{"version":3,"file":"KmsDecryptOptions.mjs","names":[],"sources":["../../../../src/modules/kms/options/KmsDecryptOptions.ts"],"sourcesContent":["import { z } from 'zod'\nimport { zAnyUint8Array } from '../../../utils/zod'\nimport { KnownJwaContentEncryptionAlgorithms } from '../jwk/jwa'\nimport { zKmsJwkPrivateOct } from '../jwk/kty/oct/octJwk'\nimport { zKmsKeyId } from './common'\nimport { zKmsKeyAgreementDecryptOptions } from './KmsKeyAgreementDecryptOptions'\n\nconst zKmsDecryptDataDecryptionAesGcm = z.object({\n  // AES-GCM Content Decryption\n  algorithm: z.enum([\n    KnownJwaContentEncryptionAlgorithms.A128GCM,\n    KnownJwaContentEncryptionAlgorithms.A192GCM,\n    KnownJwaContentEncryptionAlgorithms.A256GCM,\n  ]),\n\n  iv: zAnyUint8Array.refine((iv) => iv.length === 12, 'iv must be 12 bytes for AES GCM'),\n  aad: z.optional(zAnyUint8Array),\n  tag: zAnyUint8Array,\n})\nexport type KmsDecryptDataDecryptionAesGcm = z.output<typeof zKmsDecryptDataDecryptionAesGcm>\n\n// AES-CBC Content Decryption\nconst zKmsDecryptDataDecryptionAesCbc = z.object({\n  algorithm: z.enum([KnownJwaContentEncryptionAlgorithms.A128CBC, KnownJwaContentEncryptionAlgorithms.A256CBC]),\n  iv: zAnyUint8Array.refine((iv) => iv.length === 16, 'iv must be 16 bytes for AES CBC'),\n})\nexport type KmsDecryptDataDecryptionAesCbc = z.output<typeof zKmsDecryptDataDecryptionAesCbc>\n\n// AES-CBC Content Decryption\nconst zKmsDecryptDataDecryptionAesCbcHmac = z.object({\n  algorithm: z.enum([\n    KnownJwaContentEncryptionAlgorithms.A128CBC_HS256,\n    KnownJwaContentEncryptionAlgorithms.A192CBC_HS384,\n    KnownJwaContentEncryptionAlgorithms.A256CBC_HS512,\n  ]),\n  iv: zAnyUint8Array.refine((iv) => iv.length === 16, 'iv must be 16 bytes for AES CBC with HMAC'),\n  aad: z.optional(zAnyUint8Array),\n  tag: zAnyUint8Array,\n})\nexport type KmsDecryptDataDecryptionAesCbcHmac = z.output<typeof zKmsDecryptDataDecryptionAesCbcHmac>\n\n// XSalsa20-Poly1305 Content Decryption\nconst zKmsDecryptDataDecryptionSalsa = z.object({\n  algorithm: z.enum([KnownJwaContentEncryptionAlgorithms['XSALSA20-POLY1305']]),\n  iv: zAnyUint8Array.optional(),\n})\n\n// ChaCha20-Poly1305 Content Decryption\nconst zKmsDecryptDataDecryptionC20p = z.object({\n  algorithm: z.enum([KnownJwaContentEncryptionAlgorithms.C20P, KnownJwaContentEncryptionAlgorithms.XC20P]),\n  iv: zAnyUint8Array,\n  aad: z.optional(zAnyUint8Array),\n  tag: zAnyUint8Array,\n})\n// FIXME: see how we can do refine with the discriminated union\n// .refine(\n//   ({ iv, algorithm }) => iv.length === (algorithm === 'C20P' ? 12 : 24),\n//   `iv must be 12 bytes for C20P (ChaCha20-Poly1305) or 24 bytes for XC20P (XChaCha20-Poly1305)`\n// )\nexport type KmsDecryptDataDecryptionC20p = z.output<typeof zKmsDecryptDataDecryptionC20p>\n\nconst zKmsDecryptDataDecryption = z.discriminatedUnion('algorithm', [\n  zKmsDecryptDataDecryptionAesCbc,\n  zKmsDecryptDataDecryptionAesCbcHmac,\n  zKmsDecryptDataDecryptionAesGcm,\n  zKmsDecryptDataDecryptionC20p,\n  zKmsDecryptDataDecryptionSalsa,\n])\nexport type KmsDecryptDataDecryption = z.output<typeof zKmsDecryptDataDecryption>\n\nexport const zKmsDecryptOptions = z.object({\n  /**\n   * The key to use for decrypting. There are three possible formats:\n   * - a key id, pointing to a symmetric (oct) jwk that can be used directly for decryption\n   * - a private symmetric (oct) jwk object that can be used directly for decryption\n   * - an object configuring key agreement, based on an existing asymmetric key\n   */\n  key: z.union([\n    z.object({\n      keyId: zKmsKeyId,\n\n      // never helps with type narrowing\n      privateJwk: z.never().optional(),\n      keyAgreement: z.never().optional(),\n    }),\n    z.object({\n      privateJwk: zKmsJwkPrivateOct.describe('A private oct (symmetric) jwk'),\n\n      // never helps with type narrowing\n      keyId: z.never().optional(),\n      keyAgreement: z.never().optional(),\n    }),\n    z.object({\n      keyAgreement: zKmsKeyAgreementDecryptOptions,\n\n      // never helps with type narrowing\n      keyId: z.never().optional(),\n      privateJwk: z.never().optional(),\n    }),\n  ]),\n\n  /**\n   * The decryption algorithm used to decrypt the data/content.\n   * In JWE this parameter is referred to as \"enc\".\n   */\n  decryption: zKmsDecryptDataDecryption.describe(\n    'Options related to the decryption algorithm to use for decrypting the data'\n  ),\n\n  /**\n   * The encrypted data to decrypt\n   */\n  encrypted: zAnyUint8Array.describe('The encrypted data to decrypt'),\n})\n\nexport type KmsDecryptOptions = z.output<typeof zKmsDecryptOptions>\n\nexport interface KmsDecryptReturn {\n  /**\n   * The decrypted data\n   */\n  data: Uint8Array\n}\n"],"mappings":";;;;;;;;;;AAOA,MAAM,kCAAkC,EAAE,OAAO;CAE/C,WAAW,EAAE,KAAK;EAChB,oCAAoC;EACpC,oCAAoC;EACpC,oCAAoC;EACrC,CAAC;CAEF,IAAI,eAAe,QAAQ,OAAO,GAAG,WAAW,IAAI,kCAAkC;CACtF,KAAK,EAAE,SAAS,eAAe;CAC/B,KAAK;CACN,CAAC;AAIF,MAAM,kCAAkC,EAAE,OAAO;CAC/C,WAAW,EAAE,KAAK,CAAC,oCAAoC,SAAS,oCAAoC,QAAQ,CAAC;CAC7G,IAAI,eAAe,QAAQ,OAAO,GAAG,WAAW,IAAI,kCAAkC;CACvF,CAAC;AAIF,MAAM,sCAAsC,EAAE,OAAO;CACnD,WAAW,EAAE,KAAK;EAChB,oCAAoC;EACpC,oCAAoC;EACpC,oCAAoC;EACrC,CAAC;CACF,IAAI,eAAe,QAAQ,OAAO,GAAG,WAAW,IAAI,4CAA4C;CAChG,KAAK,EAAE,SAAS,eAAe;CAC/B,KAAK;CACN,CAAC;AAIF,MAAM,iCAAiC,EAAE,OAAO;CAC9C,WAAW,EAAE,KAAK,CAAC,oCAAoC,qBAAqB,CAAC;CAC7E,IAAI,eAAe,UAAU;CAC9B,CAAC;AAGF,MAAM,gCAAgC,EAAE,OAAO;CAC7C,WAAW,EAAE,KAAK,CAAC,oCAAoC,MAAM,oCAAoC,MAAM,CAAC;CACxG,IAAI;CACJ,KAAK,EAAE,SAAS,eAAe;CAC/B,KAAK;CACN,CAAC;AAQF,MAAM,4BAA4B,EAAE,mBAAmB,aAAa;CAClE;CACA;CACA;CACA;CACA;CACD,CAAC;AAGF,MAAa,qBAAqB,EAAE,OAAO;CAOzC,KAAK,EAAE,MAAM;EACX,EAAE,OAAO;GACP,OAAO;GAGP,YAAY,EAAE,OAAO,CAAC,UAAU;GAChC,cAAc,EAAE,OAAO,CAAC,UAAU;GACnC,CAAC;EACF,EAAE,OAAO;GACP,YAAY,kBAAkB,SAAS,gCAAgC;GAGvE,OAAO,EAAE,OAAO,CAAC,UAAU;GAC3B,cAAc,EAAE,OAAO,CAAC,UAAU;GACnC,CAAC;EACF,EAAE,OAAO;GACP,cAAc;GAGd,OAAO,EAAE,OAAO,CAAC,UAAU;GAC3B,YAAY,EAAE,OAAO,CAAC,UAAU;GACjC,CAAC;EACH,CAAC;CAMF,YAAY,0BAA0B,SACpC,6EACD;CAKD,WAAW,eAAe,SAAS,gCAAgC;CACpE,CAAC"}