@icure/api 6.4.2 → 6.4.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (57) hide show
  1. package/icc-api/api/IccAuthApi.d.ts +19 -0
  2. package/icc-api/api/IccAuthApi.js +46 -1
  3. package/icc-api/api/IccAuthApi.js.map +1 -1
  4. package/icc-api/api/IccBesamv2Api.d.ts +6 -0
  5. package/icc-api/api/IccBesamv2Api.js +13 -0
  6. package/icc-api/api/IccBesamv2Api.js.map +1 -1
  7. package/icc-api/api/IccGroupApi.d.ts +6 -0
  8. package/icc-api/api/IccGroupApi.js +13 -0
  9. package/icc-api/api/IccGroupApi.js.map +1 -1
  10. package/icc-api/index.d.ts +0 -1
  11. package/icc-api/index.js +0 -1
  12. package/icc-api/index.js.map +1 -1
  13. package/icc-api/model/AuthenticationToken.d.ts +1 -0
  14. package/icc-api/model/AuthenticationToken.js.map +1 -1
  15. package/icc-api/model/CalendarItem.d.ts +1 -0
  16. package/icc-api/model/CalendarItem.js.map +1 -1
  17. package/icc-api/model/FlatRateTarification.d.ts +4 -1
  18. package/icc-api/model/FlatRateTarification.js +3 -0
  19. package/icc-api/model/FlatRateTarification.js.map +1 -1
  20. package/icc-api/model/ModelHelper.js +5 -4
  21. package/icc-api/model/ModelHelper.js.map +1 -1
  22. package/icc-api/model/UserGroup.d.ts +1 -0
  23. package/icc-api/model/UserGroup.js.map +1 -1
  24. package/icc-api/model/models.d.ts +2 -2
  25. package/icc-x-api/auth/AuthenticationProvider.d.ts +34 -2
  26. package/icc-x-api/auth/AuthenticationProvider.js +28 -6
  27. package/icc-x-api/auth/AuthenticationProvider.js.map +1 -1
  28. package/icc-x-api/auth/EnsembleAuthService.d.ts +6 -2
  29. package/icc-x-api/auth/EnsembleAuthService.js +9 -0
  30. package/icc-x-api/auth/EnsembleAuthService.js.map +1 -1
  31. package/icc-x-api/auth/JwtAuthService.d.ts +6 -5
  32. package/icc-x-api/auth/JwtAuthService.js +11 -23
  33. package/icc-x-api/auth/JwtAuthService.js.map +1 -1
  34. package/icc-x-api/auth/JwtBridgedAuthService.d.ts +26 -0
  35. package/icc-x-api/auth/JwtBridgedAuthService.js +129 -0
  36. package/icc-x-api/auth/JwtBridgedAuthService.js.map +1 -0
  37. package/icc-x-api/crypto/AES.js +3 -3
  38. package/icc-x-api/crypto/AES.js.map +1 -1
  39. package/icc-x-api/filters/ServiceByHcPartyTagCodeDateFilter.d.ts +1 -0
  40. package/icc-x-api/filters/ServiceByHcPartyTagCodeDateFilter.js.map +1 -1
  41. package/icc-x-api/filters/filters.d.ts +1 -1
  42. package/icc-x-api/icc-bekmehr-x-api.d.ts +1 -1
  43. package/icc-x-api/icc-crypto-x-api.d.ts +4 -6
  44. package/icc-x-api/icc-crypto-x-api.js +74 -75
  45. package/icc-x-api/icc-crypto-x-api.js.map +1 -1
  46. package/icc-x-api/icc-maintenance-task-x-api.js +1 -1
  47. package/icc-x-api/icc-maintenance-task-x-api.js.map +1 -1
  48. package/icc-x-api/index.d.ts +7 -2
  49. package/icc-x-api/index.js +6 -4
  50. package/icc-x-api/index.js.map +1 -1
  51. package/icc-x-api/utils/asn1-packer.d.ts +1 -1
  52. package/icc-x-api/utils/asn1-parser.d.ts +1 -1
  53. package/icc-x-api/utils/net-utils.d.ts +2 -2
  54. package/package.json +1 -1
  55. package/icc-api/api/IccBemikronoApi.d.ts +0 -81
  56. package/icc-api/api/IccBemikronoApi.js +0 -162
  57. package/icc-api/api/IccBemikronoApi.js.map +0 -1
@@ -18,31 +18,6 @@ const models_1 = require("../icc-api/model/models");
18
18
  const binary_utils_1 = require("./utils/binary-utils");
19
19
  const utils_1 = require("./utils");
20
20
  class IccCryptoXApi {
21
- constructor(host, headers, hcpartyBaseApi, //Init with a hcparty x api for better performances
22
- patientBaseApi, deviceBaseApi, crypto = typeof window !== 'undefined' ? window.crypto : typeof self !== 'undefined' ? self.crypto : {}, storage, keyStorage) {
23
- this.hcPartyKeysCache = {};
24
- //[delegateId][delegatorId] = delegateEncryptedHcPartyKey
25
- //for each delegate, it stores the list of delegators and the corresponding delegateEncryptedHcPartyKey (shared HcPartyKey, from delegator to delegate, encrypted with the RSA key of the delegate)
26
- this.hcPartyKeysRequestsCache = {};
27
- this.cacheLastDeletionTimestamp = undefined;
28
- this.dataOwnerCache = {};
29
- this.keychainLocalStoreIdPrefix = 'org.taktik.icure.ehealth.keychain.';
30
- this.keychainValidityDateLocalStoreIdPrefix = 'org.taktik.icure.ehealth.keychain-date.';
31
- this.hcpPreferenceKeyEhealthCert = 'eHealthCRTCrypt';
32
- this.hcpPreferenceKeyEhealthCertDate = 'eHealthCRTDate';
33
- this.rsaLocalStoreIdPrefix = 'org.taktik.icure.rsa.';
34
- this.rsaKeyPairs = {};
35
- this.hcpartyBaseApi = hcpartyBaseApi;
36
- this.patientBaseApi = patientBaseApi;
37
- this.deviceBaseApi = deviceBaseApi;
38
- this._crypto = crypto;
39
- this.generateKeyConcurrencyMap = {};
40
- this._AES = new AES_1.AESUtils(crypto);
41
- this._RSA = new RSA_1.RSAUtils(crypto);
42
- this._shamir = new shamir_1.ShamirClass(crypto);
43
- this._storage = storage;
44
- this._keyStorage = keyStorage;
45
- }
46
21
  get crypto() {
47
22
  return this._crypto;
48
23
  }
@@ -83,6 +58,31 @@ class IccCryptoXApi {
83
58
  this.deviceBaseApi.getDeviceAesExchangeKeysForDelegate(delegateHcPartyId).catch(() => { }),
84
59
  ]).then(([a, b, c]) => (Object.assign(Object.assign(Object.assign({}, a), b), c)));
85
60
  }
61
+ constructor(host, headers, hcpartyBaseApi, //Init with a hcparty x api for better performances
62
+ patientBaseApi, deviceBaseApi, crypto = typeof window !== 'undefined' ? window.crypto : typeof self !== 'undefined' ? self.crypto : {}, storage, keyStorage) {
63
+ this.hcPartyKeysCache = {};
64
+ //[delegateId][delegatorId] = delegateEncryptedHcPartyKey
65
+ //for each delegate, it stores the list of delegators and the corresponding delegateEncryptedHcPartyKey (shared HcPartyKey, from delegator to delegate, encrypted with the RSA key of the delegate)
66
+ this.hcPartyKeysRequestsCache = {};
67
+ this.cacheLastDeletionTimestamp = undefined;
68
+ this.dataOwnerCache = {};
69
+ this.keychainLocalStoreIdPrefix = 'org.taktik.icure.ehealth.keychain.';
70
+ this.keychainValidityDateLocalStoreIdPrefix = 'org.taktik.icure.ehealth.keychain-date.';
71
+ this.hcpPreferenceKeyEhealthCert = 'eHealthCRTCrypt';
72
+ this.hcpPreferenceKeyEhealthCertDate = 'eHealthCRTDate';
73
+ this.rsaLocalStoreIdPrefix = 'org.taktik.icure.rsa.';
74
+ this.rsaKeyPairs = {};
75
+ this.hcpartyBaseApi = hcpartyBaseApi;
76
+ this.patientBaseApi = patientBaseApi;
77
+ this.deviceBaseApi = deviceBaseApi;
78
+ this._crypto = crypto;
79
+ this.generateKeyConcurrencyMap = {};
80
+ this._AES = new AES_1.AESUtils(crypto);
81
+ this._RSA = new RSA_1.RSAUtils(crypto);
82
+ this._shamir = new shamir_1.ShamirClass(crypto);
83
+ this._storage = storage;
84
+ this._keyStorage = keyStorage;
85
+ }
86
86
  loadAllKeysFromLocalStorage(dataOwnerId) {
87
87
  return __awaiter(this, void 0, void 0, function* () {
88
88
  const pubKeys = yield this.getDataOwnerHexPublicKeys((yield this.getDataOwner(dataOwnerId)).dataOwner);
@@ -1280,60 +1280,56 @@ class IccCryptoXApi {
1280
1280
  * When a user lost his keys, people to whom he shared information may call this method to give access back to him, re-encrypting their common
1281
1281
  * AES key using the new user public key.
1282
1282
  *
1283
- * @param delegateUser Delegate Data Owner User, in charge of giving access back to the person who previously gave him some access
1284
- * @param ownerId Id of the data owner to which we would like to give access back
1283
+ * @param accessGiver User, in charge of giving access back to the person who previously gave him some access (should be the current user)
1284
+ * @param ownerId Id of the data owner to which we would like to get access back
1285
1285
  * @param ownerNewPublicKey New Data Owner Public Key we want to use to re-encrypt previously created AES key
1286
- *
1287
- * @return The DataOwner, updated by the delegateUser to add the new encrypted AES Key using the new provided public key
1288
1286
  */
1289
- giveAccessBackTo(delegateUser, ownerId, ownerNewPublicKey) {
1290
- var _a, _b, _c, _d;
1287
+ giveAccessBackTo(accessGiver, ownerId, ownerNewPublicKey) {
1288
+ var _a, _b;
1291
1289
  return __awaiter(this, void 0, void 0, function* () {
1292
- const delegateId = (_b = (_a = delegateUser.healthcarePartyId) !== null && _a !== void 0 ? _a : delegateUser.patientId) !== null && _b !== void 0 ? _b : delegateUser.deviceId;
1293
- if (!delegateId) {
1294
- throw new Error(`DelegateUser ${delegateUser.id} must be a data Owner`);
1290
+ const newPubKeyCryptoKey = yield this._RSA.importKey('spki', (0, binary_utils_1.hex2ua)(ownerNewPublicKey), ['encrypt']);
1291
+ const giverDoId = (_b = (_a = accessGiver.healthcarePartyId) !== null && _a !== void 0 ? _a : accessGiver.patientId) !== null && _b !== void 0 ? _b : accessGiver.deviceId;
1292
+ if (!giverDoId) {
1293
+ throw new Error(`Access giver ${accessGiver.id} must be a data Owner`);
1295
1294
  }
1296
- const delegatePublicKeys = yield this.getPublicKeys();
1297
- const newPubKeyCryptoKey = yield this._RSA.importKey('jwk', (0, utils_1.spkiToJwk)((0, binary_utils_1.hex2ua)(ownerNewPublicKey)), ['encrypt']);
1298
- const dataOwnerToUpdate = yield this.getDataOwner(ownerId);
1299
- const newAesExchangeKeys = yield (0, utils_1.foldAsync)(Object.entries((_c = dataOwnerToUpdate.dataOwner.aesExchangeKeys) !== null && _c !== void 0 ? _c : {}), (_d = dataOwnerToUpdate.dataOwner.aesExchangeKeys) !== null && _d !== void 0 ? _d : {}, (pubAcc, [pubKey, newAesExcKeys]) => __awaiter(this, void 0, void 0, function* () {
1300
- var _e;
1301
- const existingKeys = (_e = pubAcc[pubKey]) !== null && _e !== void 0 ? _e : {};
1302
- pubAcc[pubKey] = yield (0, utils_1.foldAsync)(Object.entries(newAesExcKeys), existingKeys, (delAcc, [delId, delKeys]) => __awaiter(this, void 0, void 0, function* () {
1303
- if (delId == delegateId && pubKey != ownerNewPublicKey) {
1304
- // Add the AES Key encrypted with the new public key in the aesExchangeKeys
1305
- try {
1306
- // First, we decrypt it using the delegate RSA Public Key
1307
- const encrAesKeyInfo = yield this.decryptHcPartyKey(delegateId, dataOwnerToUpdate.dataOwner.id, delegateId, pubKey, delKeys, delegatePublicKeys).then((delegatorAndKeys) => __awaiter(this, void 0, void 0, function* () {
1308
- // Then, we encrypt it using the owner new RSA Public Key (provided in argument)
1309
- return yield this.encryptAesKeyOnlyForProvidedKeys(delegatorAndKeys === null || delegatorAndKeys === void 0 ? void 0 : delegatorAndKeys.rawKey, dataOwnerToUpdate, [newPubKeyCryptoKey])
1310
- .then((encrAes) => Object.values(encrAes)[0])
1311
- .then((encrAesInfo) => {
1312
- return { pubKeyUsedToEncryptAes: Object.keys(encrAesInfo)[0], encryptedAes: Object.values(encrAesInfo)[0] };
1313
- });
1314
- }));
1315
- delKeys[encrAesKeyInfo.pubKeyUsedToEncryptAes] = encrAesKeyInfo.encryptedAes;
1316
- }
1317
- catch (e) {
1318
- console.log(`${delegateId} could not re-encrypt AES Key of ${dataOwnerToUpdate.dataOwner.id}`);
1319
- }
1320
- finally {
1321
- delAcc[delId] = delKeys;
1295
+ const giverDoKeys = yield this.getDataOwner(giverDoId).then((doData) => { var _a; return [doData.dataOwner.publicKey, ...Object.keys((_a = doData.dataOwner.aesExchangeKeys) !== null && _a !== void 0 ? _a : {})].filter((x) => !!x); });
1296
+ const giveAccessBackToExchangeKey = (exchangeKeys, delegatorId, // Getter for getter exchange keys, giver for giver exchange keys
1297
+ delegateId // Giver for getter exchange keys, getter for giver exchange keys
1298
+ ) => __awaiter(this, void 0, void 0, function* () {
1299
+ const updatedExchangeKeys = _.cloneDeep(exchangeKeys);
1300
+ for (const [publicKey, mapsByDelegate] of Object.entries(updatedExchangeKeys)) {
1301
+ const mapOfDelegate = mapsByDelegate[delegateId];
1302
+ if (!!mapOfDelegate && !mapOfDelegate[ownerNewPublicKey.slice(-32)]) {
1303
+ const decryptedKey = yield this.decryptHcPartyKey(giverDoId, delegatorId, delegateId, publicKey, mapOfDelegate, giverDoKeys)
1304
+ .then((x) => x === null || x === void 0 ? void 0 : x.rawKey)
1305
+ .catch(() => undefined);
1306
+ if (decryptedKey) {
1307
+ mapOfDelegate[ownerNewPublicKey.slice(-32)] = yield this.encryptAesKeyOnlyForProvidedKeys(decryptedKey, delegateId, [
1308
+ newPubKeyCryptoKey,
1309
+ ]).then((encrAes) => Object.values(Object.values(encrAes)[0])[0]);
1322
1310
  }
1323
1311
  }
1324
- else {
1325
- // Otherwise, we don't transform the aesExchangeKeys for this delegate
1326
- delAcc[delId] = delKeys;
1327
- }
1328
- return delAcc;
1329
- }));
1330
- return pubAcc;
1331
- }));
1332
- // After adding the potential new aesExchangeKeys, we save the updated data owner
1333
- return this._saveDataOwner({
1334
- type: dataOwnerToUpdate.type,
1335
- dataOwner: Object.assign(Object.assign({}, dataOwnerToUpdate.dataOwner), { aesExchangeKeys: newAesExchangeKeys }),
1312
+ }
1313
+ return updatedExchangeKeys;
1336
1314
  });
1315
+ yield (0, utils_1.retry)(() => __awaiter(this, void 0, void 0, function* () {
1316
+ var _c;
1317
+ const getterDo = yield this.getDataOwner(ownerId);
1318
+ const updatedGetterKeys = yield giveAccessBackToExchangeKey((_c = getterDo.dataOwner.aesExchangeKeys) !== null && _c !== void 0 ? _c : {}, ownerId, giverDoId);
1319
+ yield this._saveDataOwner({
1320
+ type: getterDo.type,
1321
+ dataOwner: Object.assign(Object.assign({}, getterDo.dataOwner), { aesExchangeKeys: updatedGetterKeys }),
1322
+ });
1323
+ }), 3, 5000, 1);
1324
+ yield (0, utils_1.retry)(() => __awaiter(this, void 0, void 0, function* () {
1325
+ var _d;
1326
+ const giverDo = yield this.getDataOwner(giverDoId);
1327
+ const updatedGiverKeys = yield giveAccessBackToExchangeKey((_d = giverDo.dataOwner.aesExchangeKeys) !== null && _d !== void 0 ? _d : {}, giverDoId, ownerId);
1328
+ yield this._saveDataOwner({
1329
+ type: giverDo.type,
1330
+ dataOwner: Object.assign(Object.assign({}, giverDo.dataOwner), { aesExchangeKeys: updatedGiverKeys }),
1331
+ });
1332
+ }), 3, 5000, 1);
1337
1333
  });
1338
1334
  }
1339
1335
  addNewKeyPairForOwnerId(maintenanceTasksApi, user, ownerId, generateTransferKey = true, sendMaintenanceTasks = true) {
@@ -1435,16 +1431,16 @@ class IccCryptoXApi {
1435
1431
  encryptAesKeyFor(aesKey, dataOwner, doNewPublicKey) {
1436
1432
  return __awaiter(this, void 0, void 0, function* () {
1437
1433
  const dataOwnerAllPubKeys = [doNewPublicKey].concat(yield this.getDataOwnerPublicKeys(dataOwner));
1438
- return this.encryptAesKeyOnlyForProvidedKeys(aesKey, dataOwner, dataOwnerAllPubKeys);
1434
+ return this.encryptAesKeyOnlyForProvidedKeys(aesKey, dataOwner.id, dataOwnerAllPubKeys);
1439
1435
  });
1440
1436
  }
1441
- encryptAesKeyOnlyForProvidedKeys(aesKey, dataOwner, dataOwnerPubKeys) {
1437
+ encryptAesKeyOnlyForProvidedKeys(aesKey, dataOwnerId, dataOwnerPubKeys) {
1442
1438
  return __awaiter(this, void 0, void 0, function* () {
1443
1439
  const encryptedAesForDataOwner = yield (0, utils_1.foldAsync)(dataOwnerPubKeys, {}, (encrAes, pubKey) => __awaiter(this, void 0, void 0, function* () {
1444
1440
  encrAes[(0, binary_utils_1.ua2hex)(yield this.RSA.exportKey(pubKey, 'spki')).slice(-32)] = (0, binary_utils_1.ua2hex)(yield this._RSA.encrypt(pubKey, (0, binary_utils_1.hex2ua)(aesKey)));
1445
1441
  return encrAes;
1446
1442
  }));
1447
- return { [dataOwner.id]: encryptedAesForDataOwner };
1443
+ return { [dataOwnerId]: encryptedAesForDataOwner };
1448
1444
  });
1449
1445
  }
1450
1446
  retrieveDataOwnerInfoAfterPotentialUpdate(dataOwnerToUpdate) {
@@ -1483,6 +1479,9 @@ class IccCryptoXApi {
1483
1479
  .map((delegateId) => {
1484
1480
  return { delegateId, maintenanceTask: this.createMaintenanceTask(dataOwner, hexNewPubKey) };
1485
1481
  });
1482
+ if (tasks.length > 0) {
1483
+ this.emptyHcpCache(dataOwner.id);
1484
+ }
1486
1485
  const res = [];
1487
1486
  for (const task of tasks) {
1488
1487
  const taskToCreate = yield (maintenanceTaskApi === null || maintenanceTaskApi === void 0 ? void 0 : maintenanceTaskApi.newInstance(user, task.maintenanceTask, [task.delegateId]));