@icure/api 6.4.2 → 6.4.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/icc-api/api/IccAuthApi.d.ts +19 -0
- package/icc-api/api/IccAuthApi.js +46 -1
- package/icc-api/api/IccAuthApi.js.map +1 -1
- package/icc-api/api/IccBesamv2Api.d.ts +6 -0
- package/icc-api/api/IccBesamv2Api.js +13 -0
- package/icc-api/api/IccBesamv2Api.js.map +1 -1
- package/icc-api/api/IccGroupApi.d.ts +6 -0
- package/icc-api/api/IccGroupApi.js +13 -0
- package/icc-api/api/IccGroupApi.js.map +1 -1
- package/icc-api/index.d.ts +0 -1
- package/icc-api/index.js +0 -1
- package/icc-api/index.js.map +1 -1
- package/icc-api/model/AuthenticationToken.d.ts +1 -0
- package/icc-api/model/AuthenticationToken.js.map +1 -1
- package/icc-api/model/CalendarItem.d.ts +1 -0
- package/icc-api/model/CalendarItem.js.map +1 -1
- package/icc-api/model/FlatRateTarification.d.ts +4 -1
- package/icc-api/model/FlatRateTarification.js +3 -0
- package/icc-api/model/FlatRateTarification.js.map +1 -1
- package/icc-api/model/ModelHelper.js +5 -4
- package/icc-api/model/ModelHelper.js.map +1 -1
- package/icc-api/model/UserGroup.d.ts +1 -0
- package/icc-api/model/UserGroup.js.map +1 -1
- package/icc-api/model/models.d.ts +2 -2
- package/icc-x-api/auth/AuthenticationProvider.d.ts +34 -2
- package/icc-x-api/auth/AuthenticationProvider.js +28 -6
- package/icc-x-api/auth/AuthenticationProvider.js.map +1 -1
- package/icc-x-api/auth/EnsembleAuthService.d.ts +6 -2
- package/icc-x-api/auth/EnsembleAuthService.js +9 -0
- package/icc-x-api/auth/EnsembleAuthService.js.map +1 -1
- package/icc-x-api/auth/JwtAuthService.d.ts +6 -5
- package/icc-x-api/auth/JwtAuthService.js +11 -23
- package/icc-x-api/auth/JwtAuthService.js.map +1 -1
- package/icc-x-api/auth/JwtBridgedAuthService.d.ts +26 -0
- package/icc-x-api/auth/JwtBridgedAuthService.js +129 -0
- package/icc-x-api/auth/JwtBridgedAuthService.js.map +1 -0
- package/icc-x-api/crypto/AES.js +3 -3
- package/icc-x-api/crypto/AES.js.map +1 -1
- package/icc-x-api/filters/ServiceByHcPartyTagCodeDateFilter.d.ts +1 -0
- package/icc-x-api/filters/ServiceByHcPartyTagCodeDateFilter.js.map +1 -1
- package/icc-x-api/filters/filters.d.ts +1 -1
- package/icc-x-api/icc-bekmehr-x-api.d.ts +1 -1
- package/icc-x-api/icc-crypto-x-api.d.ts +4 -6
- package/icc-x-api/icc-crypto-x-api.js +74 -75
- package/icc-x-api/icc-crypto-x-api.js.map +1 -1
- package/icc-x-api/icc-maintenance-task-x-api.js +1 -1
- package/icc-x-api/icc-maintenance-task-x-api.js.map +1 -1
- package/icc-x-api/index.d.ts +7 -2
- package/icc-x-api/index.js +6 -4
- package/icc-x-api/index.js.map +1 -1
- package/icc-x-api/utils/asn1-packer.d.ts +1 -1
- package/icc-x-api/utils/asn1-parser.d.ts +1 -1
- package/icc-x-api/utils/net-utils.d.ts +2 -2
- package/package.json +1 -1
- package/icc-api/api/IccBemikronoApi.d.ts +0 -81
- package/icc-api/api/IccBemikronoApi.js +0 -162
- package/icc-api/api/IccBemikronoApi.js.map +0 -1
|
@@ -18,31 +18,6 @@ const models_1 = require("../icc-api/model/models");
|
|
|
18
18
|
const binary_utils_1 = require("./utils/binary-utils");
|
|
19
19
|
const utils_1 = require("./utils");
|
|
20
20
|
class IccCryptoXApi {
|
|
21
|
-
constructor(host, headers, hcpartyBaseApi, //Init with a hcparty x api for better performances
|
|
22
|
-
patientBaseApi, deviceBaseApi, crypto = typeof window !== 'undefined' ? window.crypto : typeof self !== 'undefined' ? self.crypto : {}, storage, keyStorage) {
|
|
23
|
-
this.hcPartyKeysCache = {};
|
|
24
|
-
//[delegateId][delegatorId] = delegateEncryptedHcPartyKey
|
|
25
|
-
//for each delegate, it stores the list of delegators and the corresponding delegateEncryptedHcPartyKey (shared HcPartyKey, from delegator to delegate, encrypted with the RSA key of the delegate)
|
|
26
|
-
this.hcPartyKeysRequestsCache = {};
|
|
27
|
-
this.cacheLastDeletionTimestamp = undefined;
|
|
28
|
-
this.dataOwnerCache = {};
|
|
29
|
-
this.keychainLocalStoreIdPrefix = 'org.taktik.icure.ehealth.keychain.';
|
|
30
|
-
this.keychainValidityDateLocalStoreIdPrefix = 'org.taktik.icure.ehealth.keychain-date.';
|
|
31
|
-
this.hcpPreferenceKeyEhealthCert = 'eHealthCRTCrypt';
|
|
32
|
-
this.hcpPreferenceKeyEhealthCertDate = 'eHealthCRTDate';
|
|
33
|
-
this.rsaLocalStoreIdPrefix = 'org.taktik.icure.rsa.';
|
|
34
|
-
this.rsaKeyPairs = {};
|
|
35
|
-
this.hcpartyBaseApi = hcpartyBaseApi;
|
|
36
|
-
this.patientBaseApi = patientBaseApi;
|
|
37
|
-
this.deviceBaseApi = deviceBaseApi;
|
|
38
|
-
this._crypto = crypto;
|
|
39
|
-
this.generateKeyConcurrencyMap = {};
|
|
40
|
-
this._AES = new AES_1.AESUtils(crypto);
|
|
41
|
-
this._RSA = new RSA_1.RSAUtils(crypto);
|
|
42
|
-
this._shamir = new shamir_1.ShamirClass(crypto);
|
|
43
|
-
this._storage = storage;
|
|
44
|
-
this._keyStorage = keyStorage;
|
|
45
|
-
}
|
|
46
21
|
get crypto() {
|
|
47
22
|
return this._crypto;
|
|
48
23
|
}
|
|
@@ -83,6 +58,31 @@ class IccCryptoXApi {
|
|
|
83
58
|
this.deviceBaseApi.getDeviceAesExchangeKeysForDelegate(delegateHcPartyId).catch(() => { }),
|
|
84
59
|
]).then(([a, b, c]) => (Object.assign(Object.assign(Object.assign({}, a), b), c)));
|
|
85
60
|
}
|
|
61
|
+
constructor(host, headers, hcpartyBaseApi, //Init with a hcparty x api for better performances
|
|
62
|
+
patientBaseApi, deviceBaseApi, crypto = typeof window !== 'undefined' ? window.crypto : typeof self !== 'undefined' ? self.crypto : {}, storage, keyStorage) {
|
|
63
|
+
this.hcPartyKeysCache = {};
|
|
64
|
+
//[delegateId][delegatorId] = delegateEncryptedHcPartyKey
|
|
65
|
+
//for each delegate, it stores the list of delegators and the corresponding delegateEncryptedHcPartyKey (shared HcPartyKey, from delegator to delegate, encrypted with the RSA key of the delegate)
|
|
66
|
+
this.hcPartyKeysRequestsCache = {};
|
|
67
|
+
this.cacheLastDeletionTimestamp = undefined;
|
|
68
|
+
this.dataOwnerCache = {};
|
|
69
|
+
this.keychainLocalStoreIdPrefix = 'org.taktik.icure.ehealth.keychain.';
|
|
70
|
+
this.keychainValidityDateLocalStoreIdPrefix = 'org.taktik.icure.ehealth.keychain-date.';
|
|
71
|
+
this.hcpPreferenceKeyEhealthCert = 'eHealthCRTCrypt';
|
|
72
|
+
this.hcpPreferenceKeyEhealthCertDate = 'eHealthCRTDate';
|
|
73
|
+
this.rsaLocalStoreIdPrefix = 'org.taktik.icure.rsa.';
|
|
74
|
+
this.rsaKeyPairs = {};
|
|
75
|
+
this.hcpartyBaseApi = hcpartyBaseApi;
|
|
76
|
+
this.patientBaseApi = patientBaseApi;
|
|
77
|
+
this.deviceBaseApi = deviceBaseApi;
|
|
78
|
+
this._crypto = crypto;
|
|
79
|
+
this.generateKeyConcurrencyMap = {};
|
|
80
|
+
this._AES = new AES_1.AESUtils(crypto);
|
|
81
|
+
this._RSA = new RSA_1.RSAUtils(crypto);
|
|
82
|
+
this._shamir = new shamir_1.ShamirClass(crypto);
|
|
83
|
+
this._storage = storage;
|
|
84
|
+
this._keyStorage = keyStorage;
|
|
85
|
+
}
|
|
86
86
|
loadAllKeysFromLocalStorage(dataOwnerId) {
|
|
87
87
|
return __awaiter(this, void 0, void 0, function* () {
|
|
88
88
|
const pubKeys = yield this.getDataOwnerHexPublicKeys((yield this.getDataOwner(dataOwnerId)).dataOwner);
|
|
@@ -1280,60 +1280,56 @@ class IccCryptoXApi {
|
|
|
1280
1280
|
* When a user lost his keys, people to whom he shared information may call this method to give access back to him, re-encrypting their common
|
|
1281
1281
|
* AES key using the new user public key.
|
|
1282
1282
|
*
|
|
1283
|
-
* @param
|
|
1284
|
-
* @param ownerId Id of the data owner to which we would like to
|
|
1283
|
+
* @param accessGiver User, in charge of giving access back to the person who previously gave him some access (should be the current user)
|
|
1284
|
+
* @param ownerId Id of the data owner to which we would like to get access back
|
|
1285
1285
|
* @param ownerNewPublicKey New Data Owner Public Key we want to use to re-encrypt previously created AES key
|
|
1286
|
-
*
|
|
1287
|
-
* @return The DataOwner, updated by the delegateUser to add the new encrypted AES Key using the new provided public key
|
|
1288
1286
|
*/
|
|
1289
|
-
giveAccessBackTo(
|
|
1290
|
-
var _a, _b
|
|
1287
|
+
giveAccessBackTo(accessGiver, ownerId, ownerNewPublicKey) {
|
|
1288
|
+
var _a, _b;
|
|
1291
1289
|
return __awaiter(this, void 0, void 0, function* () {
|
|
1292
|
-
const
|
|
1293
|
-
|
|
1294
|
-
|
|
1290
|
+
const newPubKeyCryptoKey = yield this._RSA.importKey('spki', (0, binary_utils_1.hex2ua)(ownerNewPublicKey), ['encrypt']);
|
|
1291
|
+
const giverDoId = (_b = (_a = accessGiver.healthcarePartyId) !== null && _a !== void 0 ? _a : accessGiver.patientId) !== null && _b !== void 0 ? _b : accessGiver.deviceId;
|
|
1292
|
+
if (!giverDoId) {
|
|
1293
|
+
throw new Error(`Access giver ${accessGiver.id} must be a data Owner`);
|
|
1295
1294
|
}
|
|
1296
|
-
const
|
|
1297
|
-
const
|
|
1298
|
-
|
|
1299
|
-
|
|
1300
|
-
|
|
1301
|
-
|
|
1302
|
-
|
|
1303
|
-
if (
|
|
1304
|
-
|
|
1305
|
-
|
|
1306
|
-
|
|
1307
|
-
|
|
1308
|
-
|
|
1309
|
-
|
|
1310
|
-
|
|
1311
|
-
.then((encrAesInfo) => {
|
|
1312
|
-
return { pubKeyUsedToEncryptAes: Object.keys(encrAesInfo)[0], encryptedAes: Object.values(encrAesInfo)[0] };
|
|
1313
|
-
});
|
|
1314
|
-
}));
|
|
1315
|
-
delKeys[encrAesKeyInfo.pubKeyUsedToEncryptAes] = encrAesKeyInfo.encryptedAes;
|
|
1316
|
-
}
|
|
1317
|
-
catch (e) {
|
|
1318
|
-
console.log(`${delegateId} could not re-encrypt AES Key of ${dataOwnerToUpdate.dataOwner.id}`);
|
|
1319
|
-
}
|
|
1320
|
-
finally {
|
|
1321
|
-
delAcc[delId] = delKeys;
|
|
1295
|
+
const giverDoKeys = yield this.getDataOwner(giverDoId).then((doData) => { var _a; return [doData.dataOwner.publicKey, ...Object.keys((_a = doData.dataOwner.aesExchangeKeys) !== null && _a !== void 0 ? _a : {})].filter((x) => !!x); });
|
|
1296
|
+
const giveAccessBackToExchangeKey = (exchangeKeys, delegatorId, // Getter for getter exchange keys, giver for giver exchange keys
|
|
1297
|
+
delegateId // Giver for getter exchange keys, getter for giver exchange keys
|
|
1298
|
+
) => __awaiter(this, void 0, void 0, function* () {
|
|
1299
|
+
const updatedExchangeKeys = _.cloneDeep(exchangeKeys);
|
|
1300
|
+
for (const [publicKey, mapsByDelegate] of Object.entries(updatedExchangeKeys)) {
|
|
1301
|
+
const mapOfDelegate = mapsByDelegate[delegateId];
|
|
1302
|
+
if (!!mapOfDelegate && !mapOfDelegate[ownerNewPublicKey.slice(-32)]) {
|
|
1303
|
+
const decryptedKey = yield this.decryptHcPartyKey(giverDoId, delegatorId, delegateId, publicKey, mapOfDelegate, giverDoKeys)
|
|
1304
|
+
.then((x) => x === null || x === void 0 ? void 0 : x.rawKey)
|
|
1305
|
+
.catch(() => undefined);
|
|
1306
|
+
if (decryptedKey) {
|
|
1307
|
+
mapOfDelegate[ownerNewPublicKey.slice(-32)] = yield this.encryptAesKeyOnlyForProvidedKeys(decryptedKey, delegateId, [
|
|
1308
|
+
newPubKeyCryptoKey,
|
|
1309
|
+
]).then((encrAes) => Object.values(Object.values(encrAes)[0])[0]);
|
|
1322
1310
|
}
|
|
1323
1311
|
}
|
|
1324
|
-
|
|
1325
|
-
|
|
1326
|
-
delAcc[delId] = delKeys;
|
|
1327
|
-
}
|
|
1328
|
-
return delAcc;
|
|
1329
|
-
}));
|
|
1330
|
-
return pubAcc;
|
|
1331
|
-
}));
|
|
1332
|
-
// After adding the potential new aesExchangeKeys, we save the updated data owner
|
|
1333
|
-
return this._saveDataOwner({
|
|
1334
|
-
type: dataOwnerToUpdate.type,
|
|
1335
|
-
dataOwner: Object.assign(Object.assign({}, dataOwnerToUpdate.dataOwner), { aesExchangeKeys: newAesExchangeKeys }),
|
|
1312
|
+
}
|
|
1313
|
+
return updatedExchangeKeys;
|
|
1336
1314
|
});
|
|
1315
|
+
yield (0, utils_1.retry)(() => __awaiter(this, void 0, void 0, function* () {
|
|
1316
|
+
var _c;
|
|
1317
|
+
const getterDo = yield this.getDataOwner(ownerId);
|
|
1318
|
+
const updatedGetterKeys = yield giveAccessBackToExchangeKey((_c = getterDo.dataOwner.aesExchangeKeys) !== null && _c !== void 0 ? _c : {}, ownerId, giverDoId);
|
|
1319
|
+
yield this._saveDataOwner({
|
|
1320
|
+
type: getterDo.type,
|
|
1321
|
+
dataOwner: Object.assign(Object.assign({}, getterDo.dataOwner), { aesExchangeKeys: updatedGetterKeys }),
|
|
1322
|
+
});
|
|
1323
|
+
}), 3, 5000, 1);
|
|
1324
|
+
yield (0, utils_1.retry)(() => __awaiter(this, void 0, void 0, function* () {
|
|
1325
|
+
var _d;
|
|
1326
|
+
const giverDo = yield this.getDataOwner(giverDoId);
|
|
1327
|
+
const updatedGiverKeys = yield giveAccessBackToExchangeKey((_d = giverDo.dataOwner.aesExchangeKeys) !== null && _d !== void 0 ? _d : {}, giverDoId, ownerId);
|
|
1328
|
+
yield this._saveDataOwner({
|
|
1329
|
+
type: giverDo.type,
|
|
1330
|
+
dataOwner: Object.assign(Object.assign({}, giverDo.dataOwner), { aesExchangeKeys: updatedGiverKeys }),
|
|
1331
|
+
});
|
|
1332
|
+
}), 3, 5000, 1);
|
|
1337
1333
|
});
|
|
1338
1334
|
}
|
|
1339
1335
|
addNewKeyPairForOwnerId(maintenanceTasksApi, user, ownerId, generateTransferKey = true, sendMaintenanceTasks = true) {
|
|
@@ -1435,16 +1431,16 @@ class IccCryptoXApi {
|
|
|
1435
1431
|
encryptAesKeyFor(aesKey, dataOwner, doNewPublicKey) {
|
|
1436
1432
|
return __awaiter(this, void 0, void 0, function* () {
|
|
1437
1433
|
const dataOwnerAllPubKeys = [doNewPublicKey].concat(yield this.getDataOwnerPublicKeys(dataOwner));
|
|
1438
|
-
return this.encryptAesKeyOnlyForProvidedKeys(aesKey, dataOwner, dataOwnerAllPubKeys);
|
|
1434
|
+
return this.encryptAesKeyOnlyForProvidedKeys(aesKey, dataOwner.id, dataOwnerAllPubKeys);
|
|
1439
1435
|
});
|
|
1440
1436
|
}
|
|
1441
|
-
encryptAesKeyOnlyForProvidedKeys(aesKey,
|
|
1437
|
+
encryptAesKeyOnlyForProvidedKeys(aesKey, dataOwnerId, dataOwnerPubKeys) {
|
|
1442
1438
|
return __awaiter(this, void 0, void 0, function* () {
|
|
1443
1439
|
const encryptedAesForDataOwner = yield (0, utils_1.foldAsync)(dataOwnerPubKeys, {}, (encrAes, pubKey) => __awaiter(this, void 0, void 0, function* () {
|
|
1444
1440
|
encrAes[(0, binary_utils_1.ua2hex)(yield this.RSA.exportKey(pubKey, 'spki')).slice(-32)] = (0, binary_utils_1.ua2hex)(yield this._RSA.encrypt(pubKey, (0, binary_utils_1.hex2ua)(aesKey)));
|
|
1445
1441
|
return encrAes;
|
|
1446
1442
|
}));
|
|
1447
|
-
return { [
|
|
1443
|
+
return { [dataOwnerId]: encryptedAesForDataOwner };
|
|
1448
1444
|
});
|
|
1449
1445
|
}
|
|
1450
1446
|
retrieveDataOwnerInfoAfterPotentialUpdate(dataOwnerToUpdate) {
|
|
@@ -1483,6 +1479,9 @@ class IccCryptoXApi {
|
|
|
1483
1479
|
.map((delegateId) => {
|
|
1484
1480
|
return { delegateId, maintenanceTask: this.createMaintenanceTask(dataOwner, hexNewPubKey) };
|
|
1485
1481
|
});
|
|
1482
|
+
if (tasks.length > 0) {
|
|
1483
|
+
this.emptyHcpCache(dataOwner.id);
|
|
1484
|
+
}
|
|
1486
1485
|
const res = [];
|
|
1487
1486
|
for (const task of tasks) {
|
|
1488
1487
|
const taskToCreate = yield (maintenanceTaskApi === null || maintenanceTaskApi === void 0 ? void 0 : maintenanceTaskApi.newInstance(user, task.maintenanceTask, [task.delegateId]));
|