@icure/api 7.1.16 → 8.0.0-RC.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/icc-api/api/IccAccesslogApi.d.ts +12 -1
- package/icc-api/api/IccAccesslogApi.js +142 -98
- package/icc-api/api/IccAccesslogApi.js.map +1 -1
- package/icc-api/api/IccBemikronoApi.d.ts +81 -0
- package/icc-api/api/IccBemikronoApi.js +163 -0
- package/icc-api/api/IccBemikronoApi.js.map +1 -0
- package/icc-api/api/IccCalendarItemApi.d.ts +21 -1
- package/icc-api/api/IccCalendarItemApi.js +183 -117
- package/icc-api/api/IccCalendarItemApi.js.map +1 -1
- package/icc-api/api/IccClassificationApi.d.ts +21 -1
- package/icc-api/api/IccClassificationApi.js +119 -63
- package/icc-api/api/IccClassificationApi.js.map +1 -1
- package/icc-api/api/IccContactApi.d.ts +21 -1
- package/icc-api/api/IccContactApi.js +385 -294
- package/icc-api/api/IccContactApi.js.map +1 -1
- package/icc-api/api/IccDocumentApi.d.ts +38 -25
- package/icc-api/api/IccDocumentApi.js +279 -212
- package/icc-api/api/IccDocumentApi.js.map +1 -1
- package/icc-api/api/IccExchangeDataApi.d.ts +19 -0
- package/icc-api/api/IccExchangeDataApi.js +85 -0
- package/icc-api/api/IccExchangeDataApi.js.map +1 -0
- package/icc-api/api/IccExchangeDataMapApi.d.ts +18 -0
- package/icc-api/api/IccExchangeDataMapApi.js +65 -0
- package/icc-api/api/IccExchangeDataMapApi.js.map +1 -0
- package/icc-api/api/IccFormApi.d.ts +21 -1
- package/icc-api/api/IccFormApi.js +321 -229
- package/icc-api/api/IccFormApi.js.map +1 -1
- package/icc-api/api/IccHelementApi.d.ts +21 -1
- package/icc-api/api/IccHelementApi.js +207 -137
- package/icc-api/api/IccHelementApi.js.map +1 -1
- package/icc-api/api/IccInvoiceApi.d.ts +21 -1
- package/icc-api/api/IccInvoiceApi.js +404 -298
- package/icc-api/api/IccInvoiceApi.js.map +1 -1
- package/icc-api/api/IccMaintenanceTaskApi.d.ts +12 -1
- package/icc-api/api/IccMaintenanceTaskApi.js +79 -43
- package/icc-api/api/IccMaintenanceTaskApi.js.map +1 -1
- package/icc-api/api/IccMessageApi.d.ts +28 -1
- package/icc-api/api/IccMessageApi.js +294 -191
- package/icc-api/api/IccMessageApi.js.map +1 -1
- package/icc-api/api/IccPatientApi.d.ts +12 -1
- package/icc-api/api/IccPatientApi.js +447 -351
- package/icc-api/api/IccPatientApi.js.map +1 -1
- package/icc-api/api/IccReceiptApi.d.ts +22 -8
- package/icc-api/api/IccReceiptApi.js +121 -64
- package/icc-api/api/IccReceiptApi.js.map +1 -1
- package/icc-api/api/IccRestApiPath.js +1 -1
- package/icc-api/api/IccRestApiPath.js.map +1 -1
- package/icc-api/api/IccSecureDelegationKeyMapApi.d.ts +26 -0
- package/icc-api/api/IccSecureDelegationKeyMapApi.js +71 -0
- package/icc-api/api/IccSecureDelegationKeyMapApi.js.map +1 -0
- package/icc-api/api/IccTimeTableApi.d.ts +12 -1
- package/icc-api/api/IccTimeTableApi.js +86 -48
- package/icc-api/api/IccTimeTableApi.js.map +1 -1
- package/icc-api/api/IccTopicApi.d.ts +90 -0
- package/icc-api/api/IccTopicApi.js +193 -0
- package/icc-api/api/IccTopicApi.js.map +1 -0
- package/icc-api/index.d.ts +2 -0
- package/icc-api/index.js +2 -0
- package/icc-api/index.js.map +1 -1
- package/icc-api/model/AbstractFilterMessage.d.ts +15 -0
- package/icc-api/model/AbstractFilterMessage.js +21 -0
- package/icc-api/model/AbstractFilterMessage.js.map +1 -0
- package/icc-api/model/AbstractFilterTopic.d.ts +15 -0
- package/icc-api/model/AbstractFilterTopic.js +21 -0
- package/icc-api/model/AbstractFilterTopic.js.map +1 -0
- package/icc-api/model/AccessLog.d.ts +2 -0
- package/icc-api/model/AccessLog.js.map +1 -1
- package/icc-api/model/Article.d.ts +2 -0
- package/icc-api/model/Article.js.map +1 -1
- package/icc-api/model/CalendarItem.d.ts +2 -0
- package/icc-api/model/CalendarItem.js.map +1 -1
- package/icc-api/model/Classification.d.ts +2 -0
- package/icc-api/model/Classification.js.map +1 -1
- package/icc-api/model/ClassificationTemplate.d.ts +2 -0
- package/icc-api/model/ClassificationTemplate.js.map +1 -1
- package/icc-api/model/Connection.d.ts +1 -1
- package/icc-api/model/Connection.js.map +1 -1
- package/icc-api/model/Contact.d.ts +2 -0
- package/icc-api/model/Contact.js.map +1 -1
- package/icc-api/model/Device.d.ts +4 -4
- package/icc-api/model/Device.js.map +1 -1
- package/icc-api/model/Document.d.ts +2 -0
- package/icc-api/model/Document.js.map +1 -1
- package/icc-api/model/ExchangeDataMapCreationBatch.d.ts +13 -0
- package/icc-api/model/ExchangeDataMapCreationBatch.js +10 -0
- package/icc-api/model/ExchangeDataMapCreationBatch.js.map +1 -0
- package/icc-api/model/FilterChainMessage.d.ts +19 -0
- package/icc-api/model/FilterChainMessage.js +11 -0
- package/icc-api/model/FilterChainMessage.js.map +1 -0
- package/icc-api/model/FilterChainTopic.d.ts +19 -0
- package/icc-api/model/FilterChainTopic.js +11 -0
- package/icc-api/model/FilterChainTopic.js.map +1 -0
- package/icc-api/model/Form.d.ts +2 -0
- package/icc-api/model/Form.js.map +1 -1
- package/icc-api/model/HealthElement.d.ts +2 -0
- package/icc-api/model/HealthElement.js.map +1 -1
- package/icc-api/model/HealthcareParty.d.ts +2 -2
- package/icc-api/model/HealthcareParty.js +13 -1
- package/icc-api/model/HealthcareParty.js.map +1 -1
- package/icc-api/model/IcureStub.d.ts +2 -0
- package/icc-api/model/IcureStub.js.map +1 -1
- package/icc-api/model/Invoice.d.ts +2 -0
- package/icc-api/model/Invoice.js.map +1 -1
- package/icc-api/model/MaintenanceTask.d.ts +13 -10
- package/icc-api/model/MaintenanceTask.js +13 -11
- package/icc-api/model/MaintenanceTask.js.map +1 -1
- package/icc-api/model/Message.d.ts +2 -0
- package/icc-api/model/Message.js.map +1 -1
- package/icc-api/model/PaginatedListExchangeData.d.ts +9 -0
- package/icc-api/model/PaginatedListExchangeData.js +10 -0
- package/icc-api/model/PaginatedListExchangeData.js.map +1 -0
- package/icc-api/model/PaginatedListTopic.d.ts +20 -0
- package/icc-api/model/PaginatedListTopic.js +10 -0
- package/icc-api/model/PaginatedListTopic.js.map +1 -0
- package/icc-api/model/Patient.d.ts +4 -2
- package/icc-api/model/Patient.js.map +1 -1
- package/icc-api/model/PatientByHcPartyGenderEducationProfession.d.ts +31 -0
- package/icc-api/model/PatientByHcPartyGenderEducationProfession.js +32 -0
- package/icc-api/model/PatientByHcPartyGenderEducationProfession.js.map +1 -0
- package/icc-api/model/Receipt.d.ts +2 -0
- package/icc-api/model/Receipt.js.map +1 -1
- package/icc-api/model/SecureDelegation.d.ts +52 -0
- package/icc-api/model/SecureDelegation.js +16 -0
- package/icc-api/model/SecureDelegation.js.map +1 -0
- package/icc-api/model/SecurityMetadata.d.ts +33 -0
- package/icc-api/model/SecurityMetadata.js +13 -0
- package/icc-api/model/SecurityMetadata.js.map +1 -0
- package/icc-api/model/Service.d.ts +2 -0
- package/icc-api/model/Service.js.map +1 -1
- package/icc-api/model/TimeTable.d.ts +2 -0
- package/icc-api/model/TimeTable.js.map +1 -1
- package/icc-api/model/Topic.d.ts +95 -0
- package/icc-api/model/Topic.js +16 -0
- package/icc-api/model/Topic.js.map +1 -0
- package/icc-api/model/internal/ExchangeData.d.ts +64 -0
- package/icc-api/model/internal/ExchangeData.js +15 -0
- package/icc-api/model/internal/ExchangeData.js.map +1 -0
- package/icc-api/model/internal/ExchangeDataMap.d.ts +24 -0
- package/icc-api/model/internal/ExchangeDataMap.js +13 -0
- package/icc-api/model/internal/ExchangeDataMap.js.map +1 -0
- package/icc-api/model/internal/SecureDelegationKeyMap.d.ts +14 -0
- package/icc-api/model/internal/SecureDelegationKeyMap.js +13 -0
- package/icc-api/model/internal/SecureDelegationKeyMap.js.map +1 -0
- package/icc-api/model/models.d.ts +26 -40
- package/icc-api/model/models.js +19 -37
- package/icc-api/model/models.js.map +1 -1
- package/icc-api/model/requests/EntityBulkShareResult.d.ts +28 -0
- package/icc-api/model/requests/EntityBulkShareResult.js +16 -0
- package/icc-api/model/requests/EntityBulkShareResult.js.map +1 -0
- package/icc-api/model/requests/EntityShareOrMetadataUpdateRequest.d.ts +10 -0
- package/icc-api/model/requests/EntityShareOrMetadataUpdateRequest.js +17 -0
- package/icc-api/model/requests/EntityShareOrMetadataUpdateRequest.js.map +1 -0
- package/icc-api/model/requests/EntityShareRequest.d.ts +110 -0
- package/icc-api/model/requests/EntityShareRequest.js +63 -0
- package/icc-api/model/requests/EntityShareRequest.js.map +1 -0
- package/icc-api/model/requests/EntitySharedMetadataUpdateRequest.d.ts +54 -0
- package/icc-api/model/requests/EntitySharedMetadataUpdateRequest.js +24 -0
- package/icc-api/model/requests/EntitySharedMetadataUpdateRequest.js.map +1 -0
- package/icc-api/model/requests/MinimalEntityBulkShareResult.d.ts +23 -0
- package/icc-api/model/requests/MinimalEntityBulkShareResult.js +13 -0
- package/icc-api/model/requests/MinimalEntityBulkShareResult.js.map +1 -0
- package/icc-api/model/requests/RejectedShareOrMetadataUpdateRequest.d.ts +21 -0
- package/icc-api/model/requests/RejectedShareOrMetadataUpdateRequest.js +14 -0
- package/icc-api/model/requests/RejectedShareOrMetadataUpdateRequest.js.map +1 -0
- package/icc-x-api/basexapi/EncryptedEntityXApi.d.ts +55 -6
- package/icc-x-api/basexapi/EncryptedEntityXApi.js.map +1 -1
- package/icc-x-api/crypto/AES.js +1 -1
- package/icc-x-api/crypto/AES.js.map +1 -1
- package/icc-x-api/crypto/AccessControlKeysHeadersProvider.d.ts +18 -0
- package/icc-x-api/crypto/AccessControlKeysHeadersProvider.js +50 -0
- package/icc-x-api/crypto/AccessControlKeysHeadersProvider.js.map +1 -0
- package/icc-x-api/crypto/AccessControlSecretUtils.d.ts +43 -0
- package/icc-x-api/crypto/AccessControlSecretUtils.js +97 -0
- package/icc-x-api/crypto/AccessControlSecretUtils.js.map +1 -0
- package/icc-x-api/crypto/BaseExchangeDataManager.d.ts +146 -0
- package/icc-x-api/crypto/BaseExchangeDataManager.js +342 -0
- package/icc-x-api/crypto/BaseExchangeDataManager.js.map +1 -0
- package/icc-x-api/crypto/BaseExchangeKeysManager.d.ts +0 -18
- package/icc-x-api/crypto/BaseExchangeKeysManager.js +11 -85
- package/icc-x-api/crypto/BaseExchangeKeysManager.js.map +1 -1
- package/icc-x-api/crypto/ConfidentialEntities.d.ts +26 -16
- package/icc-x-api/crypto/ConfidentialEntities.js +30 -17
- package/icc-x-api/crypto/ConfidentialEntities.js.map +1 -1
- package/icc-x-api/crypto/CryptoStrategies.d.ts +8 -1
- package/icc-x-api/crypto/CryptoStrategies.js.map +1 -1
- package/icc-x-api/crypto/DelegationsDeAnonymization.d.ts +44 -0
- package/icc-x-api/crypto/DelegationsDeAnonymization.js +235 -0
- package/icc-x-api/crypto/DelegationsDeAnonymization.js.map +1 -0
- package/icc-x-api/crypto/ExchangeDataManager.d.ts +97 -0
- package/icc-x-api/crypto/ExchangeDataManager.js +501 -0
- package/icc-x-api/crypto/ExchangeDataManager.js.map +1 -0
- package/icc-x-api/crypto/ExchangeDataMapManager.d.ts +32 -0
- package/icc-x-api/crypto/ExchangeDataMapManager.js +70 -0
- package/icc-x-api/crypto/ExchangeDataMapManager.js.map +1 -0
- package/icc-x-api/crypto/ExchangeKeysManager.d.ts +4 -16
- package/icc-x-api/crypto/ExchangeKeysManager.js +4 -62
- package/icc-x-api/crypto/ExchangeKeysManager.js.map +1 -1
- package/icc-x-api/crypto/ExtendedApisUtils.d.ts +326 -0
- package/icc-x-api/crypto/ExtendedApisUtils.js +3 -0
- package/icc-x-api/crypto/ExtendedApisUtils.js.map +1 -0
- package/icc-x-api/crypto/ExtendedApisUtilsImpl.d.ts +174 -0
- package/icc-x-api/crypto/ExtendedApisUtilsImpl.js +559 -0
- package/icc-x-api/crypto/ExtendedApisUtilsImpl.js.map +1 -0
- package/icc-x-api/crypto/KeyRecovery.d.ts +5 -2
- package/icc-x-api/crypto/KeyRecovery.js +59 -29
- package/icc-x-api/crypto/KeyRecovery.js.map +1 -1
- package/icc-x-api/crypto/LegacyCryptoStrategies.d.ts +7 -2
- package/icc-x-api/crypto/LegacyCryptoStrategies.js +8 -1
- package/icc-x-api/crypto/LegacyCryptoStrategies.js.map +1 -1
- package/icc-x-api/crypto/LegacyDelegationSecurityMetadataDecryptor.d.ts +33 -0
- package/icc-x-api/crypto/LegacyDelegationSecurityMetadataDecryptor.js +141 -0
- package/icc-x-api/crypto/LegacyDelegationSecurityMetadataDecryptor.js.map +1 -0
- package/icc-x-api/crypto/RSA.d.ts +34 -8
- package/icc-x-api/crypto/RSA.js +80 -13
- package/icc-x-api/crypto/RSA.js.map +1 -1
- package/icc-x-api/crypto/SecureDelegationsEncryption.d.ts +54 -0
- package/icc-x-api/crypto/SecureDelegationsEncryption.js +178 -0
- package/icc-x-api/crypto/SecureDelegationsEncryption.js.map +1 -0
- package/icc-x-api/crypto/SecureDelegationsManager.d.ts +66 -0
- package/icc-x-api/crypto/SecureDelegationsManager.js +261 -0
- package/icc-x-api/crypto/SecureDelegationsManager.js.map +1 -0
- package/icc-x-api/crypto/SecureDelegationsSecurityMetadataDecryptor.d.ts +46 -0
- package/icc-x-api/crypto/SecureDelegationsSecurityMetadataDecryptor.js +312 -0
- package/icc-x-api/crypto/SecureDelegationsSecurityMetadataDecryptor.js.map +1 -0
- package/icc-x-api/crypto/SecurityMetadataDecryptor.d.ts +97 -0
- package/icc-x-api/crypto/SecurityMetadataDecryptor.js +79 -0
- package/icc-x-api/crypto/SecurityMetadataDecryptor.js.map +1 -0
- package/icc-x-api/crypto/ShamirKeysManager.d.ts +5 -5
- package/icc-x-api/crypto/ShamirKeysManager.js +6 -9
- package/icc-x-api/crypto/ShamirKeysManager.js.map +1 -1
- package/icc-x-api/crypto/TransferKeysManager.d.ts +8 -6
- package/icc-x-api/crypto/TransferKeysManager.js +75 -52
- package/icc-x-api/crypto/TransferKeysManager.js.map +1 -1
- package/icc-x-api/crypto/{KeyManager.d.ts → UserEncryptionKeysManager.d.ts} +4 -6
- package/icc-x-api/crypto/{KeyManager.js → UserEncryptionKeysManager.js} +43 -23
- package/icc-x-api/crypto/UserEncryptionKeysManager.js.map +1 -0
- package/icc-x-api/crypto/UserSignatureKeysManager.d.ts +26 -0
- package/icc-x-api/crypto/UserSignatureKeysManager.js +74 -0
- package/icc-x-api/crypto/UserSignatureKeysManager.js.map +1 -0
- package/icc-x-api/crypto/utils.d.ts +61 -11
- package/icc-x-api/crypto/utils.js +113 -44
- package/icc-x-api/crypto/utils.js.map +1 -1
- package/icc-x-api/filters/LatestMessageByHcPartyTransportGuidFilter.d.ts +8 -0
- package/icc-x-api/filters/LatestMessageByHcPartyTransportGuidFilter.js +13 -0
- package/icc-x-api/filters/LatestMessageByHcPartyTransportGuidFilter.js.map +1 -0
- package/icc-x-api/filters/MessageByHcPartyFilter.d.ts +7 -0
- package/icc-x-api/filters/MessageByHcPartyFilter.js +13 -0
- package/icc-x-api/filters/MessageByHcPartyFilter.js.map +1 -0
- package/icc-x-api/filters/MessageByHcPartyTransportGuidFilter.d.ts +8 -0
- package/icc-x-api/filters/MessageByHcPartyTransportGuidFilter.js +13 -0
- package/icc-x-api/filters/MessageByHcPartyTransportGuidFilter.js.map +1 -0
- package/icc-x-api/filters/TopicByHcPartyFilter.d.ts +7 -0
- package/icc-x-api/filters/TopicByHcPartyFilter.js +13 -0
- package/icc-x-api/filters/TopicByHcPartyFilter.js.map +1 -0
- package/icc-x-api/filters/TopicByParticipantFilter.d.ts +7 -0
- package/icc-x-api/filters/TopicByParticipantFilter.js +13 -0
- package/icc-x-api/filters/TopicByParticipantFilter.js.map +1 -0
- package/icc-x-api/filters/filters.d.ts +5 -0
- package/icc-x-api/filters/filters.js +5 -0
- package/icc-x-api/filters/filters.js.map +1 -1
- package/icc-x-api/icc-accesslog-x-api.d.ts +49 -12
- package/icc-x-api/icc-accesslog-x-api.js +81 -44
- package/icc-x-api/icc-accesslog-x-api.js.map +1 -1
- package/icc-x-api/icc-calendar-item-x-api.d.ts +53 -15
- package/icc-x-api/icc-calendar-item-x-api.js +105 -51
- package/icc-x-api/icc-calendar-item-x-api.js.map +1 -1
- package/icc-x-api/icc-classification-x-api.d.ts +47 -10
- package/icc-x-api/icc-classification-x-api.js +62 -33
- package/icc-x-api/icc-classification-x-api.js.map +1 -1
- package/icc-x-api/icc-contact-x-api.d.ts +59 -33
- package/icc-x-api/icc-contact-x-api.js +101 -66
- package/icc-x-api/icc-contact-x-api.js.map +1 -1
- package/icc-x-api/icc-crypto-x-api.d.ts +33 -333
- package/icc-x-api/icc-crypto-x-api.js +47 -764
- package/icc-x-api/icc-crypto-x-api.js.map +1 -1
- package/icc-x-api/icc-data-owner-x-api.d.ts +20 -8
- package/icc-x-api/icc-data-owner-x-api.js +31 -10
- package/icc-x-api/icc-data-owner-x-api.js.map +1 -1
- package/icc-x-api/icc-document-x-api.d.ts +51 -12
- package/icc-x-api/icc-document-x-api.js +117 -66
- package/icc-x-api/icc-document-x-api.js.map +1 -1
- package/icc-x-api/icc-form-x-api.d.ts +48 -11
- package/icc-x-api/icc-form-x-api.js +71 -37
- package/icc-x-api/icc-form-x-api.js.map +1 -1
- package/icc-x-api/icc-hcparty-x-api.d.ts +2 -2
- package/icc-x-api/icc-hcparty-x-api.js +3 -3
- package/icc-x-api/icc-hcparty-x-api.js.map +1 -1
- package/icc-x-api/icc-helement-x-api.d.ts +59 -20
- package/icc-x-api/icc-helement-x-api.js +78 -43
- package/icc-x-api/icc-helement-x-api.js.map +1 -1
- package/icc-x-api/icc-icure-maintenance-x-api.d.ts +7 -2
- package/icc-x-api/icc-icure-maintenance-x-api.js +38 -27
- package/icc-x-api/icc-icure-maintenance-x-api.js.map +1 -1
- package/icc-x-api/icc-invoice-x-api.d.ts +53 -16
- package/icc-x-api/icc-invoice-x-api.js +69 -35
- package/icc-x-api/icc-invoice-x-api.js.map +1 -1
- package/icc-x-api/icc-maintenance-task-x-api.d.ts +56 -22
- package/icc-x-api/icc-maintenance-task-x-api.js +77 -36
- package/icc-x-api/icc-maintenance-task-x-api.js.map +1 -1
- package/icc-x-api/icc-message-x-api.d.ts +75 -19
- package/icc-x-api/icc-message-x-api.js +126 -37
- package/icc-x-api/icc-message-x-api.js.map +1 -1
- package/icc-x-api/icc-patient-x-api.d.ts +86 -29
- package/icc-x-api/icc-patient-x-api.js +318 -379
- package/icc-x-api/icc-patient-x-api.js.map +1 -1
- package/icc-x-api/icc-receipt-x-api.d.ts +47 -13
- package/icc-x-api/icc-receipt-x-api.js +72 -36
- package/icc-x-api/icc-receipt-x-api.js.map +1 -1
- package/icc-x-api/icc-time-table-x-api.d.ts +46 -13
- package/icc-x-api/icc-time-table-x-api.js +61 -27
- package/icc-x-api/icc-time-table-x-api.js.map +1 -1
- package/icc-x-api/icc-topic-x-api.d.ts +191 -0
- package/icc-x-api/icc-topic-x-api.js +307 -0
- package/icc-x-api/icc-topic-x-api.js.map +1 -0
- package/icc-x-api/icc-user-x-api.d.ts +2 -2
- package/icc-x-api/icc-user-x-api.js +3 -3
- package/icc-x-api/icc-user-x-api.js.map +1 -1
- package/icc-x-api/index.d.ts +18 -2
- package/icc-x-api/index.js +203 -156
- package/icc-x-api/index.js.map +1 -1
- package/icc-x-api/maintenance/KeyPairUpdateRequest.d.ts +1 -1
- package/icc-x-api/storage/DefaultStorageEntryKeysFactory.d.ts +2 -0
- package/icc-x-api/storage/DefaultStorageEntryKeysFactory.js +9 -2
- package/icc-x-api/storage/DefaultStorageEntryKeysFactory.js.map +1 -1
- package/icc-x-api/storage/IcureStorageFacade.d.ts +23 -2
- package/icc-x-api/storage/IcureStorageFacade.js +36 -2
- package/icc-x-api/storage/IcureStorageFacade.js.map +1 -1
- package/icc-x-api/storage/KeyStorageFacade.d.ts +12 -0
- package/icc-x-api/storage/KeyStorageFacade.js.map +1 -1
- package/icc-x-api/storage/KeyStorageImpl.d.ts +2 -0
- package/icc-x-api/storage/KeyStorageImpl.js +10 -0
- package/icc-x-api/storage/KeyStorageImpl.js.map +1 -1
- package/icc-x-api/storage/StorageEntryKeysFactory.d.ts +14 -1
- package/icc-x-api/storage/StorageEntryKeysFactory.js.map +1 -1
- package/icc-x-api/utils/EntityWithDelegationTypeName.d.ts +32 -0
- package/icc-x-api/utils/EntityWithDelegationTypeName.js +75 -0
- package/icc-x-api/utils/EntityWithDelegationTypeName.js.map +1 -0
- package/icc-x-api/utils/ShareResult.d.ts +74 -0
- package/icc-x-api/utils/ShareResult.js +61 -0
- package/icc-x-api/utils/ShareResult.js.map +1 -0
- package/icc-x-api/utils/binary-utils.d.ts +1 -0
- package/icc-x-api/utils/binary-utils.js +8 -1
- package/icc-x-api/utils/binary-utils.js.map +1 -1
- package/icc-x-api/utils/collection-utils.d.ts +5 -0
- package/icc-x-api/utils/collection-utils.js +26 -1
- package/icc-x-api/utils/collection-utils.js.map +1 -1
- package/icc-x-api/utils/crypto-utils.d.ts +4 -3
- package/icc-x-api/utils/crypto-utils.js +5 -4
- package/icc-x-api/utils/crypto-utils.js.map +1 -1
- package/icc-x-api/utils/lru-temporised-async-cache.d.ts +26 -3
- package/icc-x-api/utils/lru-temporised-async-cache.js +75 -15
- package/icc-x-api/utils/lru-temporised-async-cache.js.map +1 -1
- package/icc-x-api/utils/websocket.d.ts +14 -10
- package/icc-x-api/utils/websocket.js +26 -9
- package/icc-x-api/utils/websocket.js.map +1 -1
- package/index.d.ts +1 -1
- package/index.js +3 -1
- package/index.js.map +1 -1
- package/package.json +2 -3
- package/icc-x-api/crypto/EntitiesEncryption.d.ts +0 -275
- package/icc-x-api/crypto/EntitiesEncryption.js +0 -734
- package/icc-x-api/crypto/EntitiesEncryption.js.map +0 -1
- package/icc-x-api/crypto/KeyManager.js.map +0 -1
|
@@ -0,0 +1,342 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
|
|
3
|
+
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
|
|
4
|
+
return new (P || (P = Promise))(function (resolve, reject) {
|
|
5
|
+
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
|
|
6
|
+
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
|
|
7
|
+
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
|
|
8
|
+
step((generator = generator.apply(thisArg, _arguments || [])).next());
|
|
9
|
+
});
|
|
10
|
+
};
|
|
11
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
12
|
+
exports.BaseExchangeDataManager = void 0;
|
|
13
|
+
const ExchangeData_1 = require("../../icc-api/model/internal/ExchangeData");
|
|
14
|
+
const XHR_1 = require("../../icc-api/api/XHR");
|
|
15
|
+
var XHRError = XHR_1.XHR.XHRError;
|
|
16
|
+
const utils_1 = require("../utils");
|
|
17
|
+
const _ = require("lodash");
|
|
18
|
+
const utils_2 = require("./utils");
|
|
19
|
+
/**
|
|
20
|
+
* @internal this class is intended for internal use only and may be modified without notice
|
|
21
|
+
* Functions to create and get exchange data.
|
|
22
|
+
* The methods of this api require to pass the appropriate keys for encryption/decryption manually.
|
|
23
|
+
*/
|
|
24
|
+
class BaseExchangeDataManager {
|
|
25
|
+
constructor(api, dataOwnerApi, primitives, selfRequiresAnonymousDelegations) {
|
|
26
|
+
this.api = api;
|
|
27
|
+
this.dataOwnerApi = dataOwnerApi;
|
|
28
|
+
this.primitives = primitives;
|
|
29
|
+
this.selfRequiresAnonymousDelegations = selfRequiresAnonymousDelegations;
|
|
30
|
+
}
|
|
31
|
+
/**
|
|
32
|
+
* Get all the exchange data where the current data owner is the delegator or the delegate. However, some data owners, generally HCPs, may have a
|
|
33
|
+
* prohibitively high amount of exchange data. If the crypto strategies specify that the current data owner requires anonymous delegation this
|
|
34
|
+
* method returns all the exchange data found for the data owner, else the method returns undefined.
|
|
35
|
+
* @return all the exchange data for the current data owner or undefined if the crypto strategies don't allow to retrieve all data for the current
|
|
36
|
+
* data owner.
|
|
37
|
+
*/
|
|
38
|
+
getAllExchangeDataForCurrentDataOwnerIfAllowed() {
|
|
39
|
+
var _a, _b;
|
|
40
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
41
|
+
if (!this.selfRequiresAnonymousDelegations)
|
|
42
|
+
return undefined;
|
|
43
|
+
const dataOwnerId = yield this.dataOwnerApi.getCurrentDataOwnerId();
|
|
44
|
+
let latestResult = yield this.api.getExchangeDataByParticipant(dataOwnerId, undefined, 1000);
|
|
45
|
+
const allRetrieved = (_a = latestResult.rows) !== null && _a !== void 0 ? _a : [];
|
|
46
|
+
while ((_b = latestResult.nextKeyPair) === null || _b === void 0 ? void 0 : _b.startKeyDocId) {
|
|
47
|
+
latestResult = yield this.api.getExchangeDataByParticipant(dataOwnerId, latestResult.nextKeyPair.startKeyDocId, 1000);
|
|
48
|
+
if (latestResult.rows)
|
|
49
|
+
allRetrieved.push(...latestResult.rows);
|
|
50
|
+
}
|
|
51
|
+
return allRetrieved;
|
|
52
|
+
});
|
|
53
|
+
}
|
|
54
|
+
/**
|
|
55
|
+
* Get all exchange data for the provided delegator-delegate pair.
|
|
56
|
+
* @param delegatorId id of a delegator data owner.
|
|
57
|
+
* @param delegateId id of a delegate data owner.
|
|
58
|
+
* @return all exchange data for the provided delegator-delegate pair.
|
|
59
|
+
*/
|
|
60
|
+
getExchangeDataByDelegatorDelegatePair(delegatorId, delegateId) {
|
|
61
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
62
|
+
return yield this.api.getExchangeDataByDelegatorDelegate(delegatorId, delegateId);
|
|
63
|
+
});
|
|
64
|
+
}
|
|
65
|
+
/**
|
|
66
|
+
* Get the exchange data with the provided id.
|
|
67
|
+
* @param exchangeDataId id of the exchange data.
|
|
68
|
+
* @return the exchange data with the provided id or undefined if no exchange data with such id could be found.
|
|
69
|
+
*/
|
|
70
|
+
getExchangeDataById(exchangeDataId) {
|
|
71
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
72
|
+
return yield this.api.getExchangeDataById(exchangeDataId).catch((e) => {
|
|
73
|
+
if (e instanceof XHRError && e.statusCode === 404) {
|
|
74
|
+
return undefined;
|
|
75
|
+
}
|
|
76
|
+
else
|
|
77
|
+
throw e;
|
|
78
|
+
});
|
|
79
|
+
});
|
|
80
|
+
}
|
|
81
|
+
/**
|
|
82
|
+
* Filters exchange data returning only the instances that could be verified using their signature and the provided verification
|
|
83
|
+
* keys.
|
|
84
|
+
* Note that all exchange data created by data owners other than the current data owner (including members of his hierarchy)
|
|
85
|
+
* will always be unverified.
|
|
86
|
+
* @param exchangeData the exchange data to verify.
|
|
87
|
+
* @param getVerificationKey function to retrieve keys to use for verification by fingerprint.
|
|
88
|
+
* @return the exchange data which could be verified given his signature and the available verification keys.
|
|
89
|
+
* @throws if any of the provided exchange data has been created by a data owner other than the current data owner.
|
|
90
|
+
*/
|
|
91
|
+
filterVerifiedExchangeData(exchangeData, getVerificationKey) {
|
|
92
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
93
|
+
const verified = [];
|
|
94
|
+
for (const ed of exchangeData) {
|
|
95
|
+
if (yield this.verifyExchangeData(ed, (x) => getVerificationKey(x)))
|
|
96
|
+
verified.push(ed);
|
|
97
|
+
}
|
|
98
|
+
return verified;
|
|
99
|
+
});
|
|
100
|
+
}
|
|
101
|
+
/**
|
|
102
|
+
* Verifies the authenticity of the exchange data by checking the signature.
|
|
103
|
+
* Note that all exchange data created by data owners other than the current data owner (including members of his hierarchy)
|
|
104
|
+
* will always be unverified.
|
|
105
|
+
* @param exchangeData the exchange data to verify.
|
|
106
|
+
* @param getVerificationKey function to retrieve keys to use for verification by fingerprint.
|
|
107
|
+
* @return the exchange data which could be verified given his signature and the available verification keys.
|
|
108
|
+
* @throws if any of the provided exchange data has been created by a data owner other than the current data owner.
|
|
109
|
+
*/
|
|
110
|
+
verifyExchangeData(exchangeData, getVerificationKey) {
|
|
111
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
112
|
+
const dataOwnerId = yield this.dataOwnerApi.getCurrentDataOwnerId();
|
|
113
|
+
if (exchangeData.delegator !== dataOwnerId)
|
|
114
|
+
return false;
|
|
115
|
+
const signatureData = yield this.bytesToSign(exchangeData);
|
|
116
|
+
for (const [fp, signature] of Object.entries(exchangeData.signature)) {
|
|
117
|
+
const verificationKey = yield getVerificationKey(fp.slice(-32));
|
|
118
|
+
if (verificationKey && (yield this.primitives.RSA.verifySignature(verificationKey, (0, utils_1.b64_2ua)(signature), signatureData)))
|
|
119
|
+
return true;
|
|
120
|
+
}
|
|
121
|
+
return false;
|
|
122
|
+
});
|
|
123
|
+
}
|
|
124
|
+
/**
|
|
125
|
+
* Extracts and decrypts the access control secret from the provided exchange data.
|
|
126
|
+
* These need to be hashed together with the entity class and confidentiality level in order to get the actual access control key
|
|
127
|
+
* which will be sent to the server.
|
|
128
|
+
* @param exchangeData the exchange data from which to extract access control secrets.
|
|
129
|
+
* @param decryptionKeys rsa key pairs to use for decryption of the access control secret.
|
|
130
|
+
* @return an object composed of:
|
|
131
|
+
* - successfulDecryptions: array of all successfully decrypted access control keys
|
|
132
|
+
* - failedDecryptions: array containing all exchange data for which the access control key could not be decrypted (using the provided keys).
|
|
133
|
+
*/
|
|
134
|
+
tryDecryptAccessControlSecret(exchangeData, decryptionKeys) {
|
|
135
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
136
|
+
return yield this.tryDecryptExchangeData(exchangeData, decryptionKeys, (ed) => ed.accessControlSecret, (d) => this.importAccessControlSecret(new Uint8Array(d)));
|
|
137
|
+
});
|
|
138
|
+
}
|
|
139
|
+
/**
|
|
140
|
+
* Extract and decrypts the exchange keys from the provided exchange data.
|
|
141
|
+
* @param exchangeData the exchange data from which to extract exchange keys.
|
|
142
|
+
* @param decryptionKeys rsa key pairs to use for the decryption of the exchange keys.
|
|
143
|
+
* @return an object composed of:
|
|
144
|
+
* - successfulDecryptions: array containing the successfully decrypted exchange keys.
|
|
145
|
+
* - failedDecryptions: array containing all exchange data for which the access control key could not be decrypted (using the provided keys).
|
|
146
|
+
*/
|
|
147
|
+
tryDecryptExchangeKeys(exchangeData, decryptionKeys) {
|
|
148
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
149
|
+
return yield this.tryDecryptExchangeData(exchangeData, decryptionKeys, (ed) => ed.exchangeKey, (d) => this.importExchangeKey(new Uint8Array(d)));
|
|
150
|
+
});
|
|
151
|
+
}
|
|
152
|
+
tryDecryptExchangeData(exchangeData, decryptionKeys, encryptedDataSelector, unmarshalDecrypted) {
|
|
153
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
154
|
+
const successfulDecryptions = [];
|
|
155
|
+
const failedDecryptions = [];
|
|
156
|
+
for (const ed of exchangeData) {
|
|
157
|
+
try {
|
|
158
|
+
const decrypted = yield this.tryDecrypt(encryptedDataSelector(ed), decryptionKeys);
|
|
159
|
+
if (decrypted) {
|
|
160
|
+
successfulDecryptions.push(yield unmarshalDecrypted(decrypted));
|
|
161
|
+
}
|
|
162
|
+
else {
|
|
163
|
+
failedDecryptions.push(ed);
|
|
164
|
+
}
|
|
165
|
+
}
|
|
166
|
+
catch (e) {
|
|
167
|
+
failedDecryptions.push(ed);
|
|
168
|
+
}
|
|
169
|
+
}
|
|
170
|
+
return { successfulDecryptions, failedDecryptions };
|
|
171
|
+
});
|
|
172
|
+
}
|
|
173
|
+
tryDecrypt(encryptedData, decryptionKeys) {
|
|
174
|
+
var _a;
|
|
175
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
176
|
+
const decryptionKeysWithV2Fp = Object.keys(decryptionKeys).reduce((prev, fp) => {
|
|
177
|
+
return Object.assign(Object.assign({}, prev), { [(0, utils_2.fingerprintIsV1)(fp) ? (0, utils_2.fingerprintV1toV2)(fp) : fp]: decryptionKeys[fp] });
|
|
178
|
+
}, {});
|
|
179
|
+
for (const [fp, encrypted] of Object.entries(encryptedData)) {
|
|
180
|
+
try {
|
|
181
|
+
const key = (_a = decryptionKeysWithV2Fp[fp]) === null || _a === void 0 ? void 0 : _a.privateKey;
|
|
182
|
+
if (key)
|
|
183
|
+
return (0, utils_1.hex2ua)((0, utils_1.ua2utf8)(yield this.primitives.RSA.decrypt(key, (0, utils_1.b64_2ua)(encrypted))));
|
|
184
|
+
}
|
|
185
|
+
catch (e) {
|
|
186
|
+
// Try with another key
|
|
187
|
+
}
|
|
188
|
+
}
|
|
189
|
+
});
|
|
190
|
+
}
|
|
191
|
+
/**
|
|
192
|
+
* Creates exchange data from the current data owner to the provided delegate, uploading the newly created exchange data to the cloud.
|
|
193
|
+
* This assumes that the keys have been verified.
|
|
194
|
+
* @param delegateId id of the delegate for the new exchange data.
|
|
195
|
+
* @param signatureKeys private keys to use for signing the created data.
|
|
196
|
+
* @param encryptionKeys public keys to use for the encryption of the exchange data (from delegator and delegate).
|
|
197
|
+
* @param optionalAttributes optional precalculated attributes for the creation of data
|
|
198
|
+
* @return the newly created exchange data, and its decrypted exchange key and access control secret.
|
|
199
|
+
*/
|
|
200
|
+
createExchangeData(delegateId, signatureKeys, encryptionKeys, optionalAttributes = {}) {
|
|
201
|
+
var _a;
|
|
202
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
203
|
+
if (!Object.keys(signatureKeys).length || !Object.keys(encryptionKeys).length) {
|
|
204
|
+
throw new Error('Must specify at least one signature key and ');
|
|
205
|
+
}
|
|
206
|
+
const exchangeKey = yield this.generateExchangeKey();
|
|
207
|
+
const accessControlSecret = yield this.generateAccessControlSecret();
|
|
208
|
+
const encryptedExchangeKey = yield this.encryptDataWithKeys(exchangeKey.rawBytes, encryptionKeys);
|
|
209
|
+
const encryptedAccessControlSecret = yield this.encryptDataWithKeys(accessControlSecret.rawBytes, encryptionKeys);
|
|
210
|
+
const baseExchangeData = {
|
|
211
|
+
id: (_a = optionalAttributes.id) !== null && _a !== void 0 ? _a : this.primitives.randomUuid(),
|
|
212
|
+
delegator: yield this.dataOwnerApi.getCurrentDataOwnerId(),
|
|
213
|
+
delegate: delegateId,
|
|
214
|
+
exchangeKey: encryptedExchangeKey,
|
|
215
|
+
accessControlSecret: encryptedAccessControlSecret,
|
|
216
|
+
};
|
|
217
|
+
const signature = yield this.signDataWithKeys(yield this.bytesToSign(baseExchangeData), signatureKeys);
|
|
218
|
+
const exchangeData = new ExchangeData_1.ExchangeData(Object.assign(Object.assign({}, baseExchangeData), { signature }));
|
|
219
|
+
return {
|
|
220
|
+
exchangeData: yield this.api.createExchangeData(exchangeData),
|
|
221
|
+
exchangeKey: exchangeKey.key,
|
|
222
|
+
accessControlSecret: accessControlSecret.secret,
|
|
223
|
+
};
|
|
224
|
+
});
|
|
225
|
+
}
|
|
226
|
+
/**
|
|
227
|
+
* Updates existing exchange data and uploads it to the cloud in order to share it also with additional public keys, useful for example in cases
|
|
228
|
+
* where one of the data owners involved in the exchange data has lost one of his keys.
|
|
229
|
+
* If the content of the exchange data could not be decrypted using the provided keys the method will not update anything and will return undefined.
|
|
230
|
+
* This method assumes that the new encryption keys have been verified.
|
|
231
|
+
* If the current data owner is also the delegator of the provided exchange data and at least one of the verification keys can be used to
|
|
232
|
+
* validate the current exchange data then the signature will be updated using the signature keys.
|
|
233
|
+
* Instead, if the current data owner is not the delegator of the provided exchange data, or the exchange data could not be verified using
|
|
234
|
+
* the provided verification keys then the updated exchange data will become unverified, and won't ever be verifiable again.
|
|
235
|
+
* @param exchangeData exchange data to update.
|
|
236
|
+
* @param decryptionKeys keys to use to extract the content of the exchange data which will be shared with the new keys.
|
|
237
|
+
* @param signatureKeys keys to use for the new signature of the updated exchange data.
|
|
238
|
+
* @param newEncryptionKeys new keys to add to the exchange data.
|
|
239
|
+
* @param getVerificationKey function to retrieve keys to use for verification by fingerprint.
|
|
240
|
+
* @return the updated exchange data, and its decrypted exchange key and access control secret, or undefined if the exchange data content could not
|
|
241
|
+
* be decrypted and the exchange data could not be updated.
|
|
242
|
+
*/
|
|
243
|
+
tryUpdateExchangeData(exchangeData, decryptionKeys, newEncryptionKeys, signatureKeys, getVerificationKey) {
|
|
244
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
245
|
+
const dataOwnerId = yield this.dataOwnerApi.getCurrentDataOwnerId();
|
|
246
|
+
const rawExchangeKey = yield this.tryDecrypt(exchangeData.exchangeKey, decryptionKeys);
|
|
247
|
+
const rawAccessControlSecret = yield this.tryDecrypt(exchangeData.accessControlSecret, decryptionKeys);
|
|
248
|
+
if (!rawExchangeKey || !rawAccessControlSecret)
|
|
249
|
+
return undefined;
|
|
250
|
+
const exchangeKey = yield this.importExchangeKey(new Uint8Array(rawExchangeKey));
|
|
251
|
+
const accessControlSecret = yield this.importAccessControlSecret(new Uint8Array(rawAccessControlSecret));
|
|
252
|
+
const existingExchangeKeyEntries = new Set(Object.keys(exchangeData.exchangeKey));
|
|
253
|
+
const existingAcsEntries = new Set(Object.keys(exchangeData.accessControlSecret));
|
|
254
|
+
const missingEntries = Object.keys(newEncryptionKeys).filter((fp) => !existingAcsEntries.has(fp) || !existingExchangeKeyEntries.has(fp));
|
|
255
|
+
if (!missingEntries.length)
|
|
256
|
+
return { exchangeData, exchangeKey, accessControlSecret };
|
|
257
|
+
const encryptionKeysForMissingEntries = missingEntries.reduce((obj, fp) => {
|
|
258
|
+
obj[fp] = newEncryptionKeys[fp];
|
|
259
|
+
return obj;
|
|
260
|
+
}, {});
|
|
261
|
+
const isVerified = exchangeData.delegator == dataOwnerId && (yield this.verifyExchangeData(exchangeData, (fp) => getVerificationKey(fp)));
|
|
262
|
+
const updatedExchangeData = _.cloneDeep(exchangeData);
|
|
263
|
+
updatedExchangeData.exchangeKey = Object.assign(Object.assign({}, exchangeData.exchangeKey), (yield this.encryptDataWithKeys(rawExchangeKey, encryptionKeysForMissingEntries)));
|
|
264
|
+
updatedExchangeData.accessControlSecret = Object.assign(Object.assign({}, exchangeData.accessControlSecret), (yield this.encryptDataWithKeys(rawAccessControlSecret, encryptionKeysForMissingEntries)));
|
|
265
|
+
if (isVerified) {
|
|
266
|
+
const newDataToSign = yield this.bytesToSign(updatedExchangeData);
|
|
267
|
+
updatedExchangeData.signature = yield this.signDataWithKeys(newDataToSign, signatureKeys);
|
|
268
|
+
}
|
|
269
|
+
return { exchangeData: yield this.api.modifyExchangeData(new ExchangeData_1.ExchangeData(updatedExchangeData)), exchangeKey, accessControlSecret };
|
|
270
|
+
});
|
|
271
|
+
}
|
|
272
|
+
// Gets a byte representation of the parts of exchange data which should be included in the signature.
|
|
273
|
+
// Equivalent json representations of the exchange data should provide the same bytes (even if the order of entries
|
|
274
|
+
// is different).
|
|
275
|
+
bytesToSign(exchangeData) {
|
|
276
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
277
|
+
function sortObject(obj) {
|
|
278
|
+
return Object.keys(obj)
|
|
279
|
+
.sort()
|
|
280
|
+
.reduce((sorted, key) => {
|
|
281
|
+
return [...sorted, [key, obj[key]]];
|
|
282
|
+
}, []);
|
|
283
|
+
}
|
|
284
|
+
const signObject = [
|
|
285
|
+
['delegator', exchangeData.delegator],
|
|
286
|
+
['delegate', exchangeData.delegate],
|
|
287
|
+
['exchangeKey', sortObject(exchangeData.exchangeKey)],
|
|
288
|
+
['accessControlSecret', sortObject(exchangeData.accessControlSecret)],
|
|
289
|
+
];
|
|
290
|
+
const signJson = JSON.stringify(signObject);
|
|
291
|
+
return this.primitives.sha256((0, utils_1.utf8_2ua)(signJson));
|
|
292
|
+
});
|
|
293
|
+
}
|
|
294
|
+
// Generates a new exchange key
|
|
295
|
+
generateExchangeKey() {
|
|
296
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
297
|
+
const rawBytes = yield this.primitives.randomBytes(32);
|
|
298
|
+
return {
|
|
299
|
+
key: yield this.importExchangeKey(rawBytes),
|
|
300
|
+
rawBytes,
|
|
301
|
+
};
|
|
302
|
+
});
|
|
303
|
+
}
|
|
304
|
+
importExchangeKey(decryptedBytes) {
|
|
305
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
306
|
+
return yield this.primitives.AES.importKey('raw', decryptedBytes);
|
|
307
|
+
});
|
|
308
|
+
}
|
|
309
|
+
// Generates a new access control secret
|
|
310
|
+
generateAccessControlSecret() {
|
|
311
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
312
|
+
const rawBytes = yield this.primitives.randomBytes(16);
|
|
313
|
+
return {
|
|
314
|
+
secret: yield this.importAccessControlSecret(rawBytes),
|
|
315
|
+
rawBytes,
|
|
316
|
+
};
|
|
317
|
+
});
|
|
318
|
+
}
|
|
319
|
+
importAccessControlSecret(decryptedBytes) {
|
|
320
|
+
return Promise.resolve((0, utils_1.ua2hex)(decryptedBytes));
|
|
321
|
+
}
|
|
322
|
+
encryptDataWithKeys(rawData, keys) {
|
|
323
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
324
|
+
const res = {};
|
|
325
|
+
for (const [fp, key] of Object.entries(keys)) {
|
|
326
|
+
res[(0, utils_2.fingerprintIsV1)(fp) ? (0, utils_2.fingerprintV1toV2)(fp) : fp] = (0, utils_1.ua2b64)(yield this.primitives.RSA.encrypt(key, (0, utils_1.utf8_2ua)((0, utils_1.ua2hex)(rawData))));
|
|
327
|
+
}
|
|
328
|
+
return res;
|
|
329
|
+
});
|
|
330
|
+
}
|
|
331
|
+
signDataWithKeys(rawData, keys) {
|
|
332
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
333
|
+
const res = {};
|
|
334
|
+
for (const [fp, key] of Object.entries(keys)) {
|
|
335
|
+
res[fp] = (0, utils_1.ua2b64)(yield this.primitives.RSA.sign(key, new Uint8Array(rawData)));
|
|
336
|
+
}
|
|
337
|
+
return res;
|
|
338
|
+
});
|
|
339
|
+
}
|
|
340
|
+
}
|
|
341
|
+
exports.BaseExchangeDataManager = BaseExchangeDataManager;
|
|
342
|
+
//# sourceMappingURL=BaseExchangeDataManager.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"BaseExchangeDataManager.js","sourceRoot":"","sources":["../../../icc-x-api/crypto/BaseExchangeDataManager.ts"],"names":[],"mappings":";;;;;;;;;;;;AAEA,4EAAwE;AAExE,+CAA2C;AAC3C,IAAO,QAAQ,GAAG,SAAG,CAAC,QAAQ,CAAA;AAE9B,oCAA6E;AAC7E,4BAA2B;AAC3B,mCAA4D;AAE5D;;;;GAIG;AACH,MAAa,uBAAuB;IAClC,YACW,GAAuB,EACf,YAA8B,EAC9B,UAA4B,EAC5B,gCAAyC;QAHjD,QAAG,GAAH,GAAG,CAAoB;QACf,iBAAY,GAAZ,YAAY,CAAkB;QAC9B,eAAU,GAAV,UAAU,CAAkB;QAC5B,qCAAgC,GAAhC,gCAAgC,CAAS;IACzD,CAAC;IAEJ;;;;;;OAMG;IACG,8CAA8C;;;YAClD,IAAI,CAAC,IAAI,CAAC,gCAAgC;gBAAE,OAAO,SAAS,CAAA;YAC5D,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,qBAAqB,EAAE,CAAA;YACnE,IAAI,YAAY,GAAG,MAAM,IAAI,CAAC,GAAG,CAAC,4BAA4B,CAAC,WAAW,EAAE,SAAS,EAAE,IAAI,CAAC,CAAA;YAC5F,MAAM,YAAY,GAAG,MAAA,YAAY,CAAC,IAAI,mCAAI,EAAE,CAAA;YAC5C,OAAO,MAAA,YAAY,CAAC,WAAW,0CAAE,aAAa,EAAE;gBAC9C,YAAY,GAAG,MAAM,IAAI,CAAC,GAAG,CAAC,4BAA4B,CAAC,WAAW,EAAE,YAAY,CAAC,WAAW,CAAC,aAAa,EAAE,IAAI,CAAC,CAAA;gBACrH,IAAI,YAAY,CAAC,IAAI;oBAAE,YAAY,CAAC,IAAI,CAAC,GAAG,YAAY,CAAC,IAAI,CAAC,CAAA;aAC/D;YACD,OAAO,YAAY,CAAA;;KACpB;IAED;;;;;OAKG;IACG,sCAAsC,CAAC,WAAmB,EAAE,UAAkB;;YAClF,OAAO,MAAM,IAAI,CAAC,GAAG,CAAC,kCAAkC,CAAC,WAAW,EAAE,UAAU,CAAC,CAAA;QACnF,CAAC;KAAA;IAED;;;;OAIG;IACG,mBAAmB,CAAC,cAAsB;;YAC9C,OAAO,MAAM,IAAI,CAAC,GAAG,CAAC,mBAAmB,CAAC,cAAc,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE;gBACpE,IAAI,CAAC,YAAY,QAAQ,IAAI,CAAC,CAAC,UAAU,KAAK,GAAG,EAAE;oBACjD,OAAO,SAAS,CAAA;iBACjB;;oBAAM,MAAM,CAAC,CAAA;YAChB,CAAC,CAAC,CAAA;QACJ,CAAC;KAAA;IAED;;;;;;;;;OASG;IACG,0BAA0B,CAC9B,YAA4B,EAC5B,kBAAoF;;YAEpF,MAAM,QAAQ,GAAmB,EAAE,CAAA;YACnC,KAAK,MAAM,EAAE,IAAI,YAAY,EAAE;gBAC7B,IAAI,MAAM,IAAI,CAAC,kBAAkB,CAAC,EAAE,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,kBAAkB,CAAC,CAAC,CAAC,CAAC;oBAAE,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;aACvF;YACD,OAAO,QAAQ,CAAA;QACjB,CAAC;KAAA;IAED;;;;;;;;OAQG;IACG,kBAAkB,CACtB,YAA0B,EAC1B,kBAAoF;;YAEpF,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,qBAAqB,EAAE,CAAA;YACnE,IAAI,YAAY,CAAC,SAAS,KAAK,WAAW;gBAAE,OAAO,KAAK,CAAA;YACxD,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,YAAY,CAAC,CAAA;YAC1D,KAAK,MAAM,CAAC,EAAE,EAAE,SAAS,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,YAAY,CAAC,SAAS,CAAC,EAAE;gBACpE,MAAM,eAAe,GAAG,MAAM,kBAAkB,CAAC,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAA;gBAC/D,IAAI,eAAe,IAAI,CAAC,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,eAAe,CAAC,eAAe,EAAE,IAAA,eAAO,EAAC,SAAS,CAAC,EAAE,aAAa,CAAC,CAAC;oBAAE,OAAO,IAAI,CAAA;aACpI;YACD,OAAO,KAAK,CAAA;QACd,CAAC;KAAA;IAED;;;;;;;;;OASG;IACG,6BAA6B,CACjC,YAA4B,EAC5B,cAAsE;;YAKtE,OAAO,MAAM,IAAI,CAAC,sBAAsB,CACtC,YAAY,EACZ,cAAc,EACd,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,mBAAmB,EAC9B,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,yBAAyB,CAAC,IAAI,UAAU,CAAC,CAAC,CAAC,CAAC,CACzD,CAAA;QACH,CAAC;KAAA;IAED;;;;;;;OAOG;IACG,sBAAsB,CAC1B,YAA4B,EAC5B,cAAsE;;YAKtE,OAAO,MAAM,IAAI,CAAC,sBAAsB,CACtC,YAAY,EACZ,cAAc,EACd,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,WAAW,EACtB,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,iBAAiB,CAAC,IAAI,UAAU,CAAC,CAAC,CAAC,CAAC,CACjD,CAAA;QACH,CAAC;KAAA;IAEa,sBAAsB,CAClC,YAA4B,EAC5B,cAAsE,EACtE,qBAAuF,EACvF,kBAA0D;;YAK1D,MAAM,qBAAqB,GAAQ,EAAE,CAAA;YACrC,MAAM,iBAAiB,GAAmB,EAAE,CAAA;YAC5C,KAAK,MAAM,EAAE,IAAI,YAAY,EAAE;gBAC7B,IAAI;oBACF,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,qBAAqB,CAAC,EAAE,CAAC,EAAE,cAAc,CAAC,CAAA;oBAClF,IAAI,SAAS,EAAE;wBACb,qBAAqB,CAAC,IAAI,CAAC,MAAM,kBAAkB,CAAC,SAAS,CAAC,CAAC,CAAA;qBAChE;yBAAM;wBACL,iBAAiB,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;qBAC3B;iBACF;gBAAC,OAAO,CAAC,EAAE;oBACV,iBAAiB,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;iBAC3B;aACF;YACD,OAAO,EAAE,qBAAqB,EAAE,iBAAiB,EAAE,CAAA;QACrD,CAAC;KAAA;IAEa,UAAU,CACtB,aAAyD,EACzD,cAAwE;;;YAExE,MAAM,sBAAsB,GAAG,MAAM,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,EAAE,EAAE;gBAC7E,uCACK,IAAI,KACP,CAAC,IAAA,uBAAe,EAAC,EAAE,CAAC,CAAC,CAAC,CAAC,IAAA,yBAAiB,EAAC,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,cAAc,CAAC,EAAE,CAAC,IACvE;YACH,CAAC,EAAE,EAA4D,CAAC,CAAA;YAChE,KAAK,MAAM,CAAC,EAAE,EAAE,SAAS,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,aAAa,CAAC,EAAE;gBAC3D,IAAI;oBACF,MAAM,GAAG,GAAG,MAAA,sBAAsB,CAAC,EAAE,CAAC,0CAAE,UAAU,CAAA;oBAClD,IAAI,GAAG;wBAAE,OAAO,IAAA,cAAM,EAAC,IAAA,eAAO,EAAC,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,EAAE,IAAA,eAAO,EAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAA;iBAC5F;gBAAC,OAAO,CAAC,EAAE;oBACV,uBAAuB;iBACxB;aACF;;KACF;IAED;;;;;;;;OAQG;IACG,kBAAkB,CACtB,UAAkB,EAClB,aAA0D,EAC1D,cAA2D,EAC3D,qBAEI,EAAE;;;YAMN,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,MAAM,EAAE;gBAC7E,MAAM,IAAI,KAAK,CAAC,8CAA8C,CAAC,CAAA;aAChE;YACD,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,mBAAmB,EAAE,CAAA;YACpD,MAAM,mBAAmB,GAAG,MAAM,IAAI,CAAC,2BAA2B,EAAE,CAAA;YACpE,MAAM,oBAAoB,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,WAAW,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAA;YACjG,MAAM,4BAA4B,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,mBAAmB,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAA;YACjH,MAAM,gBAAgB,GAAG;gBACvB,EAAE,EAAE,MAAA,kBAAkB,CAAC,EAAE,mCAAI,IAAI,CAAC,UAAU,CAAC,UAAU,EAAE;gBACzD,SAAS,EAAE,MAAM,IAAI,CAAC,YAAY,CAAC,qBAAqB,EAAE;gBAC1D,QAAQ,EAAE,UAAU;gBACpB,WAAW,EAAE,oBAAoB;gBACjC,mBAAmB,EAAE,4BAA4B;aAClD,CAAA;YACD,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,MAAM,IAAI,CAAC,WAAW,CAAC,gBAAgB,CAAC,EAAE,aAAa,CAAC,CAAA;YACtG,MAAM,YAAY,GAAG,IAAI,2BAAY,iCAAM,gBAAgB,KAAE,SAAS,IAAG,CAAA;YACzE,OAAO;gBACL,YAAY,EAAE,MAAM,IAAI,CAAC,GAAG,CAAC,kBAAkB,CAAC,YAAY,CAAC;gBAC7D,WAAW,EAAE,WAAW,CAAC,GAAG;gBAC5B,mBAAmB,EAAE,mBAAmB,CAAC,MAAM;aAChD,CAAA;;KACF;IAED;;;;;;;;;;;;;;;;OAgBG;IACG,qBAAqB,CACzB,YAA0B,EAC1B,cAAsE,EACtE,iBAA8D,EAC9D,aAA0D,EAC1D,kBAAoF;;YASpF,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,qBAAqB,EAAE,CAAA;YACnE,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,YAAY,CAAC,WAAW,EAAE,cAAc,CAAC,CAAA;YACtF,MAAM,sBAAsB,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,YAAY,CAAC,mBAAmB,EAAE,cAAc,CAAC,CAAA;YACtG,IAAI,CAAC,cAAc,IAAI,CAAC,sBAAsB;gBAAE,OAAO,SAAS,CAAA;YAChE,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,IAAI,UAAU,CAAC,cAAc,CAAC,CAAC,CAAA;YAChF,MAAM,mBAAmB,GAAG,MAAM,IAAI,CAAC,yBAAyB,CAAC,IAAI,UAAU,CAAC,sBAAsB,CAAC,CAAC,CAAA;YACxG,MAAM,0BAA0B,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,WAAW,CAAC,CAAC,CAAA;YACjF,MAAM,kBAAkB,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,mBAAmB,CAAC,CAAC,CAAA;YACjF,MAAM,cAAc,GAAG,MAAM,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC,MAAM,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,kBAAkB,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,0BAA0B,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAA;YACxI,IAAI,CAAC,cAAc,CAAC,MAAM;gBAAE,OAAO,EAAE,YAAY,EAAE,WAAW,EAAE,mBAAmB,EAAE,CAAA;YACrF,MAAM,+BAA+B,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,EAAE,EAAE,EAAE;gBACxE,GAAG,CAAC,EAAE,CAAC,GAAG,iBAAiB,CAAC,EAAE,CAAC,CAAA;gBAC/B,OAAO,GAAG,CAAA;YACZ,CAAC,EAAE,EAAiD,CAAC,CAAA;YACrD,MAAM,UAAU,GAAG,YAAY,CAAC,SAAS,IAAI,WAAW,IAAI,CAAC,MAAM,IAAI,CAAC,kBAAkB,CAAC,YAAY,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,kBAAkB,CAAC,EAAE,CAAC,CAAC,CAAC,CAAA;YACzI,MAAM,mBAAmB,GAAG,CAAC,CAAC,SAAS,CAAC,YAAY,CAAC,CAAA;YACrD,mBAAmB,CAAC,WAAW,mCAC1B,YAAY,CAAC,WAAW,GACxB,CAAC,MAAM,IAAI,CAAC,mBAAmB,CAAC,cAAc,EAAE,+BAA+B,CAAC,CAAC,CACrF,CAAA;YACD,mBAAmB,CAAC,mBAAmB,mCAClC,YAAY,CAAC,mBAAmB,GAChC,CAAC,MAAM,IAAI,CAAC,mBAAmB,CAAC,sBAAsB,EAAE,+BAA+B,CAAC,CAAC,CAC7F,CAAA;YACD,IAAI,UAAU,EAAE;gBACd,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,mBAAmB,CAAC,CAAA;gBACjE,mBAAmB,CAAC,SAAS,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,aAAa,EAAE,aAAa,CAAC,CAAA;aAC1F;YACD,OAAO,EAAE,YAAY,EAAE,MAAM,IAAI,CAAC,GAAG,CAAC,kBAAkB,CAAC,IAAI,2BAAY,CAAC,mBAAmB,CAAC,CAAC,EAAE,WAAW,EAAE,mBAAmB,EAAE,CAAA;QACrI,CAAC;KAAA;IAED,sGAAsG;IACtG,mHAAmH;IACnH,iBAAiB;IACH,WAAW,CAAC,YAKzB;;YACC,SAAS,UAAU,CAAC,GAA4B;gBAC9C,OAAO,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC;qBACpB,IAAI,EAAE;qBACN,MAAM,CAAC,CAAC,MAAM,EAAE,GAAG,EAAE,EAAE;oBACtB,OAAO,CAAC,GAAG,MAAM,EAAE,CAAC,GAAG,EAAE,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,CAAA;gBACrC,CAAC,EAAE,EAAwB,CAAC,CAAA;YAChC,CAAC;YACD,MAAM,UAAU,GAAG;gBACjB,CAAC,WAAW,EAAE,YAAY,CAAC,SAAS,CAAC;gBACrC,CAAC,UAAU,EAAE,YAAY,CAAC,QAAQ,CAAC;gBACnC,CAAC,aAAa,EAAE,UAAU,CAAC,YAAY,CAAC,WAAW,CAAC,CAAC;gBACrD,CAAC,qBAAqB,EAAE,UAAU,CAAC,YAAY,CAAC,mBAAmB,CAAC,CAAC;aACtE,CAAA;YACD,MAAM,QAAQ,GAAG,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,CAAA;YAC3C,OAAO,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,IAAA,gBAAQ,EAAC,QAAQ,CAAC,CAAC,CAAA;QACnD,CAAC;KAAA;IAED,+BAA+B;IACjB,mBAAmB;;YAI/B,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC,CAAA;YACtD,OAAO;gBACL,GAAG,EAAE,MAAM,IAAI,CAAC,iBAAiB,CAAC,QAAQ,CAAC;gBAC3C,QAAQ;aACT,CAAA;QACH,CAAC;KAAA;IAEa,iBAAiB,CAAC,cAA2B;;YACzD,OAAO,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,SAAS,CAAC,KAAK,EAAE,cAAc,CAAC,CAAA;QACnE,CAAC;KAAA;IAED,wCAAwC;IAC1B,2BAA2B;;YAIvC,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC,CAAA;YACtD,OAAO;gBACL,MAAM,EAAE,MAAM,IAAI,CAAC,yBAAyB,CAAC,QAAQ,CAAC;gBACtD,QAAQ;aACT,CAAA;QACH,CAAC;KAAA;IAEO,yBAAyB,CAAC,cAA2B;QAC3D,OAAO,OAAO,CAAC,OAAO,CAAC,IAAA,cAAM,EAAC,cAAc,CAAC,CAAC,CAAA;IAChD,CAAC;IAEa,mBAAmB,CAC/B,OAAoB,EACpB,IAAmD;;YAEnD,MAAM,GAAG,GAA+C,EAAE,CAAA;YAC1D,KAAK,MAAM,CAAC,EAAE,EAAE,GAAG,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE;gBAC5C,GAAG,CAAC,IAAA,uBAAe,EAAC,EAAE,CAAC,CAAC,CAAC,CAAC,IAAA,yBAAiB,EAAC,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,GAAG,IAAA,cAAM,EAAC,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,EAAE,IAAA,gBAAQ,EAAC,IAAA,cAAM,EAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAA;aAClI;YACD,OAAO,GAAG,CAAA;QACZ,CAAC;KAAA;IAEa,gBAAgB,CAC5B,OAAoB,EACpB,IAAiD;;YAEjD,MAAM,GAAG,GAA6C,EAAE,CAAA;YACxD,KAAK,MAAM,CAAC,EAAE,EAAE,GAAG,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE;gBAC5C,GAAG,CAAC,EAAE,CAAC,GAAG,IAAA,cAAM,EAAC,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,EAAE,IAAI,UAAU,CAAC,OAAO,CAAC,CAAC,CAAC,CAAA;aAC/E;YACD,OAAO,GAAG,CAAA;QACZ,CAAC;KAAA;CACF;AArXD,0DAqXC","sourcesContent":["import { IccDataOwnerXApi } from '../icc-data-owner-x-api'\nimport { KeyPair } from './RSA'\nimport { ExchangeData } from '../../icc-api/model/internal/ExchangeData'\nimport { IccExchangeDataApi } from '../../icc-api/api/IccExchangeDataApi'\nimport { XHR } from '../../icc-api/api/XHR'\nimport XHRError = XHR.XHRError\nimport { CryptoPrimitives } from './CryptoPrimitives'\nimport { b64_2ua, hex2ua, ua2b64, ua2hex, ua2utf8, utf8_2ua } from '../utils'\nimport * as _ from 'lodash'\nimport { fingerprintV1toV2, fingerprintIsV1 } from './utils'\n\n/**\n * @internal this class is intended for internal use only and may be modified without notice\n * Functions to create and get exchange data.\n * The methods of this api require to pass the appropriate keys for encryption/decryption manually.\n */\nexport class BaseExchangeDataManager {\n constructor(\n readonly api: IccExchangeDataApi,\n private readonly dataOwnerApi: IccDataOwnerXApi,\n private readonly primitives: CryptoPrimitives,\n private readonly selfRequiresAnonymousDelegations: boolean\n ) {}\n\n /**\n * Get all the exchange data where the current data owner is the delegator or the delegate. However, some data owners, generally HCPs, may have a\n * prohibitively high amount of exchange data. If the crypto strategies specify that the current data owner requires anonymous delegation this\n * method returns all the exchange data found for the data owner, else the method returns undefined.\n * @return all the exchange data for the current data owner or undefined if the crypto strategies don't allow to retrieve all data for the current\n * data owner.\n */\n async getAllExchangeDataForCurrentDataOwnerIfAllowed(): Promise<ExchangeData[] | undefined> {\n if (!this.selfRequiresAnonymousDelegations) return undefined\n const dataOwnerId = await this.dataOwnerApi.getCurrentDataOwnerId()\n let latestResult = await this.api.getExchangeDataByParticipant(dataOwnerId, undefined, 1000)\n const allRetrieved = latestResult.rows ?? []\n while (latestResult.nextKeyPair?.startKeyDocId) {\n latestResult = await this.api.getExchangeDataByParticipant(dataOwnerId, latestResult.nextKeyPair.startKeyDocId, 1000)\n if (latestResult.rows) allRetrieved.push(...latestResult.rows)\n }\n return allRetrieved\n }\n\n /**\n * Get all exchange data for the provided delegator-delegate pair.\n * @param delegatorId id of a delegator data owner.\n * @param delegateId id of a delegate data owner.\n * @return all exchange data for the provided delegator-delegate pair.\n */\n async getExchangeDataByDelegatorDelegatePair(delegatorId: string, delegateId: string): Promise<ExchangeData[]> {\n return await this.api.getExchangeDataByDelegatorDelegate(delegatorId, delegateId)\n }\n\n /**\n * Get the exchange data with the provided id.\n * @param exchangeDataId id of the exchange data.\n * @return the exchange data with the provided id or undefined if no exchange data with such id could be found.\n */\n async getExchangeDataById(exchangeDataId: string): Promise<ExchangeData | undefined> {\n return await this.api.getExchangeDataById(exchangeDataId).catch((e) => {\n if (e instanceof XHRError && e.statusCode === 404) {\n return undefined\n } else throw e\n })\n }\n\n /**\n * Filters exchange data returning only the instances that could be verified using their signature and the provided verification\n * keys.\n * Note that all exchange data created by data owners other than the current data owner (including members of his hierarchy)\n * will always be unverified.\n * @param exchangeData the exchange data to verify.\n * @param getVerificationKey function to retrieve keys to use for verification by fingerprint.\n * @return the exchange data which could be verified given his signature and the available verification keys.\n * @throws if any of the provided exchange data has been created by a data owner other than the current data owner.\n */\n async filterVerifiedExchangeData(\n exchangeData: ExchangeData[],\n getVerificationKey: (publicKeyFingerprint: string) => Promise<CryptoKey | undefined>\n ): Promise<ExchangeData[]> {\n const verified: ExchangeData[] = []\n for (const ed of exchangeData) {\n if (await this.verifyExchangeData(ed, (x) => getVerificationKey(x))) verified.push(ed)\n }\n return verified\n }\n\n /**\n * Verifies the authenticity of the exchange data by checking the signature.\n * Note that all exchange data created by data owners other than the current data owner (including members of his hierarchy)\n * will always be unverified.\n * @param exchangeData the exchange data to verify.\n * @param getVerificationKey function to retrieve keys to use for verification by fingerprint.\n * @return the exchange data which could be verified given his signature and the available verification keys.\n * @throws if any of the provided exchange data has been created by a data owner other than the current data owner.\n */\n async verifyExchangeData(\n exchangeData: ExchangeData,\n getVerificationKey: (publicKeyFingerprint: string) => Promise<CryptoKey | undefined>\n ): Promise<boolean> {\n const dataOwnerId = await this.dataOwnerApi.getCurrentDataOwnerId()\n if (exchangeData.delegator !== dataOwnerId) return false\n const signatureData = await this.bytesToSign(exchangeData)\n for (const [fp, signature] of Object.entries(exchangeData.signature)) {\n const verificationKey = await getVerificationKey(fp.slice(-32))\n if (verificationKey && (await this.primitives.RSA.verifySignature(verificationKey, b64_2ua(signature), signatureData))) return true\n }\n return false\n }\n\n /**\n * Extracts and decrypts the access control secret from the provided exchange data.\n * These need to be hashed together with the entity class and confidentiality level in order to get the actual access control key\n * which will be sent to the server.\n * @param exchangeData the exchange data from which to extract access control secrets.\n * @param decryptionKeys rsa key pairs to use for decryption of the access control secret.\n * @return an object composed of:\n * - successfulDecryptions: array of all successfully decrypted access control keys\n * - failedDecryptions: array containing all exchange data for which the access control key could not be decrypted (using the provided keys).\n */\n async tryDecryptAccessControlSecret(\n exchangeData: ExchangeData[],\n decryptionKeys: { [publicKeyFingerprint: string]: KeyPair<CryptoKey> }\n ): Promise<{\n successfulDecryptions: string[]\n failedDecryptions: ExchangeData[]\n }> {\n return await this.tryDecryptExchangeData(\n exchangeData,\n decryptionKeys,\n (ed) => ed.accessControlSecret,\n (d) => this.importAccessControlSecret(new Uint8Array(d))\n )\n }\n\n /**\n * Extract and decrypts the exchange keys from the provided exchange data.\n * @param exchangeData the exchange data from which to extract exchange keys.\n * @param decryptionKeys rsa key pairs to use for the decryption of the exchange keys.\n * @return an object composed of:\n * - successfulDecryptions: array containing the successfully decrypted exchange keys.\n * - failedDecryptions: array containing all exchange data for which the access control key could not be decrypted (using the provided keys).\n */\n async tryDecryptExchangeKeys(\n exchangeData: ExchangeData[],\n decryptionKeys: { [publicKeyFingerprint: string]: KeyPair<CryptoKey> }\n ): Promise<{\n successfulDecryptions: CryptoKey[]\n failedDecryptions: ExchangeData[]\n }> {\n return await this.tryDecryptExchangeData(\n exchangeData,\n decryptionKeys,\n (ed) => ed.exchangeKey,\n (d) => this.importExchangeKey(new Uint8Array(d))\n )\n }\n\n private async tryDecryptExchangeData<T>(\n exchangeData: ExchangeData[],\n decryptionKeys: { [publicKeyFingerprint: string]: KeyPair<CryptoKey> },\n encryptedDataSelector: (data: ExchangeData) => { [keyPairFingerprint: string]: string },\n unmarshalDecrypted: (decrypted: ArrayBuffer) => Promise<T>\n ): Promise<{\n successfulDecryptions: T[]\n failedDecryptions: ExchangeData[]\n }> {\n const successfulDecryptions: T[] = []\n const failedDecryptions: ExchangeData[] = []\n for (const ed of exchangeData) {\n try {\n const decrypted = await this.tryDecrypt(encryptedDataSelector(ed), decryptionKeys)\n if (decrypted) {\n successfulDecryptions.push(await unmarshalDecrypted(decrypted))\n } else {\n failedDecryptions.push(ed)\n }\n } catch (e) {\n failedDecryptions.push(ed)\n }\n }\n return { successfulDecryptions, failedDecryptions }\n }\n\n private async tryDecrypt(\n encryptedData: { [keyPairFingerprintV2: string]: string },\n decryptionKeys: { [publicKeyFingerprintV1: string]: KeyPair<CryptoKey> }\n ): Promise<ArrayBuffer | undefined> {\n const decryptionKeysWithV2Fp = Object.keys(decryptionKeys).reduce((prev, fp) => {\n return {\n ...prev,\n [fingerprintIsV1(fp) ? fingerprintV1toV2(fp) : fp]: decryptionKeys[fp],\n }\n }, {} as { [publicKeyFingerprint: string]: KeyPair<CryptoKey> })\n for (const [fp, encrypted] of Object.entries(encryptedData)) {\n try {\n const key = decryptionKeysWithV2Fp[fp]?.privateKey\n if (key) return hex2ua(ua2utf8(await this.primitives.RSA.decrypt(key, b64_2ua(encrypted))))\n } catch (e) {\n // Try with another key\n }\n }\n }\n\n /**\n * Creates exchange data from the current data owner to the provided delegate, uploading the newly created exchange data to the cloud.\n * This assumes that the keys have been verified.\n * @param delegateId id of the delegate for the new exchange data.\n * @param signatureKeys private keys to use for signing the created data.\n * @param encryptionKeys public keys to use for the encryption of the exchange data (from delegator and delegate).\n * @param optionalAttributes optional precalculated attributes for the creation of data\n * @return the newly created exchange data, and its decrypted exchange key and access control secret.\n */\n async createExchangeData(\n delegateId: string,\n signatureKeys: { [keyPairFingerprint: string]: CryptoKey },\n encryptionKeys: { [keyPairFingerprint: string]: CryptoKey },\n optionalAttributes: {\n id?: string\n } = {}\n ): Promise<{\n exchangeData: ExchangeData\n exchangeKey: CryptoKey\n accessControlSecret: string\n }> {\n if (!Object.keys(signatureKeys).length || !Object.keys(encryptionKeys).length) {\n throw new Error('Must specify at least one signature key and ')\n }\n const exchangeKey = await this.generateExchangeKey()\n const accessControlSecret = await this.generateAccessControlSecret()\n const encryptedExchangeKey = await this.encryptDataWithKeys(exchangeKey.rawBytes, encryptionKeys)\n const encryptedAccessControlSecret = await this.encryptDataWithKeys(accessControlSecret.rawBytes, encryptionKeys)\n const baseExchangeData = {\n id: optionalAttributes.id ?? this.primitives.randomUuid(),\n delegator: await this.dataOwnerApi.getCurrentDataOwnerId(),\n delegate: delegateId,\n exchangeKey: encryptedExchangeKey,\n accessControlSecret: encryptedAccessControlSecret,\n }\n const signature = await this.signDataWithKeys(await this.bytesToSign(baseExchangeData), signatureKeys)\n const exchangeData = new ExchangeData({ ...baseExchangeData, signature })\n return {\n exchangeData: await this.api.createExchangeData(exchangeData),\n exchangeKey: exchangeKey.key,\n accessControlSecret: accessControlSecret.secret,\n }\n }\n\n /**\n * Updates existing exchange data and uploads it to the cloud in order to share it also with additional public keys, useful for example in cases\n * where one of the data owners involved in the exchange data has lost one of his keys.\n * If the content of the exchange data could not be decrypted using the provided keys the method will not update anything and will return undefined.\n * This method assumes that the new encryption keys have been verified.\n * If the current data owner is also the delegator of the provided exchange data and at least one of the verification keys can be used to\n * validate the current exchange data then the signature will be updated using the signature keys.\n * Instead, if the current data owner is not the delegator of the provided exchange data, or the exchange data could not be verified using\n * the provided verification keys then the updated exchange data will become unverified, and won't ever be verifiable again.\n * @param exchangeData exchange data to update.\n * @param decryptionKeys keys to use to extract the content of the exchange data which will be shared with the new keys.\n * @param signatureKeys keys to use for the new signature of the updated exchange data.\n * @param newEncryptionKeys new keys to add to the exchange data.\n * @param getVerificationKey function to retrieve keys to use for verification by fingerprint.\n * @return the updated exchange data, and its decrypted exchange key and access control secret, or undefined if the exchange data content could not\n * be decrypted and the exchange data could not be updated.\n */\n async tryUpdateExchangeData(\n exchangeData: ExchangeData,\n decryptionKeys: { [publicKeyFingerprint: string]: KeyPair<CryptoKey> },\n newEncryptionKeys: { [keyPairFingerprint: string]: CryptoKey },\n signatureKeys: { [keyPairFingerprint: string]: CryptoKey },\n getVerificationKey: (publicKeyFingerprint: string) => Promise<CryptoKey | undefined>\n ): Promise<\n | {\n exchangeData: ExchangeData\n exchangeKey: CryptoKey\n accessControlSecret: string\n }\n | undefined\n > {\n const dataOwnerId = await this.dataOwnerApi.getCurrentDataOwnerId()\n const rawExchangeKey = await this.tryDecrypt(exchangeData.exchangeKey, decryptionKeys)\n const rawAccessControlSecret = await this.tryDecrypt(exchangeData.accessControlSecret, decryptionKeys)\n if (!rawExchangeKey || !rawAccessControlSecret) return undefined\n const exchangeKey = await this.importExchangeKey(new Uint8Array(rawExchangeKey))\n const accessControlSecret = await this.importAccessControlSecret(new Uint8Array(rawAccessControlSecret))\n const existingExchangeKeyEntries = new Set(Object.keys(exchangeData.exchangeKey))\n const existingAcsEntries = new Set(Object.keys(exchangeData.accessControlSecret))\n const missingEntries = Object.keys(newEncryptionKeys).filter((fp) => !existingAcsEntries.has(fp) || !existingExchangeKeyEntries.has(fp))\n if (!missingEntries.length) return { exchangeData, exchangeKey, accessControlSecret }\n const encryptionKeysForMissingEntries = missingEntries.reduce((obj, fp) => {\n obj[fp] = newEncryptionKeys[fp]\n return obj\n }, {} as { [keyPairFingerprint: string]: CryptoKey })\n const isVerified = exchangeData.delegator == dataOwnerId && (await this.verifyExchangeData(exchangeData, (fp) => getVerificationKey(fp)))\n const updatedExchangeData = _.cloneDeep(exchangeData)\n updatedExchangeData.exchangeKey = {\n ...exchangeData.exchangeKey,\n ...(await this.encryptDataWithKeys(rawExchangeKey, encryptionKeysForMissingEntries)),\n }\n updatedExchangeData.accessControlSecret = {\n ...exchangeData.accessControlSecret,\n ...(await this.encryptDataWithKeys(rawAccessControlSecret, encryptionKeysForMissingEntries)),\n }\n if (isVerified) {\n const newDataToSign = await this.bytesToSign(updatedExchangeData)\n updatedExchangeData.signature = await this.signDataWithKeys(newDataToSign, signatureKeys)\n }\n return { exchangeData: await this.api.modifyExchangeData(new ExchangeData(updatedExchangeData)), exchangeKey, accessControlSecret }\n }\n\n // Gets a byte representation of the parts of exchange data which should be included in the signature.\n // Equivalent json representations of the exchange data should provide the same bytes (even if the order of entries\n // is different).\n private async bytesToSign(exchangeData: {\n delegate: string\n delegator: string\n exchangeKey: { [k: string]: string }\n accessControlSecret: { [k: string]: string }\n }): Promise<ArrayBuffer> {\n function sortObject(obj: { [k: string]: string }): [string, string][] {\n return Object.keys(obj)\n .sort()\n .reduce((sorted, key) => {\n return [...sorted, [key, obj[key]]]\n }, [] as [string, string][])\n }\n const signObject = [\n ['delegator', exchangeData.delegator],\n ['delegate', exchangeData.delegate],\n ['exchangeKey', sortObject(exchangeData.exchangeKey)],\n ['accessControlSecret', sortObject(exchangeData.accessControlSecret)],\n ]\n const signJson = JSON.stringify(signObject)\n return this.primitives.sha256(utf8_2ua(signJson))\n }\n\n // Generates a new exchange key\n private async generateExchangeKey(): Promise<{\n key: CryptoKey // the imported key\n rawBytes: ArrayBuffer // the bytes to encrypt for in the exchange data\n }> {\n const rawBytes = await this.primitives.randomBytes(32)\n return {\n key: await this.importExchangeKey(rawBytes),\n rawBytes,\n }\n }\n\n private async importExchangeKey(decryptedBytes: ArrayBuffer): Promise<CryptoKey> {\n return await this.primitives.AES.importKey('raw', decryptedBytes)\n }\n\n // Generates a new access control secret\n private async generateAccessControlSecret(): Promise<{\n secret: string // the imported secret\n rawBytes: ArrayBuffer // the bytes to encrypt for in the exchange data\n }> {\n const rawBytes = await this.primitives.randomBytes(16)\n return {\n secret: await this.importAccessControlSecret(rawBytes),\n rawBytes,\n }\n }\n\n private importAccessControlSecret(decryptedBytes: ArrayBuffer): Promise<string> {\n return Promise.resolve(ua2hex(decryptedBytes))\n }\n\n private async encryptDataWithKeys(\n rawData: ArrayBuffer,\n keys: { [keyPairFingerprintV1: string]: CryptoKey }\n ): Promise<{ [keyPairFingerprintV2: string]: string }> {\n const res: { [keyPairFingerprintV2: string]: string } = {}\n for (const [fp, key] of Object.entries(keys)) {\n res[fingerprintIsV1(fp) ? fingerprintV1toV2(fp) : fp] = ua2b64(await this.primitives.RSA.encrypt(key, utf8_2ua(ua2hex(rawData))))\n }\n return res\n }\n\n private async signDataWithKeys(\n rawData: ArrayBuffer,\n keys: { [keyPairFingerprint: string]: CryptoKey }\n ): Promise<{ [keyPairFingerprint: string]: string }> {\n const res: { [keyPairFingerprint: string]: string } = {}\n for (const [fp, key] of Object.entries(keys)) {\n res[fp] = ua2b64(await this.primitives.RSA.sign(key, new Uint8Array(rawData)))\n }\n return res\n }\n}\n"]}
|
|
@@ -2,7 +2,6 @@ import { KeyPair } from './RSA';
|
|
|
2
2
|
import { IccDataOwnerXApi } from '../icc-data-owner-x-api';
|
|
3
3
|
import { CryptoPrimitives } from './CryptoPrimitives';
|
|
4
4
|
import { IccDeviceApi, IccHcpartyApi, IccPatientApi } from '../../icc-api';
|
|
5
|
-
import { CryptoActorStubWithType } from '../../icc-api/model/CryptoActorStub';
|
|
6
5
|
import { DataOwnerTypeEnum } from '../../icc-api/model/DataOwnerTypeEnum';
|
|
7
6
|
/**
|
|
8
7
|
* @internal This class is meant only for internal use and may be changed without notice.
|
|
@@ -17,21 +16,6 @@ export declare class BaseExchangeKeysManager {
|
|
|
17
16
|
private readonly patientBaseApi;
|
|
18
17
|
private readonly deviceBaseApi;
|
|
19
18
|
constructor(primitives: CryptoPrimitives, dataOwnerApi: IccDataOwnerXApi, hcpartyBaseApi: IccHcpartyApi, patientBaseApi: IccPatientApi, deviceBaseApi: IccDeviceApi);
|
|
20
|
-
/**
|
|
21
|
-
* Creates a new exchange key from the current data owner to a delegate, or updates an existing one allowing additional public keys to access it.
|
|
22
|
-
* @param delegateId the delegate data owner id.
|
|
23
|
-
* @param delegatorMainKeyPair main key pair for the delegator. The private key will be used for the decryption of the existing key in case of
|
|
24
|
-
* update, and the public key will be used as entry key of the aesExchangeKey map
|
|
25
|
-
* @param additionalPublicKeys all public keys of key pairs other than {@link delegatorMainKeyPair} that need to have access to the exchange key.
|
|
26
|
-
* Can be a mix of crypto keys and full hex-encoded spki format (no fingerprints).
|
|
27
|
-
* @return the exchange key for the delegator-delegate-delegatorKey triple (new or existing) and the updated delegator.
|
|
28
|
-
*/
|
|
29
|
-
createOrUpdateEncryptedExchangeKeyTo(delegateId: string, delegatorMainKeyPair: KeyPair<CryptoKey>, additionalPublicKeys: {
|
|
30
|
-
[keyFingerprint: string]: CryptoKey;
|
|
31
|
-
}): Promise<{
|
|
32
|
-
updatedDelegator: CryptoActorStubWithType;
|
|
33
|
-
key: CryptoKey;
|
|
34
|
-
}>;
|
|
35
19
|
/**
|
|
36
20
|
* Updates the aes exchange keys between the current data owner and another data owner to allow the other data owner to access the exchange key
|
|
37
21
|
* using his new public key. Note that this will make existing exchange keys from the other data owner to the current data owner invalid for
|
|
@@ -118,7 +102,5 @@ export declare class BaseExchangeKeysManager {
|
|
|
118
102
|
*/
|
|
119
103
|
private tryDecryptExchangeKeyWith;
|
|
120
104
|
private updateLegacyExchangeKeys;
|
|
121
|
-
private updateExchangeKeys;
|
|
122
105
|
private combineLegacyHcpKeysWithAesExchangeKeys;
|
|
123
|
-
private fixAesExchangeKeyEntriesToFingerprints;
|
|
124
106
|
}
|
|
@@ -11,8 +11,7 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
|
|
|
11
11
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
12
12
|
exports.BaseExchangeKeysManager = void 0;
|
|
13
13
|
const utils_1 = require("../utils");
|
|
14
|
-
const
|
|
15
|
-
const DataOwnerTypeEnum_1 = require("../../icc-api/model/DataOwnerTypeEnum");
|
|
14
|
+
const utils_2 = require("./utils");
|
|
16
15
|
/**
|
|
17
16
|
* @internal This class is meant only for internal use and may be changed without notice.
|
|
18
17
|
* Functions to create and get exchange keys.
|
|
@@ -27,65 +26,6 @@ class BaseExchangeKeysManager {
|
|
|
27
26
|
this.patientBaseApi = patientBaseApi;
|
|
28
27
|
this.deviceBaseApi = deviceBaseApi;
|
|
29
28
|
}
|
|
30
|
-
/**
|
|
31
|
-
* Creates a new exchange key from the current data owner to a delegate, or updates an existing one allowing additional public keys to access it.
|
|
32
|
-
* @param delegateId the delegate data owner id.
|
|
33
|
-
* @param delegatorMainKeyPair main key pair for the delegator. The private key will be used for the decryption of the existing key in case of
|
|
34
|
-
* update, and the public key will be used as entry key of the aesExchangeKey map
|
|
35
|
-
* @param additionalPublicKeys all public keys of key pairs other than {@link delegatorMainKeyPair} that need to have access to the exchange key.
|
|
36
|
-
* Can be a mix of crypto keys and full hex-encoded spki format (no fingerprints).
|
|
37
|
-
* @return the exchange key for the delegator-delegate-delegatorKey triple (new or existing) and the updated delegator.
|
|
38
|
-
*/
|
|
39
|
-
createOrUpdateEncryptedExchangeKeyTo(delegateId, delegatorMainKeyPair, additionalPublicKeys) {
|
|
40
|
-
return __awaiter(this, void 0, void 0, function* () {
|
|
41
|
-
const delegatorId = yield this.dataOwnerApi.getCurrentDataOwnerId();
|
|
42
|
-
return yield (0, utils_1.notConcurrent)(this.generateKeyConcurrencyMap, delegatorId, () => __awaiter(this, void 0, void 0, function* () {
|
|
43
|
-
var _a, _b, _c, _d, _e, _f, _g, _h, _j, _k;
|
|
44
|
-
const delegator = CryptoActorStub_1.CryptoActorStubWithType.fromDataOwner(yield this.dataOwnerApi.getCurrentDataOwner());
|
|
45
|
-
const delegate = delegatorId === delegateId ? delegator : yield this.dataOwnerApi.getCryptoActorStub(delegateId);
|
|
46
|
-
const mainDelegatorKeyPairPubHex = (0, utils_1.ua2hex)(yield this.primitives.RSA.exportKey(delegatorMainKeyPair.publicKey, 'spki'));
|
|
47
|
-
let exchangeKey = undefined;
|
|
48
|
-
const existingExchangeKey = (_d = (_c = (_b = (_a = delegator.stub.aesExchangeKeys) === null || _a === void 0 ? void 0 : _a[mainDelegatorKeyPairPubHex]) === null || _b === void 0 ? void 0 : _b[delegateId]) === null || _c === void 0 ? void 0 : _c[mainDelegatorKeyPairPubHex.slice(-32)]) !== null && _d !== void 0 ? _d : (mainDelegatorKeyPairPubHex === delegator.stub.publicKey ? (_f = (_e = delegator.stub.hcPartyKeys) === null || _e === void 0 ? void 0 : _e[delegateId]) === null || _f === void 0 ? void 0 : _f[0] : undefined);
|
|
49
|
-
if (existingExchangeKey) {
|
|
50
|
-
exchangeKey = yield this.tryDecryptExchangeKeyWith(existingExchangeKey, delegatorMainKeyPair, undefined);
|
|
51
|
-
if (!exchangeKey)
|
|
52
|
-
throw new Error(`Failed to decrypt existing exchange key for update of ${mainDelegatorKeyPairPubHex.slice(-32)}@${delegatorId}->${delegateId}`);
|
|
53
|
-
const existingAesExchangeKey = (_h = (_g = delegator.stub.aesExchangeKeys) === null || _g === void 0 ? void 0 : _g[mainDelegatorKeyPairPubHex]) === null || _h === void 0 ? void 0 : _h[delegateId];
|
|
54
|
-
if (existingAesExchangeKey) {
|
|
55
|
-
const existingPublicKeysSet = new Set(existingExchangeKey);
|
|
56
|
-
if (Object.keys(additionalPublicKeys).every((fp) => existingPublicKeysSet.has(fp)))
|
|
57
|
-
return {
|
|
58
|
-
updatedDelegator: delegator,
|
|
59
|
-
key: exchangeKey.key,
|
|
60
|
-
};
|
|
61
|
-
}
|
|
62
|
-
}
|
|
63
|
-
const allPublicKeys = Object.assign(Object.assign({}, additionalPublicKeys), { [mainDelegatorKeyPairPubHex.slice(-32)]: delegatorMainKeyPair.publicKey });
|
|
64
|
-
const encryptedKeyInfo = yield this.encryptExchangeKey(exchangeKey, allPublicKeys);
|
|
65
|
-
let updatedDelegatorPublicKey;
|
|
66
|
-
if (delegator.stub.publicKey == '') {
|
|
67
|
-
if (Object.entries((_j = delegator.stub.hcPartyKeys) !== null && _j !== void 0 ? _j : {}).length > 0)
|
|
68
|
-
throw new Error(`Data owner ${delegator.stub.id} has "" as public key but has non-empty hcPartyKeys`);
|
|
69
|
-
updatedDelegatorPublicKey = mainDelegatorKeyPairPubHex;
|
|
70
|
-
}
|
|
71
|
-
else {
|
|
72
|
-
updatedDelegatorPublicKey = (_k = delegator.stub.publicKey) !== null && _k !== void 0 ? _k : mainDelegatorKeyPairPubHex;
|
|
73
|
-
}
|
|
74
|
-
const updatedStub = Object.assign(Object.assign({}, delegator.stub), { aesExchangeKeys: yield this.updateExchangeKeys(delegator, delegate, mainDelegatorKeyPairPubHex, encryptedKeyInfo.encryptedExchangeKey), publicKey: updatedDelegatorPublicKey });
|
|
75
|
-
if (delegator.stub.publicKey === mainDelegatorKeyPairPubHex) {
|
|
76
|
-
updatedStub.hcPartyKeys = this.updateLegacyExchangeKeys(delegator, delegate, encryptedKeyInfo.encryptedExchangeKey);
|
|
77
|
-
}
|
|
78
|
-
const updatedDelegator = yield this.dataOwnerApi.modifyCryptoActorStub({
|
|
79
|
-
type: delegator.type,
|
|
80
|
-
stub: updatedStub,
|
|
81
|
-
});
|
|
82
|
-
return {
|
|
83
|
-
key: encryptedKeyInfo.exchangeKey,
|
|
84
|
-
updatedDelegator,
|
|
85
|
-
};
|
|
86
|
-
}));
|
|
87
|
-
});
|
|
88
|
-
}
|
|
89
29
|
/**
|
|
90
30
|
* Updates the aes exchange keys between the current data owner and another data owner to allow the other data owner to access the exchange key
|
|
91
31
|
* using his new public key. Note that this will make existing exchange keys from the other data owner to the current data owner invalid for
|
|
@@ -97,9 +37,13 @@ class BaseExchangeKeysManager {
|
|
|
97
37
|
giveAccessBackTo(otherDataOwner, newDataOwnerPublicKey, keyPairsByFingerprint) {
|
|
98
38
|
return __awaiter(this, void 0, void 0, function* () {
|
|
99
39
|
const selfId = yield this.dataOwnerApi.getCurrentDataOwnerId();
|
|
100
|
-
const
|
|
101
|
-
|
|
102
|
-
|
|
40
|
+
const other = yield this.dataOwnerApi.getCryptoActorStub(otherDataOwner);
|
|
41
|
+
const newKeyHashVersion = (0, utils_2.getShaVersionForKey)(other.stub, newDataOwnerPublicKey);
|
|
42
|
+
if (!newKeyHashVersion)
|
|
43
|
+
throw new Error(`Public key not found for data owner ${otherDataOwner}`);
|
|
44
|
+
const newPublicKey = yield this.primitives.RSA.importKey('spki', (0, utils_1.hex2ua)(newDataOwnerPublicKey), ['encrypt'], newKeyHashVersion);
|
|
45
|
+
yield this.extendForGiveAccessBackTo(selfId, otherDataOwner, (0, utils_2.fingerprintV1)(newDataOwnerPublicKey), newPublicKey, keyPairsByFingerprint);
|
|
46
|
+
yield this.extendForGiveAccessBackTo(otherDataOwner, selfId, (0, utils_2.fingerprintV1)(newDataOwnerPublicKey), newPublicKey, keyPairsByFingerprint);
|
|
103
47
|
});
|
|
104
48
|
}
|
|
105
49
|
/**
|
|
@@ -138,13 +82,11 @@ class BaseExchangeKeysManager {
|
|
|
138
82
|
if (otherOwnerTypes.length === 0)
|
|
139
83
|
throw new Error('otherOwnerTypes must not be empty!');
|
|
140
84
|
const keysToOwner = yield Promise.all([
|
|
141
|
-
otherOwnerTypes.find((x) => x ===
|
|
142
|
-
|
|
143
|
-
: Promise.resolve({}),
|
|
144
|
-
otherOwnerTypes.find((x) => x === DataOwnerTypeEnum_1.DataOwnerTypeEnum.Patient)
|
|
85
|
+
otherOwnerTypes.find((x) => x === 'hcp') ? this.hcpartyBaseApi.getAesExchangeKeysForDelegate(dataOwnerId).catch(() => { }) : Promise.resolve({}),
|
|
86
|
+
otherOwnerTypes.find((x) => x === 'patient')
|
|
145
87
|
? this.patientBaseApi.getPatientAesExchangeKeysForDelegate(dataOwnerId).catch(() => { })
|
|
146
88
|
: Promise.resolve({}),
|
|
147
|
-
otherOwnerTypes.find((x) => x ===
|
|
89
|
+
otherOwnerTypes.find((x) => x === 'device')
|
|
148
90
|
? this.deviceBaseApi.getDeviceAesExchangeKeysForDelegate(dataOwnerId).catch(() => { })
|
|
149
91
|
: Promise.resolve({}),
|
|
150
92
|
]).then(([a, b, c]) => (Object.assign(Object.assign(Object.assign({}, a), b), c)));
|
|
@@ -315,13 +257,6 @@ class BaseExchangeKeysManager {
|
|
|
315
257
|
else
|
|
316
258
|
return delegator.stub.hcPartyKeys;
|
|
317
259
|
}
|
|
318
|
-
updateExchangeKeys(delegator, delegate, mainDelegatorKeyPairPubHex, encryptedKeyMap) {
|
|
319
|
-
var _a, _b, _c;
|
|
320
|
-
return __awaiter(this, void 0, void 0, function* () {
|
|
321
|
-
const combinedAesExchangeKeys = yield this.combineLegacyHcpKeysWithAesExchangeKeys(delegator.stub, delegate.stub);
|
|
322
|
-
return this.fixAesExchangeKeyEntriesToFingerprints(Object.assign(Object.assign({}, combinedAesExchangeKeys), { [mainDelegatorKeyPairPubHex]: Object.assign(Object.assign({}, ((_a = combinedAesExchangeKeys[mainDelegatorKeyPairPubHex]) !== null && _a !== void 0 ? _a : {})), { [delegate.stub.id]: Object.assign(Object.assign({}, ((_c = (_b = combinedAesExchangeKeys[mainDelegatorKeyPairPubHex]) === null || _b === void 0 ? void 0 : _b[delegate.stub.id]) !== null && _c !== void 0 ? _c : {})), encryptedKeyMap) }) }));
|
|
323
|
-
});
|
|
324
|
-
}
|
|
325
260
|
// Copy all legacy hcp exchange keys into the new aes exchange keys
|
|
326
261
|
combineLegacyHcpKeysWithAesExchangeKeys(owner, delegate) {
|
|
327
262
|
var _a, _b, _c, _d, _e;
|
|
@@ -352,15 +287,6 @@ class BaseExchangeKeysManager {
|
|
|
352
287
|
return (_e = owner.aesExchangeKeys) !== null && _e !== void 0 ? _e : {};
|
|
353
288
|
});
|
|
354
289
|
}
|
|
355
|
-
fixAesExchangeKeyEntriesToFingerprints(aesExchangeKeys) {
|
|
356
|
-
return Object.fromEntries(Object.entries(aesExchangeKeys).map(([delegatorPubKey, allDelegates]) => [
|
|
357
|
-
delegatorPubKey,
|
|
358
|
-
Object.fromEntries(Object.entries(allDelegates).map(([delegateId, keyEntries]) => [
|
|
359
|
-
delegateId,
|
|
360
|
-
Object.fromEntries(Object.entries(keyEntries).map(([publicKey, encryptedValue]) => [publicKey.slice(-32), encryptedValue])),
|
|
361
|
-
])),
|
|
362
|
-
]));
|
|
363
|
-
}
|
|
364
290
|
}
|
|
365
291
|
exports.BaseExchangeKeysManager = BaseExchangeKeysManager;
|
|
366
292
|
//# sourceMappingURL=BaseExchangeKeysManager.js.map
|