Commit iniziale

node_modules/@azure/msal-browser/dist/crypto/BrowserCrypto.d.ts

@@ -0,0 +1,80 @@
+import { IPerformanceClient } from "@azure/msal-common/browser";
+/**
+ * Check whether browser crypto is available.
+ */
+export declare function validateCryptoAvailable(skipValidateSubtleCrypto: boolean): void;
+/**
+ * Returns a sha-256 hash of the given dataString as an ArrayBuffer.
+ * @param dataString {string} data string
+ * @param performanceClient {?IPerformanceClient}
+ * @param correlationId {?string} correlation id
+ */
+export declare function sha256Digest(dataString: string, performanceClient?: IPerformanceClient, correlationId?: string): Promise<ArrayBuffer>;
+/**
+ * Populates buffer with cryptographically random values.
+ * @param dataBuffer
+ */
+export declare function getRandomValues(dataBuffer: Uint8Array): Uint8Array;
+/**
+ * Creates a UUID v7 from the current timestamp.
+ * Implementation relies on the system clock to guarantee increasing order of generated identifiers.
+ * @returns {number}
+ */
+export declare function createNewGuid(): string;
+/**
+ * Generates a keypair based on current keygen algorithm config.
+ * @param extractable
+ * @param usages
+ */
+export declare function generateKeyPair(extractable: boolean, usages: Array<KeyUsage>): Promise<CryptoKeyPair>;
+/**
+ * Export key as Json Web Key (JWK)
+ * @param key
+ */
+export declare function exportJwk(key: CryptoKey): Promise<JsonWebKey>;
+/**
+ * Imports key as Json Web Key (JWK), can set extractable and usages.
+ * @param key
+ * @param extractable
+ * @param usages
+ */
+export declare function importJwk(key: JsonWebKey, extractable: boolean, usages: Array<KeyUsage>): Promise<CryptoKey>;
+/**
+ * Signs given data with given key
+ * @param key
+ * @param data
+ */
+export declare function sign(key: CryptoKey, data: ArrayBuffer): Promise<ArrayBuffer>;
+/**
+ * Generates symmetric base encryption key. This may be stored as all encryption/decryption keys will be derived from this one.
+ */
+export declare function generateBaseKey(): Promise<ArrayBuffer>;
+/**
+ * Returns the raw key to be passed into the key derivation function
+ * @param baseKey
+ * @returns
+ */
+export declare function generateHKDF(baseKey: ArrayBuffer): Promise<CryptoKey>;
+/**
+ * Encrypt the given data given a base key. Returns encrypted data and a nonce that must be provided during decryption
+ * @param key
+ * @param rawData
+ */
+export declare function encrypt(baseKey: CryptoKey, rawData: string, context: string): Promise<{
+    data: string;
+    nonce: string;
+}>;
+/**
+ * Decrypt data with the given key and nonce
+ * @param key
+ * @param nonce
+ * @param encryptedData
+ * @returns
+ */
+export declare function decrypt(baseKey: CryptoKey, nonce: string, context: string, encryptedData: string): Promise<string>;
+/**
+ * Returns the SHA-256 hash of an input string
+ * @param plainText
+ */
+export declare function hashString(plainText: string): Promise<string>;
+//# sourceMappingURL=BrowserCrypto.d.ts.map

node_modules/@azure/msal-browser/dist/crypto/BrowserCrypto.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"BrowserCrypto.d.ts","sourceRoot":"","sources":["../../src/crypto/BrowserCrypto.ts"],"names":[],"mappings":"AASA,OAAO,EACH,kBAAkB,EAErB,MAAM,4BAA4B,CAAC;AA6CpC;;GAEG;AACH,wBAAgB,uBAAuB,CACnC,wBAAwB,EAAE,OAAO,GAClC,IAAI,CAeN;AAED;;;;;GAKG;AACH,wBAAsB,YAAY,CAC9B,UAAU,EAAE,MAAM,EAClB,iBAAiB,CAAC,EAAE,kBAAkB,EACtC,aAAa,CAAC,EAAE,MAAM,GACvB,OAAO,CAAC,WAAW,CAAC,CAWtB;AAED;;;GAGG;AACH,wBAAgB,eAAe,CAAC,UAAU,EAAE,UAAU,GAAG,UAAU,CAElE;AAWD;;;;GAIG;AACH,wBAAgB,aAAa,IAAI,MAAM,CAuCtC;AAED;;;;GAIG;AACH,wBAAsB,eAAe,CACjC,WAAW,EAAE,OAAO,EACpB,MAAM,EAAE,KAAK,CAAC,QAAQ,CAAC,GACxB,OAAO,CAAC,aAAa,CAAC,CAMxB;AAED;;;GAGG;AACH,wBAAsB,SAAS,CAAC,GAAG,EAAE,SAAS,GAAG,OAAO,CAAC,UAAU,CAAC,CAKnE;AAED;;;;;GAKG;AACH,wBAAsB,SAAS,CAC3B,GAAG,EAAE,UAAU,EACf,WAAW,EAAE,OAAO,EACpB,MAAM,EAAE,KAAK,CAAC,QAAQ,CAAC,GACxB,OAAO,CAAC,SAAS,CAAC,CAQpB;AAED;;;;GAIG;AACH,wBAAsB,IAAI,CACtB,GAAG,EAAE,SAAS,EACd,IAAI,EAAE,WAAW,GAClB,OAAO,CAAC,WAAW,CAAC,CAMtB;AAED;;GAEG;AACH,wBAAsB,eAAe,IAAI,OAAO,CAAC,WAAW,CAAC,CAU5D;AAED;;;;GAIG;AACH,wBAAsB,YAAY,CAAC,OAAO,EAAE,WAAW,GAAG,OAAO,CAAC,SAAS,CAAC,CAI3E;AA4BD;;;;GAIG;AACH,wBAAsB,OAAO,CACzB,OAAO,EAAE,SAAS,EAClB,OAAO,EAAE,MAAM,EACf,OAAO,EAAE,MAAM,GAChB,OAAO,CAAC;IAAE,IAAI,EAAE,MAAM,CAAC;IAAC,KAAK,EAAE,MAAM,CAAA;CAAE,CAAC,CAkB1C;AAED;;;;;;GAMG;AACH,wBAAsB,OAAO,CACzB,OAAO,EAAE,SAAS,EAClB,KAAK,EAAE,MAAM,EACb,OAAO,EAAE,MAAM,EACf,aAAa,EAAE,MAAM,GACtB,OAAO,CAAC,MAAM,CAAC,CAajB;AAED;;;GAGG;AACH,wBAAsB,UAAU,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAInE"}

node_modules/@azure/msal-browser/dist/crypto/BrowserCrypto.mjs

@@ -0,0 +1,245 @@
+/*! @azure/msal-browser v4.2.1 2025-02-11 */
+'use strict';
+import { createBrowserAuthError } from '../error/BrowserAuthError.mjs';
+import { PerformanceEvents } from '@azure/msal-common/browser';
+import { KEY_FORMAT_JWK } from '../utils/BrowserConstants.mjs';
+import { urlEncodeArr } from '../encode/Base64Encode.mjs';
+import { base64DecToArr } from '../encode/Base64Decode.mjs';
+import { nonBrowserEnvironment, cryptoNonExistent } from '../error/BrowserAuthErrorCodes.mjs';
+
+/*
+ * Copyright (c) Microsoft Corporation. All rights reserved.
+ * Licensed under the MIT License.
+ */
+/**
+ * This file defines functions used by the browser library to perform cryptography operations such as
+ * hashing and encoding. It also has helper functions to validate the availability of specific APIs.
+ */
+/**
+ * See here for more info on RsaHashedKeyGenParams: https://developer.mozilla.org/en-US/docs/Web/API/RsaHashedKeyGenParams
+ */
+// Algorithms
+const PKCS1_V15_KEYGEN_ALG = "RSASSA-PKCS1-v1_5";
+const AES_GCM = "AES-GCM";
+const HKDF = "HKDF";
+// SHA-256 hashing algorithm
+const S256_HASH_ALG = "SHA-256";
+// MOD length for PoP tokens
+const MODULUS_LENGTH = 2048;
+// Public Exponent
+const PUBLIC_EXPONENT = new Uint8Array([0x01, 0x00, 0x01]);
+// UUID hex digits
+const UUID_CHARS = "0123456789abcdef";
+// Array to store UINT32 random value
+const UINT32_ARR = new Uint32Array(1);
+// Key Format
+const RAW = "raw";
+// Key Usages
+const ENCRYPT = "encrypt";
+const DECRYPT = "decrypt";
+const DERIVE_KEY = "deriveKey";
+// Suberror
+const SUBTLE_SUBERROR = "crypto_subtle_undefined";
+const keygenAlgorithmOptions = {
+    name: PKCS1_V15_KEYGEN_ALG,
+    hash: S256_HASH_ALG,
+    modulusLength: MODULUS_LENGTH,
+    publicExponent: PUBLIC_EXPONENT,
+};
+/**
+ * Check whether browser crypto is available.
+ */
+function validateCryptoAvailable(skipValidateSubtleCrypto) {
+    if (!window) {
+        throw createBrowserAuthError(nonBrowserEnvironment);
+    }
+    if (!window.crypto) {
+        throw createBrowserAuthError(cryptoNonExistent);
+    }
+    if (!skipValidateSubtleCrypto && !window.crypto.subtle) {
+        throw createBrowserAuthError(cryptoNonExistent, SUBTLE_SUBERROR);
+    }
+}
+/**
+ * Returns a sha-256 hash of the given dataString as an ArrayBuffer.
+ * @param dataString {string} data string
+ * @param performanceClient {?IPerformanceClient}
+ * @param correlationId {?string} correlation id
+ */
+async function sha256Digest(dataString, performanceClient, correlationId) {
+    performanceClient?.addQueueMeasurement(PerformanceEvents.Sha256Digest, correlationId);
+    const encoder = new TextEncoder();
+    const data = encoder.encode(dataString);
+    return window.crypto.subtle.digest(S256_HASH_ALG, data);
+}
+/**
+ * Populates buffer with cryptographically random values.
+ * @param dataBuffer
+ */
+function getRandomValues(dataBuffer) {
+    return window.crypto.getRandomValues(dataBuffer);
+}
+/**
+ * Returns random Uint32 value.
+ * @returns {number}
+ */
+function getRandomUint32() {
+    window.crypto.getRandomValues(UINT32_ARR);
+    return UINT32_ARR[0];
+}
+/**
+ * Creates a UUID v7 from the current timestamp.
+ * Implementation relies on the system clock to guarantee increasing order of generated identifiers.
+ * @returns {number}
+ */
+function createNewGuid() {
+    const currentTimestamp = Date.now();
+    const baseRand = getRandomUint32() * 0x400 + (getRandomUint32() & 0x3ff);
+    // Result byte array
+    const bytes = new Uint8Array(16);
+    // A 12-bit `rand_a` field value
+    const randA = Math.trunc(baseRand / 2 ** 30);
+    // The higher 30 bits of 62-bit `rand_b` field value
+    const randBHi = baseRand & (2 ** 30 - 1);
+    // The lower 32 bits of 62-bit `rand_b` field value
+    const randBLo = getRandomUint32();
+    bytes[0] = currentTimestamp / 2 ** 40;
+    bytes[1] = currentTimestamp / 2 ** 32;
+    bytes[2] = currentTimestamp / 2 ** 24;
+    bytes[3] = currentTimestamp / 2 ** 16;
+    bytes[4] = currentTimestamp / 2 ** 8;
+    bytes[5] = currentTimestamp;
+    bytes[6] = 0x70 | (randA >>> 8);
+    bytes[7] = randA;
+    bytes[8] = 0x80 | (randBHi >>> 24);
+    bytes[9] = randBHi >>> 16;
+    bytes[10] = randBHi >>> 8;
+    bytes[11] = randBHi;
+    bytes[12] = randBLo >>> 24;
+    bytes[13] = randBLo >>> 16;
+    bytes[14] = randBLo >>> 8;
+    bytes[15] = randBLo;
+    let text = "";
+    for (let i = 0; i < bytes.length; i++) {
+        text += UUID_CHARS.charAt(bytes[i] >>> 4);
+        text += UUID_CHARS.charAt(bytes[i] & 0xf);
+        if (i === 3 || i === 5 || i === 7 || i === 9) {
+            text += "-";
+        }
+    }
+    return text;
+}
+/**
+ * Generates a keypair based on current keygen algorithm config.
+ * @param extractable
+ * @param usages
+ */
+async function generateKeyPair(extractable, usages) {
+    return window.crypto.subtle.generateKey(keygenAlgorithmOptions, extractable, usages);
+}
+/**
+ * Export key as Json Web Key (JWK)
+ * @param key
+ */
+async function exportJwk(key) {
+    return window.crypto.subtle.exportKey(KEY_FORMAT_JWK, key);
+}
+/**
+ * Imports key as Json Web Key (JWK), can set extractable and usages.
+ * @param key
+ * @param extractable
+ * @param usages
+ */
+async function importJwk(key, extractable, usages) {
+    return window.crypto.subtle.importKey(KEY_FORMAT_JWK, key, keygenAlgorithmOptions, extractable, usages);
+}
+/**
+ * Signs given data with given key
+ * @param key
+ * @param data
+ */
+async function sign(key, data) {
+    return window.crypto.subtle.sign(keygenAlgorithmOptions, key, data);
+}
+/**
+ * Generates symmetric base encryption key. This may be stored as all encryption/decryption keys will be derived from this one.
+ */
+async function generateBaseKey() {
+    const key = await window.crypto.subtle.generateKey({
+        name: AES_GCM,
+        length: 256,
+    }, true, [ENCRYPT, DECRYPT]);
+    return window.crypto.subtle.exportKey(RAW, key);
+}
+/**
+ * Returns the raw key to be passed into the key derivation function
+ * @param baseKey
+ * @returns
+ */
+async function generateHKDF(baseKey) {
+    return window.crypto.subtle.importKey(RAW, baseKey, HKDF, false, [
+        DERIVE_KEY,
+    ]);
+}
+/**
+ * Given a base key and a nonce generates a derived key to be used in encryption and decryption.
+ * Note: every time we encrypt a new key is derived
+ * @param baseKey
+ * @param nonce
+ * @returns
+ */
+async function deriveKey(baseKey, nonce, context) {
+    return window.crypto.subtle.deriveKey({
+        name: HKDF,
+        salt: nonce,
+        hash: S256_HASH_ALG,
+        info: new TextEncoder().encode(context),
+    }, baseKey, { name: AES_GCM, length: 256 }, false, [ENCRYPT, DECRYPT]);
+}
+/**
+ * Encrypt the given data given a base key. Returns encrypted data and a nonce that must be provided during decryption
+ * @param key
+ * @param rawData
+ */
+async function encrypt(baseKey, rawData, context) {
+    const encodedData = new TextEncoder().encode(rawData);
+    // The nonce must never be reused with a given key.
+    const nonce = window.crypto.getRandomValues(new Uint8Array(16));
+    const derivedKey = await deriveKey(baseKey, nonce, context);
+    const encryptedData = await window.crypto.subtle.encrypt({
+        name: AES_GCM,
+        iv: new Uint8Array(12), // New key is derived for every encrypt so we don't need a new nonce
+    }, derivedKey, encodedData);
+    return {
+        data: urlEncodeArr(new Uint8Array(encryptedData)),
+        nonce: urlEncodeArr(nonce),
+    };
+}
+/**
+ * Decrypt data with the given key and nonce
+ * @param key
+ * @param nonce
+ * @param encryptedData
+ * @returns
+ */
+async function decrypt(baseKey, nonce, context, encryptedData) {
+    const encodedData = base64DecToArr(encryptedData);
+    const derivedKey = await deriveKey(baseKey, base64DecToArr(nonce), context);
+    const decryptedData = await window.crypto.subtle.decrypt({
+        name: AES_GCM,
+        iv: new Uint8Array(12), // New key is derived for every encrypt so we don't need a new nonce
+    }, derivedKey, encodedData);
+    return new TextDecoder().decode(decryptedData);
+}
+/**
+ * Returns the SHA-256 hash of an input string
+ * @param plainText
+ */
+async function hashString(plainText) {
+    const hashBuffer = await sha256Digest(plainText);
+    const hashBytes = new Uint8Array(hashBuffer);
+    return urlEncodeArr(hashBytes);
+}
+
+export { createNewGuid, decrypt, encrypt, exportJwk, generateBaseKey, generateHKDF, generateKeyPair, getRandomValues, hashString, importJwk, sha256Digest, sign, validateCryptoAvailable };
+//# sourceMappingURL=BrowserCrypto.mjs.map

node_modules/@azure/msal-browser/dist/crypto/CryptoOps.d.ts

@@ -0,0 +1,75 @@
+import { ICrypto, IPerformanceClient, Logger, ShrOptions, SignedHttpRequest, SignedHttpRequestParameters } from "@azure/msal-common/browser";
+export type CachedKeyPair = {
+    publicKey: CryptoKey;
+    privateKey: CryptoKey;
+    requestMethod?: string;
+    requestUri?: string;
+};
+/**
+ * This class implements MSAL's crypto interface, which allows it to perform base64 encoding and decoding, generating cryptographically random GUIDs and
+ * implementing Proof Key for Code Exchange specs for the OAuth Authorization Code Flow using PKCE (rfc here: https://tools.ietf.org/html/rfc7636).
+ */
+export declare class CryptoOps implements ICrypto {
+    private logger;
+    /**
+     * CryptoOps can be used in contexts outside a PCA instance,
+     * meaning there won't be a performance manager available.
+     */
+    private performanceClient;
+    private static POP_KEY_USAGES;
+    private static EXTRACTABLE;
+    private cache;
+    constructor(logger: Logger, performanceClient?: IPerformanceClient, skipValidateSubtleCrypto?: boolean);
+    /**
+     * Creates a new random GUID - used to populate state and nonce.
+     * @returns string (GUID)
+     */
+    createNewGuid(): string;
+    /**
+     * Encodes input string to base64.
+     * @param input
+     */
+    base64Encode(input: string): string;
+    /**
+     * Decodes input string from base64.
+     * @param input
+     */
+    base64Decode(input: string): string;
+    /**
+     * Encodes input string to base64 URL safe string.
+     * @param input
+     */
+    base64UrlEncode(input: string): string;
+    /**
+     * Stringifies and base64Url encodes input public key
+     * @param inputKid
+     * @returns Base64Url encoded public key
+     */
+    encodeKid(inputKid: string): string;
+    /**
+     * Generates a keypair, stores it and returns a thumbprint
+     * @param request
+     */
+    getPublicKeyThumbprint(request: SignedHttpRequestParameters): Promise<string>;
+    /**
+     * Removes cryptographic keypair from key store matching the keyId passed in
+     * @param kid
+     */
+    removeTokenBindingKey(kid: string): Promise<boolean>;
+    /**
+     * Removes all cryptographic keys from IndexedDB storage
+     */
+    clearKeystore(): Promise<boolean>;
+    /**
+     * Signs the given object as a jwt payload with private key retrieved by given kid.
+     * @param payload
+     * @param kid
+     */
+    signJwt(payload: SignedHttpRequest, kid: string, shrOptions?: ShrOptions, correlationId?: string): Promise<string>;
+    /**
+     * Returns the SHA-256 hash of an input string
+     * @param plainText
+     */
+    hashString(plainText: string): Promise<string>;
+}
+//# sourceMappingURL=CryptoOps.d.ts.map

node_modules/@azure/msal-browser/dist/crypto/CryptoOps.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"CryptoOps.d.ts","sourceRoot":"","sources":["../../src/crypto/CryptoOps.ts"],"names":[],"mappings":"AAKA,OAAO,EACH,OAAO,EACP,kBAAkB,EAElB,MAAM,EAEN,UAAU,EACV,iBAAiB,EACjB,2BAA2B,EAC9B,MAAM,4BAA4B,CAAC;AAcpC,MAAM,MAAM,aAAa,GAAG;IACxB,SAAS,EAAE,SAAS,CAAC;IACrB,UAAU,EAAE,SAAS,CAAC;IACtB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,UAAU,CAAC,EAAE,MAAM,CAAC;CACvB,CAAC;AAEF;;;GAGG;AACH,qBAAa,SAAU,YAAW,OAAO;IACrC,OAAO,CAAC,MAAM,CAAS;IAEvB;;;OAGG;IACH,OAAO,CAAC,iBAAiB,CAAiC;IAE1D,OAAO,CAAC,MAAM,CAAC,cAAc,CAAuC;IACpE,OAAO,CAAC,MAAM,CAAC,WAAW,CAAiB;IAC3C,OAAO,CAAC,KAAK,CAAoC;gBAG7C,MAAM,EAAE,MAAM,EACd,iBAAiB,CAAC,EAAE,kBAAkB,EACtC,wBAAwB,CAAC,EAAE,OAAO;IAWtC;;;OAGG;IACH,aAAa,IAAI,MAAM;IAIvB;;;OAGG;IACH,YAAY,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM;IAInC;;;OAGG;IACH,YAAY,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM;IAInC;;;OAGG;IACH,eAAe,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM;IAItC;;;;OAIG;IACH,SAAS,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM;IAInC;;;OAGG;IACG,sBAAsB,CACxB,OAAO,EAAE,2BAA2B,GACrC,OAAO,CAAC,MAAM,CAAC;IAqDlB;;;OAGG;IACG,qBAAqB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAM1D;;OAEG;IACG,aAAa,IAAI,OAAO,CAAC,OAAO,CAAC;IA0BvC;;;;OAIG;IACG,OAAO,CACT,OAAO,EAAE,iBAAiB,EAC1B,GAAG,EAAE,MAAM,EACX,UAAU,CAAC,EAAE,UAAU,EACvB,aAAa,CAAC,EAAE,MAAM,GACvB,OAAO,CAAC,MAAM,CAAC;IA0DlB;;;OAGG;IACG,UAAU,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;CAGvD"}

node_modules/@azure/msal-browser/dist/crypto/CryptoOps.mjs

@@ -0,0 +1,189 @@
+/*! @azure/msal-browser v4.2.1 2025-02-11 */
+'use strict';
+import { PerformanceEvents, JoseHeader } from '@azure/msal-common/browser';
+import { base64Encode, urlEncode, urlEncodeArr } from '../encode/Base64Encode.mjs';
+import { base64Decode } from '../encode/Base64Decode.mjs';
+import { validateCryptoAvailable, createNewGuid, generateKeyPair, exportJwk, importJwk, sign, hashString } from './BrowserCrypto.mjs';
+import { createBrowserAuthError } from '../error/BrowserAuthError.mjs';
+import { AsyncMemoryStorage } from '../cache/AsyncMemoryStorage.mjs';
+import { cryptoKeyNotFound } from '../error/BrowserAuthErrorCodes.mjs';
+
+/*
+ * Copyright (c) Microsoft Corporation. All rights reserved.
+ * Licensed under the MIT License.
+ */
+/**
+ * This class implements MSAL's crypto interface, which allows it to perform base64 encoding and decoding, generating cryptographically random GUIDs and
+ * implementing Proof Key for Code Exchange specs for the OAuth Authorization Code Flow using PKCE (rfc here: https://tools.ietf.org/html/rfc7636).
+ */
+class CryptoOps {
+    constructor(logger, performanceClient, skipValidateSubtleCrypto) {
+        this.logger = logger;
+        // Browser crypto needs to be validated first before any other classes can be set.
+        validateCryptoAvailable(skipValidateSubtleCrypto ?? false);
+        this.cache = new AsyncMemoryStorage(this.logger);
+        this.performanceClient = performanceClient;
+    }
+    /**
+     * Creates a new random GUID - used to populate state and nonce.
+     * @returns string (GUID)
+     */
+    createNewGuid() {
+        return createNewGuid();
+    }
+    /**
+     * Encodes input string to base64.
+     * @param input
+     */
+    base64Encode(input) {
+        return base64Encode(input);
+    }
+    /**
+     * Decodes input string from base64.
+     * @param input
+     */
+    base64Decode(input) {
+        return base64Decode(input);
+    }
+    /**
+     * Encodes input string to base64 URL safe string.
+     * @param input
+     */
+    base64UrlEncode(input) {
+        return urlEncode(input);
+    }
+    /**
+     * Stringifies and base64Url encodes input public key
+     * @param inputKid
+     * @returns Base64Url encoded public key
+     */
+    encodeKid(inputKid) {
+        return this.base64UrlEncode(JSON.stringify({ kid: inputKid }));
+    }
+    /**
+     * Generates a keypair, stores it and returns a thumbprint
+     * @param request
+     */
+    async getPublicKeyThumbprint(request) {
+        const publicKeyThumbMeasurement = this.performanceClient?.startMeasurement(PerformanceEvents.CryptoOptsGetPublicKeyThumbprint, request.correlationId);
+        // Generate Keypair
+        const keyPair = await generateKeyPair(CryptoOps.EXTRACTABLE, CryptoOps.POP_KEY_USAGES);
+        // Generate Thumbprint for Public Key
+        const publicKeyJwk = await exportJwk(keyPair.publicKey);
+        const pubKeyThumprintObj = {
+            e: publicKeyJwk.e,
+            kty: publicKeyJwk.kty,
+            n: publicKeyJwk.n,
+        };
+        const publicJwkString = getSortedObjectString(pubKeyThumprintObj);
+        const publicJwkHash = await this.hashString(publicJwkString);
+        // Generate Thumbprint for Private Key
+        const privateKeyJwk = await exportJwk(keyPair.privateKey);
+        // Re-import private key to make it unextractable
+        const unextractablePrivateKey = await importJwk(privateKeyJwk, false, ["sign"]);
+        // Store Keypair data in keystore
+        await this.cache.setItem(publicJwkHash, {
+            privateKey: unextractablePrivateKey,
+            publicKey: keyPair.publicKey,
+            requestMethod: request.resourceRequestMethod,
+            requestUri: request.resourceRequestUri,
+        });
+        if (publicKeyThumbMeasurement) {
+            publicKeyThumbMeasurement.end({
+                success: true,
+            });
+        }
+        return publicJwkHash;
+    }
+    /**
+     * Removes cryptographic keypair from key store matching the keyId passed in
+     * @param kid
+     */
+    async removeTokenBindingKey(kid) {
+        await this.cache.removeItem(kid);
+        const keyFound = await this.cache.containsKey(kid);
+        return !keyFound;
+    }
+    /**
+     * Removes all cryptographic keys from IndexedDB storage
+     */
+    async clearKeystore() {
+        // Delete in-memory keystores
+        this.cache.clearInMemory();
+        /**
+         * There is only one database, so calling clearPersistent on asymmetric keystore takes care of
+         * every persistent keystore
+         */
+        try {
+            await this.cache.clearPersistent();
+            return true;
+        }
+        catch (e) {
+            if (e instanceof Error) {
+                this.logger.error(`Clearing keystore failed with error: ${e.message}`);
+            }
+            else {
+                this.logger.error("Clearing keystore failed with unknown error");
+            }
+            return false;
+        }
+    }
+    /**
+     * Signs the given object as a jwt payload with private key retrieved by given kid.
+     * @param payload
+     * @param kid
+     */
+    async signJwt(payload, kid, shrOptions, correlationId) {
+        const signJwtMeasurement = this.performanceClient?.startMeasurement(PerformanceEvents.CryptoOptsSignJwt, correlationId);
+        const cachedKeyPair = await this.cache.getItem(kid);
+        if (!cachedKeyPair) {
+            throw createBrowserAuthError(cryptoKeyNotFound);
+        }
+        // Get public key as JWK
+        const publicKeyJwk = await exportJwk(cachedKeyPair.publicKey);
+        const publicKeyJwkString = getSortedObjectString(publicKeyJwk);
+        // Base64URL encode public key thumbprint with keyId only: BASE64URL({ kid: "FULL_PUBLIC_KEY_HASH" })
+        const encodedKeyIdThumbprint = urlEncode(JSON.stringify({ kid: kid }));
+        // Generate header
+        const shrHeader = JoseHeader.getShrHeaderString({
+            ...shrOptions?.header,
+            alg: publicKeyJwk.alg,
+            kid: encodedKeyIdThumbprint,
+        });
+        const encodedShrHeader = urlEncode(shrHeader);
+        // Generate payload
+        payload.cnf = {
+            jwk: JSON.parse(publicKeyJwkString),
+        };
+        const encodedPayload = urlEncode(JSON.stringify(payload));
+        // Form token string
+        const tokenString = `${encodedShrHeader}.${encodedPayload}`;
+        // Sign token
+        const encoder = new TextEncoder();
+        const tokenBuffer = encoder.encode(tokenString);
+        const signatureBuffer = await sign(cachedKeyPair.privateKey, tokenBuffer);
+        const encodedSignature = urlEncodeArr(new Uint8Array(signatureBuffer));
+        const signedJwt = `${tokenString}.${encodedSignature}`;
+        if (signJwtMeasurement) {
+            signJwtMeasurement.end({
+                success: true,
+            });
+        }
+        return signedJwt;
+    }
+    /**
+     * Returns the SHA-256 hash of an input string
+     * @param plainText
+     */
+    async hashString(plainText) {
+        return hashString(plainText);
+    }
+}
+CryptoOps.POP_KEY_USAGES = ["sign", "verify"];
+CryptoOps.EXTRACTABLE = true;
+function getSortedObjectString(obj) {
+    return JSON.stringify(obj, Object.keys(obj).sort());
+}
+
+export { CryptoOps };
+//# sourceMappingURL=CryptoOps.mjs.map

node_modules/@azure/msal-browser/dist/crypto/CryptoOps.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"CryptoOps.mjs","sources":["../../src/crypto/CryptoOps.ts"],"sourcesContent":[null],"names":["BrowserCrypto.validateCryptoAvailable","BrowserCrypto.createNewGuid","BrowserCrypto.generateKeyPair","BrowserCrypto.exportJwk","BrowserCrypto.importJwk","BrowserAuthErrorCodes.cryptoKeyNotFound","BrowserCrypto.sign","BrowserCrypto.hashString"],"mappings":";;;;;;;;;;AAAA;;;AAGG;AAgCH;;;AAGG;MACU,SAAS,CAAA;AAalB,IAAA,WAAA,CACI,MAAc,EACd,iBAAsC,EACtC,wBAAkC,EAAA;AAElC,QAAA,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;;AAErB,QAAAA,uBAAqC,CACjC,wBAAwB,IAAI,KAAK,CACpC,CAAC;QACF,IAAI,CAAC,KAAK,GAAG,IAAI,kBAAkB,CAAgB,IAAI,CAAC,MAAM,CAAC,CAAC;AAChE,QAAA,IAAI,CAAC,iBAAiB,GAAG,iBAAiB,CAAC;KAC9C;AAED;;;AAGG;IACH,aAAa,GAAA;AACT,QAAA,OAAOC,aAA2B,EAAE,CAAC;KACxC;AAED;;;AAGG;AACH,IAAA,YAAY,CAAC,KAAa,EAAA;AACtB,QAAA,OAAO,YAAY,CAAC,KAAK,CAAC,CAAC;KAC9B;AAED;;;AAGG;AACH,IAAA,YAAY,CAAC,KAAa,EAAA;AACtB,QAAA,OAAO,YAAY,CAAC,KAAK,CAAC,CAAC;KAC9B;AAED;;;AAGG;AACH,IAAA,eAAe,CAAC,KAAa,EAAA;AACzB,QAAA,OAAO,SAAS,CAAC,KAAK,CAAC,CAAC;KAC3B;AAED;;;;AAIG;AACH,IAAA,SAAS,CAAC,QAAgB,EAAA;AACtB,QAAA,OAAO,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,GAAG,EAAE,QAAQ,EAAE,CAAC,CAAC,CAAC;KAClE;AAED;;;AAGG;IACH,MAAM,sBAAsB,CACxB,OAAoC,EAAA;AAEpC,QAAA,MAAM,yBAAyB,GAC3B,IAAI,CAAC,iBAAiB,EAAE,gBAAgB,CACpC,iBAAiB,CAAC,gCAAgC,EAClD,OAAO,CAAC,aAAa,CACxB,CAAC;;AAGN,QAAA,MAAM,OAAO,GAAkB,MAAMC,eAA6B,CAC9D,SAAS,CAAC,WAAW,EACrB,SAAS,CAAC,cAAc,CAC3B,CAAC;;QAGF,MAAM,YAAY,GAAe,MAAMC,SAAuB,CAC1D,OAAO,CAAC,SAAS,CACpB,CAAC;AAEF,QAAA,MAAM,kBAAkB,GAAe;YACnC,CAAC,EAAE,YAAY,CAAC,CAAC;YACjB,GAAG,EAAE,YAAY,CAAC,GAAG;YACrB,CAAC,EAAE,YAAY,CAAC,CAAC;SACpB,CAAC;AAEF,QAAA,MAAM,eAAe,GACjB,qBAAqB,CAAC,kBAAkB,CAAC,CAAC;QAC9C,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,eAAe,CAAC,CAAC;;QAG7D,MAAM,aAAa,GAAe,MAAMA,SAAuB,CAC3D,OAAO,CAAC,UAAU,CACrB,CAAC;;AAEF,QAAA,MAAM,uBAAuB,GACzB,MAAMC,SAAuB,CAAC,aAAa,EAAE,KAAK,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC;;AAGlE,QAAA,MAAM,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,aAAa,EAAE;AACpC,YAAA,UAAU,EAAE,uBAAuB;YACnC,SAAS,EAAE,OAAO,CAAC,SAAS;YAC5B,aAAa,EAAE,OAAO,CAAC,qBAAqB;YAC5C,UAAU,EAAE,OAAO,CAAC,kBAAkB;AACzC,SAAA,CAAC,CAAC;AAEH,QAAA,IAAI,yBAAyB,EAAE;YAC3B,yBAAyB,CAAC,GAAG,CAAC;AAC1B,gBAAA,OAAO,EAAE,IAAI;AAChB,aAAA,CAAC,CAAC;AACN,SAAA;AAED,QAAA,OAAO,aAAa,CAAC;KACxB;AAED;;;AAGG;IACH,MAAM,qBAAqB,CAAC,GAAW,EAAA;QACnC,MAAM,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;QACjC,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC;QACnD,OAAO,CAAC,QAAQ,CAAC;KACpB;AAED;;AAEG;AACH,IAAA,MAAM,aAAa,GAAA;;AAEf,QAAA,IAAI,CAAC,KAAK,CAAC,aAAa,EAAE,CAAC;AAE3B;;;AAGG;QACH,IAAI;AACA,YAAA,MAAM,IAAI,CAAC,KAAK,CAAC,eAAe,EAAE,CAAC;AACnC,YAAA,OAAO,IAAI,CAAC;AACf,SAAA;AAAC,QAAA,OAAO,CAAC,EAAE;YACR,IAAI,CAAC,YAAY,KAAK,EAAE;gBACpB,IAAI,CAAC,MAAM,CAAC,KAAK,CACb,CAAwC,qCAAA,EAAA,CAAC,CAAC,OAAO,CAAE,CAAA,CACtD,CAAC;AACL,aAAA;AAAM,iBAAA;AACH,gBAAA,IAAI,CAAC,MAAM,CAAC,KAAK,CACb,6CAA6C,CAChD,CAAC;AACL,aAAA;AAED,YAAA,OAAO,KAAK,CAAC;AAChB,SAAA;KACJ;AAED;;;;AAIG;IACH,MAAM,OAAO,CACT,OAA0B,EAC1B,GAAW,EACX,UAAuB,EACvB,aAAsB,EAAA;AAEtB,QAAA,MAAM,kBAAkB,GAAG,IAAI,CAAC,iBAAiB,EAAE,gBAAgB,CAC/D,iBAAiB,CAAC,iBAAiB,EACnC,aAAa,CAChB,CAAC;QACF,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QAEpD,IAAI,CAAC,aAAa,EAAE;AAChB,YAAA,MAAM,sBAAsB,CACxBC,iBAAuC,CAC1C,CAAC;AACL,SAAA;;QAGD,MAAM,YAAY,GAAG,MAAMF,SAAuB,CAC9C,aAAa,CAAC,SAAS,CAC1B,CAAC;AACF,QAAA,MAAM,kBAAkB,GAAG,qBAAqB,CAAC,YAAY,CAAC,CAAC;;AAE/D,QAAA,MAAM,sBAAsB,GAAG,SAAS,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC;;AAEvE,QAAA,MAAM,SAAS,GAAG,UAAU,CAAC,kBAAkB,CAAC;YAC5C,GAAG,UAAU,EAAE,MAAM;YACrB,GAAG,EAAE,YAAY,CAAC,GAAG;AACrB,YAAA,GAAG,EAAE,sBAAsB;AAC9B,SAAA,CAAC,CAAC;AAEH,QAAA,MAAM,gBAAgB,GAAG,SAAS,CAAC,SAAS,CAAC,CAAC;;QAG9C,OAAO,CAAC,GAAG,GAAG;AACV,YAAA,GAAG,EAAE,IAAI,CAAC,KAAK,CAAC,kBAAkB,CAAC;SACtC,CAAC;QACF,MAAM,cAAc,GAAG,SAAS,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC;;AAG1D,QAAA,MAAM,WAAW,GAAG,CAAA,EAAG,gBAAgB,CAAI,CAAA,EAAA,cAAc,EAAE,CAAC;;AAG5D,QAAA,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAC;QAClC,MAAM,WAAW,GAAG,OAAO,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;AAChD,QAAA,MAAM,eAAe,GAAG,MAAMG,IAAkB,CAC5C,aAAa,CAAC,UAAU,EACxB,WAAW,CACd,CAAC;QACF,MAAM,gBAAgB,GAAG,YAAY,CAAC,IAAI,UAAU,CAAC,eAAe,CAAC,CAAC,CAAC;AAEvE,QAAA,MAAM,SAAS,GAAG,CAAA,EAAG,WAAW,CAAI,CAAA,EAAA,gBAAgB,EAAE,CAAC;AAEvD,QAAA,IAAI,kBAAkB,EAAE;YACpB,kBAAkB,CAAC,GAAG,CAAC;AACnB,gBAAA,OAAO,EAAE,IAAI;AAChB,aAAA,CAAC,CAAC;AACN,SAAA;AAED,QAAA,OAAO,SAAS,CAAC;KACpB;AAED;;;AAGG;IACH,MAAM,UAAU,CAAC,SAAiB,EAAA;AAC9B,QAAA,OAAOC,UAAwB,CAAC,SAAS,CAAC,CAAC;KAC9C;;AAvOc,SAAA,CAAA,cAAc,GAAoB,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;AACrD,SAAW,CAAA,WAAA,GAAY,IAAI,CAAC;AAyO/C,SAAS,qBAAqB,CAAC,GAAW,EAAA;AACtC,IAAA,OAAO,IAAI,CAAC,SAAS,CAAC,GAAG,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;AACxD;;;;"}

node_modules/@azure/msal-browser/dist/crypto/PkceGenerator.d.ts

@@ -0,0 +1,9 @@
+import { IPerformanceClient, Logger, PkceCodes } from "@azure/msal-common/browser";
+/**
+ * This file defines APIs to generate PKCE codes and code verifiers.
+ */
+/**
+ * Generates PKCE Codes. See the RFC for more information: https://tools.ietf.org/html/rfc7636
+ */
+export declare function generatePkceCodes(performanceClient: IPerformanceClient, logger: Logger, correlationId: string): Promise<PkceCodes>;
+//# sourceMappingURL=PkceGenerator.d.ts.map

node_modules/@azure/msal-browser/dist/crypto/PkceGenerator.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"PkceGenerator.d.ts","sourceRoot":"","sources":["../../src/crypto/PkceGenerator.ts"],"names":[],"mappings":"AAKA,OAAO,EACH,kBAAkB,EAClB,MAAM,EAEN,SAAS,EAGZ,MAAM,4BAA4B,CAAC;AAWpC;;GAEG;AAEH;;GAEG;AACH,wBAAsB,iBAAiB,CACnC,iBAAiB,EAAE,kBAAkB,EACrC,MAAM,EAAE,MAAM,EACd,aAAa,EAAE,MAAM,GACtB,OAAO,CAAC,SAAS,CAAC,CAuBpB"}

node_modules/@azure/msal-browser/dist/crypto/PkceGenerator.mjs

@@ -0,0 +1,65 @@
+/*! @azure/msal-browser v4.2.1 2025-02-11 */
+'use strict';
+import { PerformanceEvents, invoke, invokeAsync } from '@azure/msal-common/browser';
+import { createBrowserAuthError } from '../error/BrowserAuthError.mjs';
+import { urlEncodeArr } from '../encode/Base64Encode.mjs';
+import { getRandomValues, sha256Digest } from './BrowserCrypto.mjs';
+import { pkceNotCreated } from '../error/BrowserAuthErrorCodes.mjs';
+
+/*
+ * Copyright (c) Microsoft Corporation. All rights reserved.
+ * Licensed under the MIT License.
+ */
+// Constant byte array length
+const RANDOM_BYTE_ARR_LENGTH = 32;
+/**
+ * This file defines APIs to generate PKCE codes and code verifiers.
+ */
+/**
+ * Generates PKCE Codes. See the RFC for more information: https://tools.ietf.org/html/rfc7636
+ */
+async function generatePkceCodes(performanceClient, logger, correlationId) {
+    performanceClient.addQueueMeasurement(PerformanceEvents.GeneratePkceCodes, correlationId);
+    const codeVerifier = invoke(generateCodeVerifier, PerformanceEvents.GenerateCodeVerifier, logger, performanceClient, correlationId)(performanceClient, logger, correlationId);
+    const codeChallenge = await invokeAsync(generateCodeChallengeFromVerifier, PerformanceEvents.GenerateCodeChallengeFromVerifier, logger, performanceClient, correlationId)(codeVerifier, performanceClient, logger, correlationId);
+    return {
+        verifier: codeVerifier,
+        challenge: codeChallenge,
+    };
+}
+/**
+ * Generates a random 32 byte buffer and returns the base64
+ * encoded string to be used as a PKCE Code Verifier
+ */
+function generateCodeVerifier(performanceClient, logger, correlationId) {
+    try {
+        // Generate random values as utf-8
+        const buffer = new Uint8Array(RANDOM_BYTE_ARR_LENGTH);
+        invoke(getRandomValues, PerformanceEvents.GetRandomValues, logger, performanceClient, correlationId)(buffer);
+        // encode verifier as base64
+        const pkceCodeVerifierB64 = urlEncodeArr(buffer);
+        return pkceCodeVerifierB64;
+    }
+    catch (e) {
+        throw createBrowserAuthError(pkceNotCreated);
+    }
+}
+/**
+ * Creates a base64 encoded PKCE Code Challenge string from the
+ * hash created from the PKCE Code Verifier supplied
+ */
+async function generateCodeChallengeFromVerifier(pkceCodeVerifier, performanceClient, logger, correlationId) {
+    performanceClient.addQueueMeasurement(PerformanceEvents.GenerateCodeChallengeFromVerifier, correlationId);
+    try {
+        // hashed verifier
+        const pkceHashedCodeVerifier = await invokeAsync(sha256Digest, PerformanceEvents.Sha256Digest, logger, performanceClient, correlationId)(pkceCodeVerifier, performanceClient, correlationId);
+        // encode hash as base64
+        return urlEncodeArr(new Uint8Array(pkceHashedCodeVerifier));
+    }
+    catch (e) {
+        throw createBrowserAuthError(pkceNotCreated);
+    }
+}
+
+export { generatePkceCodes };
+//# sourceMappingURL=PkceGenerator.mjs.map

node_modules/@azure/msal-browser/dist/crypto/PkceGenerator.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"PkceGenerator.mjs","sources":["../../src/crypto/PkceGenerator.ts"],"sourcesContent":[null],"names":["BrowserAuthErrorCodes.pkceNotCreated"],"mappings":";;;;;;;;AAAA;;;AAGG;AAiBH;AACA,MAAM,sBAAsB,GAAG,EAAE,CAAC;AAElC;;AAEG;AAEH;;AAEG;AACI,eAAe,iBAAiB,CACnC,iBAAqC,EACrC,MAAc,EACd,aAAqB,EAAA;IAErB,iBAAiB,CAAC,mBAAmB,CACjC,iBAAiB,CAAC,iBAAiB,EACnC,aAAa,CAChB,CAAC;IACF,MAAM,YAAY,GAAG,MAAM,CACvB,oBAAoB,EACpB,iBAAiB,CAAC,oBAAoB,EACtC,MAAM,EACN,iBAAiB,EACjB,aAAa,CAChB,CAAC,iBAAiB,EAAE,MAAM,EAAE,aAAa,CAAC,CAAC;IAC5C,MAAM,aAAa,GAAG,MAAM,WAAW,CACnC,iCAAiC,EACjC,iBAAiB,CAAC,iCAAiC,EACnD,MAAM,EACN,iBAAiB,EACjB,aAAa,CAChB,CAAC,YAAY,EAAE,iBAAiB,EAAE,MAAM,EAAE,aAAa,CAAC,CAAC;IAC1D,OAAO;AACH,QAAA,QAAQ,EAAE,YAAY;AACtB,QAAA,SAAS,EAAE,aAAa;KAC3B,CAAC;AACN,CAAC;AAED;;;AAGG;AACH,SAAS,oBAAoB,CACzB,iBAAqC,EACrC,MAAc,EACd,aAAqB,EAAA;IAErB,IAAI;;AAEA,QAAA,MAAM,MAAM,GAAe,IAAI,UAAU,CAAC,sBAAsB,CAAC,CAAC;AAClE,QAAA,MAAM,CACF,eAAe,EACf,iBAAiB,CAAC,eAAe,EACjC,MAAM,EACN,iBAAiB,EACjB,aAAa,CAChB,CAAC,MAAM,CAAC,CAAC;;AAEV,QAAA,MAAM,mBAAmB,GAAW,YAAY,CAAC,MAAM,CAAC,CAAC;AACzD,QAAA,OAAO,mBAAmB,CAAC;AAC9B,KAAA;AAAC,IAAA,OAAO,CAAC,EAAE;AACR,QAAA,MAAM,sBAAsB,CAACA,cAAoC,CAAC,CAAC;AACtE,KAAA;AACL,CAAC;AAED;;;AAGG;AACH,eAAe,iCAAiC,CAC5C,gBAAwB,EACxB,iBAAqC,EACrC,MAAc,EACd,aAAqB,EAAA;IAErB,iBAAiB,CAAC,mBAAmB,CACjC,iBAAiB,CAAC,iCAAiC,EACnD,aAAa,CAChB,CAAC;IACF,IAAI;;QAEA,MAAM,sBAAsB,GAAG,MAAM,WAAW,CAC5C,YAAY,EACZ,iBAAiB,CAAC,YAAY,EAC9B,MAAM,EACN,iBAAiB,EACjB,aAAa,CAChB,CAAC,gBAAgB,EAAE,iBAAiB,EAAE,aAAa,CAAC,CAAC;;QAEtD,OAAO,YAAY,CAAC,IAAI,UAAU,CAAC,sBAAsB,CAAC,CAAC,CAAC;AAC/D,KAAA;AAAC,IAAA,OAAO,CAAC,EAAE;AACR,QAAA,MAAM,sBAAsB,CAACA,cAAoC,CAAC,CAAC;AACtE,KAAA;AACL;;;;"}

node_modules/@azure/msal-browser/dist/crypto/SignedHttpRequest.d.ts

@@ -0,0 +1,31 @@
+import { LoggerOptions, SignedHttpRequestParameters } from "@azure/msal-common/browser";
+export type SignedHttpRequestOptions = {
+    loggerOptions: LoggerOptions;
+};
+export declare class SignedHttpRequest {
+    private popTokenGenerator;
+    private cryptoOps;
+    private shrParameters;
+    private logger;
+    constructor(shrParameters: SignedHttpRequestParameters, shrOptions?: SignedHttpRequestOptions);
+    /**
+     * Generates and caches a keypair for the given request options.
+     * @returns Public key digest, which should be sent to the token issuer.
+     */
+    generatePublicKeyThumbprint(): Promise<string>;
+    /**
+     * Generates a signed http request for the given payload with the given key.
+     * @param payload Payload to sign (e.g. access token)
+     * @param publicKeyThumbprint Public key digest (from generatePublicKeyThumbprint API)
+     * @param claims Additional claims to include/override in the signed JWT
+     * @returns Pop token signed with the corresponding private key
+     */
+    signRequest(payload: string, publicKeyThumbprint: string, claims?: object): Promise<string>;
+    /**
+     * Removes cached keys from browser for given public key thumbprint
+     * @param publicKeyThumbprint Public key digest (from generatePublicKeyThumbprint API)
+     * @returns If keys are properly deleted
+     */
+    removeKeys(publicKeyThumbprint: string): Promise<boolean>;
+}
+//# sourceMappingURL=SignedHttpRequest.d.ts.map

node_modules/@azure/msal-browser/dist/crypto/SignedHttpRequest.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"SignedHttpRequest.d.ts","sourceRoot":"","sources":["../../src/crypto/SignedHttpRequest.ts"],"names":[],"mappings":"AAMA,OAAO,EAEH,aAAa,EAEb,2BAA2B,EAC9B,MAAM,4BAA4B,CAAC;AAGpC,MAAM,MAAM,wBAAwB,GAAG;IACnC,aAAa,EAAE,aAAa,CAAC;CAChC,CAAC;AAEF,qBAAa,iBAAiB;IAC1B,OAAO,CAAC,iBAAiB,CAAoB;IAC7C,OAAO,CAAC,SAAS,CAAY;IAC7B,OAAO,CAAC,aAAa,CAA8B;IACnD,OAAO,CAAC,MAAM,CAAS;gBAGnB,aAAa,EAAE,2BAA2B,EAC1C,UAAU,CAAC,EAAE,wBAAwB;IASzC;;;OAGG;IACG,2BAA2B,IAAI,OAAO,CAAC,MAAM,CAAC;IAQpD;;;;;;OAMG;IACG,WAAW,CACb,OAAO,EAAE,MAAM,EACf,mBAAmB,EAAE,MAAM,EAC3B,MAAM,CAAC,EAAE,MAAM,GAChB,OAAO,CAAC,MAAM,CAAC;IASlB;;;;OAIG;IACG,UAAU,CAAC,mBAAmB,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;CAGlE"}

node_modules/@azure/msal-browser/dist/crypto/SignedHttpRequest.mjs

@@ -0,0 +1,48 @@
+/*! @azure/msal-browser v4.2.1 2025-02-11 */
+'use strict';
+import { CryptoOps } from './CryptoOps.mjs';
+import { Logger, PopTokenGenerator } from '@azure/msal-common/browser';
+import { name, version } from '../packageMetadata.mjs';
+
+/*
+ * Copyright (c) Microsoft Corporation. All rights reserved.
+ * Licensed under the MIT License.
+ */
+class SignedHttpRequest {
+    constructor(shrParameters, shrOptions) {
+        const loggerOptions = (shrOptions && shrOptions.loggerOptions) || {};
+        this.logger = new Logger(loggerOptions, name, version);
+        this.cryptoOps = new CryptoOps(this.logger);
+        this.popTokenGenerator = new PopTokenGenerator(this.cryptoOps);
+        this.shrParameters = shrParameters;
+    }
+    /**
+     * Generates and caches a keypair for the given request options.
+     * @returns Public key digest, which should be sent to the token issuer.
+     */
+    async generatePublicKeyThumbprint() {
+        const { kid } = await this.popTokenGenerator.generateKid(this.shrParameters);
+        return kid;
+    }
+    /**
+     * Generates a signed http request for the given payload with the given key.
+     * @param payload Payload to sign (e.g. access token)
+     * @param publicKeyThumbprint Public key digest (from generatePublicKeyThumbprint API)
+     * @param claims Additional claims to include/override in the signed JWT
+     * @returns Pop token signed with the corresponding private key
+     */
+    async signRequest(payload, publicKeyThumbprint, claims) {
+        return this.popTokenGenerator.signPayload(payload, publicKeyThumbprint, this.shrParameters, claims);
+    }
+    /**
+     * Removes cached keys from browser for given public key thumbprint
+     * @param publicKeyThumbprint Public key digest (from generatePublicKeyThumbprint API)
+     * @returns If keys are properly deleted
+     */
+    async removeKeys(publicKeyThumbprint) {
+        return this.cryptoOps.removeTokenBindingKey(publicKeyThumbprint);
+    }
+}
+
+export { SignedHttpRequest };
+//# sourceMappingURL=SignedHttpRequest.mjs.map

node_modules/@azure/msal-browser/dist/crypto/SignedHttpRequest.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"SignedHttpRequest.mjs","sources":["../../src/crypto/SignedHttpRequest.ts"],"sourcesContent":[null],"names":[],"mappings":";;;;;;AAAA;;;AAGG;MAeU,iBAAiB,CAAA;IAM1B,WACI,CAAA,aAA0C,EAC1C,UAAqC,EAAA;QAErC,MAAM,aAAa,GAAG,CAAC,UAAU,IAAI,UAAU,CAAC,aAAa,KAAK,EAAE,CAAC;AACrE,QAAA,IAAI,CAAC,MAAM,GAAG,IAAI,MAAM,CAAC,aAAa,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC;QACvD,IAAI,CAAC,SAAS,GAAG,IAAI,SAAS,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAC5C,IAAI,CAAC,iBAAiB,GAAG,IAAI,iBAAiB,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;AAC/D,QAAA,IAAI,CAAC,aAAa,GAAG,aAAa,CAAC;KACtC;AAED;;;AAGG;AACH,IAAA,MAAM,2BAA2B,GAAA;AAC7B,QAAA,MAAM,EAAE,GAAG,EAAE,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,WAAW,CACpD,IAAI,CAAC,aAAa,CACrB,CAAC;AAEF,QAAA,OAAO,GAAG,CAAC;KACd;AAED;;;;;;AAMG;AACH,IAAA,MAAM,WAAW,CACb,OAAe,EACf,mBAA2B,EAC3B,MAAe,EAAA;AAEf,QAAA,OAAO,IAAI,CAAC,iBAAiB,CAAC,WAAW,CACrC,OAAO,EACP,mBAAmB,EACnB,IAAI,CAAC,aAAa,EAClB,MAAM,CACT,CAAC;KACL;AAED;;;;AAIG;IACH,MAAM,UAAU,CAAC,mBAA2B,EAAA;QACxC,OAAO,IAAI,CAAC,SAAS,CAAC,qBAAqB,CAAC,mBAAmB,CAAC,CAAC;KACpE;AACJ;;;;"}