@icure/api 7.1.16 → 8.0.0-RC.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (363) hide show
  1. package/icc-api/api/IccAccesslogApi.d.ts +12 -1
  2. package/icc-api/api/IccAccesslogApi.js +142 -98
  3. package/icc-api/api/IccAccesslogApi.js.map +1 -1
  4. package/icc-api/api/IccBemikronoApi.d.ts +81 -0
  5. package/icc-api/api/IccBemikronoApi.js +163 -0
  6. package/icc-api/api/IccBemikronoApi.js.map +1 -0
  7. package/icc-api/api/IccCalendarItemApi.d.ts +21 -1
  8. package/icc-api/api/IccCalendarItemApi.js +183 -117
  9. package/icc-api/api/IccCalendarItemApi.js.map +1 -1
  10. package/icc-api/api/IccClassificationApi.d.ts +21 -1
  11. package/icc-api/api/IccClassificationApi.js +119 -63
  12. package/icc-api/api/IccClassificationApi.js.map +1 -1
  13. package/icc-api/api/IccContactApi.d.ts +21 -1
  14. package/icc-api/api/IccContactApi.js +385 -294
  15. package/icc-api/api/IccContactApi.js.map +1 -1
  16. package/icc-api/api/IccDocumentApi.d.ts +38 -25
  17. package/icc-api/api/IccDocumentApi.js +279 -212
  18. package/icc-api/api/IccDocumentApi.js.map +1 -1
  19. package/icc-api/api/IccExchangeDataApi.d.ts +19 -0
  20. package/icc-api/api/IccExchangeDataApi.js +85 -0
  21. package/icc-api/api/IccExchangeDataApi.js.map +1 -0
  22. package/icc-api/api/IccExchangeDataMapApi.d.ts +18 -0
  23. package/icc-api/api/IccExchangeDataMapApi.js +65 -0
  24. package/icc-api/api/IccExchangeDataMapApi.js.map +1 -0
  25. package/icc-api/api/IccFormApi.d.ts +21 -1
  26. package/icc-api/api/IccFormApi.js +321 -229
  27. package/icc-api/api/IccFormApi.js.map +1 -1
  28. package/icc-api/api/IccHelementApi.d.ts +21 -1
  29. package/icc-api/api/IccHelementApi.js +207 -137
  30. package/icc-api/api/IccHelementApi.js.map +1 -1
  31. package/icc-api/api/IccInvoiceApi.d.ts +21 -1
  32. package/icc-api/api/IccInvoiceApi.js +404 -298
  33. package/icc-api/api/IccInvoiceApi.js.map +1 -1
  34. package/icc-api/api/IccMaintenanceTaskApi.d.ts +12 -1
  35. package/icc-api/api/IccMaintenanceTaskApi.js +79 -43
  36. package/icc-api/api/IccMaintenanceTaskApi.js.map +1 -1
  37. package/icc-api/api/IccMessageApi.d.ts +28 -1
  38. package/icc-api/api/IccMessageApi.js +294 -191
  39. package/icc-api/api/IccMessageApi.js.map +1 -1
  40. package/icc-api/api/IccPatientApi.d.ts +12 -1
  41. package/icc-api/api/IccPatientApi.js +447 -351
  42. package/icc-api/api/IccPatientApi.js.map +1 -1
  43. package/icc-api/api/IccReceiptApi.d.ts +22 -8
  44. package/icc-api/api/IccReceiptApi.js +121 -64
  45. package/icc-api/api/IccReceiptApi.js.map +1 -1
  46. package/icc-api/api/IccRestApiPath.js +1 -1
  47. package/icc-api/api/IccRestApiPath.js.map +1 -1
  48. package/icc-api/api/IccSecureDelegationKeyMapApi.d.ts +26 -0
  49. package/icc-api/api/IccSecureDelegationKeyMapApi.js +71 -0
  50. package/icc-api/api/IccSecureDelegationKeyMapApi.js.map +1 -0
  51. package/icc-api/api/IccTimeTableApi.d.ts +12 -1
  52. package/icc-api/api/IccTimeTableApi.js +86 -48
  53. package/icc-api/api/IccTimeTableApi.js.map +1 -1
  54. package/icc-api/api/IccTopicApi.d.ts +90 -0
  55. package/icc-api/api/IccTopicApi.js +193 -0
  56. package/icc-api/api/IccTopicApi.js.map +1 -0
  57. package/icc-api/index.d.ts +2 -0
  58. package/icc-api/index.js +2 -0
  59. package/icc-api/index.js.map +1 -1
  60. package/icc-api/model/AbstractFilterMessage.d.ts +15 -0
  61. package/icc-api/model/AbstractFilterMessage.js +21 -0
  62. package/icc-api/model/AbstractFilterMessage.js.map +1 -0
  63. package/icc-api/model/AbstractFilterTopic.d.ts +15 -0
  64. package/icc-api/model/AbstractFilterTopic.js +21 -0
  65. package/icc-api/model/AbstractFilterTopic.js.map +1 -0
  66. package/icc-api/model/AccessLog.d.ts +2 -0
  67. package/icc-api/model/AccessLog.js.map +1 -1
  68. package/icc-api/model/Article.d.ts +2 -0
  69. package/icc-api/model/Article.js.map +1 -1
  70. package/icc-api/model/CalendarItem.d.ts +2 -0
  71. package/icc-api/model/CalendarItem.js.map +1 -1
  72. package/icc-api/model/Classification.d.ts +2 -0
  73. package/icc-api/model/Classification.js.map +1 -1
  74. package/icc-api/model/ClassificationTemplate.d.ts +2 -0
  75. package/icc-api/model/ClassificationTemplate.js.map +1 -1
  76. package/icc-api/model/Connection.d.ts +1 -1
  77. package/icc-api/model/Connection.js.map +1 -1
  78. package/icc-api/model/Contact.d.ts +2 -0
  79. package/icc-api/model/Contact.js.map +1 -1
  80. package/icc-api/model/Device.d.ts +4 -4
  81. package/icc-api/model/Device.js.map +1 -1
  82. package/icc-api/model/Document.d.ts +2 -0
  83. package/icc-api/model/Document.js.map +1 -1
  84. package/icc-api/model/ExchangeDataMapCreationBatch.d.ts +13 -0
  85. package/icc-api/model/ExchangeDataMapCreationBatch.js +10 -0
  86. package/icc-api/model/ExchangeDataMapCreationBatch.js.map +1 -0
  87. package/icc-api/model/FilterChainMessage.d.ts +19 -0
  88. package/icc-api/model/FilterChainMessage.js +11 -0
  89. package/icc-api/model/FilterChainMessage.js.map +1 -0
  90. package/icc-api/model/FilterChainTopic.d.ts +19 -0
  91. package/icc-api/model/FilterChainTopic.js +11 -0
  92. package/icc-api/model/FilterChainTopic.js.map +1 -0
  93. package/icc-api/model/Form.d.ts +2 -0
  94. package/icc-api/model/Form.js.map +1 -1
  95. package/icc-api/model/HealthElement.d.ts +2 -0
  96. package/icc-api/model/HealthElement.js.map +1 -1
  97. package/icc-api/model/HealthcareParty.d.ts +2 -2
  98. package/icc-api/model/HealthcareParty.js +13 -1
  99. package/icc-api/model/HealthcareParty.js.map +1 -1
  100. package/icc-api/model/IcureStub.d.ts +2 -0
  101. package/icc-api/model/IcureStub.js.map +1 -1
  102. package/icc-api/model/Invoice.d.ts +2 -0
  103. package/icc-api/model/Invoice.js.map +1 -1
  104. package/icc-api/model/MaintenanceTask.d.ts +13 -10
  105. package/icc-api/model/MaintenanceTask.js +13 -11
  106. package/icc-api/model/MaintenanceTask.js.map +1 -1
  107. package/icc-api/model/Message.d.ts +2 -0
  108. package/icc-api/model/Message.js.map +1 -1
  109. package/icc-api/model/PaginatedListExchangeData.d.ts +9 -0
  110. package/icc-api/model/PaginatedListExchangeData.js +10 -0
  111. package/icc-api/model/PaginatedListExchangeData.js.map +1 -0
  112. package/icc-api/model/PaginatedListTopic.d.ts +20 -0
  113. package/icc-api/model/PaginatedListTopic.js +10 -0
  114. package/icc-api/model/PaginatedListTopic.js.map +1 -0
  115. package/icc-api/model/Patient.d.ts +4 -2
  116. package/icc-api/model/Patient.js.map +1 -1
  117. package/icc-api/model/PatientByHcPartyGenderEducationProfession.d.ts +31 -0
  118. package/icc-api/model/PatientByHcPartyGenderEducationProfession.js +32 -0
  119. package/icc-api/model/PatientByHcPartyGenderEducationProfession.js.map +1 -0
  120. package/icc-api/model/Receipt.d.ts +2 -0
  121. package/icc-api/model/Receipt.js.map +1 -1
  122. package/icc-api/model/SecureDelegation.d.ts +52 -0
  123. package/icc-api/model/SecureDelegation.js +16 -0
  124. package/icc-api/model/SecureDelegation.js.map +1 -0
  125. package/icc-api/model/SecurityMetadata.d.ts +33 -0
  126. package/icc-api/model/SecurityMetadata.js +13 -0
  127. package/icc-api/model/SecurityMetadata.js.map +1 -0
  128. package/icc-api/model/Service.d.ts +2 -0
  129. package/icc-api/model/Service.js.map +1 -1
  130. package/icc-api/model/TimeTable.d.ts +2 -0
  131. package/icc-api/model/TimeTable.js.map +1 -1
  132. package/icc-api/model/Topic.d.ts +95 -0
  133. package/icc-api/model/Topic.js +16 -0
  134. package/icc-api/model/Topic.js.map +1 -0
  135. package/icc-api/model/internal/ExchangeData.d.ts +64 -0
  136. package/icc-api/model/internal/ExchangeData.js +15 -0
  137. package/icc-api/model/internal/ExchangeData.js.map +1 -0
  138. package/icc-api/model/internal/ExchangeDataMap.d.ts +24 -0
  139. package/icc-api/model/internal/ExchangeDataMap.js +13 -0
  140. package/icc-api/model/internal/ExchangeDataMap.js.map +1 -0
  141. package/icc-api/model/internal/SecureDelegationKeyMap.d.ts +14 -0
  142. package/icc-api/model/internal/SecureDelegationKeyMap.js +13 -0
  143. package/icc-api/model/internal/SecureDelegationKeyMap.js.map +1 -0
  144. package/icc-api/model/models.d.ts +26 -40
  145. package/icc-api/model/models.js +19 -37
  146. package/icc-api/model/models.js.map +1 -1
  147. package/icc-api/model/requests/EntityBulkShareResult.d.ts +28 -0
  148. package/icc-api/model/requests/EntityBulkShareResult.js +16 -0
  149. package/icc-api/model/requests/EntityBulkShareResult.js.map +1 -0
  150. package/icc-api/model/requests/EntityShareOrMetadataUpdateRequest.d.ts +10 -0
  151. package/icc-api/model/requests/EntityShareOrMetadataUpdateRequest.js +17 -0
  152. package/icc-api/model/requests/EntityShareOrMetadataUpdateRequest.js.map +1 -0
  153. package/icc-api/model/requests/EntityShareRequest.d.ts +110 -0
  154. package/icc-api/model/requests/EntityShareRequest.js +63 -0
  155. package/icc-api/model/requests/EntityShareRequest.js.map +1 -0
  156. package/icc-api/model/requests/EntitySharedMetadataUpdateRequest.d.ts +54 -0
  157. package/icc-api/model/requests/EntitySharedMetadataUpdateRequest.js +24 -0
  158. package/icc-api/model/requests/EntitySharedMetadataUpdateRequest.js.map +1 -0
  159. package/icc-api/model/requests/MinimalEntityBulkShareResult.d.ts +23 -0
  160. package/icc-api/model/requests/MinimalEntityBulkShareResult.js +13 -0
  161. package/icc-api/model/requests/MinimalEntityBulkShareResult.js.map +1 -0
  162. package/icc-api/model/requests/RejectedShareOrMetadataUpdateRequest.d.ts +21 -0
  163. package/icc-api/model/requests/RejectedShareOrMetadataUpdateRequest.js +14 -0
  164. package/icc-api/model/requests/RejectedShareOrMetadataUpdateRequest.js.map +1 -0
  165. package/icc-x-api/basexapi/EncryptedEntityXApi.d.ts +55 -6
  166. package/icc-x-api/basexapi/EncryptedEntityXApi.js.map +1 -1
  167. package/icc-x-api/crypto/AES.js +1 -1
  168. package/icc-x-api/crypto/AES.js.map +1 -1
  169. package/icc-x-api/crypto/AccessControlKeysHeadersProvider.d.ts +18 -0
  170. package/icc-x-api/crypto/AccessControlKeysHeadersProvider.js +50 -0
  171. package/icc-x-api/crypto/AccessControlKeysHeadersProvider.js.map +1 -0
  172. package/icc-x-api/crypto/AccessControlSecretUtils.d.ts +43 -0
  173. package/icc-x-api/crypto/AccessControlSecretUtils.js +97 -0
  174. package/icc-x-api/crypto/AccessControlSecretUtils.js.map +1 -0
  175. package/icc-x-api/crypto/BaseExchangeDataManager.d.ts +146 -0
  176. package/icc-x-api/crypto/BaseExchangeDataManager.js +342 -0
  177. package/icc-x-api/crypto/BaseExchangeDataManager.js.map +1 -0
  178. package/icc-x-api/crypto/BaseExchangeKeysManager.d.ts +0 -18
  179. package/icc-x-api/crypto/BaseExchangeKeysManager.js +11 -85
  180. package/icc-x-api/crypto/BaseExchangeKeysManager.js.map +1 -1
  181. package/icc-x-api/crypto/ConfidentialEntities.d.ts +26 -16
  182. package/icc-x-api/crypto/ConfidentialEntities.js +30 -17
  183. package/icc-x-api/crypto/ConfidentialEntities.js.map +1 -1
  184. package/icc-x-api/crypto/CryptoStrategies.d.ts +8 -1
  185. package/icc-x-api/crypto/CryptoStrategies.js.map +1 -1
  186. package/icc-x-api/crypto/DelegationsDeAnonymization.d.ts +44 -0
  187. package/icc-x-api/crypto/DelegationsDeAnonymization.js +235 -0
  188. package/icc-x-api/crypto/DelegationsDeAnonymization.js.map +1 -0
  189. package/icc-x-api/crypto/ExchangeDataManager.d.ts +97 -0
  190. package/icc-x-api/crypto/ExchangeDataManager.js +501 -0
  191. package/icc-x-api/crypto/ExchangeDataManager.js.map +1 -0
  192. package/icc-x-api/crypto/ExchangeDataMapManager.d.ts +32 -0
  193. package/icc-x-api/crypto/ExchangeDataMapManager.js +70 -0
  194. package/icc-x-api/crypto/ExchangeDataMapManager.js.map +1 -0
  195. package/icc-x-api/crypto/ExchangeKeysManager.d.ts +4 -16
  196. package/icc-x-api/crypto/ExchangeKeysManager.js +4 -62
  197. package/icc-x-api/crypto/ExchangeKeysManager.js.map +1 -1
  198. package/icc-x-api/crypto/ExtendedApisUtils.d.ts +326 -0
  199. package/icc-x-api/crypto/ExtendedApisUtils.js +3 -0
  200. package/icc-x-api/crypto/ExtendedApisUtils.js.map +1 -0
  201. package/icc-x-api/crypto/ExtendedApisUtilsImpl.d.ts +174 -0
  202. package/icc-x-api/crypto/ExtendedApisUtilsImpl.js +559 -0
  203. package/icc-x-api/crypto/ExtendedApisUtilsImpl.js.map +1 -0
  204. package/icc-x-api/crypto/KeyRecovery.d.ts +5 -2
  205. package/icc-x-api/crypto/KeyRecovery.js +59 -29
  206. package/icc-x-api/crypto/KeyRecovery.js.map +1 -1
  207. package/icc-x-api/crypto/LegacyCryptoStrategies.d.ts +7 -2
  208. package/icc-x-api/crypto/LegacyCryptoStrategies.js +8 -1
  209. package/icc-x-api/crypto/LegacyCryptoStrategies.js.map +1 -1
  210. package/icc-x-api/crypto/LegacyDelegationSecurityMetadataDecryptor.d.ts +33 -0
  211. package/icc-x-api/crypto/LegacyDelegationSecurityMetadataDecryptor.js +141 -0
  212. package/icc-x-api/crypto/LegacyDelegationSecurityMetadataDecryptor.js.map +1 -0
  213. package/icc-x-api/crypto/RSA.d.ts +34 -8
  214. package/icc-x-api/crypto/RSA.js +80 -13
  215. package/icc-x-api/crypto/RSA.js.map +1 -1
  216. package/icc-x-api/crypto/SecureDelegationsEncryption.d.ts +54 -0
  217. package/icc-x-api/crypto/SecureDelegationsEncryption.js +178 -0
  218. package/icc-x-api/crypto/SecureDelegationsEncryption.js.map +1 -0
  219. package/icc-x-api/crypto/SecureDelegationsManager.d.ts +66 -0
  220. package/icc-x-api/crypto/SecureDelegationsManager.js +261 -0
  221. package/icc-x-api/crypto/SecureDelegationsManager.js.map +1 -0
  222. package/icc-x-api/crypto/SecureDelegationsSecurityMetadataDecryptor.d.ts +46 -0
  223. package/icc-x-api/crypto/SecureDelegationsSecurityMetadataDecryptor.js +312 -0
  224. package/icc-x-api/crypto/SecureDelegationsSecurityMetadataDecryptor.js.map +1 -0
  225. package/icc-x-api/crypto/SecurityMetadataDecryptor.d.ts +97 -0
  226. package/icc-x-api/crypto/SecurityMetadataDecryptor.js +79 -0
  227. package/icc-x-api/crypto/SecurityMetadataDecryptor.js.map +1 -0
  228. package/icc-x-api/crypto/ShamirKeysManager.d.ts +5 -5
  229. package/icc-x-api/crypto/ShamirKeysManager.js +6 -9
  230. package/icc-x-api/crypto/ShamirKeysManager.js.map +1 -1
  231. package/icc-x-api/crypto/TransferKeysManager.d.ts +8 -6
  232. package/icc-x-api/crypto/TransferKeysManager.js +75 -52
  233. package/icc-x-api/crypto/TransferKeysManager.js.map +1 -1
  234. package/icc-x-api/crypto/{KeyManager.d.ts → UserEncryptionKeysManager.d.ts} +4 -6
  235. package/icc-x-api/crypto/{KeyManager.js → UserEncryptionKeysManager.js} +43 -23
  236. package/icc-x-api/crypto/UserEncryptionKeysManager.js.map +1 -0
  237. package/icc-x-api/crypto/UserSignatureKeysManager.d.ts +26 -0
  238. package/icc-x-api/crypto/UserSignatureKeysManager.js +74 -0
  239. package/icc-x-api/crypto/UserSignatureKeysManager.js.map +1 -0
  240. package/icc-x-api/crypto/utils.d.ts +61 -11
  241. package/icc-x-api/crypto/utils.js +113 -44
  242. package/icc-x-api/crypto/utils.js.map +1 -1
  243. package/icc-x-api/filters/LatestMessageByHcPartyTransportGuidFilter.d.ts +8 -0
  244. package/icc-x-api/filters/LatestMessageByHcPartyTransportGuidFilter.js +13 -0
  245. package/icc-x-api/filters/LatestMessageByHcPartyTransportGuidFilter.js.map +1 -0
  246. package/icc-x-api/filters/MessageByHcPartyFilter.d.ts +7 -0
  247. package/icc-x-api/filters/MessageByHcPartyFilter.js +13 -0
  248. package/icc-x-api/filters/MessageByHcPartyFilter.js.map +1 -0
  249. package/icc-x-api/filters/MessageByHcPartyTransportGuidFilter.d.ts +8 -0
  250. package/icc-x-api/filters/MessageByHcPartyTransportGuidFilter.js +13 -0
  251. package/icc-x-api/filters/MessageByHcPartyTransportGuidFilter.js.map +1 -0
  252. package/icc-x-api/filters/TopicByHcPartyFilter.d.ts +7 -0
  253. package/icc-x-api/filters/TopicByHcPartyFilter.js +13 -0
  254. package/icc-x-api/filters/TopicByHcPartyFilter.js.map +1 -0
  255. package/icc-x-api/filters/TopicByParticipantFilter.d.ts +7 -0
  256. package/icc-x-api/filters/TopicByParticipantFilter.js +13 -0
  257. package/icc-x-api/filters/TopicByParticipantFilter.js.map +1 -0
  258. package/icc-x-api/filters/filters.d.ts +5 -0
  259. package/icc-x-api/filters/filters.js +5 -0
  260. package/icc-x-api/filters/filters.js.map +1 -1
  261. package/icc-x-api/icc-accesslog-x-api.d.ts +49 -12
  262. package/icc-x-api/icc-accesslog-x-api.js +81 -44
  263. package/icc-x-api/icc-accesslog-x-api.js.map +1 -1
  264. package/icc-x-api/icc-calendar-item-x-api.d.ts +53 -15
  265. package/icc-x-api/icc-calendar-item-x-api.js +105 -51
  266. package/icc-x-api/icc-calendar-item-x-api.js.map +1 -1
  267. package/icc-x-api/icc-classification-x-api.d.ts +47 -10
  268. package/icc-x-api/icc-classification-x-api.js +62 -33
  269. package/icc-x-api/icc-classification-x-api.js.map +1 -1
  270. package/icc-x-api/icc-contact-x-api.d.ts +59 -33
  271. package/icc-x-api/icc-contact-x-api.js +101 -66
  272. package/icc-x-api/icc-contact-x-api.js.map +1 -1
  273. package/icc-x-api/icc-crypto-x-api.d.ts +33 -333
  274. package/icc-x-api/icc-crypto-x-api.js +47 -764
  275. package/icc-x-api/icc-crypto-x-api.js.map +1 -1
  276. package/icc-x-api/icc-data-owner-x-api.d.ts +20 -8
  277. package/icc-x-api/icc-data-owner-x-api.js +31 -10
  278. package/icc-x-api/icc-data-owner-x-api.js.map +1 -1
  279. package/icc-x-api/icc-document-x-api.d.ts +51 -12
  280. package/icc-x-api/icc-document-x-api.js +117 -66
  281. package/icc-x-api/icc-document-x-api.js.map +1 -1
  282. package/icc-x-api/icc-form-x-api.d.ts +48 -11
  283. package/icc-x-api/icc-form-x-api.js +71 -37
  284. package/icc-x-api/icc-form-x-api.js.map +1 -1
  285. package/icc-x-api/icc-hcparty-x-api.d.ts +2 -2
  286. package/icc-x-api/icc-hcparty-x-api.js +3 -3
  287. package/icc-x-api/icc-hcparty-x-api.js.map +1 -1
  288. package/icc-x-api/icc-helement-x-api.d.ts +59 -20
  289. package/icc-x-api/icc-helement-x-api.js +78 -43
  290. package/icc-x-api/icc-helement-x-api.js.map +1 -1
  291. package/icc-x-api/icc-icure-maintenance-x-api.d.ts +7 -2
  292. package/icc-x-api/icc-icure-maintenance-x-api.js +38 -27
  293. package/icc-x-api/icc-icure-maintenance-x-api.js.map +1 -1
  294. package/icc-x-api/icc-invoice-x-api.d.ts +53 -16
  295. package/icc-x-api/icc-invoice-x-api.js +69 -35
  296. package/icc-x-api/icc-invoice-x-api.js.map +1 -1
  297. package/icc-x-api/icc-maintenance-task-x-api.d.ts +56 -22
  298. package/icc-x-api/icc-maintenance-task-x-api.js +77 -36
  299. package/icc-x-api/icc-maintenance-task-x-api.js.map +1 -1
  300. package/icc-x-api/icc-message-x-api.d.ts +75 -19
  301. package/icc-x-api/icc-message-x-api.js +126 -37
  302. package/icc-x-api/icc-message-x-api.js.map +1 -1
  303. package/icc-x-api/icc-patient-x-api.d.ts +86 -29
  304. package/icc-x-api/icc-patient-x-api.js +318 -379
  305. package/icc-x-api/icc-patient-x-api.js.map +1 -1
  306. package/icc-x-api/icc-receipt-x-api.d.ts +47 -13
  307. package/icc-x-api/icc-receipt-x-api.js +72 -36
  308. package/icc-x-api/icc-receipt-x-api.js.map +1 -1
  309. package/icc-x-api/icc-time-table-x-api.d.ts +46 -13
  310. package/icc-x-api/icc-time-table-x-api.js +61 -27
  311. package/icc-x-api/icc-time-table-x-api.js.map +1 -1
  312. package/icc-x-api/icc-topic-x-api.d.ts +191 -0
  313. package/icc-x-api/icc-topic-x-api.js +307 -0
  314. package/icc-x-api/icc-topic-x-api.js.map +1 -0
  315. package/icc-x-api/icc-user-x-api.d.ts +2 -2
  316. package/icc-x-api/icc-user-x-api.js +3 -3
  317. package/icc-x-api/icc-user-x-api.js.map +1 -1
  318. package/icc-x-api/index.d.ts +18 -2
  319. package/icc-x-api/index.js +203 -156
  320. package/icc-x-api/index.js.map +1 -1
  321. package/icc-x-api/maintenance/KeyPairUpdateRequest.d.ts +1 -1
  322. package/icc-x-api/storage/DefaultStorageEntryKeysFactory.d.ts +2 -0
  323. package/icc-x-api/storage/DefaultStorageEntryKeysFactory.js +9 -2
  324. package/icc-x-api/storage/DefaultStorageEntryKeysFactory.js.map +1 -1
  325. package/icc-x-api/storage/IcureStorageFacade.d.ts +23 -2
  326. package/icc-x-api/storage/IcureStorageFacade.js +36 -2
  327. package/icc-x-api/storage/IcureStorageFacade.js.map +1 -1
  328. package/icc-x-api/storage/KeyStorageFacade.d.ts +12 -0
  329. package/icc-x-api/storage/KeyStorageFacade.js.map +1 -1
  330. package/icc-x-api/storage/KeyStorageImpl.d.ts +2 -0
  331. package/icc-x-api/storage/KeyStorageImpl.js +10 -0
  332. package/icc-x-api/storage/KeyStorageImpl.js.map +1 -1
  333. package/icc-x-api/storage/StorageEntryKeysFactory.d.ts +14 -1
  334. package/icc-x-api/storage/StorageEntryKeysFactory.js.map +1 -1
  335. package/icc-x-api/utils/EntityWithDelegationTypeName.d.ts +32 -0
  336. package/icc-x-api/utils/EntityWithDelegationTypeName.js +75 -0
  337. package/icc-x-api/utils/EntityWithDelegationTypeName.js.map +1 -0
  338. package/icc-x-api/utils/ShareResult.d.ts +74 -0
  339. package/icc-x-api/utils/ShareResult.js +61 -0
  340. package/icc-x-api/utils/ShareResult.js.map +1 -0
  341. package/icc-x-api/utils/binary-utils.d.ts +1 -0
  342. package/icc-x-api/utils/binary-utils.js +8 -1
  343. package/icc-x-api/utils/binary-utils.js.map +1 -1
  344. package/icc-x-api/utils/collection-utils.d.ts +5 -0
  345. package/icc-x-api/utils/collection-utils.js +26 -1
  346. package/icc-x-api/utils/collection-utils.js.map +1 -1
  347. package/icc-x-api/utils/crypto-utils.d.ts +4 -3
  348. package/icc-x-api/utils/crypto-utils.js +5 -4
  349. package/icc-x-api/utils/crypto-utils.js.map +1 -1
  350. package/icc-x-api/utils/lru-temporised-async-cache.d.ts +26 -3
  351. package/icc-x-api/utils/lru-temporised-async-cache.js +75 -15
  352. package/icc-x-api/utils/lru-temporised-async-cache.js.map +1 -1
  353. package/icc-x-api/utils/websocket.d.ts +14 -10
  354. package/icc-x-api/utils/websocket.js +26 -9
  355. package/icc-x-api/utils/websocket.js.map +1 -1
  356. package/index.d.ts +1 -1
  357. package/index.js +3 -1
  358. package/index.js.map +1 -1
  359. package/package.json +2 -3
  360. package/icc-x-api/crypto/EntitiesEncryption.d.ts +0 -275
  361. package/icc-x-api/crypto/EntitiesEncryption.js +0 -734
  362. package/icc-x-api/crypto/EntitiesEncryption.js.map +0 -1
  363. package/icc-x-api/crypto/KeyManager.js.map +0 -1
@@ -0,0 +1,178 @@
1
+ "use strict";
2
+ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
3
+ function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
4
+ return new (P || (P = Promise))(function (resolve, reject) {
5
+ function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
6
+ function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
7
+ function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
8
+ step((generator = generator.apply(thisArg, _arguments || [])).next());
9
+ });
10
+ };
11
+ Object.defineProperty(exports, "__esModule", { value: true });
12
+ exports.SecureDelegationsEncryption = void 0;
13
+ const utils_1 = require("../utils");
14
+ const utils_2 = require("./utils");
15
+ /**
16
+ * @internal this class is for internal use only and may be changed without notice.
17
+ */
18
+ class SecureDelegationsEncryption {
19
+ constructor(userKeys, primitives) {
20
+ this.userKeys = userKeys;
21
+ this.primitives = primitives;
22
+ /**
23
+ * WARNING: this values should be ALWAYS be the string 'Cure' and its utf-8 bytes. If changed, it would not be possible to decrypt old secretIds and owningEntityIds
24
+ * anymore.
25
+ * @private
26
+ */
27
+ this.decryptionValidatorPrefix = 'Cure';
28
+ this.decryptionValidatorBytes = (0, utils_1.utf8_2ua)(this.decryptionValidatorPrefix);
29
+ }
30
+ /**
31
+ * Check if a Uint8Array or an Array buffer contains the decryption validator prefix.
32
+ * @param bytes an ArrayBuffer or Uint8Array to verify.
33
+ * @return true if the buffer contains the prefix, false otherwise.
34
+ */
35
+ prefixVerification(bytes) {
36
+ const arrayToVerify = bytes instanceof Uint8Array ? bytes : new Uint8Array(bytes);
37
+ if (arrayToVerify.length < this.decryptionValidatorBytes.length)
38
+ return false;
39
+ let result = true;
40
+ for (let i = 0; i < this.decryptionValidatorBytes.length; i++) {
41
+ result = result && this.decryptionValidatorBytes[i] === arrayToVerify[i];
42
+ }
43
+ return result;
44
+ }
45
+ /**
46
+ * If the secure delegation has an encrypted exchange data id attempts to decrypt it with the available keys for the current user.
47
+ * @param encryptedExchangeIds a map that associates an encrypted exchange data id to the fingerprint of the public key used to encrypt it.
48
+ * @return the id of the exchange data used for the encryption of the provided secure delegation if it was encrypted and could be decrypted,
49
+ * undefined otherwise (there was no encrypted id of the exchange data, or it could not be decrypted as no key was available).
50
+ */
51
+ decryptExchangeDataId(encryptedExchangeIds) {
52
+ var _a;
53
+ return __awaiter(this, void 0, void 0, function* () {
54
+ const decryptionKeys = this.userKeys.getDecryptionKeys();
55
+ const decryptionKeysV2 = Object.fromEntries(Object.entries(decryptionKeys).map(([fp, keyPair]) => [(0, utils_2.fingerprintIsV1)(fp) ? (0, utils_2.fingerprintV1toV2)(fp) : fp, keyPair]));
56
+ for (const [fp, encryptedId] of Object.entries(encryptedExchangeIds)) {
57
+ const key = (_a = decryptionKeys === null || decryptionKeys === void 0 ? void 0 : decryptionKeys[fp]) !== null && _a !== void 0 ? _a : decryptionKeysV2 === null || decryptionKeysV2 === void 0 ? void 0 : decryptionKeysV2[fp];
58
+ if (key)
59
+ return (0, utils_1.ua2utf8)(yield this.primitives.RSA.decrypt(key.privateKey, (0, utils_1.b64_2ua)(encryptedId)));
60
+ }
61
+ return undefined;
62
+ });
63
+ }
64
+ /**
65
+ * Encrypts the exchange data id for a secure delegation. To avoid leaks of sensitive data the provided public keys should be only keys of users
66
+ * which DO NOT REQUIRE anonymous delegations
67
+ */
68
+ encryptExchangeDataId(exchangeDataId, publicKeys) {
69
+ return __awaiter(this, void 0, void 0, function* () {
70
+ const res = {};
71
+ for (const [fp, key] of Object.entries(publicKeys)) {
72
+ res[fp] = (0, utils_1.ua2b64)(yield this.primitives.RSA.encrypt(key, (0, utils_1.utf8_2ua)(exchangeDataId)));
73
+ }
74
+ return res;
75
+ });
76
+ }
77
+ encryptEncryptionKey(hexKey, key) {
78
+ return __awaiter(this, void 0, void 0, function* () {
79
+ return (0, utils_1.ua2b64)(yield this.primitives.AES.encrypt(key, (0, utils_1.concat_uas)(this.decryptionValidatorBytes, (0, utils_1.hex2ua)(hexKey))));
80
+ });
81
+ }
82
+ encryptEncryptionKeys(hexKeys, key) {
83
+ return __awaiter(this, void 0, void 0, function* () {
84
+ const res = [];
85
+ for (const hexKey of hexKeys) {
86
+ res.push(yield this.encryptEncryptionKey(hexKey, key));
87
+ }
88
+ return res;
89
+ });
90
+ }
91
+ decryptEncryptionKey(encrypted, key) {
92
+ return __awaiter(this, void 0, void 0, function* () {
93
+ const probableKey = yield this.primitives.AES.decrypt(key, (0, utils_1.b64_2ua)(encrypted));
94
+ if (!this.prefixVerification(probableKey)) {
95
+ throw new Error('Invalid encryption key');
96
+ }
97
+ return (0, utils_1.ua2hex)(probableKey.slice(this.decryptionValidatorBytes.length));
98
+ });
99
+ }
100
+ decryptEncryptionKeys(delegation, key) {
101
+ var _a;
102
+ return __awaiter(this, void 0, void 0, function* () {
103
+ const res = [];
104
+ for (const encrypted of (_a = delegation.encryptionKeys) !== null && _a !== void 0 ? _a : []) {
105
+ res.push(yield this.decryptEncryptionKey(encrypted, key));
106
+ }
107
+ return res;
108
+ });
109
+ }
110
+ encryptSecretId(secretId, key) {
111
+ return __awaiter(this, void 0, void 0, function* () {
112
+ return (0, utils_1.ua2b64)(yield this.primitives.AES.encrypt(key, (0, utils_1.utf8_2ua)(this.decryptionValidatorPrefix + secretId)));
113
+ });
114
+ }
115
+ encryptSecretIds(secretIds, key) {
116
+ return __awaiter(this, void 0, void 0, function* () {
117
+ const res = [];
118
+ for (const secretId of secretIds) {
119
+ res.push(yield this.encryptSecretId(secretId, key));
120
+ }
121
+ return res;
122
+ });
123
+ }
124
+ decryptSecretId(encrypted, key) {
125
+ return __awaiter(this, void 0, void 0, function* () {
126
+ const probableSecretId = (0, utils_1.ua2utf8)(yield this.primitives.AES.decrypt(key, (0, utils_1.b64_2ua)(encrypted)));
127
+ if (probableSecretId.substring(0, this.decryptionValidatorPrefix.length) !== this.decryptionValidatorPrefix) {
128
+ throw new Error('Invalid secretID');
129
+ }
130
+ return probableSecretId.substring(this.decryptionValidatorPrefix.length);
131
+ });
132
+ }
133
+ decryptSecretIds(delegation, key) {
134
+ var _a;
135
+ return __awaiter(this, void 0, void 0, function* () {
136
+ const res = [];
137
+ for (const encrypted of (_a = delegation.secretIds) !== null && _a !== void 0 ? _a : []) {
138
+ res.push(yield this.decryptSecretId(encrypted, key));
139
+ }
140
+ return res;
141
+ });
142
+ }
143
+ encryptOwningEntityId(owningEntityId, key) {
144
+ return __awaiter(this, void 0, void 0, function* () {
145
+ return (0, utils_1.ua2b64)(yield this.primitives.AES.encrypt(key, (0, utils_1.utf8_2ua)(this.decryptionValidatorPrefix + owningEntityId)));
146
+ });
147
+ }
148
+ encryptOwningEntityIds(owningEntityIds, key) {
149
+ return __awaiter(this, void 0, void 0, function* () {
150
+ const res = [];
151
+ for (const owningEntityId of owningEntityIds) {
152
+ res.push(yield this.encryptOwningEntityId(owningEntityId, key));
153
+ }
154
+ return res;
155
+ });
156
+ }
157
+ decryptOwningEntityId(encrypted, key) {
158
+ return __awaiter(this, void 0, void 0, function* () {
159
+ const probableOwningEntityId = (0, utils_1.ua2utf8)(yield this.primitives.AES.decrypt(key, (0, utils_1.b64_2ua)(encrypted)));
160
+ if (probableOwningEntityId.substring(0, this.decryptionValidatorPrefix.length) !== this.decryptionValidatorPrefix) {
161
+ throw new Error('Invalid Owning Entity id');
162
+ }
163
+ return probableOwningEntityId.substring(this.decryptionValidatorPrefix.length);
164
+ });
165
+ }
166
+ decryptOwningEntityIds(delegation, key) {
167
+ var _a;
168
+ return __awaiter(this, void 0, void 0, function* () {
169
+ const res = [];
170
+ for (const encrypted of (_a = delegation.owningEntityIds) !== null && _a !== void 0 ? _a : []) {
171
+ res.push(yield this.decryptOwningEntityId(encrypted, key));
172
+ }
173
+ return res;
174
+ });
175
+ }
176
+ }
177
+ exports.SecureDelegationsEncryption = SecureDelegationsEncryption;
178
+ //# sourceMappingURL=SecureDelegationsEncryption.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"SecureDelegationsEncryption.js","sourceRoot":"","sources":["../../../icc-x-api/crypto/SecureDelegationsEncryption.ts"],"names":[],"mappings":";;;;;;;;;;;;AACA,oCAAyF;AAGzF,mCAA4D;AAE5D;;GAEG;AACH,MAAa,2BAA2B;IACtC,YAA6B,QAAmC,EAAmB,UAA4B;QAAlF,aAAQ,GAAR,QAAQ,CAA2B;QAAmB,eAAU,GAAV,UAAU,CAAkB;QAE/G;;;;WAIG;QACc,8BAAyB,GAAW,MAAM,CAAA;QAC1C,6BAAwB,GAAe,IAAA,gBAAQ,EAAC,IAAI,CAAC,yBAAyB,CAAC,CAAA;IARkB,CAAC;IAUnH;;;;OAIG;IACK,kBAAkB,CAAC,KAA+B;QACxD,MAAM,aAAa,GAAG,KAAK,YAAY,UAAU,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,UAAU,CAAC,KAAK,CAAC,CAAA;QACjF,IAAI,aAAa,CAAC,MAAM,GAAG,IAAI,CAAC,wBAAwB,CAAC,MAAM;YAAE,OAAO,KAAK,CAAA;QAC7E,IAAI,MAAM,GAAG,IAAI,CAAA;QACjB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,wBAAwB,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE;YAC7D,MAAM,GAAG,MAAM,IAAI,IAAI,CAAC,wBAAwB,CAAC,CAAC,CAAC,KAAK,aAAa,CAAC,CAAC,CAAC,CAAA;SACzE;QACD,OAAO,MAAM,CAAA;IACf,CAAC;IAED;;;;;OAKG;IACG,qBAAqB,CAAC,oBAA8C;;;YACxE,MAAM,cAAc,GAAG,IAAI,CAAC,QAAQ,CAAC,iBAAiB,EAAE,CAAA;YACxD,MAAM,gBAAgB,GAAG,MAAM,CAAC,WAAW,CACzC,MAAM,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,OAAO,CAAC,EAAE,EAAE,CAAC,CAAC,IAAA,uBAAe,EAAC,EAAE,CAAC,CAAC,CAAC,CAAC,IAAA,yBAAiB,EAAC,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,OAAO,CAAC,CAAC,CACnH,CAAA;YACD,KAAK,MAAM,CAAC,EAAE,EAAE,WAAW,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,oBAAoB,CAAC,EAAE;gBACpE,MAAM,GAAG,GAAG,MAAA,cAAc,aAAd,cAAc,uBAAd,cAAc,CAAG,EAAE,CAAC,mCAAI,gBAAgB,aAAhB,gBAAgB,uBAAhB,gBAAgB,CAAG,EAAE,CAAC,CAAA;gBAC1D,IAAI,GAAG;oBAAE,OAAO,IAAA,eAAO,EAAC,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,EAAE,IAAA,eAAO,EAAC,WAAW,CAAC,CAAC,CAAC,CAAA;aACjG;YACD,OAAO,SAAS,CAAA;;KACjB;IAED;;;OAGG;IACG,qBAAqB,CAAC,cAAsB,EAAE,UAAuC;;YACzF,MAAM,GAAG,GAAG,EAA8B,CAAA;YAC1C,KAAK,MAAM,CAAC,EAAE,EAAE,GAAG,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE;gBAClD,GAAG,CAAC,EAAE,CAAC,GAAG,IAAA,cAAM,EAAC,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,EAAE,IAAA,gBAAQ,EAAC,cAAc,CAAC,CAAC,CAAC,CAAA;aACnF;YACD,OAAO,GAAG,CAAA;QACZ,CAAC;KAAA;IAEK,oBAAoB,CAAC,MAAc,EAAE,GAAc;;YACvD,OAAO,IAAA,cAAM,EAAC,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,EAAE,IAAA,kBAAU,EAAC,IAAI,CAAC,wBAAwB,EAAE,IAAA,cAAM,EAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAA;QAClH,CAAC;KAAA;IAEK,qBAAqB,CAAC,OAAiB,EAAE,GAAc;;YAC3D,MAAM,GAAG,GAAG,EAAE,CAAA;YACd,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE;gBAC5B,GAAG,CAAC,IAAI,CAAC,MAAM,IAAI,CAAC,oBAAoB,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,CAAA;aACvD;YACD,OAAO,GAAG,CAAA;QACZ,CAAC;KAAA;IAEK,oBAAoB,CAAC,SAAiB,EAAE,GAAc;;YAC1D,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,EAAE,IAAA,eAAO,EAAC,SAAS,CAAC,CAAC,CAAA;YAC9E,IAAI,CAAC,IAAI,CAAC,kBAAkB,CAAC,WAAW,CAAC,EAAE;gBACzC,MAAM,IAAI,KAAK,CAAC,wBAAwB,CAAC,CAAA;aAC1C;YACD,OAAO,IAAA,cAAM,EAAC,WAAW,CAAC,KAAK,CAAC,IAAI,CAAC,wBAAwB,CAAC,MAAM,CAAC,CAAC,CAAA;QACxE,CAAC;KAAA;IAEK,qBAAqB,CAAC,UAA4B,EAAE,GAAc;;;YACtE,MAAM,GAAG,GAAG,EAAE,CAAA;YACd,KAAK,MAAM,SAAS,IAAI,MAAA,UAAU,CAAC,cAAc,mCAAI,EAAE,EAAE;gBACvD,GAAG,CAAC,IAAI,CAAC,MAAM,IAAI,CAAC,oBAAoB,CAAC,SAAS,EAAE,GAAG,CAAC,CAAC,CAAA;aAC1D;YACD,OAAO,GAAG,CAAA;;KACX;IAEK,eAAe,CAAC,QAAgB,EAAE,GAAc;;YACpD,OAAO,IAAA,cAAM,EAAC,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,EAAE,IAAA,gBAAQ,EAAC,IAAI,CAAC,yBAAyB,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAA;QAC5G,CAAC;KAAA;IAEK,gBAAgB,CAAC,SAAmB,EAAE,GAAc;;YACxD,MAAM,GAAG,GAAG,EAAE,CAAA;YACd,KAAK,MAAM,QAAQ,IAAI,SAAS,EAAE;gBAChC,GAAG,CAAC,IAAI,CAAC,MAAM,IAAI,CAAC,eAAe,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC,CAAA;aACpD;YACD,OAAO,GAAG,CAAA;QACZ,CAAC;KAAA;IAEK,eAAe,CAAC,SAAiB,EAAE,GAAc;;YACrD,MAAM,gBAAgB,GAAG,IAAA,eAAO,EAAC,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,EAAE,IAAA,eAAO,EAAC,SAAS,CAAC,CAAC,CAAC,CAAA;YAC5F,IAAI,gBAAgB,CAAC,SAAS,CAAC,CAAC,EAAE,IAAI,CAAC,yBAAyB,CAAC,MAAM,CAAC,KAAK,IAAI,CAAC,yBAAyB,EAAE;gBAC3G,MAAM,IAAI,KAAK,CAAC,kBAAkB,CAAC,CAAA;aACpC;YACD,OAAO,gBAAgB,CAAC,SAAS,CAAC,IAAI,CAAC,yBAAyB,CAAC,MAAM,CAAC,CAAA;QAC1E,CAAC;KAAA;IAEK,gBAAgB,CAAC,UAA4B,EAAE,GAAc;;;YACjE,MAAM,GAAG,GAAG,EAAE,CAAA;YACd,KAAK,MAAM,SAAS,IAAI,MAAA,UAAU,CAAC,SAAS,mCAAI,EAAE,EAAE;gBAClD,GAAG,CAAC,IAAI,CAAC,MAAM,IAAI,CAAC,eAAe,CAAC,SAAS,EAAE,GAAG,CAAC,CAAC,CAAA;aACrD;YACD,OAAO,GAAG,CAAA;;KACX;IAEK,qBAAqB,CAAC,cAAsB,EAAE,GAAc;;YAChE,OAAO,IAAA,cAAM,EAAC,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,EAAE,IAAA,gBAAQ,EAAC,IAAI,CAAC,yBAAyB,GAAG,cAAc,CAAC,CAAC,CAAC,CAAA;QAClH,CAAC;KAAA;IAEK,sBAAsB,CAAC,eAAyB,EAAE,GAAc;;YACpE,MAAM,GAAG,GAAG,EAAE,CAAA;YACd,KAAK,MAAM,cAAc,IAAI,eAAe,EAAE;gBAC5C,GAAG,CAAC,IAAI,CAAC,MAAM,IAAI,CAAC,qBAAqB,CAAC,cAAc,EAAE,GAAG,CAAC,CAAC,CAAA;aAChE;YACD,OAAO,GAAG,CAAA;QACZ,CAAC;KAAA;IAEK,qBAAqB,CAAC,SAAiB,EAAE,GAAc;;YAC3D,MAAM,sBAAsB,GAAG,IAAA,eAAO,EAAC,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,EAAE,IAAA,eAAO,EAAC,SAAS,CAAC,CAAC,CAAC,CAAA;YAClG,IAAI,sBAAsB,CAAC,SAAS,CAAC,CAAC,EAAE,IAAI,CAAC,yBAAyB,CAAC,MAAM,CAAC,KAAK,IAAI,CAAC,yBAAyB,EAAE;gBACjH,MAAM,IAAI,KAAK,CAAC,0BAA0B,CAAC,CAAA;aAC5C;YACD,OAAO,sBAAsB,CAAC,SAAS,CAAC,IAAI,CAAC,yBAAyB,CAAC,MAAM,CAAC,CAAA;QAChF,CAAC;KAAA;IAEK,sBAAsB,CAAC,UAA4B,EAAE,GAAc;;;YACvE,MAAM,GAAG,GAAG,EAAE,CAAA;YACd,KAAK,MAAM,SAAS,IAAI,MAAA,UAAU,CAAC,eAAe,mCAAI,EAAE,EAAE;gBACxD,GAAG,CAAC,IAAI,CAAC,MAAM,IAAI,CAAC,qBAAqB,CAAC,SAAS,EAAE,GAAG,CAAC,CAAC,CAAA;aAC3D;YACD,OAAO,GAAG,CAAA;;KACX;CACF;AA3ID,kEA2IC","sourcesContent":["import { SecureDelegation } from '../../icc-api/model/SecureDelegation'\nimport { b64_2ua, concat_uas, hex2ua, ua2b64, ua2hex, ua2utf8, utf8_2ua } from '../utils'\nimport { UserEncryptionKeysManager } from './UserEncryptionKeysManager'\nimport { CryptoPrimitives } from './CryptoPrimitives'\nimport { fingerprintV1toV2, fingerprintIsV1 } from './utils'\n\n/**\n * @internal this class is for internal use only and may be changed without notice.\n */\nexport class SecureDelegationsEncryption {\n constructor(private readonly userKeys: UserEncryptionKeysManager, private readonly primitives: CryptoPrimitives) {}\n\n /**\n * WARNING: this values should be ALWAYS be the string 'Cure' and its utf-8 bytes. If changed, it would not be possible to decrypt old secretIds and owningEntityIds\n * anymore.\n * @private\n */\n private readonly decryptionValidatorPrefix: string = 'Cure'\n private readonly decryptionValidatorBytes: Uint8Array = utf8_2ua(this.decryptionValidatorPrefix)\n\n /**\n * Check if a Uint8Array or an Array buffer contains the decryption validator prefix.\n * @param bytes an ArrayBuffer or Uint8Array to verify.\n * @return true if the buffer contains the prefix, false otherwise.\n */\n private prefixVerification(bytes: ArrayBuffer | Uint8Array): boolean {\n const arrayToVerify = bytes instanceof Uint8Array ? bytes : new Uint8Array(bytes)\n if (arrayToVerify.length < this.decryptionValidatorBytes.length) return false\n let result = true\n for (let i = 0; i < this.decryptionValidatorBytes.length; i++) {\n result = result && this.decryptionValidatorBytes[i] === arrayToVerify[i]\n }\n return result\n }\n\n /**\n * If the secure delegation has an encrypted exchange data id attempts to decrypt it with the available keys for the current user.\n * @param encryptedExchangeIds a map that associates an encrypted exchange data id to the fingerprint of the public key used to encrypt it.\n * @return the id of the exchange data used for the encryption of the provided secure delegation if it was encrypted and could be decrypted,\n * undefined otherwise (there was no encrypted id of the exchange data, or it could not be decrypted as no key was available).\n */\n async decryptExchangeDataId(encryptedExchangeIds: { [fp: string]: string }): Promise<string | undefined> {\n const decryptionKeys = this.userKeys.getDecryptionKeys()\n const decryptionKeysV2 = Object.fromEntries(\n Object.entries(decryptionKeys).map(([fp, keyPair]) => [fingerprintIsV1(fp) ? fingerprintV1toV2(fp) : fp, keyPair])\n )\n for (const [fp, encryptedId] of Object.entries(encryptedExchangeIds)) {\n const key = decryptionKeys?.[fp] ?? decryptionKeysV2?.[fp]\n if (key) return ua2utf8(await this.primitives.RSA.decrypt(key.privateKey, b64_2ua(encryptedId)))\n }\n return undefined\n }\n\n /**\n * Encrypts the exchange data id for a secure delegation. To avoid leaks of sensitive data the provided public keys should be only keys of users\n * which DO NOT REQUIRE anonymous delegations\n */\n async encryptExchangeDataId(exchangeDataId: string, publicKeys: { [fp: string]: CryptoKey }): Promise<{ [fp: string]: string }> {\n const res = {} as { [fp: string]: string }\n for (const [fp, key] of Object.entries(publicKeys)) {\n res[fp] = ua2b64(await this.primitives.RSA.encrypt(key, utf8_2ua(exchangeDataId)))\n }\n return res\n }\n\n async encryptEncryptionKey(hexKey: string, key: CryptoKey): Promise<string> {\n return ua2b64(await this.primitives.AES.encrypt(key, concat_uas(this.decryptionValidatorBytes, hex2ua(hexKey))))\n }\n\n async encryptEncryptionKeys(hexKeys: string[], key: CryptoKey): Promise<string[]> {\n const res = []\n for (const hexKey of hexKeys) {\n res.push(await this.encryptEncryptionKey(hexKey, key))\n }\n return res\n }\n\n async decryptEncryptionKey(encrypted: string, key: CryptoKey): Promise<string> {\n const probableKey = await this.primitives.AES.decrypt(key, b64_2ua(encrypted))\n if (!this.prefixVerification(probableKey)) {\n throw new Error('Invalid encryption key')\n }\n return ua2hex(probableKey.slice(this.decryptionValidatorBytes.length))\n }\n\n async decryptEncryptionKeys(delegation: SecureDelegation, key: CryptoKey): Promise<string[]> {\n const res = []\n for (const encrypted of delegation.encryptionKeys ?? []) {\n res.push(await this.decryptEncryptionKey(encrypted, key))\n }\n return res\n }\n\n async encryptSecretId(secretId: string, key: CryptoKey): Promise<string> {\n return ua2b64(await this.primitives.AES.encrypt(key, utf8_2ua(this.decryptionValidatorPrefix + secretId)))\n }\n\n async encryptSecretIds(secretIds: string[], key: CryptoKey): Promise<string[]> {\n const res = []\n for (const secretId of secretIds) {\n res.push(await this.encryptSecretId(secretId, key))\n }\n return res\n }\n\n async decryptSecretId(encrypted: string, key: CryptoKey): Promise<string> {\n const probableSecretId = ua2utf8(await this.primitives.AES.decrypt(key, b64_2ua(encrypted)))\n if (probableSecretId.substring(0, this.decryptionValidatorPrefix.length) !== this.decryptionValidatorPrefix) {\n throw new Error('Invalid secretID')\n }\n return probableSecretId.substring(this.decryptionValidatorPrefix.length)\n }\n\n async decryptSecretIds(delegation: SecureDelegation, key: CryptoKey): Promise<string[]> {\n const res = []\n for (const encrypted of delegation.secretIds ?? []) {\n res.push(await this.decryptSecretId(encrypted, key))\n }\n return res\n }\n\n async encryptOwningEntityId(owningEntityId: string, key: CryptoKey): Promise<string> {\n return ua2b64(await this.primitives.AES.encrypt(key, utf8_2ua(this.decryptionValidatorPrefix + owningEntityId)))\n }\n\n async encryptOwningEntityIds(owningEntityIds: string[], key: CryptoKey): Promise<string[]> {\n const res = []\n for (const owningEntityId of owningEntityIds) {\n res.push(await this.encryptOwningEntityId(owningEntityId, key))\n }\n return res\n }\n\n async decryptOwningEntityId(encrypted: string, key: CryptoKey): Promise<string> {\n const probableOwningEntityId = ua2utf8(await this.primitives.AES.decrypt(key, b64_2ua(encrypted)))\n if (probableOwningEntityId.substring(0, this.decryptionValidatorPrefix.length) !== this.decryptionValidatorPrefix) {\n throw new Error('Invalid Owning Entity id')\n }\n return probableOwningEntityId.substring(this.decryptionValidatorPrefix.length)\n }\n\n async decryptOwningEntityIds(delegation: SecureDelegation, key: CryptoKey): Promise<string[]> {\n const res = []\n for (const encrypted of delegation.owningEntityIds ?? []) {\n res.push(await this.decryptOwningEntityId(encrypted, key))\n }\n return res\n }\n}\n"]}
@@ -0,0 +1,66 @@
1
+ import { EntityShareRequest } from '../../icc-api/model/requests/EntityShareRequest';
2
+ import { IccDataOwnerXApi } from '../icc-data-owner-x-api';
3
+ import { UserEncryptionKeysManager } from './UserEncryptionKeysManager';
4
+ import { CryptoStrategies } from './CryptoStrategies';
5
+ import { EncryptedEntityWithType, EntityWithDelegationTypeName } from '../utils/EntityWithDelegationTypeName';
6
+ import { ExchangeDataManager } from './ExchangeDataManager';
7
+ import { SecureDelegationsEncryption } from './SecureDelegationsEncryption';
8
+ import { CryptoPrimitives } from './CryptoPrimitives';
9
+ import { AccessControlSecretUtils } from './AccessControlSecretUtils';
10
+ import { EntityShareOrMetadataUpdateRequest } from '../../icc-api/model/requests/EntityShareOrMetadataUpdateRequest';
11
+ import { EncryptedEntity } from '../../icc-api/model/models';
12
+ import { SecureDelegation } from '../../icc-api/model/SecureDelegation';
13
+ import { ExchangeDataMapManager } from './ExchangeDataMapManager';
14
+ export declare class SecureDelegationsManager {
15
+ private readonly exchangeDataManager;
16
+ private readonly exchangeDataMapManager;
17
+ private readonly secureDelegationsEncryption;
18
+ private readonly accessControlSecretUtils;
19
+ private readonly userKeys;
20
+ private readonly primitives;
21
+ private readonly dataOwnerApi;
22
+ private readonly cryptoStrategies;
23
+ private readonly selfNeedsAnonymousDelegations;
24
+ constructor(exchangeDataManager: ExchangeDataManager, exchangeDataMapManager: ExchangeDataMapManager, secureDelegationsEncryption: SecureDelegationsEncryption, accessControlSecretUtils: AccessControlSecretUtils, userKeys: UserEncryptionKeysManager, primitives: CryptoPrimitives, dataOwnerApi: IccDataOwnerXApi, cryptoStrategies: CryptoStrategies, selfNeedsAnonymousDelegations: boolean);
25
+ private readonly dataOwnerInfoCache;
26
+ /**
27
+ * Note: this method does not save the updated entity.
28
+ * @param entity an entity, must already have secret foreign keys initialised.
29
+ * @param entityType the type of the entity
30
+ * @param secretIds the initial secret ids to include and share with the auto-delegations
31
+ * @param owningEntityIds the initial owning entity ids to include and share with the auto-delegations
32
+ * @param encryptionKeys the initial encryption keys to include and share with the auto-delegations
33
+ * @param autoDelegations the data owners which will initially have access to the entity in addition to the current data owner and the access level
34
+ * they will have on the entity.
35
+ * @return the entity with the security metadata initialised for the provided parameters.
36
+ */
37
+ entityWithInitialisedEncryptedMetadata<T extends EncryptedEntity>(entity: T & {
38
+ secretForeignKeys: string[];
39
+ }, entityType: EntityWithDelegationTypeName, secretIds: string[], owningEntityIds: string[], encryptionKeys: string[], autoDelegations: {
40
+ [delegateId: string]: SecureDelegation.AccessLevelEnum;
41
+ }): Promise<T>;
42
+ /**
43
+ * Make a request for sharing an entity with a delegate or to update existing shared metadata by adding additional secretIds, encryptionKeys or
44
+ * owningEntityIds if there is already some metadata shared between the current data owner and the delegate. In case there is already a delegation
45
+ * for the delegate, and it already contains all the provided metadata, this method returns undefined, since there is no need to make any request to
46
+ * share the provided data.
47
+ * @param entityWithType an entity with type
48
+ * @param delegateId the id of the delegate
49
+ * @param shareSecretIds the secret ids to share
50
+ * @param shareEncryptionKeys the encryption keys to share
51
+ * @param shareOwningEntityIds the owning entity ids to share
52
+ * @param newDelegationPermissions the permissions to grant to the delegate in case a new delegation needs to be created. If this method creates an
53
+ * update request instead of a share request, this parameter is ignored.
54
+ * @return the request to share the entity, or the request to update the shared metadata for the entity, or undefined if there is no need to update
55
+ * the entity to allow the delegate to access the provided data.
56
+ */
57
+ makeShareOrUpdateRequestParams(entityWithType: EncryptedEntityWithType, delegateId: string, shareSecretIds: string[], shareEncryptionKeys: string[], shareOwningEntityIds: string[], newDelegationPermissions: EntityShareRequest.RequestedPermissionInternal): Promise<EntityShareOrMetadataUpdateRequest | undefined>;
58
+ private makeUpdateRequestParams;
59
+ private makeShareRequestParams;
60
+ private makeSecureDelegationInfo;
61
+ private makeSecureDelegationEncryptedData;
62
+ private makeExchangeDataIdInfoForDelegate;
63
+ private makeExchangeDataIdInfoForSelf;
64
+ private getDataOwnerInfo;
65
+ private getExistingCanonicalKeyAndSecureDelegation;
66
+ }
@@ -0,0 +1,261 @@
1
+ "use strict";
2
+ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
3
+ function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
4
+ return new (P || (P = Promise))(function (resolve, reject) {
5
+ function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
6
+ function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
7
+ function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
8
+ step((generator = generator.apply(thisArg, _arguments || [])).next());
9
+ });
10
+ };
11
+ Object.defineProperty(exports, "__esModule", { value: true });
12
+ exports.SecureDelegationsManager = void 0;
13
+ const EntityShareRequest_1 = require("../../icc-api/model/requests/EntityShareRequest");
14
+ const lru_temporised_async_cache_1 = require("../utils/lru-temporised-async-cache");
15
+ const utils_1 = require("./utils");
16
+ const utils_2 = require("../utils");
17
+ const SecureDelegation_1 = require("../../icc-api/model/SecureDelegation");
18
+ const EntitySharedMetadataUpdateRequest_1 = require("../../icc-api/model/requests/EntitySharedMetadataUpdateRequest");
19
+ var EntryUpdateTypeEnum = EntitySharedMetadataUpdateRequest_1.EntitySharedMetadataUpdateRequest.EntryUpdateTypeEnum;
20
+ var AccessLevelEnum = SecureDelegation_1.SecureDelegation.AccessLevelEnum;
21
+ const SecurityMetadata_1 = require("../../icc-api/model/SecurityMetadata");
22
+ class SecureDelegationsManager {
23
+ constructor(exchangeDataManager, exchangeDataMapManager, secureDelegationsEncryption, accessControlSecretUtils, userKeys, primitives, dataOwnerApi, cryptoStrategies, selfNeedsAnonymousDelegations) {
24
+ this.exchangeDataManager = exchangeDataManager;
25
+ this.exchangeDataMapManager = exchangeDataMapManager;
26
+ this.secureDelegationsEncryption = secureDelegationsEncryption;
27
+ this.accessControlSecretUtils = accessControlSecretUtils;
28
+ this.userKeys = userKeys;
29
+ this.primitives = primitives;
30
+ this.dataOwnerApi = dataOwnerApi;
31
+ this.cryptoStrategies = cryptoStrategies;
32
+ this.selfNeedsAnonymousDelegations = selfNeedsAnonymousDelegations;
33
+ this.dataOwnerInfoCache = new lru_temporised_async_cache_1.LruTemporisedAsyncCache(100, () => 30 * 60 * 1000);
34
+ }
35
+ /**
36
+ * Note: this method does not save the updated entity.
37
+ * @param entity an entity, must already have secret foreign keys initialised.
38
+ * @param entityType the type of the entity
39
+ * @param secretIds the initial secret ids to include and share with the auto-delegations
40
+ * @param owningEntityIds the initial owning entity ids to include and share with the auto-delegations
41
+ * @param encryptionKeys the initial encryption keys to include and share with the auto-delegations
42
+ * @param autoDelegations the data owners which will initially have access to the entity in addition to the current data owner and the access level
43
+ * they will have on the entity.
44
+ * @return the entity with the security metadata initialised for the provided parameters.
45
+ */
46
+ entityWithInitialisedEncryptedMetadata(entity, entityType, secretIds, owningEntityIds, encryptionKeys, autoDelegations) {
47
+ return __awaiter(this, void 0, void 0, function* () {
48
+ const entityWithType = { entity, type: entityType };
49
+ const rootDelegationInfo = yield this.makeSecureDelegationInfo(entityWithType, yield this.dataOwnerApi.getCurrentDataOwnerId(), secretIds, encryptionKeys, owningEntityIds, AccessLevelEnum.WRITE, undefined);
50
+ const selfId = yield this.dataOwnerApi.getCurrentDataOwnerId();
51
+ const otherDelegationsInfo = [];
52
+ for (const [delegateId, permissions] of Object.entries(autoDelegations)) {
53
+ if (delegateId !== selfId) {
54
+ otherDelegationsInfo.push(yield this.makeSecureDelegationInfo(entityWithType, delegateId, secretIds, encryptionKeys, owningEntityIds, permissions, rootDelegationInfo.canonicalDelegationKey));
55
+ }
56
+ }
57
+ const secureDelegations = Object.fromEntries([rootDelegationInfo, ...otherDelegationsInfo].map(({ canonicalDelegationKey, delegation }) => [canonicalDelegationKey, delegation]));
58
+ const keysEquivalences = Object.assign({}, rootDelegationInfo.delegationKeyEquivalences);
59
+ for (const { delegationKeyEquivalences: otherKeyEquivalences } of otherDelegationsInfo) {
60
+ Object.assign(keysEquivalences, otherKeyEquivalences);
61
+ }
62
+ const newExchangeDataMaps = Object.fromEntries(otherDelegationsInfo
63
+ .filter(({ encryptedExchangeDataId }) => !!encryptedExchangeDataId)
64
+ .map(({ canonicalAccessControlKey, encryptedExchangeDataId }) => [canonicalAccessControlKey, encryptedExchangeDataId]));
65
+ yield this.exchangeDataMapManager.createExchangeDataMaps(newExchangeDataMaps);
66
+ return Object.assign(Object.assign({}, entity), { securityMetadata: new SecurityMetadata_1.SecurityMetadata({ secureDelegations, keysEquivalences }) });
67
+ });
68
+ }
69
+ /**
70
+ * Make a request for sharing an entity with a delegate or to update existing shared metadata by adding additional secretIds, encryptionKeys or
71
+ * owningEntityIds if there is already some metadata shared between the current data owner and the delegate. In case there is already a delegation
72
+ * for the delegate, and it already contains all the provided metadata, this method returns undefined, since there is no need to make any request to
73
+ * share the provided data.
74
+ * @param entityWithType an entity with type
75
+ * @param delegateId the id of the delegate
76
+ * @param shareSecretIds the secret ids to share
77
+ * @param shareEncryptionKeys the encryption keys to share
78
+ * @param shareOwningEntityIds the owning entity ids to share
79
+ * @param newDelegationPermissions the permissions to grant to the delegate in case a new delegation needs to be created. If this method creates an
80
+ * update request instead of a share request, this parameter is ignored.
81
+ * @return the request to share the entity, or the request to update the shared metadata for the entity, or undefined if there is no need to update
82
+ * the entity to allow the delegate to access the provided data.
83
+ */
84
+ makeShareOrUpdateRequestParams(entityWithType, delegateId, shareSecretIds, shareEncryptionKeys, shareOwningEntityIds, newDelegationPermissions) {
85
+ var _a, _b, _c;
86
+ return __awaiter(this, void 0, void 0, function* () {
87
+ const exchangeDataInfo = yield this.exchangeDataManager.getOrCreateEncryptionDataTo(delegateId, entityWithType.type, (_a = entityWithType.entity.secretForeignKeys) !== null && _a !== void 0 ? _a : []);
88
+ const accessControlHashes = yield this.accessControlSecretUtils.secureDelegationKeysFor(exchangeDataInfo.accessControlSecret, entityWithType.type, (_b = entityWithType.entity.secretForeignKeys) !== null && _b !== void 0 ? _b : []);
89
+ const existingSecureDelegation = this.getExistingCanonicalKeyAndSecureDelegation(entityWithType.entity, accessControlHashes);
90
+ if (existingSecureDelegation) {
91
+ const updateParams = yield this.makeUpdateRequestParams(existingSecureDelegation.canonicalKey, existingSecureDelegation.secureDelegation, exchangeDataInfo, shareSecretIds, shareEncryptionKeys, shareOwningEntityIds);
92
+ return updateParams ? { update: updateParams } : undefined;
93
+ }
94
+ else {
95
+ const accessControlKeys = (yield this.accessControlSecretUtils.accessControlKeysFor(exchangeDataInfo.accessControlSecret, entityWithType.type, (_c = entityWithType.entity.secretForeignKeys) !== null && _c !== void 0 ? _c : [])).map((x) => (0, utils_2.ua2hex)(x));
96
+ return {
97
+ share: yield this.makeShareRequestParams(exchangeDataInfo, accessControlKeys, delegateId, shareSecretIds, shareEncryptionKeys, shareOwningEntityIds, newDelegationPermissions),
98
+ };
99
+ }
100
+ });
101
+ }
102
+ makeUpdateRequestParams(canonicalKey, existingDelegation, exchangeDataInfo, shareSecretIds, shareEncryptionKeys, shareOwningEntityIds) {
103
+ return __awaiter(this, void 0, void 0, function* () {
104
+ const existingSecretIds = new Set(yield this.secureDelegationsEncryption.decryptSecretIds(existingDelegation, exchangeDataInfo.exchangeKey));
105
+ const existingEncryptionKeys = new Set(yield this.secureDelegationsEncryption.decryptEncryptionKeys(existingDelegation, exchangeDataInfo.exchangeKey));
106
+ const existingOwningEntityIds = new Set(yield this.secureDelegationsEncryption.decryptOwningEntityIds(existingDelegation, exchangeDataInfo.exchangeKey));
107
+ const newSecretIds = shareSecretIds.filter((id) => !existingSecretIds.has(id));
108
+ const newEncryptionKeys = shareEncryptionKeys.filter((key) => !existingEncryptionKeys.has(key));
109
+ const newOwningEntityIds = shareOwningEntityIds.filter((id) => !existingOwningEntityIds.has(id));
110
+ if (newSecretIds.length || newEncryptionKeys.length || newOwningEntityIds.length) {
111
+ const encryptedNewSecretIds = yield this.secureDelegationsEncryption.encryptSecretIds(newSecretIds, exchangeDataInfo.exchangeKey);
112
+ const encryptedNewEncryptionKeys = yield this.secureDelegationsEncryption.encryptEncryptionKeys(newEncryptionKeys, exchangeDataInfo.exchangeKey);
113
+ const encryptedNewOwningEntityIds = yield this.secureDelegationsEncryption.encryptOwningEntityIds(newOwningEntityIds, exchangeDataInfo.exchangeKey);
114
+ return new EntitySharedMetadataUpdateRequest_1.EntitySharedMetadataUpdateRequest({
115
+ metadataAccessControlHash: canonicalKey,
116
+ secretIds: Object.fromEntries(encryptedNewSecretIds.map((id) => [id, EntryUpdateTypeEnum.CREATE])),
117
+ encryptionKeys: Object.fromEntries(encryptedNewEncryptionKeys.map((key) => [key, EntryUpdateTypeEnum.CREATE])),
118
+ owningEntityIds: Object.fromEntries(encryptedNewOwningEntityIds.map((id) => [id, EntryUpdateTypeEnum.CREATE])),
119
+ });
120
+ }
121
+ else
122
+ return undefined;
123
+ });
124
+ }
125
+ makeShareRequestParams(exchangeDataInfo, accessControlKeys, delegateId, shareSecretIds, shareEncryptionKeys, shareOwningEntityIds, newDelegationPermissions) {
126
+ return __awaiter(this, void 0, void 0, function* () {
127
+ return new EntityShareRequest_1.EntityShareRequest(Object.assign(Object.assign({}, (yield this.makeSecureDelegationEncryptedData(exchangeDataInfo, delegateId, shareSecretIds, shareEncryptionKeys, shareOwningEntityIds))), { requestedPermissions: newDelegationPermissions, accessControlKeys }));
128
+ });
129
+ }
130
+ makeSecureDelegationInfo(entity, delegateId, shareSecretIds, shareEncryptionKeys, shareOwningEntityIds, permissions, parentDelegationKey) {
131
+ var _a, _b, _c;
132
+ return __awaiter(this, void 0, void 0, function* () {
133
+ // Be wary of explicit delegator and explicit delegate
134
+ const exchangeDataInfo = yield this.exchangeDataManager.getOrCreateEncryptionDataTo(delegateId, entity.type, (_a = entity.entity.secretForeignKeys) !== null && _a !== void 0 ? _a : []);
135
+ const accessControlHashes = yield this.accessControlSecretUtils.secureDelegationKeysFor(exchangeDataInfo.accessControlSecret, entity.type, (_b = entity.entity.secretForeignKeys) !== null && _b !== void 0 ? _b : []);
136
+ const accessControlKeys = (yield this.accessControlSecretUtils.accessControlKeysFor(exchangeDataInfo.accessControlSecret, entity.type, (_c = entity.entity.secretForeignKeys) !== null && _c !== void 0 ? _c : [])).map((x) => (0, utils_2.ua2hex)(x));
137
+ const accessControlKeysToHashes = accessControlKeys
138
+ .map((key, index) => {
139
+ return [key, accessControlHashes[index]];
140
+ })
141
+ .sort((a, b) => a[1].localeCompare(b[1]));
142
+ const canonicalKey = accessControlKeysToHashes[0][1];
143
+ const keyEquivalences = Object.fromEntries(accessControlKeysToHashes.slice(1).map((hash) => [hash[1], canonicalKey]));
144
+ const encryptedDelegationInfo = yield this.makeSecureDelegationEncryptedData(exchangeDataInfo, delegateId, shareSecretIds, shareEncryptionKeys, shareOwningEntityIds);
145
+ const delegation = new SecureDelegation_1.SecureDelegation({
146
+ delegator: encryptedDelegationInfo === null || encryptedDelegationInfo === void 0 ? void 0 : encryptedDelegationInfo.explicitDelegator,
147
+ delegate: encryptedDelegationInfo === null || encryptedDelegationInfo === void 0 ? void 0 : encryptedDelegationInfo.explicitDelegate,
148
+ secretIds: encryptedDelegationInfo === null || encryptedDelegationInfo === void 0 ? void 0 : encryptedDelegationInfo.secretIds,
149
+ encryptionKeys: encryptedDelegationInfo === null || encryptedDelegationInfo === void 0 ? void 0 : encryptedDelegationInfo.encryptionKeys,
150
+ owningEntityIds: encryptedDelegationInfo === null || encryptedDelegationInfo === void 0 ? void 0 : encryptedDelegationInfo.owningEntityIds,
151
+ parentDelegations: parentDelegationKey ? [parentDelegationKey] : undefined,
152
+ exchangeDataId: encryptedDelegationInfo === null || encryptedDelegationInfo === void 0 ? void 0 : encryptedDelegationInfo.exchangeDataId,
153
+ encryptedExchangeDataId: encryptedDelegationInfo === null || encryptedDelegationInfo === void 0 ? void 0 : encryptedDelegationInfo.encryptedExchangeDataId,
154
+ permissions: permissions,
155
+ });
156
+ return {
157
+ canonicalDelegationKey: canonicalKey,
158
+ canonicalAccessControlKey: accessControlKeysToHashes[0][0],
159
+ delegation,
160
+ encryptedExchangeDataId: encryptedDelegationInfo === null || encryptedDelegationInfo === void 0 ? void 0 : encryptedDelegationInfo.encryptedExchangeDataId,
161
+ delegationKeyEquivalences: keyEquivalences,
162
+ };
163
+ });
164
+ }
165
+ makeSecureDelegationEncryptedData(exchangeDataInfo, delegateId, shareSecretIds, shareEncryptionKeys, shareOwningEntityIds) {
166
+ return __awaiter(this, void 0, void 0, function* () {
167
+ const selfId = yield this.dataOwnerApi.getCurrentDataOwnerId();
168
+ const exchangeDataIdInfo = delegateId === selfId
169
+ ? this.makeExchangeDataIdInfoForSelf(selfId, exchangeDataInfo.exchangeData)
170
+ : yield this.makeExchangeDataIdInfoForDelegate(selfId, delegateId, exchangeDataInfo.exchangeData);
171
+ const encryptedSecretIds = yield this.secureDelegationsEncryption.encryptSecretIds(shareSecretIds, exchangeDataInfo.exchangeKey);
172
+ const encryptedEncryptionKeys = yield this.secureDelegationsEncryption.encryptEncryptionKeys(shareEncryptionKeys, exchangeDataInfo.exchangeKey);
173
+ const encryptedOwningEntityIds = yield this.secureDelegationsEncryption.encryptOwningEntityIds(shareOwningEntityIds, exchangeDataInfo.exchangeKey);
174
+ return Object.assign(Object.assign({}, exchangeDataIdInfo), { secretIds: encryptedSecretIds, encryptionKeys: encryptedEncryptionKeys, owningEntityIds: encryptedOwningEntityIds });
175
+ });
176
+ }
177
+ makeExchangeDataIdInfoForDelegate(selfId, delegateId, exchangeData) {
178
+ return __awaiter(this, void 0, void 0, function* () {
179
+ const delegateInfo = yield this.getDataOwnerInfo(delegateId);
180
+ if (!delegateInfo.requiresAnonymousDelegations && !this.selfNeedsAnonymousDelegations) {
181
+ return {
182
+ explicitDelegator: selfId,
183
+ explicitDelegate: delegateId,
184
+ exchangeDataId: exchangeData.id,
185
+ };
186
+ }
187
+ else if (delegateInfo.requiresAnonymousDelegations && !this.selfNeedsAnonymousDelegations) {
188
+ return {
189
+ explicitDelegator: selfId,
190
+ encryptedExchangeDataId: yield this.secureDelegationsEncryption.encryptExchangeDataId(exchangeData.id, Object.fromEntries(this.userKeys.getSelfVerifiedKeys().map((keyInfo) => [keyInfo.fingerprint, keyInfo.pair.publicKey]))),
191
+ };
192
+ }
193
+ else if (!delegateInfo.requiresAnonymousDelegations && this.selfNeedsAnonymousDelegations) {
194
+ const fingerprintsOfVerifiedExchangeData = new Set(Object.keys(exchangeData.exchangeKey));
195
+ const delegateVerifiedKeys = {};
196
+ for (const keyHex of [...delegateInfo.availablePublicKeysHexWithSha1, ...delegateInfo.availablePublicKeysHexWithSha256]) {
197
+ const currFp = (0, utils_1.fingerprintV2)(keyHex);
198
+ const shaVersion = delegateInfo.availablePublicKeysHexWithSha1.includes(keyHex) ? 'sha-1' : 'sha-256';
199
+ if (fingerprintsOfVerifiedExchangeData.has(currFp)) {
200
+ delegateVerifiedKeys[currFp] = yield this.primitives.RSA.importKey('spki', (0, utils_2.hex2ua)(keyHex), ['encrypt'], shaVersion);
201
+ }
202
+ }
203
+ if (!Object.keys(delegateVerifiedKeys).length)
204
+ throw new Error('Illegal state: could not find any verified key for delegate in verified exchange data.');
205
+ return {
206
+ explicitDelegate: delegateId,
207
+ encryptedExchangeDataId: yield this.secureDelegationsEncryption.encryptExchangeDataId(exchangeData.id, delegateVerifiedKeys),
208
+ };
209
+ }
210
+ else
211
+ return {};
212
+ });
213
+ }
214
+ makeExchangeDataIdInfoForSelf(selfId, exchangeData) {
215
+ if (this.selfNeedsAnonymousDelegations) {
216
+ return {};
217
+ }
218
+ else {
219
+ return {
220
+ exchangeDataId: exchangeData.id,
221
+ explicitDelegator: selfId,
222
+ explicitDelegate: selfId,
223
+ };
224
+ }
225
+ }
226
+ getDataOwnerInfo(dataOwnerId) {
227
+ return __awaiter(this, void 0, void 0, function* () {
228
+ return this.dataOwnerInfoCache.get(dataOwnerId, () => __awaiter(this, void 0, void 0, function* () {
229
+ const dataOwnerWithType = yield this.dataOwnerApi.getCryptoActorStub(dataOwnerId);
230
+ return {
231
+ item: {
232
+ requiresAnonymousDelegations: this.cryptoStrategies.dataOwnerRequiresAnonymousDelegation(dataOwnerWithType),
233
+ availablePublicKeysHexWithSha1: Array.from((0, utils_1.hexPublicKeysWithSha1Of)(dataOwnerWithType.stub)),
234
+ availablePublicKeysHexWithSha256: Array.from((0, utils_1.hexPublicKeysWithSha256Of)(dataOwnerWithType.stub)),
235
+ },
236
+ };
237
+ }));
238
+ });
239
+ }
240
+ getExistingCanonicalKeyAndSecureDelegation(entity, hashes) {
241
+ var _a, _b, _c, _d, _e;
242
+ const securityMetadata = (_a = entity.securityMetadata) !== null && _a !== void 0 ? _a : {};
243
+ const canonicalByEquivalences = Array.from(new Set(hashes.flatMap((hash) => { var _a, _b; return (_b = (_a = securityMetadata.keysEquivalences) === null || _a === void 0 ? void 0 : _a[hash]) !== null && _b !== void 0 ? _b : []; })));
244
+ const directRetrievals = hashes.flatMap((hash) => {
245
+ var _a;
246
+ const retrievedMetadata = (_a = securityMetadata.secureDelegations) === null || _a === void 0 ? void 0 : _a[hash];
247
+ return retrievedMetadata ? { canonicalKey: hash, secureDelegation: retrievedMetadata } : [];
248
+ });
249
+ if (directRetrievals.length > 1 ||
250
+ canonicalByEquivalences.length > 1 ||
251
+ (!!canonicalByEquivalences[0] && !!((_b = directRetrievals[0]) === null || _b === void 0 ? void 0 : _b.canonicalKey) && canonicalByEquivalences[0] !== ((_c = directRetrievals[0]) === null || _c === void 0 ? void 0 : _c.canonicalKey)))
252
+ throw new Error('Illegal state: multiple secure delegations matching equivalent hashes of entity.');
253
+ const canonicalFromEquivalences = canonicalByEquivalences[0];
254
+ const retrievedFromEquivalences = (_d = securityMetadata.secureDelegations) === null || _d === void 0 ? void 0 : _d[canonicalFromEquivalences];
255
+ return ((_e = directRetrievals[0]) !== null && _e !== void 0 ? _e : (!!canonicalFromEquivalences && !!retrievedFromEquivalences
256
+ ? { canonicalKey: canonicalFromEquivalences, secureDelegation: retrievedFromEquivalences }
257
+ : undefined));
258
+ }
259
+ }
260
+ exports.SecureDelegationsManager = SecureDelegationsManager;
261
+ //# sourceMappingURL=SecureDelegationsManager.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"SecureDelegationsManager.js","sourceRoot":"","sources":["../../../icc-x-api/crypto/SecureDelegationsManager.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,wFAAoF;AAKpF,oFAA6E;AAC7E,mCAA2F;AAK3F,oCAAyC;AAIzC,2EAAuE;AACvE,sHAAkH;AAClH,IAAO,mBAAmB,GAAG,qEAAiC,CAAC,mBAAmB,CAAA;AAClF,IAAO,eAAe,GAAG,mCAAgB,CAAC,eAAe,CAAA;AACzD,2EAAuE;AAGvE,MAAa,wBAAwB;IACnC,YACmB,mBAAwC,EACxC,sBAA8C,EAC9C,2BAAwD,EACxD,wBAAkD,EAClD,QAAmC,EACnC,UAA4B,EAC5B,YAA8B,EAC9B,gBAAkC,EAClC,6BAAsC;QARtC,wBAAmB,GAAnB,mBAAmB,CAAqB;QACxC,2BAAsB,GAAtB,sBAAsB,CAAwB;QAC9C,gCAA2B,GAA3B,2BAA2B,CAA6B;QACxD,6BAAwB,GAAxB,wBAAwB,CAA0B;QAClD,aAAQ,GAAR,QAAQ,CAA2B;QACnC,eAAU,GAAV,UAAU,CAAkB;QAC5B,iBAAY,GAAZ,YAAY,CAAkB;QAC9B,qBAAgB,GAAhB,gBAAgB,CAAkB;QAClC,kCAA6B,GAA7B,6BAA6B,CAAS;QAGxC,uBAAkB,GAO/B,IAAI,oDAAuB,CAAC,GAAG,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAA;IATvD,CAAC;IAWJ;;;;;;;;;;OAUG;IACG,sCAAsC,CAC1C,MAA2C,EAC3C,UAAwC,EACxC,SAAmB,EACnB,eAAyB,EACzB,cAAwB,EACxB,eAA2E;;YAE3E,MAAM,cAAc,GAA4B,EAAE,MAAM,EAAE,IAAI,EAAE,UAAU,EAAE,CAAA;YAC5E,MAAM,kBAAkB,GAAG,MAAM,IAAI,CAAC,wBAAwB,CAC5D,cAAc,EACd,MAAM,IAAI,CAAC,YAAY,CAAC,qBAAqB,EAAE,EAC/C,SAAS,EACT,cAAc,EACd,eAAe,EACf,eAAe,CAAC,KAAK,EACrB,SAAS,CACV,CAAA;YACD,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,qBAAqB,EAAE,CAAA;YAC9D,MAAM,oBAAoB,GAMpB,EAAE,CAAA;YACR,KAAK,MAAM,CAAC,UAAU,EAAE,WAAW,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,eAAe,CAAC,EAAE;gBACvE,IAAI,UAAU,KAAK,MAAM,EAAE;oBACzB,oBAAoB,CAAC,IAAI,CACvB,MAAM,IAAI,CAAC,wBAAwB,CACjC,cAAc,EACd,UAAU,EACV,SAAS,EACT,cAAc,EACd,eAAe,EACf,WAAW,EACX,kBAAkB,CAAC,sBAAsB,CAC1C,CACF,CAAA;iBACF;aACF;YACD,MAAM,iBAAiB,GAAG,MAAM,CAAC,WAAW,CAC1C,CAAC,kBAAkB,EAAE,GAAG,oBAAoB,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,sBAAsB,EAAE,UAAU,EAAE,EAAE,EAAE,CAAC,CAAC,sBAAsB,EAAE,UAAU,CAAC,CAAC,CACpI,CAAA;YACD,MAAM,gBAAgB,qBACjB,kBAAkB,CAAC,yBAAyB,CAChD,CAAA;YACD,KAAK,MAAM,EAAE,yBAAyB,EAAE,oBAAoB,EAAE,IAAI,oBAAoB,EAAE;gBACtF,MAAM,CAAC,MAAM,CAAC,gBAAgB,EAAE,oBAAoB,CAAC,CAAA;aACtD;YACD,MAAM,mBAAmB,GAAG,MAAM,CAAC,WAAW,CAC5C,oBAAoB;iBACjB,MAAM,CAAC,CAAC,EAAE,uBAAuB,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC,uBAAuB,CAAC;iBAClE,GAAG,CAAC,CAAC,EAAE,yBAAyB,EAAE,uBAAuB,EAAE,EAAE,EAAE,CAAC,CAAC,yBAAyB,EAAE,uBAAwB,CAAC,CAAC,CAC1H,CAAA;YACD,MAAM,IAAI,CAAC,sBAAsB,CAAC,sBAAsB,CAAC,mBAAmB,CAAC,CAAA;YAC7E,uCACK,MAAM,KACT,gBAAgB,EAAE,IAAI,mCAAgB,CAAC,EAAE,iBAAiB,EAAE,gBAAgB,EAAE,CAAC,IAChF;QACH,CAAC;KAAA;IAED;;;;;;;;;;;;;;OAcG;IACG,8BAA8B,CAClC,cAAuC,EACvC,UAAkB,EAClB,cAAwB,EACxB,mBAA6B,EAC7B,oBAA8B,EAC9B,wBAAwE;;;YAExE,MAAM,gBAAgB,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,2BAA2B,CACjF,UAAU,EACV,cAAc,CAAC,IAAI,EACnB,MAAA,cAAc,CAAC,MAAM,CAAC,iBAAiB,mCAAI,EAAE,CAC9C,CAAA;YACD,MAAM,mBAAmB,GAAG,MAAM,IAAI,CAAC,wBAAwB,CAAC,uBAAuB,CACrF,gBAAgB,CAAC,mBAAmB,EACpC,cAAc,CAAC,IAAI,EACnB,MAAA,cAAc,CAAC,MAAM,CAAC,iBAAiB,mCAAI,EAAE,CAC9C,CAAA;YACD,MAAM,wBAAwB,GAAG,IAAI,CAAC,0CAA0C,CAAC,cAAc,CAAC,MAAM,EAAE,mBAAmB,CAAC,CAAA;YAC5H,IAAI,wBAAwB,EAAE;gBAC5B,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,uBAAuB,CACrD,wBAAwB,CAAC,YAAY,EACrC,wBAAwB,CAAC,gBAAgB,EACzC,gBAAgB,EAChB,cAAc,EACd,mBAAmB,EACnB,oBAAoB,CACrB,CAAA;gBACD,OAAO,YAAY,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,YAAY,EAAE,CAAC,CAAC,CAAC,SAAS,CAAA;aAC3D;iBAAM;gBACL,MAAM,iBAAiB,GAAG,CACxB,MAAM,IAAI,CAAC,wBAAwB,CAAC,oBAAoB,CACtD,gBAAgB,CAAC,mBAAmB,EACpC,cAAc,CAAC,IAAI,EACnB,MAAA,cAAc,CAAC,MAAM,CAAC,iBAAiB,mCAAI,EAAE,CAC9C,CACF,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAA,cAAM,EAAC,CAAC,CAAC,CAAC,CAAA;gBACvB,OAAO;oBACL,KAAK,EAAE,MAAM,IAAI,CAAC,sBAAsB,CACtC,gBAAgB,EAChB,iBAAiB,EACjB,UAAU,EACV,cAAc,EACd,mBAAmB,EACnB,oBAAoB,EACpB,wBAAwB,CACzB;iBACF,CAAA;aACF;;KACF;IAEa,uBAAuB,CACnC,YAAoB,EACpB,kBAAoC,EACpC,gBAAqG,EACrG,cAAwB,EACxB,mBAA6B,EAC7B,oBAA8B;;YAE9B,MAAM,iBAAiB,GAAG,IAAI,GAAG,CAAC,MAAM,IAAI,CAAC,2BAA2B,CAAC,gBAAgB,CAAC,kBAAkB,EAAE,gBAAgB,CAAC,WAAW,CAAC,CAAC,CAAA;YAC5I,MAAM,sBAAsB,GAAG,IAAI,GAAG,CACpC,MAAM,IAAI,CAAC,2BAA2B,CAAC,qBAAqB,CAAC,kBAAkB,EAAE,gBAAgB,CAAC,WAAW,CAAC,CAC/G,CAAA;YACD,MAAM,uBAAuB,GAAG,IAAI,GAAG,CACrC,MAAM,IAAI,CAAC,2BAA2B,CAAC,sBAAsB,CAAC,kBAAkB,EAAE,gBAAgB,CAAC,WAAW,CAAC,CAChH,CAAA;YACD,MAAM,YAAY,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,iBAAiB,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAA;YAC9E,MAAM,iBAAiB,GAAG,mBAAmB,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,sBAAsB,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAA;YAC/F,MAAM,kBAAkB,GAAG,oBAAoB,CAAC,MAAM,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,uBAAuB,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAA;YAChG,IAAI,YAAY,CAAC,MAAM,IAAI,iBAAiB,CAAC,MAAM,IAAI,kBAAkB,CAAC,MAAM,EAAE;gBAChF,MAAM,qBAAqB,GAAG,MAAM,IAAI,CAAC,2BAA2B,CAAC,gBAAgB,CAAC,YAAY,EAAE,gBAAgB,CAAC,WAAW,CAAC,CAAA;gBACjI,MAAM,0BAA0B,GAAG,MAAM,IAAI,CAAC,2BAA2B,CAAC,qBAAqB,CAAC,iBAAiB,EAAE,gBAAgB,CAAC,WAAW,CAAC,CAAA;gBAChJ,MAAM,2BAA2B,GAAG,MAAM,IAAI,CAAC,2BAA2B,CAAC,sBAAsB,CAC/F,kBAAkB,EAClB,gBAAgB,CAAC,WAAW,CAC7B,CAAA;gBACD,OAAO,IAAI,qEAAiC,CAAC;oBAC3C,yBAAyB,EAAE,YAAY;oBACvC,SAAS,EAAE,MAAM,CAAC,WAAW,CAAC,qBAAqB,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,EAAE,EAAE,mBAAmB,CAAC,MAAM,CAAC,CAAC,CAAC;oBAClG,cAAc,EAAE,MAAM,CAAC,WAAW,CAAC,0BAA0B,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,GAAG,EAAE,mBAAmB,CAAC,MAAM,CAAC,CAAC,CAAC;oBAC9G,eAAe,EAAE,MAAM,CAAC,WAAW,CAAC,2BAA2B,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,EAAE,EAAE,mBAAmB,CAAC,MAAM,CAAC,CAAC,CAAC;iBAC/G,CAAC,CAAA;aACH;;gBAAM,OAAO,SAAS,CAAA;QACzB,CAAC;KAAA;IAEa,sBAAsB,CAClC,gBAAqG,EACrG,iBAA2B,EAC3B,UAAkB,EAClB,cAAwB,EACxB,mBAA6B,EAC7B,oBAA8B,EAC9B,wBAAwE;;YAExE,OAAO,IAAI,uCAAkB,iCACxB,CAAC,MAAM,IAAI,CAAC,iCAAiC,CAAC,gBAAgB,EAAE,UAAU,EAAE,cAAc,EAAE,mBAAmB,EAAE,oBAAoB,CAAC,CAAC,KAC1I,oBAAoB,EAAE,wBAAwB,EAC9C,iBAAiB,IACjB,CAAA;QACJ,CAAC;KAAA;IAEa,wBAAwB,CACpC,MAA+B,EAC/B,UAAkB,EAClB,cAAwB,EACxB,mBAA6B,EAC7B,oBAA8B,EAC9B,WAA4B,EAC5B,mBAAuC;;;YAQvC,sDAAsD;YACtD,MAAM,gBAAgB,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,2BAA2B,CACjF,UAAU,EACV,MAAM,CAAC,IAAI,EACX,MAAA,MAAM,CAAC,MAAM,CAAC,iBAAiB,mCAAI,EAAE,CACtC,CAAA;YACD,MAAM,mBAAmB,GAAG,MAAM,IAAI,CAAC,wBAAwB,CAAC,uBAAuB,CACrF,gBAAgB,CAAC,mBAAmB,EACpC,MAAM,CAAC,IAAI,EACX,MAAA,MAAM,CAAC,MAAM,CAAC,iBAAiB,mCAAI,EAAE,CACtC,CAAA;YACD,MAAM,iBAAiB,GAAG,CACxB,MAAM,IAAI,CAAC,wBAAwB,CAAC,oBAAoB,CACtD,gBAAgB,CAAC,mBAAmB,EACpC,MAAM,CAAC,IAAI,EACX,MAAA,MAAM,CAAC,MAAM,CAAC,iBAAiB,mCAAI,EAAE,CACtC,CACF,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAA,cAAM,EAAC,CAAC,CAAC,CAAC,CAAA;YACvB,MAAM,yBAAyB,GAAG,iBAAiB;iBAChD,GAAG,CAAC,CAAC,GAAG,EAAE,KAAK,EAAE,EAAE;gBAClB,OAAO,CAAC,GAAG,EAAE,mBAAmB,CAAC,KAAK,CAAC,CAAC,CAAA;YAC1C,CAAC,CAAC;iBACD,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAA;YAE3C,MAAM,YAAY,GAAG,yBAAyB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAA;YACpD,MAAM,eAAe,GAAG,MAAM,CAAC,WAAW,CAAC,yBAAyB,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC,CAAC,CAAA;YACrH,MAAM,uBAAuB,GAAG,MAAM,IAAI,CAAC,iCAAiC,CAC1E,gBAAgB,EAChB,UAAU,EACV,cAAc,EACd,mBAAmB,EACnB,oBAAoB,CACrB,CAAA;YACD,MAAM,UAAU,GAAG,IAAI,mCAAgB,CAAC;gBACtC,SAAS,EAAE,uBAAuB,aAAvB,uBAAuB,uBAAvB,uBAAuB,CAAE,iBAAiB;gBACrD,QAAQ,EAAE,uBAAuB,aAAvB,uBAAuB,uBAAvB,uBAAuB,CAAE,gBAAgB;gBACnD,SAAS,EAAE,uBAAuB,aAAvB,uBAAuB,uBAAvB,uBAAuB,CAAE,SAAS;gBAC7C,cAAc,EAAE,uBAAuB,aAAvB,uBAAuB,uBAAvB,uBAAuB,CAAE,cAAc;gBACvD,eAAe,EAAE,uBAAuB,aAAvB,uBAAuB,uBAAvB,uBAAuB,CAAE,eAAe;gBACzD,iBAAiB,EAAE,mBAAmB,CAAC,CAAC,CAAC,CAAC,mBAAmB,CAAC,CAAC,CAAC,CAAC,SAAS;gBAC1E,cAAc,EAAE,uBAAuB,aAAvB,uBAAuB,uBAAvB,uBAAuB,CAAE,cAAc;gBACvD,uBAAuB,EAAE,uBAAuB,aAAvB,uBAAuB,uBAAvB,uBAAuB,CAAE,uBAAuB;gBACzE,WAAW,EAAE,WAAW;aACzB,CAAC,CAAA;YACF,OAAO;gBACL,sBAAsB,EAAE,YAAY;gBACpC,yBAAyB,EAAE,yBAAyB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;gBAC1D,UAAU;gBACV,uBAAuB,EAAE,uBAAuB,aAAvB,uBAAuB,uBAAvB,uBAAuB,CAAE,uBAAuB;gBACzE,yBAAyB,EAAE,eAAe;aAC3C,CAAA;;KACF;IAEa,iCAAiC,CAC7C,gBAAqG,EACrG,UAAkB,EAClB,cAAwB,EACxB,mBAA6B,EAC7B,oBAA8B;;YAU9B,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,qBAAqB,EAAE,CAAA;YAC9D,MAAM,kBAAkB,GACtB,UAAU,KAAK,MAAM;gBACnB,CAAC,CAAC,IAAI,CAAC,6BAA6B,CAAC,MAAM,EAAE,gBAAgB,CAAC,YAAY,CAAC;gBAC3E,CAAC,CAAC,MAAM,IAAI,CAAC,iCAAiC,CAAC,MAAM,EAAE,UAAU,EAAE,gBAAgB,CAAC,YAAY,CAAC,CAAA;YACrG,MAAM,kBAAkB,GAAG,MAAM,IAAI,CAAC,2BAA2B,CAAC,gBAAgB,CAAC,cAAc,EAAE,gBAAgB,CAAC,WAAW,CAAC,CAAA;YAChI,MAAM,uBAAuB,GAAG,MAAM,IAAI,CAAC,2BAA2B,CAAC,qBAAqB,CAAC,mBAAmB,EAAE,gBAAgB,CAAC,WAAW,CAAC,CAAA;YAC/I,MAAM,wBAAwB,GAAG,MAAM,IAAI,CAAC,2BAA2B,CAAC,sBAAsB,CAAC,oBAAoB,EAAE,gBAAgB,CAAC,WAAW,CAAC,CAAA;YAClJ,uCACK,kBAAkB,KACrB,SAAS,EAAE,kBAAkB,EAC7B,cAAc,EAAE,uBAAuB,EACvC,eAAe,EAAE,wBAAwB,IAC1C;QACH,CAAC;KAAA;IAEa,iCAAiC,CAC7C,MAAc,EACd,UAAkB,EAClB,YAA0B;;YAO1B,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,UAAU,CAAC,CAAA;YAC5D,IAAI,CAAC,YAAY,CAAC,4BAA4B,IAAI,CAAC,IAAI,CAAC,6BAA6B,EAAE;gBACrF,OAAO;oBACL,iBAAiB,EAAE,MAAM;oBACzB,gBAAgB,EAAE,UAAU;oBAC5B,cAAc,EAAE,YAAY,CAAC,EAAE;iBAChC,CAAA;aACF;iBAAM,IAAI,YAAY,CAAC,4BAA4B,IAAI,CAAC,IAAI,CAAC,6BAA6B,EAAE;gBAC3F,OAAO;oBACL,iBAAiB,EAAE,MAAM;oBACzB,uBAAuB,EAAE,MAAM,IAAI,CAAC,2BAA2B,CAAC,qBAAqB,CACnF,YAAY,CAAC,EAAG,EAChB,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,QAAQ,CAAC,mBAAmB,EAAE,CAAC,GAAG,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,WAAW,EAAE,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CACxH;iBACF,CAAA;aACF;iBAAM,IAAI,CAAC,YAAY,CAAC,4BAA4B,IAAI,IAAI,CAAC,6BAA6B,EAAE;gBAC3F,MAAM,kCAAkC,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,WAAW,CAAC,CAAC,CAAA;gBACzF,MAAM,oBAAoB,GAAgC,EAAE,CAAA;gBAC5D,KAAK,MAAM,MAAM,IAAI,CAAC,GAAG,YAAY,CAAC,8BAA8B,EAAE,GAAG,YAAY,CAAC,gCAAgC,CAAC,EAAE;oBACvH,MAAM,MAAM,GAAG,IAAA,qBAAa,EAAC,MAAM,CAAC,CAAA;oBACpC,MAAM,UAAU,GAAG,YAAY,CAAC,8BAA8B,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAA;oBACrG,IAAI,kCAAkC,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE;wBAClD,oBAAoB,CAAC,MAAM,CAAC,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,SAAS,CAAC,MAAM,EAAE,IAAA,cAAM,EAAC,MAAM,CAAC,EAAE,CAAC,SAAS,CAAC,EAAE,UAAU,CAAC,CAAA;qBACpH;iBACF;gBACD,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC,MAAM;oBAC3C,MAAM,IAAI,KAAK,CAAC,wFAAwF,CAAC,CAAA;gBAC3G,OAAO;oBACL,gBAAgB,EAAE,UAAU;oBAC5B,uBAAuB,EAAE,MAAM,IAAI,CAAC,2BAA2B,CAAC,qBAAqB,CAAC,YAAY,CAAC,EAAG,EAAE,oBAAoB,CAAC;iBAC9H,CAAA;aACF;;gBAAM,OAAO,EAAE,CAAA;QAClB,CAAC;KAAA;IAEO,6BAA6B,CACnC,MAAc,EACd,YAA0B;QAO1B,IAAI,IAAI,CAAC,6BAA6B,EAAE;YACtC,OAAO,EAAE,CAAA;SACV;aAAM;YACL,OAAO;gBACL,cAAc,EAAE,YAAY,CAAC,EAAE;gBAC/B,iBAAiB,EAAE,MAAM;gBACzB,gBAAgB,EAAE,MAAM;aACzB,CAAA;SACF;IACH,CAAC;IAEa,gBAAgB,CAAC,WAAmB;;YAChD,OAAO,IAAI,CAAC,kBAAkB,CAAC,GAAG,CAAC,WAAW,EAAE,GAAS,EAAE;gBACzD,MAAM,iBAAiB,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,kBAAkB,CAAC,WAAW,CAAC,CAAA;gBACjF,OAAO;oBACL,IAAI,EAAE;wBACJ,4BAA4B,EAAE,IAAI,CAAC,gBAAgB,CAAC,oCAAoC,CAAC,iBAAiB,CAAC;wBAC3G,8BAA8B,EAAE,KAAK,CAAC,IAAI,CAAC,IAAA,+BAAuB,EAAC,iBAAiB,CAAC,IAAI,CAAC,CAAC;wBAC3F,gCAAgC,EAAE,KAAK,CAAC,IAAI,CAAC,IAAA,iCAAyB,EAAC,iBAAiB,CAAC,IAAI,CAAC,CAAC;qBAChG;iBACF,CAAA;YACH,CAAC,CAAA,CAAC,CAAA;QACJ,CAAC;KAAA;IAEO,0CAA0C,CAChD,MAA6C,EAC7C,MAAgB;;QAEhB,MAAM,gBAAgB,GAAG,MAAA,MAAM,CAAC,gBAAgB,mCAAI,EAAE,CAAA;QACtD,MAAM,uBAAuB,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,GAAG,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,EAAE,eAAC,OAAA,MAAA,MAAA,gBAAgB,CAAC,gBAAgB,0CAAG,IAAI,CAAC,mCAAI,EAAE,CAAA,EAAA,CAAC,CAAC,CAAC,CAAA;QAC9H,MAAM,gBAAgB,GAAG,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,EAAE;;YAC/C,MAAM,iBAAiB,GAAG,MAAA,gBAAgB,CAAC,iBAAiB,0CAAG,IAAI,CAAC,CAAA;YACpE,OAAO,iBAAiB,CAAC,CAAC,CAAC,EAAE,YAAY,EAAE,IAAI,EAAE,gBAAgB,EAAE,iBAAiB,EAAE,CAAC,CAAC,CAAC,EAAE,CAAA;QAC7F,CAAC,CAAC,CAAA;QACF,IACE,gBAAgB,CAAC,MAAM,GAAG,CAAC;YAC3B,uBAAuB,CAAC,MAAM,GAAG,CAAC;YAClC,CAAC,CAAC,CAAC,uBAAuB,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAA,MAAA,gBAAgB,CAAC,CAAC,CAAC,0CAAE,YAAY,CAAA,IAAI,uBAAuB,CAAC,CAAC,CAAC,MAAK,MAAA,gBAAgB,CAAC,CAAC,CAAC,0CAAE,YAAY,CAAA,CAAC;YAEzI,MAAM,IAAI,KAAK,CAAC,kFAAkF,CAAC,CAAA;QACrG,MAAM,yBAAyB,GAAG,uBAAuB,CAAC,CAAC,CAAC,CAAA;QAC5D,MAAM,yBAAyB,GAAG,MAAA,gBAAgB,CAAC,iBAAiB,0CAAG,yBAAyB,CAAC,CAAA;QACjG,OAAO,CACL,MAAA,gBAAgB,CAAC,CAAC,CAAC,mCACnB,CAAC,CAAC,CAAC,yBAAyB,IAAI,CAAC,CAAC,yBAAyB;YACzD,CAAC,CAAC,EAAE,YAAY,EAAE,yBAAyB,EAAE,gBAAgB,EAAE,yBAAyB,EAAE;YAC1F,CAAC,CAAC,SAAS,CAAC,CACf,CAAA;IACH,CAAC;CACF;AA5ZD,4DA4ZC","sourcesContent":["import { EntityShareRequest } from '../../icc-api/model/requests/EntityShareRequest'\nimport { IccDataOwnerXApi } from '../icc-data-owner-x-api'\nimport { UserEncryptionKeysManager } from './UserEncryptionKeysManager'\nimport { CryptoStrategies } from './CryptoStrategies'\nimport { EncryptedEntityWithType, EntityWithDelegationTypeName } from '../utils/EntityWithDelegationTypeName'\nimport { LruTemporisedAsyncCache } from '../utils/lru-temporised-async-cache'\nimport { fingerprintV2, hexPublicKeysWithSha1Of, hexPublicKeysWithSha256Of } from './utils'\nimport { ExchangeDataManager } from './ExchangeDataManager'\nimport { ExchangeData } from '../../icc-api/model/internal/ExchangeData'\nimport { SecureDelegationsEncryption } from './SecureDelegationsEncryption'\nimport { CryptoPrimitives } from './CryptoPrimitives'\nimport { hex2ua, ua2hex } from '../utils'\nimport { AccessControlSecretUtils } from './AccessControlSecretUtils'\nimport { EntityShareOrMetadataUpdateRequest } from '../../icc-api/model/requests/EntityShareOrMetadataUpdateRequest'\nimport { EncryptedEntity, EncryptedEntityStub } from '../../icc-api/model/models'\nimport { SecureDelegation } from '../../icc-api/model/SecureDelegation'\nimport { EntitySharedMetadataUpdateRequest } from '../../icc-api/model/requests/EntitySharedMetadataUpdateRequest'\nimport EntryUpdateTypeEnum = EntitySharedMetadataUpdateRequest.EntryUpdateTypeEnum\nimport AccessLevelEnum = SecureDelegation.AccessLevelEnum\nimport { SecurityMetadata } from '../../icc-api/model/SecurityMetadata'\nimport { ExchangeDataMapManager } from './ExchangeDataMapManager'\n\nexport class SecureDelegationsManager {\n constructor(\n private readonly exchangeDataManager: ExchangeDataManager,\n private readonly exchangeDataMapManager: ExchangeDataMapManager,\n private readonly secureDelegationsEncryption: SecureDelegationsEncryption,\n private readonly accessControlSecretUtils: AccessControlSecretUtils,\n private readonly userKeys: UserEncryptionKeysManager,\n private readonly primitives: CryptoPrimitives,\n private readonly dataOwnerApi: IccDataOwnerXApi,\n private readonly cryptoStrategies: CryptoStrategies,\n private readonly selfNeedsAnonymousDelegations: boolean\n ) {}\n\n private readonly dataOwnerInfoCache: LruTemporisedAsyncCache<\n string,\n {\n requiresAnonymousDelegations: boolean\n availablePublicKeysHexWithSha1: string[]\n availablePublicKeysHexWithSha256: string[]\n }\n > = new LruTemporisedAsyncCache(100, () => 30 * 60 * 1000)\n\n /**\n * Note: this method does not save the updated entity.\n * @param entity an entity, must already have secret foreign keys initialised.\n * @param entityType the type of the entity\n * @param secretIds the initial secret ids to include and share with the auto-delegations\n * @param owningEntityIds the initial owning entity ids to include and share with the auto-delegations\n * @param encryptionKeys the initial encryption keys to include and share with the auto-delegations\n * @param autoDelegations the data owners which will initially have access to the entity in addition to the current data owner and the access level\n * they will have on the entity.\n * @return the entity with the security metadata initialised for the provided parameters.\n */\n async entityWithInitialisedEncryptedMetadata<T extends EncryptedEntity>(\n entity: T & { secretForeignKeys: string[] },\n entityType: EntityWithDelegationTypeName,\n secretIds: string[],\n owningEntityIds: string[],\n encryptionKeys: string[],\n autoDelegations: { [delegateId: string]: SecureDelegation.AccessLevelEnum }\n ): Promise<T> {\n const entityWithType: EncryptedEntityWithType = { entity, type: entityType }\n const rootDelegationInfo = await this.makeSecureDelegationInfo(\n entityWithType,\n await this.dataOwnerApi.getCurrentDataOwnerId(),\n secretIds,\n encryptionKeys,\n owningEntityIds,\n AccessLevelEnum.WRITE,\n undefined\n )\n const selfId = await this.dataOwnerApi.getCurrentDataOwnerId()\n const otherDelegationsInfo: {\n canonicalDelegationKey: string\n canonicalAccessControlKey: string\n delegation: SecureDelegation\n delegationKeyEquivalences: { [p: string]: string }\n encryptedExchangeDataId: { [fp: string]: string } | undefined\n }[] = []\n for (const [delegateId, permissions] of Object.entries(autoDelegations)) {\n if (delegateId !== selfId) {\n otherDelegationsInfo.push(\n await this.makeSecureDelegationInfo(\n entityWithType,\n delegateId,\n secretIds,\n encryptionKeys,\n owningEntityIds,\n permissions,\n rootDelegationInfo.canonicalDelegationKey\n )\n )\n }\n }\n const secureDelegations = Object.fromEntries(\n [rootDelegationInfo, ...otherDelegationsInfo].map(({ canonicalDelegationKey, delegation }) => [canonicalDelegationKey, delegation])\n )\n const keysEquivalences = {\n ...rootDelegationInfo.delegationKeyEquivalences,\n }\n for (const { delegationKeyEquivalences: otherKeyEquivalences } of otherDelegationsInfo) {\n Object.assign(keysEquivalences, otherKeyEquivalences)\n }\n const newExchangeDataMaps = Object.fromEntries(\n otherDelegationsInfo\n .filter(({ encryptedExchangeDataId }) => !!encryptedExchangeDataId)\n .map(({ canonicalAccessControlKey, encryptedExchangeDataId }) => [canonicalAccessControlKey, encryptedExchangeDataId!])\n )\n await this.exchangeDataMapManager.createExchangeDataMaps(newExchangeDataMaps)\n return {\n ...entity,\n securityMetadata: new SecurityMetadata({ secureDelegations, keysEquivalences }),\n }\n }\n\n /**\n * Make a request for sharing an entity with a delegate or to update existing shared metadata by adding additional secretIds, encryptionKeys or\n * owningEntityIds if there is already some metadata shared between the current data owner and the delegate. In case there is already a delegation\n * for the delegate, and it already contains all the provided metadata, this method returns undefined, since there is no need to make any request to\n * share the provided data.\n * @param entityWithType an entity with type\n * @param delegateId the id of the delegate\n * @param shareSecretIds the secret ids to share\n * @param shareEncryptionKeys the encryption keys to share\n * @param shareOwningEntityIds the owning entity ids to share\n * @param newDelegationPermissions the permissions to grant to the delegate in case a new delegation needs to be created. If this method creates an\n * update request instead of a share request, this parameter is ignored.\n * @return the request to share the entity, or the request to update the shared metadata for the entity, or undefined if there is no need to update\n * the entity to allow the delegate to access the provided data.\n */\n async makeShareOrUpdateRequestParams(\n entityWithType: EncryptedEntityWithType,\n delegateId: string,\n shareSecretIds: string[],\n shareEncryptionKeys: string[],\n shareOwningEntityIds: string[],\n newDelegationPermissions: EntityShareRequest.RequestedPermissionInternal\n ): Promise<EntityShareOrMetadataUpdateRequest | undefined> {\n const exchangeDataInfo = await this.exchangeDataManager.getOrCreateEncryptionDataTo(\n delegateId,\n entityWithType.type,\n entityWithType.entity.secretForeignKeys ?? []\n )\n const accessControlHashes = await this.accessControlSecretUtils.secureDelegationKeysFor(\n exchangeDataInfo.accessControlSecret,\n entityWithType.type,\n entityWithType.entity.secretForeignKeys ?? []\n )\n const existingSecureDelegation = this.getExistingCanonicalKeyAndSecureDelegation(entityWithType.entity, accessControlHashes)\n if (existingSecureDelegation) {\n const updateParams = await this.makeUpdateRequestParams(\n existingSecureDelegation.canonicalKey,\n existingSecureDelegation.secureDelegation,\n exchangeDataInfo,\n shareSecretIds,\n shareEncryptionKeys,\n shareOwningEntityIds\n )\n return updateParams ? { update: updateParams } : undefined\n } else {\n const accessControlKeys = (\n await this.accessControlSecretUtils.accessControlKeysFor(\n exchangeDataInfo.accessControlSecret,\n entityWithType.type,\n entityWithType.entity.secretForeignKeys ?? []\n )\n ).map((x) => ua2hex(x))\n return {\n share: await this.makeShareRequestParams(\n exchangeDataInfo,\n accessControlKeys,\n delegateId,\n shareSecretIds,\n shareEncryptionKeys,\n shareOwningEntityIds,\n newDelegationPermissions\n ),\n }\n }\n }\n\n private async makeUpdateRequestParams(\n canonicalKey: string,\n existingDelegation: SecureDelegation,\n exchangeDataInfo: { exchangeData: ExchangeData; accessControlSecret: string; exchangeKey: CryptoKey },\n shareSecretIds: string[],\n shareEncryptionKeys: string[],\n shareOwningEntityIds: string[]\n ): Promise<EntitySharedMetadataUpdateRequest | undefined> {\n const existingSecretIds = new Set(await this.secureDelegationsEncryption.decryptSecretIds(existingDelegation, exchangeDataInfo.exchangeKey))\n const existingEncryptionKeys = new Set(\n await this.secureDelegationsEncryption.decryptEncryptionKeys(existingDelegation, exchangeDataInfo.exchangeKey)\n )\n const existingOwningEntityIds = new Set(\n await this.secureDelegationsEncryption.decryptOwningEntityIds(existingDelegation, exchangeDataInfo.exchangeKey)\n )\n const newSecretIds = shareSecretIds.filter((id) => !existingSecretIds.has(id))\n const newEncryptionKeys = shareEncryptionKeys.filter((key) => !existingEncryptionKeys.has(key))\n const newOwningEntityIds = shareOwningEntityIds.filter((id) => !existingOwningEntityIds.has(id))\n if (newSecretIds.length || newEncryptionKeys.length || newOwningEntityIds.length) {\n const encryptedNewSecretIds = await this.secureDelegationsEncryption.encryptSecretIds(newSecretIds, exchangeDataInfo.exchangeKey)\n const encryptedNewEncryptionKeys = await this.secureDelegationsEncryption.encryptEncryptionKeys(newEncryptionKeys, exchangeDataInfo.exchangeKey)\n const encryptedNewOwningEntityIds = await this.secureDelegationsEncryption.encryptOwningEntityIds(\n newOwningEntityIds,\n exchangeDataInfo.exchangeKey\n )\n return new EntitySharedMetadataUpdateRequest({\n metadataAccessControlHash: canonicalKey,\n secretIds: Object.fromEntries(encryptedNewSecretIds.map((id) => [id, EntryUpdateTypeEnum.CREATE])),\n encryptionKeys: Object.fromEntries(encryptedNewEncryptionKeys.map((key) => [key, EntryUpdateTypeEnum.CREATE])),\n owningEntityIds: Object.fromEntries(encryptedNewOwningEntityIds.map((id) => [id, EntryUpdateTypeEnum.CREATE])),\n })\n } else return undefined\n }\n\n private async makeShareRequestParams(\n exchangeDataInfo: { exchangeData: ExchangeData; accessControlSecret: string; exchangeKey: CryptoKey },\n accessControlKeys: string[],\n delegateId: string,\n shareSecretIds: string[],\n shareEncryptionKeys: string[],\n shareOwningEntityIds: string[],\n newDelegationPermissions: EntityShareRequest.RequestedPermissionInternal\n ): Promise<EntityShareRequest> {\n return new EntityShareRequest({\n ...(await this.makeSecureDelegationEncryptedData(exchangeDataInfo, delegateId, shareSecretIds, shareEncryptionKeys, shareOwningEntityIds)),\n requestedPermissions: newDelegationPermissions,\n accessControlKeys,\n })\n }\n\n private async makeSecureDelegationInfo(\n entity: EncryptedEntityWithType,\n delegateId: string,\n shareSecretIds: string[],\n shareEncryptionKeys: string[],\n shareOwningEntityIds: string[],\n permissions: AccessLevelEnum,\n parentDelegationKey: string | undefined\n ): Promise<{\n canonicalDelegationKey: string\n canonicalAccessControlKey: string\n delegation: SecureDelegation\n encryptedExchangeDataId: { [fp: string]: string } | undefined\n delegationKeyEquivalences: { [alias: string]: string }\n }> {\n // Be wary of explicit delegator and explicit delegate\n const exchangeDataInfo = await this.exchangeDataManager.getOrCreateEncryptionDataTo(\n delegateId,\n entity.type,\n entity.entity.secretForeignKeys ?? []\n )\n const accessControlHashes = await this.accessControlSecretUtils.secureDelegationKeysFor(\n exchangeDataInfo.accessControlSecret,\n entity.type,\n entity.entity.secretForeignKeys ?? []\n )\n const accessControlKeys = (\n await this.accessControlSecretUtils.accessControlKeysFor(\n exchangeDataInfo.accessControlSecret,\n entity.type,\n entity.entity.secretForeignKeys ?? []\n )\n ).map((x) => ua2hex(x))\n const accessControlKeysToHashes = accessControlKeys\n .map((key, index) => {\n return [key, accessControlHashes[index]]\n })\n .sort((a, b) => a[1].localeCompare(b[1]))\n\n const canonicalKey = accessControlKeysToHashes[0][1]\n const keyEquivalences = Object.fromEntries(accessControlKeysToHashes.slice(1).map((hash) => [hash[1], canonicalKey]))\n const encryptedDelegationInfo = await this.makeSecureDelegationEncryptedData(\n exchangeDataInfo,\n delegateId,\n shareSecretIds,\n shareEncryptionKeys,\n shareOwningEntityIds\n )\n const delegation = new SecureDelegation({\n delegator: encryptedDelegationInfo?.explicitDelegator,\n delegate: encryptedDelegationInfo?.explicitDelegate,\n secretIds: encryptedDelegationInfo?.secretIds,\n encryptionKeys: encryptedDelegationInfo?.encryptionKeys,\n owningEntityIds: encryptedDelegationInfo?.owningEntityIds,\n parentDelegations: parentDelegationKey ? [parentDelegationKey] : undefined,\n exchangeDataId: encryptedDelegationInfo?.exchangeDataId,\n encryptedExchangeDataId: encryptedDelegationInfo?.encryptedExchangeDataId,\n permissions: permissions,\n })\n return {\n canonicalDelegationKey: canonicalKey,\n canonicalAccessControlKey: accessControlKeysToHashes[0][0],\n delegation,\n encryptedExchangeDataId: encryptedDelegationInfo?.encryptedExchangeDataId,\n delegationKeyEquivalences: keyEquivalences,\n }\n }\n\n private async makeSecureDelegationEncryptedData(\n exchangeDataInfo: { exchangeData: ExchangeData; accessControlSecret: string; exchangeKey: CryptoKey },\n delegateId: string,\n shareSecretIds: string[],\n shareEncryptionKeys: string[],\n shareOwningEntityIds: string[]\n ): Promise<{\n explicitDelegator?: string\n explicitDelegate?: string\n secretIds?: string[]\n encryptionKeys?: string[]\n owningEntityIds?: string[]\n exchangeDataId?: string\n encryptedExchangeDataId?: { [fp: string]: string } // TODO if secure delegation info, check cache before calculating\n }> {\n const selfId = await this.dataOwnerApi.getCurrentDataOwnerId()\n const exchangeDataIdInfo =\n delegateId === selfId\n ? this.makeExchangeDataIdInfoForSelf(selfId, exchangeDataInfo.exchangeData)\n : await this.makeExchangeDataIdInfoForDelegate(selfId, delegateId, exchangeDataInfo.exchangeData)\n const encryptedSecretIds = await this.secureDelegationsEncryption.encryptSecretIds(shareSecretIds, exchangeDataInfo.exchangeKey)\n const encryptedEncryptionKeys = await this.secureDelegationsEncryption.encryptEncryptionKeys(shareEncryptionKeys, exchangeDataInfo.exchangeKey)\n const encryptedOwningEntityIds = await this.secureDelegationsEncryption.encryptOwningEntityIds(shareOwningEntityIds, exchangeDataInfo.exchangeKey)\n return {\n ...exchangeDataIdInfo,\n secretIds: encryptedSecretIds,\n encryptionKeys: encryptedEncryptionKeys,\n owningEntityIds: encryptedOwningEntityIds,\n }\n }\n\n private async makeExchangeDataIdInfoForDelegate(\n selfId: string,\n delegateId: string,\n exchangeData: ExchangeData\n ): Promise<{\n exchangeDataId?: string\n encryptedExchangeDataId?: { [fp: string]: string }\n explicitDelegator?: string\n explicitDelegate?: string\n }> {\n const delegateInfo = await this.getDataOwnerInfo(delegateId)\n if (!delegateInfo.requiresAnonymousDelegations && !this.selfNeedsAnonymousDelegations) {\n return {\n explicitDelegator: selfId,\n explicitDelegate: delegateId,\n exchangeDataId: exchangeData.id,\n }\n } else if (delegateInfo.requiresAnonymousDelegations && !this.selfNeedsAnonymousDelegations) {\n return {\n explicitDelegator: selfId,\n encryptedExchangeDataId: await this.secureDelegationsEncryption.encryptExchangeDataId(\n exchangeData.id!,\n Object.fromEntries(this.userKeys.getSelfVerifiedKeys().map((keyInfo) => [keyInfo.fingerprint, keyInfo.pair.publicKey]))\n ),\n }\n } else if (!delegateInfo.requiresAnonymousDelegations && this.selfNeedsAnonymousDelegations) {\n const fingerprintsOfVerifiedExchangeData = new Set(Object.keys(exchangeData.exchangeKey))\n const delegateVerifiedKeys: { [fp: string]: CryptoKey } = {}\n for (const keyHex of [...delegateInfo.availablePublicKeysHexWithSha1, ...delegateInfo.availablePublicKeysHexWithSha256]) {\n const currFp = fingerprintV2(keyHex)\n const shaVersion = delegateInfo.availablePublicKeysHexWithSha1.includes(keyHex) ? 'sha-1' : 'sha-256'\n if (fingerprintsOfVerifiedExchangeData.has(currFp)) {\n delegateVerifiedKeys[currFp] = await this.primitives.RSA.importKey('spki', hex2ua(keyHex), ['encrypt'], shaVersion)\n }\n }\n if (!Object.keys(delegateVerifiedKeys).length)\n throw new Error('Illegal state: could not find any verified key for delegate in verified exchange data.')\n return {\n explicitDelegate: delegateId,\n encryptedExchangeDataId: await this.secureDelegationsEncryption.encryptExchangeDataId(exchangeData.id!, delegateVerifiedKeys),\n }\n } else return {}\n }\n\n private makeExchangeDataIdInfoForSelf(\n selfId: string,\n exchangeData: ExchangeData\n ): {\n exchangeDataId?: string\n encryptedExchangeDataId?: { [fp: string]: string }\n explicitDelegator?: string\n explicitDelegate?: string\n } {\n if (this.selfNeedsAnonymousDelegations) {\n return {}\n } else {\n return {\n exchangeDataId: exchangeData.id,\n explicitDelegator: selfId,\n explicitDelegate: selfId,\n }\n }\n }\n\n private async getDataOwnerInfo(dataOwnerId: string) {\n return this.dataOwnerInfoCache.get(dataOwnerId, async () => {\n const dataOwnerWithType = await this.dataOwnerApi.getCryptoActorStub(dataOwnerId)\n return {\n item: {\n requiresAnonymousDelegations: this.cryptoStrategies.dataOwnerRequiresAnonymousDelegation(dataOwnerWithType),\n availablePublicKeysHexWithSha1: Array.from(hexPublicKeysWithSha1Of(dataOwnerWithType.stub)),\n availablePublicKeysHexWithSha256: Array.from(hexPublicKeysWithSha256Of(dataOwnerWithType.stub)),\n },\n }\n })\n }\n\n private getExistingCanonicalKeyAndSecureDelegation(\n entity: EncryptedEntityStub | EncryptedEntity,\n hashes: string[]\n ): { canonicalKey: string; secureDelegation: SecureDelegation } | undefined {\n const securityMetadata = entity.securityMetadata ?? {}\n const canonicalByEquivalences = Array.from(new Set(hashes.flatMap((hash) => securityMetadata.keysEquivalences?.[hash] ?? [])))\n const directRetrievals = hashes.flatMap((hash) => {\n const retrievedMetadata = securityMetadata.secureDelegations?.[hash]\n return retrievedMetadata ? { canonicalKey: hash, secureDelegation: retrievedMetadata } : []\n })\n if (\n directRetrievals.length > 1 ||\n canonicalByEquivalences.length > 1 ||\n (!!canonicalByEquivalences[0] && !!directRetrievals[0]?.canonicalKey && canonicalByEquivalences[0] !== directRetrievals[0]?.canonicalKey)\n )\n throw new Error('Illegal state: multiple secure delegations matching equivalent hashes of entity.')\n const canonicalFromEquivalences = canonicalByEquivalences[0]\n const retrievedFromEquivalences = securityMetadata.secureDelegations?.[canonicalFromEquivalences]\n return (\n directRetrievals[0] ??\n (!!canonicalFromEquivalences && !!retrievedFromEquivalences\n ? { canonicalKey: canonicalFromEquivalences, secureDelegation: retrievedFromEquivalences }\n : undefined)\n )\n }\n}\n"]}