@fgv/ts-web-extras 5.1.0-17 → 5.1.0-19

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (70) hide show
  1. package/.rush/temp/{edc66e6a37414a0b69e52d768684c18c9d5825e3.tar.log → 42a7a953924ae898114e7b6231a2408228d92433.tar.log} +8 -2
  2. package/.rush/temp/chunked-rush-logs/ts-web-extras.build.chunks.jsonl +19 -17
  3. package/.rush/temp/operation/build/all.log +19 -17
  4. package/.rush/temp/operation/build/log-chunks.jsonl +19 -17
  5. package/.rush/temp/operation/build/state.json +1 -1
  6. package/dist/packlets/crypto-utils/browserCryptoProvider.js +176 -18
  7. package/dist/packlets/crypto-utils/browserCryptoProvider.js.map +1 -1
  8. package/dist/test/unit/browserCryptoProvider.wrapBytes.test.js +221 -0
  9. package/dist/test/unit/browserCryptoProvider.wrapBytes.test.js.map +1 -0
  10. package/dist/ts-web-extras.d.ts +46 -6
  11. package/docs/CryptoUtils/classes/BrowserCryptoProvider.exportPublicKeyJwk.md +24 -0
  12. package/docs/CryptoUtils/classes/BrowserCryptoProvider.generateKeyPair.md +25 -0
  13. package/docs/CryptoUtils/classes/BrowserCryptoProvider.importPublicKeyJwk.md +25 -0
  14. package/docs/CryptoUtils/classes/BrowserCryptoProvider.md +67 -0
  15. package/docs/CryptoUtils/classes/BrowserCryptoProvider.unwrapBytes.md +27 -0
  16. package/docs/CryptoUtils/classes/BrowserCryptoProvider.wrapBytes.md +28 -0
  17. package/docs/classes/BrowserCryptoProvider.exportPublicKeyJwk.md +24 -0
  18. package/docs/classes/BrowserCryptoProvider.generateKeyPair.md +25 -0
  19. package/docs/classes/BrowserCryptoProvider.importPublicKeyJwk.md +25 -0
  20. package/docs/classes/BrowserCryptoProvider.md +67 -0
  21. package/docs/classes/BrowserCryptoProvider.unwrapBytes.md +27 -0
  22. package/docs/classes/BrowserCryptoProvider.wrapBytes.md +28 -0
  23. package/etc/ts-web-extras.api.md +10 -5
  24. package/lib/packlets/crypto-utils/browserCryptoProvider.d.ts +46 -5
  25. package/lib/packlets/crypto-utils/browserCryptoProvider.d.ts.map +1 -1
  26. package/lib/packlets/crypto-utils/browserCryptoProvider.js +175 -17
  27. package/lib/packlets/crypto-utils/browserCryptoProvider.js.map +1 -1
  28. package/lib/test/unit/browserCryptoProvider.wrapBytes.test.d.ts +2 -0
  29. package/lib/test/unit/browserCryptoProvider.wrapBytes.test.d.ts.map +1 -0
  30. package/lib/test/unit/browserCryptoProvider.wrapBytes.test.js +223 -0
  31. package/lib/test/unit/browserCryptoProvider.wrapBytes.test.js.map +1 -0
  32. package/package.json +14 -14
  33. package/rush-logs/ts-web-extras.build.cache.log +1 -1
  34. package/rush-logs/ts-web-extras.build.log +19 -17
  35. package/src/packlets/crypto-utils/browserCryptoProvider.ts +244 -23
  36. package/src/test/unit/browserCryptoProvider.wrapBytes.test.ts +325 -0
  37. package/temp/build/typescript/ts_8nwakTlr.json +1 -1
  38. package/temp/coverage/crypto-utils/browserCryptoProvider.ts.html +692 -29
  39. package/temp/coverage/crypto-utils/browserHashProvider.ts.html +1 -1
  40. package/temp/coverage/crypto-utils/index.html +9 -9
  41. package/temp/coverage/file-tree/directoryHandleStore.ts.html +1 -1
  42. package/temp/coverage/file-tree/fileApiTreeAccessors.ts.html +1 -1
  43. package/temp/coverage/file-tree/fileSystemAccessTreeAccessors.ts.html +1 -1
  44. package/temp/coverage/file-tree/httpTreeAccessors.ts.html +1 -1
  45. package/temp/coverage/file-tree/index.html +1 -1
  46. package/temp/coverage/file-tree/localStorageTreeAccessors.ts.html +1 -1
  47. package/temp/coverage/helpers/fileTreeHelpers.ts.html +1 -1
  48. package/temp/coverage/helpers/index.html +1 -1
  49. package/temp/coverage/index.html +10 -10
  50. package/temp/coverage/lcov-report/crypto-utils/browserCryptoProvider.ts.html +692 -29
  51. package/temp/coverage/lcov-report/crypto-utils/browserHashProvider.ts.html +1 -1
  52. package/temp/coverage/lcov-report/crypto-utils/index.html +9 -9
  53. package/temp/coverage/lcov-report/file-tree/directoryHandleStore.ts.html +1 -1
  54. package/temp/coverage/lcov-report/file-tree/fileApiTreeAccessors.ts.html +1 -1
  55. package/temp/coverage/lcov-report/file-tree/fileSystemAccessTreeAccessors.ts.html +1 -1
  56. package/temp/coverage/lcov-report/file-tree/httpTreeAccessors.ts.html +1 -1
  57. package/temp/coverage/lcov-report/file-tree/index.html +1 -1
  58. package/temp/coverage/lcov-report/file-tree/localStorageTreeAccessors.ts.html +1 -1
  59. package/temp/coverage/lcov-report/helpers/fileTreeHelpers.ts.html +1 -1
  60. package/temp/coverage/lcov-report/helpers/index.html +1 -1
  61. package/temp/coverage/lcov-report/index.html +10 -10
  62. package/temp/coverage/lcov-report/url-utils/index.html +1 -1
  63. package/temp/coverage/lcov-report/url-utils/urlParams.ts.html +1 -1
  64. package/temp/coverage/lcov.info +294 -23
  65. package/temp/coverage/url-utils/index.html +1 -1
  66. package/temp/coverage/url-utils/urlParams.ts.html +1 -1
  67. package/temp/test/jest/haste-map-7492f1b44480e0cdd1f220078fb3afd8-c8dd6c3430605adeb2f1cadf4f75e791-8c9336785555d572065b28c111982ba4 +0 -0
  68. package/temp/test/jest/perf-cache-7492f1b44480e0cdd1f220078fb3afd8-da39a3ee5e6b4b0d3255bfef95601890 +1 -1
  69. package/temp/ts-web-extras.api.json +465 -4
  70. package/temp/ts-web-extras.api.md +10 -5
package/.rush/temp/{edc66e6a37414a0b69e52d768684c18c9d5825e3.tar.log → 42a7a953924ae898114e7b6231a2408228d92433.tar.log} RENAMED
@@ -1,5 +1,5 @@
1
- Start time: Mon Apr 27 2026 03:46:28 GMT+0000 (Coordinated Universal Time)
2
- Invoking "/usr/bin/tar -c -f /home/runner/work/fgv/fgv/common/temp/build-cache/edc66e6a37414a0b69e52d768684c18c9d5825e3-755c33d272322419.temp -z --files-from=-"
1
+ Start time: Mon Apr 27 2026 19:21:09 GMT+0000 (Coordinated Universal Time)
2
+ Invoking "/usr/bin/tar -c -f /home/runner/work/fgv/fgv/common/temp/build-cache/42a7a953924ae898114e7b6231a2408228d92433-b8fcfb48e32acef1.temp -z --files-from=-"
3
3
 
4
4
  ======= BEGIN PROCESS INPUT ======
5
5
  .rush/temp/operation/build/all.log
@@ -41,6 +41,8 @@ dist/test/mocks/idb-keyval.js
41
41
  dist/test/mocks/idb-keyval.js.map
42
42
  dist/test/setupTests.js
43
43
  dist/test/setupTests.js.map
44
+ dist/test/unit/browserCryptoProvider.wrapBytes.test.js
45
+ dist/test/unit/browserCryptoProvider.wrapBytes.test.js.map
44
46
  dist/test/unit/browserHashProvider.test.js
45
47
  dist/test/unit/browserHashProvider.test.js.map
46
48
  dist/test/unit/directoryHandleStore.test.js
@@ -137,6 +139,10 @@ lib/test/setupTests.d.ts
137
139
  lib/test/setupTests.d.ts.map
138
140
  lib/test/setupTests.js
139
141
  lib/test/setupTests.js.map
142
+ lib/test/unit/browserCryptoProvider.wrapBytes.test.d.ts
143
+ lib/test/unit/browserCryptoProvider.wrapBytes.test.d.ts.map
144
+ lib/test/unit/browserCryptoProvider.wrapBytes.test.js
145
+ lib/test/unit/browserCryptoProvider.wrapBytes.test.js.map
140
146
  lib/test/unit/browserHashProvider.test.d.ts
141
147
  lib/test/unit/browserHashProvider.test.d.ts.map
142
148
  lib/test/unit/browserHashProvider.test.js
package/.rush/temp/chunked-rush-logs/ts-web-extras.build.chunks.jsonl CHANGED
@@ -1,42 +1,44 @@
1
- {"kind":"O","text":"Invoking: heft test --clean \n"}
1
+ {"kind":"O","text":"Invoking: NODE_OPTIONS=--disable-warning=DEP0040 heft test --clean \n"}
2
2
  {"kind":"O","text":" ---- build started ---- \n"}
3
3
  {"kind":"O","text":"[build:typescript] The TypeScript compiler version 5.9.3 is newer than the latest version that was tested with Heft (5.8); it may not work correctly.\n"}
4
4
  {"kind":"O","text":"[build:typescript] Using TypeScript version 5.9.3\n"}
5
5
  {"kind":"O","text":"[build:api-extractor] Using API Extractor version 7.57.7\n"}
6
6
  {"kind":"O","text":"[build:api-extractor] Analysis will use the bundled TypeScript version 5.8.2\n"}
7
7
  {"kind":"O","text":"[build:api-extractor] *** The target project appears to use TypeScript 5.9.3 which is newer than the bundled compiler engine; consider upgrading API Extractor.\n"}
8
- {"kind":"O","text":" ---- build finished (24.065s) ---- \n"}
8
+ {"kind":"O","text":" ---- build finished (23.128s) ---- \n"}
9
9
  {"kind":"O","text":" ---- test started ---- \n"}
10
10
  {"kind":"O","text":"[test:jest] Using Jest version 29.5.0\n"}
11
11
  {"kind":"O","text":"[test:jest] \n"}
12
- {"kind":"O","text":"[test:jest] Run start. 9 test suites\n"}
12
+ {"kind":"O","text":"[test:jest] Run start. 10 test suites\n"}
13
13
  {"kind":"O","text":"[test:jest] START lib/test/unit/httpTreeAccessors.test.js\n"}
14
14
  {"kind":"O","text":"[test:jest] START lib/test/unit/fileApiTreeAccessors.test.js\n"}
15
15
  {"kind":"O","text":"[test:jest] START lib/test/unit/localStorageTreeAccessors.test.js\n"}
16
16
  {"kind":"O","text":"[test:jest] START lib/test/unit/fileSystemAccessTreeAccessors.test.js\n"}
17
- {"kind":"O","text":"[test:jest] PASS lib/test/unit/httpTreeAccessors.test.js (duration: 2.358s, 61 passed, 0 failed)\n"}
17
+ {"kind":"O","text":"[test:jest] PASS lib/test/unit/localStorageTreeAccessors.test.js (duration: 1.702s, 44 passed, 0 failed)\n"}
18
18
  {"kind":"O","text":"[test:jest] START lib/test/unit/fileTreeHelpers.test.js\n"}
19
- {"kind":"O","text":"[test:jest] PASS lib/test/unit/localStorageTreeAccessors.test.js (duration: 2.231s, 44 passed, 0 failed)\n"}
19
+ {"kind":"O","text":"[test:jest] PASS lib/test/unit/httpTreeAccessors.test.js (duration: 2.103s, 61 passed, 0 failed)\n"}
20
20
  {"kind":"O","text":"[test:jest] START lib/test/unit/fileApiTypes.test.js\n"}
21
- {"kind":"O","text":"[test:jest] PASS lib/test/unit/fileApiTreeAccessors.test.js (duration: 3.257s, 65 passed, 0 failed)\n"}
21
+ {"kind":"O","text":"[test:jest] PASS lib/test/unit/fileApiTreeAccessors.test.js (duration: 2.550s, 65 passed, 0 failed)\n"}
22
22
  {"kind":"O","text":"[test:jest] START lib/test/unit/urlParams.test.js\n"}
23
- {"kind":"O","text":"[test:jest] PASS lib/test/unit/fileSystemAccessTreeAccessors.test.js (duration: 1.807s, 44 passed, 0 failed)\n"}
23
+ {"kind":"O","text":"[test:jest] PASS lib/test/unit/fileSystemAccessTreeAccessors.test.js (duration: 1.592s, 44 passed, 0 failed)\n"}
24
+ {"kind":"O","text":"[test:jest] START lib/test/unit/browserCryptoProvider.wrapBytes.test.js\n"}
25
+ {"kind":"O","text":"[test:jest] PASS lib/test/unit/fileApiTypes.test.js (duration: 1.647s, 36 passed, 0 failed)\n"}
24
26
  {"kind":"O","text":"[test:jest] START lib/test/unit/directoryHandleStore.test.js\n"}
25
- {"kind":"O","text":"[test:jest] PASS lib/test/unit/fileApiTypes.test.js (duration: 1.259s, 36 passed, 0 failed)\n"}
27
+ {"kind":"O","text":"[test:jest] PASS lib/test/unit/fileTreeHelpers.test.js (duration: 2.006s, 35 passed, 0 failed)\n"}
26
28
  {"kind":"O","text":"[test:jest] START lib/test/unit/browserHashProvider.test.js\n"}
27
- {"kind":"O","text":"[test:jest] PASS lib/test/unit/fileTreeHelpers.test.js (duration: 2.305s, 35 passed, 0 failed)\n"}
28
- {"kind":"O","text":"[test:jest] PASS lib/test/unit/urlParams.test.js (duration: 1.871s, 60 passed, 0 failed)\n"}
29
- {"kind":"O","text":"[test:jest] PASS lib/test/unit/directoryHandleStore.test.js (duration: 1.696s, 19 passed, 0 failed)\n"}
30
- {"kind":"O","text":"[test:jest] PASS lib/test/unit/browserHashProvider.test.js (duration: 1.902s, 15 passed, 0 failed)\n"}
29
+ {"kind":"O","text":"[test:jest] PASS lib/test/unit/directoryHandleStore.test.js (duration: 1.362s, 19 passed, 0 failed)\n"}
30
+ {"kind":"O","text":"[test:jest] PASS lib/test/unit/urlParams.test.js (duration: 1.974s, 60 passed, 0 failed)\n"}
31
+ {"kind":"O","text":"[test:jest] PASS lib/test/unit/browserCryptoProvider.wrapBytes.test.js (duration: 2.015s, 26 passed, 0 failed)\n"}
32
+ {"kind":"O","text":"[test:jest] PASS lib/test/unit/browserHashProvider.test.js (duration: 1.383s, 15 passed, 0 failed)\n"}
31
33
  {"kind":"O","text":"[test:jest] \n"}
32
34
  {"kind":"O","text":"[test:jest] Tests finished:\n"}
33
- {"kind":"O","text":"[test:jest] Successes: 379\n"}
35
+ {"kind":"O","text":"[test:jest] Successes: 405\n"}
34
36
  {"kind":"O","text":"[test:jest] Failures: 0\n"}
35
- {"kind":"O","text":"[test:jest] Total: 380\n"}
37
+ {"kind":"O","text":"[test:jest] Total: 406\n"}
36
38
  {"kind":"O","text":"-----------------------------------|---------|----------|---------|---------|-------------------\n"}
37
39
  {"kind":"O","text":"File | % Stmts | % Branch | % Funcs | % Lines | Uncovered Line #s \n"}
38
40
  {"kind":"O","text":"-----------------------------------|---------|----------|---------|---------|-------------------\n"}
39
- {"kind":"O","text":"All files | 100 | 99.62 | 100 | 100 | \n"}
41
+ {"kind":"O","text":"All files | 100 | 99.64 | 100 | 100 | \n"}
40
42
  {"kind":"O","text":" crypto-utils | 100 | 100 | 100 | 100 | \n"}
41
43
  {"kind":"O","text":" browserCryptoProvider.ts | 100 | 100 | 100 | 100 | \n"}
42
44
  {"kind":"O","text":" browserHashProvider.ts | 100 | 100 | 100 | 100 | \n"}
@@ -51,5 +53,5 @@
51
53
  {"kind":"O","text":" url-utils | 100 | 100 | 100 | 100 | \n"}
52
54
  {"kind":"O","text":" urlParams.ts | 100 | 100 | 100 | 100 | \n"}
53
55
  {"kind":"O","text":"-----------------------------------|---------|----------|---------|---------|-------------------\n"}
54
- {"kind":"O","text":" ---- test finished (9.403s) ---- \n"}
55
- {"kind":"O","text":"-------------------- Finished (33.476s) --------------------\n"}
56
+ {"kind":"O","text":" ---- test finished (9.881s) ---- \n"}
57
+ {"kind":"O","text":"-------------------- Finished (33.035s) --------------------\n"}
package/.rush/temp/operation/build/all.log CHANGED
@@ -1,42 +1,44 @@
1
- Invoking: heft test --clean
1
+ Invoking: NODE_OPTIONS=--disable-warning=DEP0040 heft test --clean
2
2
  ---- build started ----
3
3
  [build:typescript] The TypeScript compiler version 5.9.3 is newer than the latest version that was tested with Heft (5.8); it may not work correctly.
4
4
  [build:typescript] Using TypeScript version 5.9.3
5
5
  [build:api-extractor] Using API Extractor version 7.57.7
6
6
  [build:api-extractor] Analysis will use the bundled TypeScript version 5.8.2
7
7
  [build:api-extractor] *** The target project appears to use TypeScript 5.9.3 which is newer than the bundled compiler engine; consider upgrading API Extractor.
8
- ---- build finished (24.065s) ----
8
+ ---- build finished (23.128s) ----
9
9
  ---- test started ----
10
10
  [test:jest] Using Jest version 29.5.0
11
11
  [test:jest]
12
- [test:jest] Run start. 9 test suites
12
+ [test:jest] Run start. 10 test suites
13
13
  [test:jest] START lib/test/unit/httpTreeAccessors.test.js
14
14
  [test:jest] START lib/test/unit/fileApiTreeAccessors.test.js
15
15
  [test:jest] START lib/test/unit/localStorageTreeAccessors.test.js
16
16
  [test:jest] START lib/test/unit/fileSystemAccessTreeAccessors.test.js
17
- [test:jest] PASS lib/test/unit/httpTreeAccessors.test.js (duration: 2.358s, 61 passed, 0 failed)
17
+ [test:jest] PASS lib/test/unit/localStorageTreeAccessors.test.js (duration: 1.702s, 44 passed, 0 failed)
18
18
  [test:jest] START lib/test/unit/fileTreeHelpers.test.js
19
- [test:jest] PASS lib/test/unit/localStorageTreeAccessors.test.js (duration: 2.231s, 44 passed, 0 failed)
19
+ [test:jest] PASS lib/test/unit/httpTreeAccessors.test.js (duration: 2.103s, 61 passed, 0 failed)
20
20
  [test:jest] START lib/test/unit/fileApiTypes.test.js
21
- [test:jest] PASS lib/test/unit/fileApiTreeAccessors.test.js (duration: 3.257s, 65 passed, 0 failed)
21
+ [test:jest] PASS lib/test/unit/fileApiTreeAccessors.test.js (duration: 2.550s, 65 passed, 0 failed)
22
22
  [test:jest] START lib/test/unit/urlParams.test.js
23
- [test:jest] PASS lib/test/unit/fileSystemAccessTreeAccessors.test.js (duration: 1.807s, 44 passed, 0 failed)
23
+ [test:jest] PASS lib/test/unit/fileSystemAccessTreeAccessors.test.js (duration: 1.592s, 44 passed, 0 failed)
24
+ [test:jest] START lib/test/unit/browserCryptoProvider.wrapBytes.test.js
25
+ [test:jest] PASS lib/test/unit/fileApiTypes.test.js (duration: 1.647s, 36 passed, 0 failed)
24
26
  [test:jest] START lib/test/unit/directoryHandleStore.test.js
25
- [test:jest] PASS lib/test/unit/fileApiTypes.test.js (duration: 1.259s, 36 passed, 0 failed)
27
+ [test:jest] PASS lib/test/unit/fileTreeHelpers.test.js (duration: 2.006s, 35 passed, 0 failed)
26
28
  [test:jest] START lib/test/unit/browserHashProvider.test.js
27
- [test:jest] PASS lib/test/unit/fileTreeHelpers.test.js (duration: 2.305s, 35 passed, 0 failed)
28
- [test:jest] PASS lib/test/unit/urlParams.test.js (duration: 1.871s, 60 passed, 0 failed)
29
- [test:jest] PASS lib/test/unit/directoryHandleStore.test.js (duration: 1.696s, 19 passed, 0 failed)
30
- [test:jest] PASS lib/test/unit/browserHashProvider.test.js (duration: 1.902s, 15 passed, 0 failed)
29
+ [test:jest] PASS lib/test/unit/directoryHandleStore.test.js (duration: 1.362s, 19 passed, 0 failed)
30
+ [test:jest] PASS lib/test/unit/urlParams.test.js (duration: 1.974s, 60 passed, 0 failed)
31
+ [test:jest] PASS lib/test/unit/browserCryptoProvider.wrapBytes.test.js (duration: 2.015s, 26 passed, 0 failed)
32
+ [test:jest] PASS lib/test/unit/browserHashProvider.test.js (duration: 1.383s, 15 passed, 0 failed)
31
33
  [test:jest]
32
34
  [test:jest] Tests finished:
33
- [test:jest] Successes: 379
35
+ [test:jest] Successes: 405
34
36
  [test:jest] Failures: 0
35
- [test:jest] Total: 380
37
+ [test:jest] Total: 406
36
38
  -----------------------------------|---------|----------|---------|---------|-------------------
37
39
  File | % Stmts | % Branch | % Funcs | % Lines | Uncovered Line #s
38
40
  -----------------------------------|---------|----------|---------|---------|-------------------
39
- All files | 100 | 99.62 | 100 | 100 |
41
+ All files | 100 | 99.64 | 100 | 100 |
40
42
  crypto-utils | 100 | 100 | 100 | 100 |
41
43
  browserCryptoProvider.ts | 100 | 100 | 100 | 100 |
42
44
  browserHashProvider.ts | 100 | 100 | 100 | 100 |
@@ -51,5 +53,5 @@ All files | 100 | 99.62 | 100 | 100 |
51
53
  url-utils | 100 | 100 | 100 | 100 |
52
54
  urlParams.ts | 100 | 100 | 100 | 100 |
53
55
  -----------------------------------|---------|----------|---------|---------|-------------------
54
- ---- test finished (9.403s) ----
55
- -------------------- Finished (33.476s) --------------------
56
+ ---- test finished (9.881s) ----
57
+ -------------------- Finished (33.035s) --------------------
package/.rush/temp/operation/build/log-chunks.jsonl CHANGED
@@ -1,42 +1,44 @@
1
- {"kind":"O","text":"Invoking: heft test --clean \n"}
1
+ {"kind":"O","text":"Invoking: NODE_OPTIONS=--disable-warning=DEP0040 heft test --clean \n"}
2
2
  {"kind":"O","text":" ---- build started ---- \n"}
3
3
  {"kind":"O","text":"[build:typescript] The TypeScript compiler version 5.9.3 is newer than the latest version that was tested with Heft (5.8); it may not work correctly.\n"}
4
4
  {"kind":"O","text":"[build:typescript] Using TypeScript version 5.9.3\n"}
5
5
  {"kind":"O","text":"[build:api-extractor] Using API Extractor version 7.57.7\n"}
6
6
  {"kind":"O","text":"[build:api-extractor] Analysis will use the bundled TypeScript version 5.8.2\n"}
7
7
  {"kind":"O","text":"[build:api-extractor] *** The target project appears to use TypeScript 5.9.3 which is newer than the bundled compiler engine; consider upgrading API Extractor.\n"}
8
- {"kind":"O","text":" ---- build finished (24.065s) ---- \n"}
8
+ {"kind":"O","text":" ---- build finished (23.128s) ---- \n"}
9
9
  {"kind":"O","text":" ---- test started ---- \n"}
10
10
  {"kind":"O","text":"[test:jest] Using Jest version 29.5.0\n"}
11
11
  {"kind":"O","text":"[test:jest] \n"}
12
- {"kind":"O","text":"[test:jest] Run start. 9 test suites\n"}
12
+ {"kind":"O","text":"[test:jest] Run start. 10 test suites\n"}
13
13
  {"kind":"O","text":"[test:jest] START lib/test/unit/httpTreeAccessors.test.js\n"}
14
14
  {"kind":"O","text":"[test:jest] START lib/test/unit/fileApiTreeAccessors.test.js\n"}
15
15
  {"kind":"O","text":"[test:jest] START lib/test/unit/localStorageTreeAccessors.test.js\n"}
16
16
  {"kind":"O","text":"[test:jest] START lib/test/unit/fileSystemAccessTreeAccessors.test.js\n"}
17
- {"kind":"O","text":"[test:jest] PASS lib/test/unit/httpTreeAccessors.test.js (duration: 2.358s, 61 passed, 0 failed)\n"}
17
+ {"kind":"O","text":"[test:jest] PASS lib/test/unit/localStorageTreeAccessors.test.js (duration: 1.702s, 44 passed, 0 failed)\n"}
18
18
  {"kind":"O","text":"[test:jest] START lib/test/unit/fileTreeHelpers.test.js\n"}
19
- {"kind":"O","text":"[test:jest] PASS lib/test/unit/localStorageTreeAccessors.test.js (duration: 2.231s, 44 passed, 0 failed)\n"}
19
+ {"kind":"O","text":"[test:jest] PASS lib/test/unit/httpTreeAccessors.test.js (duration: 2.103s, 61 passed, 0 failed)\n"}
20
20
  {"kind":"O","text":"[test:jest] START lib/test/unit/fileApiTypes.test.js\n"}
21
- {"kind":"O","text":"[test:jest] PASS lib/test/unit/fileApiTreeAccessors.test.js (duration: 3.257s, 65 passed, 0 failed)\n"}
21
+ {"kind":"O","text":"[test:jest] PASS lib/test/unit/fileApiTreeAccessors.test.js (duration: 2.550s, 65 passed, 0 failed)\n"}
22
22
  {"kind":"O","text":"[test:jest] START lib/test/unit/urlParams.test.js\n"}
23
- {"kind":"O","text":"[test:jest] PASS lib/test/unit/fileSystemAccessTreeAccessors.test.js (duration: 1.807s, 44 passed, 0 failed)\n"}
23
+ {"kind":"O","text":"[test:jest] PASS lib/test/unit/fileSystemAccessTreeAccessors.test.js (duration: 1.592s, 44 passed, 0 failed)\n"}
24
+ {"kind":"O","text":"[test:jest] START lib/test/unit/browserCryptoProvider.wrapBytes.test.js\n"}
25
+ {"kind":"O","text":"[test:jest] PASS lib/test/unit/fileApiTypes.test.js (duration: 1.647s, 36 passed, 0 failed)\n"}
24
26
  {"kind":"O","text":"[test:jest] START lib/test/unit/directoryHandleStore.test.js\n"}
25
- {"kind":"O","text":"[test:jest] PASS lib/test/unit/fileApiTypes.test.js (duration: 1.259s, 36 passed, 0 failed)\n"}
27
+ {"kind":"O","text":"[test:jest] PASS lib/test/unit/fileTreeHelpers.test.js (duration: 2.006s, 35 passed, 0 failed)\n"}
26
28
  {"kind":"O","text":"[test:jest] START lib/test/unit/browserHashProvider.test.js\n"}
27
- {"kind":"O","text":"[test:jest] PASS lib/test/unit/fileTreeHelpers.test.js (duration: 2.305s, 35 passed, 0 failed)\n"}
28
- {"kind":"O","text":"[test:jest] PASS lib/test/unit/urlParams.test.js (duration: 1.871s, 60 passed, 0 failed)\n"}
29
- {"kind":"O","text":"[test:jest] PASS lib/test/unit/directoryHandleStore.test.js (duration: 1.696s, 19 passed, 0 failed)\n"}
30
- {"kind":"O","text":"[test:jest] PASS lib/test/unit/browserHashProvider.test.js (duration: 1.902s, 15 passed, 0 failed)\n"}
29
+ {"kind":"O","text":"[test:jest] PASS lib/test/unit/directoryHandleStore.test.js (duration: 1.362s, 19 passed, 0 failed)\n"}
30
+ {"kind":"O","text":"[test:jest] PASS lib/test/unit/urlParams.test.js (duration: 1.974s, 60 passed, 0 failed)\n"}
31
+ {"kind":"O","text":"[test:jest] PASS lib/test/unit/browserCryptoProvider.wrapBytes.test.js (duration: 2.015s, 26 passed, 0 failed)\n"}
32
+ {"kind":"O","text":"[test:jest] PASS lib/test/unit/browserHashProvider.test.js (duration: 1.383s, 15 passed, 0 failed)\n"}
31
33
  {"kind":"O","text":"[test:jest] \n"}
32
34
  {"kind":"O","text":"[test:jest] Tests finished:\n"}
33
- {"kind":"O","text":"[test:jest] Successes: 379\n"}
35
+ {"kind":"O","text":"[test:jest] Successes: 405\n"}
34
36
  {"kind":"O","text":"[test:jest] Failures: 0\n"}
35
- {"kind":"O","text":"[test:jest] Total: 380\n"}
37
+ {"kind":"O","text":"[test:jest] Total: 406\n"}
36
38
  {"kind":"O","text":"-----------------------------------|---------|----------|---------|---------|-------------------\n"}
37
39
  {"kind":"O","text":"File | % Stmts | % Branch | % Funcs | % Lines | Uncovered Line #s \n"}
38
40
  {"kind":"O","text":"-----------------------------------|---------|----------|---------|---------|-------------------\n"}
39
- {"kind":"O","text":"All files | 100 | 99.62 | 100 | 100 | \n"}
41
+ {"kind":"O","text":"All files | 100 | 99.64 | 100 | 100 | \n"}
40
42
  {"kind":"O","text":" crypto-utils | 100 | 100 | 100 | 100 | \n"}
41
43
  {"kind":"O","text":" browserCryptoProvider.ts | 100 | 100 | 100 | 100 | \n"}
42
44
  {"kind":"O","text":" browserHashProvider.ts | 100 | 100 | 100 | 100 | \n"}
@@ -51,5 +53,5 @@
51
53
  {"kind":"O","text":" url-utils | 100 | 100 | 100 | 100 | \n"}
52
54
  {"kind":"O","text":" urlParams.ts | 100 | 100 | 100 | 100 | \n"}
53
55
  {"kind":"O","text":"-----------------------------------|---------|----------|---------|---------|-------------------\n"}
54
- {"kind":"O","text":" ---- test finished (9.403s) ---- \n"}
55
- {"kind":"O","text":"-------------------- Finished (33.476s) --------------------\n"}
56
+ {"kind":"O","text":" ---- test finished (9.881s) ---- \n"}
57
+ {"kind":"O","text":"-------------------- Finished (33.035s) --------------------\n"}
package/.rush/temp/operation/build/state.json CHANGED
@@ -1,3 +1,3 @@
1
1
  {
2
- "nonCachedDurationMs": 34138.17083
2
+ "nonCachedDurationMs": 33858.300957
3
3
  }
package/dist/packlets/crypto-utils/browserCryptoProvider.js CHANGED
@@ -17,10 +17,9 @@
17
17
  // LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
18
18
  // OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
19
19
  // SOFTWARE.
20
- /* c8 ignore start - Browser-only implementation cannot be tested in Node.js environment */
21
- import { captureResult, fail, Failure, succeed, Success } from '@fgv/ts-utils';
20
+ import { captureAsyncResult, captureResult, fail, Failure, succeed, Success } from '@fgv/ts-utils';
22
21
  import { CryptoUtils } from '@fgv/ts-extras';
23
- const CryptoConstants = CryptoUtils.Constants;
22
+ /* c8 ignore start - Used only by browser-only methods that cannot be tested in Node.js environment */
24
23
  /**
25
24
  * Extracts an `ArrayBuffer` from a Uint8Array, handling the potential SharedArrayBuffer case.
26
25
  * @param arr - The Uint8Array to extract from
@@ -32,6 +31,24 @@ function toArrayBuffer(arr) {
32
31
  new Uint8Array(buffer).set(arr);
33
32
  return buffer;
34
33
  }
34
+ /* c8 ignore stop */
35
+ /**
36
+ * Returns a fresh Uint8Array view over a non-shared ArrayBuffer copy of `arr`.
37
+ * Used by {@link BrowserCryptoProvider.wrapBytes | wrapBytes} and
38
+ * {@link BrowserCryptoProvider.unwrapBytes | unwrapBytes}: Node 20's
39
+ * webcrypto.subtle rejects raw `ArrayBuffer` for several `BufferSource`
40
+ * parameters with "is not instance of ArrayBuffer, Buffer, TypedArray, or
41
+ * DataView" even though `ArrayBuffer` should be valid per the spec; a
42
+ * TypedArray view is accepted on Node 20+ and on browsers, and the explicit
43
+ * `Uint8Array<ArrayBuffer>` return type also satisfies TypeScript's `BufferSource`
44
+ * (which excludes the `SharedArrayBuffer` branch of `Uint8Array`'s buffer type).
45
+ */
46
+ function toBufferView(arr) {
47
+ const buffer = new ArrayBuffer(arr.byteLength);
48
+ const view = new Uint8Array(buffer);
49
+ view.set(arr);
50
+ return view;
51
+ }
35
52
  /**
36
53
  * Browser implementation of `ICryptoProvider` using the Web Crypto API.
37
54
  * Uses AES-256-GCM for authenticated encryption.
@@ -42,6 +59,7 @@ function toArrayBuffer(arr) {
42
59
  * @public
43
60
  */
44
61
  export class BrowserCryptoProvider {
62
+ /* c8 ignore start - Existing browser-only methods cannot be tested in Node.js environment */
45
63
  /**
46
64
  * Creates a new {@link CryptoUtils.BrowserCryptoProvider | BrowserCryptoProvider}.
47
65
  * @param cryptoApi - Optional Crypto instance (defaults to globalThis.crypto)
@@ -67,12 +85,12 @@ export class BrowserCryptoProvider {
67
85
  * @returns `Success` with encryption result, or `Failure` with an error.
68
86
  */
69
87
  async encrypt(plaintext, key) {
70
- if (key.length !== CryptoConstants.AES_256_KEY_SIZE) {
71
- return Failure.with(`Key must be ${CryptoConstants.AES_256_KEY_SIZE} bytes, got ${key.length}`);
88
+ if (key.length !== CryptoUtils.Constants.AES_256_KEY_SIZE) {
89
+ return Failure.with(`Key must be ${CryptoUtils.Constants.AES_256_KEY_SIZE} bytes, got ${key.length}`);
72
90
  }
73
91
  try {
74
92
  // Generate random IV
75
- const iv = this._crypto.getRandomValues(new Uint8Array(CryptoConstants.GCM_IV_SIZE));
93
+ const iv = this._crypto.getRandomValues(new Uint8Array(CryptoUtils.Constants.GCM_IV_SIZE));
76
94
  // Import the key
77
95
  const cryptoKey = await this._crypto.subtle.importKey('raw', toArrayBuffer(key), { name: 'AES-GCM' }, false, ['encrypt']);
78
96
  // Encode plaintext to bytes
@@ -82,12 +100,12 @@ export class BrowserCryptoProvider {
82
100
  const encryptedWithTag = await this._crypto.subtle.encrypt({
83
101
  name: 'AES-GCM',
84
102
  iv: iv,
85
- tagLength: CryptoConstants.GCM_AUTH_TAG_SIZE * 8 // bits
103
+ tagLength: CryptoUtils.Constants.GCM_AUTH_TAG_SIZE * 8 // bits
86
104
  }, cryptoKey, plaintextBytes);
87
105
  // Split ciphertext and auth tag (auth tag is last 16 bytes)
88
106
  const encryptedArray = new Uint8Array(encryptedWithTag);
89
- const encryptedData = encryptedArray.slice(0, encryptedArray.length - CryptoConstants.GCM_AUTH_TAG_SIZE);
90
- const authTag = encryptedArray.slice(encryptedArray.length - CryptoConstants.GCM_AUTH_TAG_SIZE);
107
+ const encryptedData = encryptedArray.slice(0, encryptedArray.length - CryptoUtils.Constants.GCM_AUTH_TAG_SIZE);
108
+ const authTag = encryptedArray.slice(encryptedArray.length - CryptoUtils.Constants.GCM_AUTH_TAG_SIZE);
91
109
  return Success.with({
92
110
  iv,
93
111
  authTag,
@@ -108,14 +126,14 @@ export class BrowserCryptoProvider {
108
126
  * @returns `Success` with decrypted UTF-8 string, or `Failure` with an error.
109
127
  */
110
128
  async decrypt(encryptedData, key, iv, authTag) {
111
- if (key.length !== CryptoConstants.AES_256_KEY_SIZE) {
112
- return Failure.with(`Key must be ${CryptoConstants.AES_256_KEY_SIZE} bytes, got ${key.length}`);
129
+ if (key.length !== CryptoUtils.Constants.AES_256_KEY_SIZE) {
130
+ return Failure.with(`Key must be ${CryptoUtils.Constants.AES_256_KEY_SIZE} bytes, got ${key.length}`);
113
131
  }
114
- if (iv.length !== CryptoConstants.GCM_IV_SIZE) {
115
- return Failure.with(`IV must be ${CryptoConstants.GCM_IV_SIZE} bytes, got ${iv.length}`);
132
+ if (iv.length !== CryptoUtils.Constants.GCM_IV_SIZE) {
133
+ return Failure.with(`IV must be ${CryptoUtils.Constants.GCM_IV_SIZE} bytes, got ${iv.length}`);
116
134
  }
117
- if (authTag.length !== CryptoConstants.GCM_AUTH_TAG_SIZE) {
118
- return Failure.with(`Auth tag must be ${CryptoConstants.GCM_AUTH_TAG_SIZE} bytes, got ${authTag.length}`);
135
+ if (authTag.length !== CryptoUtils.Constants.GCM_AUTH_TAG_SIZE) {
136
+ return Failure.with(`Auth tag must be ${CryptoUtils.Constants.GCM_AUTH_TAG_SIZE} bytes, got ${authTag.length}`);
119
137
  }
120
138
  try {
121
139
  // Import the key
@@ -128,7 +146,7 @@ export class BrowserCryptoProvider {
128
146
  const decrypted = await this._crypto.subtle.decrypt({
129
147
  name: 'AES-GCM',
130
148
  iv: toArrayBuffer(iv),
131
- tagLength: CryptoConstants.GCM_AUTH_TAG_SIZE * 8 // bits
149
+ tagLength: CryptoUtils.Constants.GCM_AUTH_TAG_SIZE * 8 // bits
132
150
  }, cryptoKey, encryptedWithTag);
133
151
  // Decode to string
134
152
  const decoder = new TextDecoder();
@@ -145,7 +163,7 @@ export class BrowserCryptoProvider {
145
163
  */
146
164
  async generateKey() {
147
165
  try {
148
- return Success.with(this._crypto.getRandomValues(new Uint8Array(CryptoConstants.AES_256_KEY_SIZE)));
166
+ return Success.with(this._crypto.getRandomValues(new Uint8Array(CryptoUtils.Constants.AES_256_KEY_SIZE)));
149
167
  }
150
168
  catch (e) {
151
169
  const message = e instanceof Error ? e.message : String(e);
@@ -180,7 +198,7 @@ export class BrowserCryptoProvider {
180
198
  salt: toArrayBuffer(salt),
181
199
  iterations: iterations,
182
200
  hash: 'SHA-256'
183
- }, keyMaterial, CryptoConstants.AES_256_KEY_SIZE * 8 // bits
201
+ }, keyMaterial, CryptoUtils.Constants.AES_256_KEY_SIZE * 8 // bits
184
202
  );
185
203
  return Success.with(new Uint8Array(derivedBits));
186
204
  }
@@ -261,7 +279,147 @@ export class BrowserCryptoProvider {
261
279
  return Failure.with('Invalid base64 string');
262
280
  }
263
281
  }
282
+ // ============================================================================
283
+ // Asymmetric Key Operations
284
+ // ============================================================================
285
+ /**
286
+ * Generates a new asymmetric keypair via Web Crypto.
287
+ * @param algorithm - The algorithm to use.
288
+ * @param extractable - Whether the resulting keys may be exported.
289
+ * @returns `Success` with the generated `CryptoKeyPair`, or `Failure` with an error.
290
+ */
291
+ async generateKeyPair(algorithm, extractable) {
292
+ const params = CryptoUtils.keyPairAlgorithmParams[algorithm];
293
+ const result = await captureAsyncResult(() => this._crypto.subtle.generateKey(params.generateKey, extractable, params.keyPairUsages));
294
+ return result.withErrorFormat((e) => `Failed to generate ${algorithm} keypair: ${e}`);
295
+ }
296
+ /**
297
+ * Exports a public `CryptoKey` as a JSON Web Key.
298
+ * @remarks
299
+ * Rejects non-public keys at runtime. WebCrypto's `exportKey('jwk', ...)`
300
+ * does not enforce public-vs-private; without this guard a caller that
301
+ * passed an extractable private key would receive its private fields
302
+ * (`d`, `p`, `q`, ...) as JWK, defeating the method's name.
303
+ * @param publicKey - Extractable public key to export.
304
+ * @returns `Success` with the JWK, or `Failure` if not a public key or if export fails.
305
+ */
306
+ async exportPublicKeyJwk(publicKey) {
307
+ if (publicKey.type !== 'public') {
308
+ return Failure.with(`exportPublicKeyJwk requires a public CryptoKey, got '${publicKey.type}'`);
309
+ }
310
+ const result = await captureAsyncResult(() => this._crypto.subtle.exportKey('jwk', publicKey));
311
+ return result.withErrorFormat((e) => `Failed to export public key as JWK: ${e}`);
312
+ }
313
+ /**
314
+ * Imports a public-key JWK as a `CryptoKey` for the requested algorithm.
315
+ * @param jwk - The JSON Web Key produced by a prior export.
316
+ * @param algorithm - The algorithm the key was generated for.
317
+ * @returns `Success` with the imported public `CryptoKey`, or `Failure` with an error.
318
+ */
319
+ async importPublicKeyJwk(jwk, algorithm) {
320
+ const params = CryptoUtils.keyPairAlgorithmParams[algorithm];
321
+ const result = await captureAsyncResult(() => this._crypto.subtle.importKey('jwk', jwk, params.importPublicKey, true, params.publicKeyUsages));
322
+ return result.withErrorFormat((e) => `Failed to import ${algorithm} public key from JWK: ${e}`);
323
+ }
324
+ /* c8 ignore stop */
325
+ /**
326
+ * Wraps `plaintext` for the holder of `recipientPublicKey` using
327
+ * ECIES (ECDH P-256 + HKDF-SHA256 + AES-GCM-256). See
328
+ * {@link CryptoUtils.ICryptoProvider.wrapBytes | ICryptoProvider.wrapBytes}.
329
+ * @param plaintext - The bytes to wrap.
330
+ * @param recipientPublicKey - The recipient's ECDH P-256 public `CryptoKey`.
331
+ * @param options - HKDF salt and info; see {@link CryptoUtils.IWrapBytesOptions | IWrapBytesOptions}.
332
+ * @returns `Success` with the wrapped payload, or `Failure` with an error.
333
+ */
334
+ async wrapBytes(plaintext, recipientPublicKey, options) {
335
+ const recipientCheck = checkEcdhP256(recipientPublicKey, 'public', 'recipient public key');
336
+ if (recipientCheck.isFailure()) {
337
+ return Failure.with(`wrapBytes failed: ${recipientCheck.message}`);
338
+ }
339
+ const subtle = this._crypto.subtle;
340
+ const result = await captureAsyncResult(async () => {
341
+ const ephemeral = (await subtle.generateKey({ name: 'ECDH', namedCurve: 'P-256' }, true, [
342
+ 'deriveKey'
343
+ ]));
344
+ const hkdfBase = await subtle.deriveKey({ name: 'ECDH', public: recipientPublicKey }, ephemeral.privateKey, { name: 'HKDF' }, false, ['deriveKey']);
345
+ const wrapKey = await subtle.deriveKey({ name: 'HKDF', salt: toBufferView(options.salt), info: toBufferView(options.info), hash: 'SHA-256' }, hkdfBase, { name: 'AES-GCM', length: 256 }, false, ['encrypt']);
346
+ const nonce = this._crypto.getRandomValues(new Uint8Array(CryptoUtils.Constants.GCM_IV_SIZE));
347
+ const ctBuf = await subtle.encrypt({ name: 'AES-GCM', iv: nonce }, wrapKey, toBufferView(plaintext));
348
+ const ephemeralPublicKey = await subtle.exportKey('jwk', ephemeral.publicKey);
349
+ return {
350
+ ephemeralPublicKey,
351
+ nonce: this.toBase64(nonce),
352
+ ciphertext: this.toBase64(new Uint8Array(ctBuf))
353
+ };
354
+ });
355
+ return result.withErrorFormat((e) => `wrapBytes failed: ${e}`);
356
+ }
357
+ /**
358
+ * Unwraps a payload produced by `wrapBytes` using the recipient's private
359
+ * key. See {@link CryptoUtils.ICryptoProvider.unwrapBytes | ICryptoProvider.unwrapBytes}.
360
+ * @param wrapped - The wrapped payload.
361
+ * @param recipientPrivateKey - The recipient's ECDH P-256 private `CryptoKey`.
362
+ * @param options - HKDF salt and info matching the wrap call.
363
+ * @returns `Success` with the original `plaintext`, or `Failure` with an error.
364
+ */
365
+ async unwrapBytes(wrapped, recipientPrivateKey, options) {
366
+ const recipientCheck = checkEcdhP256(recipientPrivateKey, 'private', 'recipient private key');
367
+ if (recipientCheck.isFailure()) {
368
+ return Failure.with(`unwrapBytes failed: ${recipientCheck.message}`);
369
+ }
370
+ const nonceResult = this.fromBase64(wrapped.nonce);
371
+ if (nonceResult.isFailure()) {
372
+ return Failure.with(`unwrapBytes failed: nonce: ${nonceResult.message}`);
373
+ }
374
+ if (nonceResult.value.length !== CryptoUtils.Constants.GCM_IV_SIZE) {
375
+ return Failure.with(`unwrapBytes failed: nonce must be ${CryptoUtils.Constants.GCM_IV_SIZE} bytes (got ${nonceResult.value.length})`);
376
+ }
377
+ const ciphertextResult = this.fromBase64(wrapped.ciphertext);
378
+ if (ciphertextResult.isFailure()) {
379
+ return Failure.with(`unwrapBytes failed: ciphertext: ${ciphertextResult.message}`);
380
+ }
381
+ if (ciphertextResult.value.length < CryptoUtils.Constants.GCM_AUTH_TAG_SIZE) {
382
+ return Failure.with(`unwrapBytes failed: ciphertext must be at least ${CryptoUtils.Constants.GCM_AUTH_TAG_SIZE} bytes (got ${ciphertextResult.value.length})`);
383
+ }
384
+ const subtle = this._crypto.subtle;
385
+ const result = await captureAsyncResult(async () => {
386
+ const ephemeralPub = await subtle.importKey('jwk', wrapped.ephemeralPublicKey, { name: 'ECDH', namedCurve: 'P-256' }, false, []);
387
+ const hkdfBase = await subtle.deriveKey({ name: 'ECDH', public: ephemeralPub }, recipientPrivateKey, { name: 'HKDF' }, false, ['deriveKey']);
388
+ const wrapKey = await subtle.deriveKey({ name: 'HKDF', salt: toBufferView(options.salt), info: toBufferView(options.info), hash: 'SHA-256' }, hkdfBase, { name: 'AES-GCM', length: 256 }, false, ['decrypt']);
389
+ const ptBuf = await subtle.decrypt({ name: 'AES-GCM', iv: toBufferView(nonceResult.value) }, wrapKey, toBufferView(ciphertextResult.value));
390
+ return new Uint8Array(ptBuf);
391
+ });
392
+ return result.withErrorFormat((e) => `unwrapBytes failed: ${e}`);
393
+ }
394
+ }
395
+ /**
396
+ * Verifies that `key` is an ECDH P-256 `CryptoKey` of the expected `keyType`
397
+ * (public or private). Used by the wrap/unwrap methods to surface a clean
398
+ * `Failure` instead of letting the WebCrypto deriveKey call throw a less
399
+ * informative error later in the pipeline. Key usages are intentionally not
400
+ * checked here: WebCrypto already produces a specific error if `deriveKey` is
401
+ * not in `usages`, and `deriveBits` is an equally valid alternative usage that
402
+ * an explicit check would have to track.
403
+ * @param key - The CryptoKey to validate.
404
+ * @param keyType - The required `key.type` ('public' for wrap, 'private' for unwrap).
405
+ * @param label - Human-readable role label included in the failure message.
406
+ * @returns `Success` with the key (unchanged) when the algorithm, curve, and
407
+ * type all match; otherwise `Failure` with `<label> must be ECDH P-256 (...)`.
408
+ */
409
+ function checkEcdhP256(key, keyType, label) {
410
+ if (key.algorithm.name !== 'ECDH') {
411
+ return Failure.with(`${label} must be ECDH P-256 (got algorithm '${key.algorithm.name}')`);
412
+ }
413
+ const namedCurve = key.algorithm.namedCurve;
414
+ if (namedCurve !== 'P-256') {
415
+ return Failure.with(`${label} must be ECDH P-256 (got curve '${namedCurve}')`);
416
+ }
417
+ if (key.type !== keyType) {
418
+ return Failure.with(`${label} must be a ${keyType} CryptoKey (got '${key.type}')`);
419
+ }
420
+ return succeed(key);
264
421
  }
422
+ /* c8 ignore start - Constructs a provider; only meaningful in a real browser environment */
265
423
  /**
266
424
  * Creates a {@link CryptoUtils.BrowserCryptoProvider | BrowserCryptoProvider} if Web
267
425
  * Crypto API is available.