@icure/api 7.1.16 → 8.0.0-RC.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/icc-api/api/IccAccesslogApi.d.ts +12 -1
- package/icc-api/api/IccAccesslogApi.js +142 -98
- package/icc-api/api/IccAccesslogApi.js.map +1 -1
- package/icc-api/api/IccBemikronoApi.d.ts +81 -0
- package/icc-api/api/IccBemikronoApi.js +163 -0
- package/icc-api/api/IccBemikronoApi.js.map +1 -0
- package/icc-api/api/IccCalendarItemApi.d.ts +21 -1
- package/icc-api/api/IccCalendarItemApi.js +183 -117
- package/icc-api/api/IccCalendarItemApi.js.map +1 -1
- package/icc-api/api/IccClassificationApi.d.ts +21 -1
- package/icc-api/api/IccClassificationApi.js +119 -63
- package/icc-api/api/IccClassificationApi.js.map +1 -1
- package/icc-api/api/IccContactApi.d.ts +21 -1
- package/icc-api/api/IccContactApi.js +385 -294
- package/icc-api/api/IccContactApi.js.map +1 -1
- package/icc-api/api/IccDocumentApi.d.ts +38 -25
- package/icc-api/api/IccDocumentApi.js +279 -212
- package/icc-api/api/IccDocumentApi.js.map +1 -1
- package/icc-api/api/IccExchangeDataApi.d.ts +19 -0
- package/icc-api/api/IccExchangeDataApi.js +85 -0
- package/icc-api/api/IccExchangeDataApi.js.map +1 -0
- package/icc-api/api/IccExchangeDataMapApi.d.ts +18 -0
- package/icc-api/api/IccExchangeDataMapApi.js +65 -0
- package/icc-api/api/IccExchangeDataMapApi.js.map +1 -0
- package/icc-api/api/IccFormApi.d.ts +21 -1
- package/icc-api/api/IccFormApi.js +321 -229
- package/icc-api/api/IccFormApi.js.map +1 -1
- package/icc-api/api/IccHelementApi.d.ts +21 -1
- package/icc-api/api/IccHelementApi.js +207 -137
- package/icc-api/api/IccHelementApi.js.map +1 -1
- package/icc-api/api/IccInvoiceApi.d.ts +21 -1
- package/icc-api/api/IccInvoiceApi.js +404 -298
- package/icc-api/api/IccInvoiceApi.js.map +1 -1
- package/icc-api/api/IccMaintenanceTaskApi.d.ts +12 -1
- package/icc-api/api/IccMaintenanceTaskApi.js +79 -43
- package/icc-api/api/IccMaintenanceTaskApi.js.map +1 -1
- package/icc-api/api/IccMessageApi.d.ts +28 -1
- package/icc-api/api/IccMessageApi.js +294 -191
- package/icc-api/api/IccMessageApi.js.map +1 -1
- package/icc-api/api/IccPatientApi.d.ts +12 -1
- package/icc-api/api/IccPatientApi.js +447 -351
- package/icc-api/api/IccPatientApi.js.map +1 -1
- package/icc-api/api/IccReceiptApi.d.ts +22 -8
- package/icc-api/api/IccReceiptApi.js +121 -64
- package/icc-api/api/IccReceiptApi.js.map +1 -1
- package/icc-api/api/IccRestApiPath.js +1 -1
- package/icc-api/api/IccRestApiPath.js.map +1 -1
- package/icc-api/api/IccSecureDelegationKeyMapApi.d.ts +26 -0
- package/icc-api/api/IccSecureDelegationKeyMapApi.js +71 -0
- package/icc-api/api/IccSecureDelegationKeyMapApi.js.map +1 -0
- package/icc-api/api/IccTimeTableApi.d.ts +12 -1
- package/icc-api/api/IccTimeTableApi.js +86 -48
- package/icc-api/api/IccTimeTableApi.js.map +1 -1
- package/icc-api/api/IccTopicApi.d.ts +90 -0
- package/icc-api/api/IccTopicApi.js +193 -0
- package/icc-api/api/IccTopicApi.js.map +1 -0
- package/icc-api/index.d.ts +2 -0
- package/icc-api/index.js +2 -0
- package/icc-api/index.js.map +1 -1
- package/icc-api/model/AbstractFilterMessage.d.ts +15 -0
- package/icc-api/model/AbstractFilterMessage.js +21 -0
- package/icc-api/model/AbstractFilterMessage.js.map +1 -0
- package/icc-api/model/AbstractFilterTopic.d.ts +15 -0
- package/icc-api/model/AbstractFilterTopic.js +21 -0
- package/icc-api/model/AbstractFilterTopic.js.map +1 -0
- package/icc-api/model/AccessLog.d.ts +2 -0
- package/icc-api/model/AccessLog.js.map +1 -1
- package/icc-api/model/Article.d.ts +2 -0
- package/icc-api/model/Article.js.map +1 -1
- package/icc-api/model/CalendarItem.d.ts +2 -0
- package/icc-api/model/CalendarItem.js.map +1 -1
- package/icc-api/model/Classification.d.ts +2 -0
- package/icc-api/model/Classification.js.map +1 -1
- package/icc-api/model/ClassificationTemplate.d.ts +2 -0
- package/icc-api/model/ClassificationTemplate.js.map +1 -1
- package/icc-api/model/Connection.d.ts +1 -1
- package/icc-api/model/Connection.js.map +1 -1
- package/icc-api/model/Contact.d.ts +2 -0
- package/icc-api/model/Contact.js.map +1 -1
- package/icc-api/model/Device.d.ts +4 -4
- package/icc-api/model/Device.js.map +1 -1
- package/icc-api/model/Document.d.ts +2 -0
- package/icc-api/model/Document.js.map +1 -1
- package/icc-api/model/ExchangeDataMapCreationBatch.d.ts +13 -0
- package/icc-api/model/ExchangeDataMapCreationBatch.js +10 -0
- package/icc-api/model/ExchangeDataMapCreationBatch.js.map +1 -0
- package/icc-api/model/FilterChainMessage.d.ts +19 -0
- package/icc-api/model/FilterChainMessage.js +11 -0
- package/icc-api/model/FilterChainMessage.js.map +1 -0
- package/icc-api/model/FilterChainTopic.d.ts +19 -0
- package/icc-api/model/FilterChainTopic.js +11 -0
- package/icc-api/model/FilterChainTopic.js.map +1 -0
- package/icc-api/model/Form.d.ts +2 -0
- package/icc-api/model/Form.js.map +1 -1
- package/icc-api/model/HealthElement.d.ts +2 -0
- package/icc-api/model/HealthElement.js.map +1 -1
- package/icc-api/model/HealthcareParty.d.ts +2 -2
- package/icc-api/model/HealthcareParty.js +13 -1
- package/icc-api/model/HealthcareParty.js.map +1 -1
- package/icc-api/model/IcureStub.d.ts +2 -0
- package/icc-api/model/IcureStub.js.map +1 -1
- package/icc-api/model/Invoice.d.ts +2 -0
- package/icc-api/model/Invoice.js.map +1 -1
- package/icc-api/model/MaintenanceTask.d.ts +13 -10
- package/icc-api/model/MaintenanceTask.js +13 -11
- package/icc-api/model/MaintenanceTask.js.map +1 -1
- package/icc-api/model/Message.d.ts +2 -0
- package/icc-api/model/Message.js.map +1 -1
- package/icc-api/model/PaginatedListExchangeData.d.ts +9 -0
- package/icc-api/model/PaginatedListExchangeData.js +10 -0
- package/icc-api/model/PaginatedListExchangeData.js.map +1 -0
- package/icc-api/model/PaginatedListTopic.d.ts +20 -0
- package/icc-api/model/PaginatedListTopic.js +10 -0
- package/icc-api/model/PaginatedListTopic.js.map +1 -0
- package/icc-api/model/Patient.d.ts +4 -2
- package/icc-api/model/Patient.js.map +1 -1
- package/icc-api/model/PatientByHcPartyGenderEducationProfession.d.ts +31 -0
- package/icc-api/model/PatientByHcPartyGenderEducationProfession.js +32 -0
- package/icc-api/model/PatientByHcPartyGenderEducationProfession.js.map +1 -0
- package/icc-api/model/Receipt.d.ts +2 -0
- package/icc-api/model/Receipt.js.map +1 -1
- package/icc-api/model/SecureDelegation.d.ts +52 -0
- package/icc-api/model/SecureDelegation.js +16 -0
- package/icc-api/model/SecureDelegation.js.map +1 -0
- package/icc-api/model/SecurityMetadata.d.ts +33 -0
- package/icc-api/model/SecurityMetadata.js +13 -0
- package/icc-api/model/SecurityMetadata.js.map +1 -0
- package/icc-api/model/Service.d.ts +2 -0
- package/icc-api/model/Service.js.map +1 -1
- package/icc-api/model/TimeTable.d.ts +2 -0
- package/icc-api/model/TimeTable.js.map +1 -1
- package/icc-api/model/Topic.d.ts +95 -0
- package/icc-api/model/Topic.js +16 -0
- package/icc-api/model/Topic.js.map +1 -0
- package/icc-api/model/internal/ExchangeData.d.ts +64 -0
- package/icc-api/model/internal/ExchangeData.js +15 -0
- package/icc-api/model/internal/ExchangeData.js.map +1 -0
- package/icc-api/model/internal/ExchangeDataMap.d.ts +24 -0
- package/icc-api/model/internal/ExchangeDataMap.js +13 -0
- package/icc-api/model/internal/ExchangeDataMap.js.map +1 -0
- package/icc-api/model/internal/SecureDelegationKeyMap.d.ts +14 -0
- package/icc-api/model/internal/SecureDelegationKeyMap.js +13 -0
- package/icc-api/model/internal/SecureDelegationKeyMap.js.map +1 -0
- package/icc-api/model/models.d.ts +26 -40
- package/icc-api/model/models.js +19 -37
- package/icc-api/model/models.js.map +1 -1
- package/icc-api/model/requests/EntityBulkShareResult.d.ts +28 -0
- package/icc-api/model/requests/EntityBulkShareResult.js +16 -0
- package/icc-api/model/requests/EntityBulkShareResult.js.map +1 -0
- package/icc-api/model/requests/EntityShareOrMetadataUpdateRequest.d.ts +10 -0
- package/icc-api/model/requests/EntityShareOrMetadataUpdateRequest.js +17 -0
- package/icc-api/model/requests/EntityShareOrMetadataUpdateRequest.js.map +1 -0
- package/icc-api/model/requests/EntityShareRequest.d.ts +110 -0
- package/icc-api/model/requests/EntityShareRequest.js +63 -0
- package/icc-api/model/requests/EntityShareRequest.js.map +1 -0
- package/icc-api/model/requests/EntitySharedMetadataUpdateRequest.d.ts +54 -0
- package/icc-api/model/requests/EntitySharedMetadataUpdateRequest.js +24 -0
- package/icc-api/model/requests/EntitySharedMetadataUpdateRequest.js.map +1 -0
- package/icc-api/model/requests/MinimalEntityBulkShareResult.d.ts +23 -0
- package/icc-api/model/requests/MinimalEntityBulkShareResult.js +13 -0
- package/icc-api/model/requests/MinimalEntityBulkShareResult.js.map +1 -0
- package/icc-api/model/requests/RejectedShareOrMetadataUpdateRequest.d.ts +21 -0
- package/icc-api/model/requests/RejectedShareOrMetadataUpdateRequest.js +14 -0
- package/icc-api/model/requests/RejectedShareOrMetadataUpdateRequest.js.map +1 -0
- package/icc-x-api/basexapi/EncryptedEntityXApi.d.ts +55 -6
- package/icc-x-api/basexapi/EncryptedEntityXApi.js.map +1 -1
- package/icc-x-api/crypto/AES.js +1 -1
- package/icc-x-api/crypto/AES.js.map +1 -1
- package/icc-x-api/crypto/AccessControlKeysHeadersProvider.d.ts +18 -0
- package/icc-x-api/crypto/AccessControlKeysHeadersProvider.js +50 -0
- package/icc-x-api/crypto/AccessControlKeysHeadersProvider.js.map +1 -0
- package/icc-x-api/crypto/AccessControlSecretUtils.d.ts +43 -0
- package/icc-x-api/crypto/AccessControlSecretUtils.js +97 -0
- package/icc-x-api/crypto/AccessControlSecretUtils.js.map +1 -0
- package/icc-x-api/crypto/BaseExchangeDataManager.d.ts +146 -0
- package/icc-x-api/crypto/BaseExchangeDataManager.js +342 -0
- package/icc-x-api/crypto/BaseExchangeDataManager.js.map +1 -0
- package/icc-x-api/crypto/BaseExchangeKeysManager.d.ts +0 -18
- package/icc-x-api/crypto/BaseExchangeKeysManager.js +11 -85
- package/icc-x-api/crypto/BaseExchangeKeysManager.js.map +1 -1
- package/icc-x-api/crypto/ConfidentialEntities.d.ts +26 -16
- package/icc-x-api/crypto/ConfidentialEntities.js +30 -17
- package/icc-x-api/crypto/ConfidentialEntities.js.map +1 -1
- package/icc-x-api/crypto/CryptoStrategies.d.ts +8 -1
- package/icc-x-api/crypto/CryptoStrategies.js.map +1 -1
- package/icc-x-api/crypto/DelegationsDeAnonymization.d.ts +44 -0
- package/icc-x-api/crypto/DelegationsDeAnonymization.js +235 -0
- package/icc-x-api/crypto/DelegationsDeAnonymization.js.map +1 -0
- package/icc-x-api/crypto/ExchangeDataManager.d.ts +97 -0
- package/icc-x-api/crypto/ExchangeDataManager.js +501 -0
- package/icc-x-api/crypto/ExchangeDataManager.js.map +1 -0
- package/icc-x-api/crypto/ExchangeDataMapManager.d.ts +32 -0
- package/icc-x-api/crypto/ExchangeDataMapManager.js +70 -0
- package/icc-x-api/crypto/ExchangeDataMapManager.js.map +1 -0
- package/icc-x-api/crypto/ExchangeKeysManager.d.ts +4 -16
- package/icc-x-api/crypto/ExchangeKeysManager.js +4 -62
- package/icc-x-api/crypto/ExchangeKeysManager.js.map +1 -1
- package/icc-x-api/crypto/ExtendedApisUtils.d.ts +326 -0
- package/icc-x-api/crypto/ExtendedApisUtils.js +3 -0
- package/icc-x-api/crypto/ExtendedApisUtils.js.map +1 -0
- package/icc-x-api/crypto/ExtendedApisUtilsImpl.d.ts +174 -0
- package/icc-x-api/crypto/ExtendedApisUtilsImpl.js +559 -0
- package/icc-x-api/crypto/ExtendedApisUtilsImpl.js.map +1 -0
- package/icc-x-api/crypto/KeyRecovery.d.ts +5 -2
- package/icc-x-api/crypto/KeyRecovery.js +59 -29
- package/icc-x-api/crypto/KeyRecovery.js.map +1 -1
- package/icc-x-api/crypto/LegacyCryptoStrategies.d.ts +7 -2
- package/icc-x-api/crypto/LegacyCryptoStrategies.js +8 -1
- package/icc-x-api/crypto/LegacyCryptoStrategies.js.map +1 -1
- package/icc-x-api/crypto/LegacyDelegationSecurityMetadataDecryptor.d.ts +33 -0
- package/icc-x-api/crypto/LegacyDelegationSecurityMetadataDecryptor.js +141 -0
- package/icc-x-api/crypto/LegacyDelegationSecurityMetadataDecryptor.js.map +1 -0
- package/icc-x-api/crypto/RSA.d.ts +34 -8
- package/icc-x-api/crypto/RSA.js +80 -13
- package/icc-x-api/crypto/RSA.js.map +1 -1
- package/icc-x-api/crypto/SecureDelegationsEncryption.d.ts +54 -0
- package/icc-x-api/crypto/SecureDelegationsEncryption.js +178 -0
- package/icc-x-api/crypto/SecureDelegationsEncryption.js.map +1 -0
- package/icc-x-api/crypto/SecureDelegationsManager.d.ts +66 -0
- package/icc-x-api/crypto/SecureDelegationsManager.js +261 -0
- package/icc-x-api/crypto/SecureDelegationsManager.js.map +1 -0
- package/icc-x-api/crypto/SecureDelegationsSecurityMetadataDecryptor.d.ts +46 -0
- package/icc-x-api/crypto/SecureDelegationsSecurityMetadataDecryptor.js +312 -0
- package/icc-x-api/crypto/SecureDelegationsSecurityMetadataDecryptor.js.map +1 -0
- package/icc-x-api/crypto/SecurityMetadataDecryptor.d.ts +97 -0
- package/icc-x-api/crypto/SecurityMetadataDecryptor.js +79 -0
- package/icc-x-api/crypto/SecurityMetadataDecryptor.js.map +1 -0
- package/icc-x-api/crypto/ShamirKeysManager.d.ts +5 -5
- package/icc-x-api/crypto/ShamirKeysManager.js +6 -9
- package/icc-x-api/crypto/ShamirKeysManager.js.map +1 -1
- package/icc-x-api/crypto/TransferKeysManager.d.ts +8 -6
- package/icc-x-api/crypto/TransferKeysManager.js +75 -52
- package/icc-x-api/crypto/TransferKeysManager.js.map +1 -1
- package/icc-x-api/crypto/{KeyManager.d.ts → UserEncryptionKeysManager.d.ts} +4 -6
- package/icc-x-api/crypto/{KeyManager.js → UserEncryptionKeysManager.js} +43 -23
- package/icc-x-api/crypto/UserEncryptionKeysManager.js.map +1 -0
- package/icc-x-api/crypto/UserSignatureKeysManager.d.ts +26 -0
- package/icc-x-api/crypto/UserSignatureKeysManager.js +74 -0
- package/icc-x-api/crypto/UserSignatureKeysManager.js.map +1 -0
- package/icc-x-api/crypto/utils.d.ts +61 -11
- package/icc-x-api/crypto/utils.js +113 -44
- package/icc-x-api/crypto/utils.js.map +1 -1
- package/icc-x-api/filters/LatestMessageByHcPartyTransportGuidFilter.d.ts +8 -0
- package/icc-x-api/filters/LatestMessageByHcPartyTransportGuidFilter.js +13 -0
- package/icc-x-api/filters/LatestMessageByHcPartyTransportGuidFilter.js.map +1 -0
- package/icc-x-api/filters/MessageByHcPartyFilter.d.ts +7 -0
- package/icc-x-api/filters/MessageByHcPartyFilter.js +13 -0
- package/icc-x-api/filters/MessageByHcPartyFilter.js.map +1 -0
- package/icc-x-api/filters/MessageByHcPartyTransportGuidFilter.d.ts +8 -0
- package/icc-x-api/filters/MessageByHcPartyTransportGuidFilter.js +13 -0
- package/icc-x-api/filters/MessageByHcPartyTransportGuidFilter.js.map +1 -0
- package/icc-x-api/filters/TopicByHcPartyFilter.d.ts +7 -0
- package/icc-x-api/filters/TopicByHcPartyFilter.js +13 -0
- package/icc-x-api/filters/TopicByHcPartyFilter.js.map +1 -0
- package/icc-x-api/filters/TopicByParticipantFilter.d.ts +7 -0
- package/icc-x-api/filters/TopicByParticipantFilter.js +13 -0
- package/icc-x-api/filters/TopicByParticipantFilter.js.map +1 -0
- package/icc-x-api/filters/filters.d.ts +5 -0
- package/icc-x-api/filters/filters.js +5 -0
- package/icc-x-api/filters/filters.js.map +1 -1
- package/icc-x-api/icc-accesslog-x-api.d.ts +49 -12
- package/icc-x-api/icc-accesslog-x-api.js +81 -44
- package/icc-x-api/icc-accesslog-x-api.js.map +1 -1
- package/icc-x-api/icc-calendar-item-x-api.d.ts +53 -15
- package/icc-x-api/icc-calendar-item-x-api.js +105 -51
- package/icc-x-api/icc-calendar-item-x-api.js.map +1 -1
- package/icc-x-api/icc-classification-x-api.d.ts +47 -10
- package/icc-x-api/icc-classification-x-api.js +62 -33
- package/icc-x-api/icc-classification-x-api.js.map +1 -1
- package/icc-x-api/icc-contact-x-api.d.ts +59 -33
- package/icc-x-api/icc-contact-x-api.js +101 -66
- package/icc-x-api/icc-contact-x-api.js.map +1 -1
- package/icc-x-api/icc-crypto-x-api.d.ts +33 -333
- package/icc-x-api/icc-crypto-x-api.js +47 -764
- package/icc-x-api/icc-crypto-x-api.js.map +1 -1
- package/icc-x-api/icc-data-owner-x-api.d.ts +20 -8
- package/icc-x-api/icc-data-owner-x-api.js +31 -10
- package/icc-x-api/icc-data-owner-x-api.js.map +1 -1
- package/icc-x-api/icc-document-x-api.d.ts +51 -12
- package/icc-x-api/icc-document-x-api.js +117 -66
- package/icc-x-api/icc-document-x-api.js.map +1 -1
- package/icc-x-api/icc-form-x-api.d.ts +48 -11
- package/icc-x-api/icc-form-x-api.js +71 -37
- package/icc-x-api/icc-form-x-api.js.map +1 -1
- package/icc-x-api/icc-hcparty-x-api.d.ts +2 -2
- package/icc-x-api/icc-hcparty-x-api.js +3 -3
- package/icc-x-api/icc-hcparty-x-api.js.map +1 -1
- package/icc-x-api/icc-helement-x-api.d.ts +59 -20
- package/icc-x-api/icc-helement-x-api.js +78 -43
- package/icc-x-api/icc-helement-x-api.js.map +1 -1
- package/icc-x-api/icc-icure-maintenance-x-api.d.ts +7 -2
- package/icc-x-api/icc-icure-maintenance-x-api.js +38 -27
- package/icc-x-api/icc-icure-maintenance-x-api.js.map +1 -1
- package/icc-x-api/icc-invoice-x-api.d.ts +53 -16
- package/icc-x-api/icc-invoice-x-api.js +69 -35
- package/icc-x-api/icc-invoice-x-api.js.map +1 -1
- package/icc-x-api/icc-maintenance-task-x-api.d.ts +56 -22
- package/icc-x-api/icc-maintenance-task-x-api.js +77 -36
- package/icc-x-api/icc-maintenance-task-x-api.js.map +1 -1
- package/icc-x-api/icc-message-x-api.d.ts +75 -19
- package/icc-x-api/icc-message-x-api.js +126 -37
- package/icc-x-api/icc-message-x-api.js.map +1 -1
- package/icc-x-api/icc-patient-x-api.d.ts +86 -29
- package/icc-x-api/icc-patient-x-api.js +318 -379
- package/icc-x-api/icc-patient-x-api.js.map +1 -1
- package/icc-x-api/icc-receipt-x-api.d.ts +47 -13
- package/icc-x-api/icc-receipt-x-api.js +72 -36
- package/icc-x-api/icc-receipt-x-api.js.map +1 -1
- package/icc-x-api/icc-time-table-x-api.d.ts +46 -13
- package/icc-x-api/icc-time-table-x-api.js +61 -27
- package/icc-x-api/icc-time-table-x-api.js.map +1 -1
- package/icc-x-api/icc-topic-x-api.d.ts +191 -0
- package/icc-x-api/icc-topic-x-api.js +307 -0
- package/icc-x-api/icc-topic-x-api.js.map +1 -0
- package/icc-x-api/icc-user-x-api.d.ts +2 -2
- package/icc-x-api/icc-user-x-api.js +3 -3
- package/icc-x-api/icc-user-x-api.js.map +1 -1
- package/icc-x-api/index.d.ts +18 -2
- package/icc-x-api/index.js +203 -156
- package/icc-x-api/index.js.map +1 -1
- package/icc-x-api/maintenance/KeyPairUpdateRequest.d.ts +1 -1
- package/icc-x-api/storage/DefaultStorageEntryKeysFactory.d.ts +2 -0
- package/icc-x-api/storage/DefaultStorageEntryKeysFactory.js +9 -2
- package/icc-x-api/storage/DefaultStorageEntryKeysFactory.js.map +1 -1
- package/icc-x-api/storage/IcureStorageFacade.d.ts +23 -2
- package/icc-x-api/storage/IcureStorageFacade.js +36 -2
- package/icc-x-api/storage/IcureStorageFacade.js.map +1 -1
- package/icc-x-api/storage/KeyStorageFacade.d.ts +12 -0
- package/icc-x-api/storage/KeyStorageFacade.js.map +1 -1
- package/icc-x-api/storage/KeyStorageImpl.d.ts +2 -0
- package/icc-x-api/storage/KeyStorageImpl.js +10 -0
- package/icc-x-api/storage/KeyStorageImpl.js.map +1 -1
- package/icc-x-api/storage/StorageEntryKeysFactory.d.ts +14 -1
- package/icc-x-api/storage/StorageEntryKeysFactory.js.map +1 -1
- package/icc-x-api/utils/EntityWithDelegationTypeName.d.ts +32 -0
- package/icc-x-api/utils/EntityWithDelegationTypeName.js +75 -0
- package/icc-x-api/utils/EntityWithDelegationTypeName.js.map +1 -0
- package/icc-x-api/utils/ShareResult.d.ts +74 -0
- package/icc-x-api/utils/ShareResult.js +61 -0
- package/icc-x-api/utils/ShareResult.js.map +1 -0
- package/icc-x-api/utils/binary-utils.d.ts +1 -0
- package/icc-x-api/utils/binary-utils.js +8 -1
- package/icc-x-api/utils/binary-utils.js.map +1 -1
- package/icc-x-api/utils/collection-utils.d.ts +5 -0
- package/icc-x-api/utils/collection-utils.js +26 -1
- package/icc-x-api/utils/collection-utils.js.map +1 -1
- package/icc-x-api/utils/crypto-utils.d.ts +4 -3
- package/icc-x-api/utils/crypto-utils.js +5 -4
- package/icc-x-api/utils/crypto-utils.js.map +1 -1
- package/icc-x-api/utils/lru-temporised-async-cache.d.ts +26 -3
- package/icc-x-api/utils/lru-temporised-async-cache.js +75 -15
- package/icc-x-api/utils/lru-temporised-async-cache.js.map +1 -1
- package/icc-x-api/utils/websocket.d.ts +14 -10
- package/icc-x-api/utils/websocket.js +26 -9
- package/icc-x-api/utils/websocket.js.map +1 -1
- package/index.d.ts +1 -1
- package/index.js +3 -1
- package/index.js.map +1 -1
- package/package.json +2 -3
- package/icc-x-api/crypto/EntitiesEncryption.d.ts +0 -275
- package/icc-x-api/crypto/EntitiesEncryption.js +0 -734
- package/icc-x-api/crypto/EntitiesEncryption.js.map +0 -1
- package/icc-x-api/crypto/KeyManager.js.map +0 -1
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"ExtendedApisUtilsImpl.js","sourceRoot":"","sources":["../../../icc-x-api/crypto/ExtendedApisUtilsImpl.ts"],"names":[],"mappings":";;;;;;;;;;;;AAEA,oCAAuI;AAEvI,gEAAiE;AACjE,2EAAuG;AAEvG,2EAAuE;AAIvE,wFAAoF;AAIpF,sDAA0F;AAC1F,qEAAiE;AAGjE,IAAO,WAAW,GAAG,mCAAgB,CAAC,eAAe,CAAA;AACrD,IAAO,uBAAuB,GAAG,uCAAkB,CAAC,uBAAuB,CAAA;AAC3E,IAAO,2BAA2B,GAAG,uCAAkB,CAAC,2BAA2B,CAAA;AACnF,IAAO,eAAe,GAAG,mCAAgB,CAAC,eAAe,CAAA;AAEzD;;;GAGG;AACH,MAAa,qBAAqB;IAGhC,YACmB,UAA4B,EAC5B,YAA8B,EAC9B,0BAAqE,EACrE,uBAAmE,EACnE,wBAAkD,EAClD,OAAoB,EACpB,aAAsB;QANtB,eAAU,GAAV,UAAU,CAAkB;QAC5B,iBAAY,GAAZ,YAAY,CAAkB;QAC9B,+BAA0B,GAA1B,0BAA0B,CAA2C;QACrE,4BAAuB,GAAvB,uBAAuB,CAA4C;QACnE,6BAAwB,GAAxB,wBAAwB,CAA0B;QAClD,YAAO,GAAP,OAAO,CAAa;QACpB,kBAAa,GAAb,aAAa,CAAS;QAEvC,IAAI,CAAC,4BAA4B,GAAG,IAAI,0DAA8B,CAAC,CAAC,0BAA0B,EAAE,uBAAuB,CAAC,CAAC,CAAA;IAC/H,CAAC;IAEK,gBAAgB,CAAC,MAA+B,EAAE,WAAoB;;YAC1E,OAAO,MAAM,IAAI,CAAC,wBAAwB,CAAC,MAAM,EAAE,WAAW,EAAE,CAAC,cAAc,EAAE,SAAS,EAAE,EAAE,CAC5F,IAAI,CAAC,4BAA4B,CAAC,uBAAuB,CAAC,cAAc,EAAE,SAAS,CAAC,CACrF,CAAA;QACH,CAAC;KAAA;IAEK,+BAA+B,CAAC,MAA+B;;YACnE,OAAO,IAAI,CAAC,gBAAgB,CAAC,MAAM,EAAE,CAAC,cAAc,EAAE,SAAS,EAAE,EAAE,CACjE,IAAI,CAAC,4BAA4B,CAAC,uBAAuB,CAAC,cAAc,EAAE,SAAS,CAAC,CACrF,CAAA;QACH,CAAC;KAAA;IAEK,WAAW,CAAC,MAA+B,EAAE,WAAoB;;YACrE,OAAO,MAAM,IAAI,CAAC,wBAAwB,CAAC,MAAM,EAAE,WAAW,EAAE,CAAC,cAAc,EAAE,SAAS,EAAE,EAAE,CAC5F,IAAI,CAAC,4BAA4B,CAAC,kBAAkB,CAAC,cAAc,EAAE,SAAS,CAAC,CAChF,CAAA;QACH,CAAC;KAAA;IAEK,0BAA0B,CAAC,MAA+B;;YAC9D,OAAO,IAAI,CAAC,gBAAgB,CAAC,MAAM,EAAE,CAAC,cAAc,EAAE,SAAS,EAAE,EAAE,CACjE,IAAI,CAAC,4BAA4B,CAAC,kBAAkB,CAAC,cAAc,EAAE,SAAS,CAAC,CAChF,CAAA;QACH,CAAC;KAAA;IAEK,iBAAiB,CAAC,MAA+B,EAAE,WAAoB;;YAC3E,OAAO,MAAM,IAAI,CAAC,wBAAwB,CAAC,MAAM,EAAE,WAAW,EAAE,CAAC,cAAc,EAAE,SAAS,EAAE,EAAE,CAC5F,IAAI,CAAC,4BAA4B,CAAC,wBAAwB,CAAC,cAAc,EAAE,SAAS,CAAC,CACtF,CAAA;QACH,CAAC;KAAA;IAEK,gCAAgC,CAAC,MAA+B;;YACpE,OAAO,IAAI,CAAC,gBAAgB,CAAC,MAAM,EAAE,CAAC,cAAc,EAAE,SAAS,EAAE,EAAE,CACjE,IAAI,CAAC,4BAA4B,CAAC,wBAAwB,CAAC,cAAc,EAAE,SAAS,CAAC,CACtF,CAAA;QACH,CAAC;KAAA;IAEK,cAAc,CAAC,MAA+B;;YAClD,OAAO,CACL,CAAC,MAAM,IAAI,CAAC,4BAA4B,CAAC,oBAAoB,CAAC,MAAM,EAAE,MAAM,IAAI,CAAC,YAAY,CAAC,+BAA+B,EAAE,CAAC,CAAC;gBACjI,WAAW,CAAC,KAAK,CAClB,CAAA;QACH,CAAC;KAAA;IAEK,sCAAsC,CAC1C,MAAS,EACT,UAAwC,EACxC,YAAgC,EAChC,oBAAwC,EACxC,uBAAgC,EAChC,kBAA2B,EAC3B,eAAkE;;YAElE,IAAI,CAAC,yCAAyC,CAAC,WAAW,EAAE,MAAM,CAAC,EAAE,EAAE,wCAAwC,EAAE,SAAS,CAAC,CAAA;YAC3H,IAAI,CAAC,4BAA4B,CAAC,MAAM,CAAC,CAAA;YACzC,MAAM,SAAS,GAAG,uBAAuB,CAAC,CAAC,CAAC,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,iBAAiB,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS,CAAA;YACzG,MAAM,WAAW,GAAG,kBAAkB,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC,SAAS,CAAA;YACjF,OAAO;gBACL,aAAa,EAAE,MAAM,IAAI,CAAC,wBAAwB,CAAC,sCAAsC,iCAElF,MAAM,KACT,iBAAiB,EAAE,oBAAoB,CAAC,CAAC,CAAC,CAAC,oBAAoB,CAAC,CAAC,CAAC,CAAC,EAAE,KAEvE,UAAU,EACV,WAAW,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,EAAE,EAChC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,EAAE,EACpC,SAAS,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,EAAE,EAC5B,eAAe,CAChB;gBACD,gBAAgB,EAAE,SAAS;gBAC3B,QAAQ,EAAE,WAAW;aACtB,CAAA;QACH,CAAC;KAAA;IAEK,wCAAwC,CAC5C,YAA0C,EAC1C,eAUG,EACH,0BAEyC;;;YAkBzC,MAAM,EAAE,qBAAqB,EAAE,6BAA6B,EAAE,qBAAqB,EAAE,GAAG,MAAM,IAAI,CAAC,wBAAwB,CACzH,YAAY,EACZ,eAAe,CAChB,CAAA;YACD,MAAM,OAAO,GAAG,MAAM,0BAA0B,CAAC,qBAAqB,CAAC,CAAA;YACvE,MAAM,eAAe,GAAQ,EAAE,CAAA;YAC/B,MAAM,YAAY,GAYZ,EAAE,CAAA;YACR,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE;gBAC5B,IAAI,MAAM,CAAC,aAAa,EAAE;oBACxB,eAAe,CAAC,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC,CAAA;iBAC3C;gBACD,KAAK,MAAM,CAAC,cAAc,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAA,MAAM,CAAC,gBAAgB,mCAAI,EAAE,CAAC,EAAE;oBACnF,MAAM,YAAY,GAAG,MAAM,CAAC,cAAc,CAAC,CAAA;oBAC3C,MAAM,EAAE,UAAU,EAAE,OAAO,EAAE,mBAAmB,EAAE,GAAG,6BAA6B,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,YAAY,CAAC,CAAA;oBACjH,YAAY,CAAC,IAAI,CAAC;wBAChB,QAAQ,EAAE,MAAM,CAAC,QAAQ;wBACzB,UAAU;wBACV,OAAO;wBACP,mBAAmB;wBACnB,IAAI,EAAE,KAAK,CAAC,IAAI;wBAChB,MAAM,EAAE,KAAK,CAAC,MAAM;qBACrB,CAAC,CAAA;iBACH;aACF;YACD,kHAAkH;YAClH,OAAO;gBACL,eAAe;gBACf,YAAY;gBACZ,qBAAqB;aACtB,CAAA;;KACF;IAEK,kDAAkD,CACtD,YAA0C,EAC1C,eAUG,EACH,0BAE6C;;;YAkB7C,MAAM,EAAE,qBAAqB,EAAE,6BAA6B,EAAE,qBAAqB,EAAE,GAAG,MAAM,IAAI,CAAC,wBAAwB,CACzH,YAAY,EACZ,eAAe,CAChB,CAAA;YACD,MAAM,OAAO,GAAG,MAAM,0BAA0B,CAAC,qBAAqB,CAAC,CAAA;YACvE,MAAM,YAAY,GAYZ,EAAE,CAAA;YACR,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE;gBAC5B,KAAK,MAAM,CAAC,cAAc,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAA,MAAM,CAAC,gBAAgB,mCAAI,EAAE,CAAC,EAAE;oBACnF,MAAM,YAAY,GAAG,MAAM,CAAC,cAAc,CAAC,CAAA;oBAC3C,MAAM,EAAE,UAAU,EAAE,OAAO,EAAE,mBAAmB,EAAE,GAAG,6BAA6B,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,YAAY,CAAC,CAAA;oBACjH,YAAY,CAAC,IAAI,CAAC;wBAChB,QAAQ,EAAE,MAAM,CAAC,QAAQ;wBACzB,UAAU;wBACV,OAAO;wBACP,mBAAmB;wBACnB,IAAI,EAAE,KAAK,CAAC,IAAI;wBAChB,MAAM,EAAE,KAAK,CAAC,MAAM;qBACrB,CAAC,CAAA;iBACH;aACF;YACD,MAAM,kBAAkB,GAAG,MAAM,CAAC,OAAO,CAAC,qBAAqB,CAAC;iBAC7D,OAAO,CAAC,CAAC,CAAC,QAAQ,EAAE,QAAQ,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,GAAG,CAAC,CAAC,UAAU,EAAE,EAAE,CAAC,CAAC,EAAE,QAAQ,EAAE,UAAU,EAAE,CAAC,CAAC,CAAC;iBACxG,MAAM,CAAC,CAAC,EAAE,QAAQ,EAAE,UAAU,EAAE,EAAE,EAAE,CAAC,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,QAAQ,KAAK,QAAQ,IAAI,KAAK,CAAC,UAAU,KAAK,UAAU,CAAC,CAAC,CAAA;YACtI,OAAO;gBACL,iBAAiB,EAAE,kBAAkB;gBACrC,YAAY;gBACZ,qBAAqB;aACtB,CAAA;;KACF;IAEa,wBAAwB,CACpC,YAA0C,EAC1C,eAUG;;;YAiBH,IAAI,IAAI,GAAG,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,eAAe,CAAC,MAAM,EAAE;gBACpF,MAAM,IAAI,KAAK,CAAC,+EAA+E,CAAC,CAAA;aACjG;YACD,MAAM,qBAAqB,GAAG,EAAyF,CAAA;YACvH,MAAM,6BAA6B,GAW/B,EAAE,CAAA;YACN,MAAM,qBAAqB,GAAa,EAAE,CAAA;YAC1C,KAAK,MAAM,EAAE,MAAM,EAAE,gBAAgB,EAAE,IAAI,eAAe,EAAE;gBAC1D,MAAM,QAAQ,GAAG,MAAM,CAAC,EAAE,CAAA;gBAC1B,IAAI,CAAC,QAAQ;oBAAE,MAAM,IAAI,KAAK,CAAC,4EAA4E,CAAC,CAAA;gBAC5G,MAAM,cAAc,GAAG,EAAE,MAAM,EAAE,IAAI,EAAE,YAAY,EAAE,CAAA;gBACrD,MAAM,eAAe,GAAG,EAAiE,CAAA;gBACzF,MAAM,sBAAsB,GAStB,EAAE,CAAA;gBACR,MAAM,iBAAiB,GAAG,MAAM,IAAI,CAAC,6BAA6B,CAAC,cAAc,EAAE,gBAAgB,CAAC,CAAA;gBACpG,KAAK,MAAM,CAAC,QAAQ,EAAE,OAAO,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,iBAAiB,CAAC,EAAE;oBACnE,eAAe,CAAC,MAAM,CAAC,sBAAsB,CAAC,MAAM,CAAC,CAAC,GAAG,OAAO,CAAA;oBAChE,sBAAsB,CAAC,IAAI,CAAC;wBAC1B,UAAU,EAAE,QAAQ;wBACpB,OAAO,EAAE,gBAAgB,CAAC,QAAQ,CAAC;wBACnC,mBAAmB,EAAE,IAAI;qBAC1B,CAAC,CAAA;iBACH;gBACD,KAAK,MAAM,CAAC,QAAQ,EAAE,WAAW,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,gBAAgB,CAAC,EAAE;oBACtE,IAAI,CAAC,iBAAiB,CAAC,QAAQ,CAAC,EAAE;wBAChC,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,wBAAwB,CAAC,8BAA8B,CAChF,cAAc,EACd,QAAQ,EACR,MAAA,WAAW,CAAC,cAAc,mCAAI,EAAE,EAChC,MAAA,WAAW,CAAC,mBAAmB,mCAAI,EAAE,EACrC,MAAA,WAAW,CAAC,oBAAoB,mCAAI,EAAE,EACtC,WAAW,CAAC,oBAAoB,CACjC,CAAA;wBACD,IAAI,OAAO,EAAE;4BACX,eAAe,CAAC,MAAM,CAAC,sBAAsB,CAAC,MAAM,CAAC,CAAC,GAAG,OAAO,CAAA;4BAChE,sBAAsB,CAAC,IAAI,CAAC;gCAC1B,UAAU,EAAE,QAAQ;gCACpB,OAAO,EAAE,WAAW;gCACpB,mBAAmB,EAAE,KAAK;6BAC3B,CAAC,CAAA;yBACH;qBACF;iBACF;gBACD,IAAI,MAAM,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE;oBAC3C,qBAAqB,CAAC,QAAQ,CAAC,GAAG,eAAe,CAAA;oBACjD,6BAA6B,CAAC,QAAQ,CAAC,GAAG,sBAAsB,CAAA;iBACjE;qBAAM;oBACL,qBAAqB,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAA;iBACrC;aACF;YACD,OAAO,EAAE,qBAAqB,EAAE,qBAAqB,EAAE,6BAA6B,EAAE,CAAA;;KACvF;IAEK,0CAA0C,CAC9C,MAAyD,EACzD,eAAwB,EACxB,SAOC,EACD,0BAAkJ;;;YAElJ,MAAM,uBAAuB,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,MAAM,CAAC,CAAA;YACnE,MAAM,wBAAwB,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,MAAM,CAAC,CAAA;YACrE,IAAI,kBAAwC,CAAA;YAC5C,IAAI,eAAe,EAAE;gBACnB,kBAAkB,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,CAAA;aACpD;YACD,MAAM,gBAAgB,GAOlB,EAAE,CAAA;YACN,KAAK,MAAM,CAAC,UAAU,EAAE,gBAAgB,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE;gBACtE,IAAI,CAAC,uBAAuB,CAAC,MAAM,IAAI,gBAAgB,CAAC,mBAAmB,KAAK,+CAAsB,CAAC,QAAQ,EAAE;oBAC/G,MAAM,IAAI,KAAK,CACb,UAAU,IAAI,CAAC,SAAS,CACtB,MAAM,CACP,8GAA8G,CAChH,CAAA;iBACF;gBACD,IAAI,CAAC,wBAAwB,CAAC,MAAM,IAAI,gBAAgB,CAAC,oBAAoB,KAAK,+CAAsB,CAAC,QAAQ,EAAE;oBACjH,MAAM,IAAI,KAAK,CACb,UAAU,IAAI,CAAC,SAAS,CACtB,MAAM,CACP,kHAAkH,CACpH,CAAA;iBACF;gBACD,IAAI,CAAC,gBAAgB,CAAC,cAAc,IAAI,CAAC,eAAe,EAAE;oBACxD,MAAM,IAAI,KAAK,CAAC,gEAAgE,MAAM,CAAC,IAAI,GAAG,CAAC,CAAA;iBAChG;qBAAM,IAAI,gBAAgB,CAAC,cAAc,IAAI,eAAe,EAAE;oBAC7D,MAAM,IAAI,KAAK,CAAC,uEAAuE,MAAM,CAAC,IAAI,GAAG,CAAC,CAAA;iBACvG;gBACD,gBAAgB,CAAC,UAAU,CAAC,GAAG;oBAC7B,cAAc,EAAE,MAAA,gBAAgB,CAAC,cAAc,mCAAI,kBAAmB;oBACtE,mBAAmB,EAAE,gBAAgB,CAAC,mBAAmB,KAAK,+CAAsB,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,uBAAuB;oBACzH,oBAAoB,EAAE,gBAAgB,CAAC,oBAAoB,KAAK,+CAAsB,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,wBAAwB;oBAC5H,oBAAoB,EAAE,MAAA,gBAAgB,CAAC,oBAAoB,mCAAI,uBAAuB,CAAC,SAAS;iBACjG,CAAA;aACF;YACD,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,wCAAwC,CACrE,MAAM,CAAC,IAAI,EACX;gBACE;oBACE,MAAM,EAAE,MAAM,CAAC,MAAM;oBACrB,gBAAgB;iBACjB;aACF,EACD,CAAC,CAAC,EAAE,EAAE,CAAC,0BAA0B,CAAC,CAAC,CAAC,CACrC,CAAA;YACD,IAAI,WAAW,CAAC,qBAAqB,CAAC,QAAQ,CAAC,MAAM,CAAC,MAAM,CAAC,EAAG,CAAC,EAAE;gBACjE,OAAO,IAAI,gCAAkB,CAAC,MAAM,CAAC,MAAM,CAAC,CAAA;aAC7C;YACD,IAAI,CAAC,WAAW,CAAC,YAAY,CAAC,MAAM,IAAI,WAAW,CAAC,eAAe,CAAC,MAAM,KAAK,CAAC,EAAE;gBAChF,OAAO,IAAI,gCAAkB,CAAC,WAAW,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,CAAA;aAC9D;YACD,MAAM,kBAAkB,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAA;YAC1D,MAAM,0BAA0B,GAAG,WAAW,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,kBAAkB,CAAC,GAAG,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAA;YAC/G,IAAI,0BAA0B,CAAC,MAAM,KAAK,CAAC,IAAI,WAAW,CAAC,eAAe,CAAC,MAAM,KAAK,CAAC,EAAE;gBACvF,OAAO,CAAC,IAAI,CAAC,+CAA+C,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC,YAAY,CAAC,GAAG,CAAC,CAAA;gBACxG,OAAO,IAAI,gCAAkB,CAAC,WAAW,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,CAAA;aAC9D;YACD,OAAO,IAAI,gCAAkB,CAC3B,WAAW,CAAC,YAAY,EACxB,6CAA6C,MAAM,CAAC,MAAM,CAAC,EAAE,oCAAoC,CAClG,CAAA;;KACF;IAEa,6BAA6B,CACzC,MAA+B,EAC/B,qBAOC;;YAED,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,+BAA+B,EAAE,CAAA;YAC3E,MAAM,eAAe,GAAG,MAAM,IAAA,wCAAqB,EAAC,IAAI,CAAC,0BAA0B,CAAC,kBAAkB,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC,CAAA;YAC1H,MAAM,oBAAoB,GAAG,MAAM,IAAA,wCAAqB,EAAC,IAAI,CAAC,0BAA0B,CAAC,uBAAuB,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC,CAAA;YACpI,MAAM,qBAAqB,GAAG,MAAM,IAAA,wCAAqB,EAAC,IAAI,CAAC,0BAA0B,CAAC,wBAAwB,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC,CAAA;YACtI,MAAM,GAAG,GAAG,EAAkE,CAAA;YAC9E,KAAK,MAAM,eAAe,IAAI,SAAS,EAAE;gBACvC,MAAM,wBAAwB,GAAG,MAAM,IAAI,CAAC,wCAAwC,CAClF,MAAM,EACN,eAAe,EACf,qBAAqB,CAAC,eAAe,CAAC,EACtC,eAAe,EACf,oBAAoB,EACpB,qBAAqB,CACtB,CAAA;gBACD,IAAI,wBAAwB,EAAE;oBAC5B,GAAG,CAAC,eAAe,CAAC,GAAG,wBAAwB,CAAA;iBAChD;aACF;YACD,OAAO,GAAG,CAAA;QACZ,CAAC;KAAA;IAEa,wCAAwC,CACpD,MAA+B,EAC/B,WAAmB,EACnB,sBAOa,EACb,eAAwE,EACxE,oBAA6E,EAC7E,qBAA8E;;;YAE9E,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,qBAAqB,EAAE,CAAA;YAC9D,MAAM,YAAY,GAChB,MAAM,KAAK,MAAM,CAAC,MAAM,CAAC,EAAE,IAAI,WAAW,KAAK,MAAM;gBACnD,CAAC,CAAC,WAAW,CAAC,KAAK;gBACnB,CAAC,CAAC,MAAM,IAAI,CAAC,0BAA0B,CAAC,oBAAoB,CAAC,MAAM,EAAE,CAAC,WAAW,CAAC,CAAC,CAAA;YACvF,IAAI,CAAC,YAAY;gBAAE,OAAO,SAAS,CAAA;YACnC,MAAM,mBAAmB,GAAG,eAAe,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,oBAAoB,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC,CAAA;YAC/H,MAAM,wBAAwB,GAAG,oBAAoB,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,oBAAoB,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC,CAAA;YACzI,MAAM,yBAAyB,GAAG,qBAAqB,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,oBAAoB,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC,CAAA;YAC3I,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,uBAAuB,CAAC,oBAAoB,CAAC,MAAM,EAAE,CAAC,WAAW,CAAC,CAAC,CAAA;YACpG,MAAM,mBAAmB,GAAG,YAAY,KAAK,WAAW,CAAC,KAAK,IAAI,aAAa,KAAK,WAAW,CAAC,KAAK,CAAA,CAAC,+JAA+J;YACrQ,IAAI,gBAAgB,GAAa,EAAE,CAAA;YACnC,IAAI,qBAAqB,GAAa,EAAE,CAAA;YACxC,IAAI,sBAAsB,GAAa,EAAE,CAAA;YACzC,IAAI,mBAAmB,CAAC,MAAM,GAAG,CAAC,EAAE;gBAClC,MAAM,gBAAgB,GAAG,IAAI,GAAG,CAC9B,CAAC,MAAM,IAAA,wCAAqB,EAAC,IAAI,CAAC,uBAAuB,CAAC,kBAAkB,CAAC,MAAM,EAAE,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC,CAC9H,CAAA;gBACD,gBAAgB,GAAG,mBAAmB,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAA;aAC/E;YACD,IAAI,wBAAwB,CAAC,MAAM,GAAG,CAAC,EAAE;gBACvC,MAAM,qBAAqB,GAAG,IAAI,GAAG,CACnC,CAAC,MAAM,IAAA,wCAAqB,EAAC,IAAI,CAAC,uBAAuB,CAAC,uBAAuB,CAAC,MAAM,EAAE,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC,CACnI,CAAA;gBACD,qBAAqB,GAAG,wBAAwB,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,qBAAqB,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAA;aAC9F;YACD,IAAI,yBAAyB,CAAC,MAAM,GAAG,CAAC,EAAE;gBACxC,MAAM,sBAAsB,GAAG,IAAI,GAAG,CACpC,CAAC,MAAM,IAAA,wCAAqB,EAAC,IAAI,CAAC,uBAAuB,CAAC,wBAAwB,CAAC,MAAM,EAAE,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC,CACpI,CAAA;gBACD,sBAAsB,GAAG,yBAAyB,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,sBAAsB,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAA;aACjG;YACD,IAAI,mBAAmB,IAAI,gBAAgB,CAAC,MAAM,GAAG,CAAC,IAAI,qBAAqB,CAAC,MAAM,GAAG,CAAC,IAAI,sBAAsB,CAAC,MAAM,GAAG,CAAC,EAAE;gBAC/H,IAAI,oBAAiD,CAAA;gBACrD,IAAI,WAAW,KAAK,MAAM,IAAI,mBAAmB,EAAE;oBACjD,oBAAoB,GAAG,2BAA2B,CAAC,IAAI,CAAA;iBACxD;qBAAM,IAAI,YAAY,KAAK,WAAW,CAAC,KAAK,EAAE;oBAC7C,oBAAoB,GAAG,2BAA2B,CAAC,UAAU,CAAA;iBAC9D;qBAAM;oBACL,oBAAoB,GAAG,MAAA,sBAAsB,aAAtB,sBAAsB,uBAAtB,sBAAsB,CAAE,oBAAoB,mCAAI,2BAA2B,CAAC,SAAS,CAAA;iBAC7G;gBACD,OAAO,MAAM,IAAI,CAAC,wBAAwB,CAAC,8BAA8B,CACvE,MAAM,EACN,WAAW,EACX,KAAK,CAAC,IAAI,CAAC,IAAI,GAAG,CAAC,CAAC,GAAG,gBAAgB,EAAE,GAAG,CAAC,MAAA,sBAAsB,aAAtB,sBAAsB,uBAAtB,sBAAsB,CAAE,cAAc,mCAAI,EAAE,CAAC,CAAC,CAAC,CAAC,EAC7F,KAAK,CAAC,IAAI,CAAC,IAAI,GAAG,CAAC,CAAC,GAAG,qBAAqB,EAAE,GAAG,CAAC,MAAA,sBAAsB,aAAtB,sBAAsB,uBAAtB,sBAAsB,CAAE,mBAAmB,mCAAI,EAAE,CAAC,CAAC,CAAC,CAAC,EACvG,KAAK,CAAC,IAAI,CAAC,IAAI,GAAG,CAAC,CAAC,GAAG,sBAAsB,EAAE,GAAG,CAAC,MAAA,sBAAsB,aAAtB,sBAAsB,uBAAtB,sBAAsB,CAAE,oBAAoB,mCAAI,EAAE,CAAC,CAAC,CAAC,CAAC,EACzG,oBAAoB,CACrB,CAAA;aACF;;gBAAM,OAAO,SAAS,CAAA;;KACxB;IAEK,gBAAgB,CACpB,MAA+B,EAC/B,OAAiC,EACjC,SAAuE;;YAEvE,MAAM,aAAa,GAAG,IAAI,CAAC,4BAA4B,CAAC,uBAAuB,CAAC,MAAM,EAAE,CAAC,MAAM,IAAI,CAAC,YAAY,CAAC,qBAAqB,EAAE,CAAC,CAAC,CAAA;YAC1I,MAAM,SAAS,GAAgB,IAAI,GAAG,EAAE,CAAA;YACxC,IAAI,MAAM,GAAG,MAAM,aAAa,CAAC,IAAI,EAAE,CAAA;YACvC,OAAO,CAAC,MAAM,CAAC,IAAI,EAAE;gBACnB,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,EAAE;oBAC1C,SAAS,CAAC,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,CAAA;oBACrC,IAAI;wBACF,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,iBAAiB,CAAC,MAAM,CAAC,KAAK,CAAC,SAAS,EAAE,OAAO,CAAC,CAAA;wBAC9F,IAAI,CAAC,SAAS,IAAI,CAAC,MAAM,SAAS,CAAC,SAAS,CAAC,CAAC;4BAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,YAAY,EAAE,IAAI,EAAE,CAAA;qBAC/F;oBAAC,OAAO,CAAC,EAAE;wBACV,OAAO,CAAC,IAAI,CAAC,uCAAuC,MAAM,CAAC,KAAK,KAAK,CAAC,EAAE,CAAC,CAAA;qBAC1E;iBACF;gBACD,MAAM,GAAG,MAAM,aAAa,CAAC,IAAI,EAAE,CAAA;aACpC;YACD,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,YAAY,EAAE,KAAK,EAAE,CAAA;QAC/C,CAAC;KAAA;IAEK,aAAa,CACjB,MAAS,EACT,IAAkC,EAClC,OAAiC,EACjC,UAAqC;;YAErC,MAAM,2BAA2B,GAAG,MAAM,IAAI,CAAC,+BAA+B,CAAC,MAAM,EAAE,IAAI,CAAC,CAAA;YAC5F,IAAI,aAA4B,CAAA;YAChC,IAAI,CAAC,CAAC,2BAA2B,EAAE;gBACjC,aAAa,GAAG,MAAM,UAAU,CAAC,2BAA2B,CAAC,CAAA;aAC9D;YACD,MAAM,aAAa,GAAG,IAAI,CAAC,4BAA4B,CAAC,uBAAuB,CAAC,EAAE,MAAM,EAAE,aAAa,aAAb,aAAa,cAAb,aAAa,GAAI,MAAM,EAAE,IAAI,EAAE,EAAE;gBACzH,MAAM,IAAI,CAAC,YAAY,CAAC,qBAAqB,EAAE;aAChD,CAAC,CAAA;YACF,IAAI,MAAM,GAAG,MAAM,aAAa,CAAC,IAAI,EAAE,CAAA;YACvC,OAAO,CAAC,MAAM,CAAC,IAAI,EAAE;gBACnB,IAAI;oBACF,OAAO,EAAE,aAAa,EAAE,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,iBAAiB,CAAC,MAAM,CAAC,KAAK,CAAC,SAAS,EAAE,OAAO,CAAC,EAAE,aAAa,EAAE,aAAa,EAAE,CAAA;iBACrI;gBAAC,OAAO,CAAC,EAAE;oBACV,OAAO,CAAC,IAAI,CAAC,uCAAuC,MAAM,CAAC,KAAK,KAAK,CAAC,EAAE,CAAC,CAAA;iBAC1E;gBACD,MAAM,GAAG,MAAM,aAAa,CAAC,IAAI,EAAE,CAAA;aACpC;YACD,MAAM,IAAI,KAAK,CAAC,0DAA0D,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,GAAG,CAAC,CAAA;QACtG,CAAC;KAAA;IAEK,aAAa,CACjB,MAAS,EACT,UAAwC,EACxC,WAA6B;;YAE7B,IAAI,CAAC,MAAM,CAAC,aAAa;gBAAE,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,IAAI,EAAE,CAAA;YAC7D,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,iCAAiC,CAAC,EAAE,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,UAAU,EAAE,CAAC,CAAA;YACzG,IAAI,CAAC,cAAc,CAAC,MAAM;gBAAE,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,KAAK,EAAE,CAAA;YAC/D,OAAO;gBACL,MAAM,EAAE,WAAW,CACjB,MAAM,IAAA,qBAAa,EAAC,MAAM,EAAE,CAAO,SAAS,EAAE,EAAE;;oBAC9C,OAAO,MAAA,CAAC,MAAM,IAAI,CAAC,cAAc,CAAC,cAAc,EAAE,SAAS,EAAE,KAAK,CAAC,CAAC,mCAAI,EAAE,CAAA;gBAC5E,CAAC,CAAA,CAAC,CACH;gBACD,SAAS,EAAE,IAAI;aAChB,CAAA;QACH,CAAC;KAAA;IAEK,cAAc,CAClB,aAAgD,EAChD,SAAqB,EACrB,8BAAuC;;;YAEvC,KAAK,MAAM,GAAG,IAAI,aAAa,EAAE;gBAC/B,IAAI;oBACF,MAAM,SAAS,GAAG,MAAA,CAAC,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE,SAAS,EAAE,GAAG,CAAC,GAAG,CAAC,CAAC,mCAAI,SAAS,CAAA;oBAC/F,OAAO,IAAI,CAAC,KAAK,CAAC,IAAA,eAAO,EAAC,8BAA8B,CAAC,CAAC,CAAC,IAAA,6BAAqB,EAAC,IAAI,UAAU,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAA;iBAC1H;gBAAC,OAAO,CAAC,EAAE,GAAE;aACf;YACD,OAAO,SAAS,CAAA;;KACjB;IAEK,gBAAgB,CACpB,MAAS,EACT,UAAwC,EACxC,eAAwC,EACxC,gBAAyB,EACzB,iBAA0B,EAC1B,WAA6B;;YAE7B,MAAM,mCAAmC,GAAG,MAAM,IAAI,CAAC,+BAA+B,CAAC,MAAM,EAAE,UAAU,CAAC,CAAA;YAC1G,MAAM,aAAa,GAAG,mCAAmC,CAAC,CAAC,CAAC,mCAAmC,CAAC,CAAC,CAAC,MAAM,CAAA;YACxG,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,sBAAsB,CAAC,EAAE,MAAM,EAAE,IAAI,EAAE,UAAU,EAAE,CAAC,CAAA;YACrF,IAAI,CAAC,CAAC,aAAa,EAAE;gBACnB,OAAO,WAAW,CAChB,MAAM,IAAA,qBAAa,EACjB,aAAa,EACb,CAAC,GAAG,EAAE,EAAE;oBACN,gFAAgF;oBAChF,MAAM,IAAI,GAAG,gBAAgB;wBAC3B,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;4BAC3B,OAAO,CAAC,YAAY,WAAW,IAAI,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC;gCACtD,CAAC,CAAC,IAAA,WAAG,EAAC,IAAI,UAAU,CAAC,CAAoB,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,MAAM,CAAC,YAAY,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;gCAC5F,CAAC,CAAC,CAAC,CAAA;wBACP,CAAC,CAAC;wBACJ,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAA;oBACvB,OAAO,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,aAAa,CAAC,GAAG,EAAE,IAAA,gBAAQ,EAAC,IAAI,CAAC,EAAE,aAAa,CAAC,GAAG,CAAC,CAAA;gBAC1F,CAAC,EACD,eAAe,EACf,UAAU,CACX,CACF,CAAA;aACF;iBAAM,IAAI,iBAAiB,EAAE;gBAC5B,MAAM,IAAI,KAAK,CAAC,yCAAyC,MAAM,EAAE,CAAC,CAAA;aACnE;iBAAM;gBACL,MAAM,IAAA,qBAAa,EACjB,MAAM,EACN,CAAO,GAA2B,EAAE,EAAE;oBACpC,MAAM,iBAAiB,GAAG,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAC/C,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,SAAS,IAAI,CAAC,OAAO,CAAC,KAAK,QAAQ,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,IAAI,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CACrH,CAAA;oBACD,IAAI,iBAAiB,EAAE;wBACrB,MAAM,IAAI,KAAK,CACb,+FAA+F,IAAI,CAAC,SAAS,CAC3G,MAAM,CACP,iBAAiB,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,EAAE,CACxC,CAAA;qBACF;oBACD,OAAO,OAAO,CAAC,OAAO,CAAC,IAAI,WAAW,CAAC,CAAC,CAAC,CAAC,CAAA;gBAC5C,CAAC,CAAA,EACD,eAAe,EACf,QAAQ,CACT,CAAA;gBACD,OAAO,MAAM,CAAA;aACd;QACH,CAAC;KAAA;IAEK,+BAA+B,CAA4B,MAAS,EAAE,UAAwC;;;YAClH,IAAI,IAAI,CAAC,4BAA4B,CAAC,oBAAoB,CAAC,MAAM,CAAC;gBAAE,OAAO,SAAS,CAAA;YACpF,IAAI,CAAC,MAAM,CAAC,GAAG,EAAE;gBACf,MAAM,IAAI,KAAK,CACb,uDAAuD;oBACrD,kGAAkG,CACrG,CAAA;aACF;YACD;;;eAGG;YACH,MAAM,mBAAmB,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,MAAA,MAAM,CAAC,WAAW,mCAAI,EAAE,CAAC,CAAC,CAAA;YAC1E,MAAM,uBAAuB,GAAG,MAAM,CAAC,WAAW,CAChD,MAAM,CAAC,MAAM,CAAC,MAAA,CAAC,MAAM,IAAI,CAAC,OAAO,CAAC,cAAc,EAAE,CAAC,CAAC,eAAe,mCAAI,EAAE,CAAC;iBACvE,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC;iBACjB,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,mBAAmB,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;iBACzC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,eAAe,CAAC,KAAK,CAAC,CAAC,CAC1C,CAAA;YACD,OAAO,MAAM,IAAI,CAAC,wBAAwB,CAAC,sCAAsC,iCAE1E,MAAM,KACT,iBAAiB,EAAE,MAAA,MAAM,CAAC,iBAAiB,mCAAI,EAAE,KAEnD,UAAU,EACV,EAAE,EACF,EAAE,EACF,CAAC,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,iBAAiB,CAAC,IAAI,CAAC,CAAC,EACnD,uBAAuB,CACxB,CAAA;;KACF;IAEa,gBAAgB,CAC5B,MAA+B,EAC/B,8BAGuF;;YAEvF,MAAM,kBAAkB,GAAG,IAAI,CAAC,aAAa;gBAC3C,CAAC,CAAC,MAAM,IAAI,CAAC,YAAY,CAAC,+BAA+B,EAAE;gBAC3D,CAAC,CAAC,CAAC,MAAM,IAAI,CAAC,YAAY,CAAC,qBAAqB,EAAE,CAAC,CAAA;YACrD,MAAM,aAAa,GAAG,MAAM,IAAA,wCAAqB,EAAC,8BAA8B,CAAC,MAAM,EAAE,kBAAkB,CAAC,CAAC,CAAA;YAC7G,OAAO,kBAAkB,CAAC,GAAG,CAAC,CAAC,OAAO,EAAE,EAAE;gBACxC,MAAM,SAAS,GAAG,IAAI,CAAC,WAAW,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,oBAAoB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAA;gBAC1I,OAAO,EAAE,OAAO,EAAE,SAAS,EAAE,CAAA;YAC/B,CAAC,CAAC,CAAA;QACJ,CAAC;KAAA;IAEa,wBAAwB,CACpC,MAA+B,EAC/B,WAA+B,EAC/B,8BAGuF;;YAEvF,MAAM,SAAS,GAAG,IAAI,CAAC,aAAa;gBAClC,CAAC,CAAC,WAAW;oBACX,CAAC,CAAC,MAAM,IAAI,CAAC,YAAY,CAAC,mCAAmC,CAAC,WAAW,CAAC;oBAC1E,CAAC,CAAC,MAAM,IAAI,CAAC,YAAY,CAAC,+BAA+B,EAAE;gBAC7D,CAAC,CAAC,CAAC,WAAW,aAAX,WAAW,cAAX,WAAW,GAAI,CAAC,MAAM,IAAI,CAAC,YAAY,CAAC,qBAAqB,EAAE,CAAC,CAAC,CAAA;YACtE,MAAM,aAAa,GAAG,MAAM,IAAA,wCAAqB,EAAC,8BAA8B,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC,CAAA;YACpG,OAAO,IAAI,CAAC,WAAW,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAA;QAChE,CAAC;KAAA;IAEa,YAAY,CAAC,GAAW;;YACpC,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC,GAAG,CAAC;gBAAE,OAAO,SAAS,CAAA;YACpD,IAAI;gBACF,OAAO,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,SAAS,CAAC,KAAK,EAAE,IAAA,cAAM,EAAC,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,CAAC,CAAA;aACjF;YAAC,OAAO,CAAC,EAAE;gBACV,OAAO,CAAC,IAAI,CAAC,wBAAwB,GAAG,wBAAwB,EAAE,CAAC,CAAC,CAAA;gBACpE,OAAO,SAAS,CAAA;aACjB;QACH,CAAC;KAAA;IAEK,iCAAiC,CAAC,MAA+B;;YACrE,MAAM,IAAI,GAAG,IAAI,CAAC,4BAA4B,CAAC,oBAAoB,CAAC,MAAM,CAAC,MAAM,CAAC;gBAChF,CAAC,CAAC,MAAM,IAAI,CAAC,gBAAgB,CAAC,MAAM,CAAC;gBACrC,CAAC,CAAC,IAAI,CAAC,WAAW,CACd,MAAM,IAAA,wCAAqB,EACzB,IAAI,CAAC,0BAA0B,CAAC,kBAAkB,CAAC,MAAM,EAAE,MAAM,IAAI,CAAC,YAAY,CAAC,+BAA+B,EAAE,CAAC,CACtH,CAAC,IAAI,CAAC,CAAC,aAAa,EAAE,EAAE,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC,EAAE,SAAS,EAAE,EAAE,EAAE,CAAC,SAAS,CAAC,CAAC,CAC3E,CAAA;YACL,MAAM,GAAG,GAAG,EAAE,CAAA;YACd,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE;gBACtB,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,CAAA;gBAC7C,IAAI,QAAQ;oBAAE,GAAG,CAAC,IAAI,CAAC,EAAE,GAAG,EAAE,QAAQ,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAA;aACpD;YACD,OAAO,GAAG,CAAA;QACZ,CAAC;KAAA;IAEK,gCAAgC,CAAC,MAA+B;;YACpE,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,sBAAsB,CAAC,MAAM,CAAC,CAAA;YACrD,IAAI,CAAC,GAAG;gBAAE,MAAM,IAAI,KAAK,CAAC,2CAA2C,MAAM,CAAC,MAAM,CAAC,EAAE,KAAK,MAAM,CAAC,IAAI,IAAI,CAAC,CAAA;YAC1G,OAAO,GAAG,CAAA;QACZ,CAAC;KAAA;IAEa,sBAAsB,CAAC,MAA+B;;YAClE,MAAM,SAAS,GAAG,IAAI,CAAC,4BAA4B,CAAC,uBAAuB,CAAC,MAAM,EAAE,MAAM,IAAI,CAAC,YAAY,CAAC,+BAA+B,EAAE,CAAC,CAAA;YAC9I,IAAI,MAAM,GAAG,MAAM,SAAS,CAAC,IAAI,EAAE,CAAA;YACnC,OAAO,CAAC,MAAM,CAAC,IAAI,EAAE;gBACnB,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,CAAA;gBAChE,IAAI,QAAQ;oBAAE,OAAO,EAAE,GAAG,EAAE,QAAQ,EAAE,GAAG,EAAE,MAAM,CAAC,KAAK,CAAC,SAAS,EAAE,CAAA;gBACnE,MAAM,GAAG,MAAM,SAAS,CAAC,IAAI,EAAE,CAAA;aAChC;YACD,OAAO,SAAS,CAAA;QAClB,CAAC;KAAA;IAEO,WAAW,CAAI,MAAW;QAChC,OAAO,CAAC,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,CAAC,CAAA;IAC7B,CAAC;IAEO,yCAAyC,CAAC,OAAe,EAAE,QAAa,EAAE,UAAkB,EAAE,UAAsB;QAC1H,IAAI,QAAQ;YAAE,OAAM;QAEpB,IAAI,OAAO,GAAG,kCAAkC,GAAG,UAAU,GAAG,gBAAgB,CAAA;QAEhF,IAAI,UAAU,EAAE;YACd,IAAI;gBACF,MAAM,SAAS,GAAG,CAAC,GAAG,UAAU,CAAC,CAAA;gBACjC,SAAS,CAAC,OAAO,CAAC,CAAC,GAAG,EAAE,KAAK,EAAE,EAAE,CAAC,CAAC,OAAO,IAAI,KAAK,GAAG,KAAK,GAAG,KAAK,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,CAAA;aAC5F;YAAC,OAAO,EAAE,EAAE;gBACX,OAAO,IAAI,uDAAuD,GAAG,EAAE,CAAA;aACxE;SACF;QAED,MAAM,IAAI,KAAK,CAAC,8BAA8B,GAAG,OAAO,GAAG,yBAAyB,GAAG,QAAQ,GAAG,OAAO,CAAC,CAAA;IAC5G,CAAC;IAEO,4BAA4B,CAAC,MAAuB;QAC1D,IAAI,CAAC,8BAA8B,CAAC,MAAM,EAAE,IAAI,CAAC,CAAA;IACnD,CAAC;IAED,0BAA0B,CAAC,MAAuB;QAChD,OAAO,IAAI,CAAC,8BAA8B,CAAC,MAAM,EAAE,KAAK,CAAC,CAAA;IAC3D,CAAC;IAEO,8BAA8B,CAAC,MAAuB,EAAE,oBAA6B;QAC3F,MAAM,gBAAgB,GAAG,EAAE,CAAA;QAC3B,IAAI,MAAM,CAAC,WAAW,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,MAAM;YAAE,gBAAgB,CAAC,IAAI,CAAC,aAAa,CAAC,CAAA;QACtG,IAAI,MAAM,CAAC,kBAAkB,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,kBAAkB,CAAC,CAAC,MAAM;YAAE,gBAAgB,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAA;QAC3H,IAAI,MAAM,CAAC,cAAc,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC,MAAM;YAAE,gBAAgB,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAA;QAC/G,IAAI,MAAM,CAAC,iBAAiB,IAAI,MAAM,CAAC,iBAAiB,CAAC,MAAM;YAAE,gBAAgB,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAA;QAC3G,IAAI,MAAM,CAAC,gBAAgB,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC,MAAM;YAAE,gBAAgB,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAA;QACrH,IAAI,gBAAgB,CAAC,MAAM,GAAG,CAAC,EAAE;YAC/B,IAAI,oBAAoB,EAAE;gBACxB,MAAM,IAAI,KAAK,CACb,mHAAmH,gBAAgB,IAAI;oBACrI,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,SAAS,EAAE,CAAC,CAAC,CACvC,CAAA;aACF;;gBAAM,OAAO,KAAK,CAAA;SACpB;QACD,OAAO,IAAI,CAAA;IACb,CAAC;CACF;AA5yBD,sDA4yBC","sourcesContent":["import { EncryptedEntity, EncryptedEntityStub } from '../../icc-api/model/models'\nimport { IccDataOwnerXApi } from '../icc-data-owner-x-api'\nimport { b2a, encryptObject, decryptObject, hex2ua, truncateTrailingNulls, ua2utf8, utf8_2ua, EncryptedFieldsManifest } from '../utils'\nimport { CryptoPrimitives } from './CryptoPrimitives'\nimport { asyncGeneratorToArray } from '../utils/collection-utils'\nimport { SecurityMetadataDecryptor, SecurityMetadataDecryptorChain } from './SecurityMetadataDecryptor'\nimport { EncryptedEntityWithType, EntityWithDelegationTypeName } from '../utils/EntityWithDelegationTypeName'\nimport { SecureDelegation } from '../../icc-api/model/SecureDelegation'\nimport { ExtendedApisUtils } from './ExtendedApisUtils'\nimport { EntityShareOrMetadataUpdateRequest } from '../../icc-api/model/requests/EntityShareOrMetadataUpdateRequest'\nimport { EntityBulkShareResult } from '../../icc-api/model/requests/EntityBulkShareResult'\nimport { EntityShareRequest } from '../../icc-api/model/requests/EntityShareRequest'\nimport { SecureDelegationsManager } from './SecureDelegationsManager'\nimport { LegacyDelegationSecurityMetadataDecryptor } from './LegacyDelegationSecurityMetadataDecryptor'\nimport { SecureDelegationsSecurityMetadataDecryptor } from './SecureDelegationsSecurityMetadataDecryptor'\nimport { ShareResult, ShareResultFailure, ShareResultSuccess } from '../utils/ShareResult'\nimport { ShareMetadataBehaviour } from './ShareMetadataBehaviour'\nimport { IccUserXApi } from '../icc-user-x-api'\nimport { MinimalEntityBulkShareResult } from '../../icc-api/model/requests/MinimalEntityBulkShareResult'\nimport AccessLevel = SecureDelegation.AccessLevelEnum\nimport RequestedPermissionEnum = EntityShareRequest.RequestedPermissionEnum\nimport RequestedPermissionInternal = EntityShareRequest.RequestedPermissionInternal\nimport AccessLevelEnum = SecureDelegation.AccessLevelEnum\n\n/**\n * @internal this class is for internal use only and may be changed without notice.\n * Methods to support extended apis.\n */\nexport class ExtendedApisUtilsImpl implements ExtendedApisUtils {\n private readonly allSecurityMetadataDecryptor: SecurityMetadataDecryptor\n\n constructor(\n private readonly primitives: CryptoPrimitives,\n private readonly dataOwnerApi: IccDataOwnerXApi,\n private readonly legacyDelMetadataDecryptor: LegacyDelegationSecurityMetadataDecryptor,\n private readonly secDelMetadataDecryptor: SecureDelegationsSecurityMetadataDecryptor,\n private readonly secureDelegationsManager: SecureDelegationsManager,\n private readonly userApi: IccUserXApi,\n private readonly useParentKeys: boolean\n ) {\n this.allSecurityMetadataDecryptor = new SecurityMetadataDecryptorChain([legacyDelMetadataDecryptor, secDelMetadataDecryptor])\n }\n\n async encryptionKeysOf(entity: EncryptedEntityWithType, dataOwnerId?: string): Promise<string[]> {\n return await this.decryptAndMergeHierarchy(entity, dataOwnerId, (entityWithType, hierarchy) =>\n this.allSecurityMetadataDecryptor.decryptEncryptionKeysOf(entityWithType, hierarchy)\n )\n }\n\n async encryptionKeysForHcpHierarchyOf(entity: EncryptedEntityWithType): Promise<{ ownerId: string; extracted: string[] }[]> {\n return this.decryptHierarchy(entity, (entityWithType, hierarchy) =>\n this.allSecurityMetadataDecryptor.decryptEncryptionKeysOf(entityWithType, hierarchy)\n )\n }\n\n async secretIdsOf(entity: EncryptedEntityWithType, dataOwnerId?: string): Promise<string[]> {\n return await this.decryptAndMergeHierarchy(entity, dataOwnerId, (entityWithType, hierarchy) =>\n this.allSecurityMetadataDecryptor.decryptSecretIdsOf(entityWithType, hierarchy)\n )\n }\n\n async secretIdsForHcpHierarchyOf(entity: EncryptedEntityWithType): Promise<{ ownerId: string; extracted: string[] }[]> {\n return this.decryptHierarchy(entity, (entityWithType, hierarchy) =>\n this.allSecurityMetadataDecryptor.decryptSecretIdsOf(entityWithType, hierarchy)\n )\n }\n\n async owningEntityIdsOf(entity: EncryptedEntityWithType, dataOwnerId?: string): Promise<string[]> {\n return await this.decryptAndMergeHierarchy(entity, dataOwnerId, (entityWithType, hierarchy) =>\n this.allSecurityMetadataDecryptor.decryptOwningEntityIdsOf(entityWithType, hierarchy)\n )\n }\n\n async owningEntityIdsForHcpHierarchyOf(entity: EncryptedEntityWithType): Promise<{ ownerId: string; extracted: string[] }[]> {\n return this.decryptHierarchy(entity, (entityWithType, hierarchy) =>\n this.allSecurityMetadataDecryptor.decryptOwningEntityIdsOf(entityWithType, hierarchy)\n )\n }\n\n async hasWriteAccess(entity: EncryptedEntityWithType): Promise<boolean> {\n return (\n (await this.allSecurityMetadataDecryptor.getEntityAccessLevel(entity, await this.dataOwnerApi.getCurrentDataOwnerHierarchyIds())) ===\n AccessLevel.WRITE\n )\n }\n\n async entityWithInitialisedEncryptedMetadata<T extends EncryptedEntity>(\n entity: T,\n entityType: EntityWithDelegationTypeName,\n owningEntity: string | undefined,\n owningEntitySecretId: string | undefined,\n initialiseEncryptionKey: boolean,\n initialiseSecretId: boolean,\n autoDelegations: { [p: string]: SecureDelegation.AccessLevelEnum }\n ): Promise<{ updatedEntity: T; rawEncryptionKey: string | undefined; secretId: string | undefined }> {\n this.throwDetailedExceptionForInvalidParameter('entity.id', entity.id, 'entityWithInitialisedEncryptedMetadata', arguments)\n this.checkEmptyEncryptionMetadata(entity)\n const newRawKey = initialiseEncryptionKey ? await this.primitives.AES.generateCryptoKey(true) : undefined\n const newSecretId = initialiseSecretId ? this.primitives.randomUuid() : undefined\n return {\n updatedEntity: await this.secureDelegationsManager.entityWithInitialisedEncryptedMetadata(\n {\n ...entity,\n secretForeignKeys: owningEntitySecretId ? [owningEntitySecretId] : [],\n },\n entityType,\n newSecretId ? [newSecretId] : [],\n !!owningEntity ? [owningEntity] : [],\n newRawKey ? [newRawKey] : [],\n autoDelegations\n ),\n rawEncryptionKey: newRawKey,\n secretId: newSecretId,\n }\n }\n\n async bulkShareOrUpdateEncryptedEntityMetadata<T extends EncryptedEntityStub>(\n entitiesType: EntityWithDelegationTypeName,\n entitiesUpdates: {\n entity: EncryptedEntityStub\n dataForDelegates: {\n [delegateId: string]: {\n shareSecretIds?: string[]\n shareEncryptionKeys?: string[]\n shareOwningEntityIds?: string[]\n requestedPermissions: RequestedPermissionEnum\n }\n }\n }[],\n doRequestBulkShareOrUpdate: (request: {\n [entityId: string]: { [requestId: string]: EntityShareOrMetadataUpdateRequest }\n }) => Promise<EntityBulkShareResult<T>[]>\n ): Promise<{\n updatedEntities: T[]\n unmodifiedEntitiesIds: string[]\n updateErrors: {\n entityId: string\n delegateId: string\n request?: {\n shareSecretIds?: string[]\n shareEncryptionKeys?: string[]\n shareOwningEntityIds?: string[]\n requestedPermissions: RequestedPermissionEnum\n }\n updatedForMigration: boolean\n code?: number\n reason?: string\n }[]\n }> {\n const { allRequestsByEntityId, orderedRequestsInfoByEntityId, unmodifiedEntitiesIds } = await this.prepareBulkShareRequests(\n entitiesType,\n entitiesUpdates\n )\n const results = await doRequestBulkShareOrUpdate(allRequestsByEntityId)\n const updatedEntities: T[] = []\n const updateErrors: {\n entityId: string\n delegateId: string\n request?: {\n shareSecretIds?: string[]\n shareEncryptionKeys?: string[]\n shareOwningEntityIds?: string[]\n requestedPermissions: RequestedPermissionEnum\n }\n updatedForMigration: boolean\n code?: number\n reason?: string\n }[] = []\n for (const result of results) {\n if (result.updatedEntity) {\n updatedEntities.push(result.updatedEntity)\n }\n for (const [errorRequestId, error] of Object.entries(result.rejectedRequests ?? {})) {\n const requestIndex = Number(errorRequestId)\n const { delegateId, request, updatedForMigration } = orderedRequestsInfoByEntityId[result.entityId][requestIndex]\n updateErrors.push({\n entityId: result.entityId,\n delegateId,\n request,\n updatedForMigration,\n code: error.code,\n reason: error.reason,\n })\n }\n }\n // TODO implement auto-retry for failed requests if the shouldRetry flag in result.rejectedRequests is set to true\n return {\n updatedEntities,\n updateErrors,\n unmodifiedEntitiesIds,\n }\n }\n\n async bulkShareOrUpdateEncryptedEntityMetadataNoEntities(\n entitiesType: EntityWithDelegationTypeName,\n entitiesUpdates: {\n entity: EncryptedEntityStub\n dataForDelegates: {\n [delegateId: string]: {\n shareSecretIds: string[]\n shareEncryptionKeys: string[]\n shareOwningEntityIds: string[]\n requestedPermissions: EntityShareRequest.RequestedPermissionEnum\n }\n }\n }[],\n doRequestBulkShareOrUpdate: (request: {\n [p: string]: { [p: string]: EntityShareOrMetadataUpdateRequest }\n }) => Promise<MinimalEntityBulkShareResult[]>\n ): Promise<{\n unmodifiedEntitiesIds: string[]\n successfulUpdates: { entityId: string; delegateId: string }[]\n updateErrors: {\n entityId: string\n delegateId: string\n request?: {\n shareSecretIds?: string[]\n shareEncryptionKeys?: string[]\n shareOwningEntityIds?: string[]\n requestedPermissions: EntityShareRequest.RequestedPermissionEnum\n }\n updatedForMigration: boolean\n code?: number\n reason?: string\n }[]\n }> {\n const { allRequestsByEntityId, orderedRequestsInfoByEntityId, unmodifiedEntitiesIds } = await this.prepareBulkShareRequests(\n entitiesType,\n entitiesUpdates\n )\n const results = await doRequestBulkShareOrUpdate(allRequestsByEntityId)\n const updateErrors: {\n entityId: string\n delegateId: string\n request?: {\n shareSecretIds?: string[]\n shareEncryptionKeys?: string[]\n shareOwningEntityIds?: string[]\n requestedPermissions: RequestedPermissionEnum\n }\n updatedForMigration: boolean\n code?: number\n reason?: string\n }[] = []\n for (const result of results) {\n for (const [errorRequestId, error] of Object.entries(result.rejectedRequests ?? {})) {\n const requestIndex = Number(errorRequestId)\n const { delegateId, request, updatedForMigration } = orderedRequestsInfoByEntityId[result.entityId][requestIndex]\n updateErrors.push({\n entityId: result.entityId,\n delegateId,\n request,\n updatedForMigration,\n code: error.code,\n reason: error.reason,\n })\n }\n }\n const successfulRequests = Object.entries(allRequestsByEntityId)\n .flatMap(([entityId, requests]) => Object.keys(requests).map((delegateId) => ({ entityId, delegateId })))\n .filter(({ entityId, delegateId }) => !updateErrors.some((error) => error.entityId === entityId && error.delegateId === delegateId))\n return {\n successfulUpdates: successfulRequests,\n updateErrors,\n unmodifiedEntitiesIds,\n }\n }\n\n private async prepareBulkShareRequests(\n entitiesType: EntityWithDelegationTypeName,\n entitiesUpdates: {\n entity: EncryptedEntityStub\n dataForDelegates: {\n [delegateId: string]: {\n shareSecretIds?: string[]\n shareEncryptionKeys?: string[]\n shareOwningEntityIds?: string[]\n requestedPermissions: RequestedPermissionEnum\n }\n }\n }[]\n ): Promise<{\n unmodifiedEntitiesIds: string[]\n allRequestsByEntityId: { [entityId: string]: { [requestId: string]: EntityShareOrMetadataUpdateRequest } }\n orderedRequestsInfoByEntityId: {\n [entityId: string]: {\n delegateId: string\n request?: {\n shareSecretIds?: string[]\n shareEncryptionKeys?: string[]\n shareOwningEntityIds?: string[]\n requestedPermissions: RequestedPermissionEnum\n }\n updatedForMigration: boolean\n }[]\n }\n }> {\n if (new Set(entitiesUpdates.map((e) => e.entity.id)).size !== entitiesUpdates.length) {\n throw new Error('Duplicate requests: the same entity id is present more than once in the input')\n }\n const allRequestsByEntityId = {} as { [entityId: string]: { [requestId: string]: EntityShareOrMetadataUpdateRequest } }\n const orderedRequestsInfoByEntityId: {\n [entityId: string]: {\n delegateId: string\n request?: {\n shareSecretIds?: string[]\n shareEncryptionKeys?: string[]\n shareOwningEntityIds?: string[]\n requestedPermissions: RequestedPermissionEnum\n }\n updatedForMigration: boolean\n }[]\n } = {}\n const unmodifiedEntitiesIds: string[] = []\n for (const { entity, dataForDelegates } of entitiesUpdates) {\n const entityId = entity.id\n if (!entityId) throw new Error('Share of an entity requires for the entity to already exist and have an id')\n const entityWithType = { entity, type: entitiesType }\n const currentRequests = {} as { [requestId: string]: EntityShareOrMetadataUpdateRequest }\n const currentOrderedRequests: {\n delegateId: string\n request?: {\n shareSecretIds?: string[]\n shareEncryptionKeys?: string[]\n shareOwningEntityIds?: string[]\n requestedPermissions: RequestedPermissionEnum\n }\n updatedForMigration: boolean\n }[] = []\n const migrationRequests = await this.makeMigrationRequestsIfNeeded(entityWithType, dataForDelegates)\n for (const [delegate, request] of Object.entries(migrationRequests)) {\n currentRequests[String(currentOrderedRequests.length)] = request\n currentOrderedRequests.push({\n delegateId: delegate,\n request: dataForDelegates[delegate],\n updatedForMigration: true,\n })\n }\n for (const [delegate, userRequest] of Object.entries(dataForDelegates)) {\n if (!migrationRequests[delegate]) {\n const request = await this.secureDelegationsManager.makeShareOrUpdateRequestParams(\n entityWithType,\n delegate,\n userRequest.shareSecretIds ?? [],\n userRequest.shareEncryptionKeys ?? [],\n userRequest.shareOwningEntityIds ?? [],\n userRequest.requestedPermissions\n )\n if (request) {\n currentRequests[String(currentOrderedRequests.length)] = request\n currentOrderedRequests.push({\n delegateId: delegate,\n request: userRequest,\n updatedForMigration: false,\n })\n }\n }\n }\n if (Object.keys(currentRequests).length > 0) {\n allRequestsByEntityId[entityId] = currentRequests\n orderedRequestsInfoByEntityId[entityId] = currentOrderedRequests\n } else {\n unmodifiedEntitiesIds.push(entityId)\n }\n }\n return { unmodifiedEntitiesIds, allRequestsByEntityId, orderedRequestsInfoByEntityId }\n }\n\n async simpleShareOrUpdateEncryptedEntityMetadata<T extends EncryptedEntityStub>(\n entity: { entity: T; type: EntityWithDelegationTypeName },\n unusedSecretIds: boolean,\n delegates: {\n [delegateId: string]: {\n shareSecretIds: string[] | undefined\n shareEncryptionKeys: ShareMetadataBehaviour | undefined\n shareOwningEntityIds: ShareMetadataBehaviour | undefined\n requestedPermissions: RequestedPermissionEnum | undefined\n }\n },\n doRequestBulkShareOrUpdate: (request: { [p: string]: { [p: string]: EntityShareOrMetadataUpdateRequest } }) => Promise<EntityBulkShareResult<T>[]>\n ): Promise<ShareResult<T>> {\n const availableEncryptionKeys = await this.encryptionKeysOf(entity)\n const availableOwningEntityIds = await this.owningEntityIdsOf(entity)\n let availableSecretIds: string[] | undefined\n if (unusedSecretIds) {\n availableSecretIds = await this.secretIdsOf(entity)\n }\n const dataForDelegates: {\n [delegateId: string]: {\n shareSecretIds: string[]\n shareEncryptionKeys: string[]\n shareOwningEntityIds: string[]\n requestedPermissions: RequestedPermissionEnum\n }\n } = {}\n for (const [delegateId, delegateRequests] of Object.entries(delegates)) {\n if (!availableEncryptionKeys.length && delegateRequests.shareEncryptionKeys === ShareMetadataBehaviour.REQUIRED) {\n throw new Error(\n `Entity ${JSON.stringify(\n entity\n )} has no encryption keys or the current data owner can't access any encryption keys, but sharing is required.`\n )\n }\n if (!availableOwningEntityIds.length && delegateRequests.shareOwningEntityIds === ShareMetadataBehaviour.REQUIRED) {\n throw new Error(\n `Entity ${JSON.stringify(\n entity\n )} has no owning entity ids or the current data owner can't access any owning entity ids, but sharing is required.`\n )\n }\n if (!delegateRequests.shareSecretIds && !unusedSecretIds) {\n throw new Error(`Share secret ids parameter is mandatory for entities of type ${entity.type}.`)\n } else if (delegateRequests.shareSecretIds && unusedSecretIds) {\n throw new Error(`Share secret ids parameter must not be unused with entities of type ${entity.type}.`)\n }\n dataForDelegates[delegateId] = {\n shareSecretIds: delegateRequests.shareSecretIds ?? availableSecretIds!,\n shareEncryptionKeys: delegateRequests.shareEncryptionKeys === ShareMetadataBehaviour.NEVER ? [] : availableEncryptionKeys,\n shareOwningEntityIds: delegateRequests.shareOwningEntityIds === ShareMetadataBehaviour.NEVER ? [] : availableOwningEntityIds,\n requestedPermissions: delegateRequests.requestedPermissions ?? RequestedPermissionEnum.MAX_WRITE,\n }\n }\n const shareResult = await this.bulkShareOrUpdateEncryptedEntityMetadata(\n entity.type,\n [\n {\n entity: entity.entity,\n dataForDelegates,\n },\n ],\n (x) => doRequestBulkShareOrUpdate(x)\n )\n if (shareResult.unmodifiedEntitiesIds.includes(entity.entity.id!)) {\n return new ShareResultSuccess(entity.entity)\n }\n if (!shareResult.updateErrors.length && shareResult.updatedEntities.length === 1) {\n return new ShareResultSuccess(shareResult.updatedEntities[0])\n }\n const requestedDelegates = new Set(Object.keys(delegates))\n const errorsOfRequestedDelegates = shareResult.updateErrors.filter((x) => requestedDelegates.has(x.delegateId))\n if (errorsOfRequestedDelegates.length === 0 && shareResult.updatedEntities.length === 1) {\n console.warn(`Errors with migration of encrypted metadata ${JSON.stringify(shareResult.updateErrors)}.`)\n return new ShareResultSuccess(shareResult.updatedEntities[0])\n }\n return new ShareResultFailure(\n shareResult.updateErrors,\n `There was an error sharing entity with id ${entity.entity.id}. Check the logs for more details.`\n )\n }\n\n private async makeMigrationRequestsIfNeeded(\n entity: EncryptedEntityWithType,\n userRequestsForEntity: {\n [delegateId: string]: {\n shareSecretIds?: string[]\n shareEncryptionKeys?: string[]\n shareOwningEntityIds?: string[]\n requestedPermissions: RequestedPermissionEnum\n }\n }\n ): Promise<{ [delegateId: string]: EntityShareOrMetadataUpdateRequest }> {\n const hierarchy = await this.dataOwnerApi.getCurrentDataOwnerHierarchyIds()\n const legacySecretIds = await asyncGeneratorToArray(this.legacyDelMetadataDecryptor.decryptSecretIdsOf(entity, hierarchy))\n const legacyEncryptionKeys = await asyncGeneratorToArray(this.legacyDelMetadataDecryptor.decryptEncryptionKeysOf(entity, hierarchy))\n const legacyOwningEntityIds = await asyncGeneratorToArray(this.legacyDelMetadataDecryptor.decryptOwningEntityIdsOf(entity, hierarchy))\n const res = {} as { [delegateId: string]: EntityShareOrMetadataUpdateRequest }\n for (const hierarchyMember of hierarchy) {\n const hierarchyMemberMigration = await this.makeMigrationRequestForMemberOfHierarchy(\n entity,\n hierarchyMember,\n userRequestsForEntity[hierarchyMember],\n legacySecretIds,\n legacyEncryptionKeys,\n legacyOwningEntityIds\n )\n if (hierarchyMemberMigration) {\n res[hierarchyMember] = hierarchyMemberMigration\n }\n }\n return res\n }\n\n private async makeMigrationRequestForMemberOfHierarchy(\n entity: EncryptedEntityWithType,\n dataOwnerId: string,\n userRequestForDelegate:\n | {\n shareSecretIds?: string[]\n shareEncryptionKeys?: string[]\n shareOwningEntityIds?: string[]\n requestedPermissions: RequestedPermissionEnum\n }\n | undefined,\n legacySecretIds: { decrypted: string; dataOwnersWithAccess: string[] }[],\n legacyEncryptionKeys: { decrypted: string; dataOwnersWithAccess: string[] }[],\n legacyOwningEntityIds: { decrypted: string; dataOwnersWithAccess: string[] }[]\n ): Promise<EntityShareOrMetadataUpdateRequest | undefined> {\n const selfId = await this.dataOwnerApi.getCurrentDataOwnerId()\n const legacyAccess =\n selfId === entity.entity.id && dataOwnerId === selfId\n ? AccessLevel.WRITE\n : await this.legacyDelMetadataDecryptor.getEntityAccessLevel(entity, [dataOwnerId])\n if (!legacyAccess) return undefined\n const selfLegacySecretIds = legacySecretIds.filter((x) => x.dataOwnersWithAccess.includes(dataOwnerId)).map((x) => x.decrypted)\n const selfLegacyEncryptionKeys = legacyEncryptionKeys.filter((x) => x.dataOwnersWithAccess.includes(dataOwnerId)).map((x) => x.decrypted)\n const selfLegacyOwningEntityIds = legacyOwningEntityIds.filter((x) => x.dataOwnersWithAccess.includes(dataOwnerId)).map((x) => x.decrypted)\n const currentAccess = await this.secDelMetadataDecryptor.getEntityAccessLevel(entity, [dataOwnerId])\n const needsImprovedAccess = legacyAccess === AccessLevel.WRITE && currentAccess !== AccessLevel.WRITE // Only applies to legacy delegations to secure delegations migration: may change if in future we need to migrate from legacy delegations to secure delegations\n let missingSecretIds: string[] = []\n let missingEncryptionKeys: string[] = []\n let missingOwningEntityIds: string[] = []\n if (selfLegacySecretIds.length > 0) {\n const currentSecretIds = new Set(\n (await asyncGeneratorToArray(this.secDelMetadataDecryptor.decryptSecretIdsOf(entity, [dataOwnerId]))).map((x) => x.decrypted)\n )\n missingSecretIds = selfLegacySecretIds.filter((x) => !currentSecretIds.has(x))\n }\n if (selfLegacyEncryptionKeys.length > 0) {\n const currentEncryptionKeys = new Set(\n (await asyncGeneratorToArray(this.secDelMetadataDecryptor.decryptEncryptionKeysOf(entity, [dataOwnerId]))).map((x) => x.decrypted)\n )\n missingEncryptionKeys = selfLegacyEncryptionKeys.filter((x) => !currentEncryptionKeys.has(x))\n }\n if (selfLegacyOwningEntityIds.length > 0) {\n const currentOwningEntityIds = new Set(\n (await asyncGeneratorToArray(this.secDelMetadataDecryptor.decryptOwningEntityIdsOf(entity, [dataOwnerId]))).map((x) => x.decrypted)\n )\n missingOwningEntityIds = selfLegacyOwningEntityIds.filter((x) => !currentOwningEntityIds.has(x))\n }\n if (needsImprovedAccess || missingSecretIds.length > 0 || missingEncryptionKeys.length > 0 || missingOwningEntityIds.length > 0) {\n let requestedPermissions: RequestedPermissionInternal\n if (dataOwnerId === selfId && needsImprovedAccess) {\n requestedPermissions = RequestedPermissionInternal.ROOT\n } else if (legacyAccess === AccessLevel.WRITE) {\n requestedPermissions = RequestedPermissionInternal.FULL_WRITE\n } else {\n requestedPermissions = userRequestForDelegate?.requestedPermissions ?? RequestedPermissionInternal.FULL_READ\n }\n return await this.secureDelegationsManager.makeShareOrUpdateRequestParams(\n entity,\n dataOwnerId,\n Array.from(new Set([...missingSecretIds, ...(userRequestForDelegate?.shareSecretIds ?? [])])),\n Array.from(new Set([...missingEncryptionKeys, ...(userRequestForDelegate?.shareEncryptionKeys ?? [])])),\n Array.from(new Set([...missingOwningEntityIds, ...(userRequestForDelegate?.shareOwningEntityIds ?? [])])),\n requestedPermissions\n )\n } else return undefined\n }\n\n async tryDecryptDataOf(\n entity: EncryptedEntityWithType,\n content: ArrayBuffer | Uint8Array,\n validator: (decryptedData: ArrayBuffer) => Promise<boolean> | undefined\n ): Promise<{ data: ArrayBuffer; wasDecrypted: boolean }> {\n const decryptedKeys = this.allSecurityMetadataDecryptor.decryptEncryptionKeysOf(entity, [await this.dataOwnerApi.getCurrentDataOwnerId()])\n const triedKeys: Set<string> = new Set()\n let latest = await decryptedKeys.next()\n while (!latest.done) {\n if (!triedKeys.has(latest.value.decrypted)) {\n triedKeys.add(latest.value.decrypted)\n try {\n const decrypted = await this.primitives.AES.decryptWithRawKey(latest.value.decrypted, content)\n if (!validator || (await validator(decrypted))) return { data: decrypted, wasDecrypted: true }\n } catch (e) {\n console.warn(`Error while decrypting with raw key ${latest.value}: ${e}`)\n }\n }\n latest = await decryptedKeys.next()\n }\n return { data: content, wasDecrypted: false }\n }\n\n async encryptDataOf<T extends EncryptedEntityStub>(\n entity: T,\n type: EntityWithDelegationTypeName,\n content: ArrayBuffer | Uint8Array,\n saveEntity: (entity: T) => Promise<T>\n ): Promise<{ encryptedData: ArrayBuffer; updatedEntity: T | undefined }> {\n const ensureInitialisedKeysResult = await this.ensureEncryptionKeysInitialised(entity, type)\n let updatedEntity: T | undefined\n if (!!ensureInitialisedKeysResult) {\n updatedEntity = await saveEntity(ensureInitialisedKeysResult)\n }\n const decryptedKeys = this.allSecurityMetadataDecryptor.decryptEncryptionKeysOf({ entity: updatedEntity ?? entity, type }, [\n await this.dataOwnerApi.getCurrentDataOwnerId(),\n ])\n let latest = await decryptedKeys.next()\n while (!latest.done) {\n try {\n return { encryptedData: await this.primitives.AES.encryptWithRawKey(latest.value.decrypted, content), updatedEntity: updatedEntity }\n } catch (e) {\n console.warn(`Error while encrypting with raw key ${latest.value}: ${e}`)\n }\n latest = await decryptedKeys.next()\n }\n throw new Error(`Could not extract any valid encryption keys for entity ${JSON.stringify(entity)}.`)\n }\n\n async decryptEntity<T extends EncryptedEntity>(\n entity: T,\n entityType: EntityWithDelegationTypeName,\n constructor: (json: any) => T\n ): Promise<{ entity: T; decrypted: boolean }> {\n if (!entity.encryptedSelf) return { entity, decrypted: true }\n const encryptionKeys = await this.decryptAndImportAllDecryptionKeys({ entity: entity, type: entityType })\n if (!encryptionKeys.length) return { entity, decrypted: false }\n return {\n entity: constructor(\n await decryptObject(entity, async (encrypted) => {\n return (await this.tryDecryptJson(encryptionKeys, encrypted, false)) ?? {}\n })\n ),\n decrypted: true,\n }\n }\n\n async tryDecryptJson(\n potentialKeys: { key: CryptoKey; raw: string }[],\n encrypted: Uint8Array,\n truncateTrailingDecryptedNulls: boolean\n ): Promise<{} | undefined> {\n for (const key of potentialKeys) {\n try {\n const decrypted = (await this.primitives.AES.decrypt(key.key, encrypted, key.raw)) ?? encrypted\n return JSON.parse(ua2utf8(truncateTrailingDecryptedNulls ? truncateTrailingNulls(new Uint8Array(decrypted)) : decrypted))\n } catch (e) {}\n }\n return undefined\n }\n\n async tryEncryptEntity<T extends EncryptedEntity>(\n entity: T,\n entityType: EntityWithDelegationTypeName,\n fieldsToEncrypt: EncryptedFieldsManifest,\n encodeBinaryData: boolean,\n requireEncryption: boolean,\n constructor: (json: any) => T\n ): Promise<T> {\n const entityWithInitialisedEncryptionKeys = await this.ensureEncryptionKeysInitialised(entity, entityType)\n const updatedEntity = entityWithInitialisedEncryptionKeys ? entityWithInitialisedEncryptionKeys : entity\n const encryptionKey = await this.tryImportFirstValidKey({ entity, type: entityType })\n if (!!encryptionKey) {\n return constructor(\n await encryptObject(\n updatedEntity,\n (obj) => {\n // TODO should encoding of binary data should probably be applied to everything?\n const json = encodeBinaryData\n ? JSON.stringify(obj, (k, v) => {\n return v instanceof ArrayBuffer || ArrayBuffer.isView(v)\n ? b2a(new Uint8Array(v as ArrayBufferLike).reduce((d, b) => d + String.fromCharCode(b), ''))\n : v\n })\n : JSON.stringify(obj)\n return this.primitives.AES.encrypt(encryptionKey.key, utf8_2ua(json), encryptionKey.raw)\n },\n fieldsToEncrypt,\n entityType\n )\n )\n } else if (requireEncryption) {\n throw new Error(`No key found for encryption of entity ${entity}`)\n } else {\n await encryptObject(\n entity,\n async (obj: { [key: string]: any }) => {\n const hasNonEmptyValues = Object.values(obj).some(\n (v) => v !== undefined && (typeof v !== 'object' || (Array.isArray(v) && v.length > 0) || Object.keys(v).length > 0)\n )\n if (hasNonEmptyValues) {\n throw new Error(\n `Impossible to modify encrypted content of an entity if no encryption key is known.\\nEntity: ${JSON.stringify(\n entity\n )}\\nTo encrypt: ${JSON.stringify(obj)}`\n )\n }\n return Promise.resolve(new ArrayBuffer(1))\n },\n fieldsToEncrypt,\n 'entity'\n )\n return entity\n }\n }\n\n async ensureEncryptionKeysInitialised<T extends EncryptedEntity>(entity: T, entityType: EntityWithDelegationTypeName): Promise<T | undefined> {\n if (this.allSecurityMetadataDecryptor.hasAnyEncryptionKeys(entity)) return undefined\n if (!entity.rev) {\n throw new Error(\n 'New encrypted entity is lacking encryption metadata. ' +\n 'Please instantiate new entities using the `newInstance` method from the respective extended api.'\n )\n }\n /*\n * Add encryption key and share with all auto-delegates already in legacy delegations.\n * TODO disable this logic and simply throw error for post-2018 customers.\n */\n const existingDelegations = new Set(Object.keys(entity.delegations ?? {}))\n const usersWithAccessToNewKey = Object.fromEntries(\n Object.values((await this.userApi.getCurrentUser()).autoDelegations ?? {})\n .flatMap((x) => x)\n .filter((x) => existingDelegations.has(x))\n .map((x) => [x, AccessLevelEnum.WRITE])\n )\n return await this.secureDelegationsManager.entityWithInitialisedEncryptedMetadata(\n {\n ...entity,\n secretForeignKeys: entity.secretForeignKeys ?? [],\n },\n entityType,\n [],\n [],\n [await this.primitives.AES.generateCryptoKey(true)],\n usersWithAccessToNewKey\n )\n }\n\n private async decryptHierarchy(\n entity: EncryptedEntityWithType,\n decryptedDataGeneratorProvider: (\n entityWithType: EncryptedEntityWithType,\n dataOwners: string[]\n ) => AsyncGenerator<{ decrypted: string; dataOwnersWithAccess: string[] }, void, never>\n ): Promise<{ ownerId: string; extracted: string[] }[]> {\n const canDecryptOwnerIds = this.useParentKeys\n ? await this.dataOwnerApi.getCurrentDataOwnerHierarchyIds()\n : [await this.dataOwnerApi.getCurrentDataOwnerId()]\n const decryptedData = await asyncGeneratorToArray(decryptedDataGeneratorProvider(entity, canDecryptOwnerIds))\n return canDecryptOwnerIds.map((ownerId) => {\n const extracted = this.deduplicate(decryptedData.filter((x) => x.dataOwnersWithAccess.some((o) => o === ownerId)).map((x) => x.decrypted))\n return { ownerId, extracted }\n })\n }\n\n private async decryptAndMergeHierarchy(\n entity: EncryptedEntityWithType,\n dataOwnerId: string | undefined,\n decryptedDataGeneratorProvider: (\n entityWithType: EncryptedEntityWithType,\n dataOwners: string[]\n ) => AsyncGenerator<{ decrypted: string; dataOwnersWithAccess: string[] }, void, never>\n ): Promise<string[]> {\n const hierarchy = this.useParentKeys\n ? dataOwnerId\n ? await this.dataOwnerApi.getCurrentDataOwnerHierarchyIdsFrom(dataOwnerId)\n : await this.dataOwnerApi.getCurrentDataOwnerHierarchyIds()\n : [dataOwnerId ?? (await this.dataOwnerApi.getCurrentDataOwnerId())]\n const decryptedData = await asyncGeneratorToArray(decryptedDataGeneratorProvider(entity, hierarchy))\n return this.deduplicate(decryptedData.map((x) => x.decrypted))\n }\n\n private async tryImportKey(key: string): Promise<CryptoKey | undefined> {\n if (!/^[0-9A-Fa-f\\-]+$/g.test(key)) return undefined\n try {\n return await this.primitives.AES.importKey('raw', hex2ua(key.replace(/-/g, '')))\n } catch (e) {\n console.warn(`Could not import key ${key} as an encryption key.`, e)\n return undefined\n }\n }\n\n async decryptAndImportAllDecryptionKeys(entity: EncryptedEntityWithType): Promise<{ key: CryptoKey; raw: string }[]> {\n const keys = this.allSecurityMetadataDecryptor.hasAnyEncryptionKeys(entity.entity)\n ? await this.encryptionKeysOf(entity)\n : this.deduplicate(\n await asyncGeneratorToArray(\n this.legacyDelMetadataDecryptor.decryptSecretIdsOf(entity, await this.dataOwnerApi.getCurrentDataOwnerHierarchyIds())\n ).then((secretIdsInfo) => secretIdsInfo.map(({ decrypted }) => decrypted))\n )\n const res = []\n for (const key of keys) {\n const imported = await this.tryImportKey(key)\n if (imported) res.push({ key: imported, raw: key })\n }\n return res\n }\n\n async decryptAndImportAnyEncryptionKey(entity: EncryptedEntityWithType): Promise<{ key: CryptoKey; raw: string }> {\n const res = await this.tryImportFirstValidKey(entity)\n if (!res) throw new Error(`Could not find any valid key for entity ${entity.entity.id} (${entity.type}).`)\n return res\n }\n\n private async tryImportFirstValidKey(entity: EncryptedEntityWithType): Promise<{ key: CryptoKey; raw: string } | undefined> {\n const generator = this.allSecurityMetadataDecryptor.decryptEncryptionKeysOf(entity, await this.dataOwnerApi.getCurrentDataOwnerHierarchyIds())\n let latest = await generator.next()\n while (!latest.done) {\n const imported = await this.tryImportKey(latest.value.decrypted)\n if (imported) return { key: imported, raw: latest.value.decrypted }\n latest = await generator.next()\n }\n return undefined\n }\n\n private deduplicate<T>(values: T[]): T[] {\n return [...new Set(values)]\n }\n\n private throwDetailedExceptionForInvalidParameter(argName: string, argValue: any, methodName: string, methodArgs: IArguments) {\n if (argValue) return\n\n let details = '\\nMethod name: icc-crypto-x-api.' + methodName + '()\\nArguments:'\n\n if (methodArgs) {\n try {\n const argsArray = [...methodArgs]\n argsArray.forEach((arg, index) => (details += '\\n[' + index + ']: ' + JSON.stringify(arg)))\n } catch (ex) {\n details += '; a problem occured while logging arguments details: ' + ex\n }\n }\n\n throw new Error('### THIS SHOULD NOT HAPPEN: ' + argName + ' has an invalid value: ' + argValue + details)\n }\n\n private checkEmptyEncryptionMetadata(entity: EncryptedEntity) {\n this.doCheckEmptyEncryptionMetadata(entity, true)\n }\n\n hasEmptyEncryptionMetadata(entity: EncryptedEntity): boolean {\n return this.doCheckEmptyEncryptionMetadata(entity, false)\n }\n\n private doCheckEmptyEncryptionMetadata(entity: EncryptedEntity, throwErrorIfNonEmpty: boolean): boolean {\n const existingMetadata = []\n if (entity.delegations && Object.keys(entity.delegations).length) existingMetadata.push('delegations')\n if (entity.cryptedForeignKeys && Object.keys(entity.cryptedForeignKeys).length) existingMetadata.push('cryptedForeignKeys')\n if (entity.encryptionKeys && Object.keys(entity.encryptionKeys).length) existingMetadata.push('encryptionKeys')\n if (entity.secretForeignKeys && entity.secretForeignKeys.length) existingMetadata.push('secretForeignKeys')\n if (entity.securityMetadata && Object.keys(entity.securityMetadata).length) existingMetadata.push('securityMetadata')\n if (existingMetadata.length > 0) {\n if (throwErrorIfNonEmpty) {\n throw new Error(\n `Entity should have no encryption metadata on initialisation, but the following fields already have some values: ${existingMetadata}\\n` +\n JSON.stringify(entity, undefined, 2)\n )\n } else return false\n }\n return true\n }\n}\n"]}
|
|
@@ -2,6 +2,7 @@ import { IccDataOwnerXApi } from '../icc-data-owner-x-api';
|
|
|
2
2
|
import { KeyPair } from './RSA';
|
|
3
3
|
import { CryptoPrimitives } from './CryptoPrimitives';
|
|
4
4
|
import { BaseExchangeKeysManager } from './BaseExchangeKeysManager';
|
|
5
|
+
import { BaseExchangeDataManager } from './BaseExchangeDataManager';
|
|
5
6
|
import { DataOwnerWithType } from '../../icc-api/model/DataOwnerWithType';
|
|
6
7
|
/**
|
|
7
8
|
* @internal this class is intended only for internal use and may be changed without notice.
|
|
@@ -9,9 +10,10 @@ import { DataOwnerWithType } from '../../icc-api/model/DataOwnerWithType';
|
|
|
9
10
|
*/
|
|
10
11
|
export declare class KeyRecovery {
|
|
11
12
|
private readonly primitives;
|
|
12
|
-
private readonly baseExchangeKeysManager;
|
|
13
13
|
private readonly dataOwnerApi;
|
|
14
|
-
|
|
14
|
+
private readonly baseExchangeKeysManager;
|
|
15
|
+
private readonly baseExchangeDataManager;
|
|
16
|
+
constructor(primitives: CryptoPrimitives, dataOwnerApi: IccDataOwnerXApi, baseExchangeKeysManager: BaseExchangeKeysManager, baseExchangeDataManager: BaseExchangeDataManager);
|
|
15
17
|
/**
|
|
16
18
|
* Attempt to recover private keys of a data owner using all available key recovery methods and all available private keys. The method will
|
|
17
19
|
* automatically try to use newly recovered key pairs to recover additional key pairs.
|
|
@@ -32,4 +34,5 @@ export declare class KeyRecovery {
|
|
|
32
34
|
private recoverFromTransferKeys;
|
|
33
35
|
private tryDecryptTransferData;
|
|
34
36
|
private tryDecryptTransferKey;
|
|
37
|
+
private getExchangeKeys;
|
|
35
38
|
}
|
|
@@ -17,11 +17,22 @@ const utils_2 = require("./utils");
|
|
|
17
17
|
*
|
|
18
18
|
*/
|
|
19
19
|
class KeyRecovery {
|
|
20
|
-
constructor(primitives, baseExchangeKeysManager,
|
|
20
|
+
constructor(primitives, dataOwnerApi, baseExchangeKeysManager, baseExchangeDataManager) {
|
|
21
21
|
this.primitives = primitives;
|
|
22
|
-
this.baseExchangeKeysManager = baseExchangeKeysManager;
|
|
23
22
|
this.dataOwnerApi = dataOwnerApi;
|
|
23
|
+
this.baseExchangeKeysManager = baseExchangeKeysManager;
|
|
24
|
+
this.baseExchangeDataManager = baseExchangeDataManager;
|
|
24
25
|
}
|
|
26
|
+
/*TODO
|
|
27
|
+
* Currently there is no support for the recovery of signature keys. When implementing a recovery solution we should consider:
|
|
28
|
+
* - unlike decryption keys signature keys are completely useless if not verified.
|
|
29
|
+
* - we are fine losing the signature private key, but if we could recover and verify the public key it would reduce the inconveniences on user and
|
|
30
|
+
* limit the creation of new exchange data
|
|
31
|
+
* - We can't guarantee that encrypted data in iCure was put there by us... unless we put a piece of the private key as well: we can save an
|
|
32
|
+
* hash of (any verification public key + any encryption private key) in the data owner: only the owner of the private key can create this hash,
|
|
33
|
+
* so if the data owner can recreate the hash with one of his recovered and verified encryption private keys then the signature public key will
|
|
34
|
+
* for sure be safe as well.
|
|
35
|
+
*/
|
|
25
36
|
/**
|
|
26
37
|
* Attempt to recover private keys of a data owner using all available key recovery methods and all available private keys. The method will
|
|
27
38
|
* automatically try to use newly recovered key pairs to recover additional key pairs.
|
|
@@ -31,9 +42,12 @@ class KeyRecovery {
|
|
|
31
42
|
*/
|
|
32
43
|
recoverKeys(dataOwner, knownKeys) {
|
|
33
44
|
return __awaiter(this, void 0, void 0, function* () {
|
|
34
|
-
const selfPublicKeys = Array.from(
|
|
45
|
+
const selfPublicKeys = Array.from([
|
|
46
|
+
...this.dataOwnerApi.getHexPublicKeysWithSha1Of(dataOwner.dataOwner),
|
|
47
|
+
...this.dataOwnerApi.getHexPublicKeysWithSha256Of(dataOwner.dataOwner),
|
|
48
|
+
]);
|
|
35
49
|
const knownKeysFpSet = new Set(Object.keys(knownKeys));
|
|
36
|
-
const missingKeysFpSet = new Set(selfPublicKeys.map((x) =>
|
|
50
|
+
const missingKeysFpSet = new Set(selfPublicKeys.map((x) => (0, utils_2.fingerprintV1)(x)).filter((x) => !knownKeysFpSet.has(x)));
|
|
37
51
|
const recoveryFunctions = [this.recoverFromTransferKeys.bind(this), this.recoverFromShamirSplitKeys.bind(this)];
|
|
38
52
|
let allPrivateKeys = Object.assign({}, knownKeys);
|
|
39
53
|
let foundNewPrivateKeys = true;
|
|
@@ -75,8 +89,7 @@ class KeyRecovery {
|
|
|
75
89
|
const delegatesOfSplits = Array.from(new Set(Object.entries(shamirSplits).flatMap(([splitKeyFp, splitKeyData]) => (missingKeysFp.has(splitKeyFp) ? Object.keys(splitKeyData) : []))));
|
|
76
90
|
const exchangeKeys = {};
|
|
77
91
|
for (const delegate of delegatesOfSplits) {
|
|
78
|
-
|
|
79
|
-
exchangeKeys[delegate] = (yield this.baseExchangeKeysManager.tryDecryptExchangeKeys(currExchangeKeys, allKeys)).successfulDecryptions;
|
|
92
|
+
exchangeKeys[delegate] = yield this.getExchangeKeys(selfId, delegate, allKeys);
|
|
80
93
|
}
|
|
81
94
|
return yield this.recoverWithSplits(dataOwner, shamirSplits, exchangeKeys);
|
|
82
95
|
}
|
|
@@ -85,21 +98,22 @@ class KeyRecovery {
|
|
|
85
98
|
});
|
|
86
99
|
}
|
|
87
100
|
recoverWithSplits(dataOwner, splits, exchangeKeys) {
|
|
101
|
+
var _a;
|
|
88
102
|
return __awaiter(this, void 0, void 0, function* () {
|
|
89
103
|
const res = {};
|
|
90
|
-
const keysByFp = (0, utils_2.fingerprintToPublicKeysMapOf)(dataOwner.dataOwner);
|
|
104
|
+
const keysByFp = (0, utils_2.fingerprintToPublicKeysMapOf)(dataOwner.dataOwner, 'sha-1');
|
|
105
|
+
const keysByFpWithSha256 = (0, utils_2.fingerprintToPublicKeysMapOf)(dataOwner.dataOwner, 'sha-256');
|
|
91
106
|
for (const [fp, split] of Object.entries(splits)) {
|
|
92
|
-
const
|
|
93
|
-
|
|
94
|
-
|
|
95
|
-
|
|
96
|
-
|
|
97
|
-
|
|
98
|
-
else {
|
|
107
|
+
const pub = (_a = keysByFp[fp]) !== null && _a !== void 0 ? _a : keysByFpWithSha256[fp];
|
|
108
|
+
const shaVersion = !!pub && !!keysByFp[fp] ? 'sha-1' : !!pub && !!keysByFpWithSha256[fp] ? 'sha-256' : undefined;
|
|
109
|
+
if (!!pub && !!shaVersion) {
|
|
110
|
+
const recovered = yield this.tryRecoverSplitPrivate(split, exchangeKeys, shaVersion);
|
|
111
|
+
if (recovered) {
|
|
112
|
+
const pub = keysByFp[fp];
|
|
99
113
|
try {
|
|
100
114
|
res[fp] = {
|
|
101
115
|
privateKey: recovered,
|
|
102
|
-
publicKey: yield this.primitives.RSA.importKey('spki', (0, utils_1.hex2ua)(pub), ['encrypt']),
|
|
116
|
+
publicKey: yield this.primitives.RSA.importKey('spki', (0, utils_1.hex2ua)(pub), ['encrypt'], shaVersion),
|
|
103
117
|
};
|
|
104
118
|
}
|
|
105
119
|
catch (e) {
|
|
@@ -107,11 +121,14 @@ class KeyRecovery {
|
|
|
107
121
|
}
|
|
108
122
|
}
|
|
109
123
|
}
|
|
124
|
+
else {
|
|
125
|
+
console.warn(`Missing public key for fingerprint ${fp} of recovered shamir key.`);
|
|
126
|
+
}
|
|
110
127
|
}
|
|
111
128
|
return res;
|
|
112
129
|
});
|
|
113
130
|
}
|
|
114
|
-
tryRecoverSplitPrivate(split, exchangeKeys) {
|
|
131
|
+
tryRecoverSplitPrivate(split, exchangeKeys, shaVersion) {
|
|
115
132
|
var _a;
|
|
116
133
|
return __awaiter(this, void 0, void 0, function* () {
|
|
117
134
|
const splitsCount = Object.keys(split).length;
|
|
@@ -121,7 +138,7 @@ class KeyRecovery {
|
|
|
121
138
|
for (const exchangeKey of (_a = exchangeKeys[delegate]) !== null && _a !== void 0 ? _a : []) {
|
|
122
139
|
try {
|
|
123
140
|
const decrypted = yield this.primitives.AES.decrypt(exchangeKey, (0, utils_1.hex2ua)(encryptedKey));
|
|
124
|
-
const importedKey = yield this.primitives.RSA.importKey('pkcs8', decrypted, ['decrypt']);
|
|
141
|
+
const importedKey = yield this.primitives.RSA.importKey('pkcs8', decrypted, ['decrypt'], shaVersion);
|
|
125
142
|
if (importedKey)
|
|
126
143
|
return importedKey;
|
|
127
144
|
}
|
|
@@ -138,7 +155,7 @@ class KeyRecovery {
|
|
|
138
155
|
}
|
|
139
156
|
try {
|
|
140
157
|
const combinedKey = (0, utils_1.hex2ua)(this.primitives.shamir.combine(decryptedSplits));
|
|
141
|
-
return yield this.primitives.RSA.importKey('pkcs8', combinedKey, ['decrypt']);
|
|
158
|
+
return yield this.primitives.RSA.importKey('pkcs8', combinedKey, ['decrypt'], shaVersion);
|
|
142
159
|
}
|
|
143
160
|
catch (e) {
|
|
144
161
|
// Could be not enough splits decrypted
|
|
@@ -179,11 +196,11 @@ class KeyRecovery {
|
|
|
179
196
|
recoverFromTransferKeys(dataOwner, allKeys, missingKeysFp) {
|
|
180
197
|
var _a;
|
|
181
198
|
return __awaiter(this, void 0, void 0, function* () {
|
|
182
|
-
const publicKeyFingerprintToPublicKey = (0, utils_2.fingerprintToPublicKeysMapOf)(dataOwner.dataOwner);
|
|
199
|
+
const publicKeyFingerprintToPublicKey = Object.assign(Object.assign({}, (0, utils_2.fingerprintToPublicKeysMapOf)(dataOwner.dataOwner, 'sha-1')), (0, utils_2.fingerprintToPublicKeysMapOf)(dataOwner.dataOwner, 'sha-256'));
|
|
183
200
|
const missingKeysTransferData = {};
|
|
184
201
|
Object.values((_a = dataOwner.dataOwner.transferKeys) !== null && _a !== void 0 ? _a : {}).forEach((transferKeysByEncryptor) => {
|
|
185
202
|
Object.entries(transferKeysByEncryptor).forEach(([transferToPublicKey, transferPrivateKeyEncrypted]) => {
|
|
186
|
-
const transferToPublicKeyFp =
|
|
203
|
+
const transferToPublicKeyFp = (0, utils_2.fingerprintV1)(transferToPublicKey); // We are not sure if transfer public key will be a fp or not
|
|
187
204
|
if (missingKeysFp.has(transferToPublicKeyFp)) {
|
|
188
205
|
const existingEntryValue = missingKeysTransferData[transferToPublicKeyFp];
|
|
189
206
|
if (existingEntryValue) {
|
|
@@ -204,26 +221,31 @@ class KeyRecovery {
|
|
|
204
221
|
}
|
|
205
222
|
});
|
|
206
223
|
});
|
|
207
|
-
const
|
|
224
|
+
const availableExchangeKeys = yield this.getExchangeKeys(dataOwner.dataOwner.id, dataOwner.dataOwner.id, allKeys);
|
|
208
225
|
return Object.entries(missingKeysTransferData).reduce((acc, [recoverableKeyPubFp, transferData]) => __awaiter(this, void 0, void 0, function* () {
|
|
209
226
|
const awaitedAcc = yield acc;
|
|
210
|
-
const
|
|
211
|
-
if (
|
|
212
|
-
|
|
227
|
+
const shaVersion = (0, utils_2.getShaVersionForKey)(dataOwner.dataOwner, transferData.publicKey);
|
|
228
|
+
if (!!shaVersion) {
|
|
229
|
+
const decryptedTransferData = yield this.tryDecryptTransferData(transferData, availableExchangeKeys, shaVersion);
|
|
230
|
+
if (decryptedTransferData != undefined) {
|
|
231
|
+
return Object.assign(Object.assign({}, awaitedAcc), { [recoverableKeyPubFp]: decryptedTransferData });
|
|
232
|
+
}
|
|
233
|
+
else
|
|
234
|
+
return awaitedAcc;
|
|
213
235
|
}
|
|
214
236
|
else
|
|
215
237
|
return awaitedAcc;
|
|
216
238
|
}), Promise.resolve({}));
|
|
217
239
|
});
|
|
218
240
|
}
|
|
219
|
-
tryDecryptTransferData(transferData, availableExchangeKeys) {
|
|
241
|
+
tryDecryptTransferData(transferData, availableExchangeKeys, shaVersion) {
|
|
220
242
|
return __awaiter(this, void 0, void 0, function* () {
|
|
221
243
|
for (const encryptedTransferKey of transferData.encryptedPrivateKey) {
|
|
222
|
-
const decryptedTransferKey = yield this.tryDecryptTransferKey(encryptedTransferKey, availableExchangeKeys);
|
|
244
|
+
const decryptedTransferKey = yield this.tryDecryptTransferKey(encryptedTransferKey, availableExchangeKeys, shaVersion);
|
|
223
245
|
if (decryptedTransferKey != undefined)
|
|
224
246
|
return {
|
|
225
247
|
privateKey: decryptedTransferKey,
|
|
226
|
-
publicKey: yield this.primitives.RSA.importKey('spki', (0, utils_1.hex2ua)(transferData.publicKey), ['encrypt']),
|
|
248
|
+
publicKey: yield this.primitives.RSA.importKey('spki', (0, utils_1.hex2ua)(transferData.publicKey), ['encrypt'], shaVersion),
|
|
227
249
|
};
|
|
228
250
|
}
|
|
229
251
|
return undefined;
|
|
@@ -231,13 +253,13 @@ class KeyRecovery {
|
|
|
231
253
|
}
|
|
232
254
|
// attempt to decrypt a transfer key in pkcs8 using any of the provided exchange keys
|
|
233
255
|
tryDecryptTransferKey(encryptedTransferKey, // in hex format
|
|
234
|
-
exchangeKeys) {
|
|
256
|
+
exchangeKeys, shaVersion) {
|
|
235
257
|
return __awaiter(this, void 0, void 0, function* () {
|
|
236
258
|
const encryptedKeyBytes = (0, utils_1.hex2ua)(encryptedTransferKey);
|
|
237
259
|
for (const exchangeKey of exchangeKeys) {
|
|
238
260
|
try {
|
|
239
261
|
const decryptedKeyData = yield this.primitives.AES.decrypt(exchangeKey, encryptedKeyBytes);
|
|
240
|
-
const importedPrivateKey = yield this.primitives.RSA.importPrivateKey('pkcs8', decryptedKeyData);
|
|
262
|
+
const importedPrivateKey = yield this.primitives.RSA.importPrivateKey('pkcs8', decryptedKeyData, shaVersion);
|
|
241
263
|
if (importedPrivateKey != undefined)
|
|
242
264
|
return importedPrivateKey;
|
|
243
265
|
}
|
|
@@ -248,6 +270,14 @@ class KeyRecovery {
|
|
|
248
270
|
return undefined;
|
|
249
271
|
});
|
|
250
272
|
}
|
|
273
|
+
// Get exchange keys from aes exchange keys / hc party keys and exchange data
|
|
274
|
+
getExchangeKeys(from, to, availableDecryptionKeys) {
|
|
275
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
276
|
+
const aesExchangeKeys = yield this.baseExchangeKeysManager.tryDecryptExchangeKeys(yield this.baseExchangeKeysManager.getEncryptedExchangeKeysFor(from, to), availableDecryptionKeys);
|
|
277
|
+
const decryptedExchangeDataKeys = yield this.baseExchangeDataManager.tryDecryptExchangeKeys(yield this.baseExchangeDataManager.getExchangeDataByDelegatorDelegatePair(from, to), availableDecryptionKeys);
|
|
278
|
+
return [...aesExchangeKeys.successfulDecryptions, ...decryptedExchangeDataKeys.successfulDecryptions];
|
|
279
|
+
});
|
|
280
|
+
}
|
|
251
281
|
}
|
|
252
282
|
exports.KeyRecovery = KeyRecovery;
|
|
253
283
|
//# sourceMappingURL=KeyRecovery.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"KeyRecovery.js","sourceRoot":"","sources":["../../../icc-x-api/crypto/KeyRecovery.ts"],"names":[],"mappings":";;;;;;;;;;;;AAIA,oCAAyC;AACzC,mCAAsD;AAGtD;;;GAGG;AACH,MAAa,WAAW;IAKtB,YAAY,UAA4B,EAAE,uBAAgD,EAAE,YAA8B;QACxH,IAAI,CAAC,UAAU,GAAG,UAAU,CAAA;QAC5B,IAAI,CAAC,uBAAuB,GAAG,uBAAuB,CAAA;QACtD,IAAI,CAAC,YAAY,GAAG,YAAY,CAAA;IAClC,CAAC;IAED;;;;;;OAMG;IACG,WAAW,CACf,SAA4B,EAC5B,SAAqD;;YAErD,MAAM,cAAc,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,YAAY,CAAC,kBAAkB,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC,CAAA;YAC5F,MAAM,cAAc,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAA;YACtD,MAAM,gBAAgB,GAAG,IAAI,GAAG,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAA;YAE/G,MAAM,iBAAiB,GAAG,CAAC,IAAI,CAAC,uBAAuB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,IAAI,CAAC,0BAA0B,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAA;YAC/G,IAAI,cAAc,qBAA6D,SAAS,CAAE,CAAA;YAC1F,IAAI,mBAAmB,GAAG,IAAI,CAAA;YAE9B,OAAO,gBAAgB,CAAC,IAAI,GAAG,CAAC,IAAI,mBAAmB,EAAE;gBACvD,qEAAqE;gBACrE,mBAAmB,GAAG,KAAK,CAAA;gBAC3B,KAAK,MAAM,OAAO,IAAI,iBAAiB,EAAE;oBACvC,MAAM,SAAS,GAAG,MAAM,OAAO,CAAC,SAAS,EAAE,cAAc,EAAE,gBAAgB,CAAC,CAAA;oBAC5E,MAAM,kBAAkB,GAAyC,EAAE,CAAA;oBACnE,KAAK,MAAM,CAAC,EAAE,EAAE,OAAO,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE;wBACrD,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,oBAAoB,CAAC,OAAO,CAAC,CAAA;wBACrE,IAAI,KAAK,EAAE;4BACT,kBAAkB,CAAC,EAAE,CAAC,GAAG,OAAO,CAAA;yBACjC;qBACF;oBACD,IAAI,MAAM,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE;wBAC9C,mBAAmB,GAAG,IAAI,CAAA;wBAC1B,MAAM,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC,OAAO,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,gBAAgB,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAA;wBAC5E,cAAc,mCAAQ,cAAc,GAAK,kBAAkB,CAAE,CAAA;qBAC9D;iBACF;aACF;YAED,OAAO,MAAM,CAAC,WAAW,CAAC,MAAM,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,EAAE,EAAE,CAAC,CAAC,cAAc,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAA;QAC3G,CAAC;KAAA;IAED;;;OAGG;IAEW,0BAA0B,CACtC,SAA4B,EAC5B,OAA4D,EAC5D,aAA0B;;YAE1B,IACE,SAAS,CAAC,SAAS,CAAC,SAAS;gBAC7B,SAAS,CAAC,SAAS,CAAC,0BAA0B;gBAC9C,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,0BAA0B,CAAC,CAAC,MAAM,GAAG,CAAC,EACtE;gBACA,MAAM,MAAM,GAAG,SAAS,CAAC,SAAS,CAAC,EAAG,CAAA;gBACtC,MAAM,YAAY,GAA8D;oBAC9E,CAAC,SAAS,CAAC,SAAS,CAAC,SAAU,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,SAAS,CAAC,SAAS,CAAC,0BAA2B;iBAC7F,CAAA;gBACD,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAClC,IAAI,GAAG,CACL,MAAM,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,UAAU,EAAE,YAAY,CAAC,EAAE,EAAE,CAAC,CAAC,aAAa,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CACvI,CACF,CAAA;gBACD,MAAM,YAAY,GAA0C,EAAE,CAAA;gBAC9D,KAAK,MAAM,QAAQ,IAAI,iBAAiB,EAAE;oBACxC,MAAM,gBAAgB,GAAG,MAAM,IAAI,CAAC,uBAAuB,CAAC,2BAA2B,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAA;oBACzG,YAAY,CAAC,QAAQ,CAAC,GAAG,CAAC,MAAM,IAAI,CAAC,uBAAuB,CAAC,sBAAsB,CAAC,gBAAgB,EAAE,OAAO,CAAC,CAAC,CAAC,qBAAqB,CAAA;iBACtI;gBACD,OAAO,MAAM,IAAI,CAAC,iBAAiB,CAAC,SAAS,EAAE,YAAY,EAAE,YAAY,CAAC,CAAA;aAC3E;;gBAAM,OAAO,EAAE,CAAA;QAClB,CAAC;KAAA;IAEa,iBAAiB,CAC7B,SAA4B,EAC5B,MAAiE,EACjE,YAAmD;;YAEnD,MAAM,GAAG,GAAwD,EAAE,CAAA;YACnE,MAAM,QAAQ,GAAG,IAAA,oCAA4B,EAAC,SAAS,CAAC,SAAS,CAAC,CAAA;YAClE,KAAK,MAAM,CAAC,EAAE,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE;gBAChD,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,sBAAsB,CAAC,KAAK,EAAE,YAAY,CAAC,CAAA;gBACxE,IAAI,SAAS,EAAE;oBACb,MAAM,GAAG,GAAG,QAAQ,CAAC,EAAE,CAAC,CAAA;oBACxB,IAAI,CAAC,GAAG,EAAE;wBACR,OAAO,CAAC,IAAI,CAAC,sCAAsC,EAAE,2BAA2B,CAAC,CAAA;qBAClF;yBAAM;wBACL,IAAI;4BACF,GAAG,CAAC,EAAE,CAAC,GAAG;gCACR,UAAU,EAAE,SAAS;gCACrB,SAAS,EAAE,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,SAAS,CAAC,MAAM,EAAE,IAAA,cAAM,EAAC,GAAG,CAAC,EAAE,CAAC,SAAS,CAAC,CAAC;6BACjF,CAAA;yBACF;wBAAC,OAAO,CAAC,EAAE;4BACV,OAAO,CAAC,IAAI,CAAC,+BAA+B,GAAG,EAAE,EAAE,CAAC,CAAC,CAAA;yBACtD;qBACF;iBACF;aACF;YACD,OAAO,GAAG,CAAA;QACZ,CAAC;KAAA;IAEa,sBAAsB,CAClC,KAAuC,EACvC,YAAmD;;;YAEnD,MAAM,WAAW,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,MAAM,CAAA;YAC7C,IAAI,WAAW,KAAK,CAAC,EAAE;gBACrB,sDAAsD;gBACtD,MAAM,CAAC,QAAQ,EAAE,YAAY,CAAC,GAAG,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAA;gBACzD,KAAK,MAAM,WAAW,IAAI,MAAA,YAAY,CAAC,QAAQ,CAAC,mCAAI,EAAE,EAAE;oBACtD,IAAI;wBACF,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,WAAW,EAAE,IAAA,cAAM,EAAC,YAAY,CAAC,CAAC,CAAA;wBACtF,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,SAAS,CAAC,OAAO,EAAE,SAAS,EAAE,CAAC,SAAS,CAAC,CAAC,CAAA;wBACxF,IAAI,WAAW;4BAAE,OAAO,WAAW,CAAA;qBACpC;oBAAC,OAAO,CAAC,EAAE,GAAE;iBACf;gBACD,OAAO,SAAS,CAAA;aACjB;iBAAM;gBACL,MAAM,eAAe,GAAa,EAAE,CAAA;gBACpC,KAAK,MAAM,yBAAyB,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE;oBAC7D,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,oBAAoB,CAAC,yBAAyB,EAAE,YAAY,EAAE,WAAW,CAAC,CAAA;oBACvG,IAAI,SAAS;wBAAE,eAAe,CAAC,IAAI,CAAC,IAAA,cAAM,EAAC,SAAS,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAA,CAAC,eAAe;iBAChF;gBACD,IAAI;oBACF,MAAM,WAAW,GAAG,IAAA,cAAM,EAAC,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC,CAAA;oBAC3E,OAAO,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,SAAS,CAAC,OAAO,EAAE,WAAW,EAAE,CAAC,SAAS,CAAC,CAAC,CAAA;iBAC9E;gBAAC,OAAO,CAAC,EAAE;oBACV,uCAAuC;oBACvC,OAAO,SAAS,CAAA;iBACjB;aACF;;KACF;IAEa,oBAAoB,CAChC,yBAA2C,EAC3C,YAAmD,EACnD,WAAmB;;;YAEnB,MAAM,CAAC,QAAQ,EAAE,cAAc,CAAC,GAAG,yBAAyB,CAAA;YAC5D,KAAK,MAAM,WAAW,IAAI,MAAA,YAAY,CAAC,QAAQ,CAAC,mCAAI,EAAE,EAAE;gBACtD,IAAI;oBACF,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,WAAW,EAAE,IAAA,cAAM,EAAC,cAAc,CAAC,CAAC,CAAA;oBACxF,IAAI,IAAI,CAAC,sBAAsB,CAAC,SAAS,EAAE,WAAW,CAAC;wBAAE,OAAO,SAAS,CAAA;iBAC1E;gBAAC,OAAO,CAAC,EAAE,GAAE;aACf;YACD,OAAO,SAAS,CAAA;;KACjB;IAEO,sBAAsB,CAAC,cAA2B,EAAE,WAAmB;QAC7E,yFAAyF;QACzF,qDAAqD;QACrD,MAAM,YAAY,GAAG,IAAA,cAAM,EAAC,cAAc,CAAC,CAAA;QAC3C,IAAI,YAAY,CAAC,CAAC,CAAC,KAAK,GAAG,IAAI,YAAY,CAAC,CAAC,CAAC,KAAK,GAAG;YAAE,OAAO,KAAK,CAAA;QACpE,IAAI;YACF,MAAM,UAAU,GAAG,QAAQ,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAA;YACzD,OAAO,UAAU,GAAG,CAAC,IAAI,UAAU,IAAI,WAAW,CAAA;SACnD;QAAC,OAAO,CAAC,EAAE;YACV,OAAO,KAAK,CAAA;SACb;IACH,CAAC;IAEa,uBAAuB,CACnC,SAA4B,EAC5B,OAA4D,EAC5D,aAA0B;;;YAE1B,MAAM,+BAA+B,GAAG,IAAA,oCAA4B,EAAC,SAAS,CAAC,SAAS,CAAC,CAAA;YACzF,MAAM,uBAAuB,GAA+F,EAAE,CAAA;YAC9H,MAAM,CAAC,MAAM,CAAC,MAAA,SAAS,CAAC,SAAS,CAAC,YAAY,mCAAI,EAAE,CAAC,CAAC,OAAO,CAAC,CAAC,uBAAuB,EAAE,EAAE;gBACxF,MAAM,CAAC,OAAO,CAAC,uBAAuB,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,mBAAmB,EAAE,2BAA2B,CAAC,EAAE,EAAE;oBACrG,MAAM,qBAAqB,GAAG,mBAAmB,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAA,CAAC,6DAA6D;oBAC1H,IAAI,aAAa,CAAC,GAAG,CAAC,qBAAqB,CAAC,EAAE;wBAC5C,MAAM,kBAAkB,GAAG,uBAAuB,CAAC,qBAAqB,CAAC,CAAA;wBACzE,IAAI,kBAAkB,EAAE;4BACtB,kBAAkB,CAAC,mBAAmB,CAAC,GAAG,CAAC,2BAA2B,CAAC,CAAA;yBACxE;6BAAM;4BACL,MAAM,aAAa,GAAG,+BAA+B,CAAC,qBAAqB,CAAC,CAAA;4BAC5E,IAAI,aAAa,EAAE;gCACjB,uBAAuB,CAAC,qBAAqB,CAAC,GAAG;oCAC/C,SAAS,EAAE,aAAa;oCACxB,mBAAmB,EAAE,IAAI,GAAG,CAAC,CAAC,2BAA2B,CAAC,CAAC;iCAC5D,CAAA;6BACF;iCAAM;gCACL,OAAO,CAAC,IAAI,CAAC,uEAAuE,CAAC,CAAA;6BACtF;yBACF;qBACF;gBACH,CAAC,CAAC,CAAA;YACJ,CAAC,CAAC,CAAA;YAEF,MAAM,EAAE,qBAAqB,EAAE,qBAAqB,EAAE,GAAG,MAAM,IAAI,CAAC,uBAAuB,CAAC,sBAAsB,CAChH,MAAM,IAAI,CAAC,uBAAuB,CAAC,2BAA2B,CAAC,SAAS,CAAC,SAAS,CAAC,EAAG,EAAE,SAAS,CAAC,SAAS,CAAC,EAAG,CAAC,EAChH,OAAO,CACR,CAAA;YAED,OAAO,MAAM,CAAC,OAAO,CAAC,uBAAuB,CAAC,CAAC,MAAM,CAAC,CAAO,GAAG,EAAE,CAAC,mBAAmB,EAAE,YAAY,CAAC,EAAE,EAAE;gBACvG,MAAM,UAAU,GAAG,MAAM,GAAG,CAAA;gBAC5B,MAAM,qBAAqB,GAAG,MAAM,IAAI,CAAC,sBAAsB,CAAC,YAAY,EAAE,qBAAqB,CAAC,CAAA;gBACpG,IAAI,qBAAqB,IAAI,SAAS,EAAE;oBACtC,uCAAY,UAAU,KAAE,CAAC,mBAAmB,CAAC,EAAE,qBAAqB,IAAE;iBACvE;;oBAAM,OAAO,UAAU,CAAA;YAC1B,CAAC,CAAA,EAAE,OAAO,CAAC,OAAO,CAAC,EAAyD,CAAC,CAAC,CAAA;;KAC/E;IAEa,sBAAsB,CAClC,YAAqE,EACrE,qBAAkC;;YAElC,KAAK,MAAM,oBAAoB,IAAI,YAAY,CAAC,mBAAmB,EAAE;gBACnE,MAAM,oBAAoB,GAAG,MAAM,IAAI,CAAC,qBAAqB,CAAC,oBAAoB,EAAE,qBAAqB,CAAC,CAAA;gBAC1G,IAAI,oBAAoB,IAAI,SAAS;oBACnC,OAAO;wBACL,UAAU,EAAE,oBAAoB;wBAChC,SAAS,EAAE,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,SAAS,CAAC,MAAM,EAAE,IAAA,cAAM,EAAC,YAAY,CAAC,SAAS,CAAC,EAAE,CAAC,SAAS,CAAC,CAAC;qBACpG,CAAA;aACJ;YACD,OAAO,SAAS,CAAA;QAClB,CAAC;KAAA;IAED,qFAAqF;IACvE,qBAAqB,CACjC,oBAA4B,EAAE,gBAAgB;IAC9C,YAAyB;;YAEzB,MAAM,iBAAiB,GAAG,IAAA,cAAM,EAAC,oBAAoB,CAAC,CAAA;YACtD,KAAK,MAAM,WAAW,IAAI,YAAY,EAAE;gBACtC,IAAI;oBACF,MAAM,gBAAgB,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,WAAW,EAAE,iBAAiB,CAAC,CAAA;oBAC1F,MAAM,kBAAkB,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,gBAAgB,CAAC,OAAO,EAAE,gBAAgB,CAAC,CAAA;oBAChG,IAAI,kBAAkB,IAAI,SAAS;wBAAE,OAAO,kBAAkB,CAAA;iBAC/D;gBAAC,OAAO,CAAC,EAAE;oBACV,0EAA0E;iBAC3E;aACF;YACD,OAAO,SAAS,CAAA;QAClB,CAAC;KAAA;CACF;AAzPD,kCAyPC","sourcesContent":["import { IccDataOwnerXApi } from '../icc-data-owner-x-api'\nimport { KeyPair } from './RSA'\nimport { CryptoPrimitives } from './CryptoPrimitives'\nimport { BaseExchangeKeysManager } from './BaseExchangeKeysManager'\nimport { hex2ua, ua2hex } from '../utils'\nimport { fingerprintToPublicKeysMapOf } from './utils'\nimport { DataOwnerWithType } from '../../icc-api/model/DataOwnerWithType'\n\n/**\n * @internal this class is intended only for internal use and may be changed without notice.\n *\n */\nexport class KeyRecovery {\n private readonly primitives: CryptoPrimitives\n private readonly baseExchangeKeysManager: BaseExchangeKeysManager\n private readonly dataOwnerApi: IccDataOwnerXApi\n\n constructor(primitives: CryptoPrimitives, baseExchangeKeysManager: BaseExchangeKeysManager, dataOwnerApi: IccDataOwnerXApi) {\n this.primitives = primitives\n this.baseExchangeKeysManager = baseExchangeKeysManager\n this.dataOwnerApi = dataOwnerApi\n }\n\n /**\n * Attempt to recover private keys of a data owner using all available key recovery methods and all available private keys. The method will\n * automatically try to use newly recovered key pairs to recover additional key pairs.\n * @param dataOwner a data owner.\n * @param knownKeys keys available for the data owner.\n * @return new key pairs (exclude already known pairs) which could be recovered using the known keys.\n */\n async recoverKeys(\n dataOwner: DataOwnerWithType,\n knownKeys: { [pubKeyFp: string]: KeyPair<CryptoKey> }\n ): Promise<{ [pubKeyFp: string]: KeyPair<CryptoKey> }> {\n const selfPublicKeys = Array.from(this.dataOwnerApi.getHexPublicKeysOf(dataOwner.dataOwner))\n const knownKeysFpSet = new Set(Object.keys(knownKeys))\n const missingKeysFpSet = new Set(selfPublicKeys.map((x) => x.slice(-32)).filter((x) => !knownKeysFpSet.has(x)))\n\n const recoveryFunctions = [this.recoverFromTransferKeys.bind(this), this.recoverFromShamirSplitKeys.bind(this)]\n let allPrivateKeys: { [pubKeyFingerprint: string]: KeyPair<CryptoKey> } = { ...knownKeys }\n let foundNewPrivateKeys = true\n\n while (missingKeysFpSet.size > 0 && foundNewPrivateKeys) {\n // TODO for each recovered verify correct association with public key\n foundNewPrivateKeys = false\n for (const recover of recoveryFunctions) {\n const recovered = await recover(dataOwner, allPrivateKeys, missingKeysFpSet)\n const validatedRecovered: { [fp: string]: KeyPair<CryptoKey> } = {}\n for (const [fp, keyPair] of Object.entries(recovered)) {\n const valid = await this.primitives.RSA.checkKeyPairValidity(keyPair)\n if (valid) {\n validatedRecovered[fp] = keyPair\n }\n }\n if (Object.keys(validatedRecovered).length > 0) {\n foundNewPrivateKeys = true\n Object.keys(validatedRecovered).forEach((fp) => missingKeysFpSet.delete(fp))\n allPrivateKeys = { ...allPrivateKeys, ...validatedRecovered }\n }\n }\n }\n\n return Object.fromEntries(Object.entries(allPrivateKeys).filter(([keyFp]) => !knownKeysFpSet.has(keyFp)))\n }\n\n /*TODO?\n * Ask access back suggestion: if by getting access back to an exchange key with another data owner I may recover additional keys we could suggest\n * to ask for access back to that data owner.\n */\n\n private async recoverFromShamirSplitKeys(\n dataOwner: DataOwnerWithType,\n allKeys: { [pubKeyFingerprint: string]: KeyPair<CryptoKey> },\n missingKeysFp: Set<string>\n ): Promise<{ [pubKeyFingerprint: string]: KeyPair<CryptoKey> }> {\n if (\n dataOwner.dataOwner.publicKey &&\n dataOwner.dataOwner.privateKeyShamirPartitions &&\n Object.keys(dataOwner.dataOwner.privateKeyShamirPartitions).length > 0\n ) {\n const selfId = dataOwner.dataOwner.id!\n const shamirSplits: { [keyPairFp: string]: { [delegateId: string]: string } } = {\n [dataOwner.dataOwner.publicKey!.slice(-32)]: dataOwner.dataOwner.privateKeyShamirPartitions!,\n }\n const delegatesOfSplits = Array.from(\n new Set(\n Object.entries(shamirSplits).flatMap(([splitKeyFp, splitKeyData]) => (missingKeysFp.has(splitKeyFp) ? Object.keys(splitKeyData) : []))\n )\n )\n const exchangeKeys: { [delegateId: string]: CryptoKey[] } = {}\n for (const delegate of delegatesOfSplits) {\n const currExchangeKeys = await this.baseExchangeKeysManager.getEncryptedExchangeKeysFor(selfId, delegate)\n exchangeKeys[delegate] = (await this.baseExchangeKeysManager.tryDecryptExchangeKeys(currExchangeKeys, allKeys)).successfulDecryptions\n }\n return await this.recoverWithSplits(dataOwner, shamirSplits, exchangeKeys)\n } else return {}\n }\n\n private async recoverWithSplits(\n dataOwner: DataOwnerWithType,\n splits: { [keyPairFp: string]: { [delegateId: string]: string } },\n exchangeKeys: { [delegateId: string]: CryptoKey[] }\n ): Promise<{ [pubKeyFingerprint: string]: KeyPair<CryptoKey> }> {\n const res: { [pubKeyFingerprint: string]: KeyPair<CryptoKey> } = {}\n const keysByFp = fingerprintToPublicKeysMapOf(dataOwner.dataOwner)\n for (const [fp, split] of Object.entries(splits)) {\n const recovered = await this.tryRecoverSplitPrivate(split, exchangeKeys)\n if (recovered) {\n const pub = keysByFp[fp]\n if (!pub) {\n console.warn(`Missing public key for fingerprint ${fp} of recovered shamir key.`)\n } else {\n try {\n res[fp] = {\n privateKey: recovered,\n publicKey: await this.primitives.RSA.importKey('spki', hex2ua(pub), ['encrypt']),\n }\n } catch (e) {\n console.warn(`Failed to import public key ${pub}`, e)\n }\n }\n }\n }\n return res\n }\n\n private async tryRecoverSplitPrivate(\n split: { [delegateId: string]: string },\n exchangeKeys: { [delegateId: string]: CryptoKey[] }\n ): Promise<CryptoKey | undefined> {\n const splitsCount = Object.keys(split).length\n if (splitsCount === 1) {\n // Not sure about the key nor if the key is accessible\n const [delegate, encryptedKey] = Object.entries(split)[0]\n for (const exchangeKey of exchangeKeys[delegate] ?? []) {\n try {\n const decrypted = await this.primitives.AES.decrypt(exchangeKey, hex2ua(encryptedKey))\n const importedKey = await this.primitives.RSA.importKey('pkcs8', decrypted, ['decrypt'])\n if (importedKey) return importedKey\n } catch (e) {}\n }\n return undefined\n } else {\n const decryptedSplits: string[] = []\n for (const delegateAndEncryptedSplit of Object.entries(split)) {\n const decrypted = await this.tryDecryptSplitPiece(delegateAndEncryptedSplit, exchangeKeys, splitsCount)\n if (decrypted) decryptedSplits.push(ua2hex(decrypted).slice(1)) // Drop padding\n }\n try {\n const combinedKey = hex2ua(this.primitives.shamir.combine(decryptedSplits))\n return await this.primitives.RSA.importKey('pkcs8', combinedKey, ['decrypt'])\n } catch (e) {\n // Could be not enough splits decrypted\n return undefined\n }\n }\n }\n\n private async tryDecryptSplitPiece(\n delegateAndEncryptedSplit: [string, string],\n exchangeKeys: { [delegateId: string]: CryptoKey[] },\n splitsCount: number\n ): Promise<ArrayBuffer | undefined> {\n const [delegate, encryptedPiece] = delegateAndEncryptedSplit\n for (const exchangeKey of exchangeKeys[delegate] ?? []) {\n try {\n const decrypted = await this.primitives.AES.decrypt(exchangeKey, hex2ua(encryptedPiece))\n if (this.validateDecryptedSplit(decrypted, splitsCount)) return decrypted\n } catch (e) {}\n }\n return undefined\n }\n\n private validateDecryptedSplit(decryptedSplit: ArrayBuffer, splitsCount: number): boolean {\n // Normally shamir split starts with 8 followed by the index of the split in hexadecimal.\n // However, we pad with an extra 'f' at the beginning\n const decryptedHex = ua2hex(decryptedSplit)\n if (decryptedHex[0] !== 'f' || decryptedHex[1] !== '8') return false\n try {\n const splitIndex = parseInt(decryptedHex.slice(2, 4), 16)\n return splitIndex > 0 && splitIndex <= splitsCount\n } catch (e) {\n return false\n }\n }\n\n private async recoverFromTransferKeys(\n dataOwner: DataOwnerWithType,\n allKeys: { [pubKeyFingerprint: string]: KeyPair<CryptoKey> },\n missingKeysFp: Set<string>\n ): Promise<{ [pubKeyFingerprint: string]: KeyPair<CryptoKey> }> {\n const publicKeyFingerprintToPublicKey = fingerprintToPublicKeysMapOf(dataOwner.dataOwner)\n const missingKeysTransferData: { [recoverableKeyPubFp: string]: { publicKey: string; encryptedPrivateKey: Set<string> } } = {}\n Object.values(dataOwner.dataOwner.transferKeys ?? {}).forEach((transferKeysByEncryptor) => {\n Object.entries(transferKeysByEncryptor).forEach(([transferToPublicKey, transferPrivateKeyEncrypted]) => {\n const transferToPublicKeyFp = transferToPublicKey.slice(-32) // We are not sure if transfer public key will be a fp or not\n if (missingKeysFp.has(transferToPublicKeyFp)) {\n const existingEntryValue = missingKeysTransferData[transferToPublicKeyFp]\n if (existingEntryValue) {\n existingEntryValue.encryptedPrivateKey.add(transferPrivateKeyEncrypted)\n } else {\n const fullPublicKey = publicKeyFingerprintToPublicKey[transferToPublicKeyFp]\n if (fullPublicKey) {\n missingKeysTransferData[transferToPublicKeyFp] = {\n publicKey: fullPublicKey,\n encryptedPrivateKey: new Set([transferPrivateKeyEncrypted]),\n }\n } else {\n console.warn('Invalid data owner: there is a transfer key for an unknown public key')\n }\n }\n }\n })\n })\n\n const { successfulDecryptions: availableExchangeKeys } = await this.baseExchangeKeysManager.tryDecryptExchangeKeys(\n await this.baseExchangeKeysManager.getEncryptedExchangeKeysFor(dataOwner.dataOwner.id!, dataOwner.dataOwner.id!),\n allKeys\n )\n\n return Object.entries(missingKeysTransferData).reduce(async (acc, [recoverableKeyPubFp, transferData]) => {\n const awaitedAcc = await acc\n const decryptedTransferData = await this.tryDecryptTransferData(transferData, availableExchangeKeys)\n if (decryptedTransferData != undefined) {\n return { ...awaitedAcc, [recoverableKeyPubFp]: decryptedTransferData }\n } else return awaitedAcc\n }, Promise.resolve({} as { [pubKeyFingerprint: string]: KeyPair<CryptoKey> }))\n }\n\n private async tryDecryptTransferData(\n transferData: { publicKey: string; encryptedPrivateKey: Set<string> },\n availableExchangeKeys: CryptoKey[]\n ): Promise<KeyPair<CryptoKey> | undefined> {\n for (const encryptedTransferKey of transferData.encryptedPrivateKey) {\n const decryptedTransferKey = await this.tryDecryptTransferKey(encryptedTransferKey, availableExchangeKeys)\n if (decryptedTransferKey != undefined)\n return {\n privateKey: decryptedTransferKey,\n publicKey: await this.primitives.RSA.importKey('spki', hex2ua(transferData.publicKey), ['encrypt']),\n }\n }\n return undefined\n }\n\n // attempt to decrypt a transfer key in pkcs8 using any of the provided exchange keys\n private async tryDecryptTransferKey(\n encryptedTransferKey: string, // in hex format\n exchangeKeys: CryptoKey[]\n ): Promise<CryptoKey | undefined> {\n const encryptedKeyBytes = hex2ua(encryptedTransferKey)\n for (const exchangeKey of exchangeKeys) {\n try {\n const decryptedKeyData = await this.primitives.AES.decrypt(exchangeKey, encryptedKeyBytes)\n const importedPrivateKey = await this.primitives.RSA.importPrivateKey('pkcs8', decryptedKeyData)\n if (importedPrivateKey != undefined) return importedPrivateKey\n } catch (e) {\n /* failure is a valid possibility: we don't know the correct key to use */\n }\n }\n return undefined\n }\n}\n"]}
|
|
1
|
+
{"version":3,"file":"KeyRecovery.js","sourceRoot":"","sources":["../../../icc-x-api/crypto/KeyRecovery.ts"],"names":[],"mappings":";;;;;;;;;;;;AAIA,oCAAyC;AACzC,mCAA0F;AAI1F;;;GAGG;AACH,MAAa,WAAW;IACtB,YACmB,UAA4B,EAC5B,YAA8B,EAC9B,uBAAgD,EAChD,uBAAgD;QAHhD,eAAU,GAAV,UAAU,CAAkB;QAC5B,iBAAY,GAAZ,YAAY,CAAkB;QAC9B,4BAAuB,GAAvB,uBAAuB,CAAyB;QAChD,4BAAuB,GAAvB,uBAAuB,CAAyB;IAChE,CAAC;IAEJ;;;;;;;;;OASG;IAEH;;;;;;OAMG;IACG,WAAW,CACf,SAA4B,EAC5B,SAAqD;;YAErD,MAAM,cAAc,GAAG,KAAK,CAAC,IAAI,CAAC;gBAChC,GAAG,IAAI,CAAC,YAAY,CAAC,0BAA0B,CAAC,SAAS,CAAC,SAAS,CAAC;gBACpE,GAAG,IAAI,CAAC,YAAY,CAAC,4BAA4B,CAAC,SAAS,CAAC,SAAS,CAAC;aACvE,CAAC,CAAA;YACF,MAAM,cAAc,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAA;YACtD,MAAM,gBAAgB,GAAG,IAAI,GAAG,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAA,qBAAa,EAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAA;YAEnH,MAAM,iBAAiB,GAAG,CAAC,IAAI,CAAC,uBAAuB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,IAAI,CAAC,0BAA0B,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAA;YAC/G,IAAI,cAAc,qBAA6D,SAAS,CAAE,CAAA;YAC1F,IAAI,mBAAmB,GAAG,IAAI,CAAA;YAE9B,OAAO,gBAAgB,CAAC,IAAI,GAAG,CAAC,IAAI,mBAAmB,EAAE;gBACvD,qEAAqE;gBACrE,mBAAmB,GAAG,KAAK,CAAA;gBAC3B,KAAK,MAAM,OAAO,IAAI,iBAAiB,EAAE;oBACvC,MAAM,SAAS,GAAG,MAAM,OAAO,CAAC,SAAS,EAAE,cAAc,EAAE,gBAAgB,CAAC,CAAA;oBAC5E,MAAM,kBAAkB,GAAyC,EAAE,CAAA;oBACnE,KAAK,MAAM,CAAC,EAAE,EAAE,OAAO,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE;wBACrD,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,oBAAoB,CAAC,OAAO,CAAC,CAAA;wBACrE,IAAI,KAAK,EAAE;4BACT,kBAAkB,CAAC,EAAE,CAAC,GAAG,OAAO,CAAA;yBACjC;qBACF;oBACD,IAAI,MAAM,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE;wBAC9C,mBAAmB,GAAG,IAAI,CAAA;wBAC1B,MAAM,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC,OAAO,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,gBAAgB,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAA;wBAC5E,cAAc,mCAAQ,cAAc,GAAK,kBAAkB,CAAE,CAAA;qBAC9D;iBACF;aACF;YAED,OAAO,MAAM,CAAC,WAAW,CAAC,MAAM,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,EAAE,EAAE,CAAC,CAAC,cAAc,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAA;QAC3G,CAAC;KAAA;IAED;;;OAGG;IAEW,0BAA0B,CACtC,SAA4B,EAC5B,OAA4D,EAC5D,aAA0B;;YAE1B,IACE,SAAS,CAAC,SAAS,CAAC,SAAS;gBAC7B,SAAS,CAAC,SAAS,CAAC,0BAA0B;gBAC9C,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,0BAA0B,CAAC,CAAC,MAAM,GAAG,CAAC,EACtE;gBACA,MAAM,MAAM,GAAG,SAAS,CAAC,SAAS,CAAC,EAAG,CAAA;gBACtC,MAAM,YAAY,GAA8D;oBAC9E,CAAC,SAAS,CAAC,SAAS,CAAC,SAAU,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,SAAS,CAAC,SAAS,CAAC,0BAA2B;iBAC7F,CAAA;gBACD,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAClC,IAAI,GAAG,CACL,MAAM,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,UAAU,EAAE,YAAY,CAAC,EAAE,EAAE,CAAC,CAAC,aAAa,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CACvI,CACF,CAAA;gBACD,MAAM,YAAY,GAA0C,EAAE,CAAA;gBAC9D,KAAK,MAAM,QAAQ,IAAI,iBAAiB,EAAE;oBACxC,YAAY,CAAC,QAAQ,CAAC,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,MAAM,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAA;iBAC/E;gBACD,OAAO,MAAM,IAAI,CAAC,iBAAiB,CAAC,SAAS,EAAE,YAAY,EAAE,YAAY,CAAC,CAAA;aAC3E;;gBAAM,OAAO,EAAE,CAAA;QAClB,CAAC;KAAA;IAEa,iBAAiB,CAC7B,SAA4B,EAC5B,MAAiE,EACjE,YAAmD;;;YAEnD,MAAM,GAAG,GAAwD,EAAE,CAAA;YACnE,MAAM,QAAQ,GAAG,IAAA,oCAA4B,EAAC,SAAS,CAAC,SAAS,EAAE,OAAO,CAAC,CAAA;YAC3E,MAAM,kBAAkB,GAAG,IAAA,oCAA4B,EAAC,SAAS,CAAC,SAAS,EAAE,SAAS,CAAC,CAAA;YACvF,KAAK,MAAM,CAAC,EAAE,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE;gBAChD,MAAM,GAAG,GAAG,MAAA,QAAQ,CAAC,EAAE,CAAC,mCAAI,kBAAkB,CAAC,EAAE,CAAC,CAAA;gBAClD,MAAM,UAAU,GAAG,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC,kBAAkB,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAA;gBAChH,IAAI,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC,UAAU,EAAE;oBACzB,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,sBAAsB,CAAC,KAAK,EAAE,YAAY,EAAE,UAAU,CAAC,CAAA;oBACpF,IAAI,SAAS,EAAE;wBACb,MAAM,GAAG,GAAG,QAAQ,CAAC,EAAE,CAAC,CAAA;wBACxB,IAAI;4BACF,GAAG,CAAC,EAAE,CAAC,GAAG;gCACR,UAAU,EAAE,SAAS;gCACrB,SAAS,EAAE,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,SAAS,CAAC,MAAM,EAAE,IAAA,cAAM,EAAC,GAAG,CAAC,EAAE,CAAC,SAAS,CAAC,EAAE,UAAU,CAAC;6BAC7F,CAAA;yBACF;wBAAC,OAAO,CAAC,EAAE;4BACV,OAAO,CAAC,IAAI,CAAC,+BAA+B,GAAG,EAAE,EAAE,CAAC,CAAC,CAAA;yBACtD;qBACF;iBACF;qBAAM;oBACL,OAAO,CAAC,IAAI,CAAC,sCAAsC,EAAE,2BAA2B,CAAC,CAAA;iBAClF;aACF;YACD,OAAO,GAAG,CAAA;;KACX;IAEa,sBAAsB,CAClC,KAAuC,EACvC,YAAmD,EACnD,UAAsB;;;YAEtB,MAAM,WAAW,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,MAAM,CAAA;YAC7C,IAAI,WAAW,KAAK,CAAC,EAAE;gBACrB,sDAAsD;gBACtD,MAAM,CAAC,QAAQ,EAAE,YAAY,CAAC,GAAG,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAA;gBACzD,KAAK,MAAM,WAAW,IAAI,MAAA,YAAY,CAAC,QAAQ,CAAC,mCAAI,EAAE,EAAE;oBACtD,IAAI;wBACF,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,WAAW,EAAE,IAAA,cAAM,EAAC,YAAY,CAAC,CAAC,CAAA;wBACtF,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,SAAS,CAAC,OAAO,EAAE,SAAS,EAAE,CAAC,SAAS,CAAC,EAAE,UAAU,CAAC,CAAA;wBACpG,IAAI,WAAW;4BAAE,OAAO,WAAW,CAAA;qBACpC;oBAAC,OAAO,CAAC,EAAE,GAAE;iBACf;gBACD,OAAO,SAAS,CAAA;aACjB;iBAAM;gBACL,MAAM,eAAe,GAAa,EAAE,CAAA;gBACpC,KAAK,MAAM,yBAAyB,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE;oBAC7D,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,oBAAoB,CAAC,yBAAyB,EAAE,YAAY,EAAE,WAAW,CAAC,CAAA;oBACvG,IAAI,SAAS;wBAAE,eAAe,CAAC,IAAI,CAAC,IAAA,cAAM,EAAC,SAAS,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAA,CAAC,eAAe;iBAChF;gBACD,IAAI;oBACF,MAAM,WAAW,GAAG,IAAA,cAAM,EAAC,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC,CAAA;oBAC3E,OAAO,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,SAAS,CAAC,OAAO,EAAE,WAAW,EAAE,CAAC,SAAS,CAAC,EAAE,UAAU,CAAC,CAAA;iBAC1F;gBAAC,OAAO,CAAC,EAAE;oBACV,uCAAuC;oBACvC,OAAO,SAAS,CAAA;iBACjB;aACF;;KACF;IAEa,oBAAoB,CAChC,yBAA2C,EAC3C,YAAmD,EACnD,WAAmB;;;YAEnB,MAAM,CAAC,QAAQ,EAAE,cAAc,CAAC,GAAG,yBAAyB,CAAA;YAC5D,KAAK,MAAM,WAAW,IAAI,MAAA,YAAY,CAAC,QAAQ,CAAC,mCAAI,EAAE,EAAE;gBACtD,IAAI;oBACF,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,WAAW,EAAE,IAAA,cAAM,EAAC,cAAc,CAAC,CAAC,CAAA;oBACxF,IAAI,IAAI,CAAC,sBAAsB,CAAC,SAAS,EAAE,WAAW,CAAC;wBAAE,OAAO,SAAS,CAAA;iBAC1E;gBAAC,OAAO,CAAC,EAAE,GAAE;aACf;YACD,OAAO,SAAS,CAAA;;KACjB;IAEO,sBAAsB,CAAC,cAA2B,EAAE,WAAmB;QAC7E,yFAAyF;QACzF,qDAAqD;QACrD,MAAM,YAAY,GAAG,IAAA,cAAM,EAAC,cAAc,CAAC,CAAA;QAC3C,IAAI,YAAY,CAAC,CAAC,CAAC,KAAK,GAAG,IAAI,YAAY,CAAC,CAAC,CAAC,KAAK,GAAG;YAAE,OAAO,KAAK,CAAA;QACpE,IAAI;YACF,MAAM,UAAU,GAAG,QAAQ,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAA;YACzD,OAAO,UAAU,GAAG,CAAC,IAAI,UAAU,IAAI,WAAW,CAAA;SACnD;QAAC,OAAO,CAAC,EAAE;YACV,OAAO,KAAK,CAAA;SACb;IACH,CAAC;IAEa,uBAAuB,CACnC,SAA4B,EAC5B,OAA4D,EAC5D,aAA0B;;;YAE1B,MAAM,+BAA+B,mCAChC,IAAA,oCAA4B,EAAC,SAAS,CAAC,SAAS,EAAE,OAAO,CAAC,GAC1D,IAAA,oCAA4B,EAAC,SAAS,CAAC,SAAS,EAAE,SAAS,CAAC,CAChE,CAAA;YACD,MAAM,uBAAuB,GAA+F,EAAE,CAAA;YAC9H,MAAM,CAAC,MAAM,CAAC,MAAA,SAAS,CAAC,SAAS,CAAC,YAAY,mCAAI,EAAE,CAAC,CAAC,OAAO,CAAC,CAAC,uBAAuB,EAAE,EAAE;gBACxF,MAAM,CAAC,OAAO,CAAC,uBAAuB,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,mBAAmB,EAAE,2BAA2B,CAAC,EAAE,EAAE;oBACrG,MAAM,qBAAqB,GAAG,IAAA,qBAAa,EAAC,mBAAmB,CAAC,CAAA,CAAC,6DAA6D;oBAC9H,IAAI,aAAa,CAAC,GAAG,CAAC,qBAAqB,CAAC,EAAE;wBAC5C,MAAM,kBAAkB,GAAG,uBAAuB,CAAC,qBAAqB,CAAC,CAAA;wBACzE,IAAI,kBAAkB,EAAE;4BACtB,kBAAkB,CAAC,mBAAmB,CAAC,GAAG,CAAC,2BAA2B,CAAC,CAAA;yBACxE;6BAAM;4BACL,MAAM,aAAa,GAAG,+BAA+B,CAAC,qBAAqB,CAAC,CAAA;4BAC5E,IAAI,aAAa,EAAE;gCACjB,uBAAuB,CAAC,qBAAqB,CAAC,GAAG;oCAC/C,SAAS,EAAE,aAAa;oCACxB,mBAAmB,EAAE,IAAI,GAAG,CAAC,CAAC,2BAA2B,CAAC,CAAC;iCAC5D,CAAA;6BACF;iCAAM;gCACL,OAAO,CAAC,IAAI,CAAC,uEAAuE,CAAC,CAAA;6BACtF;yBACF;qBACF;gBACH,CAAC,CAAC,CAAA;YACJ,CAAC,CAAC,CAAA;YACF,MAAM,qBAAqB,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,SAAS,CAAC,SAAS,CAAC,EAAG,EAAE,SAAS,CAAC,SAAS,CAAC,EAAG,EAAE,OAAO,CAAC,CAAA;YAEnH,OAAO,MAAM,CAAC,OAAO,CAAC,uBAAuB,CAAC,CAAC,MAAM,CAAC,CAAO,GAAG,EAAE,CAAC,mBAAmB,EAAE,YAAY,CAAC,EAAE,EAAE;gBACvG,MAAM,UAAU,GAAG,MAAM,GAAG,CAAA;gBAC5B,MAAM,UAAU,GAAG,IAAA,2BAAmB,EAAC,SAAS,CAAC,SAAS,EAAE,YAAY,CAAC,SAAS,CAAC,CAAA;gBACnF,IAAI,CAAC,CAAC,UAAU,EAAE;oBAChB,MAAM,qBAAqB,GAAG,MAAM,IAAI,CAAC,sBAAsB,CAAC,YAAY,EAAE,qBAAqB,EAAE,UAAU,CAAC,CAAA;oBAChH,IAAI,qBAAqB,IAAI,SAAS,EAAE;wBACtC,uCAAY,UAAU,KAAE,CAAC,mBAAmB,CAAC,EAAE,qBAAqB,IAAE;qBACvE;;wBAAM,OAAO,UAAU,CAAA;iBACzB;;oBAAM,OAAO,UAAU,CAAA;YAC1B,CAAC,CAAA,EAAE,OAAO,CAAC,OAAO,CAAC,EAAyD,CAAC,CAAC,CAAA;;KAC/E;IAEa,sBAAsB,CAClC,YAAqE,EACrE,qBAAkC,EAClC,UAAsB;;YAEtB,KAAK,MAAM,oBAAoB,IAAI,YAAY,CAAC,mBAAmB,EAAE;gBACnE,MAAM,oBAAoB,GAAG,MAAM,IAAI,CAAC,qBAAqB,CAAC,oBAAoB,EAAE,qBAAqB,EAAE,UAAU,CAAC,CAAA;gBACtH,IAAI,oBAAoB,IAAI,SAAS;oBACnC,OAAO;wBACL,UAAU,EAAE,oBAAoB;wBAChC,SAAS,EAAE,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,SAAS,CAAC,MAAM,EAAE,IAAA,cAAM,EAAC,YAAY,CAAC,SAAS,CAAC,EAAE,CAAC,SAAS,CAAC,EAAE,UAAU,CAAC;qBAChH,CAAA;aACJ;YACD,OAAO,SAAS,CAAA;QAClB,CAAC;KAAA;IAED,qFAAqF;IACvE,qBAAqB,CACjC,oBAA4B,EAAE,gBAAgB;IAC9C,YAAyB,EACzB,UAAsB;;YAEtB,MAAM,iBAAiB,GAAG,IAAA,cAAM,EAAC,oBAAoB,CAAC,CAAA;YACtD,KAAK,MAAM,WAAW,IAAI,YAAY,EAAE;gBACtC,IAAI;oBACF,MAAM,gBAAgB,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,WAAW,EAAE,iBAAiB,CAAC,CAAA;oBAC1F,MAAM,kBAAkB,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,gBAAgB,CAAC,OAAO,EAAE,gBAAgB,EAAE,UAAU,CAAC,CAAA;oBAC5G,IAAI,kBAAkB,IAAI,SAAS;wBAAE,OAAO,kBAAkB,CAAA;iBAC/D;gBAAC,OAAO,CAAC,EAAE;oBACV,0EAA0E;iBAC3E;aACF;YACD,OAAO,SAAS,CAAA;QAClB,CAAC;KAAA;IAED,6EAA6E;IAC/D,eAAe,CAC3B,IAAY,EACZ,EAAU,EACV,uBAA4E;;YAE5E,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,uBAAuB,CAAC,sBAAsB,CAC/E,MAAM,IAAI,CAAC,uBAAuB,CAAC,2BAA2B,CAAC,IAAI,EAAE,EAAE,CAAC,EACxE,uBAAuB,CACxB,CAAA;YACD,MAAM,yBAAyB,GAAG,MAAM,IAAI,CAAC,uBAAuB,CAAC,sBAAsB,CACzF,MAAM,IAAI,CAAC,uBAAuB,CAAC,sCAAsC,CAAC,IAAI,EAAE,EAAE,CAAC,EACnF,uBAAuB,CACxB,CAAA;YACD,OAAO,CAAC,GAAG,eAAe,CAAC,qBAAqB,EAAE,GAAG,yBAAyB,CAAC,qBAAqB,CAAC,CAAA;QACvG,CAAC;KAAA;CACF;AA5RD,kCA4RC","sourcesContent":["import { IccDataOwnerXApi } from '../icc-data-owner-x-api'\nimport { KeyPair, ShaVersion } from './RSA'\nimport { CryptoPrimitives } from './CryptoPrimitives'\nimport { BaseExchangeKeysManager } from './BaseExchangeKeysManager'\nimport { hex2ua, ua2hex } from '../utils'\nimport { fingerprintToPublicKeysMapOf, fingerprintV1, getShaVersionForKey } from './utils'\nimport { BaseExchangeDataManager } from './BaseExchangeDataManager'\nimport { DataOwnerWithType } from '../../icc-api/model/DataOwnerWithType'\n\n/**\n * @internal this class is intended only for internal use and may be changed without notice.\n *\n */\nexport class KeyRecovery {\n constructor(\n private readonly primitives: CryptoPrimitives,\n private readonly dataOwnerApi: IccDataOwnerXApi,\n private readonly baseExchangeKeysManager: BaseExchangeKeysManager,\n private readonly baseExchangeDataManager: BaseExchangeDataManager\n ) {}\n\n /*TODO\n * Currently there is no support for the recovery of signature keys. When implementing a recovery solution we should consider:\n * - unlike decryption keys signature keys are completely useless if not verified.\n * - we are fine losing the signature private key, but if we could recover and verify the public key it would reduce the inconveniences on user and\n * limit the creation of new exchange data\n * - We can't guarantee that encrypted data in iCure was put there by us... unless we put a piece of the private key as well: we can save an\n * hash of (any verification public key + any encryption private key) in the data owner: only the owner of the private key can create this hash,\n * so if the data owner can recreate the hash with one of his recovered and verified encryption private keys then the signature public key will\n * for sure be safe as well.\n */\n\n /**\n * Attempt to recover private keys of a data owner using all available key recovery methods and all available private keys. The method will\n * automatically try to use newly recovered key pairs to recover additional key pairs.\n * @param dataOwner a data owner.\n * @param knownKeys keys available for the data owner.\n * @return new key pairs (exclude already known pairs) which could be recovered using the known keys.\n */\n async recoverKeys(\n dataOwner: DataOwnerWithType,\n knownKeys: { [pubKeyFp: string]: KeyPair<CryptoKey> }\n ): Promise<{ [pubKeyFp: string]: KeyPair<CryptoKey> }> {\n const selfPublicKeys = Array.from([\n ...this.dataOwnerApi.getHexPublicKeysWithSha1Of(dataOwner.dataOwner),\n ...this.dataOwnerApi.getHexPublicKeysWithSha256Of(dataOwner.dataOwner),\n ])\n const knownKeysFpSet = new Set(Object.keys(knownKeys))\n const missingKeysFpSet = new Set(selfPublicKeys.map((x) => fingerprintV1(x)).filter((x) => !knownKeysFpSet.has(x)))\n\n const recoveryFunctions = [this.recoverFromTransferKeys.bind(this), this.recoverFromShamirSplitKeys.bind(this)]\n let allPrivateKeys: { [pubKeyFingerprint: string]: KeyPair<CryptoKey> } = { ...knownKeys }\n let foundNewPrivateKeys = true\n\n while (missingKeysFpSet.size > 0 && foundNewPrivateKeys) {\n // TODO for each recovered verify correct association with public key\n foundNewPrivateKeys = false\n for (const recover of recoveryFunctions) {\n const recovered = await recover(dataOwner, allPrivateKeys, missingKeysFpSet)\n const validatedRecovered: { [fp: string]: KeyPair<CryptoKey> } = {}\n for (const [fp, keyPair] of Object.entries(recovered)) {\n const valid = await this.primitives.RSA.checkKeyPairValidity(keyPair)\n if (valid) {\n validatedRecovered[fp] = keyPair\n }\n }\n if (Object.keys(validatedRecovered).length > 0) {\n foundNewPrivateKeys = true\n Object.keys(validatedRecovered).forEach((fp) => missingKeysFpSet.delete(fp))\n allPrivateKeys = { ...allPrivateKeys, ...validatedRecovered }\n }\n }\n }\n\n return Object.fromEntries(Object.entries(allPrivateKeys).filter(([keyFp]) => !knownKeysFpSet.has(keyFp)))\n }\n\n /*TODO?\n * Ask access back suggestion: if by getting access back to an exchange key with another data owner I may recover additional keys we could suggest\n * to ask for access back to that data owner.\n */\n\n private async recoverFromShamirSplitKeys(\n dataOwner: DataOwnerWithType,\n allKeys: { [pubKeyFingerprint: string]: KeyPair<CryptoKey> },\n missingKeysFp: Set<string>\n ): Promise<{ [pubKeyFingerprint: string]: KeyPair<CryptoKey> }> {\n if (\n dataOwner.dataOwner.publicKey &&\n dataOwner.dataOwner.privateKeyShamirPartitions &&\n Object.keys(dataOwner.dataOwner.privateKeyShamirPartitions).length > 0\n ) {\n const selfId = dataOwner.dataOwner.id!\n const shamirSplits: { [keyPairFp: string]: { [delegateId: string]: string } } = {\n [dataOwner.dataOwner.publicKey!.slice(-32)]: dataOwner.dataOwner.privateKeyShamirPartitions!,\n }\n const delegatesOfSplits = Array.from(\n new Set(\n Object.entries(shamirSplits).flatMap(([splitKeyFp, splitKeyData]) => (missingKeysFp.has(splitKeyFp) ? Object.keys(splitKeyData) : []))\n )\n )\n const exchangeKeys: { [delegateId: string]: CryptoKey[] } = {}\n for (const delegate of delegatesOfSplits) {\n exchangeKeys[delegate] = await this.getExchangeKeys(selfId, delegate, allKeys)\n }\n return await this.recoverWithSplits(dataOwner, shamirSplits, exchangeKeys)\n } else return {}\n }\n\n private async recoverWithSplits(\n dataOwner: DataOwnerWithType,\n splits: { [keyPairFp: string]: { [delegateId: string]: string } },\n exchangeKeys: { [delegateId: string]: CryptoKey[] }\n ): Promise<{ [pubKeyFingerprint: string]: KeyPair<CryptoKey> }> {\n const res: { [pubKeyFingerprint: string]: KeyPair<CryptoKey> } = {}\n const keysByFp = fingerprintToPublicKeysMapOf(dataOwner.dataOwner, 'sha-1')\n const keysByFpWithSha256 = fingerprintToPublicKeysMapOf(dataOwner.dataOwner, 'sha-256')\n for (const [fp, split] of Object.entries(splits)) {\n const pub = keysByFp[fp] ?? keysByFpWithSha256[fp]\n const shaVersion = !!pub && !!keysByFp[fp] ? 'sha-1' : !!pub && !!keysByFpWithSha256[fp] ? 'sha-256' : undefined\n if (!!pub && !!shaVersion) {\n const recovered = await this.tryRecoverSplitPrivate(split, exchangeKeys, shaVersion)\n if (recovered) {\n const pub = keysByFp[fp]\n try {\n res[fp] = {\n privateKey: recovered,\n publicKey: await this.primitives.RSA.importKey('spki', hex2ua(pub), ['encrypt'], shaVersion),\n }\n } catch (e) {\n console.warn(`Failed to import public key ${pub}`, e)\n }\n }\n } else {\n console.warn(`Missing public key for fingerprint ${fp} of recovered shamir key.`)\n }\n }\n return res\n }\n\n private async tryRecoverSplitPrivate(\n split: { [delegateId: string]: string },\n exchangeKeys: { [delegateId: string]: CryptoKey[] },\n shaVersion: ShaVersion\n ): Promise<CryptoKey | undefined> {\n const splitsCount = Object.keys(split).length\n if (splitsCount === 1) {\n // Not sure about the key nor if the key is accessible\n const [delegate, encryptedKey] = Object.entries(split)[0]\n for (const exchangeKey of exchangeKeys[delegate] ?? []) {\n try {\n const decrypted = await this.primitives.AES.decrypt(exchangeKey, hex2ua(encryptedKey))\n const importedKey = await this.primitives.RSA.importKey('pkcs8', decrypted, ['decrypt'], shaVersion)\n if (importedKey) return importedKey\n } catch (e) {}\n }\n return undefined\n } else {\n const decryptedSplits: string[] = []\n for (const delegateAndEncryptedSplit of Object.entries(split)) {\n const decrypted = await this.tryDecryptSplitPiece(delegateAndEncryptedSplit, exchangeKeys, splitsCount)\n if (decrypted) decryptedSplits.push(ua2hex(decrypted).slice(1)) // Drop padding\n }\n try {\n const combinedKey = hex2ua(this.primitives.shamir.combine(decryptedSplits))\n return await this.primitives.RSA.importKey('pkcs8', combinedKey, ['decrypt'], shaVersion)\n } catch (e) {\n // Could be not enough splits decrypted\n return undefined\n }\n }\n }\n\n private async tryDecryptSplitPiece(\n delegateAndEncryptedSplit: [string, string],\n exchangeKeys: { [delegateId: string]: CryptoKey[] },\n splitsCount: number\n ): Promise<ArrayBuffer | undefined> {\n const [delegate, encryptedPiece] = delegateAndEncryptedSplit\n for (const exchangeKey of exchangeKeys[delegate] ?? []) {\n try {\n const decrypted = await this.primitives.AES.decrypt(exchangeKey, hex2ua(encryptedPiece))\n if (this.validateDecryptedSplit(decrypted, splitsCount)) return decrypted\n } catch (e) {}\n }\n return undefined\n }\n\n private validateDecryptedSplit(decryptedSplit: ArrayBuffer, splitsCount: number): boolean {\n // Normally shamir split starts with 8 followed by the index of the split in hexadecimal.\n // However, we pad with an extra 'f' at the beginning\n const decryptedHex = ua2hex(decryptedSplit)\n if (decryptedHex[0] !== 'f' || decryptedHex[1] !== '8') return false\n try {\n const splitIndex = parseInt(decryptedHex.slice(2, 4), 16)\n return splitIndex > 0 && splitIndex <= splitsCount\n } catch (e) {\n return false\n }\n }\n\n private async recoverFromTransferKeys(\n dataOwner: DataOwnerWithType,\n allKeys: { [pubKeyFingerprint: string]: KeyPair<CryptoKey> },\n missingKeysFp: Set<string>\n ): Promise<{ [pubKeyFingerprint: string]: KeyPair<CryptoKey> }> {\n const publicKeyFingerprintToPublicKey = {\n ...fingerprintToPublicKeysMapOf(dataOwner.dataOwner, 'sha-1'),\n ...fingerprintToPublicKeysMapOf(dataOwner.dataOwner, 'sha-256'),\n }\n const missingKeysTransferData: { [recoverableKeyPubFp: string]: { publicKey: string; encryptedPrivateKey: Set<string> } } = {}\n Object.values(dataOwner.dataOwner.transferKeys ?? {}).forEach((transferKeysByEncryptor) => {\n Object.entries(transferKeysByEncryptor).forEach(([transferToPublicKey, transferPrivateKeyEncrypted]) => {\n const transferToPublicKeyFp = fingerprintV1(transferToPublicKey) // We are not sure if transfer public key will be a fp or not\n if (missingKeysFp.has(transferToPublicKeyFp)) {\n const existingEntryValue = missingKeysTransferData[transferToPublicKeyFp]\n if (existingEntryValue) {\n existingEntryValue.encryptedPrivateKey.add(transferPrivateKeyEncrypted)\n } else {\n const fullPublicKey = publicKeyFingerprintToPublicKey[transferToPublicKeyFp]\n if (fullPublicKey) {\n missingKeysTransferData[transferToPublicKeyFp] = {\n publicKey: fullPublicKey,\n encryptedPrivateKey: new Set([transferPrivateKeyEncrypted]),\n }\n } else {\n console.warn('Invalid data owner: there is a transfer key for an unknown public key')\n }\n }\n }\n })\n })\n const availableExchangeKeys = await this.getExchangeKeys(dataOwner.dataOwner.id!, dataOwner.dataOwner.id!, allKeys)\n\n return Object.entries(missingKeysTransferData).reduce(async (acc, [recoverableKeyPubFp, transferData]) => {\n const awaitedAcc = await acc\n const shaVersion = getShaVersionForKey(dataOwner.dataOwner, transferData.publicKey)\n if (!!shaVersion) {\n const decryptedTransferData = await this.tryDecryptTransferData(transferData, availableExchangeKeys, shaVersion)\n if (decryptedTransferData != undefined) {\n return { ...awaitedAcc, [recoverableKeyPubFp]: decryptedTransferData }\n } else return awaitedAcc\n } else return awaitedAcc\n }, Promise.resolve({} as { [pubKeyFingerprint: string]: KeyPair<CryptoKey> }))\n }\n\n private async tryDecryptTransferData(\n transferData: { publicKey: string; encryptedPrivateKey: Set<string> },\n availableExchangeKeys: CryptoKey[],\n shaVersion: ShaVersion\n ): Promise<KeyPair<CryptoKey> | undefined> {\n for (const encryptedTransferKey of transferData.encryptedPrivateKey) {\n const decryptedTransferKey = await this.tryDecryptTransferKey(encryptedTransferKey, availableExchangeKeys, shaVersion)\n if (decryptedTransferKey != undefined)\n return {\n privateKey: decryptedTransferKey,\n publicKey: await this.primitives.RSA.importKey('spki', hex2ua(transferData.publicKey), ['encrypt'], shaVersion),\n }\n }\n return undefined\n }\n\n // attempt to decrypt a transfer key in pkcs8 using any of the provided exchange keys\n private async tryDecryptTransferKey(\n encryptedTransferKey: string, // in hex format\n exchangeKeys: CryptoKey[],\n shaVersion: ShaVersion\n ): Promise<CryptoKey | undefined> {\n const encryptedKeyBytes = hex2ua(encryptedTransferKey)\n for (const exchangeKey of exchangeKeys) {\n try {\n const decryptedKeyData = await this.primitives.AES.decrypt(exchangeKey, encryptedKeyBytes)\n const importedPrivateKey = await this.primitives.RSA.importPrivateKey('pkcs8', decryptedKeyData, shaVersion)\n if (importedPrivateKey != undefined) return importedPrivateKey\n } catch (e) {\n /* failure is a valid possibility: we don't know the correct key to use */\n }\n }\n return undefined\n }\n\n // Get exchange keys from aes exchange keys / hc party keys and exchange data\n private async getExchangeKeys(\n from: string,\n to: string,\n availableDecryptionKeys: { [pubKeyFingerprint: string]: KeyPair<CryptoKey> }\n ): Promise<CryptoKey[]> {\n const aesExchangeKeys = await this.baseExchangeKeysManager.tryDecryptExchangeKeys(\n await this.baseExchangeKeysManager.getEncryptedExchangeKeysFor(from, to),\n availableDecryptionKeys\n )\n const decryptedExchangeDataKeys = await this.baseExchangeDataManager.tryDecryptExchangeKeys(\n await this.baseExchangeDataManager.getExchangeDataByDelegatorDelegatePair(from, to),\n availableDecryptionKeys\n )\n return [...aesExchangeKeys.successfulDecryptions, ...decryptedExchangeDataKeys.successfulDecryptions]\n }\n}\n"]}
|
|
@@ -1,13 +1,17 @@
|
|
|
1
1
|
import { CryptoStrategies } from './CryptoStrategies';
|
|
2
2
|
import { CryptoPrimitives } from './CryptoPrimitives';
|
|
3
3
|
import { KeyPair } from './RSA';
|
|
4
|
-
import { DataOwnerWithType } from '../../icc-api/model/DataOwnerWithType';
|
|
5
4
|
import { CryptoActorStubWithType } from '../../icc-api/model/CryptoActorStub';
|
|
5
|
+
import { DataOwnerWithType } from '../../icc-api/model/DataOwnerWithType';
|
|
6
6
|
/**
|
|
7
|
-
* Implementation of crypto strategies which should closely resemble a basic legacy behaviour of the crypto api
|
|
7
|
+
* Implementation of crypto strategies which should closely resemble a basic legacy behaviour of the crypto api in regard to user keys management
|
|
8
|
+
* and server trust:
|
|
8
9
|
* - Automatically creates a new key if there is no verified key available
|
|
9
10
|
* - Fully trusts the public keys coming from the server for the creation of aes exchange keys to delegates
|
|
10
11
|
* - Never trust the own public keys coming from the server: this way the sdk will not automatically create data for key recovery.
|
|
12
|
+
*
|
|
13
|
+
* Data owner delegation anonymity requirements instead are changed to require anonymous delegations for all data owners which are not hcps (instead
|
|
14
|
+
* of never requiring anonymous delegations).
|
|
11
15
|
*/
|
|
12
16
|
export declare class LegacyCryptoStrategies implements CryptoStrategies {
|
|
13
17
|
generateNewKeyForDataOwner(self: DataOwnerWithType, cryptoPrimitives: CryptoPrimitives): Promise<KeyPair<CryptoKey> | boolean>;
|
|
@@ -26,4 +30,5 @@ export declare class LegacyCryptoStrategies implements CryptoStrategies {
|
|
|
26
30
|
};
|
|
27
31
|
}>;
|
|
28
32
|
verifyDelegatePublicKeys(delegate: CryptoActorStubWithType, publicKeys: string[], cryptoPrimitives: CryptoPrimitives): Promise<string[]>;
|
|
33
|
+
dataOwnerRequiresAnonymousDelegation(dataOwner: CryptoActorStubWithType): boolean;
|
|
29
34
|
}
|
|
@@ -2,10 +2,14 @@
|
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
3
|
exports.LegacyCryptoStrategies = void 0;
|
|
4
4
|
/**
|
|
5
|
-
* Implementation of crypto strategies which should closely resemble a basic legacy behaviour of the crypto api
|
|
5
|
+
* Implementation of crypto strategies which should closely resemble a basic legacy behaviour of the crypto api in regard to user keys management
|
|
6
|
+
* and server trust:
|
|
6
7
|
* - Automatically creates a new key if there is no verified key available
|
|
7
8
|
* - Fully trusts the public keys coming from the server for the creation of aes exchange keys to delegates
|
|
8
9
|
* - Never trust the own public keys coming from the server: this way the sdk will not automatically create data for key recovery.
|
|
10
|
+
*
|
|
11
|
+
* Data owner delegation anonymity requirements instead are changed to require anonymous delegations for all data owners which are not hcps (instead
|
|
12
|
+
* of never requiring anonymous delegations).
|
|
9
13
|
*/
|
|
10
14
|
class LegacyCryptoStrategies {
|
|
11
15
|
generateNewKeyForDataOwner(self, cryptoPrimitives) {
|
|
@@ -17,6 +21,9 @@ class LegacyCryptoStrategies {
|
|
|
17
21
|
verifyDelegatePublicKeys(delegate, publicKeys, cryptoPrimitives) {
|
|
18
22
|
return Promise.resolve(publicKeys);
|
|
19
23
|
}
|
|
24
|
+
dataOwnerRequiresAnonymousDelegation(dataOwner) {
|
|
25
|
+
return dataOwner.type !== 'hcp';
|
|
26
|
+
}
|
|
20
27
|
}
|
|
21
28
|
exports.LegacyCryptoStrategies = LegacyCryptoStrategies;
|
|
22
29
|
//# sourceMappingURL=LegacyCryptoStrategies.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"LegacyCryptoStrategies.js","sourceRoot":"","sources":["../../../icc-x-api/crypto/LegacyCryptoStrategies.ts"],"names":[],"mappings":";;;AAMA
|
|
1
|
+
{"version":3,"file":"LegacyCryptoStrategies.js","sourceRoot":"","sources":["../../../icc-x-api/crypto/LegacyCryptoStrategies.ts"],"names":[],"mappings":";;;AAMA;;;;;;;;;GASG;AACH,MAAa,sBAAsB;IACjC,0BAA0B,CAAC,IAAuB,EAAE,gBAAkC;QACpF,OAAO,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,CAAA;IAC9B,CAAC;IAED,iCAAiC,CAC/B,QAA8F,EAC9F,gBAAkC;QAElC,OAAO,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,WAAW,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,EAAE,SAAS,EAAE,EAAE,EAAE,CAAC,CAAC,SAAS,CAAC,SAAS,CAAC,EAAE,EAAE,EAAE,aAAa,EAAE,EAAE,EAAE,eAAe,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAA;IACnJ,CAAC;IAED,wBAAwB,CAAC,QAAiC,EAAE,UAAoB,EAAE,gBAAkC;QAClH,OAAO,OAAO,CAAC,OAAO,CAAC,UAAU,CAAC,CAAA;IACpC,CAAC;IAED,oCAAoC,CAAC,SAAkC;QACrE,OAAO,SAAS,CAAC,IAAI,KAAK,KAAK,CAAA;IACjC,CAAC;CACF;AAnBD,wDAmBC","sourcesContent":["import { CryptoStrategies } from './CryptoStrategies'\nimport { CryptoPrimitives } from './CryptoPrimitives'\nimport { KeyPair } from './RSA'\nimport { CryptoActorStubWithType } from '../../icc-api/model/CryptoActorStub'\nimport { DataOwnerWithType } from '../../icc-api/model/DataOwnerWithType'\n\n/**\n * Implementation of crypto strategies which should closely resemble a basic legacy behaviour of the crypto api in regard to user keys management\n * and server trust:\n * - Automatically creates a new key if there is no verified key available\n * - Fully trusts the public keys coming from the server for the creation of aes exchange keys to delegates\n * - Never trust the own public keys coming from the server: this way the sdk will not automatically create data for key recovery.\n *\n * Data owner delegation anonymity requirements instead are changed to require anonymous delegations for all data owners which are not hcps (instead\n * of never requiring anonymous delegations).\n */\nexport class LegacyCryptoStrategies implements CryptoStrategies {\n generateNewKeyForDataOwner(self: DataOwnerWithType, cryptoPrimitives: CryptoPrimitives): Promise<KeyPair<CryptoKey> | boolean> {\n return Promise.resolve(true)\n }\n\n recoverAndVerifySelfHierarchyKeys(\n keysData: { dataOwner: DataOwnerWithType; unknownKeys: string[]; unavailableKeys: string[] }[],\n cryptoPrimitives: CryptoPrimitives\n ): Promise<{ [p: string]: { recoveredKeys: { [p: string]: KeyPair<CryptoKey> }; keyAuthenticity: { [p: string]: boolean } } }> {\n return Promise.resolve(Object.fromEntries(keysData.map(({ dataOwner }) => [dataOwner.dataOwner.id, { recoveredKeys: {}, keyAuthenticity: {} }])))\n }\n\n verifyDelegatePublicKeys(delegate: CryptoActorStubWithType, publicKeys: string[], cryptoPrimitives: CryptoPrimitives): Promise<string[]> {\n return Promise.resolve(publicKeys)\n }\n\n dataOwnerRequiresAnonymousDelegation(dataOwner: CryptoActorStubWithType): boolean {\n return dataOwner.type !== 'hcp'\n }\n}\n"]}
|
|
@@ -0,0 +1,33 @@
|
|
|
1
|
+
import { SecurityMetadataDecryptor } from './SecurityMetadataDecryptor';
|
|
2
|
+
import { EncryptedEntityWithType } from '../utils/EntityWithDelegationTypeName';
|
|
3
|
+
import { CryptoPrimitives } from './CryptoPrimitives';
|
|
4
|
+
import { ExchangeKeysManager } from './ExchangeKeysManager';
|
|
5
|
+
import { SecureDelegation } from '../../icc-api/model/SecureDelegation';
|
|
6
|
+
import AccessLevel = SecureDelegation.AccessLevelEnum;
|
|
7
|
+
import { EncryptedEntity, EncryptedEntityStub } from '../../icc-api/model/models';
|
|
8
|
+
export declare class LegacyDelegationSecurityMetadataDecryptor implements SecurityMetadataDecryptor {
|
|
9
|
+
private readonly exchangeKeysManager;
|
|
10
|
+
private readonly primitives;
|
|
11
|
+
constructor(exchangeKeysManager: ExchangeKeysManager, primitives: CryptoPrimitives);
|
|
12
|
+
decryptEncryptionKeysOf(typedEntity: EncryptedEntityWithType, dataOwnersHierarchySubset: string[]): AsyncGenerator<{
|
|
13
|
+
decrypted: string;
|
|
14
|
+
dataOwnersWithAccess: string[];
|
|
15
|
+
}, void, never>;
|
|
16
|
+
decryptOwningEntityIdsOf(typedEntity: EncryptedEntityWithType, dataOwnersHierarchySubset: string[]): AsyncGenerator<{
|
|
17
|
+
decrypted: string;
|
|
18
|
+
dataOwnersWithAccess: string[];
|
|
19
|
+
}, void, never>;
|
|
20
|
+
decryptSecretIdsOf(typedEntity: EncryptedEntityWithType, dataOwnersHierarchySubset: string[]): AsyncGenerator<{
|
|
21
|
+
decrypted: string;
|
|
22
|
+
dataOwnersWithAccess: string[];
|
|
23
|
+
}, void, never>;
|
|
24
|
+
getEntityAccessLevel(typedEntity: EncryptedEntityWithType, dataOwnersHierarchySubset: string[]): Promise<AccessLevel | undefined>;
|
|
25
|
+
hasAnyEncryptionKeys(entity: EncryptedEntity | EncryptedEntityStub): boolean;
|
|
26
|
+
private extractFromDelegations;
|
|
27
|
+
private populateDelegatedTo;
|
|
28
|
+
private tryDecryptDelegation;
|
|
29
|
+
private validateEncryptionKey;
|
|
30
|
+
private validateSecretId;
|
|
31
|
+
private validateOwningEntityId;
|
|
32
|
+
private tryImportKey;
|
|
33
|
+
}
|