@icure/api 7.1.16 → 8.0.0-RC.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/icc-api/api/IccAccesslogApi.d.ts +12 -1
- package/icc-api/api/IccAccesslogApi.js +142 -98
- package/icc-api/api/IccAccesslogApi.js.map +1 -1
- package/icc-api/api/IccBemikronoApi.d.ts +81 -0
- package/icc-api/api/IccBemikronoApi.js +163 -0
- package/icc-api/api/IccBemikronoApi.js.map +1 -0
- package/icc-api/api/IccCalendarItemApi.d.ts +21 -1
- package/icc-api/api/IccCalendarItemApi.js +183 -117
- package/icc-api/api/IccCalendarItemApi.js.map +1 -1
- package/icc-api/api/IccClassificationApi.d.ts +21 -1
- package/icc-api/api/IccClassificationApi.js +119 -63
- package/icc-api/api/IccClassificationApi.js.map +1 -1
- package/icc-api/api/IccContactApi.d.ts +21 -1
- package/icc-api/api/IccContactApi.js +385 -294
- package/icc-api/api/IccContactApi.js.map +1 -1
- package/icc-api/api/IccDocumentApi.d.ts +38 -25
- package/icc-api/api/IccDocumentApi.js +279 -212
- package/icc-api/api/IccDocumentApi.js.map +1 -1
- package/icc-api/api/IccExchangeDataApi.d.ts +19 -0
- package/icc-api/api/IccExchangeDataApi.js +85 -0
- package/icc-api/api/IccExchangeDataApi.js.map +1 -0
- package/icc-api/api/IccExchangeDataMapApi.d.ts +18 -0
- package/icc-api/api/IccExchangeDataMapApi.js +65 -0
- package/icc-api/api/IccExchangeDataMapApi.js.map +1 -0
- package/icc-api/api/IccFormApi.d.ts +21 -1
- package/icc-api/api/IccFormApi.js +321 -229
- package/icc-api/api/IccFormApi.js.map +1 -1
- package/icc-api/api/IccHelementApi.d.ts +21 -1
- package/icc-api/api/IccHelementApi.js +207 -137
- package/icc-api/api/IccHelementApi.js.map +1 -1
- package/icc-api/api/IccInvoiceApi.d.ts +21 -1
- package/icc-api/api/IccInvoiceApi.js +404 -298
- package/icc-api/api/IccInvoiceApi.js.map +1 -1
- package/icc-api/api/IccMaintenanceTaskApi.d.ts +12 -1
- package/icc-api/api/IccMaintenanceTaskApi.js +79 -43
- package/icc-api/api/IccMaintenanceTaskApi.js.map +1 -1
- package/icc-api/api/IccMessageApi.d.ts +28 -1
- package/icc-api/api/IccMessageApi.js +294 -191
- package/icc-api/api/IccMessageApi.js.map +1 -1
- package/icc-api/api/IccPatientApi.d.ts +12 -1
- package/icc-api/api/IccPatientApi.js +447 -351
- package/icc-api/api/IccPatientApi.js.map +1 -1
- package/icc-api/api/IccReceiptApi.d.ts +22 -8
- package/icc-api/api/IccReceiptApi.js +121 -64
- package/icc-api/api/IccReceiptApi.js.map +1 -1
- package/icc-api/api/IccRestApiPath.js +1 -1
- package/icc-api/api/IccRestApiPath.js.map +1 -1
- package/icc-api/api/IccSecureDelegationKeyMapApi.d.ts +26 -0
- package/icc-api/api/IccSecureDelegationKeyMapApi.js +71 -0
- package/icc-api/api/IccSecureDelegationKeyMapApi.js.map +1 -0
- package/icc-api/api/IccTimeTableApi.d.ts +12 -1
- package/icc-api/api/IccTimeTableApi.js +86 -48
- package/icc-api/api/IccTimeTableApi.js.map +1 -1
- package/icc-api/api/IccTopicApi.d.ts +90 -0
- package/icc-api/api/IccTopicApi.js +193 -0
- package/icc-api/api/IccTopicApi.js.map +1 -0
- package/icc-api/index.d.ts +2 -0
- package/icc-api/index.js +2 -0
- package/icc-api/index.js.map +1 -1
- package/icc-api/model/AbstractFilterMessage.d.ts +15 -0
- package/icc-api/model/AbstractFilterMessage.js +21 -0
- package/icc-api/model/AbstractFilterMessage.js.map +1 -0
- package/icc-api/model/AbstractFilterTopic.d.ts +15 -0
- package/icc-api/model/AbstractFilterTopic.js +21 -0
- package/icc-api/model/AbstractFilterTopic.js.map +1 -0
- package/icc-api/model/AccessLog.d.ts +2 -0
- package/icc-api/model/AccessLog.js.map +1 -1
- package/icc-api/model/Article.d.ts +2 -0
- package/icc-api/model/Article.js.map +1 -1
- package/icc-api/model/CalendarItem.d.ts +2 -0
- package/icc-api/model/CalendarItem.js.map +1 -1
- package/icc-api/model/Classification.d.ts +2 -0
- package/icc-api/model/Classification.js.map +1 -1
- package/icc-api/model/ClassificationTemplate.d.ts +2 -0
- package/icc-api/model/ClassificationTemplate.js.map +1 -1
- package/icc-api/model/Connection.d.ts +1 -1
- package/icc-api/model/Connection.js.map +1 -1
- package/icc-api/model/Contact.d.ts +2 -0
- package/icc-api/model/Contact.js.map +1 -1
- package/icc-api/model/Device.d.ts +4 -4
- package/icc-api/model/Device.js.map +1 -1
- package/icc-api/model/Document.d.ts +2 -0
- package/icc-api/model/Document.js.map +1 -1
- package/icc-api/model/ExchangeDataMapCreationBatch.d.ts +13 -0
- package/icc-api/model/ExchangeDataMapCreationBatch.js +10 -0
- package/icc-api/model/ExchangeDataMapCreationBatch.js.map +1 -0
- package/icc-api/model/FilterChainMessage.d.ts +19 -0
- package/icc-api/model/FilterChainMessage.js +11 -0
- package/icc-api/model/FilterChainMessage.js.map +1 -0
- package/icc-api/model/FilterChainTopic.d.ts +19 -0
- package/icc-api/model/FilterChainTopic.js +11 -0
- package/icc-api/model/FilterChainTopic.js.map +1 -0
- package/icc-api/model/Form.d.ts +2 -0
- package/icc-api/model/Form.js.map +1 -1
- package/icc-api/model/HealthElement.d.ts +2 -0
- package/icc-api/model/HealthElement.js.map +1 -1
- package/icc-api/model/HealthcareParty.d.ts +2 -2
- package/icc-api/model/HealthcareParty.js +13 -1
- package/icc-api/model/HealthcareParty.js.map +1 -1
- package/icc-api/model/IcureStub.d.ts +2 -0
- package/icc-api/model/IcureStub.js.map +1 -1
- package/icc-api/model/Invoice.d.ts +2 -0
- package/icc-api/model/Invoice.js.map +1 -1
- package/icc-api/model/MaintenanceTask.d.ts +13 -10
- package/icc-api/model/MaintenanceTask.js +13 -11
- package/icc-api/model/MaintenanceTask.js.map +1 -1
- package/icc-api/model/Message.d.ts +2 -0
- package/icc-api/model/Message.js.map +1 -1
- package/icc-api/model/PaginatedListExchangeData.d.ts +9 -0
- package/icc-api/model/PaginatedListExchangeData.js +10 -0
- package/icc-api/model/PaginatedListExchangeData.js.map +1 -0
- package/icc-api/model/PaginatedListTopic.d.ts +20 -0
- package/icc-api/model/PaginatedListTopic.js +10 -0
- package/icc-api/model/PaginatedListTopic.js.map +1 -0
- package/icc-api/model/Patient.d.ts +4 -2
- package/icc-api/model/Patient.js.map +1 -1
- package/icc-api/model/PatientByHcPartyGenderEducationProfession.d.ts +31 -0
- package/icc-api/model/PatientByHcPartyGenderEducationProfession.js +32 -0
- package/icc-api/model/PatientByHcPartyGenderEducationProfession.js.map +1 -0
- package/icc-api/model/Receipt.d.ts +2 -0
- package/icc-api/model/Receipt.js.map +1 -1
- package/icc-api/model/SecureDelegation.d.ts +52 -0
- package/icc-api/model/SecureDelegation.js +16 -0
- package/icc-api/model/SecureDelegation.js.map +1 -0
- package/icc-api/model/SecurityMetadata.d.ts +33 -0
- package/icc-api/model/SecurityMetadata.js +13 -0
- package/icc-api/model/SecurityMetadata.js.map +1 -0
- package/icc-api/model/Service.d.ts +2 -0
- package/icc-api/model/Service.js.map +1 -1
- package/icc-api/model/TimeTable.d.ts +2 -0
- package/icc-api/model/TimeTable.js.map +1 -1
- package/icc-api/model/Topic.d.ts +95 -0
- package/icc-api/model/Topic.js +16 -0
- package/icc-api/model/Topic.js.map +1 -0
- package/icc-api/model/internal/ExchangeData.d.ts +64 -0
- package/icc-api/model/internal/ExchangeData.js +15 -0
- package/icc-api/model/internal/ExchangeData.js.map +1 -0
- package/icc-api/model/internal/ExchangeDataMap.d.ts +24 -0
- package/icc-api/model/internal/ExchangeDataMap.js +13 -0
- package/icc-api/model/internal/ExchangeDataMap.js.map +1 -0
- package/icc-api/model/internal/SecureDelegationKeyMap.d.ts +14 -0
- package/icc-api/model/internal/SecureDelegationKeyMap.js +13 -0
- package/icc-api/model/internal/SecureDelegationKeyMap.js.map +1 -0
- package/icc-api/model/models.d.ts +26 -40
- package/icc-api/model/models.js +19 -37
- package/icc-api/model/models.js.map +1 -1
- package/icc-api/model/requests/EntityBulkShareResult.d.ts +28 -0
- package/icc-api/model/requests/EntityBulkShareResult.js +16 -0
- package/icc-api/model/requests/EntityBulkShareResult.js.map +1 -0
- package/icc-api/model/requests/EntityShareOrMetadataUpdateRequest.d.ts +10 -0
- package/icc-api/model/requests/EntityShareOrMetadataUpdateRequest.js +17 -0
- package/icc-api/model/requests/EntityShareOrMetadataUpdateRequest.js.map +1 -0
- package/icc-api/model/requests/EntityShareRequest.d.ts +110 -0
- package/icc-api/model/requests/EntityShareRequest.js +63 -0
- package/icc-api/model/requests/EntityShareRequest.js.map +1 -0
- package/icc-api/model/requests/EntitySharedMetadataUpdateRequest.d.ts +54 -0
- package/icc-api/model/requests/EntitySharedMetadataUpdateRequest.js +24 -0
- package/icc-api/model/requests/EntitySharedMetadataUpdateRequest.js.map +1 -0
- package/icc-api/model/requests/MinimalEntityBulkShareResult.d.ts +23 -0
- package/icc-api/model/requests/MinimalEntityBulkShareResult.js +13 -0
- package/icc-api/model/requests/MinimalEntityBulkShareResult.js.map +1 -0
- package/icc-api/model/requests/RejectedShareOrMetadataUpdateRequest.d.ts +21 -0
- package/icc-api/model/requests/RejectedShareOrMetadataUpdateRequest.js +14 -0
- package/icc-api/model/requests/RejectedShareOrMetadataUpdateRequest.js.map +1 -0
- package/icc-x-api/basexapi/EncryptedEntityXApi.d.ts +55 -6
- package/icc-x-api/basexapi/EncryptedEntityXApi.js.map +1 -1
- package/icc-x-api/crypto/AES.js +1 -1
- package/icc-x-api/crypto/AES.js.map +1 -1
- package/icc-x-api/crypto/AccessControlKeysHeadersProvider.d.ts +18 -0
- package/icc-x-api/crypto/AccessControlKeysHeadersProvider.js +50 -0
- package/icc-x-api/crypto/AccessControlKeysHeadersProvider.js.map +1 -0
- package/icc-x-api/crypto/AccessControlSecretUtils.d.ts +43 -0
- package/icc-x-api/crypto/AccessControlSecretUtils.js +97 -0
- package/icc-x-api/crypto/AccessControlSecretUtils.js.map +1 -0
- package/icc-x-api/crypto/BaseExchangeDataManager.d.ts +146 -0
- package/icc-x-api/crypto/BaseExchangeDataManager.js +342 -0
- package/icc-x-api/crypto/BaseExchangeDataManager.js.map +1 -0
- package/icc-x-api/crypto/BaseExchangeKeysManager.d.ts +0 -18
- package/icc-x-api/crypto/BaseExchangeKeysManager.js +11 -85
- package/icc-x-api/crypto/BaseExchangeKeysManager.js.map +1 -1
- package/icc-x-api/crypto/ConfidentialEntities.d.ts +26 -16
- package/icc-x-api/crypto/ConfidentialEntities.js +30 -17
- package/icc-x-api/crypto/ConfidentialEntities.js.map +1 -1
- package/icc-x-api/crypto/CryptoStrategies.d.ts +8 -1
- package/icc-x-api/crypto/CryptoStrategies.js.map +1 -1
- package/icc-x-api/crypto/DelegationsDeAnonymization.d.ts +44 -0
- package/icc-x-api/crypto/DelegationsDeAnonymization.js +235 -0
- package/icc-x-api/crypto/DelegationsDeAnonymization.js.map +1 -0
- package/icc-x-api/crypto/ExchangeDataManager.d.ts +97 -0
- package/icc-x-api/crypto/ExchangeDataManager.js +501 -0
- package/icc-x-api/crypto/ExchangeDataManager.js.map +1 -0
- package/icc-x-api/crypto/ExchangeDataMapManager.d.ts +32 -0
- package/icc-x-api/crypto/ExchangeDataMapManager.js +70 -0
- package/icc-x-api/crypto/ExchangeDataMapManager.js.map +1 -0
- package/icc-x-api/crypto/ExchangeKeysManager.d.ts +4 -16
- package/icc-x-api/crypto/ExchangeKeysManager.js +4 -62
- package/icc-x-api/crypto/ExchangeKeysManager.js.map +1 -1
- package/icc-x-api/crypto/ExtendedApisUtils.d.ts +326 -0
- package/icc-x-api/crypto/ExtendedApisUtils.js +3 -0
- package/icc-x-api/crypto/ExtendedApisUtils.js.map +1 -0
- package/icc-x-api/crypto/ExtendedApisUtilsImpl.d.ts +174 -0
- package/icc-x-api/crypto/ExtendedApisUtilsImpl.js +559 -0
- package/icc-x-api/crypto/ExtendedApisUtilsImpl.js.map +1 -0
- package/icc-x-api/crypto/KeyRecovery.d.ts +5 -2
- package/icc-x-api/crypto/KeyRecovery.js +59 -29
- package/icc-x-api/crypto/KeyRecovery.js.map +1 -1
- package/icc-x-api/crypto/LegacyCryptoStrategies.d.ts +7 -2
- package/icc-x-api/crypto/LegacyCryptoStrategies.js +8 -1
- package/icc-x-api/crypto/LegacyCryptoStrategies.js.map +1 -1
- package/icc-x-api/crypto/LegacyDelegationSecurityMetadataDecryptor.d.ts +33 -0
- package/icc-x-api/crypto/LegacyDelegationSecurityMetadataDecryptor.js +141 -0
- package/icc-x-api/crypto/LegacyDelegationSecurityMetadataDecryptor.js.map +1 -0
- package/icc-x-api/crypto/RSA.d.ts +34 -8
- package/icc-x-api/crypto/RSA.js +80 -13
- package/icc-x-api/crypto/RSA.js.map +1 -1
- package/icc-x-api/crypto/SecureDelegationsEncryption.d.ts +54 -0
- package/icc-x-api/crypto/SecureDelegationsEncryption.js +178 -0
- package/icc-x-api/crypto/SecureDelegationsEncryption.js.map +1 -0
- package/icc-x-api/crypto/SecureDelegationsManager.d.ts +66 -0
- package/icc-x-api/crypto/SecureDelegationsManager.js +261 -0
- package/icc-x-api/crypto/SecureDelegationsManager.js.map +1 -0
- package/icc-x-api/crypto/SecureDelegationsSecurityMetadataDecryptor.d.ts +46 -0
- package/icc-x-api/crypto/SecureDelegationsSecurityMetadataDecryptor.js +312 -0
- package/icc-x-api/crypto/SecureDelegationsSecurityMetadataDecryptor.js.map +1 -0
- package/icc-x-api/crypto/SecurityMetadataDecryptor.d.ts +97 -0
- package/icc-x-api/crypto/SecurityMetadataDecryptor.js +79 -0
- package/icc-x-api/crypto/SecurityMetadataDecryptor.js.map +1 -0
- package/icc-x-api/crypto/ShamirKeysManager.d.ts +5 -5
- package/icc-x-api/crypto/ShamirKeysManager.js +6 -9
- package/icc-x-api/crypto/ShamirKeysManager.js.map +1 -1
- package/icc-x-api/crypto/TransferKeysManager.d.ts +8 -6
- package/icc-x-api/crypto/TransferKeysManager.js +75 -52
- package/icc-x-api/crypto/TransferKeysManager.js.map +1 -1
- package/icc-x-api/crypto/{KeyManager.d.ts → UserEncryptionKeysManager.d.ts} +4 -6
- package/icc-x-api/crypto/{KeyManager.js → UserEncryptionKeysManager.js} +43 -23
- package/icc-x-api/crypto/UserEncryptionKeysManager.js.map +1 -0
- package/icc-x-api/crypto/UserSignatureKeysManager.d.ts +26 -0
- package/icc-x-api/crypto/UserSignatureKeysManager.js +74 -0
- package/icc-x-api/crypto/UserSignatureKeysManager.js.map +1 -0
- package/icc-x-api/crypto/utils.d.ts +61 -11
- package/icc-x-api/crypto/utils.js +113 -44
- package/icc-x-api/crypto/utils.js.map +1 -1
- package/icc-x-api/filters/LatestMessageByHcPartyTransportGuidFilter.d.ts +8 -0
- package/icc-x-api/filters/LatestMessageByHcPartyTransportGuidFilter.js +13 -0
- package/icc-x-api/filters/LatestMessageByHcPartyTransportGuidFilter.js.map +1 -0
- package/icc-x-api/filters/MessageByHcPartyFilter.d.ts +7 -0
- package/icc-x-api/filters/MessageByHcPartyFilter.js +13 -0
- package/icc-x-api/filters/MessageByHcPartyFilter.js.map +1 -0
- package/icc-x-api/filters/MessageByHcPartyTransportGuidFilter.d.ts +8 -0
- package/icc-x-api/filters/MessageByHcPartyTransportGuidFilter.js +13 -0
- package/icc-x-api/filters/MessageByHcPartyTransportGuidFilter.js.map +1 -0
- package/icc-x-api/filters/TopicByHcPartyFilter.d.ts +7 -0
- package/icc-x-api/filters/TopicByHcPartyFilter.js +13 -0
- package/icc-x-api/filters/TopicByHcPartyFilter.js.map +1 -0
- package/icc-x-api/filters/TopicByParticipantFilter.d.ts +7 -0
- package/icc-x-api/filters/TopicByParticipantFilter.js +13 -0
- package/icc-x-api/filters/TopicByParticipantFilter.js.map +1 -0
- package/icc-x-api/filters/filters.d.ts +5 -0
- package/icc-x-api/filters/filters.js +5 -0
- package/icc-x-api/filters/filters.js.map +1 -1
- package/icc-x-api/icc-accesslog-x-api.d.ts +49 -12
- package/icc-x-api/icc-accesslog-x-api.js +81 -44
- package/icc-x-api/icc-accesslog-x-api.js.map +1 -1
- package/icc-x-api/icc-calendar-item-x-api.d.ts +53 -15
- package/icc-x-api/icc-calendar-item-x-api.js +105 -51
- package/icc-x-api/icc-calendar-item-x-api.js.map +1 -1
- package/icc-x-api/icc-classification-x-api.d.ts +47 -10
- package/icc-x-api/icc-classification-x-api.js +62 -33
- package/icc-x-api/icc-classification-x-api.js.map +1 -1
- package/icc-x-api/icc-contact-x-api.d.ts +59 -33
- package/icc-x-api/icc-contact-x-api.js +101 -66
- package/icc-x-api/icc-contact-x-api.js.map +1 -1
- package/icc-x-api/icc-crypto-x-api.d.ts +33 -333
- package/icc-x-api/icc-crypto-x-api.js +47 -764
- package/icc-x-api/icc-crypto-x-api.js.map +1 -1
- package/icc-x-api/icc-data-owner-x-api.d.ts +20 -8
- package/icc-x-api/icc-data-owner-x-api.js +31 -10
- package/icc-x-api/icc-data-owner-x-api.js.map +1 -1
- package/icc-x-api/icc-document-x-api.d.ts +51 -12
- package/icc-x-api/icc-document-x-api.js +117 -66
- package/icc-x-api/icc-document-x-api.js.map +1 -1
- package/icc-x-api/icc-form-x-api.d.ts +48 -11
- package/icc-x-api/icc-form-x-api.js +71 -37
- package/icc-x-api/icc-form-x-api.js.map +1 -1
- package/icc-x-api/icc-hcparty-x-api.d.ts +2 -2
- package/icc-x-api/icc-hcparty-x-api.js +3 -3
- package/icc-x-api/icc-hcparty-x-api.js.map +1 -1
- package/icc-x-api/icc-helement-x-api.d.ts +59 -20
- package/icc-x-api/icc-helement-x-api.js +78 -43
- package/icc-x-api/icc-helement-x-api.js.map +1 -1
- package/icc-x-api/icc-icure-maintenance-x-api.d.ts +7 -2
- package/icc-x-api/icc-icure-maintenance-x-api.js +38 -27
- package/icc-x-api/icc-icure-maintenance-x-api.js.map +1 -1
- package/icc-x-api/icc-invoice-x-api.d.ts +53 -16
- package/icc-x-api/icc-invoice-x-api.js +69 -35
- package/icc-x-api/icc-invoice-x-api.js.map +1 -1
- package/icc-x-api/icc-maintenance-task-x-api.d.ts +56 -22
- package/icc-x-api/icc-maintenance-task-x-api.js +77 -36
- package/icc-x-api/icc-maintenance-task-x-api.js.map +1 -1
- package/icc-x-api/icc-message-x-api.d.ts +75 -19
- package/icc-x-api/icc-message-x-api.js +126 -37
- package/icc-x-api/icc-message-x-api.js.map +1 -1
- package/icc-x-api/icc-patient-x-api.d.ts +86 -29
- package/icc-x-api/icc-patient-x-api.js +318 -379
- package/icc-x-api/icc-patient-x-api.js.map +1 -1
- package/icc-x-api/icc-receipt-x-api.d.ts +47 -13
- package/icc-x-api/icc-receipt-x-api.js +72 -36
- package/icc-x-api/icc-receipt-x-api.js.map +1 -1
- package/icc-x-api/icc-time-table-x-api.d.ts +46 -13
- package/icc-x-api/icc-time-table-x-api.js +61 -27
- package/icc-x-api/icc-time-table-x-api.js.map +1 -1
- package/icc-x-api/icc-topic-x-api.d.ts +191 -0
- package/icc-x-api/icc-topic-x-api.js +307 -0
- package/icc-x-api/icc-topic-x-api.js.map +1 -0
- package/icc-x-api/icc-user-x-api.d.ts +2 -2
- package/icc-x-api/icc-user-x-api.js +3 -3
- package/icc-x-api/icc-user-x-api.js.map +1 -1
- package/icc-x-api/index.d.ts +18 -2
- package/icc-x-api/index.js +203 -156
- package/icc-x-api/index.js.map +1 -1
- package/icc-x-api/maintenance/KeyPairUpdateRequest.d.ts +1 -1
- package/icc-x-api/storage/DefaultStorageEntryKeysFactory.d.ts +2 -0
- package/icc-x-api/storage/DefaultStorageEntryKeysFactory.js +9 -2
- package/icc-x-api/storage/DefaultStorageEntryKeysFactory.js.map +1 -1
- package/icc-x-api/storage/IcureStorageFacade.d.ts +23 -2
- package/icc-x-api/storage/IcureStorageFacade.js +36 -2
- package/icc-x-api/storage/IcureStorageFacade.js.map +1 -1
- package/icc-x-api/storage/KeyStorageFacade.d.ts +12 -0
- package/icc-x-api/storage/KeyStorageFacade.js.map +1 -1
- package/icc-x-api/storage/KeyStorageImpl.d.ts +2 -0
- package/icc-x-api/storage/KeyStorageImpl.js +10 -0
- package/icc-x-api/storage/KeyStorageImpl.js.map +1 -1
- package/icc-x-api/storage/StorageEntryKeysFactory.d.ts +14 -1
- package/icc-x-api/storage/StorageEntryKeysFactory.js.map +1 -1
- package/icc-x-api/utils/EntityWithDelegationTypeName.d.ts +32 -0
- package/icc-x-api/utils/EntityWithDelegationTypeName.js +75 -0
- package/icc-x-api/utils/EntityWithDelegationTypeName.js.map +1 -0
- package/icc-x-api/utils/ShareResult.d.ts +74 -0
- package/icc-x-api/utils/ShareResult.js +61 -0
- package/icc-x-api/utils/ShareResult.js.map +1 -0
- package/icc-x-api/utils/binary-utils.d.ts +1 -0
- package/icc-x-api/utils/binary-utils.js +8 -1
- package/icc-x-api/utils/binary-utils.js.map +1 -1
- package/icc-x-api/utils/collection-utils.d.ts +5 -0
- package/icc-x-api/utils/collection-utils.js +26 -1
- package/icc-x-api/utils/collection-utils.js.map +1 -1
- package/icc-x-api/utils/crypto-utils.d.ts +4 -3
- package/icc-x-api/utils/crypto-utils.js +5 -4
- package/icc-x-api/utils/crypto-utils.js.map +1 -1
- package/icc-x-api/utils/lru-temporised-async-cache.d.ts +26 -3
- package/icc-x-api/utils/lru-temporised-async-cache.js +75 -15
- package/icc-x-api/utils/lru-temporised-async-cache.js.map +1 -1
- package/icc-x-api/utils/websocket.d.ts +14 -10
- package/icc-x-api/utils/websocket.js +26 -9
- package/icc-x-api/utils/websocket.js.map +1 -1
- package/index.d.ts +1 -1
- package/index.js +3 -1
- package/index.js.map +1 -1
- package/package.json +2 -3
- package/icc-x-api/crypto/EntitiesEncryption.d.ts +0 -275
- package/icc-x-api/crypto/EntitiesEncryption.js +0 -734
- package/icc-x-api/crypto/EntitiesEncryption.js.map +0 -1
- package/icc-x-api/crypto/KeyManager.js.map +0 -1
|
@@ -0,0 +1,235 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
|
|
3
|
+
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
|
|
4
|
+
return new (P || (P = Promise))(function (resolve, reject) {
|
|
5
|
+
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
|
|
6
|
+
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
|
|
7
|
+
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
|
|
8
|
+
step((generator = generator.apply(thisArg, _arguments || [])).next());
|
|
9
|
+
});
|
|
10
|
+
};
|
|
11
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
12
|
+
exports.DelegationsDeAnonymization = void 0;
|
|
13
|
+
const SecureDelegation_1 = require("../../icc-api/model/SecureDelegation");
|
|
14
|
+
var AccessLevelEnum = SecureDelegation_1.SecureDelegation.AccessLevelEnum;
|
|
15
|
+
const SecureDelegationKeyMap_1 = require("../../icc-api/model/internal/SecureDelegationKeyMap");
|
|
16
|
+
const ShareMetadataBehaviour_1 = require("./ShareMetadataBehaviour");
|
|
17
|
+
const EntityShareRequest_1 = require("../../icc-api/model/requests/EntityShareRequest");
|
|
18
|
+
var RequestedPermissionEnum = EntityShareRequest_1.EntityShareRequest.RequestedPermissionEnum;
|
|
19
|
+
const utils_1 = require("../utils");
|
|
20
|
+
const IccSecureDelegationKeyMapApi_1 = require("../../icc-api/api/IccSecureDelegationKeyMapApi");
|
|
21
|
+
const XHR_1 = require("../../icc-api/api/XHR");
|
|
22
|
+
const AuthenticationProvider_1 = require("../auth/AuthenticationProvider");
|
|
23
|
+
const AccessControlKeysHeadersProvider_1 = require("./AccessControlKeysHeadersProvider");
|
|
24
|
+
// TODO could be optimised using bulk methods
|
|
25
|
+
class DelegationsDeAnonymization {
|
|
26
|
+
constructor(dataOwnerApi, secureDelegationsMetadataDecryptor, xapis, cryptoPrimitives, accessControlSecretUtils, host, headers, authenticationProvider = new AuthenticationProvider_1.NoAuthenticationProvider(), fetchImpl = typeof window !== 'undefined'
|
|
27
|
+
? window.fetch
|
|
28
|
+
: typeof self !== 'undefined'
|
|
29
|
+
? self.fetch
|
|
30
|
+
: fetch, accessControlKeysHeadersProvider) {
|
|
31
|
+
this.dataOwnerApi = dataOwnerApi;
|
|
32
|
+
this.secureDelegationsMetadataDecryptor = secureDelegationsMetadataDecryptor;
|
|
33
|
+
this.xapis = xapis;
|
|
34
|
+
this.cryptoPrimitives = cryptoPrimitives;
|
|
35
|
+
this.accessControlSecretUtils = accessControlSecretUtils;
|
|
36
|
+
this.accessControlKeysHeadersProvider = accessControlKeysHeadersProvider;
|
|
37
|
+
this.delegationKeyMapFieldsToEncrypt = (0, utils_1.parseEncryptedFields)(['delegate', 'delegator'], 'SecureDelegationKeyMap');
|
|
38
|
+
this.delegationKeyMapApi = new IccSecureDelegationKeyMapApi_1.IccSecureDelegationKeyMapApi(host, headers, authenticationProvider, fetchImpl);
|
|
39
|
+
}
|
|
40
|
+
/**
|
|
41
|
+
* Creates / updates information to allow the data owners in {@link shareWithDataOwners} to de-anonymize the delegations contained within
|
|
42
|
+
* {@link entity}.
|
|
43
|
+
* Note that the delegation de-anonymization information may be used also with other entities of the same type.
|
|
44
|
+
*/
|
|
45
|
+
createOrUpdateDeAnonymizationInfo(entityWithType, shareWithDataOwners) {
|
|
46
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
47
|
+
const delegationsDetails = Object.entries(yield this.secureDelegationsMetadataDecryptor.getDelegationMemberDetails(entityWithType)).flatMap(([canonicalKey, delegation]) => {
|
|
48
|
+
var _a, _b;
|
|
49
|
+
const aliases = Object.entries((_b = (_a = entityWithType.entity.securityMetadata) === null || _a === void 0 ? void 0 : _a.keysEquivalences) !== null && _b !== void 0 ? _b : {}).flatMap(([alias, canon]) => {
|
|
50
|
+
if (canon == canonicalKey) {
|
|
51
|
+
return [alias];
|
|
52
|
+
}
|
|
53
|
+
else {
|
|
54
|
+
return [];
|
|
55
|
+
}
|
|
56
|
+
});
|
|
57
|
+
return [[canonicalKey, delegation], ...aliases.map((alias) => [alias, delegation])];
|
|
58
|
+
});
|
|
59
|
+
const delegationsForDeanonInfoSharing = delegationsDetails.filter(([_, delegationInfo]) => {
|
|
60
|
+
// Drop fully explicit ones: they don't need de-anonymization info
|
|
61
|
+
return !delegationInfo.fullyExplicit;
|
|
62
|
+
});
|
|
63
|
+
// A subset of delegations for which deanon info is relevant AND for which we can also create new info instead of sharing only existing one.
|
|
64
|
+
const delegationsForNewDeanonInfoCreation = delegationsForDeanonInfoSharing.filter(([_, delegationInfo]) => {
|
|
65
|
+
// Drop those for which we don't have the full information needed for the creation of new data.
|
|
66
|
+
return !!delegationInfo.delegate && !!delegationInfo.delegator && !!delegationInfo.accessControlSecret;
|
|
67
|
+
});
|
|
68
|
+
const existingDelegationsMap = yield this.getDecryptedSecureDelegationKeyMaps(delegationsForDeanonInfoSharing.map((x) => x[0]), entityWithType.type);
|
|
69
|
+
for (const delMapToShare of existingDelegationsMap) {
|
|
70
|
+
yield this.ensureDelegationKeyMapSharedWith(entityWithType.type, delMapToShare, shareWithDataOwners);
|
|
71
|
+
}
|
|
72
|
+
const existingDelegationsMapKeys = new Set(existingDelegationsMap.map((x) => x.delegationKey));
|
|
73
|
+
const delegationsToCreate = delegationsForNewDeanonInfoCreation.filter(([k, _]) => !existingDelegationsMapKeys.has(k));
|
|
74
|
+
for (const [delKey, membersDetails] of delegationsToCreate) {
|
|
75
|
+
yield this.createSecureDelegationKeyMap(entityWithType.type, delKey, membersDetails, shareWithDataOwners);
|
|
76
|
+
}
|
|
77
|
+
});
|
|
78
|
+
}
|
|
79
|
+
/**
|
|
80
|
+
* Get the data owners which can access the entity. See {@link EncryptedEntityXApi.getDataOwnersWithAccessTo} for more details.
|
|
81
|
+
* @param entityWithType an entity.
|
|
82
|
+
*/
|
|
83
|
+
getDataOwnersWithAccessTo(entityWithType) {
|
|
84
|
+
var _a;
|
|
85
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
86
|
+
return this.mergePermissions([
|
|
87
|
+
yield this.getDataOwnersWithAccessToSecureDelegations(entityWithType),
|
|
88
|
+
{
|
|
89
|
+
permissionsByDataOwnerId: Object.fromEntries(Object.keys((_a = entityWithType.entity.delegations) !== null && _a !== void 0 ? _a : {}).map((k) => [k, AccessLevelEnum.WRITE])),
|
|
90
|
+
hasUnknownAnonymousDataOwners: false,
|
|
91
|
+
},
|
|
92
|
+
]);
|
|
93
|
+
});
|
|
94
|
+
}
|
|
95
|
+
getDataOwnersWithAccessToSecureDelegations(entityWithType) {
|
|
96
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
97
|
+
const secureDelegationDetails = yield this.secureDelegationsMetadataDecryptor.getDelegationMemberDetails(entityWithType);
|
|
98
|
+
const secureDelegationWithUnknownMembers = Object.entries(secureDelegationDetails).flatMap(([canonicalKey, delegation]) => {
|
|
99
|
+
var _a, _b;
|
|
100
|
+
if (!delegation.delegate || !delegation.delegator) {
|
|
101
|
+
const aliases = Object.entries((_b = (_a = entityWithType.entity.securityMetadata) === null || _a === void 0 ? void 0 : _a.keysEquivalences) !== null && _b !== void 0 ? _b : {}).flatMap(([alias, canon]) => {
|
|
102
|
+
if (canon == canonicalKey) {
|
|
103
|
+
return [alias];
|
|
104
|
+
}
|
|
105
|
+
else {
|
|
106
|
+
return [];
|
|
107
|
+
}
|
|
108
|
+
});
|
|
109
|
+
return [{ keys: [canonicalKey, ...aliases], delegation }];
|
|
110
|
+
}
|
|
111
|
+
else {
|
|
112
|
+
return [];
|
|
113
|
+
}
|
|
114
|
+
});
|
|
115
|
+
const secureDelegationKeyMapsByDelegationKey = Object.fromEntries((yield this.getDecryptedSecureDelegationKeyMaps(secureDelegationWithUnknownMembers.flatMap(({ keys }) => keys), entityWithType.type)).map((x) => [x.delegationKey, x]));
|
|
116
|
+
const permissionsByDataOwnerId = {};
|
|
117
|
+
let hasUnknownAnonymousDataOwners = false;
|
|
118
|
+
function addAccess(dataOwnerId, level) {
|
|
119
|
+
if (permissionsByDataOwnerId[dataOwnerId] !== AccessLevelEnum.WRITE) {
|
|
120
|
+
permissionsByDataOwnerId[dataOwnerId] = level;
|
|
121
|
+
}
|
|
122
|
+
}
|
|
123
|
+
for (const delegation of Object.values(secureDelegationDetails)) {
|
|
124
|
+
if (delegation.delegate)
|
|
125
|
+
addAccess(delegation.delegate, delegation.accessLevel);
|
|
126
|
+
if (delegation.delegator)
|
|
127
|
+
addAccess(delegation.delegator, delegation.accessLevel);
|
|
128
|
+
}
|
|
129
|
+
for (const { keys, delegation } of secureDelegationWithUnknownMembers) {
|
|
130
|
+
const bestKey = keys.find((k) => {
|
|
131
|
+
const currMap = secureDelegationKeyMapsByDelegationKey[k];
|
|
132
|
+
return currMap && !!currMap.delegator && !!currMap.delegate;
|
|
133
|
+
});
|
|
134
|
+
if (bestKey) {
|
|
135
|
+
const keyMap = secureDelegationKeyMapsByDelegationKey[bestKey];
|
|
136
|
+
addAccess(keyMap.delegate, delegation.accessLevel);
|
|
137
|
+
addAccess(keyMap.delegator, delegation.accessLevel);
|
|
138
|
+
}
|
|
139
|
+
else {
|
|
140
|
+
hasUnknownAnonymousDataOwners = true;
|
|
141
|
+
}
|
|
142
|
+
}
|
|
143
|
+
return { permissionsByDataOwnerId, hasUnknownAnonymousDataOwners };
|
|
144
|
+
});
|
|
145
|
+
}
|
|
146
|
+
mergePermissions(values) {
|
|
147
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
148
|
+
const accumulatedPermissions = {};
|
|
149
|
+
let hasUnknownAnonymousDataOwners = false;
|
|
150
|
+
for (const v of values) {
|
|
151
|
+
hasUnknownAnonymousDataOwners = hasUnknownAnonymousDataOwners || v.hasUnknownAnonymousDataOwners;
|
|
152
|
+
for (const [dataOwnerId, level] of Object.entries(v.permissionsByDataOwnerId)) {
|
|
153
|
+
if (accumulatedPermissions[dataOwnerId] !== AccessLevelEnum.WRITE) {
|
|
154
|
+
accumulatedPermissions[dataOwnerId] = level;
|
|
155
|
+
}
|
|
156
|
+
}
|
|
157
|
+
}
|
|
158
|
+
return {
|
|
159
|
+
permissionsByDataOwnerId: accumulatedPermissions,
|
|
160
|
+
hasUnknownAnonymousDataOwners,
|
|
161
|
+
};
|
|
162
|
+
});
|
|
163
|
+
}
|
|
164
|
+
getDecryptedSecureDelegationKeyMaps(delegationIds, entityType) {
|
|
165
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
166
|
+
if (delegationIds.length) {
|
|
167
|
+
const encryptedMaps = yield this.delegationKeyMapApi.getByDelegationKeys({ ids: delegationIds }, yield this.accessControlKeysHeadersProvider.getAccessControlKeysHeaders(entityType));
|
|
168
|
+
const res = [];
|
|
169
|
+
for (const encryptedMap of encryptedMaps) {
|
|
170
|
+
// Use the original entity type
|
|
171
|
+
const decryptionResult = yield this.xapis.decryptEntity(encryptedMap, entityType, (x) => new SecureDelegationKeyMap_1.SecureDelegationKeyMap(x));
|
|
172
|
+
if (decryptionResult.decrypted) {
|
|
173
|
+
res.push(decryptionResult.entity);
|
|
174
|
+
}
|
|
175
|
+
}
|
|
176
|
+
return res;
|
|
177
|
+
}
|
|
178
|
+
else
|
|
179
|
+
return [];
|
|
180
|
+
});
|
|
181
|
+
}
|
|
182
|
+
// Important: to avoid potentially leaking links between entities of different types the key map calculates the secure delegation keys using the
|
|
183
|
+
// same entity type as the delegation key for which they are mapping information.
|
|
184
|
+
ensureDelegationKeyMapSharedWith(entityType, keyMap, delegates) {
|
|
185
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
186
|
+
if (!keyMap.delegator || !keyMap.delegate)
|
|
187
|
+
throw new Error('Illegal state: key map is missing delegator or delegate info.');
|
|
188
|
+
const dataOwnersWithAccessToMapThroughDelegation = Object.values(yield this.secureDelegationsMetadataDecryptor.getDelegationMemberDetails({
|
|
189
|
+
type: entityType,
|
|
190
|
+
entity: keyMap,
|
|
191
|
+
}))
|
|
192
|
+
.flatMap((x) => [x.delegate, x.delegator])
|
|
193
|
+
.filter((x) => !!x);
|
|
194
|
+
// Delegator and delegate got access to the entity when it was first created: no need to share with them ever.
|
|
195
|
+
const dataOwnersWithAccessToMap = new Set([keyMap.delegate, keyMap.delegator, ...dataOwnersWithAccessToMapThroughDelegation]);
|
|
196
|
+
const dataOwnersNeedingShare = delegates.filter((x) => !dataOwnersWithAccessToMap.has(x));
|
|
197
|
+
if (dataOwnersNeedingShare.length) {
|
|
198
|
+
;
|
|
199
|
+
(yield this.xapis.simpleShareOrUpdateEncryptedEntityMetadata({ entity: keyMap, type: entityType }, false, Object.fromEntries(dataOwnersNeedingShare.map((x) => [
|
|
200
|
+
x,
|
|
201
|
+
{
|
|
202
|
+
shareSecretIds: [],
|
|
203
|
+
shareEncryptionKeys: ShareMetadataBehaviour_1.ShareMetadataBehaviour.REQUIRED,
|
|
204
|
+
shareOwningEntityIds: ShareMetadataBehaviour_1.ShareMetadataBehaviour.NEVER,
|
|
205
|
+
requestedPermissions: RequestedPermissionEnum.FULL_READ,
|
|
206
|
+
},
|
|
207
|
+
])), (request) => __awaiter(this, void 0, void 0, function* () {
|
|
208
|
+
return this.delegationKeyMapApi.bulkShareSecureDelegationKeyMap(request, yield this.accessControlKeysHeadersProvider.getAccessControlKeysHeaders(entityType));
|
|
209
|
+
}))).updatedEntityOrThrow;
|
|
210
|
+
}
|
|
211
|
+
});
|
|
212
|
+
}
|
|
213
|
+
// Important: to avoid potentially leaking links between entities of different types the key map calculates the secure delegation keys using the
|
|
214
|
+
// same entity type as the delegation key for which they are mapping information.
|
|
215
|
+
createSecureDelegationKeyMap(entityType, delegationKey, delegationMembersDetails, delegates) {
|
|
216
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
217
|
+
if (!delegationMembersDetails.delegate || !delegationMembersDetails.delegator || !delegationMembersDetails.accessControlSecret)
|
|
218
|
+
throw new Error('Illegal state: delegation members details are missing delegate, delegator or access control secret info.');
|
|
219
|
+
const selfDoId = yield this.dataOwnerApi.getCurrentDataOwnerId();
|
|
220
|
+
// Ensure that both the delegator and delegate of the delegation this map refers tho can share it later on, even if they did not create it.
|
|
221
|
+
// Usually either the delegator or delegate are the current data owner, but sometimes also the child of the delegator or delegate can do it.
|
|
222
|
+
const initialDelegates = [delegationMembersDetails.delegate, delegationMembersDetails.delegator, ...delegates].filter((x) => x != selfDoId);
|
|
223
|
+
const initalisedMapInfo = yield this.xapis.entityWithInitialisedEncryptedMetadata({
|
|
224
|
+
id: this.cryptoPrimitives.crypto.randomUUID(),
|
|
225
|
+
delegate: delegationMembersDetails.delegate,
|
|
226
|
+
delegator: delegationMembersDetails.delegator,
|
|
227
|
+
delegationKey: delegationKey,
|
|
228
|
+
}, entityType, undefined, undefined, true, false, Object.fromEntries(initialDelegates.map((x) => [x, AccessLevelEnum.READ])));
|
|
229
|
+
const encryptedKeyMap = yield this.xapis.tryEncryptEntity(initalisedMapInfo.updatedEntity, entityType, this.delegationKeyMapFieldsToEncrypt, false, true, (x) => new SecureDelegationKeyMap_1.SecureDelegationKeyMap(x));
|
|
230
|
+
yield this.delegationKeyMapApi.create(encryptedKeyMap, new XHR_1.XHR.Header(AccessControlKeysHeadersProvider_1.ACCESS_CONTROL_KEYS_HEADER, yield this.accessControlSecretUtils.getEncodedAccessControlKeys([delegationMembersDetails.accessControlSecret], entityType)));
|
|
231
|
+
});
|
|
232
|
+
}
|
|
233
|
+
}
|
|
234
|
+
exports.DelegationsDeAnonymization = DelegationsDeAnonymization;
|
|
235
|
+
//# sourceMappingURL=DelegationsDeAnonymization.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"DelegationsDeAnonymization.js","sourceRoot":"","sources":["../../../icc-x-api/crypto/DelegationsDeAnonymization.ts"],"names":[],"mappings":";;;;;;;;;;;;AACA,2EAAuE;AACvE,IAAO,eAAe,GAAG,mCAAgB,CAAC,eAAe,CAAA;AAEzD,gGAA4F;AAE5F,qEAAiE;AACjE,wFAAoF;AACpF,IAAO,uBAAuB,GAAG,uCAAkB,CAAC,uBAAuB,CAAA;AAE3E,oCAAwE;AACxE,iGAA6F;AAC7F,+CAA2C;AAC3C,2EAAiG;AACjG,yFAAiH;AAIjH,6CAA6C;AAC7C,MAAa,0BAA0B;IAIrC,YACmB,YAA8B,EAC9B,kCAA8E,EAC9E,KAAwB,EACxB,gBAAkC,EAClC,wBAAkD,EACnE,IAAY,EACZ,OAAkC,EAClC,yBAAiD,IAAI,iDAAwB,EAAE,EAC/E,YAA2E,OAAO,MAAM,KAAK,WAAW;QACtG,CAAC,CAAC,MAAM,CAAC,KAAK;QACd,CAAC,CAAC,OAAO,IAAI,KAAK,WAAW;YAC7B,CAAC,CAAC,IAAI,CAAC,KAAK;YACZ,CAAC,CAAC,KAAK,EACQ,gCAAkE;QAblE,iBAAY,GAAZ,YAAY,CAAkB;QAC9B,uCAAkC,GAAlC,kCAAkC,CAA4C;QAC9E,UAAK,GAAL,KAAK,CAAmB;QACxB,qBAAgB,GAAhB,gBAAgB,CAAkB;QAClC,6BAAwB,GAAxB,wBAAwB,CAA0B;QASlD,qCAAgC,GAAhC,gCAAgC,CAAkC;QAEnF,IAAI,CAAC,+BAA+B,GAAG,IAAA,4BAAoB,EAAC,CAAC,UAAU,EAAE,WAAW,CAAC,EAAE,wBAAwB,CAAC,CAAA;QAChH,IAAI,CAAC,mBAAmB,GAAG,IAAI,2DAA4B,CAAC,IAAI,EAAE,OAAO,EAAE,sBAAsB,EAAE,SAAS,CAAC,CAAA;IAC/G,CAAC;IAED;;;;OAIG;IACG,iCAAiC,CAAC,cAAuC,EAAE,mBAA6B;;YAC5G,MAAM,kBAAkB,GAAG,MAAM,CAAC,OAAO,CAAC,MAAM,IAAI,CAAC,kCAAkC,CAAC,0BAA0B,CAAC,cAAc,CAAC,CAAC,CAAC,OAAO,CACzI,CAAC,CAAC,YAAY,EAAE,UAAU,CAAC,EAAE,EAAE;;gBAC7B,MAAM,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC,MAAA,MAAA,cAAc,CAAC,MAAM,CAAC,gBAAgB,0CAAE,gBAAgB,mCAAI,EAAE,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,KAAK,EAAE,KAAK,CAAC,EAAE,EAAE;oBACxH,IAAI,KAAK,IAAI,YAAY,EAAE;wBACzB,OAAO,CAAC,KAAK,CAAC,CAAA;qBACf;yBAAM;wBACL,OAAO,EAAE,CAAA;qBACV;gBACH,CAAC,CAAC,CAAA;gBACF,OAAO,CAAC,CAAC,YAAY,EAAE,UAAU,CAAC,EAAE,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,KAAK,EAAE,UAAU,CAAC,CAAC,CAAyC,CAAA;YAC7H,CAAC,CACF,CAAA;YACD,MAAM,+BAA+B,GAAG,kBAAkB,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,EAAE,EAAE;gBACxF,kEAAkE;gBAClE,OAAO,CAAC,cAAc,CAAC,aAAa,CAAA;YACtC,CAAC,CAAC,CAAA;YACF,4IAA4I;YAC5I,MAAM,mCAAmC,GAAG,+BAA+B,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,EAAE,EAAE;gBACzG,+FAA+F;gBAC/F,OAAO,CAAC,CAAC,cAAc,CAAC,QAAQ,IAAI,CAAC,CAAC,cAAc,CAAC,SAAS,IAAI,CAAC,CAAC,cAAc,CAAC,mBAAmB,CAAA;YACxG,CAAC,CAAC,CAAA;YACF,MAAM,sBAAsB,GAAG,MAAM,IAAI,CAAC,mCAAmC,CAC3E,+BAA+B,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAChD,cAAc,CAAC,IAAI,CACpB,CAAA;YACD,KAAK,MAAM,aAAa,IAAI,sBAAsB,EAAE;gBAClD,MAAM,IAAI,CAAC,gCAAgC,CAAC,cAAc,CAAC,IAAI,EAAE,aAAa,EAAE,mBAAmB,CAAC,CAAA;aACrG;YACD,MAAM,0BAA0B,GAAG,IAAI,GAAG,CAAC,sBAAsB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAA;YAC9F,MAAM,mBAAmB,GAAG,mCAAmC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,0BAA0B,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAA;YACtH,KAAK,MAAM,CAAC,MAAM,EAAE,cAAc,CAAC,IAAI,mBAAmB,EAAE;gBAC1D,MAAM,IAAI,CAAC,4BAA4B,CAAC,cAAc,CAAC,IAAI,EAAE,MAAM,EAAE,cAAc,EAAE,mBAAmB,CAAC,CAAA;aAC1G;QACH,CAAC;KAAA;IAED;;;OAGG;IACG,yBAAyB,CAAC,cAAuC;;;YAIrE,OAAO,IAAI,CAAC,gBAAgB,CAAC;gBAC3B,MAAM,IAAI,CAAC,0CAA0C,CAAC,cAAc,CAAC;gBACrE;oBACE,wBAAwB,EAAE,MAAM,CAAC,WAAW,CAAC,MAAM,CAAC,IAAI,CAAC,MAAA,cAAc,CAAC,MAAM,CAAC,WAAW,mCAAI,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,eAAe,CAAC,KAAK,CAAC,CAAC,CAAC;oBACzI,6BAA6B,EAAE,KAAK;iBACrC;aACF,CAAC,CAAA;;KACH;IAEa,0CAA0C,CAAC,cAAuC;;YAI9F,MAAM,uBAAuB,GAAG,MAAM,IAAI,CAAC,kCAAkC,CAAC,0BAA0B,CAAC,cAAc,CAAC,CAAA;YACxH,MAAM,kCAAkC,GAAG,MAAM,CAAC,OAAO,CAAC,uBAAuB,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,YAAY,EAAE,UAAU,CAAC,EAAE,EAAE;;gBACxH,IAAI,CAAC,UAAU,CAAC,QAAQ,IAAI,CAAC,UAAU,CAAC,SAAS,EAAE;oBACjD,MAAM,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC,MAAA,MAAA,cAAc,CAAC,MAAM,CAAC,gBAAgB,0CAAE,gBAAgB,mCAAI,EAAE,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,KAAK,EAAE,KAAK,CAAC,EAAE,EAAE;wBACxH,IAAI,KAAK,IAAI,YAAY,EAAE;4BACzB,OAAO,CAAC,KAAK,CAAC,CAAA;yBACf;6BAAM;4BACL,OAAO,EAAE,CAAA;yBACV;oBACH,CAAC,CAAC,CAAA;oBACF,OAAO,CAAC,EAAE,IAAI,EAAE,CAAC,YAAY,EAAE,GAAG,OAAO,CAAC,EAAE,UAAU,EAAE,CAAC,CAAA;iBAC1D;qBAAM;oBACL,OAAO,EAAE,CAAA;iBACV;YACH,CAAC,CAAC,CAAA;YACF,MAAM,sCAAsC,GAAG,MAAM,CAAC,WAAW,CAC/D,CACE,MAAM,IAAI,CAAC,mCAAmC,CAC5C,kCAAkC,CAAC,OAAO,CAAC,CAAC,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC,IAAI,CAAC,EAC9D,cAAc,CAAC,IAAI,CACpB,CACF,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,aAAa,EAAE,CAAC,CAAC,CAAC,CACnC,CAAA;YACD,MAAM,wBAAwB,GAA+C,EAAE,CAAA;YAC/E,IAAI,6BAA6B,GAAG,KAAK,CAAA;YACzC,SAAS,SAAS,CAAC,WAAmB,EAAE,KAAsB;gBAC5D,IAAI,wBAAwB,CAAC,WAAW,CAAC,KAAK,eAAe,CAAC,KAAK,EAAE;oBACnE,wBAAwB,CAAC,WAAW,CAAC,GAAG,KAAK,CAAA;iBAC9C;YACH,CAAC;YACD,KAAK,MAAM,UAAU,IAAI,MAAM,CAAC,MAAM,CAAC,uBAAuB,CAAC,EAAE;gBAC/D,IAAI,UAAU,CAAC,QAAQ;oBAAE,SAAS,CAAC,UAAU,CAAC,QAAQ,EAAE,UAAU,CAAC,WAAW,CAAC,CAAA;gBAC/E,IAAI,UAAU,CAAC,SAAS;oBAAE,SAAS,CAAC,UAAU,CAAC,SAAS,EAAE,UAAU,CAAC,WAAW,CAAC,CAAA;aAClF;YACD,KAAK,MAAM,EAAE,IAAI,EAAE,UAAU,EAAE,IAAI,kCAAkC,EAAE;gBACrE,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE;oBAC9B,MAAM,OAAO,GAAG,sCAAsC,CAAC,CAAC,CAAC,CAAA;oBACzD,OAAO,OAAO,IAAI,CAAC,CAAC,OAAO,CAAC,SAAS,IAAI,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAA;gBAC7D,CAAC,CAAC,CAAA;gBACF,IAAI,OAAO,EAAE;oBACX,MAAM,MAAM,GAAG,sCAAsC,CAAC,OAAO,CAAC,CAAA;oBAC9D,SAAS,CAAC,MAAM,CAAC,QAAS,EAAE,UAAU,CAAC,WAAW,CAAC,CAAA;oBACnD,SAAS,CAAC,MAAM,CAAC,SAAU,EAAE,UAAU,CAAC,WAAW,CAAC,CAAA;iBACrD;qBAAM;oBACL,6BAA6B,GAAG,IAAI,CAAA;iBACrC;aACF;YACD,OAAO,EAAE,wBAAwB,EAAE,6BAA6B,EAAE,CAAA;QACpE,CAAC;KAAA;IAEa,gBAAgB,CAC5B,MAGG;;YAKH,MAAM,sBAAsB,GAA+C,EAAE,CAAA;YAC7E,IAAI,6BAA6B,GAAG,KAAK,CAAA;YACzC,KAAK,MAAM,CAAC,IAAI,MAAM,EAAE;gBACtB,6BAA6B,GAAG,6BAA6B,IAAI,CAAC,CAAC,6BAA6B,CAAA;gBAChG,KAAK,MAAM,CAAC,WAAW,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,wBAAwB,CAAC,EAAE;oBAC7E,IAAI,sBAAsB,CAAC,WAAW,CAAC,KAAK,eAAe,CAAC,KAAK,EAAE;wBACjE,sBAAsB,CAAC,WAAW,CAAC,GAAG,KAAK,CAAA;qBAC5C;iBACF;aACF;YACD,OAAO;gBACL,wBAAwB,EAAE,sBAAsB;gBAChD,6BAA6B;aAC9B,CAAA;QACH,CAAC;KAAA;IAEa,mCAAmC,CAC/C,aAAuB,EACvB,UAAwC;;YAExC,IAAI,aAAa,CAAC,MAAM,EAAE;gBACxB,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,mBAAmB,CACtE,EAAE,GAAG,EAAE,aAAa,EAAE,EACtB,MAAM,IAAI,CAAC,gCAAgC,CAAC,2BAA2B,CAAC,UAAU,CAAC,CACpF,CAAA;gBACD,MAAM,GAAG,GAA6B,EAAE,CAAA;gBACxC,KAAK,MAAM,YAAY,IAAI,aAAa,EAAE;oBACxC,+BAA+B;oBAC/B,MAAM,gBAAgB,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,aAAa,CAAC,YAAY,EAAE,UAAU,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,+CAAsB,CAAC,CAAC,CAAC,CAAC,CAAA;oBACvH,IAAI,gBAAgB,CAAC,SAAS,EAAE;wBAC9B,GAAG,CAAC,IAAI,CAAC,gBAAgB,CAAC,MAAM,CAAC,CAAA;qBAClC;iBACF;gBACD,OAAO,GAAG,CAAA;aACX;;gBAAM,OAAO,EAAE,CAAA;QAClB,CAAC;KAAA;IAED,gJAAgJ;IAChJ,iFAAiF;IACnE,gCAAgC,CAAC,UAAwC,EAAE,MAA8B,EAAE,SAAmB;;YAC1I,IAAI,CAAC,MAAM,CAAC,SAAS,IAAI,CAAC,MAAM,CAAC,QAAQ;gBAAE,MAAM,IAAI,KAAK,CAAC,+DAA+D,CAAC,CAAA;YAC3H,MAAM,0CAA0C,GAAG,MAAM,CAAC,MAAM,CAC9D,MAAM,IAAI,CAAC,kCAAkC,CAAC,0BAA0B,CAAC;gBACvE,IAAI,EAAE,UAAU;gBAChB,MAAM,EAAE,MAAM;aACf,CAAC,CACH;iBACE,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAC,SAAS,CAAC,CAAC;iBACzC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAa,CAAA;YACjC,8GAA8G;YAC9G,MAAM,yBAAyB,GAAG,IAAI,GAAG,CAAC,CAAC,MAAM,CAAC,QAAQ,EAAE,MAAM,CAAC,SAAS,EAAE,GAAG,0CAA0C,CAAC,CAAC,CAAA;YAC7H,MAAM,sBAAsB,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,yBAAyB,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAA;YACzF,IAAI,sBAAsB,CAAC,MAAM,EAAE;gBACjC,CAAC;gBAAA,CACC,MAAM,IAAI,CAAC,KAAK,CAAC,0CAA0C,CACzD,EAAE,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,UAAU,EAAE,EACpC,KAAK,EACL,MAAM,CAAC,WAAW,CAChB,sBAAsB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC;oBAChC,CAAC;oBACD;wBACE,cAAc,EAAE,EAAE;wBAClB,mBAAmB,EAAE,+CAAsB,CAAC,QAAQ;wBACpD,oBAAoB,EAAE,+CAAsB,CAAC,KAAK;wBAClD,oBAAoB,EAAE,uBAAuB,CAAC,SAAS;qBACxD;iBACF,CAAC,CACH,EACD,CAAO,OAAO,EAAE,EAAE;oBAChB,OAAA,IAAI,CAAC,mBAAmB,CAAC,+BAA+B,CACtD,OAAO,EACP,MAAM,IAAI,CAAC,gCAAgC,CAAC,2BAA2B,CAAC,UAAU,CAAC,CACpF,CAAA;kBAAA,CACJ,CACF,CAAC,oBAAoB,CAAA;aACvB;QACH,CAAC;KAAA;IAED,gJAAgJ;IAChJ,iFAAiF;IACnE,4BAA4B,CACxC,UAAwC,EACxC,aAAqB,EACrB,wBAAkD,EAClD,SAAmB;;YAEnB,IAAI,CAAC,wBAAwB,CAAC,QAAQ,IAAI,CAAC,wBAAwB,CAAC,SAAS,IAAI,CAAC,wBAAwB,CAAC,mBAAmB;gBAC5H,MAAM,IAAI,KAAK,CAAC,0GAA0G,CAAC,CAAA;YAC7H,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,qBAAqB,EAAE,CAAA;YAChE,2IAA2I;YAC3I,4IAA4I;YAC5I,MAAM,gBAAgB,GAAG,CAAC,wBAAwB,CAAC,QAAQ,EAAE,wBAAwB,CAAC,SAAS,EAAE,GAAG,SAAS,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,IAAI,QAAQ,CAAC,CAAA;YAC3I,MAAM,iBAAiB,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,sCAAsC,CAC/E;gBACE,EAAE,EAAE,IAAI,CAAC,gBAAgB,CAAC,MAAM,CAAC,UAAU,EAAE;gBAC7C,QAAQ,EAAE,wBAAwB,CAAC,QAAQ;gBAC3C,SAAS,EAAE,wBAAwB,CAAC,SAAS;gBAC7C,aAAa,EAAE,aAAa;aAC7B,EACD,UAAU,EACV,SAAS,EACT,SAAS,EACT,IAAI,EACJ,KAAK,EACL,MAAM,CAAC,WAAW,CAAC,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,CAC3E,CAAA;YACD,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,gBAAgB,CACvD,iBAAiB,CAAC,aAAa,EAC/B,UAAU,EACV,IAAI,CAAC,+BAA+B,EACpC,KAAK,EACL,IAAI,EACJ,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,+CAAsB,CAAC,CAAC,CAAC,CACrC,CAAA;YACD,MAAM,IAAI,CAAC,mBAAmB,CAAC,MAAM,CACnC,eAAe,EACf,IAAI,SAAG,CAAC,MAAM,CACZ,6DAA0B,EAC1B,MAAM,IAAI,CAAC,wBAAwB,CAAC,2BAA2B,CAAC,CAAC,wBAAwB,CAAC,mBAAmB,CAAC,EAAE,UAAU,CAAC,CAC5H,CACF,CAAA;QACH,CAAC;KAAA;CACF;AA3QD,gEA2QC","sourcesContent":["import { EncryptedEntityWithType, EntityWithDelegationTypeName } from '../utils/EntityWithDelegationTypeName'\nimport { SecureDelegation } from '../../icc-api/model/SecureDelegation'\nimport AccessLevelEnum = SecureDelegation.AccessLevelEnum\nimport { DelegationMembersDetails, SecureDelegationsSecurityMetadataDecryptor } from './SecureDelegationsSecurityMetadataDecryptor'\nimport { SecureDelegationKeyMap } from '../../icc-api/model/internal/SecureDelegationKeyMap'\nimport { ExtendedApisUtils } from './ExtendedApisUtils'\nimport { ShareMetadataBehaviour } from './ShareMetadataBehaviour'\nimport { EntityShareRequest } from '../../icc-api/model/requests/EntityShareRequest'\nimport RequestedPermissionEnum = EntityShareRequest.RequestedPermissionEnum\nimport { CryptoPrimitives } from './CryptoPrimitives'\nimport { EncryptedFieldsManifest, parseEncryptedFields } from '../utils'\nimport { IccSecureDelegationKeyMapApi } from '../../icc-api/api/IccSecureDelegationKeyMapApi'\nimport { XHR } from '../../icc-api/api/XHR'\nimport { AuthenticationProvider, NoAuthenticationProvider } from '../auth/AuthenticationProvider'\nimport { ACCESS_CONTROL_KEYS_HEADER, AccessControlKeysHeadersProvider } from './AccessControlKeysHeadersProvider'\nimport { AccessControlSecretUtils } from './AccessControlSecretUtils'\nimport { IccDataOwnerXApi } from '../icc-data-owner-x-api'\n\n// TODO could be optimised using bulk methods\nexport class DelegationsDeAnonymization {\n private readonly delegationKeyMapFieldsToEncrypt: EncryptedFieldsManifest\n private readonly delegationKeyMapApi: IccSecureDelegationKeyMapApi\n\n constructor(\n private readonly dataOwnerApi: IccDataOwnerXApi,\n private readonly secureDelegationsMetadataDecryptor: SecureDelegationsSecurityMetadataDecryptor,\n private readonly xapis: ExtendedApisUtils,\n private readonly cryptoPrimitives: CryptoPrimitives,\n private readonly accessControlSecretUtils: AccessControlSecretUtils,\n host: string,\n headers: { [key: string]: string },\n authenticationProvider: AuthenticationProvider = new NoAuthenticationProvider(),\n fetchImpl: (input: RequestInfo, init?: RequestInit) => Promise<Response> = typeof window !== 'undefined'\n ? window.fetch\n : typeof self !== 'undefined'\n ? self.fetch\n : fetch,\n private readonly accessControlKeysHeadersProvider: AccessControlKeysHeadersProvider\n ) {\n this.delegationKeyMapFieldsToEncrypt = parseEncryptedFields(['delegate', 'delegator'], 'SecureDelegationKeyMap')\n this.delegationKeyMapApi = new IccSecureDelegationKeyMapApi(host, headers, authenticationProvider, fetchImpl)\n }\n\n /**\n * Creates / updates information to allow the data owners in {@link shareWithDataOwners} to de-anonymize the delegations contained within\n * {@link entity}.\n * Note that the delegation de-anonymization information may be used also with other entities of the same type.\n */\n async createOrUpdateDeAnonymizationInfo(entityWithType: EncryptedEntityWithType, shareWithDataOwners: string[]) {\n const delegationsDetails = Object.entries(await this.secureDelegationsMetadataDecryptor.getDelegationMemberDetails(entityWithType)).flatMap(\n ([canonicalKey, delegation]) => {\n const aliases = Object.entries(entityWithType.entity.securityMetadata?.keysEquivalences ?? {}).flatMap(([alias, canon]) => {\n if (canon == canonicalKey) {\n return [alias]\n } else {\n return []\n }\n })\n return [[canonicalKey, delegation], ...aliases.map((alias) => [alias, delegation])] as [string, DelegationMembersDetails][]\n }\n )\n const delegationsForDeanonInfoSharing = delegationsDetails.filter(([_, delegationInfo]) => {\n // Drop fully explicit ones: they don't need de-anonymization info\n return !delegationInfo.fullyExplicit\n })\n // A subset of delegations for which deanon info is relevant AND for which we can also create new info instead of sharing only existing one.\n const delegationsForNewDeanonInfoCreation = delegationsForDeanonInfoSharing.filter(([_, delegationInfo]) => {\n // Drop those for which we don't have the full information needed for the creation of new data.\n return !!delegationInfo.delegate && !!delegationInfo.delegator && !!delegationInfo.accessControlSecret\n })\n const existingDelegationsMap = await this.getDecryptedSecureDelegationKeyMaps(\n delegationsForDeanonInfoSharing.map((x) => x[0]),\n entityWithType.type\n )\n for (const delMapToShare of existingDelegationsMap) {\n await this.ensureDelegationKeyMapSharedWith(entityWithType.type, delMapToShare, shareWithDataOwners)\n }\n const existingDelegationsMapKeys = new Set(existingDelegationsMap.map((x) => x.delegationKey))\n const delegationsToCreate = delegationsForNewDeanonInfoCreation.filter(([k, _]) => !existingDelegationsMapKeys.has(k))\n for (const [delKey, membersDetails] of delegationsToCreate) {\n await this.createSecureDelegationKeyMap(entityWithType.type, delKey, membersDetails, shareWithDataOwners)\n }\n }\n\n /**\n * Get the data owners which can access the entity. See {@link EncryptedEntityXApi.getDataOwnersWithAccessTo} for more details.\n * @param entityWithType an entity.\n */\n async getDataOwnersWithAccessTo(entityWithType: EncryptedEntityWithType): Promise<{\n permissionsByDataOwnerId: { [dataOwnerId: string]: AccessLevelEnum }\n hasUnknownAnonymousDataOwners: boolean\n }> {\n return this.mergePermissions([\n await this.getDataOwnersWithAccessToSecureDelegations(entityWithType),\n {\n permissionsByDataOwnerId: Object.fromEntries(Object.keys(entityWithType.entity.delegations ?? {}).map((k) => [k, AccessLevelEnum.WRITE])),\n hasUnknownAnonymousDataOwners: false,\n },\n ])\n }\n\n private async getDataOwnersWithAccessToSecureDelegations(entityWithType: EncryptedEntityWithType): Promise<{\n permissionsByDataOwnerId: { [dataOwnerId: string]: AccessLevelEnum }\n hasUnknownAnonymousDataOwners: boolean\n }> {\n const secureDelegationDetails = await this.secureDelegationsMetadataDecryptor.getDelegationMemberDetails(entityWithType)\n const secureDelegationWithUnknownMembers = Object.entries(secureDelegationDetails).flatMap(([canonicalKey, delegation]) => {\n if (!delegation.delegate || !delegation.delegator) {\n const aliases = Object.entries(entityWithType.entity.securityMetadata?.keysEquivalences ?? {}).flatMap(([alias, canon]) => {\n if (canon == canonicalKey) {\n return [alias]\n } else {\n return []\n }\n })\n return [{ keys: [canonicalKey, ...aliases], delegation }]\n } else {\n return []\n }\n })\n const secureDelegationKeyMapsByDelegationKey = Object.fromEntries(\n (\n await this.getDecryptedSecureDelegationKeyMaps(\n secureDelegationWithUnknownMembers.flatMap(({ keys }) => keys),\n entityWithType.type\n )\n ).map((x) => [x.delegationKey, x])\n )\n const permissionsByDataOwnerId: { [dataOwnerId: string]: AccessLevelEnum } = {}\n let hasUnknownAnonymousDataOwners = false\n function addAccess(dataOwnerId: string, level: AccessLevelEnum) {\n if (permissionsByDataOwnerId[dataOwnerId] !== AccessLevelEnum.WRITE) {\n permissionsByDataOwnerId[dataOwnerId] = level\n }\n }\n for (const delegation of Object.values(secureDelegationDetails)) {\n if (delegation.delegate) addAccess(delegation.delegate, delegation.accessLevel)\n if (delegation.delegator) addAccess(delegation.delegator, delegation.accessLevel)\n }\n for (const { keys, delegation } of secureDelegationWithUnknownMembers) {\n const bestKey = keys.find((k) => {\n const currMap = secureDelegationKeyMapsByDelegationKey[k]\n return currMap && !!currMap.delegator && !!currMap.delegate\n })\n if (bestKey) {\n const keyMap = secureDelegationKeyMapsByDelegationKey[bestKey]\n addAccess(keyMap.delegate!, delegation.accessLevel)\n addAccess(keyMap.delegator!, delegation.accessLevel)\n } else {\n hasUnknownAnonymousDataOwners = true\n }\n }\n return { permissionsByDataOwnerId, hasUnknownAnonymousDataOwners }\n }\n\n private async mergePermissions(\n values: {\n permissionsByDataOwnerId: { [dataOwnerId: string]: AccessLevelEnum }\n hasUnknownAnonymousDataOwners: boolean\n }[]\n ): Promise<{\n permissionsByDataOwnerId: { [dataOwnerId: string]: AccessLevelEnum }\n hasUnknownAnonymousDataOwners: boolean\n }> {\n const accumulatedPermissions: { [dataOwnerId: string]: AccessLevelEnum } = {}\n let hasUnknownAnonymousDataOwners = false\n for (const v of values) {\n hasUnknownAnonymousDataOwners = hasUnknownAnonymousDataOwners || v.hasUnknownAnonymousDataOwners\n for (const [dataOwnerId, level] of Object.entries(v.permissionsByDataOwnerId)) {\n if (accumulatedPermissions[dataOwnerId] !== AccessLevelEnum.WRITE) {\n accumulatedPermissions[dataOwnerId] = level\n }\n }\n }\n return {\n permissionsByDataOwnerId: accumulatedPermissions,\n hasUnknownAnonymousDataOwners,\n }\n }\n\n private async getDecryptedSecureDelegationKeyMaps(\n delegationIds: string[],\n entityType: EntityWithDelegationTypeName\n ): Promise<SecureDelegationKeyMap[]> {\n if (delegationIds.length) {\n const encryptedMaps = await this.delegationKeyMapApi.getByDelegationKeys(\n { ids: delegationIds },\n await this.accessControlKeysHeadersProvider.getAccessControlKeysHeaders(entityType)\n )\n const res: SecureDelegationKeyMap[] = []\n for (const encryptedMap of encryptedMaps) {\n // Use the original entity type\n const decryptionResult = await this.xapis.decryptEntity(encryptedMap, entityType, (x) => new SecureDelegationKeyMap(x))\n if (decryptionResult.decrypted) {\n res.push(decryptionResult.entity)\n }\n }\n return res\n } else return []\n }\n\n // Important: to avoid potentially leaking links between entities of different types the key map calculates the secure delegation keys using the\n // same entity type as the delegation key for which they are mapping information.\n private async ensureDelegationKeyMapSharedWith(entityType: EntityWithDelegationTypeName, keyMap: SecureDelegationKeyMap, delegates: string[]) {\n if (!keyMap.delegator || !keyMap.delegate) throw new Error('Illegal state: key map is missing delegator or delegate info.')\n const dataOwnersWithAccessToMapThroughDelegation = Object.values(\n await this.secureDelegationsMetadataDecryptor.getDelegationMemberDetails({\n type: entityType,\n entity: keyMap,\n })\n )\n .flatMap((x) => [x.delegate, x.delegator])\n .filter((x) => !!x) as string[]\n // Delegator and delegate got access to the entity when it was first created: no need to share with them ever.\n const dataOwnersWithAccessToMap = new Set([keyMap.delegate, keyMap.delegator, ...dataOwnersWithAccessToMapThroughDelegation])\n const dataOwnersNeedingShare = delegates.filter((x) => !dataOwnersWithAccessToMap.has(x))\n if (dataOwnersNeedingShare.length) {\n ;(\n await this.xapis.simpleShareOrUpdateEncryptedEntityMetadata(\n { entity: keyMap, type: entityType },\n false,\n Object.fromEntries(\n dataOwnersNeedingShare.map((x) => [\n x,\n {\n shareSecretIds: [],\n shareEncryptionKeys: ShareMetadataBehaviour.REQUIRED,\n shareOwningEntityIds: ShareMetadataBehaviour.NEVER,\n requestedPermissions: RequestedPermissionEnum.FULL_READ,\n },\n ])\n ),\n async (request) =>\n this.delegationKeyMapApi.bulkShareSecureDelegationKeyMap(\n request,\n await this.accessControlKeysHeadersProvider.getAccessControlKeysHeaders(entityType)\n )\n )\n ).updatedEntityOrThrow\n }\n }\n\n // Important: to avoid potentially leaking links between entities of different types the key map calculates the secure delegation keys using the\n // same entity type as the delegation key for which they are mapping information.\n private async createSecureDelegationKeyMap(\n entityType: EntityWithDelegationTypeName,\n delegationKey: string,\n delegationMembersDetails: DelegationMembersDetails,\n delegates: string[]\n ) {\n if (!delegationMembersDetails.delegate || !delegationMembersDetails.delegator || !delegationMembersDetails.accessControlSecret)\n throw new Error('Illegal state: delegation members details are missing delegate, delegator or access control secret info.')\n const selfDoId = await this.dataOwnerApi.getCurrentDataOwnerId()\n // Ensure that both the delegator and delegate of the delegation this map refers tho can share it later on, even if they did not create it.\n // Usually either the delegator or delegate are the current data owner, but sometimes also the child of the delegator or delegate can do it.\n const initialDelegates = [delegationMembersDetails.delegate, delegationMembersDetails.delegator, ...delegates].filter((x) => x != selfDoId)\n const initalisedMapInfo = await this.xapis.entityWithInitialisedEncryptedMetadata<SecureDelegationKeyMap>(\n {\n id: this.cryptoPrimitives.crypto.randomUUID(),\n delegate: delegationMembersDetails.delegate,\n delegator: delegationMembersDetails.delegator,\n delegationKey: delegationKey,\n },\n entityType,\n undefined,\n undefined,\n true,\n false,\n Object.fromEntries(initialDelegates.map((x) => [x, AccessLevelEnum.READ]))\n )\n const encryptedKeyMap = await this.xapis.tryEncryptEntity(\n initalisedMapInfo.updatedEntity,\n entityType,\n this.delegationKeyMapFieldsToEncrypt,\n false,\n true,\n (x) => new SecureDelegationKeyMap(x)\n )\n await this.delegationKeyMapApi.create(\n encryptedKeyMap,\n new XHR.Header(\n ACCESS_CONTROL_KEYS_HEADER,\n await this.accessControlSecretUtils.getEncodedAccessControlKeys([delegationMembersDetails.accessControlSecret], entityType)\n )\n )\n }\n}\n"]}
|
|
@@ -0,0 +1,97 @@
|
|
|
1
|
+
import { ExchangeData } from '../../icc-api/model/internal/ExchangeData';
|
|
2
|
+
import { IccDataOwnerXApi } from '../icc-data-owner-x-api';
|
|
3
|
+
import { BaseExchangeDataManager } from './BaseExchangeDataManager';
|
|
4
|
+
import { UserEncryptionKeysManager } from './UserEncryptionKeysManager';
|
|
5
|
+
import { UserSignatureKeysManager } from './UserSignatureKeysManager';
|
|
6
|
+
import { AccessControlSecretUtils } from './AccessControlSecretUtils';
|
|
7
|
+
import { CryptoStrategies } from './CryptoStrategies';
|
|
8
|
+
import { CryptoPrimitives } from './CryptoPrimitives';
|
|
9
|
+
import { EntityWithDelegationTypeName } from '../utils/EntityWithDelegationTypeName';
|
|
10
|
+
export type ExchangeDataManagerOptionalParameters = {
|
|
11
|
+
lruCacheSize?: number;
|
|
12
|
+
};
|
|
13
|
+
/**
|
|
14
|
+
* @internal this function is for internal use only and may be changed without notice.
|
|
15
|
+
* Initialises and returns the exchange data manager which is most appropriate for the current data owner.
|
|
16
|
+
*/
|
|
17
|
+
export declare function initialiseExchangeDataManagerForCurrentDataOwner(base: BaseExchangeDataManager, encryptionKeys: UserEncryptionKeysManager, signatureKeys: UserSignatureKeysManager, accessControlSecret: AccessControlSecretUtils, cryptoStrategies: CryptoStrategies, dataOwnerApi: IccDataOwnerXApi, primitives: CryptoPrimitives, useParentKeys: boolean, optionalParameters?: ExchangeDataManagerOptionalParameters): Promise<ExchangeDataManager>;
|
|
18
|
+
/**
|
|
19
|
+
* @internal this class is intended for internal use only and may be changed without notice.
|
|
20
|
+
* Exchange data manager which automatically handles decryption and cache
|
|
21
|
+
*/
|
|
22
|
+
export interface ExchangeDataManager {
|
|
23
|
+
readonly base: BaseExchangeDataManager;
|
|
24
|
+
/**
|
|
25
|
+
* Updates all exchange data between the current data owner and another data owner to allow the other data owner to access existing exchange data
|
|
26
|
+
* using a new public key. Note that this will make existing exchange keys from the other data owner to the current data owner unverified, therefore
|
|
27
|
+
* invalid for encryption.
|
|
28
|
+
* @param otherDataOwner the other data owner.
|
|
29
|
+
* @param newDataOwnerPublicKey a new public key of the other data owner.
|
|
30
|
+
*/
|
|
31
|
+
giveAccessBackTo(otherDataOwner: string, newDataOwnerPublicKey: string): Promise<void>;
|
|
32
|
+
/**
|
|
33
|
+
* Gets any existing and verified exchange data from the current data owner to the provided delegate or creates new data if no verified data is
|
|
34
|
+
* available, then caches it. The {@link entityType} and {@link entitySecretForeignKeys} will be used for the secure-delegation-hash-based cache
|
|
35
|
+
* of the exchange data and not for actually creating the exchange data.
|
|
36
|
+
* @param delegateId the id of the delegate.
|
|
37
|
+
* @param entityType type of the entity for which you want to create new metadata.
|
|
38
|
+
* @param entitySecretForeignKeys the secret foreign keys of the entity which you want to create new metadata.
|
|
39
|
+
* @return the access control secret and key of the data to use for encryption.
|
|
40
|
+
*/
|
|
41
|
+
getOrCreateEncryptionDataTo(delegateId: string, entityType: EntityWithDelegationTypeName | undefined, entitySecretForeignKeys: string[] | undefined): Promise<{
|
|
42
|
+
exchangeData: ExchangeData;
|
|
43
|
+
accessControlSecret: string;
|
|
44
|
+
exchangeKey: CryptoKey;
|
|
45
|
+
}>;
|
|
46
|
+
/**
|
|
47
|
+
* Retrieve the cached decrypted exchange data key associated with any of the provided hashes/entry keys of secure delegations. Depending on the
|
|
48
|
+
* implementation the {@link entityType} and {@link entitySecretForeignKeys} may be used to improve the secure-delegation-hash-based cache of
|
|
49
|
+
* exchange data from the other available exchange data caches.
|
|
50
|
+
* @param hashes hashes of access control secrets for a specific entity, as they appear in the key of secure delegation entries
|
|
51
|
+
* @param entityType type of the entity containing the metadata for which you are retrieving the encryption key.
|
|
52
|
+
* @param entitySecretForeignKeys the secret foreign keys of the entity containing the metadata for which you are retrieving the encryption key.
|
|
53
|
+
* @return the exchange data and decrypted key associated to that hash if cached
|
|
54
|
+
*/
|
|
55
|
+
getCachedDecryptionDataKeyByAccessControlHash(hashes: string[], entityType: EntityWithDelegationTypeName, entitySecretForeignKeys: string[]): Promise<{
|
|
56
|
+
[hash: string]: {
|
|
57
|
+
exchangeData: ExchangeData;
|
|
58
|
+
accessControlSecret: string;
|
|
59
|
+
exchangeKey: CryptoKey;
|
|
60
|
+
};
|
|
61
|
+
}>;
|
|
62
|
+
/**
|
|
63
|
+
* Retrieves the exchange data with the provided id (from the cache if available or from the server otherwise if allowed by
|
|
64
|
+
* {@link retrieveIfNotCached}) and attempts to decrypt it, then caches the result. The {@link entityType} and {@link entitySecretForeignKeys} will
|
|
65
|
+
* be used for the secure-delegation-hash-based cache of the exchange data.
|
|
66
|
+
* @param id id of the exchange data
|
|
67
|
+
* @param entityType type of the entity containing the metadata for which you are retrieving the encryption key.
|
|
68
|
+
* @param entitySecretForeignKeys the secret foreign keys of the entity containing the metadata for which you are retrieving the encryption key.
|
|
69
|
+
* @param retrieveIfNotCached if false and there is no cached exchange data with the provided id the method returns undefined, else the method will
|
|
70
|
+
* attempt to load the exchange data from the server.
|
|
71
|
+
* @return undefined if the exchange data is not cached and {@link retrieveIfNotCached} is false. Else an object containing:
|
|
72
|
+
* - exchangeData: the exchange data with the provided id
|
|
73
|
+
* - exchangeKey: the exchange key corresponding to the provided exchange data if it could be decrypted, else undefined
|
|
74
|
+
* @throws if no exchange data with the given id is cached and {@link retrieveIfNotCached} is true and the data could not be found in the server
|
|
75
|
+
* either.
|
|
76
|
+
*/
|
|
77
|
+
getDecryptionDataKeyById(id: string, entityType: EntityWithDelegationTypeName | undefined, entitySecretForeignKeys: string[] | undefined, retrieveIfNotCached: boolean): Promise<{
|
|
78
|
+
exchangeKey: CryptoKey | undefined;
|
|
79
|
+
accessControlSecret: string | undefined;
|
|
80
|
+
exchangeData: ExchangeData;
|
|
81
|
+
} | undefined>;
|
|
82
|
+
/**
|
|
83
|
+
* Clears the cache or fully repopulates the cache if the current data owner can retrieve all of his exchange data according to the crypto
|
|
84
|
+
* strategies.
|
|
85
|
+
*/
|
|
86
|
+
clearOrRepopulateCache(): Promise<void>;
|
|
87
|
+
/**
|
|
88
|
+
* If the current data owner requires anonymous delegations this returns the base64 representation of the concatenation of all available access
|
|
89
|
+
* control keys for the current data owner.
|
|
90
|
+
*/
|
|
91
|
+
getAccessControlKeysValue(entityType: EntityWithDelegationTypeName): Promise<string | undefined>;
|
|
92
|
+
/**
|
|
93
|
+
* If the current data owner requires anonymous delegations this returns the access control keys which may be used in secure delegations for the
|
|
94
|
+
* data owner, which can be used to search for data.
|
|
95
|
+
*/
|
|
96
|
+
getAllDelegationKeys(entityType: EntityWithDelegationTypeName): Promise<string[] | undefined>;
|
|
97
|
+
}
|