{"version":3,"file":"keyOps.mjs","names":[],"sources":["../../../../src/modules/kms/jwk/keyOps.ts"],"sourcesContent":["import { z } from 'zod'\nimport { zUniqueArray } from '../../../utils/zod'\nimport { KeyManagementError } from '../error/KeyManagementError'\nimport { getJwkHumanDescription } from './humanDescription'\nimport type { KmsJwkPrivate, KmsJwkPublic } from './knownJwk'\n\nexport const zKnownJwkUse = z.union([z.literal('sig').describe('signature'), z.literal('enc').describe('encryption')])\nexport type KnownJwkUse = z.output<typeof zKnownJwkUse>\n\nexport const zJwkUse = z.union([zKnownJwkUse, z.string()])\nexport type JwkUse = z.output<typeof zJwkUse>\n\nexport const zKnownJwkKeyOps = z.union([\n  z.literal('sign').describe('compute digital signature or MAC'),\n  z.literal('verify').describe('verify digital signature or MAC'),\n  z.literal('encrypt').describe('encrypt content'),\n  z.literal('decrypt').describe('decrypt content and validate decryption, if applicable'),\n  z.literal('wrapKey').describe('encrypt key'),\n  z.literal('unwrapKey').describe('decrypt key and validate decryption, if applicable'),\n  z.literal('deriveKey').describe('derive key'),\n  z.literal('deriveBits').describe('derive bits not to be used as a key'),\n])\nexport type KnownJwkKeyOps = z.output<typeof zKnownJwkKeyOps>\n\nexport const zJwkKeyOps = zUniqueArray(z.union([zKnownJwkKeyOps, z.string()]))\nexport type JwkKeyOps = z.output<typeof zJwkKeyOps>\n\nexport function keyAllowsDerive(key: KmsJwkPublic | KmsJwkPrivate): boolean {\n  // Check if key has use/key_ops restrictions\n  if (key.use && key.use !== 'enc') {\n    return false\n  }\n  if (key.key_ops && !key.key_ops.includes('deriveKey')) {\n    return false\n  }\n  return true\n}\n\nexport function assertKeyAllowsDerive(jwk: KmsJwkPrivate | KmsJwkPublic) {\n  if (!keyAllowsDerive(jwk)) {\n    throw new KeyManagementError(`${getJwkHumanDescription(jwk)} usage does not allow key derivation operations`)\n  }\n}\n\nexport function keyAllowsVerify(key: KmsJwkPublic | KmsJwkPrivate): boolean {\n  // Check if key has use/key_ops restrictions\n  if (key.use && key.use !== 'sig') {\n    return false\n  }\n  if (key.key_ops && !key.key_ops.includes('verify')) {\n    return false\n  }\n  return true\n}\n\nexport function assertKeyAllowsVerify(jwk: KmsJwkPrivate | KmsJwkPublic) {\n  if (!keyAllowsVerify(jwk)) {\n    throw new KeyManagementError(`${getJwkHumanDescription(jwk)} usage does not allow verification operations`)\n  }\n}\n\nexport function keyAllowsSign(key: KmsJwkPrivate | KmsJwkPublic): boolean {\n  // Check if key has use/key_ops restrictions\n  if (key.use && key.use !== 'sig') {\n    return false\n  }\n  if (key.key_ops && !key.key_ops.includes('sign')) {\n    return false\n  }\n  return true\n}\n\nexport function assertKeyAllowsSign(jwk: KmsJwkPrivate | KmsJwkPublic) {\n  if (!keyAllowsSign(jwk)) {\n    throw new KeyManagementError(`${getJwkHumanDescription(jwk)} usage does not allow signing operations`)\n  }\n}\n\nexport function keyAllowsEncrypt(key: KmsJwkPublic | KmsJwkPrivate): boolean {\n  // Check if key has use/key_ops restrictions\n  if (key.use && key.use !== 'enc') {\n    return false\n  }\n  if (key.key_ops && !key.key_ops.includes('encrypt')) {\n    return false\n  }\n  return true\n}\n\nexport function assertKeyAllowsEncrypt(jwk: KmsJwkPrivate | KmsJwkPublic) {\n  if (!keyAllowsEncrypt(jwk)) {\n    throw new KeyManagementError(`${getJwkHumanDescription(jwk)} usage does not allow encryption operations`)\n  }\n}\n\nexport function keyAllowsDecrypt(key: KmsJwkPublic | KmsJwkPrivate): boolean {\n  // Check if key has use/key_ops restrictions\n  if (key.use && key.use !== 'enc') {\n    return false\n  }\n  if (key.key_ops && !key.key_ops.includes('decrypt')) {\n    return false\n  }\n  return true\n}\n\nexport function assertKeyAllowsDecrypt(jwk: KmsJwkPrivate | KmsJwkPublic) {\n  if (!keyAllowsDecrypt(jwk)) {\n    throw new KeyManagementError(`${getJwkHumanDescription(jwk)} usage does not allow decryption operations`)\n  }\n}\n"],"mappings":";;;;;;;;AAMA,MAAa,eAAe,EAAE,MAAM,CAAC,EAAE,QAAQ,MAAM,CAAC,SAAS,YAAY,EAAE,EAAE,QAAQ,MAAM,CAAC,SAAS,aAAa,CAAC,CAAC;AAGtH,MAAa,UAAU,EAAE,MAAM,CAAC,cAAc,EAAE,QAAQ,CAAC,CAAC;AAG1D,MAAa,kBAAkB,EAAE,MAAM;CACrC,EAAE,QAAQ,OAAO,CAAC,SAAS,mCAAmC;CAC9D,EAAE,QAAQ,SAAS,CAAC,SAAS,kCAAkC;CAC/D,EAAE,QAAQ,UAAU,CAAC,SAAS,kBAAkB;CAChD,EAAE,QAAQ,UAAU,CAAC,SAAS,yDAAyD;CACvF,EAAE,QAAQ,UAAU,CAAC,SAAS,cAAc;CAC5C,EAAE,QAAQ,YAAY,CAAC,SAAS,qDAAqD;CACrF,EAAE,QAAQ,YAAY,CAAC,SAAS,aAAa;CAC7C,EAAE,QAAQ,aAAa,CAAC,SAAS,sCAAsC;CACxE,CAAC;AAGF,MAAa,aAAa,aAAa,EAAE,MAAM,CAAC,iBAAiB,EAAE,QAAQ,CAAC,CAAC,CAAC;AAG9E,SAAgB,gBAAgB,KAA4C;AAE1E,KAAI,IAAI,OAAO,IAAI,QAAQ,MACzB,QAAO;AAET,KAAI,IAAI,WAAW,CAAC,IAAI,QAAQ,SAAS,YAAY,CACnD,QAAO;AAET,QAAO;;AAGT,SAAgB,sBAAsB,KAAmC;AACvE,KAAI,CAAC,gBAAgB,IAAI,CACvB,OAAM,IAAI,mBAAmB,GAAG,uBAAuB,IAAI,CAAC,iDAAiD;;AAIjH,SAAgB,gBAAgB,KAA4C;AAE1E,KAAI,IAAI,OAAO,IAAI,QAAQ,MACzB,QAAO;AAET,KAAI,IAAI,WAAW,CAAC,IAAI,QAAQ,SAAS,SAAS,CAChD,QAAO;AAET,QAAO;;AAGT,SAAgB,sBAAsB,KAAmC;AACvE,KAAI,CAAC,gBAAgB,IAAI,CACvB,OAAM,IAAI,mBAAmB,GAAG,uBAAuB,IAAI,CAAC,+CAA+C;;AAI/G,SAAgB,cAAc,KAA4C;AAExE,KAAI,IAAI,OAAO,IAAI,QAAQ,MACzB,QAAO;AAET,KAAI,IAAI,WAAW,CAAC,IAAI,QAAQ,SAAS,OAAO,CAC9C,QAAO;AAET,QAAO;;AAGT,SAAgB,oBAAoB,KAAmC;AACrE,KAAI,CAAC,cAAc,IAAI,CACrB,OAAM,IAAI,mBAAmB,GAAG,uBAAuB,IAAI,CAAC,0CAA0C;;AAI1G,SAAgB,iBAAiB,KAA4C;AAE3E,KAAI,IAAI,OAAO,IAAI,QAAQ,MACzB,QAAO;AAET,KAAI,IAAI,WAAW,CAAC,IAAI,QAAQ,SAAS,UAAU,CACjD,QAAO;AAET,QAAO;;AAGT,SAAgB,uBAAuB,KAAmC;AACxE,KAAI,CAAC,iBAAiB,IAAI,CACxB,OAAM,IAAI,mBAAmB,GAAG,uBAAuB,IAAI,CAAC,6CAA6C;;AAI7G,SAAgB,iBAAiB,KAA4C;AAE3E,KAAI,IAAI,OAAO,IAAI,QAAQ,MACzB,QAAO;AAET,KAAI,IAAI,WAAW,CAAC,IAAI,QAAQ,SAAS,UAAU,CACjD,QAAO;AAET,QAAO;;AAGT,SAAgB,uBAAuB,KAAmC;AACxE,KAAI,CAAC,iBAAiB,IAAI,CACxB,OAAM,IAAI,mBAAmB,GAAG,uBAAuB,IAAI,CAAC,6CAA6C"}