@enbox/agent 0.0.1

package/dist/esm/prototyping/crypto/jose/jwe-flattened.js

@@ -0,0 +1,294 @@
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+import { Convert } from '@enbox/common';
+import { LocalKeyManager, CryptoUtils } from '@enbox/crypto';
+import { isCipher } from '../utils.js';
+import { AgentCryptoApi } from '../../../crypto-api.js';
+import { JweKeyManagement, isValidJweHeader } from './jwe.js';
+import { hasDuplicateProperties } from '../../common/object.js';
+import { CryptoError, CryptoErrorCode } from '../crypto-error.js';
+/**
+ * A helper utility function used internally to decode a JWE header parameter from a Base64 URL
+ * encoded string to a Uint8Array. It's designed to process individual JWE header parameter values,
+ * ensuring they are correctly formatted and decoded.
+ *
+ * @param param - The name of the JWE header parameter being decoded; used for error messaging.
+ * @param value - The Base64 URL encoded string value of the header parameter to decode.
+ * @returns The decoded parameter as a Uint8Array, or undefined if the input value is undefined.
+ * @throws {@link CryptoError} if the value is not a properly encoded Base64 URL string or if it's
+ *         not a string.
+ */
+function decodeHeaderParam(param, value) {
+    // If the parameter value is not present, return undefined.
+    if (value === undefined)
+        return undefined;
+    try {
+        if (typeof value !== 'string')
+            throw new Error();
+        return Convert.base64Url(value).toUint8Array();
+    }
+    catch (_a) {
+        throw new CryptoError(CryptoErrorCode.InvalidJwe, `Failed to decode the JWE Header parameter '${param}' from Base64 URL format to ` +
+            'Uint8Array. Ensure the value is properly encoded in Base64 URL format without padding.');
+    }
+}
+/**
+ * The `FlattenedJwe` class handles the encryption and decryption of JSON Web Encryption (JWE)
+ * objects in the flattened serialization format. This format is a compact, URL-safe means of
+ * representing encrypted content, typically used when dealing with a single recipient or when
+ * bandwidth efficiency is important.
+ *
+ * This class provides methods to encrypt plaintext to a flattened JWE and decrypt a flattened JWE
+ * back to plaintext, utilizing a variety of supported cryptographic algorithms as specified in the
+ * JWE header parameters.
+ *
+ * @example
+ * ```ts
+ *  // Example usage of encrypt method
+ * const plaintext = new TextEncoder().encode("Secret Message");
+ * const key = { kty: "oct", k: "your-secret-key" }; // Example symmetric key
+ * const protectedHeader = { alg: "dir", enc: "A256GCM" };
+ * const encryptedJwe = await FlattenedJwe.encrypt({
+ *   plaintext,
+ *   protectedHeader,
+ *   key,
+ * });
+ * ```
+ *
+ * @example
+ * // Decryption example
+ * const { plaintext, protectedHeader } = await FlattenedJwe.decrypt({
+ *   jwe: yourFlattenedJweObject,
+ *   key: yourDecryptionKey,
+ *   crypto: new YourCryptoApi(),
+ * });
+ */
+export class FlattenedJwe {
+    constructor(params) {
+        /** Base64URL encoded ciphertext. */
+        this.ciphertext = '';
+        Object.assign(this, params);
+    }
+    static decrypt({ jwe, key, keyManager = new LocalKeyManager(), crypto = new AgentCryptoApi(), options = {} }) {
+        var _a, _b;
+        return __awaiter(this, void 0, void 0, function* () {
+            // Verify that the provided Crypto API supports the decrypt operation before proceeding.
+            if (!isCipher(crypto)) {
+                throw new CryptoError(CryptoErrorCode.OperationNotSupported, 'Crypto API does not support the "encrypt" operation.');
+            }
+            // Verify that the provided Key Manager supports the decrypt operation before proceeding.
+            if (!isCipher(keyManager)) {
+                throw new CryptoError(CryptoErrorCode.OperationNotSupported, 'Key Manager does not support the "decrypt" operation.');
+            }
+            // Verify that at least one of the JOSE header objects is present.
+            if (!jwe.protected && !jwe.header && !jwe.unprotected) {
+                throw new CryptoError(CryptoErrorCode.InvalidJwe, 'JWE is missing the required JOSE header parameters. ' +
+                    'Please provide at least one of the following: "protected", "header", or "unprotected"');
+            }
+            // Verify that the JWE Ciphertext is present.
+            if (typeof jwe.ciphertext !== 'string') {
+                throw new CryptoError(CryptoErrorCode.InvalidJwe, 'JWE Ciphertext is missing or not a string.');
+            }
+            // Parse the JWE Protected Header, if present.
+            let parsedProtectedHeader;
+            if (jwe.protected) {
+                try {
+                    parsedProtectedHeader = Convert.base64Url(jwe.protected).toObject();
+                }
+                catch (_c) {
+                    throw new Error('JWE Protected Header is invalid');
+                }
+            }
+            // Per {@link https://www.rfc-editor.org/rfc/rfc7516#section-5.2 | RFC7516 Section 5.2}
+            // the resulting JOSE Header MUST NOT contain duplicate Header Parameter names. In other words,
+            // the same Header Parameter name MUST NOT occur in the `header`, `protected`, and
+            // `unprotected` JSON object values that together comprise the JOSE Header.
+            if (hasDuplicateProperties(parsedProtectedHeader, jwe.header, jwe.unprotected)) {
+                throw new Error('Duplicate properties detected. Please ensure that each parameter is defined only once ' +
+                    'across the JWE "header", "protected", and "unprotected" objects.');
+            }
+            // The JOSE Header is the union of the members of the JWE Protected Header (`protected`), the
+            // JWE Shared Unprotected Header (`unprotected`), and the corresponding JWE Per-Recipient
+            // Unprotected Header (`header`).
+            const joseHeader = Object.assign(Object.assign(Object.assign({}, parsedProtectedHeader), jwe.header), jwe.unprotected);
+            if (!isValidJweHeader(joseHeader)) {
+                throw new Error('JWE Header is missing required "alg" (Algorithm) and/or "enc" (Encryption) Header Parameters');
+            }
+            if (Array.isArray(options.allowedAlgValues)
+                && !options.allowedAlgValues.includes(joseHeader.alg)) {
+                throw new Error(`"alg" (Algorithm) Header Parameter value not allowed: ${joseHeader.alg}`);
+            }
+            if (Array.isArray(options.allowedEncValues)
+                && !options.allowedEncValues.includes(joseHeader.enc)) {
+                throw new Error(`"enc" (Encryption Algorithm) Header Parameter value not allowed: ${joseHeader.enc}`);
+            }
+            let cek;
+            try {
+                const encryptedKey = jwe.encrypted_key
+                    ? Convert.base64Url(jwe.encrypted_key).toUint8Array()
+                    : undefined;
+                cek = yield JweKeyManagement.decrypt({ key, encryptedKey, joseHeader, keyManager, crypto });
+            }
+            catch (error) {
+                // If the error is a CryptoError with code "InvalidJwe" or "AlgorithmNotSupported", re-throw.
+                if (error instanceof CryptoError
+                    && (error.code === CryptoErrorCode.InvalidJwe || error.code === CryptoErrorCode.AlgorithmNotSupported)) {
+                    throw error;
+                }
+                // Otherwise, generate a random CEK and proceed to the next step.
+                // As noted in
+                // {@link https://datatracker.ietf.org/doc/html/rfc7516#section-11.5 | RFC 7516 Section 11.5},
+                // to mitigate the attacks described in
+                // {@link https://datatracker.ietf.org/doc/html/rfc3218 | RFC 3218}, the recipient MUST NOT
+                // distinguish between format, padding, and length errors of encrypted keys. It is strongly
+                // recommended, in the event of receiving an improperly formatted key, that the recipient
+                // substitute a randomly generated CEK and proceed to the next step, to mitigate timing
+                // attacks.
+                cek = typeof key === 'string'
+                    ? yield keyManager.generateKey({ algorithm: joseHeader.enc })
+                    : yield crypto.generateKey({ algorithm: joseHeader.enc });
+            }
+            // If present, decode the JWE Initialization Vector (IV) and Authentication Tag.
+            const iv = decodeHeaderParam('iv', jwe.iv);
+            const tag = decodeHeaderParam('tag', jwe.tag);
+            // Decode the JWE Ciphertext to a byte array, and if present, append the Authentication Tag.
+            const ciphertext = tag !== undefined
+                ? new Uint8Array([
+                    ...Convert.base64Url(jwe.ciphertext).toUint8Array(),
+                    ...(tag !== null && tag !== void 0 ? tag : [])
+                ])
+                : Convert.base64Url(jwe.ciphertext).toUint8Array();
+            // If the JWE Additional Authenticated Data (AAD) is present, the Additional Authenticated Data
+            // input to the Content Encryption Algorithm is
+            // ASCII(Encoded Protected Header || '.' || BASE64URL(JWE AAD)). If the JWE AAD is absent, the
+            // Additional Authenticated Data is ASCII(BASE64URL(UTF8(JWE Protected Header))).
+            const additionalData = jwe.aad !== undefined
+                ? new Uint8Array([
+                    ...Convert.string((_a = jwe.protected) !== null && _a !== void 0 ? _a : '').toUint8Array(),
+                    ...Convert.string('.').toUint8Array(),
+                    ...Convert.string(jwe.aad).toUint8Array()
+                ])
+                : Convert.string((_b = jwe.protected) !== null && _b !== void 0 ? _b : '').toUint8Array();
+            // Decrypt the JWE using the Content Encryption Key (CEK) with:
+            // - Key Manager: If the CEK is a Key Identifier.
+            // - Crypto API: If the CEK is a JWK.
+            const plaintext = typeof cek === 'string'
+                ? yield keyManager.decrypt({ keyUri: cek, data: ciphertext, iv, additionalData })
+                : yield crypto.decrypt({ key: cek, data: ciphertext, iv, additionalData });
+            return {
+                plaintext,
+                protectedHeader: parsedProtectedHeader,
+                additionalAuthenticatedData: decodeHeaderParam('aad', jwe.aad),
+                sharedUnprotectedHeader: jwe.unprotected,
+                unprotectedHeader: jwe.header
+            };
+        });
+    }
+    static encrypt({ key, plaintext, additionalAuthenticatedData, protectedHeader, sharedUnprotectedHeader, unprotectedHeader, keyManager = new LocalKeyManager(), crypto = new AgentCryptoApi(), }) {
+        return __awaiter(this, void 0, void 0, function* () {
+            // Verify that the provided Crypto API supports the decrypt operation before proceeding.
+            if (!isCipher(crypto)) {
+                throw new CryptoError(CryptoErrorCode.OperationNotSupported, 'Crypto API does not support the "encrypt" operation.');
+            }
+            // Verify that the provided Key Manager supports the decrypt operation before proceeding.
+            if (!isCipher(keyManager)) {
+                throw new CryptoError(CryptoErrorCode.OperationNotSupported, 'Key Manager does not support the "decrypt" operation.');
+            }
+            // Verify that at least one of the JOSE header objects is present.
+            if (!protectedHeader && !sharedUnprotectedHeader && !unprotectedHeader) {
+                throw new CryptoError(CryptoErrorCode.InvalidJwe, 'JWE is missing the required JOSE header parameters. ' +
+                    'Please provide at least one of the following: "protectedHeader", "sharedUnprotectedHeader", or "unprotectedHeader"');
+            }
+            // Verify that the Plaintext is present.
+            if (!(plaintext instanceof Uint8Array)) {
+                throw new CryptoError(CryptoErrorCode.InvalidJwe, 'Plaintext is missing or not a byte array.');
+            }
+            // Per {@link https://www.rfc-editor.org/rfc/rfc7516#section-5.2 | RFC7516 Section 5.2}
+            // the resulting JOSE Header MUST NOT contain duplicate Header Parameter names. In other words,
+            // the same Header Parameter name MUST NOT occur in the `header`, `protected`, and
+            // `unprotected` JSON object values that together comprise the JOSE Header.
+            if (hasDuplicateProperties(protectedHeader, sharedUnprotectedHeader, unprotectedHeader)) {
+                throw new Error('Duplicate properties detected. Please ensure that each parameter is defined only once ' +
+                    'across the JWE "protectedHeader", "sharedUnprotectedHeader", and "unprotectedHeader" objects.');
+            }
+            // The JOSE Header is the union of the members of the JWE Protected Header (`protectedHeader`),
+            // the JWE Shared Unprotected Header (`sharedUnprotectedHeader`), and the corresponding JWE
+            // Per-Recipient Unprotected Header (`unprotectedHeader`).
+            const joseHeader = Object.assign(Object.assign(Object.assign({}, protectedHeader), sharedUnprotectedHeader), unprotectedHeader);
+            if (!isValidJweHeader(joseHeader)) {
+                throw new Error('JWE Header is missing required "alg" (Algorithm) and/or "enc" (Encryption) Header Parameters');
+            }
+            const { cek, encryptedKey } = yield JweKeyManagement.encrypt({ key, joseHeader, keyManager, crypto });
+            // If required for the Content Encryption Algorithm, generate a random JWE Initialization
+            // Vector (IV) of the correct size; otherwise, let the JWE Initialization Vector be the empty
+            // octet sequence.
+            let iv;
+            switch (joseHeader.enc) {
+                case 'A128GCM':
+                case 'A192GCM':
+                case 'A256GCM':
+                    iv = CryptoUtils.randomBytes(12);
+                    break;
+                default:
+                    iv = new Uint8Array(0);
+            }
+            // Compute the Encoded Protected Header value BASE64URL(UTF8(JWE Protected Header)).  If the JWE
+            // Protected Header is not present, let this value be the empty string.
+            const encodedProtectedHeader = protectedHeader
+                ? Convert.object(protectedHeader).toBase64Url()
+                : '';
+            // If the JWE Additional Authenticated Data (AAD) is present, the Additional Authenticated Data
+            // input to the Content Encryption Algorithm is
+            // ASCII(Encoded Protected Header || '.' || BASE64URL(JWE AAD)). If the JWE AAD is absent, the
+            // Additional Authenticated Data is ASCII(BASE64URL(UTF8(JWE Protected Header))).
+            let additionalData;
+            let encodedAad;
+            if (additionalAuthenticatedData) {
+                encodedAad = Convert.uint8Array(additionalAuthenticatedData).toBase64Url();
+                additionalData = Convert.string(encodedProtectedHeader + '.' + encodedAad).toUint8Array();
+            }
+            else {
+                additionalData = Convert.string(encodedProtectedHeader).toUint8Array();
+            }
+            // Encrypt the plaintext using the CEK, the JWE Initialization Vector, and the Additional
+            // Authenticated Data value using the specified content encryption algorithm to create the JWE
+            // Ciphertext value and the JWE Authentication Tag.
+            const ciphertextWithTag = typeof cek === 'string'
+                ? yield keyManager.encrypt({ keyUri: cek, data: plaintext, iv, additionalData })
+                : yield crypto.encrypt({ key: cek, data: plaintext, iv, additionalData });
+            const ciphertext = ciphertextWithTag.slice(0, -16);
+            const authenticationTag = ciphertextWithTag.slice(-16);
+            // Create the Flattened JWE JSON Serialization output, which is based upon the General syntax,
+            // but flattens it, optimizing it for the single-recipient case. It flattens it by removing the
+            // "recipients" member and instead placing those members defined for use in the "recipients"
+            // array (the "header" and "encrypted_key" members) in the top-level JSON object (at the same
+            // level as the "ciphertext" member).
+            const jwe = new FlattenedJwe({
+                ciphertext: Convert.uint8Array(ciphertext).toBase64Url(),
+            });
+            if (encryptedKey)
+                jwe.encrypted_key = Convert.uint8Array(encryptedKey).toBase64Url();
+            if (protectedHeader)
+                jwe.protected = encodedProtectedHeader;
+            if (sharedUnprotectedHeader)
+                jwe.unprotected = sharedUnprotectedHeader;
+            if (unprotectedHeader)
+                jwe.header = unprotectedHeader;
+            if (iv)
+                jwe.iv = Convert.uint8Array(iv).toBase64Url();
+            if (encodedAad)
+                jwe.aad = encodedAad;
+            if (authenticationTag)
+                jwe.tag = Convert.uint8Array(authenticationTag).toBase64Url();
+            return jwe;
+        });
+    }
+}
+//# sourceMappingURL=jwe-flattened.js.map

package/dist/esm/prototyping/crypto/jose/jwe-flattened.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"jwe-flattened.js","sourceRoot":"","sources":["../../../../../src/prototyping/crypto/jose/jwe-flattened.ts"],"names":[],"mappings":";;;;;;;;;AAEA,OAAO,EAAE,OAAO,EAAE,MAAM,eAAe,CAAC;AACxC,OAAO,EAAE,eAAe,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC;AAM7D,OAAO,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AACvC,OAAO,EAAE,cAAc,EAAE,MAAM,wBAAwB,CAAC;AACxD,OAAO,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,MAAM,UAAU,CAAC;AAC9D,OAAO,EAAE,sBAAsB,EAAE,MAAM,wBAAwB,CAAC;AAChE,OAAO,EAAE,WAAW,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;AAqGlE;;;;;;;;;;GAUG;AACH,SAAS,iBAAiB,CAAC,KAAa,EAAE,KAAc;IACtD,2DAA2D;IAC3D,IAAI,KAAK,KAAK,SAAS;QAAE,OAAO,SAAS,CAAC;IAE1C,IAAI;QACF,IAAI,OAAO,KAAK,KAAK,QAAQ;YAAE,MAAM,IAAI,KAAK,EAAE,CAAC;QACjD,OAAO,OAAO,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,YAAY,EAAE,CAAC;KAChD;IAAC,WAAM;QACN,MAAM,IAAI,WAAW,CAAC,eAAe,CAAC,UAAU,EAC9C,8CAA8C,KAAK,8BAA8B;YACjF,wFAAwF,CACzF,CAAC;KACH;AACH,CAAC;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA8BG;AACH,MAAM,OAAO,YAAY;IAyBvB,YAAY,MAA0B;QArBtC,oCAAoC;QAC7B,eAAU,GAAW,EAAE,CAAC;QAqB7B,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;IAC9B,CAAC;IAEM,MAAM,CAAO,OAAO,CAGzB,EACA,GAAG,EACH,GAAG,EACH,UAAU,GAAG,IAAI,eAAe,EAAE,EAClC,MAAM,GAAG,IAAI,cAAc,EAAE,EAC7B,OAAO,GAAG,EAAE,EACoC;;;YAChD,wFAAwF;YACxF,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE;gBACrB,MAAM,IAAI,WAAW,CAAC,eAAe,CAAC,qBAAqB,EAAE,sDAAsD,CAAC,CAAC;aACtH;YACD,yFAAyF;YACzF,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE;gBACzB,MAAM,IAAI,WAAW,CAAC,eAAe,CAAC,qBAAqB,EAAE,uDAAuD,CAAC,CAAC;aACvH;YAED,kEAAkE;YAClE,IAAI,CAAC,GAAG,CAAC,SAAS,IAAI,CAAC,GAAG,CAAC,MAAM,IAAI,CAAC,GAAG,CAAC,WAAW,EAAE;gBACrD,MAAM,IAAI,WAAW,CAAC,eAAe,CAAC,UAAU,EAC9C,sDAAsD;oBACtD,uFAAuF,CACxF,CAAC;aACH;YAED,6CAA6C;YAC7C,IAAI,OAAO,GAAG,CAAC,UAAU,KAAK,QAAQ,EAAE;gBACtC,MAAM,IAAI,WAAW,CAAC,eAAe,CAAC,UAAU,EAAE,4CAA4C,CAAC,CAAC;aACjG;YAED,8CAA8C;YAC9C,IAAI,qBAA2D,CAAC;YAChE,IAAI,GAAG,CAAC,SAAS,EAAE;gBACjB,IAAI;oBACF,qBAAqB,GAAG,OAAO,CAAC,SAAS,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,QAAQ,EAAE,CAAC;iBACrE;gBAAC,WAAM;oBACN,MAAM,IAAI,KAAK,CAAC,iCAAiC,CAAC,CAAC;iBACpD;aACF;YAED,uFAAuF;YACvF,+FAA+F;YAC/F,kFAAkF;YAClF,2EAA2E;YAC3E,IAAI,sBAAsB,CAAC,qBAAqB,EAAE,GAAG,CAAC,MAAM,EAAE,GAAG,CAAC,WAAW,CAAC,EAAC;gBAC7E,MAAM,IAAI,KAAK,CACb,wFAAwF;oBACxF,kEAAkE,CACnE,CAAC;aACH;YAED,6FAA6F;YAC7F,yFAAyF;YACzF,iCAAiC;YACjC,MAAM,UAAU,iDAAQ,qBAAqB,GAAK,GAAG,CAAC,MAAM,GAAK,GAAG,CAAC,WAAW,CAAE,CAAC;YAEnF,IAAI,CAAC,gBAAgB,CAAC,UAAU,CAAC,EAAE;gBACjC,MAAM,IAAI,KAAK,CAAC,8FAA8F,CAAC,CAAC;aACjH;YAED,IAAI,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,gBAAgB,CAAC;mBACpC,CAAC,OAAO,CAAC,gBAAgB,CAAC,QAAQ,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE;gBACzD,MAAM,IAAI,KAAK,CAAC,yDAAyD,UAAU,CAAC,GAAG,EAAE,CAAC,CAAC;aAC5F;YAED,IAAI,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,gBAAgB,CAAC;mBACpC,CAAC,OAAO,CAAC,gBAAgB,CAAC,QAAQ,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE;gBACzD,MAAM,IAAI,KAAK,CAAC,oEAAoE,UAAU,CAAC,GAAG,EAAE,CAAC,CAAC;aACvG;YAED,IAAI,GAAwB,CAAC;YAC7B,IAAI;gBACF,MAAM,YAAY,GAAG,GAAG,CAAC,aAAa;oBACpC,CAAC,CAAC,OAAO,CAAC,SAAS,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC,YAAY,EAAE;oBACrD,CAAC,CAAC,SAAS,CAAC;gBAEd,GAAG,GAAG,MAAM,gBAAgB,CAAC,OAAO,CAAC,EAAE,GAAG,EAAE,YAAY,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,EAAE,CAAC,CAAC;aAE7F;YAAC,OAAO,KAAU,EAAE;gBACnB,6FAA6F;gBAC7F,IAAI,KAAK,YAAY,WAAW;uBACzB,CAAC,KAAK,CAAC,IAAI,KAAK,eAAe,CAAC,UAAU,IAAI,KAAK,CAAC,IAAI,KAAK,eAAe,CAAC,qBAAqB,CAAC,EAAE;oBAC1G,MAAM,KAAK,CAAC;iBACb;gBAED,iEAAiE;gBACjE,cAAc;gBACd,8FAA8F;gBAC9F,uCAAuC;gBACvC,2FAA2F;gBAC3F,2FAA2F;gBAC3F,yFAAyF;gBACzF,uFAAuF;gBACvF,WAAW;gBACX,GAAG,GAAG,OAAO,GAAG,KAAK,QAAQ;oBAC3B,CAAC,CAAC,MAAM,UAAU,CAAC,WAAW,CAAC,EAAE,SAAS,EAAE,UAAU,CAAC,GAAG,EAAE,CAAC;oBAC7D,CAAC,CAAC,MAAM,MAAM,CAAC,WAAW,CAAC,EAAE,SAAS,EAAE,UAAU,CAAC,GAAG,EAAE,CAAC,CAAC;aAC7D;YAED,gFAAgF;YAChF,MAAM,EAAE,GAAG,iBAAiB,CAAC,IAAI,EAAE,GAAG,CAAC,EAAE,CAAC,CAAC;YAC3C,MAAM,GAAG,GAAG,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,GAAG,CAAC,CAAC;YAE9C,4FAA4F;YAC5F,MAAM,UAAU,GAAG,GAAG,KAAK,SAAS;gBAClC,CAAC,CAAC,IAAI,UAAU,CAAC;oBACf,GAAG,OAAO,CAAC,SAAS,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,YAAY,EAAE;oBACnD,GAAG,CAAC,GAAG,aAAH,GAAG,cAAH,GAAG,GAAI,EAAE,CAAC;iBACf,CAAC;gBACF,CAAC,CAAC,OAAO,CAAC,SAAS,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,YAAY,EAAE,CAAC;YAErD,+FAA+F;YAC/F,+CAA+C;YAC/C,8FAA8F;YAC9F,iFAAiF;YACjF,MAAM,cAAc,GAAG,GAAG,CAAC,GAAG,KAAK,SAAS;gBAC1C,CAAC,CAAC,IAAI,UAAU,CAAC;oBACf,GAAG,OAAO,CAAC,MAAM,CAAC,MAAA,GAAG,CAAC,SAAS,mCAAI,EAAE,CAAC,CAAC,YAAY,EAAE;oBACrD,GAAG,OAAO,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,YAAY,EAAE;oBACrC,GAAG,OAAO,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,YAAY,EAAE;iBAC1C,CAAC;gBACF,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,MAAA,GAAG,CAAC,SAAS,mCAAI,EAAE,CAAC,CAAC,YAAY,EAAE,CAAC;YAEvD,+DAA+D;YAC/D,iDAAiD;YACjD,qCAAqC;YACrC,MAAM,SAAS,GAAG,OAAO,GAAG,KAAK,QAAQ;gBACvC,CAAC,CAAC,MAAM,UAAU,CAAC,OAAO,CAAC,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,UAAU,EAAE,EAAE,EAAE,cAAc,EAAE,CAAC;gBACjF,CAAC,CAAC,MAAM,MAAM,CAAC,OAAO,CAAC,EAAE,GAAG,EAAE,GAAG,EAAE,IAAI,EAAE,UAAU,EAAE,EAAE,EAAE,cAAc,EAAE,CAAC,CAAC;YAE7E,OAAO;gBACL,SAAS;gBACT,eAAe,EAAe,qBAAqB;gBACnD,2BAA2B,EAAG,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,GAAG,CAAC;gBAC/D,uBAAuB,EAAO,GAAG,CAAC,WAAW;gBAC7C,iBAAiB,EAAa,GAAG,CAAC,MAAM;aACzC,CAAC;;KACH;IAEM,MAAM,CAAO,OAAO,CAGzB,EACA,GAAG,EACH,SAAS,EACT,2BAA2B,EAC3B,eAAe,EACf,uBAAuB,EACvB,iBAAiB,EACjB,UAAU,GAAG,IAAI,eAAe,EAAE,EAClC,MAAM,GAAG,IAAI,cAAc,EAAE,GACmB;;YAChD,wFAAwF;YACxF,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE;gBACrB,MAAM,IAAI,WAAW,CAAC,eAAe,CAAC,qBAAqB,EAAE,sDAAsD,CAAC,CAAC;aACtH;YACD,yFAAyF;YACzF,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE;gBACzB,MAAM,IAAI,WAAW,CAAC,eAAe,CAAC,qBAAqB,EAAE,uDAAuD,CAAC,CAAC;aACvH;YAED,kEAAkE;YAClE,IAAI,CAAC,eAAe,IAAI,CAAC,uBAAuB,IAAI,CAAC,iBAAiB,EAAE;gBACtE,MAAM,IAAI,WAAW,CAAC,eAAe,CAAC,UAAU,EAC9C,sDAAsD;oBAClD,oHAAoH,CACzH,CAAC;aACH;YAED,wCAAwC;YACxC,IAAI,CAAC,CAAC,SAAS,YAAY,UAAU,CAAC,EAAE;gBACtC,MAAM,IAAI,WAAW,CAAC,eAAe,CAAC,UAAU,EAAE,2CAA2C,CAAC,CAAC;aAChG;YAED,uFAAuF;YACvF,+FAA+F;YAC/F,kFAAkF;YAClF,2EAA2E;YAC3E,IAAI,sBAAsB,CAAC,eAAe,EAAE,uBAAuB,EAAE,iBAAiB,CAAC,EAAC;gBACtF,MAAM,IAAI,KAAK,CACb,wFAAwF;oBACxF,+FAA+F,CAChG,CAAC;aACH;YAED,+FAA+F;YAC/F,2FAA2F;YAC3F,0DAA0D;YAC1D,MAAM,UAAU,iDAAQ,eAAe,GAAK,uBAAuB,GAAK,iBAAiB,CAAE,CAAC;YAE5F,IAAI,CAAC,gBAAgB,CAAC,UAAU,CAAC,EAAE;gBACjC,MAAM,IAAI,KAAK,CAAC,8FAA8F,CAAC,CAAC;aACjH;YAED,MAAM,EAAE,GAAG,EAAE,YAAY,EAAE,GAAG,MAAM,gBAAgB,CAAC,OAAO,CAAC,EAAE,GAAG,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,EAAE,CAAC,CAAC;YAEtG,yFAAyF;YACzF,6FAA6F;YAC7F,kBAAkB;YAClB,IAAI,EAAc,CAAC;YACnB,QAAQ,UAAU,CAAC,GAAG,EAAE;gBACtB,KAAK,SAAS,CAAC;gBACf,KAAK,SAAS,CAAC;gBACf,KAAK,SAAS;oBACZ,EAAE,GAAG,WAAW,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC;oBACjC,MAAM;gBACR;oBACE,EAAE,GAAG,IAAI,UAAU,CAAC,CAAC,CAAC,CAAC;aAC1B;YAED,gGAAgG;YAChG,uEAAuE;YACvE,MAAM,sBAAsB,GAAG,eAAe;gBAC5C,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC,WAAW,EAAE;gBAC/C,CAAC,CAAC,EAAE,CAAC;YAEP,+FAA+F;YAC/F,+CAA+C;YAC/C,8FAA8F;YAC9F,iFAAiF;YACjF,IAAI,cAA0B,CAAC;YAC/B,IAAI,UAA8B,CAAC;YACnC,IAAI,2BAA2B,EAAE;gBAC/B,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC,2BAA2B,CAAC,CAAC,WAAW,EAAE,CAAC;gBAC3E,cAAc,GAAG,OAAO,CAAC,MAAM,CAAC,sBAAsB,GAAG,GAAG,GAAG,UAAU,CAAC,CAAC,YAAY,EAAE,CAAC;aAC3F;iBAAM;gBACL,cAAc,GAAG,OAAO,CAAC,MAAM,CAAC,sBAAsB,CAAC,CAAC,YAAY,EAAE,CAAC;aACxE;YAED,yFAAyF;YACzF,8FAA8F;YAC9F,mDAAmD;YACnD,MAAM,iBAAiB,GAAG,OAAO,GAAG,KAAK,QAAQ;gBAC/C,CAAC,CAAC,MAAM,UAAU,CAAC,OAAO,CAAC,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,EAAE,cAAc,EAAE,CAAC;gBAChF,CAAC,CAAC,MAAM,MAAM,CAAC,OAAO,CAAC,EAAE,GAAG,EAAE,GAAG,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,EAAE,cAAc,EAAE,CAAC,CAAC;YAC5E,MAAM,UAAU,GAAG,iBAAiB,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC;YACnD,MAAM,iBAAiB,GAAG,iBAAiB,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC;YAEvD,8FAA8F;YAC9F,+FAA+F;YAC/F,4FAA4F;YAC5F,6FAA6F;YAC7F,qCAAqC;YACrC,MAAM,GAAG,GAAG,IAAI,YAAY,CAAC;gBAC3B,UAAU,EAAE,OAAO,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC,WAAW,EAAE;aACzD,CAAC,CAAC;YACH,IAAI,YAAY;gBAAE,GAAG,CAAC,aAAa,GAAG,OAAO,CAAC,UAAU,CAAC,YAAY,CAAC,CAAC,WAAW,EAAE,CAAC;YACrF,IAAI,eAAe;gBAAE,GAAG,CAAC,SAAS,GAAG,sBAAsB,CAAC;YAC5D,IAAI,uBAAuB;gBAAE,GAAG,CAAC,WAAW,GAAG,uBAAuB,CAAC;YACvE,IAAI,iBAAiB;gBAAE,GAAG,CAAC,MAAM,GAAG,iBAAiB,CAAC;YACtD,IAAI,EAAE;gBAAE,GAAG,CAAC,EAAE,GAAG,OAAO,CAAC,UAAU,CAAC,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC;YACtD,IAAI,UAAU;gBAAE,GAAG,CAAC,GAAG,GAAG,UAAU,CAAC;YACrC,IAAI,iBAAiB;gBAAE,GAAG,CAAC,GAAG,GAAG,OAAO,CAAC,UAAU,CAAC,iBAAiB,CAAC,CAAC,WAAW,EAAE,CAAC;YAErF,OAAO,GAAG,CAAC;QACb,CAAC;KAAA;CACF"}

package/dist/esm/prototyping/crypto/jose/jwe.js

@@ -0,0 +1,308 @@
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+import { Convert } from '@enbox/common';
+import { CryptoError, CryptoErrorCode } from '../crypto-error.js';
+/**
+ * Checks if the provided object is a valid JWE (JSON Web Encryption) header.
+ *
+ * This function evaluates whether the given object adheres to the structure expected for
+ * a JWE header, specifically looking for the presence and proper format of the "alg" (algorithm)
+ * and "enc" (encryption algorithm) properties, which are essential for defining the JWE's
+ * cryptographic operations.
+ *
+ * @example
+ * ```ts
+ * const header = {
+ *   alg: 'dir',
+ *   enc: 'A256GCM'
+ * };
+ *
+ * if (isValidJweHeader(header)) {
+ *   console.log('The object is a valid JWE header.');
+ * } else {
+ *   console.log('The object is not a valid JWE header.');
+ * }
+ * ```
+ *
+ * @param obj - The object to be validated as a JWE header.
+ * @returns Returns `true` if the object is a valid JWE header, otherwise `false`.
+ */
+export function isValidJweHeader(obj) {
+    return typeof obj === 'object' && obj !== null
+        && 'alg' in obj && obj.alg !== undefined
+        && 'enc' in obj && obj.enc !== undefined;
+}
+/**
+ * The `JweKeyManagement` class implements the key management aspects of JSON Web Encryption (JWE)
+ * as specified in {@link https://datatracker.ietf.org/doc/html/rfc7516 | RFC 7516}.
+ *
+ * It supports algorithms for encrypting and decrypting keys, thereby enabling the secure
+ * transmission of information where the payload is encrypted, and the encryption key is also
+ * encrypted or agreed upon using key agreement techniques.
+ *
+ * The choice of algorithm is determined by the "alg" parameter in the JWE
+ * header, and the class is designed to handle the intricacies associated with each algorithm,
+ * ensuring the secure handling of the encryption keys.
+ *
+ * Supported algorithms include:
+ * - `"dir"`: Direct Encryption Mode
+ * - `"PBES2-HS256+A128KW"`, `"PBES2-HS384+A192KW"`, `"PBES2-HS512+A256KW"`: Password-Based
+ *   Encryption Mode with Key Wrapping (PBES2) using HMAC-SHA and AES Key Wrap algorithms for key
+ *   wrapping and encryption.
+ *
+ * @example
+ * // To encrypt a key:
+ * const keyEncryptionKey = Convert.string(passphrase).toUint8Array()
+ * const { cek, encryptedKey: encryptedCek } = await JweKeyManagement.encrypt({
+ *   key: keyEncryptionKey,
+ *   joseHeader: {
+ *     alg: 'PBES2-HS512+A256KW',
+ *     enc: 'A256GCM',
+ *     p2c : 210_000,
+       p2s : Convert.uint8Array(saltInput).toBase64Url()
+ *   },
+ *   crypto: new AgentCryptoApi(),
+ * });
+ *
+ * // To decrypt a key:
+ * const cek = await JweKeyManagement.decrypt({
+ *   key: keyEncryptionKey,
+ *   encryptedKey: encryptedCek,
+ *   joseHeader: {
+ *     alg: 'PBES2-HS512+A256KW',
+ *     enc: 'A256GCM',
+ *     p2c : 210_000,
+       p2s : Convert.uint8Array(saltInput).toBase64Url()
+ *   },
+ *   crypto: new AgentCryptoApi(),
+ * });
+ */
+export class JweKeyManagement {
+    /**
+     * Decrypts the encrypted key (JWE Encrypted Key) using the specified key encryption algorithm
+     * defined in the JWE Header's "alg" parameter.
+     *
+     * This method supports multiple key management algorithms, including Direct Encryption (dir) and
+     * PBES2 schemes with key wrapping.
+     *
+     * The method takes a key, which can be a Key Identifier, JWK, or raw byte array, and the
+     * encrypted key along with the JWE header. It returns the decrypted Content Encryption Key (CEK)
+     * which can then be used to decrypt the JWE ciphertext.
+     *
+     * @example
+     * ```ts
+     * // Decrypting the CEK with the PBES2-HS512+A256KW algorithm
+     * const cek = await JweKeyManagement.decrypt({
+     *   key: Convert.string(passphrase).toUint8Array(),
+     *   encryptedKey: encryptedCek,
+     *   joseHeader: {
+     *     alg: 'PBES2-HS512+A256KW',
+     *     enc: 'A256GCM',
+     *     p2c: 210_000,
+     *     p2s: Convert.uint8Array(saltInput).toBase64Url(),
+     *   },
+     *   crypto: new AgentCryptoApi()
+     * });
+     * ```
+     *
+     * @param params - The decryption parameters.
+     * @throws Throws an error if the key management algorithm is not supported or if required
+     *         parameters are missing or invalid.
+     */
+    static decrypt({ key, encryptedKey, joseHeader, crypto }) {
+        return __awaiter(this, void 0, void 0, function* () {
+            // Determine the Key Management Mode employed by the algorithm specified by the "alg"
+            // (algorithm) Header Parameter.
+            switch (joseHeader.alg) {
+                case 'dir': {
+                    // In Direct Encryption mode, a JWE "Encrypted Key" is not provided. Instead, the
+                    // provided key management `key` is directly used as the Content Encryption Key (CEK) to
+                    // decrypt the JWE payload.
+                    // Verify that the JWE Encrypted Key value is empty.
+                    if (encryptedKey !== undefined) {
+                        throw new CryptoError(CryptoErrorCode.InvalidJwe, 'JWE "encrypted_key" is not allowed when using "dir" (Direct Encryption Mode).');
+                    }
+                    // Verify the key management `key` is a Key Identifier or JWK.
+                    if (key instanceof Uint8Array) {
+                        throw new CryptoError(CryptoErrorCode.InvalidJwe, 'Key management "key" must be a Key URI or JWK when using "dir" (Direct Encryption Mode).');
+                    }
+                    // return the key management `key` as the CEK.
+                    return key;
+                }
+                case 'PBES2-HS256+A128KW':
+                case 'PBES2-HS384+A192KW':
+                case 'PBES2-HS512+A256KW': {
+                    // In Key Encryption mode (PBES2) with key wrapping (A128KW, A192KW, A256KW), the given
+                    // passphrase, salt (p2s), and iteration count (p2c) are used with the PBKDF2 key derivation
+                    // function to derive the Key Encryption Key (KEK).  The KEK is then used to decrypt the JWE
+                    // Encrypted Key to obtain the Content Encryption Key (CEK).
+                    if (typeof joseHeader.p2c !== 'number') {
+                        throw new CryptoError(CryptoErrorCode.InvalidJwe, 'JOSE Header "p2c" (PBES2 Count) is missing or not a number.');
+                    }
+                    if (typeof joseHeader.p2s !== 'string') {
+                        throw new CryptoError(CryptoErrorCode.InvalidJwe, 'JOSE Header "p2s" (PBES2 salt) is missing or not a string.');
+                    }
+                    // Throw an error if the key management `key` is not a byte array. For PBES2, the key is
+                    // expected to be a low-entropy passphrase as a byte array.
+                    if (!(key instanceof Uint8Array)) {
+                        throw new CryptoError(CryptoErrorCode.InvalidJwe, 'Key management "key" must be a Uint8Array when using "PBES2" (Key Encryption Mode).');
+                    }
+                    // Verify that the JWE Encrypted Key value is present.
+                    if (encryptedKey === undefined) {
+                        throw new CryptoError(CryptoErrorCode.InvalidJwe, 'JWE "encrypted_key" is required when using "PBES2" (Key Encryption Mode).');
+                    }
+                    // Per {@link https://www.rfc-editor.org/rfc/rfc7518.html#section-4.8.1.1 | RFC 7518, Section 4.8.1.1},
+                    // the salt value used with PBES2 should be of the format (UTF8(Alg) || 0x00 || Salt Input),
+                    // where Alg is the "alg" (algorithm) Header Parameter value. This reduces the potential for
+                    // a precomputed dictionary attack (also known as a rainbow table attack).
+                    let salt;
+                    try {
+                        salt = new Uint8Array([
+                            ...Convert.string(joseHeader.alg).toUint8Array(),
+                            0x00,
+                            ...Convert.base64Url(joseHeader.p2s).toUint8Array()
+                        ]);
+                    }
+                    catch (_a) {
+                        throw new CryptoError(CryptoErrorCode.EncodingError, 'Failed to decode the JOSE Header "p2s" (PBES2 salt) value.');
+                    }
+                    // Derive the Key Encryption Key (KEK) from the given passphrase, salt, and iteration count.
+                    const kek = yield crypto.deriveKey({
+                        algorithm: joseHeader.alg,
+                        baseKeyBytes: key,
+                        iterations: joseHeader.p2c,
+                        salt
+                    });
+                    if (!(kek.alg && ['A128KW', 'A192KW', 'A256KW'].includes(kek.alg))) {
+                        throw new CryptoError(CryptoErrorCode.AlgorithmNotSupported, `Unsupported Key Encryption Algorithm (alg) value: ${kek.alg}`);
+                    }
+                    // Decrypt the Content Encryption Key (CEK) with the derived KEK.
+                    return yield crypto.unwrapKey({
+                        decryptionKey: kek,
+                        wrappedKeyBytes: encryptedKey,
+                        wrappedKeyAlgorithm: joseHeader.enc
+                    });
+                }
+                default: {
+                    throw new CryptoError(CryptoErrorCode.AlgorithmNotSupported, `Unsupported "alg" (Algorithm) Header Parameter value: ${joseHeader.alg}`);
+                }
+            }
+        });
+    }
+    /**
+     * Encrypts a Content Encryption Key (CEK) using the key management algorithm specified in the
+     * JWE Header's "alg" parameter.
+     *
+     * This method supports various key management algorithms, including Direct Encryption (dir) and
+     * PBES2 with key wrapping.
+     *
+     * It generates a random CEK for the specified encryption algorithm in the JWE header, which
+     * can then be used to encrypt the actual payload. For algorithms that require an encrypted key,
+     * it returns the CEK along with the encrypted key.
+     *
+     * @example
+     * ```ts
+     * // Encrypting the CEK with the PBES2-HS512+A256KW algorithm
+     * const { cek, encryptedKey } = await JweKeyManagement.encrypt({
+     *   key: Convert.string(passphrase).toUint8Array(),
+     *   joseHeader: {
+     *     alg: 'PBES2-HS512+A256KW',
+     *     enc: 'A256GCM',
+     *     p2c: 210_000,
+     *     p2s: Convert.uint8Array(saltInput).toBase64Url(),
+     *   },
+     *   crypto: crypto: new AgentCryptoApi()
+     * });
+     * ```
+     *
+     * @param params - The encryption parameters.
+     * @returns The encrypted key result containing the CEK and optionally the encrypted CEK
+     *          (JWE Encrypted Key).
+     * @throws Throws an error if the key management algorithm is not supported or if required
+     *         parameters are missing or invalid.
+     */
+    static encrypt({ key, joseHeader, crypto }) {
+        return __awaiter(this, void 0, void 0, function* () {
+            let cek;
+            let encryptedKey;
+            // Determine the Key Management Mode employed by the algorithm specified by the "alg"
+            // (algorithm) Header Parameter.
+            switch (joseHeader.alg) {
+                case 'dir': {
+                    // In Direct Encryption mode (dir), a JWE "Encrypted Key" is not provided. Instead, the
+                    // provided key management `key` is directly used as the Content Encryption Key (CEK) to
+                    // decrypt the JWE payload.
+                    // Verify that the JWE Encrypted Key value is empty.
+                    if (encryptedKey !== undefined) {
+                        throw new CryptoError(CryptoErrorCode.InvalidJwe, 'JWE "encrypted_key" is not allowed when using "dir" (Direct Encryption Mode).');
+                    }
+                    // Verify the key management `key` is a Key Identifier or JWK.
+                    if (key instanceof Uint8Array) {
+                        throw new CryptoError(CryptoErrorCode.InvalidJwe, 'Key management "key" must be a Key URI or JWK when using "dir" (Direct Encryption Mode).');
+                    }
+                    // Set the CEK to the key management `key`.
+                    cek = key;
+                    break;
+                }
+                case 'PBES2-HS256+A128KW':
+                case 'PBES2-HS384+A192KW':
+                case 'PBES2-HS512+A256KW': {
+                    // In Key Encryption mode (PBES2) with key wrapping (A128KW, A192KW, A256KW), a randomly
+                    // generated Content Encryption Key (CEK) is encrypted with a Key Encryption Key (KEK)
+                    // derived from the given passphrase, salt (p2s), and iteration count (p2c) using the
+                    // PBKDF2 key derivation function.
+                    if (typeof joseHeader.p2c !== 'number') {
+                        throw new CryptoError(CryptoErrorCode.InvalidJwe, 'JOSE Header "p2c" (PBES2 Count) is missing or not a number.');
+                    }
+                    if (typeof joseHeader.p2s !== 'string') {
+                        throw new CryptoError(CryptoErrorCode.InvalidJwe, 'JOSE Header "p2s" (PBES2 salt) is missing or not a string.');
+                    }
+                    // Throw an error if the key management `key` is not a byte array.
+                    if (!(key instanceof Uint8Array)) {
+                        throw new CryptoError(CryptoErrorCode.InvalidJwe, 'Key management "key" must be a Uint8Array when using "PBES2" (Key Encryption Mode).');
+                    }
+                    // Generate a random Content Encryption Key (CEK) using the algorithm specified by the "enc"
+                    // (encryption) Header Parameter.
+                    cek = yield crypto.generateKey({ algorithm: joseHeader.enc });
+                    // Per {@link https://www.rfc-editor.org/rfc/rfc7518.html#section-4.8.1.1 | RFC 7518, Section 4.8.1.1},
+                    // the salt value used with PBES2 should be of the format (UTF8(Alg) || 0x00 || Salt Input),
+                    // where Alg is the "alg" (algorithm) Header Parameter value. This reduces the potential for
+                    // a precomputed dictionary attack (also known as a rainbow table attack).
+                    let salt;
+                    try {
+                        salt = new Uint8Array([
+                            ...Convert.string(joseHeader.alg).toUint8Array(),
+                            0x00,
+                            ...Convert.base64Url(joseHeader.p2s).toUint8Array()
+                        ]);
+                    }
+                    catch (_a) {
+                        throw new CryptoError(CryptoErrorCode.EncodingError, 'Failed to decode the JOSE Header "p2s" (PBES2 salt) value.');
+                    }
+                    // Derive a Key Encryption Key (KEK) from the given passphrase, salt, and iteration count.
+                    const kek = yield crypto.deriveKey({
+                        algorithm: joseHeader.alg,
+                        baseKeyBytes: key,
+                        iterations: joseHeader.p2c,
+                        salt
+                    });
+                    // Encrypt the randomly generated CEK with the derived Key Encryption Key (KEK).
+                    encryptedKey = yield crypto.wrapKey({ encryptionKey: kek, unwrappedKey: cek });
+                    break;
+                }
+                default: {
+                    throw new CryptoError(CryptoErrorCode.AlgorithmNotSupported, `Unsupported "alg" (Algorithm) Header Parameter value: ${joseHeader.alg}`);
+                }
+            }
+            return { cek, encryptedKey };
+        });
+    }
+}
+//# sourceMappingURL=jwe.js.map

package/dist/esm/prototyping/crypto/jose/jwe.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"jwe.js","sourceRoot":"","sources":["../../../../../src/prototyping/crypto/jose/jwe.ts"],"names":[],"mappings":";;;;;;;;;AAEA,OAAO,EAAE,OAAO,EAAE,MAAM,eAAe,CAAC;AAKxC,OAAO,EAAE,WAAW,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;AAyTlE;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,MAAM,UAAU,gBAAgB,CAAC,GAAY;IAC3C,OAAO,OAAO,GAAG,KAAK,QAAQ,IAAI,GAAG,KAAK,IAAI;WACzC,KAAK,IAAI,GAAG,IAAI,GAAG,CAAC,GAAG,KAAK,SAAS;WACrC,KAAK,IAAI,GAAG,IAAI,GAAG,CAAC,GAAG,KAAK,SAAS,CAAC;AAC7C,CAAC;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4CG;AACH,MAAM,OAAO,gBAAgB;IAC3B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OA8BG;IACI,MAAM,CAAO,OAAO,CAA4D,EACrF,GAAG,EAAE,YAAY,EAAE,UAAU,EAAE,MAAM,EACe;;YAEpD,qFAAqF;YACrF,gCAAgC;YAChC,QAAQ,UAAU,CAAC,GAAG,EAAE;gBACtB,KAAK,KAAK,CAAC,CAAC;oBACV,iFAAiF;oBACjF,wFAAwF;oBACxF,2BAA2B;oBAE3B,oDAAoD;oBACpD,IAAI,YAAY,KAAK,SAAS,EAAE;wBAC9B,MAAM,IAAI,WAAW,CAAC,eAAe,CAAC,UAAU,EAAE,+EAA+E,CAAC,CAAC;qBACpI;oBAED,8DAA8D;oBAC9D,IAAI,GAAG,YAAY,UAAU,EAAE;wBAC7B,MAAM,IAAI,WAAW,CAAC,eAAe,CAAC,UAAU,EAAE,0FAA0F,CAAC,CAAC;qBAC/I;oBAED,8CAA8C;oBAC9C,OAAO,GAAG,CAAC;iBACZ;gBAED,KAAK,oBAAoB,CAAC;gBAC1B,KAAK,oBAAoB,CAAC;gBAC1B,KAAK,oBAAoB,CAAC,CAAC;oBACzB,uFAAuF;oBACvF,4FAA4F;oBAC5F,4FAA4F;oBAC5F,4DAA4D;oBAE5D,IAAI,OAAO,UAAU,CAAC,GAAG,KAAK,QAAQ,EAAE;wBACtC,MAAM,IAAI,WAAW,CAAC,eAAe,CAAC,UAAU,EAAE,6DAA6D,CAAC,CAAC;qBAClH;oBAED,IAAI,OAAO,UAAU,CAAC,GAAG,KAAK,QAAQ,EAAE;wBACtC,MAAM,IAAI,WAAW,CAAC,eAAe,CAAC,UAAU,EAAE,4DAA4D,CAAC,CAAC;qBACjH;oBAED,wFAAwF;oBACxF,2DAA2D;oBAC3D,IAAI,CAAC,CAAC,GAAG,YAAY,UAAU,CAAC,EAAE;wBAChC,MAAM,IAAI,WAAW,CAAC,eAAe,CAAC,UAAU,EAAE,qFAAqF,CAAC,CAAC;qBAC1I;oBAED,sDAAsD;oBACtD,IAAI,YAAY,KAAK,SAAS,EAAE;wBAC9B,MAAM,IAAI,WAAW,CAAC,eAAe,CAAC,UAAU,EAAE,2EAA2E,CAAC,CAAC;qBAChI;oBAED,uGAAuG;oBACvG,4FAA4F;oBAC5F,4FAA4F;oBAC5F,0EAA0E;oBAC1E,IAAI,IAAgB,CAAC;oBACrB,IAAI;wBACF,IAAI,GAAG,IAAI,UAAU,CAAC;4BACpB,GAAG,OAAO,CAAC,MAAM,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,YAAY,EAAE;4BAChD,IAAI;4BACJ,GAAG,OAAO,CAAC,SAAS,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,YAAY,EAAE;yBACpD,CAAC,CAAC;qBACJ;oBAAC,WAAM;wBACN,MAAM,IAAI,WAAW,CAAC,eAAe,CAAC,aAAa,EAAE,4DAA4D,CAAC,CAAC;qBACpH;oBAED,4FAA4F;oBAC5F,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,SAAS,CAAC;wBACjC,SAAS,EAAM,UAAU,CAAC,GAAG;wBAC7B,YAAY,EAAG,GAAG;wBAClB,UAAU,EAAK,UAAU,CAAC,GAAG;wBAC7B,IAAI;qBACL,CAAC,CAAC;oBAEH,IAAI,CAAC,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC,QAAQ,EAAE,QAAQ,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE;wBAClE,MAAM,IAAI,WAAW,CAAC,eAAe,CAAC,qBAAqB,EAAE,qDAAqD,GAAG,CAAC,GAAG,EAAE,CAAC,CAAC;qBAC9H;oBAED,iEAAiE;oBACjE,OAAO,MAAM,MAAM,CAAC,SAAS,CAAC;wBAC5B,aAAa,EAAS,GAAG;wBACzB,eAAe,EAAO,YAAY;wBAClC,mBAAmB,EAAG,UAAU,CAAC,GAAG;qBACrC,CAAC,CAAC;iBACJ;gBAED,OAAO,CAAC,CAAC;oBACP,MAAM,IAAI,WAAW,CACnB,eAAe,CAAC,qBAAqB,EACrC,yDAAyD,UAAU,CAAC,GAAG,EAAE,CAC1E,CAAC;iBACH;aACF;QACH,CAAC;KAAA;IAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OA+BG;IACI,MAAM,CAAO,OAAO,CAA4D,EACrF,GAAG,EAAE,UAAU,EAAE,MAAM,EAC6B;;YAEpD,IAAI,GAAwB,CAAC;YAC7B,IAAI,YAAoC,CAAC;YAEzC,qFAAqF;YACrF,gCAAgC;YAChC,QAAQ,UAAU,CAAC,GAAG,EAAE;gBACtB,KAAK,KAAK,CAAC,CAAC;oBACV,uFAAuF;oBACvF,wFAAwF;oBACxF,2BAA2B;oBAE3B,oDAAoD;oBACpD,IAAI,YAAY,KAAK,SAAS,EAAE;wBAC9B,MAAM,IAAI,WAAW,CAAC,eAAe,CAAC,UAAU,EAAE,+EAA+E,CAAC,CAAC;qBACpI;oBAED,8DAA8D;oBAC9D,IAAI,GAAG,YAAY,UAAU,EAAE;wBAC7B,MAAM,IAAI,WAAW,CAAC,eAAe,CAAC,UAAU,EAAE,0FAA0F,CAAC,CAAC;qBAC/I;oBAED,2CAA2C;oBAC3C,GAAG,GAAG,GAAG,CAAC;oBAEV,MAAM;iBACP;gBAED,KAAK,oBAAoB,CAAC;gBAC1B,KAAK,oBAAoB,CAAC;gBAC1B,KAAK,oBAAoB,CAAC,CAAC;oBACzB,wFAAwF;oBACxF,sFAAsF;oBACtF,qFAAqF;oBACrF,kCAAkC;oBAElC,IAAI,OAAO,UAAU,CAAC,GAAG,KAAK,QAAQ,EAAE;wBACtC,MAAM,IAAI,WAAW,CAAC,eAAe,CAAC,UAAU,EAAE,6DAA6D,CAAC,CAAC;qBAClH;oBAED,IAAI,OAAO,UAAU,CAAC,GAAG,KAAK,QAAQ,EAAE;wBACtC,MAAM,IAAI,WAAW,CAAC,eAAe,CAAC,UAAU,EAAE,4DAA4D,CAAC,CAAC;qBACjH;oBAED,kEAAkE;oBAClE,IAAI,CAAC,CAAC,GAAG,YAAY,UAAU,CAAC,EAAE;wBAChC,MAAM,IAAI,WAAW,CAAC,eAAe,CAAC,UAAU,EAAE,qFAAqF,CAAC,CAAC;qBAC1I;oBAED,4FAA4F;oBAC5F,iCAAiC;oBACjC,GAAG,GAAG,MAAM,MAAM,CAAC,WAAW,CAAC,EAAE,SAAS,EAAE,UAAU,CAAC,GAAG,EAAE,CAAC,CAAC;oBAE9D,uGAAuG;oBACvG,4FAA4F;oBAC5F,4FAA4F;oBAC5F,0EAA0E;oBAC1E,IAAI,IAAgB,CAAC;oBACrB,IAAI;wBACF,IAAI,GAAG,IAAI,UAAU,CAAC;4BACpB,GAAG,OAAO,CAAC,MAAM,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,YAAY,EAAE;4BAChD,IAAI;4BACJ,GAAG,OAAO,CAAC,SAAS,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,YAAY,EAAE;yBACpD,CAAC,CAAC;qBACJ;oBAAC,WAAM;wBACN,MAAM,IAAI,WAAW,CAAC,eAAe,CAAC,aAAa,EAAE,4DAA4D,CAAC,CAAC;qBACpH;oBAED,0FAA0F;oBAC1F,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,SAAS,CAAC;wBACjC,SAAS,EAAM,UAAU,CAAC,GAAG;wBAC7B,YAAY,EAAG,GAAG;wBAClB,UAAU,EAAK,UAAU,CAAC,GAAG;wBAC7B,IAAI;qBACL,CAAC,CAAC;oBAEH,gFAAgF;oBAChF,YAAY,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC,EAAE,aAAa,EAAE,GAAG,EAAE,YAAY,EAAE,GAAG,EAAE,CAAC,CAAC;oBAE/E,MAAM;iBACP;gBAED,OAAO,CAAC,CAAC;oBACP,MAAM,IAAI,WAAW,CACnB,eAAe,CAAC,qBAAqB,EACrC,yDAAyD,UAAU,CAAC,GAAG,EAAE,CAC1E,CAAC;iBACH;aACF;YAED,OAAO,EAAE,GAAG,EAAE,YAAY,EAAE,CAAC;QAC/B,CAAC;KAAA;CACF"}