@icure/api 7.1.16 → 8.0.0-RC.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (363) hide show
  1. package/icc-api/api/IccAccesslogApi.d.ts +12 -1
  2. package/icc-api/api/IccAccesslogApi.js +142 -98
  3. package/icc-api/api/IccAccesslogApi.js.map +1 -1
  4. package/icc-api/api/IccBemikronoApi.d.ts +81 -0
  5. package/icc-api/api/IccBemikronoApi.js +163 -0
  6. package/icc-api/api/IccBemikronoApi.js.map +1 -0
  7. package/icc-api/api/IccCalendarItemApi.d.ts +21 -1
  8. package/icc-api/api/IccCalendarItemApi.js +183 -117
  9. package/icc-api/api/IccCalendarItemApi.js.map +1 -1
  10. package/icc-api/api/IccClassificationApi.d.ts +21 -1
  11. package/icc-api/api/IccClassificationApi.js +119 -63
  12. package/icc-api/api/IccClassificationApi.js.map +1 -1
  13. package/icc-api/api/IccContactApi.d.ts +21 -1
  14. package/icc-api/api/IccContactApi.js +385 -294
  15. package/icc-api/api/IccContactApi.js.map +1 -1
  16. package/icc-api/api/IccDocumentApi.d.ts +38 -25
  17. package/icc-api/api/IccDocumentApi.js +279 -212
  18. package/icc-api/api/IccDocumentApi.js.map +1 -1
  19. package/icc-api/api/IccExchangeDataApi.d.ts +19 -0
  20. package/icc-api/api/IccExchangeDataApi.js +85 -0
  21. package/icc-api/api/IccExchangeDataApi.js.map +1 -0
  22. package/icc-api/api/IccExchangeDataMapApi.d.ts +18 -0
  23. package/icc-api/api/IccExchangeDataMapApi.js +65 -0
  24. package/icc-api/api/IccExchangeDataMapApi.js.map +1 -0
  25. package/icc-api/api/IccFormApi.d.ts +21 -1
  26. package/icc-api/api/IccFormApi.js +321 -229
  27. package/icc-api/api/IccFormApi.js.map +1 -1
  28. package/icc-api/api/IccHelementApi.d.ts +21 -1
  29. package/icc-api/api/IccHelementApi.js +207 -137
  30. package/icc-api/api/IccHelementApi.js.map +1 -1
  31. package/icc-api/api/IccInvoiceApi.d.ts +21 -1
  32. package/icc-api/api/IccInvoiceApi.js +404 -298
  33. package/icc-api/api/IccInvoiceApi.js.map +1 -1
  34. package/icc-api/api/IccMaintenanceTaskApi.d.ts +12 -1
  35. package/icc-api/api/IccMaintenanceTaskApi.js +79 -43
  36. package/icc-api/api/IccMaintenanceTaskApi.js.map +1 -1
  37. package/icc-api/api/IccMessageApi.d.ts +28 -1
  38. package/icc-api/api/IccMessageApi.js +294 -191
  39. package/icc-api/api/IccMessageApi.js.map +1 -1
  40. package/icc-api/api/IccPatientApi.d.ts +12 -1
  41. package/icc-api/api/IccPatientApi.js +447 -351
  42. package/icc-api/api/IccPatientApi.js.map +1 -1
  43. package/icc-api/api/IccReceiptApi.d.ts +22 -8
  44. package/icc-api/api/IccReceiptApi.js +121 -64
  45. package/icc-api/api/IccReceiptApi.js.map +1 -1
  46. package/icc-api/api/IccRestApiPath.js +1 -1
  47. package/icc-api/api/IccRestApiPath.js.map +1 -1
  48. package/icc-api/api/IccSecureDelegationKeyMapApi.d.ts +26 -0
  49. package/icc-api/api/IccSecureDelegationKeyMapApi.js +71 -0
  50. package/icc-api/api/IccSecureDelegationKeyMapApi.js.map +1 -0
  51. package/icc-api/api/IccTimeTableApi.d.ts +12 -1
  52. package/icc-api/api/IccTimeTableApi.js +86 -48
  53. package/icc-api/api/IccTimeTableApi.js.map +1 -1
  54. package/icc-api/api/IccTopicApi.d.ts +90 -0
  55. package/icc-api/api/IccTopicApi.js +193 -0
  56. package/icc-api/api/IccTopicApi.js.map +1 -0
  57. package/icc-api/index.d.ts +2 -0
  58. package/icc-api/index.js +2 -0
  59. package/icc-api/index.js.map +1 -1
  60. package/icc-api/model/AbstractFilterMessage.d.ts +15 -0
  61. package/icc-api/model/AbstractFilterMessage.js +21 -0
  62. package/icc-api/model/AbstractFilterMessage.js.map +1 -0
  63. package/icc-api/model/AbstractFilterTopic.d.ts +15 -0
  64. package/icc-api/model/AbstractFilterTopic.js +21 -0
  65. package/icc-api/model/AbstractFilterTopic.js.map +1 -0
  66. package/icc-api/model/AccessLog.d.ts +2 -0
  67. package/icc-api/model/AccessLog.js.map +1 -1
  68. package/icc-api/model/Article.d.ts +2 -0
  69. package/icc-api/model/Article.js.map +1 -1
  70. package/icc-api/model/CalendarItem.d.ts +2 -0
  71. package/icc-api/model/CalendarItem.js.map +1 -1
  72. package/icc-api/model/Classification.d.ts +2 -0
  73. package/icc-api/model/Classification.js.map +1 -1
  74. package/icc-api/model/ClassificationTemplate.d.ts +2 -0
  75. package/icc-api/model/ClassificationTemplate.js.map +1 -1
  76. package/icc-api/model/Connection.d.ts +1 -1
  77. package/icc-api/model/Connection.js.map +1 -1
  78. package/icc-api/model/Contact.d.ts +2 -0
  79. package/icc-api/model/Contact.js.map +1 -1
  80. package/icc-api/model/Device.d.ts +4 -4
  81. package/icc-api/model/Device.js.map +1 -1
  82. package/icc-api/model/Document.d.ts +2 -0
  83. package/icc-api/model/Document.js.map +1 -1
  84. package/icc-api/model/ExchangeDataMapCreationBatch.d.ts +13 -0
  85. package/icc-api/model/ExchangeDataMapCreationBatch.js +10 -0
  86. package/icc-api/model/ExchangeDataMapCreationBatch.js.map +1 -0
  87. package/icc-api/model/FilterChainMessage.d.ts +19 -0
  88. package/icc-api/model/FilterChainMessage.js +11 -0
  89. package/icc-api/model/FilterChainMessage.js.map +1 -0
  90. package/icc-api/model/FilterChainTopic.d.ts +19 -0
  91. package/icc-api/model/FilterChainTopic.js +11 -0
  92. package/icc-api/model/FilterChainTopic.js.map +1 -0
  93. package/icc-api/model/Form.d.ts +2 -0
  94. package/icc-api/model/Form.js.map +1 -1
  95. package/icc-api/model/HealthElement.d.ts +2 -0
  96. package/icc-api/model/HealthElement.js.map +1 -1
  97. package/icc-api/model/HealthcareParty.d.ts +2 -2
  98. package/icc-api/model/HealthcareParty.js +13 -1
  99. package/icc-api/model/HealthcareParty.js.map +1 -1
  100. package/icc-api/model/IcureStub.d.ts +2 -0
  101. package/icc-api/model/IcureStub.js.map +1 -1
  102. package/icc-api/model/Invoice.d.ts +2 -0
  103. package/icc-api/model/Invoice.js.map +1 -1
  104. package/icc-api/model/MaintenanceTask.d.ts +13 -10
  105. package/icc-api/model/MaintenanceTask.js +13 -11
  106. package/icc-api/model/MaintenanceTask.js.map +1 -1
  107. package/icc-api/model/Message.d.ts +2 -0
  108. package/icc-api/model/Message.js.map +1 -1
  109. package/icc-api/model/PaginatedListExchangeData.d.ts +9 -0
  110. package/icc-api/model/PaginatedListExchangeData.js +10 -0
  111. package/icc-api/model/PaginatedListExchangeData.js.map +1 -0
  112. package/icc-api/model/PaginatedListTopic.d.ts +20 -0
  113. package/icc-api/model/PaginatedListTopic.js +10 -0
  114. package/icc-api/model/PaginatedListTopic.js.map +1 -0
  115. package/icc-api/model/Patient.d.ts +4 -2
  116. package/icc-api/model/Patient.js.map +1 -1
  117. package/icc-api/model/PatientByHcPartyGenderEducationProfession.d.ts +31 -0
  118. package/icc-api/model/PatientByHcPartyGenderEducationProfession.js +32 -0
  119. package/icc-api/model/PatientByHcPartyGenderEducationProfession.js.map +1 -0
  120. package/icc-api/model/Receipt.d.ts +2 -0
  121. package/icc-api/model/Receipt.js.map +1 -1
  122. package/icc-api/model/SecureDelegation.d.ts +52 -0
  123. package/icc-api/model/SecureDelegation.js +16 -0
  124. package/icc-api/model/SecureDelegation.js.map +1 -0
  125. package/icc-api/model/SecurityMetadata.d.ts +33 -0
  126. package/icc-api/model/SecurityMetadata.js +13 -0
  127. package/icc-api/model/SecurityMetadata.js.map +1 -0
  128. package/icc-api/model/Service.d.ts +2 -0
  129. package/icc-api/model/Service.js.map +1 -1
  130. package/icc-api/model/TimeTable.d.ts +2 -0
  131. package/icc-api/model/TimeTable.js.map +1 -1
  132. package/icc-api/model/Topic.d.ts +95 -0
  133. package/icc-api/model/Topic.js +16 -0
  134. package/icc-api/model/Topic.js.map +1 -0
  135. package/icc-api/model/internal/ExchangeData.d.ts +64 -0
  136. package/icc-api/model/internal/ExchangeData.js +15 -0
  137. package/icc-api/model/internal/ExchangeData.js.map +1 -0
  138. package/icc-api/model/internal/ExchangeDataMap.d.ts +24 -0
  139. package/icc-api/model/internal/ExchangeDataMap.js +13 -0
  140. package/icc-api/model/internal/ExchangeDataMap.js.map +1 -0
  141. package/icc-api/model/internal/SecureDelegationKeyMap.d.ts +14 -0
  142. package/icc-api/model/internal/SecureDelegationKeyMap.js +13 -0
  143. package/icc-api/model/internal/SecureDelegationKeyMap.js.map +1 -0
  144. package/icc-api/model/models.d.ts +26 -40
  145. package/icc-api/model/models.js +19 -37
  146. package/icc-api/model/models.js.map +1 -1
  147. package/icc-api/model/requests/EntityBulkShareResult.d.ts +28 -0
  148. package/icc-api/model/requests/EntityBulkShareResult.js +16 -0
  149. package/icc-api/model/requests/EntityBulkShareResult.js.map +1 -0
  150. package/icc-api/model/requests/EntityShareOrMetadataUpdateRequest.d.ts +10 -0
  151. package/icc-api/model/requests/EntityShareOrMetadataUpdateRequest.js +17 -0
  152. package/icc-api/model/requests/EntityShareOrMetadataUpdateRequest.js.map +1 -0
  153. package/icc-api/model/requests/EntityShareRequest.d.ts +110 -0
  154. package/icc-api/model/requests/EntityShareRequest.js +63 -0
  155. package/icc-api/model/requests/EntityShareRequest.js.map +1 -0
  156. package/icc-api/model/requests/EntitySharedMetadataUpdateRequest.d.ts +54 -0
  157. package/icc-api/model/requests/EntitySharedMetadataUpdateRequest.js +24 -0
  158. package/icc-api/model/requests/EntitySharedMetadataUpdateRequest.js.map +1 -0
  159. package/icc-api/model/requests/MinimalEntityBulkShareResult.d.ts +23 -0
  160. package/icc-api/model/requests/MinimalEntityBulkShareResult.js +13 -0
  161. package/icc-api/model/requests/MinimalEntityBulkShareResult.js.map +1 -0
  162. package/icc-api/model/requests/RejectedShareOrMetadataUpdateRequest.d.ts +21 -0
  163. package/icc-api/model/requests/RejectedShareOrMetadataUpdateRequest.js +14 -0
  164. package/icc-api/model/requests/RejectedShareOrMetadataUpdateRequest.js.map +1 -0
  165. package/icc-x-api/basexapi/EncryptedEntityXApi.d.ts +55 -6
  166. package/icc-x-api/basexapi/EncryptedEntityXApi.js.map +1 -1
  167. package/icc-x-api/crypto/AES.js +1 -1
  168. package/icc-x-api/crypto/AES.js.map +1 -1
  169. package/icc-x-api/crypto/AccessControlKeysHeadersProvider.d.ts +18 -0
  170. package/icc-x-api/crypto/AccessControlKeysHeadersProvider.js +50 -0
  171. package/icc-x-api/crypto/AccessControlKeysHeadersProvider.js.map +1 -0
  172. package/icc-x-api/crypto/AccessControlSecretUtils.d.ts +43 -0
  173. package/icc-x-api/crypto/AccessControlSecretUtils.js +97 -0
  174. package/icc-x-api/crypto/AccessControlSecretUtils.js.map +1 -0
  175. package/icc-x-api/crypto/BaseExchangeDataManager.d.ts +146 -0
  176. package/icc-x-api/crypto/BaseExchangeDataManager.js +342 -0
  177. package/icc-x-api/crypto/BaseExchangeDataManager.js.map +1 -0
  178. package/icc-x-api/crypto/BaseExchangeKeysManager.d.ts +0 -18
  179. package/icc-x-api/crypto/BaseExchangeKeysManager.js +11 -85
  180. package/icc-x-api/crypto/BaseExchangeKeysManager.js.map +1 -1
  181. package/icc-x-api/crypto/ConfidentialEntities.d.ts +26 -16
  182. package/icc-x-api/crypto/ConfidentialEntities.js +30 -17
  183. package/icc-x-api/crypto/ConfidentialEntities.js.map +1 -1
  184. package/icc-x-api/crypto/CryptoStrategies.d.ts +8 -1
  185. package/icc-x-api/crypto/CryptoStrategies.js.map +1 -1
  186. package/icc-x-api/crypto/DelegationsDeAnonymization.d.ts +44 -0
  187. package/icc-x-api/crypto/DelegationsDeAnonymization.js +235 -0
  188. package/icc-x-api/crypto/DelegationsDeAnonymization.js.map +1 -0
  189. package/icc-x-api/crypto/ExchangeDataManager.d.ts +97 -0
  190. package/icc-x-api/crypto/ExchangeDataManager.js +501 -0
  191. package/icc-x-api/crypto/ExchangeDataManager.js.map +1 -0
  192. package/icc-x-api/crypto/ExchangeDataMapManager.d.ts +32 -0
  193. package/icc-x-api/crypto/ExchangeDataMapManager.js +70 -0
  194. package/icc-x-api/crypto/ExchangeDataMapManager.js.map +1 -0
  195. package/icc-x-api/crypto/ExchangeKeysManager.d.ts +4 -16
  196. package/icc-x-api/crypto/ExchangeKeysManager.js +4 -62
  197. package/icc-x-api/crypto/ExchangeKeysManager.js.map +1 -1
  198. package/icc-x-api/crypto/ExtendedApisUtils.d.ts +326 -0
  199. package/icc-x-api/crypto/ExtendedApisUtils.js +3 -0
  200. package/icc-x-api/crypto/ExtendedApisUtils.js.map +1 -0
  201. package/icc-x-api/crypto/ExtendedApisUtilsImpl.d.ts +174 -0
  202. package/icc-x-api/crypto/ExtendedApisUtilsImpl.js +559 -0
  203. package/icc-x-api/crypto/ExtendedApisUtilsImpl.js.map +1 -0
  204. package/icc-x-api/crypto/KeyRecovery.d.ts +5 -2
  205. package/icc-x-api/crypto/KeyRecovery.js +59 -29
  206. package/icc-x-api/crypto/KeyRecovery.js.map +1 -1
  207. package/icc-x-api/crypto/LegacyCryptoStrategies.d.ts +7 -2
  208. package/icc-x-api/crypto/LegacyCryptoStrategies.js +8 -1
  209. package/icc-x-api/crypto/LegacyCryptoStrategies.js.map +1 -1
  210. package/icc-x-api/crypto/LegacyDelegationSecurityMetadataDecryptor.d.ts +33 -0
  211. package/icc-x-api/crypto/LegacyDelegationSecurityMetadataDecryptor.js +141 -0
  212. package/icc-x-api/crypto/LegacyDelegationSecurityMetadataDecryptor.js.map +1 -0
  213. package/icc-x-api/crypto/RSA.d.ts +34 -8
  214. package/icc-x-api/crypto/RSA.js +80 -13
  215. package/icc-x-api/crypto/RSA.js.map +1 -1
  216. package/icc-x-api/crypto/SecureDelegationsEncryption.d.ts +54 -0
  217. package/icc-x-api/crypto/SecureDelegationsEncryption.js +178 -0
  218. package/icc-x-api/crypto/SecureDelegationsEncryption.js.map +1 -0
  219. package/icc-x-api/crypto/SecureDelegationsManager.d.ts +66 -0
  220. package/icc-x-api/crypto/SecureDelegationsManager.js +261 -0
  221. package/icc-x-api/crypto/SecureDelegationsManager.js.map +1 -0
  222. package/icc-x-api/crypto/SecureDelegationsSecurityMetadataDecryptor.d.ts +46 -0
  223. package/icc-x-api/crypto/SecureDelegationsSecurityMetadataDecryptor.js +312 -0
  224. package/icc-x-api/crypto/SecureDelegationsSecurityMetadataDecryptor.js.map +1 -0
  225. package/icc-x-api/crypto/SecurityMetadataDecryptor.d.ts +97 -0
  226. package/icc-x-api/crypto/SecurityMetadataDecryptor.js +79 -0
  227. package/icc-x-api/crypto/SecurityMetadataDecryptor.js.map +1 -0
  228. package/icc-x-api/crypto/ShamirKeysManager.d.ts +5 -5
  229. package/icc-x-api/crypto/ShamirKeysManager.js +6 -9
  230. package/icc-x-api/crypto/ShamirKeysManager.js.map +1 -1
  231. package/icc-x-api/crypto/TransferKeysManager.d.ts +8 -6
  232. package/icc-x-api/crypto/TransferKeysManager.js +75 -52
  233. package/icc-x-api/crypto/TransferKeysManager.js.map +1 -1
  234. package/icc-x-api/crypto/{KeyManager.d.ts → UserEncryptionKeysManager.d.ts} +4 -6
  235. package/icc-x-api/crypto/{KeyManager.js → UserEncryptionKeysManager.js} +43 -23
  236. package/icc-x-api/crypto/UserEncryptionKeysManager.js.map +1 -0
  237. package/icc-x-api/crypto/UserSignatureKeysManager.d.ts +26 -0
  238. package/icc-x-api/crypto/UserSignatureKeysManager.js +74 -0
  239. package/icc-x-api/crypto/UserSignatureKeysManager.js.map +1 -0
  240. package/icc-x-api/crypto/utils.d.ts +61 -11
  241. package/icc-x-api/crypto/utils.js +113 -44
  242. package/icc-x-api/crypto/utils.js.map +1 -1
  243. package/icc-x-api/filters/LatestMessageByHcPartyTransportGuidFilter.d.ts +8 -0
  244. package/icc-x-api/filters/LatestMessageByHcPartyTransportGuidFilter.js +13 -0
  245. package/icc-x-api/filters/LatestMessageByHcPartyTransportGuidFilter.js.map +1 -0
  246. package/icc-x-api/filters/MessageByHcPartyFilter.d.ts +7 -0
  247. package/icc-x-api/filters/MessageByHcPartyFilter.js +13 -0
  248. package/icc-x-api/filters/MessageByHcPartyFilter.js.map +1 -0
  249. package/icc-x-api/filters/MessageByHcPartyTransportGuidFilter.d.ts +8 -0
  250. package/icc-x-api/filters/MessageByHcPartyTransportGuidFilter.js +13 -0
  251. package/icc-x-api/filters/MessageByHcPartyTransportGuidFilter.js.map +1 -0
  252. package/icc-x-api/filters/TopicByHcPartyFilter.d.ts +7 -0
  253. package/icc-x-api/filters/TopicByHcPartyFilter.js +13 -0
  254. package/icc-x-api/filters/TopicByHcPartyFilter.js.map +1 -0
  255. package/icc-x-api/filters/TopicByParticipantFilter.d.ts +7 -0
  256. package/icc-x-api/filters/TopicByParticipantFilter.js +13 -0
  257. package/icc-x-api/filters/TopicByParticipantFilter.js.map +1 -0
  258. package/icc-x-api/filters/filters.d.ts +5 -0
  259. package/icc-x-api/filters/filters.js +5 -0
  260. package/icc-x-api/filters/filters.js.map +1 -1
  261. package/icc-x-api/icc-accesslog-x-api.d.ts +49 -12
  262. package/icc-x-api/icc-accesslog-x-api.js +81 -44
  263. package/icc-x-api/icc-accesslog-x-api.js.map +1 -1
  264. package/icc-x-api/icc-calendar-item-x-api.d.ts +53 -15
  265. package/icc-x-api/icc-calendar-item-x-api.js +105 -51
  266. package/icc-x-api/icc-calendar-item-x-api.js.map +1 -1
  267. package/icc-x-api/icc-classification-x-api.d.ts +47 -10
  268. package/icc-x-api/icc-classification-x-api.js +62 -33
  269. package/icc-x-api/icc-classification-x-api.js.map +1 -1
  270. package/icc-x-api/icc-contact-x-api.d.ts +59 -33
  271. package/icc-x-api/icc-contact-x-api.js +101 -66
  272. package/icc-x-api/icc-contact-x-api.js.map +1 -1
  273. package/icc-x-api/icc-crypto-x-api.d.ts +33 -333
  274. package/icc-x-api/icc-crypto-x-api.js +47 -764
  275. package/icc-x-api/icc-crypto-x-api.js.map +1 -1
  276. package/icc-x-api/icc-data-owner-x-api.d.ts +20 -8
  277. package/icc-x-api/icc-data-owner-x-api.js +31 -10
  278. package/icc-x-api/icc-data-owner-x-api.js.map +1 -1
  279. package/icc-x-api/icc-document-x-api.d.ts +51 -12
  280. package/icc-x-api/icc-document-x-api.js +117 -66
  281. package/icc-x-api/icc-document-x-api.js.map +1 -1
  282. package/icc-x-api/icc-form-x-api.d.ts +48 -11
  283. package/icc-x-api/icc-form-x-api.js +71 -37
  284. package/icc-x-api/icc-form-x-api.js.map +1 -1
  285. package/icc-x-api/icc-hcparty-x-api.d.ts +2 -2
  286. package/icc-x-api/icc-hcparty-x-api.js +3 -3
  287. package/icc-x-api/icc-hcparty-x-api.js.map +1 -1
  288. package/icc-x-api/icc-helement-x-api.d.ts +59 -20
  289. package/icc-x-api/icc-helement-x-api.js +78 -43
  290. package/icc-x-api/icc-helement-x-api.js.map +1 -1
  291. package/icc-x-api/icc-icure-maintenance-x-api.d.ts +7 -2
  292. package/icc-x-api/icc-icure-maintenance-x-api.js +38 -27
  293. package/icc-x-api/icc-icure-maintenance-x-api.js.map +1 -1
  294. package/icc-x-api/icc-invoice-x-api.d.ts +53 -16
  295. package/icc-x-api/icc-invoice-x-api.js +69 -35
  296. package/icc-x-api/icc-invoice-x-api.js.map +1 -1
  297. package/icc-x-api/icc-maintenance-task-x-api.d.ts +56 -22
  298. package/icc-x-api/icc-maintenance-task-x-api.js +77 -36
  299. package/icc-x-api/icc-maintenance-task-x-api.js.map +1 -1
  300. package/icc-x-api/icc-message-x-api.d.ts +75 -19
  301. package/icc-x-api/icc-message-x-api.js +126 -37
  302. package/icc-x-api/icc-message-x-api.js.map +1 -1
  303. package/icc-x-api/icc-patient-x-api.d.ts +86 -29
  304. package/icc-x-api/icc-patient-x-api.js +318 -379
  305. package/icc-x-api/icc-patient-x-api.js.map +1 -1
  306. package/icc-x-api/icc-receipt-x-api.d.ts +47 -13
  307. package/icc-x-api/icc-receipt-x-api.js +72 -36
  308. package/icc-x-api/icc-receipt-x-api.js.map +1 -1
  309. package/icc-x-api/icc-time-table-x-api.d.ts +46 -13
  310. package/icc-x-api/icc-time-table-x-api.js +61 -27
  311. package/icc-x-api/icc-time-table-x-api.js.map +1 -1
  312. package/icc-x-api/icc-topic-x-api.d.ts +191 -0
  313. package/icc-x-api/icc-topic-x-api.js +307 -0
  314. package/icc-x-api/icc-topic-x-api.js.map +1 -0
  315. package/icc-x-api/icc-user-x-api.d.ts +2 -2
  316. package/icc-x-api/icc-user-x-api.js +3 -3
  317. package/icc-x-api/icc-user-x-api.js.map +1 -1
  318. package/icc-x-api/index.d.ts +18 -2
  319. package/icc-x-api/index.js +203 -156
  320. package/icc-x-api/index.js.map +1 -1
  321. package/icc-x-api/maintenance/KeyPairUpdateRequest.d.ts +1 -1
  322. package/icc-x-api/storage/DefaultStorageEntryKeysFactory.d.ts +2 -0
  323. package/icc-x-api/storage/DefaultStorageEntryKeysFactory.js +9 -2
  324. package/icc-x-api/storage/DefaultStorageEntryKeysFactory.js.map +1 -1
  325. package/icc-x-api/storage/IcureStorageFacade.d.ts +23 -2
  326. package/icc-x-api/storage/IcureStorageFacade.js +36 -2
  327. package/icc-x-api/storage/IcureStorageFacade.js.map +1 -1
  328. package/icc-x-api/storage/KeyStorageFacade.d.ts +12 -0
  329. package/icc-x-api/storage/KeyStorageFacade.js.map +1 -1
  330. package/icc-x-api/storage/KeyStorageImpl.d.ts +2 -0
  331. package/icc-x-api/storage/KeyStorageImpl.js +10 -0
  332. package/icc-x-api/storage/KeyStorageImpl.js.map +1 -1
  333. package/icc-x-api/storage/StorageEntryKeysFactory.d.ts +14 -1
  334. package/icc-x-api/storage/StorageEntryKeysFactory.js.map +1 -1
  335. package/icc-x-api/utils/EntityWithDelegationTypeName.d.ts +32 -0
  336. package/icc-x-api/utils/EntityWithDelegationTypeName.js +75 -0
  337. package/icc-x-api/utils/EntityWithDelegationTypeName.js.map +1 -0
  338. package/icc-x-api/utils/ShareResult.d.ts +74 -0
  339. package/icc-x-api/utils/ShareResult.js +61 -0
  340. package/icc-x-api/utils/ShareResult.js.map +1 -0
  341. package/icc-x-api/utils/binary-utils.d.ts +1 -0
  342. package/icc-x-api/utils/binary-utils.js +8 -1
  343. package/icc-x-api/utils/binary-utils.js.map +1 -1
  344. package/icc-x-api/utils/collection-utils.d.ts +5 -0
  345. package/icc-x-api/utils/collection-utils.js +26 -1
  346. package/icc-x-api/utils/collection-utils.js.map +1 -1
  347. package/icc-x-api/utils/crypto-utils.d.ts +4 -3
  348. package/icc-x-api/utils/crypto-utils.js +5 -4
  349. package/icc-x-api/utils/crypto-utils.js.map +1 -1
  350. package/icc-x-api/utils/lru-temporised-async-cache.d.ts +26 -3
  351. package/icc-x-api/utils/lru-temporised-async-cache.js +75 -15
  352. package/icc-x-api/utils/lru-temporised-async-cache.js.map +1 -1
  353. package/icc-x-api/utils/websocket.d.ts +14 -10
  354. package/icc-x-api/utils/websocket.js +26 -9
  355. package/icc-x-api/utils/websocket.js.map +1 -1
  356. package/index.d.ts +1 -1
  357. package/index.js +3 -1
  358. package/index.js.map +1 -1
  359. package/package.json +2 -3
  360. package/icc-x-api/crypto/EntitiesEncryption.d.ts +0 -275
  361. package/icc-x-api/crypto/EntitiesEncryption.js +0 -734
  362. package/icc-x-api/crypto/EntitiesEncryption.js.map +0 -1
  363. package/icc-x-api/crypto/KeyManager.js.map +0 -1
@@ -0,0 +1,141 @@
1
+ "use strict";
2
+ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
3
+ function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
4
+ return new (P || (P = Promise))(function (resolve, reject) {
5
+ function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
6
+ function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
7
+ function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
8
+ step((generator = generator.apply(thisArg, _arguments || [])).next());
9
+ });
10
+ };
11
+ var __await = (this && this.__await) || function (v) { return this instanceof __await ? (this.v = v, this) : new __await(v); }
12
+ var __asyncGenerator = (this && this.__asyncGenerator) || function (thisArg, _arguments, generator) {
13
+ if (!Symbol.asyncIterator) throw new TypeError("Symbol.asyncIterator is not defined.");
14
+ var g = generator.apply(thisArg, _arguments || []), i, q = [];
15
+ return i = {}, verb("next"), verb("throw"), verb("return"), i[Symbol.asyncIterator] = function () { return this; }, i;
16
+ function verb(n) { if (g[n]) i[n] = function (v) { return new Promise(function (a, b) { q.push([n, v, a, b]) > 1 || resume(n, v); }); }; }
17
+ function resume(n, v) { try { step(g[n](v)); } catch (e) { settle(q[0][3], e); } }
18
+ function step(r) { r.value instanceof __await ? Promise.resolve(r.value.v).then(fulfill, reject) : settle(q[0][2], r); }
19
+ function fulfill(value) { resume("next", value); }
20
+ function reject(value) { resume("throw", value); }
21
+ function settle(f, v) { if (f(v), q.shift(), q.length) resume(q[0][0], q[0][1]); }
22
+ };
23
+ Object.defineProperty(exports, "__esModule", { value: true });
24
+ exports.LegacyDelegationSecurityMetadataDecryptor = void 0;
25
+ const ModelHelper_1 = require("../../icc-api/model/ModelHelper");
26
+ const utils_1 = require("../utils");
27
+ const SecureDelegation_1 = require("../../icc-api/model/SecureDelegation");
28
+ var AccessLevel = SecureDelegation_1.SecureDelegation.AccessLevelEnum;
29
+ class LegacyDelegationSecurityMetadataDecryptor {
30
+ constructor(exchangeKeysManager, primitives) {
31
+ this.exchangeKeysManager = exchangeKeysManager;
32
+ this.primitives = primitives;
33
+ }
34
+ decryptEncryptionKeysOf(typedEntity, dataOwnersHierarchySubset) {
35
+ function generator(self) {
36
+ var _a;
37
+ return __asyncGenerator(this, arguments, function* generator_1() {
38
+ const decryptedGenerator = self.extractFromDelegations(dataOwnersHierarchySubset, (_a = typedEntity.entity.encryptionKeys) !== null && _a !== void 0 ? _a : {}, (d) => self.validateEncryptionKey(d));
39
+ let next = yield __await(decryptedGenerator.next());
40
+ while (!next.done) {
41
+ yield yield __await({ decrypted: next.value.decrypted.replace(/-/g, ''), dataOwnersWithAccess: next.value.dataOwnersWithAccess });
42
+ next = yield __await(decryptedGenerator.next());
43
+ }
44
+ });
45
+ }
46
+ return generator(this);
47
+ }
48
+ decryptOwningEntityIdsOf(typedEntity, dataOwnersHierarchySubset) {
49
+ var _a;
50
+ return this.extractFromDelegations(dataOwnersHierarchySubset, (_a = typedEntity.entity.cryptedForeignKeys) !== null && _a !== void 0 ? _a : {}, (d) => Promise.resolve(this.validateOwningEntityId(d)));
51
+ }
52
+ decryptSecretIdsOf(typedEntity, dataOwnersHierarchySubset) {
53
+ var _a;
54
+ return this.extractFromDelegations(dataOwnersHierarchySubset, (_a = typedEntity.entity.delegations) !== null && _a !== void 0 ? _a : {}, (d) => Promise.resolve(this.validateSecretId(d)));
55
+ }
56
+ getEntityAccessLevel(typedEntity, dataOwnersHierarchySubset) {
57
+ var _a;
58
+ const delegatesSet = new Set(Object.keys((_a = typedEntity.entity.delegations) !== null && _a !== void 0 ? _a : {}));
59
+ return dataOwnersHierarchySubset.some((dataOwner) => delegatesSet.has(dataOwner))
60
+ ? Promise.resolve(AccessLevel.WRITE)
61
+ : Promise.resolve(undefined);
62
+ }
63
+ hasAnyEncryptionKeys(entity) {
64
+ var _a;
65
+ return Object.values((_a = entity.encryptionKeys) !== null && _a !== void 0 ? _a : {}).some((delegations) => delegations.length > 0);
66
+ }
67
+ extractFromDelegations(dataOwnersHierarchySubset, delegations, validateDecrypted) {
68
+ if (!dataOwnersHierarchySubset.length)
69
+ throw new Error("`dataOwnersHierarchySubset` can't be empty");
70
+ const delegationsWithOwner = Object.entries(delegations).flatMap(([delegateId, delegations]) => dataOwnersHierarchySubset.some((dataOwnerId) => dataOwnerId === delegateId)
71
+ ? this.populateDelegatedTo(delegateId, delegations)
72
+ : this.populateDelegatedTo(delegateId, delegations.filter((d) => dataOwnersHierarchySubset.some((dataOwnerId) => d.owner === dataOwnerId))));
73
+ const self = this;
74
+ function generator() {
75
+ return __asyncGenerator(this, arguments, function* generator_2() {
76
+ for (const delegation of delegationsWithOwner) {
77
+ const decrypted = yield __await(self.tryDecryptDelegation(delegation, (k) => validateDecrypted(k)));
78
+ if (decrypted)
79
+ yield yield __await({
80
+ decrypted,
81
+ dataOwnersWithAccess: delegation.owner ? [delegation.owner, delegation.delegatedTo] : [delegation.delegatedTo],
82
+ });
83
+ }
84
+ });
85
+ }
86
+ return generator();
87
+ }
88
+ populateDelegatedTo(delegateId, delegations) {
89
+ return delegations.map((d) => (d.delegatedTo === delegateId ? d : Object.assign(Object.assign({}, d), { delegatedTo: delegateId })));
90
+ }
91
+ tryDecryptDelegation(delegation, validateDecrypted) {
92
+ return __awaiter(this, void 0, void 0, function* () {
93
+ const exchangeKeys = yield this.exchangeKeysManager.getDecryptionExchangeKeysFor(delegation.owner, delegation.delegatedTo);
94
+ for (const key of exchangeKeys) {
95
+ try {
96
+ // Format of encrypted key for any delegation should be entityId:key, but with the merging of entities the entityId might not match the
97
+ // current id. As a checksum we are only verifying that the decrypted bytes can be represented as a string with exactly one ':'.
98
+ // Additionally, we also have a validator that is specific for each type of delegation content (encryption key, secret id, ...)
99
+ const decrypted = (0, ModelHelper_1.ua2string)(yield this.primitives.AES.decrypt(key, (0, utils_1.hex2ua)(delegation.key)));
100
+ const decryptedSplit = decrypted.split(':');
101
+ if (decryptedSplit.length === 2) {
102
+ if (yield validateDecrypted(decryptedSplit[1]))
103
+ return decryptedSplit[1];
104
+ }
105
+ else {
106
+ console.warn("Error in the decrypted delegation: content should contain exactly 1 ':', the delegation is ignored.");
107
+ }
108
+ }
109
+ catch (e) {
110
+ // Do nothing: the delegation uses another exchange key owner->delegator
111
+ }
112
+ }
113
+ });
114
+ }
115
+ validateEncryptionKey(key) {
116
+ return __awaiter(this, void 0, void 0, function* () {
117
+ return !!(yield this.tryImportKey(key));
118
+ });
119
+ }
120
+ validateSecretId(key) {
121
+ return !!key;
122
+ }
123
+ validateOwningEntityId(key) {
124
+ return !!key;
125
+ }
126
+ tryImportKey(key) {
127
+ return __awaiter(this, void 0, void 0, function* () {
128
+ if (!/^[0-9A-Fa-f\-]+$/g.test(key))
129
+ return undefined;
130
+ try {
131
+ return yield this.primitives.AES.importKey('raw', (0, utils_1.hex2ua)(key.replace(/-/g, '')));
132
+ }
133
+ catch (e) {
134
+ console.warn(`Could not import key ${key} as an encryption key.`, e);
135
+ return undefined;
136
+ }
137
+ });
138
+ }
139
+ }
140
+ exports.LegacyDelegationSecurityMetadataDecryptor = LegacyDelegationSecurityMetadataDecryptor;
141
+ //# sourceMappingURL=LegacyDelegationSecurityMetadataDecryptor.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"LegacyDelegationSecurityMetadataDecryptor.js","sourceRoot":"","sources":["../../../icc-x-api/crypto/LegacyDelegationSecurityMetadataDecryptor.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;AAGA,iEAA2D;AAC3D,oCAAiC;AAGjC,2EAAuE;AACvE,IAAO,WAAW,GAAG,mCAAgB,CAAC,eAAe,CAAA;AAGrD,MAAa,yCAAyC;IACpD,YAA6B,mBAAwC,EAAmB,UAA4B;QAAvF,wBAAmB,GAAnB,mBAAmB,CAAqB;QAAmB,eAAU,GAAV,UAAU,CAAkB;IAAG,CAAC;IAExH,uBAAuB,CACrB,WAAoC,EACpC,yBAAmC;QAEnC,SAAgB,SAAS,CACvB,IAA+C;;;gBAE/C,MAAM,kBAAkB,GAAG,IAAI,CAAC,sBAAsB,CAAC,yBAAyB,EAAE,MAAA,WAAW,CAAC,MAAM,CAAC,cAAc,mCAAI,EAAE,EAAE,CAAC,CAAC,EAAE,EAAE,CAC/H,IAAI,CAAC,qBAAqB,CAAC,CAAC,CAAC,CAC9B,CAAA;gBACD,IAAI,IAAI,GAAG,cAAM,kBAAkB,CAAC,IAAI,EAAE,CAAA,CAAA;gBAC1C,OAAO,CAAC,IAAI,CAAC,IAAI,EAAE;oBACjB,oBAAM,EAAE,SAAS,EAAE,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,EAAE,oBAAoB,EAAE,IAAI,CAAC,KAAK,CAAC,oBAAoB,EAAE,CAAA,CAAA;oBAClH,IAAI,GAAG,cAAM,kBAAkB,CAAC,IAAI,EAAE,CAAA,CAAA;iBACvC;;SACF;QACD,OAAO,SAAS,CAAC,IAAI,CAAC,CAAA;IACxB,CAAC;IAED,wBAAwB,CACtB,WAAoC,EACpC,yBAAmC;;QAEnC,OAAO,IAAI,CAAC,sBAAsB,CAAC,yBAAyB,EAAE,MAAA,WAAW,CAAC,MAAM,CAAC,kBAAkB,mCAAI,EAAE,EAAE,CAAC,CAAC,EAAE,EAAE,CAC/G,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC,CAAC,CAAC,CAChD,CAAA;IACH,CAAC;IAED,kBAAkB,CAChB,WAAoC,EACpC,yBAAmC;;QAEnC,OAAO,IAAI,CAAC,sBAAsB,CAAC,yBAAyB,EAAE,MAAA,WAAW,CAAC,MAAM,CAAC,WAAW,mCAAI,EAAE,EAAE,CAAC,CAAC,EAAE,EAAE,CACxG,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC,CAC1C,CAAA;IACH,CAAC;IAED,oBAAoB,CAAC,WAAoC,EAAE,yBAAmC;;QAC5F,MAAM,YAAY,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,MAAA,WAAW,CAAC,MAAM,CAAC,WAAW,mCAAI,EAAE,CAAC,CAAC,CAAA;QAC/E,OAAO,yBAAyB,CAAC,IAAI,CAAC,CAAC,SAAS,EAAE,EAAE,CAAC,YAAY,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;YAC/E,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,WAAW,CAAC,KAAK,CAAC;YACpC,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,SAAS,CAAC,CAAA;IAChC,CAAC;IAED,oBAAoB,CAAC,MAA6C;;QAChE,OAAO,MAAM,CAAC,MAAM,CAAC,MAAA,MAAM,CAAC,cAAc,mCAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,WAAW,EAAE,EAAE,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC,CAAC,CAAA;IACjG,CAAC;IAEO,sBAAsB,CAC5B,yBAAmC,EACnC,WAAmD,EACnD,iBAAuD;QAEvD,IAAI,CAAC,yBAAyB,CAAC,MAAM;YAAE,MAAM,IAAI,KAAK,CAAC,4CAA4C,CAAC,CAAA;QACpG,MAAM,oBAAoB,GAAG,MAAM,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,UAAU,EAAE,WAAW,CAAC,EAAE,EAAE,CAC7F,yBAAyB,CAAC,IAAI,CAAC,CAAC,WAAW,EAAE,EAAE,CAAC,WAAW,KAAK,UAAU,CAAC;YACzE,CAAC,CAAC,IAAI,CAAC,mBAAmB,CAAC,UAAU,EAAE,WAAW,CAAC;YACnD,CAAC,CAAC,IAAI,CAAC,mBAAmB,CACtB,UAAU,EACV,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,yBAAyB,CAAC,IAAI,CAAC,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,KAAK,WAAW,CAAC,CAAC,CACpG,CACN,CAAA;QACD,MAAM,IAAI,GAAG,IAAI,CAAA;QACjB,SAAgB,SAAS;;gBACvB,KAAK,MAAM,UAAU,IAAI,oBAAoB,EAAE;oBAC7C,MAAM,SAAS,GAAG,cAAM,IAAI,CAAC,oBAAoB,CAAC,UAAU,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,iBAAiB,CAAC,CAAC,CAAC,CAAC,CAAA,CAAA;oBAC1F,IAAI,SAAS;wBACX,oBAAM;4BACJ,SAAS;4BACT,oBAAoB,EAAE,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,KAAK,EAAE,UAAU,CAAC,WAAY,CAAC,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,WAAY,CAAC;yBACjH,CAAA,CAAA;iBACJ;YACH,CAAC;SAAA;QACD,OAAO,SAAS,EAAE,CAAA;IACpB,CAAC;IAEO,mBAAmB,CAAC,UAAkB,EAAE,WAAyB;QACvE,OAAO,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,WAAW,KAAK,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,iCAAM,CAAC,KAAE,WAAW,EAAE,UAAU,GAAE,CAAC,CAAC,CAAA;IACvG,CAAC;IAEa,oBAAoB,CAAC,UAAsB,EAAE,iBAAuD;;YAChH,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,4BAA4B,CAAC,UAAU,CAAC,KAAM,EAAE,UAAU,CAAC,WAAY,CAAC,CAAA;YAC5H,KAAK,MAAM,GAAG,IAAI,YAAY,EAAE;gBAC9B,IAAI;oBACF,uIAAuI;oBACvI,gIAAgI;oBAChI,+HAA+H;oBAC/H,MAAM,SAAS,GAAG,IAAA,uBAAS,EAAC,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,EAAE,IAAA,cAAM,EAAC,UAAU,CAAC,GAAI,CAAC,CAAC,CAAC,CAAA;oBAC5F,MAAM,cAAc,GAAG,SAAS,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;oBAC3C,IAAI,cAAc,CAAC,MAAM,KAAK,CAAC,EAAE;wBAC/B,IAAI,MAAM,iBAAiB,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC;4BAAE,OAAO,cAAc,CAAC,CAAC,CAAC,CAAA;qBACzE;yBAAM;wBACL,OAAO,CAAC,IAAI,CAAC,qGAAqG,CAAC,CAAA;qBACpH;iBACF;gBAAC,OAAO,CAAC,EAAE;oBACV,wEAAwE;iBACzE;aACF;QACH,CAAC;KAAA;IAEa,qBAAqB,CAAC,GAAW;;YAC7C,OAAO,CAAC,CAAC,CAAC,MAAM,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,CAAA;QACzC,CAAC;KAAA;IAEO,gBAAgB,CAAC,GAAW;QAClC,OAAO,CAAC,CAAC,GAAG,CAAA;IACd,CAAC;IAEO,sBAAsB,CAAC,GAAW;QACxC,OAAO,CAAC,CAAC,GAAG,CAAA;IACd,CAAC;IAEa,YAAY,CAAC,GAAW;;YACpC,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC,GAAG,CAAC;gBAAE,OAAO,SAAS,CAAA;YACpD,IAAI;gBACF,OAAO,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,SAAS,CAAC,KAAK,EAAE,IAAA,cAAM,EAAC,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,CAAC,CAAA;aACjF;YAAC,OAAO,CAAC,EAAE;gBACV,OAAO,CAAC,IAAI,CAAC,wBAAwB,GAAG,wBAAwB,EAAE,CAAC,CAAC,CAAA;gBACpE,OAAO,SAAS,CAAA;aACjB;QACH,CAAC;KAAA;CACF;AA5HD,8FA4HC","sourcesContent":["import { SecurityMetadataDecryptor } from './SecurityMetadataDecryptor'\nimport { EncryptedEntityWithType } from '../utils/EntityWithDelegationTypeName'\nimport { Delegation } from '../../icc-api/model/Delegation'\nimport { ua2string } from '../../icc-api/model/ModelHelper'\nimport { hex2ua } from '../utils'\nimport { CryptoPrimitives } from './CryptoPrimitives'\nimport { ExchangeKeysManager } from './ExchangeKeysManager'\nimport { SecureDelegation } from '../../icc-api/model/SecureDelegation'\nimport AccessLevel = SecureDelegation.AccessLevelEnum\nimport { EncryptedEntity, EncryptedEntityStub } from '../../icc-api/model/models'\n\nexport class LegacyDelegationSecurityMetadataDecryptor implements SecurityMetadataDecryptor {\n constructor(private readonly exchangeKeysManager: ExchangeKeysManager, private readonly primitives: CryptoPrimitives) {}\n\n decryptEncryptionKeysOf(\n typedEntity: EncryptedEntityWithType,\n dataOwnersHierarchySubset: string[]\n ): AsyncGenerator<{ decrypted: string; dataOwnersWithAccess: string[] }, void, never> {\n async function* generator(\n self: LegacyDelegationSecurityMetadataDecryptor\n ): AsyncGenerator<{ decrypted: string; dataOwnersWithAccess: string[] }, void, never> {\n const decryptedGenerator = self.extractFromDelegations(dataOwnersHierarchySubset, typedEntity.entity.encryptionKeys ?? {}, (d) =>\n self.validateEncryptionKey(d)\n )\n let next = await decryptedGenerator.next()\n while (!next.done) {\n yield { decrypted: next.value.decrypted.replace(/-/g, ''), dataOwnersWithAccess: next.value.dataOwnersWithAccess }\n next = await decryptedGenerator.next()\n }\n }\n return generator(this)\n }\n\n decryptOwningEntityIdsOf(\n typedEntity: EncryptedEntityWithType,\n dataOwnersHierarchySubset: string[]\n ): AsyncGenerator<{ decrypted: string; dataOwnersWithAccess: string[] }, void, never> {\n return this.extractFromDelegations(dataOwnersHierarchySubset, typedEntity.entity.cryptedForeignKeys ?? {}, (d) =>\n Promise.resolve(this.validateOwningEntityId(d))\n )\n }\n\n decryptSecretIdsOf(\n typedEntity: EncryptedEntityWithType,\n dataOwnersHierarchySubset: string[]\n ): AsyncGenerator<{ decrypted: string; dataOwnersWithAccess: string[] }, void, never> {\n return this.extractFromDelegations(dataOwnersHierarchySubset, typedEntity.entity.delegations ?? {}, (d) =>\n Promise.resolve(this.validateSecretId(d))\n )\n }\n\n getEntityAccessLevel(typedEntity: EncryptedEntityWithType, dataOwnersHierarchySubset: string[]): Promise<AccessLevel | undefined> {\n const delegatesSet = new Set(Object.keys(typedEntity.entity.delegations ?? {}))\n return dataOwnersHierarchySubset.some((dataOwner) => delegatesSet.has(dataOwner))\n ? Promise.resolve(AccessLevel.WRITE)\n : Promise.resolve(undefined)\n }\n\n hasAnyEncryptionKeys(entity: EncryptedEntity | EncryptedEntityStub): boolean {\n return Object.values(entity.encryptionKeys ?? {}).some((delegations) => delegations.length > 0)\n }\n\n private extractFromDelegations(\n dataOwnersHierarchySubset: string[],\n delegations: { [delegateId: string]: Delegation[] },\n validateDecrypted: (result: string) => Promise<boolean>\n ): AsyncGenerator<{ decrypted: string; dataOwnersWithAccess: string[] }, void, never> {\n if (!dataOwnersHierarchySubset.length) throw new Error(\"`dataOwnersHierarchySubset` can't be empty\")\n const delegationsWithOwner = Object.entries(delegations).flatMap(([delegateId, delegations]) =>\n dataOwnersHierarchySubset.some((dataOwnerId) => dataOwnerId === delegateId)\n ? this.populateDelegatedTo(delegateId, delegations)\n : this.populateDelegatedTo(\n delegateId,\n delegations.filter((d) => dataOwnersHierarchySubset.some((dataOwnerId) => d.owner === dataOwnerId))\n )\n )\n const self = this\n async function* generator() {\n for (const delegation of delegationsWithOwner) {\n const decrypted = await self.tryDecryptDelegation(delegation, (k) => validateDecrypted(k))\n if (decrypted)\n yield {\n decrypted,\n dataOwnersWithAccess: delegation.owner ? [delegation.owner, delegation.delegatedTo!] : [delegation.delegatedTo!],\n }\n }\n }\n return generator()\n }\n\n private populateDelegatedTo(delegateId: string, delegations: Delegation[]): Delegation[] {\n return delegations.map((d) => (d.delegatedTo === delegateId ? d : { ...d, delegatedTo: delegateId }))\n }\n\n private async tryDecryptDelegation(delegation: Delegation, validateDecrypted: (result: string) => Promise<boolean>): Promise<string | undefined> {\n const exchangeKeys = await this.exchangeKeysManager.getDecryptionExchangeKeysFor(delegation.owner!, delegation.delegatedTo!)\n for (const key of exchangeKeys) {\n try {\n // Format of encrypted key for any delegation should be entityId:key, but with the merging of entities the entityId might not match the\n // current id. As a checksum we are only verifying that the decrypted bytes can be represented as a string with exactly one ':'.\n // Additionally, we also have a validator that is specific for each type of delegation content (encryption key, secret id, ...)\n const decrypted = ua2string(await this.primitives.AES.decrypt(key, hex2ua(delegation.key!)))\n const decryptedSplit = decrypted.split(':')\n if (decryptedSplit.length === 2) {\n if (await validateDecrypted(decryptedSplit[1])) return decryptedSplit[1]\n } else {\n console.warn(\"Error in the decrypted delegation: content should contain exactly 1 ':', the delegation is ignored.\")\n }\n } catch (e) {\n // Do nothing: the delegation uses another exchange key owner->delegator\n }\n }\n }\n\n private async validateEncryptionKey(key: string): Promise<boolean> {\n return !!(await this.tryImportKey(key))\n }\n\n private validateSecretId(key: string): boolean {\n return !!key\n }\n\n private validateOwningEntityId(key: string): boolean {\n return !!key\n }\n\n private async tryImportKey(key: string): Promise<CryptoKey | undefined> {\n if (!/^[0-9A-Fa-f\\-]+$/g.test(key)) return undefined\n try {\n return await this.primitives.AES.importKey('raw', hex2ua(key.replace(/-/g, '')))\n } catch (e) {\n console.warn(`Could not import key ${key} as an encryption key.`, e)\n return undefined\n }\n }\n}\n"]}
@@ -5,19 +5,24 @@ export type KeyPair<T> = {
5
5
  publicKey: T;
6
6
  privateKey: T;
7
7
  };
8
+ export type ShaVersion = 'sha-1' | 'sha-256';
8
9
  export declare class RSAUtils {
9
10
  /********* RSA Config **********/
10
11
  rsaParams: any;
11
12
  rsaHashedParams: any;
13
+ rsaWithSha256HashedParams: any;
14
+ private readonly signatureKeysGenerationParams;
12
15
  private crypto;
13
16
  constructor(crypto?: Crypto);
14
17
  /**
15
- * It returns CryptoKey promise, which doesn't hold the bytes of the key.
16
- * If bytes are needed, you must export the generated key.
17
- *
18
- * @returns {Promise} will be {publicKey: CryptoKey, privateKey: CryptoKey}
18
+ * Generates a key pair for encryption/decryption of data.
19
+ * @param shaVersion the version of the SHA algorithm to use.
20
+ */
21
+ generateKeyPair(shaVersion: ShaVersion): Promise<KeyPair<CryptoKey>>;
22
+ /**
23
+ * Generates a key pair for signing data and signature verification.
19
24
  */
20
- generateKeyPair(): Promise<KeyPair<CryptoKey>>;
25
+ generateSignatureKeyPair(): Promise<KeyPair<CryptoKey>>;
21
26
  /**
22
27
  *
23
28
  * 'JWK': Json Web key (ref. http://tools.ietf.org/html/draft-ietf-jose-json-web-key-11)
@@ -62,25 +67,31 @@ export declare class RSAUtils {
62
67
  * @param format 'jwk', 'spki', or 'pkcs8'
63
68
  * @param keydata should be the key data based on the format.
64
69
  * @param keyUsages Array of usages. For example, ['encrypt'] for public key.
70
+ * @param hashAlgorithm 'sha-1' or 'sha-256'
65
71
  * @returns {*}
66
72
  */
67
- importKey(format: string, keydata: JsonWebKey | ArrayBuffer, keyUsages: KeyUsage[]): Promise<CryptoKey>;
73
+ importKey(format: string, keydata: JsonWebKey | ArrayBuffer, keyUsages: KeyUsage[], hashAlgorithm: ShaVersion): Promise<CryptoKey>;
74
+ importSignatureKey(format: 'jwk' | 'pkcs8', keydata: JsonWebKey | ArrayBuffer): Promise<CryptoKey>;
75
+ importVerificationKey(format: 'jwk' | 'spki', keydata: JsonWebKey | ArrayBuffer): Promise<CryptoKey>;
76
+ private paramsForCreationOrImport;
68
77
  /**
69
78
  *
70
79
  * @param format 'jwk' or 'pkcs8'
71
80
  * @param keydata should be the key data based on the format.
81
+ * @param hashAlgorithm 'sha-1' or 'sha-256'
72
82
  * @returns {*}
73
83
  */
74
- importPrivateKey(format: string, keydata: JsonWebKey | ArrayBuffer): Promise<CryptoKey>;
84
+ importPrivateKey(format: string, keydata: JsonWebKey | ArrayBuffer, hashAlgorithm: ShaVersion): Promise<CryptoKey>;
75
85
  /**
76
86
  *
77
87
  * @param privateKeyFormat 'jwk' or 'pkcs8'
78
88
  * @param privateKeydata should be the key data based on the format.
79
89
  * @param publicKeyFormat 'jwk' or 'spki'
80
90
  * @param publicKeyData should be the key data based on the format.
91
+ * @param hashAlgorithm 'sha-1' or 'sha-256'
81
92
  * @returns {Promise|*}
82
93
  */
83
- importKeyPair(privateKeyFormat: string, privateKeydata: JsonWebKey | ArrayBuffer, publicKeyFormat: string, publicKeyData: JsonWebKey | ArrayBuffer): Promise<KeyPair<CryptoKey>>;
94
+ importKeyPair(privateKeyFormat: string, privateKeydata: JsonWebKey | ArrayBuffer, publicKeyFormat: string, publicKeyData: JsonWebKey | ArrayBuffer, hashAlgorithm: ShaVersion): Promise<KeyPair<CryptoKey>>;
84
95
  /**
85
96
  * Tries to encrypt then decrypt data using a keypair. If both operations succeed without throwing an error and the decrypted data matches the
86
97
  * original data returns true, else false.
@@ -88,5 +99,20 @@ export declare class RSAUtils {
88
99
  * @return if the key pair could be successfully used to encrypt then decrypt data.
89
100
  */
90
101
  checkKeyPairValidity(keyPair: KeyPair<CryptoKey>): Promise<boolean>;
102
+ /**
103
+ * Generates a signature for some data. The signature algorithm used is RSA-PSS with SHA-256.
104
+ * @param privateKey private key to use for signature
105
+ * @param data the data to sign
106
+ * @return the signature.
107
+ */
108
+ sign(privateKey: CryptoKey, data: ArrayBuffer): Promise<ArrayBuffer>;
109
+ /**
110
+ * Verifies if a signature matches the data. The signature algorithm used is RSA-PSS with sha-256.
111
+ * @param publicKey public key to use for signature verification.
112
+ * @param signature the signature to verify
113
+ * @param data the data that was signed
114
+ * @return if the signature matches the data and key.
115
+ */
116
+ verifySignature(publicKey: CryptoKey, signature: ArrayBuffer, data: ArrayBuffer): Promise<boolean>;
91
117
  }
92
118
  export declare const RSA: RSAUtils;
@@ -24,19 +24,38 @@ class RSAUtils {
24
24
  publicExponent: new Uint8Array([0x01, 0x00, 0x01]),
25
25
  hash: { name: 'sha-1' },
26
26
  };
27
+ this.rsaWithSha256HashedParams = {
28
+ name: 'RSA-OAEP',
29
+ modulusLength: 2048,
30
+ publicExponent: new Uint8Array([0x01, 0x00, 0x01]),
31
+ hash: { name: 'SHA-256' },
32
+ };
33
+ this.signatureKeysGenerationParams = {
34
+ name: 'RSA-PSS',
35
+ modulusLength: 2048,
36
+ publicExponent: new Uint8Array([0x01, 0x00, 0x01]),
37
+ hash: { name: 'SHA-256' },
38
+ };
27
39
  this.crypto = crypto;
28
40
  }
29
41
  /**
30
- * It returns CryptoKey promise, which doesn't hold the bytes of the key.
31
- * If bytes are needed, you must export the generated key.
32
- *
33
- * @returns {Promise} will be {publicKey: CryptoKey, privateKey: CryptoKey}
42
+ * Generates a key pair for encryption/decryption of data.
43
+ * @param shaVersion the version of the SHA algorithm to use.
34
44
  */
35
- generateKeyPair() {
45
+ generateKeyPair(shaVersion) {
36
46
  const extractable = true;
37
47
  const keyUsages = ['decrypt', 'encrypt'];
48
+ const rsaParams = this.paramsForCreationOrImport(shaVersion);
38
49
  return new Promise((resolve, reject) => {
39
- this.crypto.subtle.generateKey(this.rsaHashedParams, extractable, keyUsages).then(resolve, reject);
50
+ this.crypto.subtle.generateKey(rsaParams, extractable, keyUsages).then(resolve, reject);
51
+ });
52
+ }
53
+ /**
54
+ * Generates a key pair for signing data and signature verification.
55
+ */
56
+ generateSignatureKeyPair() {
57
+ return __awaiter(this, void 0, void 0, function* () {
58
+ return yield this.crypto.subtle.generateKey(this.signatureKeysGenerationParams, true, ['sign', 'verify']);
40
59
  });
41
60
  }
42
61
  exportKeys(keyPair, privKeyFormat, pubKeyFormat) {
@@ -79,24 +98,47 @@ class RSAUtils {
79
98
  * @param format 'jwk', 'spki', or 'pkcs8'
80
99
  * @param keydata should be the key data based on the format.
81
100
  * @param keyUsages Array of usages. For example, ['encrypt'] for public key.
101
+ * @param hashAlgorithm 'sha-1' or 'sha-256'
82
102
  * @returns {*}
83
103
  */
84
- importKey(format, keydata, keyUsages) {
104
+ importKey(format, keydata, keyUsages, hashAlgorithm) {
85
105
  const extractable = true;
86
106
  return new Promise((resolve, reject) => {
87
- this.crypto.subtle.importKey(format, keydata, this.rsaHashedParams, extractable, keyUsages).then(resolve, reject);
107
+ const rsaParams = this.paramsForCreationOrImport(hashAlgorithm);
108
+ this.crypto.subtle.importKey(format, keydata, rsaParams, extractable, keyUsages).then(resolve, reject);
88
109
  });
89
110
  }
111
+ importSignatureKey(format, keydata) {
112
+ const extractable = true;
113
+ return this.crypto.subtle.importKey(format, keydata, this.signatureKeysGenerationParams, extractable, ['sign']);
114
+ }
115
+ importVerificationKey(format, keydata) {
116
+ const extractable = true;
117
+ return this.crypto.subtle.importKey(format, keydata, this.signatureKeysGenerationParams, extractable, ['verify']);
118
+ }
119
+ paramsForCreationOrImport(shaVersion) {
120
+ if (shaVersion === 'sha-1') {
121
+ return this.rsaHashedParams;
122
+ }
123
+ else if (shaVersion === 'sha-256') {
124
+ return this.rsaWithSha256HashedParams;
125
+ }
126
+ else {
127
+ throw new Error('Unexpected error, invalid SHA version');
128
+ }
129
+ }
90
130
  /**
91
131
  *
92
132
  * @param format 'jwk' or 'pkcs8'
93
133
  * @param keydata should be the key data based on the format.
134
+ * @param hashAlgorithm 'sha-1' or 'sha-256'
94
135
  * @returns {*}
95
136
  */
96
- importPrivateKey(format, keydata) {
137
+ importPrivateKey(format, keydata, hashAlgorithm) {
97
138
  const extractable = true;
98
139
  return new Promise((resolve, reject) => {
99
- this.crypto.subtle.importKey(format, keydata, this.rsaHashedParams, extractable, ['decrypt']).then(resolve, reject);
140
+ const rsaParams = this.paramsForCreationOrImport(hashAlgorithm);
141
+ this.crypto.subtle.importKey(format, keydata, rsaParams, extractable, ['decrypt']).then(resolve, reject);
100
142
  });
101
143
  }
102
144
  /**
@@ -105,12 +147,14 @@ class RSAUtils {
105
147
  * @param privateKeydata should be the key data based on the format.
106
148
  * @param publicKeyFormat 'jwk' or 'spki'
107
149
  * @param publicKeyData should be the key data based on the format.
150
+ * @param hashAlgorithm 'sha-1' or 'sha-256'
108
151
  * @returns {Promise|*}
109
152
  */
110
- importKeyPair(privateKeyFormat, privateKeydata, publicKeyFormat, publicKeyData) {
153
+ importKeyPair(privateKeyFormat, privateKeydata, publicKeyFormat, publicKeyData, hashAlgorithm) {
111
154
  const extractable = true;
112
- const privPromise = this.crypto.subtle.importKey(privateKeyFormat, privateKeydata, this.rsaHashedParams, extractable, ['decrypt']);
113
- const pubPromise = this.crypto.subtle.importKey(publicKeyFormat, publicKeyData, this.rsaHashedParams, extractable, ['encrypt']);
155
+ const rsaParams = this.paramsForCreationOrImport(hashAlgorithm);
156
+ const privPromise = this.crypto.subtle.importKey(privateKeyFormat, privateKeydata, rsaParams, extractable, ['decrypt']);
157
+ const pubPromise = this.crypto.subtle.importKey(publicKeyFormat, publicKeyData, rsaParams, extractable, ['encrypt']);
114
158
  return Promise.all([pubPromise, privPromise]).then(function (results) {
115
159
  return {
116
160
  publicKey: results[0],
@@ -137,6 +181,29 @@ class RSAUtils {
137
181
  }
138
182
  });
139
183
  }
184
+ /**
185
+ * Generates a signature for some data. The signature algorithm used is RSA-PSS with SHA-256.
186
+ * @param privateKey private key to use for signature
187
+ * @param data the data to sign
188
+ * @return the signature.
189
+ */
190
+ sign(privateKey, data) {
191
+ return __awaiter(this, void 0, void 0, function* () {
192
+ return yield this.crypto.subtle.sign({ name: 'RSA-PSS', saltLength: 32 }, privateKey, data);
193
+ });
194
+ }
195
+ /**
196
+ * Verifies if a signature matches the data. The signature algorithm used is RSA-PSS with sha-256.
197
+ * @param publicKey public key to use for signature verification.
198
+ * @param signature the signature to verify
199
+ * @param data the data that was signed
200
+ * @return if the signature matches the data and key.
201
+ */
202
+ verifySignature(publicKey, signature, data) {
203
+ return __awaiter(this, void 0, void 0, function* () {
204
+ return yield this.crypto.subtle.verify({ name: 'RSA-PSS', saltLength: 32 }, publicKey, signature, data);
205
+ });
206
+ }
140
207
  }
141
208
  exports.RSAUtils = RSAUtils;
142
209
  exports.RSA = new RSAUtils();
@@ -1 +1 @@
1
- {"version":3,"file":"RSA.js","sourceRoot":"","sources":["../../../icc-x-api/crypto/RSA.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,oCAA4C;AAO5C,MAAa,QAAQ;IAenB,YAAY,SAAiB,OAAO,MAAM,KAAK,WAAW,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO,IAAI,KAAK,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAE,EAAa;QAdvI,iCAAiC;QACjC,qBAAqB;QACrB,sBAAsB;QACtB,cAAS,GAAQ,EAAE,IAAI,EAAE,UAAU,EAAE,CAAA;QACrC,mDAAmD;QACnD,oBAAe,GAAQ;YACrB,IAAI,EAAE,UAAU;YAChB,aAAa,EAAE,IAAI;YACnB,cAAc,EAAE,IAAI,UAAU,CAAC,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;YAClD,IAAI,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE;SACxB,CAAA;QAKC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAA;IACtB,CAAC;IAED;;;;;OAKG;IACH,eAAe;QACb,MAAM,WAAW,GAAG,IAAI,CAAA;QACxB,MAAM,SAAS,GAAe,CAAC,SAAS,EAAE,SAAS,CAAC,CAAA;QAEpD,OAAO,IAAI,OAAO,CAAqB,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACzD,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,eAAe,EAAE,WAAW,EAAE,SAAS,CAAC,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC,CAAA;QACpG,CAAC,CAAC,CAAA;IACJ,CAAC;IAeD,UAAU,CAAC,OAA2B,EAAE,aAAqB,EAAE,YAAoB;QACjF,MAAM,UAAU,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,YAAmB,EAAE,OAAO,CAAC,SAAS,CAAC,CAAA;QACvF,MAAM,WAAW,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,aAAoB,EAAE,OAAO,CAAC,UAAU,CAAC,CAAA;QAE1F,OAAO,OAAO,CAAC,GAAG,CAAC,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,OAAO;YAClE,OAAO;gBACL,SAAS,EAAE,OAAO,CAAC,CAAC,CAAC;gBACrB,UAAU,EAAE,OAAO,CAAC,CAAC,CAAC;aACvB,CAAA;QACH,CAAC,CAAC,CAAA;IACJ,CAAC;IAgBD,SAAS,CAAC,SAAoB,EAAE,MAAc;QAC5C,OAAO,IAAI,OAAO,CAAC,CAAC,OAAiD,EAAE,MAAM,EAAE,EAAE;YAC/E,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,MAAa,EAAE,SAAS,CAAC,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC,CAAA;QAC9E,CAAC,CAAC,CAAA;IACJ,CAAC;IAED;;;;OAIG;IACH,OAAO,CAAC,SAAoB,EAAE,SAAqB;QACjD,OAAO,IAAI,OAAO,CAAC,CAAC,OAAoC,EAAE,MAAM,EAAE,EAAE;YAClE,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,EAAE,SAAS,EAAE,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC,CAAA,CAAC,0BAA0B;QACzJ,CAAC,CAAC,CAAA;IACJ,CAAC;IAED;;;;OAIG;IACH,OAAO,CAAC,UAAqB,EAAE,aAAyB;QACtD,OAAO,IAAI,OAAO,CAAC,CAAC,OAAoC,EAAE,MAAM,EAAE,EAAE;YAClE,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,EAAE,UAAU,EAAE,aAAa,CAAC,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC,CAAA;QAC7F,CAAC,CAAC,CAAA;IACJ,CAAC;IAED;;;;;;OAMG;IACH,SAAS,CAAC,MAAc,EAAE,OAAiC,EAAE,SAAqB;QAChF,MAAM,WAAW,GAAG,IAAI,CAAA;QACxB,OAAO,IAAI,OAAO,CAAC,CAAC,OAAkC,EAAE,MAAM,EAAE,EAAE;YAChE,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,MAAa,EAAE,OAAc,EAAE,IAAI,CAAC,eAAe,EAAE,WAAW,EAAE,SAAS,CAAC,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC,CAAA;QACjI,CAAC,CAAC,CAAA;IACJ,CAAC;IAED;;;;;OAKG;IACH,gBAAgB,CAAC,MAAc,EAAE,OAAiC;QAChE,MAAM,WAAW,GAAG,IAAI,CAAA;QACxB,OAAO,IAAI,OAAO,CAAC,CAAC,OAAkC,EAAE,MAAM,EAAE,EAAE;YAChE,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,MAAa,EAAE,OAAc,EAAE,IAAI,CAAC,eAAe,EAAE,WAAW,EAAE,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC,CAAA;QACnI,CAAC,CAAC,CAAA;IACJ,CAAC;IAED;;;;;;;OAOG;IACH,aAAa,CACX,gBAAwB,EACxB,cAAwC,EACxC,eAAuB,EACvB,aAAuC;QAEvC,MAAM,WAAW,GAAG,IAAI,CAAA;QACxB,MAAM,WAAW,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,gBAAuB,EAAE,cAAqB,EAAE,IAAI,CAAC,eAAe,EAAE,WAAW,EAAE,CAAC,SAAS,CAAC,CAAC,CAAA;QAChJ,MAAM,UAAU,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,eAAsB,EAAE,aAAoB,EAAE,IAAI,CAAC,eAAe,EAAE,WAAW,EAAE,CAAC,SAAS,CAAC,CAAC,CAAA;QAE7I,OAAO,OAAO,CAAC,GAAG,CAAC,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,OAAO;YAClE,OAAO;gBACL,SAAS,EAAE,OAAO,CAAC,CAAC,CAAC;gBACrB,UAAU,EAAE,OAAO,CAAC,CAAC,CAAC;aACvB,CAAA;QACH,CAAC,CAAC,CAAA;IACJ,CAAC;IAED;;;;;OAKG;IACG,oBAAoB,CAAC,OAA2B;;YACpD,IAAI;gBACF,MAAM,IAAI,GAAG,YAAY,CAAA;gBACzB,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,SAAS,EAAE,IAAA,gBAAQ,EAAC,IAAI,CAAC,CAAC,CAAA;gBAC3E,MAAM,aAAa,GAAG,IAAA,eAAO,EAAC,MAAM,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,UAAU,EAAE,IAAI,UAAU,CAAC,aAAa,CAAC,CAAC,CAAC,CAAA;gBACpG,OAAO,aAAa,KAAK,IAAI,CAAA;aAC9B;YAAC,OAAO,CAAC,EAAE;gBACV,OAAO,KAAK,CAAA;aACb;QACH,CAAC;KAAA;CACF;AA1KD,4BA0KC;AAEY,QAAA,GAAG,GAAG,IAAI,QAAQ,EAAE,CAAA","sourcesContent":["import { ua2utf8, utf8_2ua } from '../utils'\n\n/**\n * Represents an RSA KeyPair in a generic format.\n */\nexport type KeyPair<T> = { publicKey: T; privateKey: T }\n\nexport class RSAUtils {\n /********* RSA Config **********/\n //TODO bigger modulus\n //TODO PSS for signing\n rsaParams: any = { name: 'RSA-OAEP' }\n // RSA params for 'import' and 'generate' function.\n rsaHashedParams: any = {\n name: 'RSA-OAEP',\n modulusLength: 2048,\n publicExponent: new Uint8Array([0x01, 0x00, 0x01]), // Equivalent to 65537 (Fermat F4), read http://en.wikipedia.org/wiki/65537_(number)\n hash: { name: 'sha-1' },\n }\n\n private crypto: Crypto\n\n constructor(crypto: Crypto = typeof window !== 'undefined' ? window.crypto : typeof self !== 'undefined' ? self.crypto : ({} as Crypto)) {\n this.crypto = crypto\n }\n\n /**\n * It returns CryptoKey promise, which doesn't hold the bytes of the key.\n * If bytes are needed, you must export the generated key.\n *\n * @returns {Promise} will be {publicKey: CryptoKey, privateKey: CryptoKey}\n */\n generateKeyPair(): Promise<KeyPair<CryptoKey>> {\n const extractable = true\n const keyUsages: KeyUsage[] = ['decrypt', 'encrypt']\n\n return new Promise<KeyPair<CryptoKey>>((resolve, reject) => {\n this.crypto.subtle.generateKey(this.rsaHashedParams, extractable, keyUsages).then(resolve, reject)\n })\n }\n\n /**\n *\n * 'JWK': Json Web key (ref. http://tools.ietf.org/html/draft-ietf-jose-json-web-key-11)\n * 'spki': for private key\n * 'pkcs8': for private Key\n *\n * @param keyPair is {publicKey: CryptoKey, privateKey: CryptoKey}\n * @param privKeyFormat will be 'pkcs8' or 'jwk'\n * @param pubKeyFormat will be 'spki' or 'jwk'\n * @returns {Promise} will the AES Key\n */\n exportKeys(keyPair: KeyPair<CryptoKey>, privKeyFormat: 'jwk', pubKeyFormat: 'jwk'): Promise<KeyPair<JsonWebKey>>\n exportKeys(keyPair: KeyPair<CryptoKey>, privKeyFormat: 'pkcs8', pubKeyFormat: 'spki'): Promise<KeyPair<ArrayBuffer>>\n exportKeys(keyPair: KeyPair<CryptoKey>, privKeyFormat: string, pubKeyFormat: string): Promise<KeyPair<JsonWebKey | ArrayBuffer>> {\n const pubPromise = this.crypto.subtle.exportKey(pubKeyFormat as any, keyPair.publicKey)\n const privPromise = this.crypto.subtle.exportKey(privKeyFormat as any, keyPair.privateKey)\n\n return Promise.all([pubPromise, privPromise]).then(function (results) {\n return {\n publicKey: results[0],\n privateKey: results[1],\n }\n })\n }\n\n /**\n * Format:\n *\n * 'JWK': Json Web key (ref. http://tools.ietf.org/html/draft-ietf-jose-json-web-key-11)\n * 'spki': for private key\n * 'pkcs8': for private Key\n *\n * @param cryptoKey public or private\n * @param format either 'jwk' or 'spki' or 'pkcs8'\n * @returns {Promise|*} will be RSA key (public or private)\n */\n exportKey(cryptoKey: CryptoKey, format: 'jwk'): Promise<JsonWebKey>\n exportKey(cryptoKey: CryptoKey, format: 'spki'): Promise<ArrayBuffer>\n exportKey(cryptoKey: CryptoKey, format: 'pkcs8'): Promise<ArrayBuffer>\n exportKey(cryptoKey: CryptoKey, format: string): Promise<JsonWebKey | ArrayBuffer> {\n return new Promise((resolve: (value: JsonWebKey | ArrayBuffer) => any, reject) => {\n this.crypto.subtle.exportKey(format as any, cryptoKey).then(resolve, reject)\n })\n }\n\n /**\n *\n * @param publicKey (CryptoKey)\n * @param plainData (Uint8Array)\n */\n encrypt(publicKey: CryptoKey, plainData: Uint8Array): Promise<ArrayBuffer> {\n return new Promise((resolve: (value: ArrayBuffer) => any, reject) => {\n this.crypto.subtle.encrypt(this.rsaParams, publicKey, plainData.buffer ? plainData.buffer : plainData).then(resolve, reject) //Node prefers arrayBuffer\n })\n }\n\n /**\n *\n * @param privateKey (CryptoKey)\n * @param encryptedData (Uint8Array)\n */\n decrypt(privateKey: CryptoKey, encryptedData: Uint8Array): Promise<ArrayBuffer> {\n return new Promise((resolve: (value: ArrayBuffer) => any, reject) => {\n this.crypto.subtle.decrypt(this.rsaParams, privateKey, encryptedData).then(resolve, reject)\n })\n }\n\n /**\n *\n * @param format 'jwk', 'spki', or 'pkcs8'\n * @param keydata should be the key data based on the format.\n * @param keyUsages Array of usages. For example, ['encrypt'] for public key.\n * @returns {*}\n */\n importKey(format: string, keydata: JsonWebKey | ArrayBuffer, keyUsages: KeyUsage[]): Promise<CryptoKey> {\n const extractable = true\n return new Promise((resolve: (value: CryptoKey) => any, reject) => {\n this.crypto.subtle.importKey(format as any, keydata as any, this.rsaHashedParams, extractable, keyUsages).then(resolve, reject)\n })\n }\n\n /**\n *\n * @param format 'jwk' or 'pkcs8'\n * @param keydata should be the key data based on the format.\n * @returns {*}\n */\n importPrivateKey(format: string, keydata: JsonWebKey | ArrayBuffer): Promise<CryptoKey> {\n const extractable = true\n return new Promise((resolve: (value: CryptoKey) => any, reject) => {\n this.crypto.subtle.importKey(format as any, keydata as any, this.rsaHashedParams, extractable, ['decrypt']).then(resolve, reject)\n })\n }\n\n /**\n *\n * @param privateKeyFormat 'jwk' or 'pkcs8'\n * @param privateKeydata should be the key data based on the format.\n * @param publicKeyFormat 'jwk' or 'spki'\n * @param publicKeyData should be the key data based on the format.\n * @returns {Promise|*}\n */\n importKeyPair(\n privateKeyFormat: string,\n privateKeydata: JsonWebKey | ArrayBuffer,\n publicKeyFormat: string,\n publicKeyData: JsonWebKey | ArrayBuffer\n ): Promise<KeyPair<CryptoKey>> {\n const extractable = true\n const privPromise = this.crypto.subtle.importKey(privateKeyFormat as any, privateKeydata as any, this.rsaHashedParams, extractable, ['decrypt'])\n const pubPromise = this.crypto.subtle.importKey(publicKeyFormat as any, publicKeyData as any, this.rsaHashedParams, extractable, ['encrypt'])\n\n return Promise.all([pubPromise, privPromise]).then(function (results) {\n return {\n publicKey: results[0],\n privateKey: results[1],\n }\n })\n }\n\n /**\n * Tries to encrypt then decrypt data using a keypair. If both operations succeed without throwing an error and the decrypted data matches the\n * original data returns true, else false.\n * @param keyPair a key pair.\n * @return if the key pair could be successfully used to encrypt then decrypt data.\n */\n async checkKeyPairValidity(keyPair: KeyPair<CryptoKey>): Promise<boolean> {\n try {\n const text = 'shibboleth'\n const encryptedText = await this.encrypt(keyPair.publicKey, utf8_2ua(text))\n const decryptedText = ua2utf8(await this.decrypt(keyPair.privateKey, new Uint8Array(encryptedText)))\n return decryptedText === text\n } catch (e) {\n return false\n }\n }\n}\n\nexport const RSA = new RSAUtils()\n"]}
1
+ {"version":3,"file":"RSA.js","sourceRoot":"","sources":["../../../icc-x-api/crypto/RSA.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,oCAA4C;AAS5C,MAAa,QAAQ;IA2BnB,YAAY,SAAiB,OAAO,MAAM,KAAK,WAAW,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO,IAAI,KAAK,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAE,EAAa;QA1BvI,iCAAiC;QACjC,qBAAqB;QACrB,sBAAsB;QACtB,cAAS,GAAQ,EAAE,IAAI,EAAE,UAAU,EAAE,CAAA;QACrC,mDAAmD;QACnD,oBAAe,GAAQ;YACrB,IAAI,EAAE,UAAU;YAChB,aAAa,EAAE,IAAI;YACnB,cAAc,EAAE,IAAI,UAAU,CAAC,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;YAClD,IAAI,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE;SACxB,CAAA;QACD,8BAAyB,GAAQ;YAC/B,IAAI,EAAE,UAAU;YAChB,aAAa,EAAE,IAAI;YACnB,cAAc,EAAE,IAAI,UAAU,CAAC,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;YAClD,IAAI,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE;SAC1B,CAAA;QACgB,kCAA6B,GAAG;YAC/C,IAAI,EAAE,SAAS;YACf,aAAa,EAAE,IAAI;YACnB,cAAc,EAAE,IAAI,UAAU,CAAC,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;YAClD,IAAI,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE;SAC1B,CAAA;QAKC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAA;IACtB,CAAC;IAED;;;OAGG;IACH,eAAe,CAAC,UAAsB;QACpC,MAAM,WAAW,GAAG,IAAI,CAAA;QACxB,MAAM,SAAS,GAAe,CAAC,SAAS,EAAE,SAAS,CAAC,CAAA;QACpD,MAAM,SAAS,GAAG,IAAI,CAAC,yBAAyB,CAAC,UAAU,CAAC,CAAA;QAE5D,OAAO,IAAI,OAAO,CAAqB,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACzD,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,SAAS,EAAE,WAAW,EAAE,SAAS,CAAC,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC,CAAA;QACzF,CAAC,CAAC,CAAA;IACJ,CAAC;IAED;;OAEG;IACG,wBAAwB;;YAC5B,OAAO,MAAM,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,6BAA6B,EAAE,IAAI,EAAE,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAA;QAC3G,CAAC;KAAA;IAeD,UAAU,CAAC,OAA2B,EAAE,aAAqB,EAAE,YAAoB;QACjF,MAAM,UAAU,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,YAAmB,EAAE,OAAO,CAAC,SAAS,CAAC,CAAA;QACvF,MAAM,WAAW,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,aAAoB,EAAE,OAAO,CAAC,UAAU,CAAC,CAAA;QAE1F,OAAO,OAAO,CAAC,GAAG,CAAC,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,OAAO;YAClE,OAAO;gBACL,SAAS,EAAE,OAAO,CAAC,CAAC,CAAC;gBACrB,UAAU,EAAE,OAAO,CAAC,CAAC,CAAC;aACvB,CAAA;QACH,CAAC,CAAC,CAAA;IACJ,CAAC;IAgBD,SAAS,CAAC,SAAoB,EAAE,MAAc;QAC5C,OAAO,IAAI,OAAO,CAAC,CAAC,OAAiD,EAAE,MAAM,EAAE,EAAE;YAC/E,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,MAAa,EAAE,SAAS,CAAC,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC,CAAA;QAC9E,CAAC,CAAC,CAAA;IACJ,CAAC;IAED;;;;OAIG;IACH,OAAO,CAAC,SAAoB,EAAE,SAAqB;QACjD,OAAO,IAAI,OAAO,CAAC,CAAC,OAAoC,EAAE,MAAM,EAAE,EAAE;YAClE,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,EAAE,SAAS,EAAE,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC,CAAA,CAAC,0BAA0B;QACzJ,CAAC,CAAC,CAAA;IACJ,CAAC;IAED;;;;OAIG;IACH,OAAO,CAAC,UAAqB,EAAE,aAAyB;QACtD,OAAO,IAAI,OAAO,CAAC,CAAC,OAAoC,EAAE,MAAM,EAAE,EAAE;YAClE,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,EAAE,UAAU,EAAE,aAAa,CAAC,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC,CAAA;QAC7F,CAAC,CAAC,CAAA;IACJ,CAAC;IAED;;;;;;;OAOG;IACH,SAAS,CAAC,MAAc,EAAE,OAAiC,EAAE,SAAqB,EAAE,aAAyB;QAC3G,MAAM,WAAW,GAAG,IAAI,CAAA;QACxB,OAAO,IAAI,OAAO,CAAC,CAAC,OAAkC,EAAE,MAAM,EAAE,EAAE;YAChE,MAAM,SAAS,GAAG,IAAI,CAAC,yBAAyB,CAAC,aAAa,CAAC,CAAA;YAC/D,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,MAAa,EAAE,OAAc,EAAE,SAAS,EAAE,WAAW,EAAE,SAAS,CAAC,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC,CAAA;QACtH,CAAC,CAAC,CAAA;IACJ,CAAC;IAED,kBAAkB,CAAC,MAAuB,EAAE,OAAiC;QAC3E,MAAM,WAAW,GAAG,IAAI,CAAA;QACxB,OAAO,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,MAAa,EAAE,OAAc,EAAE,IAAI,CAAC,6BAA6B,EAAE,WAAW,EAAE,CAAC,MAAM,CAAC,CAAC,CAAA;IAC/H,CAAC;IAED,qBAAqB,CAAC,MAAsB,EAAE,OAAiC;QAC7E,MAAM,WAAW,GAAG,IAAI,CAAA;QACxB,OAAO,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,MAAa,EAAE,OAAc,EAAE,IAAI,CAAC,6BAA6B,EAAE,WAAW,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAA;IACjI,CAAC;IAEO,yBAAyB,CAAC,UAAsB;QACtD,IAAI,UAAU,KAAK,OAAO,EAAE;YAC1B,OAAO,IAAI,CAAC,eAAe,CAAA;SAC5B;aAAM,IAAI,UAAU,KAAK,SAAS,EAAE;YACnC,OAAO,IAAI,CAAC,yBAAyB,CAAA;SACtC;aAAM;YACL,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAA;SACzD;IACH,CAAC;IAED;;;;;;OAMG;IACH,gBAAgB,CAAC,MAAc,EAAE,OAAiC,EAAE,aAAyB;QAC3F,MAAM,WAAW,GAAG,IAAI,CAAA;QACxB,OAAO,IAAI,OAAO,CAAC,CAAC,OAAkC,EAAE,MAAM,EAAE,EAAE;YAChE,MAAM,SAAS,GAAG,IAAI,CAAC,yBAAyB,CAAC,aAAa,CAAC,CAAA;YAC/D,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,MAAa,EAAE,OAAc,EAAE,SAAS,EAAE,WAAW,EAAE,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC,CAAA;QACxH,CAAC,CAAC,CAAA;IACJ,CAAC;IAED;;;;;;;;OAQG;IACH,aAAa,CACX,gBAAwB,EACxB,cAAwC,EACxC,eAAuB,EACvB,aAAuC,EACvC,aAAyB;QAEzB,MAAM,WAAW,GAAG,IAAI,CAAA;QACxB,MAAM,SAAS,GAAG,IAAI,CAAC,yBAAyB,CAAC,aAAa,CAAC,CAAA;QAC/D,MAAM,WAAW,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,gBAAuB,EAAE,cAAqB,EAAE,SAAS,EAAE,WAAW,EAAE,CAAC,SAAS,CAAC,CAAC,CAAA;QACrI,MAAM,UAAU,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,eAAsB,EAAE,aAAoB,EAAE,SAAS,EAAE,WAAW,EAAE,CAAC,SAAS,CAAC,CAAC,CAAA;QAElI,OAAO,OAAO,CAAC,GAAG,CAAC,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,OAAO;YAClE,OAAO;gBACL,SAAS,EAAE,OAAO,CAAC,CAAC,CAAC;gBACrB,UAAU,EAAE,OAAO,CAAC,CAAC,CAAC;aACvB,CAAA;QACH,CAAC,CAAC,CAAA;IACJ,CAAC;IAED;;;;;OAKG;IACG,oBAAoB,CAAC,OAA2B;;YACpD,IAAI;gBACF,MAAM,IAAI,GAAG,YAAY,CAAA;gBACzB,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,SAAS,EAAE,IAAA,gBAAQ,EAAC,IAAI,CAAC,CAAC,CAAA;gBAC3E,MAAM,aAAa,GAAG,IAAA,eAAO,EAAC,MAAM,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,UAAU,EAAE,IAAI,UAAU,CAAC,aAAa,CAAC,CAAC,CAAC,CAAA;gBACpG,OAAO,aAAa,KAAK,IAAI,CAAA;aAC9B;YAAC,OAAO,CAAC,EAAE;gBACV,OAAO,KAAK,CAAA;aACb;QACH,CAAC;KAAA;IAED;;;;;OAKG;IACG,IAAI,CAAC,UAAqB,EAAE,IAAiB;;YACjD,OAAO,MAAM,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,UAAU,EAAE,EAAE,EAAE,EAAE,UAAU,EAAE,IAAI,CAAC,CAAA;QAC7F,CAAC;KAAA;IAED;;;;;;OAMG;IACG,eAAe,CAAC,SAAoB,EAAE,SAAsB,EAAE,IAAiB;;YACnF,OAAO,MAAM,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,UAAU,EAAE,EAAE,EAAE,EAAE,SAAS,EAAE,SAAS,EAAE,IAAI,CAAC,CAAA;QACzG,CAAC;KAAA;CACF;AA5OD,4BA4OC;AAEY,QAAA,GAAG,GAAG,IAAI,QAAQ,EAAE,CAAA","sourcesContent":["import { ua2utf8, utf8_2ua } from '../utils'\n\n/**\n * Represents an RSA KeyPair in a generic format.\n */\nexport type KeyPair<T> = { publicKey: T; privateKey: T }\n\nexport type ShaVersion = 'sha-1' | 'sha-256'\n\nexport class RSAUtils {\n /********* RSA Config **********/\n //TODO bigger modulus\n //TODO PSS for signing\n rsaParams: any = { name: 'RSA-OAEP' }\n // RSA params for 'import' and 'generate' function.\n rsaHashedParams: any = {\n name: 'RSA-OAEP',\n modulusLength: 2048,\n publicExponent: new Uint8Array([0x01, 0x00, 0x01]), // Equivalent to 65537 (Fermat F4), read http://en.wikipedia.org/wiki/65537_(number)\n hash: { name: 'sha-1' },\n }\n rsaWithSha256HashedParams: any = {\n name: 'RSA-OAEP',\n modulusLength: 2048,\n publicExponent: new Uint8Array([0x01, 0x00, 0x01]), // Equivalent to 65537 (Fermat F4), read http://en.wikipedia.org/wiki/65537_(number)\n hash: { name: 'SHA-256' },\n }\n private readonly signatureKeysGenerationParams = {\n name: 'RSA-PSS',\n modulusLength: 2048,\n publicExponent: new Uint8Array([0x01, 0x00, 0x01]), // Equivalent to 65537 (Fermat F4), read http://en.wikipedia.org/wiki/65537_(number)\n hash: { name: 'SHA-256' },\n }\n\n private crypto: Crypto\n\n constructor(crypto: Crypto = typeof window !== 'undefined' ? window.crypto : typeof self !== 'undefined' ? self.crypto : ({} as Crypto)) {\n this.crypto = crypto\n }\n\n /**\n * Generates a key pair for encryption/decryption of data.\n * @param shaVersion the version of the SHA algorithm to use.\n */\n generateKeyPair(shaVersion: ShaVersion): Promise<KeyPair<CryptoKey>> {\n const extractable = true\n const keyUsages: KeyUsage[] = ['decrypt', 'encrypt']\n const rsaParams = this.paramsForCreationOrImport(shaVersion)\n\n return new Promise<KeyPair<CryptoKey>>((resolve, reject) => {\n this.crypto.subtle.generateKey(rsaParams, extractable, keyUsages).then(resolve, reject)\n })\n }\n\n /**\n * Generates a key pair for signing data and signature verification.\n */\n async generateSignatureKeyPair(): Promise<KeyPair<CryptoKey>> {\n return await this.crypto.subtle.generateKey(this.signatureKeysGenerationParams, true, ['sign', 'verify'])\n }\n\n /**\n *\n * 'JWK': Json Web key (ref. http://tools.ietf.org/html/draft-ietf-jose-json-web-key-11)\n * 'spki': for private key\n * 'pkcs8': for private Key\n *\n * @param keyPair is {publicKey: CryptoKey, privateKey: CryptoKey}\n * @param privKeyFormat will be 'pkcs8' or 'jwk'\n * @param pubKeyFormat will be 'spki' or 'jwk'\n * @returns {Promise} will the AES Key\n */\n exportKeys(keyPair: KeyPair<CryptoKey>, privKeyFormat: 'jwk', pubKeyFormat: 'jwk'): Promise<KeyPair<JsonWebKey>>\n exportKeys(keyPair: KeyPair<CryptoKey>, privKeyFormat: 'pkcs8', pubKeyFormat: 'spki'): Promise<KeyPair<ArrayBuffer>>\n exportKeys(keyPair: KeyPair<CryptoKey>, privKeyFormat: string, pubKeyFormat: string): Promise<KeyPair<JsonWebKey | ArrayBuffer>> {\n const pubPromise = this.crypto.subtle.exportKey(pubKeyFormat as any, keyPair.publicKey)\n const privPromise = this.crypto.subtle.exportKey(privKeyFormat as any, keyPair.privateKey)\n\n return Promise.all([pubPromise, privPromise]).then(function (results) {\n return {\n publicKey: results[0],\n privateKey: results[1],\n }\n })\n }\n\n /**\n * Format:\n *\n * 'JWK': Json Web key (ref. http://tools.ietf.org/html/draft-ietf-jose-json-web-key-11)\n * 'spki': for private key\n * 'pkcs8': for private Key\n *\n * @param cryptoKey public or private\n * @param format either 'jwk' or 'spki' or 'pkcs8'\n * @returns {Promise|*} will be RSA key (public or private)\n */\n exportKey(cryptoKey: CryptoKey, format: 'jwk'): Promise<JsonWebKey>\n exportKey(cryptoKey: CryptoKey, format: 'spki'): Promise<ArrayBuffer>\n exportKey(cryptoKey: CryptoKey, format: 'pkcs8'): Promise<ArrayBuffer>\n exportKey(cryptoKey: CryptoKey, format: string): Promise<JsonWebKey | ArrayBuffer> {\n return new Promise((resolve: (value: JsonWebKey | ArrayBuffer) => any, reject) => {\n this.crypto.subtle.exportKey(format as any, cryptoKey).then(resolve, reject)\n })\n }\n\n /**\n *\n * @param publicKey (CryptoKey)\n * @param plainData (Uint8Array)\n */\n encrypt(publicKey: CryptoKey, plainData: Uint8Array): Promise<ArrayBuffer> {\n return new Promise((resolve: (value: ArrayBuffer) => any, reject) => {\n this.crypto.subtle.encrypt(this.rsaParams, publicKey, plainData.buffer ? plainData.buffer : plainData).then(resolve, reject) //Node prefers arrayBuffer\n })\n }\n\n /**\n *\n * @param privateKey (CryptoKey)\n * @param encryptedData (Uint8Array)\n */\n decrypt(privateKey: CryptoKey, encryptedData: Uint8Array): Promise<ArrayBuffer> {\n return new Promise((resolve: (value: ArrayBuffer) => any, reject) => {\n this.crypto.subtle.decrypt(this.rsaParams, privateKey, encryptedData).then(resolve, reject)\n })\n }\n\n /**\n *\n * @param format 'jwk', 'spki', or 'pkcs8'\n * @param keydata should be the key data based on the format.\n * @param keyUsages Array of usages. For example, ['encrypt'] for public key.\n * @param hashAlgorithm 'sha-1' or 'sha-256'\n * @returns {*}\n */\n importKey(format: string, keydata: JsonWebKey | ArrayBuffer, keyUsages: KeyUsage[], hashAlgorithm: ShaVersion): Promise<CryptoKey> {\n const extractable = true\n return new Promise((resolve: (value: CryptoKey) => any, reject) => {\n const rsaParams = this.paramsForCreationOrImport(hashAlgorithm)\n this.crypto.subtle.importKey(format as any, keydata as any, rsaParams, extractable, keyUsages).then(resolve, reject)\n })\n }\n\n importSignatureKey(format: 'jwk' | 'pkcs8', keydata: JsonWebKey | ArrayBuffer): Promise<CryptoKey> {\n const extractable = true\n return this.crypto.subtle.importKey(format as any, keydata as any, this.signatureKeysGenerationParams, extractable, ['sign'])\n }\n\n importVerificationKey(format: 'jwk' | 'spki', keydata: JsonWebKey | ArrayBuffer): Promise<CryptoKey> {\n const extractable = true\n return this.crypto.subtle.importKey(format as any, keydata as any, this.signatureKeysGenerationParams, extractable, ['verify'])\n }\n\n private paramsForCreationOrImport(shaVersion: ShaVersion) {\n if (shaVersion === 'sha-1') {\n return this.rsaHashedParams\n } else if (shaVersion === 'sha-256') {\n return this.rsaWithSha256HashedParams\n } else {\n throw new Error('Unexpected error, invalid SHA version')\n }\n }\n\n /**\n *\n * @param format 'jwk' or 'pkcs8'\n * @param keydata should be the key data based on the format.\n * @param hashAlgorithm 'sha-1' or 'sha-256'\n * @returns {*}\n */\n importPrivateKey(format: string, keydata: JsonWebKey | ArrayBuffer, hashAlgorithm: ShaVersion): Promise<CryptoKey> {\n const extractable = true\n return new Promise((resolve: (value: CryptoKey) => any, reject) => {\n const rsaParams = this.paramsForCreationOrImport(hashAlgorithm)\n this.crypto.subtle.importKey(format as any, keydata as any, rsaParams, extractable, ['decrypt']).then(resolve, reject)\n })\n }\n\n /**\n *\n * @param privateKeyFormat 'jwk' or 'pkcs8'\n * @param privateKeydata should be the key data based on the format.\n * @param publicKeyFormat 'jwk' or 'spki'\n * @param publicKeyData should be the key data based on the format.\n * @param hashAlgorithm 'sha-1' or 'sha-256'\n * @returns {Promise|*}\n */\n importKeyPair(\n privateKeyFormat: string,\n privateKeydata: JsonWebKey | ArrayBuffer,\n publicKeyFormat: string,\n publicKeyData: JsonWebKey | ArrayBuffer,\n hashAlgorithm: ShaVersion\n ): Promise<KeyPair<CryptoKey>> {\n const extractable = true\n const rsaParams = this.paramsForCreationOrImport(hashAlgorithm)\n const privPromise = this.crypto.subtle.importKey(privateKeyFormat as any, privateKeydata as any, rsaParams, extractable, ['decrypt'])\n const pubPromise = this.crypto.subtle.importKey(publicKeyFormat as any, publicKeyData as any, rsaParams, extractable, ['encrypt'])\n\n return Promise.all([pubPromise, privPromise]).then(function (results) {\n return {\n publicKey: results[0],\n privateKey: results[1],\n }\n })\n }\n\n /**\n * Tries to encrypt then decrypt data using a keypair. If both operations succeed without throwing an error and the decrypted data matches the\n * original data returns true, else false.\n * @param keyPair a key pair.\n * @return if the key pair could be successfully used to encrypt then decrypt data.\n */\n async checkKeyPairValidity(keyPair: KeyPair<CryptoKey>): Promise<boolean> {\n try {\n const text = 'shibboleth'\n const encryptedText = await this.encrypt(keyPair.publicKey, utf8_2ua(text))\n const decryptedText = ua2utf8(await this.decrypt(keyPair.privateKey, new Uint8Array(encryptedText)))\n return decryptedText === text\n } catch (e) {\n return false\n }\n }\n\n /**\n * Generates a signature for some data. The signature algorithm used is RSA-PSS with SHA-256.\n * @param privateKey private key to use for signature\n * @param data the data to sign\n * @return the signature.\n */\n async sign(privateKey: CryptoKey, data: ArrayBuffer): Promise<ArrayBuffer> {\n return await this.crypto.subtle.sign({ name: 'RSA-PSS', saltLength: 32 }, privateKey, data)\n }\n\n /**\n * Verifies if a signature matches the data. The signature algorithm used is RSA-PSS with sha-256.\n * @param publicKey public key to use for signature verification.\n * @param signature the signature to verify\n * @param data the data that was signed\n * @return if the signature matches the data and key.\n */\n async verifySignature(publicKey: CryptoKey, signature: ArrayBuffer, data: ArrayBuffer): Promise<boolean> {\n return await this.crypto.subtle.verify({ name: 'RSA-PSS', saltLength: 32 }, publicKey, signature, data)\n }\n}\n\nexport const RSA = new RSAUtils()\n"]}
@@ -0,0 +1,54 @@
1
+ import { SecureDelegation } from '../../icc-api/model/SecureDelegation';
2
+ import { UserEncryptionKeysManager } from './UserEncryptionKeysManager';
3
+ import { CryptoPrimitives } from './CryptoPrimitives';
4
+ /**
5
+ * @internal this class is for internal use only and may be changed without notice.
6
+ */
7
+ export declare class SecureDelegationsEncryption {
8
+ private readonly userKeys;
9
+ private readonly primitives;
10
+ constructor(userKeys: UserEncryptionKeysManager, primitives: CryptoPrimitives);
11
+ /**
12
+ * WARNING: this values should be ALWAYS be the string 'Cure' and its utf-8 bytes. If changed, it would not be possible to decrypt old secretIds and owningEntityIds
13
+ * anymore.
14
+ * @private
15
+ */
16
+ private readonly decryptionValidatorPrefix;
17
+ private readonly decryptionValidatorBytes;
18
+ /**
19
+ * Check if a Uint8Array or an Array buffer contains the decryption validator prefix.
20
+ * @param bytes an ArrayBuffer or Uint8Array to verify.
21
+ * @return true if the buffer contains the prefix, false otherwise.
22
+ */
23
+ private prefixVerification;
24
+ /**
25
+ * If the secure delegation has an encrypted exchange data id attempts to decrypt it with the available keys for the current user.
26
+ * @param encryptedExchangeIds a map that associates an encrypted exchange data id to the fingerprint of the public key used to encrypt it.
27
+ * @return the id of the exchange data used for the encryption of the provided secure delegation if it was encrypted and could be decrypted,
28
+ * undefined otherwise (there was no encrypted id of the exchange data, or it could not be decrypted as no key was available).
29
+ */
30
+ decryptExchangeDataId(encryptedExchangeIds: {
31
+ [fp: string]: string;
32
+ }): Promise<string | undefined>;
33
+ /**
34
+ * Encrypts the exchange data id for a secure delegation. To avoid leaks of sensitive data the provided public keys should be only keys of users
35
+ * which DO NOT REQUIRE anonymous delegations
36
+ */
37
+ encryptExchangeDataId(exchangeDataId: string, publicKeys: {
38
+ [fp: string]: CryptoKey;
39
+ }): Promise<{
40
+ [fp: string]: string;
41
+ }>;
42
+ encryptEncryptionKey(hexKey: string, key: CryptoKey): Promise<string>;
43
+ encryptEncryptionKeys(hexKeys: string[], key: CryptoKey): Promise<string[]>;
44
+ decryptEncryptionKey(encrypted: string, key: CryptoKey): Promise<string>;
45
+ decryptEncryptionKeys(delegation: SecureDelegation, key: CryptoKey): Promise<string[]>;
46
+ encryptSecretId(secretId: string, key: CryptoKey): Promise<string>;
47
+ encryptSecretIds(secretIds: string[], key: CryptoKey): Promise<string[]>;
48
+ decryptSecretId(encrypted: string, key: CryptoKey): Promise<string>;
49
+ decryptSecretIds(delegation: SecureDelegation, key: CryptoKey): Promise<string[]>;
50
+ encryptOwningEntityId(owningEntityId: string, key: CryptoKey): Promise<string>;
51
+ encryptOwningEntityIds(owningEntityIds: string[], key: CryptoKey): Promise<string[]>;
52
+ decryptOwningEntityId(encrypted: string, key: CryptoKey): Promise<string>;
53
+ decryptOwningEntityIds(delegation: SecureDelegation, key: CryptoKey): Promise<string[]>;
54
+ }