{"version":3,"file":"aws-client.mjs","names":[],"sources":["../../src/aws/aws-client.ts"],"sourcesContent":["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nimport { Secp256k1PublicKey } from '@mysten/sui/keypairs/secp256k1';\nimport { Secp256r1PublicKey } from '@mysten/sui/keypairs/secp256r1';\nimport { fromBase64 } from '@mysten/sui/utils';\n\nimport { publicKeyFromDER } from '../utils/utils.js';\nimport { AwsClient } from './aws4fetch.js';\n\ninterface KmsCommands {\n\tSign: {\n\t\trequest: {\n\t\t\tKeyId: string;\n\t\t\tMessage: string;\n\t\t\tMessageType: 'RAW' | 'DIGEST';\n\t\t\tSigningAlgorithm: 'ECDSA_SHA_256';\n\t\t};\n\t\tresponse: {\n\t\t\tKeyId: string;\n\t\t\tKeyOrigin: string;\n\t\t\tSignature: string;\n\t\t\tSigningAlgorithm: string;\n\t\t};\n\t};\n\tGetPublicKey: {\n\t\trequest: { KeyId: string };\n\t\tresponse: {\n\t\t\tCustomerMasterKeySpec: string;\n\t\t\tKeyId: string;\n\t\t\tKeyOrigin: string;\n\t\t\tKeySpec: string;\n\t\t\tKeyUsage: string;\n\t\t\tPublicKey: string;\n\t\t\tSigningAlgorithms: string[];\n\t\t};\n\t};\n}\n\nexport interface AwsClientOptions extends Partial[0]> {}\n\nexport class AwsKmsClient extends AwsClient {\n\tconstructor(options: AwsClientOptions = {}) {\n\t\tif (!options.accessKeyId || !options.secretAccessKey) {\n\t\t\tthrow new Error('AWS Access Key ID and Secret Access Key are required');\n\t\t}\n\n\t\tif (!options.region) {\n\t\t\tthrow new Error('Region is required');\n\t\t}\n\n\t\tsuper({\n\t\t\tregion: options.region,\n\t\t\taccessKeyId: options.accessKeyId,\n\t\t\tsecretAccessKey: options.secretAccessKey,\n\t\t\tservice: 'kms',\n\t\t\t...options,\n\t\t});\n\t}\n\n\tasync getPublicKey(keyId: string) {\n\t\tconst publicKeyResponse = await this.runCommand('GetPublicKey', { KeyId: keyId });\n\n\t\tif (!publicKeyResponse.PublicKey) {\n\t\t\tthrow new Error('Public Key not found for the supplied `keyId`');\n\t\t}\n\n\t\tconst compressedKey = publicKeyFromDER(fromBase64(publicKeyResponse.PublicKey));\n\n\t\tswitch (publicKeyResponse.KeySpec) {\n\t\t\tcase 'ECC_NIST_P256':\n\t\t\t\treturn new Secp256r1PublicKey(compressedKey);\n\t\t\tcase 'ECC_SECG_P256K1':\n\t\t\t\treturn new Secp256k1PublicKey(compressedKey);\n\t\t\tdefault:\n\t\t\t\tthrow new Error('Unsupported key spec: ' + publicKeyResponse.KeySpec);\n\t\t}\n\t}\n\n\tasync runCommand(\n\t\tcommand: T,\n\t\tbody: KmsCommands[T]['request'],\n\t\t{\n\t\t\tregion = this.region!,\n\t\t}: {\n\t\t\tregion?: string;\n\t\t} = {},\n\t): Promise {\n\t\tif (!region) {\n\t\t\tthrow new Error('Region is required');\n\t\t}\n\n\t\tconst res = await this.fetch(`https://kms.${region}.amazonaws.com/`, {\n\t\t\theaders: {\n\t\t\t\t'Content-Type': 'application/x-amz-json-1.1',\n\t\t\t\t'X-Amz-Target': `TrentService.${command}`,\n\t\t\t},\n\t\t\tbody: JSON.stringify(body),\n\t\t});\n\n\t\tif (!res.ok) {\n\t\t\tthrow new Error(await res.text());\n\t\t}\n\n\t\treturn res.json();\n\t}\n}\n"],"mappings":";;;;;;;AAyCA,IAAa,eAAb,cAAkC,UAAU;CAC3C,YAAY,UAA4B,EAAE,EAAE;AAC3C,MAAI,CAAC,QAAQ,eAAe,CAAC,QAAQ,gBACpC,OAAM,IAAI,MAAM,uDAAuD;AAGxE,MAAI,CAAC,QAAQ,OACZ,OAAM,IAAI,MAAM,qBAAqB;AAGtC,QAAM;GACL,QAAQ,QAAQ;GAChB,aAAa,QAAQ;GACrB,iBAAiB,QAAQ;GACzB,SAAS;GACT,GAAG;GACH,CAAC;;CAGH,MAAM,aAAa,OAAe;EACjC,MAAM,oBAAoB,MAAM,KAAK,WAAW,gBAAgB,EAAE,OAAO,OAAO,CAAC;AAEjF,MAAI,CAAC,kBAAkB,UACtB,OAAM,IAAI,MAAM,gDAAgD;EAGjE,MAAM,gBAAgB,iBAAiB,WAAW,kBAAkB,UAAU,CAAC;AAE/E,UAAQ,kBAAkB,SAA1B;GACC,KAAK,gBACJ,QAAO,IAAI,mBAAmB,cAAc;GAC7C,KAAK,kBACJ,QAAO,IAAI,mBAAmB,cAAc;GAC7C,QACC,OAAM,IAAI,MAAM,2BAA2B,kBAAkB,QAAQ;;;CAIxE,MAAM,WACL,SACA,MACA,EACC,SAAS,KAAK,WAGX,EAAE,EACgC;AACtC,MAAI,CAAC,OACJ,OAAM,IAAI,MAAM,qBAAqB;EAGtC,MAAM,MAAM,MAAM,KAAK,MAAM,eAAe,OAAO,kBAAkB;GACpE,SAAS;IACR,gBAAgB;IAChB,gBAAgB,gBAAgB;IAChC;GACD,MAAM,KAAK,UAAU,KAAK;GAC1B,CAAC;AAEF,MAAI,CAAC,IAAI,GACR,OAAM,IAAI,MAAM,MAAM,IAAI,MAAM,CAAC;AAGlC,SAAO,IAAI,MAAM"}