@icure/api 7.1.14 → 8.0.0-RC.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (322) hide show
  1. package/icc-api/api/IccAccesslogApi.d.ts +12 -1
  2. package/icc-api/api/IccAccesslogApi.js +142 -98
  3. package/icc-api/api/IccAccesslogApi.js.map +1 -1
  4. package/icc-api/api/IccBemikronoApi.d.ts +81 -0
  5. package/icc-api/api/IccBemikronoApi.js +163 -0
  6. package/icc-api/api/IccBemikronoApi.js.map +1 -0
  7. package/icc-api/api/IccCalendarItemApi.d.ts +21 -1
  8. package/icc-api/api/IccCalendarItemApi.js +183 -117
  9. package/icc-api/api/IccCalendarItemApi.js.map +1 -1
  10. package/icc-api/api/IccClassificationApi.d.ts +21 -1
  11. package/icc-api/api/IccClassificationApi.js +119 -63
  12. package/icc-api/api/IccClassificationApi.js.map +1 -1
  13. package/icc-api/api/IccContactApi.d.ts +21 -1
  14. package/icc-api/api/IccContactApi.js +385 -294
  15. package/icc-api/api/IccContactApi.js.map +1 -1
  16. package/icc-api/api/IccDocumentApi.d.ts +32 -25
  17. package/icc-api/api/IccDocumentApi.js +264 -212
  18. package/icc-api/api/IccDocumentApi.js.map +1 -1
  19. package/icc-api/api/IccExchangeDataApi.d.ts +19 -0
  20. package/icc-api/api/IccExchangeDataApi.js +85 -0
  21. package/icc-api/api/IccExchangeDataApi.js.map +1 -0
  22. package/icc-api/api/IccExchangeDataMapApi.d.ts +18 -0
  23. package/icc-api/api/IccExchangeDataMapApi.js +65 -0
  24. package/icc-api/api/IccExchangeDataMapApi.js.map +1 -0
  25. package/icc-api/api/IccFormApi.d.ts +21 -1
  26. package/icc-api/api/IccFormApi.js +321 -229
  27. package/icc-api/api/IccFormApi.js.map +1 -1
  28. package/icc-api/api/IccHelementApi.d.ts +21 -1
  29. package/icc-api/api/IccHelementApi.js +207 -137
  30. package/icc-api/api/IccHelementApi.js.map +1 -1
  31. package/icc-api/api/IccInvoiceApi.d.ts +21 -1
  32. package/icc-api/api/IccInvoiceApi.js +404 -298
  33. package/icc-api/api/IccInvoiceApi.js.map +1 -1
  34. package/icc-api/api/IccMaintenanceTaskApi.d.ts +12 -1
  35. package/icc-api/api/IccMaintenanceTaskApi.js +79 -43
  36. package/icc-api/api/IccMaintenanceTaskApi.js.map +1 -1
  37. package/icc-api/api/IccMessageApi.d.ts +12 -1
  38. package/icc-api/api/IccMessageApi.js +257 -191
  39. package/icc-api/api/IccMessageApi.js.map +1 -1
  40. package/icc-api/api/IccPatientApi.d.ts +12 -1
  41. package/icc-api/api/IccPatientApi.js +447 -351
  42. package/icc-api/api/IccPatientApi.js.map +1 -1
  43. package/icc-api/api/IccReceiptApi.d.ts +22 -8
  44. package/icc-api/api/IccReceiptApi.js +121 -64
  45. package/icc-api/api/IccReceiptApi.js.map +1 -1
  46. package/icc-api/api/IccRestApiPath.js +1 -1
  47. package/icc-api/api/IccRestApiPath.js.map +1 -1
  48. package/icc-api/api/IccTimeTableApi.d.ts +12 -1
  49. package/icc-api/api/IccTimeTableApi.js +86 -48
  50. package/icc-api/api/IccTimeTableApi.js.map +1 -1
  51. package/icc-api/index.d.ts +1 -0
  52. package/icc-api/index.js +1 -0
  53. package/icc-api/index.js.map +1 -1
  54. package/icc-api/model/AccessLog.d.ts +4 -0
  55. package/icc-api/model/AccessLog.js +1 -0
  56. package/icc-api/model/AccessLog.js.map +1 -1
  57. package/icc-api/model/Article.d.ts +4 -0
  58. package/icc-api/model/Article.js +1 -0
  59. package/icc-api/model/Article.js.map +1 -1
  60. package/icc-api/model/CalendarItem.d.ts +4 -0
  61. package/icc-api/model/CalendarItem.js +1 -0
  62. package/icc-api/model/CalendarItem.js.map +1 -1
  63. package/icc-api/model/Classification.d.ts +4 -0
  64. package/icc-api/model/Classification.js +1 -0
  65. package/icc-api/model/Classification.js.map +1 -1
  66. package/icc-api/model/ClassificationTemplate.d.ts +2 -0
  67. package/icc-api/model/ClassificationTemplate.js.map +1 -1
  68. package/icc-api/model/Contact.d.ts +4 -0
  69. package/icc-api/model/Contact.js +1 -0
  70. package/icc-api/model/Contact.js.map +1 -1
  71. package/icc-api/model/Device.d.ts +4 -4
  72. package/icc-api/model/Device.js.map +1 -1
  73. package/icc-api/model/Document.d.ts +4 -0
  74. package/icc-api/model/Document.js +1 -0
  75. package/icc-api/model/Document.js.map +1 -1
  76. package/icc-api/model/ExchangeData.d.ts +61 -0
  77. package/icc-api/model/ExchangeData.js +12 -0
  78. package/icc-api/model/ExchangeData.js.map +1 -0
  79. package/icc-api/model/ExchangeDataMap.d.ts +21 -0
  80. package/icc-api/model/ExchangeDataMap.js +10 -0
  81. package/icc-api/model/ExchangeDataMap.js.map +1 -0
  82. package/icc-api/model/ExchangeDataMapCreationBatch.d.ts +13 -0
  83. package/icc-api/model/ExchangeDataMapCreationBatch.js +10 -0
  84. package/icc-api/model/ExchangeDataMapCreationBatch.js.map +1 -0
  85. package/icc-api/model/Form.d.ts +4 -0
  86. package/icc-api/model/Form.js +1 -0
  87. package/icc-api/model/Form.js.map +1 -1
  88. package/icc-api/model/HealthElement.d.ts +4 -0
  89. package/icc-api/model/HealthElement.js +1 -0
  90. package/icc-api/model/HealthElement.js.map +1 -1
  91. package/icc-api/model/HealthcareParty.d.ts +2 -2
  92. package/icc-api/model/HealthcareParty.js.map +1 -1
  93. package/icc-api/model/IcureStub.d.ts +2 -0
  94. package/icc-api/model/IcureStub.js.map +1 -1
  95. package/icc-api/model/Invoice.d.ts +4 -0
  96. package/icc-api/model/Invoice.js +1 -0
  97. package/icc-api/model/Invoice.js.map +1 -1
  98. package/icc-api/model/MaintenanceTask.d.ts +4 -0
  99. package/icc-api/model/MaintenanceTask.js +1 -0
  100. package/icc-api/model/MaintenanceTask.js.map +1 -1
  101. package/icc-api/model/Message.d.ts +4 -0
  102. package/icc-api/model/Message.js +1 -0
  103. package/icc-api/model/Message.js.map +1 -1
  104. package/icc-api/model/PaginatedListExchangeData.d.ts +9 -0
  105. package/icc-api/model/PaginatedListExchangeData.js +10 -0
  106. package/icc-api/model/PaginatedListExchangeData.js.map +1 -0
  107. package/icc-api/model/Patient.d.ts +6 -2
  108. package/icc-api/model/Patient.js +1 -0
  109. package/icc-api/model/Patient.js.map +1 -1
  110. package/icc-api/model/PatientByHcPartyGenderEducationProfession.d.ts +31 -0
  111. package/icc-api/model/PatientByHcPartyGenderEducationProfession.js +32 -0
  112. package/icc-api/model/PatientByHcPartyGenderEducationProfession.js.map +1 -0
  113. package/icc-api/model/Receipt.d.ts +4 -0
  114. package/icc-api/model/Receipt.js +1 -0
  115. package/icc-api/model/Receipt.js.map +1 -1
  116. package/icc-api/model/SecureDelegation.d.ts +52 -0
  117. package/icc-api/model/SecureDelegation.js +16 -0
  118. package/icc-api/model/SecureDelegation.js.map +1 -0
  119. package/icc-api/model/SecurityMetadata.d.ts +33 -0
  120. package/icc-api/model/SecurityMetadata.js +13 -0
  121. package/icc-api/model/SecurityMetadata.js.map +1 -0
  122. package/icc-api/model/Service.d.ts +2 -0
  123. package/icc-api/model/Service.js.map +1 -1
  124. package/icc-api/model/TimeTable.d.ts +4 -0
  125. package/icc-api/model/TimeTable.js +1 -0
  126. package/icc-api/model/TimeTable.js.map +1 -1
  127. package/icc-api/model/models.d.ts +20 -39
  128. package/icc-api/model/models.js +15 -37
  129. package/icc-api/model/models.js.map +1 -1
  130. package/icc-api/model/requests/EntityBulkShareResult.d.ts +28 -0
  131. package/icc-api/model/requests/EntityBulkShareResult.js +16 -0
  132. package/icc-api/model/requests/EntityBulkShareResult.js.map +1 -0
  133. package/icc-api/model/requests/EntityShareOrMetadataUpdateRequest.d.ts +10 -0
  134. package/icc-api/model/requests/EntityShareOrMetadataUpdateRequest.js +17 -0
  135. package/icc-api/model/requests/EntityShareOrMetadataUpdateRequest.js.map +1 -0
  136. package/icc-api/model/requests/EntityShareRequest.d.ts +110 -0
  137. package/icc-api/model/requests/EntityShareRequest.js +63 -0
  138. package/icc-api/model/requests/EntityShareRequest.js.map +1 -0
  139. package/icc-api/model/requests/EntitySharedMetadataUpdateRequest.d.ts +54 -0
  140. package/icc-api/model/requests/EntitySharedMetadataUpdateRequest.js +24 -0
  141. package/icc-api/model/requests/EntitySharedMetadataUpdateRequest.js.map +1 -0
  142. package/icc-api/model/requests/MinimalEntityBulkShareResult.d.ts +23 -0
  143. package/icc-api/model/requests/MinimalEntityBulkShareResult.js +13 -0
  144. package/icc-api/model/requests/MinimalEntityBulkShareResult.js.map +1 -0
  145. package/icc-api/model/requests/RejectedShareOrMetadataUpdateRequest.d.ts +21 -0
  146. package/icc-api/model/requests/RejectedShareOrMetadataUpdateRequest.js +14 -0
  147. package/icc-api/model/requests/RejectedShareOrMetadataUpdateRequest.js.map +1 -0
  148. package/icc-x-api/basexapi/EncryptedEntityXApi.d.ts +3 -2
  149. package/icc-x-api/basexapi/EncryptedEntityXApi.js.map +1 -1
  150. package/icc-x-api/crypto/AES.js +1 -1
  151. package/icc-x-api/crypto/AES.js.map +1 -1
  152. package/icc-x-api/crypto/AccessControlKeysHeadersProvider.d.ts +16 -0
  153. package/icc-x-api/crypto/AccessControlKeysHeadersProvider.js +41 -0
  154. package/icc-x-api/crypto/AccessControlKeysHeadersProvider.js.map +1 -0
  155. package/icc-x-api/crypto/AccessControlSecretUtils.d.ts +42 -0
  156. package/icc-x-api/crypto/AccessControlSecretUtils.js +86 -0
  157. package/icc-x-api/crypto/AccessControlSecretUtils.js.map +1 -0
  158. package/icc-x-api/crypto/BaseExchangeDataManager.d.ts +146 -0
  159. package/icc-x-api/crypto/BaseExchangeDataManager.js +342 -0
  160. package/icc-x-api/crypto/BaseExchangeDataManager.js.map +1 -0
  161. package/icc-x-api/crypto/BaseExchangeKeysManager.d.ts +0 -18
  162. package/icc-x-api/crypto/BaseExchangeKeysManager.js +11 -85
  163. package/icc-x-api/crypto/BaseExchangeKeysManager.js.map +1 -1
  164. package/icc-x-api/crypto/ConfidentialEntities.d.ts +26 -16
  165. package/icc-x-api/crypto/ConfidentialEntities.js +30 -17
  166. package/icc-x-api/crypto/ConfidentialEntities.js.map +1 -1
  167. package/icc-x-api/crypto/CryptoStrategies.d.ts +8 -1
  168. package/icc-x-api/crypto/CryptoStrategies.js.map +1 -1
  169. package/icc-x-api/crypto/ExchangeDataManager.d.ts +95 -0
  170. package/icc-x-api/crypto/ExchangeDataManager.js +493 -0
  171. package/icc-x-api/crypto/ExchangeDataManager.js.map +1 -0
  172. package/icc-x-api/crypto/ExchangeDataMapManager.d.ts +32 -0
  173. package/icc-x-api/crypto/ExchangeDataMapManager.js +70 -0
  174. package/icc-x-api/crypto/ExchangeDataMapManager.js.map +1 -0
  175. package/icc-x-api/crypto/ExchangeKeysManager.d.ts +4 -16
  176. package/icc-x-api/crypto/ExchangeKeysManager.js +4 -62
  177. package/icc-x-api/crypto/ExchangeKeysManager.js.map +1 -1
  178. package/icc-x-api/crypto/ExtendedApisUtils.d.ts +336 -0
  179. package/icc-x-api/crypto/ExtendedApisUtils.js +3 -0
  180. package/icc-x-api/crypto/ExtendedApisUtils.js.map +1 -0
  181. package/icc-x-api/crypto/ExtendedApisUtilsImpl.d.ts +181 -0
  182. package/icc-x-api/crypto/ExtendedApisUtilsImpl.js +562 -0
  183. package/icc-x-api/crypto/ExtendedApisUtilsImpl.js.map +1 -0
  184. package/icc-x-api/crypto/KeyRecovery.d.ts +5 -2
  185. package/icc-x-api/crypto/KeyRecovery.js +59 -29
  186. package/icc-x-api/crypto/KeyRecovery.js.map +1 -1
  187. package/icc-x-api/crypto/LegacyCryptoStrategies.d.ts +7 -2
  188. package/icc-x-api/crypto/LegacyCryptoStrategies.js +8 -1
  189. package/icc-x-api/crypto/LegacyCryptoStrategies.js.map +1 -1
  190. package/icc-x-api/crypto/LegacyDelegationSecurityMetadataDecryptor.d.ts +39 -0
  191. package/icc-x-api/crypto/LegacyDelegationSecurityMetadataDecryptor.js +150 -0
  192. package/icc-x-api/crypto/LegacyDelegationSecurityMetadataDecryptor.js.map +1 -0
  193. package/icc-x-api/crypto/RSA.d.ts +34 -8
  194. package/icc-x-api/crypto/RSA.js +80 -13
  195. package/icc-x-api/crypto/RSA.js.map +1 -1
  196. package/icc-x-api/crypto/SecureDelegationsEncryption.d.ts +54 -0
  197. package/icc-x-api/crypto/SecureDelegationsEncryption.js +178 -0
  198. package/icc-x-api/crypto/SecureDelegationsEncryption.js.map +1 -0
  199. package/icc-x-api/crypto/SecureDelegationsManager.d.ts +66 -0
  200. package/icc-x-api/crypto/SecureDelegationsManager.js +261 -0
  201. package/icc-x-api/crypto/SecureDelegationsManager.js.map +1 -0
  202. package/icc-x-api/crypto/SecureDelegationsSecurityMetadataDecryptor.d.ts +37 -0
  203. package/icc-x-api/crypto/SecureDelegationsSecurityMetadataDecryptor.js +294 -0
  204. package/icc-x-api/crypto/SecureDelegationsSecurityMetadataDecryptor.js.map +1 -0
  205. package/icc-x-api/crypto/SecurityMetadataDecryptor.d.ts +114 -0
  206. package/icc-x-api/crypto/SecurityMetadataDecryptor.js +98 -0
  207. package/icc-x-api/crypto/SecurityMetadataDecryptor.js.map +1 -0
  208. package/icc-x-api/crypto/ShamirKeysManager.d.ts +5 -5
  209. package/icc-x-api/crypto/ShamirKeysManager.js +6 -9
  210. package/icc-x-api/crypto/ShamirKeysManager.js.map +1 -1
  211. package/icc-x-api/crypto/TransferKeysManager.d.ts +8 -6
  212. package/icc-x-api/crypto/TransferKeysManager.js +75 -52
  213. package/icc-x-api/crypto/TransferKeysManager.js.map +1 -1
  214. package/icc-x-api/crypto/{KeyManager.d.ts → UserEncryptionKeysManager.d.ts} +4 -6
  215. package/icc-x-api/crypto/{KeyManager.js → UserEncryptionKeysManager.js} +43 -23
  216. package/icc-x-api/crypto/UserEncryptionKeysManager.js.map +1 -0
  217. package/icc-x-api/crypto/UserSignatureKeysManager.d.ts +26 -0
  218. package/icc-x-api/crypto/UserSignatureKeysManager.js +74 -0
  219. package/icc-x-api/crypto/UserSignatureKeysManager.js.map +1 -0
  220. package/icc-x-api/crypto/utils.d.ts +61 -11
  221. package/icc-x-api/crypto/utils.js +113 -44
  222. package/icc-x-api/crypto/utils.js.map +1 -1
  223. package/icc-x-api/filters/filters.js.map +1 -1
  224. package/icc-x-api/icc-accesslog-x-api.d.ts +46 -11
  225. package/icc-x-api/icc-accesslog-x-api.js +75 -42
  226. package/icc-x-api/icc-accesslog-x-api.js.map +1 -1
  227. package/icc-x-api/icc-calendar-item-x-api.d.ts +50 -14
  228. package/icc-x-api/icc-calendar-item-x-api.js +99 -49
  229. package/icc-x-api/icc-calendar-item-x-api.js.map +1 -1
  230. package/icc-x-api/icc-classification-x-api.d.ts +44 -9
  231. package/icc-x-api/icc-classification-x-api.js +56 -31
  232. package/icc-x-api/icc-classification-x-api.js.map +1 -1
  233. package/icc-x-api/icc-contact-x-api.d.ts +56 -32
  234. package/icc-x-api/icc-contact-x-api.js +95 -64
  235. package/icc-x-api/icc-contact-x-api.js.map +1 -1
  236. package/icc-x-api/icc-crypto-x-api.d.ts +28 -334
  237. package/icc-x-api/icc-crypto-x-api.js +41 -765
  238. package/icc-x-api/icc-crypto-x-api.js.map +1 -1
  239. package/icc-x-api/icc-data-owner-x-api.d.ts +20 -8
  240. package/icc-x-api/icc-data-owner-x-api.js +31 -10
  241. package/icc-x-api/icc-data-owner-x-api.js.map +1 -1
  242. package/icc-x-api/icc-document-x-api.d.ts +48 -11
  243. package/icc-x-api/icc-document-x-api.js +111 -64
  244. package/icc-x-api/icc-document-x-api.js.map +1 -1
  245. package/icc-x-api/icc-form-x-api.d.ts +45 -10
  246. package/icc-x-api/icc-form-x-api.js +65 -35
  247. package/icc-x-api/icc-form-x-api.js.map +1 -1
  248. package/icc-x-api/icc-hcparty-x-api.d.ts +2 -2
  249. package/icc-x-api/icc-hcparty-x-api.js +3 -3
  250. package/icc-x-api/icc-hcparty-x-api.js.map +1 -1
  251. package/icc-x-api/icc-helement-x-api.d.ts +55 -18
  252. package/icc-x-api/icc-helement-x-api.js +76 -41
  253. package/icc-x-api/icc-helement-x-api.js.map +1 -1
  254. package/icc-x-api/icc-icure-maintenance-x-api.d.ts +7 -2
  255. package/icc-x-api/icc-icure-maintenance-x-api.js +38 -27
  256. package/icc-x-api/icc-icure-maintenance-x-api.js.map +1 -1
  257. package/icc-x-api/icc-invoice-x-api.d.ts +50 -15
  258. package/icc-x-api/icc-invoice-x-api.js +63 -33
  259. package/icc-x-api/icc-invoice-x-api.js.map +1 -1
  260. package/icc-x-api/icc-maintenance-task-x-api.d.ts +53 -21
  261. package/icc-x-api/icc-maintenance-task-x-api.js +72 -35
  262. package/icc-x-api/icc-maintenance-task-x-api.js.map +1 -1
  263. package/icc-x-api/icc-message-x-api.d.ts +53 -15
  264. package/icc-x-api/icc-message-x-api.js +65 -36
  265. package/icc-x-api/icc-message-x-api.js.map +1 -1
  266. package/icc-x-api/icc-patient-x-api.d.ts +84 -29
  267. package/icc-x-api/icc-patient-x-api.js +313 -378
  268. package/icc-x-api/icc-patient-x-api.js.map +1 -1
  269. package/icc-x-api/icc-receipt-x-api.d.ts +44 -12
  270. package/icc-x-api/icc-receipt-x-api.js +67 -35
  271. package/icc-x-api/icc-receipt-x-api.js.map +1 -1
  272. package/icc-x-api/icc-time-table-x-api.d.ts +43 -12
  273. package/icc-x-api/icc-time-table-x-api.js +56 -26
  274. package/icc-x-api/icc-time-table-x-api.js.map +1 -1
  275. package/icc-x-api/icc-user-x-api.d.ts +2 -2
  276. package/icc-x-api/icc-user-x-api.js +3 -3
  277. package/icc-x-api/icc-user-x-api.js.map +1 -1
  278. package/icc-x-api/index.d.ts +4 -2
  279. package/icc-x-api/index.js +154 -135
  280. package/icc-x-api/index.js.map +1 -1
  281. package/icc-x-api/storage/DefaultStorageEntryKeysFactory.d.ts +2 -0
  282. package/icc-x-api/storage/DefaultStorageEntryKeysFactory.js +9 -2
  283. package/icc-x-api/storage/DefaultStorageEntryKeysFactory.js.map +1 -1
  284. package/icc-x-api/storage/IcureStorageFacade.d.ts +23 -2
  285. package/icc-x-api/storage/IcureStorageFacade.js +36 -2
  286. package/icc-x-api/storage/IcureStorageFacade.js.map +1 -1
  287. package/icc-x-api/storage/KeyStorageFacade.d.ts +12 -0
  288. package/icc-x-api/storage/KeyStorageFacade.js.map +1 -1
  289. package/icc-x-api/storage/KeyStorageImpl.d.ts +2 -0
  290. package/icc-x-api/storage/KeyStorageImpl.js +10 -0
  291. package/icc-x-api/storage/KeyStorageImpl.js.map +1 -1
  292. package/icc-x-api/storage/StorageEntryKeysFactory.d.ts +14 -1
  293. package/icc-x-api/storage/StorageEntryKeysFactory.js.map +1 -1
  294. package/icc-x-api/utils/EntityWithDelegationTypeName.d.ts +32 -0
  295. package/icc-x-api/utils/EntityWithDelegationTypeName.js +75 -0
  296. package/icc-x-api/utils/EntityWithDelegationTypeName.js.map +1 -0
  297. package/icc-x-api/utils/ShareResult.d.ts +74 -0
  298. package/icc-x-api/utils/ShareResult.js +61 -0
  299. package/icc-x-api/utils/ShareResult.js.map +1 -0
  300. package/icc-x-api/utils/binary-utils.d.ts +1 -0
  301. package/icc-x-api/utils/binary-utils.js +8 -1
  302. package/icc-x-api/utils/binary-utils.js.map +1 -1
  303. package/icc-x-api/utils/collection-utils.d.ts +5 -0
  304. package/icc-x-api/utils/collection-utils.js +26 -1
  305. package/icc-x-api/utils/collection-utils.js.map +1 -1
  306. package/icc-x-api/utils/crypto-utils.d.ts +4 -3
  307. package/icc-x-api/utils/crypto-utils.js +5 -4
  308. package/icc-x-api/utils/crypto-utils.js.map +1 -1
  309. package/icc-x-api/utils/lru-temporised-async-cache.d.ts +26 -3
  310. package/icc-x-api/utils/lru-temporised-async-cache.js +75 -15
  311. package/icc-x-api/utils/lru-temporised-async-cache.js.map +1 -1
  312. package/icc-x-api/utils/websocket.d.ts +10 -10
  313. package/icc-x-api/utils/websocket.js +18 -9
  314. package/icc-x-api/utils/websocket.js.map +1 -1
  315. package/index.d.ts +1 -1
  316. package/index.js +3 -1
  317. package/index.js.map +1 -1
  318. package/package.json +2 -3
  319. package/icc-x-api/crypto/EntitiesEncryption.d.ts +0 -275
  320. package/icc-x-api/crypto/EntitiesEncryption.js +0 -734
  321. package/icc-x-api/crypto/EntitiesEncryption.js.map +0 -1
  322. package/icc-x-api/crypto/KeyManager.js.map +0 -1
@@ -0,0 +1,86 @@
1
+ "use strict";
2
+ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
3
+ function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
4
+ return new (P || (P = Promise))(function (resolve, reject) {
5
+ function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
6
+ function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
7
+ function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
8
+ step((generator = generator.apply(thisArg, _arguments || [])).next());
9
+ });
10
+ };
11
+ Object.defineProperty(exports, "__esModule", { value: true });
12
+ exports.AccessControlSecretUtils = void 0;
13
+ const utils_1 = require("../utils");
14
+ const ACCESS_CONTROL_KEY_LENGTH_BYTES = 16;
15
+ /**
16
+ * @internal this class is intended for internal use only and may be changed without notice.
17
+ */
18
+ class AccessControlSecretUtils {
19
+ constructor(primitives) {
20
+ this.primitives = primitives;
21
+ }
22
+ /**
23
+ * Size of the access control keys returned by this class.
24
+ */
25
+ get accessControlKeyLengthBytes() {
26
+ return ACCESS_CONTROL_KEY_LENGTH_BYTES;
27
+ }
28
+ /**
29
+ * Get the access control key to use for entities of the provided type and using the provided secret foreign key. The combination of secret foreign
30
+ * keys and entity type ensures that unauthorised people will not be able to draw links between entities of different types of data or different
31
+ * confidentiality levels.
32
+ * These keys will be sent to the icure server for access control of data owners which require anonymous delegations.
33
+ * @param accessControlSecret an access control secret
34
+ * @param entityTypeName an entity type name
35
+ * @param secretForeignKey optionally a secret foreign key to include in the secret. "" and undefined are equivalent.
36
+ */
37
+ accessControlKeyFor(accessControlSecret, entityTypeName, secretForeignKey) {
38
+ return __awaiter(this, void 0, void 0, function* () {
39
+ // Usage of sfks in secure delegation key should be configurable: it is not necessary for all users and it has some performance impact
40
+ // Ignore secret foreign key for now
41
+ return (yield this.primitives.sha256((0, utils_1.utf8_2ua)(accessControlSecret + entityTypeName /* + (secretForeignKey ?? '')*/))).slice(0, ACCESS_CONTROL_KEY_LENGTH_BYTES);
42
+ });
43
+ }
44
+ /**
45
+ * Get the access control keys for proving access to an entity of provided type with the provided secret foreign keys.
46
+ */
47
+ accessControlKeysFor(accessControlSecret, entityTypeName, secretForeignKeys) {
48
+ return __awaiter(this, void 0, void 0, function* () {
49
+ return yield this.getKeys(accessControlSecret, entityTypeName, secretForeignKeys, (a, b, c) => this.accessControlKeyFor(a, b, c));
50
+ });
51
+ }
52
+ /**
53
+ * Get value to use as key in secure delegations for entities of the provided type with the provided secret foreign key. The combination of secret
54
+ * foreign keys and entity type ensures that unauthorised people will not be able to draw links between entities of different types of data or
55
+ * different confidentiality levels.
56
+ * These keys will be used in the secure delegations map of security metadata.
57
+ * @param accessControlSecret an access control secret
58
+ * @param entityTypeName an entity type name
59
+ * @param secretForeignKey optionally a secret foreign key to include in the secret. "" and undefined are equivalent.
60
+ */
61
+ secureDelegationKeyFor(accessControlSecret, entityTypeName, secretForeignKey) {
62
+ return __awaiter(this, void 0, void 0, function* () {
63
+ return (0, utils_1.ua2hex)(yield this.primitives.sha256(yield this.accessControlKeyFor(accessControlSecret, entityTypeName, secretForeignKey)));
64
+ });
65
+ }
66
+ /**
67
+ * Get the secure delegations keys which can be used on an entity of provided type with the provided secret foreign keys.
68
+ */
69
+ secureDelegationKeysFor(accessControlSecret, entityTypeName, secretForeignKeys) {
70
+ return __awaiter(this, void 0, void 0, function* () {
71
+ return yield this.getKeys(accessControlSecret, entityTypeName, secretForeignKeys, (a, b, c) => this.secureDelegationKeyFor(a, b, c));
72
+ });
73
+ }
74
+ getKeys(accessControlSecret, entityTypeName, secretForeignKeys, getKey) {
75
+ return __awaiter(this, void 0, void 0, function* () {
76
+ // Usage of sfks in secure delegation key should be configurable: it is not necessary for all users and it has some performance impact
77
+ // if (!secretForeignKeys.length) {
78
+ return [yield getKey(accessControlSecret, entityTypeName, undefined)];
79
+ // } else {
80
+ // return await Promise.all(secretForeignKeys.map((sfk) => getKey(accessControlSecret, entityTypeName, sfk)))
81
+ // }
82
+ });
83
+ }
84
+ }
85
+ exports.AccessControlSecretUtils = AccessControlSecretUtils;
86
+ //# sourceMappingURL=AccessControlSecretUtils.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"AccessControlSecretUtils.js","sourceRoot":"","sources":["../../../icc-x-api/crypto/AccessControlSecretUtils.ts"],"names":[],"mappings":";;;;;;;;;;;;AAEA,oCAA2C;AAE3C,MAAM,+BAA+B,GAAG,EAAE,CAAA;AAE1C;;GAEG;AACH,MAAa,wBAAwB;IACnC,YAA6B,UAA4B;QAA5B,eAAU,GAAV,UAAU,CAAkB;IAAG,CAAC;IAE7D;;OAEG;IACH,IAAI,2BAA2B;QAC7B,OAAO,+BAA+B,CAAA;IACxC,CAAC;IAED;;;;;;;;OAQG;IACG,mBAAmB,CACvB,mBAA2B,EAC3B,cAA4C,EAC5C,gBAAoC;;YAEpC,sIAAsI;YACtI,oCAAoC;YACpC,OAAO,CAAC,MAAM,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,IAAA,gBAAQ,EAAC,mBAAmB,GAAG,cAAc,CAAC,+BAA+B,CAAC,CAAC,CAAC,CAAC,KAAK,CACzH,CAAC,EACD,+BAA+B,CAChC,CAAA;QACH,CAAC;KAAA;IAED;;OAEG;IACG,oBAAoB,CACxB,mBAA2B,EAC3B,cAA4C,EAC5C,iBAA2B;;YAE3B,OAAO,MAAM,IAAI,CAAC,OAAO,CAAC,mBAAmB,EAAE,cAAc,EAAE,iBAAiB,EAAE,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC,CAAA;QACnI,CAAC;KAAA;IAED;;;;;;;;OAQG;IACG,sBAAsB,CAC1B,mBAA2B,EAC3B,cAA4C,EAC5C,gBAAoC;;YAEpC,OAAO,IAAA,cAAM,EAAC,MAAM,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,MAAM,IAAI,CAAC,mBAAmB,CAAC,mBAAmB,EAAE,cAAc,EAAE,gBAAgB,CAAC,CAAC,CAAC,CAAA;QACpI,CAAC;KAAA;IAED;;OAEG;IACG,uBAAuB,CAC3B,mBAA2B,EAC3B,cAA4C,EAC5C,iBAA2B;;YAE3B,OAAO,MAAM,IAAI,CAAC,OAAO,CAAC,mBAAmB,EAAE,cAAc,EAAE,iBAAiB,EAAE,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC,CAAA;QACtI,CAAC;KAAA;IAEa,OAAO,CACnB,mBAA2B,EAC3B,cAA4C,EAC5C,iBAA2B,EAC3B,MAAuI;;YAEvI,sIAAsI;YAEtI,mCAAmC;YACnC,OAAO,CAAC,MAAM,MAAM,CAAC,mBAAmB,EAAE,cAAc,EAAE,SAAS,CAAC,CAAC,CAAA;YACrE,WAAW;YACX,+GAA+G;YAC/G,IAAI;QACN,CAAC;KAAA;CACF;AArFD,4DAqFC","sourcesContent":["import { CryptoPrimitives } from './CryptoPrimitives'\nimport { EntityWithDelegationTypeName } from '../utils/EntityWithDelegationTypeName'\nimport { ua2hex, utf8_2ua } from '../utils'\n\nconst ACCESS_CONTROL_KEY_LENGTH_BYTES = 16\n\n/**\n * @internal this class is intended for internal use only and may be changed without notice.\n */\nexport class AccessControlSecretUtils {\n constructor(private readonly primitives: CryptoPrimitives) {}\n\n /**\n * Size of the access control keys returned by this class.\n */\n get accessControlKeyLengthBytes(): number {\n return ACCESS_CONTROL_KEY_LENGTH_BYTES\n }\n\n /**\n * Get the access control key to use for entities of the provided type and using the provided secret foreign key. The combination of secret foreign\n * keys and entity type ensures that unauthorised people will not be able to draw links between entities of different types of data or different\n * confidentiality levels.\n * These keys will be sent to the icure server for access control of data owners which require anonymous delegations.\n * @param accessControlSecret an access control secret\n * @param entityTypeName an entity type name\n * @param secretForeignKey optionally a secret foreign key to include in the secret. \"\" and undefined are equivalent.\n */\n async accessControlKeyFor(\n accessControlSecret: string,\n entityTypeName: EntityWithDelegationTypeName,\n secretForeignKey: string | undefined\n ): Promise<ArrayBuffer> {\n // Usage of sfks in secure delegation key should be configurable: it is not necessary for all users and it has some performance impact\n // Ignore secret foreign key for now\n return (await this.primitives.sha256(utf8_2ua(accessControlSecret + entityTypeName /* + (secretForeignKey ?? '')*/))).slice(\n 0,\n ACCESS_CONTROL_KEY_LENGTH_BYTES\n )\n }\n\n /**\n * Get the access control keys for proving access to an entity of provided type with the provided secret foreign keys.\n */\n async accessControlKeysFor(\n accessControlSecret: string,\n entityTypeName: EntityWithDelegationTypeName,\n secretForeignKeys: string[]\n ): Promise<ArrayBuffer[]> {\n return await this.getKeys(accessControlSecret, entityTypeName, secretForeignKeys, (a, b, c) => this.accessControlKeyFor(a, b, c))\n }\n\n /**\n * Get value to use as key in secure delegations for entities of the provided type with the provided secret foreign key. The combination of secret\n * foreign keys and entity type ensures that unauthorised people will not be able to draw links between entities of different types of data or\n * different confidentiality levels.\n * These keys will be used in the secure delegations map of security metadata.\n * @param accessControlSecret an access control secret\n * @param entityTypeName an entity type name\n * @param secretForeignKey optionally a secret foreign key to include in the secret. \"\" and undefined are equivalent.\n */\n async secureDelegationKeyFor(\n accessControlSecret: string,\n entityTypeName: EntityWithDelegationTypeName,\n secretForeignKey: string | undefined\n ): Promise<string> {\n return ua2hex(await this.primitives.sha256(await this.accessControlKeyFor(accessControlSecret, entityTypeName, secretForeignKey)))\n }\n\n /**\n * Get the secure delegations keys which can be used on an entity of provided type with the provided secret foreign keys.\n */\n async secureDelegationKeysFor(\n accessControlSecret: string,\n entityTypeName: EntityWithDelegationTypeName,\n secretForeignKeys: string[]\n ): Promise<string[]> {\n return await this.getKeys(accessControlSecret, entityTypeName, secretForeignKeys, (a, b, c) => this.secureDelegationKeyFor(a, b, c))\n }\n\n private async getKeys<T>(\n accessControlSecret: string,\n entityTypeName: EntityWithDelegationTypeName,\n secretForeignKeys: string[],\n getKey: (accessControlSecret: string, entityTypeName: EntityWithDelegationTypeName, secretForeignKey: string | undefined) => Promise<T>\n ): Promise<T[]> {\n // Usage of sfks in secure delegation key should be configurable: it is not necessary for all users and it has some performance impact\n\n // if (!secretForeignKeys.length) {\n return [await getKey(accessControlSecret, entityTypeName, undefined)]\n // } else {\n // return await Promise.all(secretForeignKeys.map((sfk) => getKey(accessControlSecret, entityTypeName, sfk)))\n // }\n }\n}\n"]}
@@ -0,0 +1,146 @@
1
+ import { IccDataOwnerXApi } from '../icc-data-owner-x-api';
2
+ import { KeyPair } from './RSA';
3
+ import { ExchangeData } from '../../icc-api/model/ExchangeData';
4
+ import { IccExchangeDataApi } from '../../icc-api/api/IccExchangeDataApi';
5
+ import { CryptoPrimitives } from './CryptoPrimitives';
6
+ /**
7
+ * @internal this class is intended for internal use only and may be modified without notice
8
+ * Functions to create and get exchange data.
9
+ * The methods of this api require to pass the appropriate keys for encryption/decryption manually.
10
+ */
11
+ export declare class BaseExchangeDataManager {
12
+ readonly api: IccExchangeDataApi;
13
+ private readonly dataOwnerApi;
14
+ private readonly primitives;
15
+ private readonly selfRequiresAnonymousDelegations;
16
+ constructor(api: IccExchangeDataApi, dataOwnerApi: IccDataOwnerXApi, primitives: CryptoPrimitives, selfRequiresAnonymousDelegations: boolean);
17
+ /**
18
+ * Get all the exchange data where the current data owner is the delegator or the delegate. However, some data owners, generally HCPs, may have a
19
+ * prohibitively high amount of exchange data. If the crypto strategies specify that the current data owner requires anonymous delegation this
20
+ * method returns all the exchange data found for the data owner, else the method returns undefined.
21
+ * @return all the exchange data for the current data owner or undefined if the crypto strategies don't allow to retrieve all data for the current
22
+ * data owner.
23
+ */
24
+ getAllExchangeDataForCurrentDataOwnerIfAllowed(): Promise<ExchangeData[] | undefined>;
25
+ /**
26
+ * Get all exchange data for the provided delegator-delegate pair.
27
+ * @param delegatorId id of a delegator data owner.
28
+ * @param delegateId id of a delegate data owner.
29
+ * @return all exchange data for the provided delegator-delegate pair.
30
+ */
31
+ getExchangeDataByDelegatorDelegatePair(delegatorId: string, delegateId: string): Promise<ExchangeData[]>;
32
+ /**
33
+ * Get the exchange data with the provided id.
34
+ * @param exchangeDataId id of the exchange data.
35
+ * @return the exchange data with the provided id or undefined if no exchange data with such id could be found.
36
+ */
37
+ getExchangeDataById(exchangeDataId: string): Promise<ExchangeData | undefined>;
38
+ /**
39
+ * Filters exchange data returning only the instances that could be verified using their signature and the provided verification
40
+ * keys.
41
+ * Note that all exchange data created by data owners other than the current data owner (including members of his hierarchy)
42
+ * will always be unverified.
43
+ * @param exchangeData the exchange data to verify.
44
+ * @param getVerificationKey function to retrieve keys to use for verification by fingerprint.
45
+ * @return the exchange data which could be verified given his signature and the available verification keys.
46
+ * @throws if any of the provided exchange data has been created by a data owner other than the current data owner.
47
+ */
48
+ filterVerifiedExchangeData(exchangeData: ExchangeData[], getVerificationKey: (publicKeyFingerprint: string) => Promise<CryptoKey | undefined>): Promise<ExchangeData[]>;
49
+ /**
50
+ * Verifies the authenticity of the exchange data by checking the signature.
51
+ * Note that all exchange data created by data owners other than the current data owner (including members of his hierarchy)
52
+ * will always be unverified.
53
+ * @param exchangeData the exchange data to verify.
54
+ * @param getVerificationKey function to retrieve keys to use for verification by fingerprint.
55
+ * @return the exchange data which could be verified given his signature and the available verification keys.
56
+ * @throws if any of the provided exchange data has been created by a data owner other than the current data owner.
57
+ */
58
+ verifyExchangeData(exchangeData: ExchangeData, getVerificationKey: (publicKeyFingerprint: string) => Promise<CryptoKey | undefined>): Promise<boolean>;
59
+ /**
60
+ * Extracts and decrypts the access control secret from the provided exchange data.
61
+ * These need to be hashed together with the entity class and confidentiality level in order to get the actual access control key
62
+ * which will be sent to the server.
63
+ * @param exchangeData the exchange data from which to extract access control secrets.
64
+ * @param decryptionKeys rsa key pairs to use for decryption of the access control secret.
65
+ * @return an object composed of:
66
+ * - successfulDecryptions: array of all successfully decrypted access control keys
67
+ * - failedDecryptions: array containing all exchange data for which the access control key could not be decrypted (using the provided keys).
68
+ */
69
+ tryDecryptAccessControlSecret(exchangeData: ExchangeData[], decryptionKeys: {
70
+ [publicKeyFingerprint: string]: KeyPair<CryptoKey>;
71
+ }): Promise<{
72
+ successfulDecryptions: string[];
73
+ failedDecryptions: ExchangeData[];
74
+ }>;
75
+ /**
76
+ * Extract and decrypts the exchange keys from the provided exchange data.
77
+ * @param exchangeData the exchange data from which to extract exchange keys.
78
+ * @param decryptionKeys rsa key pairs to use for the decryption of the exchange keys.
79
+ * @return an object composed of:
80
+ * - successfulDecryptions: array containing the successfully decrypted exchange keys.
81
+ * - failedDecryptions: array containing all exchange data for which the access control key could not be decrypted (using the provided keys).
82
+ */
83
+ tryDecryptExchangeKeys(exchangeData: ExchangeData[], decryptionKeys: {
84
+ [publicKeyFingerprint: string]: KeyPair<CryptoKey>;
85
+ }): Promise<{
86
+ successfulDecryptions: CryptoKey[];
87
+ failedDecryptions: ExchangeData[];
88
+ }>;
89
+ private tryDecryptExchangeData;
90
+ private tryDecrypt;
91
+ /**
92
+ * Creates exchange data from the current data owner to the provided delegate, uploading the newly created exchange data to the cloud.
93
+ * This assumes that the keys have been verified.
94
+ * @param delegateId id of the delegate for the new exchange data.
95
+ * @param signatureKeys private keys to use for signing the created data.
96
+ * @param encryptionKeys public keys to use for the encryption of the exchange data (from delegator and delegate).
97
+ * @param optionalAttributes optional precalculated attributes for the creation of data
98
+ * @return the newly created exchange data, and its decrypted exchange key and access control secret.
99
+ */
100
+ createExchangeData(delegateId: string, signatureKeys: {
101
+ [keyPairFingerprint: string]: CryptoKey;
102
+ }, encryptionKeys: {
103
+ [keyPairFingerprint: string]: CryptoKey;
104
+ }, optionalAttributes?: {
105
+ id?: string;
106
+ }): Promise<{
107
+ exchangeData: ExchangeData;
108
+ exchangeKey: CryptoKey;
109
+ accessControlSecret: string;
110
+ }>;
111
+ /**
112
+ * Updates existing exchange data and uploads it to the cloud in order to share it also with additional public keys, useful for example in cases
113
+ * where one of the data owners involved in the exchange data has lost one of his keys.
114
+ * If the content of the exchange data could not be decrypted using the provided keys the method will not update anything and will return undefined.
115
+ * This method assumes that the new encryption keys have been verified.
116
+ * If the current data owner is also the delegator of the provided exchange data and at least one of the verification keys can be used to
117
+ * validate the current exchange data then the signature will be updated using the signature keys.
118
+ * Instead, if the current data owner is not the delegator of the provided exchange data, or the exchange data could not be verified using
119
+ * the provided verification keys then the updated exchange data will become unverified, and won't ever be verifiable again.
120
+ * @param exchangeData exchange data to update.
121
+ * @param decryptionKeys keys to use to extract the content of the exchange data which will be shared with the new keys.
122
+ * @param signatureKeys keys to use for the new signature of the updated exchange data.
123
+ * @param newEncryptionKeys new keys to add to the exchange data.
124
+ * @param getVerificationKey function to retrieve keys to use for verification by fingerprint.
125
+ * @return the updated exchange data, and its decrypted exchange key and access control secret, or undefined if the exchange data content could not
126
+ * be decrypted and the exchange data could not be updated.
127
+ */
128
+ tryUpdateExchangeData(exchangeData: ExchangeData, decryptionKeys: {
129
+ [publicKeyFingerprint: string]: KeyPair<CryptoKey>;
130
+ }, newEncryptionKeys: {
131
+ [keyPairFingerprint: string]: CryptoKey;
132
+ }, signatureKeys: {
133
+ [keyPairFingerprint: string]: CryptoKey;
134
+ }, getVerificationKey: (publicKeyFingerprint: string) => Promise<CryptoKey | undefined>): Promise<{
135
+ exchangeData: ExchangeData;
136
+ exchangeKey: CryptoKey;
137
+ accessControlSecret: string;
138
+ } | undefined>;
139
+ private bytesToSign;
140
+ private generateExchangeKey;
141
+ private importExchangeKey;
142
+ private generateAccessControlSecret;
143
+ private importAccessControlSecret;
144
+ private encryptDataWithKeys;
145
+ private signDataWithKeys;
146
+ }
@@ -0,0 +1,342 @@
1
+ "use strict";
2
+ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
3
+ function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
4
+ return new (P || (P = Promise))(function (resolve, reject) {
5
+ function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
6
+ function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
7
+ function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
8
+ step((generator = generator.apply(thisArg, _arguments || [])).next());
9
+ });
10
+ };
11
+ Object.defineProperty(exports, "__esModule", { value: true });
12
+ exports.BaseExchangeDataManager = void 0;
13
+ const ExchangeData_1 = require("../../icc-api/model/ExchangeData");
14
+ const XHR_1 = require("../../icc-api/api/XHR");
15
+ var XHRError = XHR_1.XHR.XHRError;
16
+ const utils_1 = require("../utils");
17
+ const _ = require("lodash");
18
+ const utils_2 = require("./utils");
19
+ /**
20
+ * @internal this class is intended for internal use only and may be modified without notice
21
+ * Functions to create and get exchange data.
22
+ * The methods of this api require to pass the appropriate keys for encryption/decryption manually.
23
+ */
24
+ class BaseExchangeDataManager {
25
+ constructor(api, dataOwnerApi, primitives, selfRequiresAnonymousDelegations) {
26
+ this.api = api;
27
+ this.dataOwnerApi = dataOwnerApi;
28
+ this.primitives = primitives;
29
+ this.selfRequiresAnonymousDelegations = selfRequiresAnonymousDelegations;
30
+ }
31
+ /**
32
+ * Get all the exchange data where the current data owner is the delegator or the delegate. However, some data owners, generally HCPs, may have a
33
+ * prohibitively high amount of exchange data. If the crypto strategies specify that the current data owner requires anonymous delegation this
34
+ * method returns all the exchange data found for the data owner, else the method returns undefined.
35
+ * @return all the exchange data for the current data owner or undefined if the crypto strategies don't allow to retrieve all data for the current
36
+ * data owner.
37
+ */
38
+ getAllExchangeDataForCurrentDataOwnerIfAllowed() {
39
+ var _a, _b;
40
+ return __awaiter(this, void 0, void 0, function* () {
41
+ if (!this.selfRequiresAnonymousDelegations)
42
+ return undefined;
43
+ const dataOwnerId = yield this.dataOwnerApi.getCurrentDataOwnerId();
44
+ let latestResult = yield this.api.getExchangeDataByParticipant(dataOwnerId, undefined, 1000);
45
+ const allRetrieved = (_a = latestResult.rows) !== null && _a !== void 0 ? _a : [];
46
+ while ((_b = latestResult.nextKeyPair) === null || _b === void 0 ? void 0 : _b.startKeyDocId) {
47
+ latestResult = yield this.api.getExchangeDataByParticipant(dataOwnerId, latestResult.nextKeyPair.startKeyDocId, 1000);
48
+ if (latestResult.rows)
49
+ allRetrieved.push(...latestResult.rows);
50
+ }
51
+ return allRetrieved;
52
+ });
53
+ }
54
+ /**
55
+ * Get all exchange data for the provided delegator-delegate pair.
56
+ * @param delegatorId id of a delegator data owner.
57
+ * @param delegateId id of a delegate data owner.
58
+ * @return all exchange data for the provided delegator-delegate pair.
59
+ */
60
+ getExchangeDataByDelegatorDelegatePair(delegatorId, delegateId) {
61
+ return __awaiter(this, void 0, void 0, function* () {
62
+ return yield this.api.getExchangeDataByDelegatorDelegate(delegatorId, delegateId);
63
+ });
64
+ }
65
+ /**
66
+ * Get the exchange data with the provided id.
67
+ * @param exchangeDataId id of the exchange data.
68
+ * @return the exchange data with the provided id or undefined if no exchange data with such id could be found.
69
+ */
70
+ getExchangeDataById(exchangeDataId) {
71
+ return __awaiter(this, void 0, void 0, function* () {
72
+ return yield this.api.getExchangeDataById(exchangeDataId).catch((e) => {
73
+ if (e instanceof XHRError && e.statusCode === 404) {
74
+ return undefined;
75
+ }
76
+ else
77
+ throw e;
78
+ });
79
+ });
80
+ }
81
+ /**
82
+ * Filters exchange data returning only the instances that could be verified using their signature and the provided verification
83
+ * keys.
84
+ * Note that all exchange data created by data owners other than the current data owner (including members of his hierarchy)
85
+ * will always be unverified.
86
+ * @param exchangeData the exchange data to verify.
87
+ * @param getVerificationKey function to retrieve keys to use for verification by fingerprint.
88
+ * @return the exchange data which could be verified given his signature and the available verification keys.
89
+ * @throws if any of the provided exchange data has been created by a data owner other than the current data owner.
90
+ */
91
+ filterVerifiedExchangeData(exchangeData, getVerificationKey) {
92
+ return __awaiter(this, void 0, void 0, function* () {
93
+ const verified = [];
94
+ for (const ed of exchangeData) {
95
+ if (yield this.verifyExchangeData(ed, (x) => getVerificationKey(x)))
96
+ verified.push(ed);
97
+ }
98
+ return verified;
99
+ });
100
+ }
101
+ /**
102
+ * Verifies the authenticity of the exchange data by checking the signature.
103
+ * Note that all exchange data created by data owners other than the current data owner (including members of his hierarchy)
104
+ * will always be unverified.
105
+ * @param exchangeData the exchange data to verify.
106
+ * @param getVerificationKey function to retrieve keys to use for verification by fingerprint.
107
+ * @return the exchange data which could be verified given his signature and the available verification keys.
108
+ * @throws if any of the provided exchange data has been created by a data owner other than the current data owner.
109
+ */
110
+ verifyExchangeData(exchangeData, getVerificationKey) {
111
+ return __awaiter(this, void 0, void 0, function* () {
112
+ const dataOwnerId = yield this.dataOwnerApi.getCurrentDataOwnerId();
113
+ if (exchangeData.delegator !== dataOwnerId)
114
+ return false;
115
+ const signatureData = yield this.bytesToSign(exchangeData);
116
+ for (const [fp, signature] of Object.entries(exchangeData.signature)) {
117
+ const verificationKey = yield getVerificationKey(fp.slice(-32));
118
+ if (verificationKey && (yield this.primitives.RSA.verifySignature(verificationKey, (0, utils_1.b64_2ua)(signature), signatureData)))
119
+ return true;
120
+ }
121
+ return false;
122
+ });
123
+ }
124
+ /**
125
+ * Extracts and decrypts the access control secret from the provided exchange data.
126
+ * These need to be hashed together with the entity class and confidentiality level in order to get the actual access control key
127
+ * which will be sent to the server.
128
+ * @param exchangeData the exchange data from which to extract access control secrets.
129
+ * @param decryptionKeys rsa key pairs to use for decryption of the access control secret.
130
+ * @return an object composed of:
131
+ * - successfulDecryptions: array of all successfully decrypted access control keys
132
+ * - failedDecryptions: array containing all exchange data for which the access control key could not be decrypted (using the provided keys).
133
+ */
134
+ tryDecryptAccessControlSecret(exchangeData, decryptionKeys) {
135
+ return __awaiter(this, void 0, void 0, function* () {
136
+ return yield this.tryDecryptExchangeData(exchangeData, decryptionKeys, (ed) => ed.accessControlSecret, (d) => this.importAccessControlSecret(new Uint8Array(d)));
137
+ });
138
+ }
139
+ /**
140
+ * Extract and decrypts the exchange keys from the provided exchange data.
141
+ * @param exchangeData the exchange data from which to extract exchange keys.
142
+ * @param decryptionKeys rsa key pairs to use for the decryption of the exchange keys.
143
+ * @return an object composed of:
144
+ * - successfulDecryptions: array containing the successfully decrypted exchange keys.
145
+ * - failedDecryptions: array containing all exchange data for which the access control key could not be decrypted (using the provided keys).
146
+ */
147
+ tryDecryptExchangeKeys(exchangeData, decryptionKeys) {
148
+ return __awaiter(this, void 0, void 0, function* () {
149
+ return yield this.tryDecryptExchangeData(exchangeData, decryptionKeys, (ed) => ed.exchangeKey, (d) => this.importExchangeKey(new Uint8Array(d)));
150
+ });
151
+ }
152
+ tryDecryptExchangeData(exchangeData, decryptionKeys, encryptedDataSelector, unmarshalDecrypted) {
153
+ return __awaiter(this, void 0, void 0, function* () {
154
+ const successfulDecryptions = [];
155
+ const failedDecryptions = [];
156
+ for (const ed of exchangeData) {
157
+ try {
158
+ const decrypted = yield this.tryDecrypt(encryptedDataSelector(ed), decryptionKeys);
159
+ if (decrypted) {
160
+ successfulDecryptions.push(yield unmarshalDecrypted(decrypted));
161
+ }
162
+ else {
163
+ failedDecryptions.push(ed);
164
+ }
165
+ }
166
+ catch (e) {
167
+ failedDecryptions.push(ed);
168
+ }
169
+ }
170
+ return { successfulDecryptions, failedDecryptions };
171
+ });
172
+ }
173
+ tryDecrypt(encryptedData, decryptionKeys) {
174
+ var _a;
175
+ return __awaiter(this, void 0, void 0, function* () {
176
+ const decryptionKeysWithV2Fp = Object.keys(decryptionKeys).reduce((prev, fp) => {
177
+ return Object.assign(Object.assign({}, prev), { [(0, utils_2.fingerprintIsV1)(fp) ? (0, utils_2.fingerprintV1toV2)(fp) : fp]: decryptionKeys[fp] });
178
+ }, {});
179
+ for (const [fp, encrypted] of Object.entries(encryptedData)) {
180
+ try {
181
+ const key = (_a = decryptionKeysWithV2Fp[fp]) === null || _a === void 0 ? void 0 : _a.privateKey;
182
+ if (key)
183
+ return (0, utils_1.hex2ua)((0, utils_1.ua2utf8)(yield this.primitives.RSA.decrypt(key, (0, utils_1.b64_2ua)(encrypted))));
184
+ }
185
+ catch (e) {
186
+ // Try with another key
187
+ }
188
+ }
189
+ });
190
+ }
191
+ /**
192
+ * Creates exchange data from the current data owner to the provided delegate, uploading the newly created exchange data to the cloud.
193
+ * This assumes that the keys have been verified.
194
+ * @param delegateId id of the delegate for the new exchange data.
195
+ * @param signatureKeys private keys to use for signing the created data.
196
+ * @param encryptionKeys public keys to use for the encryption of the exchange data (from delegator and delegate).
197
+ * @param optionalAttributes optional precalculated attributes for the creation of data
198
+ * @return the newly created exchange data, and its decrypted exchange key and access control secret.
199
+ */
200
+ createExchangeData(delegateId, signatureKeys, encryptionKeys, optionalAttributes = {}) {
201
+ var _a;
202
+ return __awaiter(this, void 0, void 0, function* () {
203
+ if (!Object.keys(signatureKeys).length || !Object.keys(encryptionKeys).length) {
204
+ throw new Error('Must specify at least one signature key and ');
205
+ }
206
+ const exchangeKey = yield this.generateExchangeKey();
207
+ const accessControlSecret = yield this.generateAccessControlSecret();
208
+ const encryptedExchangeKey = yield this.encryptDataWithKeys(exchangeKey.rawBytes, encryptionKeys);
209
+ const encryptedAccessControlSecret = yield this.encryptDataWithKeys(accessControlSecret.rawBytes, encryptionKeys);
210
+ const baseExchangeData = {
211
+ id: (_a = optionalAttributes.id) !== null && _a !== void 0 ? _a : this.primitives.randomUuid(),
212
+ delegator: yield this.dataOwnerApi.getCurrentDataOwnerId(),
213
+ delegate: delegateId,
214
+ exchangeKey: encryptedExchangeKey,
215
+ accessControlSecret: encryptedAccessControlSecret,
216
+ };
217
+ const signature = yield this.signDataWithKeys(yield this.bytesToSign(baseExchangeData), signatureKeys);
218
+ const exchangeData = new ExchangeData_1.ExchangeData(Object.assign(Object.assign({}, baseExchangeData), { signature }));
219
+ return {
220
+ exchangeData: yield this.api.createExchangeData(exchangeData),
221
+ exchangeKey: exchangeKey.key,
222
+ accessControlSecret: accessControlSecret.secret,
223
+ };
224
+ });
225
+ }
226
+ /**
227
+ * Updates existing exchange data and uploads it to the cloud in order to share it also with additional public keys, useful for example in cases
228
+ * where one of the data owners involved in the exchange data has lost one of his keys.
229
+ * If the content of the exchange data could not be decrypted using the provided keys the method will not update anything and will return undefined.
230
+ * This method assumes that the new encryption keys have been verified.
231
+ * If the current data owner is also the delegator of the provided exchange data and at least one of the verification keys can be used to
232
+ * validate the current exchange data then the signature will be updated using the signature keys.
233
+ * Instead, if the current data owner is not the delegator of the provided exchange data, or the exchange data could not be verified using
234
+ * the provided verification keys then the updated exchange data will become unverified, and won't ever be verifiable again.
235
+ * @param exchangeData exchange data to update.
236
+ * @param decryptionKeys keys to use to extract the content of the exchange data which will be shared with the new keys.
237
+ * @param signatureKeys keys to use for the new signature of the updated exchange data.
238
+ * @param newEncryptionKeys new keys to add to the exchange data.
239
+ * @param getVerificationKey function to retrieve keys to use for verification by fingerprint.
240
+ * @return the updated exchange data, and its decrypted exchange key and access control secret, or undefined if the exchange data content could not
241
+ * be decrypted and the exchange data could not be updated.
242
+ */
243
+ tryUpdateExchangeData(exchangeData, decryptionKeys, newEncryptionKeys, signatureKeys, getVerificationKey) {
244
+ return __awaiter(this, void 0, void 0, function* () {
245
+ const dataOwnerId = yield this.dataOwnerApi.getCurrentDataOwnerId();
246
+ const rawExchangeKey = yield this.tryDecrypt(exchangeData.exchangeKey, decryptionKeys);
247
+ const rawAccessControlSecret = yield this.tryDecrypt(exchangeData.accessControlSecret, decryptionKeys);
248
+ if (!rawExchangeKey || !rawAccessControlSecret)
249
+ return undefined;
250
+ const exchangeKey = yield this.importExchangeKey(new Uint8Array(rawExchangeKey));
251
+ const accessControlSecret = yield this.importAccessControlSecret(new Uint8Array(rawAccessControlSecret));
252
+ const existingExchangeKeyEntries = new Set(Object.keys(exchangeData.exchangeKey));
253
+ const existingAcsEntries = new Set(Object.keys(exchangeData.accessControlSecret));
254
+ const missingEntries = Object.keys(newEncryptionKeys).filter((fp) => !existingAcsEntries.has(fp) || !existingExchangeKeyEntries.has(fp));
255
+ if (!missingEntries.length)
256
+ return { exchangeData, exchangeKey, accessControlSecret };
257
+ const encryptionKeysForMissingEntries = missingEntries.reduce((obj, fp) => {
258
+ obj[fp] = newEncryptionKeys[fp];
259
+ return obj;
260
+ }, {});
261
+ const isVerified = exchangeData.delegator == dataOwnerId && (yield this.verifyExchangeData(exchangeData, (fp) => getVerificationKey(fp)));
262
+ const updatedExchangeData = _.cloneDeep(exchangeData);
263
+ updatedExchangeData.exchangeKey = Object.assign(Object.assign({}, exchangeData.exchangeKey), (yield this.encryptDataWithKeys(rawExchangeKey, encryptionKeysForMissingEntries)));
264
+ updatedExchangeData.accessControlSecret = Object.assign(Object.assign({}, exchangeData.accessControlSecret), (yield this.encryptDataWithKeys(rawAccessControlSecret, encryptionKeysForMissingEntries)));
265
+ if (isVerified) {
266
+ const newDataToSign = yield this.bytesToSign(updatedExchangeData);
267
+ updatedExchangeData.signature = yield this.signDataWithKeys(newDataToSign, signatureKeys);
268
+ }
269
+ return { exchangeData: yield this.api.modifyExchangeData(new ExchangeData_1.ExchangeData(updatedExchangeData)), exchangeKey, accessControlSecret };
270
+ });
271
+ }
272
+ // Gets a byte representation of the parts of exchange data which should be included in the signature.
273
+ // Equivalent json representations of the exchange data should provide the same bytes (even if the order of entries
274
+ // is different).
275
+ bytesToSign(exchangeData) {
276
+ return __awaiter(this, void 0, void 0, function* () {
277
+ function sortObject(obj) {
278
+ return Object.keys(obj)
279
+ .sort()
280
+ .reduce((sorted, key) => {
281
+ return [...sorted, [key, obj[key]]];
282
+ }, []);
283
+ }
284
+ const signObject = [
285
+ ['delegator', exchangeData.delegator],
286
+ ['delegate', exchangeData.delegate],
287
+ ['exchangeKey', sortObject(exchangeData.exchangeKey)],
288
+ ['accessControlSecret', sortObject(exchangeData.accessControlSecret)],
289
+ ];
290
+ const signJson = JSON.stringify(signObject);
291
+ return this.primitives.sha256((0, utils_1.utf8_2ua)(signJson));
292
+ });
293
+ }
294
+ // Generates a new exchange key
295
+ generateExchangeKey() {
296
+ return __awaiter(this, void 0, void 0, function* () {
297
+ const rawBytes = yield this.primitives.randomBytes(32);
298
+ return {
299
+ key: yield this.importExchangeKey(rawBytes),
300
+ rawBytes,
301
+ };
302
+ });
303
+ }
304
+ importExchangeKey(decryptedBytes) {
305
+ return __awaiter(this, void 0, void 0, function* () {
306
+ return yield this.primitives.AES.importKey('raw', decryptedBytes);
307
+ });
308
+ }
309
+ // Generates a new access control secret
310
+ generateAccessControlSecret() {
311
+ return __awaiter(this, void 0, void 0, function* () {
312
+ const rawBytes = yield this.primitives.randomBytes(16);
313
+ return {
314
+ secret: yield this.importAccessControlSecret(rawBytes),
315
+ rawBytes,
316
+ };
317
+ });
318
+ }
319
+ importAccessControlSecret(decryptedBytes) {
320
+ return Promise.resolve((0, utils_1.ua2hex)(decryptedBytes));
321
+ }
322
+ encryptDataWithKeys(rawData, keys) {
323
+ return __awaiter(this, void 0, void 0, function* () {
324
+ const res = {};
325
+ for (const [fp, key] of Object.entries(keys)) {
326
+ res[(0, utils_2.fingerprintIsV1)(fp) ? (0, utils_2.fingerprintV1toV2)(fp) : fp] = (0, utils_1.ua2b64)(yield this.primitives.RSA.encrypt(key, (0, utils_1.utf8_2ua)((0, utils_1.ua2hex)(rawData))));
327
+ }
328
+ return res;
329
+ });
330
+ }
331
+ signDataWithKeys(rawData, keys) {
332
+ return __awaiter(this, void 0, void 0, function* () {
333
+ const res = {};
334
+ for (const [fp, key] of Object.entries(keys)) {
335
+ res[fp] = (0, utils_1.ua2b64)(yield this.primitives.RSA.sign(key, new Uint8Array(rawData)));
336
+ }
337
+ return res;
338
+ });
339
+ }
340
+ }
341
+ exports.BaseExchangeDataManager = BaseExchangeDataManager;
342
+ //# sourceMappingURL=BaseExchangeDataManager.js.map