC;YAC/E,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,SAAS,EAAE,cAAc,CAAC,CAAC;YAC3E,IAAI,CAAC;gBACH,OAAO,QAAQ,CAAC,IAAI,CAAC,SAAS,EAAE,MAAM,EAAE,cAAc,CAAC,CAAC;YAC1D,CAAC;YAAC,OAAO,GAAQ,EAAE,CAAC;gBAClB,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;oBACxB,OAAO,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,SAAS,EAAE,MAAM,EAAE,cAAc,CAAC,CAAC;gBACrE,CAAC;gBACD,MAAM,GAAG,CAAC;YACZ,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OAiCG;IACI,MAAM,CACX,SAA6B,EAC7B,MAAkB,EAClB,SAAqB,EACrB,UAAyB,EAAE;QAE3B,OAAO,aAAa,CAAC,QAAQ,CAAC,2BAA2B,EAAE,OAAO,EAAE,KAAK,EAAE,cAAc,EAAE,EAAE;YAC3F,IAAI,CAAC,WAAW,CAAC,MAAM,IAAI,CAAC,QAAQ,CAAC,cAAc,CAAC,EAAE,kBAAkB,CAAC,MAAM,CAAC,CAAC;YACjF,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,QAAQ,EAAE,SAAS,EAAE,cAAc,CAAC,CAAC;YAC7E,IAAI,CAAC;gBACH,OAAO,QAAQ,CAAC,MAAM,CAAC,SAAS,EAAE,MAAM,EAAE,SAAS,EAAE,cAAc,CAAC,CAAC;YACvE,CAAC;YAAC,OAAO,GAAQ,EAAE,CAAC;gBAClB,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;oBACxB,OAAO,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,SAAS,EAAE,MAAM,EAAE,SAAS,EAAE,cAAc,CAAC,CAAC;gBAClF,CAAC;gBACD,MAAM,GAAG,CAAC;YACZ,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;;;;;;;;;;;;;;;;;;;;;;;OAwBG;IACI,QAAQ,CACb,SAA6B,EAC7B,IAAgB;IAChB,8DAA8D;IAC9D,UAAuB,EAAE;QAEzB,OAAO,aAAa,CAAC,QAAQ,CAC3B,6BAA6B,EAC7B,OAAO,EACP,KAAK,EAAE,cAAc,EAAE,EAAE;YACvB,IAAI,CAAC,WAAW,CAAC,MAAM,IAAI,CAAC,QAAQ,CAAC,cAAc,CAAC,EAAE,kBAAkB,CAAC,IAAI,CAAC,CAAC;YAC/E,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,UAAU,EAAE,SAAS,EAAE,cAAc,CAAC,CAAC;YAC/E,IAAI,CAAC;gBACH,OAAO,QAAQ,CAAC,QAAQ,CAAC,SAAS,EAAE,IAAI,EAAE,cAAc,CAAC,CAAC;YAC5D,CAAC;YAAC,OAAO,GAAQ,EAAE,CAAC;gBAClB,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;oBACxB,OAAO,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,SAAS,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC;gBAChE,CAAC;gBACD,MAAM,GAAG,CAAC;YACZ,CAAC;QACH,CAAC,CACF,CAAC;IACJ,CAAC;IAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OA8BG;IACI,UAAU,CACf,SAA6B,EAC7B,IAAgB,EAChB,SAAqB;IACrB,8DAA8D;IAC9D,UAAyB,EAAE;QAE3B,OAAO,aAAa,CAAC,QAAQ,CAC3B,+BAA+B,EAC/B,OAAO,EACP,KAAK,EAAE,cAAc,EAAE,EAAE;YACvB,IAAI,CAAC,WAAW,CAAC,MAAM,IAAI,CAAC,QAAQ,CAAC,cAAc,CAAC,EAAE,kBAAkB,CAAC,MAAM,CAAC,CAAC;YACjF,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,YAAY,EAAE,SAAS,EAAE,cAAc,CAAC,CAAC;YACjF,IAAI,CAAC;gBACH,OAAO,QAAQ,CAAC,UAAU,CAAC,SAAS,EAAE,IAAI,EAAE,SAAS,EAAE,cAAc,CAAC,CAAC;YACzE,CAAC;YAAC,OAAO,GAAQ,EAAE,CAAC;gBAClB,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;oBACxB,OAAO,IAAI,CAAC,cAAc,CAAC,UAAU,CAAC,SAAS,EAAE,IAAI,EAAE,SAAS,EAAE,cAAc,CAAC,CAAC;gBACpF,CAAC;gBACD,MAAM,GAAG,CAAC;YACZ,CAAC;QACH,CAAC,CACF,CAAC;IACJ,CAAC;IAED;;;OAGG;IACK,KAAK,CAAC,cAAc,CAAC,OAAsB;QACjD,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;QAEzC,QAAQ,GAAG,CAAC,IAAI,EAAE,CAAC;YACjB,KAAK,YAAY;gBACf,OAAO,GAAG,CAAC,KAAK,CAAC;YACnB,KAAK,aAAa;gBAChB,OAAO,GAAG,CAAC,KAAK,CAAC,GAAI,CAAC;YACxB;gBACE,OAAO,SAAS,CAAC;QACrB,CAAC;IACH,CAAC;IAED;;;;OAIG;IACK,KAAK,CAAC,QAAQ,CAA6B,OAAU;QAC3D,IAAI,IAAI,CAAC,GAAG,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;YACnC,0DAA0D;YAC1D,IAAI,GAA4B,CAAC;YACjC,IAAI,CAAC;gBACH,GAAG,GAAG,MAAM,IAAI,CAAC,cAAe,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;YACnD,CAAC;YAAC,OAAO,CAAU,EAAE,CAAC;gBACpB,IAAI,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,UAAU,KAAK,GAAG,EAAE,CAAC;oBAC3C,4FAA4F;oBAC5F,sGAAsG;oBACtG,MAAM,CAAC,OAAO,CACZ,gCAAgC,IAAI,CAAC,GAAG,CAAC,KAAK,qCAAqC,CACpF,CAAC;oBACF,IAAI,CAAC,GAAG,GAAG,EAAE,IAAI,EAAE,sBAAsB,EAAE,KAAK,EAAE,IAAI,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC;gBACrE,CAAC;qBAAM,CAAC;oBACN,MAAM,CAAC,CAAC;gBACV,CAAC;YACH,CAAC;YAED,IAAI,GAAG,EAAE,CAAC;gBACR,IAAI,CAAC,GAAG,GAAG,EAAE,IAAI,EAAE,aAAa,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC;YACjD,CAAC;QACH,CAAC;QAED,OAAO,IAAI,CAAC,GAAG,CAAC;IAClB,CAAC;IAEO,SAAS,CAA0B;IAC3C;;;;;;OAMG;IACK,KAAK,CAAC,WAAW,CACvB,SAAwC,EACxC,SAAiB,EACjB,OAAU;QAEV,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC;YACpB,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC;YACvD,IAAI,CAAC,SAAS,GAAG,EAAE,CAAC;YAEpB,uCAAuC;YACvC,IAAI,WAAW,EAAE,CAAC;gBAChB,IAAI,CAAC,SAAS,CAAC,IAAI,CACjB,IAAI,uBAAuB,CAAC,WAAW,CAAC,EACxC,IAAI,uBAAuB,CAAC,WAAW,CAAC,CACzC,CAAC;YACJ,CAAC;YAED,2FAA2F;YAC3F,qGAAqG;YACrG,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;gBACxB,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;YAC3C,CAAC;QACH,CAAC;QAED,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,CAAC,SAAS,EAAE,SAAS,CAAC,CAAC,CAAC;QAEpF,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC3B,MAAM,IAAI,KAAK,CACb,iCAAiC,SAAS,sBAAsB,SAAS,KACvE,IAAI,CAAC,GAAG,CAAC,IAAI,KAAK,YAAY,CAAC,CAAC,CAAC,0BAA0B,CAAC,CAAC,CAAC,EAChE,EAAE,CACH,CAAC;QACJ,CAAC;QAED,uDAAuD;QACvD,OAAO,SAAS,CAAC,CAAC,CAAC,CAAC;IACtB,CAAC;IAEO,WAAW,CAAC,GAA0B,EAAE,SAAwB;QACtE,IAAI,GAAG,CAAC,IAAI,KAAK,aAAa,EAAE,CAAC;YAC/B,MAAM,MAAM,GAAG,GAAG,CAAC,KAAK,CAAC,aAAa,CAAC;YACvC,MAAM,EAAE,SAAS,EAAE,SAAS,EAAE,GAAG,GAAG,CAAC,KAAK,CAAC,UAAU,CAAC;YACtD,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;YAEvB,gCAAgC;YAChC,IAAI,SAAS,IAAI,GAAG,GAAG,SAAS,EAAE,CAAC;gBACjC,MAAM,IAAI,KAAK,CAAC,OAAO,GAAG,CAAC,KAAK,CAAC,EAAE,yBAAyB,SAAS,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;YACzF,CAAC;YAED,IAAI,SAAS,IAAI,GAAG,GAAG,SAAS,EAAE,CAAC;gBACjC,MAAM,IAAI,KAAK,CAAC,OAAO,GAAG,CAAC,KAAK,CAAC,EAAE,eAAe,SAAS,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;YAC/E,CAAC;YAED,uBAAuB;YACvB,IAAI,SAAS,IAAI,MAAM,IAAI,CAAC,MAAM,EAAE,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;gBACxD,MAAM,IAAI,KAAK,CAAC,aAAa,SAAS,4BAA4B,GAAG,CAAC,KAAK,CAAC,EAAE,EAAE,CAAC,CAAC;YACpF,CAAC;QACH,CAAC;aAAM,IAAI,GAAG,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;YACrC,kCAAkC;YAClC,IAAI,SAAS,IAAI,GAAG,CAAC,KAAK,CAAC,MAAM,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,EAAE,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;gBAC5E,MAAM,IAAI,KAAK,CAAC,aAAa,SAAS,4BAA4B,GAAG,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC;YACrF,CAAC;QACH,CAAC;IACH,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type { OperationOptions } from \"@azure-rest/core-client\";\nimport type { TokenCredential } from \"@azure/core-auth\";\nimport type {\n CryptographyClientOptions,\n GetKeyOptions,\n JsonWebKey,\n KeyOperation,\n KeyVaultKey,\n} from \"./keysModels.js\";\nimport { KnownKeyOperations } from \"./keysModels.js\";\nimport type {\n AesCbcEncryptParameters,\n AesCbcEncryptionAlgorithm,\n CryptographyClientKey,\n DecryptOptions,\n DecryptParameters,\n DecryptResult,\n EncryptOptions,\n EncryptParameters,\n EncryptResult,\n EncryptionAlgorithm,\n KeyWrapAlgorithm,\n SignOptions,\n SignResult,\n SignatureAlgorithm,\n UnwrapKeyOptions,\n UnwrapResult,\n VerifyOptions,\n VerifyResult,\n WrapKeyOptions,\n WrapResult,\n} from \"./cryptographyClientModels.js\";\nimport { RemoteCryptographyProvider } from \"./cryptography/remoteCryptographyProvider.js\";\nimport { randomBytes } from \"./cryptography/crypto.js\";\nimport type { CryptographyProvider, CryptographyProviderOperation } from \"./cryptography/models.js\";\nimport { RsaCryptographyProvider } from \"./cryptography/rsaCryptographyProvider.js\";\nimport { AesCryptographyProvider } from \"./cryptography/aesCryptographyProvider.js\";\nimport { tracingClient } from \"./tracing.js\";\nimport { isRestError } from \"@azure/core-rest-pipeline\";\nimport { logger } from \"./log.js\";\n\n/**\n * A client used to perform cryptographic operations on an Azure Key vault key\n * or a local {@link JsonWebKey}.\n */\nexport class CryptographyClient {\n /**\n * The key the CryptographyClient currently holds.\n */\n private key: CryptographyClientKey;\n\n /**\n * The remote provider, which would be undefined if used in local mode.\n */\n private remoteProvider?: RemoteCryptographyProvider;\n\n /**\n * Constructs a new instance of the Cryptography client for the given key\n *\n * Example usage:\n * ```ts snippet:ReadmeSampleCreateCryptographyClient\n * import { DefaultAzureCredential } from \"@azure/identity\";\n * import { KeyClient, CryptographyClient } from \"@azure/keyvault-keys\";\n *\n * const credential = new DefaultAzureCredential();\n *\n * const vaultName = \"<YOUR KEYVAULT NAME>\";\n * const url = `https://${vaultName}.vault.azure.net`;\n *\n * const client = new KeyClient(url, credential);\n *\n * // Create or retrieve a key from the keyvault\n * const myKey = await client.createKey(\"MyKey\", \"RSA\");\n *\n * // Lastly, create our cryptography client and connect to the service\n * const cryptographyClient = new CryptographyClient(myKey, credential);\n * ```\n * @param key - The key to use during cryptography tasks. You can also pass the identifier of the key i.e its url here.\n * @param credential - An object that implements the `TokenCredential` interface used to authenticate requests to the service. Use the \\@azure/identity package to create a credential that suits your needs.\n * @param pipelineOptions - Pipeline options used to configure Key Vault API requests.\n * Omit this parameter to use the default pipeline configuration.\n */\n constructor(\n key: string | KeyVaultKey,\n credential: TokenCredential,\n pipelineOptions?: CryptographyClientOptions,\n );\n /**\n * Constructs a new instance of the Cryptography client for the given key in local mode.\n *\n * Example usage:\n * ```ts snippet:ReadmeSampleCreateCryptographyClientLocal\n * import { CryptographyClient } from \"@azure/keyvault-keys\";\n *\n * const jsonWebKey = {\n * kty: \"RSA\",\n * kid: \"test-key-123\",\n * use: \"sig\",\n * alg: \"RS256\",\n * n: new Uint8Array([112, 34, 56, 98, 123, 244, 200, 99]),\n * e: new Uint8Array([1, 0, 1]),\n * d: new Uint8Array([45, 67, 89, 23, 144, 200, 76, 233]),\n * p: new Uint8Array([34, 89, 100, 77, 204, 56, 29, 77]),\n * q: new Uint8Array([78, 99, 201, 45, 188, 34, 67, 90]),\n * dp: new Uint8Array([23, 45, 78, 56, 200, 144, 32, 67]),\n * dq: new Uint8Array([12, 67, 89, 144, 99, 56, 23, 45]),\n * qi: new Uint8Array([78, 90, 45, 201, 34, 67, 120, 55]),\n * };\n * const client = new CryptographyClient(jsonWebKey);\n * ```\n * @param key - The JsonWebKey to use during cryptography operations.\n */\n constructor(key: JsonWebKey);\n /**\n * Internal constructor implementation for either local or Key Vault backed keys.\n * @param key - The key to use during cryptography tasks.\n * @param credential - Teh credential to use when constructing a Key Vault Cryptography client.\n */\n constructor(\n key: string | KeyVaultKey | JsonWebKey,\n credential?: TokenCredential,\n pipelineOptions: CryptographyClientOptions = {},\n ) {\n if (typeof key === \"string\") {\n // Key URL for remote-local operations.\n this.key = {\n kind: \"identifier\",\n value: key,\n };\n this.remoteProvider = new RemoteCryptographyProvider(key, credential!, pipelineOptions);\n } else if (\"name\" in key) {\n // KeyVault key for remote-local operations.\n this.key = {\n kind: \"KeyVaultKey\",\n value: key,\n };\n this.remoteProvider = new RemoteCryptographyProvider(key, credential!, pipelineOptions);\n } else {\n // JsonWebKey for local-only operations.\n this.key = {\n kind: \"JsonWebKey\",\n value: key,\n };\n }\n }\n\n /**\n * The base URL to the vault. If a local {@link JsonWebKey} is used vaultUrl will be empty.\n */\n get vaultUrl(): string {\n return this.remoteProvider?.vaultUrl || \"\";\n }\n\n /**\n * The ID of the key used to perform cryptographic operations for the client.\n */\n get keyID(): string | undefined {\n if (this.key.kind === \"identifier\" || this.key.kind === \"remoteOnlyIdentifier\") {\n return this.key.value;\n } else if (this.key.kind === \"KeyVaultKey\") {\n return this.key.value.id;\n } else {\n return this.key.value.kid;\n }\n }\n\n /**\n * Encrypts the given plaintext with the specified encryption parameters.\n * Depending on the algorithm set in the encryption parameters, the set of possible encryption parameters will change.\n *\n * Example usage:\n * ```ts snippet:ReadmeSampleEncrypt\n * import { DefaultAzureCredential } from \"@azure/identity\";\n * import { KeyClient, CryptographyClient } from \"@azure/keyvault-keys\";\n *\n * const credential = new DefaultAzureCredential();\n *\n * const vaultName = \"<YOUR KEYVAULT NAME>\";\n * const url = `https://${vaultName}.vault.azure.net`;\n *\n * const client = new KeyClient(url, credential);\n *\n * const myKey = await client.createKey(\"MyKey\", \"RSA\");\n * const cryptographyClient = new CryptographyClient(myKey.id, credential);\n *\n * const encryptResult = await cryptographyClient.encrypt({\n * algorithm: \"RSA1_5\",\n * plaintext: Buffer.from(\"My Message\"),\n * });\n * console.log(\"encrypt result: \", encryptResult.result);\n * ```\n * @param encryptParameters - The encryption parameters, keyed on the encryption algorithm chosen.\n * @param options - Additional options.\n */\n public encrypt(\n encryptParameters: EncryptParameters,\n options?: EncryptOptions,\n ): Promise<EncryptResult>;\n /**\n * Encrypts the given plaintext with the specified cryptography algorithm\n *\n * Example usage:\n * ```ts snippet:ReadmeSampleEncrypt\n * import { DefaultAzureCredential } from \"@azure/identity\";\n * import { KeyClient, CryptographyClient } from \"@azure/keyvault-keys\";\n *\n * const credential = new DefaultAzureCredential();\n *\n * const vaultName = \"<YOUR KEYVAULT NAME>\";\n * const url = `https://${vaultName}.vault.azure.net`;\n *\n * const client = new KeyClient(url, credential);\n *\n * const myKey = await client.createKey(\"MyKey\", \"RSA\");\n * const cryptographyClient = new CryptographyClient(myKey.id, credential);\n *\n * const encryptResult = await cryptographyClient.encrypt({\n * algorithm: \"RSA1_5\",\n * plaintext: Buffer.from(\"My Message\"),\n * });\n * console.log(\"encrypt result: \", encryptResult.result);\n * ```\n * @param algorithm - The algorithm to use.\n * @param plaintext - The text to encrypt.\n * @param options - Additional options.\n * @deprecated Use `encrypt({ algorithm, plaintext }, options)` instead.\n */\n public encrypt(\n algorithm: EncryptionAlgorithm,\n plaintext: Uint8Array,\n options?: EncryptOptions,\n ): Promise<EncryptResult>;\n public encrypt(\n ...args:\n | [EncryptParameters, EncryptOptions?]\n | [EncryptionAlgorithm, Uint8Array, EncryptOptions?]\n ): Promise<EncryptResult> {\n const [parameters, options] = this.disambiguateEncryptArguments(args);\n return tracingClient.withSpan(\"CryptographyClient.encrypt\", options, async (updatedOptions) => {\n this.ensureValid(await this.fetchKey(updatedOptions), KnownKeyOperations.Encrypt);\n this.initializeIV(parameters);\n const provider = await this.getProvider(\"encrypt\", parameters.algorithm, updatedOptions);\n try {\n return provider.encrypt(parameters, updatedOptions);\n } catch (error: any) {\n if (this.remoteProvider) {\n return this.remoteProvider.encrypt(parameters, updatedOptions);\n }\n throw error;\n }\n });\n }\n\n private initializeIV(parameters: EncryptParameters): void {\n // For AES-GCM the service **must** generate the IV, so we only populate it for AES-CBC\n const algorithmsRequiringIV: AesCbcEncryptionAlgorithm[] = [\n \"A128CBC\",\n \"A128CBCPAD\",\n \"A192CBC\",\n \"A192CBCPAD\",\n \"A256CBC\",\n \"A256CBCPAD\",\n ];\n\n if (parameters.algorithm in algorithmsRequiringIV) {\n try {\n const cbcParams = parameters as AesCbcEncryptParameters;\n if (!cbcParams.iv) {\n cbcParams.iv = randomBytes(16);\n }\n } catch (e: any) {\n throw new Error(\n `Unable to initialize IV for algorithm ${parameters.algorithm}. You may pass a valid IV to avoid this error. Error: ${e.message}`,\n );\n }\n }\n }\n\n /**\n * Standardizes the arguments of multiple overloads into a single shape.\n * @param args - The encrypt arguments\n */\n private disambiguateEncryptArguments(\n args: [EncryptParameters, EncryptOptions?] | [string, Uint8Array, EncryptOptions?],\n ): [EncryptParameters, EncryptOptions] {\n if (typeof args[0] === \"string\") {\n // Sample shape: [\"RSA1_5\", buffer, options]\n return [\n {\n algorithm: args[0],\n plaintext: args[1],\n } as EncryptParameters,\n args[2] || {},\n ];\n } else {\n // Sample shape: [{ algorithm: \"RSA1_5\", plaintext: buffer }, options]\n return [args[0], (args[1] || {}) as EncryptOptions];\n }\n }\n\n /**\n * Decrypts the given ciphertext with the specified decryption parameters.\n * Depending on the algorithm used in the decryption parameters, the set of possible decryption parameters will change.\n *\n * Microsoft recommends you not use CBC without first ensuring the integrity of the ciphertext using, for example, an HMAC. See https://learn.microsoft.com/dotnet/standard/security/vulnerabilities-cbc-mode for more information.\n *\n * Example usage:\n * ```ts snippet:ReadmeSampleDecrypt\n * import { DefaultAzureCredential } from \"@azure/identity\";\n * import { KeyClient, CryptographyClient } from \"@azure/keyvault-keys\";\n *\n * const credential = new DefaultAzureCredential();\n *\n * const vaultName = \"<YOUR KEYVAULT NAME>\";\n * const url = `https://${vaultName}.vault.azure.net`;\n *\n * const client = new KeyClient(url, credential);\n *\n * const myKey = await client.createKey(\"MyKey\", \"RSA\");\n * const cryptographyClient = new CryptographyClient(myKey.id, credential);\n *\n * const encryptResult = await cryptographyClient.encrypt({\n * algorithm: \"RSA1_5\",\n * plaintext: Buffer.from(\"My Message\"),\n * });\n * console.log(\"encrypt result: \", encryptResult.result);\n *\n * const decryptResult = await cryptographyClient.decrypt({\n * algorithm: \"RSA1_5\",\n * ciphertext: encryptResult.result,\n * });\n * console.log(\"decrypt result: \", decryptResult.result.toString());\n * ```\n * @param decryptParameters - The decryption parameters.\n * @param options - Additional options.\n */\n public async decrypt(\n decryptParameters: DecryptParameters,\n options?: DecryptOptions,\n ): Promise<DecryptResult>;\n /**\n * Decrypts the given ciphertext with the specified cryptography algorithm\n *\n * Example usage:\n * ```ts snippet:ReadmeSampleDecrypt\n * import { DefaultAzureCredential } from \"@azure/identity\";\n * import { KeyClient, CryptographyClient } from \"@azure/keyvault-keys\";\n *\n * const credential = new DefaultAzureCredential();\n *\n * const vaultName = \"<YOUR KEYVAULT NAME>\";\n * const url = `https://${vaultName}.vault.azure.net`;\n *\n * const client = new KeyClient(url, credential);\n *\n * const myKey = await client.createKey(\"MyKey\", \"RSA\");\n * const cryptographyClient = new CryptographyClient(myKey.id, credential);\n *\n * const encryptResult = await cryptographyClient.encrypt({\n * algorithm: \"RSA1_5\",\n * plaintext: Buffer.from(\"My Message\"),\n * });\n * console.log(\"encrypt result: \", encryptResult.result);\n *\n * const decryptResult = await cryptographyClient.decrypt({\n * algorithm: \"RSA1_5\",\n * ciphertext: encryptResult.result,\n * });\n * console.log(\"decrypt result: \", decryptResult.result.toString());\n * ```\n *\n * Microsoft recommends you not use CBC without first ensuring the integrity of the ciphertext using, for example, an HMAC. See https://learn.microsoft.com/dotnet/standard/security/vulnerabilities-cbc-mode for more information.\n *\n * @param algorithm - The algorithm to use.\n * @param ciphertext - The text to decrypt.\n * @param options - Additional options.\n * @deprecated Use `decrypt({ algorithm, ciphertext }, options)` instead.\n */\n public decrypt(\n algorithm: EncryptionAlgorithm,\n ciphertext: Uint8Array,\n options?: DecryptOptions,\n ): Promise<DecryptResult>;\n public decrypt(\n ...args:\n | [DecryptParameters, DecryptOptions?]\n | [EncryptionAlgorithm, Uint8Array, DecryptOptions?]\n ): Promise<DecryptResult> {\n const [parameters, options] = this.disambiguateDecryptArguments(args);\n\n return tracingClient.withSpan(\"CryptographyClient.decrypt\", options, async (updatedOptions) => {\n this.ensureValid(await this.fetchKey(updatedOptions), KnownKeyOperations.Decrypt);\n const provider = await this.getProvider(\"decrypt\", parameters.algorithm, updatedOptions);\n try {\n return provider.decrypt(parameters, updatedOptions);\n } catch (error: any) {\n if (this.remoteProvider) {\n return this.remoteProvider.decrypt(parameters, updatedOptions);\n }\n throw error;\n }\n });\n }\n\n /**\n * Standardizes the arguments of multiple overloads into a single shape.\n * @param args - The decrypt arguments\n */\n private disambiguateDecryptArguments(\n args: [DecryptParameters, DecryptOptions?] | [string, Uint8Array, DecryptOptions?],\n ): [DecryptParameters, DecryptOptions] {\n if (typeof args[0] === \"string\") {\n // Sample shape: [\"RSA1_5\", encryptedBuffer, options]\n return [\n {\n algorithm: args[0],\n ciphertext: args[1],\n } as DecryptParameters,\n args[2] || {},\n ];\n } else {\n // Sample shape: [{ algorithm: \"RSA1_5\", ciphertext: encryptedBuffer }, options]\n return [args[0], (args[1] || {}) as DecryptOptions];\n }\n }\n\n /**\n * Wraps the given key using the specified cryptography algorithm\n *\n * Example usage:\n * ```ts snippet:ReadmeSampleWrapKey\n * import { DefaultAzureCredential } from \"@azure/identity\";\n * import { KeyClient, CryptographyClient } from \"@azure/keyvault-keys\";\n *\n * const credential = new DefaultAzureCredential();\n *\n * const vaultName = \"<YOUR KEYVAULT NAME>\";\n * const url = `https://${vaultName}.vault.azure.net`;\n *\n * const client = new KeyClient(url, credential);\n *\n * const myKey = await client.createKey(\"MyKey\", \"RSA\");\n * const cryptographyClient = new CryptographyClient(myKey, credential);\n *\n * const wrapResult = await cryptographyClient.wrapKey(\"RSA-OAEP\", Buffer.from(\"My Key\"));\n * console.log(\"wrap result:\", wrapResult.result);\n * ```\n * @param algorithm - The encryption algorithm to use to wrap the given key.\n * @param key - The key to wrap.\n * @param options - Additional options.\n */\n public wrapKey(\n algorithm: KeyWrapAlgorithm,\n key: Uint8Array,\n options: WrapKeyOptions = {},\n ): Promise<WrapResult> {\n return tracingClient.withSpan(\"CryptographyClient.wrapKey\", options, async (updatedOptions) => {\n this.ensureValid(await this.fetchKey(updatedOptions), KnownKeyOperations.WrapKey);\n const provider = await this.getProvider(\"wrapKey\", algorithm, updatedOptions);\n try {\n return provider.wrapKey(algorithm, key, updatedOptions);\n } catch (err: any) {\n if (this.remoteProvider) {\n return this.remoteProvider.wrapKey(algorithm, key, options);\n }\n throw err;\n }\n });\n }\n\n /**\n * Unwraps the given wrapped key using the specified cryptography algorithm\n *\n * Example usage:\n * ```ts snippet:ReadmeSampleUnwrapKey\n * import { DefaultAzureCredential } from \"@azure/identity\";\n * import { KeyClient, CryptographyClient } from \"@azure/keyvault-keys\";\n *\n * const credential = new DefaultAzureCredential();\n *\n * const vaultName = \"<YOUR KEYVAULT NAME>\";\n * const url = `https://${vaultName}.vault.azure.net`;\n *\n * const client = new KeyClient(url, credential);\n *\n * const myKey = await client.createKey(\"MyKey\", \"RSA\");\n * const cryptographyClient = new CryptographyClient(myKey, credential);\n *\n * const wrapResult = await cryptographyClient.wrapKey(\"RSA-OAEP\", Buffer.from(\"My Key\"));\n * console.log(\"wrap result:\", wrapResult.result);\n *\n * const unwrapResult = await cryptographyClient.unwrapKey(\"RSA-OAEP\", wrapResult.result);\n * console.log(\"unwrap result: \", unwrapResult.result);\n * ```\n * @param algorithm - The decryption algorithm to use to unwrap the key.\n * @param encryptedKey - The encrypted key to unwrap.\n * @param options - Additional options.\n */\n public unwrapKey(\n algorithm: KeyWrapAlgorithm,\n encryptedKey: Uint8Array,\n options: UnwrapKeyOptions = {},\n ): Promise<UnwrapResult> {\n return tracingClient.withSpan(\n \"CryptographyClient.unwrapKey\",\n options,\n async (updatedOptions) => {\n this.ensureValid(await this.fetchKey(updatedOptions), KnownKeyOperations.UnwrapKey);\n const provider = await this.getProvider(\"unwrapKey\", algorithm, updatedOptions);\n try {\n return provider.unwrapKey(algorithm, encryptedKey, updatedOptions);\n } catch (err: any) {\n if (this.remoteProvider) {\n return this.remoteProvider.unwrapKey(algorithm, encryptedKey, options);\n }\n throw err;\n }\n },\n );\n }\n\n /**\n * Cryptographically sign the digest of a message\n *\n * Example usage:\n * ```ts snippet:ReadmeSampleSign\n * import { DefaultAzureCredential } from \"@azure/identity\";\n * import { KeyClient, CryptographyClient } from \"@azure/keyvault-keys\";\n * import { createHash } from \"node:crypto\";\n *\n * const credential = new DefaultAzureCredential();\n *\n * const vaultName = \"<YOUR KEYVAULT NAME>\";\n * const url = `https://${vaultName}.vault.azure.net`;\n *\n * const client = new KeyClient(url, credential);\n *\n * let myKey = await client.createKey(\"MyKey\", \"RSA\");\n * const cryptographyClient = new CryptographyClient(myKey, credential);\n *\n * const signatureValue = \"MySignature\";\n * const hash = createHash(\"sha256\");\n *\n * const digest = hash.update(signatureValue).digest();\n * console.log(\"digest: \", digest);\n *\n * const signResult = await cryptographyClient.sign(\"RS256\", digest);\n * console.log(\"sign result: \", signResult.result);\n * ```\n * @param algorithm - The signing algorithm to use.\n * @param digest - The digest of the data to sign.\n * @param options - Additional options.\n */\n public sign(\n algorithm: SignatureAlgorithm,\n digest: Uint8Array,\n options: SignOptions = {},\n ): Promise<SignResult> {\n return tracingClient.withSpan(\"CryptographyClient.sign\", options, async (updatedOptions) => {\n this.ensureValid(await this.fetchKey(updatedOptions), KnownKeyOperations.Sign);\n const provider = await this.getProvider(\"sign\", algorithm, updatedOptions);\n try {\n return provider.sign(algorithm, digest, updatedOptions);\n } catch (err: any) {\n if (this.remoteProvider) {\n return this.remoteProvider.sign(algorithm, digest, updatedOptions);\n }\n throw err;\n }\n });\n }\n\n /**\n * Verify the signed message digest\n *\n * Example usage:\n * ```ts snippet:ReadmeSampleVerify\n * import { DefaultAzureCredential } from \"@azure/identity\";\n * import { KeyClient, CryptographyClient } from \"@azure/keyvault-keys\";\n * import { createHash } from \"node:crypto\";\n *\n * const credential = new DefaultAzureCredential();\n *\n * const vaultName = \"<YOUR KEYVAULT NAME>\";\n * const url = `https://${vaultName}.vault.azure.net`;\n *\n * const client = new KeyClient(url, credential);\n *\n * const myKey = await client.createKey(\"MyKey\", \"RSA\");\n * const cryptographyClient = new CryptographyClient(myKey, credential);\n *\n * const hash = createHash(\"sha256\");\n * hash.update(\"My Message\");\n * const digest = hash.digest();\n *\n * const signResult = await cryptographyClient.sign(\"RS256\", digest);\n * console.log(\"sign result: \", signResult.result);\n *\n * const verifyResult = await cryptographyClient.verify(\"RS256\", digest, signResult.result);\n * console.log(\"verify result: \", verifyResult.result);\n * ```\n * @param algorithm - The signing algorithm to use to verify with.\n * @param digest - The digest to verify.\n * @param signature - The signature to verify the digest against.\n * @param options - Additional options.\n */\n public verify(\n algorithm: SignatureAlgorithm,\n digest: Uint8Array,\n signature: Uint8Array,\n options: VerifyOptions = {},\n ): Promise<VerifyResult> {\n return tracingClient.withSpan(\"CryptographyClient.verify\", options, async (updatedOptions) => {\n this.ensureValid(await this.fetchKey(updatedOptions), KnownKeyOperations.Verify);\n const provider = await this.getProvider(\"verify\", algorithm, updatedOptions);\n try {\n return provider.verify(algorithm, digest, signature, updatedOptions);\n } catch (err: any) {\n if (this.remoteProvider) {\n return this.remoteProvider.verify(algorithm, digest, signature, updatedOptions);\n }\n throw err;\n }\n });\n }\n\n /**\n * Cryptographically sign a block of data\n *\n * Example usage:\n * ```ts snippet:ReadmeSampleSignData\n * import { DefaultAzureCredential } from \"@azure/identity\";\n * import { KeyClient, CryptographyClient } from \"@azure/keyvault-keys\";\n *\n * const credential = new DefaultAzureCredential();\n *\n * const vaultName = \"<YOUR KEYVAULT NAME>\";\n * const url = `https://${vaultName}.vault.azure.net`;\n *\n * const client = new KeyClient(url, credential);\n *\n * const myKey = await client.createKey(\"MyKey\", \"RSA\");\n * const cryptographyClient = new CryptographyClient(myKey, credential);\n *\n * const signResult = await cryptographyClient.signData(\"RS256\", Buffer.from(\"My Message\"));\n * console.log(\"sign result: \", signResult.result);\n * ```\n * @param algorithm - The signing algorithm to use.\n * @param data - The data to sign.\n * @param options - Additional options.\n */\n public signData(\n algorithm: SignatureAlgorithm,\n data: Uint8Array,\n // eslint-disable-next-line @azure/azure-sdk/ts-naming-options\n options: SignOptions = {},\n ): Promise<SignResult> {\n return tracingClient.withSpan(\n \"CryptographyClient.signData\",\n options,\n async (updatedOptions) => {\n this.ensureValid(await this.fetchKey(updatedOptions), KnownKeyOperations.Sign);\n const provider = await this.getProvider(\"signData\", algorithm, updatedOptions);\n try {\n return provider.signData(algorithm, data, updatedOptions);\n } catch (err: any) {\n if (this.remoteProvider) {\n return this.remoteProvider.signData(algorithm, data, options);\n }\n throw err;\n }\n },\n );\n }\n\n /**\n * Verify the signed block of data\n *\n * Example usage:\n * ```ts snippet:ReadmeSampleVerifyData\n * import { DefaultAzureCredential } from \"@azure/identity\";\n * import { KeyClient, CryptographyClient } from \"@azure/keyvault-keys\";\n *\n * const credential = new DefaultAzureCredential();\n *\n * const vaultName = \"<YOUR KEYVAULT NAME>\";\n * const url = `https://${vaultName}.vault.azure.net`;\n *\n * const client = new KeyClient(url, credential);\n *\n * const myKey = await client.createKey(\"MyKey\", \"RSA\");\n * const cryptographyClient = new CryptographyClient(myKey, credential);\n *\n * const buffer = Buffer.from(\"My Message\");\n *\n * const signResult = await cryptographyClient.signData(\"RS256\", buffer);\n * console.log(\"sign result: \", signResult.result);\n *\n * const verifyResult = await cryptographyClient.verifyData(\"RS256\", buffer, signResult.result);\n * console.log(\"verify result: \", verifyResult.result);\n * ```\n * @param algorithm - The algorithm to use to verify with.\n * @param data - The signed block of data to verify.\n * @param signature - The signature to verify the block against.\n * @param options - Additional options.\n */\n public verifyData(\n algorithm: SignatureAlgorithm,\n data: Uint8Array,\n signature: Uint8Array,\n // eslint-disable-next-line @azure/azure-sdk/ts-naming-options\n options: VerifyOptions = {},\n ): Promise<VerifyResult> {\n return tracingClient.withSpan(\n \"CryptographyClient.verifyData\",\n options,\n async (updatedOptions) => {\n this.ensureValid(await this.fetchKey(updatedOptions), KnownKeyOperations.Verify);\n const provider = await this.getProvider(\"verifyData\", algorithm, updatedOptions);\n try {\n return provider.verifyData(algorithm, data, signature, updatedOptions);\n } catch (err: any) {\n if (this.remoteProvider) {\n return this.remoteProvider.verifyData(algorithm, data, signature, updatedOptions);\n }\n throw err;\n }\n },\n );\n }\n\n /**\n * Retrieves the {@link JsonWebKey} from the Key Vault, if possible. Returns undefined if the key could not be retrieved due to insufficient permissions.\n * @param options - The additional options.\n */\n private async getKeyMaterial(options: GetKeyOptions): Promise<JsonWebKey | undefined> {\n const key = await this.fetchKey(options);\n\n switch (key.kind) {\n case \"JsonWebKey\":\n return key.value;\n case \"KeyVaultKey\":\n return key.value.key!;\n default:\n return undefined;\n }\n }\n\n /**\n * Returns the underlying key used for cryptographic operations.\n * If needed, attempts to fetch the key from KeyVault and exchanges the ID for the actual key.\n * @param options - The additional options.\n */\n private async fetchKey<T extends OperationOptions>(options: T): Promise<CryptographyClientKey> {\n if (this.key.kind === \"identifier\") {\n // Exchange the identifier with the actual key when needed\n let key: KeyVaultKey | undefined;\n try {\n key = await this.remoteProvider!.getKey(options);\n } catch (e: unknown) {\n if (isRestError(e) && e.statusCode === 403) {\n // If we don't have permission to get the key, we'll fall back to using the remote provider.\n // Marking the key as a remoteOnlyIdentifier will ensure that we don't attempt to fetch the key again.\n logger.verbose(\n `Permission denied to get key ${this.key.value}. Falling back to remote operation.`,\n );\n this.key = { kind: \"remoteOnlyIdentifier\", value: this.key.value };\n } else {\n throw e;\n }\n }\n\n if (key) {\n this.key = { kind: \"KeyVaultKey\", value: key };\n }\n }\n\n return this.key;\n }\n\n private providers?: CryptographyProvider[];\n /**\n * Gets the provider that support this algorithm and operation.\n * The available providers are ordered by priority such that the first provider that supports this\n * operation is the one we should use.\n * @param operation - The {@link KeyOperation}.\n * @param algorithm - The algorithm to use.\n */\n private async getProvider<T extends OperationOptions>(\n operation: CryptographyProviderOperation,\n algorithm: string,\n options: T,\n ): Promise<CryptographyProvider> {\n if (!this.providers) {\n const keyMaterial = await this.getKeyMaterial(options);\n this.providers = [];\n\n // Add local crypto providers as needed\n if (keyMaterial) {\n this.providers.push(\n new RsaCryptographyProvider(keyMaterial),\n new AesCryptographyProvider(keyMaterial),\n );\n }\n\n // If the remote provider exists, we're in hybrid-mode. Otherwise we're in local-only mode.\n // If we're in hybrid mode the remote provider is used as a catch-all and should be last in the list.\n if (this.remoteProvider) {\n this.providers.push(this.remoteProvider);\n }\n }\n\n const providers = this.providers.filter((p) => p.isSupported(algorithm, operation));\n\n if (providers.length === 0) {\n throw new Error(\n `Unable to support operation: \"${operation}\" with algorithm: \"${algorithm}\" ${\n this.key.kind === \"JsonWebKey\" ? \"using a local JsonWebKey\" : \"\"\n }`,\n );\n }\n\n // Return the first provider that supports this request\n return providers[0];\n }\n\n private ensureValid(key: CryptographyClientKey, operation?: KeyOperation): void {\n if (key.kind === \"KeyVaultKey\") {\n const keyOps = key.value.keyOperations;\n const { notBefore, expiresOn } = key.value.properties;\n const now = new Date();\n\n // Check KeyVault Key Expiration\n if (notBefore && now < notBefore) {\n throw new Error(`Key ${key.value.id} can't be used before ${notBefore.toISOString()}`);\n }\n\n if (expiresOn && now > expiresOn) {\n throw new Error(`Key ${key.value.id} expired at ${expiresOn.toISOString()}`);\n }\n\n // Check Key operations\n if (operation && keyOps && !keyOps?.includes(operation)) {\n throw new Error(`Operation ${operation} is not supported on key ${key.value.id}`);\n }\n } else if (key.kind === \"JsonWebKey\") {\n // Check JsonWebKey Key operations\n if (operation && key.value.keyOps && !key.value.keyOps?.includes(operation)) {\n throw new Error(`Operation ${operation} is not supported on key ${key.value.kid}`);\n }\n }\n }\n}\n"]}
package/dist/browser/generated/src/api/keyVaultContext.js CHANGED
@@ -1,25 +1,28 @@
1
1
  // Copyright (c) Microsoft Corporation.
2
2
  // Licensed under the MIT License.
3
- import { __rest } from "tslib";
4
3
  import { logger } from "../logger.js";
5
4
  import { getClient } from "@azure-rest/core-client";
6
5
  /** The key vault client performs cryptographic key operations and vault operations against the Key Vault service. */
7
6
  export function createKeyVault(endpointParam, credential, options = {}) {
8
- var _a, _b, _c, _d, _e, _f, _g, _h;
9
- const endpointUrl = (_b = (_a = options.endpoint) !== null && _a !== void 0 ? _a : options.baseUrl) !== null && _b !== void 0 ? _b : String(endpointParam);
10
- const prefixFromOptions = (_c = options === null || options === void 0 ? void 0 : options.userAgentOptions) === null || _c === void 0 ? void 0 : _c.userAgentPrefix;
7
+ const endpointUrl = options.endpoint ?? options.baseUrl ?? String(endpointParam);
8
+ const prefixFromOptions = options?.userAgentOptions?.userAgentPrefix;
11
9
  const userAgentInfo = `azsdk-js-keyvault-keys/1.0.0-beta.1`;
12
10
  const userAgentPrefix = prefixFromOptions
13
11
  ? `${prefixFromOptions} azsdk-js-api ${userAgentInfo}`
14
12
  : `azsdk-js-api ${userAgentInfo}`;
15
- const _j = Object.assign(Object.assign({}, options), { userAgentOptions: { userAgentPrefix }, loggingOptions: { logger: (_e = (_d = options.loggingOptions) === null || _d === void 0 ? void 0 : _d.logger) !== null && _e !== void 0 ? _e : logger.info }, credentials: {
16
- scopes: (_g = (_f = options.credentials) === null || _f === void 0 ? void 0 : _f.scopes) !== null && _g !== void 0 ? _g : [
13
+ const { apiVersion: _, ...updatedOptions } = {
14
+ ...options,
15
+ userAgentOptions: { userAgentPrefix },
16
+ loggingOptions: { logger: options.loggingOptions?.logger ?? logger.info },
17
+ credentials: {
18
+ scopes: options.credentials?.scopes ?? [
17
19
  "https://vault.azure.net/.default",
18
20
  ],
19
- } }), { apiVersion: _ } = _j, updatedOptions = __rest(_j, ["apiVersion"]);
21
+ },
22
+ };
20
23
  const clientContext = getClient(endpointUrl, credential, updatedOptions);
21
24
  clientContext.pipeline.removePolicy({ name: "ApiVersionPolicy" });
22
- const apiVersion = (_h = options.apiVersion) !== null && _h !== void 0 ? _h : "7.6";
25
+ const apiVersion = options.apiVersion ?? "7.6";
23
26
  clientContext.pipeline.addPolicy({
24
27
  name: "ClientApiVersionPolicy",
25
28
  sendRequest: (req, next) => {
@@ -32,6 +35,6 @@ export function createKeyVault(endpointParam, credential, options = {}) {
32
35
  return next(req);
33
36
  },
34
37
  });
35
- return Object.assign(Object.assign({}, clientContext), { apiVersion });
38
+ return { ...clientContext, apiVersion };
36
39
  }
37
40
  //# sourceMappingURL=keyVaultContext.js.map
package/dist/browser/generated/src/api/keyVaultContext.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"keyVaultContext.js","sourceRoot":"","sources":["../../../../../src/generated/src/api/keyVaultContext.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;;AAElC,OAAO,EAAE,MAAM,EAAE,MAAM,cAAc,CAAC;AAEtC,OAAO,EAAyB,SAAS,EAAE,MAAM,yBAAyB,CAAC;AAiB3E,qHAAqH;AACrH,MAAM,UAAU,cAAc,CAC5B,aAAqB,EACrB,UAA2B,EAC3B,UAAwC,EAAE;;IAE1C,MAAM,WAAW,GACf,MAAA,MAAA,OAAO,CAAC,QAAQ,mCAAI,OAAO,CAAC,OAAO,mCAAI,MAAM,CAAC,aAAa,CAAC,CAAC;IAC/D,MAAM,iBAAiB,GAAG,MAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,gBAAgB,0CAAE,eAAe,CAAC;IACrE,MAAM,aAAa,GAAG,qCAAqC,CAAC;IAC5D,MAAM,eAAe,GAAG,iBAAiB;QACvC,CAAC,CAAC,GAAG,iBAAiB,iBAAiB,aAAa,EAAE;QACtD,CAAC,CAAC,gBAAgB,aAAa,EAAE,CAAC;IACpC,MAAM,qCACD,OAAO,KACV,gBAAgB,EAAE,EAAE,eAAe,EAAE,EACrC,cAAc,EAAE,EAAE,MAAM,EAAE,MAAA,MAAA,OAAO,CAAC,cAAc,0CAAE,MAAM,mCAAI,MAAM,CAAC,IAAI,EAAE,EACzE,WAAW,EAAE;YACX,MAAM,EAAE,MAAA,MAAA,OAAO,CAAC,WAAW,0CAAE,MAAM,mCAAI;gBACrC,kCAAkC;aACnC;SACF,GACF,EATK,EAAE,UAAU,EAAE,CAAC,OASpB,EATyB,cAAc,cAAlC,cAAoC,CASzC,CAAC;IACF,MAAM,aAAa,GAAG,SAAS,CAAC,WAAW,EAAE,UAAU,EAAE,cAAc,CAAC,CAAC;IACzE,aAAa,CAAC,QAAQ,CAAC,YAAY,CAAC,EAAE,IAAI,EAAE,kBAAkB,EAAE,CAAC,CAAC;IAClE,MAAM,UAAU,GAAG,MAAA,OAAO,CAAC,UAAU,mCAAI,KAAK,CAAC;IAC/C,aAAa,CAAC,QAAQ,CAAC,SAAS,CAAC;QAC/B,IAAI,EAAE,wBAAwB;QAC9B,WAAW,EAAE,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE;YACzB,qDAAqD;YACrD,yEAAyE;YACzE,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;YAC7B,IAAI,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,aAAa,CAAC,EAAE,CAAC;gBACzC,GAAG,CAAC,GAAG,GAAG,GAAG,GAAG,CAAC,GAAG,GAClB,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,YAAY,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GACzD,eAAe,UAAU,EAAE,CAAC;YAC9B,CAAC;YAED,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC;QACnB,CAAC;KACF,CAAC,CAAC;IACH,OAAO,gCAAK,aAAa,KAAE,UAAU,GAAqB,CAAC;AAC7D,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport { logger } from \"../logger.js\";\nimport { KnownVersions } from \"../models/models.js\";\nimport { Client, ClientOptions, getClient } from \"@azure-rest/core-client\";\nimport { TokenCredential } from \"@azure/core-auth\";\n\n/** The key vault client performs cryptographic key operations and vault operations against the Key Vault service. */\nexport interface KeyVaultContext extends Client {\n /** The API version to use for this operation. */\n /** Known values of {@link KnownVersions} that the service accepts. */\n apiVersion: string;\n}\n\n/** Optional parameters for the client. */\nexport interface KeyVaultClientOptionalParams extends ClientOptions {\n /** The API version to use for this operation. */\n /** Known values of {@link KnownVersions} that the service accepts. */\n apiVersion?: string;\n}\n\n/** The key vault client performs cryptographic key operations and vault operations against the Key Vault service. */\nexport function createKeyVault(\n endpointParam: string,\n credential: TokenCredential,\n options: KeyVaultClientOptionalParams = {},\n): KeyVaultContext {\n const endpointUrl =\n options.endpoint ?? options.baseUrl ?? String(endpointParam);\n const prefixFromOptions = options?.userAgentOptions?.userAgentPrefix;\n const userAgentInfo = `azsdk-js-keyvault-keys/1.0.0-beta.1`;\n const userAgentPrefix = prefixFromOptions\n ? `${prefixFromOptions} azsdk-js-api ${userAgentInfo}`\n : `azsdk-js-api ${userAgentInfo}`;\n const { apiVersion: _, ...updatedOptions } = {\n ...options,\n userAgentOptions: { userAgentPrefix },\n loggingOptions: { logger: options.loggingOptions?.logger ?? logger.info },\n credentials: {\n scopes: options.credentials?.scopes ?? [\n \"https://vault.azure.net/.default\",\n ],\n },\n };\n const clientContext = getClient(endpointUrl, credential, updatedOptions);\n clientContext.pipeline.removePolicy({ name: \"ApiVersionPolicy\" });\n const apiVersion = options.apiVersion ?? \"7.6\";\n clientContext.pipeline.addPolicy({\n name: \"ClientApiVersionPolicy\",\n sendRequest: (req, next) => {\n // Use the apiVersion defined in request url directly\n // Append one if there is no apiVersion and we have one at client options\n const url = new URL(req.url);\n if (!url.searchParams.get(\"api-version\")) {\n req.url = `${req.url}${\n Array.from(url.searchParams.keys()).length > 0 ? \"&\" : \"?\"\n }api-version=${apiVersion}`;\n }\n\n return next(req);\n },\n });\n return { ...clientContext, apiVersion } as KeyVaultContext;\n}\n"]}
1
+ {"version":3,"file":"keyVaultContext.js","sourceRoot":"","sources":["../../../../../src/generated/src/api/keyVaultContext.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC,OAAO,EAAE,MAAM,EAAE,MAAM,cAAc,CAAC;AAEtC,OAAO,EAAyB,SAAS,EAAE,MAAM,yBAAyB,CAAC;AAiB3E,qHAAqH;AACrH,MAAM,UAAU,cAAc,CAC5B,aAAqB,EACrB,UAA2B,EAC3B,UAAwC,EAAE;IAE1C,MAAM,WAAW,GACf,OAAO,CAAC,QAAQ,IAAI,OAAO,CAAC,OAAO,IAAI,MAAM,CAAC,aAAa,CAAC,CAAC;IAC/D,MAAM,iBAAiB,GAAG,OAAO,EAAE,gBAAgB,EAAE,eAAe,CAAC;IACrE,MAAM,aAAa,GAAG,qCAAqC,CAAC;IAC5D,MAAM,eAAe,GAAG,iBAAiB;QACvC,CAAC,CAAC,GAAG,iBAAiB,iBAAiB,aAAa,EAAE;QACtD,CAAC,CAAC,gBAAgB,aAAa,EAAE,CAAC;IACpC,MAAM,EAAE,UAAU,EAAE,CAAC,EAAE,GAAG,cAAc,EAAE,GAAG;QAC3C,GAAG,OAAO;QACV,gBAAgB,EAAE,EAAE,eAAe,EAAE;QACrC,cAAc,EAAE,EAAE,MAAM,EAAE,OAAO,CAAC,cAAc,EAAE,MAAM,IAAI,MAAM,CAAC,IAAI,EAAE;QACzE,WAAW,EAAE;YACX,MAAM,EAAE,OAAO,CAAC,WAAW,EAAE,MAAM,IAAI;gBACrC,kCAAkC;aACnC;SACF;KACF,CAAC;IACF,MAAM,aAAa,GAAG,SAAS,CAAC,WAAW,EAAE,UAAU,EAAE,cAAc,CAAC,CAAC;IACzE,aAAa,CAAC,QAAQ,CAAC,YAAY,CAAC,EAAE,IAAI,EAAE,kBAAkB,EAAE,CAAC,CAAC;IAClE,MAAM,UAAU,GAAG,OAAO,CAAC,UAAU,IAAI,KAAK,CAAC;IAC/C,aAAa,CAAC,QAAQ,CAAC,SAAS,CAAC;QAC/B,IAAI,EAAE,wBAAwB;QAC9B,WAAW,EAAE,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE;YACzB,qDAAqD;YACrD,yEAAyE;YACzE,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;YAC7B,IAAI,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,aAAa,CAAC,EAAE,CAAC;gBACzC,GAAG,CAAC,GAAG,GAAG,GAAG,GAAG,CAAC,GAAG,GAClB,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,YAAY,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GACzD,eAAe,UAAU,EAAE,CAAC;YAC9B,CAAC;YAED,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC;QACnB,CAAC;KACF,CAAC,CAAC;IACH,OAAO,EAAE,GAAG,aAAa,EAAE,UAAU,EAAqB,CAAC;AAC7D,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport { logger } from \"../logger.js\";\nimport { KnownVersions } from \"../models/models.js\";\nimport { Client, ClientOptions, getClient } from \"@azure-rest/core-client\";\nimport { TokenCredential } from \"@azure/core-auth\";\n\n/** The key vault client performs cryptographic key operations and vault operations against the Key Vault service. */\nexport interface KeyVaultContext extends Client {\n /** The API version to use for this operation. */\n /** Known values of {@link KnownVersions} that the service accepts. */\n apiVersion: string;\n}\n\n/** Optional parameters for the client. */\nexport interface KeyVaultClientOptionalParams extends ClientOptions {\n /** The API version to use for this operation. */\n /** Known values of {@link KnownVersions} that the service accepts. */\n apiVersion?: string;\n}\n\n/** The key vault client performs cryptographic key operations and vault operations against the Key Vault service. */\nexport function createKeyVault(\n endpointParam: string,\n credential: TokenCredential,\n options: KeyVaultClientOptionalParams = {},\n): KeyVaultContext {\n const endpointUrl =\n options.endpoint ?? options.baseUrl ?? String(endpointParam);\n const prefixFromOptions = options?.userAgentOptions?.userAgentPrefix;\n const userAgentInfo = `azsdk-js-keyvault-keys/1.0.0-beta.1`;\n const userAgentPrefix = prefixFromOptions\n ? `${prefixFromOptions} azsdk-js-api ${userAgentInfo}`\n : `azsdk-js-api ${userAgentInfo}`;\n const { apiVersion: _, ...updatedOptions } = {\n ...options,\n userAgentOptions: { userAgentPrefix },\n loggingOptions: { logger: options.loggingOptions?.logger ?? logger.info },\n credentials: {\n scopes: options.credentials?.scopes ?? [\n \"https://vault.azure.net/.default\",\n ],\n },\n };\n const clientContext = getClient(endpointUrl, credential, updatedOptions);\n clientContext.pipeline.removePolicy({ name: \"ApiVersionPolicy\" });\n const apiVersion = options.apiVersion ?? \"7.6\";\n clientContext.pipeline.addPolicy({\n name: \"ClientApiVersionPolicy\",\n sendRequest: (req, next) => {\n // Use the apiVersion defined in request url directly\n // Append one if there is no apiVersion and we have one at client options\n const url = new URL(req.url);\n if (!url.searchParams.get(\"api-version\")) {\n req.url = `${req.url}${\n Array.from(url.searchParams.keys()).length > 0 ? \"&\" : \"?\"\n }api-version=${apiVersion}`;\n }\n\n return next(req);\n },\n });\n return { ...clientContext, apiVersion } as KeyVaultContext;\n}\n"]}