@icure/api 7.1.14 → 8.0.0-RC.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/icc-api/api/IccAccesslogApi.d.ts +12 -1
- package/icc-api/api/IccAccesslogApi.js +142 -98
- package/icc-api/api/IccAccesslogApi.js.map +1 -1
- package/icc-api/api/IccBemikronoApi.d.ts +81 -0
- package/icc-api/api/IccBemikronoApi.js +163 -0
- package/icc-api/api/IccBemikronoApi.js.map +1 -0
- package/icc-api/api/IccCalendarItemApi.d.ts +21 -1
- package/icc-api/api/IccCalendarItemApi.js +183 -117
- package/icc-api/api/IccCalendarItemApi.js.map +1 -1
- package/icc-api/api/IccClassificationApi.d.ts +21 -1
- package/icc-api/api/IccClassificationApi.js +119 -63
- package/icc-api/api/IccClassificationApi.js.map +1 -1
- package/icc-api/api/IccContactApi.d.ts +21 -1
- package/icc-api/api/IccContactApi.js +385 -294
- package/icc-api/api/IccContactApi.js.map +1 -1
- package/icc-api/api/IccDocumentApi.d.ts +32 -25
- package/icc-api/api/IccDocumentApi.js +264 -212
- package/icc-api/api/IccDocumentApi.js.map +1 -1
- package/icc-api/api/IccExchangeDataApi.d.ts +19 -0
- package/icc-api/api/IccExchangeDataApi.js +85 -0
- package/icc-api/api/IccExchangeDataApi.js.map +1 -0
- package/icc-api/api/IccExchangeDataMapApi.d.ts +18 -0
- package/icc-api/api/IccExchangeDataMapApi.js +65 -0
- package/icc-api/api/IccExchangeDataMapApi.js.map +1 -0
- package/icc-api/api/IccFormApi.d.ts +21 -1
- package/icc-api/api/IccFormApi.js +321 -229
- package/icc-api/api/IccFormApi.js.map +1 -1
- package/icc-api/api/IccHelementApi.d.ts +21 -1
- package/icc-api/api/IccHelementApi.js +207 -137
- package/icc-api/api/IccHelementApi.js.map +1 -1
- package/icc-api/api/IccInvoiceApi.d.ts +21 -1
- package/icc-api/api/IccInvoiceApi.js +404 -298
- package/icc-api/api/IccInvoiceApi.js.map +1 -1
- package/icc-api/api/IccMaintenanceTaskApi.d.ts +12 -1
- package/icc-api/api/IccMaintenanceTaskApi.js +79 -43
- package/icc-api/api/IccMaintenanceTaskApi.js.map +1 -1
- package/icc-api/api/IccMessageApi.d.ts +12 -1
- package/icc-api/api/IccMessageApi.js +257 -191
- package/icc-api/api/IccMessageApi.js.map +1 -1
- package/icc-api/api/IccPatientApi.d.ts +12 -1
- package/icc-api/api/IccPatientApi.js +447 -351
- package/icc-api/api/IccPatientApi.js.map +1 -1
- package/icc-api/api/IccReceiptApi.d.ts +22 -8
- package/icc-api/api/IccReceiptApi.js +121 -64
- package/icc-api/api/IccReceiptApi.js.map +1 -1
- package/icc-api/api/IccRestApiPath.js +1 -1
- package/icc-api/api/IccRestApiPath.js.map +1 -1
- package/icc-api/api/IccTimeTableApi.d.ts +12 -1
- package/icc-api/api/IccTimeTableApi.js +86 -48
- package/icc-api/api/IccTimeTableApi.js.map +1 -1
- package/icc-api/index.d.ts +1 -0
- package/icc-api/index.js +1 -0
- package/icc-api/index.js.map +1 -1
- package/icc-api/model/AccessLog.d.ts +4 -0
- package/icc-api/model/AccessLog.js +1 -0
- package/icc-api/model/AccessLog.js.map +1 -1
- package/icc-api/model/Article.d.ts +4 -0
- package/icc-api/model/Article.js +1 -0
- package/icc-api/model/Article.js.map +1 -1
- package/icc-api/model/CalendarItem.d.ts +4 -0
- package/icc-api/model/CalendarItem.js +1 -0
- package/icc-api/model/CalendarItem.js.map +1 -1
- package/icc-api/model/Classification.d.ts +4 -0
- package/icc-api/model/Classification.js +1 -0
- package/icc-api/model/Classification.js.map +1 -1
- package/icc-api/model/ClassificationTemplate.d.ts +2 -0
- package/icc-api/model/ClassificationTemplate.js.map +1 -1
- package/icc-api/model/Contact.d.ts +4 -0
- package/icc-api/model/Contact.js +1 -0
- package/icc-api/model/Contact.js.map +1 -1
- package/icc-api/model/Device.d.ts +4 -4
- package/icc-api/model/Device.js.map +1 -1
- package/icc-api/model/Document.d.ts +4 -0
- package/icc-api/model/Document.js +1 -0
- package/icc-api/model/Document.js.map +1 -1
- package/icc-api/model/ExchangeData.d.ts +61 -0
- package/icc-api/model/ExchangeData.js +12 -0
- package/icc-api/model/ExchangeData.js.map +1 -0
- package/icc-api/model/ExchangeDataMap.d.ts +21 -0
- package/icc-api/model/ExchangeDataMap.js +10 -0
- package/icc-api/model/ExchangeDataMap.js.map +1 -0
- package/icc-api/model/ExchangeDataMapCreationBatch.d.ts +13 -0
- package/icc-api/model/ExchangeDataMapCreationBatch.js +10 -0
- package/icc-api/model/ExchangeDataMapCreationBatch.js.map +1 -0
- package/icc-api/model/Form.d.ts +4 -0
- package/icc-api/model/Form.js +1 -0
- package/icc-api/model/Form.js.map +1 -1
- package/icc-api/model/HealthElement.d.ts +4 -0
- package/icc-api/model/HealthElement.js +1 -0
- package/icc-api/model/HealthElement.js.map +1 -1
- package/icc-api/model/HealthcareParty.d.ts +2 -2
- package/icc-api/model/HealthcareParty.js.map +1 -1
- package/icc-api/model/IcureStub.d.ts +2 -0
- package/icc-api/model/IcureStub.js.map +1 -1
- package/icc-api/model/Invoice.d.ts +4 -0
- package/icc-api/model/Invoice.js +1 -0
- package/icc-api/model/Invoice.js.map +1 -1
- package/icc-api/model/MaintenanceTask.d.ts +4 -0
- package/icc-api/model/MaintenanceTask.js +1 -0
- package/icc-api/model/MaintenanceTask.js.map +1 -1
- package/icc-api/model/Message.d.ts +4 -0
- package/icc-api/model/Message.js +1 -0
- package/icc-api/model/Message.js.map +1 -1
- package/icc-api/model/PaginatedListExchangeData.d.ts +9 -0
- package/icc-api/model/PaginatedListExchangeData.js +10 -0
- package/icc-api/model/PaginatedListExchangeData.js.map +1 -0
- package/icc-api/model/Patient.d.ts +6 -2
- package/icc-api/model/Patient.js +1 -0
- package/icc-api/model/Patient.js.map +1 -1
- package/icc-api/model/PatientByHcPartyGenderEducationProfession.d.ts +31 -0
- package/icc-api/model/PatientByHcPartyGenderEducationProfession.js +32 -0
- package/icc-api/model/PatientByHcPartyGenderEducationProfession.js.map +1 -0
- package/icc-api/model/Receipt.d.ts +4 -0
- package/icc-api/model/Receipt.js +1 -0
- package/icc-api/model/Receipt.js.map +1 -1
- package/icc-api/model/SecureDelegation.d.ts +52 -0
- package/icc-api/model/SecureDelegation.js +16 -0
- package/icc-api/model/SecureDelegation.js.map +1 -0
- package/icc-api/model/SecurityMetadata.d.ts +33 -0
- package/icc-api/model/SecurityMetadata.js +13 -0
- package/icc-api/model/SecurityMetadata.js.map +1 -0
- package/icc-api/model/Service.d.ts +2 -0
- package/icc-api/model/Service.js.map +1 -1
- package/icc-api/model/TimeTable.d.ts +4 -0
- package/icc-api/model/TimeTable.js +1 -0
- package/icc-api/model/TimeTable.js.map +1 -1
- package/icc-api/model/models.d.ts +20 -39
- package/icc-api/model/models.js +15 -37
- package/icc-api/model/models.js.map +1 -1
- package/icc-api/model/requests/EntityBulkShareResult.d.ts +28 -0
- package/icc-api/model/requests/EntityBulkShareResult.js +16 -0
- package/icc-api/model/requests/EntityBulkShareResult.js.map +1 -0
- package/icc-api/model/requests/EntityShareOrMetadataUpdateRequest.d.ts +10 -0
- package/icc-api/model/requests/EntityShareOrMetadataUpdateRequest.js +17 -0
- package/icc-api/model/requests/EntityShareOrMetadataUpdateRequest.js.map +1 -0
- package/icc-api/model/requests/EntityShareRequest.d.ts +110 -0
- package/icc-api/model/requests/EntityShareRequest.js +63 -0
- package/icc-api/model/requests/EntityShareRequest.js.map +1 -0
- package/icc-api/model/requests/EntitySharedMetadataUpdateRequest.d.ts +54 -0
- package/icc-api/model/requests/EntitySharedMetadataUpdateRequest.js +24 -0
- package/icc-api/model/requests/EntitySharedMetadataUpdateRequest.js.map +1 -0
- package/icc-api/model/requests/MinimalEntityBulkShareResult.d.ts +23 -0
- package/icc-api/model/requests/MinimalEntityBulkShareResult.js +13 -0
- package/icc-api/model/requests/MinimalEntityBulkShareResult.js.map +1 -0
- package/icc-api/model/requests/RejectedShareOrMetadataUpdateRequest.d.ts +21 -0
- package/icc-api/model/requests/RejectedShareOrMetadataUpdateRequest.js +14 -0
- package/icc-api/model/requests/RejectedShareOrMetadataUpdateRequest.js.map +1 -0
- package/icc-x-api/basexapi/EncryptedEntityXApi.d.ts +3 -2
- package/icc-x-api/basexapi/EncryptedEntityXApi.js.map +1 -1
- package/icc-x-api/crypto/AES.js +1 -1
- package/icc-x-api/crypto/AES.js.map +1 -1
- package/icc-x-api/crypto/AccessControlKeysHeadersProvider.d.ts +16 -0
- package/icc-x-api/crypto/AccessControlKeysHeadersProvider.js +41 -0
- package/icc-x-api/crypto/AccessControlKeysHeadersProvider.js.map +1 -0
- package/icc-x-api/crypto/AccessControlSecretUtils.d.ts +42 -0
- package/icc-x-api/crypto/AccessControlSecretUtils.js +86 -0
- package/icc-x-api/crypto/AccessControlSecretUtils.js.map +1 -0
- package/icc-x-api/crypto/BaseExchangeDataManager.d.ts +146 -0
- package/icc-x-api/crypto/BaseExchangeDataManager.js +342 -0
- package/icc-x-api/crypto/BaseExchangeDataManager.js.map +1 -0
- package/icc-x-api/crypto/BaseExchangeKeysManager.d.ts +0 -18
- package/icc-x-api/crypto/BaseExchangeKeysManager.js +11 -85
- package/icc-x-api/crypto/BaseExchangeKeysManager.js.map +1 -1
- package/icc-x-api/crypto/ConfidentialEntities.d.ts +26 -16
- package/icc-x-api/crypto/ConfidentialEntities.js +30 -17
- package/icc-x-api/crypto/ConfidentialEntities.js.map +1 -1
- package/icc-x-api/crypto/CryptoStrategies.d.ts +8 -1
- package/icc-x-api/crypto/CryptoStrategies.js.map +1 -1
- package/icc-x-api/crypto/ExchangeDataManager.d.ts +95 -0
- package/icc-x-api/crypto/ExchangeDataManager.js +493 -0
- package/icc-x-api/crypto/ExchangeDataManager.js.map +1 -0
- package/icc-x-api/crypto/ExchangeDataMapManager.d.ts +32 -0
- package/icc-x-api/crypto/ExchangeDataMapManager.js +70 -0
- package/icc-x-api/crypto/ExchangeDataMapManager.js.map +1 -0
- package/icc-x-api/crypto/ExchangeKeysManager.d.ts +4 -16
- package/icc-x-api/crypto/ExchangeKeysManager.js +4 -62
- package/icc-x-api/crypto/ExchangeKeysManager.js.map +1 -1
- package/icc-x-api/crypto/ExtendedApisUtils.d.ts +336 -0
- package/icc-x-api/crypto/ExtendedApisUtils.js +3 -0
- package/icc-x-api/crypto/ExtendedApisUtils.js.map +1 -0
- package/icc-x-api/crypto/ExtendedApisUtilsImpl.d.ts +181 -0
- package/icc-x-api/crypto/ExtendedApisUtilsImpl.js +562 -0
- package/icc-x-api/crypto/ExtendedApisUtilsImpl.js.map +1 -0
- package/icc-x-api/crypto/KeyRecovery.d.ts +5 -2
- package/icc-x-api/crypto/KeyRecovery.js +59 -29
- package/icc-x-api/crypto/KeyRecovery.js.map +1 -1
- package/icc-x-api/crypto/LegacyCryptoStrategies.d.ts +7 -2
- package/icc-x-api/crypto/LegacyCryptoStrategies.js +8 -1
- package/icc-x-api/crypto/LegacyCryptoStrategies.js.map +1 -1
- package/icc-x-api/crypto/LegacyDelegationSecurityMetadataDecryptor.d.ts +39 -0
- package/icc-x-api/crypto/LegacyDelegationSecurityMetadataDecryptor.js +150 -0
- package/icc-x-api/crypto/LegacyDelegationSecurityMetadataDecryptor.js.map +1 -0
- package/icc-x-api/crypto/RSA.d.ts +34 -8
- package/icc-x-api/crypto/RSA.js +80 -13
- package/icc-x-api/crypto/RSA.js.map +1 -1
- package/icc-x-api/crypto/SecureDelegationsEncryption.d.ts +54 -0
- package/icc-x-api/crypto/SecureDelegationsEncryption.js +178 -0
- package/icc-x-api/crypto/SecureDelegationsEncryption.js.map +1 -0
- package/icc-x-api/crypto/SecureDelegationsManager.d.ts +66 -0
- package/icc-x-api/crypto/SecureDelegationsManager.js +261 -0
- package/icc-x-api/crypto/SecureDelegationsManager.js.map +1 -0
- package/icc-x-api/crypto/SecureDelegationsSecurityMetadataDecryptor.d.ts +37 -0
- package/icc-x-api/crypto/SecureDelegationsSecurityMetadataDecryptor.js +294 -0
- package/icc-x-api/crypto/SecureDelegationsSecurityMetadataDecryptor.js.map +1 -0
- package/icc-x-api/crypto/SecurityMetadataDecryptor.d.ts +114 -0
- package/icc-x-api/crypto/SecurityMetadataDecryptor.js +98 -0
- package/icc-x-api/crypto/SecurityMetadataDecryptor.js.map +1 -0
- package/icc-x-api/crypto/ShamirKeysManager.d.ts +5 -5
- package/icc-x-api/crypto/ShamirKeysManager.js +6 -9
- package/icc-x-api/crypto/ShamirKeysManager.js.map +1 -1
- package/icc-x-api/crypto/TransferKeysManager.d.ts +8 -6
- package/icc-x-api/crypto/TransferKeysManager.js +75 -52
- package/icc-x-api/crypto/TransferKeysManager.js.map +1 -1
- package/icc-x-api/crypto/{KeyManager.d.ts → UserEncryptionKeysManager.d.ts} +4 -6
- package/icc-x-api/crypto/{KeyManager.js → UserEncryptionKeysManager.js} +43 -23
- package/icc-x-api/crypto/UserEncryptionKeysManager.js.map +1 -0
- package/icc-x-api/crypto/UserSignatureKeysManager.d.ts +26 -0
- package/icc-x-api/crypto/UserSignatureKeysManager.js +74 -0
- package/icc-x-api/crypto/UserSignatureKeysManager.js.map +1 -0
- package/icc-x-api/crypto/utils.d.ts +61 -11
- package/icc-x-api/crypto/utils.js +113 -44
- package/icc-x-api/crypto/utils.js.map +1 -1
- package/icc-x-api/filters/filters.js.map +1 -1
- package/icc-x-api/icc-accesslog-x-api.d.ts +46 -11
- package/icc-x-api/icc-accesslog-x-api.js +75 -42
- package/icc-x-api/icc-accesslog-x-api.js.map +1 -1
- package/icc-x-api/icc-calendar-item-x-api.d.ts +50 -14
- package/icc-x-api/icc-calendar-item-x-api.js +99 -49
- package/icc-x-api/icc-calendar-item-x-api.js.map +1 -1
- package/icc-x-api/icc-classification-x-api.d.ts +44 -9
- package/icc-x-api/icc-classification-x-api.js +56 -31
- package/icc-x-api/icc-classification-x-api.js.map +1 -1
- package/icc-x-api/icc-contact-x-api.d.ts +56 -32
- package/icc-x-api/icc-contact-x-api.js +95 -64
- package/icc-x-api/icc-contact-x-api.js.map +1 -1
- package/icc-x-api/icc-crypto-x-api.d.ts +28 -334
- package/icc-x-api/icc-crypto-x-api.js +41 -765
- package/icc-x-api/icc-crypto-x-api.js.map +1 -1
- package/icc-x-api/icc-data-owner-x-api.d.ts +20 -8
- package/icc-x-api/icc-data-owner-x-api.js +31 -10
- package/icc-x-api/icc-data-owner-x-api.js.map +1 -1
- package/icc-x-api/icc-document-x-api.d.ts +48 -11
- package/icc-x-api/icc-document-x-api.js +111 -64
- package/icc-x-api/icc-document-x-api.js.map +1 -1
- package/icc-x-api/icc-form-x-api.d.ts +45 -10
- package/icc-x-api/icc-form-x-api.js +65 -35
- package/icc-x-api/icc-form-x-api.js.map +1 -1
- package/icc-x-api/icc-hcparty-x-api.d.ts +2 -2
- package/icc-x-api/icc-hcparty-x-api.js +3 -3
- package/icc-x-api/icc-hcparty-x-api.js.map +1 -1
- package/icc-x-api/icc-helement-x-api.d.ts +55 -18
- package/icc-x-api/icc-helement-x-api.js +76 -41
- package/icc-x-api/icc-helement-x-api.js.map +1 -1
- package/icc-x-api/icc-icure-maintenance-x-api.d.ts +7 -2
- package/icc-x-api/icc-icure-maintenance-x-api.js +38 -27
- package/icc-x-api/icc-icure-maintenance-x-api.js.map +1 -1
- package/icc-x-api/icc-invoice-x-api.d.ts +50 -15
- package/icc-x-api/icc-invoice-x-api.js +63 -33
- package/icc-x-api/icc-invoice-x-api.js.map +1 -1
- package/icc-x-api/icc-maintenance-task-x-api.d.ts +53 -21
- package/icc-x-api/icc-maintenance-task-x-api.js +72 -35
- package/icc-x-api/icc-maintenance-task-x-api.js.map +1 -1
- package/icc-x-api/icc-message-x-api.d.ts +53 -15
- package/icc-x-api/icc-message-x-api.js +65 -36
- package/icc-x-api/icc-message-x-api.js.map +1 -1
- package/icc-x-api/icc-patient-x-api.d.ts +84 -29
- package/icc-x-api/icc-patient-x-api.js +313 -378
- package/icc-x-api/icc-patient-x-api.js.map +1 -1
- package/icc-x-api/icc-receipt-x-api.d.ts +44 -12
- package/icc-x-api/icc-receipt-x-api.js +67 -35
- package/icc-x-api/icc-receipt-x-api.js.map +1 -1
- package/icc-x-api/icc-time-table-x-api.d.ts +43 -12
- package/icc-x-api/icc-time-table-x-api.js +56 -26
- package/icc-x-api/icc-time-table-x-api.js.map +1 -1
- package/icc-x-api/icc-user-x-api.d.ts +2 -2
- package/icc-x-api/icc-user-x-api.js +3 -3
- package/icc-x-api/icc-user-x-api.js.map +1 -1
- package/icc-x-api/index.d.ts +4 -2
- package/icc-x-api/index.js +154 -135
- package/icc-x-api/index.js.map +1 -1
- package/icc-x-api/storage/DefaultStorageEntryKeysFactory.d.ts +2 -0
- package/icc-x-api/storage/DefaultStorageEntryKeysFactory.js +9 -2
- package/icc-x-api/storage/DefaultStorageEntryKeysFactory.js.map +1 -1
- package/icc-x-api/storage/IcureStorageFacade.d.ts +23 -2
- package/icc-x-api/storage/IcureStorageFacade.js +36 -2
- package/icc-x-api/storage/IcureStorageFacade.js.map +1 -1
- package/icc-x-api/storage/KeyStorageFacade.d.ts +12 -0
- package/icc-x-api/storage/KeyStorageFacade.js.map +1 -1
- package/icc-x-api/storage/KeyStorageImpl.d.ts +2 -0
- package/icc-x-api/storage/KeyStorageImpl.js +10 -0
- package/icc-x-api/storage/KeyStorageImpl.js.map +1 -1
- package/icc-x-api/storage/StorageEntryKeysFactory.d.ts +14 -1
- package/icc-x-api/storage/StorageEntryKeysFactory.js.map +1 -1
- package/icc-x-api/utils/EntityWithDelegationTypeName.d.ts +32 -0
- package/icc-x-api/utils/EntityWithDelegationTypeName.js +75 -0
- package/icc-x-api/utils/EntityWithDelegationTypeName.js.map +1 -0
- package/icc-x-api/utils/ShareResult.d.ts +74 -0
- package/icc-x-api/utils/ShareResult.js +61 -0
- package/icc-x-api/utils/ShareResult.js.map +1 -0
- package/icc-x-api/utils/binary-utils.d.ts +1 -0
- package/icc-x-api/utils/binary-utils.js +8 -1
- package/icc-x-api/utils/binary-utils.js.map +1 -1
- package/icc-x-api/utils/collection-utils.d.ts +5 -0
- package/icc-x-api/utils/collection-utils.js +26 -1
- package/icc-x-api/utils/collection-utils.js.map +1 -1
- package/icc-x-api/utils/crypto-utils.d.ts +4 -3
- package/icc-x-api/utils/crypto-utils.js +5 -4
- package/icc-x-api/utils/crypto-utils.js.map +1 -1
- package/icc-x-api/utils/lru-temporised-async-cache.d.ts +26 -3
- package/icc-x-api/utils/lru-temporised-async-cache.js +75 -15
- package/icc-x-api/utils/lru-temporised-async-cache.js.map +1 -1
- package/icc-x-api/utils/websocket.d.ts +10 -10
- package/icc-x-api/utils/websocket.js +18 -9
- package/icc-x-api/utils/websocket.js.map +1 -1
- package/index.d.ts +1 -1
- package/index.js +3 -1
- package/index.js.map +1 -1
- package/package.json +2 -3
- package/icc-x-api/crypto/EntitiesEncryption.d.ts +0 -275
- package/icc-x-api/crypto/EntitiesEncryption.js +0 -734
- package/icc-x-api/crypto/EntitiesEncryption.js.map +0 -1
- package/icc-x-api/crypto/KeyManager.js.map +0 -1
|
@@ -0,0 +1,37 @@
|
|
|
1
|
+
import { SecurityMetadataDecryptor } from './SecurityMetadataDecryptor';
|
|
2
|
+
import { SecureDelegation } from '../../icc-api/model/SecureDelegation';
|
|
3
|
+
import { ExchangeDataManager } from './ExchangeDataManager';
|
|
4
|
+
import { EncryptedEntityWithType } from '../utils/EntityWithDelegationTypeName';
|
|
5
|
+
import { SecureDelegationsEncryption } from './SecureDelegationsEncryption';
|
|
6
|
+
import AccessLevel = SecureDelegation.AccessLevelEnum;
|
|
7
|
+
import { EncryptedEntity, EncryptedEntityStub } from '../../icc-api/model/models';
|
|
8
|
+
import { IccDataOwnerXApi } from '../icc-data-owner-x-api';
|
|
9
|
+
import { ExchangeDataMapManager } from './ExchangeDataMapManager';
|
|
10
|
+
export declare class SecureDelegationsSecurityMetadataDecryptor implements SecurityMetadataDecryptor {
|
|
11
|
+
private readonly exchangeData;
|
|
12
|
+
private readonly exchangeDataMap;
|
|
13
|
+
private readonly secureDelegationsEncryption;
|
|
14
|
+
private readonly dataOwnerApi;
|
|
15
|
+
constructor(exchangeData: ExchangeDataManager, exchangeDataMap: ExchangeDataMapManager, secureDelegationsEncryption: SecureDelegationsEncryption, dataOwnerApi: IccDataOwnerXApi);
|
|
16
|
+
decryptEncryptionKeysOf(typedEntity: EncryptedEntityWithType, dataOwnersHierarchySubset: string[]): AsyncGenerator<{
|
|
17
|
+
decrypted: string;
|
|
18
|
+
dataOwnersWithAccess: string[];
|
|
19
|
+
}, void, never>;
|
|
20
|
+
decryptOwningEntityIdsOf(typedEntity: EncryptedEntityWithType, dataOwnersHierarchySubset: string[]): AsyncGenerator<{
|
|
21
|
+
decrypted: string;
|
|
22
|
+
dataOwnersWithAccess: string[];
|
|
23
|
+
}, void, never>;
|
|
24
|
+
decryptSecretIdsOf(typedEntity: EncryptedEntityWithType, dataOwnersHierarchySubset: string[]): AsyncGenerator<{
|
|
25
|
+
decrypted: string;
|
|
26
|
+
dataOwnersWithAccess: string[];
|
|
27
|
+
}, void, never>;
|
|
28
|
+
getDataOwnersWithAccessTo(typedEntity: EncryptedEntityWithType): Promise<{
|
|
29
|
+
permissionsByDataOwnerId: {
|
|
30
|
+
[delegateId: string]: SecureDelegation.AccessLevelEnum;
|
|
31
|
+
};
|
|
32
|
+
hasUnknownAnonymousDataOwners: boolean;
|
|
33
|
+
}>;
|
|
34
|
+
hasAnyEncryptionKeys(entity: EncryptedEntity | EncryptedEntityStub): boolean;
|
|
35
|
+
getEntityAccessLevel(typedEntity: EncryptedEntityWithType, dataOwnersHierarchySubset: string[]): Promise<AccessLevel | undefined>;
|
|
36
|
+
private decryptSecureDelegations;
|
|
37
|
+
}
|
|
@@ -0,0 +1,294 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
|
|
3
|
+
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
|
|
4
|
+
return new (P || (P = Promise))(function (resolve, reject) {
|
|
5
|
+
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
|
|
6
|
+
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
|
|
7
|
+
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
|
|
8
|
+
step((generator = generator.apply(thisArg, _arguments || [])).next());
|
|
9
|
+
});
|
|
10
|
+
};
|
|
11
|
+
var __await = (this && this.__await) || function (v) { return this instanceof __await ? (this.v = v, this) : new __await(v); }
|
|
12
|
+
var __asyncGenerator = (this && this.__asyncGenerator) || function (thisArg, _arguments, generator) {
|
|
13
|
+
if (!Symbol.asyncIterator) throw new TypeError("Symbol.asyncIterator is not defined.");
|
|
14
|
+
var g = generator.apply(thisArg, _arguments || []), i, q = [];
|
|
15
|
+
return i = {}, verb("next"), verb("throw"), verb("return"), i[Symbol.asyncIterator] = function () { return this; }, i;
|
|
16
|
+
function verb(n) { if (g[n]) i[n] = function (v) { return new Promise(function (a, b) { q.push([n, v, a, b]) > 1 || resume(n, v); }); }; }
|
|
17
|
+
function resume(n, v) { try { step(g[n](v)); } catch (e) { settle(q[0][3], e); } }
|
|
18
|
+
function step(r) { r.value instanceof __await ? Promise.resolve(r.value.v).then(fulfill, reject) : settle(q[0][2], r); }
|
|
19
|
+
function fulfill(value) { resume("next", value); }
|
|
20
|
+
function reject(value) { resume("throw", value); }
|
|
21
|
+
function settle(f, v) { if (f(v), q.shift(), q.length) resume(q[0][0], q[0][1]); }
|
|
22
|
+
};
|
|
23
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
24
|
+
exports.SecureDelegationsSecurityMetadataDecryptor = void 0;
|
|
25
|
+
const SecureDelegation_1 = require("../../icc-api/model/SecureDelegation");
|
|
26
|
+
var AccessLevel = SecureDelegation_1.SecureDelegation.AccessLevelEnum;
|
|
27
|
+
class SecureDelegationsSecurityMetadataDecryptor {
|
|
28
|
+
constructor(exchangeData, exchangeDataMap, secureDelegationsEncryption, dataOwnerApi) {
|
|
29
|
+
this.exchangeData = exchangeData;
|
|
30
|
+
this.exchangeDataMap = exchangeDataMap;
|
|
31
|
+
this.secureDelegationsEncryption = secureDelegationsEncryption;
|
|
32
|
+
this.dataOwnerApi = dataOwnerApi;
|
|
33
|
+
}
|
|
34
|
+
decryptEncryptionKeysOf(typedEntity, dataOwnersHierarchySubset) {
|
|
35
|
+
return this.decryptSecureDelegations(typedEntity, dataOwnersHierarchySubset, (d) => { var _a; return (_a = d.encryptionKeys) !== null && _a !== void 0 ? _a : []; }, (e, k) => this.secureDelegationsEncryption.decryptEncryptionKey(e, k));
|
|
36
|
+
}
|
|
37
|
+
decryptOwningEntityIdsOf(typedEntity, dataOwnersHierarchySubset) {
|
|
38
|
+
return this.decryptSecureDelegations(typedEntity, dataOwnersHierarchySubset, (d) => { var _a; return (_a = d.owningEntityIds) !== null && _a !== void 0 ? _a : []; }, (e, k) => this.secureDelegationsEncryption.decryptOwningEntityId(e, k));
|
|
39
|
+
}
|
|
40
|
+
decryptSecretIdsOf(typedEntity, dataOwnersHierarchySubset) {
|
|
41
|
+
return this.decryptSecureDelegations(typedEntity, dataOwnersHierarchySubset, (d) => { var _a; return (_a = d.secretIds) !== null && _a !== void 0 ? _a : []; }, (e, k) => this.secureDelegationsEncryption.decryptSecretId(e, k));
|
|
42
|
+
}
|
|
43
|
+
getDataOwnersWithAccessTo(typedEntity) {
|
|
44
|
+
var _a, _b, _c, _d, _e, _f;
|
|
45
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
46
|
+
const accumulatedPermissions = {};
|
|
47
|
+
let hasUnknownAnonymousDataOwners = false;
|
|
48
|
+
function addPermission(delegateId, level) {
|
|
49
|
+
if (accumulatedPermissions[delegateId] !== AccessLevel.WRITE) {
|
|
50
|
+
accumulatedPermissions[delegateId] = level;
|
|
51
|
+
}
|
|
52
|
+
}
|
|
53
|
+
// 1. Add all explicit data owners, keep only delegations with at least an anonymous data owner to check later
|
|
54
|
+
let remainingDelegations = Object.entries((_b = (_a = typedEntity.entity.securityMetadata) === null || _a === void 0 ? void 0 : _a.secureDelegations) !== null && _b !== void 0 ? _b : {});
|
|
55
|
+
let updatedRemainingDelegations = [];
|
|
56
|
+
for (const delegationEntry of remainingDelegations) {
|
|
57
|
+
const delegation = delegationEntry[1];
|
|
58
|
+
if (delegation.delegator) {
|
|
59
|
+
addPermission(delegation.delegator, delegation.permissions);
|
|
60
|
+
}
|
|
61
|
+
if (delegation.delegate) {
|
|
62
|
+
addPermission(delegation.delegate, delegation.permissions);
|
|
63
|
+
}
|
|
64
|
+
if (!delegation.delegator || !delegation.delegate) {
|
|
65
|
+
updatedRemainingDelegations.push(delegationEntry);
|
|
66
|
+
}
|
|
67
|
+
}
|
|
68
|
+
remainingDelegations = updatedRemainingDelegations;
|
|
69
|
+
if (!remainingDelegations.length)
|
|
70
|
+
return { permissionsByDataOwnerId: accumulatedPermissions, hasUnknownAnonymousDataOwners };
|
|
71
|
+
updatedRemainingDelegations = [];
|
|
72
|
+
// 2. Attempt to identify the anonymous data owner of remaining delegations by checking if we have the exchange data cached by hash
|
|
73
|
+
// Note: we can find exchange data by hash only if we could successfully decrypt it
|
|
74
|
+
const cachedExchangeData = yield this.exchangeData.getCachedDecryptionDataKeyByAccessControlHash(remainingDelegations.map((d) => d[0]), typedEntity.type, (_c = typedEntity.entity.secretForeignKeys) !== null && _c !== void 0 ? _c : []);
|
|
75
|
+
for (const delegationEntry of remainingDelegations) {
|
|
76
|
+
const exchangeDataOfDelegation = cachedExchangeData[delegationEntry[0]];
|
|
77
|
+
if (exchangeDataOfDelegation) {
|
|
78
|
+
addPermission(exchangeDataOfDelegation.exchangeData.delegator, delegationEntry[1].permissions);
|
|
79
|
+
addPermission(exchangeDataOfDelegation.exchangeData.delegate, delegationEntry[1].permissions);
|
|
80
|
+
}
|
|
81
|
+
else {
|
|
82
|
+
updatedRemainingDelegations.push(delegationEntry);
|
|
83
|
+
}
|
|
84
|
+
}
|
|
85
|
+
remainingDelegations = updatedRemainingDelegations;
|
|
86
|
+
if (!remainingDelegations.length)
|
|
87
|
+
return { permissionsByDataOwnerId: accumulatedPermissions, hasUnknownAnonymousDataOwners };
|
|
88
|
+
// 3. Attempt to identify the anonymous data owner of remaining delegations between us (or one of our parents) and an anonymous data owner
|
|
89
|
+
const hierarchy = yield this.dataOwnerApi.getCurrentDataOwnerHierarchyIds();
|
|
90
|
+
const allHashes = [
|
|
91
|
+
...remainingDelegations.flatMap(([hash, _]) => hash),
|
|
92
|
+
...Object.keys((_e = (_d = typedEntity.entity.securityMetadata) === null || _d === void 0 ? void 0 : _d.keysEquivalences) !== null && _e !== void 0 ? _e : {}),
|
|
93
|
+
];
|
|
94
|
+
const encryptedExchangeDataIds = (yield this.exchangeDataMap.getExchangeDataMapBatch(allHashes)).reduce((maps, current) => {
|
|
95
|
+
return Object.assign(Object.assign({}, maps), { [current.id]: current });
|
|
96
|
+
}, {});
|
|
97
|
+
for (const [hash, delegation] of remainingDelegations) {
|
|
98
|
+
if (hierarchy.some((x) => x === delegation.delegate || x === delegation.delegator)) {
|
|
99
|
+
const dataId = !!encryptedExchangeDataIds[hash]
|
|
100
|
+
? yield this.secureDelegationsEncryption.decryptExchangeDataId(encryptedExchangeDataIds[hash].encryptedExchangeDataIds)
|
|
101
|
+
: undefined;
|
|
102
|
+
const exchangeDataInfo = dataId
|
|
103
|
+
? yield this.exchangeData.getDecryptionDataKeyById(dataId, typedEntity.type, (_f = typedEntity.entity.secretForeignKeys) !== null && _f !== void 0 ? _f : [], true)
|
|
104
|
+
: undefined;
|
|
105
|
+
if (exchangeDataInfo) {
|
|
106
|
+
addPermission(exchangeDataInfo.exchangeData.delegator, delegation.permissions);
|
|
107
|
+
addPermission(exchangeDataInfo.exchangeData.delegate, delegation.permissions);
|
|
108
|
+
}
|
|
109
|
+
else {
|
|
110
|
+
hasUnknownAnonymousDataOwners = true;
|
|
111
|
+
}
|
|
112
|
+
}
|
|
113
|
+
else {
|
|
114
|
+
hasUnknownAnonymousDataOwners = true;
|
|
115
|
+
}
|
|
116
|
+
}
|
|
117
|
+
return {
|
|
118
|
+
permissionsByDataOwnerId: accumulatedPermissions,
|
|
119
|
+
hasUnknownAnonymousDataOwners,
|
|
120
|
+
};
|
|
121
|
+
});
|
|
122
|
+
}
|
|
123
|
+
hasAnyEncryptionKeys(entity) {
|
|
124
|
+
var _a, _b;
|
|
125
|
+
return Object.values((_b = (_a = entity.securityMetadata) === null || _a === void 0 ? void 0 : _a.secureDelegations) !== null && _b !== void 0 ? _b : {}).some((d) => { var _a; return (_a = d.encryptionKeys) === null || _a === void 0 ? void 0 : _a.length; });
|
|
126
|
+
}
|
|
127
|
+
getEntityAccessLevel(typedEntity, dataOwnersHierarchySubset) {
|
|
128
|
+
var _a, _b, _c, _d, _e, _f, _g, _h;
|
|
129
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
130
|
+
if (!dataOwnersHierarchySubset.length)
|
|
131
|
+
throw new Error("`dataOwnersHierarchySubset` can't be empty");
|
|
132
|
+
// If the data owner is explicit all delegations he can access has his id. If the delegator is anonymous all delegations he can access are
|
|
133
|
+
// accessible by hash. No mixed scenario possible.
|
|
134
|
+
let accessibleDelegations = Object.values((_b = (_a = typedEntity.entity.securityMetadata) === null || _a === void 0 ? void 0 : _a.secureDelegations) !== null && _b !== void 0 ? _b : {}).filter((secureDelegation) => dataOwnersHierarchySubset.some((dataOwner) => dataOwner === secureDelegation.delegator || dataOwner === secureDelegation.delegate));
|
|
135
|
+
if (!accessibleDelegations.length) {
|
|
136
|
+
const equivalences = (_c = typedEntity.entity.securityMetadata) === null || _c === void 0 ? void 0 : _c.keysEquivalences;
|
|
137
|
+
const availableCanonicalHashes = Array.from(new Set(Object.keys(yield this.exchangeData.getCachedDecryptionDataKeyByAccessControlHash([
|
|
138
|
+
...Object.keys((_e = (_d = typedEntity.entity.securityMetadata) === null || _d === void 0 ? void 0 : _d.secureDelegations) !== null && _e !== void 0 ? _e : {}),
|
|
139
|
+
...Object.keys((_g = (_f = typedEntity.entity.securityMetadata) === null || _f === void 0 ? void 0 : _f.keysEquivalences) !== null && _g !== void 0 ? _g : {}),
|
|
140
|
+
], typedEntity.type, (_h = typedEntity.entity.secretForeignKeys) !== null && _h !== void 0 ? _h : [])).map((hash) => {
|
|
141
|
+
const canonicalEquivalence = equivalences ? equivalences[hash] : undefined;
|
|
142
|
+
return canonicalEquivalence ? canonicalEquivalence : hash;
|
|
143
|
+
})));
|
|
144
|
+
accessibleDelegations = availableCanonicalHashes.map((hash) => { var _a, _b; return ((_b = (_a = typedEntity.entity.securityMetadata) === null || _a === void 0 ? void 0 : _a.secureDelegations) !== null && _b !== void 0 ? _b : {})[hash]; });
|
|
145
|
+
}
|
|
146
|
+
const permissions = accessibleDelegations.map((secureDelegation) => secureDelegation.permissions);
|
|
147
|
+
let maxLevel = undefined;
|
|
148
|
+
for (const permission of permissions) {
|
|
149
|
+
if (permission === AccessLevel.WRITE) {
|
|
150
|
+
return AccessLevel.WRITE;
|
|
151
|
+
}
|
|
152
|
+
if (permission === AccessLevel.READ) {
|
|
153
|
+
maxLevel = AccessLevel.READ;
|
|
154
|
+
}
|
|
155
|
+
}
|
|
156
|
+
return maxLevel;
|
|
157
|
+
});
|
|
158
|
+
}
|
|
159
|
+
decryptSecureDelegations(typedEntity, dataOwnersHierarchySubset, getDataToDecrypt, decryptDataWithKey) {
|
|
160
|
+
if (!dataOwnersHierarchySubset.length)
|
|
161
|
+
throw new Error("`dataOwnersHierarchySubset` can't be empty");
|
|
162
|
+
const self = this;
|
|
163
|
+
function getFirstDecryptedExchangeDataIdForHash(hashes, encryptedExchangeDataIdsByDelegationKey) {
|
|
164
|
+
var _a;
|
|
165
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
166
|
+
for (const hash of new Set(hashes)) {
|
|
167
|
+
const decryptedExchangeDataId = !!encryptedExchangeDataIdsByDelegationKey[hash]
|
|
168
|
+
? yield self.secureDelegationsEncryption.decryptExchangeDataId((_a = encryptedExchangeDataIdsByDelegationKey[hash]) === null || _a === void 0 ? void 0 : _a.encryptedExchangeDataIds)
|
|
169
|
+
: undefined;
|
|
170
|
+
if (!!decryptedExchangeDataId)
|
|
171
|
+
return decryptedExchangeDataId;
|
|
172
|
+
}
|
|
173
|
+
});
|
|
174
|
+
}
|
|
175
|
+
function decrypt(delegation, exchangeDataDetails) {
|
|
176
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
177
|
+
if (!exchangeDataDetails.exchangeKey)
|
|
178
|
+
return [];
|
|
179
|
+
const dataToDecrypt = getDataToDecrypt(delegation);
|
|
180
|
+
if (!dataToDecrypt.length)
|
|
181
|
+
return [];
|
|
182
|
+
if (!dataOwnersHierarchySubset.some((x) => x === exchangeDataDetails.exchangeData.delegator || x === exchangeDataDetails.exchangeData.delegate))
|
|
183
|
+
return [];
|
|
184
|
+
const dataOwnersWithAccess = [exchangeDataDetails.exchangeData.delegator, exchangeDataDetails.exchangeData.delegate];
|
|
185
|
+
const res = [];
|
|
186
|
+
for (const curr of dataToDecrypt) {
|
|
187
|
+
res.push({ decrypted: yield decryptDataWithKey(curr, exchangeDataDetails.exchangeKey), dataOwnersWithAccess });
|
|
188
|
+
}
|
|
189
|
+
return res;
|
|
190
|
+
});
|
|
191
|
+
}
|
|
192
|
+
function generator() {
|
|
193
|
+
var _a, _b, _c, _d, _e, _f, _g, _h, _j, _k, _l, _m;
|
|
194
|
+
return __asyncGenerator(this, arguments, function* generator_1() {
|
|
195
|
+
let remainingDelegations = Object.entries((_b = (_a = typedEntity.entity.securityMetadata) === null || _a === void 0 ? void 0 : _a.secureDelegations) !== null && _b !== void 0 ? _b : {}).map(([canonicalHash, delegation]) => {
|
|
196
|
+
var _a, _b;
|
|
197
|
+
return ({
|
|
198
|
+
delegation,
|
|
199
|
+
hashes: [
|
|
200
|
+
canonicalHash,
|
|
201
|
+
...Object.entries((_b = (_a = typedEntity.entity.securityMetadata) === null || _a === void 0 ? void 0 : _a.keysEquivalences) !== null && _b !== void 0 ? _b : {})
|
|
202
|
+
.filter((x) => x[1] == canonicalHash)
|
|
203
|
+
.map((x) => x[0]),
|
|
204
|
+
],
|
|
205
|
+
});
|
|
206
|
+
});
|
|
207
|
+
/*
|
|
208
|
+
* Generate from least expensive to most (in terms of time to decrypt). 1 and 2a have equivalent costs.
|
|
209
|
+
* 1) Secure delegations with cached exchange data by hash
|
|
210
|
+
* 2) Secure delegations with cached exchange data by id for explicit->explicit delegations where delegator and/or delegate is me or parent
|
|
211
|
+
* 3) Non cached secure delegations for explicit->explicit delegations where delegator and/or delegate is me or parent (half of old 3)
|
|
212
|
+
* 4) Decrypt secure delegation id for explicit->anonymous or anonymous->explicit where explicit is me or parent (2b and half of old3)
|
|
213
|
+
*/
|
|
214
|
+
// Step 1) Secure delegations with cached exchange data by hash
|
|
215
|
+
if (!remainingDelegations.length)
|
|
216
|
+
return yield __await(void 0);
|
|
217
|
+
const cachedDataByHash = yield __await(self.exchangeData.getCachedDecryptionDataKeyByAccessControlHash([
|
|
218
|
+
...Object.keys((_d = (_c = typedEntity.entity.securityMetadata) === null || _c === void 0 ? void 0 : _c.secureDelegations) !== null && _d !== void 0 ? _d : {}),
|
|
219
|
+
...Object.keys((_f = (_e = typedEntity.entity.securityMetadata) === null || _e === void 0 ? void 0 : _e.keysEquivalences) !== null && _f !== void 0 ? _f : {}),
|
|
220
|
+
], typedEntity.type, (_g = typedEntity.entity.secretForeignKeys) !== null && _g !== void 0 ? _g : []));
|
|
221
|
+
let updatedRemainingDelegations = [];
|
|
222
|
+
for (const decryptionDetails of remainingDelegations) {
|
|
223
|
+
const exchangeDataDetails = decryptionDetails.hashes.map((h) => cachedDataByHash === null || cachedDataByHash === void 0 ? void 0 : cachedDataByHash[h]).find((x) => !!x);
|
|
224
|
+
if (exchangeDataDetails) {
|
|
225
|
+
for (const decrypted of yield __await(decrypt(decryptionDetails.delegation, exchangeDataDetails)))
|
|
226
|
+
yield yield __await(decrypted);
|
|
227
|
+
}
|
|
228
|
+
else if ((!!decryptionDetails.delegation.delegate || !!decryptionDetails.delegation.delegator) &&
|
|
229
|
+
dataOwnersHierarchySubset.some((x) => x === decryptionDetails.delegation.delegate || x === decryptionDetails.delegation.delegator)) {
|
|
230
|
+
updatedRemainingDelegations.push(decryptionDetails);
|
|
231
|
+
}
|
|
232
|
+
}
|
|
233
|
+
remainingDelegations = updatedRemainingDelegations;
|
|
234
|
+
updatedRemainingDelegations = [];
|
|
235
|
+
// Step 2) Secure delegations with cached exchange data by id for explicit->explicit delegations where delegator and/or delegate is me or parent
|
|
236
|
+
if (!remainingDelegations.length)
|
|
237
|
+
return yield __await(void 0);
|
|
238
|
+
for (const decryptionDetails of remainingDelegations) {
|
|
239
|
+
const exchangeDataDetails = decryptionDetails.delegation.exchangeDataId
|
|
240
|
+
? yield __await(self.exchangeData.getDecryptionDataKeyById(decryptionDetails.delegation.exchangeDataId, typedEntity.type, (_h = typedEntity.entity.secretForeignKeys) !== null && _h !== void 0 ? _h : [], false))
|
|
241
|
+
: undefined;
|
|
242
|
+
if (!!exchangeDataDetails) {
|
|
243
|
+
for (const decrypted of yield __await(decrypt(decryptionDetails.delegation, exchangeDataDetails)))
|
|
244
|
+
yield yield __await(decrypted);
|
|
245
|
+
}
|
|
246
|
+
else {
|
|
247
|
+
updatedRemainingDelegations.push(decryptionDetails);
|
|
248
|
+
}
|
|
249
|
+
}
|
|
250
|
+
remainingDelegations = updatedRemainingDelegations;
|
|
251
|
+
updatedRemainingDelegations = [];
|
|
252
|
+
// Step 3) Non cached secure delegations for explicit->explicit delegations where delegator and/or delegate is me or parent
|
|
253
|
+
if (!remainingDelegations.length)
|
|
254
|
+
return yield __await(void 0);
|
|
255
|
+
for (const decryptionDetails of remainingDelegations) {
|
|
256
|
+
const exchangeDataDetails = decryptionDetails.delegation.exchangeDataId
|
|
257
|
+
? yield __await(self.exchangeData.getDecryptionDataKeyById(decryptionDetails.delegation.exchangeDataId, typedEntity.type, (_j = typedEntity.entity.secretForeignKeys) !== null && _j !== void 0 ? _j : [], true))
|
|
258
|
+
: undefined;
|
|
259
|
+
if (!!exchangeDataDetails) {
|
|
260
|
+
for (const decrypted of yield __await(decrypt(decryptionDetails.delegation, exchangeDataDetails)))
|
|
261
|
+
yield yield __await(decrypted);
|
|
262
|
+
}
|
|
263
|
+
else {
|
|
264
|
+
updatedRemainingDelegations.push(decryptionDetails);
|
|
265
|
+
}
|
|
266
|
+
}
|
|
267
|
+
remainingDelegations = updatedRemainingDelegations;
|
|
268
|
+
// Step 4) Decrypt secure delegation id for explicit->anonymous or anonymous->explicit where explicit is me or parent
|
|
269
|
+
if (!remainingDelegations.length)
|
|
270
|
+
return yield __await(void 0);
|
|
271
|
+
const allHashes = [
|
|
272
|
+
...remainingDelegations.flatMap((x) => x.hashes),
|
|
273
|
+
...Object.keys((_l = (_k = typedEntity.entity.securityMetadata) === null || _k === void 0 ? void 0 : _k.keysEquivalences) !== null && _l !== void 0 ? _l : {}),
|
|
274
|
+
];
|
|
275
|
+
const encryptedExchangeDataIdsByDelegationKey = (yield __await(self.exchangeDataMap.getExchangeDataMapBatch(allHashes))).reduce((maps, current) => {
|
|
276
|
+
return Object.assign(Object.assign({}, maps), { [current.id]: current });
|
|
277
|
+
}, {});
|
|
278
|
+
for (const decryptionDetails of remainingDelegations) {
|
|
279
|
+
const decryptedExchangeDataId = yield __await(getFirstDecryptedExchangeDataIdForHash(decryptionDetails.hashes, encryptedExchangeDataIdsByDelegationKey));
|
|
280
|
+
if (decryptedExchangeDataId) {
|
|
281
|
+
const exchangeDataDetails = yield __await(self.exchangeData.getDecryptionDataKeyById(decryptedExchangeDataId, typedEntity.type, (_m = typedEntity.entity.secretForeignKeys) !== null && _m !== void 0 ? _m : [], true));
|
|
282
|
+
if (exchangeDataDetails) {
|
|
283
|
+
for (const decrypted of yield __await(decrypt(decryptionDetails.delegation, exchangeDataDetails)))
|
|
284
|
+
yield yield __await(decrypted);
|
|
285
|
+
}
|
|
286
|
+
}
|
|
287
|
+
}
|
|
288
|
+
});
|
|
289
|
+
}
|
|
290
|
+
return generator();
|
|
291
|
+
}
|
|
292
|
+
}
|
|
293
|
+
exports.SecureDelegationsSecurityMetadataDecryptor = SecureDelegationsSecurityMetadataDecryptor;
|
|
294
|
+
//# sourceMappingURL=SecureDelegationsSecurityMetadataDecryptor.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"SecureDelegationsSecurityMetadataDecryptor.js","sourceRoot":"","sources":["../../../icc-x-api/crypto/SecureDelegationsSecurityMetadataDecryptor.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;AACA,2EAAuE;AAKvE,IAAO,WAAW,GAAG,mCAAgB,CAAC,eAAe,CAAA;AAWrD,MAAa,0CAA0C;IACrD,YACmB,YAAiC,EACjC,eAAuC,EACvC,2BAAwD,EACxD,YAA8B;QAH9B,iBAAY,GAAZ,YAAY,CAAqB;QACjC,oBAAe,GAAf,eAAe,CAAwB;QACvC,gCAA2B,GAA3B,2BAA2B,CAA6B;QACxD,iBAAY,GAAZ,YAAY,CAAkB;IAC9C,CAAC;IAEJ,uBAAuB,CACrB,WAAoC,EACpC,yBAAmC;QAEnC,OAAO,IAAI,CAAC,wBAAwB,CAClC,WAAW,EACX,yBAAyB,EACzB,CAAC,CAAC,EAAE,EAAE,WAAC,OAAA,MAAA,CAAC,CAAC,cAAc,mCAAI,EAAE,CAAA,EAAA,EAC7B,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,2BAA2B,CAAC,oBAAoB,CAAC,CAAC,EAAE,CAAC,CAAC,CACtE,CAAA;IACH,CAAC;IAED,wBAAwB,CACtB,WAAoC,EACpC,yBAAmC;QAEnC,OAAO,IAAI,CAAC,wBAAwB,CAClC,WAAW,EACX,yBAAyB,EACzB,CAAC,CAAC,EAAE,EAAE,WAAC,OAAA,MAAA,CAAC,CAAC,eAAe,mCAAI,EAAE,CAAA,EAAA,EAC9B,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,2BAA2B,CAAC,qBAAqB,CAAC,CAAC,EAAE,CAAC,CAAC,CACvE,CAAA;IACH,CAAC;IAED,kBAAkB,CAChB,WAAoC,EACpC,yBAAmC;QAEnC,OAAO,IAAI,CAAC,wBAAwB,CAClC,WAAW,EACX,yBAAyB,EACzB,CAAC,CAAC,EAAE,EAAE,WAAC,OAAA,MAAA,CAAC,CAAC,SAAS,mCAAI,EAAE,CAAA,EAAA,EACxB,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,2BAA2B,CAAC,eAAe,CAAC,CAAC,EAAE,CAAC,CAAC,CACjE,CAAA;IACH,CAAC;IAEK,yBAAyB,CAAC,WAAoC;;;YAIlE,MAAM,sBAAsB,GAA+D,EAAE,CAAA;YAC7F,IAAI,6BAA6B,GAAG,KAAK,CAAA;YACzC,SAAS,aAAa,CAAC,UAAkB,EAAE,KAAuC;gBAChF,IAAI,sBAAsB,CAAC,UAAU,CAAC,KAAK,WAAW,CAAC,KAAK,EAAE;oBAC5D,sBAAsB,CAAC,UAAU,CAAC,GAAG,KAAK,CAAA;iBAC3C;YACH,CAAC;YACD,8GAA8G;YAC9G,IAAI,oBAAoB,GAAG,MAAM,CAAC,OAAO,CAAC,MAAA,MAAA,WAAW,CAAC,MAAM,CAAC,gBAAgB,0CAAE,iBAAiB,mCAAI,EAAE,CAAC,CAAA;YACvG,IAAI,2BAA2B,GAAiC,EAAE,CAAA;YAClE,KAAK,MAAM,eAAe,IAAI,oBAAoB,EAAE;gBAClD,MAAM,UAAU,GAAG,eAAe,CAAC,CAAC,CAAC,CAAA;gBACrC,IAAI,UAAU,CAAC,SAAS,EAAE;oBACxB,aAAa,CAAC,UAAU,CAAC,SAAS,EAAE,UAAU,CAAC,WAAW,CAAC,CAAA;iBAC5D;gBACD,IAAI,UAAU,CAAC,QAAQ,EAAE;oBACvB,aAAa,CAAC,UAAU,CAAC,QAAQ,EAAE,UAAU,CAAC,WAAW,CAAC,CAAA;iBAC3D;gBACD,IAAI,CAAC,UAAU,CAAC,SAAS,IAAI,CAAC,UAAU,CAAC,QAAQ,EAAE;oBACjD,2BAA2B,CAAC,IAAI,CAAC,eAAe,CAAC,CAAA;iBAClD;aACF;YACD,oBAAoB,GAAG,2BAA2B,CAAA;YAClD,IAAI,CAAC,oBAAoB,CAAC,MAAM;gBAAE,OAAO,EAAE,wBAAwB,EAAE,sBAAsB,EAAE,6BAA6B,EAAE,CAAA;YAC5H,2BAA2B,GAAG,EAAE,CAAA;YAChC,mIAAmI;YACnI,mFAAmF;YACnF,MAAM,kBAAkB,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,6CAA6C,CAC9F,oBAAoB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EACrC,WAAW,CAAC,IAAI,EAChB,MAAA,WAAW,CAAC,MAAM,CAAC,iBAAiB,mCAAI,EAAE,CAC3C,CAAA;YACD,KAAK,MAAM,eAAe,IAAI,oBAAoB,EAAE;gBAClD,MAAM,wBAAwB,GAAG,kBAAkB,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,CAAA;gBACvE,IAAI,wBAAwB,EAAE;oBAC5B,aAAa,CAAC,wBAAwB,CAAC,YAAY,CAAC,SAAS,EAAE,eAAe,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,CAAA;oBAC9F,aAAa,CAAC,wBAAwB,CAAC,YAAY,CAAC,QAAQ,EAAE,eAAe,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,CAAA;iBAC9F;qBAAM;oBACL,2BAA2B,CAAC,IAAI,CAAC,eAAe,CAAC,CAAA;iBAClD;aACF;YACD,oBAAoB,GAAG,2BAA2B,CAAA;YAClD,IAAI,CAAC,oBAAoB,CAAC,MAAM;gBAAE,OAAO,EAAE,wBAAwB,EAAE,sBAAsB,EAAE,6BAA6B,EAAE,CAAA;YAC5H,0IAA0I;YAC1I,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,+BAA+B,EAAE,CAAA;YAC3E,MAAM,SAAS,GAAG;gBAChB,GAAG,oBAAoB,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC;gBACpD,GAAG,MAAM,CAAC,IAAI,CAAC,MAAA,MAAA,WAAW,CAAC,MAAM,CAAC,gBAAgB,0CAAE,gBAAgB,mCAAI,EAAE,CAAC;aAC5E,CAAA;YACD,MAAM,wBAAwB,GAAG,CAAC,MAAM,IAAI,CAAC,eAAe,CAAC,uBAAuB,CAAC,SAAS,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,OAAO,EAAE,EAAE;gBACxH,uCACK,IAAI,KACP,CAAC,OAAO,CAAC,EAAE,CAAC,EAAE,OAAO,IACtB;YACH,CAAC,EAAE,EAAyC,CAAC,CAAA;YAC7C,KAAK,MAAM,CAAC,IAAI,EAAE,UAAU,CAAC,IAAI,oBAAoB,EAAE;gBACrD,IAAI,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,UAAU,CAAC,QAAQ,IAAI,CAAC,KAAK,UAAU,CAAC,SAAS,CAAC,EAAE;oBAClF,MAAM,MAAM,GAAG,CAAC,CAAC,wBAAwB,CAAC,IAAI,CAAC;wBAC7C,CAAC,CAAC,MAAM,IAAI,CAAC,2BAA2B,CAAC,qBAAqB,CAAC,wBAAwB,CAAC,IAAI,CAAC,CAAC,wBAAwB,CAAC;wBACvH,CAAC,CAAC,SAAS,CAAA;oBACb,MAAM,gBAAgB,GAAG,MAAM;wBAC7B,CAAC,CAAC,MAAM,IAAI,CAAC,YAAY,CAAC,wBAAwB,CAAC,MAAM,EAAE,WAAW,CAAC,IAAI,EAAE,MAAA,WAAW,CAAC,MAAM,CAAC,iBAAiB,mCAAI,EAAE,EAAE,IAAI,CAAC;wBAC9H,CAAC,CAAC,SAAS,CAAA;oBACb,IAAI,gBAAgB,EAAE;wBACpB,aAAa,CAAC,gBAAgB,CAAC,YAAY,CAAC,SAAS,EAAE,UAAU,CAAC,WAAW,CAAC,CAAA;wBAC9E,aAAa,CAAC,gBAAgB,CAAC,YAAY,CAAC,QAAQ,EAAE,UAAU,CAAC,WAAW,CAAC,CAAA;qBAC9E;yBAAM;wBACL,6BAA6B,GAAG,IAAI,CAAA;qBACrC;iBACF;qBAAM;oBACL,6BAA6B,GAAG,IAAI,CAAA;iBACrC;aACF;YACD,OAAO;gBACL,wBAAwB,EAAE,sBAAsB;gBAChD,6BAA6B;aAC9B,CAAA;;KACF;IAED,oBAAoB,CAAC,MAA6C;;QAChE,OAAO,MAAM,CAAC,MAAM,CAAC,MAAA,MAAA,MAAM,CAAC,gBAAgB,0CAAE,iBAAiB,mCAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,WAAC,OAAA,MAAA,CAAC,CAAC,cAAc,0CAAE,MAAM,CAAA,EAAA,CAAC,CAAA;IAC9G,CAAC;IAEK,oBAAoB,CAAC,WAAoC,EAAE,yBAAmC;;;YAClG,IAAI,CAAC,yBAAyB,CAAC,MAAM;gBAAE,MAAM,IAAI,KAAK,CAAC,4CAA4C,CAAC,CAAA;YACpG,0IAA0I;YAC1I,kDAAkD;YAClD,IAAI,qBAAqB,GAAuB,MAAM,CAAC,MAAM,CAAC,MAAA,MAAA,WAAW,CAAC,MAAM,CAAC,gBAAgB,0CAAE,iBAAiB,mCAAI,EAAE,CAAC,CAAC,MAAM,CAChI,CAAC,gBAAgB,EAAE,EAAE,CACnB,yBAAyB,CAAC,IAAI,CAAC,CAAC,SAAS,EAAE,EAAE,CAAC,SAAS,KAAK,gBAAgB,CAAC,SAAS,IAAI,SAAS,KAAK,gBAAgB,CAAC,QAAQ,CAAC,CACrI,CAAA;YACD,IAAI,CAAC,qBAAqB,CAAC,MAAM,EAAE;gBACjC,MAAM,YAAY,GAAG,MAAA,WAAW,CAAC,MAAM,CAAC,gBAAgB,0CAAE,gBAAgB,CAAA;gBAC1E,MAAM,wBAAwB,GAAG,KAAK,CAAC,IAAI,CACzC,IAAI,GAAG,CACL,MAAM,CAAC,IAAI,CACT,MAAM,IAAI,CAAC,YAAY,CAAC,6CAA6C,CACnE;oBACE,GAAG,MAAM,CAAC,IAAI,CAAC,MAAA,MAAA,WAAW,CAAC,MAAM,CAAC,gBAAgB,0CAAE,iBAAiB,mCAAI,EAAE,CAAC;oBAC5E,GAAG,MAAM,CAAC,IAAI,CAAC,MAAA,MAAA,WAAW,CAAC,MAAM,CAAC,gBAAgB,0CAAE,gBAAgB,mCAAI,EAAE,CAAC;iBAC5E,EACD,WAAW,CAAC,IAAI,EAChB,MAAA,WAAW,CAAC,MAAM,CAAC,iBAAiB,mCAAI,EAAE,CAC3C,CACF,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE;oBACb,MAAM,oBAAoB,GAAG,YAAY,CAAC,CAAC,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS,CAAA;oBAC1E,OAAO,oBAAoB,CAAC,CAAC,CAAC,oBAAoB,CAAC,CAAC,CAAC,IAAI,CAAA;gBAC3D,CAAC,CAAC,CACH,CACF,CAAA;gBACD,qBAAqB,GAAG,wBAAwB,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,eAAC,OAAA,CAAC,MAAA,MAAA,WAAW,CAAC,MAAM,CAAC,gBAAgB,0CAAE,iBAAiB,mCAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAA,EAAA,CAAC,CAAA;aACrI;YAED,MAAM,WAAW,GAAG,qBAAqB,CAAC,GAAG,CAAC,CAAC,gBAAgB,EAAE,EAAE,CAAC,gBAAgB,CAAC,WAAW,CAAC,CAAA;YACjG,IAAI,QAAQ,GAA4B,SAAS,CAAA;YACjD,KAAK,MAAM,UAAU,IAAI,WAAW,EAAE;gBACpC,IAAI,UAAU,KAAK,WAAW,CAAC,KAAK,EAAE;oBACpC,OAAO,WAAW,CAAC,KAAK,CAAA;iBACzB;gBACD,IAAI,UAAU,KAAK,WAAW,CAAC,IAAI,EAAE;oBACnC,QAAQ,GAAG,WAAW,CAAC,IAAI,CAAA;iBAC5B;aACF;YACD,OAAO,QAAQ,CAAA;;KAChB;IAEO,wBAAwB,CAC9B,WAAoC,EACpC,yBAAmC,EACnC,gBAA4D,EAC5D,kBAA8E;QAE9E,IAAI,CAAC,yBAAyB,CAAC,MAAM;YAAE,MAAM,IAAI,KAAK,CAAC,4CAA4C,CAAC,CAAA;QACpG,MAAM,IAAI,GAAG,IAAI,CAAA;QAEjB,SAAe,sCAAsC,CACnD,MAAgB,EAChB,uCAA4E;;;gBAE5E,KAAK,MAAM,IAAI,IAAI,IAAI,GAAG,CAAC,MAAM,CAAC,EAAE;oBAClC,MAAM,uBAAuB,GAAG,CAAC,CAAC,uCAAuC,CAAC,IAAI,CAAC;wBAC7E,CAAC,CAAC,MAAM,IAAI,CAAC,2BAA2B,CAAC,qBAAqB,CAAC,MAAA,uCAAuC,CAAC,IAAI,CAAC,0CAAE,wBAAwB,CAAC;wBACvI,CAAC,CAAC,SAAS,CAAA;oBACb,IAAI,CAAC,CAAC,uBAAuB;wBAAE,OAAO,uBAAuB,CAAA;iBAC9D;;SACF;QAED,SAAe,OAAO,CACpB,UAA4B,EAC5B,mBAAuF;;gBAEvF,IAAI,CAAC,mBAAmB,CAAC,WAAW;oBAAE,OAAO,EAAE,CAAA;gBAC/C,MAAM,aAAa,GAAG,gBAAgB,CAAC,UAAU,CAAC,CAAA;gBAClD,IAAI,CAAC,aAAa,CAAC,MAAM;oBAAE,OAAO,EAAE,CAAA;gBACpC,IAAI,CAAC,yBAAyB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,mBAAmB,CAAC,YAAY,CAAC,SAAS,IAAI,CAAC,KAAK,mBAAmB,CAAC,YAAY,CAAC,QAAQ,CAAC;oBAC7I,OAAO,EAAE,CAAA;gBACX,MAAM,oBAAoB,GAAG,CAAC,mBAAmB,CAAC,YAAY,CAAC,SAAS,EAAE,mBAAmB,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAA;gBACpH,MAAM,GAAG,GAAG,EAAE,CAAA;gBACd,KAAK,MAAM,IAAI,IAAI,aAAa,EAAE;oBAChC,GAAG,CAAC,IAAI,CAAC,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAC,IAAI,EAAE,mBAAmB,CAAC,WAAW,CAAC,EAAE,oBAAoB,EAAE,CAAC,CAAA;iBAC/G;gBACD,OAAO,GAAG,CAAA;YACZ,CAAC;SAAA;QAED,SAAgB,SAAS;;;gBACvB,IAAI,oBAAoB,GAAkC,MAAM,CAAC,OAAO,CAAC,MAAA,MAAA,WAAW,CAAC,MAAM,CAAC,gBAAgB,0CAAE,iBAAiB,mCAAI,EAAE,CAAC,CAAC,GAAG,CACxI,CAAC,CAAC,aAAa,EAAE,UAAU,CAAC,EAAE,EAAE;;oBAAC,OAAA,CAAC;wBAChC,UAAU;wBACV,MAAM,EAAE;4BACN,aAAa;4BACb,GAAG,MAAM,CAAC,OAAO,CAAC,MAAA,MAAA,WAAW,CAAC,MAAM,CAAC,gBAAgB,0CAAE,gBAAgB,mCAAI,EAAE,CAAC;iCAC3E,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,aAAa,CAAC;iCACpC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;yBACpB;qBACF,CAAC,CAAA;iBAAA,CACH,CAAA;gBAED;;;;;;mBAMG;gBAEH,+DAA+D;gBAC/D,IAAI,CAAC,oBAAoB,CAAC,MAAM;oBAAE,6BAAM;gBACxC,MAAM,gBAAgB,GAAG,cAAM,IAAI,CAAC,YAAY,CAAC,6CAA6C,CAC5F;oBACE,GAAG,MAAM,CAAC,IAAI,CAAC,MAAA,MAAA,WAAW,CAAC,MAAM,CAAC,gBAAgB,0CAAE,iBAAiB,mCAAI,EAAE,CAAC;oBAC5E,GAAG,MAAM,CAAC,IAAI,CAAC,MAAA,MAAA,WAAW,CAAC,MAAM,CAAC,gBAAgB,0CAAE,gBAAgB,mCAAI,EAAE,CAAC;iBAC5E,EACD,WAAW,CAAC,IAAI,EAChB,MAAA,WAAW,CAAC,MAAM,CAAC,iBAAiB,mCAAI,EAAE,CAC3C,CAAA,CAAA;gBACD,IAAI,2BAA2B,GAAkC,EAAE,CAAA;gBACnE,KAAK,MAAM,iBAAiB,IAAI,oBAAoB,EAAE;oBACpD,MAAM,mBAAmB,GAAG,iBAAiB,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,gBAAgB,aAAhB,gBAAgB,uBAAhB,gBAAgB,CAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAA;oBACvG,IAAI,mBAAmB,EAAE;wBACvB,KAAK,MAAM,SAAS,IAAI,cAAM,OAAO,CAAC,iBAAiB,CAAC,UAAU,EAAE,mBAAmB,CAAC,CAAA;4BAAE,oBAAM,SAAS,CAAA,CAAA;qBAC1G;yBAAM,IACL,CAAC,CAAC,CAAC,iBAAiB,CAAC,UAAU,CAAC,QAAQ,IAAI,CAAC,CAAC,iBAAiB,CAAC,UAAU,CAAC,SAAS,CAAC;wBACrF,yBAAyB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,iBAAiB,CAAC,UAAU,CAAC,QAAQ,IAAI,CAAC,KAAK,iBAAiB,CAAC,UAAU,CAAC,SAAS,CAAC,EAClI;wBACA,2BAA2B,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAA;qBACpD;iBACF;gBACD,oBAAoB,GAAG,2BAA2B,CAAA;gBAClD,2BAA2B,GAAG,EAAE,CAAA;gBAEhC,gJAAgJ;gBAChJ,IAAI,CAAC,oBAAoB,CAAC,MAAM;oBAAE,6BAAM;gBACxC,KAAK,MAAM,iBAAiB,IAAI,oBAAoB,EAAE;oBACpD,MAAM,mBAAmB,GAAG,iBAAiB,CAAC,UAAU,CAAC,cAAc;wBACrE,CAAC,CAAC,cAAM,IAAI,CAAC,YAAY,CAAC,wBAAwB,CAC9C,iBAAiB,CAAC,UAAU,CAAC,cAAc,EAC3C,WAAW,CAAC,IAAI,EAChB,MAAA,WAAW,CAAC,MAAM,CAAC,iBAAiB,mCAAI,EAAE,EAC1C,KAAK,CACN,CAAA;wBACH,CAAC,CAAC,SAAS,CAAA;oBACb,IAAI,CAAC,CAAC,mBAAmB,EAAE;wBACzB,KAAK,MAAM,SAAS,IAAI,cAAM,OAAO,CAAC,iBAAiB,CAAC,UAAU,EAAE,mBAAmB,CAAC,CAAA;4BAAE,oBAAM,SAAS,CAAA,CAAA;qBAC1G;yBAAM;wBACL,2BAA2B,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAA;qBACpD;iBACF;gBACD,oBAAoB,GAAG,2BAA2B,CAAA;gBAClD,2BAA2B,GAAG,EAAE,CAAA;gBAEhC,2HAA2H;gBAC3H,IAAI,CAAC,oBAAoB,CAAC,MAAM;oBAAE,6BAAM;gBACxC,KAAK,MAAM,iBAAiB,IAAI,oBAAoB,EAAE;oBACpD,MAAM,mBAAmB,GAAG,iBAAiB,CAAC,UAAU,CAAC,cAAc;wBACrE,CAAC,CAAC,cAAM,IAAI,CAAC,YAAY,CAAC,wBAAwB,CAC9C,iBAAiB,CAAC,UAAU,CAAC,cAAc,EAC3C,WAAW,CAAC,IAAI,EAChB,MAAA,WAAW,CAAC,MAAM,CAAC,iBAAiB,mCAAI,EAAE,EAC1C,IAAI,CACL,CAAA;wBACH,CAAC,CAAC,SAAS,CAAA;oBACb,IAAI,CAAC,CAAC,mBAAmB,EAAE;wBACzB,KAAK,MAAM,SAAS,IAAI,cAAM,OAAO,CAAC,iBAAiB,CAAC,UAAU,EAAE,mBAAmB,CAAC,CAAA;4BAAE,oBAAM,SAAS,CAAA,CAAA;qBAC1G;yBAAM;wBACL,2BAA2B,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAA;qBACpD;iBACF;gBACD,oBAAoB,GAAG,2BAA2B,CAAA;gBAElD,qHAAqH;gBACrH,IAAI,CAAC,oBAAoB,CAAC,MAAM;oBAAE,6BAAM;gBACxC,MAAM,SAAS,GAAG;oBAChB,GAAG,oBAAoB,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC;oBAChD,GAAG,MAAM,CAAC,IAAI,CAAC,MAAA,MAAA,WAAW,CAAC,MAAM,CAAC,gBAAgB,0CAAE,gBAAgB,mCAAI,EAAE,CAAC;iBAC5E,CAAA;gBACD,MAAM,uCAAuC,GAAG,CAAC,cAAM,IAAI,CAAC,eAAe,CAAC,uBAAuB,CAAC,SAAS,CAAC,CAAA,CAAC,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,OAAO,EAAE,EAAE;oBACvI,uCACK,IAAI,KACP,CAAC,OAAO,CAAC,EAAE,CAAC,EAAE,OAAO,IACtB;gBACH,CAAC,EAAE,EAAyC,CAAC,CAAA;gBAC7C,KAAK,MAAM,iBAAiB,IAAI,oBAAoB,EAAE;oBACpD,MAAM,uBAAuB,GAAG,cAAM,sCAAsC,CAC1E,iBAAiB,CAAC,MAAM,EACxB,uCAAuC,CACxC,CAAA,CAAA;oBACD,IAAI,uBAAuB,EAAE;wBAC3B,MAAM,mBAAmB,GAAG,cAAM,IAAI,CAAC,YAAY,CAAC,wBAAwB,CAC1E,uBAAuB,EACvB,WAAW,CAAC,IAAI,EAChB,MAAA,WAAW,CAAC,MAAM,CAAC,iBAAiB,mCAAI,EAAE,EAC1C,IAAI,CACL,CAAA,CAAA;wBACD,IAAI,mBAAmB,EAAE;4BACvB,KAAK,MAAM,SAAS,IAAI,cAAM,OAAO,CAAC,iBAAiB,CAAC,UAAU,EAAE,mBAAmB,CAAC,CAAA;gCAAE,oBAAM,SAAS,CAAA,CAAA;yBAC1G;qBACF;iBACF;;SACF;QAED,OAAO,SAAS,EAAE,CAAA;IACpB,CAAC;CACF;AA1UD,gGA0UC","sourcesContent":["import { SecurityMetadataDecryptor } from './SecurityMetadataDecryptor'\nimport { SecureDelegation } from '../../icc-api/model/SecureDelegation'\nimport { ExchangeDataManager } from './ExchangeDataManager'\nimport { EncryptedEntityWithType } from '../utils/EntityWithDelegationTypeName'\nimport { ExchangeData } from '../../icc-api/model/ExchangeData'\nimport { SecureDelegationsEncryption } from './SecureDelegationsEncryption'\nimport AccessLevel = SecureDelegation.AccessLevelEnum\nimport { EncryptedEntity, EncryptedEntityStub } from '../../icc-api/model/models'\nimport { IccDataOwnerXApi } from '../icc-data-owner-x-api'\nimport { ExchangeDataMapManager } from './ExchangeDataMapManager'\nimport { ExchangeDataMap } from '../../icc-api/model/ExchangeDataMap'\n\ntype DelegationDecryptionDetails = {\n delegation: SecureDelegation\n hashes: string[]\n}\n\nexport class SecureDelegationsSecurityMetadataDecryptor implements SecurityMetadataDecryptor {\n constructor(\n private readonly exchangeData: ExchangeDataManager,\n private readonly exchangeDataMap: ExchangeDataMapManager,\n private readonly secureDelegationsEncryption: SecureDelegationsEncryption,\n private readonly dataOwnerApi: IccDataOwnerXApi\n ) {}\n\n decryptEncryptionKeysOf(\n typedEntity: EncryptedEntityWithType,\n dataOwnersHierarchySubset: string[]\n ): AsyncGenerator<{ decrypted: string; dataOwnersWithAccess: string[] }, void, never> {\n return this.decryptSecureDelegations(\n typedEntity,\n dataOwnersHierarchySubset,\n (d) => d.encryptionKeys ?? [],\n (e, k) => this.secureDelegationsEncryption.decryptEncryptionKey(e, k)\n )\n }\n\n decryptOwningEntityIdsOf(\n typedEntity: EncryptedEntityWithType,\n dataOwnersHierarchySubset: string[]\n ): AsyncGenerator<{ decrypted: string; dataOwnersWithAccess: string[] }, void, never> {\n return this.decryptSecureDelegations(\n typedEntity,\n dataOwnersHierarchySubset,\n (d) => d.owningEntityIds ?? [],\n (e, k) => this.secureDelegationsEncryption.decryptOwningEntityId(e, k)\n )\n }\n\n decryptSecretIdsOf(\n typedEntity: EncryptedEntityWithType,\n dataOwnersHierarchySubset: string[]\n ): AsyncGenerator<{ decrypted: string; dataOwnersWithAccess: string[] }, void, never> {\n return this.decryptSecureDelegations(\n typedEntity,\n dataOwnersHierarchySubset,\n (d) => d.secretIds ?? [],\n (e, k) => this.secureDelegationsEncryption.decryptSecretId(e, k)\n )\n }\n\n async getDataOwnersWithAccessTo(typedEntity: EncryptedEntityWithType): Promise<{\n permissionsByDataOwnerId: { [delegateId: string]: SecureDelegation.AccessLevelEnum }\n hasUnknownAnonymousDataOwners: boolean\n }> {\n const accumulatedPermissions: { [delegateId: string]: SecureDelegation.AccessLevelEnum } = {}\n let hasUnknownAnonymousDataOwners = false\n function addPermission(delegateId: string, level: SecureDelegation.AccessLevelEnum): void {\n if (accumulatedPermissions[delegateId] !== AccessLevel.WRITE) {\n accumulatedPermissions[delegateId] = level\n }\n }\n // 1. Add all explicit data owners, keep only delegations with at least an anonymous data owner to check later\n let remainingDelegations = Object.entries(typedEntity.entity.securityMetadata?.secureDelegations ?? {})\n let updatedRemainingDelegations: [string, SecureDelegation][] = []\n for (const delegationEntry of remainingDelegations) {\n const delegation = delegationEntry[1]\n if (delegation.delegator) {\n addPermission(delegation.delegator, delegation.permissions)\n }\n if (delegation.delegate) {\n addPermission(delegation.delegate, delegation.permissions)\n }\n if (!delegation.delegator || !delegation.delegate) {\n updatedRemainingDelegations.push(delegationEntry)\n }\n }\n remainingDelegations = updatedRemainingDelegations\n if (!remainingDelegations.length) return { permissionsByDataOwnerId: accumulatedPermissions, hasUnknownAnonymousDataOwners }\n updatedRemainingDelegations = []\n // 2. Attempt to identify the anonymous data owner of remaining delegations by checking if we have the exchange data cached by hash\n // Note: we can find exchange data by hash only if we could successfully decrypt it\n const cachedExchangeData = await this.exchangeData.getCachedDecryptionDataKeyByAccessControlHash(\n remainingDelegations.map((d) => d[0]),\n typedEntity.type,\n typedEntity.entity.secretForeignKeys ?? []\n )\n for (const delegationEntry of remainingDelegations) {\n const exchangeDataOfDelegation = cachedExchangeData[delegationEntry[0]]\n if (exchangeDataOfDelegation) {\n addPermission(exchangeDataOfDelegation.exchangeData.delegator, delegationEntry[1].permissions)\n addPermission(exchangeDataOfDelegation.exchangeData.delegate, delegationEntry[1].permissions)\n } else {\n updatedRemainingDelegations.push(delegationEntry)\n }\n }\n remainingDelegations = updatedRemainingDelegations\n if (!remainingDelegations.length) return { permissionsByDataOwnerId: accumulatedPermissions, hasUnknownAnonymousDataOwners }\n // 3. Attempt to identify the anonymous data owner of remaining delegations between us (or one of our parents) and an anonymous data owner\n const hierarchy = await this.dataOwnerApi.getCurrentDataOwnerHierarchyIds()\n const allHashes = [\n ...remainingDelegations.flatMap(([hash, _]) => hash),\n ...Object.keys(typedEntity.entity.securityMetadata?.keysEquivalences ?? {}),\n ]\n const encryptedExchangeDataIds = (await this.exchangeDataMap.getExchangeDataMapBatch(allHashes)).reduce((maps, current) => {\n return {\n ...maps,\n [current.id]: current,\n }\n }, {} as { [hash: string]: ExchangeDataMap })\n for (const [hash, delegation] of remainingDelegations) {\n if (hierarchy.some((x) => x === delegation.delegate || x === delegation.delegator)) {\n const dataId = !!encryptedExchangeDataIds[hash]\n ? await this.secureDelegationsEncryption.decryptExchangeDataId(encryptedExchangeDataIds[hash].encryptedExchangeDataIds)\n : undefined\n const exchangeDataInfo = dataId\n ? await this.exchangeData.getDecryptionDataKeyById(dataId, typedEntity.type, typedEntity.entity.secretForeignKeys ?? [], true)\n : undefined\n if (exchangeDataInfo) {\n addPermission(exchangeDataInfo.exchangeData.delegator, delegation.permissions)\n addPermission(exchangeDataInfo.exchangeData.delegate, delegation.permissions)\n } else {\n hasUnknownAnonymousDataOwners = true\n }\n } else {\n hasUnknownAnonymousDataOwners = true\n }\n }\n return {\n permissionsByDataOwnerId: accumulatedPermissions,\n hasUnknownAnonymousDataOwners,\n }\n }\n\n hasAnyEncryptionKeys(entity: EncryptedEntity | EncryptedEntityStub): boolean {\n return Object.values(entity.securityMetadata?.secureDelegations ?? {}).some((d) => d.encryptionKeys?.length)\n }\n\n async getEntityAccessLevel(typedEntity: EncryptedEntityWithType, dataOwnersHierarchySubset: string[]): Promise<AccessLevel | undefined> {\n if (!dataOwnersHierarchySubset.length) throw new Error(\"`dataOwnersHierarchySubset` can't be empty\")\n // If the data owner is explicit all delegations he can access has his id. If the delegator is anonymous all delegations he can access are\n // accessible by hash. No mixed scenario possible.\n let accessibleDelegations: SecureDelegation[] = Object.values(typedEntity.entity.securityMetadata?.secureDelegations ?? {}).filter(\n (secureDelegation) =>\n dataOwnersHierarchySubset.some((dataOwner) => dataOwner === secureDelegation.delegator || dataOwner === secureDelegation.delegate)\n )\n if (!accessibleDelegations.length) {\n const equivalences = typedEntity.entity.securityMetadata?.keysEquivalences\n const availableCanonicalHashes = Array.from(\n new Set(\n Object.keys(\n await this.exchangeData.getCachedDecryptionDataKeyByAccessControlHash(\n [\n ...Object.keys(typedEntity.entity.securityMetadata?.secureDelegations ?? {}),\n ...Object.keys(typedEntity.entity.securityMetadata?.keysEquivalences ?? {}),\n ],\n typedEntity.type,\n typedEntity.entity.secretForeignKeys ?? []\n )\n ).map((hash) => {\n const canonicalEquivalence = equivalences ? equivalences[hash] : undefined\n return canonicalEquivalence ? canonicalEquivalence : hash\n })\n )\n )\n accessibleDelegations = availableCanonicalHashes.map((hash) => (typedEntity.entity.securityMetadata?.secureDelegations ?? {})[hash])\n }\n\n const permissions = accessibleDelegations.map((secureDelegation) => secureDelegation.permissions)\n let maxLevel: AccessLevel | undefined = undefined\n for (const permission of permissions) {\n if (permission === AccessLevel.WRITE) {\n return AccessLevel.WRITE\n }\n if (permission === AccessLevel.READ) {\n maxLevel = AccessLevel.READ\n }\n }\n return maxLevel\n }\n\n private decryptSecureDelegations(\n typedEntity: EncryptedEntityWithType,\n dataOwnersHierarchySubset: string[],\n getDataToDecrypt: (delegation: SecureDelegation) => string[],\n decryptDataWithKey: (encryptedData: string, key: CryptoKey) => Promise<string>\n ): AsyncGenerator<{ decrypted: string; dataOwnersWithAccess: string[] }, void, never> {\n if (!dataOwnersHierarchySubset.length) throw new Error(\"`dataOwnersHierarchySubset` can't be empty\")\n const self = this\n\n async function getFirstDecryptedExchangeDataIdForHash(\n hashes: string[],\n encryptedExchangeDataIdsByDelegationKey: { [hash: string]: ExchangeDataMap }\n ): Promise<string | undefined> {\n for (const hash of new Set(hashes)) {\n const decryptedExchangeDataId = !!encryptedExchangeDataIdsByDelegationKey[hash]\n ? await self.secureDelegationsEncryption.decryptExchangeDataId(encryptedExchangeDataIdsByDelegationKey[hash]?.encryptedExchangeDataIds)\n : undefined\n if (!!decryptedExchangeDataId) return decryptedExchangeDataId\n }\n }\n\n async function decrypt(\n delegation: SecureDelegation,\n exchangeDataDetails: { exchangeData: ExchangeData; exchangeKey: CryptoKey | undefined }\n ): Promise<{ decrypted: string; dataOwnersWithAccess: string[] }[]> {\n if (!exchangeDataDetails.exchangeKey) return []\n const dataToDecrypt = getDataToDecrypt(delegation)\n if (!dataToDecrypt.length) return []\n if (!dataOwnersHierarchySubset.some((x) => x === exchangeDataDetails.exchangeData.delegator || x === exchangeDataDetails.exchangeData.delegate))\n return []\n const dataOwnersWithAccess = [exchangeDataDetails.exchangeData.delegator, exchangeDataDetails.exchangeData.delegate]\n const res = []\n for (const curr of dataToDecrypt) {\n res.push({ decrypted: await decryptDataWithKey(curr, exchangeDataDetails.exchangeKey), dataOwnersWithAccess })\n }\n return res\n }\n\n async function* generator(): AsyncGenerator<{ decrypted: string; dataOwnersWithAccess: string[] }, void, never> {\n let remainingDelegations: DelegationDecryptionDetails[] = Object.entries(typedEntity.entity.securityMetadata?.secureDelegations ?? {}).map(\n ([canonicalHash, delegation]) => ({\n delegation,\n hashes: [\n canonicalHash,\n ...Object.entries(typedEntity.entity.securityMetadata?.keysEquivalences ?? {})\n .filter((x) => x[1] == canonicalHash)\n .map((x) => x[0]),\n ],\n })\n )\n\n /*\n * Generate from least expensive to most (in terms of time to decrypt). 1 and 2a have equivalent costs.\n * 1) Secure delegations with cached exchange data by hash\n * 2) Secure delegations with cached exchange data by id for explicit->explicit delegations where delegator and/or delegate is me or parent\n * 3) Non cached secure delegations for explicit->explicit delegations where delegator and/or delegate is me or parent (half of old 3)\n * 4) Decrypt secure delegation id for explicit->anonymous or anonymous->explicit where explicit is me or parent (2b and half of old3)\n */\n\n // Step 1) Secure delegations with cached exchange data by hash\n if (!remainingDelegations.length) return\n const cachedDataByHash = await self.exchangeData.getCachedDecryptionDataKeyByAccessControlHash(\n [\n ...Object.keys(typedEntity.entity.securityMetadata?.secureDelegations ?? {}),\n ...Object.keys(typedEntity.entity.securityMetadata?.keysEquivalences ?? {}),\n ],\n typedEntity.type,\n typedEntity.entity.secretForeignKeys ?? []\n )\n let updatedRemainingDelegations: DelegationDecryptionDetails[] = []\n for (const decryptionDetails of remainingDelegations) {\n const exchangeDataDetails = decryptionDetails.hashes.map((h) => cachedDataByHash?.[h]).find((x) => !!x)\n if (exchangeDataDetails) {\n for (const decrypted of await decrypt(decryptionDetails.delegation, exchangeDataDetails)) yield decrypted\n } else if (\n (!!decryptionDetails.delegation.delegate || !!decryptionDetails.delegation.delegator) &&\n dataOwnersHierarchySubset.some((x) => x === decryptionDetails.delegation.delegate || x === decryptionDetails.delegation.delegator)\n ) {\n updatedRemainingDelegations.push(decryptionDetails)\n }\n }\n remainingDelegations = updatedRemainingDelegations\n updatedRemainingDelegations = []\n\n // Step 2) Secure delegations with cached exchange data by id for explicit->explicit delegations where delegator and/or delegate is me or parent\n if (!remainingDelegations.length) return\n for (const decryptionDetails of remainingDelegations) {\n const exchangeDataDetails = decryptionDetails.delegation.exchangeDataId\n ? await self.exchangeData.getDecryptionDataKeyById(\n decryptionDetails.delegation.exchangeDataId,\n typedEntity.type,\n typedEntity.entity.secretForeignKeys ?? [],\n false\n )\n : undefined\n if (!!exchangeDataDetails) {\n for (const decrypted of await decrypt(decryptionDetails.delegation, exchangeDataDetails)) yield decrypted\n } else {\n updatedRemainingDelegations.push(decryptionDetails)\n }\n }\n remainingDelegations = updatedRemainingDelegations\n updatedRemainingDelegations = []\n\n // Step 3) Non cached secure delegations for explicit->explicit delegations where delegator and/or delegate is me or parent\n if (!remainingDelegations.length) return\n for (const decryptionDetails of remainingDelegations) {\n const exchangeDataDetails = decryptionDetails.delegation.exchangeDataId\n ? await self.exchangeData.getDecryptionDataKeyById(\n decryptionDetails.delegation.exchangeDataId,\n typedEntity.type,\n typedEntity.entity.secretForeignKeys ?? [],\n true\n )\n : undefined\n if (!!exchangeDataDetails) {\n for (const decrypted of await decrypt(decryptionDetails.delegation, exchangeDataDetails)) yield decrypted\n } else {\n updatedRemainingDelegations.push(decryptionDetails)\n }\n }\n remainingDelegations = updatedRemainingDelegations\n\n // Step 4) Decrypt secure delegation id for explicit->anonymous or anonymous->explicit where explicit is me or parent\n if (!remainingDelegations.length) return\n const allHashes = [\n ...remainingDelegations.flatMap((x) => x.hashes),\n ...Object.keys(typedEntity.entity.securityMetadata?.keysEquivalences ?? {}),\n ]\n const encryptedExchangeDataIdsByDelegationKey = (await self.exchangeDataMap.getExchangeDataMapBatch(allHashes)).reduce((maps, current) => {\n return {\n ...maps,\n [current.id]: current,\n }\n }, {} as { [hash: string]: ExchangeDataMap })\n for (const decryptionDetails of remainingDelegations) {\n const decryptedExchangeDataId = await getFirstDecryptedExchangeDataIdForHash(\n decryptionDetails.hashes,\n encryptedExchangeDataIdsByDelegationKey\n )\n if (decryptedExchangeDataId) {\n const exchangeDataDetails = await self.exchangeData.getDecryptionDataKeyById(\n decryptedExchangeDataId,\n typedEntity.type,\n typedEntity.entity.secretForeignKeys ?? [],\n true\n )\n if (exchangeDataDetails) {\n for (const decrypted of await decrypt(decryptionDetails.delegation, exchangeDataDetails)) yield decrypted\n }\n }\n }\n }\n\n return generator()\n }\n}\n"]}
|
|
@@ -0,0 +1,114 @@
|
|
|
1
|
+
import { EncryptedEntity, EncryptedEntityStub } from '../../icc-api/model/models';
|
|
2
|
+
import { EncryptedEntityWithType } from '../utils/EntityWithDelegationTypeName';
|
|
3
|
+
import { SecureDelegation } from '../../icc-api/model/SecureDelegation';
|
|
4
|
+
import AccessLevel = SecureDelegation.AccessLevelEnum;
|
|
5
|
+
import AccessLevelEnum = SecureDelegation.AccessLevelEnum;
|
|
6
|
+
/**
|
|
7
|
+
* @internal this class is for internal use only and may be changed without notice.
|
|
8
|
+
* Logic for the decryption of the metadata used for access control, encryption, and other security features in an entity.
|
|
9
|
+
*/
|
|
10
|
+
export interface SecurityMetadataDecryptor {
|
|
11
|
+
/**
|
|
12
|
+
* Decrypt the encryption keys for an entity. Keys must be returned in raw hex format, removing dashes if they were generated from a UUID.
|
|
13
|
+
* @param typedEntity an encrypted entity or its stub.
|
|
14
|
+
* @param dataOwnersHierarchySubset only exchange data that is accessible to data owners in this array will be considered when decrypting. It should
|
|
15
|
+
* contain only data owners from the current data owner hierarchy.
|
|
16
|
+
* @throws if dataOwnersHierarchySubset is empty
|
|
17
|
+
* @return a generator for the decrypted exchange key which yields objects containing:
|
|
18
|
+
* - `decrypted`: a decrypted encryption key for {@link typedEntity}. Note that the same key may be yielded multiple times by the generator.
|
|
19
|
+
* - `dataOwnersWithAccess`: data owners which have access to the exchange data necessary for the decryption of the encrypted data from which this
|
|
20
|
+
* key was extracted. The generator may yield more elements with the same `decrypted` but different `dataOwnersWithAccess`
|
|
21
|
+
*/
|
|
22
|
+
decryptEncryptionKeysOf(typedEntity: EncryptedEntityWithType, dataOwnersHierarchySubset: string[]): AsyncGenerator<{
|
|
23
|
+
decrypted: string;
|
|
24
|
+
dataOwnersWithAccess: string[];
|
|
25
|
+
}, void, never>;
|
|
26
|
+
/**
|
|
27
|
+
* Decrypt the secret ids for an entity.
|
|
28
|
+
* @param typedEntity an encrypted entity or its stub.
|
|
29
|
+
* @param dataOwnersHierarchySubset only exchange data that is accessible to data owners in this array will be considered when decrypting. It should
|
|
30
|
+
* contain only data owners from the current data owner hierarchy.
|
|
31
|
+
* @throws if dataOwnersHierarchySubset is empty
|
|
32
|
+
* @return a generator for the decrypted secret ids which yields objects containing:
|
|
33
|
+
* - `decrypted`: a decrypted secret id of {@link entity}. Note that the same id may be yielded multiple times by the generator.
|
|
34
|
+
* - `dataOwnersWithAccess`: data owners which have access to the exchange data necessary for the decryption of the encrypted data from which this
|
|
35
|
+
* id was extracted. The generator may yield more elements with the same `decrypted` but different `dataOwnersWithAccess`
|
|
36
|
+
*/
|
|
37
|
+
decryptSecretIdsOf(typedEntity: EncryptedEntityWithType, dataOwnersHierarchySubset: string[]): AsyncGenerator<{
|
|
38
|
+
decrypted: string;
|
|
39
|
+
dataOwnersWithAccess: string[];
|
|
40
|
+
}, void, never>;
|
|
41
|
+
/**
|
|
42
|
+
* Decrypt the owning entity ids of an entity.
|
|
43
|
+
* @param typedEntity an encrypted entity or its stub.
|
|
44
|
+
* @param dataOwnersHierarchySubset only exchange data that is accessible to data owners in this array will be considered when decrypting. It should
|
|
45
|
+
* contain only data owners from the current data owner hierarchy.
|
|
46
|
+
* @throws if dataOwnersHierarchySubset is empty
|
|
47
|
+
* @return a generator for the decrypted owning entity ids which yields objects containing:
|
|
48
|
+
* - `decrypted`: a decrypted owning entity id of {@link entity}. Note that the same id may be yielded multiple times by the generator.
|
|
49
|
+
* - `dataOwnersWithAccess`: data owners which have access to the exchange data necessary for the decryption of the encrypted data from which this
|
|
50
|
+
* id was extracted. The generator may yield more elements with the same `decrypted` but different `dataOwnersWithAccess`
|
|
51
|
+
*/
|
|
52
|
+
decryptOwningEntityIdsOf(typedEntity: EncryptedEntityWithType, dataOwnersHierarchySubset: string[]): AsyncGenerator<{
|
|
53
|
+
decrypted: string;
|
|
54
|
+
dataOwnersWithAccess: string[];
|
|
55
|
+
}, void, never>;
|
|
56
|
+
/**
|
|
57
|
+
* Get the maximum access level that any data owner in {@link dataOwnersHierarchySubset} has to {@link typedEntity}, according to the metadata
|
|
58
|
+
* supported by this decryptor.
|
|
59
|
+
* - If at least a data owner in {@link dataOwnersHierarchySubset} has write access the method returns {@link AccessLevel.WRITE}.
|
|
60
|
+
* - If at least a data owner in {@link dataOwnersHierarchySubset} has read access and no data owner has write access the method returns
|
|
61
|
+
* {@link AccessLevel.READ}.
|
|
62
|
+
* - If a data owner has no access to the entity the method returns undefined (this can happen if the data owner has access to an entity through
|
|
63
|
+
* some metadata which is not supported by this decryptor).
|
|
64
|
+
* @param typedEntity an entity
|
|
65
|
+
* @param dataOwnersHierarchySubset only exchange data that is accessible to data owners in this array will be considered when calculating the
|
|
66
|
+
* access level. This array should contain only data owners from the current data owner hierarchy.
|
|
67
|
+
* @return the access level to the entity or undefined if none of the data owners has full access to the entity.
|
|
68
|
+
*/
|
|
69
|
+
getEntityAccessLevel(typedEntity: EncryptedEntityWithType, dataOwnersHierarchySubset: string[]): Promise<AccessLevel | undefined>;
|
|
70
|
+
/**
|
|
71
|
+
* Get the access level of each data owner with access to the entity according to the metadata supported by this decryptor.
|
|
72
|
+
* See {@link EncryptedEntityXApi.getDataOwnersWithAccessTo} for details on the expected behaviour.
|
|
73
|
+
*/
|
|
74
|
+
getDataOwnersWithAccessTo(typedEntity: EncryptedEntityWithType): Promise<{
|
|
75
|
+
permissionsByDataOwnerId: {
|
|
76
|
+
[dataOwnerId: string]: AccessLevelEnum;
|
|
77
|
+
};
|
|
78
|
+
hasUnknownAnonymousDataOwners: boolean;
|
|
79
|
+
}>;
|
|
80
|
+
/**
|
|
81
|
+
* Verifies if there is at least one (encrypted) encryption key in the metadata supported by this decryptor, even if it can't be decrypted by the
|
|
82
|
+
* current data owner.
|
|
83
|
+
*/
|
|
84
|
+
hasAnyEncryptionKeys(entity: EncryptedEntity | EncryptedEntityStub): boolean;
|
|
85
|
+
}
|
|
86
|
+
/**
|
|
87
|
+
* @internal this class is meant for internal use only and may be changed without notice.
|
|
88
|
+
* Security metadata decryptor which combines other existing decryptors.
|
|
89
|
+
*/
|
|
90
|
+
export declare class SecurityMetadataDecryptorChain implements SecurityMetadataDecryptor {
|
|
91
|
+
private readonly decryptors;
|
|
92
|
+
constructor(decryptors: SecurityMetadataDecryptor[]);
|
|
93
|
+
decryptEncryptionKeysOf(typedEntity: EncryptedEntityWithType, dataOwnersHierarchySubset: string[]): AsyncGenerator<{
|
|
94
|
+
decrypted: string;
|
|
95
|
+
dataOwnersWithAccess: string[];
|
|
96
|
+
}, void, never>;
|
|
97
|
+
decryptOwningEntityIdsOf(typedEntity: EncryptedEntityWithType, dataOwnersHierarchySubset: string[]): AsyncGenerator<{
|
|
98
|
+
decrypted: string;
|
|
99
|
+
dataOwnersWithAccess: string[];
|
|
100
|
+
}, void, never>;
|
|
101
|
+
decryptSecretIdsOf(typedEntity: EncryptedEntityWithType, dataOwnersHierarchySubset: string[]): AsyncGenerator<{
|
|
102
|
+
decrypted: string;
|
|
103
|
+
dataOwnersWithAccess: string[];
|
|
104
|
+
}, void, never>;
|
|
105
|
+
getEntityAccessLevel(typedEntity: EncryptedEntityWithType, dataOwnersHierarchySubset: string[]): Promise<SecureDelegation.AccessLevelEnum | undefined>;
|
|
106
|
+
hasAnyEncryptionKeys(entity: EncryptedEntity | EncryptedEntityStub): boolean;
|
|
107
|
+
getDataOwnersWithAccessTo(typedEntity: EncryptedEntityWithType): Promise<{
|
|
108
|
+
permissionsByDataOwnerId: {
|
|
109
|
+
[dataOwnerId: string]: AccessLevelEnum;
|
|
110
|
+
};
|
|
111
|
+
hasUnknownAnonymousDataOwners: boolean;
|
|
112
|
+
}>;
|
|
113
|
+
private concatenate;
|
|
114
|
+
}
|
|
@@ -0,0 +1,98 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
|
|
3
|
+
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
|
|
4
|
+
return new (P || (P = Promise))(function (resolve, reject) {
|
|
5
|
+
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
|
|
6
|
+
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
|
|
7
|
+
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
|
|
8
|
+
step((generator = generator.apply(thisArg, _arguments || [])).next());
|
|
9
|
+
});
|
|
10
|
+
};
|
|
11
|
+
var __await = (this && this.__await) || function (v) { return this instanceof __await ? (this.v = v, this) : new __await(v); }
|
|
12
|
+
var __asyncGenerator = (this && this.__asyncGenerator) || function (thisArg, _arguments, generator) {
|
|
13
|
+
if (!Symbol.asyncIterator) throw new TypeError("Symbol.asyncIterator is not defined.");
|
|
14
|
+
var g = generator.apply(thisArg, _arguments || []), i, q = [];
|
|
15
|
+
return i = {}, verb("next"), verb("throw"), verb("return"), i[Symbol.asyncIterator] = function () { return this; }, i;
|
|
16
|
+
function verb(n) { if (g[n]) i[n] = function (v) { return new Promise(function (a, b) { q.push([n, v, a, b]) > 1 || resume(n, v); }); }; }
|
|
17
|
+
function resume(n, v) { try { step(g[n](v)); } catch (e) { settle(q[0][3], e); } }
|
|
18
|
+
function step(r) { r.value instanceof __await ? Promise.resolve(r.value.v).then(fulfill, reject) : settle(q[0][2], r); }
|
|
19
|
+
function fulfill(value) { resume("next", value); }
|
|
20
|
+
function reject(value) { resume("throw", value); }
|
|
21
|
+
function settle(f, v) { if (f(v), q.shift(), q.length) resume(q[0][0], q[0][1]); }
|
|
22
|
+
};
|
|
23
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
24
|
+
exports.SecurityMetadataDecryptorChain = void 0;
|
|
25
|
+
const SecureDelegation_1 = require("../../icc-api/model/SecureDelegation");
|
|
26
|
+
var AccessLevel = SecureDelegation_1.SecureDelegation.AccessLevelEnum;
|
|
27
|
+
/**
|
|
28
|
+
* @internal this class is meant for internal use only and may be changed without notice.
|
|
29
|
+
* Security metadata decryptor which combines other existing decryptors.
|
|
30
|
+
*/
|
|
31
|
+
class SecurityMetadataDecryptorChain {
|
|
32
|
+
constructor(decryptors) {
|
|
33
|
+
this.decryptors = decryptors;
|
|
34
|
+
}
|
|
35
|
+
decryptEncryptionKeysOf(typedEntity, dataOwnersHierarchySubset) {
|
|
36
|
+
return this.concatenate((d) => d.decryptEncryptionKeysOf(typedEntity, dataOwnersHierarchySubset));
|
|
37
|
+
}
|
|
38
|
+
decryptOwningEntityIdsOf(typedEntity, dataOwnersHierarchySubset) {
|
|
39
|
+
return this.concatenate((d) => d.decryptOwningEntityIdsOf(typedEntity, dataOwnersHierarchySubset));
|
|
40
|
+
}
|
|
41
|
+
decryptSecretIdsOf(typedEntity, dataOwnersHierarchySubset) {
|
|
42
|
+
return this.concatenate((d) => d.decryptSecretIdsOf(typedEntity, dataOwnersHierarchySubset));
|
|
43
|
+
}
|
|
44
|
+
getEntityAccessLevel(typedEntity, dataOwnersHierarchySubset) {
|
|
45
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
46
|
+
let currMaxLevel = undefined;
|
|
47
|
+
for (const d of this.decryptors) {
|
|
48
|
+
const currLevel = yield d.getEntityAccessLevel(typedEntity, dataOwnersHierarchySubset);
|
|
49
|
+
if (currLevel === AccessLevel.WRITE) {
|
|
50
|
+
return currLevel;
|
|
51
|
+
}
|
|
52
|
+
if (currLevel === AccessLevel.READ) {
|
|
53
|
+
currMaxLevel = AccessLevel.READ;
|
|
54
|
+
}
|
|
55
|
+
}
|
|
56
|
+
return currMaxLevel;
|
|
57
|
+
});
|
|
58
|
+
}
|
|
59
|
+
hasAnyEncryptionKeys(entity) {
|
|
60
|
+
return this.decryptors.some((d) => d.hasAnyEncryptionKeys(entity));
|
|
61
|
+
}
|
|
62
|
+
getDataOwnersWithAccessTo(typedEntity) {
|
|
63
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
64
|
+
const accumulatedPermissions = {};
|
|
65
|
+
let hasUnknownAnonymousDataOwners = false;
|
|
66
|
+
for (const d of this.decryptors) {
|
|
67
|
+
const currAccess = yield d.getDataOwnersWithAccessTo(typedEntity);
|
|
68
|
+
hasUnknownAnonymousDataOwners = hasUnknownAnonymousDataOwners || currAccess.hasUnknownAnonymousDataOwners;
|
|
69
|
+
for (const [dataOwnerId, level] of Object.entries(currAccess.permissionsByDataOwnerId)) {
|
|
70
|
+
if (accumulatedPermissions[dataOwnerId] !== AccessLevel.WRITE) {
|
|
71
|
+
accumulatedPermissions[dataOwnerId] = level;
|
|
72
|
+
}
|
|
73
|
+
}
|
|
74
|
+
}
|
|
75
|
+
return {
|
|
76
|
+
permissionsByDataOwnerId: accumulatedPermissions,
|
|
77
|
+
hasUnknownAnonymousDataOwners,
|
|
78
|
+
};
|
|
79
|
+
});
|
|
80
|
+
}
|
|
81
|
+
concatenate(getGenerator) {
|
|
82
|
+
function generator(decryptors) {
|
|
83
|
+
return __asyncGenerator(this, arguments, function* generator_1() {
|
|
84
|
+
for (const d of decryptors) {
|
|
85
|
+
const currGenerator = getGenerator(d);
|
|
86
|
+
let next = yield __await(currGenerator.next());
|
|
87
|
+
while (!next.done) {
|
|
88
|
+
yield yield __await(next.value);
|
|
89
|
+
next = yield __await(currGenerator.next());
|
|
90
|
+
}
|
|
91
|
+
}
|
|
92
|
+
});
|
|
93
|
+
}
|
|
94
|
+
return generator(this.decryptors);
|
|
95
|
+
}
|
|
96
|
+
}
|
|
97
|
+
exports.SecurityMetadataDecryptorChain = SecurityMetadataDecryptorChain;
|
|
98
|
+
//# sourceMappingURL=SecurityMetadataDecryptor.js.map
|