@azure/keyvault-keys 4.3.0-beta.1 → 4.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (23) hide show
  1. package/CHANGELOG.md +8 -6
  2. package/README.md +14 -16
  3. package/dist/index.js +32 -584
  4. package/dist/index.js.map +1 -1
  5. package/dist-esm/keyvault-keys/src/constants.js +1 -1
  6. package/dist-esm/keyvault-keys/src/constants.js.map +1 -1
  7. package/dist-esm/keyvault-keys/src/cryptographyClient.js +8 -9
  8. package/dist-esm/keyvault-keys/src/cryptographyClient.js.map +1 -1
  9. package/dist-esm/keyvault-keys/src/generated/keyVaultClient.js +14 -242
  10. package/dist-esm/keyvault-keys/src/generated/keyVaultClient.js.map +1 -1
  11. package/dist-esm/keyvault-keys/src/generated/keyVaultClientContext.js +7 -5
  12. package/dist-esm/keyvault-keys/src/generated/keyVaultClientContext.js.map +1 -1
  13. package/dist-esm/keyvault-keys/src/generated/models/index.js.map +1 -1
  14. package/dist-esm/keyvault-keys/src/generated/models/mappers.js +0 -278
  15. package/dist-esm/keyvault-keys/src/generated/models/mappers.js.map +1 -1
  16. package/dist-esm/keyvault-keys/src/generated/models/parameters.js +1 -45
  17. package/dist-esm/keyvault-keys/src/generated/models/parameters.js.map +1 -1
  18. package/dist-esm/keyvault-keys/src/index.js +2 -19
  19. package/dist-esm/keyvault-keys/src/index.js.map +1 -1
  20. package/dist-esm/keyvault-keys/src/keysModels.js +1 -19
  21. package/dist-esm/keyvault-keys/src/keysModels.js.map +1 -1
  22. package/package.json +7 -6
  23. package/types/keyvault-keys.d.ts +32 -51
package/dist-esm/keyvault-keys/src/constants.js CHANGED
@@ -1,4 +1,4 @@
1
1
  // Copyright (c) Microsoft Corporation.
2
2
  // Licensed under the MIT license.
3
- export const SDK_VERSION = "4.3.0-beta.1";
3
+ export const SDK_VERSION = "4.3.0";
4
4
  //# sourceMappingURL=constants.js.map
package/dist-esm/keyvault-keys/src/constants.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"constants.js","sourceRoot":"","sources":["../../../src/constants.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC,MAAM,CAAC,MAAM,WAAW,GAAW,cAAc,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nexport const SDK_VERSION: string = \"4.3.0-beta.1\";\n"]}
1
+ {"version":3,"file":"constants.js","sourceRoot":"","sources":["../../../src/constants.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC,MAAM,CAAC,MAAM,WAAW,GAAW,OAAO,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nexport const SDK_VERSION: string = \"4.3.0\";\n"]}
package/dist-esm/keyvault-keys/src/cryptographyClient.js CHANGED
@@ -1,6 +1,5 @@
1
1
  // Copyright (c) Microsoft Corporation.
2
2
  // Licensed under the MIT license.
3
- import { KnownKeyOperations } from "./keysModels";
4
3
  import { RemoteCryptographyProvider } from "./cryptography/remoteCryptographyProvider";
5
4
  import { randomBytes } from "./cryptography/crypto";
6
5
  import { RsaCryptographyProvider } from "./cryptography/rsaCryptographyProvider";
@@ -66,7 +65,7 @@ export class CryptographyClient {
66
65
  encrypt(...args) {
67
66
  const [parameters, options] = this.disambiguateEncryptArguments(args);
68
67
  return withTrace("encrypt", options, async (updatedOptions) => {
69
- this.ensureValid(await this.fetchKey(updatedOptions), KnownKeyOperations.Encrypt);
68
+ this.ensureValid(await this.fetchKey(updatedOptions), "encrypt" /* Encrypt */);
70
69
  this.initializeIV(parameters);
71
70
  const provider = await this.getProvider("encrypt", parameters.algorithm, updatedOptions);
72
71
  try {
@@ -125,7 +124,7 @@ export class CryptographyClient {
125
124
  decrypt(...args) {
126
125
  const [parameters, options] = this.disambiguateDecryptArguments(args);
127
126
  return withTrace("decrypt", options, async (updatedOptions) => {
128
- this.ensureValid(await this.fetchKey(updatedOptions), KnownKeyOperations.Decrypt);
127
+ this.ensureValid(await this.fetchKey(updatedOptions), "decrypt" /* Decrypt */);
129
128
  const provider = await this.getProvider("decrypt", parameters.algorithm, updatedOptions);
130
129
  try {
131
130
  return provider.decrypt(parameters, updatedOptions);
@@ -172,7 +171,7 @@ export class CryptographyClient {
172
171
  */
173
172
  wrapKey(algorithm, key, options = {}) {
174
173
  return withTrace("wrapKey", options, async (updatedOptions) => {
175
- this.ensureValid(await this.fetchKey(updatedOptions), KnownKeyOperations.WrapKey);
174
+ this.ensureValid(await this.fetchKey(updatedOptions), "wrapKey" /* WrapKey */);
176
175
  const provider = await this.getProvider("wrapKey", algorithm, updatedOptions);
177
176
  try {
178
177
  return provider.wrapKey(algorithm, key, updatedOptions);
@@ -199,7 +198,7 @@ export class CryptographyClient {
199
198
  */
200
199
  unwrapKey(algorithm, encryptedKey, options = {}) {
201
200
  return withTrace("unwrapKey", options, async (updatedOptions) => {
202
- this.ensureValid(await this.fetchKey(updatedOptions), KnownKeyOperations.UnwrapKey);
201
+ this.ensureValid(await this.fetchKey(updatedOptions), "unwrapKey" /* UnwrapKey */);
203
202
  const provider = await this.getProvider("unwrapKey", algorithm, updatedOptions);
204
203
  try {
205
204
  return provider.unwrapKey(algorithm, encryptedKey, updatedOptions);
@@ -226,7 +225,7 @@ export class CryptographyClient {
226
225
  */
227
226
  sign(algorithm, digest, options = {}) {
228
227
  return withTrace("sign", options, async (updatedOptions) => {
229
- this.ensureValid(await this.fetchKey(updatedOptions), KnownKeyOperations.Sign);
228
+ this.ensureValid(await this.fetchKey(updatedOptions), "sign" /* Sign */);
230
229
  const provider = await this.getProvider("sign", algorithm, updatedOptions);
231
230
  try {
232
231
  return provider.sign(algorithm, digest, updatedOptions);
@@ -254,7 +253,7 @@ export class CryptographyClient {
254
253
  */
255
254
  verify(algorithm, digest, signature, options = {}) {
256
255
  return withTrace("verify", options, async (updatedOptions) => {
257
- this.ensureValid(await this.fetchKey(updatedOptions), KnownKeyOperations.Verify);
256
+ this.ensureValid(await this.fetchKey(updatedOptions), "verify" /* Verify */);
258
257
  const provider = await this.getProvider("verify", algorithm, updatedOptions);
259
258
  try {
260
259
  return provider.verify(algorithm, digest, signature, updatedOptions);
@@ -281,7 +280,7 @@ export class CryptographyClient {
281
280
  */
282
281
  signData(algorithm, data, options = {}) {
283
282
  return withTrace("signData", options, async (updatedOptions) => {
284
- this.ensureValid(await this.fetchKey(updatedOptions), KnownKeyOperations.Sign);
283
+ this.ensureValid(await this.fetchKey(updatedOptions), "sign" /* Sign */);
285
284
  const provider = await this.getProvider("signData", algorithm, updatedOptions);
286
285
  try {
287
286
  return provider.signData(algorithm, data, updatedOptions);
@@ -309,7 +308,7 @@ export class CryptographyClient {
309
308
  */
310
309
  verifyData(algorithm, data, signature, options = {}) {
311
310
  return withTrace("verifyData", options, async (updatedOptions) => {
312
- this.ensureValid(await this.fetchKey(updatedOptions), KnownKeyOperations.Verify);
311
+ this.ensureValid(await this.fetchKey(updatedOptions), "verify" /* Verify */);
313
312
  const provider = await this.getProvider("verifyData", algorithm, updatedOptions);
314
313
  try {
315
314
  return provider.verifyData(algorithm, data, signature, updatedOptions);
package/dist-esm/keyvault-keys/src/cryptographyClient.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"cryptographyClient.js","sourceRoot":"","sources":["../../../src/cryptographyClient.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EAML,kBAAkB,EACnB,MAAM,cAAc,CAAC;AAuBtB,OAAO,EAAE,0BAA0B,EAAE,MAAM,2CAA2C,CAAC;AACvF,OAAO,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAC;AAEpD,OAAO,EAAE,uBAAuB,EAAE,MAAM,wCAAwC,CAAC;AACjF,OAAO,EAAE,uBAAuB,EAAE,MAAM,wCAAwC,CAAC;AACjF,OAAO,EAAE,mBAAmB,EAAE,MAAM,2BAA2B,CAAC;AAEhE,MAAM,SAAS,GAAG,mBAAmB,CAAC,wCAAwC,CAAC,CAAC;AAEhF;;;GAGG;AACH,MAAM,OAAO,kBAAkB;IAsD7B;;;;OAIG;IACH,YACE,GAAsC,EACtC,UAA4B,EAC5B,kBAA6C,EAAE;QAE/C,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE;YAC3B,uCAAuC;YACvC,IAAI,CAAC,GAAG,GAAG;gBACT,IAAI,EAAE,YAAY;gBAClB,KAAK,EAAE,GAAG;aACX,CAAC;YACF,IAAI,CAAC,cAAc,GAAG,IAAI,0BAA0B,CAAC,GAAG,EAAE,UAAW,EAAE,eAAe,CAAC,CAAC;SACzF;aAAM,IAAI,MAAM,IAAI,GAAG,EAAE;YACxB,4CAA4C;YAC5C,IAAI,CAAC,GAAG,GAAG;gBACT,IAAI,EAAE,aAAa;gBACnB,KAAK,EAAE,GAAG;aACX,CAAC;YACF,IAAI,CAAC,cAAc,GAAG,IAAI,0BAA0B,CAAC,GAAG,EAAE,UAAW,EAAE,eAAe,CAAC,CAAC;SACzF;aAAM;YACL,wCAAwC;YACxC,IAAI,CAAC,GAAG,GAAG;gBACT,IAAI,EAAE,YAAY;gBAClB,KAAK,EAAE,GAAG;aACX,CAAC;SACH;IACH,CAAC;IAED;;OAEG;IACH,IAAI,QAAQ;;QACV,OAAO,CAAA,MAAA,IAAI,CAAC,cAAc,0CAAE,QAAQ,KAAI,EAAE,CAAC;IAC7C,CAAC;IAED;;OAEG;IACH,IAAI,KAAK;QACP,IAAI,IAAI,CAAC,GAAG,CAAC,IAAI,KAAK,YAAY,EAAE;YAClC,OAAO,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC;SACvB;aAAM,IAAI,IAAI,CAAC,GAAG,CAAC,IAAI,KAAK,aAAa,EAAE;YAC1C,OAAO,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC;SAC1B;aAAM;YACL,OAAO,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC;SAC3B;IACH,CAAC;IAqCM,OAAO,CACZ,GAAG,IAEmD;QAEtD,MAAM,CAAC,UAAU,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC,4BAA4B,CAAC,IAAI,CAAC,CAAC;QACtE,OAAO,SAAS,CAAC,SAAS,EAAE,OAAO,EAAE,KAAK,EAAE,cAAc,EAAE,EAAE;YAC5D,IAAI,CAAC,WAAW,CAAC,MAAM,IAAI,CAAC,QAAQ,CAAC,cAAc,CAAC,EAAE,kBAAkB,CAAC,OAAO,CAAC,CAAC;YAClF,IAAI,CAAC,YAAY,CAAC,UAAU,CAAC,CAAC;YAC9B,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,SAAS,EAAE,UAAU,CAAC,SAAS,EAAE,cAAc,CAAC,CAAC;YACzF,IAAI;gBACF,OAAO,QAAQ,CAAC,OAAO,CAAC,UAAU,EAAE,cAAc,CAAC,CAAC;aACrD;YAAC,OAAO,KAAK,EAAE;gBACd,IAAI,IAAI,CAAC,cAAc,EAAE;oBACvB,OAAO,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC,UAAU,EAAE,cAAc,CAAC,CAAC;iBAChE;gBACD,MAAM,KAAK,CAAC;aACb;QACH,CAAC,CAAC,CAAC;IACL,CAAC;IAEO,YAAY,CAAC,UAA6B;QAChD,uFAAuF;QACvF,MAAM,qBAAqB,GAAgC;YACzD,SAAS;YACT,YAAY;YACZ,SAAS;YACT,YAAY;YACZ,SAAS;YACT,YAAY;SACb,CAAC;QAEF,IAAI,UAAU,CAAC,SAAS,IAAI,qBAAqB,EAAE;YACjD,IAAI;gBACF,MAAM,SAAS,GAAG,UAAqC,CAAC;gBACxD,IAAI,CAAC,SAAS,CAAC,EAAE,EAAE;oBACjB,SAAS,CAAC,EAAE,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC;iBAChC;aACF;YAAC,OAAO,CAAC,EAAE;gBACV,MAAM,IAAI,KAAK,CACb,yCAAyC,UAAU,CAAC,SAAS,yDAAyD,CAAC,CAAC,OAAO,EAAE,CAClI,CAAC;aACH;SACF;IACH,CAAC;IAED;;;OAGG;IACK,4BAA4B,CAClC,IAAkF;QAElF,IAAI,OAAO,IAAI,CAAC,CAAC,CAAC,KAAK,QAAQ,EAAE;YAC/B,4CAA4C;YAC5C,OAAO;gBACL;oBACE,SAAS,EAAE,IAAI,CAAC,CAAC,CAAC;oBAClB,SAAS,EAAE,IAAI,CAAC,CAAC,CAAC;iBACE;gBACtB,IAAI,CAAC,CAAC,CAAC,IAAI,EAAE;aACd,CAAC;SACH;aAAM;YACL,sEAAsE;YACtE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,EAAE,CAAmB,CAAC,CAAC;SACrD;IACH,CAAC;IAqCM,OAAO,CACZ,GAAG,IAEmD;QAEtD,MAAM,CAAC,UAAU,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC,4BAA4B,CAAC,IAAI,CAAC,CAAC;QAEtE,OAAO,SAAS,CAAC,SAAS,EAAE,OAAO,EAAE,KAAK,EAAE,cAAc,EAAE,EAAE;YAC5D,IAAI,CAAC,WAAW,CAAC,MAAM,IAAI,CAAC,QAAQ,CAAC,cAAc,CAAC,EAAE,kBAAkB,CAAC,OAAO,CAAC,CAAC;YAClF,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,SAAS,EAAE,UAAU,CAAC,SAAS,EAAE,cAAc,CAAC,CAAC;YACzF,IAAI;gBACF,OAAO,QAAQ,CAAC,OAAO,CAAC,UAAU,EAAE,cAAc,CAAC,CAAC;aACrD;YAAC,OAAO,KAAK,EAAE;gBACd,IAAI,IAAI,CAAC,cAAc,EAAE;oBACvB,OAAO,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC,UAAU,EAAE,cAAc,CAAC,CAAC;iBAChE;gBACD,MAAM,KAAK,CAAC;aACb;QACH,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;;OAGG;IACK,4BAA4B,CAClC,IAAkF;QAElF,IAAI,OAAO,IAAI,CAAC,CAAC,CAAC,KAAK,QAAQ,EAAE;YAC/B,qDAAqD;YACrD,OAAO;gBACL;oBACE,SAAS,EAAE,IAAI,CAAC,CAAC,CAAC;oBAClB,UAAU,EAAE,IAAI,CAAC,CAAC,CAAC;iBACC;gBACtB,IAAI,CAAC,CAAC,CAAC,IAAI,EAAE;aACd,CAAC;SACH;aAAM;YACL,gFAAgF;YAChF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,EAAE,CAAmB,CAAC,CAAC;SACrD;IACH,CAAC;IAED;;;;;;;;;;;OAWG;IACI,OAAO,CACZ,SAA2B,EAC3B,GAAe,EACf,UAA0B,EAAE;QAE5B,OAAO,SAAS,CAAC,SAAS,EAAE,OAAO,EAAE,KAAK,EAAE,cAAc,EAAE,EAAE;YAC5D,IAAI,CAAC,WAAW,CAAC,MAAM,IAAI,CAAC,QAAQ,CAAC,cAAc,CAAC,EAAE,kBAAkB,CAAC,OAAO,CAAC,CAAC;YAClF,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,SAAS,EAAE,SAAS,EAAE,cAAc,CAAC,CAAC;YAC9E,IAAI;gBACF,OAAO,QAAQ,CAAC,OAAO,CAAC,SAAS,EAAE,GAAG,EAAE,cAAc,CAAC,CAAC;aACzD;YAAC,OAAO,GAAG,EAAE;gBACZ,IAAI,IAAI,CAAC,cAAc,EAAE;oBACvB,OAAO,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC,SAAS,EAAE,GAAG,EAAE,OAAO,CAAC,CAAC;iBAC7D;gBACD,MAAM,GAAG,CAAC;aACX;QACH,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;;;;;;;;;;OAWG;IACI,SAAS,CACd,SAA2B,EAC3B,YAAwB,EACxB,UAA4B,EAAE;QAE9B,OAAO,SAAS,CAAC,WAAW,EAAE,OAAO,EAAE,KAAK,EAAE,cAAc,EAAE,EAAE;YAC9D,IAAI,CAAC,WAAW,CAAC,MAAM,IAAI,CAAC,QAAQ,CAAC,cAAc,CAAC,EAAE,kBAAkB,CAAC,SAAS,CAAC,CAAC;YACpF,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,WAAW,EAAE,SAAS,EAAE,cAAc,CAAC,CAAC;YAChF,IAAI;gBACF,OAAO,QAAQ,CAAC,SAAS,CAAC,SAAS,EAAE,YAAY,EAAE,cAAc,CAAC,CAAC;aACpE;YAAC,OAAO,GAAG,EAAE;gBACZ,IAAI,IAAI,CAAC,cAAc,EAAE;oBACvB,OAAO,IAAI,CAAC,cAAc,CAAC,SAAS,CAAC,SAAS,EAAE,YAAY,EAAE,OAAO,CAAC,CAAC;iBACxE;gBACD,MAAM,GAAG,CAAC;aACX;QACH,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;;;;;;;;;;OAWG;IACI,IAAI,CACT,SAA6B,EAC7B,MAAkB,EAClB,UAAuB,EAAE;QAEzB,OAAO,SAAS,CAAC,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,cAAc,EAAE,EAAE;YACzD,IAAI,CAAC,WAAW,CAAC,MAAM,IAAI,CAAC,QAAQ,CAAC,cAAc,CAAC,EAAE,kBAAkB,CAAC,IAAI,CAAC,CAAC;YAC/E,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,SAAS,EAAE,cAAc,CAAC,CAAC;YAC3E,IAAI;gBACF,OAAO,QAAQ,CAAC,IAAI,CAAC,SAAS,EAAE,MAAM,EAAE,cAAc,CAAC,CAAC;aACzD;YAAC,OAAO,GAAG,EAAE;gBACZ,IAAI,IAAI,CAAC,cAAc,EAAE;oBACvB,OAAO,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,SAAS,EAAE,MAAM,EAAE,cAAc,CAAC,CAAC;iBACpE;gBACD,MAAM,GAAG,CAAC;aACX;QACH,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;;;;;;;;;;;OAYG;IACI,MAAM,CACX,SAA6B,EAC7B,MAAkB,EAClB,SAAqB,EACrB,UAAyB,EAAE;QAE3B,OAAO,SAAS,CAAC,QAAQ,EAAE,OAAO,EAAE,KAAK,EAAE,cAAc,EAAE,EAAE;YAC3D,IAAI,CAAC,WAAW,CAAC,MAAM,IAAI,CAAC,QAAQ,CAAC,cAAc,CAAC,EAAE,kBAAkB,CAAC,MAAM,CAAC,CAAC;YACjF,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,QAAQ,EAAE,SAAS,EAAE,cAAc,CAAC,CAAC;YAC7E,IAAI;gBACF,OAAO,QAAQ,CAAC,MAAM,CAAC,SAAS,EAAE,MAAM,EAAE,SAAS,EAAE,cAAc,CAAC,CAAC;aACtE;YAAC,OAAO,GAAG,EAAE;gBACZ,IAAI,IAAI,CAAC,cAAc,EAAE;oBACvB,OAAO,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,SAAS,EAAE,MAAM,EAAE,SAAS,EAAE,cAAc,CAAC,CAAC;iBACjF;gBACD,MAAM,GAAG,CAAC;aACX;QACH,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;;;;;;;;;;OAWG;IACI,QAAQ,CACb,SAA6B,EAC7B,IAAgB,EAChB,UAAuB,EAAE;QAEzB,OAAO,SAAS,CAAC,UAAU,EAAE,OAAO,EAAE,KAAK,EAAE,cAAc,EAAE,EAAE;YAC7D,IAAI,CAAC,WAAW,CAAC,MAAM,IAAI,CAAC,QAAQ,CAAC,cAAc,CAAC,EAAE,kBAAkB,CAAC,IAAI,CAAC,CAAC;YAC/E,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,UAAU,EAAE,SAAS,EAAE,cAAc,CAAC,CAAC;YAC/E,IAAI;gBACF,OAAO,QAAQ,CAAC,QAAQ,CAAC,SAAS,EAAE,IAAI,EAAE,cAAc,CAAC,CAAC;aAC3D;YAAC,OAAO,GAAG,EAAE;gBACZ,IAAI,IAAI,CAAC,cAAc,EAAE;oBACvB,OAAO,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,SAAS,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC;iBAC/D;gBACD,MAAM,GAAG,CAAC;aACX;QACH,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;;;;;;;;;;;OAYG;IACI,UAAU,CACf,SAA6B,EAC7B,IAAgB,EAChB,SAAqB,EACrB,UAAyB,EAAE;QAE3B,OAAO,SAAS,CAAC,YAAY,EAAE,OAAO,EAAE,KAAK,EAAE,cAAc,EAAE,EAAE;YAC/D,IAAI,CAAC,WAAW,CAAC,MAAM,IAAI,CAAC,QAAQ,CAAC,cAAc,CAAC,EAAE,kBAAkB,CAAC,MAAM,CAAC,CAAC;YACjF,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,YAAY,EAAE,SAAS,EAAE,cAAc,CAAC,CAAC;YACjF,IAAI;gBACF,OAAO,QAAQ,CAAC,UAAU,CAAC,SAAS,EAAE,IAAI,EAAE,SAAS,EAAE,cAAc,CAAC,CAAC;aACxE;YAAC,OAAO,GAAG,EAAE;gBACZ,IAAI,IAAI,CAAC,cAAc,EAAE;oBACvB,OAAO,IAAI,CAAC,cAAc,CAAC,UAAU,CAAC,SAAS,EAAE,IAAI,EAAE,SAAS,EAAE,cAAc,CAAC,CAAC;iBACnF;gBACD,MAAM,GAAG,CAAC;aACX;QACH,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;;;;;;;;OASG;IACK,KAAK,CAAC,cAAc,CAAC,OAAsB;QACjD,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;QAEzC,QAAQ,GAAG,CAAC,IAAI,EAAE;YAChB,KAAK,YAAY;gBACf,OAAO,GAAG,CAAC,KAAK,CAAC;YACnB,KAAK,aAAa;gBAChB,OAAO,GAAG,CAAC,KAAK,CAAC,GAAI,CAAC;YACxB;gBACE,MAAM,IAAI,KAAK,CAAC,uDAAuD,CAAC,CAAC;SAC5E;IACH,CAAC;IAED;;;;OAIG;IACK,KAAK,CAAC,QAAQ,CAA6B,OAAU;QAC3D,IAAI,IAAI,CAAC,GAAG,CAAC,IAAI,KAAK,YAAY,EAAE;YAClC,0DAA0D;YAC1D,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,cAAe,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;YACvD,IAAI,CAAC,GAAG,GAAG,EAAE,IAAI,EAAE,aAAa,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC;SAChD;QACD,OAAO,IAAI,CAAC,GAAG,CAAC;IAClB,CAAC;IAGD;;;;;;OAMG;IACK,KAAK,CAAC,WAAW,CACvB,SAAwC,EACxC,SAAiB,EACjB,OAAU;QAEV,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE;YACnB,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC;YACvD,uCAAuC;YACvC,IAAI,CAAC,SAAS,GAAG;gBACf,IAAI,uBAAuB,CAAC,WAAW,CAAC;gBACxC,IAAI,uBAAuB,CAAC,WAAW,CAAC;aACzC,CAAC;YAEF,2FAA2F;YAC3F,qGAAqG;YACrG,IAAI,IAAI,CAAC,cAAc,EAAE;gBACvB,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;aAC1C;SACF;QAED,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,CAAC,SAAS,EAAE,SAAS,CAAC,CAAC,CAAC;QAEpF,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE;YAC1B,MAAM,IAAI,KAAK,CACb,iCAAiC,SAAS,sBAAsB,SAAS,KACvE,IAAI,CAAC,GAAG,CAAC,IAAI,KAAK,YAAY,CAAC,CAAC,CAAC,0BAA0B,CAAC,CAAC,CAAC,EAChE,EAAE,CACH,CAAC;SACH;QAED,uDAAuD;QACvD,OAAO,SAAS,CAAC,CAAC,CAAC,CAAC;IACtB,CAAC;IAEO,WAAW,CAAC,GAA0B,EAAE,SAAwB;;QACtE,IAAI,GAAG,CAAC,IAAI,KAAK,aAAa,EAAE;YAC9B,MAAM,MAAM,GAAG,GAAG,CAAC,KAAK,CAAC,aAAa,CAAC;YACvC,MAAM,EAAE,SAAS,EAAE,SAAS,EAAE,GAAG,GAAG,CAAC,KAAK,CAAC,UAAU,CAAC;YACtD,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;YAEvB,gCAAgC;YAChC,IAAI,SAAS,IAAI,GAAG,GAAG,SAAS,EAAE;gBAChC,MAAM,IAAI,KAAK,CAAC,OAAO,GAAG,CAAC,KAAK,CAAC,EAAE,yBAAyB,SAAS,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;aACxF;YAED,IAAI,SAAS,IAAI,GAAG,GAAG,SAAS,EAAE;gBAChC,MAAM,IAAI,KAAK,CAAC,OAAO,GAAG,CAAC,KAAK,CAAC,EAAE,eAAe,SAAS,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;aAC9E;YAED,uBAAuB;YACvB,IAAI,SAAS,IAAI,MAAM,IAAI,CAAC,CAAA,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,QAAQ,CAAC,SAAS,CAAC,CAAA,EAAE;gBACvD,MAAM,IAAI,KAAK,CAAC,aAAa,SAAS,4BAA4B,GAAG,CAAC,KAAK,CAAC,EAAE,EAAE,CAAC,CAAC;aACnF;SACF;aAAM,IAAI,GAAG,CAAC,IAAI,KAAK,YAAY,EAAE;YACpC,kCAAkC;YAClC,IAAI,SAAS,IAAI,GAAG,CAAC,KAAK,CAAC,MAAM,IAAI,CAAC,CAAA,MAAA,GAAG,CAAC,KAAK,CAAC,MAAM,0CAAE,QAAQ,CAAC,SAAS,CAAC,CAAA,EAAE;gBAC3E,MAAM,IAAI,KAAK,CAAC,aAAa,SAAS,4BAA4B,GAAG,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC;aACpF;SACF;IACH,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { OperationOptions, TokenCredential } from \"@azure/core-http\";\nimport {\n JsonWebKey,\n KeyVaultKey,\n CryptographyClientOptions,\n GetKeyOptions,\n KeyOperation,\n KnownKeyOperations\n} from \"./keysModels\";\nimport {\n EncryptionAlgorithm,\n KeyWrapAlgorithm,\n WrapResult,\n UnwrapResult,\n DecryptResult,\n SignatureAlgorithm,\n SignResult,\n VerifyResult,\n EncryptResult,\n EncryptOptions,\n DecryptOptions,\n WrapKeyOptions,\n UnwrapKeyOptions,\n EncryptParameters,\n SignOptions,\n VerifyOptions,\n DecryptParameters,\n CryptographyClientKey,\n AesCbcEncryptParameters,\n AesCbcEncryptionAlgorithm\n} from \"./cryptographyClientModels\";\nimport { RemoteCryptographyProvider } from \"./cryptography/remoteCryptographyProvider\";\nimport { randomBytes } from \"./cryptography/crypto\";\nimport { CryptographyProvider, CryptographyProviderOperation } from \"./cryptography/models\";\nimport { RsaCryptographyProvider } from \"./cryptography/rsaCryptographyProvider\";\nimport { AesCryptographyProvider } from \"./cryptography/aesCryptographyProvider\";\nimport { createTraceFunction } from \"../../keyvault-common/src\";\n\nconst withTrace = createTraceFunction(\"Azure.KeyVault.Keys.CryptographyClient\");\n\n/**\n * A client used to perform cryptographic operations on an Azure Key vault key\n * or a local {@link JsonWebKey}.\n */\nexport class CryptographyClient {\n /**\n * The key the CryptographyClient currently holds.\n */\n private key: CryptographyClientKey;\n\n /**\n * The remote provider, which would be undefined if used in local mode.\n */\n private remoteProvider?: RemoteCryptographyProvider;\n\n /**\n * Constructs a new instance of the Cryptography client for the given key\n *\n * Example usage:\n * ```ts\n * import { KeyClient, CryptographyClient } from \"@azure/keyvault-keys\";\n * import { DefaultAzureCredential } from \"@azure/identity\";\n *\n * let vaultUrl = `https://<MY KEYVAULT HERE>.vault.azure.net`;\n * let credentials = new DefaultAzureCredential();\n *\n * let keyClient = new KeyClient(vaultUrl, credentials);\n * let keyVaultKey = await keyClient.getKey(\"MyKey\");\n *\n * let client = new CryptographyClient(keyVaultKey.id, credentials);\n * // or\n * let client = new CryptographyClient(keyVaultKey, credentials);\n * ```\n * @param key - The key to use during cryptography tasks. You can also pass the identifier of the key i.e its url here.\n * @param credential - An object that implements the `TokenCredential` interface used to authenticate requests to the service. Use the \\@azure/identity package to create a credential that suits your needs.\n * @param pipelineOptions - Pipeline options used to configure Key Vault API requests.\n * Omit this parameter to use the default pipeline configuration.\n */\n constructor(\n key: string | KeyVaultKey,\n credential: TokenCredential,\n pipelineOptions?: CryptographyClientOptions\n );\n /**\n * Constructs a new instance of the Cryptography client for the given key in local mode.\n *\n * Example usage:\n * ```ts\n * import { CryptographyClient } from \"@azure/keyvault-keys\";\n *\n * const jsonWebKey: JsonWebKey = {\n * // ...\n * };\n * const client = new CryptographyClient(jsonWebKey);\n * ```\n * @param key - The JsonWebKey to use during cryptography operations.\n */\n constructor(key: JsonWebKey);\n /**\n * Internal constructor implementation for either local or Key Vault backed keys.\n * @param key - The key to use during cryptography tasks.\n * @param credential - Teh credential to use when constructing a Key Vault Cryptography client.\n */\n constructor(\n key: string | KeyVaultKey | JsonWebKey,\n credential?: TokenCredential,\n pipelineOptions: CryptographyClientOptions = {}\n ) {\n if (typeof key === \"string\") {\n // Key URL for remote-local operations.\n this.key = {\n kind: \"identifier\",\n value: key\n };\n this.remoteProvider = new RemoteCryptographyProvider(key, credential!, pipelineOptions);\n } else if (\"name\" in key) {\n // KeyVault key for remote-local operations.\n this.key = {\n kind: \"KeyVaultKey\",\n value: key\n };\n this.remoteProvider = new RemoteCryptographyProvider(key, credential!, pipelineOptions);\n } else {\n // JsonWebKey for local-only operations.\n this.key = {\n kind: \"JsonWebKey\",\n value: key\n };\n }\n }\n\n /**\n * The base URL to the vault. If a local {@link JsonWebKey} is used vaultUrl will be empty.\n */\n get vaultUrl(): string {\n return this.remoteProvider?.vaultUrl || \"\";\n }\n\n /**\n * The ID of the key used to perform cryptographic operations for the client.\n */\n get keyID(): string | undefined {\n if (this.key.kind === \"identifier\") {\n return this.key.value;\n } else if (this.key.kind === \"KeyVaultKey\") {\n return this.key.value.id;\n } else {\n return this.key.value.kid;\n }\n }\n\n /**\n * Encrypts the given plaintext with the specified encryption parameters.\n * Depending on the algorithm set in the encryption parameters, the set of possible encryption parameters will change.\n *\n * Example usage:\n * ```ts\n * let client = new CryptographyClient(keyVaultKey, credentials);\n * let result = await client.encrypt({ algorithm: \"RSA1_5\", plaintext: Buffer.from(\"My Message\")});\n * let result = await client.encrypt({ algorithm: \"A256GCM\", plaintext: Buffer.from(\"My Message\"), additionalAuthenticatedData: Buffer.from(\"My authenticated data\")});\n * ```\n * @param encryptParameters - The encryption parameters, keyed on the encryption algorithm chosen.\n * @param options - Additional options.\n */\n public encrypt(\n encryptParameters: EncryptParameters,\n options?: EncryptOptions\n ): Promise<EncryptResult>;\n /**\n * Encrypts the given plaintext with the specified cryptography algorithm\n *\n * Example usage:\n * ```ts\n * let client = new CryptographyClient(keyVaultKey, credentials);\n * let result = await client.encrypt(\"RSA1_5\", Buffer.from(\"My Message\"));\n * ```\n * @param algorithm - The algorithm to use.\n * @param plaintext - The text to encrypt.\n * @param options - Additional options.\n * @deprecated Use `encrypt({ algorithm, plaintext }, options)` instead.\n */\n public encrypt(\n algorithm: EncryptionAlgorithm,\n plaintext: Uint8Array,\n options?: EncryptOptions\n ): Promise<EncryptResult>;\n public encrypt(\n ...args:\n | [EncryptParameters, EncryptOptions?]\n | [EncryptionAlgorithm, Uint8Array, EncryptOptions?]\n ): Promise<EncryptResult> {\n const [parameters, options] = this.disambiguateEncryptArguments(args);\n return withTrace(\"encrypt\", options, async (updatedOptions) => {\n this.ensureValid(await this.fetchKey(updatedOptions), KnownKeyOperations.Encrypt);\n this.initializeIV(parameters);\n const provider = await this.getProvider(\"encrypt\", parameters.algorithm, updatedOptions);\n try {\n return provider.encrypt(parameters, updatedOptions);\n } catch (error) {\n if (this.remoteProvider) {\n return this.remoteProvider.encrypt(parameters, updatedOptions);\n }\n throw error;\n }\n });\n }\n\n private initializeIV(parameters: EncryptParameters): void {\n // For AES-GCM the service **must** generate the IV, so we only populate it for AES-CBC\n const algorithmsRequiringIV: AesCbcEncryptionAlgorithm[] = [\n \"A128CBC\",\n \"A128CBCPAD\",\n \"A192CBC\",\n \"A192CBCPAD\",\n \"A256CBC\",\n \"A256CBCPAD\"\n ];\n\n if (parameters.algorithm in algorithmsRequiringIV) {\n try {\n const cbcParams = parameters as AesCbcEncryptParameters;\n if (!cbcParams.iv) {\n cbcParams.iv = randomBytes(16);\n }\n } catch (e) {\n throw new Error(\n `Unable to initialize IV for algorithm ${parameters.algorithm}. You may pass a valid IV to avoid this error. Error: ${e.message}`\n );\n }\n }\n }\n\n /**\n * Standardizes the arguments of multiple overloads into a single shape.\n * @param args - The encrypt arguments\n */\n private disambiguateEncryptArguments(\n args: [EncryptParameters, EncryptOptions?] | [string, Uint8Array, EncryptOptions?]\n ): [EncryptParameters, EncryptOptions] {\n if (typeof args[0] === \"string\") {\n // Sample shape: [\"RSA1_5\", buffer, options]\n return [\n {\n algorithm: args[0],\n plaintext: args[1]\n } as EncryptParameters,\n args[2] || {}\n ];\n } else {\n // Sample shape: [{ algorithm: \"RSA1_5\", plaintext: buffer }, options]\n return [args[0], (args[1] || {}) as EncryptOptions];\n }\n }\n\n /**\n * Decrypts the given ciphertext with the specified decryption parameters.\n * Depending on the algorithm used in the decryption parameters, the set of possible decryption parameters will change.\n *\n * Example usage:\n * ```ts\n * let client = new CryptographyClient(keyVaultKey, credentials);\n * let result = await client.decrypt({ algorithm: \"RSA1_5\", ciphertext: encryptedBuffer });\n * let result = await client.decrypt({ algorithm: \"A256GCM\", iv: ivFromEncryptResult, authenticationTag: tagFromEncryptResult });\n * ```\n * @param decryptParameters - The decryption parameters.\n * @param options - Additional options.\n */\n public async decrypt(\n decryptParameters: DecryptParameters,\n options?: DecryptOptions\n ): Promise<DecryptResult>;\n /**\n * Decrypts the given ciphertext with the specified cryptography algorithm\n *\n * Example usage:\n * ```ts\n * let client = new CryptographyClient(keyVaultKey, credentials);\n * let result = await client.decrypt(\"RSA1_5\", encryptedBuffer);\n * ```\n * @param algorithm - The algorithm to use.\n * @param ciphertext - The text to decrypt.\n * @param options - Additional options.\n * @deprecated Use `decrypt({ algorithm, ciphertext }, options)` instead.\n */\n public decrypt(\n algorithm: EncryptionAlgorithm,\n ciphertext: Uint8Array,\n options?: DecryptOptions\n ): Promise<DecryptResult>;\n public decrypt(\n ...args:\n | [DecryptParameters, DecryptOptions?]\n | [EncryptionAlgorithm, Uint8Array, DecryptOptions?]\n ): Promise<DecryptResult> {\n const [parameters, options] = this.disambiguateDecryptArguments(args);\n\n return withTrace(\"decrypt\", options, async (updatedOptions) => {\n this.ensureValid(await this.fetchKey(updatedOptions), KnownKeyOperations.Decrypt);\n const provider = await this.getProvider(\"decrypt\", parameters.algorithm, updatedOptions);\n try {\n return provider.decrypt(parameters, updatedOptions);\n } catch (error) {\n if (this.remoteProvider) {\n return this.remoteProvider.decrypt(parameters, updatedOptions);\n }\n throw error;\n }\n });\n }\n\n /**\n * Standardizes the arguments of multiple overloads into a single shape.\n * @param args - The decrypt arguments\n */\n private disambiguateDecryptArguments(\n args: [DecryptParameters, DecryptOptions?] | [string, Uint8Array, DecryptOptions?]\n ): [DecryptParameters, DecryptOptions] {\n if (typeof args[0] === \"string\") {\n // Sample shape: [\"RSA1_5\", encryptedBuffer, options]\n return [\n {\n algorithm: args[0],\n ciphertext: args[1]\n } as DecryptParameters,\n args[2] || {}\n ];\n } else {\n // Sample shape: [{ algorithm: \"RSA1_5\", ciphertext: encryptedBuffer }, options]\n return [args[0], (args[1] || {}) as DecryptOptions];\n }\n }\n\n /**\n * Wraps the given key using the specified cryptography algorithm\n *\n * Example usage:\n * ```ts\n * let client = new CryptographyClient(keyVaultKey, credentials);\n * let result = await client.wrapKey(\"RSA1_5\", keyToWrap);\n * ```\n * @param algorithm - The encryption algorithm to use to wrap the given key.\n * @param key - The key to wrap.\n * @param options - Additional options.\n */\n public wrapKey(\n algorithm: KeyWrapAlgorithm,\n key: Uint8Array,\n options: WrapKeyOptions = {}\n ): Promise<WrapResult> {\n return withTrace(\"wrapKey\", options, async (updatedOptions) => {\n this.ensureValid(await this.fetchKey(updatedOptions), KnownKeyOperations.WrapKey);\n const provider = await this.getProvider(\"wrapKey\", algorithm, updatedOptions);\n try {\n return provider.wrapKey(algorithm, key, updatedOptions);\n } catch (err) {\n if (this.remoteProvider) {\n return this.remoteProvider.wrapKey(algorithm, key, options);\n }\n throw err;\n }\n });\n }\n\n /**\n * Unwraps the given wrapped key using the specified cryptography algorithm\n *\n * Example usage:\n * ```ts\n * let client = new CryptographyClient(keyVaultKey, credentials);\n * let result = await client.unwrapKey(\"RSA1_5\", keyToUnwrap);\n * ```\n * @param algorithm - The decryption algorithm to use to unwrap the key.\n * @param encryptedKey - The encrypted key to unwrap.\n * @param options - Additional options.\n */\n public unwrapKey(\n algorithm: KeyWrapAlgorithm,\n encryptedKey: Uint8Array,\n options: UnwrapKeyOptions = {}\n ): Promise<UnwrapResult> {\n return withTrace(\"unwrapKey\", options, async (updatedOptions) => {\n this.ensureValid(await this.fetchKey(updatedOptions), KnownKeyOperations.UnwrapKey);\n const provider = await this.getProvider(\"unwrapKey\", algorithm, updatedOptions);\n try {\n return provider.unwrapKey(algorithm, encryptedKey, updatedOptions);\n } catch (err) {\n if (this.remoteProvider) {\n return this.remoteProvider.unwrapKey(algorithm, encryptedKey, options);\n }\n throw err;\n }\n });\n }\n\n /**\n * Cryptographically sign the digest of a message\n *\n * Example usage:\n * ```ts\n * let client = new CryptographyClient(keyVaultKey, credentials);\n * let result = await client.sign(\"RS256\", digest);\n * ```\n * @param algorithm - The signing algorithm to use.\n * @param digest - The digest of the data to sign.\n * @param options - Additional options.\n */\n public sign(\n algorithm: SignatureAlgorithm,\n digest: Uint8Array,\n options: SignOptions = {}\n ): Promise<SignResult> {\n return withTrace(\"sign\", options, async (updatedOptions) => {\n this.ensureValid(await this.fetchKey(updatedOptions), KnownKeyOperations.Sign);\n const provider = await this.getProvider(\"sign\", algorithm, updatedOptions);\n try {\n return provider.sign(algorithm, digest, updatedOptions);\n } catch (err) {\n if (this.remoteProvider) {\n return this.remoteProvider.sign(algorithm, digest, updatedOptions);\n }\n throw err;\n }\n });\n }\n\n /**\n * Verify the signed message digest\n *\n * Example usage:\n * ```ts\n * let client = new CryptographyClient(keyVaultKey, credentials);\n * let result = await client.verify(\"RS256\", signedDigest, signature);\n * ```\n * @param algorithm - The signing algorithm to use to verify with.\n * @param digest - The digest to verify.\n * @param signature - The signature to verify the digest against.\n * @param options - Additional options.\n */\n public verify(\n algorithm: SignatureAlgorithm,\n digest: Uint8Array,\n signature: Uint8Array,\n options: VerifyOptions = {}\n ): Promise<VerifyResult> {\n return withTrace(\"verify\", options, async (updatedOptions) => {\n this.ensureValid(await this.fetchKey(updatedOptions), KnownKeyOperations.Verify);\n const provider = await this.getProvider(\"verify\", algorithm, updatedOptions);\n try {\n return provider.verify(algorithm, digest, signature, updatedOptions);\n } catch (err) {\n if (this.remoteProvider) {\n return this.remoteProvider.verify(algorithm, digest, signature, updatedOptions);\n }\n throw err;\n }\n });\n }\n\n /**\n * Cryptographically sign a block of data\n *\n * Example usage:\n * ```ts\n * let client = new CryptographyClient(keyVaultKey, credentials);\n * let result = await client.signData(\"RS256\", message);\n * ```\n * @param algorithm - The signing algorithm to use.\n * @param data - The data to sign.\n * @param options - Additional options.\n */\n public signData(\n algorithm: SignatureAlgorithm,\n data: Uint8Array,\n options: SignOptions = {}\n ): Promise<SignResult> {\n return withTrace(\"signData\", options, async (updatedOptions) => {\n this.ensureValid(await this.fetchKey(updatedOptions), KnownKeyOperations.Sign);\n const provider = await this.getProvider(\"signData\", algorithm, updatedOptions);\n try {\n return provider.signData(algorithm, data, updatedOptions);\n } catch (err) {\n if (this.remoteProvider) {\n return this.remoteProvider.signData(algorithm, data, options);\n }\n throw err;\n }\n });\n }\n\n /**\n * Verify the signed block of data\n *\n * Example usage:\n * ```ts\n * let client = new CryptographyClient(keyVaultKey, credentials);\n * let result = await client.verifyData(\"RS256\", signedMessage, signature);\n * ```\n * @param algorithm - The algorithm to use to verify with.\n * @param data - The signed block of data to verify.\n * @param signature - The signature to verify the block against.\n * @param options - Additional options.\n */\n public verifyData(\n algorithm: SignatureAlgorithm,\n data: Uint8Array,\n signature: Uint8Array,\n options: VerifyOptions = {}\n ): Promise<VerifyResult> {\n return withTrace(\"verifyData\", options, async (updatedOptions) => {\n this.ensureValid(await this.fetchKey(updatedOptions), KnownKeyOperations.Verify);\n const provider = await this.getProvider(\"verifyData\", algorithm, updatedOptions);\n try {\n return provider.verifyData(algorithm, data, signature, updatedOptions);\n } catch (err) {\n if (this.remoteProvider) {\n return this.remoteProvider.verifyData(algorithm, data, signature, updatedOptions);\n }\n throw err;\n }\n });\n }\n\n /**\n * @internal\n * Retrieves the {@link JsonWebKey} from the Key Vault.\n *\n * Example usage:\n * ```ts\n * let client = new CryptographyClient(keyVaultKey, credentials);\n * let result = await client.getKeyMaterial();\n * ```\n */\n private async getKeyMaterial(options: GetKeyOptions): Promise<JsonWebKey> {\n const key = await this.fetchKey(options);\n\n switch (key.kind) {\n case \"JsonWebKey\":\n return key.value;\n case \"KeyVaultKey\":\n return key.value.key!;\n default:\n throw new Error(\"Failed to exchange Key ID for an actual KeyVault Key.\");\n }\n }\n\n /**\n * Returns the underlying key used for cryptographic operations.\n * If needed, fetches the key from KeyVault and exchanges the ID for the actual key.\n * @param options - The additional options.\n */\n private async fetchKey<T extends OperationOptions>(options: T): Promise<CryptographyClientKey> {\n if (this.key.kind === \"identifier\") {\n // Exchange the identifier with the actual key when needed\n const key = await this.remoteProvider!.getKey(options);\n this.key = { kind: \"KeyVaultKey\", value: key };\n }\n return this.key;\n }\n\n private providers?: CryptographyProvider[];\n /**\n * Gets the provider that support this algorithm and operation.\n * The available providers are ordered by priority such that the first provider that supports this\n * operation is the one we should use.\n * @param operation - The {@link KeyOperation}.\n * @param algorithm - The algorithm to use.\n */\n private async getProvider<T extends OperationOptions>(\n operation: CryptographyProviderOperation,\n algorithm: string,\n options: T\n ): Promise<CryptographyProvider> {\n if (!this.providers) {\n const keyMaterial = await this.getKeyMaterial(options);\n // Add local crypto providers as needed\n this.providers = [\n new RsaCryptographyProvider(keyMaterial),\n new AesCryptographyProvider(keyMaterial)\n ];\n\n // If the remote provider exists, we're in hybrid-mode. Otherwise we're in local-only mode.\n // If we're in hybrid mode the remote provider is used as a catch-all and should be last in the list.\n if (this.remoteProvider) {\n this.providers.push(this.remoteProvider);\n }\n }\n\n const providers = this.providers.filter((p) => p.isSupported(algorithm, operation));\n\n if (providers.length === 0) {\n throw new Error(\n `Unable to support operation: \"${operation}\" with algorithm: \"${algorithm}\" ${\n this.key.kind === \"JsonWebKey\" ? \"using a local JsonWebKey\" : \"\"\n }`\n );\n }\n\n // Return the first provider that supports this request\n return providers[0];\n }\n\n private ensureValid(key: CryptographyClientKey, operation?: KeyOperation): void {\n if (key.kind === \"KeyVaultKey\") {\n const keyOps = key.value.keyOperations;\n const { notBefore, expiresOn } = key.value.properties;\n const now = new Date();\n\n // Check KeyVault Key Expiration\n if (notBefore && now < notBefore) {\n throw new Error(`Key ${key.value.id} can't be used before ${notBefore.toISOString()}`);\n }\n\n if (expiresOn && now > expiresOn) {\n throw new Error(`Key ${key.value.id} expired at ${expiresOn.toISOString()}`);\n }\n\n // Check Key operations\n if (operation && keyOps && !keyOps?.includes(operation)) {\n throw new Error(`Operation ${operation} is not supported on key ${key.value.id}`);\n }\n } else if (key.kind === \"JsonWebKey\") {\n // Check JsonWebKey Key operations\n if (operation && key.value.keyOps && !key.value.keyOps?.includes(operation)) {\n throw new Error(`Operation ${operation} is not supported on key ${key.value.kid}`);\n }\n }\n }\n}\n"]}
1
+ {"version":3,"file":"cryptographyClient.js","sourceRoot":"","sources":["../../../src/cryptographyClient.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAiClC,OAAO,EAAE,0BAA0B,EAAE,MAAM,2CAA2C,CAAC;AACvF,OAAO,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAC;AAEpD,OAAO,EAAE,uBAAuB,EAAE,MAAM,wCAAwC,CAAC;AACjF,OAAO,EAAE,uBAAuB,EAAE,MAAM,wCAAwC,CAAC;AACjF,OAAO,EAAE,mBAAmB,EAAE,MAAM,2BAA2B,CAAC;AAEhE,MAAM,SAAS,GAAG,mBAAmB,CAAC,wCAAwC,CAAC,CAAC;AAEhF;;;GAGG;AACH,MAAM,OAAO,kBAAkB;IAsD7B;;;;OAIG;IACH,YACE,GAAsC,EACtC,UAA4B,EAC5B,kBAA6C,EAAE;QAE/C,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE;YAC3B,uCAAuC;YACvC,IAAI,CAAC,GAAG,GAAG;gBACT,IAAI,EAAE,YAAY;gBAClB,KAAK,EAAE,GAAG;aACX,CAAC;YACF,IAAI,CAAC,cAAc,GAAG,IAAI,0BAA0B,CAAC,GAAG,EAAE,UAAW,EAAE,eAAe,CAAC,CAAC;SACzF;aAAM,IAAI,MAAM,IAAI,GAAG,EAAE;YACxB,4CAA4C;YAC5C,IAAI,CAAC,GAAG,GAAG;gBACT,IAAI,EAAE,aAAa;gBACnB,KAAK,EAAE,GAAG;aACX,CAAC;YACF,IAAI,CAAC,cAAc,GAAG,IAAI,0BAA0B,CAAC,GAAG,EAAE,UAAW,EAAE,eAAe,CAAC,CAAC;SACzF;aAAM;YACL,wCAAwC;YACxC,IAAI,CAAC,GAAG,GAAG;gBACT,IAAI,EAAE,YAAY;gBAClB,KAAK,EAAE,GAAG;aACX,CAAC;SACH;IACH,CAAC;IAED;;OAEG;IACH,IAAI,QAAQ;;QACV,OAAO,CAAA,MAAA,IAAI,CAAC,cAAc,0CAAE,QAAQ,KAAI,EAAE,CAAC;IAC7C,CAAC;IAED;;OAEG;IACH,IAAI,KAAK;QACP,IAAI,IAAI,CAAC,GAAG,CAAC,IAAI,KAAK,YAAY,EAAE;YAClC,OAAO,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC;SACvB;aAAM,IAAI,IAAI,CAAC,GAAG,CAAC,IAAI,KAAK,aAAa,EAAE;YAC1C,OAAO,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC;SAC1B;aAAM;YACL,OAAO,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC;SAC3B;IACH,CAAC;IAqCM,OAAO,CACZ,GAAG,IAEmD;QAEtD,MAAM,CAAC,UAAU,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC,4BAA4B,CAAC,IAAI,CAAC,CAAC;QACtE,OAAO,SAAS,CAAC,SAAS,EAAE,OAAO,EAAE,KAAK,EAAE,cAAc,EAAE,EAAE;YAC5D,IAAI,CAAC,WAAW,CAAC,MAAM,IAAI,CAAC,QAAQ,CAAC,cAAc,CAAC,0BAA6B,CAAC;YAClF,IAAI,CAAC,YAAY,CAAC,UAAU,CAAC,CAAC;YAC9B,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,SAAS,EAAE,UAAU,CAAC,SAAS,EAAE,cAAc,CAAC,CAAC;YACzF,IAAI;gBACF,OAAO,QAAQ,CAAC,OAAO,CAAC,UAAU,EAAE,cAAc,CAAC,CAAC;aACrD;YAAC,OAAO,KAAK,EAAE;gBACd,IAAI,IAAI,CAAC,cAAc,EAAE;oBACvB,OAAO,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC,UAAU,EAAE,cAAc,CAAC,CAAC;iBAChE;gBACD,MAAM,KAAK,CAAC;aACb;QACH,CAAC,CAAC,CAAC;IACL,CAAC;IAEO,YAAY,CAAC,UAA6B;QAChD,uFAAuF;QACvF,MAAM,qBAAqB,GAAgC;YACzD,SAAS;YACT,YAAY;YACZ,SAAS;YACT,YAAY;YACZ,SAAS;YACT,YAAY;SACb,CAAC;QAEF,IAAI,UAAU,CAAC,SAAS,IAAI,qBAAqB,EAAE;YACjD,IAAI;gBACF,MAAM,SAAS,GAAG,UAAqC,CAAC;gBACxD,IAAI,CAAC,SAAS,CAAC,EAAE,EAAE;oBACjB,SAAS,CAAC,EAAE,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC;iBAChC;aACF;YAAC,OAAO,CAAC,EAAE;gBACV,MAAM,IAAI,KAAK,CACb,yCAAyC,UAAU,CAAC,SAAS,yDAAyD,CAAC,CAAC,OAAO,EAAE,CAClI,CAAC;aACH;SACF;IACH,CAAC;IAED;;;OAGG;IACK,4BAA4B,CAClC,IAAkF;QAElF,IAAI,OAAO,IAAI,CAAC,CAAC,CAAC,KAAK,QAAQ,EAAE;YAC/B,4CAA4C;YAC5C,OAAO;gBACL;oBACE,SAAS,EAAE,IAAI,CAAC,CAAC,CAAC;oBAClB,SAAS,EAAE,IAAI,CAAC,CAAC,CAAC;iBACE;gBACtB,IAAI,CAAC,CAAC,CAAC,IAAI,EAAE;aACd,CAAC;SACH;aAAM;YACL,sEAAsE;YACtE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,EAAE,CAAmB,CAAC,CAAC;SACrD;IACH,CAAC;IAqCM,OAAO,CACZ,GAAG,IAEmD;QAEtD,MAAM,CAAC,UAAU,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC,4BAA4B,CAAC,IAAI,CAAC,CAAC;QAEtE,OAAO,SAAS,CAAC,SAAS,EAAE,OAAO,EAAE,KAAK,EAAE,cAAc,EAAE,EAAE;YAC5D,IAAI,CAAC,WAAW,CAAC,MAAM,IAAI,CAAC,QAAQ,CAAC,cAAc,CAAC,0BAA6B,CAAC;YAClF,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,SAAS,EAAE,UAAU,CAAC,SAAS,EAAE,cAAc,CAAC,CAAC;YACzF,IAAI;gBACF,OAAO,QAAQ,CAAC,OAAO,CAAC,UAAU,EAAE,cAAc,CAAC,CAAC;aACrD;YAAC,OAAO,KAAK,EAAE;gBACd,IAAI,IAAI,CAAC,cAAc,EAAE;oBACvB,OAAO,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC,UAAU,EAAE,cAAc,CAAC,CAAC;iBAChE;gBACD,MAAM,KAAK,CAAC;aACb;QACH,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;;OAGG;IACK,4BAA4B,CAClC,IAAkF;QAElF,IAAI,OAAO,IAAI,CAAC,CAAC,CAAC,KAAK,QAAQ,EAAE;YAC/B,qDAAqD;YACrD,OAAO;gBACL;oBACE,SAAS,EAAE,IAAI,CAAC,CAAC,CAAC;oBAClB,UAAU,EAAE,IAAI,CAAC,CAAC,CAAC;iBACC;gBACtB,IAAI,CAAC,CAAC,CAAC,IAAI,EAAE;aACd,CAAC;SACH;aAAM;YACL,gFAAgF;YAChF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,EAAE,CAAmB,CAAC,CAAC;SACrD;IACH,CAAC;IAED;;;;;;;;;;;OAWG;IACI,OAAO,CACZ,SAA2B,EAC3B,GAAe,EACf,UAA0B,EAAE;QAE5B,OAAO,SAAS,CAAC,SAAS,EAAE,OAAO,EAAE,KAAK,EAAE,cAAc,EAAE,EAAE;YAC5D,IAAI,CAAC,WAAW,CAAC,MAAM,IAAI,CAAC,QAAQ,CAAC,cAAc,CAAC,0BAA6B,CAAC;YAClF,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,SAAS,EAAE,SAAS,EAAE,cAAc,CAAC,CAAC;YAC9E,IAAI;gBACF,OAAO,QAAQ,CAAC,OAAO,CAAC,SAAS,EAAE,GAAG,EAAE,cAAc,CAAC,CAAC;aACzD;YAAC,OAAO,GAAG,EAAE;gBACZ,IAAI,IAAI,CAAC,cAAc,EAAE;oBACvB,OAAO,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC,SAAS,EAAE,GAAG,EAAE,OAAO,CAAC,CAAC;iBAC7D;gBACD,MAAM,GAAG,CAAC;aACX;QACH,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;;;;;;;;;;OAWG;IACI,SAAS,CACd,SAA2B,EAC3B,YAAwB,EACxB,UAA4B,EAAE;QAE9B,OAAO,SAAS,CAAC,WAAW,EAAE,OAAO,EAAE,KAAK,EAAE,cAAc,EAAE,EAAE;YAC9D,IAAI,CAAC,WAAW,CAAC,MAAM,IAAI,CAAC,QAAQ,CAAC,cAAc,CAAC,8BAA+B,CAAC;YACpF,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,WAAW,EAAE,SAAS,EAAE,cAAc,CAAC,CAAC;YAChF,IAAI;gBACF,OAAO,QAAQ,CAAC,SAAS,CAAC,SAAS,EAAE,YAAY,EAAE,cAAc,CAAC,CAAC;aACpE;YAAC,OAAO,GAAG,EAAE;gBACZ,IAAI,IAAI,CAAC,cAAc,EAAE;oBACvB,OAAO,IAAI,CAAC,cAAc,CAAC,SAAS,CAAC,SAAS,EAAE,YAAY,EAAE,OAAO,CAAC,CAAC;iBACxE;gBACD,MAAM,GAAG,CAAC;aACX;QACH,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;;;;;;;;;;OAWG;IACI,IAAI,CACT,SAA6B,EAC7B,MAAkB,EAClB,UAAuB,EAAE;QAEzB,OAAO,SAAS,CAAC,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,cAAc,EAAE,EAAE;YACzD,IAAI,CAAC,WAAW,CAAC,MAAM,IAAI,CAAC,QAAQ,CAAC,cAAc,CAAC,oBAA0B,CAAC;YAC/E,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,SAAS,EAAE,cAAc,CAAC,CAAC;YAC3E,IAAI;gBACF,OAAO,QAAQ,CAAC,IAAI,CAAC,SAAS,EAAE,MAAM,EAAE,cAAc,CAAC,CAAC;aACzD;YAAC,OAAO,GAAG,EAAE;gBACZ,IAAI,IAAI,CAAC,cAAc,EAAE;oBACvB,OAAO,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,SAAS,EAAE,MAAM,EAAE,cAAc,CAAC,CAAC;iBACpE;gBACD,MAAM,GAAG,CAAC;aACX;QACH,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;;;;;;;;;;;OAYG;IACI,MAAM,CACX,SAA6B,EAC7B,MAAkB,EAClB,SAAqB,EACrB,UAAyB,EAAE;QAE3B,OAAO,SAAS,CAAC,QAAQ,EAAE,OAAO,EAAE,KAAK,EAAE,cAAc,EAAE,EAAE;YAC3D,IAAI,CAAC,WAAW,CAAC,MAAM,IAAI,CAAC,QAAQ,CAAC,cAAc,CAAC,wBAA4B,CAAC;YACjF,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,QAAQ,EAAE,SAAS,EAAE,cAAc,CAAC,CAAC;YAC7E,IAAI;gBACF,OAAO,QAAQ,CAAC,MAAM,CAAC,SAAS,EAAE,MAAM,EAAE,SAAS,EAAE,cAAc,CAAC,CAAC;aACtE;YAAC,OAAO,GAAG,EAAE;gBACZ,IAAI,IAAI,CAAC,cAAc,EAAE;oBACvB,OAAO,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,SAAS,EAAE,MAAM,EAAE,SAAS,EAAE,cAAc,CAAC,CAAC;iBACjF;gBACD,MAAM,GAAG,CAAC;aACX;QACH,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;;;;;;;;;;OAWG;IACI,QAAQ,CACb,SAA6B,EAC7B,IAAgB,EAChB,UAAuB,EAAE;QAEzB,OAAO,SAAS,CAAC,UAAU,EAAE,OAAO,EAAE,KAAK,EAAE,cAAc,EAAE,EAAE;YAC7D,IAAI,CAAC,WAAW,CAAC,MAAM,IAAI,CAAC,QAAQ,CAAC,cAAc,CAAC,oBAA0B,CAAC;YAC/E,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,UAAU,EAAE,SAAS,EAAE,cAAc,CAAC,CAAC;YAC/E,IAAI;gBACF,OAAO,QAAQ,CAAC,QAAQ,CAAC,SAAS,EAAE,IAAI,EAAE,cAAc,CAAC,CAAC;aAC3D;YAAC,OAAO,GAAG,EAAE;gBACZ,IAAI,IAAI,CAAC,cAAc,EAAE;oBACvB,OAAO,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,SAAS,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC;iBAC/D;gBACD,MAAM,GAAG,CAAC;aACX;QACH,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;;;;;;;;;;;OAYG;IACI,UAAU,CACf,SAA6B,EAC7B,IAAgB,EAChB,SAAqB,EACrB,UAAyB,EAAE;QAE3B,OAAO,SAAS,CAAC,YAAY,EAAE,OAAO,EAAE,KAAK,EAAE,cAAc,EAAE,EAAE;YAC/D,IAAI,CAAC,WAAW,CAAC,MAAM,IAAI,CAAC,QAAQ,CAAC,cAAc,CAAC,wBAA4B,CAAC;YACjF,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,YAAY,EAAE,SAAS,EAAE,cAAc,CAAC,CAAC;YACjF,IAAI;gBACF,OAAO,QAAQ,CAAC,UAAU,CAAC,SAAS,EAAE,IAAI,EAAE,SAAS,EAAE,cAAc,CAAC,CAAC;aACxE;YAAC,OAAO,GAAG,EAAE;gBACZ,IAAI,IAAI,CAAC,cAAc,EAAE;oBACvB,OAAO,IAAI,CAAC,cAAc,CAAC,UAAU,CAAC,SAAS,EAAE,IAAI,EAAE,SAAS,EAAE,cAAc,CAAC,CAAC;iBACnF;gBACD,MAAM,GAAG,CAAC;aACX;QACH,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;;;;;;;;OASG;IACK,KAAK,CAAC,cAAc,CAAC,OAAsB;QACjD,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;QAEzC,QAAQ,GAAG,CAAC,IAAI,EAAE;YAChB,KAAK,YAAY;gBACf,OAAO,GAAG,CAAC,KAAK,CAAC;YACnB,KAAK,aAAa;gBAChB,OAAO,GAAG,CAAC,KAAK,CAAC,GAAI,CAAC;YACxB;gBACE,MAAM,IAAI,KAAK,CAAC,uDAAuD,CAAC,CAAC;SAC5E;IACH,CAAC;IAED;;;;OAIG;IACK,KAAK,CAAC,QAAQ,CAA6B,OAAU;QAC3D,IAAI,IAAI,CAAC,GAAG,CAAC,IAAI,KAAK,YAAY,EAAE;YAClC,0DAA0D;YAC1D,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,cAAe,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;YACvD,IAAI,CAAC,GAAG,GAAG,EAAE,IAAI,EAAE,aAAa,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC;SAChD;QACD,OAAO,IAAI,CAAC,GAAG,CAAC;IAClB,CAAC;IAGD;;;;;;OAMG;IACK,KAAK,CAAC,WAAW,CACvB,SAAwC,EACxC,SAAiB,EACjB,OAAU;QAEV,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE;YACnB,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC;YACvD,uCAAuC;YACvC,IAAI,CAAC,SAAS,GAAG;gBACf,IAAI,uBAAuB,CAAC,WAAW,CAAC;gBACxC,IAAI,uBAAuB,CAAC,WAAW,CAAC;aACzC,CAAC;YAEF,2FAA2F;YAC3F,qGAAqG;YACrG,IAAI,IAAI,CAAC,cAAc,EAAE;gBACvB,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;aAC1C;SACF;QAED,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,CAAC,SAAS,EAAE,SAAS,CAAC,CAAC,CAAC;QAEpF,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE;YAC1B,MAAM,IAAI,KAAK,CACb,iCAAiC,SAAS,sBAAsB,SAAS,KACvE,IAAI,CAAC,GAAG,CAAC,IAAI,KAAK,YAAY,CAAC,CAAC,CAAC,0BAA0B,CAAC,CAAC,CAAC,EAChE,EAAE,CACH,CAAC;SACH;QAED,uDAAuD;QACvD,OAAO,SAAS,CAAC,CAAC,CAAC,CAAC;IACtB,CAAC;IAEO,WAAW,CAAC,GAA0B,EAAE,SAAwB;;QACtE,IAAI,GAAG,CAAC,IAAI,KAAK,aAAa,EAAE;YAC9B,MAAM,MAAM,GAAG,GAAG,CAAC,KAAK,CAAC,aAAa,CAAC;YACvC,MAAM,EAAE,SAAS,EAAE,SAAS,EAAE,GAAG,GAAG,CAAC,KAAK,CAAC,UAAU,CAAC;YACtD,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;YAEvB,gCAAgC;YAChC,IAAI,SAAS,IAAI,GAAG,GAAG,SAAS,EAAE;gBAChC,MAAM,IAAI,KAAK,CAAC,OAAO,GAAG,CAAC,KAAK,CAAC,EAAE,yBAAyB,SAAS,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;aACxF;YAED,IAAI,SAAS,IAAI,GAAG,GAAG,SAAS,EAAE;gBAChC,MAAM,IAAI,KAAK,CAAC,OAAO,GAAG,CAAC,KAAK,CAAC,EAAE,eAAe,SAAS,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;aAC9E;YAED,uBAAuB;YACvB,IAAI,SAAS,IAAI,MAAM,IAAI,CAAC,CAAA,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,QAAQ,CAAC,SAAS,CAAC,CAAA,EAAE;gBACvD,MAAM,IAAI,KAAK,CAAC,aAAa,SAAS,4BAA4B,GAAG,CAAC,KAAK,CAAC,EAAE,EAAE,CAAC,CAAC;aACnF;SACF;aAAM,IAAI,GAAG,CAAC,IAAI,KAAK,YAAY,EAAE;YACpC,kCAAkC;YAClC,IAAI,SAAS,IAAI,GAAG,CAAC,KAAK,CAAC,MAAM,IAAI,CAAC,CAAA,MAAA,GAAG,CAAC,KAAK,CAAC,MAAM,0CAAE,QAAQ,CAAC,SAAS,CAAC,CAAA,EAAE;gBAC3E,MAAM,IAAI,KAAK,CAAC,aAAa,SAAS,4BAA4B,GAAG,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC;aACpF;SACF;IACH,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { OperationOptions, TokenCredential } from \"@azure/core-http\";\nimport {\n JsonWebKey,\n KeyVaultKey,\n CryptographyClientOptions,\n GetKeyOptions,\n KeyOperation,\n KnownKeyOperations\n} from \"./keysModels\";\nimport {\n EncryptionAlgorithm,\n KeyWrapAlgorithm,\n WrapResult,\n UnwrapResult,\n DecryptResult,\n SignatureAlgorithm,\n SignResult,\n VerifyResult,\n EncryptResult,\n EncryptOptions,\n DecryptOptions,\n WrapKeyOptions,\n UnwrapKeyOptions,\n EncryptParameters,\n SignOptions,\n VerifyOptions,\n DecryptParameters,\n CryptographyClientKey,\n AesCbcEncryptParameters,\n AesCbcEncryptionAlgorithm\n} from \"./cryptographyClientModels\";\nimport { RemoteCryptographyProvider } from \"./cryptography/remoteCryptographyProvider\";\nimport { randomBytes } from \"./cryptography/crypto\";\nimport { CryptographyProvider, CryptographyProviderOperation } from \"./cryptography/models\";\nimport { RsaCryptographyProvider } from \"./cryptography/rsaCryptographyProvider\";\nimport { AesCryptographyProvider } from \"./cryptography/aesCryptographyProvider\";\nimport { createTraceFunction } from \"../../keyvault-common/src\";\n\nconst withTrace = createTraceFunction(\"Azure.KeyVault.Keys.CryptographyClient\");\n\n/**\n * A client used to perform cryptographic operations on an Azure Key vault key\n * or a local {@link JsonWebKey}.\n */\nexport class CryptographyClient {\n /**\n * The key the CryptographyClient currently holds.\n */\n private key: CryptographyClientKey;\n\n /**\n * The remote provider, which would be undefined if used in local mode.\n */\n private remoteProvider?: RemoteCryptographyProvider;\n\n /**\n * Constructs a new instance of the Cryptography client for the given key\n *\n * Example usage:\n * ```ts\n * import { KeyClient, CryptographyClient } from \"@azure/keyvault-keys\";\n * import { DefaultAzureCredential } from \"@azure/identity\";\n *\n * let vaultUrl = `https://<MY KEYVAULT HERE>.vault.azure.net`;\n * let credentials = new DefaultAzureCredential();\n *\n * let keyClient = new KeyClient(vaultUrl, credentials);\n * let keyVaultKey = await keyClient.getKey(\"MyKey\");\n *\n * let client = new CryptographyClient(keyVaultKey.id, credentials);\n * // or\n * let client = new CryptographyClient(keyVaultKey, credentials);\n * ```\n * @param key - The key to use during cryptography tasks. You can also pass the identifier of the key i.e its url here.\n * @param credential - An object that implements the `TokenCredential` interface used to authenticate requests to the service. Use the \\@azure/identity package to create a credential that suits your needs.\n * @param pipelineOptions - Pipeline options used to configure Key Vault API requests.\n * Omit this parameter to use the default pipeline configuration.\n */\n constructor(\n key: string | KeyVaultKey,\n credential: TokenCredential,\n pipelineOptions?: CryptographyClientOptions\n );\n /**\n * Constructs a new instance of the Cryptography client for the given key in local mode.\n *\n * Example usage:\n * ```ts\n * import { CryptographyClient } from \"@azure/keyvault-keys\";\n *\n * const jsonWebKey: JsonWebKey = {\n * // ...\n * };\n * const client = new CryptographyClient(jsonWebKey);\n * ```\n * @param key - The JsonWebKey to use during cryptography operations.\n */\n constructor(key: JsonWebKey);\n /**\n * Internal constructor implementation for either local or Key Vault backed keys.\n * @param key - The key to use during cryptography tasks.\n * @param credential - Teh credential to use when constructing a Key Vault Cryptography client.\n */\n constructor(\n key: string | KeyVaultKey | JsonWebKey,\n credential?: TokenCredential,\n pipelineOptions: CryptographyClientOptions = {}\n ) {\n if (typeof key === \"string\") {\n // Key URL for remote-local operations.\n this.key = {\n kind: \"identifier\",\n value: key\n };\n this.remoteProvider = new RemoteCryptographyProvider(key, credential!, pipelineOptions);\n } else if (\"name\" in key) {\n // KeyVault key for remote-local operations.\n this.key = {\n kind: \"KeyVaultKey\",\n value: key\n };\n this.remoteProvider = new RemoteCryptographyProvider(key, credential!, pipelineOptions);\n } else {\n // JsonWebKey for local-only operations.\n this.key = {\n kind: \"JsonWebKey\",\n value: key\n };\n }\n }\n\n /**\n * The base URL to the vault. If a local {@link JsonWebKey} is used vaultUrl will be empty.\n */\n get vaultUrl(): string {\n return this.remoteProvider?.vaultUrl || \"\";\n }\n\n /**\n * The ID of the key used to perform cryptographic operations for the client.\n */\n get keyID(): string | undefined {\n if (this.key.kind === \"identifier\") {\n return this.key.value;\n } else if (this.key.kind === \"KeyVaultKey\") {\n return this.key.value.id;\n } else {\n return this.key.value.kid;\n }\n }\n\n /**\n * Encrypts the given plaintext with the specified encryption parameters.\n * Depending on the algorithm set in the encryption parameters, the set of possible encryption parameters will change.\n *\n * Example usage:\n * ```ts\n * let client = new CryptographyClient(keyVaultKey, credentials);\n * let result = await client.encrypt({ algorithm: \"RSA1_5\", plaintext: Buffer.from(\"My Message\")});\n * let result = await client.encrypt({ algorithm: \"A256GCM\", plaintext: Buffer.from(\"My Message\"), additionalAuthenticatedData: Buffer.from(\"My authenticated data\")});\n * ```\n * @param encryptParameters - The encryption parameters, keyed on the encryption algorithm chosen.\n * @param options - Additional options.\n */\n public encrypt(\n encryptParameters: EncryptParameters,\n options?: EncryptOptions\n ): Promise<EncryptResult>;\n /**\n * Encrypts the given plaintext with the specified cryptography algorithm\n *\n * Example usage:\n * ```ts\n * let client = new CryptographyClient(keyVaultKey, credentials);\n * let result = await client.encrypt(\"RSA1_5\", Buffer.from(\"My Message\"));\n * ```\n * @param algorithm - The algorithm to use.\n * @param plaintext - The text to encrypt.\n * @param options - Additional options.\n * @deprecated Use `encrypt({ algorithm, plaintext }, options)` instead.\n */\n public encrypt(\n algorithm: EncryptionAlgorithm,\n plaintext: Uint8Array,\n options?: EncryptOptions\n ): Promise<EncryptResult>;\n public encrypt(\n ...args:\n | [EncryptParameters, EncryptOptions?]\n | [EncryptionAlgorithm, Uint8Array, EncryptOptions?]\n ): Promise<EncryptResult> {\n const [parameters, options] = this.disambiguateEncryptArguments(args);\n return withTrace(\"encrypt\", options, async (updatedOptions) => {\n this.ensureValid(await this.fetchKey(updatedOptions), KnownKeyOperations.Encrypt);\n this.initializeIV(parameters);\n const provider = await this.getProvider(\"encrypt\", parameters.algorithm, updatedOptions);\n try {\n return provider.encrypt(parameters, updatedOptions);\n } catch (error) {\n if (this.remoteProvider) {\n return this.remoteProvider.encrypt(parameters, updatedOptions);\n }\n throw error;\n }\n });\n }\n\n private initializeIV(parameters: EncryptParameters): void {\n // For AES-GCM the service **must** generate the IV, so we only populate it for AES-CBC\n const algorithmsRequiringIV: AesCbcEncryptionAlgorithm[] = [\n \"A128CBC\",\n \"A128CBCPAD\",\n \"A192CBC\",\n \"A192CBCPAD\",\n \"A256CBC\",\n \"A256CBCPAD\"\n ];\n\n if (parameters.algorithm in algorithmsRequiringIV) {\n try {\n const cbcParams = parameters as AesCbcEncryptParameters;\n if (!cbcParams.iv) {\n cbcParams.iv = randomBytes(16);\n }\n } catch (e) {\n throw new Error(\n `Unable to initialize IV for algorithm ${parameters.algorithm}. You may pass a valid IV to avoid this error. Error: ${e.message}`\n );\n }\n }\n }\n\n /**\n * Standardizes the arguments of multiple overloads into a single shape.\n * @param args - The encrypt arguments\n */\n private disambiguateEncryptArguments(\n args: [EncryptParameters, EncryptOptions?] | [string, Uint8Array, EncryptOptions?]\n ): [EncryptParameters, EncryptOptions] {\n if (typeof args[0] === \"string\") {\n // Sample shape: [\"RSA1_5\", buffer, options]\n return [\n {\n algorithm: args[0],\n plaintext: args[1]\n } as EncryptParameters,\n args[2] || {}\n ];\n } else {\n // Sample shape: [{ algorithm: \"RSA1_5\", plaintext: buffer }, options]\n return [args[0], (args[1] || {}) as EncryptOptions];\n }\n }\n\n /**\n * Decrypts the given ciphertext with the specified decryption parameters.\n * Depending on the algorithm used in the decryption parameters, the set of possible decryption parameters will change.\n *\n * Example usage:\n * ```ts\n * let client = new CryptographyClient(keyVaultKey, credentials);\n * let result = await client.decrypt({ algorithm: \"RSA1_5\", ciphertext: encryptedBuffer });\n * let result = await client.decrypt({ algorithm: \"A256GCM\", iv: ivFromEncryptResult, authenticationTag: tagFromEncryptResult });\n * ```\n * @param decryptParameters - The decryption parameters.\n * @param options - Additional options.\n */\n public async decrypt(\n decryptParameters: DecryptParameters,\n options?: DecryptOptions\n ): Promise<DecryptResult>;\n /**\n * Decrypts the given ciphertext with the specified cryptography algorithm\n *\n * Example usage:\n * ```ts\n * let client = new CryptographyClient(keyVaultKey, credentials);\n * let result = await client.decrypt(\"RSA1_5\", encryptedBuffer);\n * ```\n * @param algorithm - The algorithm to use.\n * @param ciphertext - The text to decrypt.\n * @param options - Additional options.\n * @deprecated Use `decrypt({ algorithm, ciphertext }, options)` instead.\n */\n public decrypt(\n algorithm: EncryptionAlgorithm,\n ciphertext: Uint8Array,\n options?: DecryptOptions\n ): Promise<DecryptResult>;\n public decrypt(\n ...args:\n | [DecryptParameters, DecryptOptions?]\n | [EncryptionAlgorithm, Uint8Array, DecryptOptions?]\n ): Promise<DecryptResult> {\n const [parameters, options] = this.disambiguateDecryptArguments(args);\n\n return withTrace(\"decrypt\", options, async (updatedOptions) => {\n this.ensureValid(await this.fetchKey(updatedOptions), KnownKeyOperations.Decrypt);\n const provider = await this.getProvider(\"decrypt\", parameters.algorithm, updatedOptions);\n try {\n return provider.decrypt(parameters, updatedOptions);\n } catch (error) {\n if (this.remoteProvider) {\n return this.remoteProvider.decrypt(parameters, updatedOptions);\n }\n throw error;\n }\n });\n }\n\n /**\n * Standardizes the arguments of multiple overloads into a single shape.\n * @param args - The decrypt arguments\n */\n private disambiguateDecryptArguments(\n args: [DecryptParameters, DecryptOptions?] | [string, Uint8Array, DecryptOptions?]\n ): [DecryptParameters, DecryptOptions] {\n if (typeof args[0] === \"string\") {\n // Sample shape: [\"RSA1_5\", encryptedBuffer, options]\n return [\n {\n algorithm: args[0],\n ciphertext: args[1]\n } as DecryptParameters,\n args[2] || {}\n ];\n } else {\n // Sample shape: [{ algorithm: \"RSA1_5\", ciphertext: encryptedBuffer }, options]\n return [args[0], (args[1] || {}) as DecryptOptions];\n }\n }\n\n /**\n * Wraps the given key using the specified cryptography algorithm\n *\n * Example usage:\n * ```ts\n * let client = new CryptographyClient(keyVaultKey, credentials);\n * let result = await client.wrapKey(\"RSA1_5\", keyToWrap);\n * ```\n * @param algorithm - The encryption algorithm to use to wrap the given key.\n * @param key - The key to wrap.\n * @param options - Additional options.\n */\n public wrapKey(\n algorithm: KeyWrapAlgorithm,\n key: Uint8Array,\n options: WrapKeyOptions = {}\n ): Promise<WrapResult> {\n return withTrace(\"wrapKey\", options, async (updatedOptions) => {\n this.ensureValid(await this.fetchKey(updatedOptions), KnownKeyOperations.WrapKey);\n const provider = await this.getProvider(\"wrapKey\", algorithm, updatedOptions);\n try {\n return provider.wrapKey(algorithm, key, updatedOptions);\n } catch (err) {\n if (this.remoteProvider) {\n return this.remoteProvider.wrapKey(algorithm, key, options);\n }\n throw err;\n }\n });\n }\n\n /**\n * Unwraps the given wrapped key using the specified cryptography algorithm\n *\n * Example usage:\n * ```ts\n * let client = new CryptographyClient(keyVaultKey, credentials);\n * let result = await client.unwrapKey(\"RSA1_5\", keyToUnwrap);\n * ```\n * @param algorithm - The decryption algorithm to use to unwrap the key.\n * @param encryptedKey - The encrypted key to unwrap.\n * @param options - Additional options.\n */\n public unwrapKey(\n algorithm: KeyWrapAlgorithm,\n encryptedKey: Uint8Array,\n options: UnwrapKeyOptions = {}\n ): Promise<UnwrapResult> {\n return withTrace(\"unwrapKey\", options, async (updatedOptions) => {\n this.ensureValid(await this.fetchKey(updatedOptions), KnownKeyOperations.UnwrapKey);\n const provider = await this.getProvider(\"unwrapKey\", algorithm, updatedOptions);\n try {\n return provider.unwrapKey(algorithm, encryptedKey, updatedOptions);\n } catch (err) {\n if (this.remoteProvider) {\n return this.remoteProvider.unwrapKey(algorithm, encryptedKey, options);\n }\n throw err;\n }\n });\n }\n\n /**\n * Cryptographically sign the digest of a message\n *\n * Example usage:\n * ```ts\n * let client = new CryptographyClient(keyVaultKey, credentials);\n * let result = await client.sign(\"RS256\", digest);\n * ```\n * @param algorithm - The signing algorithm to use.\n * @param digest - The digest of the data to sign.\n * @param options - Additional options.\n */\n public sign(\n algorithm: SignatureAlgorithm,\n digest: Uint8Array,\n options: SignOptions = {}\n ): Promise<SignResult> {\n return withTrace(\"sign\", options, async (updatedOptions) => {\n this.ensureValid(await this.fetchKey(updatedOptions), KnownKeyOperations.Sign);\n const provider = await this.getProvider(\"sign\", algorithm, updatedOptions);\n try {\n return provider.sign(algorithm, digest, updatedOptions);\n } catch (err) {\n if (this.remoteProvider) {\n return this.remoteProvider.sign(algorithm, digest, updatedOptions);\n }\n throw err;\n }\n });\n }\n\n /**\n * Verify the signed message digest\n *\n * Example usage:\n * ```ts\n * let client = new CryptographyClient(keyVaultKey, credentials);\n * let result = await client.verify(\"RS256\", signedDigest, signature);\n * ```\n * @param algorithm - The signing algorithm to use to verify with.\n * @param digest - The digest to verify.\n * @param signature - The signature to verify the digest against.\n * @param options - Additional options.\n */\n public verify(\n algorithm: SignatureAlgorithm,\n digest: Uint8Array,\n signature: Uint8Array,\n options: VerifyOptions = {}\n ): Promise<VerifyResult> {\n return withTrace(\"verify\", options, async (updatedOptions) => {\n this.ensureValid(await this.fetchKey(updatedOptions), KnownKeyOperations.Verify);\n const provider = await this.getProvider(\"verify\", algorithm, updatedOptions);\n try {\n return provider.verify(algorithm, digest, signature, updatedOptions);\n } catch (err) {\n if (this.remoteProvider) {\n return this.remoteProvider.verify(algorithm, digest, signature, updatedOptions);\n }\n throw err;\n }\n });\n }\n\n /**\n * Cryptographically sign a block of data\n *\n * Example usage:\n * ```ts\n * let client = new CryptographyClient(keyVaultKey, credentials);\n * let result = await client.signData(\"RS256\", message);\n * ```\n * @param algorithm - The signing algorithm to use.\n * @param data - The data to sign.\n * @param options - Additional options.\n */\n public signData(\n algorithm: SignatureAlgorithm,\n data: Uint8Array,\n options: SignOptions = {}\n ): Promise<SignResult> {\n return withTrace(\"signData\", options, async (updatedOptions) => {\n this.ensureValid(await this.fetchKey(updatedOptions), KnownKeyOperations.Sign);\n const provider = await this.getProvider(\"signData\", algorithm, updatedOptions);\n try {\n return provider.signData(algorithm, data, updatedOptions);\n } catch (err) {\n if (this.remoteProvider) {\n return this.remoteProvider.signData(algorithm, data, options);\n }\n throw err;\n }\n });\n }\n\n /**\n * Verify the signed block of data\n *\n * Example usage:\n * ```ts\n * let client = new CryptographyClient(keyVaultKey, credentials);\n * let result = await client.verifyData(\"RS256\", signedMessage, signature);\n * ```\n * @param algorithm - The algorithm to use to verify with.\n * @param data - The signed block of data to verify.\n * @param signature - The signature to verify the block against.\n * @param options - Additional options.\n */\n public verifyData(\n algorithm: SignatureAlgorithm,\n data: Uint8Array,\n signature: Uint8Array,\n options: VerifyOptions = {}\n ): Promise<VerifyResult> {\n return withTrace(\"verifyData\", options, async (updatedOptions) => {\n this.ensureValid(await this.fetchKey(updatedOptions), KnownKeyOperations.Verify);\n const provider = await this.getProvider(\"verifyData\", algorithm, updatedOptions);\n try {\n return provider.verifyData(algorithm, data, signature, updatedOptions);\n } catch (err) {\n if (this.remoteProvider) {\n return this.remoteProvider.verifyData(algorithm, data, signature, updatedOptions);\n }\n throw err;\n }\n });\n }\n\n /**\n * @internal\n * Retrieves the {@link JsonWebKey} from the Key Vault.\n *\n * Example usage:\n * ```ts\n * let client = new CryptographyClient(keyVaultKey, credentials);\n * let result = await client.getKeyMaterial();\n * ```\n */\n private async getKeyMaterial(options: GetKeyOptions): Promise<JsonWebKey> {\n const key = await this.fetchKey(options);\n\n switch (key.kind) {\n case \"JsonWebKey\":\n return key.value;\n case \"KeyVaultKey\":\n return key.value.key!;\n default:\n throw new Error(\"Failed to exchange Key ID for an actual KeyVault Key.\");\n }\n }\n\n /**\n * Returns the underlying key used for cryptographic operations.\n * If needed, fetches the key from KeyVault and exchanges the ID for the actual key.\n * @param options - The additional options.\n */\n private async fetchKey<T extends OperationOptions>(options: T): Promise<CryptographyClientKey> {\n if (this.key.kind === \"identifier\") {\n // Exchange the identifier with the actual key when needed\n const key = await this.remoteProvider!.getKey(options);\n this.key = { kind: \"KeyVaultKey\", value: key };\n }\n return this.key;\n }\n\n private providers?: CryptographyProvider[];\n /**\n * Gets the provider that support this algorithm and operation.\n * The available providers are ordered by priority such that the first provider that supports this\n * operation is the one we should use.\n * @param operation - The {@link KeyOperation}.\n * @param algorithm - The algorithm to use.\n */\n private async getProvider<T extends OperationOptions>(\n operation: CryptographyProviderOperation,\n algorithm: string,\n options: T\n ): Promise<CryptographyProvider> {\n if (!this.providers) {\n const keyMaterial = await this.getKeyMaterial(options);\n // Add local crypto providers as needed\n this.providers = [\n new RsaCryptographyProvider(keyMaterial),\n new AesCryptographyProvider(keyMaterial)\n ];\n\n // If the remote provider exists, we're in hybrid-mode. Otherwise we're in local-only mode.\n // If we're in hybrid mode the remote provider is used as a catch-all and should be last in the list.\n if (this.remoteProvider) {\n this.providers.push(this.remoteProvider);\n }\n }\n\n const providers = this.providers.filter((p) => p.isSupported(algorithm, operation));\n\n if (providers.length === 0) {\n throw new Error(\n `Unable to support operation: \"${operation}\" with algorithm: \"${algorithm}\" ${\n this.key.kind === \"JsonWebKey\" ? \"using a local JsonWebKey\" : \"\"\n }`\n );\n }\n\n // Return the first provider that supports this request\n return providers[0];\n }\n\n private ensureValid(key: CryptographyClientKey, operation?: KeyOperation): void {\n if (key.kind === \"KeyVaultKey\") {\n const keyOps = key.value.keyOperations;\n const { notBefore, expiresOn } = key.value.properties;\n const now = new Date();\n\n // Check KeyVault Key Expiration\n if (notBefore && now < notBefore) {\n throw new Error(`Key ${key.value.id} can't be used before ${notBefore.toISOString()}`);\n }\n\n if (expiresOn && now > expiresOn) {\n throw new Error(`Key ${key.value.id} expired at ${expiresOn.toISOString()}`);\n }\n\n // Check Key operations\n if (operation && keyOps && !keyOps?.includes(operation)) {\n throw new Error(`Operation ${operation} is not supported on key ${key.value.id}`);\n }\n } else if (key.kind === \"JsonWebKey\") {\n // Check JsonWebKey Key operations\n if (operation && key.value.keyOps && !key.value.keyOps?.includes(operation)) {\n throw new Error(`Operation ${operation} is not supported on key ${key.value.kid}`);\n }\n }\n }\n}\n"]}
package/dist-esm/keyvault-keys/src/generated/keyVaultClient.js CHANGED
@@ -9,6 +9,7 @@ import * as coreHttp from "@azure/core-http";
9
9
  import * as Parameters from "./models/parameters";
10
10
  import * as Mappers from "./models/mappers";
11
11
  import { KeyVaultClientContext } from "./keyVaultClientContext";
12
+ /** @hidden */
12
13
  export class KeyVaultClient extends KeyVaultClientContext {
13
14
  /**
14
15
  * Initializes a new instance of the KeyVaultClient class.
@@ -36,21 +37,6 @@ export class KeyVaultClient extends KeyVaultClientContext {
36
37
  };
37
38
  return this.sendOperationRequest(operationArguments, createKeyOperationSpec);
38
39
  }
39
- /**
40
- * The operation will rotate the key based on the key policy. It requires the keys/rotate permission.
41
- * @param vaultBaseUrl The vault name, for example https://myvault.vault.azure.net.
42
- * @param keyName The name of key to be rotated. The system will generate a new version in the
43
- * specified key.
44
- * @param options The options parameters.
45
- */
46
- rotateKey(vaultBaseUrl, keyName, options) {
47
- const operationArguments = {
48
- vaultBaseUrl,
49
- keyName,
50
- options: coreHttp.operationOptionsToRequestOptionsBase(options || {})
51
- };
52
- return this.sendOperationRequest(operationArguments, rotateKeyOperationSpec);
53
- }
54
40
  /**
55
41
  * The import key operation may be used to import any key type into an Azure Key Vault. If the named
56
42
  * key already exists, Azure Key Vault creates a new version of the key. This operation requires the
@@ -346,42 +332,6 @@ export class KeyVaultClient extends KeyVaultClientContext {
346
332
  };
347
333
  return this.sendOperationRequest(operationArguments, unwrapKeyOperationSpec);
348
334
  }
349
- /**
350
- * The export key operation is applicable to all key types. The target key must be marked exportable.
351
- * This operation requires the keys/export permission.
352
- * @param vaultBaseUrl The vault name, for example https://myvault.vault.azure.net.
353
- * @param keyName The name of the key to get.
354
- * @param keyVersion Adding the version parameter retrieves a specific version of a key.
355
- * @param options The options parameters.
356
- */
357
- export(vaultBaseUrl, keyName, keyVersion, options) {
358
- const operationArguments = {
359
- vaultBaseUrl,
360
- keyName,
361
- keyVersion,
362
- options: coreHttp.operationOptionsToRequestOptionsBase(options || {})
363
- };
364
- return this.sendOperationRequest(operationArguments, exportOperationSpec);
365
- }
366
- /**
367
- * The release key operation is applicable to all key types. The target key must be marked exportable.
368
- * This operation requires the keys/release permission.
369
- * @param vaultBaseUrl The vault name, for example https://myvault.vault.azure.net.
370
- * @param keyName The name of the key to get.
371
- * @param keyVersion Adding the version parameter retrieves a specific version of a key.
372
- * @param target The attestation assertion for the target of the key release.
373
- * @param options The options parameters.
374
- */
375
- release(vaultBaseUrl, keyName, keyVersion, target, options) {
376
- const operationArguments = {
377
- vaultBaseUrl,
378
- keyName,
379
- keyVersion,
380
- target,
381
- options: coreHttp.operationOptionsToRequestOptionsBase(options || {})
382
- };
383
- return this.sendOperationRequest(operationArguments, releaseOperationSpec);
384
- }
385
335
  /**
386
336
  * Retrieves a list of the keys in the Key Vault as JSON Web Key structures that contain the public
387
337
  * part of a deleted key. This operation includes deletion-specific information. The Get Deleted Keys
@@ -447,52 +397,6 @@ export class KeyVaultClient extends KeyVaultClientContext {
447
397
  };
448
398
  return this.sendOperationRequest(operationArguments, recoverDeletedKeyOperationSpec);
449
399
  }
450
- /**
451
- * The GetKeyRotationPolicy operation returns the specified key policy resources in the specified key
452
- * vault. This operation requires the keys/get permission.
453
- * @param vaultBaseUrl The vault name, for example https://myvault.vault.azure.net.
454
- * @param keyName The name of the key in a given key vault.
455
- * @param options The options parameters.
456
- */
457
- getKeyRotationPolicy(vaultBaseUrl, keyName, options) {
458
- const operationArguments = {
459
- vaultBaseUrl,
460
- keyName,
461
- options: coreHttp.operationOptionsToRequestOptionsBase(options || {})
462
- };
463
- return this.sendOperationRequest(operationArguments, getKeyRotationPolicyOperationSpec);
464
- }
465
- /**
466
- * Set specified members in the key policy. Leave others as undefined. This operation requires the
467
- * keys/update permission.
468
- * @param vaultBaseUrl The vault name, for example https://myvault.vault.azure.net.
469
- * @param keyName The name of the key in the given vault.
470
- * @param keyRotationPolicy The policy for the key.
471
- * @param options The options parameters.
472
- */
473
- updateKeyRotationPolicy(vaultBaseUrl, keyName, keyRotationPolicy, options) {
474
- const operationArguments = {
475
- vaultBaseUrl,
476
- keyName,
477
- keyRotationPolicy,
478
- options: coreHttp.operationOptionsToRequestOptionsBase(options || {})
479
- };
480
- return this.sendOperationRequest(operationArguments, updateKeyRotationPolicyOperationSpec);
481
- }
482
- /**
483
- * Get the requested number of bytes containing random values from a managed HSM.
484
- * @param vaultBaseUrl The vault name, for example https://myvault.vault.azure.net.
485
- * @param count The requested number of random bytes.
486
- * @param options The options parameters.
487
- */
488
- getRandomBytes(vaultBaseUrl, count, options) {
489
- const operationArguments = {
490
- vaultBaseUrl,
491
- count,
492
- options: coreHttp.operationOptionsToRequestOptionsBase(options || {})
493
- };
494
- return this.sendOperationRequest(operationArguments, getRandomBytesOperationSpec);
495
- }
496
400
  /**
497
401
  * GetKeyVersionsNext
498
402
  * @param vaultBaseUrl The vault name, for example https://myvault.vault.azure.net.
@@ -559,10 +463,9 @@ const createKeyOperationSpec = {
559
463
  keyOps: ["options", "keyOps"],
560
464
  keyAttributes: ["options", "keyAttributes"],
561
465
  tags: ["options", "tags"],
562
- curve: ["options", "curve"],
563
- releasePolicy: ["options", "releasePolicy"]
466
+ curve: ["options", "curve"]
564
467
  },
565
- mapper: Object.assign(Object.assign({}, Mappers.KeyCreateParameters), { required: true })
468
+ mapper: Mappers.KeyCreateParameters
566
469
  },
567
470
  queryParameters: [Parameters.apiVersion],
568
471
  urlParameters: [Parameters.vaultBaseUrl, Parameters.keyName],
@@ -570,22 +473,6 @@ const createKeyOperationSpec = {
570
473
  mediaType: "json",
571
474
  serializer
572
475
  };
573
- const rotateKeyOperationSpec = {
574
- path: "/keys/{key-name}/rotate",
575
- httpMethod: "POST",
576
- responses: {
577
- 200: {
578
- bodyMapper: Mappers.KeyBundle
579
- },
580
- default: {
581
- bodyMapper: Mappers.KeyVaultError
582
- }
583
- },
584
- queryParameters: [Parameters.apiVersion],
585
- urlParameters: [Parameters.vaultBaseUrl, Parameters.keyName],
586
- headerParameters: [Parameters.accept],
587
- serializer
588
- };
589
476
  const importKeyOperationSpec = {
590
477
  path: "/keys/{key-name}",
591
478
  httpMethod: "PUT",
@@ -602,10 +489,9 @@ const importKeyOperationSpec = {
602
489
  hsm: ["options", "hsm"],
603
490
  key: ["key"],
604
491
  keyAttributes: ["options", "keyAttributes"],
605
- tags: ["options", "tags"],
606
- releasePolicy: ["options", "releasePolicy"]
492
+ tags: ["options", "tags"]
607
493
  },
608
- mapper: Object.assign(Object.assign({}, Mappers.KeyImportParameters), { required: true })
494
+ mapper: Mappers.KeyImportParameters
609
495
  },
610
496
  queryParameters: [Parameters.apiVersion],
611
497
  urlParameters: [Parameters.vaultBaseUrl, Parameters.keyName],
@@ -644,10 +530,9 @@ const updateKeyOperationSpec = {
644
530
  parameterPath: {
645
531
  keyOps: ["options", "keyOps"],
646
532
  keyAttributes: ["options", "keyAttributes"],
647
- tags: ["options", "tags"],
648
- releasePolicy: ["options", "releasePolicy"]
533
+ tags: ["options", "tags"]
649
534
  },
650
- mapper: Object.assign(Object.assign({}, Mappers.KeyUpdateParameters), { required: true })
535
+ mapper: Mappers.KeyUpdateParameters
651
536
  },
652
537
  queryParameters: [Parameters.apiVersion],
653
538
  urlParameters: [
@@ -740,7 +625,7 @@ const restoreKeyOperationSpec = {
740
625
  },
741
626
  requestBody: {
742
627
  parameterPath: { keyBundleBackup: ["keyBundleBackup"] },
743
- mapper: Object.assign(Object.assign({}, Mappers.KeyRestoreParameters), { required: true })
628
+ mapper: Mappers.KeyRestoreParameters
744
629
  },
745
630
  queryParameters: [Parameters.apiVersion],
746
631
  urlParameters: [Parameters.vaultBaseUrl],
@@ -767,7 +652,7 @@ const encryptOperationSpec = {
767
652
  additionalAuthenticatedData: ["options", "additionalAuthenticatedData"],
768
653
  authenticationTag: ["options", "authenticationTag"]
769
654
  },
770
- mapper: Object.assign(Object.assign({}, Mappers.KeyOperationsParameters), { required: true })
655
+ mapper: Mappers.KeyOperationsParameters
771
656
  },
772
657
  queryParameters: [Parameters.apiVersion],
773
658
  urlParameters: [
@@ -798,7 +683,7 @@ const decryptOperationSpec = {
798
683
  additionalAuthenticatedData: ["options", "additionalAuthenticatedData"],
799
684
  authenticationTag: ["options", "authenticationTag"]
800
685
  },
801
- mapper: Object.assign(Object.assign({}, Mappers.KeyOperationsParameters), { required: true })
686
+ mapper: Mappers.KeyOperationsParameters
802
687
  },
803
688
  queryParameters: [Parameters.apiVersion],
804
689
  urlParameters: [
@@ -823,7 +708,7 @@ const signOperationSpec = {
823
708
  },
824
709
  requestBody: {
825
710
  parameterPath: { algorithm: ["algorithm"], value: ["value"] },
826
- mapper: Object.assign(Object.assign({}, Mappers.KeySignParameters), { required: true })
711
+ mapper: Mappers.KeySignParameters
827
712
  },
828
713
  queryParameters: [Parameters.apiVersion],
829
714
  urlParameters: [
@@ -852,7 +737,7 @@ const verifyOperationSpec = {
852
737
  digest: ["digest"],
853
738
  signature: ["signature"]
854
739
  },
855
- mapper: Object.assign(Object.assign({}, Mappers.KeyVerifyParameters), { required: true })
740
+ mapper: Mappers.KeyVerifyParameters
856
741
  },
857
742
  queryParameters: [Parameters.apiVersion],
858
743
  urlParameters: [
@@ -883,7 +768,7 @@ const wrapKeyOperationSpec = {
883
768
  additionalAuthenticatedData: ["options", "additionalAuthenticatedData"],
884
769
  authenticationTag: ["options", "authenticationTag"]
885
770
  },
886
- mapper: Object.assign(Object.assign({}, Mappers.KeyOperationsParameters), { required: true })
771
+ mapper: Mappers.KeyOperationsParameters
887
772
  },
888
773
  queryParameters: [Parameters.apiVersion],
889
774
  urlParameters: [
@@ -914,65 +799,7 @@ const unwrapKeyOperationSpec = {
914
799
  additionalAuthenticatedData: ["options", "additionalAuthenticatedData"],
915
800
  authenticationTag: ["options", "authenticationTag"]
916
801
  },
917
- mapper: Object.assign(Object.assign({}, Mappers.KeyOperationsParameters), { required: true })
918
- },
919
- queryParameters: [Parameters.apiVersion],
920
- urlParameters: [
921
- Parameters.vaultBaseUrl,
922
- Parameters.keyName1,
923
- Parameters.keyVersion
924
- ],
925
- headerParameters: [Parameters.contentType, Parameters.accept],
926
- mediaType: "json",
927
- serializer
928
- };
929
- const exportOperationSpec = {
930
- path: "/keys/{key-name}/{key-version}/export",
931
- httpMethod: "POST",
932
- responses: {
933
- 200: {
934
- bodyMapper: Mappers.KeyBundle
935
- },
936
- default: {
937
- bodyMapper: Mappers.KeyVaultError
938
- }
939
- },
940
- requestBody: {
941
- parameterPath: {
942
- wrappingKey: ["options", "wrappingKey"],
943
- wrappingKid: ["options", "wrappingKid"],
944
- enc: ["options", "enc"]
945
- },
946
- mapper: Object.assign(Object.assign({}, Mappers.KeyExportParameters), { required: true })
947
- },
948
- queryParameters: [Parameters.apiVersion],
949
- urlParameters: [
950
- Parameters.vaultBaseUrl,
951
- Parameters.keyName1,
952
- Parameters.keyVersion
953
- ],
954
- headerParameters: [Parameters.contentType, Parameters.accept],
955
- mediaType: "json",
956
- serializer
957
- };
958
- const releaseOperationSpec = {
959
- path: "/keys/{key-name}/{key-version}/release",
960
- httpMethod: "POST",
961
- responses: {
962
- 200: {
963
- bodyMapper: Mappers.KeyReleaseResult
964
- },
965
- default: {
966
- bodyMapper: Mappers.KeyVaultError
967
- }
968
- },
969
- requestBody: {
970
- parameterPath: {
971
- target: ["target"],
972
- nonce: ["options", "nonce"],
973
- enc: ["options", "enc"]
974
- },
975
- mapper: Object.assign(Object.assign({}, Mappers.KeyReleaseParameters), { required: true })
802
+ mapper: Mappers.KeyOperationsParameters
976
803
  },
977
804
  queryParameters: [Parameters.apiVersion],
978
805
  urlParameters: [
@@ -1046,61 +873,6 @@ const recoverDeletedKeyOperationSpec = {
1046
873
  headerParameters: [Parameters.accept],
1047
874
  serializer
1048
875
  };
1049
- const getKeyRotationPolicyOperationSpec = {
1050
- path: "/keys/{key-name}/rotationpolicy",
1051
- httpMethod: "GET",
1052
- responses: {
1053
- 200: {
1054
- bodyMapper: Mappers.KeyRotationPolicy
1055
- },
1056
- default: {
1057
- bodyMapper: Mappers.KeyVaultError
1058
- }
1059
- },
1060
- queryParameters: [Parameters.apiVersion],
1061
- urlParameters: [Parameters.vaultBaseUrl, Parameters.keyName1],
1062
- headerParameters: [Parameters.accept],
1063
- serializer
1064
- };
1065
- const updateKeyRotationPolicyOperationSpec = {
1066
- path: "/keys/{key-name}/rotationpolicy",
1067
- httpMethod: "PUT",
1068
- responses: {
1069
- 200: {
1070
- bodyMapper: Mappers.KeyRotationPolicy
1071
- },
1072
- default: {
1073
- bodyMapper: Mappers.KeyVaultError
1074
- }
1075
- },
1076
- requestBody: Parameters.keyRotationPolicy,
1077
- queryParameters: [Parameters.apiVersion],
1078
- urlParameters: [Parameters.vaultBaseUrl, Parameters.keyName1],
1079
- headerParameters: [Parameters.contentType, Parameters.accept],
1080
- mediaType: "json",
1081
- serializer
1082
- };
1083
- const getRandomBytesOperationSpec = {
1084
- path: "/rng",
1085
- httpMethod: "POST",
1086
- responses: {
1087
- 200: {
1088
- bodyMapper: Mappers.RandomBytes
1089
- },
1090
- default: {
1091
- bodyMapper: Mappers.KeyVaultError
1092
- }
1093
- },
1094
- requestBody: {
1095
- parameterPath: { count: ["count"] },
1096
- mapper: Object.assign(Object.assign({}, Mappers.GetRandomBytesRequest), { required: true })
1097
- },
1098
- queryParameters: [Parameters.apiVersion],
1099
- urlParameters: [Parameters.vaultBaseUrl],
1100
- headerParameters: [Parameters.contentType, Parameters.accept],
1101
- mediaType: "json",
1102
- serializer
1103
- };
1104
876
  const getKeyVersionsNextOperationSpec = {
1105
877
  path: "{nextLink}",
1106
878
  httpMethod: "GET",