@icure/api 6.4.0 → 7.0.0-beta.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (154) hide show
  1. package/icc-api/api/IccDeviceApi.d.ts +1 -1
  2. package/icc-api/api/IccDeviceApi.js.map +1 -1
  3. package/icc-api/api/IccDoctemplateApi.js.map +1 -1
  4. package/icc-api/api/IccDocumentTemplateApi.js.map +1 -1
  5. package/icc-api/api/IccHcpartyApi.d.ts +1 -1
  6. package/icc-api/api/IccHcpartyApi.js.map +1 -1
  7. package/icc-api/api/IccPatientApi.d.ts +1 -1
  8. package/icc-api/api/IccPatientApi.js.map +1 -1
  9. package/icc-api/model/MaintenanceTask.d.ts +6 -5
  10. package/icc-api/model/MaintenanceTask.js +5 -0
  11. package/icc-api/model/MaintenanceTask.js.map +1 -1
  12. package/icc-api/model/User.d.ts +23 -1
  13. package/icc-api/model/User.js +21 -0
  14. package/icc-api/model/User.js.map +1 -1
  15. package/icc-api/model/models.d.ts +14 -0
  16. package/icc-api/model/models.js.map +1 -1
  17. package/icc-x-api/crypto/AES.d.ts +2 -0
  18. package/icc-x-api/crypto/AES.js +12 -0
  19. package/icc-x-api/crypto/AES.js.map +1 -1
  20. package/icc-x-api/crypto/BaseExchangeKeysManager.d.ts +122 -0
  21. package/icc-x-api/crypto/BaseExchangeKeysManager.js +356 -0
  22. package/icc-x-api/crypto/BaseExchangeKeysManager.js.map +1 -0
  23. package/icc-x-api/crypto/ConfidentialEntities.d.ts +58 -0
  24. package/icc-x-api/crypto/ConfidentialEntities.js +99 -0
  25. package/icc-x-api/crypto/ConfidentialEntities.js.map +1 -0
  26. package/icc-x-api/crypto/CryptoPrimitives.d.ts +31 -0
  27. package/icc-x-api/crypto/CryptoPrimitives.js +55 -0
  28. package/icc-x-api/crypto/CryptoPrimitives.js.map +1 -0
  29. package/icc-x-api/crypto/CryptoStrategies.d.ts +82 -0
  30. package/icc-x-api/crypto/CryptoStrategies.js +3 -0
  31. package/icc-x-api/crypto/CryptoStrategies.js.map +1 -0
  32. package/icc-x-api/crypto/EntitiesEncryption.d.ts +254 -0
  33. package/icc-x-api/crypto/EntitiesEncryption.js +700 -0
  34. package/icc-x-api/crypto/EntitiesEncryption.js.map +1 -0
  35. package/icc-x-api/crypto/ExchangeKeysManager.d.ts +56 -0
  36. package/icc-x-api/crypto/ExchangeKeysManager.js +147 -0
  37. package/icc-x-api/crypto/ExchangeKeysManager.js.map +1 -0
  38. package/icc-x-api/crypto/KeyManager.d.ts +103 -0
  39. package/icc-x-api/crypto/KeyManager.js +288 -0
  40. package/icc-x-api/crypto/KeyManager.js.map +1 -0
  41. package/icc-x-api/crypto/KeyRecovery.d.ts +34 -0
  42. package/icc-x-api/crypto/KeyRecovery.js +253 -0
  43. package/icc-x-api/crypto/KeyRecovery.js.map +1 -0
  44. package/icc-x-api/crypto/LegacyCryptoStrategies.d.ts +28 -0
  45. package/icc-x-api/crypto/LegacyCryptoStrategies.js +22 -0
  46. package/icc-x-api/crypto/LegacyCryptoStrategies.js.map +1 -0
  47. package/icc-x-api/crypto/RSA.d.ts +19 -20
  48. package/icc-x-api/crypto/RSA.js +30 -1
  49. package/icc-x-api/crypto/RSA.js.map +1 -1
  50. package/icc-x-api/crypto/ShamirKeysManager.d.ts +43 -0
  51. package/icc-x-api/crypto/ShamirKeysManager.js +150 -0
  52. package/icc-x-api/crypto/ShamirKeysManager.js.map +1 -0
  53. package/icc-x-api/crypto/ShareMetadataBehaviour.d.ts +19 -0
  54. package/icc-x-api/crypto/ShareMetadataBehaviour.js +24 -0
  55. package/icc-x-api/crypto/ShareMetadataBehaviour.js.map +1 -0
  56. package/icc-x-api/crypto/TransferKeysManager.d.ts +29 -0
  57. package/icc-x-api/crypto/TransferKeysManager.js +121 -0
  58. package/icc-x-api/crypto/TransferKeysManager.js.map +1 -0
  59. package/icc-x-api/crypto/utils.d.ts +46 -0
  60. package/icc-x-api/crypto/utils.js +128 -0
  61. package/icc-x-api/crypto/utils.js.map +1 -1
  62. package/icc-x-api/filters/ContactByHcPartyTagCodeDateFilter.d.ts +11 -0
  63. package/icc-x-api/filters/ContactByHcPartyTagCodeDateFilter.js +11 -0
  64. package/icc-x-api/filters/ContactByHcPartyTagCodeDateFilter.js.map +1 -1
  65. package/icc-x-api/filters/DeviceByHcPartyFilter.d.ts +11 -0
  66. package/icc-x-api/filters/DeviceByHcPartyFilter.js +11 -0
  67. package/icc-x-api/filters/DeviceByHcPartyFilter.js.map +1 -1
  68. package/icc-x-api/filters/DeviceByIdsFilter.d.ts +11 -0
  69. package/icc-x-api/filters/DeviceByIdsFilter.js +11 -0
  70. package/icc-x-api/filters/DeviceByIdsFilter.js.map +1 -1
  71. package/icc-x-api/filters/HealthElementByHcPartySecretForeignKeysFilter.d.ts +11 -0
  72. package/icc-x-api/filters/HealthElementByHcPartySecretForeignKeysFilter.js +11 -0
  73. package/icc-x-api/filters/HealthElementByHcPartySecretForeignKeysFilter.js.map +1 -1
  74. package/icc-x-api/icc-accesslog-x-api.d.ts +49 -4
  75. package/icc-x-api/icc-accesslog-x-api.js +112 -102
  76. package/icc-x-api/icc-accesslog-x-api.js.map +1 -1
  77. package/icc-x-api/icc-calendar-item-x-api.d.ts +53 -5
  78. package/icc-x-api/icc-calendar-item-x-api.js +112 -100
  79. package/icc-x-api/icc-calendar-item-x-api.js.map +1 -1
  80. package/icc-x-api/icc-classification-x-api.d.ts +45 -2
  81. package/icc-x-api/icc-classification-x-api.js +89 -41
  82. package/icc-x-api/icc-classification-x-api.js.map +1 -1
  83. package/icc-x-api/icc-contact-x-api.d.ts +57 -19
  84. package/icc-x-api/icc-contact-x-api.js +149 -154
  85. package/icc-x-api/icc-contact-x-api.js.map +1 -1
  86. package/icc-x-api/icc-crypto-x-api.d.ts +266 -366
  87. package/icc-x-api/icc-crypto-x-api.js +416 -1327
  88. package/icc-x-api/icc-crypto-x-api.js.map +1 -1
  89. package/icc-x-api/icc-data-owner-x-api.d.ts +110 -11
  90. package/icc-x-api/icc-data-owner-x-api.js +188 -14
  91. package/icc-x-api/icc-data-owner-x-api.js.map +1 -1
  92. package/icc-x-api/icc-doctemplate-x-api.js +3 -3
  93. package/icc-x-api/icc-doctemplate-x-api.js.map +1 -1
  94. package/icc-x-api/icc-document-x-api.d.ts +76 -5
  95. package/icc-x-api/icc-document-x-api.js +137 -59
  96. package/icc-x-api/icc-document-x-api.js.map +1 -1
  97. package/icc-x-api/icc-form-x-api.d.ts +47 -7
  98. package/icc-x-api/icc-form-x-api.js +85 -86
  99. package/icc-x-api/icc-form-x-api.js.map +1 -1
  100. package/icc-x-api/icc-hcparty-x-api.d.ts +1 -1
  101. package/icc-x-api/icc-hcparty-x-api.js +1 -1
  102. package/icc-x-api/icc-hcparty-x-api.js.map +1 -1
  103. package/icc-x-api/icc-helement-x-api.d.ts +50 -3
  104. package/icc-x-api/icc-helement-x-api.js +101 -118
  105. package/icc-x-api/icc-helement-x-api.js.map +1 -1
  106. package/icc-x-api/icc-icure-maintenance-x-api.d.ts +31 -0
  107. package/icc-x-api/icc-icure-maintenance-x-api.js +124 -0
  108. package/icc-x-api/icc-icure-maintenance-x-api.js.map +1 -0
  109. package/icc-x-api/icc-invoice-x-api.d.ts +45 -5
  110. package/icc-x-api/icc-invoice-x-api.js +89 -64
  111. package/icc-x-api/icc-invoice-x-api.js.map +1 -1
  112. package/icc-x-api/icc-maintenance-task-x-api.d.ts +38 -6
  113. package/icc-x-api/icc-maintenance-task-x-api.js +73 -102
  114. package/icc-x-api/icc-maintenance-task-x-api.js.map +1 -1
  115. package/icc-x-api/icc-message-x-api.d.ts +55 -2
  116. package/icc-x-api/icc-message-x-api.js +92 -33
  117. package/icc-x-api/icc-message-x-api.js.map +1 -1
  118. package/icc-x-api/icc-patient-x-api.d.ts +67 -7
  119. package/icc-x-api/icc-patient-x-api.js +409 -473
  120. package/icc-x-api/icc-patient-x-api.js.map +1 -1
  121. package/icc-x-api/icc-receipt-x-api.d.ts +49 -5
  122. package/icc-x-api/icc-receipt-x-api.js +85 -47
  123. package/icc-x-api/icc-receipt-x-api.js.map +1 -1
  124. package/icc-x-api/icc-time-table-x-api.d.ts +34 -10
  125. package/icc-x-api/icc-time-table-x-api.js +61 -18
  126. package/icc-x-api/icc-time-table-x-api.js.map +1 -1
  127. package/icc-x-api/index.d.ts +30 -1
  128. package/icc-x-api/index.js +112 -49
  129. package/icc-x-api/index.js.map +1 -1
  130. package/icc-x-api/maintenance/KeyPairUpdateRequest.d.ts +35 -0
  131. package/icc-x-api/maintenance/KeyPairUpdateRequest.js +54 -0
  132. package/icc-x-api/maintenance/KeyPairUpdateRequest.js.map +1 -0
  133. package/icc-x-api/storage/DefaultStorageEntryKeysFactory.d.ts +9 -0
  134. package/icc-x-api/storage/DefaultStorageEntryKeysFactory.js +23 -0
  135. package/icc-x-api/storage/DefaultStorageEntryKeysFactory.js.map +1 -0
  136. package/icc-x-api/storage/IcureStorageFacade.d.ts +55 -0
  137. package/icc-x-api/storage/IcureStorageFacade.js +95 -0
  138. package/icc-x-api/storage/IcureStorageFacade.js.map +1 -0
  139. package/icc-x-api/storage/StorageEntryKeysFactory.d.ts +31 -0
  140. package/icc-x-api/storage/StorageEntryKeysFactory.js +3 -0
  141. package/icc-x-api/storage/StorageEntryKeysFactory.js.map +1 -0
  142. package/icc-x-api/utils/collection-utils.d.ts +8 -0
  143. package/icc-x-api/utils/collection-utils.js +26 -0
  144. package/icc-x-api/utils/collection-utils.js.map +1 -0
  145. package/icc-x-api/utils/crypto-utils.d.ts +8 -1
  146. package/icc-x-api/utils/crypto-utils.js +19 -3
  147. package/icc-x-api/utils/crypto-utils.js.map +1 -1
  148. package/icc-x-api/utils/graph-utils.d.ts +45 -0
  149. package/icc-x-api/utils/graph-utils.js +203 -0
  150. package/icc-x-api/utils/graph-utils.js.map +1 -0
  151. package/icc-x-api/utils/lru-temporised-async-cache.d.ts +27 -0
  152. package/icc-x-api/utils/lru-temporised-async-cache.js +120 -0
  153. package/icc-x-api/utils/lru-temporised-async-cache.js.map +1 -0
  154. package/package.json +1 -1
@@ -1,323 +1,272 @@
1
- import { IccDeviceApi, IccHcpartyApi, IccPatientApi } from '../icc-api';
2
1
  import { AESUtils } from './crypto/AES';
3
- import { RSAUtils } from './crypto/RSA';
2
+ import { KeyPair, RSAUtils } from './crypto/RSA';
4
3
  import { ShamirClass } from './crypto/shamir';
5
4
  import { Delegation, Device, Document, EncryptedEntity, EncryptedParentEntity, HealthcareParty, Patient, User } from '../icc-api/model/models';
6
- import { IccMaintenanceTaskXApi } from './icc-maintenance-task-x-api';
7
5
  import { StorageFacade } from './storage/StorageFacade';
8
6
  import { KeyStorageFacade } from './storage/KeyStorageFacade';
7
+ import { ExchangeKeysManager } from './crypto/ExchangeKeysManager';
8
+ import { CryptoPrimitives } from './crypto/CryptoPrimitives';
9
+ import { KeyManager } from './crypto/KeyManager';
10
+ import { DataOwner, DataOwnerWithType, IccDataOwnerXApi } from './icc-data-owner-x-api';
11
+ import { EntitiesEncryption } from './crypto/EntitiesEncryption';
12
+ import { IcureStorageFacade } from './storage/IcureStorageFacade';
13
+ import { ShamirKeysManager } from './crypto/ShamirKeysManager';
14
+ import { IccHcpartyApi } from '../icc-api';
15
+ import { ConfidentialEntities } from './crypto/ConfidentialEntities';
9
16
  interface DelegatorAndKeys {
10
17
  delegatorId: string;
11
18
  key: CryptoKey;
12
19
  rawKey: string;
13
20
  }
14
- type CachedDataOwner = {
15
- type: 'patient';
16
- dataOwner: Patient;
17
- } | {
18
- type: 'device';
19
- dataOwner: Device;
20
- } | {
21
- type: 'hcp';
22
- dataOwner: HealthcareParty;
23
- };
24
21
  export declare class IccCryptoXApi {
22
+ keychainLocalStoreIdPrefix: string;
23
+ keychainValidityDateLocalStoreIdPrefix: string;
24
+ hcpPreferenceKeyEhealthCert: string;
25
+ hcpPreferenceKeyEhealthCertDate: string;
26
+ rsaLocalStoreIdPrefix: string;
27
+ private readonly exchangeKeysManager;
28
+ private readonly cryptoPrimitives;
29
+ private readonly keyManager;
30
+ private readonly dataOwnerApi;
31
+ private readonly entitiesEncrypiton;
32
+ private readonly confidentialEntities;
33
+ private readonly icureStorage;
34
+ private readonly shamirManager;
35
+ private readonly _storage;
36
+ private readonly _keyStorage;
37
+ private readonly hcpartyBaseApi;
38
+ get primitives(): CryptoPrimitives;
39
+ /**
40
+ * @internal this method is for internal use only and may be changed without notice.
41
+ */
42
+ get exchangeKeys(): ExchangeKeysManager;
43
+ /**
44
+ * @deprecated replace with {@link CryptoPrimitives.crypto} at {@link primitives}.
45
+ */
25
46
  get crypto(): Crypto;
47
+ /**
48
+ * @deprecated replace with {@link CryptoPrimitives.shamir} at {@link primitives}.
49
+ */
26
50
  get shamir(): ShamirClass;
51
+ /**
52
+ * @deprecated replace with {@link CryptoPrimitives.RSA} at {@link primitives}.
53
+ */
27
54
  get RSA(): RSAUtils;
55
+ /**
56
+ * @deprecated replace with {@link CryptoPrimitives.AES} at {@link primitives}.
57
+ */
28
58
  get AES(): AESUtils;
59
+ /**
60
+ * @internal this is for internal use only and may be changed without notice.
61
+ */
29
62
  get keyStorage(): KeyStorageFacade;
63
+ /**
64
+ * @internal this is for internal use only and may be changed without notice.
65
+ */
30
66
  get storage(): StorageFacade<string>;
31
- hcPartyKeysCache: {
32
- [key: string]: DelegatorAndKeys;
33
- };
34
- hcPartyKeysRequestsCache: {
35
- [delegateId: string]: Promise<{
36
- [key: string]: {
37
- [key: string]: {
38
- [key: string]: string;
39
- };
40
- };
41
- }>;
42
- };
43
- cacheLastDeletionTimestamp: number | undefined;
44
- dataOwnerCache: {
45
- [key: string]: Promise<CachedDataOwner>;
46
- };
67
+ /**
68
+ * @internal this is for internal use only and may be changed without notice.
69
+ */
70
+ get entities(): EntitiesEncryption;
71
+ /**
72
+ * @internal this is for internal use only and may be changed without notice.
73
+ */
74
+ get confidential(): ConfidentialEntities;
75
+ /**
76
+ * @internal this is for internal use only and may be changed without notice.
77
+ */
78
+ get userKeysManager(): KeyManager;
79
+ /**
80
+ * @internal this is for internal use only and may be changed without notice.
81
+ */
82
+ get shamirKeysManager(): ShamirKeysManager;
83
+ /**
84
+ * @internal
85
+ */
86
+ constructor(exchangeKeysManager: ExchangeKeysManager, cryptoPrimitives: CryptoPrimitives, keyManager: KeyManager, dataOwnerApi: IccDataOwnerXApi, entitiesEncrypiton: EntitiesEncryption, shamirManager: ShamirKeysManager, storage: StorageFacade<string>, keyStorage: KeyStorageFacade, icureStorageFacade: IcureStorageFacade, hcPartyBaseApi: IccHcpartyApi, confidentialEntities: ConfidentialEntities);
87
+ /**
88
+ * Deletes values cached by the crypto api, to allow to detect changes in stored key pairs, exchange keys and/or current data owner details.
89
+ * This method may be useful in cases where a user is logged in from multiple devices or in cases where other users have just shared some data with
90
+ * the current user for the first time.
91
+ */
92
+ forceReload(): Promise<void>;
93
+ /**
94
+ * Get a key pair with the provided fingerprint if present.
95
+ * @param fingerprint a key-pair/public-key fingerprint
96
+ * @return the pair associated to the fingerprint and a boolean indicating if the pair is verified, if present, else undefined
97
+ */
98
+ getKeyPairForFingerprint(fingerprint: string): {
99
+ pair: KeyPair<CryptoKey>;
100
+ verified: boolean;
101
+ } | undefined;
102
+ /**
103
+ * Get the public keys of available key pairs for the current user and his parents in hex-encoded spki representation (uses cached keys: no request
104
+ * is done to the server).
105
+ * Note that this will also include unverified keys.
106
+ * @return the spki representation of public keys of available keypairs for the current user.
107
+ */
108
+ getCurrentUserHierarchyAvailablePublicKeysHex(): Promise<string[]>;
109
+ /**
110
+ * Get the public keys of available key pairs for the current user in hex-encoded spki representation (uses cached keys: no request is done to the
111
+ * server).
112
+ * By setting {@link verifiedOnly} to true only the public keys for verified key pairs will be returned: these will include only key pairs created
113
+ * on this device or which have been verified using {@link CryptoStrategies} on this device.
114
+ * @param verifiedOnly if true only the verified public keys will be returned.
115
+ * @return the spki representation of public keys of available keypairs for the current user.
116
+ */
117
+ getCurrentUserAvailablePublicKeysHex(verifiedOnly: boolean): Promise<string[]>;
118
+ /**
119
+ * @deprecated depending on your use case you should delete the calls to this method or call {@link forceReload}:
120
+ * - Replace with `forceReload()` if one of the following parts of the current data owner may have been modified from a different api instance:
121
+ * - Hcp hierarchy
122
+ * - Key recovery data (transfer keys or shamir)
123
+ * - Exchange keys (formerly hcp keys)
124
+ * - Remove the call if the main goal was to force reload the data owner: data owner are not cached anymore.
125
+ */
47
126
  emptyHcpCache(hcpartyId: string): void;
48
127
  /**
49
- * Gets all delegate encrypted HcParty keys of the delegate with the given `delegateHcPartyId`, and for each key the delegator id
50
- * If the keys are not cached, they are retrieved from the backend.
51
- *
52
- * @param delegateHcPartyId The Health Care Party id
53
- * @returns \{delegatorId: delegateEncryptedHcPartyKey\}
128
+ * @deprecated you should not need this method anymore to deal with the encryption of iCure entities because everything related to entities
129
+ * encryption should be done either through the entity-specific extended api or through the extended apis.
130
+ * Note that keys returned by the current implementation of this method may not be safe for encryption/sharing.
131
+ * If instead you are using this method to retrieve key pairs for other purposes, for example because you want to reuse the user keys in iCure for
132
+ * other services consider the following alternatives:
133
+ * - If you want to use all iCure facilities including key recovery and key verification you can use {@link getKeyPairForFingerprint}.
134
+ * Note that this solution can only give access to keys for the data owner of the instantiated api and his parents.
135
+ * - Alternatively you can use directly your choice of {@link KeyStorageFacade} and {@link StorageEntryKeysFactory}: if these are the same you use
136
+ * for the iCure API client the keys will be shared with it. Note however that the iCure api client uses
137
+ * {@link StorageEntryKeysFactory.cachedRecoveredKeypairOfDataOwner} to cache recovered keys of a data owner which may not have originated from
138
+ * this device, so you should only use {@link StorageEntryKeysFactory.deviceKeypairOfDataOwner} if you want to make sure the keys you use are safe
139
+ * for encryption.
54
140
  */
55
- private getEncryptedAesExchangeKeysForDelegate;
56
- private forceGetEncryptedAesExchangeKeysForDelegate;
57
- keychainLocalStoreIdPrefix: string;
58
- keychainValidityDateLocalStoreIdPrefix: string;
59
- hcpPreferenceKeyEhealthCert: string;
60
- hcpPreferenceKeyEhealthCertDate: string;
61
- rsaLocalStoreIdPrefix: string;
62
- private hcpartyBaseApi;
63
- private patientBaseApi;
64
- private deviceBaseApi;
65
- private readonly _crypto;
66
- private generateKeyConcurrencyMap;
67
- private rsaKeyPairs;
68
- private readonly _AES;
69
- private readonly _RSA;
70
- private readonly _shamir;
71
- private readonly _storage;
72
- private readonly _keyStorage;
73
- constructor(host: string, headers: {
74
- [key: string]: string;
75
- }, hcpartyBaseApi: IccHcpartyApi, //Init with a hcparty x api for better performances
76
- patientBaseApi: IccPatientApi, deviceBaseApi: IccDeviceApi, crypto: Crypto | undefined, storage: StorageFacade<string>, keyStorage: KeyStorageFacade);
77
- loadAllKeysFromLocalStorage(dataOwnerId: string): Promise<void>;
78
141
  getCachedRsaKeyPairForFingerprint(dataOwnerId: string, pubKeyOrFingerprint: string): Promise<{
79
142
  publicKey: CryptoKey;
80
143
  privateKey: CryptoKey;
81
144
  }>;
145
+ /**
146
+ * @deprecated You do not need this method to encrypt/decrypt data of iCure, but if you want to reuse the iCure keys for the user for other purposes
147
+ * you have different options to replace this method, depending on what you actually need. All options return the hex-encoded spki representation of
148
+ * the public keys.
149
+ * - If you want only the public keys for which we have a private key available
150
+ * - you can replicate the current behaviour using {@link getCurrentUserHierarchyAvailablePublicKeysHex}. This includes keys for the current user
151
+ * and his parents.
152
+ * - use {@link getCurrentUserAvailablePublicKeysHex} to get public keys only for the current data owner, ignoring any keys of the
153
+ * parent hierarchy. In this case you can also apply a filter to only get verified keys (safe for encryption).
154
+ * - If you need all public keys for the data owner, including those for which there is no corresponding private key available on the device use
155
+ * {@link IccDataOwnerXApi.getHexPublicKeysOf} with the current data owner. If you don't have it available you may get it from
156
+ * {@link IccDataOwnerXApi.getCurrentDataOwner}, but this will require to do a request to the iCure server (other options use only cached data).
157
+ */
82
158
  getPublicKeys(): Promise<string[]>;
83
- getPublicKeysAsSpki(): Promise<string[]>;
159
+ /**
160
+ * @deprecated replace with {@link CryptoPrimitives.randomUuid} at {@link primitives}.
161
+ */
84
162
  randomUuid(): string;
163
+ /**
164
+ * @deprecated replace with {@link CryptoPrimitives.sha256} at {@link primitives}.
165
+ */
85
166
  sha256(data: ArrayBuffer | Uint8Array): Promise<ArrayBuffer>;
167
+ /**
168
+ * @deprecated Use {@link ShamirKeysManager.updateSelfSplits} from {@link shamirKeysManager} instead. Note that the new method completely replaces
169
+ * all current values if a split for the provided key already exists.
170
+ */
86
171
  encryptShamirRSAKey(hcp: HealthcareParty, notaries: Array<HealthcareParty>, threshold?: number): Promise<HealthcareParty>;
172
+ /**
173
+ * @deprecated You should not need this method anymore because the api will automatically try to recover the available shamir keys on startup.
174
+ */
87
175
  decryptShamirRSAKey(hcp: HealthcareParty, notaries: Array<HealthcareParty>): Promise<void>;
88
176
  /**
89
- * Gets the decryptedHcPartyKey for the given `encryptedHcPartyKey`
90
- *
91
- * If the decrypted key exists in the cache, retrieves it from there.
92
- * Otherwise, decrypts it using the RSA key of the delegator or delegate (depending on the value of `encryptedForDelegator`)
93
- *
94
- * @param loggedHcPartyId The logged DataOwner id or the id of his parent
95
- * @param delegatorId The id of Delegator eg, the DataOwner where this AES exchange key is stored
96
- * @param delegateHcPartyId The id of the delegate : the data owner for whom this aes exchange key has been created
97
- * @param publicKey The public key of the delegator : A unique aes exchange key is created for each public key of the delegator. This is the public key corresponding to the encryptedHcPartyKeys
98
- * @param encryptedHcPartyKeys The encryptedHcPartyKeys to be decrypted
99
- * @param publicKeys The public keys for which we might have a private key
100
- *
101
- * @returns - **delegatorId** the input param `delegatorId`
102
- * - **key** the decrypted `encryptedHcPartyKey`
177
+ * @deprecated you should not need this method anymore because everything related to entities encryption should be done either through the
178
+ * entity-specific extended api.
179
+ * Note that currently this method does not cache results anymore (but the updated methods do).
103
180
  */
104
181
  decryptHcPartyKey(loggedHcPartyId: string, delegatorId: string, delegateHcPartyId: string, publicKey: string, encryptedHcPartyKeys: {
105
182
  [key: string]: string;
106
183
  }, publicKeys: string[]): Promise<DelegatorAndKeys>;
107
184
  /**
108
- * Cache the RSA private/public key pair for the HcP with the given id `hcPartyKeyOwner`
185
+ * @deprecated you should not need this method anymore. The new API will automatically load on startup all keys available through the key storage
186
+ * facade and/or recoverable through transfer keys or shamir split. If no verified key (safe for encryption) can be found during the instantiation
187
+ * of the API, depending on the parameters passed to the factory one of two scenarios will happen:
188
+ * - A new key will be automatically created on the device and stored using the key storage facade.
189
+ * - The api instantiation fails with an exception. This is ideal if you want to try to recover an existing key pair before creating a new one.
190
+ *
191
+ * If you were using this method to allow the user to recover an existing key that is not available in the storage facade nor recoverable through
192
+ * transfer keys or shamir split (for example by scanning a qr code, or by loading a file from the computer to the web browser's local storage)
193
+ * you will have to move that logic in your implementation of CryptoStrategies.
194
+ * It is currently not allowed to create new key pairs if a verified key pair is already available on the device, as this would be wasteful.
195
+ * If you want to convert a `JsonWebKey` pair to a `CryptoKey` pair you should use directly the method in `primitives.RSA`.
109
196
  */
110
- cacheKeyPair(keyPairInJwk: {
111
- publicKey: JsonWebKey;
112
- privateKey: JsonWebKey;
113
- }): Promise<{
114
- publicKey: CryptoKey;
115
- privateKey: CryptoKey;
116
- }>;
197
+ cacheKeyPair(keyPairInJwk: KeyPair<JsonWebKey>): Promise<KeyPair<CryptoKey>>;
117
198
  /**
118
- * Gets the secret ID (SFKs) that should be used in the prescribed context (confidential or not) from decrypted SPKs of the given `parent`, decrypted by the HcP with the given `hcpartyId` AND by its HcP parents
119
- * @param parent :the object of which delegations (SPKs) to decrypt
120
- * @param hcpartyId :the id of the delegate HcP
121
- * @param confidential :weather the key is going to be used for a confidential piece or data or not
122
- * @returns - **extractedKeys** array containing secret IDs (SFKs) from decrypted SPKs, from both given HcP and its parents ; can contain duplicates
123
- * - **hcpartyId** the given `hcpartyId` OR, if a parent exist, the HcP id of the top parent in the hierarchy (even if that parent has no delegations)
199
+ * @deprecated Usually you should not need this method, since the preferred sfk is automatically chosen by the extended entity apis when creating a
200
+ * new instance of the entity.
124
201
  */
125
202
  extractPreferredSfk(parent: EncryptedParentEntity, hcpartyId: string, confidential: boolean): Promise<string | undefined>;
126
203
  /**
127
- * Gets an array of decrypted HcPartyKeys, shared between the delegate with ID `delegateHcPartyId` and the delegators in `delegatorsHcPartyIdsSet`
128
- *
129
- * 1. Get the keys for the delegateHealthCareParty (cache/backend).
130
- * 2. For each key in the delegators, decrypt it with the delegate's private key
131
- * 3. Filter out undefined keys and return them
132
- *
133
- * @param delegatorsHcPartyIdsSet array of delegator HcP IDs that could have delegated something to the HcP with ID `delegateHcPartyId`
134
- * @param delegateHcPartyId the HcP for which the HcPs with IDs in `delegatorsHcPartyIdsSet` could have delegated something
135
- * @param minCacheDurationInSeconds The minimum cache duration
136
- * @returns - **delegatorId** : the id of the delegator HcP that shares the **key** with the `delegateHcPartyId`
137
- * - **key** the decrypted HcPartyKey, shared between **delegatorId** and `delegateHcPartyId`
204
+ * @deprecated you should not need this method anymore because everything related to entities encryption should be done either through the
205
+ * entity-specific extended api.
138
206
  */
139
207
  decryptAndImportAesHcPartyKeysForDelegators(delegatorsHcPartyIdsSet: Array<string>, delegateHcPartyId: string, minCacheDurationInSeconds?: number): Promise<Array<DelegatorAndKeys>>;
140
208
  /**
141
- * Gets an array of decrypted HcPartyKeys from the given `delegations`, that are shared with / can be decrypted by the HcP with the given `healthcarePartyId` (or by its parents when `fallbackOnParent` is true)
142
- *
143
- * 1. Checks whether the delegations' object has a delegation for the
144
- * given healthCarePartyId.
145
- * 2. Enumerates all the delegators (delegation.owner) present in
146
- * the delegations.
147
- * 3. Decrypt's delegators' keys and returns them.
148
- *
149
- * @param dataOwnerId : the id of the delegate HCP
150
- * @param delegations : delegations (can be SPKs, CFKs, EKs) for all delegates
151
- * @param fallbackOnParent default true; use parent's healthCarePartyId in case there's no delegation for the `healthcarePartyId`
152
- * @returns - **delegatorId** : the id of the delegator HcP that shares the **key** with the `healthcarePartyId`
153
- * - **key** the decrypted HcPartyKey, shared between **delegatorId** and `healthcarePartyId`
154
- */
155
- getDecryptedAesExchangeKeysOfDelegateAndParentsFromGenericDelegations(dataOwnerId: string, delegations: {
156
- [key: string]: Array<Delegation>;
157
- }, fallbackOnParent?: boolean): Promise<Array<DelegatorAndKeys>>;
158
- /**
159
- * Retrieve the owner HealthCareParty key and use it to encrypt
160
- * both the delegations (createdObject.id) and the cryptedForeignKeys
161
- * (parentObject.id), and returns them in an object.
209
+ * @deprecated you should not need this method anymore because everything related to entities encryption should be done either through the
210
+ * entity-specific extended api.
211
+ * Note that currently this method does not cache results anymore (but the updated methods do).
162
212
  */
163
- initObjectDelegations(createdObject: any, parentObject: any, ownerId: string, secretForeignKeyOfParent: string | null): Promise<{
164
- owner: HealthcareParty | Device | Patient;
165
- delegations: any;
166
- cryptedForeignKeys: any;
167
- secretForeignKeys: any[];
168
- secretId: string;
169
- }>;
170
- private decryptAnyAesExchangeKeyForOwner;
171
- /**
172
- * Gets updated instances of SPKs and CKFs for the child object `modifiedObject`.
173
- * These updated SPKs and CKFs contain new SPKs/CFKs to provide delegation from delegator HcP with id `ownerId` to delegate HcP with id `delegateId`
174
- *
175
- * 1. if `secretIdOfModifiedObject` is not provided, the method will throw an exception; this `secretIdOfModifiedObject` is used to generate a new delegation (SPK) in step 3;
176
- * the `secretIdOfModifiedObject` is returned, unmodified, as `secretId`
177
- * 2. if the owner (delegator) did not perform a delegation to the delegate, then this HcP delegation (creation of a new HcPKey) is performed now
178
- * 3. creates a new delegation (Secret Primary Keys) on the `modifiedObject` encrypted with the HcPKey from owner to the delegate;
179
- * 4. if `parentObject` != null, creates a new CFK on the `modifiedObject` encrypted with the HcPKey from owner to the delegate;
180
- * 5. this new delegation (from step 3) is added to the list of existing delegations (Secret Primary Keys) on the `modifiedObject` for the delegate given by `delegateId`
181
- * 6. if the CFK (from step 4) can be created, this new CFK is added to the list of existing CFKs on the `modifiedObject` for the delegate given by `delegateId`
182
- * 7. then some duplicates delegations (SPKs) and CKFs are removed
183
- *
184
- * @param modifiedObject : the object of which SPKs and CFKs will be cloned, the clones will be modified and then used as returned values ; it's a 'child' of `parentObject`; will NOT be mutated
185
- * @param parentObject : will NOT be mutated
186
- * @param ownerId : the HcP id of the delegator
187
- * @param delegateId : the HcP id of the delegate
188
- * @param secretIdOfModifiedObject : the secret id used in the child object to generate its SPK
189
- * @returns - **delegations** existing delegations (SPKs) of the `modifiedObject`, appended with results from step 5
190
- * - **cryptedForeignKeys** existing CFKs of the `modifiedObject`, appended with results from steps 6
191
- * - **secretId** which is the given input parameter `secretIdOfModifiedObject`
192
- */
193
- extendedDelegationsAndCryptedForeignKeys<T extends EncryptedEntity, P extends EncryptedParentEntity>(modifiedObject: T, parentObject: P | null, ownerId: string, delegateId: string, secretIdOfModifiedObject: string | null): Promise<{
194
- modifiedObject: T;
195
- delegations: {
196
- [key: string]: Array<Delegation>;
197
- };
198
- cryptedForeignKeys: {
199
- [key: string]: Array<Delegation>;
200
- };
201
- secretId: string | null;
202
- }>;
203
- private _getDelegateIdsOf;
204
213
  getEncryptedAesExchangeKeys(owner: HealthcareParty | Patient | Device, delegateId: string): Promise<{
205
214
  [pubKeyIdentifier: string]: {
206
215
  [pubKeyFingerprint: string]: string;
207
216
  };
208
217
  }>;
209
- getOrCreateHcPartyKeys(owner: HealthcareParty | Patient | Device, delegateId: string): Promise<{
210
- owner: HealthcareParty | Patient | Device;
211
- aesExchangeKeys: {
212
- [pubKeyIdentifier: string]: {
213
- [pubKeyFingerprint: string]: string;
214
- };
215
- };
216
- }>;
217
218
  /**
218
- * Retrieve the owners HealthCareParty key, decrypt it, and
219
- * use it to encrypt & initialize the "encryptionKeys" object
220
- * and return it.
221
- * @param createdObject
222
- * @param ownerId
219
+ * @deprecated you should not use this method because initialisation of encrypted entities keys is done automatically by the entity-specific
220
+ * extended api. Also note that it is now forbidden to initialise an entity as a data owner which is not the current data owner: you should instead
221
+ * create the entity as the current data owner then create a delegation to the other data owner.
223
222
  */
224
223
  initEncryptionKeys(createdObject: any, ownerId: string): Promise<{
225
224
  encryptionKeys: any;
226
225
  secretId: string;
227
- modifiedOwner: Patient | Device | HealthcareParty;
228
226
  }>;
229
227
  /**
230
- * Gets an updated instance of the EKs of `modifiedObject`.
231
- * The updated EKs contain a new EK to provide delegation from delegator HcP with id `ownerId` to delegate HcP with id `delegateId`.
232
- * @param modifiedObject : the object of which EKs will be cloned, the clone will be used to append the new EK, and then used as return value; will NOT be mutated
233
- * @param ownerId : delegator HcP id
234
- * @param delegateId : delegate HcP id
235
- * @param secretEncryptionKeyOfObject : secret Id for the EK (Content Encryption Key)
236
- * @returns
237
- * - **encryptionKeys** existing EKs of the `modifiedObject`, appended with a new EK item (owner: `ownerId`, delegatedTo: `delegateId`, encrypted key with secretId:
238
- * `secretEncryptionKeyOfObject` )
239
- * - **secretId** which is the given input parameter `secretEncryptionKeyOfObject`
240
- */
241
- appendEncryptionKeys<T extends EncryptedEntity>(modifiedObject: T, ownerId: string, delegateId: string, secretEncryptionKeyOfObject: string): Promise<{
242
- modifiedObject: T;
243
- encryptionKeys: {
244
- [key: string]: Array<Delegation>;
245
- };
246
- secretId: string | null;
247
- }>;
248
- /**
249
- * Gets an updated `child` object that will have its SPKs, CFKs, KSs updated to include delegations from delegator HcP with id `ownerId` to delegate HcP with id `delegateId`
250
- * The SFKs of `child` are not updated, so this method assumes this is not the initial delegation on the `child` object
251
- * The method also performs some deduplication of all types of delegations.
252
- * @param parent : the parent object of `child`; will NOT be mutated
253
- * @param child : the object that will be mutated and returned
254
- * @param ownerId delegator HcP id
255
- * @param delegateId delegate HcP id
256
- * @param secretDelegationKey the secret Id used in the child object to generate the SPK
257
- * @param secretEncryptionKey the secret Id used in the child object to generate the EK (Content Encryption Key)
258
- * @returns - an updated `child` object that will contain updated SPKs, CFKs, EKs
259
- * */
260
- addDelegationsAndEncryptionKeys<T extends EncryptedEntity>(parent: EncryptedParentEntity | null, child: T, ownerId: string, delegateId: string, secretDelegationKey: string | null, secretEncryptionKey: string | null): Promise<T>;
261
- /**
262
- * Gets the secret IDs (SFKs) inside decrypted SPKs of the given `document`, decrypted by the HcP with the given `hcpartyId` AND by its HcP parents
263
- * @param document : the object of which delegations (SPKs) to decrypt
264
- * @param hcpartyId : the id of the delegate HcP
265
- * @returns - **extractedKeys** array containing secret IDs (SFKs) from decrypted SPKs, from both given HcP and its parents ; can contain duplicates
266
- * - **hcpartyId** the given `hcpartyId` OR, if a parent exist, the HcP id of the top parent in the hierarchy (even if that parent has no delegations)
228
+ * @deprecated You should use:
229
+ * - {@link IccPatientXApi.decryptSecretIdsOf} or {@link IccMessageXApi.decryptSecretIdsOf} to get the delegation sfks (now caleld secret ids).
230
+ * - {@link IccDataOwnerXApi.getCurrentDataOwnerHierarchyIds} to get the full hierarchy for the current data owner (cached). The first element is
231
+ * the id of the topmost parent, while the last is the current data owner.
232
+ * Note that the behaviour of this method has some subtle changes compared to the past:
233
+ * - throws an error if the provided hcpartyId is not part of the current data owner hierarchy.
234
+ * - does not provide any guarantees on the ordering of the extracted keys
235
+ * - deduplicates extracted keys
267
236
  */
268
237
  extractDelegationsSFKs(document: EncryptedEntity | null, hcpartyId?: string): Promise<{
269
238
  extractedKeys: Array<string>;
270
239
  hcpartyId?: string;
271
240
  }>;
272
241
  /**
273
- * Gets the secret IDs (SFKs) inside decrypted SPKs of the given `document`, decrypted by the HcP with the given `hcpartyId` AND by its HcP parents
274
- * @param document : the object of which delegations (SPKs) to decrypt
275
- * @param hcpartyId : the id of the delegate HcP
276
- * @returns - **extractedKeys** array containing secret IDs (SFKs) from decrypted SPKs, from both given HcP and its parents ; can contain duplicates
277
- * - **hcpartyId** the given `hcpartyId` OR, if a parent exist, the HcP id of the top parent in the hierarchy (even if that parent has no delegations)
242
+ * @deprecated (light) You should use:
243
+ * - {@link IccHelementXApi.decryptPatientIdOf}, {@link IccDocumentXApi.decryptMessageIdOf}, ... to get the crypted foreign keys.
244
+ * - {@link IccDataOwnerXApi.getCurrentDataOwnerHierarchyIds} to get the full hierarchy for the current data owner (cached). The first element is
245
+ * the id of the topmost parent, while the last is the current data owner.
246
+ * Note that the behaviour of this method has some subtle changes compared to the past:
247
+ * - throws an error if the provided hcpartyId is not part of the current data owner hierarchy.
248
+ * - does not provide any guarantees on the ordering of the extracted keys
249
+ * - deduplicates extracted keys
278
250
  */
279
- extractSFKsHierarchyFromDelegations(document: EncryptedEntity | null, hcpartyId?: string): Promise<Array<{
280
- hcpartyId: string;
281
- extractedKeys: Array<string>;
282
- }>>;
283
251
  extractCryptedFKs(document: EncryptedEntity | null, hcpartyId: string): Promise<{
284
252
  extractedKeys: Array<string>;
285
253
  hcpartyId: string;
286
254
  }>;
255
+ /**
256
+ * @deprecated You should use the extended apis methods to encrypt/decrypt entities or their attachments
257
+ * Note that the behaviour of this method has some subtle changes compared to the past:
258
+ * - throws an error if the provided hcpartyId is not part of the current data owner hierarchy.
259
+ * - does not provide any guarantees on the ordering of the extracted keys
260
+ * - deduplicates extracted keys
261
+ */
287
262
  extractEncryptionsSKs(document: EncryptedEntity, hcpartyId: string): Promise<{
288
263
  extractedKeys: Array<string>;
289
264
  hcpartyId: string;
290
265
  }>;
291
- extractDelegationsSFKsAndEncryptionSKs(ety: EncryptedEntity, ownerId: string): Promise<[string[], string[]]>;
292
- /**
293
- * Get decrypted generic secret IDs (secretIdSPKs, parentIds, secretIdEKs) from generic delegations (SPKs, CFKs, EKs)
294
- * 1. Get HealthCareParty from it's Id.
295
- * 2. Decrypt the keys of the given HCP.
296
- * 3. Decrypt the parent's key if it has parent.
297
- * 4. Return the decrypted key corresponding to the Health Care Party.
298
- * @param hcpartyId : the id of the delegate HcP (including its parents) for which to decrypt `extractedKeys`
299
- * @param objectId : the id of the object/document of which delegations to decrypt ; used just to log to console a message (Cryptographic mistake) in case the object id inside SPK, CFK, EK is different from this one
300
- * @param delegations : generic delegations (can be SPKs, CFKs, EKs) for all delegates from where to extract `extractedKeys`
301
- * @returns - **extractedKeys** array containing secret IDs from decrypted generic delegations, from both HCP with given `hcpartyId` and its parents; can contain duplicates
302
- * - **hcpartyId** the given `hcpartyId` OR, if a parent exist, the HCP id of the top parent in the hierarchy (even if that parent has no delegations)
303
- */
304
- extractKeysHierarchyFromDelegationLikes(hcpartyId: string, objectId: string, delegations: {
305
- [key: string]: Array<Delegation>;
306
- }): Promise<Array<{
307
- hcpartyId: string;
308
- extractedKeys: Array<string>;
309
- }>>;
310
- /**
311
- * Get decrypted generic secret IDs (secretIdSPKs, parentIds, secretIdEKs) from generic delegations (SPKs, CFKs, EKs)
312
- * 1. Get Data Owner (HCP, Patient or Device) from it's Id.
313
- * 2. Decrypt the keys of the given data owner.
314
- * 3. Decrypt the parent's key if it has parent.
315
- * 4. Return the decrypted key corresponding to the Health Care Party.
316
- * @param dataOwnerId : the id of the delegate data owner (including its parents) for which to decrypt `extractedKeys`
317
- * @param objectId : the id of the object/document of which delegations to decrypt ; used just to log to console a message (Cryptographic mistake) in case the object id inside SPK, CFK, EK is different from this one
318
- * @param delegations : generic delegations (can be SPKs, CFKs, EKs) for all delegates from where to extract `extractedKeys`
319
- * @returns - **extractedKeys** array containing secret IDs from decrypted generic delegations, from both data owner with given `dataOwnerId` and its parents; can contain duplicates
320
- * - **dataOwnerId** the given `dataOwnerId` OR, if a parent exist, the data owner id of the top parent in the hierarchy (even if that parent has no delegations)
266
+ /**
267
+ * @deprecated You should not use this method anymore, depending on what you were passing as {@link delegations} you should replace this method as
268
+ * explained in {@link extractEncryptionsSKs} (if you were passing encryptionKeys), {@link extractCryptedFKs} (cryptedForeignKeys), or
269
+ * {@link extractDelegationsSFKs} (delegations).
321
270
  */
322
271
  extractKeysFromDelegationsForHcpHierarchy(dataOwnerId: string, objectId: string, delegations: {
323
272
  [key: string]: Array<Delegation>;
@@ -326,49 +275,54 @@ export declare class IccCryptoXApi {
326
275
  hcpartyId: string;
327
276
  }>;
328
277
  /**
329
- * This method covers the use case when a DataOwner found back access to its data, and needs to use the delegations of its delegates instead
330
- * of its own ones
331
- *
332
- * @param dataOwner The current data owner from whom we want to decrypt the aesExchangeKeys
333
- * @param delegations The object delegations to decrypt
334
- * @param objectId The object to decrypt id
335
- * @private
278
+ * @deprecated you should not need this method anymore: the new API will automatically load on startup all keys available through the key storage
279
+ * facade and/or recoverable through transfer keys or shamir split. If you were using this method to load a key recovered through other means you
280
+ * will have to do so in your implementation of CryptoStrategies.
281
+ * You can convert the private key pkcs8 array to a jwk key using {@link pkcs8ToJwk} then you can extract the full key pair using
282
+ * {@link keyPairFromPrivateKeyJwk}.
336
283
  */
337
- private _extractDelegationsKeysUsingDataOwnerDelegateAesExchangeKeys;
338
- /**
339
- * Gets an array of generic secret IDs decrypted from a list of generic delegations (SPKs, CFKs, EKs) `delegationsArray`
340
- * If a particular generic delegation thows an exception when decrypted, the return value for it's secret ID will be 'false' and a message is logged to console
341
- * For each one of the delegations in the `delegationsArray`, it tries to decrypt with the decryptedHcPartyKey of the owner of that delegation;
342
- *
343
- * @param delegationsArray : generic delegations array
344
- * @param aesKeys : **key** HcP ids of delegators/owners in the `delegationsArray`, each with its own decryptedHcPartyKey
345
- * @param masterId : is the object id to which the generic delegation belongs to
346
- * - used only to check whether the object.id matches the one stored in the decrypted generic delegation item
347
- * - even if there's no match, the secret ID is kept as a valid result (and a message logged to console)
348
- * @returns array of generic secret IDs (secretIdSPK, parentId, secretIdEK)
349
- */
350
- decryptKeyInDelegationLikes(delegationsArray: Array<Delegation>, aesKeysForDataOwnerId: {
351
- [key: string]: {
352
- key: CryptoKey;
353
- rawKey: string;
354
- }[];
355
- }, masterId: string): Promise<Array<string>>;
356
- getPublicKeyFromPrivateKey(privateKey: JsonWebKey, dataOwner: Patient | Device | HealthcareParty): string;
357
284
  loadKeyPairsAsTextInBrowserLocalStorage(healthcarePartyId: string, privateKey: Uint8Array): Promise<void>;
285
+ /**
286
+ * @deprecated you should not need this method anymore: the new API will automatically load on startup all keys available through the key storage
287
+ * facade and/or recoverable through transfer keys or shamir split. If you were using this method to load a key recovered through other means you
288
+ * will have to do so in your implementation of CryptoStrategies.
289
+ * You can extract the full key pair using {@link keyPairFromPrivateKeyJwk}.
290
+ */
358
291
  loadKeyPairsAsJwkInBrowserLocalStorage(healthcarePartyId: string, privateKey: JsonWebKey): Promise<void>;
292
+ /**
293
+ * @deprecated you should not need this method anymore: the new API will automatically load on startup all keys available through the key storage
294
+ * facade and/or recoverable through transfer keys or shamir split. If you were using this method to load a key recovered through other means you
295
+ * will have to do so in your implementation of CryptoStrategies.
296
+ */
359
297
  loadKeyPairsInBrowserLocalStorage(healthcarePartyId: string, file: Blob): Promise<void>;
298
+ /**
299
+ * @deprecated keychains are not part of iCure's api: this method will be removed.
300
+ */
360
301
  saveKeychainInBrowserLocalStorage(id: string, keychain: number): void;
302
+ /**
303
+ * @deprecated keychains are not part of iCure's api: this method will be removed.
304
+ */
361
305
  saveKeychainInBrowserLocalStorageAsBase64(id: string, keyChainB64: string): void;
306
+ /**
307
+ * @deprecated keychains are not part of iCure's api: this method will be removed.
308
+ */
362
309
  saveKeychainValidityDateInBrowserLocalStorage(id: string, date: string): Promise<void>;
363
310
  /**
311
+ * @deprecated keychains are not part of iCure's api: this method will be removed.
312
+ *
364
313
  * Populate the HCP.options dict with an encrypted eHealth certificate and unencryped expiry date.
365
314
  * Any potentially unencrypted certificates will be pruned from the HCP.
366
315
  * @param hcpId Id of the hcp to modify
367
316
  * @returns modified HCP
368
317
  */
369
318
  saveKeyChainInHCPFromLocalStorage(hcpId: string): Promise<HealthcareParty>;
319
+ /**
320
+ * @deprecated keychains are not part of iCure's api: this method will be removed.
321
+ */
370
322
  importKeychainInBrowserFromHCP(hcpId: string): Promise<void>;
371
323
  /**
324
+ * @deprecated e-health certificates and keychains are not part of iCure's api: this method will be removed.
325
+ *
372
326
  * Synchronizes the eHealth certificate from the database into the LocalStorage, returning information on the presence
373
327
  * of certificate data in either place.
374
328
  *
@@ -380,116 +334,62 @@ export declare class IccCryptoXApi {
380
334
  remote: boolean;
381
335
  local: boolean;
382
336
  }>;
337
+ /**
338
+ * @deprecated keychains are not part of iCure's api: this method will be removed.
339
+ */
383
340
  getKeychainInBrowserLocalStorageAsBase64(id: string): Promise<string | undefined>;
341
+ /**
342
+ * @deprecated keychains are not part of iCure's api: this method will be removed.
343
+ */
384
344
  getKeychainValidityDateInBrowserLocalStorage(id: string): Promise<string | undefined>;
345
+ /**
346
+ * @deprecated keychains are not part of iCure's api: this method will be removed.
347
+ */
385
348
  loadKeychainFromBrowserLocalStorage(id: string): Promise<Uint8Array[] | null>;
386
349
  /**
387
- * loads the RSA key pair (hcparty) in JWK from local storage, not imported
388
- *
389
- * @param id doc id - hcpartyId
390
- * @param publicKeyFingerPrint the 32 last characters of public key this private key is associated with
391
- * @returns {Object} it is in JWK - not imported
350
+ * @deprecated you should not need this method anymore to deal with the encryption of iCure entities because everything related to entities
351
+ * encryption should be done through the entity-specific extended api.
352
+ * If instead you were using the method for other reasons check {@link getCachedRsaKeyPairForFingerprint} to get an idea of possible replacements.
392
353
  */
393
354
  loadKeyPairNotImported(id: string, publicKeyFingerPrint?: string): Promise<{
394
355
  publicKey: JsonWebKey;
395
356
  privateKey: JsonWebKey;
396
- }>;
357
+ } | undefined>;
397
358
  /**
398
- * Loads and imports the RSA key pair (hcparty) from local storage
399
- *
400
- * @param id doc id - hcPartyId
401
- * @returns {Promise} -> {CryptoKey} - imported RSA
359
+ * @deprecated use {@link IccIcureMaintenanceXApi.applyKeyPairUpdate} instead.
402
360
  */
403
- loadKeyPairImported(id: string): Promise<{
404
- publicKey: CryptoKey;
405
- privateKey: CryptoKey;
406
- }>;
361
+ giveAccessBackTo(delegateUser: User, ownerId: string, ownerNewPublicKey: string): Promise<DataOwnerWithType>;
407
362
  /**
408
- * When a user lost his keys, people to whom he shared information may call this method to give access back to him, re-encrypting their common
409
- * AES key using the new user public key.
410
- *
411
- * @param delegateUser Delegate Data Owner User, in charge of giving access back to the person who previously gave him some access
412
- * @param ownerId Id of the data owner to which we would like to give access back
413
- * @param ownerNewPublicKey New Data Owner Public Key we want to use to re-encrypt previously created AES key
414
- *
415
- * @return The DataOwner, updated by the delegateUser to add the new encrypted AES Key using the new provided public key
363
+ * @deprecated You don't need to manually generate exchange keys as they will be automatically created by the api when needed.
364
+ * Note that this method has some changes compared to previous version:
365
+ * - The method may return any data owner (including devices)
366
+ * - The method will throw an exception if the provided ownerId does not match the current data owner
367
+ */
368
+ generateKeyForDelegate(ownerId: string, delegateId: string): Promise<DataOwner>;
369
+ /**
370
+ * @deprecated replace with {@link IccDataOwnerXApi.getDataOwner}. Note that data owners are not cached anymore.
371
+ */
372
+ getDataOwner(ownerId: string, loadIfMissingFromCache?: boolean): Promise<DataOwnerWithType>;
373
+ /**
374
+ * @deprecated the crypto api will automatically verify on startup the validity of private keys, but in some cases you may want to verify the
375
+ * validity of keys recovered in your implementation of {@link CryptoStrategies}: in this case the method has been replaced with
376
+ * {@link RSA.checkKeyPairValidity}
416
377
  */
417
- giveAccessBackTo(delegateUser: User, ownerId: string, ownerNewPublicKey: string): Promise<CachedDataOwner>;
418
- addNewKeyPairForOwnerId(maintenanceTasksApi: IccMaintenanceTaskXApi, user: User, ownerId: string, generateTransferKey?: boolean, sendMaintenanceTasks?: boolean): Promise<{
419
- dataOwner: HealthcareParty | Patient | Device;
420
- publicKey: string;
421
- privateKey: string;
422
- }>;
423
- addNewKeyPairForOwner(maintenanceTasksApi: IccMaintenanceTaskXApi, user: User, cdo: CachedDataOwner, generateTransferKey?: boolean, sendMaintenanceTasks?: boolean): Promise<{
424
- dataOwner: HealthcareParty | Patient | Device;
425
- publicKey: string;
426
- privateKey: string;
427
- }>;
428
- addRawKeyPairForOwnerId(maintenanceTasksApi: IccMaintenanceTaskXApi, user: User, ownerId: string, keypair: {
429
- publicKey: string;
430
- privateKey: string;
431
- }, generateTransferKey?: boolean, sendMaintenanceTasks?: boolean): Promise<{
432
- dataOwner: HealthcareParty | Patient | Device;
433
- publicKey: string;
434
- privateKey: string;
435
- }>;
436
- addRawKeyPairForOwner(maintenanceTasksApi: IccMaintenanceTaskXApi, user: User, cdo: CachedDataOwner, keypair: {
437
- publicKey: string;
438
- privateKey: string;
439
- }, generateTransferKey?: boolean, sendMaintenanceTasks?: boolean): Promise<{
440
- dataOwner: HealthcareParty | Patient | Device;
441
- publicKey: string;
442
- privateKey: string;
443
- }>;
444
- addKeyPairForOwner(maintenanceTasksApi: IccMaintenanceTaskXApi, user: User, cdo: CachedDataOwner, keypair: {
445
- publicKey: CryptoKey;
446
- privateKey: CryptoKey;
447
- }, generateTransferKey?: boolean, sendMaintenanceTasks?: boolean): Promise<{
448
- dataOwner: HealthcareParty | Patient | Device;
449
- publicKey: string;
450
- privateKey: string;
451
- }>;
452
- private _saveDataOwner;
453
- private createOrUpdateAesExchangeKeysFor;
454
- private createOrUpdateTransferKeysFor;
455
- private encryptAesKeyFor;
456
- private encryptAesKeyOnlyForProvidedKeys;
457
- private retrieveDataOwnerInfoAfterPotentialUpdate;
458
- private sendMaintenanceTasks;
459
- private createMaintenanceTask;
460
- private getDataOwnerHexPublicKeys;
461
- private getDataOwnerPublicKeys;
462
- generateKeyForDelegate(ownerId: string, delegateId: string): PromiseLike<HealthcareParty | Patient>;
463
- getDataOwner(ownerId: string, loadIfMissingFromCache?: boolean): Promise<CachedDataOwner>;
464
378
  checkPrivateKeyValidity(dataOwner: HealthcareParty | Patient | Device): Promise<boolean>;
465
- private throwDetailedExceptionForInvalidParameter;
379
+ /**
380
+ * @deprecated (See {@link extractEncryptionsSKs} for a detailed explanation).
381
+ */
466
382
  getEncryptionDecryptionKeys(dataOwnerId: string, document: EncryptedEntity): Promise<Array<string> | undefined>;
467
- dataOwnerCanDecryptPatient(dataOwnerId: string, p: Patient): Promise<boolean>;
383
+ /**
384
+ * @deprecated For the encryption/decryption of iCure entities and attachments you should rely solely on the extended apis methods.
385
+ */
468
386
  encryptDecrypt(method: 'encrypt' | 'decrypt', content: Uint8Array | ArrayBuffer, edKey?: string, user?: User, documentObject?: Document): Promise<Uint8Array | Array<any> | any>;
469
387
  /**
470
- * Store keypair in storage
471
- *
472
- * @param id
473
- * @param keyPair should be JWK
474
- *
475
- * @deprecated use storage.setItem instead
388
+ * @deprecated you should not need to interact directly with the storage instance used by the iCure sdk.
476
389
  */
477
390
  storeKeyPair(id: string, keyPair: {
478
391
  publicKey: any;
479
392
  privateKey: any;
480
393
  }): void;
481
- fixAesExchangeKeyEntriesToFingerprints(aesExchangeKeys: {
482
- [delegatorPubKey: string]: {
483
- [delegateId: string]: {
484
- [pubKeyFp: string]: string;
485
- };
486
- };
487
- }): {
488
- [delegatorPubKey: string]: {
489
- [delegateId: string]: {
490
- [pubKeyFp: string]: string;
491
- };
492
- };
493
- };
494
394
  }
495
395
  export {};