@azure/keyvault-keys 4.4.0-beta.2 → 4.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (52) hide show
  1. package/CHANGELOG.md +37 -1
  2. package/README.md +11 -10
  3. package/dist/index.js +332 -295
  4. package/dist/index.js.map +1 -1
  5. package/dist-esm/keyvault-common/src/challengeBasedAuthenticationPolicy.js +14 -25
  6. package/dist-esm/keyvault-common/src/challengeBasedAuthenticationPolicy.js.map +1 -1
  7. package/dist-esm/keyvault-common/src/index.js +1 -0
  8. package/dist-esm/keyvault-common/src/index.js.map +1 -1
  9. package/dist-esm/keyvault-common/src/parseKeyvaultIdentifier.js +1 -1
  10. package/dist-esm/keyvault-common/src/parseKeyvaultIdentifier.js.map +1 -1
  11. package/dist-esm/keyvault-common/src/parseWWWAuthenticate.js +52 -0
  12. package/dist-esm/keyvault-common/src/parseWWWAuthenticate.js.map +1 -0
  13. package/dist-esm/keyvault-common/src/tracingHelpers.js +4 -4
  14. package/dist-esm/keyvault-common/src/tracingHelpers.js.map +1 -1
  15. package/dist-esm/keyvault-keys/src/constants.js +1 -1
  16. package/dist-esm/keyvault-keys/src/constants.js.map +1 -1
  17. package/dist-esm/keyvault-keys/src/cryptography/aesCryptographyProvider.js +7 -7
  18. package/dist-esm/keyvault-keys/src/cryptography/aesCryptographyProvider.js.map +1 -1
  19. package/dist-esm/keyvault-keys/src/cryptography/crypto.js +2 -2
  20. package/dist-esm/keyvault-keys/src/cryptography/crypto.js.map +1 -1
  21. package/dist-esm/keyvault-keys/src/cryptography/models.js.map +1 -1
  22. package/dist-esm/keyvault-keys/src/cryptography/remoteCryptographyProvider.js +11 -12
  23. package/dist-esm/keyvault-keys/src/cryptography/remoteCryptographyProvider.js.map +1 -1
  24. package/dist-esm/keyvault-keys/src/cryptography/rsaCryptographyProvider.js +7 -9
  25. package/dist-esm/keyvault-keys/src/cryptography/rsaCryptographyProvider.js.map +1 -1
  26. package/dist-esm/keyvault-keys/src/cryptographyClient.js +10 -11
  27. package/dist-esm/keyvault-keys/src/cryptographyClient.js.map +1 -1
  28. package/dist-esm/keyvault-keys/src/cryptographyClientModels.js +36 -2
  29. package/dist-esm/keyvault-keys/src/cryptographyClientModels.js.map +1 -1
  30. package/dist-esm/keyvault-keys/src/generated/keyVaultClient.js +4 -50
  31. package/dist-esm/keyvault-keys/src/generated/keyVaultClient.js.map +1 -1
  32. package/dist-esm/keyvault-keys/src/generated/keyVaultClientContext.js +2 -2
  33. package/dist-esm/keyvault-keys/src/generated/keyVaultClientContext.js.map +1 -1
  34. package/dist-esm/keyvault-keys/src/generated/models/index.js +6 -21
  35. package/dist-esm/keyvault-keys/src/generated/models/index.js.map +1 -1
  36. package/dist-esm/keyvault-keys/src/generated/models/mappers.js +36 -29
  37. package/dist-esm/keyvault-keys/src/generated/models/mappers.js.map +1 -1
  38. package/dist-esm/keyvault-keys/src/generated/models/parameters.js +4 -16
  39. package/dist-esm/keyvault-keys/src/generated/models/parameters.js.map +1 -1
  40. package/dist-esm/keyvault-keys/src/identifier.js.map +1 -1
  41. package/dist-esm/keyvault-keys/src/index.js +32 -42
  42. package/dist-esm/keyvault-keys/src/index.js.map +1 -1
  43. package/dist-esm/keyvault-keys/src/keysModels.js +5 -2
  44. package/dist-esm/keyvault-keys/src/keysModels.js.map +1 -1
  45. package/dist-esm/keyvault-keys/src/lro/delete/poller.js.map +1 -1
  46. package/dist-esm/keyvault-keys/src/lro/keyVaultKeyPoller.js +1 -1
  47. package/dist-esm/keyvault-keys/src/lro/keyVaultKeyPoller.js.map +1 -1
  48. package/dist-esm/keyvault-keys/src/lro/recover/poller.js.map +1 -1
  49. package/dist-esm/keyvault-keys/src/transformations.js +12 -13
  50. package/dist-esm/keyvault-keys/src/transformations.js.map +1 -1
  51. package/package.json +16 -32
  52. package/types/keyvault-keys.d.ts +93 -36
package/dist-esm/keyvault-keys/src/cryptography/remoteCryptographyProvider.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"remoteCryptographyProvider.js","sourceRoot":"","sources":["../../../../src/cryptography/remoteCryptographyProvider.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;;AAElC,OAAO,EACL,yBAAyB,EACzB,iBAAiB,EAEjB,aAAa,EACd,MAAM,kBAAkB,CAAC;AAiB1B,OAAO,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AAE3C,OAAO,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAC9C,OAAO,EAAE,0BAA0B,EAAE,MAAM,eAAe,CAAC;AAC3D,OAAO,EAIL,kBAAkB,EACnB,MAAM,eAAe,CAAC;AACvB,OAAO,EAAE,mBAAmB,EAAE,MAAM,oBAAoB,CAAC;AACzD,OAAO,EAAE,UAAU,EAAE,MAAM,UAAU,CAAC;AAEtC,OAAO,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAChC,OAAO,EACL,mBAAmB,EAEnB,kCAAkC,EACnC,MAAM,8BAA8B,CAAC;AAEtC,MAAM,SAAS,GAAmB,mBAAmB,CACnD,gDAAgD,CACjD,CAAC;AAEF;;;GAGG;AACH,MAAM,OAAO,0BAA0B;IACrC,YACE,GAAyB,EACzB,UAA2B,EAC3B,kBAA6C,EAAE;;QAE/C,IAAI,CAAC,MAAM,GAAG,qBAAqB,CAAC,UAAU,EAAE,eAAe,CAAC,CAAC;QAEjE,IAAI,CAAC,GAAG,GAAG,GAAG,CAAC;QAEf,IAAI,KAAa,CAAC;QAClB,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE;YAC3B,KAAK,GAAG,GAAG,CAAC;SACb;aAAM;YACL,KAAK,GAAG,GAAG,CAAC,EAAG,CAAC;SACjB;QAED,IAAI;YACF,MAAM,MAAM,GAAG,0BAA0B,CAAC,KAAK,CAAC,CAAC;YACjD,IAAI,MAAM,CAAC,IAAI,KAAK,EAAE,EAAE;gBACtB,MAAM,IAAI,KAAK,CAAC,yCAAyC,CAAC,CAAC;aAC5D;YAED,IAAI,CAAC,MAAM,CAAC,QAAQ,IAAI,MAAM,CAAC,QAAQ,KAAK,EAAE,EAAE;gBAC9C,MAAM,IAAI,KAAK,CAAC,6CAA6C,CAAC,CAAC;aAChE;YAED,IAAI,CAAC,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC;YAChC,IAAI,CAAC,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC;YACxB,IAAI,CAAC,OAAO,GAAG,MAAA,MAAM,CAAC,OAAO,mCAAI,EAAE,CAAC;SACrC;QAAC,OAAO,GAAG,EAAE;YACZ,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YAElB,MAAM,IAAI,KAAK,CAAC,GAAG,KAAK,kCAAkC,CAAC,CAAC;SAC7D;IACH,CAAC;IAED,gEAAgE;IAChE,WAAW,CAAC,UAAkB,EAAE,UAAyC;QACvE,OAAO,IAAI,CAAC;IACd,CAAC;IAED,OAAO,CACL,iBAAoC,EACpC,UAA0B,EAAE;QAE5B,MAAM,EAAE,SAAS,EAAE,SAAS,KAAgB,iBAAiB,EAA5B,MAAM,UAAK,iBAAiB,EAAvD,0BAAmC,CAAoB,CAAC;QAC9D,MAAM,cAAc,mCAAQ,OAAO,GAAK,MAAM,CAAE,CAAC;QAEjD,OAAO,SAAS,CAAC,SAAS,EAAE,cAAc,EAAE,KAAK,EAAE,cAAc,EAAE,EAAE;YACnE,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,OAAO,CACtC,IAAI,CAAC,QAAQ,EACb,IAAI,CAAC,IAAI,EACT,IAAI,CAAC,OAAO,EACZ,SAAS,EACT,SAAS,EACT,cAAc,CACf,CAAC;YAEF,OAAO;gBACL,SAAS,EAAE,iBAAiB,CAAC,SAAS;gBACtC,MAAM,EAAE,MAAM,CAAC,MAAO;gBACtB,KAAK,EAAE,IAAI,CAAC,QAAQ,EAAE;gBACtB,2BAA2B,EAAE,MAAM,CAAC,2BAA2B;gBAC/D,iBAAiB,EAAE,MAAM,CAAC,iBAAiB;gBAC3C,EAAE,EAAE,MAAM,CAAC,EAAE;aACd,CAAC;QACJ,CAAC,CAAC,CAAC;IACL,CAAC;IAED,OAAO,CACL,iBAAoC,EACpC,UAA0B,EAAE;QAE5B,MAAM,EAAE,SAAS,EAAE,UAAU,KAAgB,iBAAiB,EAA5B,MAAM,UAAK,iBAAiB,EAAxD,2BAAoC,CAAoB,CAAC;QAC/D,MAAM,cAAc,mCAAQ,OAAO,GAAK,MAAM,CAAE,CAAC;QAEjD,OAAO,SAAS,CAAC,SAAS,EAAE,cAAc,EAAE,KAAK,EAAE,cAAc,EAAE,EAAE;YACnE,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,OAAO,CACtC,IAAI,CAAC,QAAQ,EACb,IAAI,CAAC,IAAI,EACT,IAAI,CAAC,OAAO,EACZ,SAAS,EACT,UAAU,EACV,cAAc,CACf,CAAC;YACF,OAAO;gBACL,MAAM,EAAE,MAAM,CAAC,MAAO;gBACtB,KAAK,EAAE,IAAI,CAAC,QAAQ,EAAE;gBACtB,SAAS;aACV,CAAC;QACJ,CAAC,CAAC,CAAC;IACL,CAAC;IAED,OAAO,CACL,SAA2B,EAC3B,SAAqB,EACrB,UAA0B,EAAE;QAE5B,OAAO,SAAS,CAAC,SAAS,EAAE,OAAO,EAAE,KAAK,EAAE,cAAc,EAAE,EAAE;YAC5D,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,OAAO,CACtC,IAAI,CAAC,QAAQ,EACb,IAAI,CAAC,IAAI,EACT,IAAI,CAAC,OAAO,EACZ,SAAS,EACT,SAAS,EACT,cAAc,CACf,CAAC;YAEF,OAAO;gBACL,MAAM,EAAE,MAAM,CAAC,MAAO;gBACtB,SAAS;gBACT,KAAK,EAAE,IAAI,CAAC,QAAQ,EAAE;aACvB,CAAC;QACJ,CAAC,CAAC,CAAC;IACL,CAAC;IAED,SAAS,CACP,SAA2B,EAC3B,YAAwB,EACxB,UAA4B,EAAE;QAE9B,OAAO,SAAS,CAAC,WAAW,EAAE,OAAO,EAAE,KAAK,EAAE,cAAc,EAAE,EAAE;YAC9D,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,SAAS,CACxC,IAAI,CAAC,QAAQ,EACb,IAAI,CAAC,IAAI,EACT,IAAI,CAAC,OAAO,EACZ,SAAS,EACT,YAAY,EACZ,cAAc,CACf,CAAC;YAEF,OAAO;gBACL,MAAM,EAAE,MAAM,CAAC,MAAO;gBACtB,SAAS;gBACT,KAAK,EAAE,IAAI,CAAC,QAAQ,EAAE;aACvB,CAAC;QACJ,CAAC,CAAC,CAAC;IACL,CAAC;IAED,IAAI,CAAC,SAAiB,EAAE,MAAkB,EAAE,UAAuB,EAAE;QACnE,OAAO,SAAS,CAAC,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,cAAc,EAAE,EAAE;YACzD,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,CACnC,IAAI,CAAC,QAAQ,EACb,IAAI,CAAC,IAAI,EACT,IAAI,CAAC,OAAO,EACZ,SAAS,EACT,MAAM,EACN,cAAc,CACf,CAAC;YAEF,OAAO,EAAE,MAAM,EAAE,MAAM,CAAC,MAAO,EAAE,SAAS,EAAE,KAAK,EAAE,IAAI,CAAC,QAAQ,EAAE,EAAE,CAAC;QACvE,CAAC,CAAC,CAAC;IACL,CAAC;IAED,UAAU,CACR,SAAiB,EACjB,IAAgB,EAChB,SAAqB,EACrB,UAAyB,EAAE;QAE3B,OAAO,SAAS,CAAC,YAAY,EAAE,OAAO,EAAE,KAAK,EAAE,cAAc,EAAE,EAAE;YAC/D,MAAM,IAAI,GAAG,MAAM,UAAU,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC;YAC/C,OAAO,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,IAAI,EAAE,SAAS,EAAE,cAAc,CAAC,CAAC;QACjE,CAAC,CAAC,CAAC;IACL,CAAC;IAED,MAAM,CACJ,SAAiB,EACjB,MAAkB,EAClB,SAAqB,EACrB,UAAyB,EAAE;QAE3B,OAAO,SAAS,CAAC,QAAQ,EAAE,OAAO,EAAE,KAAK,EAAE,cAAc,EAAE,EAAE;YAC3D,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,MAAM,CACvC,IAAI,CAAC,QAAQ,EACb,IAAI,CAAC,IAAI,EACT,IAAI,CAAC,OAAO,EACZ,SAAS,EACT,MAAM,EACN,SAAS,EACT,cAAc,CACf,CAAC;YACF,OAAO;gBACL,MAAM,EAAE,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK;gBAC/C,KAAK,EAAE,IAAI,CAAC,QAAQ,EAAE;aACvB,CAAC;QACJ,CAAC,CAAC,CAAC;IACL,CAAC;IAED,QAAQ,CAAC,SAAiB,EAAE,IAAgB,EAAE,UAAuB,EAAE;QACrE,OAAO,SAAS,CAAC,UAAU,EAAE,OAAO,EAAE,KAAK,EAAE,cAAc,EAAE,EAAE;YAC7D,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC;YACjD,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,CACnC,IAAI,CAAC,QAAQ,EACb,IAAI,CAAC,IAAI,EACT,IAAI,CAAC,OAAO,EACZ,SAAS,EACT,MAAM,EACN,cAAc,CACf,CAAC;YACF,OAAO,EAAE,MAAM,EAAE,MAAM,CAAC,MAAO,EAAE,SAAS,EAAE,KAAK,EAAE,IAAI,CAAC,QAAQ,EAAE,EAAE,CAAC;QACvE,CAAC,CAAC,CAAC;IACL,CAAC;IAOD;;OAEG;IACH,IAAI,KAAK;QACP,OAAO,IAAI,CAAC,QAAQ,EAAE,CAAC;IACzB,CAAC;IAED;;;;OAIG;IACH,MAAM,CAAC,UAAyB,EAAE;QAChC,OAAO,SAAS,CAAC,QAAQ,EAAE,OAAO,EAAE,KAAK,EAAE,cAAc,EAAE,EAAE;YAC3D,IAAI,OAAO,IAAI,CAAC,GAAG,KAAK,QAAQ,EAAE;gBAChC,IAAI,CAAC,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,IAAI,KAAK,EAAE,EAAE;oBAClC,MAAM,IAAI,KAAK,CAAC,mCAAmC,CAAC,CAAC;iBACtD;gBACD,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,MAAM,CACvC,IAAI,CAAC,QAAQ,EACb,IAAI,CAAC,IAAI,EACT,OAAO,IAAI,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAC/E,cAAc,CACf,CAAC;gBACF,IAAI,CAAC,GAAG,GAAG,mBAAmB,CAAC,QAAQ,CAAC,CAAC;aAC1C;YACD,OAAO,IAAI,CAAC,GAAG,CAAC;QAClB,CAAC,CAAC,CAAC;IACL,CAAC;IA4BD;;;OAGG;IACK,QAAQ;QACd,IAAI,GAAG,CAAC;QACR,IAAI,OAAO,IAAI,CAAC,GAAG,KAAK,QAAQ,EAAE;YAChC,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;SACnB;aAAM;YACL,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC;SAChB;QAED,OAAO,GAAG,CAAC;IACb,CAAC;CACF;AAED;;;;;;;;GAQG;AACH,SAAS,qBAAqB,CAC5B,UAA2B,EAC3B,OAAyE;IAEzE,IAAI,OAAO,CAAC,eAAe,EAAE;QAC3B,OAAO,OAAO,CAAC,eAAe,CAAC;KAChC;IAED,MAAM,OAAO,GAAG,0BAA0B,WAAW,EAAE,CAAC;IAExD,MAAM,gBAAgB,GAAG,OAAO,CAAC,gBAAgB,CAAC;IAElD,OAAO,CAAC,gBAAgB,GAAG;QACzB,eAAe,EACb,gBAAgB,IAAI,gBAAgB,CAAC,eAAe;YAClD,CAAC,CAAC,GAAG,gBAAgB,CAAC,eAAe,IAAI,OAAO,EAAE;YAClD,CAAC,CAAC,OAAO;KACd,CAAC;IAEF,MAAM,UAAU,GAAG,iBAAiB,CAAC,UAAU,CAAC;QAC9C,CAAC,CAAC,kCAAkC,CAAC,UAAU,CAAC;QAChD,CAAC,CAAC,aAAa,CAAC,UAAU,CAAC,CAAC;IAE9B,MAAM,uBAAuB,mCACxB,OAAO,KACV,cAAc,EAAE;YACd,MAAM,EAAE,MAAM,CAAC,IAAI;YACnB,kBAAkB,EAAE;gBAClB,sBAAsB;gBACtB,4BAA4B;gBAC5B,+BAA+B;aAChC;SACF,GACF,CAAC;IAEF,OAAO,IAAI,cAAc,CACvB,OAAO,CAAC,cAAc,IAAI,kBAAkB,EAC5C,yBAAyB,CAAC,uBAAuB,EAAE,UAAU,CAAC,CAC/D,CAAC;AACJ,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport {\n createPipelineFromOptions,\n isTokenCredential,\n TokenCredential,\n signingPolicy\n} from \"@azure/core-http\";\nimport {\n EncryptParameters,\n EncryptOptions,\n EncryptResult,\n KeyWrapAlgorithm,\n WrapKeyOptions,\n WrapResult,\n VerifyOptions,\n VerifyResult,\n DecryptParameters,\n DecryptOptions,\n DecryptResult,\n UnwrapKeyOptions,\n SignOptions,\n SignResult\n} from \"../cryptographyClientModels\";\nimport { SDK_VERSION } from \"../constants\";\nimport { UnwrapResult } from \"../cryptographyClientModels\";\nimport { KeyVaultClient } from \"../generated\";\nimport { parseKeyVaultKeyIdentifier } from \"../identifier\";\nimport {\n CryptographyClientOptions,\n GetKeyOptions,\n KeyVaultKey,\n LATEST_API_VERSION\n} from \"../keysModels\";\nimport { getKeyFromKeyBundle } from \"../transformations\";\nimport { createHash } from \"./crypto\";\nimport { CryptographyProvider, CryptographyProviderOperation } from \"./models\";\nimport { logger } from \"../log\";\nimport {\n createTraceFunction,\n TracedFunction,\n challengeBasedAuthenticationPolicy\n} from \"../../../keyvault-common/src\";\n\nconst withTrace: TracedFunction = createTraceFunction(\n \"Azure.KeyVault.Keys.RemoteCryptographyProvider\"\n);\n\n/**\n * The remote cryptography provider is used to run crypto operations against KeyVault.\n * @internal\n */\nexport class RemoteCryptographyProvider implements CryptographyProvider {\n constructor(\n key: string | KeyVaultKey,\n credential: TokenCredential,\n pipelineOptions: CryptographyClientOptions = {}\n ) {\n this.client = getOrInitializeClient(credential, pipelineOptions);\n\n this.key = key;\n\n let keyId: string;\n if (typeof key === \"string\") {\n keyId = key;\n } else {\n keyId = key.id!;\n }\n\n try {\n const parsed = parseKeyVaultKeyIdentifier(keyId);\n if (parsed.name === \"\") {\n throw new Error(\"Could not find 'name' of key in key URL\");\n }\n\n if (!parsed.vaultUrl || parsed.vaultUrl === \"\") {\n throw new Error(\"Could not find 'vaultUrl' of key in key URL\");\n }\n\n this.vaultUrl = parsed.vaultUrl;\n this.name = parsed.name;\n this.version = parsed.version ?? \"\";\n } catch (err) {\n logger.error(err);\n\n throw new Error(`${keyId} is not a valid Key Vault key ID`);\n }\n }\n\n // The remote client supports all algorithms and all operations.\n isSupported(_algorithm: string, _operation: CryptographyProviderOperation): boolean {\n return true;\n }\n\n encrypt(\n encryptParameters: EncryptParameters,\n options: EncryptOptions = {}\n ): Promise<EncryptResult> {\n const { algorithm, plaintext, ...params } = encryptParameters;\n const requestOptions = { ...options, ...params };\n\n return withTrace(\"encrypt\", requestOptions, async (updatedOptions) => {\n const result = await this.client.encrypt(\n this.vaultUrl,\n this.name,\n this.version,\n algorithm,\n plaintext,\n updatedOptions\n );\n\n return {\n algorithm: encryptParameters.algorithm,\n result: result.result!,\n keyID: this.getKeyID(),\n additionalAuthenticatedData: result.additionalAuthenticatedData,\n authenticationTag: result.authenticationTag,\n iv: result.iv\n };\n });\n }\n\n decrypt(\n decryptParameters: DecryptParameters,\n options: DecryptOptions = {}\n ): Promise<DecryptResult> {\n const { algorithm, ciphertext, ...params } = decryptParameters;\n const requestOptions = { ...options, ...params };\n\n return withTrace(\"decrypt\", requestOptions, async (updatedOptions) => {\n const result = await this.client.decrypt(\n this.vaultUrl,\n this.name,\n this.version,\n algorithm,\n ciphertext,\n updatedOptions\n );\n return {\n result: result.result!,\n keyID: this.getKeyID(),\n algorithm\n };\n });\n }\n\n wrapKey(\n algorithm: KeyWrapAlgorithm,\n keyToWrap: Uint8Array,\n options: WrapKeyOptions = {}\n ): Promise<WrapResult> {\n return withTrace(\"wrapKey\", options, async (updatedOptions) => {\n const result = await this.client.wrapKey(\n this.vaultUrl,\n this.name,\n this.version,\n algorithm,\n keyToWrap,\n updatedOptions\n );\n\n return {\n result: result.result!,\n algorithm,\n keyID: this.getKeyID()\n };\n });\n }\n\n unwrapKey(\n algorithm: KeyWrapAlgorithm,\n encryptedKey: Uint8Array,\n options: UnwrapKeyOptions = {}\n ): Promise<UnwrapResult> {\n return withTrace(\"unwrapKey\", options, async (updatedOptions) => {\n const result = await this.client.unwrapKey(\n this.vaultUrl,\n this.name,\n this.version,\n algorithm,\n encryptedKey,\n updatedOptions\n );\n\n return {\n result: result.result!,\n algorithm,\n keyID: this.getKeyID()\n };\n });\n }\n\n sign(algorithm: string, digest: Uint8Array, options: SignOptions = {}): Promise<SignResult> {\n return withTrace(\"sign\", options, async (updatedOptions) => {\n const result = await this.client.sign(\n this.vaultUrl,\n this.name,\n this.version,\n algorithm,\n digest,\n updatedOptions\n );\n\n return { result: result.result!, algorithm, keyID: this.getKeyID() };\n });\n }\n\n verifyData(\n algorithm: string,\n data: Uint8Array,\n signature: Uint8Array,\n options: VerifyOptions = {}\n ): Promise<VerifyResult> {\n return withTrace(\"verifyData\", options, async (updatedOptions) => {\n const hash = await createHash(algorithm, data);\n return this.verify(algorithm, hash, signature, updatedOptions);\n });\n }\n\n verify(\n algorithm: string,\n digest: Uint8Array,\n signature: Uint8Array,\n options: VerifyOptions = {}\n ): Promise<VerifyResult> {\n return withTrace(\"verify\", options, async (updatedOptions) => {\n const response = await this.client.verify(\n this.vaultUrl,\n this.name,\n this.version,\n algorithm,\n digest,\n signature,\n updatedOptions\n );\n return {\n result: response.value ? response.value : false,\n keyID: this.getKeyID()\n };\n });\n }\n\n signData(algorithm: string, data: Uint8Array, options: SignOptions = {}): Promise<SignResult> {\n return withTrace(\"signData\", options, async (updatedOptions) => {\n const digest = await createHash(algorithm, data);\n const result = await this.client.sign(\n this.vaultUrl,\n this.name,\n this.version,\n algorithm,\n digest,\n updatedOptions\n );\n return { result: result.result!, algorithm, keyID: this.getKeyID() };\n });\n }\n\n /**\n * The base URL to the vault.\n */\n readonly vaultUrl: string;\n\n /**\n * The ID of the key used to perform cryptographic operations for the client.\n */\n get keyId(): string | undefined {\n return this.getKeyID();\n }\n\n /**\n * Gets the {@link KeyVaultKey} used for cryptography operations, fetching it\n * from KeyVault if necessary.\n * @param options - Additional options.\n */\n getKey(options: GetKeyOptions = {}): Promise<KeyVaultKey> {\n return withTrace(\"getKey\", options, async (updatedOptions) => {\n if (typeof this.key === \"string\") {\n if (!this.name || this.name === \"\") {\n throw new Error(\"getKey requires a key with a name\");\n }\n const response = await this.client.getKey(\n this.vaultUrl,\n this.name,\n options && options.version ? options.version : this.version ? this.version : \"\",\n updatedOptions\n );\n this.key = getKeyFromKeyBundle(response);\n }\n return this.key;\n });\n }\n\n /**\n * @internal\n * A reference to the auto-generated KeyVault HTTP client.\n */\n private client: KeyVaultClient;\n\n /**\n * A reference to the key used for the cryptographic operations.\n * Based on what was provided to the CryptographyClient constructor,\n * it can be either a string with the URL of a Key Vault Key, or an already parsed {@link KeyVaultKey}.\n * @internal\n */\n private key: string | KeyVaultKey;\n\n /**\n * Name of the key the client represents\n * @internal\n */\n private name: string;\n\n /**\n * Version of the key the client represents\n * @internal\n */\n private version: string;\n\n /**\n * Attempts to retrieve the ID of the key.\n * @internal\n */\n private getKeyID(): string | undefined {\n let kid;\n if (typeof this.key !== \"string\") {\n kid = this.key.id;\n } else {\n kid = this.key;\n }\n\n return kid;\n }\n}\n\n/**\n * A helper method to either get the passed down generated client or initialize a new one.\n * An already constructed generated client may be passed down from {@link KeyClient} in which case we should reuse it.\n *\n * @internal\n * @param credential - The credential to use when initializing a new client.\n * @param options - The options for constructing a client or the underlying client if one already exists.\n * @returns - A generated client instance\n */\nfunction getOrInitializeClient(\n credential: TokenCredential,\n options: CryptographyClientOptions & { generatedClient?: KeyVaultClient }\n): KeyVaultClient {\n if (options.generatedClient) {\n return options.generatedClient;\n }\n\n const libInfo = `azsdk-js-keyvault-keys/${SDK_VERSION}`;\n\n const userAgentOptions = options.userAgentOptions;\n\n options.userAgentOptions = {\n userAgentPrefix:\n userAgentOptions && userAgentOptions.userAgentPrefix\n ? `${userAgentOptions.userAgentPrefix} ${libInfo}`\n : libInfo\n };\n\n const authPolicy = isTokenCredential(credential)\n ? challengeBasedAuthenticationPolicy(credential)\n : signingPolicy(credential);\n\n const internalPipelineOptions = {\n ...options,\n loggingOptions: {\n logger: logger.info,\n allowedHeaderNames: [\n \"x-ms-keyvault-region\",\n \"x-ms-keyvault-network-info\",\n \"x-ms-keyvault-service-version\"\n ]\n }\n };\n\n return new KeyVaultClient(\n options.serviceVersion || LATEST_API_VERSION,\n createPipelineFromOptions(internalPipelineOptions, authPolicy)\n );\n}\n"]}
1
+ {"version":3,"file":"remoteCryptographyProvider.js","sourceRoot":"","sources":["../../../../src/cryptography/remoteCryptographyProvider.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;;AAElC,OAAO,EACL,yBAAyB,EACzB,iBAAiB,EAEjB,aAAa,GACd,MAAM,kBAAkB,CAAC;AAiB1B,OAAO,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AAE3C,OAAO,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAC9C,OAAO,EAAE,0BAA0B,EAAE,MAAM,eAAe,CAAC;AAC3D,OAAO,EAIL,kBAAkB,GACnB,MAAM,eAAe,CAAC;AACvB,OAAO,EAAE,mBAAmB,EAAE,MAAM,oBAAoB,CAAC;AACzD,OAAO,EAAE,UAAU,EAAE,MAAM,UAAU,CAAC;AAEtC,OAAO,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAChC,OAAO,EACL,mBAAmB,EAEnB,kCAAkC,GACnC,MAAM,8BAA8B,CAAC;AAEtC,MAAM,SAAS,GAAmB,mBAAmB,CACnD,gDAAgD,CACjD,CAAC;AAEF;;;GAGG;AACH,MAAM,OAAO,0BAA0B;IACrC,YACE,GAAyB,EACzB,UAA2B,EAC3B,kBAA6C,EAAE;;QAE/C,IAAI,CAAC,MAAM,GAAG,qBAAqB,CAAC,UAAU,EAAE,eAAe,CAAC,CAAC;QAEjE,IAAI,CAAC,GAAG,GAAG,GAAG,CAAC;QAEf,IAAI,KAAa,CAAC;QAClB,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE;YAC3B,KAAK,GAAG,GAAG,CAAC;SACb;aAAM;YACL,KAAK,GAAG,GAAG,CAAC,EAAG,CAAC;SACjB;QAED,IAAI;YACF,MAAM,MAAM,GAAG,0BAA0B,CAAC,KAAK,CAAC,CAAC;YACjD,IAAI,MAAM,CAAC,IAAI,KAAK,EAAE,EAAE;gBACtB,MAAM,IAAI,KAAK,CAAC,yCAAyC,CAAC,CAAC;aAC5D;YAED,IAAI,CAAC,MAAM,CAAC,QAAQ,IAAI,MAAM,CAAC,QAAQ,KAAK,EAAE,EAAE;gBAC9C,MAAM,IAAI,KAAK,CAAC,6CAA6C,CAAC,CAAC;aAChE;YAED,IAAI,CAAC,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC;YAChC,IAAI,CAAC,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC;YACxB,IAAI,CAAC,OAAO,GAAG,MAAA,MAAM,CAAC,OAAO,mCAAI,EAAE,CAAC;SACrC;QAAC,OAAO,GAAG,EAAE;YACZ,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YAElB,MAAM,IAAI,KAAK,CAAC,GAAG,KAAK,kCAAkC,CAAC,CAAC;SAC7D;IACH,CAAC;IAED,gEAAgE;IAChE,WAAW,CAAC,UAAkB,EAAE,UAAyC;QACvE,OAAO,IAAI,CAAC;IACd,CAAC;IAED,OAAO,CACL,iBAAoC,EACpC,UAA0B,EAAE;QAE5B,MAAM,EAAE,SAAS,EAAE,SAAS,KAAgB,iBAAiB,EAA5B,MAAM,UAAK,iBAAiB,EAAvD,0BAAmC,CAAoB,CAAC;QAC9D,MAAM,cAAc,mCAAQ,OAAO,GAAK,MAAM,CAAE,CAAC;QAEjD,OAAO,SAAS,CAAC,SAAS,EAAE,cAAc,EAAE,KAAK,EAAE,cAAc,EAAE,EAAE;YACnE,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,OAAO,CACtC,IAAI,CAAC,QAAQ,EACb,IAAI,CAAC,IAAI,EACT,IAAI,CAAC,OAAO,EACZ,SAAS,EACT,SAAS,EACT,cAAc,CACf,CAAC;YAEF,OAAO;gBACL,SAAS,EAAE,iBAAiB,CAAC,SAAS;gBACtC,MAAM,EAAE,MAAM,CAAC,MAAO;gBACtB,KAAK,EAAE,IAAI,CAAC,QAAQ,EAAE;gBACtB,2BAA2B,EAAE,MAAM,CAAC,2BAA2B;gBAC/D,iBAAiB,EAAE,MAAM,CAAC,iBAAiB;gBAC3C,EAAE,EAAE,MAAM,CAAC,EAAE;aACd,CAAC;QACJ,CAAC,CAAC,CAAC;IACL,CAAC;IAED,OAAO,CACL,iBAAoC,EACpC,UAA0B,EAAE;QAE5B,MAAM,EAAE,SAAS,EAAE,UAAU,KAAgB,iBAAiB,EAA5B,MAAM,UAAK,iBAAiB,EAAxD,2BAAoC,CAAoB,CAAC;QAC/D,MAAM,cAAc,mCAAQ,OAAO,GAAK,MAAM,CAAE,CAAC;QAEjD,OAAO,SAAS,CAAC,SAAS,EAAE,cAAc,EAAE,KAAK,EAAE,cAAc,EAAE,EAAE;YACnE,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,OAAO,CACtC,IAAI,CAAC,QAAQ,EACb,IAAI,CAAC,IAAI,EACT,IAAI,CAAC,OAAO,EACZ,SAAS,EACT,UAAU,EACV,cAAc,CACf,CAAC;YACF,OAAO;gBACL,MAAM,EAAE,MAAM,CAAC,MAAO;gBACtB,KAAK,EAAE,IAAI,CAAC,QAAQ,EAAE;gBACtB,SAAS;aACV,CAAC;QACJ,CAAC,CAAC,CAAC;IACL,CAAC;IAED,OAAO,CACL,SAA2B,EAC3B,SAAqB,EACrB,UAA0B,EAAE;QAE5B,OAAO,SAAS,CAAC,SAAS,EAAE,OAAO,EAAE,KAAK,EAAE,cAAc,EAAE,EAAE;YAC5D,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,OAAO,CACtC,IAAI,CAAC,QAAQ,EACb,IAAI,CAAC,IAAI,EACT,IAAI,CAAC,OAAO,EACZ,SAAS,EACT,SAAS,EACT,cAAc,CACf,CAAC;YAEF,OAAO;gBACL,MAAM,EAAE,MAAM,CAAC,MAAO;gBACtB,SAAS;gBACT,KAAK,EAAE,IAAI,CAAC,QAAQ,EAAE;aACvB,CAAC;QACJ,CAAC,CAAC,CAAC;IACL,CAAC;IAED,SAAS,CACP,SAA2B,EAC3B,YAAwB,EACxB,UAA4B,EAAE;QAE9B,OAAO,SAAS,CAAC,WAAW,EAAE,OAAO,EAAE,KAAK,EAAE,cAAc,EAAE,EAAE;YAC9D,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,SAAS,CACxC,IAAI,CAAC,QAAQ,EACb,IAAI,CAAC,IAAI,EACT,IAAI,CAAC,OAAO,EACZ,SAAS,EACT,YAAY,EACZ,cAAc,CACf,CAAC;YAEF,OAAO;gBACL,MAAM,EAAE,MAAM,CAAC,MAAO;gBACtB,SAAS;gBACT,KAAK,EAAE,IAAI,CAAC,QAAQ,EAAE;aACvB,CAAC;QACJ,CAAC,CAAC,CAAC;IACL,CAAC;IAED,IAAI,CAAC,SAAiB,EAAE,MAAkB,EAAE,UAAuB,EAAE;QACnE,OAAO,SAAS,CAAC,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,cAAc,EAAE,EAAE;YACzD,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,CACnC,IAAI,CAAC,QAAQ,EACb,IAAI,CAAC,IAAI,EACT,IAAI,CAAC,OAAO,EACZ,SAAS,EACT,MAAM,EACN,cAAc,CACf,CAAC;YAEF,OAAO,EAAE,MAAM,EAAE,MAAM,CAAC,MAAO,EAAE,SAAS,EAAE,KAAK,EAAE,IAAI,CAAC,QAAQ,EAAE,EAAE,CAAC;QACvE,CAAC,CAAC,CAAC;IACL,CAAC;IAED,UAAU,CACR,SAAiB,EACjB,IAAgB,EAChB,SAAqB,EACrB,UAAyB,EAAE;QAE3B,OAAO,SAAS,CAAC,YAAY,EAAE,OAAO,EAAE,KAAK,EAAE,cAAc,EAAE,EAAE;YAC/D,MAAM,IAAI,GAAG,MAAM,UAAU,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC;YAC/C,OAAO,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,IAAI,EAAE,SAAS,EAAE,cAAc,CAAC,CAAC;QACjE,CAAC,CAAC,CAAC;IACL,CAAC;IAED,MAAM,CACJ,SAAiB,EACjB,MAAkB,EAClB,SAAqB,EACrB,UAAyB,EAAE;QAE3B,OAAO,SAAS,CAAC,QAAQ,EAAE,OAAO,EAAE,KAAK,EAAE,cAAc,EAAE,EAAE;YAC3D,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,MAAM,CACvC,IAAI,CAAC,QAAQ,EACb,IAAI,CAAC,IAAI,EACT,IAAI,CAAC,OAAO,EACZ,SAAS,EACT,MAAM,EACN,SAAS,EACT,cAAc,CACf,CAAC;YACF,OAAO;gBACL,MAAM,EAAE,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK;gBAC/C,KAAK,EAAE,IAAI,CAAC,QAAQ,EAAE;aACvB,CAAC;QACJ,CAAC,CAAC,CAAC;IACL,CAAC;IAED,QAAQ,CAAC,SAAiB,EAAE,IAAgB,EAAE,UAAuB,EAAE;QACrE,OAAO,SAAS,CAAC,UAAU,EAAE,OAAO,EAAE,KAAK,EAAE,cAAc,EAAE,EAAE;YAC7D,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC;YACjD,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,CACnC,IAAI,CAAC,QAAQ,EACb,IAAI,CAAC,IAAI,EACT,IAAI,CAAC,OAAO,EACZ,SAAS,EACT,MAAM,EACN,cAAc,CACf,CAAC;YACF,OAAO,EAAE,MAAM,EAAE,MAAM,CAAC,MAAO,EAAE,SAAS,EAAE,KAAK,EAAE,IAAI,CAAC,QAAQ,EAAE,EAAE,CAAC;QACvE,CAAC,CAAC,CAAC;IACL,CAAC;IAOD;;OAEG;IACH,IAAI,KAAK;QACP,OAAO,IAAI,CAAC,QAAQ,EAAE,CAAC;IACzB,CAAC;IAED;;;;OAIG;IACH,MAAM,CAAC,UAAyB,EAAE;QAChC,OAAO,SAAS,CAAC,QAAQ,EAAE,OAAO,EAAE,KAAK,EAAE,cAAc,EAAE,EAAE;YAC3D,IAAI,OAAO,IAAI,CAAC,GAAG,KAAK,QAAQ,EAAE;gBAChC,IAAI,CAAC,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,IAAI,KAAK,EAAE,EAAE;oBAClC,MAAM,IAAI,KAAK,CAAC,mCAAmC,CAAC,CAAC;iBACtD;gBACD,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,MAAM,CACvC,IAAI,CAAC,QAAQ,EACb,IAAI,CAAC,IAAI,EACT,OAAO,IAAI,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAC/E,cAAc,CACf,CAAC;gBACF,IAAI,CAAC,GAAG,GAAG,mBAAmB,CAAC,QAAQ,CAAC,CAAC;aAC1C;YACD,OAAO,IAAI,CAAC,GAAG,CAAC;QAClB,CAAC,CAAC,CAAC;IACL,CAAC;IAwBD;;OAEG;IACK,QAAQ;QACd,IAAI,GAAG,CAAC;QACR,IAAI,OAAO,IAAI,CAAC,GAAG,KAAK,QAAQ,EAAE;YAChC,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;SACnB;aAAM;YACL,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC;SAChB;QAED,OAAO,GAAG,CAAC;IACb,CAAC;CACF;AAED;;;;;;;;GAQG;AACH,SAAS,qBAAqB,CAC5B,UAA2B,EAC3B,OAAyE;IAEzE,IAAI,OAAO,CAAC,eAAe,EAAE;QAC3B,OAAO,OAAO,CAAC,eAAe,CAAC;KAChC;IAED,MAAM,OAAO,GAAG,0BAA0B,WAAW,EAAE,CAAC;IAExD,MAAM,gBAAgB,GAAG,OAAO,CAAC,gBAAgB,CAAC;IAElD,OAAO,CAAC,gBAAgB,GAAG;QACzB,eAAe,EACb,gBAAgB,IAAI,gBAAgB,CAAC,eAAe;YAClD,CAAC,CAAC,GAAG,gBAAgB,CAAC,eAAe,IAAI,OAAO,EAAE;YAClD,CAAC,CAAC,OAAO;KACd,CAAC;IAEF,MAAM,UAAU,GAAG,iBAAiB,CAAC,UAAU,CAAC;QAC9C,CAAC,CAAC,kCAAkC,CAAC,UAAU,CAAC;QAChD,CAAC,CAAC,aAAa,CAAC,UAAU,CAAC,CAAC;IAE9B,MAAM,uBAAuB,mCACxB,OAAO,KACV,cAAc,EAAE;YACd,MAAM,EAAE,MAAM,CAAC,IAAI;YACnB,kBAAkB,EAAE;gBAClB,sBAAsB;gBACtB,4BAA4B;gBAC5B,+BAA+B;aAChC;SACF,GACF,CAAC;IAEF,OAAO,IAAI,cAAc,CACvB,OAAO,CAAC,cAAc,IAAI,kBAAkB,EAC5C,yBAAyB,CAAC,uBAAuB,EAAE,UAAU,CAAC,CAC/D,CAAC;AACJ,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport {\n createPipelineFromOptions,\n isTokenCredential,\n TokenCredential,\n signingPolicy,\n} from \"@azure/core-http\";\nimport {\n EncryptParameters,\n EncryptOptions,\n EncryptResult,\n KeyWrapAlgorithm,\n WrapKeyOptions,\n WrapResult,\n VerifyOptions,\n VerifyResult,\n DecryptParameters,\n DecryptOptions,\n DecryptResult,\n UnwrapKeyOptions,\n SignOptions,\n SignResult,\n} from \"../cryptographyClientModels\";\nimport { SDK_VERSION } from \"../constants\";\nimport { UnwrapResult } from \"../cryptographyClientModels\";\nimport { KeyVaultClient } from \"../generated\";\nimport { parseKeyVaultKeyIdentifier } from \"../identifier\";\nimport {\n CryptographyClientOptions,\n GetKeyOptions,\n KeyVaultKey,\n LATEST_API_VERSION,\n} from \"../keysModels\";\nimport { getKeyFromKeyBundle } from \"../transformations\";\nimport { createHash } from \"./crypto\";\nimport { CryptographyProvider, CryptographyProviderOperation } from \"./models\";\nimport { logger } from \"../log\";\nimport {\n createTraceFunction,\n TracedFunction,\n challengeBasedAuthenticationPolicy,\n} from \"../../../keyvault-common/src\";\n\nconst withTrace: TracedFunction = createTraceFunction(\n \"Azure.KeyVault.Keys.RemoteCryptographyProvider\"\n);\n\n/**\n * The remote cryptography provider is used to run crypto operations against KeyVault.\n * @internal\n */\nexport class RemoteCryptographyProvider implements CryptographyProvider {\n constructor(\n key: string | KeyVaultKey,\n credential: TokenCredential,\n pipelineOptions: CryptographyClientOptions = {}\n ) {\n this.client = getOrInitializeClient(credential, pipelineOptions);\n\n this.key = key;\n\n let keyId: string;\n if (typeof key === \"string\") {\n keyId = key;\n } else {\n keyId = key.id!;\n }\n\n try {\n const parsed = parseKeyVaultKeyIdentifier(keyId);\n if (parsed.name === \"\") {\n throw new Error(\"Could not find 'name' of key in key URL\");\n }\n\n if (!parsed.vaultUrl || parsed.vaultUrl === \"\") {\n throw new Error(\"Could not find 'vaultUrl' of key in key URL\");\n }\n\n this.vaultUrl = parsed.vaultUrl;\n this.name = parsed.name;\n this.version = parsed.version ?? \"\";\n } catch (err) {\n logger.error(err);\n\n throw new Error(`${keyId} is not a valid Key Vault key ID`);\n }\n }\n\n // The remote client supports all algorithms and all operations.\n isSupported(_algorithm: string, _operation: CryptographyProviderOperation): boolean {\n return true;\n }\n\n encrypt(\n encryptParameters: EncryptParameters,\n options: EncryptOptions = {}\n ): Promise<EncryptResult> {\n const { algorithm, plaintext, ...params } = encryptParameters;\n const requestOptions = { ...options, ...params };\n\n return withTrace(\"encrypt\", requestOptions, async (updatedOptions) => {\n const result = await this.client.encrypt(\n this.vaultUrl,\n this.name,\n this.version,\n algorithm,\n plaintext,\n updatedOptions\n );\n\n return {\n algorithm: encryptParameters.algorithm,\n result: result.result!,\n keyID: this.getKeyID(),\n additionalAuthenticatedData: result.additionalAuthenticatedData,\n authenticationTag: result.authenticationTag,\n iv: result.iv,\n };\n });\n }\n\n decrypt(\n decryptParameters: DecryptParameters,\n options: DecryptOptions = {}\n ): Promise<DecryptResult> {\n const { algorithm, ciphertext, ...params } = decryptParameters;\n const requestOptions = { ...options, ...params };\n\n return withTrace(\"decrypt\", requestOptions, async (updatedOptions) => {\n const result = await this.client.decrypt(\n this.vaultUrl,\n this.name,\n this.version,\n algorithm,\n ciphertext,\n updatedOptions\n );\n return {\n result: result.result!,\n keyID: this.getKeyID(),\n algorithm,\n };\n });\n }\n\n wrapKey(\n algorithm: KeyWrapAlgorithm,\n keyToWrap: Uint8Array,\n options: WrapKeyOptions = {}\n ): Promise<WrapResult> {\n return withTrace(\"wrapKey\", options, async (updatedOptions) => {\n const result = await this.client.wrapKey(\n this.vaultUrl,\n this.name,\n this.version,\n algorithm,\n keyToWrap,\n updatedOptions\n );\n\n return {\n result: result.result!,\n algorithm,\n keyID: this.getKeyID(),\n };\n });\n }\n\n unwrapKey(\n algorithm: KeyWrapAlgorithm,\n encryptedKey: Uint8Array,\n options: UnwrapKeyOptions = {}\n ): Promise<UnwrapResult> {\n return withTrace(\"unwrapKey\", options, async (updatedOptions) => {\n const result = await this.client.unwrapKey(\n this.vaultUrl,\n this.name,\n this.version,\n algorithm,\n encryptedKey,\n updatedOptions\n );\n\n return {\n result: result.result!,\n algorithm,\n keyID: this.getKeyID(),\n };\n });\n }\n\n sign(algorithm: string, digest: Uint8Array, options: SignOptions = {}): Promise<SignResult> {\n return withTrace(\"sign\", options, async (updatedOptions) => {\n const result = await this.client.sign(\n this.vaultUrl,\n this.name,\n this.version,\n algorithm,\n digest,\n updatedOptions\n );\n\n return { result: result.result!, algorithm, keyID: this.getKeyID() };\n });\n }\n\n verifyData(\n algorithm: string,\n data: Uint8Array,\n signature: Uint8Array,\n options: VerifyOptions = {}\n ): Promise<VerifyResult> {\n return withTrace(\"verifyData\", options, async (updatedOptions) => {\n const hash = await createHash(algorithm, data);\n return this.verify(algorithm, hash, signature, updatedOptions);\n });\n }\n\n verify(\n algorithm: string,\n digest: Uint8Array,\n signature: Uint8Array,\n options: VerifyOptions = {}\n ): Promise<VerifyResult> {\n return withTrace(\"verify\", options, async (updatedOptions) => {\n const response = await this.client.verify(\n this.vaultUrl,\n this.name,\n this.version,\n algorithm,\n digest,\n signature,\n updatedOptions\n );\n return {\n result: response.value ? response.value : false,\n keyID: this.getKeyID(),\n };\n });\n }\n\n signData(algorithm: string, data: Uint8Array, options: SignOptions = {}): Promise<SignResult> {\n return withTrace(\"signData\", options, async (updatedOptions) => {\n const digest = await createHash(algorithm, data);\n const result = await this.client.sign(\n this.vaultUrl,\n this.name,\n this.version,\n algorithm,\n digest,\n updatedOptions\n );\n return { result: result.result!, algorithm, keyID: this.getKeyID() };\n });\n }\n\n /**\n * The base URL to the vault.\n */\n readonly vaultUrl: string;\n\n /**\n * The ID of the key used to perform cryptographic operations for the client.\n */\n get keyId(): string | undefined {\n return this.getKeyID();\n }\n\n /**\n * Gets the {@link KeyVaultKey} used for cryptography operations, fetching it\n * from KeyVault if necessary.\n * @param options - Additional options.\n */\n getKey(options: GetKeyOptions = {}): Promise<KeyVaultKey> {\n return withTrace(\"getKey\", options, async (updatedOptions) => {\n if (typeof this.key === \"string\") {\n if (!this.name || this.name === \"\") {\n throw new Error(\"getKey requires a key with a name\");\n }\n const response = await this.client.getKey(\n this.vaultUrl,\n this.name,\n options && options.version ? options.version : this.version ? this.version : \"\",\n updatedOptions\n );\n this.key = getKeyFromKeyBundle(response);\n }\n return this.key;\n });\n }\n\n /**\n * A reference to the auto-generated KeyVault HTTP client.\n */\n private client: KeyVaultClient;\n\n /**\n * A reference to the key used for the cryptographic operations.\n * Based on what was provided to the CryptographyClient constructor,\n * it can be either a string with the URL of a Key Vault Key, or an already parsed {@link KeyVaultKey}.\n */\n private key: string | KeyVaultKey;\n\n /**\n * Name of the key the client represents\n */\n private name: string;\n\n /**\n * Version of the key the client represents\n */\n private version: string;\n\n /**\n * Attempts to retrieve the ID of the key.\n */\n private getKeyID(): string | undefined {\n let kid;\n if (typeof this.key !== \"string\") {\n kid = this.key.id;\n } else {\n kid = this.key;\n }\n\n return kid;\n }\n}\n\n/**\n * A helper method to either get the passed down generated client or initialize a new one.\n * An already constructed generated client may be passed down from {@link KeyClient} in which case we should reuse it.\n *\n * @internal\n * @param credential - The credential to use when initializing a new client.\n * @param options - The options for constructing a client or the underlying client if one already exists.\n * @returns - A generated client instance\n */\nfunction getOrInitializeClient(\n credential: TokenCredential,\n options: CryptographyClientOptions & { generatedClient?: KeyVaultClient }\n): KeyVaultClient {\n if (options.generatedClient) {\n return options.generatedClient;\n }\n\n const libInfo = `azsdk-js-keyvault-keys/${SDK_VERSION}`;\n\n const userAgentOptions = options.userAgentOptions;\n\n options.userAgentOptions = {\n userAgentPrefix:\n userAgentOptions && userAgentOptions.userAgentPrefix\n ? `${userAgentOptions.userAgentPrefix} ${libInfo}`\n : libInfo,\n };\n\n const authPolicy = isTokenCredential(credential)\n ? challengeBasedAuthenticationPolicy(credential)\n : signingPolicy(credential);\n\n const internalPipelineOptions = {\n ...options,\n loggingOptions: {\n logger: logger.info,\n allowedHeaderNames: [\n \"x-ms-keyvault-region\",\n \"x-ms-keyvault-network-info\",\n \"x-ms-keyvault-service-version\",\n ],\n },\n };\n\n return new KeyVaultClient(\n options.serviceVersion || LATEST_API_VERSION,\n createPipelineFromOptions(internalPipelineOptions, authPolicy)\n );\n}\n"]}
package/dist-esm/keyvault-keys/src/cryptography/rsaCryptographyProvider.js CHANGED
@@ -4,7 +4,7 @@ import { RSA_PKCS1_OAEP_PADDING, RSA_PKCS1_PADDING } from "constants";
4
4
  import { publicEncrypt } from "crypto";
5
5
  import { createVerify } from "./crypto";
6
6
  import { convertJWKtoPEM } from "./conversions";
7
- import { LocalCryptographyUnsupportedError } from "./models";
7
+ import { LocalCryptographyUnsupportedError, } from "./models";
8
8
  /**
9
9
  * An RSA cryptography provider supporting RSA algorithms.
10
10
  */
@@ -12,7 +12,6 @@ export class RsaCryptographyProvider {
12
12
  constructor(key) {
13
13
  /**
14
14
  * The set of algorithms this provider supports
15
- * @internal
16
15
  */
17
16
  this.applicableAlgorithms = [
18
17
  "RSA1_5",
@@ -22,16 +21,15 @@ export class RsaCryptographyProvider {
22
21
  "PS384",
23
22
  "RS384",
24
23
  "PS512",
25
- "RS512"
24
+ "RS512",
26
25
  ];
27
26
  /**
28
27
  * The set of operations this provider supports
29
- * @internal
30
28
  */
31
29
  this.applicableOperations = [
32
30
  "encrypt",
33
31
  "wrapKey",
34
- "verifyData"
32
+ "verifyData",
35
33
  ];
36
34
  /**
37
35
  * Mapping between signature algorithms and their corresponding hash algorithms. Externally used for testing.
@@ -43,7 +41,7 @@ export class RsaCryptographyProvider {
43
41
  PS384: "SHA384",
44
42
  RS384: "SHA384",
45
43
  PS512: "SHA512",
46
- RS512: "SHA512"
44
+ RS512: "SHA512",
47
45
  };
48
46
  this.key = key;
49
47
  }
@@ -57,7 +55,7 @@ export class RsaCryptographyProvider {
57
55
  return Promise.resolve({
58
56
  algorithm: encryptParameters.algorithm,
59
57
  keyID: this.key.kid,
60
- result: publicEncrypt({ key: keyPEM, padding: padding }, Buffer.from(encryptParameters.plaintext))
58
+ result: publicEncrypt({ key: keyPEM, padding: padding }, Buffer.from(encryptParameters.plaintext)),
61
59
  });
62
60
  }
63
61
  decrypt(_decryptParameters, _options) {
@@ -70,7 +68,7 @@ export class RsaCryptographyProvider {
70
68
  return Promise.resolve({
71
69
  algorithm: algorithm,
72
70
  result: publicEncrypt({ key: keyPEM, padding }, Buffer.from(keyToWrap)),
73
- keyID: this.key.kid
71
+ keyID: this.key.kid,
74
72
  });
75
73
  }
76
74
  unwrapKey(_algorithm, _encryptedKey, _options) {
@@ -91,7 +89,7 @@ export class RsaCryptographyProvider {
91
89
  const verifier = createVerify(algorithm, data);
92
90
  return Promise.resolve({
93
91
  result: verifier.verify(keyPEM, Buffer.from(signature)),
94
- keyID: this.key.kid
92
+ keyID: this.key.kid,
95
93
  });
96
94
  }
97
95
  ensureValid() {
package/dist-esm/keyvault-keys/src/cryptography/rsaCryptographyProvider.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"rsaCryptographyProvider.js","sourceRoot":"","sources":["../../../../src/cryptography/rsaCryptographyProvider.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC,OAAO,EAAE,sBAAsB,EAAE,iBAAiB,EAAE,MAAM,WAAW,CAAC;AACtE,OAAO,EAAE,aAAa,EAAE,MAAM,QAAQ,CAAC;AACvC,OAAO,EAAE,YAAY,EAAE,MAAM,UAAU,CAAC;AAoBxC,OAAO,EAAE,eAAe,EAAE,MAAM,eAAe,CAAC;AAChD,OAAO,EAGL,iCAAiC,EAClC,MAAM,UAAU,CAAC;AAElB;;GAEG;AACH,MAAM,OAAO,uBAAuB;IAClC,YAAY,GAAe;QAoH3B;;;WAGG;QACK,yBAAoB,GAAa;YACvC,QAAQ;YACR,UAAU;YACV,OAAO;YACP,OAAO;YACP,OAAO;YACP,OAAO;YACP,OAAO;YACP,OAAO;SACR,CAAC;QAEF;;;WAGG;QACK,yBAAoB,GAAoC;YAC9D,SAAS;YACT,SAAS;YACT,YAAY;SACb,CAAC;QAEF;;;WAGG;QACH,sCAAiC,GAA4B;YAC3D,KAAK,EAAE,QAAQ;YACf,KAAK,EAAE,QAAQ;YACf,KAAK,EAAE,QAAQ;YACf,KAAK,EAAE,QAAQ;YACf,KAAK,EAAE,QAAQ;YACf,KAAK,EAAE,QAAQ;SAChB,CAAC;QAvJA,IAAI,CAAC,GAAG,GAAG,GAAG,CAAC;IACjB,CAAC;IAED,WAAW,CAAC,SAAiB,EAAE,SAAwC;QACrE,OAAO,CACL,IAAI,CAAC,oBAAoB,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,IAAI,CAAC,oBAAoB,CAAC,QAAQ,CAAC,SAAS,CAAC,CAC/F,CAAC;IACJ,CAAC;IAED,OAAO,CAAC,iBAAoC,EAAE,QAAyB;QACrE,IAAI,CAAC,WAAW,EAAE,CAAC;QACnB,MAAM,MAAM,GAAG,eAAe,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAEzC,MAAM,OAAO,GACX,iBAAiB,CAAC,SAAS,KAAK,QAAQ,CAAC,CAAC,CAAC,iBAAiB,CAAC,CAAC,CAAC,sBAAsB,CAAC;QAExF,OAAO,OAAO,CAAC,OAAO,CAAC;YACrB,SAAS,EAAE,iBAAiB,CAAC,SAAS;YACtC,KAAK,EAAE,IAAI,CAAC,GAAG,CAAC,GAAG;YACnB,MAAM,EAAE,aAAa,CACnB,EAAE,GAAG,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,EACjC,MAAM,CAAC,IAAI,CAAC,iBAAiB,CAAC,SAAS,CAAC,CACzC;SACF,CAAC,CAAC;IACL,CAAC;IAED,OAAO,CACL,kBAAqC,EACrC,QAAyB;QAEzB,MAAM,IAAI,iCAAiC,CACzC,uDAAuD,CACxD,CAAC;IACJ,CAAC;IAED,OAAO,CACL,SAA2B,EAC3B,SAAqB,EACrB,QAAyB;QAEzB,IAAI,CAAC,WAAW,EAAE,CAAC;QACnB,MAAM,MAAM,GAAG,eAAe,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAEzC,MAAM,OAAO,GAAG,SAAS,KAAK,QAAQ,CAAC,CAAC,CAAC,iBAAiB,CAAC,CAAC,CAAC,sBAAsB,CAAC;QAEpF,OAAO,OAAO,CAAC,OAAO,CAAC;YACrB,SAAS,EAAE,SAA6B;YACxC,MAAM,EAAE,aAAa,CAAC,EAAE,GAAG,EAAE,MAAM,EAAE,OAAO,EAAE,EAAE,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YACvE,KAAK,EAAE,IAAI,CAAC,GAAG,CAAC,GAAG;SACpB,CAAC,CAAC;IACL,CAAC;IAED,SAAS,CACP,UAA4B,EAC5B,aAAyB,EACzB,QAA2B;QAE3B,MAAM,IAAI,iCAAiC,CACzC,6DAA6D,CAC9D,CAAC;IACJ,CAAC;IAED,IAAI,CACF,UAA8B,EAC9B,OAAmB,EACnB,QAAsB;QAEtB,MAAM,IAAI,iCAAiC,CACzC,6DAA6D,CAC9D,CAAC;IACJ,CAAC;IAED,QAAQ,CACN,UAA8B,EAC9B,KAAiB,EACjB,QAAsB;QAEtB,MAAM,IAAI,iCAAiC,CACzC,oEAAoE,CACrE,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,MAAM,CACV,UAA8B,EAC9B,OAAmB,EACnB,UAAsB,EACtB,QAAwB;QAExB,MAAM,IAAI,iCAAiC,CACzC,+DAA+D,CAChE,CAAC;IACJ,CAAC;IAED,UAAU,CACR,SAA6B,EAC7B,IAAgB,EAChB,SAAqB,EACrB,QAAwB;QAExB,IAAI,CAAC,WAAW,EAAE,CAAC;QACnB,MAAM,MAAM,GAAG,eAAe,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAEzC,MAAM,QAAQ,GAAG,YAAY,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC;QAC/C,OAAO,OAAO,CAAC,OAAO,CAAC;YACrB,MAAM,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YACvD,KAAK,EAAE,IAAI,CAAC,GAAG,CAAC,GAAG;SACpB,CAAC,CAAC;IACL,CAAC;IA8CO,WAAW;;QACjB,IACE,IAAI,CAAC,GAAG;YACR,CAAA,MAAA,IAAI,CAAC,GAAG,CAAC,GAAG,0CAAE,WAAW,EAAE,MAAK,KAAK;YACrC,CAAA,MAAA,IAAI,CAAC,GAAG,CAAC,GAAG,0CAAE,WAAW,EAAE,MAAK,SAAS,EACzC;YACA,MAAM,IAAI,KAAK,CAAC,2CAA2C,CAAC,CAAC;SAC9D;IACH,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { RSA_PKCS1_OAEP_PADDING, RSA_PKCS1_PADDING } from \"constants\";\nimport { publicEncrypt } from \"crypto\";\nimport { createVerify } from \"./crypto\";\nimport {\n JsonWebKey,\n DecryptOptions,\n EncryptOptions,\n EncryptParameters,\n EncryptResult,\n KeyWrapAlgorithm,\n UnwrapKeyOptions,\n VerifyOptions,\n VerifyResult,\n WrapKeyOptions,\n DecryptParameters,\n DecryptResult,\n SignatureAlgorithm,\n SignOptions,\n SignResult,\n UnwrapResult,\n WrapResult\n} from \"..\";\nimport { convertJWKtoPEM } from \"./conversions\";\nimport {\n CryptographyProvider,\n CryptographyProviderOperation,\n LocalCryptographyUnsupportedError\n} from \"./models\";\n\n/**\n * An RSA cryptography provider supporting RSA algorithms.\n */\nexport class RsaCryptographyProvider implements CryptographyProvider {\n constructor(key: JsonWebKey) {\n this.key = key;\n }\n\n isSupported(algorithm: string, operation: CryptographyProviderOperation): boolean {\n return (\n this.applicableAlgorithms.includes(algorithm) && this.applicableOperations.includes(operation)\n );\n }\n\n encrypt(encryptParameters: EncryptParameters, _options?: EncryptOptions): Promise<EncryptResult> {\n this.ensureValid();\n const keyPEM = convertJWKtoPEM(this.key);\n\n const padding =\n encryptParameters.algorithm === \"RSA1_5\" ? RSA_PKCS1_PADDING : RSA_PKCS1_OAEP_PADDING;\n\n return Promise.resolve({\n algorithm: encryptParameters.algorithm,\n keyID: this.key.kid,\n result: publicEncrypt(\n { key: keyPEM, padding: padding },\n Buffer.from(encryptParameters.plaintext)\n )\n });\n }\n\n decrypt(\n _decryptParameters: DecryptParameters,\n _options?: DecryptOptions\n ): Promise<DecryptResult> {\n throw new LocalCryptographyUnsupportedError(\n \"Decrypting using a local JsonWebKey is not supported.\"\n );\n }\n\n wrapKey(\n algorithm: KeyWrapAlgorithm,\n keyToWrap: Uint8Array,\n _options?: WrapKeyOptions\n ): Promise<WrapResult> {\n this.ensureValid();\n const keyPEM = convertJWKtoPEM(this.key);\n\n const padding = algorithm === \"RSA1_5\" ? RSA_PKCS1_PADDING : RSA_PKCS1_OAEP_PADDING;\n\n return Promise.resolve({\n algorithm: algorithm as KeyWrapAlgorithm,\n result: publicEncrypt({ key: keyPEM, padding }, Buffer.from(keyToWrap)),\n keyID: this.key.kid\n });\n }\n\n unwrapKey(\n _algorithm: KeyWrapAlgorithm,\n _encryptedKey: Uint8Array,\n _options?: UnwrapKeyOptions\n ): Promise<UnwrapResult> {\n throw new LocalCryptographyUnsupportedError(\n \"Unwrapping a key using a local JsonWebKey is not supported.\"\n );\n }\n\n sign(\n _algorithm: SignatureAlgorithm,\n _digest: Uint8Array,\n _options?: SignOptions\n ): Promise<SignResult> {\n throw new LocalCryptographyUnsupportedError(\n \"Signing a digest using a local JsonWebKey is not supported.\"\n );\n }\n\n signData(\n _algorithm: SignatureAlgorithm,\n _data: Uint8Array,\n _options?: SignOptions\n ): Promise<SignResult> {\n throw new LocalCryptographyUnsupportedError(\n \"Signing a block of data using a local JsonWebKey is not supported.\"\n );\n }\n\n async verify(\n _algorithm: SignatureAlgorithm,\n _digest: Uint8Array,\n _signature: Uint8Array,\n _options?: VerifyOptions\n ): Promise<VerifyResult> {\n throw new LocalCryptographyUnsupportedError(\n \"Verifying a digest using a local JsonWebKey is not supported.\"\n );\n }\n\n verifyData(\n algorithm: SignatureAlgorithm,\n data: Uint8Array,\n signature: Uint8Array,\n _options?: VerifyOptions\n ): Promise<VerifyResult> {\n this.ensureValid();\n const keyPEM = convertJWKtoPEM(this.key);\n\n const verifier = createVerify(algorithm, data);\n return Promise.resolve({\n result: verifier.verify(keyPEM, Buffer.from(signature)),\n keyID: this.key.kid\n });\n }\n\n /**\n * The {@link JsonWebKey} used to perform crypto operations.\n * @internal\n */\n private key: JsonWebKey;\n\n /**\n * The set of algorithms this provider supports\n * @internal\n */\n private applicableAlgorithms: string[] = [\n \"RSA1_5\",\n \"RSA-OAEP\",\n \"PS256\",\n \"RS256\",\n \"PS384\",\n \"RS384\",\n \"PS512\",\n \"RS512\"\n ];\n\n /**\n * The set of operations this provider supports\n * @internal\n */\n private applicableOperations: CryptographyProviderOperation[] = [\n \"encrypt\",\n \"wrapKey\",\n \"verifyData\"\n ];\n\n /**\n * Mapping between signature algorithms and their corresponding hash algorithms. Externally used for testing.\n * @internal\n */\n signatureAlgorithmToHashAlgorithm: { [s: string]: string } = {\n PS256: \"SHA256\",\n RS256: \"SHA256\",\n PS384: \"SHA384\",\n RS384: \"SHA384\",\n PS512: \"SHA512\",\n RS512: \"SHA512\"\n };\n\n private ensureValid(): void {\n if (\n this.key &&\n this.key.kty?.toUpperCase() !== \"RSA\" &&\n this.key.kty?.toUpperCase() !== \"RSA-HSM\"\n ) {\n throw new Error(\"Key type does not match the algorithm RSA\");\n }\n }\n}\n"]}
1
+ {"version":3,"file":"rsaCryptographyProvider.js","sourceRoot":"","sources":["../../../../src/cryptography/rsaCryptographyProvider.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC,OAAO,EAAE,sBAAsB,EAAE,iBAAiB,EAAE,MAAM,WAAW,CAAC;AACtE,OAAO,EAAE,aAAa,EAAE,MAAM,QAAQ,CAAC;AACvC,OAAO,EAAE,YAAY,EAAE,MAAM,UAAU,CAAC;AAoBxC,OAAO,EAAE,eAAe,EAAE,MAAM,eAAe,CAAC;AAChD,OAAO,EAGL,iCAAiC,GAClC,MAAM,UAAU,CAAC;AAElB;;GAEG;AACH,MAAM,OAAO,uBAAuB;IAClC,YAAY,GAAe;QAmH3B;;WAEG;QACK,yBAAoB,GAAa;YACvC,QAAQ;YACR,UAAU;YACV,OAAO;YACP,OAAO;YACP,OAAO;YACP,OAAO;YACP,OAAO;YACP,OAAO;SACR,CAAC;QAEF;;WAEG;QACK,yBAAoB,GAAoC;YAC9D,SAAS;YACT,SAAS;YACT,YAAY;SACb,CAAC;QAEF;;;WAGG;QACH,sCAAiC,GAA4B;YAC3D,KAAK,EAAE,QAAQ;YACf,KAAK,EAAE,QAAQ;YACf,KAAK,EAAE,QAAQ;YACf,KAAK,EAAE,QAAQ;YACf,KAAK,EAAE,QAAQ;YACf,KAAK,EAAE,QAAQ;SAChB,CAAC;QApJA,IAAI,CAAC,GAAG,GAAG,GAAG,CAAC;IACjB,CAAC;IAED,WAAW,CAAC,SAAiB,EAAE,SAAwC;QACrE,OAAO,CACL,IAAI,CAAC,oBAAoB,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,IAAI,CAAC,oBAAoB,CAAC,QAAQ,CAAC,SAAS,CAAC,CAC/F,CAAC;IACJ,CAAC;IAED,OAAO,CAAC,iBAAoC,EAAE,QAAyB;QACrE,IAAI,CAAC,WAAW,EAAE,CAAC;QACnB,MAAM,MAAM,GAAG,eAAe,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAEzC,MAAM,OAAO,GACX,iBAAiB,CAAC,SAAS,KAAK,QAAQ,CAAC,CAAC,CAAC,iBAAiB,CAAC,CAAC,CAAC,sBAAsB,CAAC;QAExF,OAAO,OAAO,CAAC,OAAO,CAAC;YACrB,SAAS,EAAE,iBAAiB,CAAC,SAAS;YACtC,KAAK,EAAE,IAAI,CAAC,GAAG,CAAC,GAAG;YACnB,MAAM,EAAE,aAAa,CACnB,EAAE,GAAG,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,EACjC,MAAM,CAAC,IAAI,CAAC,iBAAiB,CAAC,SAAS,CAAC,CACzC;SACF,CAAC,CAAC;IACL,CAAC;IAED,OAAO,CACL,kBAAqC,EACrC,QAAyB;QAEzB,MAAM,IAAI,iCAAiC,CACzC,uDAAuD,CACxD,CAAC;IACJ,CAAC;IAED,OAAO,CACL,SAA2B,EAC3B,SAAqB,EACrB,QAAyB;QAEzB,IAAI,CAAC,WAAW,EAAE,CAAC;QACnB,MAAM,MAAM,GAAG,eAAe,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAEzC,MAAM,OAAO,GAAG,SAAS,KAAK,QAAQ,CAAC,CAAC,CAAC,iBAAiB,CAAC,CAAC,CAAC,sBAAsB,CAAC;QAEpF,OAAO,OAAO,CAAC,OAAO,CAAC;YACrB,SAAS,EAAE,SAA6B;YACxC,MAAM,EAAE,aAAa,CAAC,EAAE,GAAG,EAAE,MAAM,EAAE,OAAO,EAAE,EAAE,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YACvE,KAAK,EAAE,IAAI,CAAC,GAAG,CAAC,GAAG;SACpB,CAAC,CAAC;IACL,CAAC;IAED,SAAS,CACP,UAA4B,EAC5B,aAAyB,EACzB,QAA2B;QAE3B,MAAM,IAAI,iCAAiC,CACzC,6DAA6D,CAC9D,CAAC;IACJ,CAAC;IAED,IAAI,CACF,UAA8B,EAC9B,OAAmB,EACnB,QAAsB;QAEtB,MAAM,IAAI,iCAAiC,CACzC,6DAA6D,CAC9D,CAAC;IACJ,CAAC;IAED,QAAQ,CACN,UAA8B,EAC9B,KAAiB,EACjB,QAAsB;QAEtB,MAAM,IAAI,iCAAiC,CACzC,oEAAoE,CACrE,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,MAAM,CACV,UAA8B,EAC9B,OAAmB,EACnB,UAAsB,EACtB,QAAwB;QAExB,MAAM,IAAI,iCAAiC,CACzC,+DAA+D,CAChE,CAAC;IACJ,CAAC;IAED,UAAU,CACR,SAA6B,EAC7B,IAAgB,EAChB,SAAqB,EACrB,QAAwB;QAExB,IAAI,CAAC,WAAW,EAAE,CAAC;QACnB,MAAM,MAAM,GAAG,eAAe,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAEzC,MAAM,QAAQ,GAAG,YAAY,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC;QAC/C,OAAO,OAAO,CAAC,OAAO,CAAC;YACrB,MAAM,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YACvD,KAAK,EAAE,IAAI,CAAC,GAAG,CAAC,GAAG;SACpB,CAAC,CAAC;IACL,CAAC;IA2CO,WAAW;;QACjB,IACE,IAAI,CAAC,GAAG;YACR,CAAA,MAAA,IAAI,CAAC,GAAG,CAAC,GAAG,0CAAE,WAAW,EAAE,MAAK,KAAK;YACrC,CAAA,MAAA,IAAI,CAAC,GAAG,CAAC,GAAG,0CAAE,WAAW,EAAE,MAAK,SAAS,EACzC;YACA,MAAM,IAAI,KAAK,CAAC,2CAA2C,CAAC,CAAC;SAC9D;IACH,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { RSA_PKCS1_OAEP_PADDING, RSA_PKCS1_PADDING } from \"constants\";\nimport { publicEncrypt } from \"crypto\";\nimport { createVerify } from \"./crypto\";\nimport {\n JsonWebKey,\n DecryptOptions,\n EncryptOptions,\n EncryptParameters,\n EncryptResult,\n KeyWrapAlgorithm,\n UnwrapKeyOptions,\n VerifyOptions,\n VerifyResult,\n WrapKeyOptions,\n DecryptParameters,\n DecryptResult,\n SignatureAlgorithm,\n SignOptions,\n SignResult,\n UnwrapResult,\n WrapResult,\n} from \"..\";\nimport { convertJWKtoPEM } from \"./conversions\";\nimport {\n CryptographyProvider,\n CryptographyProviderOperation,\n LocalCryptographyUnsupportedError,\n} from \"./models\";\n\n/**\n * An RSA cryptography provider supporting RSA algorithms.\n */\nexport class RsaCryptographyProvider implements CryptographyProvider {\n constructor(key: JsonWebKey) {\n this.key = key;\n }\n\n isSupported(algorithm: string, operation: CryptographyProviderOperation): boolean {\n return (\n this.applicableAlgorithms.includes(algorithm) && this.applicableOperations.includes(operation)\n );\n }\n\n encrypt(encryptParameters: EncryptParameters, _options?: EncryptOptions): Promise<EncryptResult> {\n this.ensureValid();\n const keyPEM = convertJWKtoPEM(this.key);\n\n const padding =\n encryptParameters.algorithm === \"RSA1_5\" ? RSA_PKCS1_PADDING : RSA_PKCS1_OAEP_PADDING;\n\n return Promise.resolve({\n algorithm: encryptParameters.algorithm,\n keyID: this.key.kid,\n result: publicEncrypt(\n { key: keyPEM, padding: padding },\n Buffer.from(encryptParameters.plaintext)\n ),\n });\n }\n\n decrypt(\n _decryptParameters: DecryptParameters,\n _options?: DecryptOptions\n ): Promise<DecryptResult> {\n throw new LocalCryptographyUnsupportedError(\n \"Decrypting using a local JsonWebKey is not supported.\"\n );\n }\n\n wrapKey(\n algorithm: KeyWrapAlgorithm,\n keyToWrap: Uint8Array,\n _options?: WrapKeyOptions\n ): Promise<WrapResult> {\n this.ensureValid();\n const keyPEM = convertJWKtoPEM(this.key);\n\n const padding = algorithm === \"RSA1_5\" ? RSA_PKCS1_PADDING : RSA_PKCS1_OAEP_PADDING;\n\n return Promise.resolve({\n algorithm: algorithm as KeyWrapAlgorithm,\n result: publicEncrypt({ key: keyPEM, padding }, Buffer.from(keyToWrap)),\n keyID: this.key.kid,\n });\n }\n\n unwrapKey(\n _algorithm: KeyWrapAlgorithm,\n _encryptedKey: Uint8Array,\n _options?: UnwrapKeyOptions\n ): Promise<UnwrapResult> {\n throw new LocalCryptographyUnsupportedError(\n \"Unwrapping a key using a local JsonWebKey is not supported.\"\n );\n }\n\n sign(\n _algorithm: SignatureAlgorithm,\n _digest: Uint8Array,\n _options?: SignOptions\n ): Promise<SignResult> {\n throw new LocalCryptographyUnsupportedError(\n \"Signing a digest using a local JsonWebKey is not supported.\"\n );\n }\n\n signData(\n _algorithm: SignatureAlgorithm,\n _data: Uint8Array,\n _options?: SignOptions\n ): Promise<SignResult> {\n throw new LocalCryptographyUnsupportedError(\n \"Signing a block of data using a local JsonWebKey is not supported.\"\n );\n }\n\n async verify(\n _algorithm: SignatureAlgorithm,\n _digest: Uint8Array,\n _signature: Uint8Array,\n _options?: VerifyOptions\n ): Promise<VerifyResult> {\n throw new LocalCryptographyUnsupportedError(\n \"Verifying a digest using a local JsonWebKey is not supported.\"\n );\n }\n\n verifyData(\n algorithm: SignatureAlgorithm,\n data: Uint8Array,\n signature: Uint8Array,\n _options?: VerifyOptions\n ): Promise<VerifyResult> {\n this.ensureValid();\n const keyPEM = convertJWKtoPEM(this.key);\n\n const verifier = createVerify(algorithm, data);\n return Promise.resolve({\n result: verifier.verify(keyPEM, Buffer.from(signature)),\n keyID: this.key.kid,\n });\n }\n\n /**\n * The {@link JsonWebKey} used to perform crypto operations.\n */\n private key: JsonWebKey;\n\n /**\n * The set of algorithms this provider supports\n */\n private applicableAlgorithms: string[] = [\n \"RSA1_5\",\n \"RSA-OAEP\",\n \"PS256\",\n \"RS256\",\n \"PS384\",\n \"RS384\",\n \"PS512\",\n \"RS512\",\n ];\n\n /**\n * The set of operations this provider supports\n */\n private applicableOperations: CryptographyProviderOperation[] = [\n \"encrypt\",\n \"wrapKey\",\n \"verifyData\",\n ];\n\n /**\n * Mapping between signature algorithms and their corresponding hash algorithms. Externally used for testing.\n * @internal\n */\n signatureAlgorithmToHashAlgorithm: { [s: string]: string } = {\n PS256: \"SHA256\",\n RS256: \"SHA256\",\n PS384: \"SHA384\",\n RS384: \"SHA384\",\n PS512: \"SHA512\",\n RS512: \"SHA512\",\n };\n\n private ensureValid(): void {\n if (\n this.key &&\n this.key.kty?.toUpperCase() !== \"RSA\" &&\n this.key.kty?.toUpperCase() !== \"RSA-HSM\"\n ) {\n throw new Error(\"Key type does not match the algorithm RSA\");\n }\n }\n}\n"]}
package/dist-esm/keyvault-keys/src/cryptographyClient.js CHANGED
@@ -1,6 +1,6 @@
1
1
  // Copyright (c) Microsoft Corporation.
2
2
  // Licensed under the MIT license.
3
- import { KnownKeyOperations } from "./keysModels";
3
+ import { KnownKeyOperations, } from "./keysModels";
4
4
  import { RemoteCryptographyProvider } from "./cryptography/remoteCryptographyProvider";
5
5
  import { randomBytes } from "./cryptography/crypto";
6
6
  import { RsaCryptographyProvider } from "./cryptography/rsaCryptographyProvider";
@@ -22,7 +22,7 @@ export class CryptographyClient {
22
22
  // Key URL for remote-local operations.
23
23
  this.key = {
24
24
  kind: "identifier",
25
- value: key
25
+ value: key,
26
26
  };
27
27
  this.remoteProvider = new RemoteCryptographyProvider(key, credential, pipelineOptions);
28
28
  }
@@ -30,7 +30,7 @@ export class CryptographyClient {
30
30
  // KeyVault key for remote-local operations.
31
31
  this.key = {
32
32
  kind: "KeyVaultKey",
33
- value: key
33
+ value: key,
34
34
  };
35
35
  this.remoteProvider = new RemoteCryptographyProvider(key, credential, pipelineOptions);
36
36
  }
@@ -38,7 +38,7 @@ export class CryptographyClient {
38
38
  // JsonWebKey for local-only operations.
39
39
  this.key = {
40
40
  kind: "JsonWebKey",
41
- value: key
41
+ value: key,
42
42
  };
43
43
  }
44
44
  }
@@ -88,7 +88,7 @@ export class CryptographyClient {
88
88
  "A192CBC",
89
89
  "A192CBCPAD",
90
90
  "A256CBC",
91
- "A256CBCPAD"
91
+ "A256CBCPAD",
92
92
  ];
93
93
  if (parameters.algorithm in algorithmsRequiringIV) {
94
94
  try {
@@ -112,9 +112,9 @@ export class CryptographyClient {
112
112
  return [
113
113
  {
114
114
  algorithm: args[0],
115
- plaintext: args[1]
115
+ plaintext: args[1],
116
116
  },
117
- args[2] || {}
117
+ args[2] || {},
118
118
  ];
119
119
  }
120
120
  else {
@@ -148,9 +148,9 @@ export class CryptographyClient {
148
148
  return [
149
149
  {
150
150
  algorithm: args[0],
151
- ciphertext: args[1]
151
+ ciphertext: args[1],
152
152
  },
153
- args[2] || {}
153
+ args[2] || {},
154
154
  ];
155
155
  }
156
156
  else {
@@ -323,7 +323,6 @@ export class CryptographyClient {
323
323
  });
324
324
  }
325
325
  /**
326
- * @internal
327
326
  * Retrieves the {@link JsonWebKey} from the Key Vault.
328
327
  *
329
328
  * Example usage:
@@ -369,7 +368,7 @@ export class CryptographyClient {
369
368
  // Add local crypto providers as needed
370
369
  this.providers = [
371
370
  new RsaCryptographyProvider(keyMaterial),
372
- new AesCryptographyProvider(keyMaterial)
371
+ new AesCryptographyProvider(keyMaterial),
373
372
  ];
374
373
  // If the remote provider exists, we're in hybrid-mode. Otherwise we're in local-only mode.
375
374
  // If we're in hybrid mode the remote provider is used as a catch-all and should be last in the list.
package/dist-esm/keyvault-keys/src/cryptographyClient.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"cryptographyClient.js","sourceRoot":"","sources":["../../../src/cryptographyClient.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EAML,kBAAkB,EACnB,MAAM,cAAc,CAAC;AAuBtB,OAAO,EAAE,0BAA0B,EAAE,MAAM,2CAA2C,CAAC;AACvF,OAAO,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAC;AAEpD,OAAO,EAAE,uBAAuB,EAAE,MAAM,wCAAwC,CAAC;AACjF,OAAO,EAAE,uBAAuB,EAAE,MAAM,wCAAwC,CAAC;AACjF,OAAO,EAAE,mBAAmB,EAAE,MAAM,2BAA2B,CAAC;AAEhE,MAAM,SAAS,GAAG,mBAAmB,CAAC,wCAAwC,CAAC,CAAC;AAEhF;;;GAGG;AACH,MAAM,OAAO,kBAAkB;IAsD7B;;;;OAIG;IACH,YACE,GAAsC,EACtC,UAA4B,EAC5B,kBAA6C,EAAE;QAE/C,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE;YAC3B,uCAAuC;YACvC,IAAI,CAAC,GAAG,GAAG;gBACT,IAAI,EAAE,YAAY;gBAClB,KAAK,EAAE,GAAG;aACX,CAAC;YACF,IAAI,CAAC,cAAc,GAAG,IAAI,0BAA0B,CAAC,GAAG,EAAE,UAAW,EAAE,eAAe,CAAC,CAAC;SACzF;aAAM,IAAI,MAAM,IAAI,GAAG,EAAE;YACxB,4CAA4C;YAC5C,IAAI,CAAC,GAAG,GAAG;gBACT,IAAI,EAAE,aAAa;gBACnB,KAAK,EAAE,GAAG;aACX,CAAC;YACF,IAAI,CAAC,cAAc,GAAG,IAAI,0BAA0B,CAAC,GAAG,EAAE,UAAW,EAAE,eAAe,CAAC,CAAC;SACzF;aAAM;YACL,wCAAwC;YACxC,IAAI,CAAC,GAAG,GAAG;gBACT,IAAI,EAAE,YAAY;gBAClB,KAAK,EAAE,GAAG;aACX,CAAC;SACH;IACH,CAAC;IAED;;OAEG;IACH,IAAI,QAAQ;;QACV,OAAO,CAAA,MAAA,IAAI,CAAC,cAAc,0CAAE,QAAQ,KAAI,EAAE,CAAC;IAC7C,CAAC;IAED;;OAEG;IACH,IAAI,KAAK;QACP,IAAI,IAAI,CAAC,GAAG,CAAC,IAAI,KAAK,YAAY,EAAE;YAClC,OAAO,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC;SACvB;aAAM,IAAI,IAAI,CAAC,GAAG,CAAC,IAAI,KAAK,aAAa,EAAE;YAC1C,OAAO,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC;SAC1B;aAAM;YACL,OAAO,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC;SAC3B;IACH,CAAC;IAqCM,OAAO,CACZ,GAAG,IAEmD;QAEtD,MAAM,CAAC,UAAU,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC,4BAA4B,CAAC,IAAI,CAAC,CAAC;QACtE,OAAO,SAAS,CAAC,SAAS,EAAE,OAAO,EAAE,KAAK,EAAE,cAAc,EAAE,EAAE;YAC5D,IAAI,CAAC,WAAW,CAAC,MAAM,IAAI,CAAC,QAAQ,CAAC,cAAc,CAAC,EAAE,kBAAkB,CAAC,OAAO,CAAC,CAAC;YAClF,IAAI,CAAC,YAAY,CAAC,UAAU,CAAC,CAAC;YAC9B,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,SAAS,EAAE,UAAU,CAAC,SAAS,EAAE,cAAc,CAAC,CAAC;YACzF,IAAI;gBACF,OAAO,QAAQ,CAAC,OAAO,CAAC,UAAU,EAAE,cAAc,CAAC,CAAC;aACrD;YAAC,OAAO,KAAK,EAAE;gBACd,IAAI,IAAI,CAAC,cAAc,EAAE;oBACvB,OAAO,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC,UAAU,EAAE,cAAc,CAAC,CAAC;iBAChE;gBACD,MAAM,KAAK,CAAC;aACb;QACH,CAAC,CAAC,CAAC;IACL,CAAC;IAEO,YAAY,CAAC,UAA6B;QAChD,uFAAuF;QACvF,MAAM,qBAAqB,GAAgC;YACzD,SAAS;YACT,YAAY;YACZ,SAAS;YACT,YAAY;YACZ,SAAS;YACT,YAAY;SACb,CAAC;QAEF,IAAI,UAAU,CAAC,SAAS,IAAI,qBAAqB,EAAE;YACjD,IAAI;gBACF,MAAM,SAAS,GAAG,UAAqC,CAAC;gBACxD,IAAI,CAAC,SAAS,CAAC,EAAE,EAAE;oBACjB,SAAS,CAAC,EAAE,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC;iBAChC;aACF;YAAC,OAAO,CAAC,EAAE;gBACV,MAAM,IAAI,KAAK,CACb,yCAAyC,UAAU,CAAC,SAAS,yDAAyD,CAAC,CAAC,OAAO,EAAE,CAClI,CAAC;aACH;SACF;IACH,CAAC;IAED;;;OAGG;IACK,4BAA4B,CAClC,IAAkF;QAElF,IAAI,OAAO,IAAI,CAAC,CAAC,CAAC,KAAK,QAAQ,EAAE;YAC/B,4CAA4C;YAC5C,OAAO;gBACL;oBACE,SAAS,EAAE,IAAI,CAAC,CAAC,CAAC;oBAClB,SAAS,EAAE,IAAI,CAAC,CAAC,CAAC;iBACE;gBACtB,IAAI,CAAC,CAAC,CAAC,IAAI,EAAE;aACd,CAAC;SACH;aAAM;YACL,sEAAsE;YACtE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,EAAE,CAAmB,CAAC,CAAC;SACrD;IACH,CAAC;IAqCM,OAAO,CACZ,GAAG,IAEmD;QAEtD,MAAM,CAAC,UAAU,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC,4BAA4B,CAAC,IAAI,CAAC,CAAC;QAEtE,OAAO,SAAS,CAAC,SAAS,EAAE,OAAO,EAAE,KAAK,EAAE,cAAc,EAAE,EAAE;YAC5D,IAAI,CAAC,WAAW,CAAC,MAAM,IAAI,CAAC,QAAQ,CAAC,cAAc,CAAC,EAAE,kBAAkB,CAAC,OAAO,CAAC,CAAC;YAClF,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,SAAS,EAAE,UAAU,CAAC,SAAS,EAAE,cAAc,CAAC,CAAC;YACzF,IAAI;gBACF,OAAO,QAAQ,CAAC,OAAO,CAAC,UAAU,EAAE,cAAc,CAAC,CAAC;aACrD;YAAC,OAAO,KAAK,EAAE;gBACd,IAAI,IAAI,CAAC,cAAc,EAAE;oBACvB,OAAO,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC,UAAU,EAAE,cAAc,CAAC,CAAC;iBAChE;gBACD,MAAM,KAAK,CAAC;aACb;QACH,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;;OAGG;IACK,4BAA4B,CAClC,IAAkF;QAElF,IAAI,OAAO,IAAI,CAAC,CAAC,CAAC,KAAK,QAAQ,EAAE;YAC/B,qDAAqD;YACrD,OAAO;gBACL;oBACE,SAAS,EAAE,IAAI,CAAC,CAAC,CAAC;oBAClB,UAAU,EAAE,IAAI,CAAC,CAAC,CAAC;iBACC;gBACtB,IAAI,CAAC,CAAC,CAAC,IAAI,EAAE;aACd,CAAC;SACH;aAAM;YACL,gFAAgF;YAChF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,EAAE,CAAmB,CAAC,CAAC;SACrD;IACH,CAAC;IAED;;;;;;;;;;;OAWG;IACI,OAAO,CACZ,SAA2B,EAC3B,GAAe,EACf,UAA0B,EAAE;QAE5B,OAAO,SAAS,CAAC,SAAS,EAAE,OAAO,EAAE,KAAK,EAAE,cAAc,EAAE,EAAE;YAC5D,IAAI,CAAC,WAAW,CAAC,MAAM,IAAI,CAAC,QAAQ,CAAC,cAAc,CAAC,EAAE,kBAAkB,CAAC,OAAO,CAAC,CAAC;YAClF,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,SAAS,EAAE,SAAS,EAAE,cAAc,CAAC,CAAC;YAC9E,IAAI;gBACF,OAAO,QAAQ,CAAC,OAAO,CAAC,SAAS,EAAE,GAAG,EAAE,cAAc,CAAC,CAAC;aACzD;YAAC,OAAO,GAAG,EAAE;gBACZ,IAAI,IAAI,CAAC,cAAc,EAAE;oBACvB,OAAO,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC,SAAS,EAAE,GAAG,EAAE,OAAO,CAAC,CAAC;iBAC7D;gBACD,MAAM,GAAG,CAAC;aACX;QACH,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;;;;;;;;;;OAWG;IACI,SAAS,CACd,SAA2B,EAC3B,YAAwB,EACxB,UAA4B,EAAE;QAE9B,OAAO,SAAS,CAAC,WAAW,EAAE,OAAO,EAAE,KAAK,EAAE,cAAc,EAAE,EAAE;YAC9D,IAAI,CAAC,WAAW,CAAC,MAAM,IAAI,CAAC,QAAQ,CAAC,cAAc,CAAC,EAAE,kBAAkB,CAAC,SAAS,CAAC,CAAC;YACpF,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,WAAW,EAAE,SAAS,EAAE,cAAc,CAAC,CAAC;YAChF,IAAI;gBACF,OAAO,QAAQ,CAAC,SAAS,CAAC,SAAS,EAAE,YAAY,EAAE,cAAc,CAAC,CAAC;aACpE;YAAC,OAAO,GAAG,EAAE;gBACZ,IAAI,IAAI,CAAC,cAAc,EAAE;oBACvB,OAAO,IAAI,CAAC,cAAc,CAAC,SAAS,CAAC,SAAS,EAAE,YAAY,EAAE,OAAO,CAAC,CAAC;iBACxE;gBACD,MAAM,GAAG,CAAC;aACX;QACH,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;;;;;;;;;;OAWG;IACI,IAAI,CACT,SAA6B,EAC7B,MAAkB,EAClB,UAAuB,EAAE;QAEzB,OAAO,SAAS,CAAC,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,cAAc,EAAE,EAAE;YACzD,IAAI,CAAC,WAAW,CAAC,MAAM,IAAI,CAAC,QAAQ,CAAC,cAAc,CAAC,EAAE,kBAAkB,CAAC,IAAI,CAAC,CAAC;YAC/E,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,SAAS,EAAE,cAAc,CAAC,CAAC;YAC3E,IAAI;gBACF,OAAO,QAAQ,CAAC,IAAI,CAAC,SAAS,EAAE,MAAM,EAAE,cAAc,CAAC,CAAC;aACzD;YAAC,OAAO,GAAG,EAAE;gBACZ,IAAI,IAAI,CAAC,cAAc,EAAE;oBACvB,OAAO,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,SAAS,EAAE,MAAM,EAAE,cAAc,CAAC,CAAC;iBACpE;gBACD,MAAM,GAAG,CAAC;aACX;QACH,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;;;;;;;;;;;OAYG;IACI,MAAM,CACX,SAA6B,EAC7B,MAAkB,EAClB,SAAqB,EACrB,UAAyB,EAAE;QAE3B,OAAO,SAAS,CAAC,QAAQ,EAAE,OAAO,EAAE,KAAK,EAAE,cAAc,EAAE,EAAE;YAC3D,IAAI,CAAC,WAAW,CAAC,MAAM,IAAI,CAAC,QAAQ,CAAC,cAAc,CAAC,EAAE,kBAAkB,CAAC,MAAM,CAAC,CAAC;YACjF,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,QAAQ,EAAE,SAAS,EAAE,cAAc,CAAC,CAAC;YAC7E,IAAI;gBACF,OAAO,QAAQ,CAAC,MAAM,CAAC,SAAS,EAAE,MAAM,EAAE,SAAS,EAAE,cAAc,CAAC,CAAC;aACtE;YAAC,OAAO,GAAG,EAAE;gBACZ,IAAI,IAAI,CAAC,cAAc,EAAE;oBACvB,OAAO,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,SAAS,EAAE,MAAM,EAAE,SAAS,EAAE,cAAc,CAAC,CAAC;iBACjF;gBACD,MAAM,GAAG,CAAC;aACX;QACH,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;;;;;;;;;;OAWG;IACI,QAAQ,CACb,SAA6B,EAC7B,IAAgB,EAChB,UAAuB,EAAE;QAEzB,OAAO,SAAS,CAAC,UAAU,EAAE,OAAO,EAAE,KAAK,EAAE,cAAc,EAAE,EAAE;YAC7D,IAAI,CAAC,WAAW,CAAC,MAAM,IAAI,CAAC,QAAQ,CAAC,cAAc,CAAC,EAAE,kBAAkB,CAAC,IAAI,CAAC,CAAC;YAC/E,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,UAAU,EAAE,SAAS,EAAE,cAAc,CAAC,CAAC;YAC/E,IAAI;gBACF,OAAO,QAAQ,CAAC,QAAQ,CAAC,SAAS,EAAE,IAAI,EAAE,cAAc,CAAC,CAAC;aAC3D;YAAC,OAAO,GAAG,EAAE;gBACZ,IAAI,IAAI,CAAC,cAAc,EAAE;oBACvB,OAAO,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,SAAS,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC;iBAC/D;gBACD,MAAM,GAAG,CAAC;aACX;QACH,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;;;;;;;;;;;OAYG;IACI,UAAU,CACf,SAA6B,EAC7B,IAAgB,EAChB,SAAqB,EACrB,UAAyB,EAAE;QAE3B,OAAO,SAAS,CAAC,YAAY,EAAE,OAAO,EAAE,KAAK,EAAE,cAAc,EAAE,EAAE;YAC/D,IAAI,CAAC,WAAW,CAAC,MAAM,IAAI,CAAC,QAAQ,CAAC,cAAc,CAAC,EAAE,kBAAkB,CAAC,MAAM,CAAC,CAAC;YACjF,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,YAAY,EAAE,SAAS,EAAE,cAAc,CAAC,CAAC;YACjF,IAAI;gBACF,OAAO,QAAQ,CAAC,UAAU,CAAC,SAAS,EAAE,IAAI,EAAE,SAAS,EAAE,cAAc,CAAC,CAAC;aACxE;YAAC,OAAO,GAAG,EAAE;gBACZ,IAAI,IAAI,CAAC,cAAc,EAAE;oBACvB,OAAO,IAAI,CAAC,cAAc,CAAC,UAAU,CAAC,SAAS,EAAE,IAAI,EAAE,SAAS,EAAE,cAAc,CAAC,CAAC;iBACnF;gBACD,MAAM,GAAG,CAAC;aACX;QACH,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;;;;;;;;OASG;IACK,KAAK,CAAC,cAAc,CAAC,OAAsB;QACjD,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;QAEzC,QAAQ,GAAG,CAAC,IAAI,EAAE;YAChB,KAAK,YAAY;gBACf,OAAO,GAAG,CAAC,KAAK,CAAC;YACnB,KAAK,aAAa;gBAChB,OAAO,GAAG,CAAC,KAAK,CAAC,GAAI,CAAC;YACxB;gBACE,MAAM,IAAI,KAAK,CAAC,uDAAuD,CAAC,CAAC;SAC5E;IACH,CAAC;IAED;;;;OAIG;IACK,KAAK,CAAC,QAAQ,CAA6B,OAAU;QAC3D,IAAI,IAAI,CAAC,GAAG,CAAC,IAAI,KAAK,YAAY,EAAE;YAClC,0DAA0D;YAC1D,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,cAAe,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;YACvD,IAAI,CAAC,GAAG,GAAG,EAAE,IAAI,EAAE,aAAa,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC;SAChD;QACD,OAAO,IAAI,CAAC,GAAG,CAAC;IAClB,CAAC;IAGD;;;;;;OAMG;IACK,KAAK,CAAC,WAAW,CACvB,SAAwC,EACxC,SAAiB,EACjB,OAAU;QAEV,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE;YACnB,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC;YACvD,uCAAuC;YACvC,IAAI,CAAC,SAAS,GAAG;gBACf,IAAI,uBAAuB,CAAC,WAAW,CAAC;gBACxC,IAAI,uBAAuB,CAAC,WAAW,CAAC;aACzC,CAAC;YAEF,2FAA2F;YAC3F,qGAAqG;YACrG,IAAI,IAAI,CAAC,cAAc,EAAE;gBACvB,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;aAC1C;SACF;QAED,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,CAAC,SAAS,EAAE,SAAS,CAAC,CAAC,CAAC;QAEpF,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE;YAC1B,MAAM,IAAI,KAAK,CACb,iCAAiC,SAAS,sBAAsB,SAAS,KACvE,IAAI,CAAC,GAAG,CAAC,IAAI,KAAK,YAAY,CAAC,CAAC,CAAC,0BAA0B,CAAC,CAAC,CAAC,EAChE,EAAE,CACH,CAAC;SACH;QAED,uDAAuD;QACvD,OAAO,SAAS,CAAC,CAAC,CAAC,CAAC;IACtB,CAAC;IAEO,WAAW,CAAC,GAA0B,EAAE,SAAwB;;QACtE,IAAI,GAAG,CAAC,IAAI,KAAK,aAAa,EAAE;YAC9B,MAAM,MAAM,GAAG,GAAG,CAAC,KAAK,CAAC,aAAa,CAAC;YACvC,MAAM,EAAE,SAAS,EAAE,SAAS,EAAE,GAAG,GAAG,CAAC,KAAK,CAAC,UAAU,CAAC;YACtD,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;YAEvB,gCAAgC;YAChC,IAAI,SAAS,IAAI,GAAG,GAAG,SAAS,EAAE;gBAChC,MAAM,IAAI,KAAK,CAAC,OAAO,GAAG,CAAC,KAAK,CAAC,EAAE,yBAAyB,SAAS,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;aACxF;YAED,IAAI,SAAS,IAAI,GAAG,GAAG,SAAS,EAAE;gBAChC,MAAM,IAAI,KAAK,CAAC,OAAO,GAAG,CAAC,KAAK,CAAC,EAAE,eAAe,SAAS,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;aAC9E;YAED,uBAAuB;YACvB,IAAI,SAAS,IAAI,MAAM,IAAI,CAAC,CAAA,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,QAAQ,CAAC,SAAS,CAAC,CAAA,EAAE;gBACvD,MAAM,IAAI,KAAK,CAAC,aAAa,SAAS,4BAA4B,GAAG,CAAC,KAAK,CAAC,EAAE,EAAE,CAAC,CAAC;aACnF;SACF;aAAM,IAAI,GAAG,CAAC,IAAI,KAAK,YAAY,EAAE;YACpC,kCAAkC;YAClC,IAAI,SAAS,IAAI,GAAG,CAAC,KAAK,CAAC,MAAM,IAAI,CAAC,CAAA,MAAA,GAAG,CAAC,KAAK,CAAC,MAAM,0CAAE,QAAQ,CAAC,SAAS,CAAC,CAAA,EAAE;gBAC3E,MAAM,IAAI,KAAK,CAAC,aAAa,SAAS,4BAA4B,GAAG,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC;aACpF;SACF;IACH,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { OperationOptions, TokenCredential } from \"@azure/core-http\";\nimport {\n JsonWebKey,\n KeyVaultKey,\n CryptographyClientOptions,\n GetKeyOptions,\n KeyOperation,\n KnownKeyOperations\n} from \"./keysModels\";\nimport {\n EncryptionAlgorithm,\n KeyWrapAlgorithm,\n WrapResult,\n UnwrapResult,\n DecryptResult,\n SignatureAlgorithm,\n SignResult,\n VerifyResult,\n EncryptResult,\n EncryptOptions,\n DecryptOptions,\n WrapKeyOptions,\n UnwrapKeyOptions,\n EncryptParameters,\n SignOptions,\n VerifyOptions,\n DecryptParameters,\n CryptographyClientKey,\n AesCbcEncryptParameters,\n AesCbcEncryptionAlgorithm\n} from \"./cryptographyClientModels\";\nimport { RemoteCryptographyProvider } from \"./cryptography/remoteCryptographyProvider\";\nimport { randomBytes } from \"./cryptography/crypto\";\nimport { CryptographyProvider, CryptographyProviderOperation } from \"./cryptography/models\";\nimport { RsaCryptographyProvider } from \"./cryptography/rsaCryptographyProvider\";\nimport { AesCryptographyProvider } from \"./cryptography/aesCryptographyProvider\";\nimport { createTraceFunction } from \"../../keyvault-common/src\";\n\nconst withTrace = createTraceFunction(\"Azure.KeyVault.Keys.CryptographyClient\");\n\n/**\n * A client used to perform cryptographic operations on an Azure Key vault key\n * or a local {@link JsonWebKey}.\n */\nexport class CryptographyClient {\n /**\n * The key the CryptographyClient currently holds.\n */\n private key: CryptographyClientKey;\n\n /**\n * The remote provider, which would be undefined if used in local mode.\n */\n private remoteProvider?: RemoteCryptographyProvider;\n\n /**\n * Constructs a new instance of the Cryptography client for the given key\n *\n * Example usage:\n * ```ts\n * import { KeyClient, CryptographyClient } from \"@azure/keyvault-keys\";\n * import { DefaultAzureCredential } from \"@azure/identity\";\n *\n * let vaultUrl = `https://<MY KEYVAULT HERE>.vault.azure.net`;\n * let credentials = new DefaultAzureCredential();\n *\n * let keyClient = new KeyClient(vaultUrl, credentials);\n * let keyVaultKey = await keyClient.getKey(\"MyKey\");\n *\n * let client = new CryptographyClient(keyVaultKey.id, credentials);\n * // or\n * let client = new CryptographyClient(keyVaultKey, credentials);\n * ```\n * @param key - The key to use during cryptography tasks. You can also pass the identifier of the key i.e its url here.\n * @param credential - An object that implements the `TokenCredential` interface used to authenticate requests to the service. Use the \\@azure/identity package to create a credential that suits your needs.\n * @param pipelineOptions - Pipeline options used to configure Key Vault API requests.\n * Omit this parameter to use the default pipeline configuration.\n */\n constructor(\n key: string | KeyVaultKey,\n credential: TokenCredential,\n pipelineOptions?: CryptographyClientOptions\n );\n /**\n * Constructs a new instance of the Cryptography client for the given key in local mode.\n *\n * Example usage:\n * ```ts\n * import { CryptographyClient } from \"@azure/keyvault-keys\";\n *\n * const jsonWebKey: JsonWebKey = {\n * // ...\n * };\n * const client = new CryptographyClient(jsonWebKey);\n * ```\n * @param key - The JsonWebKey to use during cryptography operations.\n */\n constructor(key: JsonWebKey);\n /**\n * Internal constructor implementation for either local or Key Vault backed keys.\n * @param key - The key to use during cryptography tasks.\n * @param credential - Teh credential to use when constructing a Key Vault Cryptography client.\n */\n constructor(\n key: string | KeyVaultKey | JsonWebKey,\n credential?: TokenCredential,\n pipelineOptions: CryptographyClientOptions = {}\n ) {\n if (typeof key === \"string\") {\n // Key URL for remote-local operations.\n this.key = {\n kind: \"identifier\",\n value: key\n };\n this.remoteProvider = new RemoteCryptographyProvider(key, credential!, pipelineOptions);\n } else if (\"name\" in key) {\n // KeyVault key for remote-local operations.\n this.key = {\n kind: \"KeyVaultKey\",\n value: key\n };\n this.remoteProvider = new RemoteCryptographyProvider(key, credential!, pipelineOptions);\n } else {\n // JsonWebKey for local-only operations.\n this.key = {\n kind: \"JsonWebKey\",\n value: key\n };\n }\n }\n\n /**\n * The base URL to the vault. If a local {@link JsonWebKey} is used vaultUrl will be empty.\n */\n get vaultUrl(): string {\n return this.remoteProvider?.vaultUrl || \"\";\n }\n\n /**\n * The ID of the key used to perform cryptographic operations for the client.\n */\n get keyID(): string | undefined {\n if (this.key.kind === \"identifier\") {\n return this.key.value;\n } else if (this.key.kind === \"KeyVaultKey\") {\n return this.key.value.id;\n } else {\n return this.key.value.kid;\n }\n }\n\n /**\n * Encrypts the given plaintext with the specified encryption parameters.\n * Depending on the algorithm set in the encryption parameters, the set of possible encryption parameters will change.\n *\n * Example usage:\n * ```ts\n * let client = new CryptographyClient(keyVaultKey, credentials);\n * let result = await client.encrypt({ algorithm: \"RSA1_5\", plaintext: Buffer.from(\"My Message\")});\n * let result = await client.encrypt({ algorithm: \"A256GCM\", plaintext: Buffer.from(\"My Message\"), additionalAuthenticatedData: Buffer.from(\"My authenticated data\")});\n * ```\n * @param encryptParameters - The encryption parameters, keyed on the encryption algorithm chosen.\n * @param options - Additional options.\n */\n public encrypt(\n encryptParameters: EncryptParameters,\n options?: EncryptOptions\n ): Promise<EncryptResult>;\n /**\n * Encrypts the given plaintext with the specified cryptography algorithm\n *\n * Example usage:\n * ```ts\n * let client = new CryptographyClient(keyVaultKey, credentials);\n * let result = await client.encrypt(\"RSA1_5\", Buffer.from(\"My Message\"));\n * ```\n * @param algorithm - The algorithm to use.\n * @param plaintext - The text to encrypt.\n * @param options - Additional options.\n * @deprecated Use `encrypt({ algorithm, plaintext }, options)` instead.\n */\n public encrypt(\n algorithm: EncryptionAlgorithm,\n plaintext: Uint8Array,\n options?: EncryptOptions\n ): Promise<EncryptResult>;\n public encrypt(\n ...args:\n | [EncryptParameters, EncryptOptions?]\n | [EncryptionAlgorithm, Uint8Array, EncryptOptions?]\n ): Promise<EncryptResult> {\n const [parameters, options] = this.disambiguateEncryptArguments(args);\n return withTrace(\"encrypt\", options, async (updatedOptions) => {\n this.ensureValid(await this.fetchKey(updatedOptions), KnownKeyOperations.Encrypt);\n this.initializeIV(parameters);\n const provider = await this.getProvider(\"encrypt\", parameters.algorithm, updatedOptions);\n try {\n return provider.encrypt(parameters, updatedOptions);\n } catch (error) {\n if (this.remoteProvider) {\n return this.remoteProvider.encrypt(parameters, updatedOptions);\n }\n throw error;\n }\n });\n }\n\n private initializeIV(parameters: EncryptParameters): void {\n // For AES-GCM the service **must** generate the IV, so we only populate it for AES-CBC\n const algorithmsRequiringIV: AesCbcEncryptionAlgorithm[] = [\n \"A128CBC\",\n \"A128CBCPAD\",\n \"A192CBC\",\n \"A192CBCPAD\",\n \"A256CBC\",\n \"A256CBCPAD\"\n ];\n\n if (parameters.algorithm in algorithmsRequiringIV) {\n try {\n const cbcParams = parameters as AesCbcEncryptParameters;\n if (!cbcParams.iv) {\n cbcParams.iv = randomBytes(16);\n }\n } catch (e) {\n throw new Error(\n `Unable to initialize IV for algorithm ${parameters.algorithm}. You may pass a valid IV to avoid this error. Error: ${e.message}`\n );\n }\n }\n }\n\n /**\n * Standardizes the arguments of multiple overloads into a single shape.\n * @param args - The encrypt arguments\n */\n private disambiguateEncryptArguments(\n args: [EncryptParameters, EncryptOptions?] | [string, Uint8Array, EncryptOptions?]\n ): [EncryptParameters, EncryptOptions] {\n if (typeof args[0] === \"string\") {\n // Sample shape: [\"RSA1_5\", buffer, options]\n return [\n {\n algorithm: args[0],\n plaintext: args[1]\n } as EncryptParameters,\n args[2] || {}\n ];\n } else {\n // Sample shape: [{ algorithm: \"RSA1_5\", plaintext: buffer }, options]\n return [args[0], (args[1] || {}) as EncryptOptions];\n }\n }\n\n /**\n * Decrypts the given ciphertext with the specified decryption parameters.\n * Depending on the algorithm used in the decryption parameters, the set of possible decryption parameters will change.\n *\n * Example usage:\n * ```ts\n * let client = new CryptographyClient(keyVaultKey, credentials);\n * let result = await client.decrypt({ algorithm: \"RSA1_5\", ciphertext: encryptedBuffer });\n * let result = await client.decrypt({ algorithm: \"A256GCM\", iv: ivFromEncryptResult, authenticationTag: tagFromEncryptResult });\n * ```\n * @param decryptParameters - The decryption parameters.\n * @param options - Additional options.\n */\n public async decrypt(\n decryptParameters: DecryptParameters,\n options?: DecryptOptions\n ): Promise<DecryptResult>;\n /**\n * Decrypts the given ciphertext with the specified cryptography algorithm\n *\n * Example usage:\n * ```ts\n * let client = new CryptographyClient(keyVaultKey, credentials);\n * let result = await client.decrypt(\"RSA1_5\", encryptedBuffer);\n * ```\n * @param algorithm - The algorithm to use.\n * @param ciphertext - The text to decrypt.\n * @param options - Additional options.\n * @deprecated Use `decrypt({ algorithm, ciphertext }, options)` instead.\n */\n public decrypt(\n algorithm: EncryptionAlgorithm,\n ciphertext: Uint8Array,\n options?: DecryptOptions\n ): Promise<DecryptResult>;\n public decrypt(\n ...args:\n | [DecryptParameters, DecryptOptions?]\n | [EncryptionAlgorithm, Uint8Array, DecryptOptions?]\n ): Promise<DecryptResult> {\n const [parameters, options] = this.disambiguateDecryptArguments(args);\n\n return withTrace(\"decrypt\", options, async (updatedOptions) => {\n this.ensureValid(await this.fetchKey(updatedOptions), KnownKeyOperations.Decrypt);\n const provider = await this.getProvider(\"decrypt\", parameters.algorithm, updatedOptions);\n try {\n return provider.decrypt(parameters, updatedOptions);\n } catch (error) {\n if (this.remoteProvider) {\n return this.remoteProvider.decrypt(parameters, updatedOptions);\n }\n throw error;\n }\n });\n }\n\n /**\n * Standardizes the arguments of multiple overloads into a single shape.\n * @param args - The decrypt arguments\n */\n private disambiguateDecryptArguments(\n args: [DecryptParameters, DecryptOptions?] | [string, Uint8Array, DecryptOptions?]\n ): [DecryptParameters, DecryptOptions] {\n if (typeof args[0] === \"string\") {\n // Sample shape: [\"RSA1_5\", encryptedBuffer, options]\n return [\n {\n algorithm: args[0],\n ciphertext: args[1]\n } as DecryptParameters,\n args[2] || {}\n ];\n } else {\n // Sample shape: [{ algorithm: \"RSA1_5\", ciphertext: encryptedBuffer }, options]\n return [args[0], (args[1] || {}) as DecryptOptions];\n }\n }\n\n /**\n * Wraps the given key using the specified cryptography algorithm\n *\n * Example usage:\n * ```ts\n * let client = new CryptographyClient(keyVaultKey, credentials);\n * let result = await client.wrapKey(\"RSA1_5\", keyToWrap);\n * ```\n * @param algorithm - The encryption algorithm to use to wrap the given key.\n * @param key - The key to wrap.\n * @param options - Additional options.\n */\n public wrapKey(\n algorithm: KeyWrapAlgorithm,\n key: Uint8Array,\n options: WrapKeyOptions = {}\n ): Promise<WrapResult> {\n return withTrace(\"wrapKey\", options, async (updatedOptions) => {\n this.ensureValid(await this.fetchKey(updatedOptions), KnownKeyOperations.WrapKey);\n const provider = await this.getProvider(\"wrapKey\", algorithm, updatedOptions);\n try {\n return provider.wrapKey(algorithm, key, updatedOptions);\n } catch (err) {\n if (this.remoteProvider) {\n return this.remoteProvider.wrapKey(algorithm, key, options);\n }\n throw err;\n }\n });\n }\n\n /**\n * Unwraps the given wrapped key using the specified cryptography algorithm\n *\n * Example usage:\n * ```ts\n * let client = new CryptographyClient(keyVaultKey, credentials);\n * let result = await client.unwrapKey(\"RSA1_5\", keyToUnwrap);\n * ```\n * @param algorithm - The decryption algorithm to use to unwrap the key.\n * @param encryptedKey - The encrypted key to unwrap.\n * @param options - Additional options.\n */\n public unwrapKey(\n algorithm: KeyWrapAlgorithm,\n encryptedKey: Uint8Array,\n options: UnwrapKeyOptions = {}\n ): Promise<UnwrapResult> {\n return withTrace(\"unwrapKey\", options, async (updatedOptions) => {\n this.ensureValid(await this.fetchKey(updatedOptions), KnownKeyOperations.UnwrapKey);\n const provider = await this.getProvider(\"unwrapKey\", algorithm, updatedOptions);\n try {\n return provider.unwrapKey(algorithm, encryptedKey, updatedOptions);\n } catch (err) {\n if (this.remoteProvider) {\n return this.remoteProvider.unwrapKey(algorithm, encryptedKey, options);\n }\n throw err;\n }\n });\n }\n\n /**\n * Cryptographically sign the digest of a message\n *\n * Example usage:\n * ```ts\n * let client = new CryptographyClient(keyVaultKey, credentials);\n * let result = await client.sign(\"RS256\", digest);\n * ```\n * @param algorithm - The signing algorithm to use.\n * @param digest - The digest of the data to sign.\n * @param options - Additional options.\n */\n public sign(\n algorithm: SignatureAlgorithm,\n digest: Uint8Array,\n options: SignOptions = {}\n ): Promise<SignResult> {\n return withTrace(\"sign\", options, async (updatedOptions) => {\n this.ensureValid(await this.fetchKey(updatedOptions), KnownKeyOperations.Sign);\n const provider = await this.getProvider(\"sign\", algorithm, updatedOptions);\n try {\n return provider.sign(algorithm, digest, updatedOptions);\n } catch (err) {\n if (this.remoteProvider) {\n return this.remoteProvider.sign(algorithm, digest, updatedOptions);\n }\n throw err;\n }\n });\n }\n\n /**\n * Verify the signed message digest\n *\n * Example usage:\n * ```ts\n * let client = new CryptographyClient(keyVaultKey, credentials);\n * let result = await client.verify(\"RS256\", signedDigest, signature);\n * ```\n * @param algorithm - The signing algorithm to use to verify with.\n * @param digest - The digest to verify.\n * @param signature - The signature to verify the digest against.\n * @param options - Additional options.\n */\n public verify(\n algorithm: SignatureAlgorithm,\n digest: Uint8Array,\n signature: Uint8Array,\n options: VerifyOptions = {}\n ): Promise<VerifyResult> {\n return withTrace(\"verify\", options, async (updatedOptions) => {\n this.ensureValid(await this.fetchKey(updatedOptions), KnownKeyOperations.Verify);\n const provider = await this.getProvider(\"verify\", algorithm, updatedOptions);\n try {\n return provider.verify(algorithm, digest, signature, updatedOptions);\n } catch (err) {\n if (this.remoteProvider) {\n return this.remoteProvider.verify(algorithm, digest, signature, updatedOptions);\n }\n throw err;\n }\n });\n }\n\n /**\n * Cryptographically sign a block of data\n *\n * Example usage:\n * ```ts\n * let client = new CryptographyClient(keyVaultKey, credentials);\n * let result = await client.signData(\"RS256\", message);\n * ```\n * @param algorithm - The signing algorithm to use.\n * @param data - The data to sign.\n * @param options - Additional options.\n */\n public signData(\n algorithm: SignatureAlgorithm,\n data: Uint8Array,\n options: SignOptions = {}\n ): Promise<SignResult> {\n return withTrace(\"signData\", options, async (updatedOptions) => {\n this.ensureValid(await this.fetchKey(updatedOptions), KnownKeyOperations.Sign);\n const provider = await this.getProvider(\"signData\", algorithm, updatedOptions);\n try {\n return provider.signData(algorithm, data, updatedOptions);\n } catch (err) {\n if (this.remoteProvider) {\n return this.remoteProvider.signData(algorithm, data, options);\n }\n throw err;\n }\n });\n }\n\n /**\n * Verify the signed block of data\n *\n * Example usage:\n * ```ts\n * let client = new CryptographyClient(keyVaultKey, credentials);\n * let result = await client.verifyData(\"RS256\", signedMessage, signature);\n * ```\n * @param algorithm - The algorithm to use to verify with.\n * @param data - The signed block of data to verify.\n * @param signature - The signature to verify the block against.\n * @param options - Additional options.\n */\n public verifyData(\n algorithm: SignatureAlgorithm,\n data: Uint8Array,\n signature: Uint8Array,\n options: VerifyOptions = {}\n ): Promise<VerifyResult> {\n return withTrace(\"verifyData\", options, async (updatedOptions) => {\n this.ensureValid(await this.fetchKey(updatedOptions), KnownKeyOperations.Verify);\n const provider = await this.getProvider(\"verifyData\", algorithm, updatedOptions);\n try {\n return provider.verifyData(algorithm, data, signature, updatedOptions);\n } catch (err) {\n if (this.remoteProvider) {\n return this.remoteProvider.verifyData(algorithm, data, signature, updatedOptions);\n }\n throw err;\n }\n });\n }\n\n /**\n * @internal\n * Retrieves the {@link JsonWebKey} from the Key Vault.\n *\n * Example usage:\n * ```ts\n * let client = new CryptographyClient(keyVaultKey, credentials);\n * let result = await client.getKeyMaterial();\n * ```\n */\n private async getKeyMaterial(options: GetKeyOptions): Promise<JsonWebKey> {\n const key = await this.fetchKey(options);\n\n switch (key.kind) {\n case \"JsonWebKey\":\n return key.value;\n case \"KeyVaultKey\":\n return key.value.key!;\n default:\n throw new Error(\"Failed to exchange Key ID for an actual KeyVault Key.\");\n }\n }\n\n /**\n * Returns the underlying key used for cryptographic operations.\n * If needed, fetches the key from KeyVault and exchanges the ID for the actual key.\n * @param options - The additional options.\n */\n private async fetchKey<T extends OperationOptions>(options: T): Promise<CryptographyClientKey> {\n if (this.key.kind === \"identifier\") {\n // Exchange the identifier with the actual key when needed\n const key = await this.remoteProvider!.getKey(options);\n this.key = { kind: \"KeyVaultKey\", value: key };\n }\n return this.key;\n }\n\n private providers?: CryptographyProvider[];\n /**\n * Gets the provider that support this algorithm and operation.\n * The available providers are ordered by priority such that the first provider that supports this\n * operation is the one we should use.\n * @param operation - The {@link KeyOperation}.\n * @param algorithm - The algorithm to use.\n */\n private async getProvider<T extends OperationOptions>(\n operation: CryptographyProviderOperation,\n algorithm: string,\n options: T\n ): Promise<CryptographyProvider> {\n if (!this.providers) {\n const keyMaterial = await this.getKeyMaterial(options);\n // Add local crypto providers as needed\n this.providers = [\n new RsaCryptographyProvider(keyMaterial),\n new AesCryptographyProvider(keyMaterial)\n ];\n\n // If the remote provider exists, we're in hybrid-mode. Otherwise we're in local-only mode.\n // If we're in hybrid mode the remote provider is used as a catch-all and should be last in the list.\n if (this.remoteProvider) {\n this.providers.push(this.remoteProvider);\n }\n }\n\n const providers = this.providers.filter((p) => p.isSupported(algorithm, operation));\n\n if (providers.length === 0) {\n throw new Error(\n `Unable to support operation: \"${operation}\" with algorithm: \"${algorithm}\" ${\n this.key.kind === \"JsonWebKey\" ? \"using a local JsonWebKey\" : \"\"\n }`\n );\n }\n\n // Return the first provider that supports this request\n return providers[0];\n }\n\n private ensureValid(key: CryptographyClientKey, operation?: KeyOperation): void {\n if (key.kind === \"KeyVaultKey\") {\n const keyOps = key.value.keyOperations;\n const { notBefore, expiresOn } = key.value.properties;\n const now = new Date();\n\n // Check KeyVault Key Expiration\n if (notBefore && now < notBefore) {\n throw new Error(`Key ${key.value.id} can't be used before ${notBefore.toISOString()}`);\n }\n\n if (expiresOn && now > expiresOn) {\n throw new Error(`Key ${key.value.id} expired at ${expiresOn.toISOString()}`);\n }\n\n // Check Key operations\n if (operation && keyOps && !keyOps?.includes(operation)) {\n throw new Error(`Operation ${operation} is not supported on key ${key.value.id}`);\n }\n } else if (key.kind === \"JsonWebKey\") {\n // Check JsonWebKey Key operations\n if (operation && key.value.keyOps && !key.value.keyOps?.includes(operation)) {\n throw new Error(`Operation ${operation} is not supported on key ${key.value.kid}`);\n }\n }\n }\n}\n"]}
1
+ {"version":3,"file":"cryptographyClient.js","sourceRoot":"","sources":["../../../src/cryptographyClient.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EAML,kBAAkB,GACnB,MAAM,cAAc,CAAC;AAuBtB,OAAO,EAAE,0BAA0B,EAAE,MAAM,2CAA2C,CAAC;AACvF,OAAO,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAC;AAEpD,OAAO,EAAE,uBAAuB,EAAE,MAAM,wCAAwC,CAAC;AACjF,OAAO,EAAE,uBAAuB,EAAE,MAAM,wCAAwC,CAAC;AACjF,OAAO,EAAE,mBAAmB,EAAE,MAAM,2BAA2B,CAAC;AAEhE,MAAM,SAAS,GAAG,mBAAmB,CAAC,wCAAwC,CAAC,CAAC;AAEhF;;;GAGG;AACH,MAAM,OAAO,kBAAkB;IAsD7B;;;;OAIG;IACH,YACE,GAAsC,EACtC,UAA4B,EAC5B,kBAA6C,EAAE;QAE/C,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE;YAC3B,uCAAuC;YACvC,IAAI,CAAC,GAAG,GAAG;gBACT,IAAI,EAAE,YAAY;gBAClB,KAAK,EAAE,GAAG;aACX,CAAC;YACF,IAAI,CAAC,cAAc,GAAG,IAAI,0BAA0B,CAAC,GAAG,EAAE,UAAW,EAAE,eAAe,CAAC,CAAC;SACzF;aAAM,IAAI,MAAM,IAAI,GAAG,EAAE;YACxB,4CAA4C;YAC5C,IAAI,CAAC,GAAG,GAAG;gBACT,IAAI,EAAE,aAAa;gBACnB,KAAK,EAAE,GAAG;aACX,CAAC;YACF,IAAI,CAAC,cAAc,GAAG,IAAI,0BAA0B,CAAC,GAAG,EAAE,UAAW,EAAE,eAAe,CAAC,CAAC;SACzF;aAAM;YACL,wCAAwC;YACxC,IAAI,CAAC,GAAG,GAAG;gBACT,IAAI,EAAE,YAAY;gBAClB,KAAK,EAAE,GAAG;aACX,CAAC;SACH;IACH,CAAC;IAED;;OAEG;IACH,IAAI,QAAQ;;QACV,OAAO,CAAA,MAAA,IAAI,CAAC,cAAc,0CAAE,QAAQ,KAAI,EAAE,CAAC;IAC7C,CAAC;IAED;;OAEG;IACH,IAAI,KAAK;QACP,IAAI,IAAI,CAAC,GAAG,CAAC,IAAI,KAAK,YAAY,EAAE;YAClC,OAAO,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC;SACvB;aAAM,IAAI,IAAI,CAAC,GAAG,CAAC,IAAI,KAAK,aAAa,EAAE;YAC1C,OAAO,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC;SAC1B;aAAM;YACL,OAAO,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC;SAC3B;IACH,CAAC;IAqCM,OAAO,CACZ,GAAG,IAEmD;QAEtD,MAAM,CAAC,UAAU,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC,4BAA4B,CAAC,IAAI,CAAC,CAAC;QACtE,OAAO,SAAS,CAAC,SAAS,EAAE,OAAO,EAAE,KAAK,EAAE,cAAc,EAAE,EAAE;YAC5D,IAAI,CAAC,WAAW,CAAC,MAAM,IAAI,CAAC,QAAQ,CAAC,cAAc,CAAC,EAAE,kBAAkB,CAAC,OAAO,CAAC,CAAC;YAClF,IAAI,CAAC,YAAY,CAAC,UAAU,CAAC,CAAC;YAC9B,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,SAAS,EAAE,UAAU,CAAC,SAAS,EAAE,cAAc,CAAC,CAAC;YACzF,IAAI;gBACF,OAAO,QAAQ,CAAC,OAAO,CAAC,UAAU,EAAE,cAAc,CAAC,CAAC;aACrD;YAAC,OAAO,KAAK,EAAE;gBACd,IAAI,IAAI,CAAC,cAAc,EAAE;oBACvB,OAAO,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC,UAAU,EAAE,cAAc,CAAC,CAAC;iBAChE;gBACD,MAAM,KAAK,CAAC;aACb;QACH,CAAC,CAAC,CAAC;IACL,CAAC;IAEO,YAAY,CAAC,UAA6B;QAChD,uFAAuF;QACvF,MAAM,qBAAqB,GAAgC;YACzD,SAAS;YACT,YAAY;YACZ,SAAS;YACT,YAAY;YACZ,SAAS;YACT,YAAY;SACb,CAAC;QAEF,IAAI,UAAU,CAAC,SAAS,IAAI,qBAAqB,EAAE;YACjD,IAAI;gBACF,MAAM,SAAS,GAAG,UAAqC,CAAC;gBACxD,IAAI,CAAC,SAAS,CAAC,EAAE,EAAE;oBACjB,SAAS,CAAC,EAAE,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC;iBAChC;aACF;YAAC,OAAO,CAAC,EAAE;gBACV,MAAM,IAAI,KAAK,CACb,yCAAyC,UAAU,CAAC,SAAS,yDAAyD,CAAC,CAAC,OAAO,EAAE,CAClI,CAAC;aACH;SACF;IACH,CAAC;IAED;;;OAGG;IACK,4BAA4B,CAClC,IAAkF;QAElF,IAAI,OAAO,IAAI,CAAC,CAAC,CAAC,KAAK,QAAQ,EAAE;YAC/B,4CAA4C;YAC5C,OAAO;gBACL;oBACE,SAAS,EAAE,IAAI,CAAC,CAAC,CAAC;oBAClB,SAAS,EAAE,IAAI,CAAC,CAAC,CAAC;iBACE;gBACtB,IAAI,CAAC,CAAC,CAAC,IAAI,EAAE;aACd,CAAC;SACH;aAAM;YACL,sEAAsE;YACtE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,EAAE,CAAmB,CAAC,CAAC;SACrD;IACH,CAAC;IAqCM,OAAO,CACZ,GAAG,IAEmD;QAEtD,MAAM,CAAC,UAAU,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC,4BAA4B,CAAC,IAAI,CAAC,CAAC;QAEtE,OAAO,SAAS,CAAC,SAAS,EAAE,OAAO,EAAE,KAAK,EAAE,cAAc,EAAE,EAAE;YAC5D,IAAI,CAAC,WAAW,CAAC,MAAM,IAAI,CAAC,QAAQ,CAAC,cAAc,CAAC,EAAE,kBAAkB,CAAC,OAAO,CAAC,CAAC;YAClF,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,SAAS,EAAE,UAAU,CAAC,SAAS,EAAE,cAAc,CAAC,CAAC;YACzF,IAAI;gBACF,OAAO,QAAQ,CAAC,OAAO,CAAC,UAAU,EAAE,cAAc,CAAC,CAAC;aACrD;YAAC,OAAO,KAAK,EAAE;gBACd,IAAI,IAAI,CAAC,cAAc,EAAE;oBACvB,OAAO,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC,UAAU,EAAE,cAAc,CAAC,CAAC;iBAChE;gBACD,MAAM,KAAK,CAAC;aACb;QACH,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;;OAGG;IACK,4BAA4B,CAClC,IAAkF;QAElF,IAAI,OAAO,IAAI,CAAC,CAAC,CAAC,KAAK,QAAQ,EAAE;YAC/B,qDAAqD;YACrD,OAAO;gBACL;oBACE,SAAS,EAAE,IAAI,CAAC,CAAC,CAAC;oBAClB,UAAU,EAAE,IAAI,CAAC,CAAC,CAAC;iBACC;gBACtB,IAAI,CAAC,CAAC,CAAC,IAAI,EAAE;aACd,CAAC;SACH;aAAM;YACL,gFAAgF;YAChF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,EAAE,CAAmB,CAAC,CAAC;SACrD;IACH,CAAC;IAED;;;;;;;;;;;OAWG;IACI,OAAO,CACZ,SAA2B,EAC3B,GAAe,EACf,UAA0B,EAAE;QAE5B,OAAO,SAAS,CAAC,SAAS,EAAE,OAAO,EAAE,KAAK,EAAE,cAAc,EAAE,EAAE;YAC5D,IAAI,CAAC,WAAW,CAAC,MAAM,IAAI,CAAC,QAAQ,CAAC,cAAc,CAAC,EAAE,kBAAkB,CAAC,OAAO,CAAC,CAAC;YAClF,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,SAAS,EAAE,SAAS,EAAE,cAAc,CAAC,CAAC;YAC9E,IAAI;gBACF,OAAO,QAAQ,CAAC,OAAO,CAAC,SAAS,EAAE,GAAG,EAAE,cAAc,CAAC,CAAC;aACzD;YAAC,OAAO,GAAG,EAAE;gBACZ,IAAI,IAAI,CAAC,cAAc,EAAE;oBACvB,OAAO,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC,SAAS,EAAE,GAAG,EAAE,OAAO,CAAC,CAAC;iBAC7D;gBACD,MAAM,GAAG,CAAC;aACX;QACH,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;;;;;;;;;;OAWG;IACI,SAAS,CACd,SAA2B,EAC3B,YAAwB,EACxB,UAA4B,EAAE;QAE9B,OAAO,SAAS,CAAC,WAAW,EAAE,OAAO,EAAE,KAAK,EAAE,cAAc,EAAE,EAAE;YAC9D,IAAI,CAAC,WAAW,CAAC,MAAM,IAAI,CAAC,QAAQ,CAAC,cAAc,CAAC,EAAE,kBAAkB,CAAC,SAAS,CAAC,CAAC;YACpF,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,WAAW,EAAE,SAAS,EAAE,cAAc,CAAC,CAAC;YAChF,IAAI;gBACF,OAAO,QAAQ,CAAC,SAAS,CAAC,SAAS,EAAE,YAAY,EAAE,cAAc,CAAC,CAAC;aACpE;YAAC,OAAO,GAAG,EAAE;gBACZ,IAAI,IAAI,CAAC,cAAc,EAAE;oBACvB,OAAO,IAAI,CAAC,cAAc,CAAC,SAAS,CAAC,SAAS,EAAE,YAAY,EAAE,OAAO,CAAC,CAAC;iBACxE;gBACD,MAAM,GAAG,CAAC;aACX;QACH,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;;;;;;;;;;OAWG;IACI,IAAI,CACT,SAA6B,EAC7B,MAAkB,EAClB,UAAuB,EAAE;QAEzB,OAAO,SAAS,CAAC,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,cAAc,EAAE,EAAE;YACzD,IAAI,CAAC,WAAW,CAAC,MAAM,IAAI,CAAC,QAAQ,CAAC,cAAc,CAAC,EAAE,kBAAkB,CAAC,IAAI,CAAC,CAAC;YAC/E,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,SAAS,EAAE,cAAc,CAAC,CAAC;YAC3E,IAAI;gBACF,OAAO,QAAQ,CAAC,IAAI,CAAC,SAAS,EAAE,MAAM,EAAE,cAAc,CAAC,CAAC;aACzD;YAAC,OAAO,GAAG,EAAE;gBACZ,IAAI,IAAI,CAAC,cAAc,EAAE;oBACvB,OAAO,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,SAAS,EAAE,MAAM,EAAE,cAAc,CAAC,CAAC;iBACpE;gBACD,MAAM,GAAG,CAAC;aACX;QACH,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;;;;;;;;;;;OAYG;IACI,MAAM,CACX,SAA6B,EAC7B,MAAkB,EAClB,SAAqB,EACrB,UAAyB,EAAE;QAE3B,OAAO,SAAS,CAAC,QAAQ,EAAE,OAAO,EAAE,KAAK,EAAE,cAAc,EAAE,EAAE;YAC3D,IAAI,CAAC,WAAW,CAAC,MAAM,IAAI,CAAC,QAAQ,CAAC,cAAc,CAAC,EAAE,kBAAkB,CAAC,MAAM,CAAC,CAAC;YACjF,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,QAAQ,EAAE,SAAS,EAAE,cAAc,CAAC,CAAC;YAC7E,IAAI;gBACF,OAAO,QAAQ,CAAC,MAAM,CAAC,SAAS,EAAE,MAAM,EAAE,SAAS,EAAE,cAAc,CAAC,CAAC;aACtE;YAAC,OAAO,GAAG,EAAE;gBACZ,IAAI,IAAI,CAAC,cAAc,EAAE;oBACvB,OAAO,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,SAAS,EAAE,MAAM,EAAE,SAAS,EAAE,cAAc,CAAC,CAAC;iBACjF;gBACD,MAAM,GAAG,CAAC;aACX;QACH,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;;;;;;;;;;OAWG;IACI,QAAQ,CACb,SAA6B,EAC7B,IAAgB,EAChB,UAAuB,EAAE;QAEzB,OAAO,SAAS,CAAC,UAAU,EAAE,OAAO,EAAE,KAAK,EAAE,cAAc,EAAE,EAAE;YAC7D,IAAI,CAAC,WAAW,CAAC,MAAM,IAAI,CAAC,QAAQ,CAAC,cAAc,CAAC,EAAE,kBAAkB,CAAC,IAAI,CAAC,CAAC;YAC/E,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,UAAU,EAAE,SAAS,EAAE,cAAc,CAAC,CAAC;YAC/E,IAAI;gBACF,OAAO,QAAQ,CAAC,QAAQ,CAAC,SAAS,EAAE,IAAI,EAAE,cAAc,CAAC,CAAC;aAC3D;YAAC,OAAO,GAAG,EAAE;gBACZ,IAAI,IAAI,CAAC,cAAc,EAAE;oBACvB,OAAO,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,SAAS,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC;iBAC/D;gBACD,MAAM,GAAG,CAAC;aACX;QACH,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;;;;;;;;;;;OAYG;IACI,UAAU,CACf,SAA6B,EAC7B,IAAgB,EAChB,SAAqB,EACrB,UAAyB,EAAE;QAE3B,OAAO,SAAS,CAAC,YAAY,EAAE,OAAO,EAAE,KAAK,EAAE,cAAc,EAAE,EAAE;YAC/D,IAAI,CAAC,WAAW,CAAC,MAAM,IAAI,CAAC,QAAQ,CAAC,cAAc,CAAC,EAAE,kBAAkB,CAAC,MAAM,CAAC,CAAC;YACjF,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,YAAY,EAAE,SAAS,EAAE,cAAc,CAAC,CAAC;YACjF,IAAI;gBACF,OAAO,QAAQ,CAAC,UAAU,CAAC,SAAS,EAAE,IAAI,EAAE,SAAS,EAAE,cAAc,CAAC,CAAC;aACxE;YAAC,OAAO,GAAG,EAAE;gBACZ,IAAI,IAAI,CAAC,cAAc,EAAE;oBACvB,OAAO,IAAI,CAAC,cAAc,CAAC,UAAU,CAAC,SAAS,EAAE,IAAI,EAAE,SAAS,EAAE,cAAc,CAAC,CAAC;iBACnF;gBACD,MAAM,GAAG,CAAC;aACX;QACH,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;;;;;;;OAQG;IACK,KAAK,CAAC,cAAc,CAAC,OAAsB;QACjD,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;QAEzC,QAAQ,GAAG,CAAC,IAAI,EAAE;YAChB,KAAK,YAAY;gBACf,OAAO,GAAG,CAAC,KAAK,CAAC;YACnB,KAAK,aAAa;gBAChB,OAAO,GAAG,CAAC,KAAK,CAAC,GAAI,CAAC;YACxB;gBACE,MAAM,IAAI,KAAK,CAAC,uDAAuD,CAAC,CAAC;SAC5E;IACH,CAAC;IAED;;;;OAIG;IACK,KAAK,CAAC,QAAQ,CAA6B,OAAU;QAC3D,IAAI,IAAI,CAAC,GAAG,CAAC,IAAI,KAAK,YAAY,EAAE;YAClC,0DAA0D;YAC1D,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,cAAe,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;YACvD,IAAI,CAAC,GAAG,GAAG,EAAE,IAAI,EAAE,aAAa,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC;SAChD;QACD,OAAO,IAAI,CAAC,GAAG,CAAC;IAClB,CAAC;IAGD;;;;;;OAMG;IACK,KAAK,CAAC,WAAW,CACvB,SAAwC,EACxC,SAAiB,EACjB,OAAU;QAEV,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE;YACnB,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC;YACvD,uCAAuC;YACvC,IAAI,CAAC,SAAS,GAAG;gBACf,IAAI,uBAAuB,CAAC,WAAW,CAAC;gBACxC,IAAI,uBAAuB,CAAC,WAAW,CAAC;aACzC,CAAC;YAEF,2FAA2F;YAC3F,qGAAqG;YACrG,IAAI,IAAI,CAAC,cAAc,EAAE;gBACvB,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;aAC1C;SACF;QAED,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,CAAC,SAAS,EAAE,SAAS,CAAC,CAAC,CAAC;QAEpF,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE;YAC1B,MAAM,IAAI,KAAK,CACb,iCAAiC,SAAS,sBAAsB,SAAS,KACvE,IAAI,CAAC,GAAG,CAAC,IAAI,KAAK,YAAY,CAAC,CAAC,CAAC,0BAA0B,CAAC,CAAC,CAAC,EAChE,EAAE,CACH,CAAC;SACH;QAED,uDAAuD;QACvD,OAAO,SAAS,CAAC,CAAC,CAAC,CAAC;IACtB,CAAC;IAEO,WAAW,CAAC,GAA0B,EAAE,SAAwB;;QACtE,IAAI,GAAG,CAAC,IAAI,KAAK,aAAa,EAAE;YAC9B,MAAM,MAAM,GAAG,GAAG,CAAC,KAAK,CAAC,aAAa,CAAC;YACvC,MAAM,EAAE,SAAS,EAAE,SAAS,EAAE,GAAG,GAAG,CAAC,KAAK,CAAC,UAAU,CAAC;YACtD,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;YAEvB,gCAAgC;YAChC,IAAI,SAAS,IAAI,GAAG,GAAG,SAAS,EAAE;gBAChC,MAAM,IAAI,KAAK,CAAC,OAAO,GAAG,CAAC,KAAK,CAAC,EAAE,yBAAyB,SAAS,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;aACxF;YAED,IAAI,SAAS,IAAI,GAAG,GAAG,SAAS,EAAE;gBAChC,MAAM,IAAI,KAAK,CAAC,OAAO,GAAG,CAAC,KAAK,CAAC,EAAE,eAAe,SAAS,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;aAC9E;YAED,uBAAuB;YACvB,IAAI,SAAS,IAAI,MAAM,IAAI,CAAC,CAAA,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,QAAQ,CAAC,SAAS,CAAC,CAAA,EAAE;gBACvD,MAAM,IAAI,KAAK,CAAC,aAAa,SAAS,4BAA4B,GAAG,CAAC,KAAK,CAAC,EAAE,EAAE,CAAC,CAAC;aACnF;SACF;aAAM,IAAI,GAAG,CAAC,IAAI,KAAK,YAAY,EAAE;YACpC,kCAAkC;YAClC,IAAI,SAAS,IAAI,GAAG,CAAC,KAAK,CAAC,MAAM,IAAI,CAAC,CAAA,MAAA,GAAG,CAAC,KAAK,CAAC,MAAM,0CAAE,QAAQ,CAAC,SAAS,CAAC,CAAA,EAAE;gBAC3E,MAAM,IAAI,KAAK,CAAC,aAAa,SAAS,4BAA4B,GAAG,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC;aACpF;SACF;IACH,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { OperationOptions, TokenCredential } from \"@azure/core-http\";\nimport {\n JsonWebKey,\n KeyVaultKey,\n CryptographyClientOptions,\n GetKeyOptions,\n KeyOperation,\n KnownKeyOperations,\n} from \"./keysModels\";\nimport {\n EncryptionAlgorithm,\n KeyWrapAlgorithm,\n WrapResult,\n UnwrapResult,\n DecryptResult,\n SignatureAlgorithm,\n SignResult,\n VerifyResult,\n EncryptResult,\n EncryptOptions,\n DecryptOptions,\n WrapKeyOptions,\n UnwrapKeyOptions,\n EncryptParameters,\n SignOptions,\n VerifyOptions,\n DecryptParameters,\n CryptographyClientKey,\n AesCbcEncryptParameters,\n AesCbcEncryptionAlgorithm,\n} from \"./cryptographyClientModels\";\nimport { RemoteCryptographyProvider } from \"./cryptography/remoteCryptographyProvider\";\nimport { randomBytes } from \"./cryptography/crypto\";\nimport { CryptographyProvider, CryptographyProviderOperation } from \"./cryptography/models\";\nimport { RsaCryptographyProvider } from \"./cryptography/rsaCryptographyProvider\";\nimport { AesCryptographyProvider } from \"./cryptography/aesCryptographyProvider\";\nimport { createTraceFunction } from \"../../keyvault-common/src\";\n\nconst withTrace = createTraceFunction(\"Azure.KeyVault.Keys.CryptographyClient\");\n\n/**\n * A client used to perform cryptographic operations on an Azure Key vault key\n * or a local {@link JsonWebKey}.\n */\nexport class CryptographyClient {\n /**\n * The key the CryptographyClient currently holds.\n */\n private key: CryptographyClientKey;\n\n /**\n * The remote provider, which would be undefined if used in local mode.\n */\n private remoteProvider?: RemoteCryptographyProvider;\n\n /**\n * Constructs a new instance of the Cryptography client for the given key\n *\n * Example usage:\n * ```ts\n * import { KeyClient, CryptographyClient } from \"@azure/keyvault-keys\";\n * import { DefaultAzureCredential } from \"@azure/identity\";\n *\n * let vaultUrl = `https://<MY KEYVAULT HERE>.vault.azure.net`;\n * let credentials = new DefaultAzureCredential();\n *\n * let keyClient = new KeyClient(vaultUrl, credentials);\n * let keyVaultKey = await keyClient.getKey(\"MyKey\");\n *\n * let client = new CryptographyClient(keyVaultKey.id, credentials);\n * // or\n * let client = new CryptographyClient(keyVaultKey, credentials);\n * ```\n * @param key - The key to use during cryptography tasks. You can also pass the identifier of the key i.e its url here.\n * @param credential - An object that implements the `TokenCredential` interface used to authenticate requests to the service. Use the \\@azure/identity package to create a credential that suits your needs.\n * @param pipelineOptions - Pipeline options used to configure Key Vault API requests.\n * Omit this parameter to use the default pipeline configuration.\n */\n constructor(\n key: string | KeyVaultKey,\n credential: TokenCredential,\n pipelineOptions?: CryptographyClientOptions\n );\n /**\n * Constructs a new instance of the Cryptography client for the given key in local mode.\n *\n * Example usage:\n * ```ts\n * import { CryptographyClient } from \"@azure/keyvault-keys\";\n *\n * const jsonWebKey: JsonWebKey = {\n * // ...\n * };\n * const client = new CryptographyClient(jsonWebKey);\n * ```\n * @param key - The JsonWebKey to use during cryptography operations.\n */\n constructor(key: JsonWebKey);\n /**\n * Internal constructor implementation for either local or Key Vault backed keys.\n * @param key - The key to use during cryptography tasks.\n * @param credential - Teh credential to use when constructing a Key Vault Cryptography client.\n */\n constructor(\n key: string | KeyVaultKey | JsonWebKey,\n credential?: TokenCredential,\n pipelineOptions: CryptographyClientOptions = {}\n ) {\n if (typeof key === \"string\") {\n // Key URL for remote-local operations.\n this.key = {\n kind: \"identifier\",\n value: key,\n };\n this.remoteProvider = new RemoteCryptographyProvider(key, credential!, pipelineOptions);\n } else if (\"name\" in key) {\n // KeyVault key for remote-local operations.\n this.key = {\n kind: \"KeyVaultKey\",\n value: key,\n };\n this.remoteProvider = new RemoteCryptographyProvider(key, credential!, pipelineOptions);\n } else {\n // JsonWebKey for local-only operations.\n this.key = {\n kind: \"JsonWebKey\",\n value: key,\n };\n }\n }\n\n /**\n * The base URL to the vault. If a local {@link JsonWebKey} is used vaultUrl will be empty.\n */\n get vaultUrl(): string {\n return this.remoteProvider?.vaultUrl || \"\";\n }\n\n /**\n * The ID of the key used to perform cryptographic operations for the client.\n */\n get keyID(): string | undefined {\n if (this.key.kind === \"identifier\") {\n return this.key.value;\n } else if (this.key.kind === \"KeyVaultKey\") {\n return this.key.value.id;\n } else {\n return this.key.value.kid;\n }\n }\n\n /**\n * Encrypts the given plaintext with the specified encryption parameters.\n * Depending on the algorithm set in the encryption parameters, the set of possible encryption parameters will change.\n *\n * Example usage:\n * ```ts\n * let client = new CryptographyClient(keyVaultKey, credentials);\n * let result = await client.encrypt({ algorithm: \"RSA1_5\", plaintext: Buffer.from(\"My Message\")});\n * let result = await client.encrypt({ algorithm: \"A256GCM\", plaintext: Buffer.from(\"My Message\"), additionalAuthenticatedData: Buffer.from(\"My authenticated data\")});\n * ```\n * @param encryptParameters - The encryption parameters, keyed on the encryption algorithm chosen.\n * @param options - Additional options.\n */\n public encrypt(\n encryptParameters: EncryptParameters,\n options?: EncryptOptions\n ): Promise<EncryptResult>;\n /**\n * Encrypts the given plaintext with the specified cryptography algorithm\n *\n * Example usage:\n * ```ts\n * let client = new CryptographyClient(keyVaultKey, credentials);\n * let result = await client.encrypt(\"RSA1_5\", Buffer.from(\"My Message\"));\n * ```\n * @param algorithm - The algorithm to use.\n * @param plaintext - The text to encrypt.\n * @param options - Additional options.\n * @deprecated Use `encrypt({ algorithm, plaintext }, options)` instead.\n */\n public encrypt(\n algorithm: EncryptionAlgorithm,\n plaintext: Uint8Array,\n options?: EncryptOptions\n ): Promise<EncryptResult>;\n public encrypt(\n ...args:\n | [EncryptParameters, EncryptOptions?]\n | [EncryptionAlgorithm, Uint8Array, EncryptOptions?]\n ): Promise<EncryptResult> {\n const [parameters, options] = this.disambiguateEncryptArguments(args);\n return withTrace(\"encrypt\", options, async (updatedOptions) => {\n this.ensureValid(await this.fetchKey(updatedOptions), KnownKeyOperations.Encrypt);\n this.initializeIV(parameters);\n const provider = await this.getProvider(\"encrypt\", parameters.algorithm, updatedOptions);\n try {\n return provider.encrypt(parameters, updatedOptions);\n } catch (error) {\n if (this.remoteProvider) {\n return this.remoteProvider.encrypt(parameters, updatedOptions);\n }\n throw error;\n }\n });\n }\n\n private initializeIV(parameters: EncryptParameters): void {\n // For AES-GCM the service **must** generate the IV, so we only populate it for AES-CBC\n const algorithmsRequiringIV: AesCbcEncryptionAlgorithm[] = [\n \"A128CBC\",\n \"A128CBCPAD\",\n \"A192CBC\",\n \"A192CBCPAD\",\n \"A256CBC\",\n \"A256CBCPAD\",\n ];\n\n if (parameters.algorithm in algorithmsRequiringIV) {\n try {\n const cbcParams = parameters as AesCbcEncryptParameters;\n if (!cbcParams.iv) {\n cbcParams.iv = randomBytes(16);\n }\n } catch (e) {\n throw new Error(\n `Unable to initialize IV for algorithm ${parameters.algorithm}. You may pass a valid IV to avoid this error. Error: ${e.message}`\n );\n }\n }\n }\n\n /**\n * Standardizes the arguments of multiple overloads into a single shape.\n * @param args - The encrypt arguments\n */\n private disambiguateEncryptArguments(\n args: [EncryptParameters, EncryptOptions?] | [string, Uint8Array, EncryptOptions?]\n ): [EncryptParameters, EncryptOptions] {\n if (typeof args[0] === \"string\") {\n // Sample shape: [\"RSA1_5\", buffer, options]\n return [\n {\n algorithm: args[0],\n plaintext: args[1],\n } as EncryptParameters,\n args[2] || {},\n ];\n } else {\n // Sample shape: [{ algorithm: \"RSA1_5\", plaintext: buffer }, options]\n return [args[0], (args[1] || {}) as EncryptOptions];\n }\n }\n\n /**\n * Decrypts the given ciphertext with the specified decryption parameters.\n * Depending on the algorithm used in the decryption parameters, the set of possible decryption parameters will change.\n *\n * Example usage:\n * ```ts\n * let client = new CryptographyClient(keyVaultKey, credentials);\n * let result = await client.decrypt({ algorithm: \"RSA1_5\", ciphertext: encryptedBuffer });\n * let result = await client.decrypt({ algorithm: \"A256GCM\", iv: ivFromEncryptResult, authenticationTag: tagFromEncryptResult });\n * ```\n * @param decryptParameters - The decryption parameters.\n * @param options - Additional options.\n */\n public async decrypt(\n decryptParameters: DecryptParameters,\n options?: DecryptOptions\n ): Promise<DecryptResult>;\n /**\n * Decrypts the given ciphertext with the specified cryptography algorithm\n *\n * Example usage:\n * ```ts\n * let client = new CryptographyClient(keyVaultKey, credentials);\n * let result = await client.decrypt(\"RSA1_5\", encryptedBuffer);\n * ```\n * @param algorithm - The algorithm to use.\n * @param ciphertext - The text to decrypt.\n * @param options - Additional options.\n * @deprecated Use `decrypt({ algorithm, ciphertext }, options)` instead.\n */\n public decrypt(\n algorithm: EncryptionAlgorithm,\n ciphertext: Uint8Array,\n options?: DecryptOptions\n ): Promise<DecryptResult>;\n public decrypt(\n ...args:\n | [DecryptParameters, DecryptOptions?]\n | [EncryptionAlgorithm, Uint8Array, DecryptOptions?]\n ): Promise<DecryptResult> {\n const [parameters, options] = this.disambiguateDecryptArguments(args);\n\n return withTrace(\"decrypt\", options, async (updatedOptions) => {\n this.ensureValid(await this.fetchKey(updatedOptions), KnownKeyOperations.Decrypt);\n const provider = await this.getProvider(\"decrypt\", parameters.algorithm, updatedOptions);\n try {\n return provider.decrypt(parameters, updatedOptions);\n } catch (error) {\n if (this.remoteProvider) {\n return this.remoteProvider.decrypt(parameters, updatedOptions);\n }\n throw error;\n }\n });\n }\n\n /**\n * Standardizes the arguments of multiple overloads into a single shape.\n * @param args - The decrypt arguments\n */\n private disambiguateDecryptArguments(\n args: [DecryptParameters, DecryptOptions?] | [string, Uint8Array, DecryptOptions?]\n ): [DecryptParameters, DecryptOptions] {\n if (typeof args[0] === \"string\") {\n // Sample shape: [\"RSA1_5\", encryptedBuffer, options]\n return [\n {\n algorithm: args[0],\n ciphertext: args[1],\n } as DecryptParameters,\n args[2] || {},\n ];\n } else {\n // Sample shape: [{ algorithm: \"RSA1_5\", ciphertext: encryptedBuffer }, options]\n return [args[0], (args[1] || {}) as DecryptOptions];\n }\n }\n\n /**\n * Wraps the given key using the specified cryptography algorithm\n *\n * Example usage:\n * ```ts\n * let client = new CryptographyClient(keyVaultKey, credentials);\n * let result = await client.wrapKey(\"RSA1_5\", keyToWrap);\n * ```\n * @param algorithm - The encryption algorithm to use to wrap the given key.\n * @param key - The key to wrap.\n * @param options - Additional options.\n */\n public wrapKey(\n algorithm: KeyWrapAlgorithm,\n key: Uint8Array,\n options: WrapKeyOptions = {}\n ): Promise<WrapResult> {\n return withTrace(\"wrapKey\", options, async (updatedOptions) => {\n this.ensureValid(await this.fetchKey(updatedOptions), KnownKeyOperations.WrapKey);\n const provider = await this.getProvider(\"wrapKey\", algorithm, updatedOptions);\n try {\n return provider.wrapKey(algorithm, key, updatedOptions);\n } catch (err) {\n if (this.remoteProvider) {\n return this.remoteProvider.wrapKey(algorithm, key, options);\n }\n throw err;\n }\n });\n }\n\n /**\n * Unwraps the given wrapped key using the specified cryptography algorithm\n *\n * Example usage:\n * ```ts\n * let client = new CryptographyClient(keyVaultKey, credentials);\n * let result = await client.unwrapKey(\"RSA1_5\", keyToUnwrap);\n * ```\n * @param algorithm - The decryption algorithm to use to unwrap the key.\n * @param encryptedKey - The encrypted key to unwrap.\n * @param options - Additional options.\n */\n public unwrapKey(\n algorithm: KeyWrapAlgorithm,\n encryptedKey: Uint8Array,\n options: UnwrapKeyOptions = {}\n ): Promise<UnwrapResult> {\n return withTrace(\"unwrapKey\", options, async (updatedOptions) => {\n this.ensureValid(await this.fetchKey(updatedOptions), KnownKeyOperations.UnwrapKey);\n const provider = await this.getProvider(\"unwrapKey\", algorithm, updatedOptions);\n try {\n return provider.unwrapKey(algorithm, encryptedKey, updatedOptions);\n } catch (err) {\n if (this.remoteProvider) {\n return this.remoteProvider.unwrapKey(algorithm, encryptedKey, options);\n }\n throw err;\n }\n });\n }\n\n /**\n * Cryptographically sign the digest of a message\n *\n * Example usage:\n * ```ts\n * let client = new CryptographyClient(keyVaultKey, credentials);\n * let result = await client.sign(\"RS256\", digest);\n * ```\n * @param algorithm - The signing algorithm to use.\n * @param digest - The digest of the data to sign.\n * @param options - Additional options.\n */\n public sign(\n algorithm: SignatureAlgorithm,\n digest: Uint8Array,\n options: SignOptions = {}\n ): Promise<SignResult> {\n return withTrace(\"sign\", options, async (updatedOptions) => {\n this.ensureValid(await this.fetchKey(updatedOptions), KnownKeyOperations.Sign);\n const provider = await this.getProvider(\"sign\", algorithm, updatedOptions);\n try {\n return provider.sign(algorithm, digest, updatedOptions);\n } catch (err) {\n if (this.remoteProvider) {\n return this.remoteProvider.sign(algorithm, digest, updatedOptions);\n }\n throw err;\n }\n });\n }\n\n /**\n * Verify the signed message digest\n *\n * Example usage:\n * ```ts\n * let client = new CryptographyClient(keyVaultKey, credentials);\n * let result = await client.verify(\"RS256\", signedDigest, signature);\n * ```\n * @param algorithm - The signing algorithm to use to verify with.\n * @param digest - The digest to verify.\n * @param signature - The signature to verify the digest against.\n * @param options - Additional options.\n */\n public verify(\n algorithm: SignatureAlgorithm,\n digest: Uint8Array,\n signature: Uint8Array,\n options: VerifyOptions = {}\n ): Promise<VerifyResult> {\n return withTrace(\"verify\", options, async (updatedOptions) => {\n this.ensureValid(await this.fetchKey(updatedOptions), KnownKeyOperations.Verify);\n const provider = await this.getProvider(\"verify\", algorithm, updatedOptions);\n try {\n return provider.verify(algorithm, digest, signature, updatedOptions);\n } catch (err) {\n if (this.remoteProvider) {\n return this.remoteProvider.verify(algorithm, digest, signature, updatedOptions);\n }\n throw err;\n }\n });\n }\n\n /**\n * Cryptographically sign a block of data\n *\n * Example usage:\n * ```ts\n * let client = new CryptographyClient(keyVaultKey, credentials);\n * let result = await client.signData(\"RS256\", message);\n * ```\n * @param algorithm - The signing algorithm to use.\n * @param data - The data to sign.\n * @param options - Additional options.\n */\n public signData(\n algorithm: SignatureAlgorithm,\n data: Uint8Array,\n options: SignOptions = {}\n ): Promise<SignResult> {\n return withTrace(\"signData\", options, async (updatedOptions) => {\n this.ensureValid(await this.fetchKey(updatedOptions), KnownKeyOperations.Sign);\n const provider = await this.getProvider(\"signData\", algorithm, updatedOptions);\n try {\n return provider.signData(algorithm, data, updatedOptions);\n } catch (err) {\n if (this.remoteProvider) {\n return this.remoteProvider.signData(algorithm, data, options);\n }\n throw err;\n }\n });\n }\n\n /**\n * Verify the signed block of data\n *\n * Example usage:\n * ```ts\n * let client = new CryptographyClient(keyVaultKey, credentials);\n * let result = await client.verifyData(\"RS256\", signedMessage, signature);\n * ```\n * @param algorithm - The algorithm to use to verify with.\n * @param data - The signed block of data to verify.\n * @param signature - The signature to verify the block against.\n * @param options - Additional options.\n */\n public verifyData(\n algorithm: SignatureAlgorithm,\n data: Uint8Array,\n signature: Uint8Array,\n options: VerifyOptions = {}\n ): Promise<VerifyResult> {\n return withTrace(\"verifyData\", options, async (updatedOptions) => {\n this.ensureValid(await this.fetchKey(updatedOptions), KnownKeyOperations.Verify);\n const provider = await this.getProvider(\"verifyData\", algorithm, updatedOptions);\n try {\n return provider.verifyData(algorithm, data, signature, updatedOptions);\n } catch (err) {\n if (this.remoteProvider) {\n return this.remoteProvider.verifyData(algorithm, data, signature, updatedOptions);\n }\n throw err;\n }\n });\n }\n\n /**\n * Retrieves the {@link JsonWebKey} from the Key Vault.\n *\n * Example usage:\n * ```ts\n * let client = new CryptographyClient(keyVaultKey, credentials);\n * let result = await client.getKeyMaterial();\n * ```\n */\n private async getKeyMaterial(options: GetKeyOptions): Promise<JsonWebKey> {\n const key = await this.fetchKey(options);\n\n switch (key.kind) {\n case \"JsonWebKey\":\n return key.value;\n case \"KeyVaultKey\":\n return key.value.key!;\n default:\n throw new Error(\"Failed to exchange Key ID for an actual KeyVault Key.\");\n }\n }\n\n /**\n * Returns the underlying key used for cryptographic operations.\n * If needed, fetches the key from KeyVault and exchanges the ID for the actual key.\n * @param options - The additional options.\n */\n private async fetchKey<T extends OperationOptions>(options: T): Promise<CryptographyClientKey> {\n if (this.key.kind === \"identifier\") {\n // Exchange the identifier with the actual key when needed\n const key = await this.remoteProvider!.getKey(options);\n this.key = { kind: \"KeyVaultKey\", value: key };\n }\n return this.key;\n }\n\n private providers?: CryptographyProvider[];\n /**\n * Gets the provider that support this algorithm and operation.\n * The available providers are ordered by priority such that the first provider that supports this\n * operation is the one we should use.\n * @param operation - The {@link KeyOperation}.\n * @param algorithm - The algorithm to use.\n */\n private async getProvider<T extends OperationOptions>(\n operation: CryptographyProviderOperation,\n algorithm: string,\n options: T\n ): Promise<CryptographyProvider> {\n if (!this.providers) {\n const keyMaterial = await this.getKeyMaterial(options);\n // Add local crypto providers as needed\n this.providers = [\n new RsaCryptographyProvider(keyMaterial),\n new AesCryptographyProvider(keyMaterial),\n ];\n\n // If the remote provider exists, we're in hybrid-mode. Otherwise we're in local-only mode.\n // If we're in hybrid mode the remote provider is used as a catch-all and should be last in the list.\n if (this.remoteProvider) {\n this.providers.push(this.remoteProvider);\n }\n }\n\n const providers = this.providers.filter((p) => p.isSupported(algorithm, operation));\n\n if (providers.length === 0) {\n throw new Error(\n `Unable to support operation: \"${operation}\" with algorithm: \"${algorithm}\" ${\n this.key.kind === \"JsonWebKey\" ? \"using a local JsonWebKey\" : \"\"\n }`\n );\n }\n\n // Return the first provider that supports this request\n return providers[0];\n }\n\n private ensureValid(key: CryptographyClientKey, operation?: KeyOperation): void {\n if (key.kind === \"KeyVaultKey\") {\n const keyOps = key.value.keyOperations;\n const { notBefore, expiresOn } = key.value.properties;\n const now = new Date();\n\n // Check KeyVault Key Expiration\n if (notBefore && now < notBefore) {\n throw new Error(`Key ${key.value.id} can't be used before ${notBefore.toISOString()}`);\n }\n\n if (expiresOn && now > expiresOn) {\n throw new Error(`Key ${key.value.id} expired at ${expiresOn.toISOString()}`);\n }\n\n // Check Key operations\n if (operation && keyOps && !keyOps?.includes(operation)) {\n throw new Error(`Operation ${operation} is not supported on key ${key.value.id}`);\n }\n } else if (key.kind === \"JsonWebKey\") {\n // Check JsonWebKey Key operations\n if (operation && key.value.keyOps && !key.value.keyOps?.includes(operation)) {\n throw new Error(`Operation ${operation} is not supported on key ${key.value.kid}`);\n }\n }\n }\n}\n"]}
package/dist-esm/keyvault-keys/src/cryptographyClientModels.js CHANGED
@@ -1,5 +1,39 @@
1
1
  // Copyright (c) Microsoft Corporation.
2
2
  // Licensed under the MIT license.
3
- import { KnownJsonWebKeyCurveName as KnownKeyCurveNames, KnownJsonWebKeyEncryptionAlgorithm as KnownEncryptionAlgorithms, KnownJsonWebKeySignatureAlgorithm as KnownSignatureAlgorithms } from "./generated/models";
4
- export { KnownKeyCurveNames, KnownEncryptionAlgorithms, KnownSignatureAlgorithms };
3
+ import { KnownJsonWebKeyCurveName as KnownKeyCurveNames, KnownJsonWebKeySignatureAlgorithm as KnownSignatureAlgorithms, } from "./generated/models";
4
+ export { KnownKeyCurveNames, KnownSignatureAlgorithms, };
5
+ /** Known values of {@link EncryptionAlgorithm} that the service accepts. */
6
+ export var KnownEncryptionAlgorithms;
7
+ (function (KnownEncryptionAlgorithms) {
8
+ /** Encryption Algorithm - RSA-OAEP */
9
+ KnownEncryptionAlgorithms["RSAOaep"] = "RSA-OAEP";
10
+ /** Encryption Algorithm - RSA-OAEP-256 */
11
+ KnownEncryptionAlgorithms["RSAOaep256"] = "RSA-OAEP-256";
12
+ /** Encryption Algorithm - RSA1_5 */
13
+ KnownEncryptionAlgorithms["RSA15"] = "RSA1_5";
14
+ /** Encryption Algorithm - A128GCM */
15
+ KnownEncryptionAlgorithms["A128GCM"] = "A128GCM";
16
+ /** Encryption Algorithm - A192GCM */
17
+ KnownEncryptionAlgorithms["A192GCM"] = "A192GCM";
18
+ /** Encryption Algorithm - A256GCM */
19
+ KnownEncryptionAlgorithms["A256GCM"] = "A256GCM";
20
+ /** Encryption Algorithm - A128KW */
21
+ KnownEncryptionAlgorithms["A128KW"] = "A128KW";
22
+ /** Encryption Algorithm - A192KW */
23
+ KnownEncryptionAlgorithms["A192KW"] = "A192KW";
24
+ /** Encryption Algorithm - A256KW */
25
+ KnownEncryptionAlgorithms["A256KW"] = "A256KW";
26
+ /** Encryption Algorithm - A128CBC */
27
+ KnownEncryptionAlgorithms["A128CBC"] = "A128CBC";
28
+ /** Encryption Algorithm - A192CBC */
29
+ KnownEncryptionAlgorithms["A192CBC"] = "A192CBC";
30
+ /** Encryption Algorithm - A256CBC */
31
+ KnownEncryptionAlgorithms["A256CBC"] = "A256CBC";
32
+ /** Encryption Algorithm - A128CBCPAD */
33
+ KnownEncryptionAlgorithms["A128Cbcpad"] = "A128CBCPAD";
34
+ /** Encryption Algorithm - A192CBCPAD */
35
+ KnownEncryptionAlgorithms["A192Cbcpad"] = "A192CBCPAD";
36
+ /** Encryption Algorithm - A256CBCPAD */
37
+ KnownEncryptionAlgorithms["A256Cbcpad"] = "A256CBCPAD";
38
+ })(KnownEncryptionAlgorithms || (KnownEncryptionAlgorithms = {}));
5
39
  //# sourceMappingURL=cryptographyClientModels.js.map
package/dist-esm/keyvault-keys/src/cryptographyClientModels.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"cryptographyClientModels.js","sourceRoot":"","sources":["../../../src/cryptographyClientModels.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAIlC,OAAO,EAEL,wBAAwB,IAAI,kBAAkB,EAE9C,kCAAkC,IAAI,yBAAyB,EAE/D,iCAAiC,IAAI,wBAAwB,EAC9D,MAAM,oBAAoB,CAAC;AAE5B,OAAO,EAEL,kBAAkB,EAElB,yBAAyB,EAEzB,wBAAwB,EACzB,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { CryptographyOptions, KeyVaultKey, JsonWebKey } from \"./keysModels\";\n\nimport {\n JsonWebKeyCurveName as KeyCurveName,\n KnownJsonWebKeyCurveName as KnownKeyCurveNames,\n JsonWebKeyEncryptionAlgorithm as EncryptionAlgorithm,\n KnownJsonWebKeyEncryptionAlgorithm as KnownEncryptionAlgorithms,\n JsonWebKeySignatureAlgorithm as SignatureAlgorithm,\n KnownJsonWebKeySignatureAlgorithm as KnownSignatureAlgorithms\n} from \"./generated/models\";\n\nexport {\n KeyCurveName,\n KnownKeyCurveNames,\n EncryptionAlgorithm,\n KnownEncryptionAlgorithms,\n SignatureAlgorithm,\n KnownSignatureAlgorithms\n};\n\n/**\n * Supported algorithms for key wrapping/unwrapping\n */\nexport type KeyWrapAlgorithm =\n | \"A128KW\"\n | \"A192KW\"\n | \"A256KW\"\n | \"RSA-OAEP\"\n | \"RSA-OAEP-256\"\n | \"RSA1_5\";\n\n/**\n * Result of the {@link encrypt} operation.\n */\nexport interface EncryptResult {\n /**\n * Result of the {@link encrypt} operation in bytes.\n */\n result: Uint8Array;\n /**\n * The {@link EncryptionAlgorithm} used to encrypt the data.\n */\n algorithm: EncryptionAlgorithm;\n /**\n * The ID of the Key Vault Key used to encrypt the data.\n */\n keyID?: string;\n /**\n * The initialization vector used for encryption.\n */\n iv?: Uint8Array;\n /**\n * The authentication tag resulting from encryption with a symmetric key including A128GCM, A192GCM, and A256GCM.\n */\n authenticationTag?: Uint8Array;\n /**\n * Additional data that is authenticated during decryption but not encrypted.\n */\n additionalAuthenticatedData?: Uint8Array;\n}\n\n/**\n * Result of the {@link wrap} operation.\n */\nexport interface WrapResult {\n /**\n * Result of the {@link wrap} operation in bytes.\n */\n result: Uint8Array;\n /**\n * The ID of the Key Vault Key used to wrap the data.\n */\n keyID?: string;\n /**\n * The {@link EncryptionAlgorithm} used to wrap the data.\n */\n algorithm: KeyWrapAlgorithm;\n}\n\n/**\n * Result of the {@link unwrap} operation.\n */\nexport interface UnwrapResult {\n /**\n * Result of the {@link unwrap} operation in bytes.\n */\n result: Uint8Array;\n /**\n * The ID of the Key Vault Key used to unwrap the data.\n */\n keyID?: string;\n /**\n * The {@link KeyWrapAlgorithm} used to unwrap the data.\n */\n algorithm: KeyWrapAlgorithm;\n}\n/**\n * Result of the {@link decrypt} operation.\n */\nexport interface DecryptResult {\n /**\n * Result of the {@link decrypt} operation in bytes.\n */\n result: Uint8Array;\n /**\n * The ID of the Key Vault Key used to decrypt the encrypted data.\n */\n keyID?: string;\n /**\n * The {@link EncryptionAlgorithm} used to decrypt the encrypted data.\n */\n algorithm: EncryptionAlgorithm;\n}\n\n/**\n * Result of the {@link sign} operation.\n */\nexport interface SignResult {\n /**\n * Result of the {@link sign} operation in bytes.\n */\n result: Uint8Array;\n /**\n * The ID of the Key Vault Key used to sign the data.\n */\n keyID?: string;\n /**\n * The {@link EncryptionAlgorithm} used to sign the data.\n */\n algorithm: SignatureAlgorithm;\n}\n\n/**\n * Result of the {@link verify} operation.\n */\nexport interface VerifyResult {\n /**\n * Result of the {@link verify} operation in bytes.\n */\n result: boolean;\n /**\n * The ID of the Key Vault Key used to verify the data.\n */\n keyID?: string;\n}\n\n/**\n * Options for {@link encrypt}.\n */\nexport interface EncryptOptions extends CryptographyOptions {}\n\n/**\n * Options for {@link decrypt}.\n */\nexport interface DecryptOptions extends CryptographyOptions {}\n\n/**\n * Options for {@link sign}.\n */\nexport interface SignOptions extends CryptographyOptions {}\n\n/**\n * Options for {@link verify}.\n */\nexport interface VerifyOptions extends CryptographyOptions {}\n\n/**\n * Options for {@link verifyData}\n */\nexport interface VerifyDataOptions extends CryptographyOptions {}\n\n/**\n * Options for {@link wrapKey}.\n */\nexport interface WrapKeyOptions extends CryptographyOptions {}\n\n/**\n * Options for {@link unwrapKey}.\n */\nexport interface UnwrapKeyOptions extends CryptographyOptions {}\n\n/**\n * A union type representing all supported RSA encryption algorithms.\n */\nexport type RsaEncryptionAlgorithm = \"RSA1_5\" | \"RSA-OAEP\" | \"RSA-OAEP-256\";\n\n/**\n * Encryption parameters for RSA encryption algorithms.\n */\nexport interface RsaEncryptParameters {\n /**\n * The encryption algorithm to use.\n */\n algorithm: RsaEncryptionAlgorithm;\n /**\n * The plain text to encrypt.\n */\n plaintext: Uint8Array;\n}\n\n/**\n * A union type representing all supported AES-GCM encryption algorithms.\n */\nexport type AesGcmEncryptionAlgorithm = \"A128GCM\" | \"A192GCM\" | \"A256GCM\";\n\n/**\n * Encryption parameters for AES-GCM encryption algorithms.\n */\nexport interface AesGcmEncryptParameters {\n /**\n * The encryption algorithm to use.\n */\n algorithm: AesGcmEncryptionAlgorithm;\n /**\n * The plain text to encrypt.\n */\n plaintext: Uint8Array;\n /**\n * Optional data that is authenticated but not encrypted.\n */\n additionalAuthenticatedData?: Uint8Array;\n}\n\n/**\n * A union type representing all supported AES-CBC encryption algorithms.\n */\nexport type AesCbcEncryptionAlgorithm =\n | \"A128CBC\"\n | \"A192CBC\"\n | \"A256CBC\"\n | \"A128CBCPAD\"\n | \"A192CBCPAD\"\n | \"A256CBCPAD\";\n\n/**\n * Encryption parameters for AES-CBC encryption algorithms.\n */\nexport interface AesCbcEncryptParameters {\n /**\n * The encryption algorithm to use.\n */\n algorithm: AesCbcEncryptionAlgorithm;\n /**\n * The plain text to encrypt.\n */\n plaintext: Uint8Array;\n /**\n * The initialization vector used for encryption. If omitted we will attempt to generate an IV using crypto's `randomBytes` functionality.\n * An error will be thrown if creating an IV fails, and you may recover by passing in your own cryptographically secure IV.\n */\n iv?: Uint8Array;\n}\n\n/**\n * A type representing all currently supported encryption parameters as they apply to different encryption algorithms.\n */\nexport type EncryptParameters =\n | RsaEncryptParameters\n | AesGcmEncryptParameters\n | AesCbcEncryptParameters;\n\n/**\n * Decryption parameters for RSA encryption algorithms.\n */\nexport interface RsaDecryptParameters {\n /**\n * The encryption algorithm to use.\n */\n algorithm: RsaEncryptionAlgorithm;\n /**\n * The ciphertext to decrypt.\n */\n ciphertext: Uint8Array;\n}\n\n/**\n * Decryption parameters for AES-GCM encryption algorithms.\n */\nexport interface AesGcmDecryptParameters {\n /**\n * The encryption algorithm to use.\n */\n algorithm: AesGcmEncryptionAlgorithm;\n /**\n * The ciphertext to decrypt.\n */\n ciphertext: Uint8Array;\n /**\n * The initialization vector (or nonce) generated during encryption.\n */\n iv: Uint8Array;\n /**\n * The authentication tag generated during encryption.\n */\n authenticationTag: Uint8Array;\n /**\n * Optional data that is authenticated but not encrypted.\n */\n additionalAuthenticatedData?: Uint8Array;\n}\n\n/**\n * Decryption parameters for AES-CBC encryption algorithms.\n */\nexport interface AesCbcDecryptParameters {\n /**\n * The encryption algorithm to use.\n */\n algorithm: AesCbcEncryptionAlgorithm;\n /**\n * The initialization vector used during encryption.\n */\n /**\n * The ciphertext to decrypt.\n */\n ciphertext: Uint8Array;\n /**\n * The initialization vector generated during encryption.\n */\n iv: Uint8Array;\n}\n\n/**\n * A type representing all currently supported decryption parameters as they apply to different encryption algorithms.\n */\nexport type DecryptParameters =\n | RsaDecryptParameters\n | AesGcmDecryptParameters\n | AesCbcDecryptParameters;\n\n/**\n * The various key types a {@link CryptographyClient} can hold.\n * The key may be an identifier (URL) to a KeyVault key, the actual KeyVault key,\n * or a local-only JsonWebKey.\n *\n * If an identifier is used, it will be exchanged for a {@link KeyVaultKey} during the first operation call.\n */\nexport type CryptographyClientKey =\n | {\n kind: \"identifier\";\n value: string;\n }\n | {\n kind: \"KeyVaultKey\";\n value: KeyVaultKey;\n }\n | {\n kind: \"JsonWebKey\";\n value: JsonWebKey;\n };\n"]}
1
+ {"version":3,"file":"cryptographyClientModels.js","sourceRoot":"","sources":["../../../src/cryptographyClientModels.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAIlC,OAAO,EAGL,wBAAwB,IAAI,kBAAkB,EAG9C,iCAAiC,IAAI,wBAAwB,GAC9D,MAAM,oBAAoB,CAAC;AAE5B,OAAO,EAEL,kBAAkB,EAGlB,wBAAwB,GACzB,CAAC;AAEF,4EAA4E;AAC5E,MAAM,CAAN,IAAY,yBA+BX;AA/BD,WAAY,yBAAyB;IACnC,sCAAsC;IACtC,iDAAoB,CAAA;IACpB,0CAA0C;IAC1C,wDAA2B,CAAA;IAC3B,oCAAoC;IACpC,6CAAgB,CAAA;IAChB,qCAAqC;IACrC,gDAAmB,CAAA;IACnB,qCAAqC;IACrC,gDAAmB,CAAA;IACnB,qCAAqC;IACrC,gDAAmB,CAAA;IACnB,oCAAoC;IACpC,8CAAiB,CAAA;IACjB,oCAAoC;IACpC,8CAAiB,CAAA;IACjB,oCAAoC;IACpC,8CAAiB,CAAA;IACjB,qCAAqC;IACrC,gDAAmB,CAAA;IACnB,qCAAqC;IACrC,gDAAmB,CAAA;IACnB,qCAAqC;IACrC,gDAAmB,CAAA;IACnB,wCAAwC;IACxC,sDAAyB,CAAA;IACzB,wCAAwC;IACxC,sDAAyB,CAAA;IACzB,wCAAwC;IACxC,sDAAyB,CAAA;AAC3B,CAAC,EA/BW,yBAAyB,KAAzB,yBAAyB,QA+BpC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { CryptographyOptions, KeyVaultKey } from \"./keysModels\";\n\nimport {\n JsonWebKey,\n JsonWebKeyCurveName as KeyCurveName,\n KnownJsonWebKeyCurveName as KnownKeyCurveNames,\n JsonWebKeyEncryptionAlgorithm as EncryptionAlgorithm,\n JsonWebKeySignatureAlgorithm as SignatureAlgorithm,\n KnownJsonWebKeySignatureAlgorithm as KnownSignatureAlgorithms,\n} from \"./generated/models\";\n\nexport {\n KeyCurveName,\n KnownKeyCurveNames,\n EncryptionAlgorithm,\n SignatureAlgorithm,\n KnownSignatureAlgorithms,\n};\n\n/** Known values of {@link EncryptionAlgorithm} that the service accepts. */\nexport enum KnownEncryptionAlgorithms {\n /** Encryption Algorithm - RSA-OAEP */\n RSAOaep = \"RSA-OAEP\",\n /** Encryption Algorithm - RSA-OAEP-256 */\n RSAOaep256 = \"RSA-OAEP-256\",\n /** Encryption Algorithm - RSA1_5 */\n RSA15 = \"RSA1_5\",\n /** Encryption Algorithm - A128GCM */\n A128GCM = \"A128GCM\",\n /** Encryption Algorithm - A192GCM */\n A192GCM = \"A192GCM\",\n /** Encryption Algorithm - A256GCM */\n A256GCM = \"A256GCM\",\n /** Encryption Algorithm - A128KW */\n A128KW = \"A128KW\",\n /** Encryption Algorithm - A192KW */\n A192KW = \"A192KW\",\n /** Encryption Algorithm - A256KW */\n A256KW = \"A256KW\",\n /** Encryption Algorithm - A128CBC */\n A128CBC = \"A128CBC\",\n /** Encryption Algorithm - A192CBC */\n A192CBC = \"A192CBC\",\n /** Encryption Algorithm - A256CBC */\n A256CBC = \"A256CBC\",\n /** Encryption Algorithm - A128CBCPAD */\n A128Cbcpad = \"A128CBCPAD\",\n /** Encryption Algorithm - A192CBCPAD */\n A192Cbcpad = \"A192CBCPAD\",\n /** Encryption Algorithm - A256CBCPAD */\n A256Cbcpad = \"A256CBCPAD\",\n}\n\n/**\n * Supported algorithms for key wrapping/unwrapping\n */\nexport type KeyWrapAlgorithm =\n | \"A128KW\"\n | \"A192KW\"\n | \"A256KW\"\n | \"RSA-OAEP\"\n | \"RSA-OAEP-256\"\n | \"RSA1_5\";\n\n/**\n * Result of the {@link encrypt} operation.\n */\nexport interface EncryptResult {\n /**\n * Result of the {@link encrypt} operation in bytes.\n */\n result: Uint8Array;\n /**\n * The {@link EncryptionAlgorithm} used to encrypt the data.\n */\n algorithm: EncryptionAlgorithm;\n /**\n * The ID of the Key Vault Key used to encrypt the data.\n */\n keyID?: string;\n /**\n * The initialization vector used for encryption.\n */\n iv?: Uint8Array;\n /**\n * The authentication tag resulting from encryption with a symmetric key including A128GCM, A192GCM, and A256GCM.\n */\n authenticationTag?: Uint8Array;\n /**\n * Additional data that is authenticated during decryption but not encrypted.\n */\n additionalAuthenticatedData?: Uint8Array;\n}\n\n/**\n * Result of the {@link wrap} operation.\n */\nexport interface WrapResult {\n /**\n * Result of the {@link wrap} operation in bytes.\n */\n result: Uint8Array;\n /**\n * The ID of the Key Vault Key used to wrap the data.\n */\n keyID?: string;\n /**\n * The {@link EncryptionAlgorithm} used to wrap the data.\n */\n algorithm: KeyWrapAlgorithm;\n}\n\n/**\n * Result of the {@link unwrap} operation.\n */\nexport interface UnwrapResult {\n /**\n * Result of the {@link unwrap} operation in bytes.\n */\n result: Uint8Array;\n /**\n * The ID of the Key Vault Key used to unwrap the data.\n */\n keyID?: string;\n /**\n * The {@link KeyWrapAlgorithm} used to unwrap the data.\n */\n algorithm: KeyWrapAlgorithm;\n}\n/**\n * Result of the {@link decrypt} operation.\n */\nexport interface DecryptResult {\n /**\n * Result of the {@link decrypt} operation in bytes.\n */\n result: Uint8Array;\n /**\n * The ID of the Key Vault Key used to decrypt the encrypted data.\n */\n keyID?: string;\n /**\n * The {@link EncryptionAlgorithm} used to decrypt the encrypted data.\n */\n algorithm: EncryptionAlgorithm;\n}\n\n/**\n * Result of the {@link sign} operation.\n */\nexport interface SignResult {\n /**\n * Result of the {@link sign} operation in bytes.\n */\n result: Uint8Array;\n /**\n * The ID of the Key Vault Key used to sign the data.\n */\n keyID?: string;\n /**\n * The {@link EncryptionAlgorithm} used to sign the data.\n */\n algorithm: SignatureAlgorithm;\n}\n\n/**\n * Result of the {@link verify} operation.\n */\nexport interface VerifyResult {\n /**\n * Result of the {@link verify} operation in bytes.\n */\n result: boolean;\n /**\n * The ID of the Key Vault Key used to verify the data.\n */\n keyID?: string;\n}\n\n/**\n * Options for {@link encrypt}.\n */\nexport interface EncryptOptions extends CryptographyOptions {}\n\n/**\n * Options for {@link decrypt}.\n */\nexport interface DecryptOptions extends CryptographyOptions {}\n\n/**\n * Options for {@link sign}.\n */\nexport interface SignOptions extends CryptographyOptions {}\n\n/**\n * Options for {@link verify}.\n */\nexport interface VerifyOptions extends CryptographyOptions {}\n\n/**\n * Options for {@link verifyData}\n */\nexport interface VerifyDataOptions extends CryptographyOptions {}\n\n/**\n * Options for {@link wrapKey}.\n */\nexport interface WrapKeyOptions extends CryptographyOptions {}\n\n/**\n * Options for {@link unwrapKey}.\n */\nexport interface UnwrapKeyOptions extends CryptographyOptions {}\n\n/**\n * A union type representing all supported RSA encryption algorithms.\n */\nexport type RsaEncryptionAlgorithm = \"RSA1_5\" | \"RSA-OAEP\" | \"RSA-OAEP-256\";\n\n/**\n * Encryption parameters for RSA encryption algorithms.\n */\nexport interface RsaEncryptParameters {\n /**\n * The encryption algorithm to use.\n */\n algorithm: RsaEncryptionAlgorithm;\n /**\n * The plain text to encrypt.\n */\n plaintext: Uint8Array;\n}\n\n/**\n * A union type representing all supported AES-GCM encryption algorithms.\n */\nexport type AesGcmEncryptionAlgorithm = \"A128GCM\" | \"A192GCM\" | \"A256GCM\";\n\n/**\n * Encryption parameters for AES-GCM encryption algorithms.\n */\nexport interface AesGcmEncryptParameters {\n /**\n * The encryption algorithm to use.\n */\n algorithm: AesGcmEncryptionAlgorithm;\n /**\n * The plain text to encrypt.\n */\n plaintext: Uint8Array;\n /**\n * Optional data that is authenticated but not encrypted.\n */\n additionalAuthenticatedData?: Uint8Array;\n}\n\n/**\n * A union type representing all supported AES-CBC encryption algorithms.\n */\nexport type AesCbcEncryptionAlgorithm =\n | \"A128CBC\"\n | \"A192CBC\"\n | \"A256CBC\"\n | \"A128CBCPAD\"\n | \"A192CBCPAD\"\n | \"A256CBCPAD\";\n\n/**\n * Encryption parameters for AES-CBC encryption algorithms.\n */\nexport interface AesCbcEncryptParameters {\n /**\n * The encryption algorithm to use.\n */\n algorithm: AesCbcEncryptionAlgorithm;\n /**\n * The plain text to encrypt.\n */\n plaintext: Uint8Array;\n /**\n * The initialization vector used for encryption. If omitted we will attempt to generate an IV using crypto's `randomBytes` functionality.\n * An error will be thrown if creating an IV fails, and you may recover by passing in your own cryptographically secure IV.\n */\n iv?: Uint8Array;\n}\n\n/**\n * A type representing all currently supported encryption parameters as they apply to different encryption algorithms.\n */\nexport type EncryptParameters =\n | RsaEncryptParameters\n | AesGcmEncryptParameters\n | AesCbcEncryptParameters;\n\n/**\n * Decryption parameters for RSA encryption algorithms.\n */\nexport interface RsaDecryptParameters {\n /**\n * The encryption algorithm to use.\n */\n algorithm: RsaEncryptionAlgorithm;\n /**\n * The ciphertext to decrypt.\n */\n ciphertext: Uint8Array;\n}\n\n/**\n * Decryption parameters for AES-GCM encryption algorithms.\n */\nexport interface AesGcmDecryptParameters {\n /**\n * The encryption algorithm to use.\n */\n algorithm: AesGcmEncryptionAlgorithm;\n /**\n * The ciphertext to decrypt.\n */\n ciphertext: Uint8Array;\n /**\n * The initialization vector (or nonce) generated during encryption.\n */\n iv: Uint8Array;\n /**\n * The authentication tag generated during encryption.\n */\n authenticationTag: Uint8Array;\n /**\n * Optional data that is authenticated but not encrypted.\n */\n additionalAuthenticatedData?: Uint8Array;\n}\n\n/**\n * Decryption parameters for AES-CBC encryption algorithms.\n */\nexport interface AesCbcDecryptParameters {\n /**\n * The encryption algorithm to use.\n */\n algorithm: AesCbcEncryptionAlgorithm;\n /**\n * The initialization vector used during encryption.\n */\n /**\n * The ciphertext to decrypt.\n */\n ciphertext: Uint8Array;\n /**\n * The initialization vector generated during encryption.\n */\n iv: Uint8Array;\n}\n\n/**\n * A type representing all currently supported decryption parameters as they apply to different encryption algorithms.\n */\nexport type DecryptParameters =\n | RsaDecryptParameters\n | AesGcmDecryptParameters\n | AesCbcDecryptParameters;\n\n/**\n * The various key types a {@link CryptographyClient} can hold.\n * The key may be an identifier (URL) to a KeyVault key, the actual KeyVault key,\n * or a local-only JsonWebKey.\n *\n * If an identifier is used, it will be exchanged for a {@link KeyVaultKey} during the first operation call.\n */\nexport type CryptographyClientKey =\n | {\n kind: \"identifier\";\n value: string;\n }\n | {\n kind: \"KeyVaultKey\";\n value: KeyVaultKey;\n }\n | {\n kind: \"JsonWebKey\";\n value: JsonWebKey;\n };\n"]}