@icure/api 7.1.16 → 8.0.0-RC.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (363) hide show
  1. package/icc-api/api/IccAccesslogApi.d.ts +12 -1
  2. package/icc-api/api/IccAccesslogApi.js +142 -98
  3. package/icc-api/api/IccAccesslogApi.js.map +1 -1
  4. package/icc-api/api/IccBemikronoApi.d.ts +81 -0
  5. package/icc-api/api/IccBemikronoApi.js +163 -0
  6. package/icc-api/api/IccBemikronoApi.js.map +1 -0
  7. package/icc-api/api/IccCalendarItemApi.d.ts +21 -1
  8. package/icc-api/api/IccCalendarItemApi.js +183 -117
  9. package/icc-api/api/IccCalendarItemApi.js.map +1 -1
  10. package/icc-api/api/IccClassificationApi.d.ts +21 -1
  11. package/icc-api/api/IccClassificationApi.js +119 -63
  12. package/icc-api/api/IccClassificationApi.js.map +1 -1
  13. package/icc-api/api/IccContactApi.d.ts +21 -1
  14. package/icc-api/api/IccContactApi.js +385 -294
  15. package/icc-api/api/IccContactApi.js.map +1 -1
  16. package/icc-api/api/IccDocumentApi.d.ts +38 -25
  17. package/icc-api/api/IccDocumentApi.js +279 -212
  18. package/icc-api/api/IccDocumentApi.js.map +1 -1
  19. package/icc-api/api/IccExchangeDataApi.d.ts +19 -0
  20. package/icc-api/api/IccExchangeDataApi.js +85 -0
  21. package/icc-api/api/IccExchangeDataApi.js.map +1 -0
  22. package/icc-api/api/IccExchangeDataMapApi.d.ts +18 -0
  23. package/icc-api/api/IccExchangeDataMapApi.js +65 -0
  24. package/icc-api/api/IccExchangeDataMapApi.js.map +1 -0
  25. package/icc-api/api/IccFormApi.d.ts +21 -1
  26. package/icc-api/api/IccFormApi.js +321 -229
  27. package/icc-api/api/IccFormApi.js.map +1 -1
  28. package/icc-api/api/IccHelementApi.d.ts +21 -1
  29. package/icc-api/api/IccHelementApi.js +207 -137
  30. package/icc-api/api/IccHelementApi.js.map +1 -1
  31. package/icc-api/api/IccInvoiceApi.d.ts +21 -1
  32. package/icc-api/api/IccInvoiceApi.js +404 -298
  33. package/icc-api/api/IccInvoiceApi.js.map +1 -1
  34. package/icc-api/api/IccMaintenanceTaskApi.d.ts +12 -1
  35. package/icc-api/api/IccMaintenanceTaskApi.js +79 -43
  36. package/icc-api/api/IccMaintenanceTaskApi.js.map +1 -1
  37. package/icc-api/api/IccMessageApi.d.ts +28 -1
  38. package/icc-api/api/IccMessageApi.js +294 -191
  39. package/icc-api/api/IccMessageApi.js.map +1 -1
  40. package/icc-api/api/IccPatientApi.d.ts +12 -1
  41. package/icc-api/api/IccPatientApi.js +447 -351
  42. package/icc-api/api/IccPatientApi.js.map +1 -1
  43. package/icc-api/api/IccReceiptApi.d.ts +22 -8
  44. package/icc-api/api/IccReceiptApi.js +121 -64
  45. package/icc-api/api/IccReceiptApi.js.map +1 -1
  46. package/icc-api/api/IccRestApiPath.js +1 -1
  47. package/icc-api/api/IccRestApiPath.js.map +1 -1
  48. package/icc-api/api/IccSecureDelegationKeyMapApi.d.ts +26 -0
  49. package/icc-api/api/IccSecureDelegationKeyMapApi.js +71 -0
  50. package/icc-api/api/IccSecureDelegationKeyMapApi.js.map +1 -0
  51. package/icc-api/api/IccTimeTableApi.d.ts +12 -1
  52. package/icc-api/api/IccTimeTableApi.js +86 -48
  53. package/icc-api/api/IccTimeTableApi.js.map +1 -1
  54. package/icc-api/api/IccTopicApi.d.ts +90 -0
  55. package/icc-api/api/IccTopicApi.js +193 -0
  56. package/icc-api/api/IccTopicApi.js.map +1 -0
  57. package/icc-api/index.d.ts +2 -0
  58. package/icc-api/index.js +2 -0
  59. package/icc-api/index.js.map +1 -1
  60. package/icc-api/model/AbstractFilterMessage.d.ts +15 -0
  61. package/icc-api/model/AbstractFilterMessage.js +21 -0
  62. package/icc-api/model/AbstractFilterMessage.js.map +1 -0
  63. package/icc-api/model/AbstractFilterTopic.d.ts +15 -0
  64. package/icc-api/model/AbstractFilterTopic.js +21 -0
  65. package/icc-api/model/AbstractFilterTopic.js.map +1 -0
  66. package/icc-api/model/AccessLog.d.ts +2 -0
  67. package/icc-api/model/AccessLog.js.map +1 -1
  68. package/icc-api/model/Article.d.ts +2 -0
  69. package/icc-api/model/Article.js.map +1 -1
  70. package/icc-api/model/CalendarItem.d.ts +2 -0
  71. package/icc-api/model/CalendarItem.js.map +1 -1
  72. package/icc-api/model/Classification.d.ts +2 -0
  73. package/icc-api/model/Classification.js.map +1 -1
  74. package/icc-api/model/ClassificationTemplate.d.ts +2 -0
  75. package/icc-api/model/ClassificationTemplate.js.map +1 -1
  76. package/icc-api/model/Connection.d.ts +1 -1
  77. package/icc-api/model/Connection.js.map +1 -1
  78. package/icc-api/model/Contact.d.ts +2 -0
  79. package/icc-api/model/Contact.js.map +1 -1
  80. package/icc-api/model/Device.d.ts +4 -4
  81. package/icc-api/model/Device.js.map +1 -1
  82. package/icc-api/model/Document.d.ts +2 -0
  83. package/icc-api/model/Document.js.map +1 -1
  84. package/icc-api/model/ExchangeDataMapCreationBatch.d.ts +13 -0
  85. package/icc-api/model/ExchangeDataMapCreationBatch.js +10 -0
  86. package/icc-api/model/ExchangeDataMapCreationBatch.js.map +1 -0
  87. package/icc-api/model/FilterChainMessage.d.ts +19 -0
  88. package/icc-api/model/FilterChainMessage.js +11 -0
  89. package/icc-api/model/FilterChainMessage.js.map +1 -0
  90. package/icc-api/model/FilterChainTopic.d.ts +19 -0
  91. package/icc-api/model/FilterChainTopic.js +11 -0
  92. package/icc-api/model/FilterChainTopic.js.map +1 -0
  93. package/icc-api/model/Form.d.ts +2 -0
  94. package/icc-api/model/Form.js.map +1 -1
  95. package/icc-api/model/HealthElement.d.ts +2 -0
  96. package/icc-api/model/HealthElement.js.map +1 -1
  97. package/icc-api/model/HealthcareParty.d.ts +2 -2
  98. package/icc-api/model/HealthcareParty.js +13 -1
  99. package/icc-api/model/HealthcareParty.js.map +1 -1
  100. package/icc-api/model/IcureStub.d.ts +2 -0
  101. package/icc-api/model/IcureStub.js.map +1 -1
  102. package/icc-api/model/Invoice.d.ts +2 -0
  103. package/icc-api/model/Invoice.js.map +1 -1
  104. package/icc-api/model/MaintenanceTask.d.ts +13 -10
  105. package/icc-api/model/MaintenanceTask.js +13 -11
  106. package/icc-api/model/MaintenanceTask.js.map +1 -1
  107. package/icc-api/model/Message.d.ts +2 -0
  108. package/icc-api/model/Message.js.map +1 -1
  109. package/icc-api/model/PaginatedListExchangeData.d.ts +9 -0
  110. package/icc-api/model/PaginatedListExchangeData.js +10 -0
  111. package/icc-api/model/PaginatedListExchangeData.js.map +1 -0
  112. package/icc-api/model/PaginatedListTopic.d.ts +20 -0
  113. package/icc-api/model/PaginatedListTopic.js +10 -0
  114. package/icc-api/model/PaginatedListTopic.js.map +1 -0
  115. package/icc-api/model/Patient.d.ts +4 -2
  116. package/icc-api/model/Patient.js.map +1 -1
  117. package/icc-api/model/PatientByHcPartyGenderEducationProfession.d.ts +31 -0
  118. package/icc-api/model/PatientByHcPartyGenderEducationProfession.js +32 -0
  119. package/icc-api/model/PatientByHcPartyGenderEducationProfession.js.map +1 -0
  120. package/icc-api/model/Receipt.d.ts +2 -0
  121. package/icc-api/model/Receipt.js.map +1 -1
  122. package/icc-api/model/SecureDelegation.d.ts +52 -0
  123. package/icc-api/model/SecureDelegation.js +16 -0
  124. package/icc-api/model/SecureDelegation.js.map +1 -0
  125. package/icc-api/model/SecurityMetadata.d.ts +33 -0
  126. package/icc-api/model/SecurityMetadata.js +13 -0
  127. package/icc-api/model/SecurityMetadata.js.map +1 -0
  128. package/icc-api/model/Service.d.ts +2 -0
  129. package/icc-api/model/Service.js.map +1 -1
  130. package/icc-api/model/TimeTable.d.ts +2 -0
  131. package/icc-api/model/TimeTable.js.map +1 -1
  132. package/icc-api/model/Topic.d.ts +95 -0
  133. package/icc-api/model/Topic.js +16 -0
  134. package/icc-api/model/Topic.js.map +1 -0
  135. package/icc-api/model/internal/ExchangeData.d.ts +64 -0
  136. package/icc-api/model/internal/ExchangeData.js +15 -0
  137. package/icc-api/model/internal/ExchangeData.js.map +1 -0
  138. package/icc-api/model/internal/ExchangeDataMap.d.ts +24 -0
  139. package/icc-api/model/internal/ExchangeDataMap.js +13 -0
  140. package/icc-api/model/internal/ExchangeDataMap.js.map +1 -0
  141. package/icc-api/model/internal/SecureDelegationKeyMap.d.ts +14 -0
  142. package/icc-api/model/internal/SecureDelegationKeyMap.js +13 -0
  143. package/icc-api/model/internal/SecureDelegationKeyMap.js.map +1 -0
  144. package/icc-api/model/models.d.ts +26 -40
  145. package/icc-api/model/models.js +19 -37
  146. package/icc-api/model/models.js.map +1 -1
  147. package/icc-api/model/requests/EntityBulkShareResult.d.ts +28 -0
  148. package/icc-api/model/requests/EntityBulkShareResult.js +16 -0
  149. package/icc-api/model/requests/EntityBulkShareResult.js.map +1 -0
  150. package/icc-api/model/requests/EntityShareOrMetadataUpdateRequest.d.ts +10 -0
  151. package/icc-api/model/requests/EntityShareOrMetadataUpdateRequest.js +17 -0
  152. package/icc-api/model/requests/EntityShareOrMetadataUpdateRequest.js.map +1 -0
  153. package/icc-api/model/requests/EntityShareRequest.d.ts +110 -0
  154. package/icc-api/model/requests/EntityShareRequest.js +63 -0
  155. package/icc-api/model/requests/EntityShareRequest.js.map +1 -0
  156. package/icc-api/model/requests/EntitySharedMetadataUpdateRequest.d.ts +54 -0
  157. package/icc-api/model/requests/EntitySharedMetadataUpdateRequest.js +24 -0
  158. package/icc-api/model/requests/EntitySharedMetadataUpdateRequest.js.map +1 -0
  159. package/icc-api/model/requests/MinimalEntityBulkShareResult.d.ts +23 -0
  160. package/icc-api/model/requests/MinimalEntityBulkShareResult.js +13 -0
  161. package/icc-api/model/requests/MinimalEntityBulkShareResult.js.map +1 -0
  162. package/icc-api/model/requests/RejectedShareOrMetadataUpdateRequest.d.ts +21 -0
  163. package/icc-api/model/requests/RejectedShareOrMetadataUpdateRequest.js +14 -0
  164. package/icc-api/model/requests/RejectedShareOrMetadataUpdateRequest.js.map +1 -0
  165. package/icc-x-api/basexapi/EncryptedEntityXApi.d.ts +55 -6
  166. package/icc-x-api/basexapi/EncryptedEntityXApi.js.map +1 -1
  167. package/icc-x-api/crypto/AES.js +1 -1
  168. package/icc-x-api/crypto/AES.js.map +1 -1
  169. package/icc-x-api/crypto/AccessControlKeysHeadersProvider.d.ts +18 -0
  170. package/icc-x-api/crypto/AccessControlKeysHeadersProvider.js +50 -0
  171. package/icc-x-api/crypto/AccessControlKeysHeadersProvider.js.map +1 -0
  172. package/icc-x-api/crypto/AccessControlSecretUtils.d.ts +43 -0
  173. package/icc-x-api/crypto/AccessControlSecretUtils.js +97 -0
  174. package/icc-x-api/crypto/AccessControlSecretUtils.js.map +1 -0
  175. package/icc-x-api/crypto/BaseExchangeDataManager.d.ts +146 -0
  176. package/icc-x-api/crypto/BaseExchangeDataManager.js +342 -0
  177. package/icc-x-api/crypto/BaseExchangeDataManager.js.map +1 -0
  178. package/icc-x-api/crypto/BaseExchangeKeysManager.d.ts +0 -18
  179. package/icc-x-api/crypto/BaseExchangeKeysManager.js +11 -85
  180. package/icc-x-api/crypto/BaseExchangeKeysManager.js.map +1 -1
  181. package/icc-x-api/crypto/ConfidentialEntities.d.ts +26 -16
  182. package/icc-x-api/crypto/ConfidentialEntities.js +30 -17
  183. package/icc-x-api/crypto/ConfidentialEntities.js.map +1 -1
  184. package/icc-x-api/crypto/CryptoStrategies.d.ts +8 -1
  185. package/icc-x-api/crypto/CryptoStrategies.js.map +1 -1
  186. package/icc-x-api/crypto/DelegationsDeAnonymization.d.ts +44 -0
  187. package/icc-x-api/crypto/DelegationsDeAnonymization.js +235 -0
  188. package/icc-x-api/crypto/DelegationsDeAnonymization.js.map +1 -0
  189. package/icc-x-api/crypto/ExchangeDataManager.d.ts +97 -0
  190. package/icc-x-api/crypto/ExchangeDataManager.js +501 -0
  191. package/icc-x-api/crypto/ExchangeDataManager.js.map +1 -0
  192. package/icc-x-api/crypto/ExchangeDataMapManager.d.ts +32 -0
  193. package/icc-x-api/crypto/ExchangeDataMapManager.js +70 -0
  194. package/icc-x-api/crypto/ExchangeDataMapManager.js.map +1 -0
  195. package/icc-x-api/crypto/ExchangeKeysManager.d.ts +4 -16
  196. package/icc-x-api/crypto/ExchangeKeysManager.js +4 -62
  197. package/icc-x-api/crypto/ExchangeKeysManager.js.map +1 -1
  198. package/icc-x-api/crypto/ExtendedApisUtils.d.ts +326 -0
  199. package/icc-x-api/crypto/ExtendedApisUtils.js +3 -0
  200. package/icc-x-api/crypto/ExtendedApisUtils.js.map +1 -0
  201. package/icc-x-api/crypto/ExtendedApisUtilsImpl.d.ts +174 -0
  202. package/icc-x-api/crypto/ExtendedApisUtilsImpl.js +559 -0
  203. package/icc-x-api/crypto/ExtendedApisUtilsImpl.js.map +1 -0
  204. package/icc-x-api/crypto/KeyRecovery.d.ts +5 -2
  205. package/icc-x-api/crypto/KeyRecovery.js +59 -29
  206. package/icc-x-api/crypto/KeyRecovery.js.map +1 -1
  207. package/icc-x-api/crypto/LegacyCryptoStrategies.d.ts +7 -2
  208. package/icc-x-api/crypto/LegacyCryptoStrategies.js +8 -1
  209. package/icc-x-api/crypto/LegacyCryptoStrategies.js.map +1 -1
  210. package/icc-x-api/crypto/LegacyDelegationSecurityMetadataDecryptor.d.ts +33 -0
  211. package/icc-x-api/crypto/LegacyDelegationSecurityMetadataDecryptor.js +141 -0
  212. package/icc-x-api/crypto/LegacyDelegationSecurityMetadataDecryptor.js.map +1 -0
  213. package/icc-x-api/crypto/RSA.d.ts +34 -8
  214. package/icc-x-api/crypto/RSA.js +80 -13
  215. package/icc-x-api/crypto/RSA.js.map +1 -1
  216. package/icc-x-api/crypto/SecureDelegationsEncryption.d.ts +54 -0
  217. package/icc-x-api/crypto/SecureDelegationsEncryption.js +178 -0
  218. package/icc-x-api/crypto/SecureDelegationsEncryption.js.map +1 -0
  219. package/icc-x-api/crypto/SecureDelegationsManager.d.ts +66 -0
  220. package/icc-x-api/crypto/SecureDelegationsManager.js +261 -0
  221. package/icc-x-api/crypto/SecureDelegationsManager.js.map +1 -0
  222. package/icc-x-api/crypto/SecureDelegationsSecurityMetadataDecryptor.d.ts +46 -0
  223. package/icc-x-api/crypto/SecureDelegationsSecurityMetadataDecryptor.js +312 -0
  224. package/icc-x-api/crypto/SecureDelegationsSecurityMetadataDecryptor.js.map +1 -0
  225. package/icc-x-api/crypto/SecurityMetadataDecryptor.d.ts +97 -0
  226. package/icc-x-api/crypto/SecurityMetadataDecryptor.js +79 -0
  227. package/icc-x-api/crypto/SecurityMetadataDecryptor.js.map +1 -0
  228. package/icc-x-api/crypto/ShamirKeysManager.d.ts +5 -5
  229. package/icc-x-api/crypto/ShamirKeysManager.js +6 -9
  230. package/icc-x-api/crypto/ShamirKeysManager.js.map +1 -1
  231. package/icc-x-api/crypto/TransferKeysManager.d.ts +8 -6
  232. package/icc-x-api/crypto/TransferKeysManager.js +75 -52
  233. package/icc-x-api/crypto/TransferKeysManager.js.map +1 -1
  234. package/icc-x-api/crypto/{KeyManager.d.ts → UserEncryptionKeysManager.d.ts} +4 -6
  235. package/icc-x-api/crypto/{KeyManager.js → UserEncryptionKeysManager.js} +43 -23
  236. package/icc-x-api/crypto/UserEncryptionKeysManager.js.map +1 -0
  237. package/icc-x-api/crypto/UserSignatureKeysManager.d.ts +26 -0
  238. package/icc-x-api/crypto/UserSignatureKeysManager.js +74 -0
  239. package/icc-x-api/crypto/UserSignatureKeysManager.js.map +1 -0
  240. package/icc-x-api/crypto/utils.d.ts +61 -11
  241. package/icc-x-api/crypto/utils.js +113 -44
  242. package/icc-x-api/crypto/utils.js.map +1 -1
  243. package/icc-x-api/filters/LatestMessageByHcPartyTransportGuidFilter.d.ts +8 -0
  244. package/icc-x-api/filters/LatestMessageByHcPartyTransportGuidFilter.js +13 -0
  245. package/icc-x-api/filters/LatestMessageByHcPartyTransportGuidFilter.js.map +1 -0
  246. package/icc-x-api/filters/MessageByHcPartyFilter.d.ts +7 -0
  247. package/icc-x-api/filters/MessageByHcPartyFilter.js +13 -0
  248. package/icc-x-api/filters/MessageByHcPartyFilter.js.map +1 -0
  249. package/icc-x-api/filters/MessageByHcPartyTransportGuidFilter.d.ts +8 -0
  250. package/icc-x-api/filters/MessageByHcPartyTransportGuidFilter.js +13 -0
  251. package/icc-x-api/filters/MessageByHcPartyTransportGuidFilter.js.map +1 -0
  252. package/icc-x-api/filters/TopicByHcPartyFilter.d.ts +7 -0
  253. package/icc-x-api/filters/TopicByHcPartyFilter.js +13 -0
  254. package/icc-x-api/filters/TopicByHcPartyFilter.js.map +1 -0
  255. package/icc-x-api/filters/TopicByParticipantFilter.d.ts +7 -0
  256. package/icc-x-api/filters/TopicByParticipantFilter.js +13 -0
  257. package/icc-x-api/filters/TopicByParticipantFilter.js.map +1 -0
  258. package/icc-x-api/filters/filters.d.ts +5 -0
  259. package/icc-x-api/filters/filters.js +5 -0
  260. package/icc-x-api/filters/filters.js.map +1 -1
  261. package/icc-x-api/icc-accesslog-x-api.d.ts +49 -12
  262. package/icc-x-api/icc-accesslog-x-api.js +81 -44
  263. package/icc-x-api/icc-accesslog-x-api.js.map +1 -1
  264. package/icc-x-api/icc-calendar-item-x-api.d.ts +53 -15
  265. package/icc-x-api/icc-calendar-item-x-api.js +105 -51
  266. package/icc-x-api/icc-calendar-item-x-api.js.map +1 -1
  267. package/icc-x-api/icc-classification-x-api.d.ts +47 -10
  268. package/icc-x-api/icc-classification-x-api.js +62 -33
  269. package/icc-x-api/icc-classification-x-api.js.map +1 -1
  270. package/icc-x-api/icc-contact-x-api.d.ts +59 -33
  271. package/icc-x-api/icc-contact-x-api.js +101 -66
  272. package/icc-x-api/icc-contact-x-api.js.map +1 -1
  273. package/icc-x-api/icc-crypto-x-api.d.ts +33 -333
  274. package/icc-x-api/icc-crypto-x-api.js +47 -764
  275. package/icc-x-api/icc-crypto-x-api.js.map +1 -1
  276. package/icc-x-api/icc-data-owner-x-api.d.ts +20 -8
  277. package/icc-x-api/icc-data-owner-x-api.js +31 -10
  278. package/icc-x-api/icc-data-owner-x-api.js.map +1 -1
  279. package/icc-x-api/icc-document-x-api.d.ts +51 -12
  280. package/icc-x-api/icc-document-x-api.js +117 -66
  281. package/icc-x-api/icc-document-x-api.js.map +1 -1
  282. package/icc-x-api/icc-form-x-api.d.ts +48 -11
  283. package/icc-x-api/icc-form-x-api.js +71 -37
  284. package/icc-x-api/icc-form-x-api.js.map +1 -1
  285. package/icc-x-api/icc-hcparty-x-api.d.ts +2 -2
  286. package/icc-x-api/icc-hcparty-x-api.js +3 -3
  287. package/icc-x-api/icc-hcparty-x-api.js.map +1 -1
  288. package/icc-x-api/icc-helement-x-api.d.ts +59 -20
  289. package/icc-x-api/icc-helement-x-api.js +78 -43
  290. package/icc-x-api/icc-helement-x-api.js.map +1 -1
  291. package/icc-x-api/icc-icure-maintenance-x-api.d.ts +7 -2
  292. package/icc-x-api/icc-icure-maintenance-x-api.js +38 -27
  293. package/icc-x-api/icc-icure-maintenance-x-api.js.map +1 -1
  294. package/icc-x-api/icc-invoice-x-api.d.ts +53 -16
  295. package/icc-x-api/icc-invoice-x-api.js +69 -35
  296. package/icc-x-api/icc-invoice-x-api.js.map +1 -1
  297. package/icc-x-api/icc-maintenance-task-x-api.d.ts +56 -22
  298. package/icc-x-api/icc-maintenance-task-x-api.js +77 -36
  299. package/icc-x-api/icc-maintenance-task-x-api.js.map +1 -1
  300. package/icc-x-api/icc-message-x-api.d.ts +75 -19
  301. package/icc-x-api/icc-message-x-api.js +126 -37
  302. package/icc-x-api/icc-message-x-api.js.map +1 -1
  303. package/icc-x-api/icc-patient-x-api.d.ts +86 -29
  304. package/icc-x-api/icc-patient-x-api.js +318 -379
  305. package/icc-x-api/icc-patient-x-api.js.map +1 -1
  306. package/icc-x-api/icc-receipt-x-api.d.ts +47 -13
  307. package/icc-x-api/icc-receipt-x-api.js +72 -36
  308. package/icc-x-api/icc-receipt-x-api.js.map +1 -1
  309. package/icc-x-api/icc-time-table-x-api.d.ts +46 -13
  310. package/icc-x-api/icc-time-table-x-api.js +61 -27
  311. package/icc-x-api/icc-time-table-x-api.js.map +1 -1
  312. package/icc-x-api/icc-topic-x-api.d.ts +191 -0
  313. package/icc-x-api/icc-topic-x-api.js +307 -0
  314. package/icc-x-api/icc-topic-x-api.js.map +1 -0
  315. package/icc-x-api/icc-user-x-api.d.ts +2 -2
  316. package/icc-x-api/icc-user-x-api.js +3 -3
  317. package/icc-x-api/icc-user-x-api.js.map +1 -1
  318. package/icc-x-api/index.d.ts +18 -2
  319. package/icc-x-api/index.js +203 -156
  320. package/icc-x-api/index.js.map +1 -1
  321. package/icc-x-api/maintenance/KeyPairUpdateRequest.d.ts +1 -1
  322. package/icc-x-api/storage/DefaultStorageEntryKeysFactory.d.ts +2 -0
  323. package/icc-x-api/storage/DefaultStorageEntryKeysFactory.js +9 -2
  324. package/icc-x-api/storage/DefaultStorageEntryKeysFactory.js.map +1 -1
  325. package/icc-x-api/storage/IcureStorageFacade.d.ts +23 -2
  326. package/icc-x-api/storage/IcureStorageFacade.js +36 -2
  327. package/icc-x-api/storage/IcureStorageFacade.js.map +1 -1
  328. package/icc-x-api/storage/KeyStorageFacade.d.ts +12 -0
  329. package/icc-x-api/storage/KeyStorageFacade.js.map +1 -1
  330. package/icc-x-api/storage/KeyStorageImpl.d.ts +2 -0
  331. package/icc-x-api/storage/KeyStorageImpl.js +10 -0
  332. package/icc-x-api/storage/KeyStorageImpl.js.map +1 -1
  333. package/icc-x-api/storage/StorageEntryKeysFactory.d.ts +14 -1
  334. package/icc-x-api/storage/StorageEntryKeysFactory.js.map +1 -1
  335. package/icc-x-api/utils/EntityWithDelegationTypeName.d.ts +32 -0
  336. package/icc-x-api/utils/EntityWithDelegationTypeName.js +75 -0
  337. package/icc-x-api/utils/EntityWithDelegationTypeName.js.map +1 -0
  338. package/icc-x-api/utils/ShareResult.d.ts +74 -0
  339. package/icc-x-api/utils/ShareResult.js +61 -0
  340. package/icc-x-api/utils/ShareResult.js.map +1 -0
  341. package/icc-x-api/utils/binary-utils.d.ts +1 -0
  342. package/icc-x-api/utils/binary-utils.js +8 -1
  343. package/icc-x-api/utils/binary-utils.js.map +1 -1
  344. package/icc-x-api/utils/collection-utils.d.ts +5 -0
  345. package/icc-x-api/utils/collection-utils.js +26 -1
  346. package/icc-x-api/utils/collection-utils.js.map +1 -1
  347. package/icc-x-api/utils/crypto-utils.d.ts +4 -3
  348. package/icc-x-api/utils/crypto-utils.js +5 -4
  349. package/icc-x-api/utils/crypto-utils.js.map +1 -1
  350. package/icc-x-api/utils/lru-temporised-async-cache.d.ts +26 -3
  351. package/icc-x-api/utils/lru-temporised-async-cache.js +75 -15
  352. package/icc-x-api/utils/lru-temporised-async-cache.js.map +1 -1
  353. package/icc-x-api/utils/websocket.d.ts +14 -10
  354. package/icc-x-api/utils/websocket.js +26 -9
  355. package/icc-x-api/utils/websocket.js.map +1 -1
  356. package/index.d.ts +1 -1
  357. package/index.js +3 -1
  358. package/index.js.map +1 -1
  359. package/package.json +2 -3
  360. package/icc-x-api/crypto/EntitiesEncryption.d.ts +0 -275
  361. package/icc-x-api/crypto/EntitiesEncryption.js +0 -734
  362. package/icc-x-api/crypto/EntitiesEncryption.js.map +0 -1
  363. package/icc-x-api/crypto/KeyManager.js.map +0 -1
@@ -1 +1 @@
1
- {"version":3,"file":"BaseExchangeKeysManager.js","sourceRoot":"","sources":["../../../icc-x-api/crypto/BaseExchangeKeysManager.ts"],"names":[],"mappings":";;;;;;;;;;;;AACA,oCAAwD;AAIxD,yEAA8F;AAC9F,6EAAyE;AAEzE;;;;GAIG;AACH,MAAa,uBAAuB;IAQlC,YACE,UAA4B,EAC5B,YAA8B,EAC9B,cAA6B,EAC7B,cAA6B,EAC7B,aAA2B;QAZZ,8BAAyB,GAAwC,EAAE,CAAA;QAclF,IAAI,CAAC,UAAU,GAAG,UAAU,CAAA;QAC5B,IAAI,CAAC,YAAY,GAAG,YAAY,CAAA;QAChC,IAAI,CAAC,cAAc,GAAG,cAAc,CAAA;QACpC,IAAI,CAAC,cAAc,GAAG,cAAc,CAAA;QACpC,IAAI,CAAC,aAAa,GAAG,aAAa,CAAA;IACpC,CAAC;IAED;;;;;;;;OAQG;IACG,oCAAoC,CACxC,UAAkB,EAClB,oBAAwC,EACxC,oBAA6D;;YAK7D,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,qBAAqB,EAAE,CAAA;YACnE,OAAO,MAAM,IAAA,qBAAa,EAAC,IAAI,CAAC,yBAAyB,EAAE,WAAW,EAAE,GAAS,EAAE;;gBACjF,MAAM,SAAS,GAAG,yCAAuB,CAAC,aAAa,CAAC,MAAM,IAAI,CAAC,YAAY,CAAC,mBAAmB,EAAE,CAAC,CAAA;gBACtG,MAAM,QAAQ,GAAG,WAAW,KAAK,UAAU,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,MAAM,IAAI,CAAC,YAAY,CAAC,kBAAkB,CAAC,UAAU,CAAC,CAAA;gBAChH,MAAM,0BAA0B,GAAG,IAAA,cAAM,EAAC,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,SAAS,CAAC,oBAAoB,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC,CAAA;gBACtH,IAAI,WAAW,GAAgD,SAAS,CAAA;gBACxE,MAAM,mBAAmB,GACvB,MAAA,MAAA,MAAA,MAAA,SAAS,CAAC,IAAI,CAAC,eAAe,0CAAG,0BAA0B,CAAC,0CAAG,UAAU,CAAC,0CAAG,0BAA0B,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,mCACnH,CAAC,0BAA0B,KAAK,SAAS,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,MAAA,MAAA,SAAS,CAAC,IAAI,CAAC,WAAW,0CAAG,UAAU,CAAC,0CAAG,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAA;gBACvH,IAAI,mBAAmB,EAAE;oBACvB,WAAW,GAAG,MAAM,IAAI,CAAC,yBAAyB,CAAC,mBAAmB,EAAE,oBAAoB,EAAE,SAAS,CAAC,CAAA;oBACxG,IAAI,CAAC,WAAW;wBACd,MAAM,IAAI,KAAK,CACb,yDAAyD,0BAA0B,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,IAAI,WAAW,KAAK,UAAU,EAAE,CAC/H,CAAA;oBACH,MAAM,sBAAsB,GAAG,MAAA,MAAA,SAAS,CAAC,IAAI,CAAC,eAAe,0CAAG,0BAA0B,CAAC,0CAAG,UAAU,CAAC,CAAA;oBACzG,IAAI,sBAAsB,EAAE;wBAC1B,MAAM,qBAAqB,GAAG,IAAI,GAAG,CAAC,mBAAmB,CAAC,CAAA;wBAC1D,IAAI,MAAM,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,qBAAqB,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;4BAChF,OAAO;gCACL,gBAAgB,EAAE,SAAS;gCAC3B,GAAG,EAAE,WAAW,CAAC,GAAG;6BACrB,CAAA;qBACJ;iBACF;gBACD,MAAM,aAAa,mCACd,oBAAoB,KACvB,CAAC,0BAA0B,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,oBAAoB,CAAC,SAAS,GACxE,CAAA;gBACD,MAAM,gBAAgB,GAAG,MAAM,IAAI,CAAC,kBAAkB,CAAC,WAAW,EAAE,aAAa,CAAC,CAAA;gBAClF,IAAI,yBAAiC,CAAA;gBACrC,IAAI,SAAS,CAAC,IAAI,CAAC,SAAS,IAAI,EAAE,EAAE;oBAClC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAA,SAAS,CAAC,IAAI,CAAC,WAAW,mCAAI,EAAE,CAAC,CAAC,MAAM,GAAG,CAAC;wBAC7D,MAAM,IAAI,KAAK,CAAC,cAAc,SAAS,CAAC,IAAI,CAAC,EAAE,qDAAqD,CAAC,CAAA;oBACvG,yBAAyB,GAAG,0BAA0B,CAAA;iBACvD;qBAAM;oBACL,yBAAyB,GAAG,MAAA,SAAS,CAAC,IAAI,CAAC,SAAS,mCAAI,0BAA0B,CAAA;iBACnF;gBACD,MAAM,WAAW,mCACZ,SAAS,CAAC,IAAI,KACjB,eAAe,EAAE,MAAM,IAAI,CAAC,kBAAkB,CAAC,SAAS,EAAE,QAAQ,EAAE,0BAA0B,EAAE,gBAAgB,CAAC,oBAAoB,CAAC,EACtI,SAAS,EAAE,yBAAyB,GACrC,CAAA;gBACD,IAAI,SAAS,CAAC,IAAI,CAAC,SAAS,KAAK,0BAA0B,EAAE;oBAC3D,WAAW,CAAC,WAAW,GAAG,IAAI,CAAC,wBAAwB,CAAC,SAAS,EAAE,QAAQ,EAAE,gBAAgB,CAAC,oBAAoB,CAAC,CAAA;iBACpH;gBACD,MAAM,gBAAgB,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,qBAAqB,CAAC;oBACrE,IAAI,EAAE,SAAS,CAAC,IAAI;oBACpB,IAAI,EAAE,WAAW;iBAClB,CAAC,CAAA;gBACF,OAAO;oBACL,GAAG,EAAE,gBAAgB,CAAC,WAAW;oBACjC,gBAAgB;iBACjB,CAAA;YACH,CAAC,CAAA,CAAC,CAAA;QACJ,CAAC;KAAA;IAED;;;;;;;OAOG;IACG,gBAAgB,CACpB,cAAsB,EACtB,qBAA6B,EAC7B,qBAA6E;;YAE7E,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,qBAAqB,EAAE,CAAA;YAC9D,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,SAAS,CAAC,MAAM,EAAE,IAAA,cAAM,EAAC,qBAAqB,CAAC,EAAE,CAAC,SAAS,CAAC,CAAC,CAAA;YAC5G,MAAM,IAAI,CAAC,yBAAyB,CAAC,MAAM,EAAE,cAAc,EAAE,qBAAqB,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,EAAE,YAAY,EAAE,qBAAqB,CAAC,CAAA;YACnI,MAAM,IAAI,CAAC,yBAAyB,CAAC,cAAc,EAAE,MAAM,EAAE,qBAAqB,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,EAAE,YAAY,EAAE,qBAAqB,CAAC,CAAA;QACrI,CAAC;KAAA;IAED;;;;;OAKG;IACG,2BAA2B,CAAC,WAAmB,EAAE,UAAkB;;;YACvE,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,kBAAkB,CAAC,WAAW,CAAC,CAAA;YACzE,MAAM,GAAG,GAAiD,MAAM,CAAC,MAAM,CAAC,MAAA,SAAS,CAAC,IAAI,CAAC,eAAe,mCAAI,EAAE,CAAC,CAAC,OAAO,CAAC,CAAC,aAAa,EAAE,EAAE;gBACtI,MAAM,uBAAuB,GAAG,aAAa,CAAC,UAAU,CAAC,CAAA;gBACzD,IAAI,uBAAuB,EAAE;oBAC3B,OAAO,CAAC,uBAAuB,CAAC,CAAA;iBACjC;qBAAM;oBACL,OAAO,EAAE,CAAA;iBACV;YACH,CAAC,CAAC,CAAA;YACF,MAAM,gBAAgB,GAAG,MAAA,MAAA,SAAS,CAAC,IAAI,CAAC,WAAW,0CAAG,UAAU,CAAC,0CAAG,CAAC,CAAC,CAAA;YACtE,IAAI,gBAAgB;gBAAE,GAAG,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,gBAAgB,EAAE,CAAC,CAAA;YACxD,OAAO,GAAG,CAAA;;KACX;IAED;;;;;OAKG;IACG,sBAAsB,CAC1B,WAAmB,EACnB,eAAoC;;YAKpC,IAAI,eAAe,CAAC,MAAM,KAAK,CAAC;gBAAE,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAA;YACvF,MAAM,WAAW,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC;gBACpC,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,qCAAiB,CAAC,GAAG,CAAC;oBACtD,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,6BAA6B,CAAC,WAAW,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC;oBAChF,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;gBACvB,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,qCAAiB,CAAC,OAAO,CAAC;oBAC1D,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,oCAAoC,CAAC,WAAW,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC;oBACvF,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;gBACvB,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,qCAAiB,CAAC,MAAM,CAAC;oBACzD,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,mCAAmC,CAAC,WAAW,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC;oBACrF,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;aACxB,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,8CAAK,CAAC,GAAK,CAAC,GAAK,CAAC,CAA0F,CAAA,CAAC,CAAA;YACrI,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,kBAAkB,CAAC,WAAW,CAAC,CAAA;YACzE,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,uCAAuC,CAAC,SAAS,CAAC,IAAI,EAAE,SAAS,CAAC,CAAA;YAClG,MAAM,iBAAiB,GAAG,IAAI,GAAG,CAC/B,MAAM,KAAK,CAAC,IAAI,CAAC,IAAI,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAO,GAAG,EAAE,OAAO,EAAE,EAAE;gBAClH,MAAM,UAAU,GAAG,MAAM,GAAG,CAAA;gBAC5B,IAAI,OAAO,KAAK,WAAW,EAAE;oBAC3B,OAAO,CAAC,GAAG,UAAU,EAAE,OAAO,CAAC,CAAA;iBAChC;qBAAM;oBACL,MAAM,aAAa,GAAsB,CAAC,MAAM,IAAI,CAAC,YAAY,CAAC,kBAAkB,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAA;oBACnG,IAAI,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,aAAa,CAAC,EAAE;wBACpD,OAAO,CAAC,GAAG,UAAU,EAAE,OAAO,CAAC,CAAA;qBAChC;;wBAAM,OAAO,UAAU,CAAA;iBACzB;YACH,CAAC,CAAA,EAAE,OAAO,CAAC,OAAO,CAAC,EAAc,CAAC,CAAC,CACpC,CAAA;YACD,MAAM,aAAa,GAAG,MAAM,CAAC,WAAW,CACtC,MAAM,CAAC,OAAO,CAAC,YAAY,CAAC;iBACzB,GAAG,CAAC,CAAC,CAAC,eAAe,EAAE,cAAc,CAAC,EAAE,EAAE,CAAC;gBAC1C,eAAe;gBACf,MAAM,CAAC,WAAW,CAChB,MAAM,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,UAAU,CAAC,EAAE,EAAE,CAAC,iBAAiB,CAAC,GAAG,CAAC,UAAU,CAAC,CAAwC,CAClI;aACF,CAAC;iBACD,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAyD,CACxG,CAAA;YACD,OAAO,EAAE,WAAW,EAAE,aAAa,EAAE,CAAA;QACvC,CAAC;KAAA;IAED;;;;;OAKG;IACG,sBAAsB,CAC1B,qBAAmE,EACnE,qBAA6E;;YAK7E,MAAM,IAAI,GAAG,IAAI,GAAG,EAAU,CAAA;YAC9B,MAAM,GAAG,GAGL,EAAE,qBAAqB,EAAE,EAAE,EAAE,iBAAiB,EAAE,EAAE,EAAE,CAAA;YACxD,KAAK,MAAM,oBAAoB,IAAI,qBAAqB,EAAE;gBACxD,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,qBAAqB,CAAC,oBAAoB,EAAE,qBAAqB,CAAC,CAAA;gBAC/F,IAAI,SAAS,KAAK,SAAS,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,EAAE;oBACvD,IAAI,CAAC,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAA;oBACvB,GAAG,CAAC,qBAAqB,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAA;iBAC9C;qBAAM;oBACL,GAAG,CAAC,iBAAiB,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAA;iBACjD;aACF;YACD,OAAO,GAAG,CAAA;QACZ,CAAC;KAAA;IAEa,yBAAyB,CACrC,WAAmB,EACnB,UAAkB,EAClB,cAAsB,EACtB,YAAuB,EACvB,+BAAuF;;YAEvF,MAAM,IAAA,qBAAa,EAAC,IAAI,CAAC,yBAAyB,EAAE,WAAW,EAAE,GAAS,EAAE;gBAC1E,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,kBAAkB,CAAC,WAAW,CAAC,CAAA;gBACzE,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,kBAAkB,CAAC,UAAU,CAAC,CAAA;gBACvE,IAAI,gBAAgB,GAAG,KAAK,CAAA;gBAC5B,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,uCAAuC,CAAC,SAAS,CAAC,IAAI,EAAE,QAAQ,CAAC,IAAI,CAAC,CAAA;gBACtG,MAAM,mBAAmB,GAAsF,EAAE,CAAA;gBACjH,MAAM,iBAAiB,GAAG,EAAE,CAAC,cAAc,CAAC,EAAE,YAAY,EAAE,CAAA;gBAC5D,KAAK,MAAM,CAAC,gBAAgB,EAAE,mBAAmB,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,YAAY,CAAC,EAAE;oBAClF,MAAM,sBAAsB,GAA0D,EAAE,CAAA;oBACxF,KAAK,MAAM,CAAC,cAAc,EAAE,gBAAgB,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,mBAAmB,CAAC,EAAE;wBACpF,IAAI,UAAU,KAAK,cAAc,IAAI,cAAc,IAAI,gBAAgB,EAAE;4BACvE,sBAAsB,CAAC,cAAc,CAAC,GAAG,gBAAgB,CAAA;yBAC1D;6BAAM;4BACL,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,qBAAqB,CAAC,gBAAgB,EAAE,+BAA+B,CAAC,CAAA;4BACrG,IAAI,SAAS,EAAE;gCACb,gBAAgB,GAAG,IAAI,CAAA;gCACvB,sBAAsB,CAAC,cAAc,CAAC,mCACjC,gBAAgB,GAChB,CAAC,MAAM,IAAI,CAAC,kBAAkB,CAAC,SAAS,EAAE,iBAAiB,CAAC,CAAC,CAAC,oBAAoB,CACtF,CAAA;6BACF;iCAAM;gCACL,sBAAsB,CAAC,cAAc,CAAC,GAAG,gBAAgB,CAAA;6BAC1D;yBACF;qBACF;oBACD,mBAAmB,CAAC,gBAAgB,CAAC,GAAG,sBAAsB,CAAA;iBAC/D;gBACD,IAAI,gBAAgB,EAAE;oBACpB,MAAM,IAAI,CAAC,YAAY,CAAC,qBAAqB,CAAC;wBAC5C,IAAI,EAAE,SAAS,CAAC,IAAI;wBACpB,IAAI,kCACC,SAAS,CAAC,IAAI,KACjB,eAAe,EAAE,mBAAmB,GACrC;qBACF,CAAC,CAAA;iBACH;YACH,CAAC,CAAA,CAAC,CAAA;QACJ,CAAC;KAAA;IAED;;;;;;OAMG;IACW,qBAAqB,CACjC,oBAAgE,EAChE,qBAA6E;;YAE7E,KAAK,MAAM,CAAC,QAAQ,EAAE,SAAS,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,oBAAoB,CAAC,EAAE;gBACxE,kHAAkH;gBAClH,MAAM,EAAE,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAA;gBAC9B,MAAM,OAAO,GAAG,qBAAqB,CAAC,EAAE,CAAC,CAAA;gBACzC,IAAI,OAAO,KAAK,SAAS,EAAE;oBACzB,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,yBAAyB,CAAC,SAAS,EAAE,OAAO,EAAE,EAAE,CAAC,CAAA;oBACxE,IAAI,GAAG,KAAK,SAAS;wBAAE,OAAO,GAAG,CAAA;iBAClC;aACF;YACD,MAAM,mBAAmB,GAAG,oBAAoB,CAAC,EAAE,CAAC,CAAA;YACpD,IAAI,mBAAmB,KAAK,SAAS,EAAE;gBACrC,KAAK,MAAM,OAAO,IAAI,MAAM,CAAC,MAAM,CAAC,qBAAqB,CAAC,EAAE;oBAC1D,oEAAoE;oBACpE,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,yBAAyB,CAAC,mBAAmB,EAAE,OAAO,EAAE,SAAS,CAAC,CAAA;oBACzF,IAAI,GAAG,KAAK,SAAS;wBAAE,OAAO,GAAG,CAAA;iBAClC;aACF;YACD,OAAO,SAAS,CAAA;QAClB,CAAC;KAAA;IAED;;;;;OAKG;IACW,kBAAkB,CAC9B,WAAwD,EACxD,UAAmD;;;YAKnD,MAAM,iBAAiB,GAAG,MAAA,WAAW,aAAX,WAAW,uBAAX,WAAW,CAAE,GAAG,mCAAI,CAAC,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,iBAAiB,CAAC,KAAK,CAAC,CAAC,CAAA;YAClG,MAAM,gBAAgB,GAAG,WAAW,KAAK,SAAS,CAAC,CAAC,CAAC,IAAA,cAAM,EAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,SAAS,CAAC,iBAAiB,EAAE,KAAK,CAAC,CAAA;YAC5I,MAAM,oBAAoB,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,MAAM,CAClE,CAAO,GAAG,EAAE,CAAC,SAAS,EAAE,OAAO,CAAC,EAAE,EAAE;gBAAC,OAAA,iCAChC,CAAC,MAAM,GAAG,CAAC,KACd,CAAC,SAAS,CAAC,EAAE,IAAA,cAAM,EAAC,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,OAAO,EAAE,IAAI,UAAU,CAAC,gBAAgB,CAAC,CAAC,CAAC,IACjG,CAAA;cAAA,EACF,OAAO,CAAC,OAAO,CAAC,EAAoC,CAAC,CACtD,CAAA;YACD,OAAO,EAAE,WAAW,EAAE,iBAAiB,EAAE,oBAAoB,EAAE,CAAA;;KAChE;IAED;;;;;;;;;OASG;IACW,yBAAyB,CACrC,iBAAyB,EACzB,OAA2B,EAC3B,SAA6B,CAAC,iGAAiG;;;YAE/H,IAAI;gBACF,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,OAAO,CAAC,UAAU,EAAE,IAAA,cAAM,EAAC,iBAAiB,CAAC,CAAC,CAAA;gBAClG,OAAO,EAAE,GAAG,EAAE,IAAA,cAAM,EAAC,SAAS,CAAC,EAAE,GAAG,EAAE,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,SAAS,CAAC,KAAK,EAAE,SAAS,CAAC,EAAE,CAAA;aAC9F;YAAC,OAAO,CAAC,EAAE;gBACV,IAAI,SAAS,EAAE;oBACb,OAAO,CAAC,KAAK,CAAC,4CAA4C,iBAAiB,+BAA+B,SAAS,GAAG,EAAE,CAAC,CAAC,CAAA;iBAC3H;aACF;QACH,CAAC;KAAA;IAEO,wBAAwB,CAC9B,SAAkC,EAClC,QAAiC,EACjC,eAAyC;;QAEzC,MAAM,2BAA2B,GAAG,SAAS,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,SAAS,CAAA;QACpH,MAAM,0BAA0B,GAAG,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,eAAe,CAAC,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,SAAS,CAAA;QACjH,IAAI,2BAA2B,IAAI,0BAA0B,EAAE;YAC7D,uCACK,CAAC,MAAA,SAAS,CAAC,IAAI,CAAC,WAAW,mCAAI,EAAE,CAAC,KACrC,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAG,CAAC,EAAE,CAAC,2BAA2B,EAAE,0BAA0B,CAAC,IAC/E;SACF;;YAAM,OAAO,SAAS,CAAC,IAAI,CAAC,WAAW,CAAA;IAC1C,CAAC;IAEa,kBAAkB,CAC9B,SAAkC,EAClC,QAAiC,EACjC,0BAAkC,EAClC,eAAyC;;;YAEzC,MAAM,uBAAuB,GAAG,MAAM,IAAI,CAAC,uCAAuC,CAAC,SAAS,CAAC,IAAI,EAAE,QAAQ,CAAC,IAAI,CAAC,CAAA;YACjH,OAAO,IAAI,CAAC,sCAAsC,iCAC7C,uBAAuB,KAC1B,CAAC,0BAA0B,CAAC,kCACvB,CAAC,MAAA,uBAAuB,CAAC,0BAA0B,CAAC,mCAAI,EAAE,CAAC,KAC9D,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAG,CAAC,kCACd,CAAC,MAAA,MAAA,uBAAuB,CAAC,0BAA0B,CAAC,0CAAG,QAAQ,CAAC,IAAI,CAAC,EAAG,CAAC,mCAAI,EAAE,CAAC,GAChF,eAAe,QAGtB,CAAA;;KACH;IAED,mEAAmE;IACrD,uCAAuC,CACnD,KAAsB,EACtB,QAAqC;;;YAErC,MAAM,oBAAoB,GAAG,KAAK,CAAC,SAAS,CAAA;YAC5C,IAAI,oBAAoB,IAAI,CAAC,CAAC,MAAA,KAAK,CAAC,eAAe,mCAAI,EAAE,CAAC,CAAC,oBAAoB,CAAC,EAAE;gBAChF;;;;mBAIG;gBACH,MAAM,8BAA8B,GAAG,MAAM,CAAC,IAAI,CAAC,MAAA,KAAK,CAAC,WAAW,mCAAI,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,KAAK,CAAC,EAAE,IAAI,CAAC,MAAK,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,EAAE,CAAA,CAAC,CAAA;gBAC/H,MAAM,gBAAgB,GAAG;oBACvB,KAAK;oBACL,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;oBAC/B,GAAG,CAAC,MAAM,OAAO,CAAC,GAAG,CAAC,8BAA8B,CAAC,GAAG,CAAC,CAAO,IAAI,EAAE,EAAE,gDAAC,OAAA,CAAC,MAAM,IAAI,CAAC,YAAY,CAAC,kBAAkB,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAA,GAAA,CAAC,CAAC,CAAC;iBACpI,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,SAAS,EAAE,EAAE;oBAC1B,GAAG,CAAC,SAAS,CAAC,EAAG,CAAC,GAAG,SAAS,CAAA;oBAC9B,OAAO,GAAG,CAAA;gBACZ,CAAC,EAAE,EAAuC,CAAC,CAAA;gBAC3C,uBACE,CAAC,oBAAoB,CAAC,EAAE,MAAM,CAAC,OAAO,CAAC,MAAA,KAAK,CAAC,WAAW,mCAAI,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,CAAC,KAAK,EAAE,IAAI,CAAC,EAAE,EAAE;;wBAC5F,GAAG,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,oBAAoB,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,MAAA,MAAA,MAAA,gBAAgB,CAAC,KAAK,CAAC,0CAAE,SAAS,0CAAE,KAAK,CAAC,CAAC,EAAE,CAAC,mCAAI,EAAE,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC,EAAE,CAAA;wBAC5H,OAAO,GAAG,CAAA;oBACZ,CAAC,EAAE,EAAiE,CAAC,IAClE,CAAC,MAAA,KAAK,CAAC,eAAe,mCAAI,EAAE,CAAC,EACjC;aACF;;gBAAM,OAAO,MAAA,KAAK,CAAC,eAAe,mCAAI,EAAE,CAAA;;KAC1C;IAEO,sCAAsC,CAAC,eAE9C;QACC,OAAO,MAAM,CAAC,WAAW,CACvB,MAAM,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,eAAe,EAAE,YAAY,CAAC,EAAE,EAAE,CAAC;YACvE,eAAe;YACf,MAAM,CAAC,WAAW,CAChB,MAAM,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,UAAU,EAAE,UAAU,CAAC,EAAE,EAAE,CAAC;gBAC7D,UAAU;gBACV,MAAM,CAAC,WAAW,CAAC,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS,EAAE,cAAc,CAAC,EAAE,EAAE,CAAC,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,EAAE,cAAc,CAAC,CAAC,CAAC;aAC5H,CAAC,CACH;SACF,CAAC,CACH,CAAA;IACH,CAAC;CACF;AA1aD,0DA0aC","sourcesContent":["import { KeyPair } from './RSA'\nimport { hex2ua, notConcurrent, ua2hex } from '../utils'\nimport { IccDataOwnerXApi } from '../icc-data-owner-x-api'\nimport { CryptoPrimitives } from './CryptoPrimitives'\nimport { IccDeviceApi, IccHcpartyApi, IccPatientApi } from '../../icc-api'\nimport { CryptoActorStub, CryptoActorStubWithType } from '../../icc-api/model/CryptoActorStub'\nimport { DataOwnerTypeEnum } from '../../icc-api/model/DataOwnerTypeEnum'\n\n/**\n * @internal This class is meant only for internal use and may be changed without notice.\n * Functions to create and get exchange keys.\n * The methods of this api require to pass the appropriate keys for encryption/decryption manually.\n */\nexport class BaseExchangeKeysManager {\n private readonly generateKeyConcurrencyMap: { [key: string]: PromiseLike<any> } = {}\n private readonly primitives: CryptoPrimitives\n private readonly dataOwnerApi: IccDataOwnerXApi\n private readonly hcpartyBaseApi: IccHcpartyApi\n private readonly patientBaseApi: IccPatientApi\n private readonly deviceBaseApi: IccDeviceApi\n\n constructor(\n primitives: CryptoPrimitives,\n dataOwnerApi: IccDataOwnerXApi,\n hcpartyBaseApi: IccHcpartyApi,\n patientBaseApi: IccPatientApi,\n deviceBaseApi: IccDeviceApi\n ) {\n this.primitives = primitives\n this.dataOwnerApi = dataOwnerApi\n this.hcpartyBaseApi = hcpartyBaseApi\n this.patientBaseApi = patientBaseApi\n this.deviceBaseApi = deviceBaseApi\n }\n\n /**\n * Creates a new exchange key from the current data owner to a delegate, or updates an existing one allowing additional public keys to access it.\n * @param delegateId the delegate data owner id.\n * @param delegatorMainKeyPair main key pair for the delegator. The private key will be used for the decryption of the existing key in case of\n * update, and the public key will be used as entry key of the aesExchangeKey map\n * @param additionalPublicKeys all public keys of key pairs other than {@link delegatorMainKeyPair} that need to have access to the exchange key.\n * Can be a mix of crypto keys and full hex-encoded spki format (no fingerprints).\n * @return the exchange key for the delegator-delegate-delegatorKey triple (new or existing) and the updated delegator.\n */\n async createOrUpdateEncryptedExchangeKeyTo(\n delegateId: string,\n delegatorMainKeyPair: KeyPair<CryptoKey>,\n additionalPublicKeys: { [keyFingerprint: string]: CryptoKey }\n ): Promise<{\n updatedDelegator: CryptoActorStubWithType\n key: CryptoKey\n }> {\n const delegatorId = await this.dataOwnerApi.getCurrentDataOwnerId()\n return await notConcurrent(this.generateKeyConcurrencyMap, delegatorId, async () => {\n const delegator = CryptoActorStubWithType.fromDataOwner(await this.dataOwnerApi.getCurrentDataOwner())\n const delegate = delegatorId === delegateId ? delegator : await this.dataOwnerApi.getCryptoActorStub(delegateId)\n const mainDelegatorKeyPairPubHex = ua2hex(await this.primitives.RSA.exportKey(delegatorMainKeyPair.publicKey, 'spki'))\n let exchangeKey: { raw: string; key: CryptoKey } | undefined = undefined\n const existingExchangeKey =\n delegator.stub.aesExchangeKeys?.[mainDelegatorKeyPairPubHex]?.[delegateId]?.[mainDelegatorKeyPairPubHex.slice(-32)] ??\n (mainDelegatorKeyPairPubHex === delegator.stub.publicKey ? delegator.stub.hcPartyKeys?.[delegateId]?.[0] : undefined)\n if (existingExchangeKey) {\n exchangeKey = await this.tryDecryptExchangeKeyWith(existingExchangeKey, delegatorMainKeyPair, undefined)\n if (!exchangeKey)\n throw new Error(\n `Failed to decrypt existing exchange key for update of ${mainDelegatorKeyPairPubHex.slice(-32)}@${delegatorId}->${delegateId}`\n )\n const existingAesExchangeKey = delegator.stub.aesExchangeKeys?.[mainDelegatorKeyPairPubHex]?.[delegateId]\n if (existingAesExchangeKey) {\n const existingPublicKeysSet = new Set(existingExchangeKey)\n if (Object.keys(additionalPublicKeys).every((fp) => existingPublicKeysSet.has(fp)))\n return {\n updatedDelegator: delegator,\n key: exchangeKey.key,\n }\n }\n }\n const allPublicKeys = {\n ...additionalPublicKeys,\n [mainDelegatorKeyPairPubHex.slice(-32)]: delegatorMainKeyPair.publicKey,\n }\n const encryptedKeyInfo = await this.encryptExchangeKey(exchangeKey, allPublicKeys)\n let updatedDelegatorPublicKey: string\n if (delegator.stub.publicKey == '') {\n if (Object.entries(delegator.stub.hcPartyKeys ?? {}).length > 0)\n throw new Error(`Data owner ${delegator.stub.id} has \"\" as public key but has non-empty hcPartyKeys`)\n updatedDelegatorPublicKey = mainDelegatorKeyPairPubHex\n } else {\n updatedDelegatorPublicKey = delegator.stub.publicKey ?? mainDelegatorKeyPairPubHex\n }\n const updatedStub: CryptoActorStub = {\n ...delegator.stub,\n aesExchangeKeys: await this.updateExchangeKeys(delegator, delegate, mainDelegatorKeyPairPubHex, encryptedKeyInfo.encryptedExchangeKey),\n publicKey: updatedDelegatorPublicKey,\n }\n if (delegator.stub.publicKey === mainDelegatorKeyPairPubHex) {\n updatedStub.hcPartyKeys = this.updateLegacyExchangeKeys(delegator, delegate, encryptedKeyInfo.encryptedExchangeKey)\n }\n const updatedDelegator = await this.dataOwnerApi.modifyCryptoActorStub({\n type: delegator.type,\n stub: updatedStub,\n })\n return {\n key: encryptedKeyInfo.exchangeKey,\n updatedDelegator,\n }\n })\n }\n\n /**\n * Updates the aes exchange keys between the current data owner and another data owner to allow the other data owner to access the exchange key\n * using his new public key. Note that this will make existing exchange keys from the other data owner to the current data owner invalid for\n * encryption.\n * @param otherDataOwner the other data owner.\n * @param newDataOwnerPublicKey a new public key of the other data owner.\n * @param keyPairsByFingerprint all available key pairs to use for the decryption of existing aes exchange keys.\n */\n async giveAccessBackTo(\n otherDataOwner: string,\n newDataOwnerPublicKey: string,\n keyPairsByFingerprint: { [publicKeyFingerprint: string]: KeyPair<CryptoKey> }\n ) {\n const selfId = await this.dataOwnerApi.getCurrentDataOwnerId()\n const newPublicKey = await this.primitives.RSA.importKey('spki', hex2ua(newDataOwnerPublicKey), ['encrypt'])\n await this.extendForGiveAccessBackTo(selfId, otherDataOwner, newDataOwnerPublicKey.slice(-32), newPublicKey, keyPairsByFingerprint)\n await this.extendForGiveAccessBackTo(otherDataOwner, selfId, newDataOwnerPublicKey.slice(-32), newPublicKey, keyPairsByFingerprint)\n }\n\n /**\n * Get the encrypted exchange keys for a delegator-delegate pair.\n * @param delegatorId id of the delegator data owner.\n * @param delegateId id of the delegate data owner.\n * @return an array of exchange keys from the delegator to delegate where each key is encrypted with one or more public keys.\n */\n async getEncryptedExchangeKeysFor(delegatorId: string, delegateId: string): Promise<{ [publicKeyFingerprint: string]: string }[]> {\n const delegator = await this.dataOwnerApi.getCryptoActorStub(delegatorId)\n const res: { [publicKeyFingerprint: string]: string }[] = Object.values(delegator.stub.aesExchangeKeys ?? {}).flatMap((delegateToKey) => {\n const encryptedKeyForDelegate = delegateToKey[delegateId]\n if (encryptedKeyForDelegate) {\n return [encryptedKeyForDelegate]\n } else {\n return []\n }\n })\n const legacyDelegation = delegator.stub.hcPartyKeys?.[delegateId]?.[1]\n if (legacyDelegation) res.push({ '': legacyDelegation })\n return res\n }\n\n /**\n * Get all exchange keys where the provided data owner is involved either as the delegator or as the delegate.\n * @param dataOwnerId id of a data owner.\n * @param otherOwnerTypes only exchange keys between the current data owner and data owners of this type will be included in the result.\n * @return all exchange keys involving the provided data owner. Note that there may be an overlap between some keys to and from the data owner.\n */\n async getAllExchangeKeysWith(\n dataOwnerId: string,\n otherOwnerTypes: DataOwnerTypeEnum[]\n ): Promise<{\n keysToOwner: { [delegatorId: string]: { [delegatorFp: string]: { [entryFp: string]: string } } }\n keysFromOwner: { [delegatorFp: string]: { [delegateId: string]: { [entryFp: string]: string } } }\n }> {\n if (otherOwnerTypes.length === 0) throw new Error('otherOwnerTypes must not be empty!')\n const keysToOwner = await Promise.all([\n otherOwnerTypes.find((x) => x === DataOwnerTypeEnum.Hcp)\n ? this.hcpartyBaseApi.getAesExchangeKeysForDelegate(dataOwnerId).catch(() => {})\n : Promise.resolve({}),\n otherOwnerTypes.find((x) => x === DataOwnerTypeEnum.Patient)\n ? this.patientBaseApi.getPatientAesExchangeKeysForDelegate(dataOwnerId).catch(() => {})\n : Promise.resolve({}),\n otherOwnerTypes.find((x) => x === DataOwnerTypeEnum.Device)\n ? this.deviceBaseApi.getDeviceAesExchangeKeysForDelegate(dataOwnerId).catch(() => {})\n : Promise.resolve({}),\n ]).then(([a, b, c]) => ({ ...a, ...b, ...c } as { [delegatorId: string]: { [delegatorFp: string]: { [entryFp: string]: string } } }))\n const dataOwner = await this.dataOwnerApi.getCryptoActorStub(dataOwnerId)\n const allOwnerKeys = await this.combineLegacyHcpKeysWithAesExchangeKeys(dataOwner.stub, undefined)\n const filteredDelegates = new Set(\n await Array.from(new Set(Object.values(allOwnerKeys).flatMap((x) => Object.keys(x)))).reduce(async (acc, ownerId) => {\n const awaitedAcc = await acc\n if (ownerId === dataOwnerId) {\n return [...awaitedAcc, ownerId]\n } else {\n const dataOwnerType: DataOwnerTypeEnum = (await this.dataOwnerApi.getCryptoActorStub(ownerId)).type\n if (otherOwnerTypes.some((x) => x === dataOwnerType)) {\n return [...awaitedAcc, ownerId]\n } else return awaitedAcc\n }\n }, Promise.resolve([] as string[]))\n )\n const keysFromOwner = Object.fromEntries(\n Object.entries(allOwnerKeys)\n .map(([delegatorPubKey, delegateToKeys]) => [\n delegatorPubKey,\n Object.fromEntries(\n Object.entries(delegateToKeys).filter(([delegateId]) => filteredDelegates.has(delegateId)) as [string, { [k: string]: string }][]\n ),\n ])\n .filter(([, x]) => Object.keys(x).length > 0) as [string, { [k: string]: { [k: string]: string } }][]\n )\n return { keysToOwner, keysFromOwner }\n }\n\n /**\n * Attempts to decrypt many exchange keys using any of the provided key pairs.\n * @param encryptedExchangeKeys an array of exchange keys where each key is encrypted with one or more public keys.\n * @param keyPairsByFingerprint rsa key pairs to use for decryption.\n * @return an array all successfully decrypted exchange keys and an array containing all exchange keys which could not be decrypted.\n */\n async tryDecryptExchangeKeys(\n encryptedExchangeKeys: { [publicKeyFingerprint: string]: string }[],\n keyPairsByFingerprint: { [publicKeyFingerprint: string]: KeyPair<CryptoKey> }\n ): Promise<{\n successfulDecryptions: CryptoKey[]\n failedDecryptions: { [publicKeyFingerprint: string]: string }[]\n }> {\n const raws = new Set<string>()\n const res: {\n successfulDecryptions: CryptoKey[]\n failedDecryptions: { [publicKeyFingerprint: string]: string }[]\n } = { successfulDecryptions: [], failedDecryptions: [] }\n for (const encryptedExchangeKey of encryptedExchangeKeys) {\n const decrypted = await this.tryDecryptExchangeKey(encryptedExchangeKey, keyPairsByFingerprint)\n if (decrypted !== undefined && !raws.has(decrypted.raw)) {\n raws.add(decrypted.raw)\n res.successfulDecryptions.push(decrypted.key)\n } else {\n res.failedDecryptions.push(encryptedExchangeKey)\n }\n }\n return res\n }\n\n private async extendForGiveAccessBackTo(\n delegatorId: string,\n delegateId: string,\n newPublicKeyFp: string,\n newPublicKey: CryptoKey,\n decryptionKeyPairsByFingerprint: { [publicKeyFingerprint: string]: KeyPair<CryptoKey> }\n ) {\n await notConcurrent(this.generateKeyConcurrencyMap, delegatorId, async () => {\n const delegator = await this.dataOwnerApi.getCryptoActorStub(delegatorId)\n const delegate = await this.dataOwnerApi.getCryptoActorStub(delegateId)\n let didUpdateSomeKey = false\n const combinedKeys = await this.combineLegacyHcpKeysWithAesExchangeKeys(delegator.stub, delegate.stub)\n const updatedExchangeKeys: { [delegatorKey: string]: { [delegateId: string]: { [keyFp: string]: string } } } = {}\n const newEncryptionKeys = { [newPublicKeyFp]: newPublicKey }\n for (const [currDelegatorKey, currDelegatesToKeys] of Object.entries(combinedKeys)) {\n const updatedDelegatesToKeys: { [delegateId: string]: { [keyFp: string]: string } } = {}\n for (const [currDelegateId, currEncryptedKey] of Object.entries(currDelegatesToKeys)) {\n if (delegateId !== currDelegateId || newPublicKeyFp in currEncryptedKey) {\n updatedDelegatesToKeys[currDelegateId] = currEncryptedKey\n } else {\n const decrypted = await this.tryDecryptExchangeKey(currEncryptedKey, decryptionKeyPairsByFingerprint)\n if (decrypted) {\n didUpdateSomeKey = true\n updatedDelegatesToKeys[currDelegateId] = {\n ...currEncryptedKey,\n ...(await this.encryptExchangeKey(decrypted, newEncryptionKeys)).encryptedExchangeKey,\n }\n } else {\n updatedDelegatesToKeys[currDelegateId] = currEncryptedKey\n }\n }\n }\n updatedExchangeKeys[currDelegatorKey] = updatedDelegatesToKeys\n }\n if (didUpdateSomeKey) {\n await this.dataOwnerApi.modifyCryptoActorStub({\n type: delegator.type,\n stub: {\n ...delegator.stub,\n aesExchangeKeys: updatedExchangeKeys,\n },\n })\n }\n })\n }\n\n /**\n * Attempts to decrypt an exchange key using any of the provided key pairs.\n * @param encryptedExchangeKey an encrypted exchange key, in the form publicKeyXyzFingerprint -> hex(exchangeKeyEncryptedByPrivateKeyXyz).\n * @param keyPairsByFingerprint rsa key pairs to use for decryption.\n * @return the decrypted exchange key, in raw and key format (to allow deduplication), or undefined if the key could not be decrypted using the\n * provided keys.\n */\n private async tryDecryptExchangeKey(\n encryptedExchangeKey: { [publicKeyFingerprint: string]: string },\n keyPairsByFingerprint: { [publicKeyFingerprint: string]: KeyPair<CryptoKey> }\n ): Promise<{ raw: string; key: CryptoKey } | undefined> {\n for (const [entryKey, encrypted] of Object.entries(encryptedExchangeKey)) {\n // Due to bugs in past version the entry may actually contain the full public key instead of just the fingerprint.\n const fp = entryKey.slice(-32)\n const keyPair = keyPairsByFingerprint[fp]\n if (keyPair !== undefined) {\n const res = await this.tryDecryptExchangeKeyWith(encrypted, keyPair, fp)\n if (res !== undefined) return res\n }\n }\n const defaultEncryptedKey = encryptedExchangeKey['']\n if (defaultEncryptedKey !== undefined) {\n for (const keyPair of Object.values(keyPairsByFingerprint)) {\n // disable error logging, we are not sure keyPair is the correct key\n const res = await this.tryDecryptExchangeKeyWith(defaultEncryptedKey, keyPair, undefined)\n if (res !== undefined) return res\n }\n }\n return undefined\n }\n\n /**\n * Creates an encrypted exchange key for the provided public keys.\n * @param exchangeKey the exchange key in raw and imported format. If undefined a new key will be automatically created.\n * @param publicKeys additional public keys that will have access to the exchange key in spki format, hex-encoded.\n * @return the exchangeKey and an object with the exchange key encrypted with each of the provided public keys, hex-encoded, by fingerprint.\n */\n private async encryptExchangeKey(\n exchangeKey: { raw: string; key: CryptoKey } | undefined,\n publicKeys: { [keyFingerprint: string]: CryptoKey }\n ): Promise<{\n exchangeKey: CryptoKey\n encryptedExchangeKey: { [pubKeyFp: string]: string }\n }> {\n const exchangeKeyCrypto = exchangeKey?.key ?? (await this.primitives.AES.generateCryptoKey(false))\n const exchangeKeyBytes = exchangeKey !== undefined ? hex2ua(exchangeKey.raw) : await this.primitives.AES.exportKey(exchangeKeyCrypto, 'raw')\n const encryptedExchangeKey = await Object.entries(publicKeys).reduce(\n async (acc, [currKeyFp, currKey]) => ({\n ...(await acc),\n [currKeyFp]: ua2hex(await this.primitives.RSA.encrypt(currKey, new Uint8Array(exchangeKeyBytes))),\n }),\n Promise.resolve({} as { [pubKeyFp: string]: string })\n )\n return { exchangeKey: exchangeKeyCrypto, encryptedExchangeKey }\n }\n\n /**\n * Attempts to decrypt an exchange key using the provided key pairs.\n * If you are confident that the provided {@link keyPair} was used to encrypt {@link encryptedByOneKey} you should also provide {@link keyPairFp},\n * so that if the decryption fail an error will be logged to console before returning undefined.\n * @param encryptedByOneKey an exchange key which may be encrypted with {@link keyPair}.\n * @param keyPair an rsa key pair.\n * @param keyPairFp the fingerprint of the provided key pair or undefined to disable logging of error if the decryption failed.\n * @return the decrypted exchange key, in raw and key format (to allow deduplication), or undefined if the key could not be decrypted using the\n * provided key.\n */\n private async tryDecryptExchangeKeyWith(\n encryptedByOneKey: string,\n keyPair: KeyPair<CryptoKey>,\n keyPairFp: string | undefined // if undefined will not log errors, when we are not sure the key to be used is the provided key.\n ): Promise<{ raw: string; key: CryptoKey } | undefined> {\n try {\n const decrypted = await this.primitives.RSA.decrypt(keyPair.privateKey, hex2ua(encryptedByOneKey))\n return { raw: ua2hex(decrypted), key: await this.primitives.AES.importKey('raw', decrypted) }\n } catch (e) {\n if (keyPairFp) {\n console.error(`Failed to decrypt or import exchange key ${encryptedByOneKey} using key with fingerprint ${keyPairFp}.`, e)\n }\n }\n }\n\n private updateLegacyExchangeKeys(\n delegator: CryptoActorStubWithType,\n delegate: CryptoActorStubWithType,\n encryptedKeyMap: { [fp: string]: string }\n ): { [delegateId: string]: string[] } | undefined {\n const legacyEncryptedKeyDelegator = delegator.stub.publicKey ? encryptedKeyMap[delegator.stub.publicKey] : undefined\n const legacyEncryptedKeyDelegate = delegate.stub.publicKey ? encryptedKeyMap[delegate.stub.publicKey] : undefined\n if (legacyEncryptedKeyDelegator && legacyEncryptedKeyDelegate) {\n return {\n ...(delegator.stub.hcPartyKeys ?? {}),\n [delegate.stub.id!]: [legacyEncryptedKeyDelegator, legacyEncryptedKeyDelegate],\n }\n } else return delegator.stub.hcPartyKeys\n }\n\n private async updateExchangeKeys(\n delegator: CryptoActorStubWithType,\n delegate: CryptoActorStubWithType,\n mainDelegatorKeyPairPubHex: string,\n encryptedKeyMap: { [fp: string]: string }\n ): Promise<{ [ownerPublicKey: string]: { [delegateId: string]: { [fingerprint: string]: string } } }> {\n const combinedAesExchangeKeys = await this.combineLegacyHcpKeysWithAesExchangeKeys(delegator.stub, delegate.stub)\n return this.fixAesExchangeKeyEntriesToFingerprints({\n ...combinedAesExchangeKeys,\n [mainDelegatorKeyPairPubHex]: {\n ...(combinedAesExchangeKeys[mainDelegatorKeyPairPubHex] ?? {}),\n [delegate.stub.id!]: {\n ...(combinedAesExchangeKeys[mainDelegatorKeyPairPubHex]?.[delegate.stub.id!] ?? {}),\n ...encryptedKeyMap,\n },\n },\n })\n }\n\n // Copy all legacy hcp exchange keys into the new aes exchange keys\n private async combineLegacyHcpKeysWithAesExchangeKeys(\n owner: CryptoActorStub,\n delegate: CryptoActorStub | undefined\n ): Promise<{ [ownerPublicKey: string]: { [delegateId: string]: { [fingerprint: string]: string } } }> {\n const ownerLegacyPublicKey = owner.publicKey\n if (ownerLegacyPublicKey && !(owner.aesExchangeKeys ?? {})[ownerLegacyPublicKey]) {\n /*\n * This condition would technically prevent new updates to the hcPartyKeys to be migrated to the aes exchange keys, but since I can only update\n * data for self data owner and parent entities this is not an issue, because I will always be using the new api from now on and I won't have\n * a situation where the legacy keys are updated but the aes exchange keys are not.\n */\n const unknownDataOwnerCounterPartIds = Object.keys(owner.hcPartyKeys ?? {}).filter((x) => x !== owner.id && x !== delegate?.id)\n const counterPartsById = [\n owner,\n ...(delegate ? [delegate] : []),\n ...(await Promise.all(unknownDataOwnerCounterPartIds.map(async (cpid) => (await this.dataOwnerApi.getCryptoActorStub(cpid)).stub))),\n ].reduce((acc, dataOwner) => {\n acc[dataOwner.id!] = dataOwner\n return acc\n }, {} as { [id: string]: CryptoActorStub })\n return {\n [ownerLegacyPublicKey]: Object.entries(owner.hcPartyKeys ?? {}).reduce((acc, [hcpId, keys]) => {\n acc[hcpId] = { [ownerLegacyPublicKey.slice(-32)]: keys[0], [counterPartsById[hcpId]?.publicKey?.slice(-32) ?? '']: keys[1] }\n return acc\n }, {} as { [delegateId: string]: { [fingerprint: string]: string } }),\n ...(owner.aesExchangeKeys ?? {}),\n }\n } else return owner.aesExchangeKeys ?? {}\n }\n\n private fixAesExchangeKeyEntriesToFingerprints(aesExchangeKeys: {\n [delegatorPubKey: string]: { [delegateId: string]: { [pubKeyFp: string]: string } }\n }): { [delegatorPubKey: string]: { [delegateId: string]: { [pubKeyFp: string]: string } } } {\n return Object.fromEntries(\n Object.entries(aesExchangeKeys).map(([delegatorPubKey, allDelegates]) => [\n delegatorPubKey,\n Object.fromEntries(\n Object.entries(allDelegates).map(([delegateId, keyEntries]) => [\n delegateId,\n Object.fromEntries(Object.entries(keyEntries).map(([publicKey, encryptedValue]) => [publicKey.slice(-32), encryptedValue])),\n ])\n ),\n ])\n )\n }\n}\n"]}
1
+ {"version":3,"file":"BaseExchangeKeysManager.js","sourceRoot":"","sources":["../../../icc-x-api/crypto/BaseExchangeKeysManager.ts"],"names":[],"mappings":";;;;;;;;;;;;AACA,oCAAwD;AAIxD,mCAA4D;AAI5D;;;;GAIG;AACH,MAAa,uBAAuB;IAQlC,YACE,UAA4B,EAC5B,YAA8B,EAC9B,cAA6B,EAC7B,cAA6B,EAC7B,aAA2B;QAZZ,8BAAyB,GAAwC,EAAE,CAAA;QAclF,IAAI,CAAC,UAAU,GAAG,UAAU,CAAA;QAC5B,IAAI,CAAC,YAAY,GAAG,YAAY,CAAA;QAChC,IAAI,CAAC,cAAc,GAAG,cAAc,CAAA;QACpC,IAAI,CAAC,cAAc,GAAG,cAAc,CAAA;QACpC,IAAI,CAAC,aAAa,GAAG,aAAa,CAAA;IACpC,CAAC;IAED;;;;;;;OAOG;IACG,gBAAgB,CACpB,cAAsB,EACtB,qBAA6B,EAC7B,qBAA6E;;YAE7E,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,qBAAqB,EAAE,CAAA;YAC9D,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,kBAAkB,CAAC,cAAc,CAAC,CAAA;YACxE,MAAM,iBAAiB,GAAG,IAAA,2BAAmB,EAAC,KAAK,CAAC,IAAI,EAAE,qBAAqB,CAAC,CAAA;YAChF,IAAI,CAAC,iBAAiB;gBAAE,MAAM,IAAI,KAAK,CAAC,uCAAuC,cAAc,EAAE,CAAC,CAAA;YAChG,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,SAAS,CAAC,MAAM,EAAE,IAAA,cAAM,EAAC,qBAAqB,CAAC,EAAE,CAAC,SAAS,CAAC,EAAE,iBAAiB,CAAC,CAAA;YAC/H,MAAM,IAAI,CAAC,yBAAyB,CAAC,MAAM,EAAE,cAAc,EAAE,IAAA,qBAAa,EAAC,qBAAqB,CAAC,EAAE,YAAY,EAAE,qBAAqB,CAAC,CAAA;YACvI,MAAM,IAAI,CAAC,yBAAyB,CAAC,cAAc,EAAE,MAAM,EAAE,IAAA,qBAAa,EAAC,qBAAqB,CAAC,EAAE,YAAY,EAAE,qBAAqB,CAAC,CAAA;QACzI,CAAC;KAAA;IAED;;;;;OAKG;IACG,2BAA2B,CAAC,WAAmB,EAAE,UAAkB;;;YACvE,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,kBAAkB,CAAC,WAAW,CAAC,CAAA;YACzE,MAAM,GAAG,GAAiD,MAAM,CAAC,MAAM,CAAC,MAAA,SAAS,CAAC,IAAI,CAAC,eAAe,mCAAI,EAAE,CAAC,CAAC,OAAO,CAAC,CAAC,aAAa,EAAE,EAAE;gBACtI,MAAM,uBAAuB,GAAG,aAAa,CAAC,UAAU,CAAC,CAAA;gBACzD,IAAI,uBAAuB,EAAE;oBAC3B,OAAO,CAAC,uBAAuB,CAAC,CAAA;iBACjC;qBAAM;oBACL,OAAO,EAAE,CAAA;iBACV;YACH,CAAC,CAAC,CAAA;YACF,MAAM,gBAAgB,GAAG,MAAA,MAAA,SAAS,CAAC,IAAI,CAAC,WAAW,0CAAG,UAAU,CAAC,0CAAG,CAAC,CAAC,CAAA;YACtE,IAAI,gBAAgB;gBAAE,GAAG,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,gBAAgB,EAAE,CAAC,CAAA;YACxD,OAAO,GAAG,CAAA;;KACX;IAED;;;;;OAKG;IACG,sBAAsB,CAC1B,WAAmB,EACnB,eAAoC;;YAKpC,IAAI,eAAe,CAAC,MAAM,KAAK,CAAC;gBAAE,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAA;YACvF,MAAM,WAAW,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC;gBACpC,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,6BAA6B,CAAC,WAAW,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC/I,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,SAAS,CAAC;oBAC1C,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,oCAAoC,CAAC,WAAW,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC;oBACvF,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;gBACvB,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,QAAQ,CAAC;oBACzC,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,mCAAmC,CAAC,WAAW,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC;oBACrF,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;aACxB,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,8CAAK,CAAC,GAAK,CAAC,GAAK,CAAC,CAA0F,CAAA,CAAC,CAAA;YACrI,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,kBAAkB,CAAC,WAAW,CAAC,CAAA;YACzE,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,uCAAuC,CAAC,SAAS,CAAC,IAAI,EAAE,SAAS,CAAC,CAAA;YAClG,MAAM,iBAAiB,GAAG,IAAI,GAAG,CAC/B,MAAM,KAAK,CAAC,IAAI,CAAC,IAAI,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAO,GAAG,EAAE,OAAO,EAAE,EAAE;gBAClH,MAAM,UAAU,GAAG,MAAM,GAAG,CAAA;gBAC5B,IAAI,OAAO,KAAK,WAAW,EAAE;oBAC3B,OAAO,CAAC,GAAG,UAAU,EAAE,OAAO,CAAC,CAAA;iBAChC;qBAAM;oBACL,MAAM,aAAa,GAAsB,CAAC,MAAM,IAAI,CAAC,YAAY,CAAC,kBAAkB,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAA;oBACnG,IAAI,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,aAAa,CAAC,EAAE;wBACpD,OAAO,CAAC,GAAG,UAAU,EAAE,OAAO,CAAC,CAAA;qBAChC;;wBAAM,OAAO,UAAU,CAAA;iBACzB;YACH,CAAC,CAAA,EAAE,OAAO,CAAC,OAAO,CAAC,EAAc,CAAC,CAAC,CACpC,CAAA;YACD,MAAM,aAAa,GAAG,MAAM,CAAC,WAAW,CACtC,MAAM,CAAC,OAAO,CAAC,YAAY,CAAC;iBACzB,GAAG,CAAC,CAAC,CAAC,eAAe,EAAE,cAAc,CAAC,EAAE,EAAE,CAAC;gBAC1C,eAAe;gBACf,MAAM,CAAC,WAAW,CAChB,MAAM,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,UAAU,CAAC,EAAE,EAAE,CAAC,iBAAiB,CAAC,GAAG,CAAC,UAAU,CAAC,CAAwC,CAClI;aACF,CAAC;iBACD,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAyD,CACxG,CAAA;YACD,OAAO,EAAE,WAAW,EAAE,aAAa,EAAE,CAAA;QACvC,CAAC;KAAA;IAED;;;;;OAKG;IACG,sBAAsB,CAC1B,qBAAmE,EACnE,qBAA6E;;YAK7E,MAAM,IAAI,GAAG,IAAI,GAAG,EAAU,CAAA;YAC9B,MAAM,GAAG,GAGL,EAAE,qBAAqB,EAAE,EAAE,EAAE,iBAAiB,EAAE,EAAE,EAAE,CAAA;YACxD,KAAK,MAAM,oBAAoB,IAAI,qBAAqB,EAAE;gBACxD,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,qBAAqB,CAAC,oBAAoB,EAAE,qBAAqB,CAAC,CAAA;gBAC/F,IAAI,SAAS,KAAK,SAAS,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,EAAE;oBACvD,IAAI,CAAC,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAA;oBACvB,GAAG,CAAC,qBAAqB,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAA;iBAC9C;qBAAM;oBACL,GAAG,CAAC,iBAAiB,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAA;iBACjD;aACF;YACD,OAAO,GAAG,CAAA;QACZ,CAAC;KAAA;IAEa,yBAAyB,CACrC,WAAmB,EACnB,UAAkB,EAClB,cAAsB,EACtB,YAAuB,EACvB,+BAAuF;;YAEvF,MAAM,IAAA,qBAAa,EAAC,IAAI,CAAC,yBAAyB,EAAE,WAAW,EAAE,GAAS,EAAE;gBAC1E,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,kBAAkB,CAAC,WAAW,CAAC,CAAA;gBACzE,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,kBAAkB,CAAC,UAAU,CAAC,CAAA;gBACvE,IAAI,gBAAgB,GAAG,KAAK,CAAA;gBAC5B,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,uCAAuC,CAAC,SAAS,CAAC,IAAI,EAAE,QAAQ,CAAC,IAAI,CAAC,CAAA;gBACtG,MAAM,mBAAmB,GAAsF,EAAE,CAAA;gBACjH,MAAM,iBAAiB,GAAG,EAAE,CAAC,cAAc,CAAC,EAAE,YAAY,EAAE,CAAA;gBAC5D,KAAK,MAAM,CAAC,gBAAgB,EAAE,mBAAmB,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,YAAY,CAAC,EAAE;oBAClF,MAAM,sBAAsB,GAA0D,EAAE,CAAA;oBACxF,KAAK,MAAM,CAAC,cAAc,EAAE,gBAAgB,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,mBAAmB,CAAC,EAAE;wBACpF,IAAI,UAAU,KAAK,cAAc,IAAI,cAAc,IAAI,gBAAgB,EAAE;4BACvE,sBAAsB,CAAC,cAAc,CAAC,GAAG,gBAAgB,CAAA;yBAC1D;6BAAM;4BACL,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,qBAAqB,CAAC,gBAAgB,EAAE,+BAA+B,CAAC,CAAA;4BACrG,IAAI,SAAS,EAAE;gCACb,gBAAgB,GAAG,IAAI,CAAA;gCACvB,sBAAsB,CAAC,cAAc,CAAC,mCACjC,gBAAgB,GAChB,CAAC,MAAM,IAAI,CAAC,kBAAkB,CAAC,SAAS,EAAE,iBAAiB,CAAC,CAAC,CAAC,oBAAoB,CACtF,CAAA;6BACF;iCAAM;gCACL,sBAAsB,CAAC,cAAc,CAAC,GAAG,gBAAgB,CAAA;6BAC1D;yBACF;qBACF;oBACD,mBAAmB,CAAC,gBAAgB,CAAC,GAAG,sBAAsB,CAAA;iBAC/D;gBACD,IAAI,gBAAgB,EAAE;oBACpB,MAAM,IAAI,CAAC,YAAY,CAAC,qBAAqB,CAAC;wBAC5C,IAAI,EAAE,SAAS,CAAC,IAAI;wBACpB,IAAI,kCACC,SAAS,CAAC,IAAI,KACjB,eAAe,EAAE,mBAAmB,GACrC;qBACF,CAAC,CAAA;iBACH;YACH,CAAC,CAAA,CAAC,CAAA;QACJ,CAAC;KAAA;IAED;;;;;;OAMG;IACW,qBAAqB,CACjC,oBAAgE,EAChE,qBAA6E;;YAE7E,KAAK,MAAM,CAAC,QAAQ,EAAE,SAAS,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,oBAAoB,CAAC,EAAE;gBACxE,kHAAkH;gBAClH,MAAM,EAAE,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAA;gBAC9B,MAAM,OAAO,GAAG,qBAAqB,CAAC,EAAE,CAAC,CAAA;gBACzC,IAAI,OAAO,KAAK,SAAS,EAAE;oBACzB,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,yBAAyB,CAAC,SAAS,EAAE,OAAO,EAAE,EAAE,CAAC,CAAA;oBACxE,IAAI,GAAG,KAAK,SAAS;wBAAE,OAAO,GAAG,CAAA;iBAClC;aACF;YACD,MAAM,mBAAmB,GAAG,oBAAoB,CAAC,EAAE,CAAC,CAAA;YACpD,IAAI,mBAAmB,KAAK,SAAS,EAAE;gBACrC,KAAK,MAAM,OAAO,IAAI,MAAM,CAAC,MAAM,CAAC,qBAAqB,CAAC,EAAE;oBAC1D,oEAAoE;oBACpE,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,yBAAyB,CAAC,mBAAmB,EAAE,OAAO,EAAE,SAAS,CAAC,CAAA;oBACzF,IAAI,GAAG,KAAK,SAAS;wBAAE,OAAO,GAAG,CAAA;iBAClC;aACF;YACD,OAAO,SAAS,CAAA;QAClB,CAAC;KAAA;IAED;;;;;OAKG;IACW,kBAAkB,CAC9B,WAAwD,EACxD,UAAmD;;;YAKnD,MAAM,iBAAiB,GAAG,MAAA,WAAW,aAAX,WAAW,uBAAX,WAAW,CAAE,GAAG,mCAAI,CAAC,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,iBAAiB,CAAC,KAAK,CAAC,CAAC,CAAA;YAClG,MAAM,gBAAgB,GAAG,WAAW,KAAK,SAAS,CAAC,CAAC,CAAC,IAAA,cAAM,EAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,SAAS,CAAC,iBAAiB,EAAE,KAAK,CAAC,CAAA;YAC5I,MAAM,oBAAoB,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,MAAM,CAClE,CAAO,GAAG,EAAE,CAAC,SAAS,EAAE,OAAO,CAAC,EAAE,EAAE;gBAAC,OAAA,iCAChC,CAAC,MAAM,GAAG,CAAC,KACd,CAAC,SAAS,CAAC,EAAE,IAAA,cAAM,EAAC,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,OAAO,EAAE,IAAI,UAAU,CAAC,gBAAgB,CAAC,CAAC,CAAC,IACjG,CAAA;cAAA,EACF,OAAO,CAAC,OAAO,CAAC,EAAoC,CAAC,CACtD,CAAA;YACD,OAAO,EAAE,WAAW,EAAE,iBAAiB,EAAE,oBAAoB,EAAE,CAAA;;KAChE;IAED;;;;;;;;;OASG;IACW,yBAAyB,CACrC,iBAAyB,EACzB,OAA2B,EAC3B,SAA6B,CAAC,iGAAiG;;;YAE/H,IAAI;gBACF,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,OAAO,CAAC,UAAU,EAAE,IAAA,cAAM,EAAC,iBAAiB,CAAC,CAAC,CAAA;gBAClG,OAAO,EAAE,GAAG,EAAE,IAAA,cAAM,EAAC,SAAS,CAAC,EAAE,GAAG,EAAE,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,SAAS,CAAC,KAAK,EAAE,SAAS,CAAC,EAAE,CAAA;aAC9F;YAAC,OAAO,CAAC,EAAE;gBACV,IAAI,SAAS,EAAE;oBACb,OAAO,CAAC,KAAK,CAAC,4CAA4C,iBAAiB,+BAA+B,SAAS,GAAG,EAAE,CAAC,CAAC,CAAA;iBAC3H;aACF;QACH,CAAC;KAAA;IAEO,wBAAwB,CAC9B,SAAkC,EAClC,QAAiC,EACjC,eAAyC;;QAEzC,MAAM,2BAA2B,GAAG,SAAS,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,SAAS,CAAA;QACpH,MAAM,0BAA0B,GAAG,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,eAAe,CAAC,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,SAAS,CAAA;QACjH,IAAI,2BAA2B,IAAI,0BAA0B,EAAE;YAC7D,uCACK,CAAC,MAAA,SAAS,CAAC,IAAI,CAAC,WAAW,mCAAI,EAAE,CAAC,KACrC,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAG,CAAC,EAAE,CAAC,2BAA2B,EAAE,0BAA0B,CAAC,IAC/E;SACF;;YAAM,OAAO,SAAS,CAAC,IAAI,CAAC,WAAW,CAAA;IAC1C,CAAC;IAED,mEAAmE;IACrD,uCAAuC,CACnD,KAAsB,EACtB,QAAqC;;;YAErC,MAAM,oBAAoB,GAAG,KAAK,CAAC,SAAS,CAAA;YAC5C,IAAI,oBAAoB,IAAI,CAAC,CAAC,MAAA,KAAK,CAAC,eAAe,mCAAI,EAAE,CAAC,CAAC,oBAAoB,CAAC,EAAE;gBAChF;;;;mBAIG;gBACH,MAAM,8BAA8B,GAAG,MAAM,CAAC,IAAI,CAAC,MAAA,KAAK,CAAC,WAAW,mCAAI,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,KAAK,CAAC,EAAE,IAAI,CAAC,MAAK,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,EAAE,CAAA,CAAC,CAAA;gBAC/H,MAAM,gBAAgB,GAAG;oBACvB,KAAK;oBACL,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;oBAC/B,GAAG,CAAC,MAAM,OAAO,CAAC,GAAG,CAAC,8BAA8B,CAAC,GAAG,CAAC,CAAO,IAAI,EAAE,EAAE,gDAAC,OAAA,CAAC,MAAM,IAAI,CAAC,YAAY,CAAC,kBAAkB,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAA,GAAA,CAAC,CAAC,CAAC;iBACpI,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,SAAS,EAAE,EAAE;oBAC1B,GAAG,CAAC,SAAS,CAAC,EAAG,CAAC,GAAG,SAAS,CAAA;oBAC9B,OAAO,GAAG,CAAA;gBACZ,CAAC,EAAE,EAAuC,CAAC,CAAA;gBAC3C,uBACE,CAAC,oBAAoB,CAAC,EAAE,MAAM,CAAC,OAAO,CAAC,MAAA,KAAK,CAAC,WAAW,mCAAI,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,CAAC,KAAK,EAAE,IAAI,CAAC,EAAE,EAAE;;wBAC5F,GAAG,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,oBAAoB,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,MAAA,MAAA,MAAA,gBAAgB,CAAC,KAAK,CAAC,0CAAE,SAAS,0CAAE,KAAK,CAAC,CAAC,EAAE,CAAC,mCAAI,EAAE,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC,EAAE,CAAA;wBAC5H,OAAO,GAAG,CAAA;oBACZ,CAAC,EAAE,EAAiE,CAAC,IAClE,CAAC,MAAA,KAAK,CAAC,eAAe,mCAAI,EAAE,CAAC,EACjC;aACF;;gBAAM,OAAO,MAAA,KAAK,CAAC,eAAe,mCAAI,EAAE,CAAA;;KAC1C;CACF;AA9TD,0DA8TC","sourcesContent":["import { KeyPair } from './RSA'\nimport { hex2ua, notConcurrent, ua2hex } from '../utils'\nimport { DataOwner, IccDataOwnerXApi } from '../icc-data-owner-x-api'\nimport { CryptoPrimitives } from './CryptoPrimitives'\nimport { IccDeviceApi, IccHcpartyApi, IccPatientApi } from '../../icc-api'\nimport { fingerprintV1, getShaVersionForKey } from './utils'\nimport { CryptoActorStub, CryptoActorStubWithType } from '../../icc-api/model/CryptoActorStub'\nimport { DataOwnerTypeEnum } from '../../icc-api/model/DataOwnerTypeEnum'\n\n/**\n * @internal This class is meant only for internal use and may be changed without notice.\n * Functions to create and get exchange keys.\n * The methods of this api require to pass the appropriate keys for encryption/decryption manually.\n */\nexport class BaseExchangeKeysManager {\n private readonly generateKeyConcurrencyMap: { [key: string]: PromiseLike<any> } = {}\n private readonly primitives: CryptoPrimitives\n private readonly dataOwnerApi: IccDataOwnerXApi\n private readonly hcpartyBaseApi: IccHcpartyApi\n private readonly patientBaseApi: IccPatientApi\n private readonly deviceBaseApi: IccDeviceApi\n\n constructor(\n primitives: CryptoPrimitives,\n dataOwnerApi: IccDataOwnerXApi,\n hcpartyBaseApi: IccHcpartyApi,\n patientBaseApi: IccPatientApi,\n deviceBaseApi: IccDeviceApi\n ) {\n this.primitives = primitives\n this.dataOwnerApi = dataOwnerApi\n this.hcpartyBaseApi = hcpartyBaseApi\n this.patientBaseApi = patientBaseApi\n this.deviceBaseApi = deviceBaseApi\n }\n\n /**\n * Updates the aes exchange keys between the current data owner and another data owner to allow the other data owner to access the exchange key\n * using his new public key. Note that this will make existing exchange keys from the other data owner to the current data owner invalid for\n * encryption.\n * @param otherDataOwner the other data owner.\n * @param newDataOwnerPublicKey a new public key of the other data owner.\n * @param keyPairsByFingerprint all available key pairs to use for the decryption of existing aes exchange keys.\n */\n async giveAccessBackTo(\n otherDataOwner: string,\n newDataOwnerPublicKey: string,\n keyPairsByFingerprint: { [publicKeyFingerprint: string]: KeyPair<CryptoKey> }\n ) {\n const selfId = await this.dataOwnerApi.getCurrentDataOwnerId()\n const other = await this.dataOwnerApi.getCryptoActorStub(otherDataOwner)\n const newKeyHashVersion = getShaVersionForKey(other.stub, newDataOwnerPublicKey)\n if (!newKeyHashVersion) throw new Error(`Public key not found for data owner ${otherDataOwner}`)\n const newPublicKey = await this.primitives.RSA.importKey('spki', hex2ua(newDataOwnerPublicKey), ['encrypt'], newKeyHashVersion)\n await this.extendForGiveAccessBackTo(selfId, otherDataOwner, fingerprintV1(newDataOwnerPublicKey), newPublicKey, keyPairsByFingerprint)\n await this.extendForGiveAccessBackTo(otherDataOwner, selfId, fingerprintV1(newDataOwnerPublicKey), newPublicKey, keyPairsByFingerprint)\n }\n\n /**\n * Get the encrypted exchange keys for a delegator-delegate pair.\n * @param delegatorId id of the delegator data owner.\n * @param delegateId id of the delegate data owner.\n * @return an array of exchange keys from the delegator to delegate where each key is encrypted with one or more public keys.\n */\n async getEncryptedExchangeKeysFor(delegatorId: string, delegateId: string): Promise<{ [publicKeyFingerprint: string]: string }[]> {\n const delegator = await this.dataOwnerApi.getCryptoActorStub(delegatorId)\n const res: { [publicKeyFingerprint: string]: string }[] = Object.values(delegator.stub.aesExchangeKeys ?? {}).flatMap((delegateToKey) => {\n const encryptedKeyForDelegate = delegateToKey[delegateId]\n if (encryptedKeyForDelegate) {\n return [encryptedKeyForDelegate]\n } else {\n return []\n }\n })\n const legacyDelegation = delegator.stub.hcPartyKeys?.[delegateId]?.[1]\n if (legacyDelegation) res.push({ '': legacyDelegation })\n return res\n }\n\n /**\n * Get all exchange keys where the provided data owner is involved either as the delegator or as the delegate.\n * @param dataOwnerId id of a data owner.\n * @param otherOwnerTypes only exchange keys between the current data owner and data owners of this type will be included in the result.\n * @return all exchange keys involving the provided data owner. Note that there may be an overlap between some keys to and from the data owner.\n */\n async getAllExchangeKeysWith(\n dataOwnerId: string,\n otherOwnerTypes: DataOwnerTypeEnum[]\n ): Promise<{\n keysToOwner: { [delegatorId: string]: { [delegatorFp: string]: { [entryFp: string]: string } } }\n keysFromOwner: { [delegatorFp: string]: { [delegateId: string]: { [entryFp: string]: string } } }\n }> {\n if (otherOwnerTypes.length === 0) throw new Error('otherOwnerTypes must not be empty!')\n const keysToOwner = await Promise.all([\n otherOwnerTypes.find((x) => x === 'hcp') ? this.hcpartyBaseApi.getAesExchangeKeysForDelegate(dataOwnerId).catch(() => {}) : Promise.resolve({}),\n otherOwnerTypes.find((x) => x === 'patient')\n ? this.patientBaseApi.getPatientAesExchangeKeysForDelegate(dataOwnerId).catch(() => {})\n : Promise.resolve({}),\n otherOwnerTypes.find((x) => x === 'device')\n ? this.deviceBaseApi.getDeviceAesExchangeKeysForDelegate(dataOwnerId).catch(() => {})\n : Promise.resolve({}),\n ]).then(([a, b, c]) => ({ ...a, ...b, ...c } as { [delegatorId: string]: { [delegatorFp: string]: { [entryFp: string]: string } } }))\n const dataOwner = await this.dataOwnerApi.getCryptoActorStub(dataOwnerId)\n const allOwnerKeys = await this.combineLegacyHcpKeysWithAesExchangeKeys(dataOwner.stub, undefined)\n const filteredDelegates = new Set(\n await Array.from(new Set(Object.values(allOwnerKeys).flatMap((x) => Object.keys(x)))).reduce(async (acc, ownerId) => {\n const awaitedAcc = await acc\n if (ownerId === dataOwnerId) {\n return [...awaitedAcc, ownerId]\n } else {\n const dataOwnerType: DataOwnerTypeEnum = (await this.dataOwnerApi.getCryptoActorStub(ownerId)).type\n if (otherOwnerTypes.some((x) => x === dataOwnerType)) {\n return [...awaitedAcc, ownerId]\n } else return awaitedAcc\n }\n }, Promise.resolve([] as string[]))\n )\n const keysFromOwner = Object.fromEntries(\n Object.entries(allOwnerKeys)\n .map(([delegatorPubKey, delegateToKeys]) => [\n delegatorPubKey,\n Object.fromEntries(\n Object.entries(delegateToKeys).filter(([delegateId]) => filteredDelegates.has(delegateId)) as [string, { [k: string]: string }][]\n ),\n ])\n .filter(([, x]) => Object.keys(x).length > 0) as [string, { [k: string]: { [k: string]: string } }][]\n )\n return { keysToOwner, keysFromOwner }\n }\n\n /**\n * Attempts to decrypt many exchange keys using any of the provided key pairs.\n * @param encryptedExchangeKeys an array of exchange keys where each key is encrypted with one or more public keys.\n * @param keyPairsByFingerprint rsa key pairs to use for decryption.\n * @return an array all successfully decrypted exchange keys and an array containing all exchange keys which could not be decrypted.\n */\n async tryDecryptExchangeKeys(\n encryptedExchangeKeys: { [publicKeyFingerprint: string]: string }[],\n keyPairsByFingerprint: { [publicKeyFingerprint: string]: KeyPair<CryptoKey> }\n ): Promise<{\n successfulDecryptions: CryptoKey[]\n failedDecryptions: { [publicKeyFingerprint: string]: string }[]\n }> {\n const raws = new Set<string>()\n const res: {\n successfulDecryptions: CryptoKey[]\n failedDecryptions: { [publicKeyFingerprint: string]: string }[]\n } = { successfulDecryptions: [], failedDecryptions: [] }\n for (const encryptedExchangeKey of encryptedExchangeKeys) {\n const decrypted = await this.tryDecryptExchangeKey(encryptedExchangeKey, keyPairsByFingerprint)\n if (decrypted !== undefined && !raws.has(decrypted.raw)) {\n raws.add(decrypted.raw)\n res.successfulDecryptions.push(decrypted.key)\n } else {\n res.failedDecryptions.push(encryptedExchangeKey)\n }\n }\n return res\n }\n\n private async extendForGiveAccessBackTo(\n delegatorId: string,\n delegateId: string,\n newPublicKeyFp: string,\n newPublicKey: CryptoKey,\n decryptionKeyPairsByFingerprint: { [publicKeyFingerprint: string]: KeyPair<CryptoKey> }\n ) {\n await notConcurrent(this.generateKeyConcurrencyMap, delegatorId, async () => {\n const delegator = await this.dataOwnerApi.getCryptoActorStub(delegatorId)\n const delegate = await this.dataOwnerApi.getCryptoActorStub(delegateId)\n let didUpdateSomeKey = false\n const combinedKeys = await this.combineLegacyHcpKeysWithAesExchangeKeys(delegator.stub, delegate.stub)\n const updatedExchangeKeys: { [delegatorKey: string]: { [delegateId: string]: { [keyFp: string]: string } } } = {}\n const newEncryptionKeys = { [newPublicKeyFp]: newPublicKey }\n for (const [currDelegatorKey, currDelegatesToKeys] of Object.entries(combinedKeys)) {\n const updatedDelegatesToKeys: { [delegateId: string]: { [keyFp: string]: string } } = {}\n for (const [currDelegateId, currEncryptedKey] of Object.entries(currDelegatesToKeys)) {\n if (delegateId !== currDelegateId || newPublicKeyFp in currEncryptedKey) {\n updatedDelegatesToKeys[currDelegateId] = currEncryptedKey\n } else {\n const decrypted = await this.tryDecryptExchangeKey(currEncryptedKey, decryptionKeyPairsByFingerprint)\n if (decrypted) {\n didUpdateSomeKey = true\n updatedDelegatesToKeys[currDelegateId] = {\n ...currEncryptedKey,\n ...(await this.encryptExchangeKey(decrypted, newEncryptionKeys)).encryptedExchangeKey,\n }\n } else {\n updatedDelegatesToKeys[currDelegateId] = currEncryptedKey\n }\n }\n }\n updatedExchangeKeys[currDelegatorKey] = updatedDelegatesToKeys\n }\n if (didUpdateSomeKey) {\n await this.dataOwnerApi.modifyCryptoActorStub({\n type: delegator.type,\n stub: {\n ...delegator.stub,\n aesExchangeKeys: updatedExchangeKeys,\n },\n })\n }\n })\n }\n\n /**\n * Attempts to decrypt an exchange key using any of the provided key pairs.\n * @param encryptedExchangeKey an encrypted exchange key, in the form publicKeyXyzFingerprint -> hex(exchangeKeyEncryptedByPrivateKeyXyz).\n * @param keyPairsByFingerprint rsa key pairs to use for decryption.\n * @return the decrypted exchange key, in raw and key format (to allow deduplication), or undefined if the key could not be decrypted using the\n * provided keys.\n */\n private async tryDecryptExchangeKey(\n encryptedExchangeKey: { [publicKeyFingerprint: string]: string },\n keyPairsByFingerprint: { [publicKeyFingerprint: string]: KeyPair<CryptoKey> }\n ): Promise<{ raw: string; key: CryptoKey } | undefined> {\n for (const [entryKey, encrypted] of Object.entries(encryptedExchangeKey)) {\n // Due to bugs in past version the entry may actually contain the full public key instead of just the fingerprint.\n const fp = entryKey.slice(-32)\n const keyPair = keyPairsByFingerprint[fp]\n if (keyPair !== undefined) {\n const res = await this.tryDecryptExchangeKeyWith(encrypted, keyPair, fp)\n if (res !== undefined) return res\n }\n }\n const defaultEncryptedKey = encryptedExchangeKey['']\n if (defaultEncryptedKey !== undefined) {\n for (const keyPair of Object.values(keyPairsByFingerprint)) {\n // disable error logging, we are not sure keyPair is the correct key\n const res = await this.tryDecryptExchangeKeyWith(defaultEncryptedKey, keyPair, undefined)\n if (res !== undefined) return res\n }\n }\n return undefined\n }\n\n /**\n * Creates an encrypted exchange key for the provided public keys.\n * @param exchangeKey the exchange key in raw and imported format. If undefined a new key will be automatically created.\n * @param publicKeys additional public keys that will have access to the exchange key in spki format, hex-encoded.\n * @return the exchangeKey and an object with the exchange key encrypted with each of the provided public keys, hex-encoded, by fingerprint.\n */\n private async encryptExchangeKey(\n exchangeKey: { raw: string; key: CryptoKey } | undefined,\n publicKeys: { [keyFingerprint: string]: CryptoKey }\n ): Promise<{\n exchangeKey: CryptoKey\n encryptedExchangeKey: { [pubKeyFp: string]: string }\n }> {\n const exchangeKeyCrypto = exchangeKey?.key ?? (await this.primitives.AES.generateCryptoKey(false))\n const exchangeKeyBytes = exchangeKey !== undefined ? hex2ua(exchangeKey.raw) : await this.primitives.AES.exportKey(exchangeKeyCrypto, 'raw')\n const encryptedExchangeKey = await Object.entries(publicKeys).reduce(\n async (acc, [currKeyFp, currKey]) => ({\n ...(await acc),\n [currKeyFp]: ua2hex(await this.primitives.RSA.encrypt(currKey, new Uint8Array(exchangeKeyBytes))),\n }),\n Promise.resolve({} as { [pubKeyFp: string]: string })\n )\n return { exchangeKey: exchangeKeyCrypto, encryptedExchangeKey }\n }\n\n /**\n * Attempts to decrypt an exchange key using the provided key pairs.\n * If you are confident that the provided {@link keyPair} was used to encrypt {@link encryptedByOneKey} you should also provide {@link keyPairFp},\n * so that if the decryption fail an error will be logged to console before returning undefined.\n * @param encryptedByOneKey an exchange key which may be encrypted with {@link keyPair}.\n * @param keyPair an rsa key pair.\n * @param keyPairFp the fingerprint of the provided key pair or undefined to disable logging of error if the decryption failed.\n * @return the decrypted exchange key, in raw and key format (to allow deduplication), or undefined if the key could not be decrypted using the\n * provided key.\n */\n private async tryDecryptExchangeKeyWith(\n encryptedByOneKey: string,\n keyPair: KeyPair<CryptoKey>,\n keyPairFp: string | undefined // if undefined will not log errors, when we are not sure the key to be used is the provided key.\n ): Promise<{ raw: string; key: CryptoKey } | undefined> {\n try {\n const decrypted = await this.primitives.RSA.decrypt(keyPair.privateKey, hex2ua(encryptedByOneKey))\n return { raw: ua2hex(decrypted), key: await this.primitives.AES.importKey('raw', decrypted) }\n } catch (e) {\n if (keyPairFp) {\n console.error(`Failed to decrypt or import exchange key ${encryptedByOneKey} using key with fingerprint ${keyPairFp}.`, e)\n }\n }\n }\n\n private updateLegacyExchangeKeys(\n delegator: CryptoActorStubWithType,\n delegate: CryptoActorStubWithType,\n encryptedKeyMap: { [fp: string]: string }\n ): { [delegateId: string]: string[] } | undefined {\n const legacyEncryptedKeyDelegator = delegator.stub.publicKey ? encryptedKeyMap[delegator.stub.publicKey] : undefined\n const legacyEncryptedKeyDelegate = delegate.stub.publicKey ? encryptedKeyMap[delegate.stub.publicKey] : undefined\n if (legacyEncryptedKeyDelegator && legacyEncryptedKeyDelegate) {\n return {\n ...(delegator.stub.hcPartyKeys ?? {}),\n [delegate.stub.id!]: [legacyEncryptedKeyDelegator, legacyEncryptedKeyDelegate],\n }\n } else return delegator.stub.hcPartyKeys\n }\n\n // Copy all legacy hcp exchange keys into the new aes exchange keys\n private async combineLegacyHcpKeysWithAesExchangeKeys(\n owner: CryptoActorStub,\n delegate: CryptoActorStub | undefined\n ): Promise<{ [ownerPublicKey: string]: { [delegateId: string]: { [fingerprint: string]: string } } }> {\n const ownerLegacyPublicKey = owner.publicKey\n if (ownerLegacyPublicKey && !(owner.aesExchangeKeys ?? {})[ownerLegacyPublicKey]) {\n /*\n * This condition would technically prevent new updates to the hcPartyKeys to be migrated to the aes exchange keys, but since I can only update\n * data for self data owner and parent entities this is not an issue, because I will always be using the new api from now on and I won't have\n * a situation where the legacy keys are updated but the aes exchange keys are not.\n */\n const unknownDataOwnerCounterPartIds = Object.keys(owner.hcPartyKeys ?? {}).filter((x) => x !== owner.id && x !== delegate?.id)\n const counterPartsById = [\n owner,\n ...(delegate ? [delegate] : []),\n ...(await Promise.all(unknownDataOwnerCounterPartIds.map(async (cpid) => (await this.dataOwnerApi.getCryptoActorStub(cpid)).stub))),\n ].reduce((acc, dataOwner) => {\n acc[dataOwner.id!] = dataOwner\n return acc\n }, {} as { [id: string]: CryptoActorStub })\n return {\n [ownerLegacyPublicKey]: Object.entries(owner.hcPartyKeys ?? {}).reduce((acc, [hcpId, keys]) => {\n acc[hcpId] = { [ownerLegacyPublicKey.slice(-32)]: keys[0], [counterPartsById[hcpId]?.publicKey?.slice(-32) ?? '']: keys[1] }\n return acc\n }, {} as { [delegateId: string]: { [fingerprint: string]: string } }),\n ...(owner.aesExchangeKeys ?? {}),\n }\n } else return owner.aesExchangeKeys ?? {}\n }\n}\n"]}
@@ -1,8 +1,12 @@
1
1
  import { EncryptedEntity } from '../../icc-api/model/models';
2
- import { EntitiesEncryption } from './EntitiesEncryption';
2
+ import { ExtendedApisUtils } from './ExtendedApisUtils';
3
3
  import { CryptoPrimitives } from './CryptoPrimitives';
4
4
  import { IccDataOwnerXApi } from '../icc-data-owner-x-api';
5
+ import { EncryptedEntityWithType, EntityWithDelegationTypeName } from '../utils/EntityWithDelegationTypeName';
6
+ import { EntityShareOrMetadataUpdateRequest } from '../../icc-api/model/requests/EntityShareOrMetadataUpdateRequest';
7
+ import { EntityBulkShareResult } from '../../icc-api/model/requests/EntityBulkShareResult';
5
8
  /**
9
+ * @internal this class is intended for internal use only and may be changed without notice.
6
10
  * This class helps to create confidential medical data in systems where multiple hcps share data with each other using parent hcps: while normally
7
11
  * the hcps would share all data with other hcps part of the same "family" (e.g. an hospital) there are situations where the medical data is
8
12
  * confidential and should only be known by the doctor which created the data. In these situations it is also important that the secret foreign key
@@ -13,17 +17,23 @@ export declare class ConfidentialEntities {
13
17
  private readonly entitiesEncryption;
14
18
  private readonly primitives;
15
19
  private readonly dataOwnerApi;
16
- constructor(entitiesEncryption: EntitiesEncryption, primitives: CryptoPrimitives, dataOwnerApi: IccDataOwnerXApi);
20
+ constructor(entitiesEncryption: ExtendedApisUtils, primitives: CryptoPrimitives, dataOwnerApi: IccDataOwnerXApi);
17
21
  /**
18
22
  * Ensures that the current data owner has access to a confidential secret id for the provided entity: this is an id that is known to the data owner
19
23
  * but is not known by any of his parents. If there is currently no confidential secret id for this entity the method returns a copy of the entity
20
24
  * with a new confidential secret id for the current data owner (the entity in the database won't be updated), else this method returns undefined.
21
25
  * New confidential secret ids will have an appropriate tag, but existing confidential secret ids may not necessarily have it.
22
26
  * @param entity an entity which needs to have a confidential secret id for the current data owner
23
- * @return undefined if the entity already had a confidential secret id for the current user, or the updated entity with the new confidential secret
24
- * id.
27
+ * @param entityType the type of the entity
28
+ * @param doRequestBulkShareOrUpdate perform the request to share or update an entity encrypted metadata on the cloud API (and save to DB).
29
+ * @return undefined if the entity already had a confidential secret id for the current user, or the updated AND SAVED entity with the new
30
+ * confidential secret id.
25
31
  */
26
- entityWithInitialisedConfidentialSecretId<T extends EncryptedEntity>(entity: T): Promise<T | undefined>;
32
+ initialiseConfidentialSecretId<T extends EncryptedEntity>(entity: T, entityType: EntityWithDelegationTypeName, doRequestBulkShareOrUpdate: (request: {
33
+ [entityId: string]: {
34
+ [requestId: string]: EntityShareOrMetadataUpdateRequest;
35
+ };
36
+ }) => Promise<EntityBulkShareResult<T>[]>): Promise<T | undefined>;
27
37
  /**
28
38
  * Get an existing confidential secret id of the provided entity for the provided data owner (current data owner by default). A confidential secret
29
39
  * id is a secret id known by the data owner but not known by any of his parents: note however that children will know confidential secret ids.
@@ -31,15 +41,7 @@ export declare class ConfidentialEntities {
31
41
  * @param dataOwnerId (current data owner by default) a data owner for which you want to get a confidential secret id.
32
42
  * @return the confidential secret id or undefined if there is no confidential secret id for the provided data owner.
33
43
  */
34
- getConfidentialSecretId(entity: EncryptedEntity, dataOwnerId?: string): Promise<string | undefined>;
35
- /**
36
- * Gets a secret id known by the topmost parent of the current data owner hierarchy. If there is multiple secret ids shared with the topmost parent
37
- * there is no guarantee on which one will be chosen.
38
- * @param entity an entity.
39
- * @return a secret id known by the topmost parent of the current data owner hierarchy, or undefined if there is no secret id currently available
40
- * for the topmost parent.
41
- */
42
- getAnySecretIdSharedWithParents(entity: EncryptedEntity): Promise<string | undefined>;
44
+ getConfidentialSecretId(entity: EncryptedEntityWithType, dataOwnerId?: string): Promise<string | undefined>;
43
45
  /**
44
46
  * Get all existing confidential secret ids of the provided entity for the provided data owner (current data owner by default). A confidential secret
45
47
  * id is a secret id known by the data owner but not known by any of his parents: note however that children will know confidential secret ids.
@@ -47,12 +49,20 @@ export declare class ConfidentialEntities {
47
49
  * @param dataOwnerId (current data owner by default) a data owner for which you want to get a confidential secret id.
48
50
  * @return the confidential secret ids for the data owner (may be empty).
49
51
  */
50
- getConfidentialSecretIds(entity: EncryptedEntity, dataOwnerId?: string): Promise<string[]>;
52
+ getConfidentialSecretIds(entity: EncryptedEntityWithType, dataOwnerId?: string): Promise<string[]>;
53
+ /**
54
+ * Gets a secret id known by the topmost parent of the current data owner hierarchy. If there is multiple secret ids shared with the topmost parent
55
+ * there is no guarantee on which one will be chosen.
56
+ * @param entity an entity.
57
+ * @return a secret id known by the topmost parent of the current data owner hierarchy, or undefined if there is no secret id currently available
58
+ * for the topmost parent.
59
+ */
60
+ getAnySecretIdSharedWithParents(entity: EncryptedEntityWithType): Promise<string | undefined>;
51
61
  /**
52
62
  * Gets all secret ids known by the topmost parent of the current data owner hierarchy (or all secret ids known by the current data owner if he is
53
63
  * not part of any data owner hierarchy).
54
64
  * @param entity an entity.
55
65
  * @return all secret ids known by the topmost parent of the current data owner hierarchy, may be empty.
56
66
  */
57
- getSecretIdsSharedWithParents(entity: EncryptedEntity): Promise<string[]>;
67
+ getSecretIdsSharedWithParents(entity: EncryptedEntityWithType): Promise<string[]>;
58
68
  }
@@ -10,7 +10,11 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
10
10
  };
11
11
  Object.defineProperty(exports, "__esModule", { value: true });
12
12
  exports.ConfidentialEntities = void 0;
13
+ const ShareMetadataBehaviour_1 = require("./ShareMetadataBehaviour");
14
+ const EntityShareRequest_1 = require("../../icc-api/model/requests/EntityShareRequest");
15
+ var RequestedPermissionEnum = EntityShareRequest_1.EntityShareRequest.RequestedPermissionEnum;
13
16
  /**
17
+ * @internal this class is intended for internal use only and may be changed without notice.
14
18
  * This class helps to create confidential medical data in systems where multiple hcps share data with each other using parent hcps: while normally
15
19
  * the hcps would share all data with other hcps part of the same "family" (e.g. an hospital) there are situations where the medical data is
16
20
  * confidential and should only be known by the doctor which created the data. In these situations it is also important that the secret foreign key
@@ -29,15 +33,24 @@ class ConfidentialEntities {
29
33
  * with a new confidential secret id for the current data owner (the entity in the database won't be updated), else this method returns undefined.
30
34
  * New confidential secret ids will have an appropriate tag, but existing confidential secret ids may not necessarily have it.
31
35
  * @param entity an entity which needs to have a confidential secret id for the current data owner
32
- * @return undefined if the entity already had a confidential secret id for the current user, or the updated entity with the new confidential secret
33
- * id.
36
+ * @param entityType the type of the entity
37
+ * @param doRequestBulkShareOrUpdate perform the request to share or update an entity encrypted metadata on the cloud API (and save to DB).
38
+ * @return undefined if the entity already had a confidential secret id for the current user, or the updated AND SAVED entity with the new
39
+ * confidential secret id.
34
40
  */
35
- entityWithInitialisedConfidentialSecretId(entity) {
41
+ initialiseConfidentialSecretId(entity, entityType, doRequestBulkShareOrUpdate) {
36
42
  return __awaiter(this, void 0, void 0, function* () {
37
- if (yield this.getConfidentialSecretId(entity))
43
+ if (yield this.getConfidentialSecretId({ entity, type: entityType }))
38
44
  return undefined;
39
45
  const confidentialSecretId = this.primitives.randomUuid();
40
- return yield this.entitiesEncryption.entityWithExtendedEncryptedMetadata(entity, yield this.dataOwnerApi.getCurrentDataOwnerId(), [confidentialSecretId], [], [], ['confidential']);
46
+ return (yield this.entitiesEncryption.simpleShareOrUpdateEncryptedEntityMetadata({ entity, type: entityType }, false, {
47
+ [yield this.dataOwnerApi.getCurrentDataOwnerId()]: {
48
+ shareEncryptionKeys: ShareMetadataBehaviour_1.ShareMetadataBehaviour.NEVER,
49
+ shareOwningEntityIds: ShareMetadataBehaviour_1.ShareMetadataBehaviour.NEVER,
50
+ shareSecretIds: [confidentialSecretId],
51
+ requestedPermissions: RequestedPermissionEnum.MAX_WRITE,
52
+ },
53
+ }, (request) => doRequestBulkShareOrUpdate(request))).updatedEntityOrThrow;
41
54
  });
42
55
  }
43
56
  /**
@@ -52,18 +65,6 @@ class ConfidentialEntities {
52
65
  return this.getConfidentialSecretIds(entity, dataOwnerId).then((x) => x[0]);
53
66
  });
54
67
  }
55
- /**
56
- * Gets a secret id known by the topmost parent of the current data owner hierarchy. If there is multiple secret ids shared with the topmost parent
57
- * there is no guarantee on which one will be chosen.
58
- * @param entity an entity.
59
- * @return a secret id known by the topmost parent of the current data owner hierarchy, or undefined if there is no secret id currently available
60
- * for the topmost parent.
61
- */
62
- getAnySecretIdSharedWithParents(entity) {
63
- return __awaiter(this, void 0, void 0, function* () {
64
- return (yield this.getSecretIdsSharedWithParents(entity))[0];
65
- });
66
- }
67
68
  /**
68
69
  * Get all existing confidential secret ids of the provided entity for the provided data owner (current data owner by default). A confidential secret
69
70
  * id is a secret id known by the data owner but not known by any of his parents: note however that children will know confidential secret ids.
@@ -83,6 +84,18 @@ class ConfidentialEntities {
83
84
  return keysForDataOwner.extracted.filter((k) => !hierarchySecretIds.some((x) => x.ownerId !== chosenDataOwnerId && x.extracted.includes(k)));
84
85
  });
85
86
  }
87
+ /**
88
+ * Gets a secret id known by the topmost parent of the current data owner hierarchy. If there is multiple secret ids shared with the topmost parent
89
+ * there is no guarantee on which one will be chosen.
90
+ * @param entity an entity.
91
+ * @return a secret id known by the topmost parent of the current data owner hierarchy, or undefined if there is no secret id currently available
92
+ * for the topmost parent.
93
+ */
94
+ getAnySecretIdSharedWithParents(entity) {
95
+ return __awaiter(this, void 0, void 0, function* () {
96
+ return (yield this.getSecretIdsSharedWithParents(entity))[0];
97
+ });
98
+ }
86
99
  /**
87
100
  * Gets all secret ids known by the topmost parent of the current data owner hierarchy (or all secret ids known by the current data owner if he is
88
101
  * not part of any data owner hierarchy).
@@ -1 +1 @@
1
- {"version":3,"file":"ConfidentialEntities.js","sourceRoot":"","sources":["../../../icc-x-api/crypto/ConfidentialEntities.ts"],"names":[],"mappings":";;;;;;;;;;;;AAKA;;;;;;GAMG;AACH,MAAa,oBAAoB;IAC/B,YACmB,kBAAsC,EACtC,UAA4B,EAC5B,YAA8B;QAF9B,uBAAkB,GAAlB,kBAAkB,CAAoB;QACtC,eAAU,GAAV,UAAU,CAAkB;QAC5B,iBAAY,GAAZ,YAAY,CAAkB;IAC9C,CAAC;IAEJ;;;;;;;;OAQG;IACG,yCAAyC,CAA4B,MAAS;;YAClF,IAAI,MAAM,IAAI,CAAC,uBAAuB,CAAC,MAAM,CAAC;gBAAE,OAAO,SAAS,CAAA;YAChE,MAAM,oBAAoB,GAAG,IAAI,CAAC,UAAU,CAAC,UAAU,EAAE,CAAA;YACzD,OAAO,MAAM,IAAI,CAAC,kBAAkB,CAAC,mCAAmC,CACtE,MAAM,EACN,MAAM,IAAI,CAAC,YAAY,CAAC,qBAAqB,EAAE,EAC/C,CAAC,oBAAoB,CAAC,EACtB,EAAE,EACF,EAAE,EACF,CAAC,cAAc,CAAC,CACjB,CAAA;QACH,CAAC;KAAA;IAED;;;;;;OAMG;IACG,uBAAuB,CAAC,MAAuB,EAAE,WAAoB;;YACzE,OAAO,IAAI,CAAC,wBAAwB,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAA;QAC7E,CAAC;KAAA;IAED;;;;;;OAMG;IACG,+BAA+B,CAAC,MAAuB;;YAC3D,OAAO,CAAC,MAAM,IAAI,CAAC,6BAA6B,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAA;QAC9D,CAAC;KAAA;IAED;;;;;;OAMG;IACG,wBAAwB,CAAC,MAAuB,EAAE,WAAoB;;YAC1E,iJAAiJ;YACjJ,MAAM,iBAAiB,GAAG,WAAW,aAAX,WAAW,cAAX,WAAW,GAAI,CAAC,MAAM,IAAI,CAAC,YAAY,CAAC,qBAAqB,EAAE,CAAC,CAAA;YAC1F,MAAM,kBAAkB,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,mCAAmC,CAAC,iBAAiB,CAAC,CAAA;YACzG,MAAM,kBAAkB,GAAG,CAAC,MAAM,IAAI,CAAC,kBAAkB,CAAC,0BAA0B,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CACzG,kBAAkB,CAAC,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,CACvC,CAAA;YACD,MAAM,gBAAgB,GAAG,kBAAkB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,KAAK,iBAAiB,CAAC,CAAA;YAExF,IAAI,CAAC,gBAAgB;gBAAE,OAAO,EAAE,CAAA;YAChC,OAAO,gBAAgB,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,kBAAkB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,KAAK,iBAAiB,IAAI,CAAC,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAA;QAC9I,CAAC;KAAA;IAED;;;;;OAKG;IACG,6BAA6B,CAAC,MAAuB;;YACzD,OAAO,CAAC,MAAM,IAAI,CAAC,kBAAkB,CAAC,0BAA0B,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAA;QACxF,CAAC;KAAA;CACF;AAhFD,oDAgFC","sourcesContent":["import { EncryptedEntity } from '../../icc-api/model/models'\nimport { EntitiesEncryption } from './EntitiesEncryption'\nimport { CryptoPrimitives } from './CryptoPrimitives'\nimport { IccDataOwnerXApi } from '../icc-data-owner-x-api'\n\n/**\n * This class helps to create confidential medical data in systems where multiple hcps share data with each other using parent hcps: while normally\n * the hcps would share all data with other hcps part of the same \"family\" (e.g. an hospital) there are situations where the medical data is\n * confidential and should only be known by the doctor which created the data. In these situations it is also important that the secret foreign key\n * used in the confidential data is not known by other members of the hcp family, otherwise they may be able to draw some links between the medical\n * data and the patient.\n */\nexport class ConfidentialEntities {\n constructor(\n private readonly entitiesEncryption: EntitiesEncryption,\n private readonly primitives: CryptoPrimitives,\n private readonly dataOwnerApi: IccDataOwnerXApi\n ) {}\n\n /**\n * Ensures that the current data owner has access to a confidential secret id for the provided entity: this is an id that is known to the data owner\n * but is not known by any of his parents. If there is currently no confidential secret id for this entity the method returns a copy of the entity\n * with a new confidential secret id for the current data owner (the entity in the database won't be updated), else this method returns undefined.\n * New confidential secret ids will have an appropriate tag, but existing confidential secret ids may not necessarily have it.\n * @param entity an entity which needs to have a confidential secret id for the current data owner\n * @return undefined if the entity already had a confidential secret id for the current user, or the updated entity with the new confidential secret\n * id.\n */\n async entityWithInitialisedConfidentialSecretId<T extends EncryptedEntity>(entity: T): Promise<T | undefined> {\n if (await this.getConfidentialSecretId(entity)) return undefined\n const confidentialSecretId = this.primitives.randomUuid()\n return await this.entitiesEncryption.entityWithExtendedEncryptedMetadata(\n entity,\n await this.dataOwnerApi.getCurrentDataOwnerId(),\n [confidentialSecretId],\n [],\n [],\n ['confidential']\n )\n }\n\n /**\n * Get an existing confidential secret id of the provided entity for the provided data owner (current data owner by default). A confidential secret\n * id is a secret id known by the data owner but not known by any of his parents: note however that children will know confidential secret ids.\n * @param entity an entity for which you want to retrieve the confidential secret id.\n * @param dataOwnerId (current data owner by default) a data owner for which you want to get a confidential secret id.\n * @return the confidential secret id or undefined if there is no confidential secret id for the provided data owner.\n */\n async getConfidentialSecretId(entity: EncryptedEntity, dataOwnerId?: string): Promise<string | undefined> {\n return this.getConfidentialSecretIds(entity, dataOwnerId).then((x) => x[0])\n }\n\n /**\n * Gets a secret id known by the topmost parent of the current data owner hierarchy. If there is multiple secret ids shared with the topmost parent\n * there is no guarantee on which one will be chosen.\n * @param entity an entity.\n * @return a secret id known by the topmost parent of the current data owner hierarchy, or undefined if there is no secret id currently available\n * for the topmost parent.\n */\n async getAnySecretIdSharedWithParents(entity: EncryptedEntity): Promise<string | undefined> {\n return (await this.getSecretIdsSharedWithParents(entity))[0]\n }\n\n /**\n * Get all existing confidential secret ids of the provided entity for the provided data owner (current data owner by default). A confidential secret\n * id is a secret id known by the data owner but not known by any of his parents: note however that children will know confidential secret ids.\n * @param entity an entity for which you want to retrieve the confidential secret id.\n * @param dataOwnerId (current data owner by default) a data owner for which you want to get a confidential secret id.\n * @return the confidential secret ids for the data owner (may be empty).\n */\n async getConfidentialSecretIds(entity: EncryptedEntity, dataOwnerId?: string): Promise<string[]> {\n // TODO throw exception if any parent key is not available? if we are missing even only one single parent key we can't be sure it is confidential\n const chosenDataOwnerId = dataOwnerId ?? (await this.dataOwnerApi.getCurrentDataOwnerId())\n const dataOwnerHierarchy = await this.dataOwnerApi.getCurrentDataOwnerHierarchyIdsFrom(chosenDataOwnerId)\n const hierarchySecretIds = (await this.entitiesEncryption.secretIdsForHcpHierarchyOf(entity)).filter((x) =>\n dataOwnerHierarchy.includes(x.ownerId)\n )\n const keysForDataOwner = hierarchySecretIds.find((x) => x.ownerId === chosenDataOwnerId)\n\n if (!keysForDataOwner) return []\n return keysForDataOwner.extracted.filter((k) => !hierarchySecretIds.some((x) => x.ownerId !== chosenDataOwnerId && x.extracted.includes(k)))\n }\n\n /**\n * Gets all secret ids known by the topmost parent of the current data owner hierarchy (or all secret ids known by the current data owner if he is\n * not part of any data owner hierarchy).\n * @param entity an entity.\n * @return all secret ids known by the topmost parent of the current data owner hierarchy, may be empty.\n */\n async getSecretIdsSharedWithParents(entity: EncryptedEntity): Promise<string[]> {\n return (await this.entitiesEncryption.secretIdsForHcpHierarchyOf(entity))[0].extracted\n }\n}\n"]}
1
+ {"version":3,"file":"ConfidentialEntities.js","sourceRoot":"","sources":["../../../icc-x-api/crypto/ConfidentialEntities.ts"],"names":[],"mappings":";;;;;;;;;;;;AAKA,qEAAiE;AACjE,wFAAoF;AACpF,IAAO,uBAAuB,GAAG,uCAAkB,CAAC,uBAAuB,CAAA;AAI3E;;;;;;;GAOG;AACH,MAAa,oBAAoB;IAC/B,YACmB,kBAAqC,EACrC,UAA4B,EAC5B,YAA8B;QAF9B,uBAAkB,GAAlB,kBAAkB,CAAmB;QACrC,eAAU,GAAV,UAAU,CAAkB;QAC5B,iBAAY,GAAZ,YAAY,CAAkB;IAC9C,CAAC;IAEJ;;;;;;;;;;OAUG;IACG,8BAA8B,CAClC,MAAS,EACT,UAAwC,EACxC,0BAEyC;;YAEzC,IAAI,MAAM,IAAI,CAAC,uBAAuB,CAAC,EAAE,MAAM,EAAE,IAAI,EAAE,UAAU,EAAE,CAAC;gBAAE,OAAO,SAAS,CAAA;YACtF,MAAM,oBAAoB,GAAG,IAAI,CAAC,UAAU,CAAC,UAAU,EAAE,CAAA;YACzD,OAAO,CACL,MAAM,IAAI,CAAC,kBAAkB,CAAC,0CAA0C,CACtE,EAAE,MAAM,EAAE,IAAI,EAAE,UAAU,EAAE,EAC5B,KAAK,EACL;gBACE,CAAC,MAAM,IAAI,CAAC,YAAY,CAAC,qBAAqB,EAAE,CAAC,EAAE;oBACjD,mBAAmB,EAAE,+CAAsB,CAAC,KAAK;oBACjD,oBAAoB,EAAE,+CAAsB,CAAC,KAAK;oBAClD,cAAc,EAAE,CAAC,oBAAoB,CAAC;oBACtC,oBAAoB,EAAE,uBAAuB,CAAC,SAAS;iBACxD;aACF,EACD,CAAC,OAAO,EAAE,EAAE,CAAC,0BAA0B,CAAC,OAAO,CAAC,CACjD,CACF,CAAC,oBAAoB,CAAA;QACxB,CAAC;KAAA;IAED;;;;;;OAMG;IACG,uBAAuB,CAAC,MAA+B,EAAE,WAAoB;;YACjF,OAAO,IAAI,CAAC,wBAAwB,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAA;QAC7E,CAAC;KAAA;IAED;;;;;;OAMG;IACG,wBAAwB,CAAC,MAA+B,EAAE,WAAoB;;YAClF,iJAAiJ;YACjJ,MAAM,iBAAiB,GAAG,WAAW,aAAX,WAAW,cAAX,WAAW,GAAI,CAAC,MAAM,IAAI,CAAC,YAAY,CAAC,qBAAqB,EAAE,CAAC,CAAA;YAC1F,MAAM,kBAAkB,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,mCAAmC,CAAC,iBAAiB,CAAC,CAAA;YACzG,MAAM,kBAAkB,GAAG,CAAC,MAAM,IAAI,CAAC,kBAAkB,CAAC,0BAA0B,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CACzG,kBAAkB,CAAC,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,CACvC,CAAA;YACD,MAAM,gBAAgB,GAAG,kBAAkB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,KAAK,iBAAiB,CAAC,CAAA;YAExF,IAAI,CAAC,gBAAgB;gBAAE,OAAO,EAAE,CAAA;YAChC,OAAO,gBAAgB,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,kBAAkB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,KAAK,iBAAiB,IAAI,CAAC,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAA;QAC9I,CAAC;KAAA;IAED;;;;;;OAMG;IACG,+BAA+B,CAAC,MAA+B;;YACnE,OAAO,CAAC,MAAM,IAAI,CAAC,6BAA6B,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAA;QAC9D,CAAC;KAAA;IAED;;;;;OAKG;IACG,6BAA6B,CAAC,MAA+B;;YACjE,OAAO,CAAC,MAAM,IAAI,CAAC,kBAAkB,CAAC,0BAA0B,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAA;QACxF,CAAC;KAAA;CACF;AA/FD,oDA+FC","sourcesContent":["import { EncryptedEntity } from '../../icc-api/model/models'\nimport { ExtendedApisUtils } from './ExtendedApisUtils'\nimport { CryptoPrimitives } from './CryptoPrimitives'\nimport { IccDataOwnerXApi } from '../icc-data-owner-x-api'\nimport { EncryptedEntityWithType, EntityWithDelegationTypeName } from '../utils/EntityWithDelegationTypeName'\nimport { ShareMetadataBehaviour } from './ShareMetadataBehaviour'\nimport { EntityShareRequest } from '../../icc-api/model/requests/EntityShareRequest'\nimport RequestedPermissionEnum = EntityShareRequest.RequestedPermissionEnum\nimport { EntityShareOrMetadataUpdateRequest } from '../../icc-api/model/requests/EntityShareOrMetadataUpdateRequest'\nimport { EntityBulkShareResult } from '../../icc-api/model/requests/EntityBulkShareResult'\n\n/**\n * @internal this class is intended for internal use only and may be changed without notice.\n * This class helps to create confidential medical data in systems where multiple hcps share data with each other using parent hcps: while normally\n * the hcps would share all data with other hcps part of the same \"family\" (e.g. an hospital) there are situations where the medical data is\n * confidential and should only be known by the doctor which created the data. In these situations it is also important that the secret foreign key\n * used in the confidential data is not known by other members of the hcp family, otherwise they may be able to draw some links between the medical\n * data and the patient.\n */\nexport class ConfidentialEntities {\n constructor(\n private readonly entitiesEncryption: ExtendedApisUtils,\n private readonly primitives: CryptoPrimitives,\n private readonly dataOwnerApi: IccDataOwnerXApi\n ) {}\n\n /**\n * Ensures that the current data owner has access to a confidential secret id for the provided entity: this is an id that is known to the data owner\n * but is not known by any of his parents. If there is currently no confidential secret id for this entity the method returns a copy of the entity\n * with a new confidential secret id for the current data owner (the entity in the database won't be updated), else this method returns undefined.\n * New confidential secret ids will have an appropriate tag, but existing confidential secret ids may not necessarily have it.\n * @param entity an entity which needs to have a confidential secret id for the current data owner\n * @param entityType the type of the entity\n * @param doRequestBulkShareOrUpdate perform the request to share or update an entity encrypted metadata on the cloud API (and save to DB).\n * @return undefined if the entity already had a confidential secret id for the current user, or the updated AND SAVED entity with the new\n * confidential secret id.\n */\n async initialiseConfidentialSecretId<T extends EncryptedEntity>(\n entity: T,\n entityType: EntityWithDelegationTypeName,\n doRequestBulkShareOrUpdate: (request: {\n [entityId: string]: { [requestId: string]: EntityShareOrMetadataUpdateRequest }\n }) => Promise<EntityBulkShareResult<T>[]>\n ): Promise<T | undefined> {\n if (await this.getConfidentialSecretId({ entity, type: entityType })) return undefined\n const confidentialSecretId = this.primitives.randomUuid()\n return (\n await this.entitiesEncryption.simpleShareOrUpdateEncryptedEntityMetadata(\n { entity, type: entityType },\n false,\n {\n [await this.dataOwnerApi.getCurrentDataOwnerId()]: {\n shareEncryptionKeys: ShareMetadataBehaviour.NEVER,\n shareOwningEntityIds: ShareMetadataBehaviour.NEVER,\n shareSecretIds: [confidentialSecretId],\n requestedPermissions: RequestedPermissionEnum.MAX_WRITE,\n },\n },\n (request) => doRequestBulkShareOrUpdate(request)\n )\n ).updatedEntityOrThrow\n }\n\n /**\n * Get an existing confidential secret id of the provided entity for the provided data owner (current data owner by default). A confidential secret\n * id is a secret id known by the data owner but not known by any of his parents: note however that children will know confidential secret ids.\n * @param entity an entity for which you want to retrieve the confidential secret id.\n * @param dataOwnerId (current data owner by default) a data owner for which you want to get a confidential secret id.\n * @return the confidential secret id or undefined if there is no confidential secret id for the provided data owner.\n */\n async getConfidentialSecretId(entity: EncryptedEntityWithType, dataOwnerId?: string): Promise<string | undefined> {\n return this.getConfidentialSecretIds(entity, dataOwnerId).then((x) => x[0])\n }\n\n /**\n * Get all existing confidential secret ids of the provided entity for the provided data owner (current data owner by default). A confidential secret\n * id is a secret id known by the data owner but not known by any of his parents: note however that children will know confidential secret ids.\n * @param entity an entity for which you want to retrieve the confidential secret id.\n * @param dataOwnerId (current data owner by default) a data owner for which you want to get a confidential secret id.\n * @return the confidential secret ids for the data owner (may be empty).\n */\n async getConfidentialSecretIds(entity: EncryptedEntityWithType, dataOwnerId?: string): Promise<string[]> {\n // TODO throw exception if any parent key is not available? if we are missing even only one single parent key we can't be sure it is confidential\n const chosenDataOwnerId = dataOwnerId ?? (await this.dataOwnerApi.getCurrentDataOwnerId())\n const dataOwnerHierarchy = await this.dataOwnerApi.getCurrentDataOwnerHierarchyIdsFrom(chosenDataOwnerId)\n const hierarchySecretIds = (await this.entitiesEncryption.secretIdsForHcpHierarchyOf(entity)).filter((x) =>\n dataOwnerHierarchy.includes(x.ownerId)\n )\n const keysForDataOwner = hierarchySecretIds.find((x) => x.ownerId === chosenDataOwnerId)\n\n if (!keysForDataOwner) return []\n return keysForDataOwner.extracted.filter((k) => !hierarchySecretIds.some((x) => x.ownerId !== chosenDataOwnerId && x.extracted.includes(k)))\n }\n\n /**\n * Gets a secret id known by the topmost parent of the current data owner hierarchy. If there is multiple secret ids shared with the topmost parent\n * there is no guarantee on which one will be chosen.\n * @param entity an entity.\n * @return a secret id known by the topmost parent of the current data owner hierarchy, or undefined if there is no secret id currently available\n * for the topmost parent.\n */\n async getAnySecretIdSharedWithParents(entity: EncryptedEntityWithType): Promise<string | undefined> {\n return (await this.getSecretIdsSharedWithParents(entity))[0]\n }\n\n /**\n * Gets all secret ids known by the topmost parent of the current data owner hierarchy (or all secret ids known by the current data owner if he is\n * not part of any data owner hierarchy).\n * @param entity an entity.\n * @return all secret ids known by the topmost parent of the current data owner hierarchy, may be empty.\n */\n async getSecretIdsSharedWithParents(entity: EncryptedEntityWithType): Promise<string[]> {\n return (await this.entitiesEncryption.secretIdsForHcpHierarchyOf(entity))[0].extracted\n }\n}\n"]}
@@ -1,7 +1,7 @@
1
1
  import { KeyPair } from './RSA';
2
2
  import { CryptoPrimitives } from './CryptoPrimitives';
3
- import { DataOwnerWithType } from '../../icc-api/model/DataOwnerWithType';
4
3
  import { CryptoActorStubWithType } from '../../icc-api/model/CryptoActorStub';
4
+ import { DataOwnerWithType } from '../../icc-api/model/DataOwnerWithType';
5
5
  /**
6
6
  * Allows to customise the behaviour of the crypto api to better suit your needs.
7
7
  *
@@ -80,4 +80,11 @@ export interface CryptoStrategies {
80
80
  * @return all verified public keys, in spki hex-encoded format.
81
81
  */
82
82
  verifyDelegatePublicKeys(delegate: CryptoActorStubWithType, publicKeys: string[], cryptoPrimitives: CryptoPrimitives): Promise<string[]>;
83
+ /**
84
+ * Specifies if a data owner requires anonymous delegations, i.e. his id should not appear unencrypted in new secure delegations. This should always
85
+ * be the case for patient data owners.
86
+ * @param dataOwner a data owner.
87
+ * @return true if the delegations for the provided data owner should be anonymous.
88
+ */
89
+ dataOwnerRequiresAnonymousDelegation(dataOwner: CryptoActorStubWithType): boolean;
83
90
  }
@@ -1 +1 @@
1
- {"version":3,"file":"CryptoStrategies.js","sourceRoot":"","sources":["../../../icc-x-api/crypto/CryptoStrategies.ts"],"names":[],"mappings":"","sourcesContent":["import { KeyPair } from './RSA'\nimport { CryptoPrimitives } from './CryptoPrimitives'\nimport { DataOwnerWithType } from '../../icc-api/model/DataOwnerWithType'\nimport { CryptoActorStubWithType } from '../../icc-api/model/CryptoActorStub'\n\n/**\n * Allows to customise the behaviour of the crypto api to better suit your needs.\n *\n * An important task which should be done in these crypto strategies is public key verification: in general there is no guarantee that the public keys\n * stored in the iCure database are authentic, i.e. created by the data owner they are associated to. This is because the database admins or a\n * malicious attacker may have added his own public keys to the data owner's public keys.\n * Sharing any kind of data using unverified public keys could potentially cause a data leak: this is why when creating new exchange keys or when\n * creating recovery data only verified keys will be considered. For decrypting existing data instead unverified keys will be used without issues.\n */\nexport interface CryptoStrategies {\n /**\n * Method called during initialisation of the crypto API to validate keys recovered through iCure's recovery methods and/or to allow recovery of\n * missing keys using means external to iCure.\n * On startup the iCure sdk will try to load all keys for the current data owner and its parent hierarchy: if the sdk can't find some of the keys\n * for any of the data owners (according to the public keys for the data owner in the iCure server) and/or the sdk could recover some private keys\n * but can't verify the authenticity of the key pairs this method will be called.\n * The recovered and verified keys will automatically be cached using the current api {@link KeyStorageFacade} and {@link StorageFacade}\n *\n * The input is an array containing an object for each data owner part of the current data owner hierarchy. The objects are ordered from the data\n * for the topmost parent of the current data owner hierarchy (first element) to the data for the current data owner (last element). Each object\n * contains:\n * - dataOwner: the data owner entity that this object refers to\n * - unknownKeys: all public keys (in hex-encoded spki format) of `dataOwner` for which the authenticity status (verified or unverified) is unknown\n * (no result was cached from a previous api instantiation and the key was not generated on the current device).\n * - unavailableKeys: all public keys (in hex-encoded spki format) of `dataOwner` for which the sdk could not recover a private key. May overlap\n * (partially or completely) with `unknownKeys`.\n *\n * The returned value must be an object associating to each data owner id an object with:\n * - `recoveredKeys`: all recovered keys (will be automatically considered as verified), by fingerprint.\n * - `keyAuthenticity`: an object associating to each public key fingerprint its authenticity. Note that if any of the keys from `unknownKeys` is\n * completely missing from this object the key will be considered as unverified in this api instance (same as if associated to false), but this\n * value won't be cached (will be again part of `unknownKeys` in future instances.\n * @param keysData all information on unknown and unavailable keys for each data owner part of the current data owner hierarchy.\n * @param cryptoPrimitives cryptographic primitives you can use to support the process.\n * @return all recovered keys and key authenticity information, by data owner.\n */\n recoverAndVerifySelfHierarchyKeys(\n keysData: {\n dataOwner: DataOwnerWithType\n unknownKeys: string[]\n unavailableKeys: string[]\n }[],\n cryptoPrimitives: CryptoPrimitives\n ): Promise<{\n [dataOwnerId: string]: {\n recoveredKeys: { [keyPairFingerprint: string]: KeyPair<CryptoKey> }\n keyAuthenticity: { [keyPairFingerprint: string]: boolean }\n }\n }>\n\n /**\n * The correct initialisation of the crypto API requires that at least 1 verified (or device) key pair is available for each data owner part of the\n * current data owner hierarchy. If no verified key is available for any of the data owner parents the api initialisation will automatically fail,\n * however if there is no verified key for the current data owner you can instead create a new crypto key.\n * @param self the current data owner.\n * @param cryptoPrimitives cryptographic primitives you can use to support the process.\n * @return depending on which values you return the api initialisation will proceed differently:\n * - If this method returns true a new key will be automatically generated by the sdk.\n * - If this method returns a key pair the crypto api loads the key pair and considers it as a device key.\n * - If this method returns false the initialisation will fail with a predefined error.\n * - If this method throws an error the initialisation will propagate the error.\n */\n generateNewKeyForDataOwner(self: DataOwnerWithType, cryptoPrimitives: CryptoPrimitives): Promise<KeyPair<CryptoKey> | boolean>\n\n /**\n * Verifies if the public keys of a data owner which will be the delegate of a new exchange key do actually belong to the person the data owner\n * represents. This method is not called when the delegate would be the current data owner for the api.\n *\n * The user will have to obtain the verified public keys of the delegate from outside iCure, for example by email with another hcp, by checking the\n * personal website of the other user, or by scanning verification qr codes at the doctor office...\n *\n * As long as one of the public keys is verified the creation of a new exchange key will succeed. If no public key is verified the operation will\n * fail.\n * @param delegate the potential data owner delegate.\n * @param publicKeys public keys requiring verification, in spki hex-encoded format.\n * @param cryptoPrimitives cryptographic primitives you can use to support the process.\n * @return all verified public keys, in spki hex-encoded format.\n */\n verifyDelegatePublicKeys(delegate: CryptoActorStubWithType, publicKeys: string[], cryptoPrimitives: CryptoPrimitives): Promise<string[]>\n}\n"]}
1
+ {"version":3,"file":"CryptoStrategies.js","sourceRoot":"","sources":["../../../icc-x-api/crypto/CryptoStrategies.ts"],"names":[],"mappings":"","sourcesContent":["import { KeyPair } from './RSA'\nimport { CryptoPrimitives } from './CryptoPrimitives'\nimport { CryptoActorStubWithType } from '../../icc-api/model/CryptoActorStub'\nimport { DataOwnerWithType } from '../../icc-api/model/DataOwnerWithType'\n\n/**\n * Allows to customise the behaviour of the crypto api to better suit your needs.\n *\n * An important task which should be done in these crypto strategies is public key verification: in general there is no guarantee that the public keys\n * stored in the iCure database are authentic, i.e. created by the data owner they are associated to. This is because the database admins or a\n * malicious attacker may have added his own public keys to the data owner's public keys.\n * Sharing any kind of data using unverified public keys could potentially cause a data leak: this is why when creating new exchange keys or when\n * creating recovery data only verified keys will be considered. For decrypting existing data instead unverified keys will be used without issues.\n */\nexport interface CryptoStrategies {\n /**\n * Method called during initialisation of the crypto API to validate keys recovered through iCure's recovery methods and/or to allow recovery of\n * missing keys using means external to iCure.\n * On startup the iCure sdk will try to load all keys for the current data owner and its parent hierarchy: if the sdk can't find some of the keys\n * for any of the data owners (according to the public keys for the data owner in the iCure server) and/or the sdk could recover some private keys\n * but can't verify the authenticity of the key pairs this method will be called.\n * The recovered and verified keys will automatically be cached using the current api {@link KeyStorageFacade} and {@link StorageFacade}\n *\n * The input is an array containing an object for each data owner part of the current data owner hierarchy. The objects are ordered from the data\n * for the topmost parent of the current data owner hierarchy (first element) to the data for the current data owner (last element). Each object\n * contains:\n * - dataOwner: the data owner entity that this object refers to\n * - unknownKeys: all public keys (in hex-encoded spki format) of `dataOwner` for which the authenticity status (verified or unverified) is unknown\n * (no result was cached from a previous api instantiation and the key was not generated on the current device).\n * - unavailableKeys: all public keys (in hex-encoded spki format) of `dataOwner` for which the sdk could not recover a private key. May overlap\n * (partially or completely) with `unknownKeys`.\n *\n * The returned value must be an object associating to each data owner id an object with:\n * - `recoveredKeys`: all recovered keys (will be automatically considered as verified), by fingerprint.\n * - `keyAuthenticity`: an object associating to each public key fingerprint its authenticity. Note that if any of the keys from `unknownKeys` is\n * completely missing from this object the key will be considered as unverified in this api instance (same as if associated to false), but this\n * value won't be cached (will be again part of `unknownKeys` in future instances.\n * @param keysData all information on unknown and unavailable keys for each data owner part of the current data owner hierarchy.\n * @param cryptoPrimitives cryptographic primitives you can use to support the process.\n * @return all recovered keys and key authenticity information, by data owner.\n */\n recoverAndVerifySelfHierarchyKeys(\n keysData: {\n dataOwner: DataOwnerWithType\n unknownKeys: string[]\n unavailableKeys: string[]\n }[],\n cryptoPrimitives: CryptoPrimitives\n ): Promise<{\n [dataOwnerId: string]: {\n recoveredKeys: { [keyPairFingerprint: string]: KeyPair<CryptoKey> }\n keyAuthenticity: { [keyPairFingerprint: string]: boolean }\n }\n }>\n\n /**\n * The correct initialisation of the crypto API requires that at least 1 verified (or device) key pair is available for each data owner part of the\n * current data owner hierarchy. If no verified key is available for any of the data owner parents the api initialisation will automatically fail,\n * however if there is no verified key for the current data owner you can instead create a new crypto key.\n * @param self the current data owner.\n * @param cryptoPrimitives cryptographic primitives you can use to support the process.\n * @return depending on which values you return the api initialisation will proceed differently:\n * - If this method returns true a new key will be automatically generated by the sdk.\n * - If this method returns a key pair the crypto api loads the key pair and considers it as a device key.\n * - If this method returns false the initialisation will fail with a predefined error.\n * - If this method throws an error the initialisation will propagate the error.\n */\n generateNewKeyForDataOwner(self: DataOwnerWithType, cryptoPrimitives: CryptoPrimitives): Promise<KeyPair<CryptoKey> | boolean>\n\n /**\n * Verifies if the public keys of a data owner which will be the delegate of a new exchange key do actually belong to the person the data owner\n * represents. This method is not called when the delegate would be the current data owner for the api.\n *\n * The user will have to obtain the verified public keys of the delegate from outside iCure, for example by email with another hcp, by checking the\n * personal website of the other user, or by scanning verification qr codes at the doctor office...\n *\n * As long as one of the public keys is verified the creation of a new exchange key will succeed. If no public key is verified the operation will\n * fail.\n * @param delegate the potential data owner delegate.\n * @param publicKeys public keys requiring verification, in spki hex-encoded format.\n * @param cryptoPrimitives cryptographic primitives you can use to support the process.\n * @return all verified public keys, in spki hex-encoded format.\n */\n verifyDelegatePublicKeys(delegate: CryptoActorStubWithType, publicKeys: string[], cryptoPrimitives: CryptoPrimitives): Promise<string[]>\n\n /**\n * Specifies if a data owner requires anonymous delegations, i.e. his id should not appear unencrypted in new secure delegations. This should always\n * be the case for patient data owners.\n * @param dataOwner a data owner.\n * @return true if the delegations for the provided data owner should be anonymous.\n */\n dataOwnerRequiresAnonymousDelegation(dataOwner: CryptoActorStubWithType): boolean\n}\n"]}
@@ -0,0 +1,44 @@
1
+ import { EncryptedEntityWithType } from '../utils/EntityWithDelegationTypeName';
2
+ import { SecureDelegation } from '../../icc-api/model/SecureDelegation';
3
+ import AccessLevelEnum = SecureDelegation.AccessLevelEnum;
4
+ import { SecureDelegationsSecurityMetadataDecryptor } from './SecureDelegationsSecurityMetadataDecryptor';
5
+ import { ExtendedApisUtils } from './ExtendedApisUtils';
6
+ import { CryptoPrimitives } from './CryptoPrimitives';
7
+ import { AuthenticationProvider } from '../auth/AuthenticationProvider';
8
+ import { AccessControlKeysHeadersProvider } from './AccessControlKeysHeadersProvider';
9
+ import { AccessControlSecretUtils } from './AccessControlSecretUtils';
10
+ import { IccDataOwnerXApi } from '../icc-data-owner-x-api';
11
+ export declare class DelegationsDeAnonymization {
12
+ private readonly dataOwnerApi;
13
+ private readonly secureDelegationsMetadataDecryptor;
14
+ private readonly xapis;
15
+ private readonly cryptoPrimitives;
16
+ private readonly accessControlSecretUtils;
17
+ private readonly accessControlKeysHeadersProvider;
18
+ private readonly delegationKeyMapFieldsToEncrypt;
19
+ private readonly delegationKeyMapApi;
20
+ constructor(dataOwnerApi: IccDataOwnerXApi, secureDelegationsMetadataDecryptor: SecureDelegationsSecurityMetadataDecryptor, xapis: ExtendedApisUtils, cryptoPrimitives: CryptoPrimitives, accessControlSecretUtils: AccessControlSecretUtils, host: string, headers: {
21
+ [key: string]: string;
22
+ }, authenticationProvider: AuthenticationProvider | undefined, fetchImpl: ((input: RequestInfo, init?: RequestInit) => Promise<Response>) | undefined, accessControlKeysHeadersProvider: AccessControlKeysHeadersProvider);
23
+ /**
24
+ * Creates / updates information to allow the data owners in {@link shareWithDataOwners} to de-anonymize the delegations contained within
25
+ * {@link entity}.
26
+ * Note that the delegation de-anonymization information may be used also with other entities of the same type.
27
+ */
28
+ createOrUpdateDeAnonymizationInfo(entityWithType: EncryptedEntityWithType, shareWithDataOwners: string[]): Promise<void>;
29
+ /**
30
+ * Get the data owners which can access the entity. See {@link EncryptedEntityXApi.getDataOwnersWithAccessTo} for more details.
31
+ * @param entityWithType an entity.
32
+ */
33
+ getDataOwnersWithAccessTo(entityWithType: EncryptedEntityWithType): Promise<{
34
+ permissionsByDataOwnerId: {
35
+ [dataOwnerId: string]: AccessLevelEnum;
36
+ };
37
+ hasUnknownAnonymousDataOwners: boolean;
38
+ }>;
39
+ private getDataOwnersWithAccessToSecureDelegations;
40
+ private mergePermissions;
41
+ private getDecryptedSecureDelegationKeyMaps;
42
+ private ensureDelegationKeyMapSharedWith;
43
+ private createSecureDelegationKeyMap;
44
+ }