Commit iniziale

2025-02-18 22:59:07 +00:00
commit 4bbf35cefb
6879 changed files with 623784 additions and 0 deletions
--- a/node_modules/@azure/keyvault-keys/dist/commonjs/cryptography/aesCryptographyProvider.d.ts
+++ b/node_modules/@azure/keyvault-keys/dist/commonjs/cryptography/aesCryptographyProvider.d.ts
@@ -0,0 +1,32 @@
+import { OperationOptions } from "@azure/core-client";
+import { AesCbcEncryptParameters, DecryptOptions, DecryptResult, EncryptOptions, EncryptResult, JsonWebKey, KeyWrapAlgorithm, SignOptions, SignResult, UnwrapKeyOptions, UnwrapResult, VerifyOptions, VerifyResult, WrapKeyOptions, WrapResult } from "../index.js";
+import { AesCbcDecryptParameters } from "../cryptographyClientModels.js";
+import { CryptographyProvider, CryptographyProviderOperation } from "./models.js";
+/**
+ * An AES cryptography provider supporting AES algorithms.
+ * @internal
+ */
+export declare class AesCryptographyProvider implements CryptographyProvider {
+    private key;
+    constructor(key: JsonWebKey);
+    encrypt(encryptParameters: AesCbcEncryptParameters, _options?: EncryptOptions): Promise<EncryptResult>;
+    decrypt(decryptParameters: AesCbcDecryptParameters, _options?: DecryptOptions): Promise<DecryptResult>;
+    isSupported(algorithm: string, operation: CryptographyProviderOperation): boolean;
+    /**
+     * The set of algorithms this provider supports.
+     * For AES encryption, the values include the underlying algorithm used in crypto
+     * as well as the key size in bytes.
+     *
+     * We start with support for A[SIZE]CBCPAD which uses the PKCS padding (the default padding scheme in node crypto)
+     */
+    private supportedAlgorithms;
+    private supportedOperations;
+    wrapKey(_algorithm: KeyWrapAlgorithm, _keyToWrap: Uint8Array, _options?: WrapKeyOptions): Promise<WrapResult>;
+    unwrapKey(_algorithm: KeyWrapAlgorithm, _encryptedKey: Uint8Array, _options?: UnwrapKeyOptions): Promise<UnwrapResult>;
+    sign(_algorithm: string, _digest: Uint8Array, _options?: SignOptions): Promise<SignResult>;
+    signData(_algorithm: string, _data: Uint8Array, _options?: SignOptions): Promise<SignResult>;
+    verify(_algorithm: string, _digest: Uint8Array, _signature: Uint8Array, _options?: VerifyOptions): Promise<VerifyResult>;
+    verifyData(_algorithm: string, _data: Uint8Array, _signature: Uint8Array, _updatedOptions: OperationOptions): Promise<VerifyResult>;
+    private ensureValid;
+}
+//# sourceMappingURL=aesCryptographyProvider.d.ts.map
--- a/node_modules/@azure/keyvault-keys/dist/commonjs/cryptography/aesCryptographyProvider.d.ts.map
+++ b/node_modules/@azure/keyvault-keys/dist/commonjs/cryptography/aesCryptographyProvider.d.ts.map
@@ -0,0 +1 @@
+{"version":3,"file":"aesCryptographyProvider.d.ts","sourceRoot":"","sources":["../../../src/cryptography/aesCryptographyProvider.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AAEtD,OAAO,EACL,uBAAuB,EACvB,cAAc,EACd,aAAa,EACb,cAAc,EACd,aAAa,EACb,UAAU,EACV,gBAAgB,EAChB,WAAW,EACX,UAAU,EACV,gBAAgB,EAChB,YAAY,EACZ,aAAa,EACb,YAAY,EACZ,cAAc,EACd,UAAU,EACX,MAAM,aAAa,CAAC;AACrB,OAAO,EAAE,uBAAuB,EAAE,MAAM,gCAAgC,CAAC;AACzE,OAAO,EACL,oBAAoB,EACpB,6BAA6B,EAE9B,MAAM,aAAa,CAAC;AAErB;;;GAGG;AACH,qBAAa,uBAAwB,YAAW,oBAAoB;IAClE,OAAO,CAAC,GAAG,CAAa;gBACZ,GAAG,EAAE,UAAU;IAG3B,OAAO,CACL,iBAAiB,EAAE,uBAAuB,EAC1C,QAAQ,CAAC,EAAE,cAAc,GACxB,OAAO,CAAC,aAAa,CAAC;IAiBzB,OAAO,CACL,iBAAiB,EAAE,uBAAuB,EAC1C,QAAQ,CAAC,EAAE,cAAc,GACxB,OAAO,CAAC,aAAa,CAAC;IAmBzB,WAAW,CAAC,SAAS,EAAE,MAAM,EAAE,SAAS,EAAE,6BAA6B,GAAG,OAAO;IAgBjF;;;;;;OAMG;IACH,OAAO,CAAC,mBAAmB,CAazB;IAEF,OAAO,CAAC,mBAAmB,CAA2D;IAEtF,OAAO,CACL,UAAU,EAAE,gBAAgB,EAC5B,UAAU,EAAE,UAAU,EACtB,QAAQ,CAAC,EAAE,cAAc,GACxB,OAAO,CAAC,UAAU,CAAC;IAMtB,SAAS,CACP,UAAU,EAAE,gBAAgB,EAC5B,aAAa,EAAE,UAAU,EACzB,QAAQ,CAAC,EAAE,gBAAgB,GAC1B,OAAO,CAAC,YAAY,CAAC;IAMxB,IAAI,CAAC,UAAU,EAAE,MAAM,EAAE,OAAO,EAAE,UAAU,EAAE,QAAQ,CAAC,EAAE,WAAW,GAAG,OAAO,CAAC,UAAU,CAAC;IAM1F,QAAQ,CAAC,UAAU,EAAE,MAAM,EAAE,KAAK,EAAE,UAAU,EAAE,QAAQ,CAAC,EAAE,WAAW,GAAG,OAAO,CAAC,UAAU,CAAC;IAM5F,MAAM,CACJ,UAAU,EAAE,MAAM,EAClB,OAAO,EAAE,UAAU,EACnB,UAAU,EAAE,UAAU,EACtB,QAAQ,CAAC,EAAE,aAAa,GACvB,OAAO,CAAC,YAAY,CAAC;IAKxB,UAAU,CACR,UAAU,EAAE,MAAM,EAClB,KAAK,EAAE,UAAU,EACjB,UAAU,EAAE,UAAU,EACtB,eAAe,EAAE,gBAAgB,GAChC,OAAO,CAAC,YAAY,CAAC;IAMxB,OAAO,CAAC,WAAW;CAiBpB"}
--- a/node_modules/@azure/keyvault-keys/dist/commonjs/cryptography/aesCryptographyProvider.js
+++ b/node_modules/@azure/keyvault-keys/dist/commonjs/cryptography/aesCryptographyProvider.js
@@ -0,0 +1,109 @@
+"use strict";
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT License.
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AesCryptographyProvider = void 0;
+const tslib_1 = require("tslib");
+const crypto = tslib_1.__importStar(require("node:crypto"));
+const models_js_1 = require("./models.js");
+/**
+ * An AES cryptography provider supporting AES algorithms.
+ * @internal
+ */
+class AesCryptographyProvider {
+    constructor(key) {
+        /**
+         * The set of algorithms this provider supports.
+         * For AES encryption, the values include the underlying algorithm used in crypto
+         * as well as the key size in bytes.
+         *
+         * We start with support for A[SIZE]CBCPAD which uses the PKCS padding (the default padding scheme in node crypto)
+         */
+        this.supportedAlgorithms = {
+            A128CBCPAD: {
+                algorithm: "aes-128-cbc",
+                keySizeInBytes: 128 >> 3,
+            },
+            A192CBCPAD: {
+                algorithm: "aes-192-cbc",
+                keySizeInBytes: 192 >> 3,
+            },
+            A256CBCPAD: {
+                algorithm: "aes-256-cbc",
+                keySizeInBytes: 256 >> 3,
+            },
+        };
+        this.supportedOperations = ["encrypt", "decrypt"];
+        this.key = key;
+    }
+    encrypt(encryptParameters, _options) {
+        const { algorithm, keySizeInBytes } = this.supportedAlgorithms[encryptParameters.algorithm];
+        const iv = encryptParameters.iv || crypto.randomBytes(16);
+        this.ensureValid(keySizeInBytes);
+        const cipher = crypto.createCipheriv(algorithm, this.key.k.subarray(0, keySizeInBytes), iv);
+        let encrypted = cipher.update(Buffer.from(encryptParameters.plaintext));
+        encrypted = Buffer.concat([encrypted, cipher.final()]);
+        return Promise.resolve({
+            algorithm: encryptParameters.algorithm,
+            result: encrypted,
+            iv: iv,
+        });
+    }
+    decrypt(decryptParameters, _options) {
+        const { algorithm, keySizeInBytes } = this.supportedAlgorithms[decryptParameters.algorithm];
+        this.ensureValid(keySizeInBytes);
+        const decipher = crypto.createDecipheriv(algorithm, this.key.k.subarray(0, keySizeInBytes), decryptParameters.iv);
+        let dec = decipher.update(Buffer.from(decryptParameters.ciphertext));
+        dec = Buffer.concat([dec, decipher.final()]);
+        return Promise.resolve({
+            algorithm: decryptParameters.algorithm,
+            result: dec,
+        });
+    }
+    isSupported(algorithm, operation) {
+        if (!this.key.k) {
+            return false;
+        }
+        if (!Object.keys(this.supportedAlgorithms).includes(algorithm)) {
+            return false;
+        }
+        if (!this.supportedOperations.includes(operation)) {
+            return false;
+        }
+        return true;
+    }
+    wrapKey(_algorithm, _keyToWrap, _options) {
+        throw new models_js_1.LocalCryptographyUnsupportedError("Wrapping a key using a local JsonWebKey is not supported for AES.");
+    }
+    unwrapKey(_algorithm, _encryptedKey, _options) {
+        throw new models_js_1.LocalCryptographyUnsupportedError("Unwrapping a key using a local JsonWebKey is not supported for AES.");
+    }
+    sign(_algorithm, _digest, _options) {
+        throw new models_js_1.LocalCryptographyUnsupportedError("Signing using a local JsonWebKey is not supported for AES.");
+    }
+    signData(_algorithm, _data, _options) {
+        throw new models_js_1.LocalCryptographyUnsupportedError("Signing using a local JsonWebKey is not supported for AES.");
+    }
+    verify(_algorithm, _digest, _signature, _options) {
+        throw new models_js_1.LocalCryptographyUnsupportedError("Verifying using a local JsonWebKey is not supported for AES.");
+    }
+    verifyData(_algorithm, _data, _signature, _updatedOptions) {
+        throw new models_js_1.LocalCryptographyUnsupportedError("Verifying using a local JsonWebKey is not supported for AES.");
+    }
+    ensureValid(keySizeInBytes) {
+        var _a, _b;
+        if (this.key &&
+            ((_a = this.key.kty) === null || _a === void 0 ? void 0 : _a.toUpperCase()) !== "OCT" &&
+            ((_b = this.key.kty) === null || _b === void 0 ? void 0 : _b.toUpperCase()) !== "OCT-HSM") {
+            throw new Error("Key type does not match the key type oct or oct-hsm");
+        }
+        if (!this.key.k) {
+            throw new Error("Symmetric key is required");
+        }
+        if (this.key.k.length < keySizeInBytes) {
+            throw new Error(`Key must be at least ${keySizeInBytes << 3} bits`);
+        }
+    }
+}
+exports.AesCryptographyProvider = AesCryptographyProvider;
+//# sourceMappingURL=aesCryptographyProvider.js.map
--- a/node_modules/@azure/keyvault-keys/dist/commonjs/cryptography/aesCryptographyProvider.js.map
+++ b/node_modules/@azure/keyvault-keys/dist/commonjs/cryptography/aesCryptographyProvider.js.map
--- a/node_modules/@azure/keyvault-keys/dist/commonjs/cryptography/conversions.d.ts
+++ b/node_modules/@azure/keyvault-keys/dist/commonjs/cryptography/conversions.d.ts
@@ -0,0 +1,8 @@
+import { JsonWebKey } from "../keysModels.js";
+/**
+ * @internal
+ * Encode a JWK to PEM format. To do so, it internally repackages the JWK as a DER
+ * that is then encoded as a PEM.
+ */
+export declare function convertJWKtoPEM(key: JsonWebKey): string;
+//# sourceMappingURL=conversions.d.ts.map
--- a/node_modules/@azure/keyvault-keys/dist/commonjs/cryptography/conversions.d.ts.map
+++ b/node_modules/@azure/keyvault-keys/dist/commonjs/cryptography/conversions.d.ts.map
@@ -0,0 +1 @@
+{"version":3,"file":"conversions.d.ts","sourceRoot":"","sources":["../../../src/cryptography/conversions.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAqF9C;;;;GAIG;AACH,wBAAgB,eAAe,CAAC,GAAG,EAAE,UAAU,GAAG,MAAM,CAiBvD"}
--- a/node_modules/@azure/keyvault-keys/dist/commonjs/cryptography/conversions.js
+++ b/node_modules/@azure/keyvault-keys/dist/commonjs/cryptography/conversions.js
@@ -0,0 +1,102 @@
+"use strict";
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT License.
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.convertJWKtoPEM = convertJWKtoPEM;
+/**
+ * @internal
+ * Encodes a length of a packet in DER format
+ */
+function encodeLength(length) {
+    if (length <= 127) {
+        return Uint8Array.of(length);
+    }
+    else if (length < 256) {
+        return Uint8Array.of(0x81, length);
+    }
+    else if (length < 65536) {
+        return Uint8Array.of(0x82, length >> 8, length & 0xff);
+    }
+    else {
+        throw new Error("Unsupported length to encode");
+    }
+}
+/**
+ * @internal
+ * Encodes a buffer for DER, as sets the id to the given id
+ */
+function encodeBuffer(buffer, bufferId) {
+    if (buffer.length === 0) {
+        return buffer;
+    }
+    let result = new Uint8Array(buffer);
+    // If the high bit is set, prepend a 0
+    if (result[0] & 0x80) {
+        const array = new Uint8Array(result.length + 1);
+        array[0] = 0;
+        array.set(result, 1);
+        result = array;
+    }
+    // Prepend the DER header for this buffer
+    const encodedLength = encodeLength(result.length);
+    const totalLength = 1 + encodedLength.length + result.length;
+    const outputBuffer = new Uint8Array(totalLength);
+    outputBuffer[0] = bufferId;
+    outputBuffer.set(encodedLength, 1);
+    outputBuffer.set(result, 1 + encodedLength.length);
+    return outputBuffer;
+}
+function makeSequence(encodedParts) {
+    const totalLength = encodedParts.reduce((sum, part) => sum + part.length, 0);
+    const sequence = new Uint8Array(totalLength);
+    for (let i = 0; i < encodedParts.length; i++) {
+        const previousLength = i > 0 ? encodedParts[i - 1].length : 0;
+        sequence.set(encodedParts[i], previousLength);
+    }
+    const full_encoded = encodeBuffer(sequence, 0x30); // SEQUENCE
+    return Buffer.from(full_encoded).toString("base64");
+}
+/**
+ * Fill in the PEM with 64 character lines as per RFC:
+ *
+ * "To represent the encapsulated text of a PEM message, the encoding
+ * function's output is delimited into text lines (using local
+ * conventions), with each line except the last containing exactly 64
+ * printable characters and the final line containing 64 or fewer
+ * printable characters."
+ */
+function formatBase64Sequence(base64Sequence) {
+    const lines = base64Sequence.match(/.{1,64}/g);
+    let result = "";
+    if (lines) {
+        for (const line of lines) {
+            result += line;
+            result += "\n";
+        }
+    }
+    else {
+        throw new Error("Could not create correct PEM");
+    }
+    return result;
+}
+/**
+ * @internal
+ * Encode a JWK to PEM format. To do so, it internally repackages the JWK as a DER
+ * that is then encoded as a PEM.
+ */
+function convertJWKtoPEM(key) {
+    let result = "";
+    if (key.n && key.e) {
+        const parts = [key.n, key.e];
+        const encodedParts = parts.map((part) => encodeBuffer(part, 0x2)); // INTEGER
+        const base64Sequence = makeSequence(encodedParts);
+        result += "-----BEGIN RSA PUBLIC KEY-----\n";
+        result += formatBase64Sequence(base64Sequence);
+        result += "-----END RSA PUBLIC KEY-----\n";
+    }
+    if (!result.length) {
+        throw new Error("Unsupported key format for local operations");
+    }
+    return result.slice(0, -1); // Removing the last new line
+}
+//# sourceMappingURL=conversions.js.map
--- a/node_modules/@azure/keyvault-keys/dist/commonjs/cryptography/conversions.js.map
+++ b/node_modules/@azure/keyvault-keys/dist/commonjs/cryptography/conversions.js.map
--- a/node_modules/@azure/keyvault-keys/dist/commonjs/cryptography/crypto.d.ts
+++ b/node_modules/@azure/keyvault-keys/dist/commonjs/cryptography/crypto.d.ts
@@ -0,0 +1,17 @@
+import { Verify } from "node:crypto";
+/**
+ * @internal
+ * Use the platform-local hashing functionality
+ */
+export declare function createHash(algorithm: string, data: Uint8Array): Promise<Buffer>;
+/**
+ * @internal
+ * Use the platform-local verify functionality
+ */
+export declare function createVerify(algorithm: string, data: Uint8Array): Verify;
+/**
+ * @internal
+ * Use the platform-local randomBytes functionality
+ */
+export declare function randomBytes(length: number): Uint8Array;
+//# sourceMappingURL=crypto.d.ts.map
--- a/node_modules/@azure/keyvault-keys/dist/commonjs/cryptography/crypto.d.ts.map
+++ b/node_modules/@azure/keyvault-keys/dist/commonjs/cryptography/crypto.d.ts.map
@@ -0,0 +1 @@
+{"version":3,"file":"crypto.d.ts","sourceRoot":"","sources":["../../../src/cryptography/crypto.ts"],"names":[],"mappings":"AAGA,OAAO,EACL,MAAM,EAIP,MAAM,aAAa,CAAC;AAmBrB;;;GAGG;AACH,wBAAsB,UAAU,CAAC,SAAS,EAAE,MAAM,EAAE,IAAI,EAAE,UAAU,GAAG,OAAO,CAAC,MAAM,CAAC,CAarF;AAED;;;GAGG;AACH,wBAAgB,YAAY,CAAC,SAAS,EAAE,MAAM,EAAE,IAAI,EAAE,UAAU,GAAG,MAAM,CAaxE;AAED;;;GAGG;AACH,wBAAgB,WAAW,CAAC,MAAM,EAAE,MAAM,GAAG,UAAU,CAEtD"}
--- a/node_modules/@azure/keyvault-keys/dist/commonjs/cryptography/crypto.js
+++ b/node_modules/@azure/keyvault-keys/dist/commonjs/cryptography/crypto.js
@@ -0,0 +1,60 @@
+"use strict";
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT License.
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createHash = createHash;
+exports.createVerify = createVerify;
+exports.randomBytes = randomBytes;
+const node_crypto_1 = require("node:crypto");
+/**
+ * @internal
+ * Mapping between signature algorithms and their corresponding hash algorithms. Externally used for testing.
+ **/
+const algorithmToHashAlgorithm = {
+    ES256: "SHA256",
+    ES256K: "SHA256",
+    PS256: "SHA256",
+    RS256: "SHA256",
+    ES384: "SHA384",
+    PS384: "SHA384",
+    RS384: "SHA384",
+    ES512: "SHA512",
+    PS512: "SHA512",
+    RS512: "SHA512",
+};
+/**
+ * @internal
+ * Use the platform-local hashing functionality
+ */
+async function createHash(algorithm, data) {
+    const hashAlgorithm = algorithmToHashAlgorithm[algorithm];
+    if (!hashAlgorithm) {
+        throw new Error(`Invalid algorithm ${algorithm} passed to createHash. Supported algorithms: ${Object.keys(algorithmToHashAlgorithm).join(", ")}`);
+    }
+    const hash = (0, node_crypto_1.createHash)(hashAlgorithm);
+    hash.update(Buffer.from(data));
+    const digest = hash.digest();
+    return digest;
+}
+/**
+ * @internal
+ * Use the platform-local verify functionality
+ */
+function createVerify(algorithm, data) {
+    const verifyAlgorithm = algorithmToHashAlgorithm[algorithm];
+    if (!verifyAlgorithm) {
+        throw new Error(`Invalid algorithm ${algorithm} passed to createHash. Supported algorithms: ${Object.keys(algorithmToHashAlgorithm).join(", ")}`);
+    }
+    const verifier = (0, node_crypto_1.createVerify)(verifyAlgorithm);
+    verifier.update(Buffer.from(data));
+    verifier.end();
+    return verifier;
+}
+/**
+ * @internal
+ * Use the platform-local randomBytes functionality
+ */
+function randomBytes(length) {
+    return (0, node_crypto_1.randomBytes)(length);
+}
+//# sourceMappingURL=crypto.js.map
--- a/node_modules/@azure/keyvault-keys/dist/commonjs/cryptography/crypto.js.map
+++ b/node_modules/@azure/keyvault-keys/dist/commonjs/cryptography/crypto.js.map
@@ -0,0 +1 @@
+{"version":3,"file":"crypto.js","sourceRoot":"","sources":["../../../src/cryptography/crypto.ts"],"names":[],"mappings":";AAAA,uCAAuC;AACvC,kCAAkC;;AA8BlC,gCAaC;AAMD,oCAaC;AAMD,kCAEC;AApED,6CAKqB;AAErB;;;IAGI;AACJ,MAAM,wBAAwB,GAA4B;IACxD,KAAK,EAAE,QAAQ;IACf,MAAM,EAAE,QAAQ;IAChB,KAAK,EAAE,QAAQ;IACf,KAAK,EAAE,QAAQ;IACf,KAAK,EAAE,QAAQ;IACf,KAAK,EAAE,QAAQ;IACf,KAAK,EAAE,QAAQ;IACf,KAAK,EAAE,QAAQ;IACf,KAAK,EAAE,QAAQ;IACf,KAAK,EAAE,QAAQ;CAChB,CAAC;AAEF;;;GAGG;AACI,KAAK,UAAU,UAAU,CAAC,SAAiB,EAAE,IAAgB;IAClE,MAAM,aAAa,GAAG,wBAAwB,CAAC,SAAS,CAAC,CAAC;IAC1D,IAAI,CAAC,aAAa,EAAE,CAAC;QACnB,MAAM,IAAI,KAAK,CACb,qBAAqB,SAAS,gDAAgD,MAAM,CAAC,IAAI,CACvF,wBAAwB,CACzB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CACf,CAAC;IACJ,CAAC;IACD,MAAM,IAAI,GAAG,IAAA,wBAAgB,EAAC,aAAa,CAAC,CAAC;IAC7C,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;IAC/B,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC;IAC7B,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;GAGG;AACH,SAAgB,YAAY,CAAC,SAAiB,EAAE,IAAgB;IAC9D,MAAM,eAAe,GAAG,wBAAwB,CAAC,SAAS,CAAC,CAAC;IAC5D,IAAI,CAAC,eAAe,EAAE,CAAC;QACrB,MAAM,IAAI,KAAK,CACb,qBAAqB,SAAS,gDAAgD,MAAM,CAAC,IAAI,CACvF,wBAAwB,CACzB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CACf,CAAC;IACJ,CAAC;IACD,MAAM,QAAQ,GAAG,IAAA,0BAAkB,EAAC,eAAe,CAAC,CAAC;IACrD,QAAQ,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;IACnC,QAAQ,CAAC,GAAG,EAAE,CAAC;IACf,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;;GAGG;AACH,SAAgB,WAAW,CAAC,MAAc;IACxC,OAAO,IAAA,yBAAiB,EAAC,MAAM,CAAC,CAAC;AACnC,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport {\n  Verify,\n  createHash as cryptoCreateHash,\n  createVerify as cryptoCreateVerify,\n  randomBytes as cryptoRandomBytes,\n} from \"node:crypto\";\n\n/**\n * @internal\n * Mapping between signature algorithms and their corresponding hash algorithms. Externally used for testing.\n **/\nconst algorithmToHashAlgorithm: { [s: string]: string } = {\n  ES256: \"SHA256\",\n  ES256K: \"SHA256\",\n  PS256: \"SHA256\",\n  RS256: \"SHA256\",\n  ES384: \"SHA384\",\n  PS384: \"SHA384\",\n  RS384: \"SHA384\",\n  ES512: \"SHA512\",\n  PS512: \"SHA512\",\n  RS512: \"SHA512\",\n};\n\n/**\n * @internal\n * Use the platform-local hashing functionality\n */\nexport async function createHash(algorithm: string, data: Uint8Array): Promise<Buffer> {\n  const hashAlgorithm = algorithmToHashAlgorithm[algorithm];\n  if (!hashAlgorithm) {\n    throw new Error(\n      `Invalid algorithm ${algorithm} passed to createHash. Supported algorithms: ${Object.keys(\n        algorithmToHashAlgorithm,\n      ).join(\", \")}`,\n    );\n  }\n  const hash = cryptoCreateHash(hashAlgorithm);\n  hash.update(Buffer.from(data));\n  const digest = hash.digest();\n  return digest;\n}\n\n/**\n * @internal\n * Use the platform-local verify functionality\n */\nexport function createVerify(algorithm: string, data: Uint8Array): Verify {\n  const verifyAlgorithm = algorithmToHashAlgorithm[algorithm];\n  if (!verifyAlgorithm) {\n    throw new Error(\n      `Invalid algorithm ${algorithm} passed to createHash. Supported algorithms: ${Object.keys(\n        algorithmToHashAlgorithm,\n      ).join(\", \")}`,\n    );\n  }\n  const verifier = cryptoCreateVerify(verifyAlgorithm);\n  verifier.update(Buffer.from(data));\n  verifier.end();\n  return verifier;\n}\n\n/**\n * @internal\n * Use the platform-local randomBytes functionality\n */\nexport function randomBytes(length: number): Uint8Array {\n  return cryptoRandomBytes(length);\n}\n"]}
--- a/node_modules/@azure/keyvault-keys/dist/commonjs/cryptography/models.d.ts
+++ b/node_modules/@azure/keyvault-keys/dist/commonjs/cryptography/models.d.ts
@@ -0,0 +1,101 @@
+import { OperationOptions } from "@azure/core-client";
+import { DecryptOptions, DecryptParameters, DecryptResult, EncryptOptions, EncryptParameters, EncryptResult, KeyWrapAlgorithm, SignOptions, SignResult, SignatureAlgorithm, UnwrapKeyOptions, UnwrapResult, VerifyOptions, VerifyResult, WrapKeyOptions, WrapResult } from "../index.js";
+export declare class LocalCryptographyUnsupportedError extends Error {
+}
+/**
+ * The set of operations a {@link CryptographyProvider} supports.
+ *
+ * This corresponds to every single method on the interface so that providers
+ * can declare whether they support this method or not.
+ *
+ * Purposely more granular than {@link KnownKeyOperations} because some providers
+ * support verifyData but not verify.
+ * @internal
+ */
+export type CryptographyProviderOperation = "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "sign" | "signData" | "verify" | "verifyData";
+/**
+ *
+ * Represents an object that can perform cryptography operations.
+ * @internal
+ */
+export interface CryptographyProvider {
+    /**
+     * Encrypts the given plaintext with the specified encryption parameters.
+     * @internal
+     *
+     * @param encryptParameters - The encryption parameters, keyed on the encryption algorithm chosen.
+     * @param options - Additional options.
+     */
+    encrypt(encryptParameters: EncryptParameters, options?: EncryptOptions): Promise<EncryptResult>;
+    /**
+     * Decrypts the given ciphertext with the specified decryption parameters.
+     * @internal
+     *
+     * @param decryptParameters - The decryption parameters.
+     * @param options - Additional options.
+     */
+    decrypt(decryptParameters: DecryptParameters, options?: DecryptOptions): Promise<DecryptResult>;
+    /**
+     *
+     * @param algorithm - The algorithm to check support for.
+     * @param operation - The {@link CryptographyProviderOperation} to check support for.
+     */
+    isSupported(algorithm: string, operation: CryptographyProviderOperation): boolean;
+    /**
+     * Wraps the given key using the specified cryptography algorithm
+     * @internal
+     *
+     * @param algorithm - The encryption algorithm to use to wrap the given key.
+     * @param keyToWrap - The key to wrap.
+     * @param options - Additional options.
+     */
+    wrapKey(algorithm: KeyWrapAlgorithm, keyToWrap: Uint8Array, options?: WrapKeyOptions): Promise<WrapResult>;
+    /**
+     * Unwraps the given wrapped key using the specified cryptography algorithm
+     * @internal
+     *
+     * @param algorithm - The decryption algorithm to use to unwrap the key.
+     * @param encryptedKey - The encrypted key to unwrap.
+     * @param options - Additional options.
+     */
+    unwrapKey(algorithm: KeyWrapAlgorithm, encryptedKey: Uint8Array, options?: UnwrapKeyOptions): Promise<UnwrapResult>;
+    /**
+     * Cryptographically sign the digest of a message
+     * @internal
+     *
+     * @param algorithm - The signing algorithm to use.
+     * @param digest - The digest of the data to sign.
+     * @param options - Additional options.
+     */
+    sign(algorithm: SignatureAlgorithm, digest: Uint8Array, options?: SignOptions): Promise<SignResult>;
+    /**
+     * Cryptographically sign a block of data
+     * @internal
+     *
+     * @param algorithm - The signing algorithm to use.
+     * @param data - The data to sign.
+     * @param options - Additional options.
+     */
+    signData(algorithm: SignatureAlgorithm, data: Uint8Array, options?: SignOptions): Promise<SignResult>;
+    /**
+     * Verify the signed message digest
+     * @internal
+     *
+     * @param algorithm - The signing algorithm to use to verify with.
+     * @param digest - The digest to verify.
+     * @param signature - The signature to verify the digest against.
+     * @param options - Additional options.
+     */
+    verify(algorithm: SignatureAlgorithm, digest: Uint8Array, signature: Uint8Array, options?: VerifyOptions): Promise<VerifyResult>;
+    /**
+     * Verify the signed block of data
+     * @internal
+     *
+     * @param algorithm - The algorithm to use to verify with.
+     * @param data - The signed block of data to verify.
+     * @param signature - The signature to verify the block against.
+     * @param updatedOptions - Additional options.
+     */
+    verifyData(algorithm: string, data: Uint8Array, signature: Uint8Array, updatedOptions: OperationOptions): Promise<VerifyResult>;
+}
+//# sourceMappingURL=models.d.ts.map
--- a/node_modules/@azure/keyvault-keys/dist/commonjs/cryptography/models.d.ts.map
+++ b/node_modules/@azure/keyvault-keys/dist/commonjs/cryptography/models.d.ts.map
@@ -0,0 +1 @@
+{"version":3,"file":"models.d.ts","sourceRoot":"","sources":["../../../src/cryptography/models.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AACtD,OAAO,EACL,cAAc,EACd,iBAAiB,EACjB,aAAa,EACb,cAAc,EACd,iBAAiB,EACjB,aAAa,EACb,gBAAgB,EAChB,WAAW,EACX,UAAU,EACV,kBAAkB,EAClB,gBAAgB,EAChB,YAAY,EACZ,aAAa,EACb,YAAY,EACZ,cAAc,EACd,UAAU,EACX,MAAM,aAAa,CAAC;AAErB,qBAAa,iCAAkC,SAAQ,KAAK;CAAG;AAE/D;;;;;;;;;GASG;AACH,MAAM,MAAM,6BAA6B,GACrC,SAAS,GACT,SAAS,GACT,SAAS,GACT,WAAW,GACX,MAAM,GACN,UAAU,GACV,QAAQ,GACR,YAAY,CAAC;AAEjB;;;;GAIG;AACH,MAAM,WAAW,oBAAoB;IACnC;;;;;;OAMG;IACH,OAAO,CAAC,iBAAiB,EAAE,iBAAiB,EAAE,OAAO,CAAC,EAAE,cAAc,GAAG,OAAO,CAAC,aAAa,CAAC,CAAC;IAEhG;;;;;;OAMG;IACH,OAAO,CAAC,iBAAiB,EAAE,iBAAiB,EAAE,OAAO,CAAC,EAAE,cAAc,GAAG,OAAO,CAAC,aAAa,CAAC,CAAC;IAEhG;;;;OAIG;IACH,WAAW,CAAC,SAAS,EAAE,MAAM,EAAE,SAAS,EAAE,6BAA6B,GAAG,OAAO,CAAC;IAElF;;;;;;;OAOG;IACH,OAAO,CACL,SAAS,EAAE,gBAAgB,EAC3B,SAAS,EAAE,UAAU,EACrB,OAAO,CAAC,EAAE,cAAc,GACvB,OAAO,CAAC,UAAU,CAAC,CAAC;IAEvB;;;;;;;OAOG;IACH,SAAS,CACP,SAAS,EAAE,gBAAgB,EAC3B,YAAY,EAAE,UAAU,EACxB,OAAO,CAAC,EAAE,gBAAgB,GACzB,OAAO,CAAC,YAAY,CAAC,CAAC;IAEzB;;;;;;;OAOG;IACH,IAAI,CACF,SAAS,EAAE,kBAAkB,EAC7B,MAAM,EAAE,UAAU,EAClB,OAAO,CAAC,EAAE,WAAW,GACpB,OAAO,CAAC,UAAU,CAAC,CAAC;IAEvB;;;;;;;OAOG;IACH,QAAQ,CACN,SAAS,EAAE,kBAAkB,EAC7B,IAAI,EAAE,UAAU,EAChB,OAAO,CAAC,EAAE,WAAW,GACpB,OAAO,CAAC,UAAU,CAAC,CAAC;IAEvB;;;;;;;;OAQG;IACH,MAAM,CACJ,SAAS,EAAE,kBAAkB,EAC7B,MAAM,EAAE,UAAU,EAClB,SAAS,EAAE,UAAU,EACrB,OAAO,CAAC,EAAE,aAAa,GACtB,OAAO,CAAC,YAAY,CAAC,CAAC;IAEzB;;;;;;;;OAQG;IACH,UAAU,CACR,SAAS,EAAE,MAAM,EACjB,IAAI,EAAE,UAAU,EAChB,SAAS,EAAE,UAAU,EACrB,cAAc,EAAE,gBAAgB,GAC/B,OAAO,CAAC,YAAY,CAAC,CAAC;CAC1B"}
--- a/node_modules/@azure/keyvault-keys/dist/commonjs/cryptography/models.js
+++ b/node_modules/@azure/keyvault-keys/dist/commonjs/cryptography/models.js
@@ -0,0 +1,9 @@
+"use strict";
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT License.
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.LocalCryptographyUnsupportedError = void 0;
+class LocalCryptographyUnsupportedError extends Error {
+}
+exports.LocalCryptographyUnsupportedError = LocalCryptographyUnsupportedError;
+//# sourceMappingURL=models.js.map
--- a/node_modules/@azure/keyvault-keys/dist/commonjs/cryptography/models.js.map
+++ b/node_modules/@azure/keyvault-keys/dist/commonjs/cryptography/models.js.map
@@ -0,0 +1 @@
+{"version":3,"file":"models.js","sourceRoot":"","sources":["../../../src/cryptography/models.ts"],"names":[],"mappings":";AAAA,uCAAuC;AACvC,kCAAkC;;;AAsBlC,MAAa,iCAAkC,SAAQ,KAAK;CAAG;AAA/D,8EAA+D","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport { OperationOptions } from \"@azure/core-client\";\nimport {\n  DecryptOptions,\n  DecryptParameters,\n  DecryptResult,\n  EncryptOptions,\n  EncryptParameters,\n  EncryptResult,\n  KeyWrapAlgorithm,\n  SignOptions,\n  SignResult,\n  SignatureAlgorithm,\n  UnwrapKeyOptions,\n  UnwrapResult,\n  VerifyOptions,\n  VerifyResult,\n  WrapKeyOptions,\n  WrapResult,\n} from \"../index.js\";\n\nexport class LocalCryptographyUnsupportedError extends Error {}\n\n/**\n * The set of operations a {@link CryptographyProvider} supports.\n *\n * This corresponds to every single method on the interface so that providers\n * can declare whether they support this method or not.\n *\n * Purposely more granular than {@link KnownKeyOperations} because some providers\n * support verifyData but not verify.\n * @internal\n */\nexport type CryptographyProviderOperation =\n  | \"encrypt\"\n  | \"decrypt\"\n  | \"wrapKey\"\n  | \"unwrapKey\"\n  | \"sign\"\n  | \"signData\"\n  | \"verify\"\n  | \"verifyData\";\n\n/**\n *\n * Represents an object that can perform cryptography operations.\n * @internal\n */\nexport interface CryptographyProvider {\n  /**\n   * Encrypts the given plaintext with the specified encryption parameters.\n   * @internal\n   *\n   * @param encryptParameters - The encryption parameters, keyed on the encryption algorithm chosen.\n   * @param options - Additional options.\n   */\n  encrypt(encryptParameters: EncryptParameters, options?: EncryptOptions): Promise<EncryptResult>;\n\n  /**\n   * Decrypts the given ciphertext with the specified decryption parameters.\n   * @internal\n   *\n   * @param decryptParameters - The decryption parameters.\n   * @param options - Additional options.\n   */\n  decrypt(decryptParameters: DecryptParameters, options?: DecryptOptions): Promise<DecryptResult>;\n\n  /**\n   *\n   * @param algorithm - The algorithm to check support for.\n   * @param operation - The {@link CryptographyProviderOperation} to check support for.\n   */\n  isSupported(algorithm: string, operation: CryptographyProviderOperation): boolean;\n\n  /**\n   * Wraps the given key using the specified cryptography algorithm\n   * @internal\n   *\n   * @param algorithm - The encryption algorithm to use to wrap the given key.\n   * @param keyToWrap - The key to wrap.\n   * @param options - Additional options.\n   */\n  wrapKey(\n    algorithm: KeyWrapAlgorithm,\n    keyToWrap: Uint8Array,\n    options?: WrapKeyOptions,\n  ): Promise<WrapResult>;\n\n  /**\n   * Unwraps the given wrapped key using the specified cryptography algorithm\n   * @internal\n   *\n   * @param algorithm - The decryption algorithm to use to unwrap the key.\n   * @param encryptedKey - The encrypted key to unwrap.\n   * @param options - Additional options.\n   */\n  unwrapKey(\n    algorithm: KeyWrapAlgorithm,\n    encryptedKey: Uint8Array,\n    options?: UnwrapKeyOptions,\n  ): Promise<UnwrapResult>;\n\n  /**\n   * Cryptographically sign the digest of a message\n   * @internal\n   *\n   * @param algorithm - The signing algorithm to use.\n   * @param digest - The digest of the data to sign.\n   * @param options - Additional options.\n   */\n  sign(\n    algorithm: SignatureAlgorithm,\n    digest: Uint8Array,\n    options?: SignOptions,\n  ): Promise<SignResult>;\n\n  /**\n   * Cryptographically sign a block of data\n   * @internal\n   *\n   * @param algorithm - The signing algorithm to use.\n   * @param data - The data to sign.\n   * @param options - Additional options.\n   */\n  signData(\n    algorithm: SignatureAlgorithm,\n    data: Uint8Array,\n    options?: SignOptions,\n  ): Promise<SignResult>;\n\n  /**\n   * Verify the signed message digest\n   * @internal\n   *\n   * @param algorithm - The signing algorithm to use to verify with.\n   * @param digest - The digest to verify.\n   * @param signature - The signature to verify the digest against.\n   * @param options - Additional options.\n   */\n  verify(\n    algorithm: SignatureAlgorithm,\n    digest: Uint8Array,\n    signature: Uint8Array,\n    options?: VerifyOptions,\n  ): Promise<VerifyResult>;\n\n  /**\n   * Verify the signed block of data\n   * @internal\n   *\n   * @param algorithm - The algorithm to use to verify with.\n   * @param data - The signed block of data to verify.\n   * @param signature - The signature to verify the block against.\n   * @param updatedOptions - Additional options.\n   */\n  verifyData(\n    algorithm: string,\n    data: Uint8Array,\n    signature: Uint8Array,\n    updatedOptions: OperationOptions,\n  ): Promise<VerifyResult>;\n}\n"]}
--- a/node_modules/@azure/keyvault-keys/dist/commonjs/cryptography/remoteCryptographyProvider.d.ts
+++ b/node_modules/@azure/keyvault-keys/dist/commonjs/cryptography/remoteCryptographyProvider.d.ts
@@ -0,0 +1,58 @@
+import { TokenCredential } from "@azure/core-auth";
+import { DecryptOptions, DecryptParameters, DecryptResult, EncryptOptions, EncryptParameters, EncryptResult, KeyWrapAlgorithm, SignOptions, SignResult, UnwrapKeyOptions, VerifyOptions, VerifyResult, WrapKeyOptions, WrapResult } from "../cryptographyClientModels.js";
+import { UnwrapResult } from "../cryptographyClientModels.js";
+import { CryptographyClientOptions, GetKeyOptions, KeyVaultKey } from "../keysModels.js";
+import { CryptographyProvider, CryptographyProviderOperation } from "./models.js";
+/**
+ * The remote cryptography provider is used to run crypto operations against KeyVault.
+ * @internal
+ */
+export declare class RemoteCryptographyProvider implements CryptographyProvider {
+    constructor(key: string | KeyVaultKey, credential: TokenCredential, pipelineOptions?: CryptographyClientOptions);
+    isSupported(_algorithm: string, _operation: CryptographyProviderOperation): boolean;
+    encrypt(encryptParameters: EncryptParameters, options?: EncryptOptions): Promise<EncryptResult>;
+    decrypt(decryptParameters: DecryptParameters, options?: DecryptOptions): Promise<DecryptResult>;
+    wrapKey(algorithm: KeyWrapAlgorithm, keyToWrap: Uint8Array, options?: WrapKeyOptions): Promise<WrapResult>;
+    unwrapKey(algorithm: KeyWrapAlgorithm, encryptedKey: Uint8Array, options?: UnwrapKeyOptions): Promise<UnwrapResult>;
+    sign(algorithm: string, digest: Uint8Array, options?: SignOptions): Promise<SignResult>;
+    verifyData(algorithm: string, data: Uint8Array, signature: Uint8Array, options?: VerifyOptions): Promise<VerifyResult>;
+    verify(algorithm: string, digest: Uint8Array, signature: Uint8Array, options?: VerifyOptions): Promise<VerifyResult>;
+    signData(algorithm: string, data: Uint8Array, options?: SignOptions): Promise<SignResult>;
+    /**
+     * The base URL to the vault.
+     */
+    readonly vaultUrl: string;
+    /**
+     * The ID of the key used to perform cryptographic operations for the client.
+     */
+    get keyId(): string | undefined;
+    /**
+     * Gets the {@link KeyVaultKey} used for cryptography operations, fetching it
+     * from KeyVault if necessary.
+     * @param options - Additional options.
+     */
+    getKey(options?: GetKeyOptions): Promise<KeyVaultKey>;
+    /**
+     * A reference to the auto-generated KeyVault HTTP client.
+     */
+    private client;
+    /**
+     * A reference to the key used for the cryptographic operations.
+     * Based on what was provided to the CryptographyClient constructor,
+     * it can be either a string with the URL of a Key Vault Key, or an already parsed {@link KeyVaultKey}.
+     */
+    private key;
+    /**
+     * Name of the key the client represents
+     */
+    private name;
+    /**
+     * Version of the key the client represents
+     */
+    private version;
+    /**
+     * Attempts to retrieve the ID of the key.
+     */
+    private getKeyID;
+}
+//# sourceMappingURL=remoteCryptographyProvider.d.ts.map
--- a/node_modules/@azure/keyvault-keys/dist/commonjs/cryptography/remoteCryptographyProvider.d.ts.map
+++ b/node_modules/@azure/keyvault-keys/dist/commonjs/cryptography/remoteCryptographyProvider.d.ts.map
@@ -0,0 +1 @@
+{"version":3,"file":"remoteCryptographyProvider.d.ts","sourceRoot":"","sources":["../../../src/cryptography/remoteCryptographyProvider.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAEnD,OAAO,EACL,cAAc,EACd,iBAAiB,EACjB,aAAa,EACb,cAAc,EACd,iBAAiB,EACjB,aAAa,EACb,gBAAgB,EAChB,WAAW,EACX,UAAU,EACV,gBAAgB,EAChB,aAAa,EACb,YAAY,EACZ,cAAc,EACd,UAAU,EACX,MAAM,gCAAgC,CAAC;AAExC,OAAO,EAAE,YAAY,EAAE,MAAM,gCAAgC,CAAC;AAG9D,OAAO,EACL,yBAAyB,EACzB,aAAa,EACb,WAAW,EAEZ,MAAM,kBAAkB,CAAC;AAG1B,OAAO,EAAE,oBAAoB,EAAE,6BAA6B,EAAE,MAAM,aAAa,CAAC;AAKlF;;;GAGG;AACH,qBAAa,0BAA2B,YAAW,oBAAoB;gBAEnE,GAAG,EAAE,MAAM,GAAG,WAAW,EACzB,UAAU,EAAE,eAAe,EAC3B,eAAe,GAAE,yBAA8B;IAkCjD,WAAW,CAAC,UAAU,EAAE,MAAM,EAAE,UAAU,EAAE,6BAA6B,GAAG,OAAO;IAInF,OAAO,CACL,iBAAiB,EAAE,iBAAiB,EACpC,OAAO,GAAE,cAAmB,GAC3B,OAAO,CAAC,aAAa,CAAC;IA6BzB,OAAO,CACL,iBAAiB,EAAE,iBAAiB,EACpC,OAAO,GAAE,cAAmB,GAC3B,OAAO,CAAC,aAAa,CAAC;IAyBzB,OAAO,CACL,SAAS,EAAE,gBAAgB,EAC3B,SAAS,EAAE,UAAU,EACrB,OAAO,GAAE,cAAmB,GAC3B,OAAO,CAAC,UAAU,CAAC;IAuBtB,SAAS,CACP,SAAS,EAAE,gBAAgB,EAC3B,YAAY,EAAE,UAAU,EACxB,OAAO,GAAE,gBAAqB,GAC7B,OAAO,CAAC,YAAY,CAAC;IAuBxB,IAAI,CAAC,SAAS,EAAE,MAAM,EAAE,MAAM,EAAE,UAAU,EAAE,OAAO,GAAE,WAAgB,GAAG,OAAO,CAAC,UAAU,CAAC;IAmB3F,UAAU,CACR,SAAS,EAAE,MAAM,EACjB,IAAI,EAAE,UAAU,EAChB,SAAS,EAAE,UAAU,EACrB,OAAO,GAAE,aAAkB,GAC1B,OAAO,CAAC,YAAY,CAAC;IAWxB,MAAM,CACJ,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,UAAU,EAClB,SAAS,EAAE,UAAU,EACrB,OAAO,GAAE,aAAkB,GAC1B,OAAO,CAAC,YAAY,CAAC;IAsBxB,QAAQ,CAAC,SAAS,EAAE,MAAM,EAAE,IAAI,EAAE,UAAU,EAAE,OAAO,GAAE,WAAgB,GAAG,OAAO,CAAC,UAAU,CAAC;IAmB7F;;OAEG;IACH,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAE1B;;OAEG;IACH,IAAI,KAAK,IAAI,MAAM,GAAG,SAAS,CAE9B;IAED;;;;OAIG;IACH,MAAM,CAAC,OAAO,GAAE,aAAkB,GAAG,OAAO,CAAC,WAAW,CAAC;IAsBzD;;OAEG;IACH,OAAO,CAAC,MAAM,CAAiB;IAE/B;;;;OAIG;IACH,OAAO,CAAC,GAAG,CAAuB;IAElC;;OAEG;IACH,OAAO,CAAC,IAAI,CAAS;IAErB;;OAEG;IACH,OAAO,CAAC,OAAO,CAAS;IAExB;;OAEG;IACH,OAAO,CAAC,QAAQ;CAUjB"}
--- a/node_modules/@azure/keyvault-keys/dist/commonjs/cryptography/remoteCryptographyProvider.js
+++ b/node_modules/@azure/keyvault-keys/dist/commonjs/cryptography/remoteCryptographyProvider.js
@@ -0,0 +1,202 @@
+"use strict";
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT License.
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.RemoteCryptographyProvider = void 0;
+const tslib_1 = require("tslib");
+const constants_js_1 = require("../constants.js");
+const index_js_1 = require("../generated/index.js");
+const identifier_js_1 = require("../identifier.js");
+const keysModels_js_1 = require("../keysModels.js");
+const transformations_js_1 = require("../transformations.js");
+const crypto_js_1 = require("./crypto.js");
+const log_js_1 = require("../log.js");
+const keyvault_common_1 = require("@azure/keyvault-common");
+const tracing_js_1 = require("../tracing.js");
+/**
+ * The remote cryptography provider is used to run crypto operations against KeyVault.
+ * @internal
+ */
+class RemoteCryptographyProvider {
+    constructor(key, credential, pipelineOptions = {}) {
+        var _a;
+        this.client = getOrInitializeClient(credential, pipelineOptions);
+        this.key = key;
+        let keyId;
+        if (typeof key === "string") {
+            keyId = key;
+        }
+        else {
+            keyId = key.id;
+        }
+        try {
+            const parsed = (0, identifier_js_1.parseKeyVaultKeyIdentifier)(keyId);
+            if (parsed.name === "") {
+                throw new Error("Could not find 'name' of key in key URL");
+            }
+            if (!parsed.vaultUrl || parsed.vaultUrl === "") {
+                throw new Error("Could not find 'vaultUrl' of key in key URL");
+            }
+            this.vaultUrl = parsed.vaultUrl;
+            this.name = parsed.name;
+            this.version = (_a = parsed.version) !== null && _a !== void 0 ? _a : "";
+        }
+        catch (err) {
+            log_js_1.logger.error(err);
+            throw new Error(`${keyId} is not a valid Key Vault key ID`);
+        }
+    }
+    // The remote client supports all algorithms and all operations.
+    isSupported(_algorithm, _operation) {
+        return true;
+    }
+    encrypt(encryptParameters, options = {}) {
+        const { algorithm, plaintext } = encryptParameters, params = tslib_1.__rest(encryptParameters, ["algorithm", "plaintext"]);
+        const requestOptions = Object.assign(Object.assign({}, options), params);
+        return tracing_js_1.tracingClient.withSpan("RemoteCryptographyProvider.encrypt", requestOptions, async (updatedOptions) => {
+            const result = await this.client.encrypt(this.vaultUrl, this.name, this.version, algorithm, plaintext, updatedOptions);
+            return {
+                algorithm: encryptParameters.algorithm,
+                result: result.result,
+                keyID: this.getKeyID(),
+                additionalAuthenticatedData: result.additionalAuthenticatedData,
+                authenticationTag: result.authenticationTag,
+                iv: result.iv,
+            };
+        });
+    }
+    decrypt(decryptParameters, options = {}) {
+        const { algorithm, ciphertext } = decryptParameters, params = tslib_1.__rest(decryptParameters, ["algorithm", "ciphertext"]);
+        const requestOptions = Object.assign(Object.assign({}, options), params);
+        return tracing_js_1.tracingClient.withSpan("RemoteCryptographyProvider.decrypt", requestOptions, async (updatedOptions) => {
+            const result = await this.client.decrypt(this.vaultUrl, this.name, this.version, algorithm, ciphertext, updatedOptions);
+            return {
+                result: result.result,
+                keyID: this.getKeyID(),
+                algorithm,
+            };
+        });
+    }
+    wrapKey(algorithm, keyToWrap, options = {}) {
+        return tracing_js_1.tracingClient.withSpan("RemoteCryptographyProvider.wrapKey", options, async (updatedOptions) => {
+            const result = await this.client.wrapKey(this.vaultUrl, this.name, this.version, algorithm, keyToWrap, updatedOptions);
+            return {
+                result: result.result,
+                algorithm,
+                keyID: this.getKeyID(),
+            };
+        });
+    }
+    unwrapKey(algorithm, encryptedKey, options = {}) {
+        return tracing_js_1.tracingClient.withSpan("RemoteCryptographyProvider.unwrapKey", options, async (updatedOptions) => {
+            const result = await this.client.unwrapKey(this.vaultUrl, this.name, this.version, algorithm, encryptedKey, updatedOptions);
+            return {
+                result: result.result,
+                algorithm,
+                keyID: this.getKeyID(),
+            };
+        });
+    }
+    sign(algorithm, digest, options = {}) {
+        return tracing_js_1.tracingClient.withSpan("RemoteCryptographyProvider.sign", options, async (updatedOptions) => {
+            const result = await this.client.sign(this.vaultUrl, this.name, this.version, algorithm, digest, updatedOptions);
+            return { result: result.result, algorithm, keyID: this.getKeyID() };
+        });
+    }
+    verifyData(algorithm, data, signature, options = {}) {
+        return tracing_js_1.tracingClient.withSpan("RemoteCryptographyProvider.verifyData", options, async (updatedOptions) => {
+            const hash = await (0, crypto_js_1.createHash)(algorithm, data);
+            return this.verify(algorithm, hash, signature, updatedOptions);
+        });
+    }
+    verify(algorithm, digest, signature, options = {}) {
+        return tracing_js_1.tracingClient.withSpan("RemoteCryptographyProvider.verify", options, async (updatedOptions) => {
+            const response = await this.client.verify(this.vaultUrl, this.name, this.version, algorithm, digest, signature, updatedOptions);
+            return {
+                result: response.value ? response.value : false,
+                keyID: this.getKeyID(),
+            };
+        });
+    }
+    signData(algorithm, data, options = {}) {
+        return tracing_js_1.tracingClient.withSpan("RemoteCryptographyProvider.signData", options, async (updatedOptions) => {
+            const digest = await (0, crypto_js_1.createHash)(algorithm, data);
+            const result = await this.client.sign(this.vaultUrl, this.name, this.version, algorithm, digest, updatedOptions);
+            return { result: result.result, algorithm, keyID: this.getKeyID() };
+        });
+    }
+    /**
+     * The ID of the key used to perform cryptographic operations for the client.
+     */
+    get keyId() {
+        return this.getKeyID();
+    }
+    /**
+     * Gets the {@link KeyVaultKey} used for cryptography operations, fetching it
+     * from KeyVault if necessary.
+     * @param options - Additional options.
+     */
+    getKey(options = {}) {
+        return tracing_js_1.tracingClient.withSpan("RemoteCryptographyProvider.getKey", options, async (updatedOptions) => {
+            if (typeof this.key === "string") {
+                if (!this.name || this.name === "") {
+                    throw new Error("getKey requires a key with a name");
+                }
+                const response = await this.client.getKey(this.vaultUrl, this.name, options && options.version ? options.version : this.version ? this.version : "", updatedOptions);
+                this.key = (0, transformations_js_1.getKeyFromKeyBundle)(response);
+            }
+            return this.key;
+        });
+    }
+    /**
+     * Attempts to retrieve the ID of the key.
+     */
+    getKeyID() {
+        let kid;
+        if (typeof this.key !== "string") {
+            kid = this.key.id;
+        }
+        else {
+            kid = this.key;
+        }
+        return kid;
+    }
+}
+exports.RemoteCryptographyProvider = RemoteCryptographyProvider;
+/**
+ * A helper method to either get the passed down generated client or initialize a new one.
+ * An already constructed generated client may be passed down from {@link KeyClient} in which case we should reuse it.
+ *
+ * @internal
+ * @param credential - The credential to use when initializing a new client.
+ * @param options - The options for constructing a client or the underlying client if one already exists.
+ * @returns - A generated client instance
+ */
+function getOrInitializeClient(credential, options) {
+    if (options.generatedClient) {
+        return options.generatedClient;
+    }
+    const libInfo = `azsdk-js-keyvault-keys/${constants_js_1.SDK_VERSION}`;
+    const userAgentOptions = options.userAgentOptions;
+    options.userAgentOptions = {
+        userAgentPrefix: userAgentOptions && userAgentOptions.userAgentPrefix
+            ? `${userAgentOptions.userAgentPrefix} ${libInfo}`
+            : libInfo,
+    };
+    const internalPipelineOptions = Object.assign(Object.assign({}, options), { loggingOptions: {
+            logger: log_js_1.logger.info,
+            allowedHeaderNames: [
+                "x-ms-keyvault-region",
+                "x-ms-keyvault-network-info",
+                "x-ms-keyvault-service-version",
+            ],
+        } });
+    const client = new index_js_1.KeyVaultClient(options.serviceVersion || keysModels_js_1.LATEST_API_VERSION, internalPipelineOptions);
+    // The authentication policy must come after the deserialization policy since the deserialization policy
+    // converts 401 responses to an Error, and we don't want to deal with that.
+    client.pipeline.addPolicy((0, keyvault_common_1.keyVaultAuthenticationPolicy)(credential, options), {
+        afterPolicies: ["deserializationPolicy"],
+    });
+    return client;
+}
+//# sourceMappingURL=remoteCryptographyProvider.js.map
--- a/node_modules/@azure/keyvault-keys/dist/commonjs/cryptography/remoteCryptographyProvider.js.map
+++ b/node_modules/@azure/keyvault-keys/dist/commonjs/cryptography/remoteCryptographyProvider.js.map
--- a/node_modules/@azure/keyvault-keys/dist/commonjs/cryptography/rsaCryptographyProvider.d.ts
+++ b/node_modules/@azure/keyvault-keys/dist/commonjs/cryptography/rsaCryptographyProvider.d.ts
@@ -0,0 +1,38 @@
+import { DecryptOptions, DecryptParameters, DecryptResult, EncryptOptions, EncryptParameters, EncryptResult, JsonWebKey, KeyWrapAlgorithm, SignOptions, SignResult, SignatureAlgorithm, UnwrapKeyOptions, UnwrapResult, VerifyOptions, VerifyResult, WrapKeyOptions, WrapResult } from "../index.js";
+import { CryptographyProvider, CryptographyProviderOperation } from "./models.js";
+/**
+ * An RSA cryptography provider supporting RSA algorithms.
+ */
+export declare class RsaCryptographyProvider implements CryptographyProvider {
+    constructor(key: JsonWebKey);
+    isSupported(algorithm: string, operation: CryptographyProviderOperation): boolean;
+    encrypt(encryptParameters: EncryptParameters, _options?: EncryptOptions): Promise<EncryptResult>;
+    decrypt(_decryptParameters: DecryptParameters, _options?: DecryptOptions): Promise<DecryptResult>;
+    wrapKey(algorithm: KeyWrapAlgorithm, keyToWrap: Uint8Array, _options?: WrapKeyOptions): Promise<WrapResult>;
+    unwrapKey(_algorithm: KeyWrapAlgorithm, _encryptedKey: Uint8Array, _options?: UnwrapKeyOptions): Promise<UnwrapResult>;
+    sign(_algorithm: SignatureAlgorithm, _digest: Uint8Array, _options?: SignOptions): Promise<SignResult>;
+    signData(_algorithm: SignatureAlgorithm, _data: Uint8Array, _options?: SignOptions): Promise<SignResult>;
+    verify(_algorithm: SignatureAlgorithm, _digest: Uint8Array, _signature: Uint8Array, _options?: VerifyOptions): Promise<VerifyResult>;
+    verifyData(algorithm: SignatureAlgorithm, data: Uint8Array, signature: Uint8Array, _options?: VerifyOptions): Promise<VerifyResult>;
+    /**
+     * The {@link JsonWebKey} used to perform crypto operations.
+     */
+    private key;
+    /**
+     * The set of algorithms this provider supports
+     */
+    private applicableAlgorithms;
+    /**
+     * The set of operations this provider supports
+     */
+    private applicableOperations;
+    /**
+     * Mapping between signature algorithms and their corresponding hash algorithms. Externally used for testing.
+     * @internal
+     */
+    signatureAlgorithmToHashAlgorithm: {
+        [s: string]: string;
+    };
+    private ensureValid;
+}
+//# sourceMappingURL=rsaCryptographyProvider.d.ts.map
--- a/node_modules/@azure/keyvault-keys/dist/commonjs/cryptography/rsaCryptographyProvider.d.ts.map
+++ b/node_modules/@azure/keyvault-keys/dist/commonjs/cryptography/rsaCryptographyProvider.d.ts.map
@@ -0,0 +1 @@
+{"version":3,"file":"rsaCryptographyProvider.d.ts","sourceRoot":"","sources":["../../../src/cryptography/rsaCryptographyProvider.ts"],"names":[],"mappings":"AAMA,OAAO,EACL,cAAc,EACd,iBAAiB,EACjB,aAAa,EACb,cAAc,EACd,iBAAiB,EACjB,aAAa,EACb,UAAU,EACV,gBAAgB,EAChB,WAAW,EACX,UAAU,EACV,kBAAkB,EAClB,gBAAgB,EAChB,YAAY,EACZ,aAAa,EACb,YAAY,EACZ,cAAc,EACd,UAAU,EACX,MAAM,aAAa,CAAC;AAErB,OAAO,EACL,oBAAoB,EACpB,6BAA6B,EAE9B,MAAM,aAAa,CAAC;AAErB;;GAEG;AACH,qBAAa,uBAAwB,YAAW,oBAAoB;gBACtD,GAAG,EAAE,UAAU;IAI3B,WAAW,CAAC,SAAS,EAAE,MAAM,EAAE,SAAS,EAAE,6BAA6B,GAAG,OAAO;IAMjF,OAAO,CAAC,iBAAiB,EAAE,iBAAiB,EAAE,QAAQ,CAAC,EAAE,cAAc,GAAG,OAAO,CAAC,aAAa,CAAC;IAiBhG,OAAO,CACL,kBAAkB,EAAE,iBAAiB,EACrC,QAAQ,CAAC,EAAE,cAAc,GACxB,OAAO,CAAC,aAAa,CAAC;IAMzB,OAAO,CACL,SAAS,EAAE,gBAAgB,EAC3B,SAAS,EAAE,UAAU,EACrB,QAAQ,CAAC,EAAE,cAAc,GACxB,OAAO,CAAC,UAAU,CAAC;IAatB,SAAS,CACP,UAAU,EAAE,gBAAgB,EAC5B,aAAa,EAAE,UAAU,EACzB,QAAQ,CAAC,EAAE,gBAAgB,GAC1B,OAAO,CAAC,YAAY,CAAC;IAMxB,IAAI,CACF,UAAU,EAAE,kBAAkB,EAC9B,OAAO,EAAE,UAAU,EACnB,QAAQ,CAAC,EAAE,WAAW,GACrB,OAAO,CAAC,UAAU,CAAC;IAMtB,QAAQ,CACN,UAAU,EAAE,kBAAkB,EAC9B,KAAK,EAAE,UAAU,EACjB,QAAQ,CAAC,EAAE,WAAW,GACrB,OAAO,CAAC,UAAU,CAAC;IAMhB,MAAM,CACV,UAAU,EAAE,kBAAkB,EAC9B,OAAO,EAAE,UAAU,EACnB,UAAU,EAAE,UAAU,EACtB,QAAQ,CAAC,EAAE,aAAa,GACvB,OAAO,CAAC,YAAY,CAAC;IAMxB,UAAU,CACR,SAAS,EAAE,kBAAkB,EAC7B,IAAI,EAAE,UAAU,EAChB,SAAS,EAAE,UAAU,EACrB,QAAQ,CAAC,EAAE,aAAa,GACvB,OAAO,CAAC,YAAY,CAAC;IAWxB;;OAEG;IACH,OAAO,CAAC,GAAG,CAAa;IAExB;;OAEG;IACH,OAAO,CAAC,oBAAoB,CAS1B;IAEF;;OAEG;IACH,OAAO,CAAC,oBAAoB,CAI1B;IAEF;;;OAGG;IACH,iCAAiC,EAAE;QAAE,CAAC,CAAC,EAAE,MAAM,GAAG,MAAM,CAAA;KAAE,CAOxD;IAEF,OAAO,CAAC,WAAW;CASpB"}
--- a/node_modules/@azure/keyvault-keys/dist/commonjs/cryptography/rsaCryptographyProvider.js
+++ b/node_modules/@azure/keyvault-keys/dist/commonjs/cryptography/rsaCryptographyProvider.js
@@ -0,0 +1,108 @@
+"use strict";
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT License.
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.RsaCryptographyProvider = void 0;
+const constants_1 = require("constants");
+const node_crypto_1 = require("node:crypto");
+const crypto_js_1 = require("./crypto.js");
+const conversions_js_1 = require("./conversions.js");
+const models_js_1 = require("./models.js");
+/**
+ * An RSA cryptography provider supporting RSA algorithms.
+ */
+class RsaCryptographyProvider {
+    constructor(key) {
+        /**
+         * The set of algorithms this provider supports
+         */
+        this.applicableAlgorithms = [
+            "RSA1_5",
+            "RSA-OAEP",
+            "PS256",
+            "RS256",
+            "PS384",
+            "RS384",
+            "PS512",
+            "RS512",
+        ];
+        /**
+         * The set of operations this provider supports
+         */
+        this.applicableOperations = [
+            "encrypt",
+            "wrapKey",
+            "verifyData",
+        ];
+        /**
+         * Mapping between signature algorithms and their corresponding hash algorithms. Externally used for testing.
+         * @internal
+         */
+        this.signatureAlgorithmToHashAlgorithm = {
+            PS256: "SHA256",
+            RS256: "SHA256",
+            PS384: "SHA384",
+            RS384: "SHA384",
+            PS512: "SHA512",
+            RS512: "SHA512",
+        };
+        this.key = key;
+    }
+    isSupported(algorithm, operation) {
+        return (this.applicableAlgorithms.includes(algorithm) && this.applicableOperations.includes(operation));
+    }
+    encrypt(encryptParameters, _options) {
+        this.ensureValid();
+        const keyPEM = (0, conversions_js_1.convertJWKtoPEM)(this.key);
+        const padding = encryptParameters.algorithm === "RSA1_5" ? constants_1.RSA_PKCS1_PADDING : constants_1.RSA_PKCS1_OAEP_PADDING;
+        return Promise.resolve({
+            algorithm: encryptParameters.algorithm,
+            keyID: this.key.kid,
+            result: (0, node_crypto_1.publicEncrypt)({ key: keyPEM, padding: padding }, Buffer.from(encryptParameters.plaintext)),
+        });
+    }
+    decrypt(_decryptParameters, _options) {
+        throw new models_js_1.LocalCryptographyUnsupportedError("Decrypting using a local JsonWebKey is not supported.");
+    }
+    wrapKey(algorithm, keyToWrap, _options) {
+        this.ensureValid();
+        const keyPEM = (0, conversions_js_1.convertJWKtoPEM)(this.key);
+        const padding = algorithm === "RSA1_5" ? constants_1.RSA_PKCS1_PADDING : constants_1.RSA_PKCS1_OAEP_PADDING;
+        return Promise.resolve({
+            algorithm: algorithm,
+            result: (0, node_crypto_1.publicEncrypt)({ key: keyPEM, padding }, Buffer.from(keyToWrap)),
+            keyID: this.key.kid,
+        });
+    }
+    unwrapKey(_algorithm, _encryptedKey, _options) {
+        throw new models_js_1.LocalCryptographyUnsupportedError("Unwrapping a key using a local JsonWebKey is not supported.");
+    }
+    sign(_algorithm, _digest, _options) {
+        throw new models_js_1.LocalCryptographyUnsupportedError("Signing a digest using a local JsonWebKey is not supported.");
+    }
+    signData(_algorithm, _data, _options) {
+        throw new models_js_1.LocalCryptographyUnsupportedError("Signing a block of data using a local JsonWebKey is not supported.");
+    }
+    async verify(_algorithm, _digest, _signature, _options) {
+        throw new models_js_1.LocalCryptographyUnsupportedError("Verifying a digest using a local JsonWebKey is not supported.");
+    }
+    verifyData(algorithm, data, signature, _options) {
+        this.ensureValid();
+        const keyPEM = (0, conversions_js_1.convertJWKtoPEM)(this.key);
+        const verifier = (0, crypto_js_1.createVerify)(algorithm, data);
+        return Promise.resolve({
+            result: verifier.verify(keyPEM, Buffer.from(signature)),
+            keyID: this.key.kid,
+        });
+    }
+    ensureValid() {
+        var _a, _b;
+        if (this.key &&
+            ((_a = this.key.kty) === null || _a === void 0 ? void 0 : _a.toUpperCase()) !== "RSA" &&
+            ((_b = this.key.kty) === null || _b === void 0 ? void 0 : _b.toUpperCase()) !== "RSA-HSM") {
+            throw new Error("Key type does not match the algorithm RSA");
+        }
+    }
+}
+exports.RsaCryptographyProvider = RsaCryptographyProvider;
+//# sourceMappingURL=rsaCryptographyProvider.js.map
--- a/node_modules/@azure/keyvault-keys/dist/commonjs/cryptography/rsaCryptographyProvider.js.map
+++ b/node_modules/@azure/keyvault-keys/dist/commonjs/cryptography/rsaCryptographyProvider.js.map
				`@@ -0,0 +1 @@`
				{"version":3,"file":"aesCryptographyProvider.d.ts","sourceRoot":"","sources":["../../../src/cryptography/aesCryptographyProvider.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AAEtD,OAAO,EACL,uBAAuB,EACvB,cAAc,EACd,aAAa,EACb,cAAc,EACd,aAAa,EACb,UAAU,EACV,gBAAgB,EAChB,WAAW,EACX,UAAU,EACV,gBAAgB,EAChB,YAAY,EACZ,aAAa,EACb,YAAY,EACZ,cAAc,EACd,UAAU,EACX,MAAM,aAAa,CAAC;AACrB,OAAO,EAAE,uBAAuB,EAAE,MAAM,gCAAgC,CAAC;AACzE,OAAO,EACL,oBAAoB,EACpB,6BAA6B,EAE9B,MAAM,aAAa,CAAC;AAErB;;;GAGG;AACH,qBAAa,uBAAwB,YAAW,oBAAoB;IAClE,OAAO,CAAC,GAAG,CAAa;gBACZ,GAAG,EAAE,UAAU;IAG3B,OAAO,CACL,iBAAiB,EAAE,uBAAuB,EAC1C,QAAQ,CAAC,EAAE,cAAc,GACxB,OAAO,CAAC,aAAa,CAAC;IAiBzB,OAAO,CACL,iBAAiB,EAAE,uBAAuB,EAC1C,QAAQ,CAAC,EAAE,cAAc,GACxB,OAAO,CAAC,aAAa,CAAC;IAmBzB,WAAW,CAAC,SAAS,EAAE,MAAM,EAAE,SAAS,EAAE,6BAA6B,GAAG,OAAO;IAgBjF;;;;;;OAMG;IACH,OAAO,CAAC,mBAAmB,CAazB;IAEF,OAAO,CAAC,mBAAmB,CAA2D;IAEtF,OAAO,CACL,UAAU,EAAE,gBAAgB,EAC5B,UAAU,EAAE,UAAU,EACtB,QAAQ,CAAC,EAAE,cAAc,GACxB,OAAO,CAAC,UAAU,CAAC;IAMtB,SAAS,CACP,UAAU,EAAE,gBAAgB,EAC5B,aAAa,EAAE,UAAU,EACzB,QAAQ,CAAC,EAAE,gBAAgB,GAC1B,OAAO,CAAC,YAAY,CAAC;IAMxB,IAAI,CAAC,UAAU,EAAE,MAAM,EAAE,OAAO,EAAE,UAAU,EAAE,QAAQ,CAAC,EAAE,WAAW,GAAG,OAAO,CAAC,UAAU,CAAC;IAM1F,QAAQ,CAAC,UAAU,EAAE,MAAM,EAAE,KAAK,EAAE,UAAU,EAAE,QAAQ,CAAC,EAAE,WAAW,GAAG,OAAO,CAAC,UAAU,CAAC;IAM5F,MAAM,CACJ,UAAU,EAAE,MAAM,EAClB,OAAO,EAAE,UAAU,EACnB,UAAU,EAAE,UAAU,EACtB,QAAQ,CAAC,EAAE,aAAa,GACvB,OAAO,CAAC,YAAY,CAAC;IAKxB,UAAU,CACR,UAAU,EAAE,MAAM,EAClB,KAAK,EAAE,UAAU,EACjB,UAAU,EAAE,UAAU,EACtB,eAAe,EAAE,gBAAgB,GAChC,OAAO,CAAC,YAAY,CAAC;IAMxB,OAAO,CAAC,WAAW;CAiBpB"}
				`@@ -0,0 +1 @@`
				`{"version":3,"file":"conversions.d.ts","sourceRoot":"","sources":["../../../src/cryptography/conversions.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAqF9C;;;;GAIG;AACH,wBAAgB,eAAe,CAAC,GAAG,EAAE,UAAU,GAAG,MAAM,CAiBvD"}`
				`@@ -0,0 +1 @@`
				`{"version":3,"file":"crypto.d.ts","sourceRoot":"","sources":["../../../src/cryptography/crypto.ts"],"names":[],"mappings":"AAGA,OAAO,EACL,MAAM,EAIP,MAAM,aAAa,CAAC;AAmBrB;;;GAGG;AACH,wBAAsB,UAAU,CAAC,SAAS,EAAE,MAAM,EAAE,IAAI,EAAE,UAAU,GAAG,OAAO,CAAC,MAAM,CAAC,CAarF;AAED;;;GAGG;AACH,wBAAgB,YAAY,CAAC,SAAS,EAAE,MAAM,EAAE,IAAI,EAAE,UAAU,GAAG,MAAM,CAaxE;AAED;;;GAGG;AACH,wBAAgB,WAAW,CAAC,MAAM,EAAE,MAAM,GAAG,UAAU,CAEtD"}`
				`@@ -0,0 +1 @@`
				{"version":3,"file":"crypto.js","sourceRoot":"","sources":["../../../src/cryptography/crypto.ts"],"names":[],"mappings":";AAAA,uCAAuC;AACvC,kCAAkC;;AA8BlC,gCAaC;AAMD,oCAaC;AAMD,kCAEC;AApED,6CAKqB;AAErB;;;IAGI;AACJ,MAAM,wBAAwB,GAA4B;IACxD,KAAK,EAAE,QAAQ;IACf,MAAM,EAAE,QAAQ;IAChB,KAAK,EAAE,QAAQ;IACf,KAAK,EAAE,QAAQ;IACf,KAAK,EAAE,QAAQ;IACf,KAAK,EAAE,QAAQ;IACf,KAAK,EAAE,QAAQ;IACf,KAAK,EAAE,QAAQ;IACf,KAAK,EAAE,QAAQ;IACf,KAAK,EAAE,QAAQ;CAChB,CAAC;AAEF;;;GAGG;AACI,KAAK,UAAU,UAAU,CAAC,SAAiB,EAAE,IAAgB;IAClE,MAAM,aAAa,GAAG,wBAAwB,CAAC,SAAS,CAAC,CAAC;IAC1D,IAAI,CAAC,aAAa,EAAE,CAAC;QACnB,MAAM,IAAI,KAAK,CACb,qBAAqB,SAAS,gDAAgD,MAAM,CAAC,IAAI,CACvF,wBAAwB,CACzB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CACf,CAAC;IACJ,CAAC;IACD,MAAM,IAAI,GAAG,IAAA,wBAAgB,EAAC,aAAa,CAAC,CAAC;IAC7C,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;IAC/B,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC;IAC7B,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;GAGG;AACH,SAAgB,YAAY,CAAC,SAAiB,EAAE,IAAgB;IAC9D,MAAM,eAAe,GAAG,wBAAwB,CAAC,SAAS,CAAC,CAAC;IAC5D,IAAI,CAAC,eAAe,EAAE,CAAC;QACrB,MAAM,IAAI,KAAK,CACb,qBAAqB,SAAS,gDAAgD,MAAM,CAAC,IAAI,CACvF,wBAAwB,CACzB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CACf,CAAC;IACJ,CAAC;IACD,MAAM,QAAQ,GAAG,IAAA,0BAAkB,EAAC,eAAe,CAAC,CAAC;IACrD,QAAQ,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;IACnC,QAAQ,CAAC,GAAG,EAAE,CAAC;IACf,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;;GAGG;AACH,SAAgB,WAAW,CAAC,MAAc;IACxC,OAAO,IAAA,yBAAiB,EAAC,MAAM,CAAC,CAAC;AACnC,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport {\n Verify,\n createHash as cryptoCreateHash,\n createVerify as cryptoCreateVerify,\n randomBytes as cryptoRandomBytes,\n} from \"node:crypto\";\n\n/*\n @internal\n * Mapping between signature algorithms and their corresponding hash algorithms. Externally used for testing.\n /\nconst algorithmToHashAlgorithm: { [s: string]: string } = {\n ES256: \"SHA256\",\n ES256K: \"SHA256\",\n PS256: \"SHA256\",\n RS256: \"SHA256\",\n ES384: \"SHA384\",\n PS384: \"SHA384\",\n RS384: \"SHA384\",\n ES512: \"SHA512\",\n PS512: \"SHA512\",\n RS512: \"SHA512\",\n};\n\n/\n * @internal\n * Use the platform-local hashing functionality\n /\nexport async function createHash(algorithm: string, data: Uint8Array): Promise<Buffer> {\n const hashAlgorithm = algorithmToHashAlgorithm[algorithm];\n if (!hashAlgorithm) {\n throw new Error(\n `Invalid algorithm ${algorithm} passed to createHash. Supported algorithms: ${Object.keys(\n algorithmToHashAlgorithm,\n ).join(\", \")}`,\n );\n }\n const hash = cryptoCreateHash(hashAlgorithm);\n hash.update(Buffer.from(data));\n const digest = hash.digest();\n return digest;\n}\n\n/\n @internal\n * Use the platform-local verify functionality\n /\nexport function createVerify(algorithm: string, data: Uint8Array): Verify {\n const verifyAlgorithm = algorithmToHashAlgorithm[algorithm];\n if (!verifyAlgorithm) {\n throw new Error(\n `Invalid algorithm ${algorithm} passed to createHash. Supported algorithms: ${Object.keys(\n algorithmToHashAlgorithm,\n ).join(\", \")}`,\n );\n }\n const verifier = cryptoCreateVerify(verifyAlgorithm);\n verifier.update(Buffer.from(data));\n verifier.end();\n return verifier;\n}\n\n/\n @internal\n * Use the platform-local randomBytes functionality\n */\nexport function randomBytes(length: number): Uint8Array {\n return cryptoRandomBytes(length);\n}\n"]}
				`@@ -0,0 +1 @@`
				{"version":3,"file":"models.d.ts","sourceRoot":"","sources":["../../../src/cryptography/models.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AACtD,OAAO,EACL,cAAc,EACd,iBAAiB,EACjB,aAAa,EACb,cAAc,EACd,iBAAiB,EACjB,aAAa,EACb,gBAAgB,EAChB,WAAW,EACX,UAAU,EACV,kBAAkB,EAClB,gBAAgB,EAChB,YAAY,EACZ,aAAa,EACb,YAAY,EACZ,cAAc,EACd,UAAU,EACX,MAAM,aAAa,CAAC;AAErB,qBAAa,iCAAkC,SAAQ,KAAK;CAAG;AAE/D;;;;;;;;;GASG;AACH,MAAM,MAAM,6BAA6B,GACrC,SAAS,GACT,SAAS,GACT,SAAS,GACT,WAAW,GACX,MAAM,GACN,UAAU,GACV,QAAQ,GACR,YAAY,CAAC;AAEjB;;;;GAIG;AACH,MAAM,WAAW,oBAAoB;IACnC;;;;;;OAMG;IACH,OAAO,CAAC,iBAAiB,EAAE,iBAAiB,EAAE,OAAO,CAAC,EAAE,cAAc,GAAG,OAAO,CAAC,aAAa,CAAC,CAAC;IAEhG;;;;;;OAMG;IACH,OAAO,CAAC,iBAAiB,EAAE,iBAAiB,EAAE,OAAO,CAAC,EAAE,cAAc,GAAG,OAAO,CAAC,aAAa,CAAC,CAAC;IAEhG;;;;OAIG;IACH,WAAW,CAAC,SAAS,EAAE,MAAM,EAAE,SAAS,EAAE,6BAA6B,GAAG,OAAO,CAAC;IAElF;;;;;;;OAOG;IACH,OAAO,CACL,SAAS,EAAE,gBAAgB,EAC3B,SAAS,EAAE,UAAU,EACrB,OAAO,CAAC,EAAE,cAAc,GACvB,OAAO,CAAC,UAAU,CAAC,CAAC;IAEvB;;;;;;;OAOG;IACH,SAAS,CACP,SAAS,EAAE,gBAAgB,EAC3B,YAAY,EAAE,UAAU,EACxB,OAAO,CAAC,EAAE,gBAAgB,GACzB,OAAO,CAAC,YAAY,CAAC,CAAC;IAEzB;;;;;;;OAOG;IACH,IAAI,CACF,SAAS,EAAE,kBAAkB,EAC7B,MAAM,EAAE,UAAU,EAClB,OAAO,CAAC,EAAE,WAAW,GACpB,OAAO,CAAC,UAAU,CAAC,CAAC;IAEvB;;;;;;;OAOG;IACH,QAAQ,CACN,SAAS,EAAE,kBAAkB,EAC7B,IAAI,EAAE,UAAU,EAChB,OAAO,CAAC,EAAE,WAAW,GACpB,OAAO,CAAC,UAAU,CAAC,CAAC;IAEvB;;;;;;;;OAQG;IACH,MAAM,CACJ,SAAS,EAAE,kBAAkB,EAC7B,MAAM,EAAE,UAAU,EAClB,SAAS,EAAE,UAAU,EACrB,OAAO,CAAC,EAAE,aAAa,GACtB,OAAO,CAAC,YAAY,CAAC,CAAC;IAEzB;;;;;;;;OAQG;IACH,UAAU,CACR,SAAS,EAAE,MAAM,EACjB,IAAI,EAAE,UAAU,EAChB,SAAS,EAAE,UAAU,EACrB,cAAc,EAAE,gBAAgB,GAC/B,OAAO,CAAC,YAAY,CAAC,CAAC;CAC1B"}
				`@@ -0,0 +1 @@`
				{"version":3,"file":"models.js","sourceRoot":"","sources":["../../../src/cryptography/models.ts"],"names":[],"mappings":";AAAA,uCAAuC;AACvC,kCAAkC;;;AAsBlC,MAAa,iCAAkC,SAAQ,KAAK;CAAG;AAA/D,8EAA+D","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport { OperationOptions } from \"@azure/core-client\";\nimport {\n DecryptOptions,\n DecryptParameters,\n DecryptResult,\n EncryptOptions,\n EncryptParameters,\n EncryptResult,\n KeyWrapAlgorithm,\n SignOptions,\n SignResult,\n SignatureAlgorithm,\n UnwrapKeyOptions,\n UnwrapResult,\n VerifyOptions,\n VerifyResult,\n WrapKeyOptions,\n WrapResult,\n} from \"../index.js\";\n\nexport class LocalCryptographyUnsupportedError extends Error {}\n\n/*\n The set of operations a {@link CryptographyProvider} supports.\n \n This corresponds to every single method on the interface so that providers\n * can declare whether they support this method or not.\n \n Purposely more granular than {@link KnownKeyOperations} because some providers\n * support verifyData but not verify.\n * @internal\n /\nexport type CryptographyProviderOperation =\n \| \"encrypt\"\n \| \"decrypt\"\n \| \"wrapKey\"\n \| \"unwrapKey\"\n \| \"sign\"\n \| \"signData\"\n \| \"verify\"\n \| \"verifyData\";\n\n/\n \n * Represents an object that can perform cryptography operations.\n * @internal\n /\nexport interface CryptographyProvider {\n /\n Encrypts the given plaintext with the specified encryption parameters.\n * @internal\n \n @param encryptParameters - The encryption parameters, keyed on the encryption algorithm chosen.\n * @param options - Additional options.\n /\n encrypt(encryptParameters: EncryptParameters, options?: EncryptOptions): Promise<EncryptResult>;\n\n /\n Decrypts the given ciphertext with the specified decryption parameters.\n * @internal\n \n @param decryptParameters - The decryption parameters.\n * @param options - Additional options.\n /\n decrypt(decryptParameters: DecryptParameters, options?: DecryptOptions): Promise<DecryptResult>;\n\n /\n \n * @param algorithm - The algorithm to check support for.\n * @param operation - The {@link CryptographyProviderOperation} to check support for.\n /\n isSupported(algorithm: string, operation: CryptographyProviderOperation): boolean;\n\n /\n Wraps the given key using the specified cryptography algorithm\n * @internal\n \n @param algorithm - The encryption algorithm to use to wrap the given key.\n * @param keyToWrap - The key to wrap.\n * @param options - Additional options.\n /\n wrapKey(\n algorithm: KeyWrapAlgorithm,\n keyToWrap: Uint8Array,\n options?: WrapKeyOptions,\n ): Promise<WrapResult>;\n\n /\n Unwraps the given wrapped key using the specified cryptography algorithm\n * @internal\n \n @param algorithm - The decryption algorithm to use to unwrap the key.\n * @param encryptedKey - The encrypted key to unwrap.\n * @param options - Additional options.\n /\n unwrapKey(\n algorithm: KeyWrapAlgorithm,\n encryptedKey: Uint8Array,\n options?: UnwrapKeyOptions,\n ): Promise<UnwrapResult>;\n\n /\n Cryptographically sign the digest of a message\n * @internal\n \n @param algorithm - The signing algorithm to use.\n * @param digest - The digest of the data to sign.\n * @param options - Additional options.\n /\n sign(\n algorithm: SignatureAlgorithm,\n digest: Uint8Array,\n options?: SignOptions,\n ): Promise<SignResult>;\n\n /\n Cryptographically sign a block of data\n * @internal\n \n @param algorithm - The signing algorithm to use.\n * @param data - The data to sign.\n * @param options - Additional options.\n /\n signData(\n algorithm: SignatureAlgorithm,\n data: Uint8Array,\n options?: SignOptions,\n ): Promise<SignResult>;\n\n /\n Verify the signed message digest\n * @internal\n \n @param algorithm - The signing algorithm to use to verify with.\n * @param digest - The digest to verify.\n * @param signature - The signature to verify the digest against.\n * @param options - Additional options.\n /\n verify(\n algorithm: SignatureAlgorithm,\n digest: Uint8Array,\n signature: Uint8Array,\n options?: VerifyOptions,\n ): Promise<VerifyResult>;\n\n /\n Verify the signed block of data\n * @internal\n \n @param algorithm - The algorithm to use to verify with.\n * @param data - The signed block of data to verify.\n * @param signature - The signature to verify the block against.\n * @param updatedOptions - Additional options.\n */\n verifyData(\n algorithm: string,\n data: Uint8Array,\n signature: Uint8Array,\n updatedOptions: OperationOptions,\n ): Promise<VerifyResult>;\n}\n"]}
				`@@ -0,0 +1 @@`
				{"version":3,"file":"remoteCryptographyProvider.d.ts","sourceRoot":"","sources":["../../../src/cryptography/remoteCryptographyProvider.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAEnD,OAAO,EACL,cAAc,EACd,iBAAiB,EACjB,aAAa,EACb,cAAc,EACd,iBAAiB,EACjB,aAAa,EACb,gBAAgB,EAChB,WAAW,EACX,UAAU,EACV,gBAAgB,EAChB,aAAa,EACb,YAAY,EACZ,cAAc,EACd,UAAU,EACX,MAAM,gCAAgC,CAAC;AAExC,OAAO,EAAE,YAAY,EAAE,MAAM,gCAAgC,CAAC;AAG9D,OAAO,EACL,yBAAyB,EACzB,aAAa,EACb,WAAW,EAEZ,MAAM,kBAAkB,CAAC;AAG1B,OAAO,EAAE,oBAAoB,EAAE,6BAA6B,EAAE,MAAM,aAAa,CAAC;AAKlF;;;GAGG;AACH,qBAAa,0BAA2B,YAAW,oBAAoB;gBAEnE,GAAG,EAAE,MAAM,GAAG,WAAW,EACzB,UAAU,EAAE,eAAe,EAC3B,eAAe,GAAE,yBAA8B;IAkCjD,WAAW,CAAC,UAAU,EAAE,MAAM,EAAE,UAAU,EAAE,6BAA6B,GAAG,OAAO;IAInF,OAAO,CACL,iBAAiB,EAAE,iBAAiB,EACpC,OAAO,GAAE,cAAmB,GAC3B,OAAO,CAAC,aAAa,CAAC;IA6BzB,OAAO,CACL,iBAAiB,EAAE,iBAAiB,EACpC,OAAO,GAAE,cAAmB,GAC3B,OAAO,CAAC,aAAa,CAAC;IAyBzB,OAAO,CACL,SAAS,EAAE,gBAAgB,EAC3B,SAAS,EAAE,UAAU,EACrB,OAAO,GAAE,cAAmB,GAC3B,OAAO,CAAC,UAAU,CAAC;IAuBtB,SAAS,CACP,SAAS,EAAE,gBAAgB,EAC3B,YAAY,EAAE,UAAU,EACxB,OAAO,GAAE,gBAAqB,GAC7B,OAAO,CAAC,YAAY,CAAC;IAuBxB,IAAI,CAAC,SAAS,EAAE,MAAM,EAAE,MAAM,EAAE,UAAU,EAAE,OAAO,GAAE,WAAgB,GAAG,OAAO,CAAC,UAAU,CAAC;IAmB3F,UAAU,CACR,SAAS,EAAE,MAAM,EACjB,IAAI,EAAE,UAAU,EAChB,SAAS,EAAE,UAAU,EACrB,OAAO,GAAE,aAAkB,GAC1B,OAAO,CAAC,YAAY,CAAC;IAWxB,MAAM,CACJ,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,UAAU,EAClB,SAAS,EAAE,UAAU,EACrB,OAAO,GAAE,aAAkB,GAC1B,OAAO,CAAC,YAAY,CAAC;IAsBxB,QAAQ,CAAC,SAAS,EAAE,MAAM,EAAE,IAAI,EAAE,UAAU,EAAE,OAAO,GAAE,WAAgB,GAAG,OAAO,CAAC,UAAU,CAAC;IAmB7F;;OAEG;IACH,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAE1B;;OAEG;IACH,IAAI,KAAK,IAAI,MAAM,GAAG,SAAS,CAE9B;IAED;;;;OAIG;IACH,MAAM,CAAC,OAAO,GAAE,aAAkB,GAAG,OAAO,CAAC,WAAW,CAAC;IAsBzD;;OAEG;IACH,OAAO,CAAC,MAAM,CAAiB;IAE/B;;;;OAIG;IACH,OAAO,CAAC,GAAG,CAAuB;IAElC;;OAEG;IACH,OAAO,CAAC,IAAI,CAAS;IAErB;;OAEG;IACH,OAAO,CAAC,OAAO,CAAS;IAExB;;OAEG;IACH,OAAO,CAAC,QAAQ;CAUjB"}
				`@@ -0,0 +1 @@`
				{"version":3,"file":"rsaCryptographyProvider.d.ts","sourceRoot":"","sources":["../../../src/cryptography/rsaCryptographyProvider.ts"],"names":[],"mappings":"AAMA,OAAO,EACL,cAAc,EACd,iBAAiB,EACjB,aAAa,EACb,cAAc,EACd,iBAAiB,EACjB,aAAa,EACb,UAAU,EACV,gBAAgB,EAChB,WAAW,EACX,UAAU,EACV,kBAAkB,EAClB,gBAAgB,EAChB,YAAY,EACZ,aAAa,EACb,YAAY,EACZ,cAAc,EACd,UAAU,EACX,MAAM,aAAa,CAAC;AAErB,OAAO,EACL,oBAAoB,EACpB,6BAA6B,EAE9B,MAAM,aAAa,CAAC;AAErB;;GAEG;AACH,qBAAa,uBAAwB,YAAW,oBAAoB;gBACtD,GAAG,EAAE,UAAU;IAI3B,WAAW,CAAC,SAAS,EAAE,MAAM,EAAE,SAAS,EAAE,6BAA6B,GAAG,OAAO;IAMjF,OAAO,CAAC,iBAAiB,EAAE,iBAAiB,EAAE,QAAQ,CAAC,EAAE,cAAc,GAAG,OAAO,CAAC,aAAa,CAAC;IAiBhG,OAAO,CACL,kBAAkB,EAAE,iBAAiB,EACrC,QAAQ,CAAC,EAAE,cAAc,GACxB,OAAO,CAAC,aAAa,CAAC;IAMzB,OAAO,CACL,SAAS,EAAE,gBAAgB,EAC3B,SAAS,EAAE,UAAU,EACrB,QAAQ,CAAC,EAAE,cAAc,GACxB,OAAO,CAAC,UAAU,CAAC;IAatB,SAAS,CACP,UAAU,EAAE,gBAAgB,EAC5B,aAAa,EAAE,UAAU,EACzB,QAAQ,CAAC,EAAE,gBAAgB,GAC1B,OAAO,CAAC,YAAY,CAAC;IAMxB,IAAI,CACF,UAAU,EAAE,kBAAkB,EAC9B,OAAO,EAAE,UAAU,EACnB,QAAQ,CAAC,EAAE,WAAW,GACrB,OAAO,CAAC,UAAU,CAAC;IAMtB,QAAQ,CACN,UAAU,EAAE,kBAAkB,EAC9B,KAAK,EAAE,UAAU,EACjB,QAAQ,CAAC,EAAE,WAAW,GACrB,OAAO,CAAC,UAAU,CAAC;IAMhB,MAAM,CACV,UAAU,EAAE,kBAAkB,EAC9B,OAAO,EAAE,UAAU,EACnB,UAAU,EAAE,UAAU,EACtB,QAAQ,CAAC,EAAE,aAAa,GACvB,OAAO,CAAC,YAAY,CAAC;IAMxB,UAAU,CACR,SAAS,EAAE,kBAAkB,EAC7B,IAAI,EAAE,UAAU,EAChB,SAAS,EAAE,UAAU,EACrB,QAAQ,CAAC,EAAE,aAAa,GACvB,OAAO,CAAC,YAAY,CAAC;IAWxB;;OAEG;IACH,OAAO,CAAC,GAAG,CAAa;IAExB;;OAEG;IACH,OAAO,CAAC,oBAAoB,CAS1B;IAEF;;OAEG;IACH,OAAO,CAAC,oBAAoB,CAI1B;IAEF;;;OAGG;IACH,iCAAiC,EAAE;QAAE,CAAC,CAAC,EAAE,MAAM,GAAG,MAAM,CAAA;KAAE,CAOxD;IAEF,OAAO,CAAC,WAAW;CASpB"}