{"version":3,"file":"KmsKeyAgreementEncryptOptions.mjs","names":[],"sources":["../../../../src/modules/kms/options/KmsKeyAgreementEncryptOptions.ts"],"sourcesContent":["import { z } from 'zod'\nimport { zAnyUint8Array } from '../../../utils/zod'\nimport { zKmsJwkPublicEc } from '../jwk/kty/ec/ecJwk'\nimport { zKmsJwkPublicOkp } from '../jwk/kty/okp/okpJwk'\nimport { zKmsKeyId } from './common'\n\nexport const zKmsJwkPublicEcdh = z.union([\n  zKmsJwkPublicOkp.extend({ crv: zKmsJwkPublicOkp.shape.crv.extract(['X25519']) }),\n  zKmsJwkPublicEc.extend({ crv: zKmsJwkPublicEc.shape.crv.extract(['P-256', 'P-384', 'P-521', 'secp256k1']) }),\n])\n\nexport type KmsJwkPublicEcdh = z.infer<typeof zKmsJwkPublicEcdh>\n\nexport const zKmsKeyAgreementEcdhEs = z.object({\n  /**\n   * The key id pointing to the ephemeral public key.\n   *\n   * The key type MUST match with the externalPublicJwk\n   */\n  keyId: zKmsKeyId,\n\n  algorithm: z.literal('ECDH-ES'),\n\n  externalPublicJwk: zKmsJwkPublicEcdh,\n\n  apu: z.optional(zAnyUint8Array),\n  apv: z.optional(zAnyUint8Array),\n})\nexport type KmsKeyAgreementEcdhEs = z.output<typeof zKmsKeyAgreementEcdhEs>\n\nconst zKmsKeyAgreementEncryptEcdhEsKw = z.object({\n  /**\n   * The key id pointing to the ephemeral public key.\n   *\n   * The key type MUST match with the externalPublicJwk\n   */\n  keyId: zKmsKeyId,\n\n  algorithm: z.enum(['ECDH-ES+A128KW', 'ECDH-ES+A192KW', 'ECDH-ES+A256KW']),\n\n  externalPublicJwk: zKmsJwkPublicEcdh,\n\n  apu: z.optional(zAnyUint8Array),\n  apv: z.optional(zAnyUint8Array),\n})\nexport type KmsKeyAgreementEncryptEcdhEsKw = z.output<typeof zKmsKeyAgreementEncryptEcdhEsKw>\n\nconst zKmsKeyAgreementEncryptEcdhHsalsa20 = z.object({\n  /**\n   * The key id to use for encrypting the content encryption key.\n   * If no key id is provided, anonymous encryption is used.\n   */\n  keyId: zKmsKeyId.optional(),\n\n  /**\n   * Perform key agreement based on the HSALSA20 as used in Libsodium's\n   * Cryptobox. This is not based on an official JWA algorithm, but is\n   * used primarily for DIDComm v1 messaging.\n   */\n  algorithm: z.literal('ECDH-HSALSA20'),\n\n  externalPublicJwk: zKmsJwkPublicOkp.extend({ crv: zKmsJwkPublicOkp.shape.crv.extract(['X25519']) }),\n})\nexport type KmsKeyAgreementEncryptEcdhHsalsa20 = z.output<typeof zKmsKeyAgreementEncryptEcdhHsalsa20>\n\nexport const zKmsKeyAgreementEncryptOptions = z\n  .discriminatedUnion('algorithm', [\n    zKmsKeyAgreementEcdhEs,\n    zKmsKeyAgreementEncryptEcdhEsKw,\n    zKmsKeyAgreementEncryptEcdhHsalsa20,\n  ])\n  .describe('Options for key agreement based on an asymmetric key.')\nexport type KmsKeyAgreementEncryptOptions = z.output<typeof zKmsKeyAgreementEncryptOptions>\n"],"mappings":";;;;;;;;;AAMA,MAAa,oBAAoB,EAAE,MAAM,CACvC,iBAAiB,OAAO,EAAE,KAAK,iBAAiB,MAAM,IAAI,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC,EAChF,gBAAgB,OAAO,EAAE,KAAK,gBAAgB,MAAM,IAAI,QAAQ;CAAC;CAAS;CAAS;CAAS;CAAY,CAAC,EAAE,CAAC,CAC7G,CAAC;AAIF,MAAa,yBAAyB,EAAE,OAAO;CAM7C,OAAO;CAEP,WAAW,EAAE,QAAQ,UAAU;CAE/B,mBAAmB;CAEnB,KAAK,EAAE,SAAS,eAAe;CAC/B,KAAK,EAAE,SAAS,eAAe;CAChC,CAAC;AAGF,MAAM,kCAAkC,EAAE,OAAO;CAM/C,OAAO;CAEP,WAAW,EAAE,KAAK;EAAC;EAAkB;EAAkB;EAAiB,CAAC;CAEzE,mBAAmB;CAEnB,KAAK,EAAE,SAAS,eAAe;CAC/B,KAAK,EAAE,SAAS,eAAe;CAChC,CAAC;AAGF,MAAM,sCAAsC,EAAE,OAAO;CAKnD,OAAO,UAAU,UAAU;CAO3B,WAAW,EAAE,QAAQ,gBAAgB;CAErC,mBAAmB,iBAAiB,OAAO,EAAE,KAAK,iBAAiB,MAAM,IAAI,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;CACpG,CAAC;AAGF,MAAa,iCAAiC,EAC3C,mBAAmB,aAAa;CAC/B;CACA;CACA;CACD,CAAC,CACD,SAAS,wDAAwD"}