@icure/api 7.1.14 → 8.0.0-RC.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/icc-api/api/IccAccesslogApi.d.ts +12 -1
- package/icc-api/api/IccAccesslogApi.js +142 -98
- package/icc-api/api/IccAccesslogApi.js.map +1 -1
- package/icc-api/api/IccBemikronoApi.d.ts +81 -0
- package/icc-api/api/IccBemikronoApi.js +163 -0
- package/icc-api/api/IccBemikronoApi.js.map +1 -0
- package/icc-api/api/IccCalendarItemApi.d.ts +21 -1
- package/icc-api/api/IccCalendarItemApi.js +183 -117
- package/icc-api/api/IccCalendarItemApi.js.map +1 -1
- package/icc-api/api/IccClassificationApi.d.ts +21 -1
- package/icc-api/api/IccClassificationApi.js +119 -63
- package/icc-api/api/IccClassificationApi.js.map +1 -1
- package/icc-api/api/IccContactApi.d.ts +21 -1
- package/icc-api/api/IccContactApi.js +385 -294
- package/icc-api/api/IccContactApi.js.map +1 -1
- package/icc-api/api/IccDocumentApi.d.ts +32 -25
- package/icc-api/api/IccDocumentApi.js +264 -212
- package/icc-api/api/IccDocumentApi.js.map +1 -1
- package/icc-api/api/IccExchangeDataApi.d.ts +19 -0
- package/icc-api/api/IccExchangeDataApi.js +85 -0
- package/icc-api/api/IccExchangeDataApi.js.map +1 -0
- package/icc-api/api/IccExchangeDataMapApi.d.ts +18 -0
- package/icc-api/api/IccExchangeDataMapApi.js +65 -0
- package/icc-api/api/IccExchangeDataMapApi.js.map +1 -0
- package/icc-api/api/IccFormApi.d.ts +21 -1
- package/icc-api/api/IccFormApi.js +321 -229
- package/icc-api/api/IccFormApi.js.map +1 -1
- package/icc-api/api/IccHelementApi.d.ts +21 -1
- package/icc-api/api/IccHelementApi.js +207 -137
- package/icc-api/api/IccHelementApi.js.map +1 -1
- package/icc-api/api/IccInvoiceApi.d.ts +21 -1
- package/icc-api/api/IccInvoiceApi.js +404 -298
- package/icc-api/api/IccInvoiceApi.js.map +1 -1
- package/icc-api/api/IccMaintenanceTaskApi.d.ts +12 -1
- package/icc-api/api/IccMaintenanceTaskApi.js +79 -43
- package/icc-api/api/IccMaintenanceTaskApi.js.map +1 -1
- package/icc-api/api/IccMessageApi.d.ts +12 -1
- package/icc-api/api/IccMessageApi.js +257 -191
- package/icc-api/api/IccMessageApi.js.map +1 -1
- package/icc-api/api/IccPatientApi.d.ts +12 -1
- package/icc-api/api/IccPatientApi.js +447 -351
- package/icc-api/api/IccPatientApi.js.map +1 -1
- package/icc-api/api/IccReceiptApi.d.ts +22 -8
- package/icc-api/api/IccReceiptApi.js +121 -64
- package/icc-api/api/IccReceiptApi.js.map +1 -1
- package/icc-api/api/IccRestApiPath.js +1 -1
- package/icc-api/api/IccRestApiPath.js.map +1 -1
- package/icc-api/api/IccTimeTableApi.d.ts +12 -1
- package/icc-api/api/IccTimeTableApi.js +86 -48
- package/icc-api/api/IccTimeTableApi.js.map +1 -1
- package/icc-api/index.d.ts +1 -0
- package/icc-api/index.js +1 -0
- package/icc-api/index.js.map +1 -1
- package/icc-api/model/AccessLog.d.ts +4 -0
- package/icc-api/model/AccessLog.js +1 -0
- package/icc-api/model/AccessLog.js.map +1 -1
- package/icc-api/model/Article.d.ts +4 -0
- package/icc-api/model/Article.js +1 -0
- package/icc-api/model/Article.js.map +1 -1
- package/icc-api/model/CalendarItem.d.ts +4 -0
- package/icc-api/model/CalendarItem.js +1 -0
- package/icc-api/model/CalendarItem.js.map +1 -1
- package/icc-api/model/Classification.d.ts +4 -0
- package/icc-api/model/Classification.js +1 -0
- package/icc-api/model/Classification.js.map +1 -1
- package/icc-api/model/ClassificationTemplate.d.ts +2 -0
- package/icc-api/model/ClassificationTemplate.js.map +1 -1
- package/icc-api/model/Contact.d.ts +4 -0
- package/icc-api/model/Contact.js +1 -0
- package/icc-api/model/Contact.js.map +1 -1
- package/icc-api/model/Device.d.ts +4 -4
- package/icc-api/model/Device.js.map +1 -1
- package/icc-api/model/Document.d.ts +4 -0
- package/icc-api/model/Document.js +1 -0
- package/icc-api/model/Document.js.map +1 -1
- package/icc-api/model/ExchangeData.d.ts +61 -0
- package/icc-api/model/ExchangeData.js +12 -0
- package/icc-api/model/ExchangeData.js.map +1 -0
- package/icc-api/model/ExchangeDataMap.d.ts +21 -0
- package/icc-api/model/ExchangeDataMap.js +10 -0
- package/icc-api/model/ExchangeDataMap.js.map +1 -0
- package/icc-api/model/ExchangeDataMapCreationBatch.d.ts +13 -0
- package/icc-api/model/ExchangeDataMapCreationBatch.js +10 -0
- package/icc-api/model/ExchangeDataMapCreationBatch.js.map +1 -0
- package/icc-api/model/Form.d.ts +4 -0
- package/icc-api/model/Form.js +1 -0
- package/icc-api/model/Form.js.map +1 -1
- package/icc-api/model/HealthElement.d.ts +4 -0
- package/icc-api/model/HealthElement.js +1 -0
- package/icc-api/model/HealthElement.js.map +1 -1
- package/icc-api/model/HealthcareParty.d.ts +2 -2
- package/icc-api/model/HealthcareParty.js.map +1 -1
- package/icc-api/model/IcureStub.d.ts +2 -0
- package/icc-api/model/IcureStub.js.map +1 -1
- package/icc-api/model/Invoice.d.ts +4 -0
- package/icc-api/model/Invoice.js +1 -0
- package/icc-api/model/Invoice.js.map +1 -1
- package/icc-api/model/MaintenanceTask.d.ts +4 -0
- package/icc-api/model/MaintenanceTask.js +1 -0
- package/icc-api/model/MaintenanceTask.js.map +1 -1
- package/icc-api/model/Message.d.ts +4 -0
- package/icc-api/model/Message.js +1 -0
- package/icc-api/model/Message.js.map +1 -1
- package/icc-api/model/PaginatedListExchangeData.d.ts +9 -0
- package/icc-api/model/PaginatedListExchangeData.js +10 -0
- package/icc-api/model/PaginatedListExchangeData.js.map +1 -0
- package/icc-api/model/Patient.d.ts +6 -2
- package/icc-api/model/Patient.js +1 -0
- package/icc-api/model/Patient.js.map +1 -1
- package/icc-api/model/PatientByHcPartyGenderEducationProfession.d.ts +31 -0
- package/icc-api/model/PatientByHcPartyGenderEducationProfession.js +32 -0
- package/icc-api/model/PatientByHcPartyGenderEducationProfession.js.map +1 -0
- package/icc-api/model/Receipt.d.ts +4 -0
- package/icc-api/model/Receipt.js +1 -0
- package/icc-api/model/Receipt.js.map +1 -1
- package/icc-api/model/SecureDelegation.d.ts +52 -0
- package/icc-api/model/SecureDelegation.js +16 -0
- package/icc-api/model/SecureDelegation.js.map +1 -0
- package/icc-api/model/SecurityMetadata.d.ts +33 -0
- package/icc-api/model/SecurityMetadata.js +13 -0
- package/icc-api/model/SecurityMetadata.js.map +1 -0
- package/icc-api/model/Service.d.ts +2 -0
- package/icc-api/model/Service.js.map +1 -1
- package/icc-api/model/TimeTable.d.ts +4 -0
- package/icc-api/model/TimeTable.js +1 -0
- package/icc-api/model/TimeTable.js.map +1 -1
- package/icc-api/model/models.d.ts +20 -39
- package/icc-api/model/models.js +15 -37
- package/icc-api/model/models.js.map +1 -1
- package/icc-api/model/requests/EntityBulkShareResult.d.ts +28 -0
- package/icc-api/model/requests/EntityBulkShareResult.js +16 -0
- package/icc-api/model/requests/EntityBulkShareResult.js.map +1 -0
- package/icc-api/model/requests/EntityShareOrMetadataUpdateRequest.d.ts +10 -0
- package/icc-api/model/requests/EntityShareOrMetadataUpdateRequest.js +17 -0
- package/icc-api/model/requests/EntityShareOrMetadataUpdateRequest.js.map +1 -0
- package/icc-api/model/requests/EntityShareRequest.d.ts +110 -0
- package/icc-api/model/requests/EntityShareRequest.js +63 -0
- package/icc-api/model/requests/EntityShareRequest.js.map +1 -0
- package/icc-api/model/requests/EntitySharedMetadataUpdateRequest.d.ts +54 -0
- package/icc-api/model/requests/EntitySharedMetadataUpdateRequest.js +24 -0
- package/icc-api/model/requests/EntitySharedMetadataUpdateRequest.js.map +1 -0
- package/icc-api/model/requests/MinimalEntityBulkShareResult.d.ts +23 -0
- package/icc-api/model/requests/MinimalEntityBulkShareResult.js +13 -0
- package/icc-api/model/requests/MinimalEntityBulkShareResult.js.map +1 -0
- package/icc-api/model/requests/RejectedShareOrMetadataUpdateRequest.d.ts +21 -0
- package/icc-api/model/requests/RejectedShareOrMetadataUpdateRequest.js +14 -0
- package/icc-api/model/requests/RejectedShareOrMetadataUpdateRequest.js.map +1 -0
- package/icc-x-api/basexapi/EncryptedEntityXApi.d.ts +3 -2
- package/icc-x-api/basexapi/EncryptedEntityXApi.js.map +1 -1
- package/icc-x-api/crypto/AES.js +1 -1
- package/icc-x-api/crypto/AES.js.map +1 -1
- package/icc-x-api/crypto/AccessControlKeysHeadersProvider.d.ts +16 -0
- package/icc-x-api/crypto/AccessControlKeysHeadersProvider.js +41 -0
- package/icc-x-api/crypto/AccessControlKeysHeadersProvider.js.map +1 -0
- package/icc-x-api/crypto/AccessControlSecretUtils.d.ts +42 -0
- package/icc-x-api/crypto/AccessControlSecretUtils.js +86 -0
- package/icc-x-api/crypto/AccessControlSecretUtils.js.map +1 -0
- package/icc-x-api/crypto/BaseExchangeDataManager.d.ts +146 -0
- package/icc-x-api/crypto/BaseExchangeDataManager.js +342 -0
- package/icc-x-api/crypto/BaseExchangeDataManager.js.map +1 -0
- package/icc-x-api/crypto/BaseExchangeKeysManager.d.ts +0 -18
- package/icc-x-api/crypto/BaseExchangeKeysManager.js +11 -85
- package/icc-x-api/crypto/BaseExchangeKeysManager.js.map +1 -1
- package/icc-x-api/crypto/ConfidentialEntities.d.ts +26 -16
- package/icc-x-api/crypto/ConfidentialEntities.js +30 -17
- package/icc-x-api/crypto/ConfidentialEntities.js.map +1 -1
- package/icc-x-api/crypto/CryptoStrategies.d.ts +8 -1
- package/icc-x-api/crypto/CryptoStrategies.js.map +1 -1
- package/icc-x-api/crypto/ExchangeDataManager.d.ts +95 -0
- package/icc-x-api/crypto/ExchangeDataManager.js +493 -0
- package/icc-x-api/crypto/ExchangeDataManager.js.map +1 -0
- package/icc-x-api/crypto/ExchangeDataMapManager.d.ts +32 -0
- package/icc-x-api/crypto/ExchangeDataMapManager.js +70 -0
- package/icc-x-api/crypto/ExchangeDataMapManager.js.map +1 -0
- package/icc-x-api/crypto/ExchangeKeysManager.d.ts +4 -16
- package/icc-x-api/crypto/ExchangeKeysManager.js +4 -62
- package/icc-x-api/crypto/ExchangeKeysManager.js.map +1 -1
- package/icc-x-api/crypto/ExtendedApisUtils.d.ts +336 -0
- package/icc-x-api/crypto/ExtendedApisUtils.js +3 -0
- package/icc-x-api/crypto/ExtendedApisUtils.js.map +1 -0
- package/icc-x-api/crypto/ExtendedApisUtilsImpl.d.ts +181 -0
- package/icc-x-api/crypto/ExtendedApisUtilsImpl.js +562 -0
- package/icc-x-api/crypto/ExtendedApisUtilsImpl.js.map +1 -0
- package/icc-x-api/crypto/KeyRecovery.d.ts +5 -2
- package/icc-x-api/crypto/KeyRecovery.js +59 -29
- package/icc-x-api/crypto/KeyRecovery.js.map +1 -1
- package/icc-x-api/crypto/LegacyCryptoStrategies.d.ts +7 -2
- package/icc-x-api/crypto/LegacyCryptoStrategies.js +8 -1
- package/icc-x-api/crypto/LegacyCryptoStrategies.js.map +1 -1
- package/icc-x-api/crypto/LegacyDelegationSecurityMetadataDecryptor.d.ts +39 -0
- package/icc-x-api/crypto/LegacyDelegationSecurityMetadataDecryptor.js +150 -0
- package/icc-x-api/crypto/LegacyDelegationSecurityMetadataDecryptor.js.map +1 -0
- package/icc-x-api/crypto/RSA.d.ts +34 -8
- package/icc-x-api/crypto/RSA.js +80 -13
- package/icc-x-api/crypto/RSA.js.map +1 -1
- package/icc-x-api/crypto/SecureDelegationsEncryption.d.ts +54 -0
- package/icc-x-api/crypto/SecureDelegationsEncryption.js +178 -0
- package/icc-x-api/crypto/SecureDelegationsEncryption.js.map +1 -0
- package/icc-x-api/crypto/SecureDelegationsManager.d.ts +66 -0
- package/icc-x-api/crypto/SecureDelegationsManager.js +261 -0
- package/icc-x-api/crypto/SecureDelegationsManager.js.map +1 -0
- package/icc-x-api/crypto/SecureDelegationsSecurityMetadataDecryptor.d.ts +37 -0
- package/icc-x-api/crypto/SecureDelegationsSecurityMetadataDecryptor.js +294 -0
- package/icc-x-api/crypto/SecureDelegationsSecurityMetadataDecryptor.js.map +1 -0
- package/icc-x-api/crypto/SecurityMetadataDecryptor.d.ts +114 -0
- package/icc-x-api/crypto/SecurityMetadataDecryptor.js +98 -0
- package/icc-x-api/crypto/SecurityMetadataDecryptor.js.map +1 -0
- package/icc-x-api/crypto/ShamirKeysManager.d.ts +5 -5
- package/icc-x-api/crypto/ShamirKeysManager.js +6 -9
- package/icc-x-api/crypto/ShamirKeysManager.js.map +1 -1
- package/icc-x-api/crypto/TransferKeysManager.d.ts +8 -6
- package/icc-x-api/crypto/TransferKeysManager.js +75 -52
- package/icc-x-api/crypto/TransferKeysManager.js.map +1 -1
- package/icc-x-api/crypto/{KeyManager.d.ts → UserEncryptionKeysManager.d.ts} +4 -6
- package/icc-x-api/crypto/{KeyManager.js → UserEncryptionKeysManager.js} +43 -23
- package/icc-x-api/crypto/UserEncryptionKeysManager.js.map +1 -0
- package/icc-x-api/crypto/UserSignatureKeysManager.d.ts +26 -0
- package/icc-x-api/crypto/UserSignatureKeysManager.js +74 -0
- package/icc-x-api/crypto/UserSignatureKeysManager.js.map +1 -0
- package/icc-x-api/crypto/utils.d.ts +61 -11
- package/icc-x-api/crypto/utils.js +113 -44
- package/icc-x-api/crypto/utils.js.map +1 -1
- package/icc-x-api/filters/filters.js.map +1 -1
- package/icc-x-api/icc-accesslog-x-api.d.ts +46 -11
- package/icc-x-api/icc-accesslog-x-api.js +75 -42
- package/icc-x-api/icc-accesslog-x-api.js.map +1 -1
- package/icc-x-api/icc-calendar-item-x-api.d.ts +50 -14
- package/icc-x-api/icc-calendar-item-x-api.js +99 -49
- package/icc-x-api/icc-calendar-item-x-api.js.map +1 -1
- package/icc-x-api/icc-classification-x-api.d.ts +44 -9
- package/icc-x-api/icc-classification-x-api.js +56 -31
- package/icc-x-api/icc-classification-x-api.js.map +1 -1
- package/icc-x-api/icc-contact-x-api.d.ts +56 -32
- package/icc-x-api/icc-contact-x-api.js +95 -64
- package/icc-x-api/icc-contact-x-api.js.map +1 -1
- package/icc-x-api/icc-crypto-x-api.d.ts +28 -334
- package/icc-x-api/icc-crypto-x-api.js +41 -765
- package/icc-x-api/icc-crypto-x-api.js.map +1 -1
- package/icc-x-api/icc-data-owner-x-api.d.ts +20 -8
- package/icc-x-api/icc-data-owner-x-api.js +31 -10
- package/icc-x-api/icc-data-owner-x-api.js.map +1 -1
- package/icc-x-api/icc-document-x-api.d.ts +48 -11
- package/icc-x-api/icc-document-x-api.js +111 -64
- package/icc-x-api/icc-document-x-api.js.map +1 -1
- package/icc-x-api/icc-form-x-api.d.ts +45 -10
- package/icc-x-api/icc-form-x-api.js +65 -35
- package/icc-x-api/icc-form-x-api.js.map +1 -1
- package/icc-x-api/icc-hcparty-x-api.d.ts +2 -2
- package/icc-x-api/icc-hcparty-x-api.js +3 -3
- package/icc-x-api/icc-hcparty-x-api.js.map +1 -1
- package/icc-x-api/icc-helement-x-api.d.ts +55 -18
- package/icc-x-api/icc-helement-x-api.js +76 -41
- package/icc-x-api/icc-helement-x-api.js.map +1 -1
- package/icc-x-api/icc-icure-maintenance-x-api.d.ts +7 -2
- package/icc-x-api/icc-icure-maintenance-x-api.js +38 -27
- package/icc-x-api/icc-icure-maintenance-x-api.js.map +1 -1
- package/icc-x-api/icc-invoice-x-api.d.ts +50 -15
- package/icc-x-api/icc-invoice-x-api.js +63 -33
- package/icc-x-api/icc-invoice-x-api.js.map +1 -1
- package/icc-x-api/icc-maintenance-task-x-api.d.ts +53 -21
- package/icc-x-api/icc-maintenance-task-x-api.js +72 -35
- package/icc-x-api/icc-maintenance-task-x-api.js.map +1 -1
- package/icc-x-api/icc-message-x-api.d.ts +53 -15
- package/icc-x-api/icc-message-x-api.js +65 -36
- package/icc-x-api/icc-message-x-api.js.map +1 -1
- package/icc-x-api/icc-patient-x-api.d.ts +84 -29
- package/icc-x-api/icc-patient-x-api.js +313 -378
- package/icc-x-api/icc-patient-x-api.js.map +1 -1
- package/icc-x-api/icc-receipt-x-api.d.ts +44 -12
- package/icc-x-api/icc-receipt-x-api.js +67 -35
- package/icc-x-api/icc-receipt-x-api.js.map +1 -1
- package/icc-x-api/icc-time-table-x-api.d.ts +43 -12
- package/icc-x-api/icc-time-table-x-api.js +56 -26
- package/icc-x-api/icc-time-table-x-api.js.map +1 -1
- package/icc-x-api/icc-user-x-api.d.ts +2 -2
- package/icc-x-api/icc-user-x-api.js +3 -3
- package/icc-x-api/icc-user-x-api.js.map +1 -1
- package/icc-x-api/index.d.ts +4 -2
- package/icc-x-api/index.js +154 -135
- package/icc-x-api/index.js.map +1 -1
- package/icc-x-api/storage/DefaultStorageEntryKeysFactory.d.ts +2 -0
- package/icc-x-api/storage/DefaultStorageEntryKeysFactory.js +9 -2
- package/icc-x-api/storage/DefaultStorageEntryKeysFactory.js.map +1 -1
- package/icc-x-api/storage/IcureStorageFacade.d.ts +23 -2
- package/icc-x-api/storage/IcureStorageFacade.js +36 -2
- package/icc-x-api/storage/IcureStorageFacade.js.map +1 -1
- package/icc-x-api/storage/KeyStorageFacade.d.ts +12 -0
- package/icc-x-api/storage/KeyStorageFacade.js.map +1 -1
- package/icc-x-api/storage/KeyStorageImpl.d.ts +2 -0
- package/icc-x-api/storage/KeyStorageImpl.js +10 -0
- package/icc-x-api/storage/KeyStorageImpl.js.map +1 -1
- package/icc-x-api/storage/StorageEntryKeysFactory.d.ts +14 -1
- package/icc-x-api/storage/StorageEntryKeysFactory.js.map +1 -1
- package/icc-x-api/utils/EntityWithDelegationTypeName.d.ts +32 -0
- package/icc-x-api/utils/EntityWithDelegationTypeName.js +75 -0
- package/icc-x-api/utils/EntityWithDelegationTypeName.js.map +1 -0
- package/icc-x-api/utils/ShareResult.d.ts +74 -0
- package/icc-x-api/utils/ShareResult.js +61 -0
- package/icc-x-api/utils/ShareResult.js.map +1 -0
- package/icc-x-api/utils/binary-utils.d.ts +1 -0
- package/icc-x-api/utils/binary-utils.js +8 -1
- package/icc-x-api/utils/binary-utils.js.map +1 -1
- package/icc-x-api/utils/collection-utils.d.ts +5 -0
- package/icc-x-api/utils/collection-utils.js +26 -1
- package/icc-x-api/utils/collection-utils.js.map +1 -1
- package/icc-x-api/utils/crypto-utils.d.ts +4 -3
- package/icc-x-api/utils/crypto-utils.js +5 -4
- package/icc-x-api/utils/crypto-utils.js.map +1 -1
- package/icc-x-api/utils/lru-temporised-async-cache.d.ts +26 -3
- package/icc-x-api/utils/lru-temporised-async-cache.js +75 -15
- package/icc-x-api/utils/lru-temporised-async-cache.js.map +1 -1
- package/icc-x-api/utils/websocket.d.ts +10 -10
- package/icc-x-api/utils/websocket.js +18 -9
- package/icc-x-api/utils/websocket.js.map +1 -1
- package/index.d.ts +1 -1
- package/index.js +3 -1
- package/index.js.map +1 -1
- package/package.json +2 -3
- package/icc-x-api/crypto/EntitiesEncryption.d.ts +0 -275
- package/icc-x-api/crypto/EntitiesEncryption.js +0 -734
- package/icc-x-api/crypto/EntitiesEncryption.js.map +0 -1
- package/icc-x-api/crypto/KeyManager.js.map +0 -1
|
@@ -0,0 +1,562 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
|
|
3
|
+
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
|
|
4
|
+
return new (P || (P = Promise))(function (resolve, reject) {
|
|
5
|
+
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
|
|
6
|
+
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
|
|
7
|
+
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
|
|
8
|
+
step((generator = generator.apply(thisArg, _arguments || [])).next());
|
|
9
|
+
});
|
|
10
|
+
};
|
|
11
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
12
|
+
exports.ExtendedApisUtilsImpl = void 0;
|
|
13
|
+
const utils_1 = require("../utils");
|
|
14
|
+
const collection_utils_1 = require("../utils/collection-utils");
|
|
15
|
+
const SecurityMetadataDecryptor_1 = require("./SecurityMetadataDecryptor");
|
|
16
|
+
const SecureDelegation_1 = require("../../icc-api/model/SecureDelegation");
|
|
17
|
+
const EntityShareRequest_1 = require("../../icc-api/model/requests/EntityShareRequest");
|
|
18
|
+
const ShareResult_1 = require("../utils/ShareResult");
|
|
19
|
+
const ShareMetadataBehaviour_1 = require("./ShareMetadataBehaviour");
|
|
20
|
+
var AccessLevel = SecureDelegation_1.SecureDelegation.AccessLevelEnum;
|
|
21
|
+
var RequestedPermissionEnum = EntityShareRequest_1.EntityShareRequest.RequestedPermissionEnum;
|
|
22
|
+
var RequestedPermissionInternal = EntityShareRequest_1.EntityShareRequest.RequestedPermissionInternal;
|
|
23
|
+
var AccessLevelEnum = SecureDelegation_1.SecureDelegation.AccessLevelEnum;
|
|
24
|
+
/**
|
|
25
|
+
* @internal this class is for internal use only and may be changed without notice.
|
|
26
|
+
* Methods to support extended apis.
|
|
27
|
+
*/
|
|
28
|
+
class ExtendedApisUtilsImpl {
|
|
29
|
+
constructor(primitives, dataOwnerApi, legacyDelMetadataDecryptor, secDelMetadataDecryptor, secureDelegationsManager, userApi, useParentKeys) {
|
|
30
|
+
this.primitives = primitives;
|
|
31
|
+
this.dataOwnerApi = dataOwnerApi;
|
|
32
|
+
this.legacyDelMetadataDecryptor = legacyDelMetadataDecryptor;
|
|
33
|
+
this.secDelMetadataDecryptor = secDelMetadataDecryptor;
|
|
34
|
+
this.secureDelegationsManager = secureDelegationsManager;
|
|
35
|
+
this.userApi = userApi;
|
|
36
|
+
this.useParentKeys = useParentKeys;
|
|
37
|
+
this.allSecurityMetadataDecryptor = new SecurityMetadataDecryptor_1.SecurityMetadataDecryptorChain([legacyDelMetadataDecryptor, secDelMetadataDecryptor]);
|
|
38
|
+
}
|
|
39
|
+
encryptionKeysOf(entity, dataOwnerId) {
|
|
40
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
41
|
+
return yield this.decryptAndMergeHierarchy(entity, dataOwnerId, (entityWithType, hierarchy) => this.allSecurityMetadataDecryptor.decryptEncryptionKeysOf(entityWithType, hierarchy));
|
|
42
|
+
});
|
|
43
|
+
}
|
|
44
|
+
encryptionKeysForHcpHierarchyOf(entity) {
|
|
45
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
46
|
+
return this.decryptHierarchy(entity, (entityWithType, hierarchy) => this.allSecurityMetadataDecryptor.decryptEncryptionKeysOf(entityWithType, hierarchy));
|
|
47
|
+
});
|
|
48
|
+
}
|
|
49
|
+
secretIdsOf(entity, dataOwnerId) {
|
|
50
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
51
|
+
return yield this.decryptAndMergeHierarchy(entity, dataOwnerId, (entityWithType, hierarchy) => this.allSecurityMetadataDecryptor.decryptSecretIdsOf(entityWithType, hierarchy));
|
|
52
|
+
});
|
|
53
|
+
}
|
|
54
|
+
secretIdsForHcpHierarchyOf(entity) {
|
|
55
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
56
|
+
return this.decryptHierarchy(entity, (entityWithType, hierarchy) => this.allSecurityMetadataDecryptor.decryptSecretIdsOf(entityWithType, hierarchy));
|
|
57
|
+
});
|
|
58
|
+
}
|
|
59
|
+
owningEntityIdsOf(entity, dataOwnerId) {
|
|
60
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
61
|
+
return yield this.decryptAndMergeHierarchy(entity, dataOwnerId, (entityWithType, hierarchy) => this.allSecurityMetadataDecryptor.decryptOwningEntityIdsOf(entityWithType, hierarchy));
|
|
62
|
+
});
|
|
63
|
+
}
|
|
64
|
+
owningEntityIdsForHcpHierarchyOf(entity) {
|
|
65
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
66
|
+
return this.decryptHierarchy(entity, (entityWithType, hierarchy) => this.allSecurityMetadataDecryptor.decryptOwningEntityIdsOf(entityWithType, hierarchy));
|
|
67
|
+
});
|
|
68
|
+
}
|
|
69
|
+
hasWriteAccess(entity) {
|
|
70
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
71
|
+
return ((yield this.allSecurityMetadataDecryptor.getEntityAccessLevel(entity, yield this.dataOwnerApi.getCurrentDataOwnerHierarchyIds())) ===
|
|
72
|
+
AccessLevel.WRITE);
|
|
73
|
+
});
|
|
74
|
+
}
|
|
75
|
+
entityWithInitialisedEncryptedMetadata(entity, entityType, owningEntity, owningEntitySecretId, initialiseEncryptionKey, initialiseSecretId, autoDelegations) {
|
|
76
|
+
return __awaiter(this, arguments, void 0, function* () {
|
|
77
|
+
this.throwDetailedExceptionForInvalidParameter('entity.id', entity.id, 'entityWithInitialisedEncryptedMetadata', arguments);
|
|
78
|
+
this.checkEmptyEncryptionMetadata(entity);
|
|
79
|
+
const newRawKey = initialiseEncryptionKey ? yield this.primitives.AES.generateCryptoKey(true) : undefined;
|
|
80
|
+
const newSecretId = initialiseSecretId ? this.primitives.randomUuid() : undefined;
|
|
81
|
+
return {
|
|
82
|
+
updatedEntity: yield this.secureDelegationsManager.entityWithInitialisedEncryptedMetadata(Object.assign(Object.assign({}, entity), { secretForeignKeys: owningEntitySecretId ? [owningEntitySecretId] : [] }), entityType, newSecretId ? [newSecretId] : [], !!owningEntity ? [owningEntity] : [], newRawKey ? [newRawKey] : [], autoDelegations),
|
|
83
|
+
rawEncryptionKey: newRawKey,
|
|
84
|
+
secretId: newSecretId,
|
|
85
|
+
};
|
|
86
|
+
});
|
|
87
|
+
}
|
|
88
|
+
bulkShareOrUpdateEncryptedEntityMetadata(entitiesType, entitiesUpdates, doRequestBulkShareOrUpdate) {
|
|
89
|
+
var _a;
|
|
90
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
91
|
+
const { allRequestsByEntityId, orderedRequestsInfoByEntityId, unmodifiedEntitiesIds } = yield this.prepareBulkShareRequests(entitiesType, entitiesUpdates);
|
|
92
|
+
const results = yield doRequestBulkShareOrUpdate(allRequestsByEntityId);
|
|
93
|
+
const updatedEntities = [];
|
|
94
|
+
const updateErrors = [];
|
|
95
|
+
for (const result of results) {
|
|
96
|
+
if (result.updatedEntity) {
|
|
97
|
+
updatedEntities.push(result.updatedEntity);
|
|
98
|
+
}
|
|
99
|
+
for (const [errorRequestId, error] of Object.entries((_a = result.rejectedRequests) !== null && _a !== void 0 ? _a : {})) {
|
|
100
|
+
const requestIndex = Number(errorRequestId);
|
|
101
|
+
const { delegateId, request, updatedForMigration } = orderedRequestsInfoByEntityId[result.entityId][requestIndex];
|
|
102
|
+
updateErrors.push({
|
|
103
|
+
entityId: result.entityId,
|
|
104
|
+
delegateId,
|
|
105
|
+
request,
|
|
106
|
+
updatedForMigration,
|
|
107
|
+
code: error.code,
|
|
108
|
+
reason: error.reason,
|
|
109
|
+
});
|
|
110
|
+
}
|
|
111
|
+
}
|
|
112
|
+
// TODO implement auto-retry for failed requests if the shouldRetry flag is set to true
|
|
113
|
+
return {
|
|
114
|
+
updatedEntities,
|
|
115
|
+
updateErrors,
|
|
116
|
+
unmodifiedEntitiesIds,
|
|
117
|
+
};
|
|
118
|
+
});
|
|
119
|
+
}
|
|
120
|
+
bulkShareOrUpdateEncryptedEntityMetadataNoEntities(entitiesType, entitiesUpdates, doRequestBulkShareOrUpdate) {
|
|
121
|
+
var _a;
|
|
122
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
123
|
+
const { allRequestsByEntityId, orderedRequestsInfoByEntityId, unmodifiedEntitiesIds } = yield this.prepareBulkShareRequests(entitiesType, entitiesUpdates);
|
|
124
|
+
const results = yield doRequestBulkShareOrUpdate(allRequestsByEntityId);
|
|
125
|
+
const updateErrors = [];
|
|
126
|
+
for (const result of results) {
|
|
127
|
+
for (const [errorRequestId, error] of Object.entries((_a = result.rejectedRequests) !== null && _a !== void 0 ? _a : {})) {
|
|
128
|
+
const requestIndex = Number(errorRequestId);
|
|
129
|
+
const { delegateId, request, updatedForMigration } = orderedRequestsInfoByEntityId[result.entityId][requestIndex];
|
|
130
|
+
updateErrors.push({
|
|
131
|
+
entityId: result.entityId,
|
|
132
|
+
delegateId,
|
|
133
|
+
request,
|
|
134
|
+
updatedForMigration,
|
|
135
|
+
code: error.code,
|
|
136
|
+
reason: error.reason,
|
|
137
|
+
});
|
|
138
|
+
}
|
|
139
|
+
}
|
|
140
|
+
const successfulRequests = Object.entries(allRequestsByEntityId)
|
|
141
|
+
.flatMap(([entityId, requests]) => Object.keys(requests).map((delegateId) => ({ entityId, delegateId })))
|
|
142
|
+
.filter(({ entityId, delegateId }) => !updateErrors.some((error) => error.entityId === entityId && error.delegateId === delegateId));
|
|
143
|
+
return {
|
|
144
|
+
successfulUpdates: successfulRequests,
|
|
145
|
+
updateErrors,
|
|
146
|
+
unmodifiedEntitiesIds,
|
|
147
|
+
};
|
|
148
|
+
});
|
|
149
|
+
}
|
|
150
|
+
prepareBulkShareRequests(entitiesType, entitiesUpdates) {
|
|
151
|
+
var _a, _b, _c;
|
|
152
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
153
|
+
if (new Set(entitiesUpdates.map((e) => e.entity.id)).size !== entitiesUpdates.length) {
|
|
154
|
+
throw new Error('Duplicate requests: the same entity id is present more than once in the input');
|
|
155
|
+
}
|
|
156
|
+
const allRequestsByEntityId = {};
|
|
157
|
+
const orderedRequestsInfoByEntityId = {};
|
|
158
|
+
const unmodifiedEntitiesIds = [];
|
|
159
|
+
for (const { entity, dataForDelegates } of entitiesUpdates) {
|
|
160
|
+
const entityId = entity.id;
|
|
161
|
+
if (!entityId)
|
|
162
|
+
throw new Error('Share of an entity requires for the entity to already exist and have an id');
|
|
163
|
+
const entityWithType = { entity, type: entitiesType };
|
|
164
|
+
const currentRequests = {};
|
|
165
|
+
const currentOrderedRequests = [];
|
|
166
|
+
const migrationRequests = yield this.makeMigrationRequestsIfNeeded(entityWithType, dataForDelegates);
|
|
167
|
+
for (const [delegate, request] of Object.entries(migrationRequests)) {
|
|
168
|
+
currentRequests[String(currentOrderedRequests.length)] = request;
|
|
169
|
+
currentOrderedRequests.push({
|
|
170
|
+
delegateId: delegate,
|
|
171
|
+
request: dataForDelegates[delegate],
|
|
172
|
+
updatedForMigration: true,
|
|
173
|
+
});
|
|
174
|
+
}
|
|
175
|
+
for (const [delegate, userRequest] of Object.entries(dataForDelegates)) {
|
|
176
|
+
if (!migrationRequests[delegate]) {
|
|
177
|
+
const request = yield this.secureDelegationsManager.makeShareOrUpdateRequestParams(entityWithType, delegate, (_a = userRequest.shareSecretIds) !== null && _a !== void 0 ? _a : [], (_b = userRequest.shareEncryptionKeys) !== null && _b !== void 0 ? _b : [], (_c = userRequest.shareOwningEntityIds) !== null && _c !== void 0 ? _c : [], userRequest.requestedPermissions);
|
|
178
|
+
if (request) {
|
|
179
|
+
currentRequests[String(currentOrderedRequests.length)] = request;
|
|
180
|
+
currentOrderedRequests.push({
|
|
181
|
+
delegateId: delegate,
|
|
182
|
+
request: userRequest,
|
|
183
|
+
updatedForMigration: false,
|
|
184
|
+
});
|
|
185
|
+
}
|
|
186
|
+
}
|
|
187
|
+
}
|
|
188
|
+
if (Object.keys(currentRequests).length > 0) {
|
|
189
|
+
allRequestsByEntityId[entityId] = currentRequests;
|
|
190
|
+
orderedRequestsInfoByEntityId[entityId] = currentOrderedRequests;
|
|
191
|
+
}
|
|
192
|
+
else {
|
|
193
|
+
unmodifiedEntitiesIds.push(entityId);
|
|
194
|
+
}
|
|
195
|
+
}
|
|
196
|
+
return { unmodifiedEntitiesIds, allRequestsByEntityId, orderedRequestsInfoByEntityId };
|
|
197
|
+
});
|
|
198
|
+
}
|
|
199
|
+
simpleShareOrUpdateEncryptedEntityMetadata(entity, unusedSecretIds, delegates, doRequestBulkShareOrUpdate) {
|
|
200
|
+
var _a, _b;
|
|
201
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
202
|
+
const availableEncryptionKeys = yield this.encryptionKeysOf(entity);
|
|
203
|
+
const availableOwningEntityIds = yield this.owningEntityIdsOf(entity);
|
|
204
|
+
let availableSecretIds;
|
|
205
|
+
if (unusedSecretIds) {
|
|
206
|
+
availableSecretIds = yield this.secretIdsOf(entity);
|
|
207
|
+
}
|
|
208
|
+
const dataForDelegates = {};
|
|
209
|
+
for (const [delegateId, delegateRequests] of Object.entries(delegates)) {
|
|
210
|
+
if (!availableEncryptionKeys.length && delegateRequests.shareEncryptionKeys === ShareMetadataBehaviour_1.ShareMetadataBehaviour.REQUIRED) {
|
|
211
|
+
throw new Error(`Entity ${JSON.stringify(entity)} has no encryption keys or the current data owner can't access any encryption keys.`);
|
|
212
|
+
}
|
|
213
|
+
if (!availableOwningEntityIds.length && delegateRequests.shareEncryptionKeys === ShareMetadataBehaviour_1.ShareMetadataBehaviour.REQUIRED) {
|
|
214
|
+
throw new Error(`Entity ${JSON.stringify(entity)} has no encryption keys or the current data owner can't access any encryption keys.`);
|
|
215
|
+
}
|
|
216
|
+
if (!delegateRequests.shareSecretIds && !unusedSecretIds) {
|
|
217
|
+
throw new Error(`Share secret ids parameter is mandatory for entities of type ${entity.type}.`);
|
|
218
|
+
}
|
|
219
|
+
else if (delegateRequests.shareSecretIds && unusedSecretIds) {
|
|
220
|
+
throw new Error(`Share secret ids parameter must not be unused with entities of type ${entity.type}.`);
|
|
221
|
+
}
|
|
222
|
+
dataForDelegates[delegateId] = {
|
|
223
|
+
shareSecretIds: (_a = delegateRequests.shareSecretIds) !== null && _a !== void 0 ? _a : availableSecretIds,
|
|
224
|
+
shareEncryptionKeys: delegateRequests.shareEncryptionKeys === ShareMetadataBehaviour_1.ShareMetadataBehaviour.NEVER ? [] : availableEncryptionKeys,
|
|
225
|
+
shareOwningEntityIds: delegateRequests.shareOwningEntityIds === ShareMetadataBehaviour_1.ShareMetadataBehaviour.NEVER ? [] : availableOwningEntityIds,
|
|
226
|
+
requestedPermissions: (_b = delegateRequests.requestedPermissions) !== null && _b !== void 0 ? _b : RequestedPermissionEnum.MAX_WRITE,
|
|
227
|
+
};
|
|
228
|
+
}
|
|
229
|
+
const shareResult = yield this.bulkShareOrUpdateEncryptedEntityMetadata(entity.type, [
|
|
230
|
+
{
|
|
231
|
+
entity: entity.entity,
|
|
232
|
+
dataForDelegates,
|
|
233
|
+
},
|
|
234
|
+
], (x) => doRequestBulkShareOrUpdate(x));
|
|
235
|
+
if (shareResult.unmodifiedEntitiesIds.includes(entity.entity.id)) {
|
|
236
|
+
return new ShareResult_1.ShareResultSuccess(entity.entity);
|
|
237
|
+
}
|
|
238
|
+
if (!shareResult.updateErrors.length && shareResult.updatedEntities.length === 1) {
|
|
239
|
+
return new ShareResult_1.ShareResultSuccess(shareResult.updatedEntities[0]);
|
|
240
|
+
}
|
|
241
|
+
const requestedDelegates = new Set(Object.keys(delegates));
|
|
242
|
+
const errorsOfRequestedDelegates = shareResult.updateErrors.filter((x) => requestedDelegates.has(x.delegateId));
|
|
243
|
+
if (errorsOfRequestedDelegates.length === 0 && shareResult.updatedEntities.length === 1) {
|
|
244
|
+
console.warn(`Errors with migration of encrypted metadata ${JSON.stringify(shareResult.updateErrors)}.`);
|
|
245
|
+
return new ShareResult_1.ShareResultSuccess(shareResult.updatedEntities[0]);
|
|
246
|
+
}
|
|
247
|
+
return new ShareResult_1.ShareResultFailure(shareResult.updateErrors, `There was an error sharing entity with id ${entity.entity.id}. Check the logs for more details.`);
|
|
248
|
+
});
|
|
249
|
+
}
|
|
250
|
+
makeMigrationRequestsIfNeeded(entity, userRequestsForEntity) {
|
|
251
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
252
|
+
const hierarchy = yield this.dataOwnerApi.getCurrentDataOwnerHierarchyIds();
|
|
253
|
+
const legacySecretIds = yield (0, collection_utils_1.asyncGeneratorToArray)(this.legacyDelMetadataDecryptor.decryptSecretIdsOf(entity, hierarchy));
|
|
254
|
+
const legacyEncryptionKeys = yield (0, collection_utils_1.asyncGeneratorToArray)(this.legacyDelMetadataDecryptor.decryptEncryptionKeysOf(entity, hierarchy));
|
|
255
|
+
const legacyOwningEntityIds = yield (0, collection_utils_1.asyncGeneratorToArray)(this.legacyDelMetadataDecryptor.decryptOwningEntityIdsOf(entity, hierarchy));
|
|
256
|
+
const res = {};
|
|
257
|
+
for (const hierarchyMember of hierarchy) {
|
|
258
|
+
const hierarchyMemberMigration = yield this.makeMigrationRequestForMemberOfHierarchy(entity, hierarchyMember, userRequestsForEntity[hierarchyMember], legacySecretIds, legacyEncryptionKeys, legacyOwningEntityIds);
|
|
259
|
+
if (hierarchyMemberMigration) {
|
|
260
|
+
res[hierarchyMember] = hierarchyMemberMigration;
|
|
261
|
+
}
|
|
262
|
+
}
|
|
263
|
+
return res;
|
|
264
|
+
});
|
|
265
|
+
}
|
|
266
|
+
makeMigrationRequestForMemberOfHierarchy(entity, dataOwnerId, userRequestForDelegate, legacySecretIds, legacyEncryptionKeys, legacyOwningEntityIds) {
|
|
267
|
+
var _a, _b, _c, _d;
|
|
268
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
269
|
+
const selfId = yield this.dataOwnerApi.getCurrentDataOwnerId();
|
|
270
|
+
const legacyAccess = selfId === entity.entity.id && dataOwnerId === selfId
|
|
271
|
+
? AccessLevel.WRITE
|
|
272
|
+
: yield this.legacyDelMetadataDecryptor.getEntityAccessLevel(entity, [dataOwnerId]);
|
|
273
|
+
if (!legacyAccess)
|
|
274
|
+
return undefined;
|
|
275
|
+
const selfLegacySecretIds = legacySecretIds.filter((x) => x.dataOwnersWithAccess.includes(dataOwnerId)).map((x) => x.decrypted);
|
|
276
|
+
const selfLegacyEncryptionKeys = legacyEncryptionKeys.filter((x) => x.dataOwnersWithAccess.includes(dataOwnerId)).map((x) => x.decrypted);
|
|
277
|
+
const selfLegacyOwningEntityIds = legacyOwningEntityIds.filter((x) => x.dataOwnersWithAccess.includes(dataOwnerId)).map((x) => x.decrypted);
|
|
278
|
+
const currentAccess = yield this.secDelMetadataDecryptor.getEntityAccessLevel(entity, [dataOwnerId]);
|
|
279
|
+
const needsImprovedAccess = legacyAccess === AccessLevel.WRITE && currentAccess !== AccessLevel.WRITE; // Only applies to legacy delegations to secure delegations migration: may change if in future we need to migrate from legacy delegations to secure delegations
|
|
280
|
+
let missingSecretIds = [];
|
|
281
|
+
let missingEncryptionKeys = [];
|
|
282
|
+
let missingOwningEntityIds = [];
|
|
283
|
+
if (selfLegacySecretIds.length > 0) {
|
|
284
|
+
const currentSecretIds = new Set((yield (0, collection_utils_1.asyncGeneratorToArray)(this.secDelMetadataDecryptor.decryptSecretIdsOf(entity, [dataOwnerId]))).map((x) => x.decrypted));
|
|
285
|
+
missingSecretIds = selfLegacySecretIds.filter((x) => !currentSecretIds.has(x));
|
|
286
|
+
}
|
|
287
|
+
if (selfLegacyEncryptionKeys.length > 0) {
|
|
288
|
+
const currentEncryptionKeys = new Set((yield (0, collection_utils_1.asyncGeneratorToArray)(this.secDelMetadataDecryptor.decryptEncryptionKeysOf(entity, [dataOwnerId]))).map((x) => x.decrypted));
|
|
289
|
+
missingEncryptionKeys = selfLegacyEncryptionKeys.filter((x) => !currentEncryptionKeys.has(x));
|
|
290
|
+
}
|
|
291
|
+
if (selfLegacyOwningEntityIds.length > 0) {
|
|
292
|
+
const currentOwningEntityIds = new Set((yield (0, collection_utils_1.asyncGeneratorToArray)(this.secDelMetadataDecryptor.decryptOwningEntityIdsOf(entity, [dataOwnerId]))).map((x) => x.decrypted));
|
|
293
|
+
missingOwningEntityIds = selfLegacyOwningEntityIds.filter((x) => !currentOwningEntityIds.has(x));
|
|
294
|
+
}
|
|
295
|
+
if (needsImprovedAccess || missingSecretIds.length > 0 || missingEncryptionKeys.length > 0 || missingOwningEntityIds.length > 0) {
|
|
296
|
+
let requestedPermissions;
|
|
297
|
+
if (dataOwnerId === selfId && needsImprovedAccess) {
|
|
298
|
+
requestedPermissions = RequestedPermissionInternal.ROOT;
|
|
299
|
+
}
|
|
300
|
+
else if (legacyAccess === AccessLevel.WRITE) {
|
|
301
|
+
requestedPermissions = RequestedPermissionInternal.FULL_WRITE;
|
|
302
|
+
}
|
|
303
|
+
else {
|
|
304
|
+
requestedPermissions = (_a = userRequestForDelegate === null || userRequestForDelegate === void 0 ? void 0 : userRequestForDelegate.requestedPermissions) !== null && _a !== void 0 ? _a : RequestedPermissionInternal.FULL_READ;
|
|
305
|
+
}
|
|
306
|
+
return yield this.secureDelegationsManager.makeShareOrUpdateRequestParams(entity, dataOwnerId, Array.from(new Set([...missingSecretIds, ...((_b = userRequestForDelegate === null || userRequestForDelegate === void 0 ? void 0 : userRequestForDelegate.shareSecretIds) !== null && _b !== void 0 ? _b : [])])), Array.from(new Set([...missingEncryptionKeys, ...((_c = userRequestForDelegate === null || userRequestForDelegate === void 0 ? void 0 : userRequestForDelegate.shareEncryptionKeys) !== null && _c !== void 0 ? _c : [])])), Array.from(new Set([...missingOwningEntityIds, ...((_d = userRequestForDelegate === null || userRequestForDelegate === void 0 ? void 0 : userRequestForDelegate.shareOwningEntityIds) !== null && _d !== void 0 ? _d : [])])), requestedPermissions);
|
|
307
|
+
}
|
|
308
|
+
else
|
|
309
|
+
return undefined;
|
|
310
|
+
});
|
|
311
|
+
}
|
|
312
|
+
tryDecryptDataOf(entity, content, validator) {
|
|
313
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
314
|
+
const decryptedKeys = this.allSecurityMetadataDecryptor.decryptEncryptionKeysOf(entity, [yield this.dataOwnerApi.getCurrentDataOwnerId()]);
|
|
315
|
+
const triedKeys = new Set();
|
|
316
|
+
let latest = yield decryptedKeys.next();
|
|
317
|
+
while (!latest.done) {
|
|
318
|
+
if (!triedKeys.has(latest.value.decrypted)) {
|
|
319
|
+
triedKeys.add(latest.value.decrypted);
|
|
320
|
+
try {
|
|
321
|
+
const decrypted = yield this.primitives.AES.decryptWithRawKey(latest.value.decrypted, content);
|
|
322
|
+
if (!validator || (yield validator(decrypted)))
|
|
323
|
+
return { data: decrypted, wasDecrypted: true };
|
|
324
|
+
}
|
|
325
|
+
catch (e) {
|
|
326
|
+
console.warn(`Error while decrypting with raw key ${latest.value}: ${e}`);
|
|
327
|
+
}
|
|
328
|
+
}
|
|
329
|
+
latest = yield decryptedKeys.next();
|
|
330
|
+
}
|
|
331
|
+
return { data: content, wasDecrypted: false };
|
|
332
|
+
});
|
|
333
|
+
}
|
|
334
|
+
encryptDataOf(entity, type, content, saveEntity) {
|
|
335
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
336
|
+
const ensureInitialisedKeysResult = yield this.ensureEncryptionKeysInitialised(entity, type);
|
|
337
|
+
let updatedEntity;
|
|
338
|
+
if (!!ensureInitialisedKeysResult) {
|
|
339
|
+
updatedEntity = yield saveEntity(ensureInitialisedKeysResult);
|
|
340
|
+
}
|
|
341
|
+
const decryptedKeys = this.allSecurityMetadataDecryptor.decryptEncryptionKeysOf({ entity: updatedEntity !== null && updatedEntity !== void 0 ? updatedEntity : entity, type }, [
|
|
342
|
+
yield this.dataOwnerApi.getCurrentDataOwnerId(),
|
|
343
|
+
]);
|
|
344
|
+
let latest = yield decryptedKeys.next();
|
|
345
|
+
while (!latest.done) {
|
|
346
|
+
try {
|
|
347
|
+
return { encryptedData: yield this.primitives.AES.encryptWithRawKey(latest.value.decrypted, content), updatedEntity: updatedEntity };
|
|
348
|
+
}
|
|
349
|
+
catch (e) {
|
|
350
|
+
console.warn(`Error while encrypting with raw key ${latest.value}: ${e}`);
|
|
351
|
+
}
|
|
352
|
+
latest = yield decryptedKeys.next();
|
|
353
|
+
}
|
|
354
|
+
throw new Error(`Could not extract any valid encryption keys for entity ${JSON.stringify(entity)}.`);
|
|
355
|
+
});
|
|
356
|
+
}
|
|
357
|
+
decryptEntity(entity, entityType, constructor) {
|
|
358
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
359
|
+
if (!entity.encryptedSelf)
|
|
360
|
+
return { entity, decrypted: true };
|
|
361
|
+
const encryptionKeys = yield this.decryptAndImportAllDecryptionKeys({ entity: entity, type: entityType });
|
|
362
|
+
if (!encryptionKeys.length)
|
|
363
|
+
return { entity, decrypted: false };
|
|
364
|
+
return {
|
|
365
|
+
entity: constructor(yield (0, utils_1.decryptObject)(entity, (encrypted) => __awaiter(this, void 0, void 0, function* () {
|
|
366
|
+
var _a;
|
|
367
|
+
return (_a = (yield this.tryDecryptJson(encryptionKeys, encrypted, false))) !== null && _a !== void 0 ? _a : {};
|
|
368
|
+
}))),
|
|
369
|
+
decrypted: true,
|
|
370
|
+
};
|
|
371
|
+
});
|
|
372
|
+
}
|
|
373
|
+
tryDecryptJson(potentialKeys, encrypted, truncateTrailingDecryptedNulls) {
|
|
374
|
+
var _a;
|
|
375
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
376
|
+
for (const key of potentialKeys) {
|
|
377
|
+
try {
|
|
378
|
+
const decrypted = (_a = (yield this.primitives.AES.decrypt(key.key, encrypted, key.raw))) !== null && _a !== void 0 ? _a : encrypted;
|
|
379
|
+
return JSON.parse((0, utils_1.ua2utf8)(truncateTrailingDecryptedNulls ? (0, utils_1.truncateTrailingNulls)(new Uint8Array(decrypted)) : decrypted));
|
|
380
|
+
}
|
|
381
|
+
catch (e) { }
|
|
382
|
+
}
|
|
383
|
+
return undefined;
|
|
384
|
+
});
|
|
385
|
+
}
|
|
386
|
+
tryEncryptEntity(entity, entityType, fieldsToEncrypt, encodeBinaryData, requireEncryption, constructor) {
|
|
387
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
388
|
+
const entityWithInitialisedEncryptionKeys = yield this.ensureEncryptionKeysInitialised(entity, entityType);
|
|
389
|
+
const updatedEntity = entityWithInitialisedEncryptionKeys ? entityWithInitialisedEncryptionKeys : entity;
|
|
390
|
+
const encryptionKey = yield this.tryImportFirstValidKey({ entity, type: entityType });
|
|
391
|
+
if (!!encryptionKey) {
|
|
392
|
+
return constructor(yield (0, utils_1.encryptObject)(updatedEntity, (obj) => {
|
|
393
|
+
// TODO should encoding of binary data should probably be applied to everything?
|
|
394
|
+
const json = encodeBinaryData
|
|
395
|
+
? JSON.stringify(obj, (k, v) => {
|
|
396
|
+
return v instanceof ArrayBuffer || ArrayBuffer.isView(v)
|
|
397
|
+
? (0, utils_1.b2a)(new Uint8Array(v).reduce((d, b) => d + String.fromCharCode(b), ''))
|
|
398
|
+
: v;
|
|
399
|
+
})
|
|
400
|
+
: JSON.stringify(obj);
|
|
401
|
+
return this.primitives.AES.encrypt(encryptionKey.key, (0, utils_1.utf8_2ua)(json), encryptionKey.raw);
|
|
402
|
+
}, fieldsToEncrypt, entityType));
|
|
403
|
+
}
|
|
404
|
+
else if (requireEncryption) {
|
|
405
|
+
throw new Error(`No key found for encryption of entity ${entity}`);
|
|
406
|
+
}
|
|
407
|
+
else {
|
|
408
|
+
yield (0, utils_1.encryptObject)(entity, (obj) => __awaiter(this, void 0, void 0, function* () {
|
|
409
|
+
const hasNonEmptyValues = Object.values(obj).some((v) => v !== undefined && (typeof v !== 'object' || (Array.isArray(v) && v.length > 0) || Object.keys(v).length > 0));
|
|
410
|
+
if (hasNonEmptyValues) {
|
|
411
|
+
throw new Error(`Impossible to modify encrypted content of an entity if no encryption key is known.\nEntity: ${JSON.stringify(entity)}\nTo encrypt: ${JSON.stringify(obj)}`);
|
|
412
|
+
}
|
|
413
|
+
return Promise.resolve(new ArrayBuffer(1));
|
|
414
|
+
}), fieldsToEncrypt, 'entity');
|
|
415
|
+
return entity;
|
|
416
|
+
}
|
|
417
|
+
});
|
|
418
|
+
}
|
|
419
|
+
ensureEncryptionKeysInitialised(entity, entityType) {
|
|
420
|
+
var _a, _b, _c;
|
|
421
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
422
|
+
if (this.allSecurityMetadataDecryptor.hasAnyEncryptionKeys(entity))
|
|
423
|
+
return undefined;
|
|
424
|
+
if (!entity.rev) {
|
|
425
|
+
throw new Error('New encrypted entity is lacking encryption metadata. ' +
|
|
426
|
+
'Please instantiate new entities using the `newInstance` method from the respective extended api.');
|
|
427
|
+
}
|
|
428
|
+
/*
|
|
429
|
+
* Add encryption key and share with all auto-delegates already in legacy delegations.
|
|
430
|
+
* TODO disable this logic and simply throw error for post-2018 customers.
|
|
431
|
+
*/
|
|
432
|
+
const existingDelegations = new Set(Object.keys((_a = entity.delegations) !== null && _a !== void 0 ? _a : {}));
|
|
433
|
+
const usersWithAccessToNewKey = Object.fromEntries(Object.values((_b = (yield this.userApi.getCurrentUser()).autoDelegations) !== null && _b !== void 0 ? _b : {})
|
|
434
|
+
.flatMap((x) => x)
|
|
435
|
+
.filter((x) => existingDelegations.has(x))
|
|
436
|
+
.map((x) => [x, AccessLevelEnum.WRITE]));
|
|
437
|
+
return yield this.secureDelegationsManager.entityWithInitialisedEncryptedMetadata(Object.assign(Object.assign({}, entity), { secretForeignKeys: (_c = entity.secretForeignKeys) !== null && _c !== void 0 ? _c : [] }), entityType, [], [], [yield this.primitives.AES.generateCryptoKey(true)], usersWithAccessToNewKey);
|
|
438
|
+
});
|
|
439
|
+
}
|
|
440
|
+
decryptHierarchy(entity, decryptedDataGeneratorProvider) {
|
|
441
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
442
|
+
const canDecryptOwnerIds = this.useParentKeys
|
|
443
|
+
? yield this.dataOwnerApi.getCurrentDataOwnerHierarchyIds()
|
|
444
|
+
: [yield this.dataOwnerApi.getCurrentDataOwnerId()];
|
|
445
|
+
const decryptedData = yield (0, collection_utils_1.asyncGeneratorToArray)(decryptedDataGeneratorProvider(entity, canDecryptOwnerIds));
|
|
446
|
+
return canDecryptOwnerIds.map((ownerId) => {
|
|
447
|
+
const extracted = this.deduplicate(decryptedData.filter((x) => x.dataOwnersWithAccess.some((o) => o === ownerId)).map((x) => x.decrypted));
|
|
448
|
+
return { ownerId, extracted };
|
|
449
|
+
});
|
|
450
|
+
});
|
|
451
|
+
}
|
|
452
|
+
decryptAndMergeHierarchy(entity, dataOwnerId, decryptedDataGeneratorProvider) {
|
|
453
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
454
|
+
const hierarchy = this.useParentKeys
|
|
455
|
+
? dataOwnerId
|
|
456
|
+
? yield this.dataOwnerApi.getCurrentDataOwnerHierarchyIdsFrom(dataOwnerId)
|
|
457
|
+
: yield this.dataOwnerApi.getCurrentDataOwnerHierarchyIds()
|
|
458
|
+
: [dataOwnerId !== null && dataOwnerId !== void 0 ? dataOwnerId : (yield this.dataOwnerApi.getCurrentDataOwnerId())];
|
|
459
|
+
const decryptedData = yield (0, collection_utils_1.asyncGeneratorToArray)(decryptedDataGeneratorProvider(entity, hierarchy));
|
|
460
|
+
return this.deduplicate(decryptedData.map((x) => x.decrypted));
|
|
461
|
+
});
|
|
462
|
+
}
|
|
463
|
+
tryImportKey(key) {
|
|
464
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
465
|
+
if (!/^[0-9A-Fa-f\-]+$/g.test(key))
|
|
466
|
+
return undefined;
|
|
467
|
+
try {
|
|
468
|
+
return yield this.primitives.AES.importKey('raw', (0, utils_1.hex2ua)(key.replace(/-/g, '')));
|
|
469
|
+
}
|
|
470
|
+
catch (e) {
|
|
471
|
+
console.warn(`Could not import key ${key} as an encryption key.`, e);
|
|
472
|
+
return undefined;
|
|
473
|
+
}
|
|
474
|
+
});
|
|
475
|
+
}
|
|
476
|
+
decryptAndImportAllDecryptionKeys(entity) {
|
|
477
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
478
|
+
const keys = this.allSecurityMetadataDecryptor.hasAnyEncryptionKeys(entity.entity)
|
|
479
|
+
? yield this.encryptionKeysOf(entity)
|
|
480
|
+
: this.deduplicate(yield (0, collection_utils_1.asyncGeneratorToArray)(this.legacyDelMetadataDecryptor.decryptSecretIdsOf(entity, yield this.dataOwnerApi.getCurrentDataOwnerHierarchyIds())).then((secretIdsInfo) => secretIdsInfo.map(({ decrypted }) => decrypted)));
|
|
481
|
+
const res = [];
|
|
482
|
+
for (const key of keys) {
|
|
483
|
+
const imported = yield this.tryImportKey(key);
|
|
484
|
+
if (imported)
|
|
485
|
+
res.push({ key: imported, raw: key });
|
|
486
|
+
}
|
|
487
|
+
return res;
|
|
488
|
+
});
|
|
489
|
+
}
|
|
490
|
+
decryptAndImportAnyEncryptionKey(entity) {
|
|
491
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
492
|
+
const res = yield this.tryImportFirstValidKey(entity);
|
|
493
|
+
if (!res)
|
|
494
|
+
throw new Error(`Could not find any valid key for entity ${entity.entity.id} (${entity.type}).`);
|
|
495
|
+
return res;
|
|
496
|
+
});
|
|
497
|
+
}
|
|
498
|
+
tryImportFirstValidKey(entity) {
|
|
499
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
500
|
+
const generator = this.allSecurityMetadataDecryptor.decryptEncryptionKeysOf(entity, yield this.dataOwnerApi.getCurrentDataOwnerHierarchyIds());
|
|
501
|
+
let latest = yield generator.next();
|
|
502
|
+
while (!latest.done) {
|
|
503
|
+
const imported = yield this.tryImportKey(latest.value.decrypted);
|
|
504
|
+
if (imported)
|
|
505
|
+
return { key: imported, raw: latest.value.decrypted };
|
|
506
|
+
latest = yield generator.next();
|
|
507
|
+
}
|
|
508
|
+
return undefined;
|
|
509
|
+
});
|
|
510
|
+
}
|
|
511
|
+
deduplicate(values) {
|
|
512
|
+
return [...new Set(values)];
|
|
513
|
+
}
|
|
514
|
+
throwDetailedExceptionForInvalidParameter(argName, argValue, methodName, methodArgs) {
|
|
515
|
+
if (argValue)
|
|
516
|
+
return;
|
|
517
|
+
let details = '\nMethod name: icc-crypto-x-api.' + methodName + '()\nArguments:';
|
|
518
|
+
if (methodArgs) {
|
|
519
|
+
try {
|
|
520
|
+
const argsArray = [...methodArgs];
|
|
521
|
+
argsArray.forEach((arg, index) => (details += '\n[' + index + ']: ' + JSON.stringify(arg)));
|
|
522
|
+
}
|
|
523
|
+
catch (ex) {
|
|
524
|
+
details += '; a problem occured while logging arguments details: ' + ex;
|
|
525
|
+
}
|
|
526
|
+
}
|
|
527
|
+
throw new Error('### THIS SHOULD NOT HAPPEN: ' + argName + ' has an invalid value: ' + argValue + details);
|
|
528
|
+
}
|
|
529
|
+
checkEmptyEncryptionMetadata(entity) {
|
|
530
|
+
this.doCheckEmptyEncryptionMetadata(entity, true);
|
|
531
|
+
}
|
|
532
|
+
hasEmptyEncryptionMetadata(entity) {
|
|
533
|
+
return this.doCheckEmptyEncryptionMetadata(entity, false);
|
|
534
|
+
}
|
|
535
|
+
doCheckEmptyEncryptionMetadata(entity, throwErrorIfNonEmpty) {
|
|
536
|
+
const existingMetadata = [];
|
|
537
|
+
if (entity.delegations && Object.keys(entity.delegations).length)
|
|
538
|
+
existingMetadata.push('delegations');
|
|
539
|
+
if (entity.cryptedForeignKeys && Object.keys(entity.cryptedForeignKeys).length)
|
|
540
|
+
existingMetadata.push('cryptedForeignKeys');
|
|
541
|
+
if (entity.encryptionKeys && Object.keys(entity.encryptionKeys).length)
|
|
542
|
+
existingMetadata.push('encryptionKeys');
|
|
543
|
+
if (entity.secretForeignKeys && entity.secretForeignKeys.length)
|
|
544
|
+
existingMetadata.push('secretForeignKeys');
|
|
545
|
+
if (entity.securityMetadata && Object.keys(entity.securityMetadata).length)
|
|
546
|
+
existingMetadata.push('securityMetadata');
|
|
547
|
+
if (existingMetadata.length > 0) {
|
|
548
|
+
if (throwErrorIfNonEmpty) {
|
|
549
|
+
throw new Error(`Entity should have no encryption metadata on initialisation, but the following fields already have some values: ${existingMetadata}\n` +
|
|
550
|
+
JSON.stringify(entity, undefined, 2));
|
|
551
|
+
}
|
|
552
|
+
else
|
|
553
|
+
return false;
|
|
554
|
+
}
|
|
555
|
+
return true;
|
|
556
|
+
}
|
|
557
|
+
getDataOwnersWithAccessTo(entity) {
|
|
558
|
+
return this.allSecurityMetadataDecryptor.getDataOwnersWithAccessTo(entity);
|
|
559
|
+
}
|
|
560
|
+
}
|
|
561
|
+
exports.ExtendedApisUtilsImpl = ExtendedApisUtilsImpl;
|
|
562
|
+
//# sourceMappingURL=ExtendedApisUtilsImpl.js.map
|