@fgv/ts-web-extras 5.1.0-17 → 5.1.0-18

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (59) hide show
  1. package/.rush/temp/{edc66e6a37414a0b69e52d768684c18c9d5825e3.tar.log → 680645452ebdb4d7f294f08d3b45f143d69c3f5d.tar.log} +2 -2
  2. package/.rush/temp/chunked-rush-logs/ts-web-extras.build.chunks.jsonl +12 -12
  3. package/.rush/temp/operation/build/all.log +12 -12
  4. package/.rush/temp/operation/build/log-chunks.jsonl +12 -12
  5. package/.rush/temp/operation/build/state.json +1 -1
  6. package/dist/packlets/crypto-utils/browserCryptoProvider.js +58 -17
  7. package/dist/packlets/crypto-utils/browserCryptoProvider.js.map +1 -1
  8. package/dist/ts-web-extras.d.ts +27 -6
  9. package/docs/CryptoUtils/classes/BrowserCryptoProvider.exportPublicKeyJwk.md +24 -0
  10. package/docs/CryptoUtils/classes/BrowserCryptoProvider.generateKeyPair.md +25 -0
  11. package/docs/CryptoUtils/classes/BrowserCryptoProvider.importPublicKeyJwk.md +25 -0
  12. package/docs/CryptoUtils/classes/BrowserCryptoProvider.md +39 -0
  13. package/docs/classes/BrowserCryptoProvider.exportPublicKeyJwk.md +24 -0
  14. package/docs/classes/BrowserCryptoProvider.generateKeyPair.md +25 -0
  15. package/docs/classes/BrowserCryptoProvider.importPublicKeyJwk.md +25 -0
  16. package/docs/classes/BrowserCryptoProvider.md +39 -0
  17. package/etc/ts-web-extras.api.md +5 -5
  18. package/lib/packlets/crypto-utils/browserCryptoProvider.d.ts +27 -5
  19. package/lib/packlets/crypto-utils/browserCryptoProvider.d.ts.map +1 -1
  20. package/lib/packlets/crypto-utils/browserCryptoProvider.js +57 -16
  21. package/lib/packlets/crypto-utils/browserCryptoProvider.js.map +1 -1
  22. package/package.json +10 -10
  23. package/rush-logs/ts-web-extras.build.cache.log +1 -1
  24. package/rush-logs/ts-web-extras.build.log +12 -12
  25. package/src/packlets/crypto-utils/browserCryptoProvider.ts +76 -22
  26. package/temp/build/typescript/ts_8nwakTlr.json +1 -1
  27. package/temp/coverage/crypto-utils/browserCryptoProvider.ts.html +189 -27
  28. package/temp/coverage/crypto-utils/browserHashProvider.ts.html +1 -1
  29. package/temp/coverage/crypto-utils/index.html +7 -7
  30. package/temp/coverage/file-tree/directoryHandleStore.ts.html +1 -1
  31. package/temp/coverage/file-tree/fileApiTreeAccessors.ts.html +1 -1
  32. package/temp/coverage/file-tree/fileSystemAccessTreeAccessors.ts.html +1 -1
  33. package/temp/coverage/file-tree/httpTreeAccessors.ts.html +1 -1
  34. package/temp/coverage/file-tree/index.html +1 -1
  35. package/temp/coverage/file-tree/localStorageTreeAccessors.ts.html +1 -1
  36. package/temp/coverage/helpers/fileTreeHelpers.ts.html +1 -1
  37. package/temp/coverage/helpers/index.html +1 -1
  38. package/temp/coverage/index.html +7 -7
  39. package/temp/coverage/lcov-report/crypto-utils/browserCryptoProvider.ts.html +189 -27
  40. package/temp/coverage/lcov-report/crypto-utils/browserHashProvider.ts.html +1 -1
  41. package/temp/coverage/lcov-report/crypto-utils/index.html +7 -7
  42. package/temp/coverage/lcov-report/file-tree/directoryHandleStore.ts.html +1 -1
  43. package/temp/coverage/lcov-report/file-tree/fileApiTreeAccessors.ts.html +1 -1
  44. package/temp/coverage/lcov-report/file-tree/fileSystemAccessTreeAccessors.ts.html +1 -1
  45. package/temp/coverage/lcov-report/file-tree/httpTreeAccessors.ts.html +1 -1
  46. package/temp/coverage/lcov-report/file-tree/index.html +1 -1
  47. package/temp/coverage/lcov-report/file-tree/localStorageTreeAccessors.ts.html +1 -1
  48. package/temp/coverage/lcov-report/helpers/fileTreeHelpers.ts.html +1 -1
  49. package/temp/coverage/lcov-report/helpers/index.html +1 -1
  50. package/temp/coverage/lcov-report/index.html +7 -7
  51. package/temp/coverage/lcov-report/url-utils/index.html +1 -1
  52. package/temp/coverage/lcov-report/url-utils/urlParams.ts.html +1 -1
  53. package/temp/coverage/lcov.info +75 -15
  54. package/temp/coverage/url-utils/index.html +1 -1
  55. package/temp/coverage/url-utils/urlParams.ts.html +1 -1
  56. package/temp/test/jest/haste-map-7492f1b44480e0cdd1f220078fb3afd8-c8dd6c3430605adeb2f1cadf4f75e791-8c9336785555d572065b28c111982ba4 +0 -0
  57. package/temp/test/jest/perf-cache-7492f1b44480e0cdd1f220078fb3afd8-da39a3ee5e6b4b0d3255bfef95601890 +1 -1
  58. package/temp/ts-web-extras.api.json +253 -4
  59. package/temp/ts-web-extras.api.md +5 -5
package/.rush/temp/{edc66e6a37414a0b69e52d768684c18c9d5825e3.tar.log → 680645452ebdb4d7f294f08d3b45f143d69c3f5d.tar.log} RENAMED
@@ -1,5 +1,5 @@
1
- Start time: Mon Apr 27 2026 03:46:28 GMT+0000 (Coordinated Universal Time)
2
- Invoking "/usr/bin/tar -c -f /home/runner/work/fgv/fgv/common/temp/build-cache/edc66e6a37414a0b69e52d768684c18c9d5825e3-755c33d272322419.temp -z --files-from=-"
1
+ Start time: Mon Apr 27 2026 05:38:37 GMT+0000 (Coordinated Universal Time)
2
+ Invoking "/usr/bin/tar -c -f /home/runner/work/fgv/fgv/common/temp/build-cache/680645452ebdb4d7f294f08d3b45f143d69c3f5d-36930bfd8d3b7465.temp -z --files-from=-"
3
3
 
4
4
  ======= BEGIN PROCESS INPUT ======
5
5
  .rush/temp/operation/build/all.log
package/.rush/temp/chunked-rush-logs/ts-web-extras.build.chunks.jsonl CHANGED
@@ -5,7 +5,7 @@
5
5
  {"kind":"O","text":"[build:api-extractor] Using API Extractor version 7.57.7\n"}
6
6
  {"kind":"O","text":"[build:api-extractor] Analysis will use the bundled TypeScript version 5.8.2\n"}
7
7
  {"kind":"O","text":"[build:api-extractor] *** The target project appears to use TypeScript 5.9.3 which is newer than the bundled compiler engine; consider upgrading API Extractor.\n"}
8
- {"kind":"O","text":" ---- build finished (24.065s) ---- \n"}
8
+ {"kind":"O","text":" ---- build finished (24.801s) ---- \n"}
9
9
  {"kind":"O","text":" ---- test started ---- \n"}
10
10
  {"kind":"O","text":"[test:jest] Using Jest version 29.5.0\n"}
11
11
  {"kind":"O","text":"[test:jest] \n"}
@@ -14,20 +14,20 @@
14
14
  {"kind":"O","text":"[test:jest] START lib/test/unit/fileApiTreeAccessors.test.js\n"}
15
15
  {"kind":"O","text":"[test:jest] START lib/test/unit/localStorageTreeAccessors.test.js\n"}
16
16
  {"kind":"O","text":"[test:jest] START lib/test/unit/fileSystemAccessTreeAccessors.test.js\n"}
17
- {"kind":"O","text":"[test:jest] PASS lib/test/unit/httpTreeAccessors.test.js (duration: 2.358s, 61 passed, 0 failed)\n"}
17
+ {"kind":"O","text":"[test:jest] PASS lib/test/unit/localStorageTreeAccessors.test.js (duration: 2.975s, 44 passed, 0 failed)\n"}
18
18
  {"kind":"O","text":"[test:jest] START lib/test/unit/fileTreeHelpers.test.js\n"}
19
- {"kind":"O","text":"[test:jest] PASS lib/test/unit/localStorageTreeAccessors.test.js (duration: 2.231s, 44 passed, 0 failed)\n"}
19
+ {"kind":"O","text":"[test:jest] PASS lib/test/unit/httpTreeAccessors.test.js (duration: 3.203s, 61 passed, 0 failed)\n"}
20
20
  {"kind":"O","text":"[test:jest] START lib/test/unit/fileApiTypes.test.js\n"}
21
- {"kind":"O","text":"[test:jest] PASS lib/test/unit/fileApiTreeAccessors.test.js (duration: 3.257s, 65 passed, 0 failed)\n"}
21
+ {"kind":"O","text":"[test:jest] PASS lib/test/unit/fileApiTreeAccessors.test.js (duration: 3.464s, 65 passed, 0 failed)\n"}
22
22
  {"kind":"O","text":"[test:jest] START lib/test/unit/urlParams.test.js\n"}
23
- {"kind":"O","text":"[test:jest] PASS lib/test/unit/fileSystemAccessTreeAccessors.test.js (duration: 1.807s, 44 passed, 0 failed)\n"}
23
+ {"kind":"O","text":"[test:jest] PASS lib/test/unit/fileSystemAccessTreeAccessors.test.js (duration: 1.300s, 44 passed, 0 failed)\n"}
24
24
  {"kind":"O","text":"[test:jest] START lib/test/unit/directoryHandleStore.test.js\n"}
25
- {"kind":"O","text":"[test:jest] PASS lib/test/unit/fileApiTypes.test.js (duration: 1.259s, 36 passed, 0 failed)\n"}
25
+ {"kind":"O","text":"[test:jest] PASS lib/test/unit/fileTreeHelpers.test.js (duration: 1.819s, 35 passed, 0 failed)\n"}
26
26
  {"kind":"O","text":"[test:jest] START lib/test/unit/browserHashProvider.test.js\n"}
27
- {"kind":"O","text":"[test:jest] PASS lib/test/unit/fileTreeHelpers.test.js (duration: 2.305s, 35 passed, 0 failed)\n"}
28
- {"kind":"O","text":"[test:jest] PASS lib/test/unit/urlParams.test.js (duration: 1.871s, 60 passed, 0 failed)\n"}
29
- {"kind":"O","text":"[test:jest] PASS lib/test/unit/directoryHandleStore.test.js (duration: 1.696s, 19 passed, 0 failed)\n"}
30
- {"kind":"O","text":"[test:jest] PASS lib/test/unit/browserHashProvider.test.js (duration: 1.902s, 15 passed, 0 failed)\n"}
27
+ {"kind":"O","text":"[test:jest] PASS lib/test/unit/fileApiTypes.test.js (duration: 1.579s, 36 passed, 0 failed)\n"}
28
+ {"kind":"O","text":"[test:jest] PASS lib/test/unit/urlParams.test.js (duration: 1.586s, 60 passed, 0 failed)\n"}
29
+ {"kind":"O","text":"[test:jest] PASS lib/test/unit/directoryHandleStore.test.js (duration: 1.282s, 19 passed, 0 failed)\n"}
30
+ {"kind":"O","text":"[test:jest] PASS lib/test/unit/browserHashProvider.test.js (duration: 1.520s, 15 passed, 0 failed)\n"}
31
31
  {"kind":"O","text":"[test:jest] \n"}
32
32
  {"kind":"O","text":"[test:jest] Tests finished:\n"}
33
33
  {"kind":"O","text":"[test:jest] Successes: 379\n"}
@@ -51,5 +51,5 @@
51
51
  {"kind":"O","text":" url-utils | 100 | 100 | 100 | 100 | \n"}
52
52
  {"kind":"O","text":" urlParams.ts | 100 | 100 | 100 | 100 | \n"}
53
53
  {"kind":"O","text":"-----------------------------------|---------|----------|---------|---------|-------------------\n"}
54
- {"kind":"O","text":" ---- test finished (9.403s) ---- \n"}
55
- {"kind":"O","text":"-------------------- Finished (33.476s) --------------------\n"}
54
+ {"kind":"O","text":" ---- test finished (10.229s) ---- \n"}
55
+ {"kind":"O","text":"-------------------- Finished (35.048s) --------------------\n"}
package/.rush/temp/operation/build/all.log CHANGED
@@ -5,7 +5,7 @@ Invoking: heft test --clean
5
5
  [build:api-extractor] Using API Extractor version 7.57.7
6
6
  [build:api-extractor] Analysis will use the bundled TypeScript version 5.8.2
7
7
  [build:api-extractor] *** The target project appears to use TypeScript 5.9.3 which is newer than the bundled compiler engine; consider upgrading API Extractor.
8
- ---- build finished (24.065s) ----
8
+ ---- build finished (24.801s) ----
9
9
  ---- test started ----
10
10
  [test:jest] Using Jest version 29.5.0
11
11
  [test:jest]
@@ -14,20 +14,20 @@ Invoking: heft test --clean
14
14
  [test:jest] START lib/test/unit/fileApiTreeAccessors.test.js
15
15
  [test:jest] START lib/test/unit/localStorageTreeAccessors.test.js
16
16
  [test:jest] START lib/test/unit/fileSystemAccessTreeAccessors.test.js
17
- [test:jest] PASS lib/test/unit/httpTreeAccessors.test.js (duration: 2.358s, 61 passed, 0 failed)
17
+ [test:jest] PASS lib/test/unit/localStorageTreeAccessors.test.js (duration: 2.975s, 44 passed, 0 failed)
18
18
  [test:jest] START lib/test/unit/fileTreeHelpers.test.js
19
- [test:jest] PASS lib/test/unit/localStorageTreeAccessors.test.js (duration: 2.231s, 44 passed, 0 failed)
19
+ [test:jest] PASS lib/test/unit/httpTreeAccessors.test.js (duration: 3.203s, 61 passed, 0 failed)
20
20
  [test:jest] START lib/test/unit/fileApiTypes.test.js
21
- [test:jest] PASS lib/test/unit/fileApiTreeAccessors.test.js (duration: 3.257s, 65 passed, 0 failed)
21
+ [test:jest] PASS lib/test/unit/fileApiTreeAccessors.test.js (duration: 3.464s, 65 passed, 0 failed)
22
22
  [test:jest] START lib/test/unit/urlParams.test.js
23
- [test:jest] PASS lib/test/unit/fileSystemAccessTreeAccessors.test.js (duration: 1.807s, 44 passed, 0 failed)
23
+ [test:jest] PASS lib/test/unit/fileSystemAccessTreeAccessors.test.js (duration: 1.300s, 44 passed, 0 failed)
24
24
  [test:jest] START lib/test/unit/directoryHandleStore.test.js
25
- [test:jest] PASS lib/test/unit/fileApiTypes.test.js (duration: 1.259s, 36 passed, 0 failed)
25
+ [test:jest] PASS lib/test/unit/fileTreeHelpers.test.js (duration: 1.819s, 35 passed, 0 failed)
26
26
  [test:jest] START lib/test/unit/browserHashProvider.test.js
27
- [test:jest] PASS lib/test/unit/fileTreeHelpers.test.js (duration: 2.305s, 35 passed, 0 failed)
28
- [test:jest] PASS lib/test/unit/urlParams.test.js (duration: 1.871s, 60 passed, 0 failed)
29
- [test:jest] PASS lib/test/unit/directoryHandleStore.test.js (duration: 1.696s, 19 passed, 0 failed)
30
- [test:jest] PASS lib/test/unit/browserHashProvider.test.js (duration: 1.902s, 15 passed, 0 failed)
27
+ [test:jest] PASS lib/test/unit/fileApiTypes.test.js (duration: 1.579s, 36 passed, 0 failed)
28
+ [test:jest] PASS lib/test/unit/urlParams.test.js (duration: 1.586s, 60 passed, 0 failed)
29
+ [test:jest] PASS lib/test/unit/directoryHandleStore.test.js (duration: 1.282s, 19 passed, 0 failed)
30
+ [test:jest] PASS lib/test/unit/browserHashProvider.test.js (duration: 1.520s, 15 passed, 0 failed)
31
31
  [test:jest]
32
32
  [test:jest] Tests finished:
33
33
  [test:jest] Successes: 379
@@ -51,5 +51,5 @@ All files | 100 | 99.62 | 100 | 100 |
51
51
  url-utils | 100 | 100 | 100 | 100 |
52
52
  urlParams.ts | 100 | 100 | 100 | 100 |
53
53
  -----------------------------------|---------|----------|---------|---------|-------------------
54
- ---- test finished (9.403s) ----
55
- -------------------- Finished (33.476s) --------------------
54
+ ---- test finished (10.229s) ----
55
+ -------------------- Finished (35.048s) --------------------
package/.rush/temp/operation/build/log-chunks.jsonl CHANGED
@@ -5,7 +5,7 @@
5
5
  {"kind":"O","text":"[build:api-extractor] Using API Extractor version 7.57.7\n"}
6
6
  {"kind":"O","text":"[build:api-extractor] Analysis will use the bundled TypeScript version 5.8.2\n"}
7
7
  {"kind":"O","text":"[build:api-extractor] *** The target project appears to use TypeScript 5.9.3 which is newer than the bundled compiler engine; consider upgrading API Extractor.\n"}
8
- {"kind":"O","text":" ---- build finished (24.065s) ---- \n"}
8
+ {"kind":"O","text":" ---- build finished (24.801s) ---- \n"}
9
9
  {"kind":"O","text":" ---- test started ---- \n"}
10
10
  {"kind":"O","text":"[test:jest] Using Jest version 29.5.0\n"}
11
11
  {"kind":"O","text":"[test:jest] \n"}
@@ -14,20 +14,20 @@
14
14
  {"kind":"O","text":"[test:jest] START lib/test/unit/fileApiTreeAccessors.test.js\n"}
15
15
  {"kind":"O","text":"[test:jest] START lib/test/unit/localStorageTreeAccessors.test.js\n"}
16
16
  {"kind":"O","text":"[test:jest] START lib/test/unit/fileSystemAccessTreeAccessors.test.js\n"}
17
- {"kind":"O","text":"[test:jest] PASS lib/test/unit/httpTreeAccessors.test.js (duration: 2.358s, 61 passed, 0 failed)\n"}
17
+ {"kind":"O","text":"[test:jest] PASS lib/test/unit/localStorageTreeAccessors.test.js (duration: 2.975s, 44 passed, 0 failed)\n"}
18
18
  {"kind":"O","text":"[test:jest] START lib/test/unit/fileTreeHelpers.test.js\n"}
19
- {"kind":"O","text":"[test:jest] PASS lib/test/unit/localStorageTreeAccessors.test.js (duration: 2.231s, 44 passed, 0 failed)\n"}
19
+ {"kind":"O","text":"[test:jest] PASS lib/test/unit/httpTreeAccessors.test.js (duration: 3.203s, 61 passed, 0 failed)\n"}
20
20
  {"kind":"O","text":"[test:jest] START lib/test/unit/fileApiTypes.test.js\n"}
21
- {"kind":"O","text":"[test:jest] PASS lib/test/unit/fileApiTreeAccessors.test.js (duration: 3.257s, 65 passed, 0 failed)\n"}
21
+ {"kind":"O","text":"[test:jest] PASS lib/test/unit/fileApiTreeAccessors.test.js (duration: 3.464s, 65 passed, 0 failed)\n"}
22
22
  {"kind":"O","text":"[test:jest] START lib/test/unit/urlParams.test.js\n"}
23
- {"kind":"O","text":"[test:jest] PASS lib/test/unit/fileSystemAccessTreeAccessors.test.js (duration: 1.807s, 44 passed, 0 failed)\n"}
23
+ {"kind":"O","text":"[test:jest] PASS lib/test/unit/fileSystemAccessTreeAccessors.test.js (duration: 1.300s, 44 passed, 0 failed)\n"}
24
24
  {"kind":"O","text":"[test:jest] START lib/test/unit/directoryHandleStore.test.js\n"}
25
- {"kind":"O","text":"[test:jest] PASS lib/test/unit/fileApiTypes.test.js (duration: 1.259s, 36 passed, 0 failed)\n"}
25
+ {"kind":"O","text":"[test:jest] PASS lib/test/unit/fileTreeHelpers.test.js (duration: 1.819s, 35 passed, 0 failed)\n"}
26
26
  {"kind":"O","text":"[test:jest] START lib/test/unit/browserHashProvider.test.js\n"}
27
- {"kind":"O","text":"[test:jest] PASS lib/test/unit/fileTreeHelpers.test.js (duration: 2.305s, 35 passed, 0 failed)\n"}
28
- {"kind":"O","text":"[test:jest] PASS lib/test/unit/urlParams.test.js (duration: 1.871s, 60 passed, 0 failed)\n"}
29
- {"kind":"O","text":"[test:jest] PASS lib/test/unit/directoryHandleStore.test.js (duration: 1.696s, 19 passed, 0 failed)\n"}
30
- {"kind":"O","text":"[test:jest] PASS lib/test/unit/browserHashProvider.test.js (duration: 1.902s, 15 passed, 0 failed)\n"}
27
+ {"kind":"O","text":"[test:jest] PASS lib/test/unit/fileApiTypes.test.js (duration: 1.579s, 36 passed, 0 failed)\n"}
28
+ {"kind":"O","text":"[test:jest] PASS lib/test/unit/urlParams.test.js (duration: 1.586s, 60 passed, 0 failed)\n"}
29
+ {"kind":"O","text":"[test:jest] PASS lib/test/unit/directoryHandleStore.test.js (duration: 1.282s, 19 passed, 0 failed)\n"}
30
+ {"kind":"O","text":"[test:jest] PASS lib/test/unit/browserHashProvider.test.js (duration: 1.520s, 15 passed, 0 failed)\n"}
31
31
  {"kind":"O","text":"[test:jest] \n"}
32
32
  {"kind":"O","text":"[test:jest] Tests finished:\n"}
33
33
  {"kind":"O","text":"[test:jest] Successes: 379\n"}
@@ -51,5 +51,5 @@
51
51
  {"kind":"O","text":" url-utils | 100 | 100 | 100 | 100 | \n"}
52
52
  {"kind":"O","text":" urlParams.ts | 100 | 100 | 100 | 100 | \n"}
53
53
  {"kind":"O","text":"-----------------------------------|---------|----------|---------|---------|-------------------\n"}
54
- {"kind":"O","text":" ---- test finished (9.403s) ---- \n"}
55
- {"kind":"O","text":"-------------------- Finished (33.476s) --------------------\n"}
54
+ {"kind":"O","text":" ---- test finished (10.229s) ---- \n"}
55
+ {"kind":"O","text":"-------------------- Finished (35.048s) --------------------\n"}
package/.rush/temp/operation/build/state.json CHANGED
@@ -1,3 +1,3 @@
1
1
  {
2
- "nonCachedDurationMs": 34138.17083
2
+ "nonCachedDurationMs": 36020.416763
3
3
  }
package/dist/packlets/crypto-utils/browserCryptoProvider.js CHANGED
@@ -18,9 +18,8 @@
18
18
  // OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
19
19
  // SOFTWARE.
20
20
  /* c8 ignore start - Browser-only implementation cannot be tested in Node.js environment */
21
- import { captureResult, fail, Failure, succeed, Success } from '@fgv/ts-utils';
21
+ import { captureAsyncResult, captureResult, fail, Failure, succeed, Success } from '@fgv/ts-utils';
22
22
  import { CryptoUtils } from '@fgv/ts-extras';
23
- const CryptoConstants = CryptoUtils.Constants;
24
23
  /**
25
24
  * Extracts an `ArrayBuffer` from a Uint8Array, handling the potential SharedArrayBuffer case.
26
25
  * @param arr - The Uint8Array to extract from
@@ -67,12 +66,12 @@ export class BrowserCryptoProvider {
67
66
  * @returns `Success` with encryption result, or `Failure` with an error.
68
67
  */
69
68
  async encrypt(plaintext, key) {
70
- if (key.length !== CryptoConstants.AES_256_KEY_SIZE) {
71
- return Failure.with(`Key must be ${CryptoConstants.AES_256_KEY_SIZE} bytes, got ${key.length}`);
69
+ if (key.length !== CryptoUtils.Constants.AES_256_KEY_SIZE) {
70
+ return Failure.with(`Key must be ${CryptoUtils.Constants.AES_256_KEY_SIZE} bytes, got ${key.length}`);
72
71
  }
73
72
  try {
74
73
  // Generate random IV
75
- const iv = this._crypto.getRandomValues(new Uint8Array(CryptoConstants.GCM_IV_SIZE));
74
+ const iv = this._crypto.getRandomValues(new Uint8Array(CryptoUtils.Constants.GCM_IV_SIZE));
76
75
  // Import the key
77
76
  const cryptoKey = await this._crypto.subtle.importKey('raw', toArrayBuffer(key), { name: 'AES-GCM' }, false, ['encrypt']);
78
77
  // Encode plaintext to bytes
@@ -82,12 +81,12 @@ export class BrowserCryptoProvider {
82
81
  const encryptedWithTag = await this._crypto.subtle.encrypt({
83
82
  name: 'AES-GCM',
84
83
  iv: iv,
85
- tagLength: CryptoConstants.GCM_AUTH_TAG_SIZE * 8 // bits
84
+ tagLength: CryptoUtils.Constants.GCM_AUTH_TAG_SIZE * 8 // bits
86
85
  }, cryptoKey, plaintextBytes);
87
86
  // Split ciphertext and auth tag (auth tag is last 16 bytes)
88
87
  const encryptedArray = new Uint8Array(encryptedWithTag);
89
- const encryptedData = encryptedArray.slice(0, encryptedArray.length - CryptoConstants.GCM_AUTH_TAG_SIZE);
90
- const authTag = encryptedArray.slice(encryptedArray.length - CryptoConstants.GCM_AUTH_TAG_SIZE);
88
+ const encryptedData = encryptedArray.slice(0, encryptedArray.length - CryptoUtils.Constants.GCM_AUTH_TAG_SIZE);
89
+ const authTag = encryptedArray.slice(encryptedArray.length - CryptoUtils.Constants.GCM_AUTH_TAG_SIZE);
91
90
  return Success.with({
92
91
  iv,
93
92
  authTag,
@@ -108,14 +107,14 @@ export class BrowserCryptoProvider {
108
107
  * @returns `Success` with decrypted UTF-8 string, or `Failure` with an error.
109
108
  */
110
109
  async decrypt(encryptedData, key, iv, authTag) {
111
- if (key.length !== CryptoConstants.AES_256_KEY_SIZE) {
112
- return Failure.with(`Key must be ${CryptoConstants.AES_256_KEY_SIZE} bytes, got ${key.length}`);
110
+ if (key.length !== CryptoUtils.Constants.AES_256_KEY_SIZE) {
111
+ return Failure.with(`Key must be ${CryptoUtils.Constants.AES_256_KEY_SIZE} bytes, got ${key.length}`);
113
112
  }
114
- if (iv.length !== CryptoConstants.GCM_IV_SIZE) {
115
- return Failure.with(`IV must be ${CryptoConstants.GCM_IV_SIZE} bytes, got ${iv.length}`);
113
+ if (iv.length !== CryptoUtils.Constants.GCM_IV_SIZE) {
114
+ return Failure.with(`IV must be ${CryptoUtils.Constants.GCM_IV_SIZE} bytes, got ${iv.length}`);
116
115
  }
117
- if (authTag.length !== CryptoConstants.GCM_AUTH_TAG_SIZE) {
118
- return Failure.with(`Auth tag must be ${CryptoConstants.GCM_AUTH_TAG_SIZE} bytes, got ${authTag.length}`);
116
+ if (authTag.length !== CryptoUtils.Constants.GCM_AUTH_TAG_SIZE) {
117
+ return Failure.with(`Auth tag must be ${CryptoUtils.Constants.GCM_AUTH_TAG_SIZE} bytes, got ${authTag.length}`);
119
118
  }
120
119
  try {
121
120
  // Import the key
@@ -128,7 +127,7 @@ export class BrowserCryptoProvider {
128
127
  const decrypted = await this._crypto.subtle.decrypt({
129
128
  name: 'AES-GCM',
130
129
  iv: toArrayBuffer(iv),
131
- tagLength: CryptoConstants.GCM_AUTH_TAG_SIZE * 8 // bits
130
+ tagLength: CryptoUtils.Constants.GCM_AUTH_TAG_SIZE * 8 // bits
132
131
  }, cryptoKey, encryptedWithTag);
133
132
  // Decode to string
134
133
  const decoder = new TextDecoder();
@@ -145,7 +144,7 @@ export class BrowserCryptoProvider {
145
144
  */
146
145
  async generateKey() {
147
146
  try {
148
- return Success.with(this._crypto.getRandomValues(new Uint8Array(CryptoConstants.AES_256_KEY_SIZE)));
147
+ return Success.with(this._crypto.getRandomValues(new Uint8Array(CryptoUtils.Constants.AES_256_KEY_SIZE)));
149
148
  }
150
149
  catch (e) {
151
150
  const message = e instanceof Error ? e.message : String(e);
@@ -180,7 +179,7 @@ export class BrowserCryptoProvider {
180
179
  salt: toArrayBuffer(salt),
181
180
  iterations: iterations,
182
181
  hash: 'SHA-256'
183
- }, keyMaterial, CryptoConstants.AES_256_KEY_SIZE * 8 // bits
182
+ }, keyMaterial, CryptoUtils.Constants.AES_256_KEY_SIZE * 8 // bits
184
183
  );
185
184
  return Success.with(new Uint8Array(derivedBits));
186
185
  }
@@ -261,6 +260,48 @@ export class BrowserCryptoProvider {
261
260
  return Failure.with('Invalid base64 string');
262
261
  }
263
262
  }
263
+ // ============================================================================
264
+ // Asymmetric Key Operations
265
+ // ============================================================================
266
+ /**
267
+ * Generates a new asymmetric keypair via Web Crypto.
268
+ * @param algorithm - The algorithm to use.
269
+ * @param extractable - Whether the resulting keys may be exported.
270
+ * @returns `Success` with the generated `CryptoKeyPair`, or `Failure` with an error.
271
+ */
272
+ async generateKeyPair(algorithm, extractable) {
273
+ const params = CryptoUtils.keyPairAlgorithmParams[algorithm];
274
+ const result = await captureAsyncResult(() => this._crypto.subtle.generateKey(params.generateKey, extractable, params.keyPairUsages));
275
+ return result.withErrorFormat((e) => `Failed to generate ${algorithm} keypair: ${e}`);
276
+ }
277
+ /**
278
+ * Exports a public `CryptoKey` as a JSON Web Key.
279
+ * @remarks
280
+ * Rejects non-public keys at runtime. WebCrypto's `exportKey('jwk', ...)`
281
+ * does not enforce public-vs-private; without this guard a caller that
282
+ * passed an extractable private key would receive its private fields
283
+ * (`d`, `p`, `q`, ...) as JWK, defeating the method's name.
284
+ * @param publicKey - Extractable public key to export.
285
+ * @returns `Success` with the JWK, or `Failure` if not a public key or if export fails.
286
+ */
287
+ async exportPublicKeyJwk(publicKey) {
288
+ if (publicKey.type !== 'public') {
289
+ return Failure.with(`exportPublicKeyJwk requires a public CryptoKey, got '${publicKey.type}'`);
290
+ }
291
+ const result = await captureAsyncResult(() => this._crypto.subtle.exportKey('jwk', publicKey));
292
+ return result.withErrorFormat((e) => `Failed to export public key as JWK: ${e}`);
293
+ }
294
+ /**
295
+ * Imports a public-key JWK as a `CryptoKey` for the requested algorithm.
296
+ * @param jwk - The JSON Web Key produced by a prior export.
297
+ * @param algorithm - The algorithm the key was generated for.
298
+ * @returns `Success` with the imported public `CryptoKey`, or `Failure` with an error.
299
+ */
300
+ async importPublicKeyJwk(jwk, algorithm) {
301
+ const params = CryptoUtils.keyPairAlgorithmParams[algorithm];
302
+ const result = await captureAsyncResult(() => this._crypto.subtle.importKey('jwk', jwk, params.importPublicKey, true, params.publicKeyUsages));
303
+ return result.withErrorFormat((e) => `Failed to import ${algorithm} public key from JWK: ${e}`);
304
+ }
264
305
  }
265
306
  /**
266
307
  * Creates a {@link CryptoUtils.BrowserCryptoProvider | BrowserCryptoProvider} if Web
package/dist/packlets/crypto-utils/browserCryptoProvider.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"browserCryptoProvider.js","sourceRoot":"","sources":["../../../src/packlets/crypto-utils/browserCryptoProvider.ts"],"names":[],"mappings":"AAAA,kCAAkC;AAClC,EAAE;AACF,+EAA+E;AAC/E,gFAAgF;AAChF,+EAA+E;AAC/E,4EAA4E;AAC5E,wEAAwE;AACxE,2DAA2D;AAC3D,EAAE;AACF,iFAAiF;AACjF,kDAAkD;AAClD,EAAE;AACF,6EAA6E;AAC7E,2EAA2E;AAC3E,8EAA8E;AAC9E,yEAAyE;AACzE,gFAAgF;AAChF,gFAAgF;AAChF,YAAY;AAEZ,2FAA2F;AAC3F,OAAO,EAAE,aAAa,EAAE,IAAI,EAAE,OAAO,EAAU,OAAO,EAAE,OAAO,EAAE,MAAM,eAAe,CAAC;AACvF,OAAO,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAI7C,MAAM,eAAe,GAAG,WAAW,CAAC,SAAS,CAAC;AAE9C;;;;GAIG;AACH,SAAS,aAAa,CAAC,GAAe;IACpC,mGAAmG;IACnG,MAAM,MAAM,GAAG,IAAI,WAAW,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IAC/C,IAAI,UAAU,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;IAChC,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,OAAO,qBAAqB;IAGhC;;;OAGG;IACH,YAAmB,SAAkB;QACnC,IAAI,SAAS,EAAE,CAAC;YACd,IAAI,CAAC,OAAO,GAAG,SAAS,CAAC;QAC3B,CAAC;aAAM,IAAI,OAAO,UAAU,KAAK,WAAW,IAAI,UAAU,CAAC,MAAM,EAAE,CAAC;YAClE,IAAI,CAAC,OAAO,GAAG,UAAU,CAAC,MAAM,CAAC;QACnC,CAAC;aAAM,IAAI,OAAO,MAAM,KAAK,WAAW,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;YAC1D,IAAI,CAAC,OAAO,GAAG,MAAM,CAAC,MAAM,CAAC;QAC/B,CAAC;aAAM,CAAC;YACN,MAAM,IAAI,KAAK,CAAC,8BAA8B,CAAC,CAAC;QAClD,CAAC;IACH,CAAC;IAED;;;;;OAKG;IACI,KAAK,CAAC,OAAO,CAAC,SAAiB,EAAE,GAAe;QACrD,IAAI,GAAG,CAAC,MAAM,KAAK,eAAe,CAAC,gBAAgB,EAAE,CAAC;YACpD,OAAO,OAAO,CAAC,IAAI,CAAC,eAAe,eAAe,CAAC,gBAAgB,eAAe,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC;QAClG,CAAC;QAED,IAAI,CAAC;YACH,qBAAqB;YACrB,MAAM,EAAE,GAAG,IAAI,CAAC,OAAO,CAAC,eAAe,CAAC,IAAI,UAAU,CAAC,eAAe,CAAC,WAAW,CAAC,CAAC,CAAC;YAErF,iBAAiB;YACjB,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,SAAS,CACnD,KAAK,EACL,aAAa,CAAC,GAAG,CAAC,EAClB,EAAE,IAAI,EAAE,SAAS,EAAE,EACnB,KAAK,EACL,CAAC,SAAS,CAAC,CACZ,CAAC;YAEF,4BAA4B;YAC5B,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAC;YAClC,MAAM,cAAc,GAAG,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;YAEjD,sDAAsD;YACtD,MAAM,gBAAgB,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,CACxD;gBACE,IAAI,EAAE,SAAS;gBACf,EAAE,EAAE,EAAE;gBACN,SAAS,EAAE,eAAe,CAAC,iBAAiB,GAAG,CAAC,CAAC,OAAO;aACzD,EACD,SAAS,EACT,cAAc,CACf,CAAC;YAEF,4DAA4D;YAC5D,MAAM,cAAc,GAAG,IAAI,UAAU,CAAC,gBAAgB,CAAC,CAAC;YACxD,MAAM,aAAa,GAAG,cAAc,CAAC,KAAK,CACxC,CAAC,EACD,cAAc,CAAC,MAAM,GAAG,eAAe,CAAC,iBAAiB,CAC1D,CAAC;YACF,MAAM,OAAO,GAAG,cAAc,CAAC,KAAK,CAAC,cAAc,CAAC,MAAM,GAAG,eAAe,CAAC,iBAAiB,CAAC,CAAC;YAChG,OAAO,OAAO,CAAC,IAAI,CAAC;gBAClB,EAAE;gBACF,OAAO;gBACP,aAAa;aACd,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,MAAM,OAAO,GAAG,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;YAC3D,OAAO,OAAO,CAAC,IAAI,CAAC,sBAAsB,OAAO,EAAE,CAAC,CAAC;QACvD,CAAC;IACH,CAAC;IAED;;;;;;;OAOG;IACI,KAAK,CAAC,OAAO,CAClB,aAAyB,EACzB,GAAe,EACf,EAAc,EACd,OAAmB;QAEnB,IAAI,GAAG,CAAC,MAAM,KAAK,eAAe,CAAC,gBAAgB,EAAE,CAAC;YACpD,OAAO,OAAO,CAAC,IAAI,CAAC,eAAe,eAAe,CAAC,gBAAgB,eAAe,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC;QAClG,CAAC;QACD,IAAI,EAAE,CAAC,MAAM,KAAK,eAAe,CAAC,WAAW,EAAE,CAAC;YAC9C,OAAO,OAAO,CAAC,IAAI,CAAC,cAAc,eAAe,CAAC,WAAW,eAAe,EAAE,CAAC,MAAM,EAAE,CAAC,CAAC;QAC3F,CAAC;QACD,IAAI,OAAO,CAAC,MAAM,KAAK,eAAe,CAAC,iBAAiB,EAAE,CAAC;YACzD,OAAO,OAAO,CAAC,IAAI,CACjB,oBAAoB,eAAe,CAAC,iBAAiB,eAAe,OAAO,CAAC,MAAM,EAAE,CACrF,CAAC;QACJ,CAAC;QAED,IAAI,CAAC;YACH,iBAAiB;YACjB,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,SAAS,CACnD,KAAK,EACL,aAAa,CAAC,GAAG,CAAC,EAClB,EAAE,IAAI,EAAE,SAAS,EAAE,EACnB,KAAK,EACL,CAAC,SAAS,CAAC,CACZ,CAAC;YAEF,wDAAwD;YACxD,MAAM,gBAAgB,GAAG,IAAI,UAAU,CAAC,aAAa,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;YAC/E,gBAAgB,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;YACpC,gBAAgB,CAAC,GAAG,CAAC,OAAO,EAAE,aAAa,CAAC,MAAM,CAAC,CAAC;YAEpD,UAAU;YACV,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,CACjD;gBACE,IAAI,EAAE,SAAS;gBACf,EAAE,EAAE,aAAa,CAAC,EAAE,CAAC;gBACrB,SAAS,EAAE,eAAe,CAAC,iBAAiB,GAAG,CAAC,CAAC,OAAO;aACzD,EACD,SAAS,EACT,gBAAgB,CACjB,CAAC;YAEF,mBAAmB;YACnB,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAC;YAClC,OAAO,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC;QACjD,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,MAAM,OAAO,GAAG,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;YAC3D,OAAO,OAAO,CAAC,IAAI,CAAC,sBAAsB,OAAO,EAAE,CAAC,CAAC;QACvD,CAAC;IACH,CAAC;IAED;;;OAGG;IACI,KAAK,CAAC,WAAW;QACtB,IAAI,CAAC;YACH,OAAO,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,eAAe,CAAC,IAAI,UAAU,CAAC,eAAe,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC;QACtG,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,MAAM,OAAO,GAAG,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;YAC3D,OAAO,OAAO,CAAC,IAAI,CAAC,0BAA0B,OAAO,EAAE,CAAC,CAAC;QAC3D,CAAC;IACH,CAAC;IAED;;;;;;OAMG;IACI,KAAK,CAAC,SAAS,CACpB,QAAgB,EAChB,IAAgB,EAChB,UAAkB;QAElB,IAAI,UAAU,GAAG,CAAC,EAAE,CAAC;YACnB,OAAO,OAAO,CAAC,IAAI,CAAC,+BAA+B,CAAC,CAAC;QACvD,CAAC;QACD,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACpB,OAAO,OAAO,CAAC,IAAI,CAAC,iCAAiC,CAAC,CAAC;QACzD,CAAC;QAED,IAAI,CAAC;YACH,kBAAkB;YAClB,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAC;YAClC,MAAM,aAAa,GAAG,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;YAE/C,kCAAkC;YAClC,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,KAAK,EAAE,aAAa,EAAE,QAAQ,EAAE,KAAK,EAAE;gBAC7F,YAAY;aACb,CAAC,CAAC;YAEH,kBAAkB;YAClB,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,UAAU,CACtD;gBACE,IAAI,EAAE,QAAQ;gBACd,IAAI,EAAE,aAAa,CAAC,IAAI,CAAC;gBACzB,UAAU,EAAE,UAAU;gBACtB,IAAI,EAAE,SAAS;aAChB,EACD,WAAW,EACX,eAAe,CAAC,gBAAgB,GAAG,CAAC,CAAC,OAAO;aAC7C,CAAC;YAEF,OAAO,OAAO,CAAC,IAAI,CAAC,IAAI,UAAU,CAAC,WAAW,CAAC,CAAC,CAAC;QACnD,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,MAAM,OAAO,GAAG,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;YAC3D,OAAO,OAAO,CAAC,IAAI,CAAC,0BAA0B,OAAO,EAAE,CAAC,CAAC;QAC3D,CAAC;IACH,CAAC;IAED;;;;OAIG;IACI,KAAK,CAAC,MAAM,CAAC,IAAY;QAC9B,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAC;YAClC,MAAM,UAAU,GAAG,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;YACxC,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,UAAU,CAAC,CAAC;YAC3E,MAAM,SAAS,GAAG,IAAI,UAAU,CAAC,UAAU,CAAC,CAAC;YAC7C,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC;iBAClC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;iBAC3C,IAAI,CAAC,EAAE,CAAC,CAAC;YACZ,OAAO,OAAO,CAAC,OAAO,CAAC,CAAC;QAC1B,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,MAAM,OAAO,GAAG,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;YAC3D,OAAO,IAAI,CAAC,wBAAwB,OAAO,EAAE,CAAC,CAAC;QACjD,CAAC;IACH,CAAC;IAED,+EAA+E;IAC/E,2BAA2B;IAC3B,+EAA+E;IAE/E;;;;OAIG;IACI,mBAAmB,CAAC,MAAc;QACvC,IAAI,MAAM,GAAG,CAAC,EAAE,CAAC;YACf,OAAO,OAAO,CAAC,IAAI,CAAC,2BAA2B,CAAC,CAAC;QACnD,CAAC;QACD,IAAI,CAAC;YACH,OAAO,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,eAAe,CAAC,IAAI,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;QAC5E,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,MAAM,OAAO,GAAG,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;YAC3D,OAAO,OAAO,CAAC,IAAI,CAAC,mCAAmC,OAAO,EAAE,CAAC,CAAC;QACpE,CAAC;IACH,CAAC;IAED;;;;OAIG;IACI,QAAQ,CAAC,IAAgB;QAC9B,sDAAsD;QACtD,IAAI,MAAM,GAAG,EAAE,CAAC;QAChB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACrC,MAAM,IAAI,MAAM,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;QACzC,CAAC;QACD,OAAO,IAAI,CAAC,MAAM,CAAC,CAAC;IACtB,CAAC;IAED;;;;OAIG;IACI,UAAU,CAAC,MAAc;QAC9B,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC;YAC5B,MAAM,KAAK,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;YAC5C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;gBACvC,KAAK,CAAC,CAAC,CAAC,GAAG,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;YAClC,CAAC;YACD,OAAO,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC7B,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,OAAO,OAAO,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC;QAC/C,CAAC;IACH,CAAC;CACF;AAED;;;;;GAKG;AACH,MAAM,UAAU,2BAA2B;IACzC,OAAO,aAAa,CAAC,GAAG,EAAE,CAAC,IAAI,qBAAqB,EAAE,CAAC,CAAC;AAC1D,CAAC;AACD,oBAAoB","sourcesContent":["// Copyright (c) 2024 Erik Fortune\n//\n// Permission is hereby granted, free of charge, to any person obtaining a copy\n// of this software and associated documentation files (the \"Software\"), to deal\n// in the Software without restriction, including without limitation the rights\n// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell\n// copies of the Software, and to permit persons to whom the Software is\n// furnished to do so, subject to the following conditions:\n//\n// The above copyright notice and this permission notice shall be included in all\n// copies or substantial portions of the Software.\n//\n// THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\n// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\n// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\n// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\n// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\n// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE\n// SOFTWARE.\n\n/* c8 ignore start - Browser-only implementation cannot be tested in Node.js environment */\nimport { captureResult, fail, Failure, Result, succeed, Success } from '@fgv/ts-utils';\nimport { CryptoUtils } from '@fgv/ts-extras';\n\ntype ICryptoProvider = CryptoUtils.ICryptoProvider;\ntype IEncryptionResult = CryptoUtils.IEncryptionResult;\nconst CryptoConstants = CryptoUtils.Constants;\n\n/**\n * Extracts an `ArrayBuffer` from a Uint8Array, handling the potential SharedArrayBuffer case.\n * @param arr - The Uint8Array to extract from\n * @returns An `ArrayBuffer` containing a copy of the data.\n */\nfunction toArrayBuffer(arr: Uint8Array): ArrayBuffer {\n // Create a new ArrayBuffer and copy the data - this handles both ArrayBuffer and SharedArrayBuffer\n const buffer = new ArrayBuffer(arr.byteLength);\n new Uint8Array(buffer).set(arr);\n return buffer;\n}\n\n/**\n * Browser implementation of `ICryptoProvider` using the Web Crypto API.\n * Uses AES-256-GCM for authenticated encryption.\n *\n * Note: This provider requires a browser environment with Web Crypto API support.\n * In Node.js 15+, Web Crypto is available via globalThis.crypto or require('crypto').webcrypto.\n *\n * @public\n */\nexport class BrowserCryptoProvider implements ICryptoProvider {\n private readonly _crypto: Crypto;\n\n /**\n * Creates a new {@link CryptoUtils.BrowserCryptoProvider | BrowserCryptoProvider}.\n * @param cryptoApi - Optional Crypto instance (defaults to globalThis.crypto)\n */\n public constructor(cryptoApi?: Crypto) {\n if (cryptoApi) {\n this._crypto = cryptoApi;\n } else if (typeof globalThis !== 'undefined' && globalThis.crypto) {\n this._crypto = globalThis.crypto;\n } else if (typeof window !== 'undefined' && window.crypto) {\n this._crypto = window.crypto;\n } else {\n throw new Error('Web Crypto API not available');\n }\n }\n\n /**\n * Encrypts plaintext using AES-256-GCM.\n * @param plaintext - UTF-8 string to encrypt\n * @param key - 32-byte encryption key\n * @returns `Success` with encryption result, or `Failure` with an error.\n */\n public async encrypt(plaintext: string, key: Uint8Array): Promise<Result<IEncryptionResult>> {\n if (key.length !== CryptoConstants.AES_256_KEY_SIZE) {\n return Failure.with(`Key must be ${CryptoConstants.AES_256_KEY_SIZE} bytes, got ${key.length}`);\n }\n\n try {\n // Generate random IV\n const iv = this._crypto.getRandomValues(new Uint8Array(CryptoConstants.GCM_IV_SIZE));\n\n // Import the key\n const cryptoKey = await this._crypto.subtle.importKey(\n 'raw',\n toArrayBuffer(key),\n { name: 'AES-GCM' },\n false,\n ['encrypt']\n );\n\n // Encode plaintext to bytes\n const encoder = new TextEncoder();\n const plaintextBytes = encoder.encode(plaintext);\n\n // Encrypt (Web Crypto appends auth tag to ciphertext)\n const encryptedWithTag = await this._crypto.subtle.encrypt(\n {\n name: 'AES-GCM',\n iv: iv,\n tagLength: CryptoConstants.GCM_AUTH_TAG_SIZE * 8 // bits\n },\n cryptoKey,\n plaintextBytes\n );\n\n // Split ciphertext and auth tag (auth tag is last 16 bytes)\n const encryptedArray = new Uint8Array(encryptedWithTag);\n const encryptedData = encryptedArray.slice(\n 0,\n encryptedArray.length - CryptoConstants.GCM_AUTH_TAG_SIZE\n );\n const authTag = encryptedArray.slice(encryptedArray.length - CryptoConstants.GCM_AUTH_TAG_SIZE);\n return Success.with({\n iv,\n authTag,\n encryptedData\n });\n } catch (e) {\n const message = e instanceof Error ? e.message : String(e);\n return Failure.with(`Encryption failed: ${message}`);\n }\n }\n\n /**\n * Decrypts ciphertext using AES-256-GCM.\n * @param encryptedData - Encrypted bytes\n * @param key - 32-byte decryption key\n * @param iv - Initialization vector (12 bytes)\n * @param authTag - GCM authentication tag (16 bytes)\n * @returns `Success` with decrypted UTF-8 string, or `Failure` with an error.\n */\n public async decrypt(\n encryptedData: Uint8Array,\n key: Uint8Array,\n iv: Uint8Array,\n authTag: Uint8Array\n ): Promise<Result<string>> {\n if (key.length !== CryptoConstants.AES_256_KEY_SIZE) {\n return Failure.with(`Key must be ${CryptoConstants.AES_256_KEY_SIZE} bytes, got ${key.length}`);\n }\n if (iv.length !== CryptoConstants.GCM_IV_SIZE) {\n return Failure.with(`IV must be ${CryptoConstants.GCM_IV_SIZE} bytes, got ${iv.length}`);\n }\n if (authTag.length !== CryptoConstants.GCM_AUTH_TAG_SIZE) {\n return Failure.with(\n `Auth tag must be ${CryptoConstants.GCM_AUTH_TAG_SIZE} bytes, got ${authTag.length}`\n );\n }\n\n try {\n // Import the key\n const cryptoKey = await this._crypto.subtle.importKey(\n 'raw',\n toArrayBuffer(key),\n { name: 'AES-GCM' },\n false,\n ['decrypt']\n );\n\n // Web Crypto expects ciphertext + auth tag concatenated\n const encryptedWithTag = new Uint8Array(encryptedData.length + authTag.length);\n encryptedWithTag.set(encryptedData);\n encryptedWithTag.set(authTag, encryptedData.length);\n\n // Decrypt\n const decrypted = await this._crypto.subtle.decrypt(\n {\n name: 'AES-GCM',\n iv: toArrayBuffer(iv),\n tagLength: CryptoConstants.GCM_AUTH_TAG_SIZE * 8 // bits\n },\n cryptoKey,\n encryptedWithTag\n );\n\n // Decode to string\n const decoder = new TextDecoder();\n return Success.with(decoder.decode(decrypted));\n } catch (e) {\n const message = e instanceof Error ? e.message : String(e);\n return Failure.with(`Decryption failed: ${message}`);\n }\n }\n\n /**\n * Generates a random 32-byte key suitable for AES-256.\n * @returns Success with generated key, or Failure with error\n */\n public async generateKey(): Promise<Result<Uint8Array>> {\n try {\n return Success.with(this._crypto.getRandomValues(new Uint8Array(CryptoConstants.AES_256_KEY_SIZE)));\n } catch (e) {\n const message = e instanceof Error ? e.message : String(e);\n return Failure.with(`Key generation failed: ${message}`);\n }\n }\n\n /**\n * Derives a key from a password using PBKDF2.\n * @param password - Password string\n * @param salt - Salt bytes (should be at least 16 bytes)\n * @param iterations - Number of iterations (recommend 100000+)\n * @returns Success with derived 32-byte key, or Failure with error\n */\n public async deriveKey(\n password: string,\n salt: Uint8Array,\n iterations: number\n ): Promise<Result<Uint8Array>> {\n if (iterations < 1) {\n return Failure.with('Iterations must be at least 1');\n }\n if (salt.length < 8) {\n return Failure.with('Salt should be at least 8 bytes');\n }\n\n try {\n // Encode password\n const encoder = new TextEncoder();\n const passwordBytes = encoder.encode(password);\n\n // Import password as key material\n const keyMaterial = await this._crypto.subtle.importKey('raw', passwordBytes, 'PBKDF2', false, [\n 'deriveBits'\n ]);\n\n // Derive key bits\n const derivedBits = await this._crypto.subtle.deriveBits(\n {\n name: 'PBKDF2',\n salt: toArrayBuffer(salt),\n iterations: iterations,\n hash: 'SHA-256'\n },\n keyMaterial,\n CryptoConstants.AES_256_KEY_SIZE * 8 // bits\n );\n\n return Success.with(new Uint8Array(derivedBits));\n } catch (e) {\n const message = e instanceof Error ? e.message : String(e);\n return Failure.with(`Key derivation failed: ${message}`);\n }\n }\n\n /**\n * Computes a SHA-256 hash of the given data.\n * @param data - UTF-8 string to hash\n * @returns `Success` with hex-encoded hash string, or `Failure` with an error.\n */\n public async sha256(data: string): Promise<Result<string>> {\n try {\n const encoder = new TextEncoder();\n const dataBuffer = encoder.encode(data);\n const hashBuffer = await this._crypto.subtle.digest('SHA-256', dataBuffer);\n const hashArray = new Uint8Array(hashBuffer);\n const hashHex = Array.from(hashArray)\n .map((b) => b.toString(16).padStart(2, '0'))\n .join('');\n return succeed(hashHex);\n } catch (e) {\n const message = e instanceof Error ? e.message : String(e);\n return fail(`SHA-256 hash failed: ${message}`);\n }\n }\n\n // ============================================================================\n // Platform Utility Methods\n // ============================================================================\n\n /**\n * Generates cryptographically secure random bytes.\n * @param length - Number of bytes to generate\n * @returns Success with random bytes, or Failure with error\n */\n public generateRandomBytes(length: number): Result<Uint8Array> {\n if (length < 1) {\n return Failure.with('Length must be at least 1');\n }\n try {\n return Success.with(this._crypto.getRandomValues(new Uint8Array(length)));\n } catch (e) {\n const message = e instanceof Error ? e.message : String(e);\n return Failure.with(`Random bytes generation failed: ${message}`);\n }\n }\n\n /**\n * Encodes binary data to base64 string.\n * @param data - Binary data to encode\n * @returns Base64-encoded string\n */\n public toBase64(data: Uint8Array): string {\n // Convert Uint8Array to binary string, then to base64\n let binary = '';\n for (let i = 0; i < data.length; i++) {\n binary += String.fromCharCode(data[i]);\n }\n return btoa(binary);\n }\n\n /**\n * Decodes base64 string to binary data.\n * @param base64 - Base64-encoded string\n * @returns Success with decoded bytes, or Failure if invalid base64\n */\n public fromBase64(base64: string): Result<Uint8Array> {\n try {\n const binary = atob(base64);\n const bytes = new Uint8Array(binary.length);\n for (let i = 0; i < binary.length; i++) {\n bytes[i] = binary.charCodeAt(i);\n }\n return Success.with(bytes);\n } catch (e) {\n return Failure.with('Invalid base64 string');\n }\n }\n}\n\n/**\n * Creates a {@link CryptoUtils.BrowserCryptoProvider | BrowserCryptoProvider} if Web\n * Crypto API is available.\n * @returns `Success` with provider, or `Failure` if not available\n * @public\n */\nexport function createBrowserCryptoProvider(): Result<BrowserCryptoProvider> {\n return captureResult(() => new BrowserCryptoProvider());\n}\n/* c8 ignore stop */\n"]}
1
+ {"version":3,"file":"browserCryptoProvider.js","sourceRoot":"","sources":["../../../src/packlets/crypto-utils/browserCryptoProvider.ts"],"names":[],"mappings":"AAAA,kCAAkC;AAClC,EAAE;AACF,+EAA+E;AAC/E,gFAAgF;AAChF,+EAA+E;AAC/E,4EAA4E;AAC5E,wEAAwE;AACxE,2DAA2D;AAC3D,EAAE;AACF,iFAAiF;AACjF,kDAAkD;AAClD,EAAE;AACF,6EAA6E;AAC7E,2EAA2E;AAC3E,8EAA8E;AAC9E,yEAAyE;AACzE,gFAAgF;AAChF,gFAAgF;AAChF,YAAY;AAEZ,2FAA2F;AAC3F,OAAO,EAAE,kBAAkB,EAAE,aAAa,EAAE,IAAI,EAAE,OAAO,EAAU,OAAO,EAAE,OAAO,EAAE,MAAM,eAAe,CAAC;AAC3G,OAAO,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAE7C;;;;GAIG;AACH,SAAS,aAAa,CAAC,GAAe;IACpC,mGAAmG;IACnG,MAAM,MAAM,GAAG,IAAI,WAAW,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IAC/C,IAAI,UAAU,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;IAChC,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,OAAO,qBAAqB;IAGhC;;;OAGG;IACH,YAAmB,SAAkB;QACnC,IAAI,SAAS,EAAE,CAAC;YACd,IAAI,CAAC,OAAO,GAAG,SAAS,CAAC;QAC3B,CAAC;aAAM,IAAI,OAAO,UAAU,KAAK,WAAW,IAAI,UAAU,CAAC,MAAM,EAAE,CAAC;YAClE,IAAI,CAAC,OAAO,GAAG,UAAU,CAAC,MAAM,CAAC;QACnC,CAAC;aAAM,IAAI,OAAO,MAAM,KAAK,WAAW,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;YAC1D,IAAI,CAAC,OAAO,GAAG,MAAM,CAAC,MAAM,CAAC;QAC/B,CAAC;aAAM,CAAC;YACN,MAAM,IAAI,KAAK,CAAC,8BAA8B,CAAC,CAAC;QAClD,CAAC;IACH,CAAC;IAED;;;;;OAKG;IACI,KAAK,CAAC,OAAO,CAAC,SAAiB,EAAE,GAAe;QACrD,IAAI,GAAG,CAAC,MAAM,KAAK,WAAW,CAAC,SAAS,CAAC,gBAAgB,EAAE,CAAC;YAC1D,OAAO,OAAO,CAAC,IAAI,CAAC,eAAe,WAAW,CAAC,SAAS,CAAC,gBAAgB,eAAe,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC;QACxG,CAAC;QAED,IAAI,CAAC;YACH,qBAAqB;YACrB,MAAM,EAAE,GAAG,IAAI,CAAC,OAAO,CAAC,eAAe,CAAC,IAAI,UAAU,CAAC,WAAW,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC,CAAC;YAE3F,iBAAiB;YACjB,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,SAAS,CACnD,KAAK,EACL,aAAa,CAAC,GAAG,CAAC,EAClB,EAAE,IAAI,EAAE,SAAS,EAAE,EACnB,KAAK,EACL,CAAC,SAAS,CAAC,CACZ,CAAC;YAEF,4BAA4B;YAC5B,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAC;YAClC,MAAM,cAAc,GAAG,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;YAEjD,sDAAsD;YACtD,MAAM,gBAAgB,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,CACxD;gBACE,IAAI,EAAE,SAAS;gBACf,EAAE,EAAE,EAAE;gBACN,SAAS,EAAE,WAAW,CAAC,SAAS,CAAC,iBAAiB,GAAG,CAAC,CAAC,OAAO;aAC/D,EACD,SAAS,EACT,cAAc,CACf,CAAC;YAEF,4DAA4D;YAC5D,MAAM,cAAc,GAAG,IAAI,UAAU,CAAC,gBAAgB,CAAC,CAAC;YACxD,MAAM,aAAa,GAAG,cAAc,CAAC,KAAK,CACxC,CAAC,EACD,cAAc,CAAC,MAAM,GAAG,WAAW,CAAC,SAAS,CAAC,iBAAiB,CAChE,CAAC;YACF,MAAM,OAAO,GAAG,cAAc,CAAC,KAAK,CAAC,cAAc,CAAC,MAAM,GAAG,WAAW,CAAC,SAAS,CAAC,iBAAiB,CAAC,CAAC;YACtG,OAAO,OAAO,CAAC,IAAI,CAAC;gBAClB,EAAE;gBACF,OAAO;gBACP,aAAa;aACd,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,MAAM,OAAO,GAAG,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;YAC3D,OAAO,OAAO,CAAC,IAAI,CAAC,sBAAsB,OAAO,EAAE,CAAC,CAAC;QACvD,CAAC;IACH,CAAC;IAED;;;;;;;OAOG;IACI,KAAK,CAAC,OAAO,CAClB,aAAyB,EACzB,GAAe,EACf,EAAc,EACd,OAAmB;QAEnB,IAAI,GAAG,CAAC,MAAM,KAAK,WAAW,CAAC,SAAS,CAAC,gBAAgB,EAAE,CAAC;YAC1D,OAAO,OAAO,CAAC,IAAI,CAAC,eAAe,WAAW,CAAC,SAAS,CAAC,gBAAgB,eAAe,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC;QACxG,CAAC;QACD,IAAI,EAAE,CAAC,MAAM,KAAK,WAAW,CAAC,SAAS,CAAC,WAAW,EAAE,CAAC;YACpD,OAAO,OAAO,CAAC,IAAI,CAAC,cAAc,WAAW,CAAC,SAAS,CAAC,WAAW,eAAe,EAAE,CAAC,MAAM,EAAE,CAAC,CAAC;QACjG,CAAC;QACD,IAAI,OAAO,CAAC,MAAM,KAAK,WAAW,CAAC,SAAS,CAAC,iBAAiB,EAAE,CAAC;YAC/D,OAAO,OAAO,CAAC,IAAI,CACjB,oBAAoB,WAAW,CAAC,SAAS,CAAC,iBAAiB,eAAe,OAAO,CAAC,MAAM,EAAE,CAC3F,CAAC;QACJ,CAAC;QAED,IAAI,CAAC;YACH,iBAAiB;YACjB,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,SAAS,CACnD,KAAK,EACL,aAAa,CAAC,GAAG,CAAC,EAClB,EAAE,IAAI,EAAE,SAAS,EAAE,EACnB,KAAK,EACL,CAAC,SAAS,CAAC,CACZ,CAAC;YAEF,wDAAwD;YACxD,MAAM,gBAAgB,GAAG,IAAI,UAAU,CAAC,aAAa,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;YAC/E,gBAAgB,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;YACpC,gBAAgB,CAAC,GAAG,CAAC,OAAO,EAAE,aAAa,CAAC,MAAM,CAAC,CAAC;YAEpD,UAAU;YACV,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,CACjD;gBACE,IAAI,EAAE,SAAS;gBACf,EAAE,EAAE,aAAa,CAAC,EAAE,CAAC;gBACrB,SAAS,EAAE,WAAW,CAAC,SAAS,CAAC,iBAAiB,GAAG,CAAC,CAAC,OAAO;aAC/D,EACD,SAAS,EACT,gBAAgB,CACjB,CAAC;YAEF,mBAAmB;YACnB,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAC;YAClC,OAAO,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC;QACjD,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,MAAM,OAAO,GAAG,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;YAC3D,OAAO,OAAO,CAAC,IAAI,CAAC,sBAAsB,OAAO,EAAE,CAAC,CAAC;QACvD,CAAC;IACH,CAAC;IAED;;;OAGG;IACI,KAAK,CAAC,WAAW;QACtB,IAAI,CAAC;YACH,OAAO,OAAO,CAAC,IAAI,CACjB,IAAI,CAAC,OAAO,CAAC,eAAe,CAAC,IAAI,UAAU,CAAC,WAAW,CAAC,SAAS,CAAC,gBAAgB,CAAC,CAAC,CACrF,CAAC;QACJ,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,MAAM,OAAO,GAAG,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;YAC3D,OAAO,OAAO,CAAC,IAAI,CAAC,0BAA0B,OAAO,EAAE,CAAC,CAAC;QAC3D,CAAC;IACH,CAAC;IAED;;;;;;OAMG;IACI,KAAK,CAAC,SAAS,CACpB,QAAgB,EAChB,IAAgB,EAChB,UAAkB;QAElB,IAAI,UAAU,GAAG,CAAC,EAAE,CAAC;YACnB,OAAO,OAAO,CAAC,IAAI,CAAC,+BAA+B,CAAC,CAAC;QACvD,CAAC;QACD,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACpB,OAAO,OAAO,CAAC,IAAI,CAAC,iCAAiC,CAAC,CAAC;QACzD,CAAC;QAED,IAAI,CAAC;YACH,kBAAkB;YAClB,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAC;YAClC,MAAM,aAAa,GAAG,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;YAE/C,kCAAkC;YAClC,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,KAAK,EAAE,aAAa,EAAE,QAAQ,EAAE,KAAK,EAAE;gBAC7F,YAAY;aACb,CAAC,CAAC;YAEH,kBAAkB;YAClB,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,UAAU,CACtD;gBACE,IAAI,EAAE,QAAQ;gBACd,IAAI,EAAE,aAAa,CAAC,IAAI,CAAC;gBACzB,UAAU,EAAE,UAAU;gBACtB,IAAI,EAAE,SAAS;aAChB,EACD,WAAW,EACX,WAAW,CAAC,SAAS,CAAC,gBAAgB,GAAG,CAAC,CAAC,OAAO;aACnD,CAAC;YAEF,OAAO,OAAO,CAAC,IAAI,CAAC,IAAI,UAAU,CAAC,WAAW,CAAC,CAAC,CAAC;QACnD,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,MAAM,OAAO,GAAG,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;YAC3D,OAAO,OAAO,CAAC,IAAI,CAAC,0BAA0B,OAAO,EAAE,CAAC,CAAC;QAC3D,CAAC;IACH,CAAC;IAED;;;;OAIG;IACI,KAAK,CAAC,MAAM,CAAC,IAAY;QAC9B,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAC;YAClC,MAAM,UAAU,GAAG,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;YACxC,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,UAAU,CAAC,CAAC;YAC3E,MAAM,SAAS,GAAG,IAAI,UAAU,CAAC,UAAU,CAAC,CAAC;YAC7C,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC;iBAClC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;iBAC3C,IAAI,CAAC,EAAE,CAAC,CAAC;YACZ,OAAO,OAAO,CAAC,OAAO,CAAC,CAAC;QAC1B,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,MAAM,OAAO,GAAG,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;YAC3D,OAAO,IAAI,CAAC,wBAAwB,OAAO,EAAE,CAAC,CAAC;QACjD,CAAC;IACH,CAAC;IAED,+EAA+E;IAC/E,2BAA2B;IAC3B,+EAA+E;IAE/E;;;;OAIG;IACI,mBAAmB,CAAC,MAAc;QACvC,IAAI,MAAM,GAAG,CAAC,EAAE,CAAC;YACf,OAAO,OAAO,CAAC,IAAI,CAAC,2BAA2B,CAAC,CAAC;QACnD,CAAC;QACD,IAAI,CAAC;YACH,OAAO,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,eAAe,CAAC,IAAI,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;QAC5E,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,MAAM,OAAO,GAAG,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;YAC3D,OAAO,OAAO,CAAC,IAAI,CAAC,mCAAmC,OAAO,EAAE,CAAC,CAAC;QACpE,CAAC;IACH,CAAC;IAED;;;;OAIG;IACI,QAAQ,CAAC,IAAgB;QAC9B,sDAAsD;QACtD,IAAI,MAAM,GAAG,EAAE,CAAC;QAChB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACrC,MAAM,IAAI,MAAM,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;QACzC,CAAC;QACD,OAAO,IAAI,CAAC,MAAM,CAAC,CAAC;IACtB,CAAC;IAED;;;;OAIG;IACI,UAAU,CAAC,MAAc;QAC9B,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC;YAC5B,MAAM,KAAK,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;YAC5C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;gBACvC,KAAK,CAAC,CAAC,CAAC,GAAG,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;YAClC,CAAC;YACD,OAAO,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC7B,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,OAAO,OAAO,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC;QAC/C,CAAC;IACH,CAAC;IAED,+EAA+E;IAC/E,4BAA4B;IAC5B,+EAA+E;IAE/E;;;;;OAKG;IACI,KAAK,CAAC,eAAe,CAC1B,SAAuC,EACvC,WAAoB;QAEpB,MAAM,MAAM,GAAG,WAAW,CAAC,sBAAsB,CAAC,SAAS,CAAC,CAAC;QAC7D,MAAM,MAAM,GAAG,MAAM,kBAAkB,CAAC,GAAG,EAAE,CAC3C,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,WAAW,CAAC,MAAM,CAAC,WAAW,EAAE,WAAW,EAAE,MAAM,CAAC,aAAa,CAAC,CACvF,CAAC;QACF,OAAO,MAAM,CAAC,eAAe,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,sBAAsB,SAAS,aAAa,CAAC,EAAE,CAAC,CAAC;IACxF,CAAC;IAED;;;;;;;;;OASG;IACI,KAAK,CAAC,kBAAkB,CAAC,SAAoB;QAClD,IAAI,SAAS,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;YAChC,OAAO,OAAO,CAAC,IAAI,CAAC,wDAAwD,SAAS,CAAC,IAAI,GAAG,CAAC,CAAC;QACjG,CAAC;QACD,MAAM,MAAM,GAAG,MAAM,kBAAkB,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,KAAK,EAAE,SAAS,CAAC,CAAC,CAAC;QAC/F,OAAO,MAAM,CAAC,eAAe,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,uCAAuC,CAAC,EAAE,CAAC,CAAC;IACnF,CAAC;IAED;;;;;OAKG;IACI,KAAK,CAAC,kBAAkB,CAC7B,GAAe,EACf,SAAuC;QAEvC,MAAM,MAAM,GAAG,WAAW,CAAC,sBAAsB,CAAC,SAAS,CAAC,CAAC;QAC7D,MAAM,MAAM,GAAG,MAAM,kBAAkB,CAAC,GAAG,EAAE,CAC3C,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,KAAK,EAAE,GAAG,EAAE,MAAM,CAAC,eAAe,EAAE,IAAI,EAAE,MAAM,CAAC,eAAe,CAAC,CAChG,CAAC;QACF,OAAO,MAAM,CAAC,eAAe,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,oBAAoB,SAAS,yBAAyB,CAAC,EAAE,CAAC,CAAC;IAClG,CAAC;CACF;AAED;;;;;GAKG;AACH,MAAM,UAAU,2BAA2B;IACzC,OAAO,aAAa,CAAC,GAAG,EAAE,CAAC,IAAI,qBAAqB,EAAE,CAAC,CAAC;AAC1D,CAAC;AACD,oBAAoB","sourcesContent":["// Copyright (c) 2024 Erik Fortune\n//\n// Permission is hereby granted, free of charge, to any person obtaining a copy\n// of this software and associated documentation files (the \"Software\"), to deal\n// in the Software without restriction, including without limitation the rights\n// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell\n// copies of the Software, and to permit persons to whom the Software is\n// furnished to do so, subject to the following conditions:\n//\n// The above copyright notice and this permission notice shall be included in all\n// copies or substantial portions of the Software.\n//\n// THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\n// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\n// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\n// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\n// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\n// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE\n// SOFTWARE.\n\n/* c8 ignore start - Browser-only implementation cannot be tested in Node.js environment */\nimport { captureAsyncResult, captureResult, fail, Failure, Result, succeed, Success } from '@fgv/ts-utils';\nimport { CryptoUtils } from '@fgv/ts-extras';\n\n/**\n * Extracts an `ArrayBuffer` from a Uint8Array, handling the potential SharedArrayBuffer case.\n * @param arr - The Uint8Array to extract from\n * @returns An `ArrayBuffer` containing a copy of the data.\n */\nfunction toArrayBuffer(arr: Uint8Array): ArrayBuffer {\n // Create a new ArrayBuffer and copy the data - this handles both ArrayBuffer and SharedArrayBuffer\n const buffer = new ArrayBuffer(arr.byteLength);\n new Uint8Array(buffer).set(arr);\n return buffer;\n}\n\n/**\n * Browser implementation of `ICryptoProvider` using the Web Crypto API.\n * Uses AES-256-GCM for authenticated encryption.\n *\n * Note: This provider requires a browser environment with Web Crypto API support.\n * In Node.js 15+, Web Crypto is available via globalThis.crypto or require('crypto').webcrypto.\n *\n * @public\n */\nexport class BrowserCryptoProvider implements CryptoUtils.ICryptoProvider {\n private readonly _crypto: Crypto;\n\n /**\n * Creates a new {@link CryptoUtils.BrowserCryptoProvider | BrowserCryptoProvider}.\n * @param cryptoApi - Optional Crypto instance (defaults to globalThis.crypto)\n */\n public constructor(cryptoApi?: Crypto) {\n if (cryptoApi) {\n this._crypto = cryptoApi;\n } else if (typeof globalThis !== 'undefined' && globalThis.crypto) {\n this._crypto = globalThis.crypto;\n } else if (typeof window !== 'undefined' && window.crypto) {\n this._crypto = window.crypto;\n } else {\n throw new Error('Web Crypto API not available');\n }\n }\n\n /**\n * Encrypts plaintext using AES-256-GCM.\n * @param plaintext - UTF-8 string to encrypt\n * @param key - 32-byte encryption key\n * @returns `Success` with encryption result, or `Failure` with an error.\n */\n public async encrypt(plaintext: string, key: Uint8Array): Promise<Result<CryptoUtils.IEncryptionResult>> {\n if (key.length !== CryptoUtils.Constants.AES_256_KEY_SIZE) {\n return Failure.with(`Key must be ${CryptoUtils.Constants.AES_256_KEY_SIZE} bytes, got ${key.length}`);\n }\n\n try {\n // Generate random IV\n const iv = this._crypto.getRandomValues(new Uint8Array(CryptoUtils.Constants.GCM_IV_SIZE));\n\n // Import the key\n const cryptoKey = await this._crypto.subtle.importKey(\n 'raw',\n toArrayBuffer(key),\n { name: 'AES-GCM' },\n false,\n ['encrypt']\n );\n\n // Encode plaintext to bytes\n const encoder = new TextEncoder();\n const plaintextBytes = encoder.encode(plaintext);\n\n // Encrypt (Web Crypto appends auth tag to ciphertext)\n const encryptedWithTag = await this._crypto.subtle.encrypt(\n {\n name: 'AES-GCM',\n iv: iv,\n tagLength: CryptoUtils.Constants.GCM_AUTH_TAG_SIZE * 8 // bits\n },\n cryptoKey,\n plaintextBytes\n );\n\n // Split ciphertext and auth tag (auth tag is last 16 bytes)\n const encryptedArray = new Uint8Array(encryptedWithTag);\n const encryptedData = encryptedArray.slice(\n 0,\n encryptedArray.length - CryptoUtils.Constants.GCM_AUTH_TAG_SIZE\n );\n const authTag = encryptedArray.slice(encryptedArray.length - CryptoUtils.Constants.GCM_AUTH_TAG_SIZE);\n return Success.with({\n iv,\n authTag,\n encryptedData\n });\n } catch (e) {\n const message = e instanceof Error ? e.message : String(e);\n return Failure.with(`Encryption failed: ${message}`);\n }\n }\n\n /**\n * Decrypts ciphertext using AES-256-GCM.\n * @param encryptedData - Encrypted bytes\n * @param key - 32-byte decryption key\n * @param iv - Initialization vector (12 bytes)\n * @param authTag - GCM authentication tag (16 bytes)\n * @returns `Success` with decrypted UTF-8 string, or `Failure` with an error.\n */\n public async decrypt(\n encryptedData: Uint8Array,\n key: Uint8Array,\n iv: Uint8Array,\n authTag: Uint8Array\n ): Promise<Result<string>> {\n if (key.length !== CryptoUtils.Constants.AES_256_KEY_SIZE) {\n return Failure.with(`Key must be ${CryptoUtils.Constants.AES_256_KEY_SIZE} bytes, got ${key.length}`);\n }\n if (iv.length !== CryptoUtils.Constants.GCM_IV_SIZE) {\n return Failure.with(`IV must be ${CryptoUtils.Constants.GCM_IV_SIZE} bytes, got ${iv.length}`);\n }\n if (authTag.length !== CryptoUtils.Constants.GCM_AUTH_TAG_SIZE) {\n return Failure.with(\n `Auth tag must be ${CryptoUtils.Constants.GCM_AUTH_TAG_SIZE} bytes, got ${authTag.length}`\n );\n }\n\n try {\n // Import the key\n const cryptoKey = await this._crypto.subtle.importKey(\n 'raw',\n toArrayBuffer(key),\n { name: 'AES-GCM' },\n false,\n ['decrypt']\n );\n\n // Web Crypto expects ciphertext + auth tag concatenated\n const encryptedWithTag = new Uint8Array(encryptedData.length + authTag.length);\n encryptedWithTag.set(encryptedData);\n encryptedWithTag.set(authTag, encryptedData.length);\n\n // Decrypt\n const decrypted = await this._crypto.subtle.decrypt(\n {\n name: 'AES-GCM',\n iv: toArrayBuffer(iv),\n tagLength: CryptoUtils.Constants.GCM_AUTH_TAG_SIZE * 8 // bits\n },\n cryptoKey,\n encryptedWithTag\n );\n\n // Decode to string\n const decoder = new TextDecoder();\n return Success.with(decoder.decode(decrypted));\n } catch (e) {\n const message = e instanceof Error ? e.message : String(e);\n return Failure.with(`Decryption failed: ${message}`);\n }\n }\n\n /**\n * Generates a random 32-byte key suitable for AES-256.\n * @returns Success with generated key, or Failure with error\n */\n public async generateKey(): Promise<Result<Uint8Array>> {\n try {\n return Success.with(\n this._crypto.getRandomValues(new Uint8Array(CryptoUtils.Constants.AES_256_KEY_SIZE))\n );\n } catch (e) {\n const message = e instanceof Error ? e.message : String(e);\n return Failure.with(`Key generation failed: ${message}`);\n }\n }\n\n /**\n * Derives a key from a password using PBKDF2.\n * @param password - Password string\n * @param salt - Salt bytes (should be at least 16 bytes)\n * @param iterations - Number of iterations (recommend 100000+)\n * @returns Success with derived 32-byte key, or Failure with error\n */\n public async deriveKey(\n password: string,\n salt: Uint8Array,\n iterations: number\n ): Promise<Result<Uint8Array>> {\n if (iterations < 1) {\n return Failure.with('Iterations must be at least 1');\n }\n if (salt.length < 8) {\n return Failure.with('Salt should be at least 8 bytes');\n }\n\n try {\n // Encode password\n const encoder = new TextEncoder();\n const passwordBytes = encoder.encode(password);\n\n // Import password as key material\n const keyMaterial = await this._crypto.subtle.importKey('raw', passwordBytes, 'PBKDF2', false, [\n 'deriveBits'\n ]);\n\n // Derive key bits\n const derivedBits = await this._crypto.subtle.deriveBits(\n {\n name: 'PBKDF2',\n salt: toArrayBuffer(salt),\n iterations: iterations,\n hash: 'SHA-256'\n },\n keyMaterial,\n CryptoUtils.Constants.AES_256_KEY_SIZE * 8 // bits\n );\n\n return Success.with(new Uint8Array(derivedBits));\n } catch (e) {\n const message = e instanceof Error ? e.message : String(e);\n return Failure.with(`Key derivation failed: ${message}`);\n }\n }\n\n /**\n * Computes a SHA-256 hash of the given data.\n * @param data - UTF-8 string to hash\n * @returns `Success` with hex-encoded hash string, or `Failure` with an error.\n */\n public async sha256(data: string): Promise<Result<string>> {\n try {\n const encoder = new TextEncoder();\n const dataBuffer = encoder.encode(data);\n const hashBuffer = await this._crypto.subtle.digest('SHA-256', dataBuffer);\n const hashArray = new Uint8Array(hashBuffer);\n const hashHex = Array.from(hashArray)\n .map((b) => b.toString(16).padStart(2, '0'))\n .join('');\n return succeed(hashHex);\n } catch (e) {\n const message = e instanceof Error ? e.message : String(e);\n return fail(`SHA-256 hash failed: ${message}`);\n }\n }\n\n // ============================================================================\n // Platform Utility Methods\n // ============================================================================\n\n /**\n * Generates cryptographically secure random bytes.\n * @param length - Number of bytes to generate\n * @returns Success with random bytes, or Failure with error\n */\n public generateRandomBytes(length: number): Result<Uint8Array> {\n if (length < 1) {\n return Failure.with('Length must be at least 1');\n }\n try {\n return Success.with(this._crypto.getRandomValues(new Uint8Array(length)));\n } catch (e) {\n const message = e instanceof Error ? e.message : String(e);\n return Failure.with(`Random bytes generation failed: ${message}`);\n }\n }\n\n /**\n * Encodes binary data to base64 string.\n * @param data - Binary data to encode\n * @returns Base64-encoded string\n */\n public toBase64(data: Uint8Array): string {\n // Convert Uint8Array to binary string, then to base64\n let binary = '';\n for (let i = 0; i < data.length; i++) {\n binary += String.fromCharCode(data[i]);\n }\n return btoa(binary);\n }\n\n /**\n * Decodes base64 string to binary data.\n * @param base64 - Base64-encoded string\n * @returns Success with decoded bytes, or Failure if invalid base64\n */\n public fromBase64(base64: string): Result<Uint8Array> {\n try {\n const binary = atob(base64);\n const bytes = new Uint8Array(binary.length);\n for (let i = 0; i < binary.length; i++) {\n bytes[i] = binary.charCodeAt(i);\n }\n return Success.with(bytes);\n } catch (e) {\n return Failure.with('Invalid base64 string');\n }\n }\n\n // ============================================================================\n // Asymmetric Key Operations\n // ============================================================================\n\n /**\n * Generates a new asymmetric keypair via Web Crypto.\n * @param algorithm - The algorithm to use.\n * @param extractable - Whether the resulting keys may be exported.\n * @returns `Success` with the generated `CryptoKeyPair`, or `Failure` with an error.\n */\n public async generateKeyPair(\n algorithm: CryptoUtils.KeyPairAlgorithm,\n extractable: boolean\n ): Promise<Result<CryptoKeyPair>> {\n const params = CryptoUtils.keyPairAlgorithmParams[algorithm];\n const result = await captureAsyncResult(() =>\n this._crypto.subtle.generateKey(params.generateKey, extractable, params.keyPairUsages)\n );\n return result.withErrorFormat((e) => `Failed to generate ${algorithm} keypair: ${e}`);\n }\n\n /**\n * Exports a public `CryptoKey` as a JSON Web Key.\n * @remarks\n * Rejects non-public keys at runtime. WebCrypto's `exportKey('jwk', ...)`\n * does not enforce public-vs-private; without this guard a caller that\n * passed an extractable private key would receive its private fields\n * (`d`, `p`, `q`, ...) as JWK, defeating the method's name.\n * @param publicKey - Extractable public key to export.\n * @returns `Success` with the JWK, or `Failure` if not a public key or if export fails.\n */\n public async exportPublicKeyJwk(publicKey: CryptoKey): Promise<Result<JsonWebKey>> {\n if (publicKey.type !== 'public') {\n return Failure.with(`exportPublicKeyJwk requires a public CryptoKey, got '${publicKey.type}'`);\n }\n const result = await captureAsyncResult(() => this._crypto.subtle.exportKey('jwk', publicKey));\n return result.withErrorFormat((e) => `Failed to export public key as JWK: ${e}`);\n }\n\n /**\n * Imports a public-key JWK as a `CryptoKey` for the requested algorithm.\n * @param jwk - The JSON Web Key produced by a prior export.\n * @param algorithm - The algorithm the key was generated for.\n * @returns `Success` with the imported public `CryptoKey`, or `Failure` with an error.\n */\n public async importPublicKeyJwk(\n jwk: JsonWebKey,\n algorithm: CryptoUtils.KeyPairAlgorithm\n ): Promise<Result<CryptoKey>> {\n const params = CryptoUtils.keyPairAlgorithmParams[algorithm];\n const result = await captureAsyncResult(() =>\n this._crypto.subtle.importKey('jwk', jwk, params.importPublicKey, true, params.publicKeyUsages)\n );\n return result.withErrorFormat((e) => `Failed to import ${algorithm} public key from JWK: ${e}`);\n }\n}\n\n/**\n * Creates a {@link CryptoUtils.BrowserCryptoProvider | BrowserCryptoProvider} if Web\n * Crypto API is available.\n * @returns `Success` with provider, or `Failure` if not available\n * @public\n */\nexport function createBrowserCryptoProvider(): Result<BrowserCryptoProvider> {\n return captureResult(() => new BrowserCryptoProvider());\n}\n/* c8 ignore stop */\n"]}
package/dist/ts-web-extras.d.ts CHANGED
@@ -24,7 +24,7 @@ import { Result } from '@fgv/ts-utils';
24
24
  *
25
25
  * @public
26
26
  */
27
- declare class BrowserCryptoProvider implements ICryptoProvider {
27
+ declare class BrowserCryptoProvider implements CryptoUtils_2.ICryptoProvider {
28
28
  private readonly _crypto;
29
29
  /**
30
30
  * Creates a new {@link CryptoUtils.BrowserCryptoProvider | BrowserCryptoProvider}.
@@ -37,7 +37,7 @@ declare class BrowserCryptoProvider implements ICryptoProvider {
37
37
  * @param key - 32-byte encryption key
38
38
  * @returns `Success` with encryption result, or `Failure` with an error.
39
39
  */
40
- encrypt(plaintext: string, key: Uint8Array): Promise<Result<IEncryptionResult>>;
40
+ encrypt(plaintext: string, key: Uint8Array): Promise<Result<CryptoUtils_2.IEncryptionResult>>;
41
41
  /**
42
42
  * Decrypts ciphertext using AES-256-GCM.
43
43
  * @param encryptedData - Encrypted bytes
@@ -84,6 +84,31 @@ declare class BrowserCryptoProvider implements ICryptoProvider {
84
84
  * @returns Success with decoded bytes, or Failure if invalid base64
85
85
  */
86
86
  fromBase64(base64: string): Result<Uint8Array>;
87
+ /**
88
+ * Generates a new asymmetric keypair via Web Crypto.
89
+ * @param algorithm - The algorithm to use.
90
+ * @param extractable - Whether the resulting keys may be exported.
91
+ * @returns `Success` with the generated `CryptoKeyPair`, or `Failure` with an error.
92
+ */
93
+ generateKeyPair(algorithm: CryptoUtils_2.KeyPairAlgorithm, extractable: boolean): Promise<Result<CryptoKeyPair>>;
94
+ /**
95
+ * Exports a public `CryptoKey` as a JSON Web Key.
96
+ * @remarks
97
+ * Rejects non-public keys at runtime. WebCrypto's `exportKey('jwk', ...)`
98
+ * does not enforce public-vs-private; without this guard a caller that
99
+ * passed an extractable private key would receive its private fields
100
+ * (`d`, `p`, `q`, ...) as JWK, defeating the method's name.
101
+ * @param publicKey - Extractable public key to export.
102
+ * @returns `Success` with the JWK, or `Failure` if not a public key or if export fails.
103
+ */
104
+ exportPublicKeyJwk(publicKey: CryptoKey): Promise<Result<JsonWebKey>>;
105
+ /**
106
+ * Imports a public-key JWK as a `CryptoKey` for the requested algorithm.
107
+ * @param jwk - The JSON Web Key produced by a prior export.
108
+ * @param algorithm - The algorithm the key was generated for.
109
+ * @returns `Success` with the imported public `CryptoKey`, or `Failure` with an error.
110
+ */
111
+ importPublicKeyJwk(jwk: JsonWebKey, algorithm: CryptoUtils_2.KeyPairAlgorithm): Promise<Result<CryptoKey>>;
87
112
  }
88
113
 
89
114
  /**
@@ -751,8 +776,6 @@ declare function extractFileListMetadata(fileList: FileList): Array<IFileMetadat
751
776
  private static _requestWithParams;
752
777
  }
753
778
 
754
- declare type ICryptoProvider = CryptoUtils_2.ICryptoProvider;
755
-
756
779
  /**
757
780
  * Tree initializer for File System Access API directory handles.
758
781
  * @public
@@ -763,8 +786,6 @@ declare function extractFileListMetadata(fileList: FileList): Array<IFileMetadat
763
786
  readonly nonRecursive?: boolean;
764
787
  }
765
788
 
766
- declare type IEncryptionResult = CryptoUtils_2.IEncryptionResult;
767
-
768
789
  /**
769
790
  * Tree initializer for File System Access API file handles.
770
791
  * @public
package/docs/CryptoUtils/classes/BrowserCryptoProvider.exportPublicKeyJwk.md ADDED
@@ -0,0 +1,24 @@
1
+ [Home](../../README.md) > [CryptoUtils](../README.md) > [BrowserCryptoProvider](./BrowserCryptoProvider.md) > exportPublicKeyJwk
2
+
3
+ ## BrowserCryptoProvider.exportPublicKeyJwk() method
4
+
5
+ Exports a public `CryptoKey` as a JSON Web Key.
6
+
7
+ **Signature:**
8
+
9
+ ```typescript
10
+ exportPublicKeyJwk(publicKey: CryptoKey): Promise<Result<JsonWebKey>>;
11
+ ```
12
+
13
+ **Parameters:**
14
+
15
+ <table><thead><tr><th>Parameter</th><th>Type</th><th>Description</th></tr></thead>
16
+ <tbody>
17
+ <tr><td>publicKey</td><td>CryptoKey</td><td>Extractable public key to export.</td></tr>
18
+ </tbody></table>
19
+
20
+ **Returns:**
21
+
22
+ Promise&lt;Result&lt;JsonWebKey&gt;&gt;
23
+
24
+ `Success` with the JWK, or `Failure` if not a public key or if export fails.
package/docs/CryptoUtils/classes/BrowserCryptoProvider.generateKeyPair.md ADDED
@@ -0,0 +1,25 @@
1
+ [Home](../../README.md) > [CryptoUtils](../README.md) > [BrowserCryptoProvider](./BrowserCryptoProvider.md) > generateKeyPair
2
+
3
+ ## BrowserCryptoProvider.generateKeyPair() method
4
+
5
+ Generates a new asymmetric keypair via Web Crypto.
6
+
7
+ **Signature:**
8
+
9
+ ```typescript
10
+ generateKeyPair(algorithm: KeyPairAlgorithm, extractable: boolean): Promise<Result<CryptoKeyPair>>;
11
+ ```
12
+
13
+ **Parameters:**
14
+
15
+ <table><thead><tr><th>Parameter</th><th>Type</th><th>Description</th></tr></thead>
16
+ <tbody>
17
+ <tr><td>algorithm</td><td>KeyPairAlgorithm</td><td>The algorithm to use.</td></tr>
18
+ <tr><td>extractable</td><td>boolean</td><td>Whether the resulting keys may be exported.</td></tr>
19
+ </tbody></table>
20
+
21
+ **Returns:**
22
+
23
+ Promise&lt;Result&lt;CryptoKeyPair&gt;&gt;
24
+
25
+ `Success` with the generated `CryptoKeyPair`, or `Failure` with an error.
package/docs/CryptoUtils/classes/BrowserCryptoProvider.importPublicKeyJwk.md ADDED
@@ -0,0 +1,25 @@
1
+ [Home](../../README.md) > [CryptoUtils](../README.md) > [BrowserCryptoProvider](./BrowserCryptoProvider.md) > importPublicKeyJwk
2
+
3
+ ## BrowserCryptoProvider.importPublicKeyJwk() method
4
+
5
+ Imports a public-key JWK as a `CryptoKey` for the requested algorithm.
6
+
7
+ **Signature:**
8
+
9
+ ```typescript
10
+ importPublicKeyJwk(jwk: JsonWebKey, algorithm: KeyPairAlgorithm): Promise<Result<CryptoKey>>;
11
+ ```
12
+
13
+ **Parameters:**
14
+
15
+ <table><thead><tr><th>Parameter</th><th>Type</th><th>Description</th></tr></thead>
16
+ <tbody>
17
+ <tr><td>jwk</td><td>JsonWebKey</td><td>The JSON Web Key produced by a prior export.</td></tr>
18
+ <tr><td>algorithm</td><td>KeyPairAlgorithm</td><td>The algorithm the key was generated for.</td></tr>
19
+ </tbody></table>
20
+
21
+ **Returns:**
22
+
23
+ Promise&lt;Result&lt;CryptoKey&gt;&gt;
24
+
25
+ `Success` with the imported public `CryptoKey`, or `Failure` with an error.
package/docs/CryptoUtils/classes/BrowserCryptoProvider.md CHANGED
@@ -160,5 +160,44 @@ Encodes binary data to base64 string.
160
160
 
161
161
  Decodes base64 string to binary data.
162
162
 
163
+ </td></tr>
164
+ <tr><td>
165
+
166
+ [generateKeyPair(algorithm, extractable)](./BrowserCryptoProvider.generateKeyPair.md)
167
+
168
+ </td><td>
169
+
170
+
171
+
172
+ </td><td>
173
+
174
+ Generates a new asymmetric keypair via Web Crypto.
175
+
176
+ </td></tr>
177
+ <tr><td>
178
+
179
+ [exportPublicKeyJwk(publicKey)](./BrowserCryptoProvider.exportPublicKeyJwk.md)
180
+
181
+ </td><td>
182
+
183
+
184
+
185
+ </td><td>
186
+
187
+ Exports a public `CryptoKey` as a JSON Web Key.
188
+
189
+ </td></tr>
190
+ <tr><td>
191
+
192
+ [importPublicKeyJwk(jwk, algorithm)](./BrowserCryptoProvider.importPublicKeyJwk.md)
193
+
194
+ </td><td>
195
+
196
+
197
+
198
+ </td><td>
199
+
200
+ Imports a public-key JWK as a `CryptoKey` for the requested algorithm.
201
+
163
202
  </td></tr>
164
203
  </tbody></table>
package/docs/classes/BrowserCryptoProvider.exportPublicKeyJwk.md ADDED
@@ -0,0 +1,24 @@
1
+ [Home](../README.md) > [BrowserCryptoProvider](./BrowserCryptoProvider.md) > exportPublicKeyJwk
2
+
3
+ ## BrowserCryptoProvider.exportPublicKeyJwk() method
4
+
5
+ Exports a public `CryptoKey` as a JSON Web Key.
6
+
7
+ **Signature:**
8
+
9
+ ```typescript
10
+ exportPublicKeyJwk(publicKey: CryptoKey): Promise<Result<JsonWebKey>>;
11
+ ```
12
+
13
+ **Parameters:**
14
+
15
+ <table><thead><tr><th>Parameter</th><th>Type</th><th>Description</th></tr></thead>
16
+ <tbody>
17
+ <tr><td>publicKey</td><td>CryptoKey</td><td>Extractable public key to export.</td></tr>
18
+ </tbody></table>
19
+
20
+ **Returns:**
21
+
22
+ Promise&lt;Result&lt;JsonWebKey&gt;&gt;
23
+
24
+ `Success` with the JWK, or `Failure` if not a public key or if export fails.