@icure/api 7.1.16 → 8.0.0-RC.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/icc-api/api/IccAccesslogApi.d.ts +12 -1
- package/icc-api/api/IccAccesslogApi.js +142 -98
- package/icc-api/api/IccAccesslogApi.js.map +1 -1
- package/icc-api/api/IccBemikronoApi.d.ts +81 -0
- package/icc-api/api/IccBemikronoApi.js +163 -0
- package/icc-api/api/IccBemikronoApi.js.map +1 -0
- package/icc-api/api/IccCalendarItemApi.d.ts +21 -1
- package/icc-api/api/IccCalendarItemApi.js +183 -117
- package/icc-api/api/IccCalendarItemApi.js.map +1 -1
- package/icc-api/api/IccClassificationApi.d.ts +21 -1
- package/icc-api/api/IccClassificationApi.js +119 -63
- package/icc-api/api/IccClassificationApi.js.map +1 -1
- package/icc-api/api/IccContactApi.d.ts +21 -1
- package/icc-api/api/IccContactApi.js +385 -294
- package/icc-api/api/IccContactApi.js.map +1 -1
- package/icc-api/api/IccDocumentApi.d.ts +38 -25
- package/icc-api/api/IccDocumentApi.js +279 -212
- package/icc-api/api/IccDocumentApi.js.map +1 -1
- package/icc-api/api/IccExchangeDataApi.d.ts +19 -0
- package/icc-api/api/IccExchangeDataApi.js +85 -0
- package/icc-api/api/IccExchangeDataApi.js.map +1 -0
- package/icc-api/api/IccExchangeDataMapApi.d.ts +18 -0
- package/icc-api/api/IccExchangeDataMapApi.js +65 -0
- package/icc-api/api/IccExchangeDataMapApi.js.map +1 -0
- package/icc-api/api/IccFormApi.d.ts +21 -1
- package/icc-api/api/IccFormApi.js +321 -229
- package/icc-api/api/IccFormApi.js.map +1 -1
- package/icc-api/api/IccHelementApi.d.ts +21 -1
- package/icc-api/api/IccHelementApi.js +207 -137
- package/icc-api/api/IccHelementApi.js.map +1 -1
- package/icc-api/api/IccInvoiceApi.d.ts +21 -1
- package/icc-api/api/IccInvoiceApi.js +404 -298
- package/icc-api/api/IccInvoiceApi.js.map +1 -1
- package/icc-api/api/IccMaintenanceTaskApi.d.ts +12 -1
- package/icc-api/api/IccMaintenanceTaskApi.js +79 -43
- package/icc-api/api/IccMaintenanceTaskApi.js.map +1 -1
- package/icc-api/api/IccMessageApi.d.ts +28 -1
- package/icc-api/api/IccMessageApi.js +294 -191
- package/icc-api/api/IccMessageApi.js.map +1 -1
- package/icc-api/api/IccPatientApi.d.ts +12 -1
- package/icc-api/api/IccPatientApi.js +447 -351
- package/icc-api/api/IccPatientApi.js.map +1 -1
- package/icc-api/api/IccReceiptApi.d.ts +22 -8
- package/icc-api/api/IccReceiptApi.js +121 -64
- package/icc-api/api/IccReceiptApi.js.map +1 -1
- package/icc-api/api/IccRestApiPath.js +1 -1
- package/icc-api/api/IccRestApiPath.js.map +1 -1
- package/icc-api/api/IccSecureDelegationKeyMapApi.d.ts +26 -0
- package/icc-api/api/IccSecureDelegationKeyMapApi.js +71 -0
- package/icc-api/api/IccSecureDelegationKeyMapApi.js.map +1 -0
- package/icc-api/api/IccTimeTableApi.d.ts +12 -1
- package/icc-api/api/IccTimeTableApi.js +86 -48
- package/icc-api/api/IccTimeTableApi.js.map +1 -1
- package/icc-api/api/IccTopicApi.d.ts +90 -0
- package/icc-api/api/IccTopicApi.js +193 -0
- package/icc-api/api/IccTopicApi.js.map +1 -0
- package/icc-api/index.d.ts +2 -0
- package/icc-api/index.js +2 -0
- package/icc-api/index.js.map +1 -1
- package/icc-api/model/AbstractFilterMessage.d.ts +15 -0
- package/icc-api/model/AbstractFilterMessage.js +21 -0
- package/icc-api/model/AbstractFilterMessage.js.map +1 -0
- package/icc-api/model/AbstractFilterTopic.d.ts +15 -0
- package/icc-api/model/AbstractFilterTopic.js +21 -0
- package/icc-api/model/AbstractFilterTopic.js.map +1 -0
- package/icc-api/model/AccessLog.d.ts +2 -0
- package/icc-api/model/AccessLog.js.map +1 -1
- package/icc-api/model/Article.d.ts +2 -0
- package/icc-api/model/Article.js.map +1 -1
- package/icc-api/model/CalendarItem.d.ts +2 -0
- package/icc-api/model/CalendarItem.js.map +1 -1
- package/icc-api/model/Classification.d.ts +2 -0
- package/icc-api/model/Classification.js.map +1 -1
- package/icc-api/model/ClassificationTemplate.d.ts +2 -0
- package/icc-api/model/ClassificationTemplate.js.map +1 -1
- package/icc-api/model/Connection.d.ts +1 -1
- package/icc-api/model/Connection.js.map +1 -1
- package/icc-api/model/Contact.d.ts +2 -0
- package/icc-api/model/Contact.js.map +1 -1
- package/icc-api/model/Device.d.ts +4 -4
- package/icc-api/model/Device.js.map +1 -1
- package/icc-api/model/Document.d.ts +2 -0
- package/icc-api/model/Document.js.map +1 -1
- package/icc-api/model/ExchangeDataMapCreationBatch.d.ts +13 -0
- package/icc-api/model/ExchangeDataMapCreationBatch.js +10 -0
- package/icc-api/model/ExchangeDataMapCreationBatch.js.map +1 -0
- package/icc-api/model/FilterChainMessage.d.ts +19 -0
- package/icc-api/model/FilterChainMessage.js +11 -0
- package/icc-api/model/FilterChainMessage.js.map +1 -0
- package/icc-api/model/FilterChainTopic.d.ts +19 -0
- package/icc-api/model/FilterChainTopic.js +11 -0
- package/icc-api/model/FilterChainTopic.js.map +1 -0
- package/icc-api/model/Form.d.ts +2 -0
- package/icc-api/model/Form.js.map +1 -1
- package/icc-api/model/HealthElement.d.ts +2 -0
- package/icc-api/model/HealthElement.js.map +1 -1
- package/icc-api/model/HealthcareParty.d.ts +2 -2
- package/icc-api/model/HealthcareParty.js +13 -1
- package/icc-api/model/HealthcareParty.js.map +1 -1
- package/icc-api/model/IcureStub.d.ts +2 -0
- package/icc-api/model/IcureStub.js.map +1 -1
- package/icc-api/model/Invoice.d.ts +2 -0
- package/icc-api/model/Invoice.js.map +1 -1
- package/icc-api/model/MaintenanceTask.d.ts +13 -10
- package/icc-api/model/MaintenanceTask.js +13 -11
- package/icc-api/model/MaintenanceTask.js.map +1 -1
- package/icc-api/model/Message.d.ts +2 -0
- package/icc-api/model/Message.js.map +1 -1
- package/icc-api/model/PaginatedListExchangeData.d.ts +9 -0
- package/icc-api/model/PaginatedListExchangeData.js +10 -0
- package/icc-api/model/PaginatedListExchangeData.js.map +1 -0
- package/icc-api/model/PaginatedListTopic.d.ts +20 -0
- package/icc-api/model/PaginatedListTopic.js +10 -0
- package/icc-api/model/PaginatedListTopic.js.map +1 -0
- package/icc-api/model/Patient.d.ts +4 -2
- package/icc-api/model/Patient.js.map +1 -1
- package/icc-api/model/PatientByHcPartyGenderEducationProfession.d.ts +31 -0
- package/icc-api/model/PatientByHcPartyGenderEducationProfession.js +32 -0
- package/icc-api/model/PatientByHcPartyGenderEducationProfession.js.map +1 -0
- package/icc-api/model/Receipt.d.ts +2 -0
- package/icc-api/model/Receipt.js.map +1 -1
- package/icc-api/model/SecureDelegation.d.ts +52 -0
- package/icc-api/model/SecureDelegation.js +16 -0
- package/icc-api/model/SecureDelegation.js.map +1 -0
- package/icc-api/model/SecurityMetadata.d.ts +33 -0
- package/icc-api/model/SecurityMetadata.js +13 -0
- package/icc-api/model/SecurityMetadata.js.map +1 -0
- package/icc-api/model/Service.d.ts +2 -0
- package/icc-api/model/Service.js.map +1 -1
- package/icc-api/model/TimeTable.d.ts +2 -0
- package/icc-api/model/TimeTable.js.map +1 -1
- package/icc-api/model/Topic.d.ts +95 -0
- package/icc-api/model/Topic.js +16 -0
- package/icc-api/model/Topic.js.map +1 -0
- package/icc-api/model/internal/ExchangeData.d.ts +64 -0
- package/icc-api/model/internal/ExchangeData.js +15 -0
- package/icc-api/model/internal/ExchangeData.js.map +1 -0
- package/icc-api/model/internal/ExchangeDataMap.d.ts +24 -0
- package/icc-api/model/internal/ExchangeDataMap.js +13 -0
- package/icc-api/model/internal/ExchangeDataMap.js.map +1 -0
- package/icc-api/model/internal/SecureDelegationKeyMap.d.ts +14 -0
- package/icc-api/model/internal/SecureDelegationKeyMap.js +13 -0
- package/icc-api/model/internal/SecureDelegationKeyMap.js.map +1 -0
- package/icc-api/model/models.d.ts +26 -40
- package/icc-api/model/models.js +19 -37
- package/icc-api/model/models.js.map +1 -1
- package/icc-api/model/requests/EntityBulkShareResult.d.ts +28 -0
- package/icc-api/model/requests/EntityBulkShareResult.js +16 -0
- package/icc-api/model/requests/EntityBulkShareResult.js.map +1 -0
- package/icc-api/model/requests/EntityShareOrMetadataUpdateRequest.d.ts +10 -0
- package/icc-api/model/requests/EntityShareOrMetadataUpdateRequest.js +17 -0
- package/icc-api/model/requests/EntityShareOrMetadataUpdateRequest.js.map +1 -0
- package/icc-api/model/requests/EntityShareRequest.d.ts +110 -0
- package/icc-api/model/requests/EntityShareRequest.js +63 -0
- package/icc-api/model/requests/EntityShareRequest.js.map +1 -0
- package/icc-api/model/requests/EntitySharedMetadataUpdateRequest.d.ts +54 -0
- package/icc-api/model/requests/EntitySharedMetadataUpdateRequest.js +24 -0
- package/icc-api/model/requests/EntitySharedMetadataUpdateRequest.js.map +1 -0
- package/icc-api/model/requests/MinimalEntityBulkShareResult.d.ts +23 -0
- package/icc-api/model/requests/MinimalEntityBulkShareResult.js +13 -0
- package/icc-api/model/requests/MinimalEntityBulkShareResult.js.map +1 -0
- package/icc-api/model/requests/RejectedShareOrMetadataUpdateRequest.d.ts +21 -0
- package/icc-api/model/requests/RejectedShareOrMetadataUpdateRequest.js +14 -0
- package/icc-api/model/requests/RejectedShareOrMetadataUpdateRequest.js.map +1 -0
- package/icc-x-api/basexapi/EncryptedEntityXApi.d.ts +55 -6
- package/icc-x-api/basexapi/EncryptedEntityXApi.js.map +1 -1
- package/icc-x-api/crypto/AES.js +1 -1
- package/icc-x-api/crypto/AES.js.map +1 -1
- package/icc-x-api/crypto/AccessControlKeysHeadersProvider.d.ts +18 -0
- package/icc-x-api/crypto/AccessControlKeysHeadersProvider.js +50 -0
- package/icc-x-api/crypto/AccessControlKeysHeadersProvider.js.map +1 -0
- package/icc-x-api/crypto/AccessControlSecretUtils.d.ts +43 -0
- package/icc-x-api/crypto/AccessControlSecretUtils.js +97 -0
- package/icc-x-api/crypto/AccessControlSecretUtils.js.map +1 -0
- package/icc-x-api/crypto/BaseExchangeDataManager.d.ts +146 -0
- package/icc-x-api/crypto/BaseExchangeDataManager.js +342 -0
- package/icc-x-api/crypto/BaseExchangeDataManager.js.map +1 -0
- package/icc-x-api/crypto/BaseExchangeKeysManager.d.ts +0 -18
- package/icc-x-api/crypto/BaseExchangeKeysManager.js +11 -85
- package/icc-x-api/crypto/BaseExchangeKeysManager.js.map +1 -1
- package/icc-x-api/crypto/ConfidentialEntities.d.ts +26 -16
- package/icc-x-api/crypto/ConfidentialEntities.js +30 -17
- package/icc-x-api/crypto/ConfidentialEntities.js.map +1 -1
- package/icc-x-api/crypto/CryptoStrategies.d.ts +8 -1
- package/icc-x-api/crypto/CryptoStrategies.js.map +1 -1
- package/icc-x-api/crypto/DelegationsDeAnonymization.d.ts +44 -0
- package/icc-x-api/crypto/DelegationsDeAnonymization.js +235 -0
- package/icc-x-api/crypto/DelegationsDeAnonymization.js.map +1 -0
- package/icc-x-api/crypto/ExchangeDataManager.d.ts +97 -0
- package/icc-x-api/crypto/ExchangeDataManager.js +501 -0
- package/icc-x-api/crypto/ExchangeDataManager.js.map +1 -0
- package/icc-x-api/crypto/ExchangeDataMapManager.d.ts +32 -0
- package/icc-x-api/crypto/ExchangeDataMapManager.js +70 -0
- package/icc-x-api/crypto/ExchangeDataMapManager.js.map +1 -0
- package/icc-x-api/crypto/ExchangeKeysManager.d.ts +4 -16
- package/icc-x-api/crypto/ExchangeKeysManager.js +4 -62
- package/icc-x-api/crypto/ExchangeKeysManager.js.map +1 -1
- package/icc-x-api/crypto/ExtendedApisUtils.d.ts +326 -0
- package/icc-x-api/crypto/ExtendedApisUtils.js +3 -0
- package/icc-x-api/crypto/ExtendedApisUtils.js.map +1 -0
- package/icc-x-api/crypto/ExtendedApisUtilsImpl.d.ts +174 -0
- package/icc-x-api/crypto/ExtendedApisUtilsImpl.js +559 -0
- package/icc-x-api/crypto/ExtendedApisUtilsImpl.js.map +1 -0
- package/icc-x-api/crypto/KeyRecovery.d.ts +5 -2
- package/icc-x-api/crypto/KeyRecovery.js +59 -29
- package/icc-x-api/crypto/KeyRecovery.js.map +1 -1
- package/icc-x-api/crypto/LegacyCryptoStrategies.d.ts +7 -2
- package/icc-x-api/crypto/LegacyCryptoStrategies.js +8 -1
- package/icc-x-api/crypto/LegacyCryptoStrategies.js.map +1 -1
- package/icc-x-api/crypto/LegacyDelegationSecurityMetadataDecryptor.d.ts +33 -0
- package/icc-x-api/crypto/LegacyDelegationSecurityMetadataDecryptor.js +141 -0
- package/icc-x-api/crypto/LegacyDelegationSecurityMetadataDecryptor.js.map +1 -0
- package/icc-x-api/crypto/RSA.d.ts +34 -8
- package/icc-x-api/crypto/RSA.js +80 -13
- package/icc-x-api/crypto/RSA.js.map +1 -1
- package/icc-x-api/crypto/SecureDelegationsEncryption.d.ts +54 -0
- package/icc-x-api/crypto/SecureDelegationsEncryption.js +178 -0
- package/icc-x-api/crypto/SecureDelegationsEncryption.js.map +1 -0
- package/icc-x-api/crypto/SecureDelegationsManager.d.ts +66 -0
- package/icc-x-api/crypto/SecureDelegationsManager.js +261 -0
- package/icc-x-api/crypto/SecureDelegationsManager.js.map +1 -0
- package/icc-x-api/crypto/SecureDelegationsSecurityMetadataDecryptor.d.ts +46 -0
- package/icc-x-api/crypto/SecureDelegationsSecurityMetadataDecryptor.js +312 -0
- package/icc-x-api/crypto/SecureDelegationsSecurityMetadataDecryptor.js.map +1 -0
- package/icc-x-api/crypto/SecurityMetadataDecryptor.d.ts +97 -0
- package/icc-x-api/crypto/SecurityMetadataDecryptor.js +79 -0
- package/icc-x-api/crypto/SecurityMetadataDecryptor.js.map +1 -0
- package/icc-x-api/crypto/ShamirKeysManager.d.ts +5 -5
- package/icc-x-api/crypto/ShamirKeysManager.js +6 -9
- package/icc-x-api/crypto/ShamirKeysManager.js.map +1 -1
- package/icc-x-api/crypto/TransferKeysManager.d.ts +8 -6
- package/icc-x-api/crypto/TransferKeysManager.js +75 -52
- package/icc-x-api/crypto/TransferKeysManager.js.map +1 -1
- package/icc-x-api/crypto/{KeyManager.d.ts → UserEncryptionKeysManager.d.ts} +4 -6
- package/icc-x-api/crypto/{KeyManager.js → UserEncryptionKeysManager.js} +43 -23
- package/icc-x-api/crypto/UserEncryptionKeysManager.js.map +1 -0
- package/icc-x-api/crypto/UserSignatureKeysManager.d.ts +26 -0
- package/icc-x-api/crypto/UserSignatureKeysManager.js +74 -0
- package/icc-x-api/crypto/UserSignatureKeysManager.js.map +1 -0
- package/icc-x-api/crypto/utils.d.ts +61 -11
- package/icc-x-api/crypto/utils.js +113 -44
- package/icc-x-api/crypto/utils.js.map +1 -1
- package/icc-x-api/filters/LatestMessageByHcPartyTransportGuidFilter.d.ts +8 -0
- package/icc-x-api/filters/LatestMessageByHcPartyTransportGuidFilter.js +13 -0
- package/icc-x-api/filters/LatestMessageByHcPartyTransportGuidFilter.js.map +1 -0
- package/icc-x-api/filters/MessageByHcPartyFilter.d.ts +7 -0
- package/icc-x-api/filters/MessageByHcPartyFilter.js +13 -0
- package/icc-x-api/filters/MessageByHcPartyFilter.js.map +1 -0
- package/icc-x-api/filters/MessageByHcPartyTransportGuidFilter.d.ts +8 -0
- package/icc-x-api/filters/MessageByHcPartyTransportGuidFilter.js +13 -0
- package/icc-x-api/filters/MessageByHcPartyTransportGuidFilter.js.map +1 -0
- package/icc-x-api/filters/TopicByHcPartyFilter.d.ts +7 -0
- package/icc-x-api/filters/TopicByHcPartyFilter.js +13 -0
- package/icc-x-api/filters/TopicByHcPartyFilter.js.map +1 -0
- package/icc-x-api/filters/TopicByParticipantFilter.d.ts +7 -0
- package/icc-x-api/filters/TopicByParticipantFilter.js +13 -0
- package/icc-x-api/filters/TopicByParticipantFilter.js.map +1 -0
- package/icc-x-api/filters/filters.d.ts +5 -0
- package/icc-x-api/filters/filters.js +5 -0
- package/icc-x-api/filters/filters.js.map +1 -1
- package/icc-x-api/icc-accesslog-x-api.d.ts +49 -12
- package/icc-x-api/icc-accesslog-x-api.js +81 -44
- package/icc-x-api/icc-accesslog-x-api.js.map +1 -1
- package/icc-x-api/icc-calendar-item-x-api.d.ts +53 -15
- package/icc-x-api/icc-calendar-item-x-api.js +105 -51
- package/icc-x-api/icc-calendar-item-x-api.js.map +1 -1
- package/icc-x-api/icc-classification-x-api.d.ts +47 -10
- package/icc-x-api/icc-classification-x-api.js +62 -33
- package/icc-x-api/icc-classification-x-api.js.map +1 -1
- package/icc-x-api/icc-contact-x-api.d.ts +59 -33
- package/icc-x-api/icc-contact-x-api.js +101 -66
- package/icc-x-api/icc-contact-x-api.js.map +1 -1
- package/icc-x-api/icc-crypto-x-api.d.ts +33 -333
- package/icc-x-api/icc-crypto-x-api.js +47 -764
- package/icc-x-api/icc-crypto-x-api.js.map +1 -1
- package/icc-x-api/icc-data-owner-x-api.d.ts +20 -8
- package/icc-x-api/icc-data-owner-x-api.js +31 -10
- package/icc-x-api/icc-data-owner-x-api.js.map +1 -1
- package/icc-x-api/icc-document-x-api.d.ts +51 -12
- package/icc-x-api/icc-document-x-api.js +117 -66
- package/icc-x-api/icc-document-x-api.js.map +1 -1
- package/icc-x-api/icc-form-x-api.d.ts +48 -11
- package/icc-x-api/icc-form-x-api.js +71 -37
- package/icc-x-api/icc-form-x-api.js.map +1 -1
- package/icc-x-api/icc-hcparty-x-api.d.ts +2 -2
- package/icc-x-api/icc-hcparty-x-api.js +3 -3
- package/icc-x-api/icc-hcparty-x-api.js.map +1 -1
- package/icc-x-api/icc-helement-x-api.d.ts +59 -20
- package/icc-x-api/icc-helement-x-api.js +78 -43
- package/icc-x-api/icc-helement-x-api.js.map +1 -1
- package/icc-x-api/icc-icure-maintenance-x-api.d.ts +7 -2
- package/icc-x-api/icc-icure-maintenance-x-api.js +38 -27
- package/icc-x-api/icc-icure-maintenance-x-api.js.map +1 -1
- package/icc-x-api/icc-invoice-x-api.d.ts +53 -16
- package/icc-x-api/icc-invoice-x-api.js +69 -35
- package/icc-x-api/icc-invoice-x-api.js.map +1 -1
- package/icc-x-api/icc-maintenance-task-x-api.d.ts +56 -22
- package/icc-x-api/icc-maintenance-task-x-api.js +77 -36
- package/icc-x-api/icc-maintenance-task-x-api.js.map +1 -1
- package/icc-x-api/icc-message-x-api.d.ts +75 -19
- package/icc-x-api/icc-message-x-api.js +126 -37
- package/icc-x-api/icc-message-x-api.js.map +1 -1
- package/icc-x-api/icc-patient-x-api.d.ts +86 -29
- package/icc-x-api/icc-patient-x-api.js +318 -379
- package/icc-x-api/icc-patient-x-api.js.map +1 -1
- package/icc-x-api/icc-receipt-x-api.d.ts +47 -13
- package/icc-x-api/icc-receipt-x-api.js +72 -36
- package/icc-x-api/icc-receipt-x-api.js.map +1 -1
- package/icc-x-api/icc-time-table-x-api.d.ts +46 -13
- package/icc-x-api/icc-time-table-x-api.js +61 -27
- package/icc-x-api/icc-time-table-x-api.js.map +1 -1
- package/icc-x-api/icc-topic-x-api.d.ts +191 -0
- package/icc-x-api/icc-topic-x-api.js +307 -0
- package/icc-x-api/icc-topic-x-api.js.map +1 -0
- package/icc-x-api/icc-user-x-api.d.ts +2 -2
- package/icc-x-api/icc-user-x-api.js +3 -3
- package/icc-x-api/icc-user-x-api.js.map +1 -1
- package/icc-x-api/index.d.ts +18 -2
- package/icc-x-api/index.js +203 -156
- package/icc-x-api/index.js.map +1 -1
- package/icc-x-api/maintenance/KeyPairUpdateRequest.d.ts +1 -1
- package/icc-x-api/storage/DefaultStorageEntryKeysFactory.d.ts +2 -0
- package/icc-x-api/storage/DefaultStorageEntryKeysFactory.js +9 -2
- package/icc-x-api/storage/DefaultStorageEntryKeysFactory.js.map +1 -1
- package/icc-x-api/storage/IcureStorageFacade.d.ts +23 -2
- package/icc-x-api/storage/IcureStorageFacade.js +36 -2
- package/icc-x-api/storage/IcureStorageFacade.js.map +1 -1
- package/icc-x-api/storage/KeyStorageFacade.d.ts +12 -0
- package/icc-x-api/storage/KeyStorageFacade.js.map +1 -1
- package/icc-x-api/storage/KeyStorageImpl.d.ts +2 -0
- package/icc-x-api/storage/KeyStorageImpl.js +10 -0
- package/icc-x-api/storage/KeyStorageImpl.js.map +1 -1
- package/icc-x-api/storage/StorageEntryKeysFactory.d.ts +14 -1
- package/icc-x-api/storage/StorageEntryKeysFactory.js.map +1 -1
- package/icc-x-api/utils/EntityWithDelegationTypeName.d.ts +32 -0
- package/icc-x-api/utils/EntityWithDelegationTypeName.js +75 -0
- package/icc-x-api/utils/EntityWithDelegationTypeName.js.map +1 -0
- package/icc-x-api/utils/ShareResult.d.ts +74 -0
- package/icc-x-api/utils/ShareResult.js +61 -0
- package/icc-x-api/utils/ShareResult.js.map +1 -0
- package/icc-x-api/utils/binary-utils.d.ts +1 -0
- package/icc-x-api/utils/binary-utils.js +8 -1
- package/icc-x-api/utils/binary-utils.js.map +1 -1
- package/icc-x-api/utils/collection-utils.d.ts +5 -0
- package/icc-x-api/utils/collection-utils.js +26 -1
- package/icc-x-api/utils/collection-utils.js.map +1 -1
- package/icc-x-api/utils/crypto-utils.d.ts +4 -3
- package/icc-x-api/utils/crypto-utils.js +5 -4
- package/icc-x-api/utils/crypto-utils.js.map +1 -1
- package/icc-x-api/utils/lru-temporised-async-cache.d.ts +26 -3
- package/icc-x-api/utils/lru-temporised-async-cache.js +75 -15
- package/icc-x-api/utils/lru-temporised-async-cache.js.map +1 -1
- package/icc-x-api/utils/websocket.d.ts +14 -10
- package/icc-x-api/utils/websocket.js +26 -9
- package/icc-x-api/utils/websocket.js.map +1 -1
- package/index.d.ts +1 -1
- package/index.js +3 -1
- package/index.js.map +1 -1
- package/package.json +2 -3
- package/icc-x-api/crypto/EntitiesEncryption.d.ts +0 -275
- package/icc-x-api/crypto/EntitiesEncryption.js +0 -734
- package/icc-x-api/crypto/EntitiesEncryption.js.map +0 -1
- package/icc-x-api/crypto/KeyManager.js.map +0 -1
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"AES.js","sourceRoot":"","sources":["../../../icc-x-api/crypto/AES.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,oCAAuD;AAEvD,MAAa,QAAQ;IAYnB,IAAI,KAAK,CAAC,KAAc;QACtB,IAAI,CAAC,MAAM,GAAG,KAAK,CAAA;IACrB,CAAC;IAED,YAAY,SAAiB,OAAO,MAAM,KAAK,WAAW,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO,IAAI,KAAK,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAE,EAAa;QAfvI,iCAAiC;QACjC,aAAQ,GAAG,EAAE,CAAA;QACb,4BAAuB,GAAG,SAAS,CAAA;QAEnC,oBAAe,GAAoB;YACjC,IAAI,EAAE,SAAS;YACf,MAAM,EAAE,GAAG;SACZ,CAAA;QAEO,WAAM,GAAY,KAAK,CAAA;QAO7B,IAAI,CAAC,MAAM,GAAG,MAAM,CAAA;IACtB,CAAC;IAEK,iBAAiB,CAAC,MAAc,EAAE,SAAmC;;YACzE,OAAO,IAAI,CAAC,OAAO,CACjB,MAAM,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,IAAA,cAAM,EAAC,MAAM,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,CAAC,EAC7D,SAAS,EACT,MAAM,CAAC,+DAA+D;aACvE,CAAA;QACH,CAAC;KAAA;IAED,OAAO,CAAC,SAAoB,EAAE,SAAmC,EAAE,MAAM,GAAG,MAAM;QAChF,OAAO,IAAI,OAAO,CAAC,CAAC,OAAoC,EAAE,MAA4B,EAAE,EAAE;YACxF,IAAI,SAAS,YAAY,UAAU,EAAE;gBACnC,MAAM,MAAM,GAAG,SAAS,CAAC,MAAM,CAAA;gBAC/B,SAAS,GAAG,CAAC,MAAM,CAAC,UAAU,GAAG,SAAS,CAAC,UAAU,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,SAAS,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,MAAM,CAAgB,CAAA;aACvH;YACD,MAAM,mBAAmB,GAAG;gBAC1B,IAAI,EAAE,IAAI,CAAC,uBAAuB;gBAClC,EAAE,EAAE,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,QAAQ,CAAC;aACnC,CAAA;YACD,IAAI,CAAC,MAAM,IAAI,OAAO,CAAC,GAAG,CAAC,WAAW,IAAA,cAAM,EAAC,SAAS,CAAC,SAAS,MAAM,EAAE,CAAC,CAAA;YACzE,IAAI,CAAC,MAAM,CAAC,MAAM;iBACf,OAAO,mBAED,mBAAmB,GAExB,SAAS,EACT,SAAS,CACV;iBACA,IAAI,CACH,CAAC,UAAU,EAAE,EAAE;gBACb,IAAI,CAAC,MAAM,IAAI,OAAO,CAAC,GAAG,CAAC,eAAe,IAAA,cAAM,EAAC,UAAU,CAAC,EAAE,CAAC,CAAA;gBAC/D,OAAO,OAAO,CAAC,IAAA,oBAAY,EAAC,mBAAmB,CAAC,EAAE,CAAC,MAAqB,EAAE,UAAU,CAAC,CAAC,CAAA;YACxF,CAAC,EACD,CAAC,GAAG,EAAE,EAAE,CAAC,MAAM,CAAC,yBAAyB,GAAG,GAAG,CAAC,CACjD,CAAA;QACL,CAAC,CAAC,CAAA;IACJ,CAAC;IAEK,iBAAiB,CAAC,MAAc,EAAE,SAAmC;;YACzE,OAAO,IAAI,CAAC,OAAO,CACjB,MAAM,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,IAAA,cAAM,EAAC,MAAM,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,CAAC,EAC7D,SAAS,EACT,MAAM,CAAC,+DAA+D;aACvE,CAAA;QACH,CAAC;KAAA;IAED;;;;;;OAMG;IACH,OAAO,CAAC,SAAoB,EAAE,aAAuC,EAAE,MAAM,GAAG,MAAM;QACpF,OAAO,IAAI,OAAO,CAAC,CAAC,OAAoC,EAAE,MAA4B,EAAE,EAAE;YACxF,IAAI,CAAC,SAAS,EAAE;gBACd,OAAO,MAAM,CAAC,uCAAuC,CAAC,CAAA;aACvD;YACD,MAAM,kBAAkB,GAAG,aAAa,YAAY,WAAW,CAAC,CAAC,CAAC,IAAI,UAAU,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,aAAa,CAAA;YAC/G,MAAM,mBAAmB,GAAG;gBAC1B,IAAI,EAAE,IAAI,CAAC,uBAAuB;gBAClC,EAAE,EAAE,kBAAkB,CAAC,QAAQ,CAAC,CAAC,EAAE,IAAI,CAAC,QAAQ,CAAC;gBAEjD;;;;;;;;;;;;;;;mBAeG;aACJ,CAAA;YACD,IAAI,CAAC,MAAM,IAAI,OAAO,CAAC,GAAG,CAAC,WAAW,IAAA,cAAM,EAAC,aAAa,CAAC,SAAS,MAAM,EAAE,CAAC,CAAA;YAC7E,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,mBAAmB,EAAE,SAAS,EAAE,kBAAkB,CAAC,QAAQ,CAAC,IAAI,CAAC,QAAQ,EAAE,kBAAkB,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CACpI,CAAC,cAAc,EAAE,EAAE;gBACjB,IAAI,CAAC,MAAM,IAAI,OAAO,CAAC,GAAG,CAAC,mBAAmB,IAAA,cAAM,EAAC,cAAc,CAAC,EAAE,CAAC,CAAA;gBACvE,OAAO,CAAC,cAAc,CAAC,CAAA;YACzB,CAAC,EACD,CAAC,GAAG,EAAE,EAAE;gBACN,MAAM,CAAC,yBAAyB,GAAG,GAAG,CAAC,CAAA;YACzC,CAAC,CACF,CAAA;QACH,CAAC,CAAC,CAAA;IACJ,CAAC;IAEK,WAAW,CAAC,UAAuB,EAAE,UAAsB;;YAC/D,IAAI;gBACF,OAAO,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,UAAU,CAAC,CAAA;aAC/C;YAAC,OAAO,CAAC,EAAE;gBACV,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE;oBACzB,OAAO,IAAI,CAAC,WAAW,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,UAAU,CAAC,CAAA;iBACzD;qBAAM;oBACL,MAAM,CAAC,CAAA;iBACR;aACF;QACH,CAAC;KAAA;IAWD,iBAAiB,CAAC,KAAc;QAC9B,OAAO,IAAI,OAAO,CAAC,CAAC,OAA2C,EAAE,MAA4B,EAAE,EAAE;YAC/F,MAAM,WAAW,GAAG,IAAI,CAAA;YACxB,MAAM,SAAS,GAAe,CAAC,SAAS,EAAE,SAAS,CAAC,CAAA;YACpD,MAAM,gBAAgB,GAAuB,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,eAAe,EAAE,WAAW,EAAE,SAAS,CAAuB,CAAA;YAC/I,OAAO,KAAK,KAAK,SAAS,IAAI,CAAC,KAAK;gBAClC,CAAC,CAAC,gBAAgB,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC;gBACxC,CAAC,CAAC,gBAAgB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,EAAE,KAAK,CAAC,EAAE,MAAM,CAAC,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,OAAO,CAAC,IAAA,cAAM,EAAC,GAAG,CAAC,CAAC,EAAE,MAAM,CAAC,CAAA;QAChH,CAAC,CAAC,CAAA;IACJ,CAAC;IAED,mCAAmC;IACnC,UAAU,CAAC,YAAoB;QAC7B,OAAO,IAAI,UAAU,CAAC,IAAI,CAAC,MAAM,CAAC,eAAe,CAAC,IAAI,UAAU,CAAC,YAAY,CAAC,CAAC,CAAC,CAAA;IAClF,CAAC;IAYD,SAAS,CAAC,SAAoB,EAAE,MAAqB;QACnD,OAAO,IAAI,OAAO,CAAC,CAAC,OAAiD,EAAE,MAA4B,EAAE,EAAE;YACrG,OAAO,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,MAAa,EAAE,SAAS,CAAC,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC,CAAA;QACrF,CAAC,CAAC,CAAA;IACJ,CAAC;IAED;;;;;;;;;;;OAWG;IACH,SAAS,CAAC,MAAqB,EAAE,MAA6C;QAC5E,OAAO,IAAI,OAAO,CAAC,CAAC,OAAkC,EAAE,MAA4B,EAAE,EAAE;YACtF,MAAM,WAAW,GAAG,IAAI,CAAA;YACxB,MAAM,SAAS,GAAe,CAAC,SAAS,EAAE,SAAS,CAAC,CAAA;YACpD,OAAO,IAAI,CAAC,MAAM,CAAC,MAAM;iBACtB,SAAS,CAAC,MAAa,EAAE,MAAa,EAAE,IAAI,CAAC,eAAe,EAAE,WAAW,EAAE,SAAS,CAAC;iBACrF,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;gBACb,IAAI,MAAM,IAAI,KAAK,IAAI,CAAC,MAAM,YAAY,WAAW,IAAI,WAAW,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,EAAE;oBACpF,OAAO,CAAC,IAAI,CAAC,iBAAiB,IAAA,cAAM,EAAC,MAAM,CAAC,SAAS,CAAC,CAAA;iBACvD;gBACD,MAAM,GAAG,CAAA;YACX,CAAC,CAAC;iBACD,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC,CAAA;QAC1B,CAAC,CAAC,CAAA;IACJ,CAAC;CACF;AAhMD,4BAgMC;AAEY,QAAA,GAAG,GAAG,IAAI,QAAQ,EAAE,CAAA","sourcesContent":["import { appendBuffer, hex2ua, ua2hex } from '../utils'\n\nexport class AESUtils {\n /********* AES Config **********/\n ivLength = 16\n aesAlgorithmEncryptName = 'AES-CBC'\n\n aesKeyGenParams: AesKeyGenParams = {\n name: 'AES-CBC',\n length: 256,\n }\n private crypto: Crypto\n private _debug: boolean = false\n\n set debug(value: boolean) {\n this._debug = value\n }\n\n constructor(crypto: Crypto = typeof window !== 'undefined' ? window.crypto : typeof self !== 'undefined' ? self.crypto : ({} as Crypto)) {\n this.crypto = crypto\n }\n\n async encryptWithRawKey(rawKey: string, plainData: ArrayBuffer | Uint8Array): Promise<ArrayBuffer> {\n return this.encrypt(\n await this.importKey('raw', hex2ua(rawKey.replace(/-/g, ''))),\n plainData,\n rawKey // Used for logging only if debug is enabled, ok to always pass\n )\n }\n\n encrypt(cryptoKey: CryptoKey, plainData: ArrayBuffer | Uint8Array, rawKey = '<NA>'): Promise<ArrayBuffer> {\n return new Promise((resolve: (value: ArrayBuffer) => any, reject: (reason: any) => any) => {\n if (plainData instanceof Uint8Array) {\n const buffer = plainData.buffer\n plainData = (buffer.byteLength > plainData.byteLength ? buffer.slice(0, plainData.byteLength) : buffer) as ArrayBuffer\n }\n const aesAlgorithmEncrypt = {\n name: this.aesAlgorithmEncryptName,\n iv: this.generateIV(this.ivLength),\n }\n this._debug && console.log(`encrypt ${ua2hex(plainData)} with ${rawKey}`)\n this.crypto.subtle\n .encrypt(\n {\n ...aesAlgorithmEncrypt,\n } /* some ill behaved implementations change the values in place */,\n cryptoKey,\n plainData\n )\n .then(\n (cipherData) => {\n this._debug && console.log(`cipherData: ${ua2hex(cipherData)}`)\n return resolve(appendBuffer(aesAlgorithmEncrypt.iv.buffer as ArrayBuffer, cipherData))\n },\n (err) => reject('AES encryption failed: ' + err)\n )\n })\n }\n\n async decryptWithRawKey(rawKey: string, plainData: ArrayBuffer | Uint8Array): Promise<ArrayBuffer> {\n return this.decrypt(\n await this.importKey('raw', hex2ua(rawKey.replace(/-/g, ''))),\n plainData,\n rawKey // Used for logging only if debug is enabled, ok to always pass\n )\n }\n\n /**\n *\n * @param cryptoKey (CryptoKey)\n * @param encryptedData (ArrayBuffer)\n * @param rawKey\n * @returns {Promise} will be ArrayBuffer\n */\n decrypt(cryptoKey: CryptoKey, encryptedData: ArrayBuffer | Uint8Array, rawKey = '<NA>'): Promise<ArrayBuffer> {\n return new Promise((resolve: (value: ArrayBuffer) => any, reject: (reason: any) => any) => {\n if (!cryptoKey) {\n return reject('No crypto key provided for decryption')\n }\n const encryptedDataUint8 = encryptedData instanceof ArrayBuffer ? new Uint8Array(encryptedData) : encryptedData\n const aesAlgorithmEncrypt = {\n name: this.aesAlgorithmEncryptName,\n iv: encryptedDataUint8.subarray(0, this.ivLength),\n\n /*\n * IF THIS BIT OF CODE PRODUCES A DOMEXCEPTION CODE 0 ERROR, IT MIGHT BE RELATED TO THIS:\n *\n * NOTOK:\n * if (!hcparty.hcPartyKeys && !hcparty.hcPartyKeys[hcpartyId] && hcparty.hcPartyKeys[hcpartyId].length !== 2) {\n * throw 'No hcPartyKey for this Healthcare party(' + hcpartyId + ').';\n * }\n * var delegateHcPartyKey = hcparty.hcPartyKeys[hcpartyId][1];\n *\n * SHOULD BE:\n * var delegatorId = patient.delegations[hcpartyId][0].owner;\n * if (!hcparty.hcPartyKeys && !hcparty.hcPartyKeys[delegatorId] && hcparty.hcPartyKeys[delegatorId].length !== 2) {\n * throw 'No hcPartyKey for this Healthcare party(' + delegatorId + ').';\n * }\n * var delegateHcPartyKey = hcparty.hcPartyKeys[delegatorId][1];\n */\n }\n this._debug && console.log(`decrypt ${ua2hex(encryptedData)} with ${rawKey}`)\n this.crypto.subtle.decrypt(aesAlgorithmEncrypt, cryptoKey, encryptedDataUint8.subarray(this.ivLength, encryptedDataUint8.length)).then(\n (decipheredData) => {\n this._debug && console.log(`decipheredData: ${ua2hex(decipheredData)}`)\n resolve(decipheredData)\n },\n (err) => {\n reject('AES decryption failed: ' + err)\n }\n )\n })\n }\n\n async decryptSome(cryptoKeys: CryptoKey[], uint8Array: Uint8Array): Promise<ArrayBuffer> {\n try {\n return this.decrypt(cryptoKeys[0], uint8Array)\n } catch (e) {\n if (cryptoKeys.length > 1) {\n return this.decryptSome(cryptoKeys.slice(1), uint8Array)\n } else {\n throw e\n }\n }\n }\n\n // generate an AES key\n // noinspection JSUnusedGlobalSymbols\n /**\n *\n * @param toHex boolean, if true, it returns hex String\n * @returns {Promise} either Hex string or CryptoKey\n */\n generateCryptoKey(toHex: false): Promise<CryptoKey>\n generateCryptoKey(toHex: true): Promise<string>\n generateCryptoKey(toHex: boolean): Promise<string | CryptoKey> {\n return new Promise((resolve: (value: CryptoKey | string) => any, reject: (reason: any) => any) => {\n const extractable = true\n const keyUsages: KeyUsage[] = ['decrypt', 'encrypt']\n const cryptoKeyPromise: Promise<CryptoKey> = this.crypto.subtle.generateKey(this.aesKeyGenParams, extractable, keyUsages) as Promise<CryptoKey>\n return toHex === undefined || !toHex\n ? cryptoKeyPromise.then(resolve, reject)\n : cryptoKeyPromise.then((k) => this.exportKey(k, 'raw'), reject).then((raw) => resolve(ua2hex(raw)), reject)\n })\n }\n\n // noinspection JSMethodCanBeStatic\n generateIV(ivByteLength: number): Uint8Array {\n return new Uint8Array(this.crypto.getRandomValues(new Uint8Array(ivByteLength)))\n }\n\n /**\n * This function return a promise which will be the key Format will be either 'raw' or 'jwk'.\n * JWK: Json Web key (ref. http://tools.ietf.org/html/draft-ietf-jose-json-web-key-11)\n *\n * @param cryptoKey CryptoKey\n * @param format will be 'raw' or 'jwk'\n * @returns {Promise} will the AES Key\n */\n exportKey(cryptoKey: CryptoKey, format: 'raw'): Promise<ArrayBuffer>\n exportKey(cryptoKey: CryptoKey, format: 'jwk'): Promise<JsonWebKey>\n exportKey(cryptoKey: CryptoKey, format: 'jwk' | 'raw'): Promise<ArrayBuffer | JsonWebKey> {\n return new Promise((resolve: (value: ArrayBuffer | JsonWebKey) => any, reject: (reason: any) => any) => {\n return this.crypto.subtle.exportKey(format as any, cryptoKey).then(resolve, reject)\n })\n }\n\n /**\n * the ability to import a key that have already been created elsewhere, for use within the web\n * application that is invoking the import function, for use within the importing web application's\n * origin. This necessiates an interoperable key format, such as JSON Web Key [JWK] which may be\n * represented as octets.\n *\n * https://chromium.googlesource.com/chromium/blink.git/+/6b902997e3ca0384c8fa6fe56f79ecd7589d3ca6/LayoutTests/crypto/resources/common.js\n *\n * @param format 'raw' or 'jwk'\n * @param aesKey\n * @returns {*}\n */\n importKey(format: 'jwk' | 'raw', aesKey: JsonWebKey | ArrayBuffer | Uint8Array): Promise<CryptoKey> {\n return new Promise((resolve: (value: CryptoKey) => any, reject: (reason: any) => any) => {\n const extractable = true\n const keyUsages: KeyUsage[] = ['decrypt', 'encrypt']\n return this.crypto.subtle\n .importKey(format as any, aesKey as any, this.aesKeyGenParams, extractable, keyUsages)\n .catch((err) => {\n if (format == 'raw' && (aesKey instanceof ArrayBuffer || ArrayBuffer.isView(aesKey))) {\n console.warn(`Import of key ${ua2hex(aesKey)} failed`)\n }\n throw err\n })\n .then(resolve, reject)\n })\n }\n}\n\nexport const AES = new AESUtils()\n"]}
|
|
1
|
+
{"version":3,"file":"AES.js","sourceRoot":"","sources":["../../../icc-x-api/crypto/AES.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,oCAAuD;AAEvD,MAAa,QAAQ;IAYnB,IAAI,KAAK,CAAC,KAAc;QACtB,IAAI,CAAC,MAAM,GAAG,KAAK,CAAA;IACrB,CAAC;IAED,YAAY,SAAiB,OAAO,MAAM,KAAK,WAAW,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO,IAAI,KAAK,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAE,EAAa;QAfvI,iCAAiC;QACjC,aAAQ,GAAG,EAAE,CAAA;QACb,4BAAuB,GAAG,SAAS,CAAA;QAEnC,oBAAe,GAAoB;YACjC,IAAI,EAAE,SAAS;YACf,MAAM,EAAE,GAAG;SACZ,CAAA;QAEO,WAAM,GAAY,KAAK,CAAA;QAO7B,IAAI,CAAC,MAAM,GAAG,MAAM,CAAA;IACtB,CAAC;IAEK,iBAAiB,CAAC,MAAc,EAAE,SAAmC;;YACzE,OAAO,IAAI,CAAC,OAAO,CACjB,MAAM,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,IAAA,cAAM,EAAC,MAAM,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,CAAC,EAC7D,SAAS,EACT,MAAM,CAAC,+DAA+D;aACvE,CAAA;QACH,CAAC;KAAA;IAED,OAAO,CAAC,SAAoB,EAAE,SAAmC,EAAE,MAAM,GAAG,MAAM;QAChF,OAAO,IAAI,OAAO,CAAC,CAAC,OAAoC,EAAE,MAA4B,EAAE,EAAE;YACxF,IAAI,SAAS,YAAY,UAAU,EAAE;gBACnC,MAAM,MAAM,GAAG,SAAS,CAAC,MAAM,CAAA;gBAC/B,SAAS,GAAG,CAAC,MAAM,CAAC,UAAU,GAAG,SAAS,CAAC,UAAU,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,SAAS,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,MAAM,CAAgB,CAAA;aACvH;YACD,MAAM,mBAAmB,GAAG;gBAC1B,IAAI,EAAE,IAAI,CAAC,uBAAuB;gBAClC,EAAE,EAAE,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,QAAQ,CAAC;aACnC,CAAA;YACD,IAAI,CAAC,MAAM,IAAI,OAAO,CAAC,GAAG,CAAC,WAAW,IAAA,cAAM,EAAC,SAAS,CAAC,SAAS,MAAM,EAAE,CAAC,CAAA;YACzE,IAAI,CAAC,MAAM,CAAC,MAAM;iBACf,OAAO,mBAED,mBAAmB,GAExB,SAAS,EACT,SAAS,CACV;iBACA,IAAI,CACH,CAAC,UAAU,EAAE,EAAE;gBACb,IAAI,CAAC,MAAM,IAAI,OAAO,CAAC,GAAG,CAAC,eAAe,IAAA,cAAM,EAAC,UAAU,CAAC,EAAE,CAAC,CAAA;gBAC/D,OAAO,OAAO,CAAC,IAAA,oBAAY,EAAC,mBAAmB,CAAC,EAAE,CAAC,MAAqB,EAAE,UAAU,CAAC,CAAC,CAAA;YACxF,CAAC,EACD,CAAC,GAAG,EAAE,EAAE,CAAC,MAAM,CAAC,yBAAyB,GAAG,GAAG,CAAC,CACjD,CAAA;QACL,CAAC,CAAC,CAAA;IACJ,CAAC;IAEK,iBAAiB,CAAC,MAAc,EAAE,SAAmC;;YACzE,OAAO,IAAI,CAAC,OAAO,CACjB,MAAM,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,IAAA,cAAM,EAAC,MAAM,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,CAAC,EAC7D,SAAS,EACT,MAAM,CAAC,+DAA+D;aACvE,CAAA;QACH,CAAC;KAAA;IAED;;;;;;OAMG;IACH,OAAO,CAAC,SAAoB,EAAE,aAAuC,EAAE,MAAM,GAAG,MAAM;QACpF,OAAO,IAAI,OAAO,CAAC,CAAC,OAAoC,EAAE,MAA4B,EAAE,EAAE;YACxF,IAAI,CAAC,SAAS,EAAE;gBACd,OAAO,MAAM,CAAC,uCAAuC,CAAC,CAAA;aACvD;YACD,MAAM,kBAAkB,GAAG,aAAa,YAAY,WAAW,CAAC,CAAC,CAAC,IAAI,UAAU,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,aAAa,CAAA;YAC/G,MAAM,mBAAmB,GAAG;gBAC1B,IAAI,EAAE,IAAI,CAAC,uBAAuB;gBAClC,EAAE,EAAE,kBAAkB,CAAC,QAAQ,CAAC,CAAC,EAAE,IAAI,CAAC,QAAQ,CAAC;gBAEjD;;;;;;;;;;;;;;;mBAeG;aACJ,CAAA;YACD,IAAI,CAAC,MAAM,IAAI,OAAO,CAAC,GAAG,CAAC,WAAW,IAAA,cAAM,EAAC,aAAa,CAAC,SAAS,MAAM,EAAE,CAAC,CAAA;YAC7E,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,mBAAmB,EAAE,SAAS,EAAE,kBAAkB,CAAC,QAAQ,CAAC,IAAI,CAAC,QAAQ,EAAE,kBAAkB,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CACpI,CAAC,cAAc,EAAE,EAAE;gBACjB,IAAI,CAAC,MAAM,IAAI,OAAO,CAAC,GAAG,CAAC,mBAAmB,IAAA,cAAM,EAAC,cAAc,CAAC,EAAE,CAAC,CAAA;gBACvE,OAAO,CAAC,cAAc,CAAC,CAAA;YACzB,CAAC,EACD,CAAC,GAAG,EAAE,EAAE;gBACN,MAAM,CAAC,IAAI,KAAK,CAAC,yBAAyB,GAAG,GAAG,CAAC,CAAC,CAAA;YACpD,CAAC,CACF,CAAA;QACH,CAAC,CAAC,CAAA;IACJ,CAAC;IAEK,WAAW,CAAC,UAAuB,EAAE,UAAsB;;YAC/D,IAAI;gBACF,OAAO,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,UAAU,CAAC,CAAA;aAC/C;YAAC,OAAO,CAAC,EAAE;gBACV,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE;oBACzB,OAAO,IAAI,CAAC,WAAW,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,UAAU,CAAC,CAAA;iBACzD;qBAAM;oBACL,MAAM,CAAC,CAAA;iBACR;aACF;QACH,CAAC;KAAA;IAWD,iBAAiB,CAAC,KAAc;QAC9B,OAAO,IAAI,OAAO,CAAC,CAAC,OAA2C,EAAE,MAA4B,EAAE,EAAE;YAC/F,MAAM,WAAW,GAAG,IAAI,CAAA;YACxB,MAAM,SAAS,GAAe,CAAC,SAAS,EAAE,SAAS,CAAC,CAAA;YACpD,MAAM,gBAAgB,GAAuB,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,eAAe,EAAE,WAAW,EAAE,SAAS,CAAuB,CAAA;YAC/I,OAAO,KAAK,KAAK,SAAS,IAAI,CAAC,KAAK;gBAClC,CAAC,CAAC,gBAAgB,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC;gBACxC,CAAC,CAAC,gBAAgB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,EAAE,KAAK,CAAC,EAAE,MAAM,CAAC,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,OAAO,CAAC,IAAA,cAAM,EAAC,GAAG,CAAC,CAAC,EAAE,MAAM,CAAC,CAAA;QAChH,CAAC,CAAC,CAAA;IACJ,CAAC;IAED,mCAAmC;IACnC,UAAU,CAAC,YAAoB;QAC7B,OAAO,IAAI,UAAU,CAAC,IAAI,CAAC,MAAM,CAAC,eAAe,CAAC,IAAI,UAAU,CAAC,YAAY,CAAC,CAAC,CAAC,CAAA;IAClF,CAAC;IAYD,SAAS,CAAC,SAAoB,EAAE,MAAqB;QACnD,OAAO,IAAI,OAAO,CAAC,CAAC,OAAiD,EAAE,MAA4B,EAAE,EAAE;YACrG,OAAO,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,MAAa,EAAE,SAAS,CAAC,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC,CAAA;QACrF,CAAC,CAAC,CAAA;IACJ,CAAC;IAED;;;;;;;;;;;OAWG;IACH,SAAS,CAAC,MAAqB,EAAE,MAA6C;QAC5E,OAAO,IAAI,OAAO,CAAC,CAAC,OAAkC,EAAE,MAA4B,EAAE,EAAE;YACtF,MAAM,WAAW,GAAG,IAAI,CAAA;YACxB,MAAM,SAAS,GAAe,CAAC,SAAS,EAAE,SAAS,CAAC,CAAA;YACpD,OAAO,IAAI,CAAC,MAAM,CAAC,MAAM;iBACtB,SAAS,CAAC,MAAa,EAAE,MAAa,EAAE,IAAI,CAAC,eAAe,EAAE,WAAW,EAAE,SAAS,CAAC;iBACrF,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;gBACb,IAAI,MAAM,IAAI,KAAK,IAAI,CAAC,MAAM,YAAY,WAAW,IAAI,WAAW,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,EAAE;oBACpF,OAAO,CAAC,IAAI,CAAC,iBAAiB,IAAA,cAAM,EAAC,MAAM,CAAC,SAAS,CAAC,CAAA;iBACvD;gBACD,MAAM,GAAG,CAAA;YACX,CAAC,CAAC;iBACD,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC,CAAA;QAC1B,CAAC,CAAC,CAAA;IACJ,CAAC;CACF;AAhMD,4BAgMC;AAEY,QAAA,GAAG,GAAG,IAAI,QAAQ,EAAE,CAAA","sourcesContent":["import { appendBuffer, hex2ua, ua2hex } from '../utils'\n\nexport class AESUtils {\n /********* AES Config **********/\n ivLength = 16\n aesAlgorithmEncryptName = 'AES-CBC'\n\n aesKeyGenParams: AesKeyGenParams = {\n name: 'AES-CBC',\n length: 256,\n }\n private crypto: Crypto\n private _debug: boolean = false\n\n set debug(value: boolean) {\n this._debug = value\n }\n\n constructor(crypto: Crypto = typeof window !== 'undefined' ? window.crypto : typeof self !== 'undefined' ? self.crypto : ({} as Crypto)) {\n this.crypto = crypto\n }\n\n async encryptWithRawKey(rawKey: string, plainData: ArrayBuffer | Uint8Array): Promise<ArrayBuffer> {\n return this.encrypt(\n await this.importKey('raw', hex2ua(rawKey.replace(/-/g, ''))),\n plainData,\n rawKey // Used for logging only if debug is enabled, ok to always pass\n )\n }\n\n encrypt(cryptoKey: CryptoKey, plainData: ArrayBuffer | Uint8Array, rawKey = '<NA>'): Promise<ArrayBuffer> {\n return new Promise((resolve: (value: ArrayBuffer) => any, reject: (reason: any) => any) => {\n if (plainData instanceof Uint8Array) {\n const buffer = plainData.buffer\n plainData = (buffer.byteLength > plainData.byteLength ? buffer.slice(0, plainData.byteLength) : buffer) as ArrayBuffer\n }\n const aesAlgorithmEncrypt = {\n name: this.aesAlgorithmEncryptName,\n iv: this.generateIV(this.ivLength),\n }\n this._debug && console.log(`encrypt ${ua2hex(plainData)} with ${rawKey}`)\n this.crypto.subtle\n .encrypt(\n {\n ...aesAlgorithmEncrypt,\n } /* some ill behaved implementations change the values in place */,\n cryptoKey,\n plainData\n )\n .then(\n (cipherData) => {\n this._debug && console.log(`cipherData: ${ua2hex(cipherData)}`)\n return resolve(appendBuffer(aesAlgorithmEncrypt.iv.buffer as ArrayBuffer, cipherData))\n },\n (err) => reject('AES encryption failed: ' + err)\n )\n })\n }\n\n async decryptWithRawKey(rawKey: string, plainData: ArrayBuffer | Uint8Array): Promise<ArrayBuffer> {\n return this.decrypt(\n await this.importKey('raw', hex2ua(rawKey.replace(/-/g, ''))),\n plainData,\n rawKey // Used for logging only if debug is enabled, ok to always pass\n )\n }\n\n /**\n *\n * @param cryptoKey (CryptoKey)\n * @param encryptedData (ArrayBuffer)\n * @param rawKey\n * @returns {Promise} will be ArrayBuffer\n */\n decrypt(cryptoKey: CryptoKey, encryptedData: ArrayBuffer | Uint8Array, rawKey = '<NA>'): Promise<ArrayBuffer> {\n return new Promise((resolve: (value: ArrayBuffer) => any, reject: (reason: any) => any) => {\n if (!cryptoKey) {\n return reject('No crypto key provided for decryption')\n }\n const encryptedDataUint8 = encryptedData instanceof ArrayBuffer ? new Uint8Array(encryptedData) : encryptedData\n const aesAlgorithmEncrypt = {\n name: this.aesAlgorithmEncryptName,\n iv: encryptedDataUint8.subarray(0, this.ivLength),\n\n /*\n * IF THIS BIT OF CODE PRODUCES A DOMEXCEPTION CODE 0 ERROR, IT MIGHT BE RELATED TO THIS:\n *\n * NOTOK:\n * if (!hcparty.hcPartyKeys && !hcparty.hcPartyKeys[hcpartyId] && hcparty.hcPartyKeys[hcpartyId].length !== 2) {\n * throw 'No hcPartyKey for this Healthcare party(' + hcpartyId + ').';\n * }\n * var delegateHcPartyKey = hcparty.hcPartyKeys[hcpartyId][1];\n *\n * SHOULD BE:\n * var delegatorId = patient.delegations[hcpartyId][0].owner;\n * if (!hcparty.hcPartyKeys && !hcparty.hcPartyKeys[delegatorId] && hcparty.hcPartyKeys[delegatorId].length !== 2) {\n * throw 'No hcPartyKey for this Healthcare party(' + delegatorId + ').';\n * }\n * var delegateHcPartyKey = hcparty.hcPartyKeys[delegatorId][1];\n */\n }\n this._debug && console.log(`decrypt ${ua2hex(encryptedData)} with ${rawKey}`)\n this.crypto.subtle.decrypt(aesAlgorithmEncrypt, cryptoKey, encryptedDataUint8.subarray(this.ivLength, encryptedDataUint8.length)).then(\n (decipheredData) => {\n this._debug && console.log(`decipheredData: ${ua2hex(decipheredData)}`)\n resolve(decipheredData)\n },\n (err) => {\n reject(new Error('AES decryption failed: ' + err))\n }\n )\n })\n }\n\n async decryptSome(cryptoKeys: CryptoKey[], uint8Array: Uint8Array): Promise<ArrayBuffer> {\n try {\n return this.decrypt(cryptoKeys[0], uint8Array)\n } catch (e) {\n if (cryptoKeys.length > 1) {\n return this.decryptSome(cryptoKeys.slice(1), uint8Array)\n } else {\n throw e\n }\n }\n }\n\n // generate an AES key\n // noinspection JSUnusedGlobalSymbols\n /**\n *\n * @param toHex boolean, if true, it returns hex String\n * @returns {Promise} either Hex string or CryptoKey\n */\n generateCryptoKey(toHex: false): Promise<CryptoKey>\n generateCryptoKey(toHex: true): Promise<string>\n generateCryptoKey(toHex: boolean): Promise<string | CryptoKey> {\n return new Promise((resolve: (value: CryptoKey | string) => any, reject: (reason: any) => any) => {\n const extractable = true\n const keyUsages: KeyUsage[] = ['decrypt', 'encrypt']\n const cryptoKeyPromise: Promise<CryptoKey> = this.crypto.subtle.generateKey(this.aesKeyGenParams, extractable, keyUsages) as Promise<CryptoKey>\n return toHex === undefined || !toHex\n ? cryptoKeyPromise.then(resolve, reject)\n : cryptoKeyPromise.then((k) => this.exportKey(k, 'raw'), reject).then((raw) => resolve(ua2hex(raw)), reject)\n })\n }\n\n // noinspection JSMethodCanBeStatic\n generateIV(ivByteLength: number): Uint8Array {\n return new Uint8Array(this.crypto.getRandomValues(new Uint8Array(ivByteLength)))\n }\n\n /**\n * This function return a promise which will be the key Format will be either 'raw' or 'jwk'.\n * JWK: Json Web key (ref. http://tools.ietf.org/html/draft-ietf-jose-json-web-key-11)\n *\n * @param cryptoKey CryptoKey\n * @param format will be 'raw' or 'jwk'\n * @returns {Promise} will the AES Key\n */\n exportKey(cryptoKey: CryptoKey, format: 'raw'): Promise<ArrayBuffer>\n exportKey(cryptoKey: CryptoKey, format: 'jwk'): Promise<JsonWebKey>\n exportKey(cryptoKey: CryptoKey, format: 'jwk' | 'raw'): Promise<ArrayBuffer | JsonWebKey> {\n return new Promise((resolve: (value: ArrayBuffer | JsonWebKey) => any, reject: (reason: any) => any) => {\n return this.crypto.subtle.exportKey(format as any, cryptoKey).then(resolve, reject)\n })\n }\n\n /**\n * the ability to import a key that have already been created elsewhere, for use within the web\n * application that is invoking the import function, for use within the importing web application's\n * origin. This necessiates an interoperable key format, such as JSON Web Key [JWK] which may be\n * represented as octets.\n *\n * https://chromium.googlesource.com/chromium/blink.git/+/6b902997e3ca0384c8fa6fe56f79ecd7589d3ca6/LayoutTests/crypto/resources/common.js\n *\n * @param format 'raw' or 'jwk'\n * @param aesKey\n * @returns {*}\n */\n importKey(format: 'jwk' | 'raw', aesKey: JsonWebKey | ArrayBuffer | Uint8Array): Promise<CryptoKey> {\n return new Promise((resolve: (value: CryptoKey) => any, reject: (reason: any) => any) => {\n const extractable = true\n const keyUsages: KeyUsage[] = ['decrypt', 'encrypt']\n return this.crypto.subtle\n .importKey(format as any, aesKey as any, this.aesKeyGenParams, extractable, keyUsages)\n .catch((err) => {\n if (format == 'raw' && (aesKey instanceof ArrayBuffer || ArrayBuffer.isView(aesKey))) {\n console.warn(`Import of key ${ua2hex(aesKey)} failed`)\n }\n throw err\n })\n .then(resolve, reject)\n })\n }\n}\n\nexport const AES = new AESUtils()\n"]}
|
|
@@ -0,0 +1,18 @@
|
|
|
1
|
+
import { ExchangeDataManager } from './ExchangeDataManager';
|
|
2
|
+
import { XHR } from '../../icc-api/api/XHR';
|
|
3
|
+
import { EntityWithDelegationTypeName } from '../utils/EntityWithDelegationTypeName';
|
|
4
|
+
export declare const ACCESS_CONTROL_KEYS_HEADER = "Icure-Access-Control-Keys";
|
|
5
|
+
/**
|
|
6
|
+
* @internal this class is intended for internal use only and may be changed without notice.
|
|
7
|
+
*/
|
|
8
|
+
export declare class AccessControlKeysHeadersProvider {
|
|
9
|
+
private readonly exchangeDataManager;
|
|
10
|
+
constructor(exchangeDataManager: ExchangeDataManager);
|
|
11
|
+
/**
|
|
12
|
+
* Add the access control keys headers to the provided initial headers, allowing access control on users with anonymous delegations.
|
|
13
|
+
* @param initialHeaders the initial headers
|
|
14
|
+
* @param entityType the type of entity which the user is attempting to retrieve.
|
|
15
|
+
*/
|
|
16
|
+
addAccessControlKeysHeaders(initialHeaders: XHR.Header[], entityType: EntityWithDelegationTypeName): Promise<XHR.Header[]>;
|
|
17
|
+
getAccessControlKeysHeaders(entityType: EntityWithDelegationTypeName): Promise<XHR.Header[]>;
|
|
18
|
+
}
|
|
@@ -0,0 +1,50 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
|
|
3
|
+
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
|
|
4
|
+
return new (P || (P = Promise))(function (resolve, reject) {
|
|
5
|
+
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
|
|
6
|
+
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
|
|
7
|
+
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
|
|
8
|
+
step((generator = generator.apply(thisArg, _arguments || [])).next());
|
|
9
|
+
});
|
|
10
|
+
};
|
|
11
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
12
|
+
exports.AccessControlKeysHeadersProvider = exports.ACCESS_CONTROL_KEYS_HEADER = void 0;
|
|
13
|
+
const XHR_1 = require("../../icc-api/api/XHR");
|
|
14
|
+
exports.ACCESS_CONTROL_KEYS_HEADER = 'Icure-Access-Control-Keys';
|
|
15
|
+
/**
|
|
16
|
+
* @internal this class is intended for internal use only and may be changed without notice.
|
|
17
|
+
*/
|
|
18
|
+
class AccessControlKeysHeadersProvider {
|
|
19
|
+
constructor(exchangeDataManager) {
|
|
20
|
+
this.exchangeDataManager = exchangeDataManager;
|
|
21
|
+
}
|
|
22
|
+
// This will be enough only as long as we don't use the entities sfks in the access control keys.
|
|
23
|
+
/**
|
|
24
|
+
* Add the access control keys headers to the provided initial headers, allowing access control on users with anonymous delegations.
|
|
25
|
+
* @param initialHeaders the initial headers
|
|
26
|
+
* @param entityType the type of entity which the user is attempting to retrieve.
|
|
27
|
+
*/
|
|
28
|
+
addAccessControlKeysHeaders(initialHeaders, entityType) {
|
|
29
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
30
|
+
const newHeaders = yield this.getAccessControlKeysHeaders(entityType);
|
|
31
|
+
if (newHeaders.length > 0)
|
|
32
|
+
return [...initialHeaders, ...newHeaders];
|
|
33
|
+
else
|
|
34
|
+
return initialHeaders;
|
|
35
|
+
});
|
|
36
|
+
}
|
|
37
|
+
getAccessControlKeysHeaders(entityType) {
|
|
38
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
39
|
+
const accessControlKeysValue = yield this.exchangeDataManager.getAccessControlKeysValue(entityType);
|
|
40
|
+
if (accessControlKeysValue) {
|
|
41
|
+
return [new XHR_1.XHR.Header(exports.ACCESS_CONTROL_KEYS_HEADER, accessControlKeysValue)];
|
|
42
|
+
}
|
|
43
|
+
else {
|
|
44
|
+
return [];
|
|
45
|
+
}
|
|
46
|
+
});
|
|
47
|
+
}
|
|
48
|
+
}
|
|
49
|
+
exports.AccessControlKeysHeadersProvider = AccessControlKeysHeadersProvider;
|
|
50
|
+
//# sourceMappingURL=AccessControlKeysHeadersProvider.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"AccessControlKeysHeadersProvider.js","sourceRoot":"","sources":["../../../icc-x-api/crypto/AccessControlKeysHeadersProvider.ts"],"names":[],"mappings":";;;;;;;;;;;;AACA,+CAA2C;AAG9B,QAAA,0BAA0B,GAAG,2BAA2B,CAAA;AAErE;;GAEG;AACH,MAAa,gCAAgC;IAC3C,YAA6B,mBAAwC;QAAxC,wBAAmB,GAAnB,mBAAmB,CAAqB;IAAG,CAAC;IAEzE,iGAAiG;IACjG;;;;OAIG;IACG,2BAA2B,CAAC,cAA4B,EAAE,UAAwC;;YACtG,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,2BAA2B,CAAC,UAAU,CAAC,CAAA;YACrE,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC;gBAAE,OAAO,CAAC,GAAG,cAAc,EAAE,GAAG,UAAU,CAAC,CAAA;;gBAC/D,OAAO,cAAc,CAAA;QAC5B,CAAC;KAAA;IAEK,2BAA2B,CAAC,UAAwC;;YACxE,MAAM,sBAAsB,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,yBAAyB,CAAC,UAAU,CAAC,CAAA;YACnG,IAAI,sBAAsB,EAAE;gBAC1B,OAAO,CAAC,IAAI,SAAG,CAAC,MAAM,CAAC,kCAA0B,EAAE,sBAAsB,CAAC,CAAC,CAAA;aAC5E;iBAAM;gBACL,OAAO,EAAE,CAAA;aACV;QACH,CAAC;KAAA;CACF;AAvBD,4EAuBC","sourcesContent":["import { ExchangeDataManager } from './ExchangeDataManager'\nimport { XHR } from '../../icc-api/api/XHR'\nimport { EntityWithDelegationTypeName } from '../utils/EntityWithDelegationTypeName'\n\nexport const ACCESS_CONTROL_KEYS_HEADER = 'Icure-Access-Control-Keys'\n\n/**\n * @internal this class is intended for internal use only and may be changed without notice.\n */\nexport class AccessControlKeysHeadersProvider {\n constructor(private readonly exchangeDataManager: ExchangeDataManager) {}\n\n // This will be enough only as long as we don't use the entities sfks in the access control keys.\n /**\n * Add the access control keys headers to the provided initial headers, allowing access control on users with anonymous delegations.\n * @param initialHeaders the initial headers\n * @param entityType the type of entity which the user is attempting to retrieve.\n */\n async addAccessControlKeysHeaders(initialHeaders: XHR.Header[], entityType: EntityWithDelegationTypeName): Promise<XHR.Header[]> {\n const newHeaders = await this.getAccessControlKeysHeaders(entityType)\n if (newHeaders.length > 0) return [...initialHeaders, ...newHeaders]\n else return initialHeaders\n }\n\n async getAccessControlKeysHeaders(entityType: EntityWithDelegationTypeName): Promise<XHR.Header[]> {\n const accessControlKeysValue = await this.exchangeDataManager.getAccessControlKeysValue(entityType)\n if (accessControlKeysValue) {\n return [new XHR.Header(ACCESS_CONTROL_KEYS_HEADER, accessControlKeysValue)]\n } else {\n return []\n }\n }\n}\n"]}
|
|
@@ -0,0 +1,43 @@
|
|
|
1
|
+
import { CryptoPrimitives } from './CryptoPrimitives';
|
|
2
|
+
import { EntityWithDelegationTypeName } from '../utils/EntityWithDelegationTypeName';
|
|
3
|
+
/**
|
|
4
|
+
* @internal this class is intended for internal use only and may be changed without notice.
|
|
5
|
+
*/
|
|
6
|
+
export declare class AccessControlSecretUtils {
|
|
7
|
+
private readonly primitives;
|
|
8
|
+
constructor(primitives: CryptoPrimitives);
|
|
9
|
+
/**
|
|
10
|
+
* Size of the access control keys returned by this class.
|
|
11
|
+
*/
|
|
12
|
+
get accessControlKeyLengthBytes(): number;
|
|
13
|
+
/**
|
|
14
|
+
* Get the access control key to use for entities of the provided type and using the provided secret foreign key. The combination of secret foreign
|
|
15
|
+
* keys and entity type ensures that unauthorised people will not be able to draw links between entities of different types of data or different
|
|
16
|
+
* confidentiality levels.
|
|
17
|
+
* These keys will be sent to the icure server for access control of data owners which require anonymous delegations.
|
|
18
|
+
* @param accessControlSecret an access control secret
|
|
19
|
+
* @param entityTypeName an entity type name
|
|
20
|
+
* @param secretForeignKey optionally a secret foreign key to include in the secret. "" and undefined are equivalent.
|
|
21
|
+
*/
|
|
22
|
+
accessControlKeyFor(accessControlSecret: string, entityTypeName: EntityWithDelegationTypeName, secretForeignKey: string | undefined): Promise<ArrayBuffer>;
|
|
23
|
+
/**
|
|
24
|
+
* Get the access control keys for proving access to an entity of provided type with the provided secret foreign keys.
|
|
25
|
+
*/
|
|
26
|
+
accessControlKeysFor(accessControlSecret: string, entityTypeName: EntityWithDelegationTypeName, secretForeignKeys: string[]): Promise<ArrayBuffer[]>;
|
|
27
|
+
/**
|
|
28
|
+
* Get value to use as key in secure delegations for entities of the provided type with the provided secret foreign key. The combination of secret
|
|
29
|
+
* foreign keys and entity type ensures that unauthorised people will not be able to draw links between entities of different types of data or
|
|
30
|
+
* different confidentiality levels.
|
|
31
|
+
* These keys will be used in the secure delegations map of security metadata.
|
|
32
|
+
* @param accessControlSecret an access control secret
|
|
33
|
+
* @param entityTypeName an entity type name
|
|
34
|
+
* @param secretForeignKey optionally a secret foreign key to include in the secret. "" and undefined are equivalent.
|
|
35
|
+
*/
|
|
36
|
+
secureDelegationKeyFor(accessControlSecret: string, entityTypeName: EntityWithDelegationTypeName, secretForeignKey: string | undefined): Promise<string>;
|
|
37
|
+
/**
|
|
38
|
+
* Get the secure delegations keys which can be used on an entity of provided type with the provided secret foreign keys.
|
|
39
|
+
*/
|
|
40
|
+
secureDelegationKeysFor(accessControlSecret: string, entityTypeName: EntityWithDelegationTypeName, secretForeignKeys: string[]): Promise<string[]>;
|
|
41
|
+
getEncodedAccessControlKeys(accessControlSecrets: string[], entityTypeName: EntityWithDelegationTypeName): Promise<string>;
|
|
42
|
+
private getKeys;
|
|
43
|
+
}
|
|
@@ -0,0 +1,97 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
|
|
3
|
+
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
|
|
4
|
+
return new (P || (P = Promise))(function (resolve, reject) {
|
|
5
|
+
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
|
|
6
|
+
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
|
|
7
|
+
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
|
|
8
|
+
step((generator = generator.apply(thisArg, _arguments || [])).next());
|
|
9
|
+
});
|
|
10
|
+
};
|
|
11
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
12
|
+
exports.AccessControlSecretUtils = void 0;
|
|
13
|
+
const utils_1 = require("../utils");
|
|
14
|
+
const ACCESS_CONTROL_KEY_LENGTH_BYTES = 16;
|
|
15
|
+
/**
|
|
16
|
+
* @internal this class is intended for internal use only and may be changed without notice.
|
|
17
|
+
*/
|
|
18
|
+
class AccessControlSecretUtils {
|
|
19
|
+
constructor(primitives) {
|
|
20
|
+
this.primitives = primitives;
|
|
21
|
+
}
|
|
22
|
+
/**
|
|
23
|
+
* Size of the access control keys returned by this class.
|
|
24
|
+
*/
|
|
25
|
+
get accessControlKeyLengthBytes() {
|
|
26
|
+
return ACCESS_CONTROL_KEY_LENGTH_BYTES;
|
|
27
|
+
}
|
|
28
|
+
/**
|
|
29
|
+
* Get the access control key to use for entities of the provided type and using the provided secret foreign key. The combination of secret foreign
|
|
30
|
+
* keys and entity type ensures that unauthorised people will not be able to draw links between entities of different types of data or different
|
|
31
|
+
* confidentiality levels.
|
|
32
|
+
* These keys will be sent to the icure server for access control of data owners which require anonymous delegations.
|
|
33
|
+
* @param accessControlSecret an access control secret
|
|
34
|
+
* @param entityTypeName an entity type name
|
|
35
|
+
* @param secretForeignKey optionally a secret foreign key to include in the secret. "" and undefined are equivalent.
|
|
36
|
+
*/
|
|
37
|
+
accessControlKeyFor(accessControlSecret, entityTypeName, secretForeignKey) {
|
|
38
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
39
|
+
// Usage of sfks in secure delegation key should be configurable: it is not necessary for all users and it has some performance impact
|
|
40
|
+
// Ignore secret foreign key for now
|
|
41
|
+
return (yield this.primitives.sha256((0, utils_1.utf8_2ua)(accessControlSecret + entityTypeName /* + (secretForeignKey ?? '')*/))).slice(0, ACCESS_CONTROL_KEY_LENGTH_BYTES);
|
|
42
|
+
});
|
|
43
|
+
}
|
|
44
|
+
/**
|
|
45
|
+
* Get the access control keys for proving access to an entity of provided type with the provided secret foreign keys.
|
|
46
|
+
*/
|
|
47
|
+
accessControlKeysFor(accessControlSecret, entityTypeName, secretForeignKeys) {
|
|
48
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
49
|
+
return yield this.getKeys(accessControlSecret, entityTypeName, secretForeignKeys, (a, b, c) => this.accessControlKeyFor(a, b, c));
|
|
50
|
+
});
|
|
51
|
+
}
|
|
52
|
+
/**
|
|
53
|
+
* Get value to use as key in secure delegations for entities of the provided type with the provided secret foreign key. The combination of secret
|
|
54
|
+
* foreign keys and entity type ensures that unauthorised people will not be able to draw links between entities of different types of data or
|
|
55
|
+
* different confidentiality levels.
|
|
56
|
+
* These keys will be used in the secure delegations map of security metadata.
|
|
57
|
+
* @param accessControlSecret an access control secret
|
|
58
|
+
* @param entityTypeName an entity type name
|
|
59
|
+
* @param secretForeignKey optionally a secret foreign key to include in the secret. "" and undefined are equivalent.
|
|
60
|
+
*/
|
|
61
|
+
secureDelegationKeyFor(accessControlSecret, entityTypeName, secretForeignKey) {
|
|
62
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
63
|
+
return (0, utils_1.ua2hex)(yield this.primitives.sha256(yield this.accessControlKeyFor(accessControlSecret, entityTypeName, secretForeignKey)));
|
|
64
|
+
});
|
|
65
|
+
}
|
|
66
|
+
/**
|
|
67
|
+
* Get the secure delegations keys which can be used on an entity of provided type with the provided secret foreign keys.
|
|
68
|
+
*/
|
|
69
|
+
secureDelegationKeysFor(accessControlSecret, entityTypeName, secretForeignKeys) {
|
|
70
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
71
|
+
return yield this.getKeys(accessControlSecret, entityTypeName, secretForeignKeys, (a, b, c) => this.secureDelegationKeyFor(a, b, c));
|
|
72
|
+
});
|
|
73
|
+
}
|
|
74
|
+
getEncodedAccessControlKeys(accessControlSecrets, entityTypeName) {
|
|
75
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
76
|
+
const fullBuffer = new Uint8Array(accessControlSecrets.length * this.accessControlKeyLengthBytes);
|
|
77
|
+
for (let i = 0; i < accessControlSecrets.length; i++) {
|
|
78
|
+
const accessControlSecret = accessControlSecrets[i];
|
|
79
|
+
const key = yield this.accessControlKeyFor(accessControlSecret, entityTypeName, undefined);
|
|
80
|
+
fullBuffer.set(new Uint8Array(key), i * this.accessControlKeyLengthBytes);
|
|
81
|
+
}
|
|
82
|
+
return (0, utils_1.ua2b64)(fullBuffer);
|
|
83
|
+
});
|
|
84
|
+
}
|
|
85
|
+
getKeys(accessControlSecret, entityTypeName, secretForeignKeys, getKey) {
|
|
86
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
87
|
+
// Usage of sfks in secure delegation key should be configurable: it is not necessary for all users and it has some performance impact
|
|
88
|
+
// if (!secretForeignKeys.length) {
|
|
89
|
+
return [yield getKey(accessControlSecret, entityTypeName, undefined)];
|
|
90
|
+
// } else {
|
|
91
|
+
// return await Promise.all(secretForeignKeys.map((sfk) => getKey(accessControlSecret, entityTypeName, sfk)))
|
|
92
|
+
// }
|
|
93
|
+
});
|
|
94
|
+
}
|
|
95
|
+
}
|
|
96
|
+
exports.AccessControlSecretUtils = AccessControlSecretUtils;
|
|
97
|
+
//# sourceMappingURL=AccessControlSecretUtils.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"AccessControlSecretUtils.js","sourceRoot":"","sources":["../../../icc-x-api/crypto/AccessControlSecretUtils.ts"],"names":[],"mappings":";;;;;;;;;;;;AAEA,oCAAmD;AAEnD,MAAM,+BAA+B,GAAG,EAAE,CAAA;AAE1C;;GAEG;AACH,MAAa,wBAAwB;IACnC,YAA6B,UAA4B;QAA5B,eAAU,GAAV,UAAU,CAAkB;IAAG,CAAC;IAE7D;;OAEG;IACH,IAAI,2BAA2B;QAC7B,OAAO,+BAA+B,CAAA;IACxC,CAAC;IAED;;;;;;;;OAQG;IACG,mBAAmB,CACvB,mBAA2B,EAC3B,cAA4C,EAC5C,gBAAoC;;YAEpC,sIAAsI;YACtI,oCAAoC;YACpC,OAAO,CAAC,MAAM,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,IAAA,gBAAQ,EAAC,mBAAmB,GAAG,cAAc,CAAC,+BAA+B,CAAC,CAAC,CAAC,CAAC,KAAK,CACzH,CAAC,EACD,+BAA+B,CAChC,CAAA;QACH,CAAC;KAAA;IAED;;OAEG;IACG,oBAAoB,CACxB,mBAA2B,EAC3B,cAA4C,EAC5C,iBAA2B;;YAE3B,OAAO,MAAM,IAAI,CAAC,OAAO,CAAC,mBAAmB,EAAE,cAAc,EAAE,iBAAiB,EAAE,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC,CAAA;QACnI,CAAC;KAAA;IAED;;;;;;;;OAQG;IACG,sBAAsB,CAC1B,mBAA2B,EAC3B,cAA4C,EAC5C,gBAAoC;;YAEpC,OAAO,IAAA,cAAM,EAAC,MAAM,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,MAAM,IAAI,CAAC,mBAAmB,CAAC,mBAAmB,EAAE,cAAc,EAAE,gBAAgB,CAAC,CAAC,CAAC,CAAA;QACpI,CAAC;KAAA;IAED;;OAEG;IACG,uBAAuB,CAC3B,mBAA2B,EAC3B,cAA4C,EAC5C,iBAA2B;;YAE3B,OAAO,MAAM,IAAI,CAAC,OAAO,CAAC,mBAAmB,EAAE,cAAc,EAAE,iBAAiB,EAAE,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC,CAAA;QACtI,CAAC;KAAA;IAEK,2BAA2B,CAAC,oBAA8B,EAAE,cAA4C;;YAC5G,MAAM,UAAU,GAAG,IAAI,UAAU,CAAC,oBAAoB,CAAC,MAAM,GAAG,IAAI,CAAC,2BAA2B,CAAC,CAAA;YACjG,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,oBAAoB,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE;gBACpD,MAAM,mBAAmB,GAAG,oBAAoB,CAAC,CAAC,CAAC,CAAA;gBACnD,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,mBAAmB,EAAE,cAAc,EAAE,SAAS,CAAC,CAAA;gBAC1F,UAAU,CAAC,GAAG,CAAC,IAAI,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,2BAA2B,CAAC,CAAA;aAC1E;YACD,OAAO,IAAA,cAAM,EAAC,UAAU,CAAC,CAAA;QAC3B,CAAC;KAAA;IAEa,OAAO,CACnB,mBAA2B,EAC3B,cAA4C,EAC5C,iBAA2B,EAC3B,MAAuI;;YAEvI,sIAAsI;YAEtI,mCAAmC;YACnC,OAAO,CAAC,MAAM,MAAM,CAAC,mBAAmB,EAAE,cAAc,EAAE,SAAS,CAAC,CAAC,CAAA;YACrE,WAAW;YACX,+GAA+G;YAC/G,IAAI;QACN,CAAC;KAAA;CACF;AA/FD,4DA+FC","sourcesContent":["import { CryptoPrimitives } from './CryptoPrimitives'\nimport { EntityWithDelegationTypeName } from '../utils/EntityWithDelegationTypeName'\nimport { ua2b64, ua2hex, utf8_2ua } from '../utils'\n\nconst ACCESS_CONTROL_KEY_LENGTH_BYTES = 16\n\n/**\n * @internal this class is intended for internal use only and may be changed without notice.\n */\nexport class AccessControlSecretUtils {\n constructor(private readonly primitives: CryptoPrimitives) {}\n\n /**\n * Size of the access control keys returned by this class.\n */\n get accessControlKeyLengthBytes(): number {\n return ACCESS_CONTROL_KEY_LENGTH_BYTES\n }\n\n /**\n * Get the access control key to use for entities of the provided type and using the provided secret foreign key. The combination of secret foreign\n * keys and entity type ensures that unauthorised people will not be able to draw links between entities of different types of data or different\n * confidentiality levels.\n * These keys will be sent to the icure server for access control of data owners which require anonymous delegations.\n * @param accessControlSecret an access control secret\n * @param entityTypeName an entity type name\n * @param secretForeignKey optionally a secret foreign key to include in the secret. \"\" and undefined are equivalent.\n */\n async accessControlKeyFor(\n accessControlSecret: string,\n entityTypeName: EntityWithDelegationTypeName,\n secretForeignKey: string | undefined\n ): Promise<ArrayBuffer> {\n // Usage of sfks in secure delegation key should be configurable: it is not necessary for all users and it has some performance impact\n // Ignore secret foreign key for now\n return (await this.primitives.sha256(utf8_2ua(accessControlSecret + entityTypeName /* + (secretForeignKey ?? '')*/))).slice(\n 0,\n ACCESS_CONTROL_KEY_LENGTH_BYTES\n )\n }\n\n /**\n * Get the access control keys for proving access to an entity of provided type with the provided secret foreign keys.\n */\n async accessControlKeysFor(\n accessControlSecret: string,\n entityTypeName: EntityWithDelegationTypeName,\n secretForeignKeys: string[]\n ): Promise<ArrayBuffer[]> {\n return await this.getKeys(accessControlSecret, entityTypeName, secretForeignKeys, (a, b, c) => this.accessControlKeyFor(a, b, c))\n }\n\n /**\n * Get value to use as key in secure delegations for entities of the provided type with the provided secret foreign key. The combination of secret\n * foreign keys and entity type ensures that unauthorised people will not be able to draw links between entities of different types of data or\n * different confidentiality levels.\n * These keys will be used in the secure delegations map of security metadata.\n * @param accessControlSecret an access control secret\n * @param entityTypeName an entity type name\n * @param secretForeignKey optionally a secret foreign key to include in the secret. \"\" and undefined are equivalent.\n */\n async secureDelegationKeyFor(\n accessControlSecret: string,\n entityTypeName: EntityWithDelegationTypeName,\n secretForeignKey: string | undefined\n ): Promise<string> {\n return ua2hex(await this.primitives.sha256(await this.accessControlKeyFor(accessControlSecret, entityTypeName, secretForeignKey)))\n }\n\n /**\n * Get the secure delegations keys which can be used on an entity of provided type with the provided secret foreign keys.\n */\n async secureDelegationKeysFor(\n accessControlSecret: string,\n entityTypeName: EntityWithDelegationTypeName,\n secretForeignKeys: string[]\n ): Promise<string[]> {\n return await this.getKeys(accessControlSecret, entityTypeName, secretForeignKeys, (a, b, c) => this.secureDelegationKeyFor(a, b, c))\n }\n\n async getEncodedAccessControlKeys(accessControlSecrets: string[], entityTypeName: EntityWithDelegationTypeName): Promise<string> {\n const fullBuffer = new Uint8Array(accessControlSecrets.length * this.accessControlKeyLengthBytes)\n for (let i = 0; i < accessControlSecrets.length; i++) {\n const accessControlSecret = accessControlSecrets[i]\n const key = await this.accessControlKeyFor(accessControlSecret, entityTypeName, undefined)\n fullBuffer.set(new Uint8Array(key), i * this.accessControlKeyLengthBytes)\n }\n return ua2b64(fullBuffer)\n }\n\n private async getKeys<T>(\n accessControlSecret: string,\n entityTypeName: EntityWithDelegationTypeName,\n secretForeignKeys: string[],\n getKey: (accessControlSecret: string, entityTypeName: EntityWithDelegationTypeName, secretForeignKey: string | undefined) => Promise<T>\n ): Promise<T[]> {\n // Usage of sfks in secure delegation key should be configurable: it is not necessary for all users and it has some performance impact\n\n // if (!secretForeignKeys.length) {\n return [await getKey(accessControlSecret, entityTypeName, undefined)]\n // } else {\n // return await Promise.all(secretForeignKeys.map((sfk) => getKey(accessControlSecret, entityTypeName, sfk)))\n // }\n }\n}\n"]}
|
|
@@ -0,0 +1,146 @@
|
|
|
1
|
+
import { IccDataOwnerXApi } from '../icc-data-owner-x-api';
|
|
2
|
+
import { KeyPair } from './RSA';
|
|
3
|
+
import { ExchangeData } from '../../icc-api/model/internal/ExchangeData';
|
|
4
|
+
import { IccExchangeDataApi } from '../../icc-api/api/IccExchangeDataApi';
|
|
5
|
+
import { CryptoPrimitives } from './CryptoPrimitives';
|
|
6
|
+
/**
|
|
7
|
+
* @internal this class is intended for internal use only and may be modified without notice
|
|
8
|
+
* Functions to create and get exchange data.
|
|
9
|
+
* The methods of this api require to pass the appropriate keys for encryption/decryption manually.
|
|
10
|
+
*/
|
|
11
|
+
export declare class BaseExchangeDataManager {
|
|
12
|
+
readonly api: IccExchangeDataApi;
|
|
13
|
+
private readonly dataOwnerApi;
|
|
14
|
+
private readonly primitives;
|
|
15
|
+
private readonly selfRequiresAnonymousDelegations;
|
|
16
|
+
constructor(api: IccExchangeDataApi, dataOwnerApi: IccDataOwnerXApi, primitives: CryptoPrimitives, selfRequiresAnonymousDelegations: boolean);
|
|
17
|
+
/**
|
|
18
|
+
* Get all the exchange data where the current data owner is the delegator or the delegate. However, some data owners, generally HCPs, may have a
|
|
19
|
+
* prohibitively high amount of exchange data. If the crypto strategies specify that the current data owner requires anonymous delegation this
|
|
20
|
+
* method returns all the exchange data found for the data owner, else the method returns undefined.
|
|
21
|
+
* @return all the exchange data for the current data owner or undefined if the crypto strategies don't allow to retrieve all data for the current
|
|
22
|
+
* data owner.
|
|
23
|
+
*/
|
|
24
|
+
getAllExchangeDataForCurrentDataOwnerIfAllowed(): Promise<ExchangeData[] | undefined>;
|
|
25
|
+
/**
|
|
26
|
+
* Get all exchange data for the provided delegator-delegate pair.
|
|
27
|
+
* @param delegatorId id of a delegator data owner.
|
|
28
|
+
* @param delegateId id of a delegate data owner.
|
|
29
|
+
* @return all exchange data for the provided delegator-delegate pair.
|
|
30
|
+
*/
|
|
31
|
+
getExchangeDataByDelegatorDelegatePair(delegatorId: string, delegateId: string): Promise<ExchangeData[]>;
|
|
32
|
+
/**
|
|
33
|
+
* Get the exchange data with the provided id.
|
|
34
|
+
* @param exchangeDataId id of the exchange data.
|
|
35
|
+
* @return the exchange data with the provided id or undefined if no exchange data with such id could be found.
|
|
36
|
+
*/
|
|
37
|
+
getExchangeDataById(exchangeDataId: string): Promise<ExchangeData | undefined>;
|
|
38
|
+
/**
|
|
39
|
+
* Filters exchange data returning only the instances that could be verified using their signature and the provided verification
|
|
40
|
+
* keys.
|
|
41
|
+
* Note that all exchange data created by data owners other than the current data owner (including members of his hierarchy)
|
|
42
|
+
* will always be unverified.
|
|
43
|
+
* @param exchangeData the exchange data to verify.
|
|
44
|
+
* @param getVerificationKey function to retrieve keys to use for verification by fingerprint.
|
|
45
|
+
* @return the exchange data which could be verified given his signature and the available verification keys.
|
|
46
|
+
* @throws if any of the provided exchange data has been created by a data owner other than the current data owner.
|
|
47
|
+
*/
|
|
48
|
+
filterVerifiedExchangeData(exchangeData: ExchangeData[], getVerificationKey: (publicKeyFingerprint: string) => Promise<CryptoKey | undefined>): Promise<ExchangeData[]>;
|
|
49
|
+
/**
|
|
50
|
+
* Verifies the authenticity of the exchange data by checking the signature.
|
|
51
|
+
* Note that all exchange data created by data owners other than the current data owner (including members of his hierarchy)
|
|
52
|
+
* will always be unverified.
|
|
53
|
+
* @param exchangeData the exchange data to verify.
|
|
54
|
+
* @param getVerificationKey function to retrieve keys to use for verification by fingerprint.
|
|
55
|
+
* @return the exchange data which could be verified given his signature and the available verification keys.
|
|
56
|
+
* @throws if any of the provided exchange data has been created by a data owner other than the current data owner.
|
|
57
|
+
*/
|
|
58
|
+
verifyExchangeData(exchangeData: ExchangeData, getVerificationKey: (publicKeyFingerprint: string) => Promise<CryptoKey | undefined>): Promise<boolean>;
|
|
59
|
+
/**
|
|
60
|
+
* Extracts and decrypts the access control secret from the provided exchange data.
|
|
61
|
+
* These need to be hashed together with the entity class and confidentiality level in order to get the actual access control key
|
|
62
|
+
* which will be sent to the server.
|
|
63
|
+
* @param exchangeData the exchange data from which to extract access control secrets.
|
|
64
|
+
* @param decryptionKeys rsa key pairs to use for decryption of the access control secret.
|
|
65
|
+
* @return an object composed of:
|
|
66
|
+
* - successfulDecryptions: array of all successfully decrypted access control keys
|
|
67
|
+
* - failedDecryptions: array containing all exchange data for which the access control key could not be decrypted (using the provided keys).
|
|
68
|
+
*/
|
|
69
|
+
tryDecryptAccessControlSecret(exchangeData: ExchangeData[], decryptionKeys: {
|
|
70
|
+
[publicKeyFingerprint: string]: KeyPair<CryptoKey>;
|
|
71
|
+
}): Promise<{
|
|
72
|
+
successfulDecryptions: string[];
|
|
73
|
+
failedDecryptions: ExchangeData[];
|
|
74
|
+
}>;
|
|
75
|
+
/**
|
|
76
|
+
* Extract and decrypts the exchange keys from the provided exchange data.
|
|
77
|
+
* @param exchangeData the exchange data from which to extract exchange keys.
|
|
78
|
+
* @param decryptionKeys rsa key pairs to use for the decryption of the exchange keys.
|
|
79
|
+
* @return an object composed of:
|
|
80
|
+
* - successfulDecryptions: array containing the successfully decrypted exchange keys.
|
|
81
|
+
* - failedDecryptions: array containing all exchange data for which the access control key could not be decrypted (using the provided keys).
|
|
82
|
+
*/
|
|
83
|
+
tryDecryptExchangeKeys(exchangeData: ExchangeData[], decryptionKeys: {
|
|
84
|
+
[publicKeyFingerprint: string]: KeyPair<CryptoKey>;
|
|
85
|
+
}): Promise<{
|
|
86
|
+
successfulDecryptions: CryptoKey[];
|
|
87
|
+
failedDecryptions: ExchangeData[];
|
|
88
|
+
}>;
|
|
89
|
+
private tryDecryptExchangeData;
|
|
90
|
+
private tryDecrypt;
|
|
91
|
+
/**
|
|
92
|
+
* Creates exchange data from the current data owner to the provided delegate, uploading the newly created exchange data to the cloud.
|
|
93
|
+
* This assumes that the keys have been verified.
|
|
94
|
+
* @param delegateId id of the delegate for the new exchange data.
|
|
95
|
+
* @param signatureKeys private keys to use for signing the created data.
|
|
96
|
+
* @param encryptionKeys public keys to use for the encryption of the exchange data (from delegator and delegate).
|
|
97
|
+
* @param optionalAttributes optional precalculated attributes for the creation of data
|
|
98
|
+
* @return the newly created exchange data, and its decrypted exchange key and access control secret.
|
|
99
|
+
*/
|
|
100
|
+
createExchangeData(delegateId: string, signatureKeys: {
|
|
101
|
+
[keyPairFingerprint: string]: CryptoKey;
|
|
102
|
+
}, encryptionKeys: {
|
|
103
|
+
[keyPairFingerprint: string]: CryptoKey;
|
|
104
|
+
}, optionalAttributes?: {
|
|
105
|
+
id?: string;
|
|
106
|
+
}): Promise<{
|
|
107
|
+
exchangeData: ExchangeData;
|
|
108
|
+
exchangeKey: CryptoKey;
|
|
109
|
+
accessControlSecret: string;
|
|
110
|
+
}>;
|
|
111
|
+
/**
|
|
112
|
+
* Updates existing exchange data and uploads it to the cloud in order to share it also with additional public keys, useful for example in cases
|
|
113
|
+
* where one of the data owners involved in the exchange data has lost one of his keys.
|
|
114
|
+
* If the content of the exchange data could not be decrypted using the provided keys the method will not update anything and will return undefined.
|
|
115
|
+
* This method assumes that the new encryption keys have been verified.
|
|
116
|
+
* If the current data owner is also the delegator of the provided exchange data and at least one of the verification keys can be used to
|
|
117
|
+
* validate the current exchange data then the signature will be updated using the signature keys.
|
|
118
|
+
* Instead, if the current data owner is not the delegator of the provided exchange data, or the exchange data could not be verified using
|
|
119
|
+
* the provided verification keys then the updated exchange data will become unverified, and won't ever be verifiable again.
|
|
120
|
+
* @param exchangeData exchange data to update.
|
|
121
|
+
* @param decryptionKeys keys to use to extract the content of the exchange data which will be shared with the new keys.
|
|
122
|
+
* @param signatureKeys keys to use for the new signature of the updated exchange data.
|
|
123
|
+
* @param newEncryptionKeys new keys to add to the exchange data.
|
|
124
|
+
* @param getVerificationKey function to retrieve keys to use for verification by fingerprint.
|
|
125
|
+
* @return the updated exchange data, and its decrypted exchange key and access control secret, or undefined if the exchange data content could not
|
|
126
|
+
* be decrypted and the exchange data could not be updated.
|
|
127
|
+
*/
|
|
128
|
+
tryUpdateExchangeData(exchangeData: ExchangeData, decryptionKeys: {
|
|
129
|
+
[publicKeyFingerprint: string]: KeyPair<CryptoKey>;
|
|
130
|
+
}, newEncryptionKeys: {
|
|
131
|
+
[keyPairFingerprint: string]: CryptoKey;
|
|
132
|
+
}, signatureKeys: {
|
|
133
|
+
[keyPairFingerprint: string]: CryptoKey;
|
|
134
|
+
}, getVerificationKey: (publicKeyFingerprint: string) => Promise<CryptoKey | undefined>): Promise<{
|
|
135
|
+
exchangeData: ExchangeData;
|
|
136
|
+
exchangeKey: CryptoKey;
|
|
137
|
+
accessControlSecret: string;
|
|
138
|
+
} | undefined>;
|
|
139
|
+
private bytesToSign;
|
|
140
|
+
private generateExchangeKey;
|
|
141
|
+
private importExchangeKey;
|
|
142
|
+
private generateAccessControlSecret;
|
|
143
|
+
private importAccessControlSecret;
|
|
144
|
+
private encryptDataWithKeys;
|
|
145
|
+
private signDataWithKeys;
|
|
146
|
+
}
|