@icure/api 6.4.0 → 7.0.0-beta.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/icc-api/api/IccDeviceApi.d.ts +1 -1
- package/icc-api/api/IccDeviceApi.js.map +1 -1
- package/icc-api/api/IccDoctemplateApi.js.map +1 -1
- package/icc-api/api/IccDocumentTemplateApi.js.map +1 -1
- package/icc-api/api/IccHcpartyApi.d.ts +1 -1
- package/icc-api/api/IccHcpartyApi.js.map +1 -1
- package/icc-api/api/IccPatientApi.d.ts +1 -1
- package/icc-api/api/IccPatientApi.js.map +1 -1
- package/icc-api/model/MaintenanceTask.d.ts +6 -5
- package/icc-api/model/MaintenanceTask.js +5 -0
- package/icc-api/model/MaintenanceTask.js.map +1 -1
- package/icc-api/model/User.d.ts +23 -1
- package/icc-api/model/User.js +21 -0
- package/icc-api/model/User.js.map +1 -1
- package/icc-api/model/models.d.ts +14 -0
- package/icc-api/model/models.js.map +1 -1
- package/icc-x-api/crypto/AES.d.ts +2 -0
- package/icc-x-api/crypto/AES.js +12 -0
- package/icc-x-api/crypto/AES.js.map +1 -1
- package/icc-x-api/crypto/BaseExchangeKeysManager.d.ts +122 -0
- package/icc-x-api/crypto/BaseExchangeKeysManager.js +356 -0
- package/icc-x-api/crypto/BaseExchangeKeysManager.js.map +1 -0
- package/icc-x-api/crypto/ConfidentialEntities.d.ts +58 -0
- package/icc-x-api/crypto/ConfidentialEntities.js +99 -0
- package/icc-x-api/crypto/ConfidentialEntities.js.map +1 -0
- package/icc-x-api/crypto/CryptoPrimitives.d.ts +31 -0
- package/icc-x-api/crypto/CryptoPrimitives.js +55 -0
- package/icc-x-api/crypto/CryptoPrimitives.js.map +1 -0
- package/icc-x-api/crypto/CryptoStrategies.d.ts +82 -0
- package/icc-x-api/crypto/CryptoStrategies.js +3 -0
- package/icc-x-api/crypto/CryptoStrategies.js.map +1 -0
- package/icc-x-api/crypto/EntitiesEncryption.d.ts +254 -0
- package/icc-x-api/crypto/EntitiesEncryption.js +700 -0
- package/icc-x-api/crypto/EntitiesEncryption.js.map +1 -0
- package/icc-x-api/crypto/ExchangeKeysManager.d.ts +56 -0
- package/icc-x-api/crypto/ExchangeKeysManager.js +147 -0
- package/icc-x-api/crypto/ExchangeKeysManager.js.map +1 -0
- package/icc-x-api/crypto/KeyManager.d.ts +103 -0
- package/icc-x-api/crypto/KeyManager.js +288 -0
- package/icc-x-api/crypto/KeyManager.js.map +1 -0
- package/icc-x-api/crypto/KeyRecovery.d.ts +34 -0
- package/icc-x-api/crypto/KeyRecovery.js +253 -0
- package/icc-x-api/crypto/KeyRecovery.js.map +1 -0
- package/icc-x-api/crypto/LegacyCryptoStrategies.d.ts +28 -0
- package/icc-x-api/crypto/LegacyCryptoStrategies.js +22 -0
- package/icc-x-api/crypto/LegacyCryptoStrategies.js.map +1 -0
- package/icc-x-api/crypto/RSA.d.ts +19 -20
- package/icc-x-api/crypto/RSA.js +30 -1
- package/icc-x-api/crypto/RSA.js.map +1 -1
- package/icc-x-api/crypto/ShamirKeysManager.d.ts +43 -0
- package/icc-x-api/crypto/ShamirKeysManager.js +150 -0
- package/icc-x-api/crypto/ShamirKeysManager.js.map +1 -0
- package/icc-x-api/crypto/ShareMetadataBehaviour.d.ts +19 -0
- package/icc-x-api/crypto/ShareMetadataBehaviour.js +24 -0
- package/icc-x-api/crypto/ShareMetadataBehaviour.js.map +1 -0
- package/icc-x-api/crypto/TransferKeysManager.d.ts +29 -0
- package/icc-x-api/crypto/TransferKeysManager.js +121 -0
- package/icc-x-api/crypto/TransferKeysManager.js.map +1 -0
- package/icc-x-api/crypto/utils.d.ts +46 -0
- package/icc-x-api/crypto/utils.js +128 -0
- package/icc-x-api/crypto/utils.js.map +1 -1
- package/icc-x-api/filters/ContactByHcPartyTagCodeDateFilter.d.ts +11 -0
- package/icc-x-api/filters/ContactByHcPartyTagCodeDateFilter.js +11 -0
- package/icc-x-api/filters/ContactByHcPartyTagCodeDateFilter.js.map +1 -1
- package/icc-x-api/filters/DeviceByHcPartyFilter.d.ts +11 -0
- package/icc-x-api/filters/DeviceByHcPartyFilter.js +11 -0
- package/icc-x-api/filters/DeviceByHcPartyFilter.js.map +1 -1
- package/icc-x-api/filters/DeviceByIdsFilter.d.ts +11 -0
- package/icc-x-api/filters/DeviceByIdsFilter.js +11 -0
- package/icc-x-api/filters/DeviceByIdsFilter.js.map +1 -1
- package/icc-x-api/filters/HealthElementByHcPartySecretForeignKeysFilter.d.ts +11 -0
- package/icc-x-api/filters/HealthElementByHcPartySecretForeignKeysFilter.js +11 -0
- package/icc-x-api/filters/HealthElementByHcPartySecretForeignKeysFilter.js.map +1 -1
- package/icc-x-api/icc-accesslog-x-api.d.ts +49 -4
- package/icc-x-api/icc-accesslog-x-api.js +112 -102
- package/icc-x-api/icc-accesslog-x-api.js.map +1 -1
- package/icc-x-api/icc-calendar-item-x-api.d.ts +53 -5
- package/icc-x-api/icc-calendar-item-x-api.js +112 -100
- package/icc-x-api/icc-calendar-item-x-api.js.map +1 -1
- package/icc-x-api/icc-classification-x-api.d.ts +45 -2
- package/icc-x-api/icc-classification-x-api.js +89 -41
- package/icc-x-api/icc-classification-x-api.js.map +1 -1
- package/icc-x-api/icc-contact-x-api.d.ts +57 -19
- package/icc-x-api/icc-contact-x-api.js +149 -154
- package/icc-x-api/icc-contact-x-api.js.map +1 -1
- package/icc-x-api/icc-crypto-x-api.d.ts +266 -366
- package/icc-x-api/icc-crypto-x-api.js +416 -1327
- package/icc-x-api/icc-crypto-x-api.js.map +1 -1
- package/icc-x-api/icc-data-owner-x-api.d.ts +110 -11
- package/icc-x-api/icc-data-owner-x-api.js +188 -14
- package/icc-x-api/icc-data-owner-x-api.js.map +1 -1
- package/icc-x-api/icc-doctemplate-x-api.js +3 -3
- package/icc-x-api/icc-doctemplate-x-api.js.map +1 -1
- package/icc-x-api/icc-document-x-api.d.ts +76 -5
- package/icc-x-api/icc-document-x-api.js +137 -59
- package/icc-x-api/icc-document-x-api.js.map +1 -1
- package/icc-x-api/icc-form-x-api.d.ts +47 -7
- package/icc-x-api/icc-form-x-api.js +85 -86
- package/icc-x-api/icc-form-x-api.js.map +1 -1
- package/icc-x-api/icc-hcparty-x-api.d.ts +1 -1
- package/icc-x-api/icc-hcparty-x-api.js +1 -1
- package/icc-x-api/icc-hcparty-x-api.js.map +1 -1
- package/icc-x-api/icc-helement-x-api.d.ts +50 -3
- package/icc-x-api/icc-helement-x-api.js +101 -118
- package/icc-x-api/icc-helement-x-api.js.map +1 -1
- package/icc-x-api/icc-icure-maintenance-x-api.d.ts +31 -0
- package/icc-x-api/icc-icure-maintenance-x-api.js +124 -0
- package/icc-x-api/icc-icure-maintenance-x-api.js.map +1 -0
- package/icc-x-api/icc-invoice-x-api.d.ts +45 -5
- package/icc-x-api/icc-invoice-x-api.js +89 -64
- package/icc-x-api/icc-invoice-x-api.js.map +1 -1
- package/icc-x-api/icc-maintenance-task-x-api.d.ts +38 -6
- package/icc-x-api/icc-maintenance-task-x-api.js +73 -102
- package/icc-x-api/icc-maintenance-task-x-api.js.map +1 -1
- package/icc-x-api/icc-message-x-api.d.ts +55 -2
- package/icc-x-api/icc-message-x-api.js +92 -33
- package/icc-x-api/icc-message-x-api.js.map +1 -1
- package/icc-x-api/icc-patient-x-api.d.ts +67 -7
- package/icc-x-api/icc-patient-x-api.js +409 -473
- package/icc-x-api/icc-patient-x-api.js.map +1 -1
- package/icc-x-api/icc-receipt-x-api.d.ts +49 -5
- package/icc-x-api/icc-receipt-x-api.js +85 -47
- package/icc-x-api/icc-receipt-x-api.js.map +1 -1
- package/icc-x-api/icc-time-table-x-api.d.ts +34 -10
- package/icc-x-api/icc-time-table-x-api.js +61 -18
- package/icc-x-api/icc-time-table-x-api.js.map +1 -1
- package/icc-x-api/index.d.ts +30 -1
- package/icc-x-api/index.js +112 -49
- package/icc-x-api/index.js.map +1 -1
- package/icc-x-api/maintenance/KeyPairUpdateRequest.d.ts +35 -0
- package/icc-x-api/maintenance/KeyPairUpdateRequest.js +54 -0
- package/icc-x-api/maintenance/KeyPairUpdateRequest.js.map +1 -0
- package/icc-x-api/storage/DefaultStorageEntryKeysFactory.d.ts +9 -0
- package/icc-x-api/storage/DefaultStorageEntryKeysFactory.js +23 -0
- package/icc-x-api/storage/DefaultStorageEntryKeysFactory.js.map +1 -0
- package/icc-x-api/storage/IcureStorageFacade.d.ts +55 -0
- package/icc-x-api/storage/IcureStorageFacade.js +95 -0
- package/icc-x-api/storage/IcureStorageFacade.js.map +1 -0
- package/icc-x-api/storage/StorageEntryKeysFactory.d.ts +31 -0
- package/icc-x-api/storage/StorageEntryKeysFactory.js +3 -0
- package/icc-x-api/storage/StorageEntryKeysFactory.js.map +1 -0
- package/icc-x-api/utils/collection-utils.d.ts +8 -0
- package/icc-x-api/utils/collection-utils.js +26 -0
- package/icc-x-api/utils/collection-utils.js.map +1 -0
- package/icc-x-api/utils/crypto-utils.d.ts +8 -1
- package/icc-x-api/utils/crypto-utils.js +19 -3
- package/icc-x-api/utils/crypto-utils.js.map +1 -1
- package/icc-x-api/utils/graph-utils.d.ts +45 -0
- package/icc-x-api/utils/graph-utils.js +203 -0
- package/icc-x-api/utils/graph-utils.js.map +1 -0
- package/icc-x-api/utils/lru-temporised-async-cache.d.ts +27 -0
- package/icc-x-api/utils/lru-temporised-async-cache.js +120 -0
- package/icc-x-api/utils/lru-temporised-async-cache.js.map +1 -0
- package/package.json +1 -1
|
@@ -1,323 +1,272 @@
|
|
|
1
|
-
import { IccDeviceApi, IccHcpartyApi, IccPatientApi } from '../icc-api';
|
|
2
1
|
import { AESUtils } from './crypto/AES';
|
|
3
|
-
import { RSAUtils } from './crypto/RSA';
|
|
2
|
+
import { KeyPair, RSAUtils } from './crypto/RSA';
|
|
4
3
|
import { ShamirClass } from './crypto/shamir';
|
|
5
4
|
import { Delegation, Device, Document, EncryptedEntity, EncryptedParentEntity, HealthcareParty, Patient, User } from '../icc-api/model/models';
|
|
6
|
-
import { IccMaintenanceTaskXApi } from './icc-maintenance-task-x-api';
|
|
7
5
|
import { StorageFacade } from './storage/StorageFacade';
|
|
8
6
|
import { KeyStorageFacade } from './storage/KeyStorageFacade';
|
|
7
|
+
import { ExchangeKeysManager } from './crypto/ExchangeKeysManager';
|
|
8
|
+
import { CryptoPrimitives } from './crypto/CryptoPrimitives';
|
|
9
|
+
import { KeyManager } from './crypto/KeyManager';
|
|
10
|
+
import { DataOwner, DataOwnerWithType, IccDataOwnerXApi } from './icc-data-owner-x-api';
|
|
11
|
+
import { EntitiesEncryption } from './crypto/EntitiesEncryption';
|
|
12
|
+
import { IcureStorageFacade } from './storage/IcureStorageFacade';
|
|
13
|
+
import { ShamirKeysManager } from './crypto/ShamirKeysManager';
|
|
14
|
+
import { IccHcpartyApi } from '../icc-api';
|
|
15
|
+
import { ConfidentialEntities } from './crypto/ConfidentialEntities';
|
|
9
16
|
interface DelegatorAndKeys {
|
|
10
17
|
delegatorId: string;
|
|
11
18
|
key: CryptoKey;
|
|
12
19
|
rawKey: string;
|
|
13
20
|
}
|
|
14
|
-
type CachedDataOwner = {
|
|
15
|
-
type: 'patient';
|
|
16
|
-
dataOwner: Patient;
|
|
17
|
-
} | {
|
|
18
|
-
type: 'device';
|
|
19
|
-
dataOwner: Device;
|
|
20
|
-
} | {
|
|
21
|
-
type: 'hcp';
|
|
22
|
-
dataOwner: HealthcareParty;
|
|
23
|
-
};
|
|
24
21
|
export declare class IccCryptoXApi {
|
|
22
|
+
keychainLocalStoreIdPrefix: string;
|
|
23
|
+
keychainValidityDateLocalStoreIdPrefix: string;
|
|
24
|
+
hcpPreferenceKeyEhealthCert: string;
|
|
25
|
+
hcpPreferenceKeyEhealthCertDate: string;
|
|
26
|
+
rsaLocalStoreIdPrefix: string;
|
|
27
|
+
private readonly exchangeKeysManager;
|
|
28
|
+
private readonly cryptoPrimitives;
|
|
29
|
+
private readonly keyManager;
|
|
30
|
+
private readonly dataOwnerApi;
|
|
31
|
+
private readonly entitiesEncrypiton;
|
|
32
|
+
private readonly confidentialEntities;
|
|
33
|
+
private readonly icureStorage;
|
|
34
|
+
private readonly shamirManager;
|
|
35
|
+
private readonly _storage;
|
|
36
|
+
private readonly _keyStorage;
|
|
37
|
+
private readonly hcpartyBaseApi;
|
|
38
|
+
get primitives(): CryptoPrimitives;
|
|
39
|
+
/**
|
|
40
|
+
* @internal this method is for internal use only and may be changed without notice.
|
|
41
|
+
*/
|
|
42
|
+
get exchangeKeys(): ExchangeKeysManager;
|
|
43
|
+
/**
|
|
44
|
+
* @deprecated replace with {@link CryptoPrimitives.crypto} at {@link primitives}.
|
|
45
|
+
*/
|
|
25
46
|
get crypto(): Crypto;
|
|
47
|
+
/**
|
|
48
|
+
* @deprecated replace with {@link CryptoPrimitives.shamir} at {@link primitives}.
|
|
49
|
+
*/
|
|
26
50
|
get shamir(): ShamirClass;
|
|
51
|
+
/**
|
|
52
|
+
* @deprecated replace with {@link CryptoPrimitives.RSA} at {@link primitives}.
|
|
53
|
+
*/
|
|
27
54
|
get RSA(): RSAUtils;
|
|
55
|
+
/**
|
|
56
|
+
* @deprecated replace with {@link CryptoPrimitives.AES} at {@link primitives}.
|
|
57
|
+
*/
|
|
28
58
|
get AES(): AESUtils;
|
|
59
|
+
/**
|
|
60
|
+
* @internal this is for internal use only and may be changed without notice.
|
|
61
|
+
*/
|
|
29
62
|
get keyStorage(): KeyStorageFacade;
|
|
63
|
+
/**
|
|
64
|
+
* @internal this is for internal use only and may be changed without notice.
|
|
65
|
+
*/
|
|
30
66
|
get storage(): StorageFacade<string>;
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
67
|
+
/**
|
|
68
|
+
* @internal this is for internal use only and may be changed without notice.
|
|
69
|
+
*/
|
|
70
|
+
get entities(): EntitiesEncryption;
|
|
71
|
+
/**
|
|
72
|
+
* @internal this is for internal use only and may be changed without notice.
|
|
73
|
+
*/
|
|
74
|
+
get confidential(): ConfidentialEntities;
|
|
75
|
+
/**
|
|
76
|
+
* @internal this is for internal use only and may be changed without notice.
|
|
77
|
+
*/
|
|
78
|
+
get userKeysManager(): KeyManager;
|
|
79
|
+
/**
|
|
80
|
+
* @internal this is for internal use only and may be changed without notice.
|
|
81
|
+
*/
|
|
82
|
+
get shamirKeysManager(): ShamirKeysManager;
|
|
83
|
+
/**
|
|
84
|
+
* @internal
|
|
85
|
+
*/
|
|
86
|
+
constructor(exchangeKeysManager: ExchangeKeysManager, cryptoPrimitives: CryptoPrimitives, keyManager: KeyManager, dataOwnerApi: IccDataOwnerXApi, entitiesEncrypiton: EntitiesEncryption, shamirManager: ShamirKeysManager, storage: StorageFacade<string>, keyStorage: KeyStorageFacade, icureStorageFacade: IcureStorageFacade, hcPartyBaseApi: IccHcpartyApi, confidentialEntities: ConfidentialEntities);
|
|
87
|
+
/**
|
|
88
|
+
* Deletes values cached by the crypto api, to allow to detect changes in stored key pairs, exchange keys and/or current data owner details.
|
|
89
|
+
* This method may be useful in cases where a user is logged in from multiple devices or in cases where other users have just shared some data with
|
|
90
|
+
* the current user for the first time.
|
|
91
|
+
*/
|
|
92
|
+
forceReload(): Promise<void>;
|
|
93
|
+
/**
|
|
94
|
+
* Get a key pair with the provided fingerprint if present.
|
|
95
|
+
* @param fingerprint a key-pair/public-key fingerprint
|
|
96
|
+
* @return the pair associated to the fingerprint and a boolean indicating if the pair is verified, if present, else undefined
|
|
97
|
+
*/
|
|
98
|
+
getKeyPairForFingerprint(fingerprint: string): {
|
|
99
|
+
pair: KeyPair<CryptoKey>;
|
|
100
|
+
verified: boolean;
|
|
101
|
+
} | undefined;
|
|
102
|
+
/**
|
|
103
|
+
* Get the public keys of available key pairs for the current user and his parents in hex-encoded spki representation (uses cached keys: no request
|
|
104
|
+
* is done to the server).
|
|
105
|
+
* Note that this will also include unverified keys.
|
|
106
|
+
* @return the spki representation of public keys of available keypairs for the current user.
|
|
107
|
+
*/
|
|
108
|
+
getCurrentUserHierarchyAvailablePublicKeysHex(): Promise<string[]>;
|
|
109
|
+
/**
|
|
110
|
+
* Get the public keys of available key pairs for the current user in hex-encoded spki representation (uses cached keys: no request is done to the
|
|
111
|
+
* server).
|
|
112
|
+
* By setting {@link verifiedOnly} to true only the public keys for verified key pairs will be returned: these will include only key pairs created
|
|
113
|
+
* on this device or which have been verified using {@link CryptoStrategies} on this device.
|
|
114
|
+
* @param verifiedOnly if true only the verified public keys will be returned.
|
|
115
|
+
* @return the spki representation of public keys of available keypairs for the current user.
|
|
116
|
+
*/
|
|
117
|
+
getCurrentUserAvailablePublicKeysHex(verifiedOnly: boolean): Promise<string[]>;
|
|
118
|
+
/**
|
|
119
|
+
* @deprecated depending on your use case you should delete the calls to this method or call {@link forceReload}:
|
|
120
|
+
* - Replace with `forceReload()` if one of the following parts of the current data owner may have been modified from a different api instance:
|
|
121
|
+
* - Hcp hierarchy
|
|
122
|
+
* - Key recovery data (transfer keys or shamir)
|
|
123
|
+
* - Exchange keys (formerly hcp keys)
|
|
124
|
+
* - Remove the call if the main goal was to force reload the data owner: data owner are not cached anymore.
|
|
125
|
+
*/
|
|
47
126
|
emptyHcpCache(hcpartyId: string): void;
|
|
48
127
|
/**
|
|
49
|
-
*
|
|
50
|
-
*
|
|
51
|
-
*
|
|
52
|
-
*
|
|
53
|
-
*
|
|
128
|
+
* @deprecated you should not need this method anymore to deal with the encryption of iCure entities because everything related to entities
|
|
129
|
+
* encryption should be done either through the entity-specific extended api or through the extended apis.
|
|
130
|
+
* Note that keys returned by the current implementation of this method may not be safe for encryption/sharing.
|
|
131
|
+
* If instead you are using this method to retrieve key pairs for other purposes, for example because you want to reuse the user keys in iCure for
|
|
132
|
+
* other services consider the following alternatives:
|
|
133
|
+
* - If you want to use all iCure facilities including key recovery and key verification you can use {@link getKeyPairForFingerprint}.
|
|
134
|
+
* Note that this solution can only give access to keys for the data owner of the instantiated api and his parents.
|
|
135
|
+
* - Alternatively you can use directly your choice of {@link KeyStorageFacade} and {@link StorageEntryKeysFactory}: if these are the same you use
|
|
136
|
+
* for the iCure API client the keys will be shared with it. Note however that the iCure api client uses
|
|
137
|
+
* {@link StorageEntryKeysFactory.cachedRecoveredKeypairOfDataOwner} to cache recovered keys of a data owner which may not have originated from
|
|
138
|
+
* this device, so you should only use {@link StorageEntryKeysFactory.deviceKeypairOfDataOwner} if you want to make sure the keys you use are safe
|
|
139
|
+
* for encryption.
|
|
54
140
|
*/
|
|
55
|
-
private getEncryptedAesExchangeKeysForDelegate;
|
|
56
|
-
private forceGetEncryptedAesExchangeKeysForDelegate;
|
|
57
|
-
keychainLocalStoreIdPrefix: string;
|
|
58
|
-
keychainValidityDateLocalStoreIdPrefix: string;
|
|
59
|
-
hcpPreferenceKeyEhealthCert: string;
|
|
60
|
-
hcpPreferenceKeyEhealthCertDate: string;
|
|
61
|
-
rsaLocalStoreIdPrefix: string;
|
|
62
|
-
private hcpartyBaseApi;
|
|
63
|
-
private patientBaseApi;
|
|
64
|
-
private deviceBaseApi;
|
|
65
|
-
private readonly _crypto;
|
|
66
|
-
private generateKeyConcurrencyMap;
|
|
67
|
-
private rsaKeyPairs;
|
|
68
|
-
private readonly _AES;
|
|
69
|
-
private readonly _RSA;
|
|
70
|
-
private readonly _shamir;
|
|
71
|
-
private readonly _storage;
|
|
72
|
-
private readonly _keyStorage;
|
|
73
|
-
constructor(host: string, headers: {
|
|
74
|
-
[key: string]: string;
|
|
75
|
-
}, hcpartyBaseApi: IccHcpartyApi, //Init with a hcparty x api for better performances
|
|
76
|
-
patientBaseApi: IccPatientApi, deviceBaseApi: IccDeviceApi, crypto: Crypto | undefined, storage: StorageFacade<string>, keyStorage: KeyStorageFacade);
|
|
77
|
-
loadAllKeysFromLocalStorage(dataOwnerId: string): Promise<void>;
|
|
78
141
|
getCachedRsaKeyPairForFingerprint(dataOwnerId: string, pubKeyOrFingerprint: string): Promise<{
|
|
79
142
|
publicKey: CryptoKey;
|
|
80
143
|
privateKey: CryptoKey;
|
|
81
144
|
}>;
|
|
145
|
+
/**
|
|
146
|
+
* @deprecated You do not need this method to encrypt/decrypt data of iCure, but if you want to reuse the iCure keys for the user for other purposes
|
|
147
|
+
* you have different options to replace this method, depending on what you actually need. All options return the hex-encoded spki representation of
|
|
148
|
+
* the public keys.
|
|
149
|
+
* - If you want only the public keys for which we have a private key available
|
|
150
|
+
* - you can replicate the current behaviour using {@link getCurrentUserHierarchyAvailablePublicKeysHex}. This includes keys for the current user
|
|
151
|
+
* and his parents.
|
|
152
|
+
* - use {@link getCurrentUserAvailablePublicKeysHex} to get public keys only for the current data owner, ignoring any keys of the
|
|
153
|
+
* parent hierarchy. In this case you can also apply a filter to only get verified keys (safe for encryption).
|
|
154
|
+
* - If you need all public keys for the data owner, including those for which there is no corresponding private key available on the device use
|
|
155
|
+
* {@link IccDataOwnerXApi.getHexPublicKeysOf} with the current data owner. If you don't have it available you may get it from
|
|
156
|
+
* {@link IccDataOwnerXApi.getCurrentDataOwner}, but this will require to do a request to the iCure server (other options use only cached data).
|
|
157
|
+
*/
|
|
82
158
|
getPublicKeys(): Promise<string[]>;
|
|
83
|
-
|
|
159
|
+
/**
|
|
160
|
+
* @deprecated replace with {@link CryptoPrimitives.randomUuid} at {@link primitives}.
|
|
161
|
+
*/
|
|
84
162
|
randomUuid(): string;
|
|
163
|
+
/**
|
|
164
|
+
* @deprecated replace with {@link CryptoPrimitives.sha256} at {@link primitives}.
|
|
165
|
+
*/
|
|
85
166
|
sha256(data: ArrayBuffer | Uint8Array): Promise<ArrayBuffer>;
|
|
167
|
+
/**
|
|
168
|
+
* @deprecated Use {@link ShamirKeysManager.updateSelfSplits} from {@link shamirKeysManager} instead. Note that the new method completely replaces
|
|
169
|
+
* all current values if a split for the provided key already exists.
|
|
170
|
+
*/
|
|
86
171
|
encryptShamirRSAKey(hcp: HealthcareParty, notaries: Array<HealthcareParty>, threshold?: number): Promise<HealthcareParty>;
|
|
172
|
+
/**
|
|
173
|
+
* @deprecated You should not need this method anymore because the api will automatically try to recover the available shamir keys on startup.
|
|
174
|
+
*/
|
|
87
175
|
decryptShamirRSAKey(hcp: HealthcareParty, notaries: Array<HealthcareParty>): Promise<void>;
|
|
88
176
|
/**
|
|
89
|
-
*
|
|
90
|
-
*
|
|
91
|
-
*
|
|
92
|
-
* Otherwise, decrypts it using the RSA key of the delegator or delegate (depending on the value of `encryptedForDelegator`)
|
|
93
|
-
*
|
|
94
|
-
* @param loggedHcPartyId The logged DataOwner id or the id of his parent
|
|
95
|
-
* @param delegatorId The id of Delegator eg, the DataOwner where this AES exchange key is stored
|
|
96
|
-
* @param delegateHcPartyId The id of the delegate : the data owner for whom this aes exchange key has been created
|
|
97
|
-
* @param publicKey The public key of the delegator : A unique aes exchange key is created for each public key of the delegator. This is the public key corresponding to the encryptedHcPartyKeys
|
|
98
|
-
* @param encryptedHcPartyKeys The encryptedHcPartyKeys to be decrypted
|
|
99
|
-
* @param publicKeys The public keys for which we might have a private key
|
|
100
|
-
*
|
|
101
|
-
* @returns - **delegatorId** the input param `delegatorId`
|
|
102
|
-
* - **key** the decrypted `encryptedHcPartyKey`
|
|
177
|
+
* @deprecated you should not need this method anymore because everything related to entities encryption should be done either through the
|
|
178
|
+
* entity-specific extended api.
|
|
179
|
+
* Note that currently this method does not cache results anymore (but the updated methods do).
|
|
103
180
|
*/
|
|
104
181
|
decryptHcPartyKey(loggedHcPartyId: string, delegatorId: string, delegateHcPartyId: string, publicKey: string, encryptedHcPartyKeys: {
|
|
105
182
|
[key: string]: string;
|
|
106
183
|
}, publicKeys: string[]): Promise<DelegatorAndKeys>;
|
|
107
184
|
/**
|
|
108
|
-
*
|
|
185
|
+
* @deprecated you should not need this method anymore. The new API will automatically load on startup all keys available through the key storage
|
|
186
|
+
* facade and/or recoverable through transfer keys or shamir split. If no verified key (safe for encryption) can be found during the instantiation
|
|
187
|
+
* of the API, depending on the parameters passed to the factory one of two scenarios will happen:
|
|
188
|
+
* - A new key will be automatically created on the device and stored using the key storage facade.
|
|
189
|
+
* - The api instantiation fails with an exception. This is ideal if you want to try to recover an existing key pair before creating a new one.
|
|
190
|
+
*
|
|
191
|
+
* If you were using this method to allow the user to recover an existing key that is not available in the storage facade nor recoverable through
|
|
192
|
+
* transfer keys or shamir split (for example by scanning a qr code, or by loading a file from the computer to the web browser's local storage)
|
|
193
|
+
* you will have to move that logic in your implementation of CryptoStrategies.
|
|
194
|
+
* It is currently not allowed to create new key pairs if a verified key pair is already available on the device, as this would be wasteful.
|
|
195
|
+
* If you want to convert a `JsonWebKey` pair to a `CryptoKey` pair you should use directly the method in `primitives.RSA`.
|
|
109
196
|
*/
|
|
110
|
-
cacheKeyPair(keyPairInJwk:
|
|
111
|
-
publicKey: JsonWebKey;
|
|
112
|
-
privateKey: JsonWebKey;
|
|
113
|
-
}): Promise<{
|
|
114
|
-
publicKey: CryptoKey;
|
|
115
|
-
privateKey: CryptoKey;
|
|
116
|
-
}>;
|
|
197
|
+
cacheKeyPair(keyPairInJwk: KeyPair<JsonWebKey>): Promise<KeyPair<CryptoKey>>;
|
|
117
198
|
/**
|
|
118
|
-
*
|
|
119
|
-
*
|
|
120
|
-
* @param hcpartyId :the id of the delegate HcP
|
|
121
|
-
* @param confidential :weather the key is going to be used for a confidential piece or data or not
|
|
122
|
-
* @returns - **extractedKeys** array containing secret IDs (SFKs) from decrypted SPKs, from both given HcP and its parents ; can contain duplicates
|
|
123
|
-
* - **hcpartyId** the given `hcpartyId` OR, if a parent exist, the HcP id of the top parent in the hierarchy (even if that parent has no delegations)
|
|
199
|
+
* @deprecated Usually you should not need this method, since the preferred sfk is automatically chosen by the extended entity apis when creating a
|
|
200
|
+
* new instance of the entity.
|
|
124
201
|
*/
|
|
125
202
|
extractPreferredSfk(parent: EncryptedParentEntity, hcpartyId: string, confidential: boolean): Promise<string | undefined>;
|
|
126
203
|
/**
|
|
127
|
-
*
|
|
128
|
-
*
|
|
129
|
-
* 1. Get the keys for the delegateHealthCareParty (cache/backend).
|
|
130
|
-
* 2. For each key in the delegators, decrypt it with the delegate's private key
|
|
131
|
-
* 3. Filter out undefined keys and return them
|
|
132
|
-
*
|
|
133
|
-
* @param delegatorsHcPartyIdsSet array of delegator HcP IDs that could have delegated something to the HcP with ID `delegateHcPartyId`
|
|
134
|
-
* @param delegateHcPartyId the HcP for which the HcPs with IDs in `delegatorsHcPartyIdsSet` could have delegated something
|
|
135
|
-
* @param minCacheDurationInSeconds The minimum cache duration
|
|
136
|
-
* @returns - **delegatorId** : the id of the delegator HcP that shares the **key** with the `delegateHcPartyId`
|
|
137
|
-
* - **key** the decrypted HcPartyKey, shared between **delegatorId** and `delegateHcPartyId`
|
|
204
|
+
* @deprecated you should not need this method anymore because everything related to entities encryption should be done either through the
|
|
205
|
+
* entity-specific extended api.
|
|
138
206
|
*/
|
|
139
207
|
decryptAndImportAesHcPartyKeysForDelegators(delegatorsHcPartyIdsSet: Array<string>, delegateHcPartyId: string, minCacheDurationInSeconds?: number): Promise<Array<DelegatorAndKeys>>;
|
|
140
208
|
/**
|
|
141
|
-
*
|
|
142
|
-
*
|
|
143
|
-
*
|
|
144
|
-
* given healthCarePartyId.
|
|
145
|
-
* 2. Enumerates all the delegators (delegation.owner) present in
|
|
146
|
-
* the delegations.
|
|
147
|
-
* 3. Decrypt's delegators' keys and returns them.
|
|
148
|
-
*
|
|
149
|
-
* @param dataOwnerId : the id of the delegate HCP
|
|
150
|
-
* @param delegations : delegations (can be SPKs, CFKs, EKs) for all delegates
|
|
151
|
-
* @param fallbackOnParent default true; use parent's healthCarePartyId in case there's no delegation for the `healthcarePartyId`
|
|
152
|
-
* @returns - **delegatorId** : the id of the delegator HcP that shares the **key** with the `healthcarePartyId`
|
|
153
|
-
* - **key** the decrypted HcPartyKey, shared between **delegatorId** and `healthcarePartyId`
|
|
154
|
-
*/
|
|
155
|
-
getDecryptedAesExchangeKeysOfDelegateAndParentsFromGenericDelegations(dataOwnerId: string, delegations: {
|
|
156
|
-
[key: string]: Array<Delegation>;
|
|
157
|
-
}, fallbackOnParent?: boolean): Promise<Array<DelegatorAndKeys>>;
|
|
158
|
-
/**
|
|
159
|
-
* Retrieve the owner HealthCareParty key and use it to encrypt
|
|
160
|
-
* both the delegations (createdObject.id) and the cryptedForeignKeys
|
|
161
|
-
* (parentObject.id), and returns them in an object.
|
|
209
|
+
* @deprecated you should not need this method anymore because everything related to entities encryption should be done either through the
|
|
210
|
+
* entity-specific extended api.
|
|
211
|
+
* Note that currently this method does not cache results anymore (but the updated methods do).
|
|
162
212
|
*/
|
|
163
|
-
initObjectDelegations(createdObject: any, parentObject: any, ownerId: string, secretForeignKeyOfParent: string | null): Promise<{
|
|
164
|
-
owner: HealthcareParty | Device | Patient;
|
|
165
|
-
delegations: any;
|
|
166
|
-
cryptedForeignKeys: any;
|
|
167
|
-
secretForeignKeys: any[];
|
|
168
|
-
secretId: string;
|
|
169
|
-
}>;
|
|
170
|
-
private decryptAnyAesExchangeKeyForOwner;
|
|
171
|
-
/**
|
|
172
|
-
* Gets updated instances of SPKs and CKFs for the child object `modifiedObject`.
|
|
173
|
-
* These updated SPKs and CKFs contain new SPKs/CFKs to provide delegation from delegator HcP with id `ownerId` to delegate HcP with id `delegateId`
|
|
174
|
-
*
|
|
175
|
-
* 1. if `secretIdOfModifiedObject` is not provided, the method will throw an exception; this `secretIdOfModifiedObject` is used to generate a new delegation (SPK) in step 3;
|
|
176
|
-
* the `secretIdOfModifiedObject` is returned, unmodified, as `secretId`
|
|
177
|
-
* 2. if the owner (delegator) did not perform a delegation to the delegate, then this HcP delegation (creation of a new HcPKey) is performed now
|
|
178
|
-
* 3. creates a new delegation (Secret Primary Keys) on the `modifiedObject` encrypted with the HcPKey from owner to the delegate;
|
|
179
|
-
* 4. if `parentObject` != null, creates a new CFK on the `modifiedObject` encrypted with the HcPKey from owner to the delegate;
|
|
180
|
-
* 5. this new delegation (from step 3) is added to the list of existing delegations (Secret Primary Keys) on the `modifiedObject` for the delegate given by `delegateId`
|
|
181
|
-
* 6. if the CFK (from step 4) can be created, this new CFK is added to the list of existing CFKs on the `modifiedObject` for the delegate given by `delegateId`
|
|
182
|
-
* 7. then some duplicates delegations (SPKs) and CKFs are removed
|
|
183
|
-
*
|
|
184
|
-
* @param modifiedObject : the object of which SPKs and CFKs will be cloned, the clones will be modified and then used as returned values ; it's a 'child' of `parentObject`; will NOT be mutated
|
|
185
|
-
* @param parentObject : will NOT be mutated
|
|
186
|
-
* @param ownerId : the HcP id of the delegator
|
|
187
|
-
* @param delegateId : the HcP id of the delegate
|
|
188
|
-
* @param secretIdOfModifiedObject : the secret id used in the child object to generate its SPK
|
|
189
|
-
* @returns - **delegations** existing delegations (SPKs) of the `modifiedObject`, appended with results from step 5
|
|
190
|
-
* - **cryptedForeignKeys** existing CFKs of the `modifiedObject`, appended with results from steps 6
|
|
191
|
-
* - **secretId** which is the given input parameter `secretIdOfModifiedObject`
|
|
192
|
-
*/
|
|
193
|
-
extendedDelegationsAndCryptedForeignKeys<T extends EncryptedEntity, P extends EncryptedParentEntity>(modifiedObject: T, parentObject: P | null, ownerId: string, delegateId: string, secretIdOfModifiedObject: string | null): Promise<{
|
|
194
|
-
modifiedObject: T;
|
|
195
|
-
delegations: {
|
|
196
|
-
[key: string]: Array<Delegation>;
|
|
197
|
-
};
|
|
198
|
-
cryptedForeignKeys: {
|
|
199
|
-
[key: string]: Array<Delegation>;
|
|
200
|
-
};
|
|
201
|
-
secretId: string | null;
|
|
202
|
-
}>;
|
|
203
|
-
private _getDelegateIdsOf;
|
|
204
213
|
getEncryptedAesExchangeKeys(owner: HealthcareParty | Patient | Device, delegateId: string): Promise<{
|
|
205
214
|
[pubKeyIdentifier: string]: {
|
|
206
215
|
[pubKeyFingerprint: string]: string;
|
|
207
216
|
};
|
|
208
217
|
}>;
|
|
209
|
-
getOrCreateHcPartyKeys(owner: HealthcareParty | Patient | Device, delegateId: string): Promise<{
|
|
210
|
-
owner: HealthcareParty | Patient | Device;
|
|
211
|
-
aesExchangeKeys: {
|
|
212
|
-
[pubKeyIdentifier: string]: {
|
|
213
|
-
[pubKeyFingerprint: string]: string;
|
|
214
|
-
};
|
|
215
|
-
};
|
|
216
|
-
}>;
|
|
217
218
|
/**
|
|
218
|
-
*
|
|
219
|
-
*
|
|
220
|
-
*
|
|
221
|
-
* @param createdObject
|
|
222
|
-
* @param ownerId
|
|
219
|
+
* @deprecated you should not use this method because initialisation of encrypted entities keys is done automatically by the entity-specific
|
|
220
|
+
* extended api. Also note that it is now forbidden to initialise an entity as a data owner which is not the current data owner: you should instead
|
|
221
|
+
* create the entity as the current data owner then create a delegation to the other data owner.
|
|
223
222
|
*/
|
|
224
223
|
initEncryptionKeys(createdObject: any, ownerId: string): Promise<{
|
|
225
224
|
encryptionKeys: any;
|
|
226
225
|
secretId: string;
|
|
227
|
-
modifiedOwner: Patient | Device | HealthcareParty;
|
|
228
226
|
}>;
|
|
229
227
|
/**
|
|
230
|
-
*
|
|
231
|
-
*
|
|
232
|
-
* @
|
|
233
|
-
*
|
|
234
|
-
*
|
|
235
|
-
*
|
|
236
|
-
*
|
|
237
|
-
*
|
|
238
|
-
* `secretEncryptionKeyOfObject` )
|
|
239
|
-
* - **secretId** which is the given input parameter `secretEncryptionKeyOfObject`
|
|
240
|
-
*/
|
|
241
|
-
appendEncryptionKeys<T extends EncryptedEntity>(modifiedObject: T, ownerId: string, delegateId: string, secretEncryptionKeyOfObject: string): Promise<{
|
|
242
|
-
modifiedObject: T;
|
|
243
|
-
encryptionKeys: {
|
|
244
|
-
[key: string]: Array<Delegation>;
|
|
245
|
-
};
|
|
246
|
-
secretId: string | null;
|
|
247
|
-
}>;
|
|
248
|
-
/**
|
|
249
|
-
* Gets an updated `child` object that will have its SPKs, CFKs, KSs updated to include delegations from delegator HcP with id `ownerId` to delegate HcP with id `delegateId`
|
|
250
|
-
* The SFKs of `child` are not updated, so this method assumes this is not the initial delegation on the `child` object
|
|
251
|
-
* The method also performs some deduplication of all types of delegations.
|
|
252
|
-
* @param parent : the parent object of `child`; will NOT be mutated
|
|
253
|
-
* @param child : the object that will be mutated and returned
|
|
254
|
-
* @param ownerId delegator HcP id
|
|
255
|
-
* @param delegateId delegate HcP id
|
|
256
|
-
* @param secretDelegationKey the secret Id used in the child object to generate the SPK
|
|
257
|
-
* @param secretEncryptionKey the secret Id used in the child object to generate the EK (Content Encryption Key)
|
|
258
|
-
* @returns - an updated `child` object that will contain updated SPKs, CFKs, EKs
|
|
259
|
-
* */
|
|
260
|
-
addDelegationsAndEncryptionKeys<T extends EncryptedEntity>(parent: EncryptedParentEntity | null, child: T, ownerId: string, delegateId: string, secretDelegationKey: string | null, secretEncryptionKey: string | null): Promise<T>;
|
|
261
|
-
/**
|
|
262
|
-
* Gets the secret IDs (SFKs) inside decrypted SPKs of the given `document`, decrypted by the HcP with the given `hcpartyId` AND by its HcP parents
|
|
263
|
-
* @param document : the object of which delegations (SPKs) to decrypt
|
|
264
|
-
* @param hcpartyId : the id of the delegate HcP
|
|
265
|
-
* @returns - **extractedKeys** array containing secret IDs (SFKs) from decrypted SPKs, from both given HcP and its parents ; can contain duplicates
|
|
266
|
-
* - **hcpartyId** the given `hcpartyId` OR, if a parent exist, the HcP id of the top parent in the hierarchy (even if that parent has no delegations)
|
|
228
|
+
* @deprecated You should use:
|
|
229
|
+
* - {@link IccPatientXApi.decryptSecretIdsOf} or {@link IccMessageXApi.decryptSecretIdsOf} to get the delegation sfks (now caleld secret ids).
|
|
230
|
+
* - {@link IccDataOwnerXApi.getCurrentDataOwnerHierarchyIds} to get the full hierarchy for the current data owner (cached). The first element is
|
|
231
|
+
* the id of the topmost parent, while the last is the current data owner.
|
|
232
|
+
* Note that the behaviour of this method has some subtle changes compared to the past:
|
|
233
|
+
* - throws an error if the provided hcpartyId is not part of the current data owner hierarchy.
|
|
234
|
+
* - does not provide any guarantees on the ordering of the extracted keys
|
|
235
|
+
* - deduplicates extracted keys
|
|
267
236
|
*/
|
|
268
237
|
extractDelegationsSFKs(document: EncryptedEntity | null, hcpartyId?: string): Promise<{
|
|
269
238
|
extractedKeys: Array<string>;
|
|
270
239
|
hcpartyId?: string;
|
|
271
240
|
}>;
|
|
272
241
|
/**
|
|
273
|
-
*
|
|
274
|
-
* @
|
|
275
|
-
* @
|
|
276
|
-
*
|
|
277
|
-
*
|
|
242
|
+
* @deprecated (light) You should use:
|
|
243
|
+
* - {@link IccHelementXApi.decryptPatientIdOf}, {@link IccDocumentXApi.decryptMessageIdOf}, ... to get the crypted foreign keys.
|
|
244
|
+
* - {@link IccDataOwnerXApi.getCurrentDataOwnerHierarchyIds} to get the full hierarchy for the current data owner (cached). The first element is
|
|
245
|
+
* the id of the topmost parent, while the last is the current data owner.
|
|
246
|
+
* Note that the behaviour of this method has some subtle changes compared to the past:
|
|
247
|
+
* - throws an error if the provided hcpartyId is not part of the current data owner hierarchy.
|
|
248
|
+
* - does not provide any guarantees on the ordering of the extracted keys
|
|
249
|
+
* - deduplicates extracted keys
|
|
278
250
|
*/
|
|
279
|
-
extractSFKsHierarchyFromDelegations(document: EncryptedEntity | null, hcpartyId?: string): Promise<Array<{
|
|
280
|
-
hcpartyId: string;
|
|
281
|
-
extractedKeys: Array<string>;
|
|
282
|
-
}>>;
|
|
283
251
|
extractCryptedFKs(document: EncryptedEntity | null, hcpartyId: string): Promise<{
|
|
284
252
|
extractedKeys: Array<string>;
|
|
285
253
|
hcpartyId: string;
|
|
286
254
|
}>;
|
|
255
|
+
/**
|
|
256
|
+
* @deprecated You should use the extended apis methods to encrypt/decrypt entities or their attachments
|
|
257
|
+
* Note that the behaviour of this method has some subtle changes compared to the past:
|
|
258
|
+
* - throws an error if the provided hcpartyId is not part of the current data owner hierarchy.
|
|
259
|
+
* - does not provide any guarantees on the ordering of the extracted keys
|
|
260
|
+
* - deduplicates extracted keys
|
|
261
|
+
*/
|
|
287
262
|
extractEncryptionsSKs(document: EncryptedEntity, hcpartyId: string): Promise<{
|
|
288
263
|
extractedKeys: Array<string>;
|
|
289
264
|
hcpartyId: string;
|
|
290
265
|
}>;
|
|
291
|
-
|
|
292
|
-
|
|
293
|
-
*
|
|
294
|
-
*
|
|
295
|
-
* 2. Decrypt the keys of the given HCP.
|
|
296
|
-
* 3. Decrypt the parent's key if it has parent.
|
|
297
|
-
* 4. Return the decrypted key corresponding to the Health Care Party.
|
|
298
|
-
* @param hcpartyId : the id of the delegate HcP (including its parents) for which to decrypt `extractedKeys`
|
|
299
|
-
* @param objectId : the id of the object/document of which delegations to decrypt ; used just to log to console a message (Cryptographic mistake) in case the object id inside SPK, CFK, EK is different from this one
|
|
300
|
-
* @param delegations : generic delegations (can be SPKs, CFKs, EKs) for all delegates from where to extract `extractedKeys`
|
|
301
|
-
* @returns - **extractedKeys** array containing secret IDs from decrypted generic delegations, from both HCP with given `hcpartyId` and its parents; can contain duplicates
|
|
302
|
-
* - **hcpartyId** the given `hcpartyId` OR, if a parent exist, the HCP id of the top parent in the hierarchy (even if that parent has no delegations)
|
|
303
|
-
*/
|
|
304
|
-
extractKeysHierarchyFromDelegationLikes(hcpartyId: string, objectId: string, delegations: {
|
|
305
|
-
[key: string]: Array<Delegation>;
|
|
306
|
-
}): Promise<Array<{
|
|
307
|
-
hcpartyId: string;
|
|
308
|
-
extractedKeys: Array<string>;
|
|
309
|
-
}>>;
|
|
310
|
-
/**
|
|
311
|
-
* Get decrypted generic secret IDs (secretIdSPKs, parentIds, secretIdEKs) from generic delegations (SPKs, CFKs, EKs)
|
|
312
|
-
* 1. Get Data Owner (HCP, Patient or Device) from it's Id.
|
|
313
|
-
* 2. Decrypt the keys of the given data owner.
|
|
314
|
-
* 3. Decrypt the parent's key if it has parent.
|
|
315
|
-
* 4. Return the decrypted key corresponding to the Health Care Party.
|
|
316
|
-
* @param dataOwnerId : the id of the delegate data owner (including its parents) for which to decrypt `extractedKeys`
|
|
317
|
-
* @param objectId : the id of the object/document of which delegations to decrypt ; used just to log to console a message (Cryptographic mistake) in case the object id inside SPK, CFK, EK is different from this one
|
|
318
|
-
* @param delegations : generic delegations (can be SPKs, CFKs, EKs) for all delegates from where to extract `extractedKeys`
|
|
319
|
-
* @returns - **extractedKeys** array containing secret IDs from decrypted generic delegations, from both data owner with given `dataOwnerId` and its parents; can contain duplicates
|
|
320
|
-
* - **dataOwnerId** the given `dataOwnerId` OR, if a parent exist, the data owner id of the top parent in the hierarchy (even if that parent has no delegations)
|
|
266
|
+
/**
|
|
267
|
+
* @deprecated You should not use this method anymore, depending on what you were passing as {@link delegations} you should replace this method as
|
|
268
|
+
* explained in {@link extractEncryptionsSKs} (if you were passing encryptionKeys), {@link extractCryptedFKs} (cryptedForeignKeys), or
|
|
269
|
+
* {@link extractDelegationsSFKs} (delegations).
|
|
321
270
|
*/
|
|
322
271
|
extractKeysFromDelegationsForHcpHierarchy(dataOwnerId: string, objectId: string, delegations: {
|
|
323
272
|
[key: string]: Array<Delegation>;
|
|
@@ -326,49 +275,54 @@ export declare class IccCryptoXApi {
|
|
|
326
275
|
hcpartyId: string;
|
|
327
276
|
}>;
|
|
328
277
|
/**
|
|
329
|
-
*
|
|
330
|
-
*
|
|
331
|
-
*
|
|
332
|
-
*
|
|
333
|
-
* @
|
|
334
|
-
* @param objectId The object to decrypt id
|
|
335
|
-
* @private
|
|
278
|
+
* @deprecated you should not need this method anymore: the new API will automatically load on startup all keys available through the key storage
|
|
279
|
+
* facade and/or recoverable through transfer keys or shamir split. If you were using this method to load a key recovered through other means you
|
|
280
|
+
* will have to do so in your implementation of CryptoStrategies.
|
|
281
|
+
* You can convert the private key pkcs8 array to a jwk key using {@link pkcs8ToJwk} then you can extract the full key pair using
|
|
282
|
+
* {@link keyPairFromPrivateKeyJwk}.
|
|
336
283
|
*/
|
|
337
|
-
private _extractDelegationsKeysUsingDataOwnerDelegateAesExchangeKeys;
|
|
338
|
-
/**
|
|
339
|
-
* Gets an array of generic secret IDs decrypted from a list of generic delegations (SPKs, CFKs, EKs) `delegationsArray`
|
|
340
|
-
* If a particular generic delegation thows an exception when decrypted, the return value for it's secret ID will be 'false' and a message is logged to console
|
|
341
|
-
* For each one of the delegations in the `delegationsArray`, it tries to decrypt with the decryptedHcPartyKey of the owner of that delegation;
|
|
342
|
-
*
|
|
343
|
-
* @param delegationsArray : generic delegations array
|
|
344
|
-
* @param aesKeys : **key** HcP ids of delegators/owners in the `delegationsArray`, each with its own decryptedHcPartyKey
|
|
345
|
-
* @param masterId : is the object id to which the generic delegation belongs to
|
|
346
|
-
* - used only to check whether the object.id matches the one stored in the decrypted generic delegation item
|
|
347
|
-
* - even if there's no match, the secret ID is kept as a valid result (and a message logged to console)
|
|
348
|
-
* @returns array of generic secret IDs (secretIdSPK, parentId, secretIdEK)
|
|
349
|
-
*/
|
|
350
|
-
decryptKeyInDelegationLikes(delegationsArray: Array<Delegation>, aesKeysForDataOwnerId: {
|
|
351
|
-
[key: string]: {
|
|
352
|
-
key: CryptoKey;
|
|
353
|
-
rawKey: string;
|
|
354
|
-
}[];
|
|
355
|
-
}, masterId: string): Promise<Array<string>>;
|
|
356
|
-
getPublicKeyFromPrivateKey(privateKey: JsonWebKey, dataOwner: Patient | Device | HealthcareParty): string;
|
|
357
284
|
loadKeyPairsAsTextInBrowserLocalStorage(healthcarePartyId: string, privateKey: Uint8Array): Promise<void>;
|
|
285
|
+
/**
|
|
286
|
+
* @deprecated you should not need this method anymore: the new API will automatically load on startup all keys available through the key storage
|
|
287
|
+
* facade and/or recoverable through transfer keys or shamir split. If you were using this method to load a key recovered through other means you
|
|
288
|
+
* will have to do so in your implementation of CryptoStrategies.
|
|
289
|
+
* You can extract the full key pair using {@link keyPairFromPrivateKeyJwk}.
|
|
290
|
+
*/
|
|
358
291
|
loadKeyPairsAsJwkInBrowserLocalStorage(healthcarePartyId: string, privateKey: JsonWebKey): Promise<void>;
|
|
292
|
+
/**
|
|
293
|
+
* @deprecated you should not need this method anymore: the new API will automatically load on startup all keys available through the key storage
|
|
294
|
+
* facade and/or recoverable through transfer keys or shamir split. If you were using this method to load a key recovered through other means you
|
|
295
|
+
* will have to do so in your implementation of CryptoStrategies.
|
|
296
|
+
*/
|
|
359
297
|
loadKeyPairsInBrowserLocalStorage(healthcarePartyId: string, file: Blob): Promise<void>;
|
|
298
|
+
/**
|
|
299
|
+
* @deprecated keychains are not part of iCure's api: this method will be removed.
|
|
300
|
+
*/
|
|
360
301
|
saveKeychainInBrowserLocalStorage(id: string, keychain: number): void;
|
|
302
|
+
/**
|
|
303
|
+
* @deprecated keychains are not part of iCure's api: this method will be removed.
|
|
304
|
+
*/
|
|
361
305
|
saveKeychainInBrowserLocalStorageAsBase64(id: string, keyChainB64: string): void;
|
|
306
|
+
/**
|
|
307
|
+
* @deprecated keychains are not part of iCure's api: this method will be removed.
|
|
308
|
+
*/
|
|
362
309
|
saveKeychainValidityDateInBrowserLocalStorage(id: string, date: string): Promise<void>;
|
|
363
310
|
/**
|
|
311
|
+
* @deprecated keychains are not part of iCure's api: this method will be removed.
|
|
312
|
+
*
|
|
364
313
|
* Populate the HCP.options dict with an encrypted eHealth certificate and unencryped expiry date.
|
|
365
314
|
* Any potentially unencrypted certificates will be pruned from the HCP.
|
|
366
315
|
* @param hcpId Id of the hcp to modify
|
|
367
316
|
* @returns modified HCP
|
|
368
317
|
*/
|
|
369
318
|
saveKeyChainInHCPFromLocalStorage(hcpId: string): Promise<HealthcareParty>;
|
|
319
|
+
/**
|
|
320
|
+
* @deprecated keychains are not part of iCure's api: this method will be removed.
|
|
321
|
+
*/
|
|
370
322
|
importKeychainInBrowserFromHCP(hcpId: string): Promise<void>;
|
|
371
323
|
/**
|
|
324
|
+
* @deprecated e-health certificates and keychains are not part of iCure's api: this method will be removed.
|
|
325
|
+
*
|
|
372
326
|
* Synchronizes the eHealth certificate from the database into the LocalStorage, returning information on the presence
|
|
373
327
|
* of certificate data in either place.
|
|
374
328
|
*
|
|
@@ -380,116 +334,62 @@ export declare class IccCryptoXApi {
|
|
|
380
334
|
remote: boolean;
|
|
381
335
|
local: boolean;
|
|
382
336
|
}>;
|
|
337
|
+
/**
|
|
338
|
+
* @deprecated keychains are not part of iCure's api: this method will be removed.
|
|
339
|
+
*/
|
|
383
340
|
getKeychainInBrowserLocalStorageAsBase64(id: string): Promise<string | undefined>;
|
|
341
|
+
/**
|
|
342
|
+
* @deprecated keychains are not part of iCure's api: this method will be removed.
|
|
343
|
+
*/
|
|
384
344
|
getKeychainValidityDateInBrowserLocalStorage(id: string): Promise<string | undefined>;
|
|
345
|
+
/**
|
|
346
|
+
* @deprecated keychains are not part of iCure's api: this method will be removed.
|
|
347
|
+
*/
|
|
385
348
|
loadKeychainFromBrowserLocalStorage(id: string): Promise<Uint8Array[] | null>;
|
|
386
349
|
/**
|
|
387
|
-
*
|
|
388
|
-
*
|
|
389
|
-
* @
|
|
390
|
-
* @param publicKeyFingerPrint the 32 last characters of public key this private key is associated with
|
|
391
|
-
* @returns {Object} it is in JWK - not imported
|
|
350
|
+
* @deprecated you should not need this method anymore to deal with the encryption of iCure entities because everything related to entities
|
|
351
|
+
* encryption should be done through the entity-specific extended api.
|
|
352
|
+
* If instead you were using the method for other reasons check {@link getCachedRsaKeyPairForFingerprint} to get an idea of possible replacements.
|
|
392
353
|
*/
|
|
393
354
|
loadKeyPairNotImported(id: string, publicKeyFingerPrint?: string): Promise<{
|
|
394
355
|
publicKey: JsonWebKey;
|
|
395
356
|
privateKey: JsonWebKey;
|
|
396
|
-
}>;
|
|
357
|
+
} | undefined>;
|
|
397
358
|
/**
|
|
398
|
-
*
|
|
399
|
-
*
|
|
400
|
-
* @param id doc id - hcPartyId
|
|
401
|
-
* @returns {Promise} -> {CryptoKey} - imported RSA
|
|
359
|
+
* @deprecated use {@link IccIcureMaintenanceXApi.applyKeyPairUpdate} instead.
|
|
402
360
|
*/
|
|
403
|
-
|
|
404
|
-
publicKey: CryptoKey;
|
|
405
|
-
privateKey: CryptoKey;
|
|
406
|
-
}>;
|
|
361
|
+
giveAccessBackTo(delegateUser: User, ownerId: string, ownerNewPublicKey: string): Promise<DataOwnerWithType>;
|
|
407
362
|
/**
|
|
408
|
-
*
|
|
409
|
-
*
|
|
410
|
-
*
|
|
411
|
-
*
|
|
412
|
-
|
|
413
|
-
|
|
414
|
-
|
|
415
|
-
* @
|
|
363
|
+
* @deprecated You don't need to manually generate exchange keys as they will be automatically created by the api when needed.
|
|
364
|
+
* Note that this method has some changes compared to previous version:
|
|
365
|
+
* - The method may return any data owner (including devices)
|
|
366
|
+
* - The method will throw an exception if the provided ownerId does not match the current data owner
|
|
367
|
+
*/
|
|
368
|
+
generateKeyForDelegate(ownerId: string, delegateId: string): Promise<DataOwner>;
|
|
369
|
+
/**
|
|
370
|
+
* @deprecated replace with {@link IccDataOwnerXApi.getDataOwner}. Note that data owners are not cached anymore.
|
|
371
|
+
*/
|
|
372
|
+
getDataOwner(ownerId: string, loadIfMissingFromCache?: boolean): Promise<DataOwnerWithType>;
|
|
373
|
+
/**
|
|
374
|
+
* @deprecated the crypto api will automatically verify on startup the validity of private keys, but in some cases you may want to verify the
|
|
375
|
+
* validity of keys recovered in your implementation of {@link CryptoStrategies}: in this case the method has been replaced with
|
|
376
|
+
* {@link RSA.checkKeyPairValidity}
|
|
416
377
|
*/
|
|
417
|
-
giveAccessBackTo(delegateUser: User, ownerId: string, ownerNewPublicKey: string): Promise<CachedDataOwner>;
|
|
418
|
-
addNewKeyPairForOwnerId(maintenanceTasksApi: IccMaintenanceTaskXApi, user: User, ownerId: string, generateTransferKey?: boolean, sendMaintenanceTasks?: boolean): Promise<{
|
|
419
|
-
dataOwner: HealthcareParty | Patient | Device;
|
|
420
|
-
publicKey: string;
|
|
421
|
-
privateKey: string;
|
|
422
|
-
}>;
|
|
423
|
-
addNewKeyPairForOwner(maintenanceTasksApi: IccMaintenanceTaskXApi, user: User, cdo: CachedDataOwner, generateTransferKey?: boolean, sendMaintenanceTasks?: boolean): Promise<{
|
|
424
|
-
dataOwner: HealthcareParty | Patient | Device;
|
|
425
|
-
publicKey: string;
|
|
426
|
-
privateKey: string;
|
|
427
|
-
}>;
|
|
428
|
-
addRawKeyPairForOwnerId(maintenanceTasksApi: IccMaintenanceTaskXApi, user: User, ownerId: string, keypair: {
|
|
429
|
-
publicKey: string;
|
|
430
|
-
privateKey: string;
|
|
431
|
-
}, generateTransferKey?: boolean, sendMaintenanceTasks?: boolean): Promise<{
|
|
432
|
-
dataOwner: HealthcareParty | Patient | Device;
|
|
433
|
-
publicKey: string;
|
|
434
|
-
privateKey: string;
|
|
435
|
-
}>;
|
|
436
|
-
addRawKeyPairForOwner(maintenanceTasksApi: IccMaintenanceTaskXApi, user: User, cdo: CachedDataOwner, keypair: {
|
|
437
|
-
publicKey: string;
|
|
438
|
-
privateKey: string;
|
|
439
|
-
}, generateTransferKey?: boolean, sendMaintenanceTasks?: boolean): Promise<{
|
|
440
|
-
dataOwner: HealthcareParty | Patient | Device;
|
|
441
|
-
publicKey: string;
|
|
442
|
-
privateKey: string;
|
|
443
|
-
}>;
|
|
444
|
-
addKeyPairForOwner(maintenanceTasksApi: IccMaintenanceTaskXApi, user: User, cdo: CachedDataOwner, keypair: {
|
|
445
|
-
publicKey: CryptoKey;
|
|
446
|
-
privateKey: CryptoKey;
|
|
447
|
-
}, generateTransferKey?: boolean, sendMaintenanceTasks?: boolean): Promise<{
|
|
448
|
-
dataOwner: HealthcareParty | Patient | Device;
|
|
449
|
-
publicKey: string;
|
|
450
|
-
privateKey: string;
|
|
451
|
-
}>;
|
|
452
|
-
private _saveDataOwner;
|
|
453
|
-
private createOrUpdateAesExchangeKeysFor;
|
|
454
|
-
private createOrUpdateTransferKeysFor;
|
|
455
|
-
private encryptAesKeyFor;
|
|
456
|
-
private encryptAesKeyOnlyForProvidedKeys;
|
|
457
|
-
private retrieveDataOwnerInfoAfterPotentialUpdate;
|
|
458
|
-
private sendMaintenanceTasks;
|
|
459
|
-
private createMaintenanceTask;
|
|
460
|
-
private getDataOwnerHexPublicKeys;
|
|
461
|
-
private getDataOwnerPublicKeys;
|
|
462
|
-
generateKeyForDelegate(ownerId: string, delegateId: string): PromiseLike<HealthcareParty | Patient>;
|
|
463
|
-
getDataOwner(ownerId: string, loadIfMissingFromCache?: boolean): Promise<CachedDataOwner>;
|
|
464
378
|
checkPrivateKeyValidity(dataOwner: HealthcareParty | Patient | Device): Promise<boolean>;
|
|
465
|
-
|
|
379
|
+
/**
|
|
380
|
+
* @deprecated (See {@link extractEncryptionsSKs} for a detailed explanation).
|
|
381
|
+
*/
|
|
466
382
|
getEncryptionDecryptionKeys(dataOwnerId: string, document: EncryptedEntity): Promise<Array<string> | undefined>;
|
|
467
|
-
|
|
383
|
+
/**
|
|
384
|
+
* @deprecated For the encryption/decryption of iCure entities and attachments you should rely solely on the extended apis methods.
|
|
385
|
+
*/
|
|
468
386
|
encryptDecrypt(method: 'encrypt' | 'decrypt', content: Uint8Array | ArrayBuffer, edKey?: string, user?: User, documentObject?: Document): Promise<Uint8Array | Array<any> | any>;
|
|
469
387
|
/**
|
|
470
|
-
*
|
|
471
|
-
*
|
|
472
|
-
* @param id
|
|
473
|
-
* @param keyPair should be JWK
|
|
474
|
-
*
|
|
475
|
-
* @deprecated use storage.setItem instead
|
|
388
|
+
* @deprecated you should not need to interact directly with the storage instance used by the iCure sdk.
|
|
476
389
|
*/
|
|
477
390
|
storeKeyPair(id: string, keyPair: {
|
|
478
391
|
publicKey: any;
|
|
479
392
|
privateKey: any;
|
|
480
393
|
}): void;
|
|
481
|
-
fixAesExchangeKeyEntriesToFingerprints(aesExchangeKeys: {
|
|
482
|
-
[delegatorPubKey: string]: {
|
|
483
|
-
[delegateId: string]: {
|
|
484
|
-
[pubKeyFp: string]: string;
|
|
485
|
-
};
|
|
486
|
-
};
|
|
487
|
-
}): {
|
|
488
|
-
[delegatorPubKey: string]: {
|
|
489
|
-
[delegateId: string]: {
|
|
490
|
-
[pubKeyFp: string]: string;
|
|
491
|
-
};
|
|
492
|
-
};
|
|
493
|
-
};
|
|
494
394
|
}
|
|
495
395
|
export {};
|