@icure/api 7.1.16 → 8.0.0-RC.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (363) hide show
  1. package/icc-api/api/IccAccesslogApi.d.ts +12 -1
  2. package/icc-api/api/IccAccesslogApi.js +142 -98
  3. package/icc-api/api/IccAccesslogApi.js.map +1 -1
  4. package/icc-api/api/IccBemikronoApi.d.ts +81 -0
  5. package/icc-api/api/IccBemikronoApi.js +163 -0
  6. package/icc-api/api/IccBemikronoApi.js.map +1 -0
  7. package/icc-api/api/IccCalendarItemApi.d.ts +21 -1
  8. package/icc-api/api/IccCalendarItemApi.js +183 -117
  9. package/icc-api/api/IccCalendarItemApi.js.map +1 -1
  10. package/icc-api/api/IccClassificationApi.d.ts +21 -1
  11. package/icc-api/api/IccClassificationApi.js +119 -63
  12. package/icc-api/api/IccClassificationApi.js.map +1 -1
  13. package/icc-api/api/IccContactApi.d.ts +21 -1
  14. package/icc-api/api/IccContactApi.js +385 -294
  15. package/icc-api/api/IccContactApi.js.map +1 -1
  16. package/icc-api/api/IccDocumentApi.d.ts +38 -25
  17. package/icc-api/api/IccDocumentApi.js +279 -212
  18. package/icc-api/api/IccDocumentApi.js.map +1 -1
  19. package/icc-api/api/IccExchangeDataApi.d.ts +19 -0
  20. package/icc-api/api/IccExchangeDataApi.js +85 -0
  21. package/icc-api/api/IccExchangeDataApi.js.map +1 -0
  22. package/icc-api/api/IccExchangeDataMapApi.d.ts +18 -0
  23. package/icc-api/api/IccExchangeDataMapApi.js +65 -0
  24. package/icc-api/api/IccExchangeDataMapApi.js.map +1 -0
  25. package/icc-api/api/IccFormApi.d.ts +21 -1
  26. package/icc-api/api/IccFormApi.js +321 -229
  27. package/icc-api/api/IccFormApi.js.map +1 -1
  28. package/icc-api/api/IccHelementApi.d.ts +21 -1
  29. package/icc-api/api/IccHelementApi.js +207 -137
  30. package/icc-api/api/IccHelementApi.js.map +1 -1
  31. package/icc-api/api/IccInvoiceApi.d.ts +21 -1
  32. package/icc-api/api/IccInvoiceApi.js +404 -298
  33. package/icc-api/api/IccInvoiceApi.js.map +1 -1
  34. package/icc-api/api/IccMaintenanceTaskApi.d.ts +12 -1
  35. package/icc-api/api/IccMaintenanceTaskApi.js +79 -43
  36. package/icc-api/api/IccMaintenanceTaskApi.js.map +1 -1
  37. package/icc-api/api/IccMessageApi.d.ts +28 -1
  38. package/icc-api/api/IccMessageApi.js +294 -191
  39. package/icc-api/api/IccMessageApi.js.map +1 -1
  40. package/icc-api/api/IccPatientApi.d.ts +12 -1
  41. package/icc-api/api/IccPatientApi.js +447 -351
  42. package/icc-api/api/IccPatientApi.js.map +1 -1
  43. package/icc-api/api/IccReceiptApi.d.ts +22 -8
  44. package/icc-api/api/IccReceiptApi.js +121 -64
  45. package/icc-api/api/IccReceiptApi.js.map +1 -1
  46. package/icc-api/api/IccRestApiPath.js +1 -1
  47. package/icc-api/api/IccRestApiPath.js.map +1 -1
  48. package/icc-api/api/IccSecureDelegationKeyMapApi.d.ts +26 -0
  49. package/icc-api/api/IccSecureDelegationKeyMapApi.js +71 -0
  50. package/icc-api/api/IccSecureDelegationKeyMapApi.js.map +1 -0
  51. package/icc-api/api/IccTimeTableApi.d.ts +12 -1
  52. package/icc-api/api/IccTimeTableApi.js +86 -48
  53. package/icc-api/api/IccTimeTableApi.js.map +1 -1
  54. package/icc-api/api/IccTopicApi.d.ts +90 -0
  55. package/icc-api/api/IccTopicApi.js +193 -0
  56. package/icc-api/api/IccTopicApi.js.map +1 -0
  57. package/icc-api/index.d.ts +2 -0
  58. package/icc-api/index.js +2 -0
  59. package/icc-api/index.js.map +1 -1
  60. package/icc-api/model/AbstractFilterMessage.d.ts +15 -0
  61. package/icc-api/model/AbstractFilterMessage.js +21 -0
  62. package/icc-api/model/AbstractFilterMessage.js.map +1 -0
  63. package/icc-api/model/AbstractFilterTopic.d.ts +15 -0
  64. package/icc-api/model/AbstractFilterTopic.js +21 -0
  65. package/icc-api/model/AbstractFilterTopic.js.map +1 -0
  66. package/icc-api/model/AccessLog.d.ts +2 -0
  67. package/icc-api/model/AccessLog.js.map +1 -1
  68. package/icc-api/model/Article.d.ts +2 -0
  69. package/icc-api/model/Article.js.map +1 -1
  70. package/icc-api/model/CalendarItem.d.ts +2 -0
  71. package/icc-api/model/CalendarItem.js.map +1 -1
  72. package/icc-api/model/Classification.d.ts +2 -0
  73. package/icc-api/model/Classification.js.map +1 -1
  74. package/icc-api/model/ClassificationTemplate.d.ts +2 -0
  75. package/icc-api/model/ClassificationTemplate.js.map +1 -1
  76. package/icc-api/model/Connection.d.ts +1 -1
  77. package/icc-api/model/Connection.js.map +1 -1
  78. package/icc-api/model/Contact.d.ts +2 -0
  79. package/icc-api/model/Contact.js.map +1 -1
  80. package/icc-api/model/Device.d.ts +4 -4
  81. package/icc-api/model/Device.js.map +1 -1
  82. package/icc-api/model/Document.d.ts +2 -0
  83. package/icc-api/model/Document.js.map +1 -1
  84. package/icc-api/model/ExchangeDataMapCreationBatch.d.ts +13 -0
  85. package/icc-api/model/ExchangeDataMapCreationBatch.js +10 -0
  86. package/icc-api/model/ExchangeDataMapCreationBatch.js.map +1 -0
  87. package/icc-api/model/FilterChainMessage.d.ts +19 -0
  88. package/icc-api/model/FilterChainMessage.js +11 -0
  89. package/icc-api/model/FilterChainMessage.js.map +1 -0
  90. package/icc-api/model/FilterChainTopic.d.ts +19 -0
  91. package/icc-api/model/FilterChainTopic.js +11 -0
  92. package/icc-api/model/FilterChainTopic.js.map +1 -0
  93. package/icc-api/model/Form.d.ts +2 -0
  94. package/icc-api/model/Form.js.map +1 -1
  95. package/icc-api/model/HealthElement.d.ts +2 -0
  96. package/icc-api/model/HealthElement.js.map +1 -1
  97. package/icc-api/model/HealthcareParty.d.ts +2 -2
  98. package/icc-api/model/HealthcareParty.js +13 -1
  99. package/icc-api/model/HealthcareParty.js.map +1 -1
  100. package/icc-api/model/IcureStub.d.ts +2 -0
  101. package/icc-api/model/IcureStub.js.map +1 -1
  102. package/icc-api/model/Invoice.d.ts +2 -0
  103. package/icc-api/model/Invoice.js.map +1 -1
  104. package/icc-api/model/MaintenanceTask.d.ts +13 -10
  105. package/icc-api/model/MaintenanceTask.js +13 -11
  106. package/icc-api/model/MaintenanceTask.js.map +1 -1
  107. package/icc-api/model/Message.d.ts +2 -0
  108. package/icc-api/model/Message.js.map +1 -1
  109. package/icc-api/model/PaginatedListExchangeData.d.ts +9 -0
  110. package/icc-api/model/PaginatedListExchangeData.js +10 -0
  111. package/icc-api/model/PaginatedListExchangeData.js.map +1 -0
  112. package/icc-api/model/PaginatedListTopic.d.ts +20 -0
  113. package/icc-api/model/PaginatedListTopic.js +10 -0
  114. package/icc-api/model/PaginatedListTopic.js.map +1 -0
  115. package/icc-api/model/Patient.d.ts +4 -2
  116. package/icc-api/model/Patient.js.map +1 -1
  117. package/icc-api/model/PatientByHcPartyGenderEducationProfession.d.ts +31 -0
  118. package/icc-api/model/PatientByHcPartyGenderEducationProfession.js +32 -0
  119. package/icc-api/model/PatientByHcPartyGenderEducationProfession.js.map +1 -0
  120. package/icc-api/model/Receipt.d.ts +2 -0
  121. package/icc-api/model/Receipt.js.map +1 -1
  122. package/icc-api/model/SecureDelegation.d.ts +52 -0
  123. package/icc-api/model/SecureDelegation.js +16 -0
  124. package/icc-api/model/SecureDelegation.js.map +1 -0
  125. package/icc-api/model/SecurityMetadata.d.ts +33 -0
  126. package/icc-api/model/SecurityMetadata.js +13 -0
  127. package/icc-api/model/SecurityMetadata.js.map +1 -0
  128. package/icc-api/model/Service.d.ts +2 -0
  129. package/icc-api/model/Service.js.map +1 -1
  130. package/icc-api/model/TimeTable.d.ts +2 -0
  131. package/icc-api/model/TimeTable.js.map +1 -1
  132. package/icc-api/model/Topic.d.ts +95 -0
  133. package/icc-api/model/Topic.js +16 -0
  134. package/icc-api/model/Topic.js.map +1 -0
  135. package/icc-api/model/internal/ExchangeData.d.ts +64 -0
  136. package/icc-api/model/internal/ExchangeData.js +15 -0
  137. package/icc-api/model/internal/ExchangeData.js.map +1 -0
  138. package/icc-api/model/internal/ExchangeDataMap.d.ts +24 -0
  139. package/icc-api/model/internal/ExchangeDataMap.js +13 -0
  140. package/icc-api/model/internal/ExchangeDataMap.js.map +1 -0
  141. package/icc-api/model/internal/SecureDelegationKeyMap.d.ts +14 -0
  142. package/icc-api/model/internal/SecureDelegationKeyMap.js +13 -0
  143. package/icc-api/model/internal/SecureDelegationKeyMap.js.map +1 -0
  144. package/icc-api/model/models.d.ts +26 -40
  145. package/icc-api/model/models.js +19 -37
  146. package/icc-api/model/models.js.map +1 -1
  147. package/icc-api/model/requests/EntityBulkShareResult.d.ts +28 -0
  148. package/icc-api/model/requests/EntityBulkShareResult.js +16 -0
  149. package/icc-api/model/requests/EntityBulkShareResult.js.map +1 -0
  150. package/icc-api/model/requests/EntityShareOrMetadataUpdateRequest.d.ts +10 -0
  151. package/icc-api/model/requests/EntityShareOrMetadataUpdateRequest.js +17 -0
  152. package/icc-api/model/requests/EntityShareOrMetadataUpdateRequest.js.map +1 -0
  153. package/icc-api/model/requests/EntityShareRequest.d.ts +110 -0
  154. package/icc-api/model/requests/EntityShareRequest.js +63 -0
  155. package/icc-api/model/requests/EntityShareRequest.js.map +1 -0
  156. package/icc-api/model/requests/EntitySharedMetadataUpdateRequest.d.ts +54 -0
  157. package/icc-api/model/requests/EntitySharedMetadataUpdateRequest.js +24 -0
  158. package/icc-api/model/requests/EntitySharedMetadataUpdateRequest.js.map +1 -0
  159. package/icc-api/model/requests/MinimalEntityBulkShareResult.d.ts +23 -0
  160. package/icc-api/model/requests/MinimalEntityBulkShareResult.js +13 -0
  161. package/icc-api/model/requests/MinimalEntityBulkShareResult.js.map +1 -0
  162. package/icc-api/model/requests/RejectedShareOrMetadataUpdateRequest.d.ts +21 -0
  163. package/icc-api/model/requests/RejectedShareOrMetadataUpdateRequest.js +14 -0
  164. package/icc-api/model/requests/RejectedShareOrMetadataUpdateRequest.js.map +1 -0
  165. package/icc-x-api/basexapi/EncryptedEntityXApi.d.ts +55 -6
  166. package/icc-x-api/basexapi/EncryptedEntityXApi.js.map +1 -1
  167. package/icc-x-api/crypto/AES.js +1 -1
  168. package/icc-x-api/crypto/AES.js.map +1 -1
  169. package/icc-x-api/crypto/AccessControlKeysHeadersProvider.d.ts +18 -0
  170. package/icc-x-api/crypto/AccessControlKeysHeadersProvider.js +50 -0
  171. package/icc-x-api/crypto/AccessControlKeysHeadersProvider.js.map +1 -0
  172. package/icc-x-api/crypto/AccessControlSecretUtils.d.ts +43 -0
  173. package/icc-x-api/crypto/AccessControlSecretUtils.js +97 -0
  174. package/icc-x-api/crypto/AccessControlSecretUtils.js.map +1 -0
  175. package/icc-x-api/crypto/BaseExchangeDataManager.d.ts +146 -0
  176. package/icc-x-api/crypto/BaseExchangeDataManager.js +342 -0
  177. package/icc-x-api/crypto/BaseExchangeDataManager.js.map +1 -0
  178. package/icc-x-api/crypto/BaseExchangeKeysManager.d.ts +0 -18
  179. package/icc-x-api/crypto/BaseExchangeKeysManager.js +11 -85
  180. package/icc-x-api/crypto/BaseExchangeKeysManager.js.map +1 -1
  181. package/icc-x-api/crypto/ConfidentialEntities.d.ts +26 -16
  182. package/icc-x-api/crypto/ConfidentialEntities.js +30 -17
  183. package/icc-x-api/crypto/ConfidentialEntities.js.map +1 -1
  184. package/icc-x-api/crypto/CryptoStrategies.d.ts +8 -1
  185. package/icc-x-api/crypto/CryptoStrategies.js.map +1 -1
  186. package/icc-x-api/crypto/DelegationsDeAnonymization.d.ts +44 -0
  187. package/icc-x-api/crypto/DelegationsDeAnonymization.js +235 -0
  188. package/icc-x-api/crypto/DelegationsDeAnonymization.js.map +1 -0
  189. package/icc-x-api/crypto/ExchangeDataManager.d.ts +97 -0
  190. package/icc-x-api/crypto/ExchangeDataManager.js +501 -0
  191. package/icc-x-api/crypto/ExchangeDataManager.js.map +1 -0
  192. package/icc-x-api/crypto/ExchangeDataMapManager.d.ts +32 -0
  193. package/icc-x-api/crypto/ExchangeDataMapManager.js +70 -0
  194. package/icc-x-api/crypto/ExchangeDataMapManager.js.map +1 -0
  195. package/icc-x-api/crypto/ExchangeKeysManager.d.ts +4 -16
  196. package/icc-x-api/crypto/ExchangeKeysManager.js +4 -62
  197. package/icc-x-api/crypto/ExchangeKeysManager.js.map +1 -1
  198. package/icc-x-api/crypto/ExtendedApisUtils.d.ts +326 -0
  199. package/icc-x-api/crypto/ExtendedApisUtils.js +3 -0
  200. package/icc-x-api/crypto/ExtendedApisUtils.js.map +1 -0
  201. package/icc-x-api/crypto/ExtendedApisUtilsImpl.d.ts +174 -0
  202. package/icc-x-api/crypto/ExtendedApisUtilsImpl.js +559 -0
  203. package/icc-x-api/crypto/ExtendedApisUtilsImpl.js.map +1 -0
  204. package/icc-x-api/crypto/KeyRecovery.d.ts +5 -2
  205. package/icc-x-api/crypto/KeyRecovery.js +59 -29
  206. package/icc-x-api/crypto/KeyRecovery.js.map +1 -1
  207. package/icc-x-api/crypto/LegacyCryptoStrategies.d.ts +7 -2
  208. package/icc-x-api/crypto/LegacyCryptoStrategies.js +8 -1
  209. package/icc-x-api/crypto/LegacyCryptoStrategies.js.map +1 -1
  210. package/icc-x-api/crypto/LegacyDelegationSecurityMetadataDecryptor.d.ts +33 -0
  211. package/icc-x-api/crypto/LegacyDelegationSecurityMetadataDecryptor.js +141 -0
  212. package/icc-x-api/crypto/LegacyDelegationSecurityMetadataDecryptor.js.map +1 -0
  213. package/icc-x-api/crypto/RSA.d.ts +34 -8
  214. package/icc-x-api/crypto/RSA.js +80 -13
  215. package/icc-x-api/crypto/RSA.js.map +1 -1
  216. package/icc-x-api/crypto/SecureDelegationsEncryption.d.ts +54 -0
  217. package/icc-x-api/crypto/SecureDelegationsEncryption.js +178 -0
  218. package/icc-x-api/crypto/SecureDelegationsEncryption.js.map +1 -0
  219. package/icc-x-api/crypto/SecureDelegationsManager.d.ts +66 -0
  220. package/icc-x-api/crypto/SecureDelegationsManager.js +261 -0
  221. package/icc-x-api/crypto/SecureDelegationsManager.js.map +1 -0
  222. package/icc-x-api/crypto/SecureDelegationsSecurityMetadataDecryptor.d.ts +46 -0
  223. package/icc-x-api/crypto/SecureDelegationsSecurityMetadataDecryptor.js +312 -0
  224. package/icc-x-api/crypto/SecureDelegationsSecurityMetadataDecryptor.js.map +1 -0
  225. package/icc-x-api/crypto/SecurityMetadataDecryptor.d.ts +97 -0
  226. package/icc-x-api/crypto/SecurityMetadataDecryptor.js +79 -0
  227. package/icc-x-api/crypto/SecurityMetadataDecryptor.js.map +1 -0
  228. package/icc-x-api/crypto/ShamirKeysManager.d.ts +5 -5
  229. package/icc-x-api/crypto/ShamirKeysManager.js +6 -9
  230. package/icc-x-api/crypto/ShamirKeysManager.js.map +1 -1
  231. package/icc-x-api/crypto/TransferKeysManager.d.ts +8 -6
  232. package/icc-x-api/crypto/TransferKeysManager.js +75 -52
  233. package/icc-x-api/crypto/TransferKeysManager.js.map +1 -1
  234. package/icc-x-api/crypto/{KeyManager.d.ts → UserEncryptionKeysManager.d.ts} +4 -6
  235. package/icc-x-api/crypto/{KeyManager.js → UserEncryptionKeysManager.js} +43 -23
  236. package/icc-x-api/crypto/UserEncryptionKeysManager.js.map +1 -0
  237. package/icc-x-api/crypto/UserSignatureKeysManager.d.ts +26 -0
  238. package/icc-x-api/crypto/UserSignatureKeysManager.js +74 -0
  239. package/icc-x-api/crypto/UserSignatureKeysManager.js.map +1 -0
  240. package/icc-x-api/crypto/utils.d.ts +61 -11
  241. package/icc-x-api/crypto/utils.js +113 -44
  242. package/icc-x-api/crypto/utils.js.map +1 -1
  243. package/icc-x-api/filters/LatestMessageByHcPartyTransportGuidFilter.d.ts +8 -0
  244. package/icc-x-api/filters/LatestMessageByHcPartyTransportGuidFilter.js +13 -0
  245. package/icc-x-api/filters/LatestMessageByHcPartyTransportGuidFilter.js.map +1 -0
  246. package/icc-x-api/filters/MessageByHcPartyFilter.d.ts +7 -0
  247. package/icc-x-api/filters/MessageByHcPartyFilter.js +13 -0
  248. package/icc-x-api/filters/MessageByHcPartyFilter.js.map +1 -0
  249. package/icc-x-api/filters/MessageByHcPartyTransportGuidFilter.d.ts +8 -0
  250. package/icc-x-api/filters/MessageByHcPartyTransportGuidFilter.js +13 -0
  251. package/icc-x-api/filters/MessageByHcPartyTransportGuidFilter.js.map +1 -0
  252. package/icc-x-api/filters/TopicByHcPartyFilter.d.ts +7 -0
  253. package/icc-x-api/filters/TopicByHcPartyFilter.js +13 -0
  254. package/icc-x-api/filters/TopicByHcPartyFilter.js.map +1 -0
  255. package/icc-x-api/filters/TopicByParticipantFilter.d.ts +7 -0
  256. package/icc-x-api/filters/TopicByParticipantFilter.js +13 -0
  257. package/icc-x-api/filters/TopicByParticipantFilter.js.map +1 -0
  258. package/icc-x-api/filters/filters.d.ts +5 -0
  259. package/icc-x-api/filters/filters.js +5 -0
  260. package/icc-x-api/filters/filters.js.map +1 -1
  261. package/icc-x-api/icc-accesslog-x-api.d.ts +49 -12
  262. package/icc-x-api/icc-accesslog-x-api.js +81 -44
  263. package/icc-x-api/icc-accesslog-x-api.js.map +1 -1
  264. package/icc-x-api/icc-calendar-item-x-api.d.ts +53 -15
  265. package/icc-x-api/icc-calendar-item-x-api.js +105 -51
  266. package/icc-x-api/icc-calendar-item-x-api.js.map +1 -1
  267. package/icc-x-api/icc-classification-x-api.d.ts +47 -10
  268. package/icc-x-api/icc-classification-x-api.js +62 -33
  269. package/icc-x-api/icc-classification-x-api.js.map +1 -1
  270. package/icc-x-api/icc-contact-x-api.d.ts +59 -33
  271. package/icc-x-api/icc-contact-x-api.js +101 -66
  272. package/icc-x-api/icc-contact-x-api.js.map +1 -1
  273. package/icc-x-api/icc-crypto-x-api.d.ts +33 -333
  274. package/icc-x-api/icc-crypto-x-api.js +47 -764
  275. package/icc-x-api/icc-crypto-x-api.js.map +1 -1
  276. package/icc-x-api/icc-data-owner-x-api.d.ts +20 -8
  277. package/icc-x-api/icc-data-owner-x-api.js +31 -10
  278. package/icc-x-api/icc-data-owner-x-api.js.map +1 -1
  279. package/icc-x-api/icc-document-x-api.d.ts +51 -12
  280. package/icc-x-api/icc-document-x-api.js +117 -66
  281. package/icc-x-api/icc-document-x-api.js.map +1 -1
  282. package/icc-x-api/icc-form-x-api.d.ts +48 -11
  283. package/icc-x-api/icc-form-x-api.js +71 -37
  284. package/icc-x-api/icc-form-x-api.js.map +1 -1
  285. package/icc-x-api/icc-hcparty-x-api.d.ts +2 -2
  286. package/icc-x-api/icc-hcparty-x-api.js +3 -3
  287. package/icc-x-api/icc-hcparty-x-api.js.map +1 -1
  288. package/icc-x-api/icc-helement-x-api.d.ts +59 -20
  289. package/icc-x-api/icc-helement-x-api.js +78 -43
  290. package/icc-x-api/icc-helement-x-api.js.map +1 -1
  291. package/icc-x-api/icc-icure-maintenance-x-api.d.ts +7 -2
  292. package/icc-x-api/icc-icure-maintenance-x-api.js +38 -27
  293. package/icc-x-api/icc-icure-maintenance-x-api.js.map +1 -1
  294. package/icc-x-api/icc-invoice-x-api.d.ts +53 -16
  295. package/icc-x-api/icc-invoice-x-api.js +69 -35
  296. package/icc-x-api/icc-invoice-x-api.js.map +1 -1
  297. package/icc-x-api/icc-maintenance-task-x-api.d.ts +56 -22
  298. package/icc-x-api/icc-maintenance-task-x-api.js +77 -36
  299. package/icc-x-api/icc-maintenance-task-x-api.js.map +1 -1
  300. package/icc-x-api/icc-message-x-api.d.ts +75 -19
  301. package/icc-x-api/icc-message-x-api.js +126 -37
  302. package/icc-x-api/icc-message-x-api.js.map +1 -1
  303. package/icc-x-api/icc-patient-x-api.d.ts +86 -29
  304. package/icc-x-api/icc-patient-x-api.js +318 -379
  305. package/icc-x-api/icc-patient-x-api.js.map +1 -1
  306. package/icc-x-api/icc-receipt-x-api.d.ts +47 -13
  307. package/icc-x-api/icc-receipt-x-api.js +72 -36
  308. package/icc-x-api/icc-receipt-x-api.js.map +1 -1
  309. package/icc-x-api/icc-time-table-x-api.d.ts +46 -13
  310. package/icc-x-api/icc-time-table-x-api.js +61 -27
  311. package/icc-x-api/icc-time-table-x-api.js.map +1 -1
  312. package/icc-x-api/icc-topic-x-api.d.ts +191 -0
  313. package/icc-x-api/icc-topic-x-api.js +307 -0
  314. package/icc-x-api/icc-topic-x-api.js.map +1 -0
  315. package/icc-x-api/icc-user-x-api.d.ts +2 -2
  316. package/icc-x-api/icc-user-x-api.js +3 -3
  317. package/icc-x-api/icc-user-x-api.js.map +1 -1
  318. package/icc-x-api/index.d.ts +18 -2
  319. package/icc-x-api/index.js +203 -156
  320. package/icc-x-api/index.js.map +1 -1
  321. package/icc-x-api/maintenance/KeyPairUpdateRequest.d.ts +1 -1
  322. package/icc-x-api/storage/DefaultStorageEntryKeysFactory.d.ts +2 -0
  323. package/icc-x-api/storage/DefaultStorageEntryKeysFactory.js +9 -2
  324. package/icc-x-api/storage/DefaultStorageEntryKeysFactory.js.map +1 -1
  325. package/icc-x-api/storage/IcureStorageFacade.d.ts +23 -2
  326. package/icc-x-api/storage/IcureStorageFacade.js +36 -2
  327. package/icc-x-api/storage/IcureStorageFacade.js.map +1 -1
  328. package/icc-x-api/storage/KeyStorageFacade.d.ts +12 -0
  329. package/icc-x-api/storage/KeyStorageFacade.js.map +1 -1
  330. package/icc-x-api/storage/KeyStorageImpl.d.ts +2 -0
  331. package/icc-x-api/storage/KeyStorageImpl.js +10 -0
  332. package/icc-x-api/storage/KeyStorageImpl.js.map +1 -1
  333. package/icc-x-api/storage/StorageEntryKeysFactory.d.ts +14 -1
  334. package/icc-x-api/storage/StorageEntryKeysFactory.js.map +1 -1
  335. package/icc-x-api/utils/EntityWithDelegationTypeName.d.ts +32 -0
  336. package/icc-x-api/utils/EntityWithDelegationTypeName.js +75 -0
  337. package/icc-x-api/utils/EntityWithDelegationTypeName.js.map +1 -0
  338. package/icc-x-api/utils/ShareResult.d.ts +74 -0
  339. package/icc-x-api/utils/ShareResult.js +61 -0
  340. package/icc-x-api/utils/ShareResult.js.map +1 -0
  341. package/icc-x-api/utils/binary-utils.d.ts +1 -0
  342. package/icc-x-api/utils/binary-utils.js +8 -1
  343. package/icc-x-api/utils/binary-utils.js.map +1 -1
  344. package/icc-x-api/utils/collection-utils.d.ts +5 -0
  345. package/icc-x-api/utils/collection-utils.js +26 -1
  346. package/icc-x-api/utils/collection-utils.js.map +1 -1
  347. package/icc-x-api/utils/crypto-utils.d.ts +4 -3
  348. package/icc-x-api/utils/crypto-utils.js +5 -4
  349. package/icc-x-api/utils/crypto-utils.js.map +1 -1
  350. package/icc-x-api/utils/lru-temporised-async-cache.d.ts +26 -3
  351. package/icc-x-api/utils/lru-temporised-async-cache.js +75 -15
  352. package/icc-x-api/utils/lru-temporised-async-cache.js.map +1 -1
  353. package/icc-x-api/utils/websocket.d.ts +14 -10
  354. package/icc-x-api/utils/websocket.js +26 -9
  355. package/icc-x-api/utils/websocket.js.map +1 -1
  356. package/index.d.ts +1 -1
  357. package/index.js +3 -1
  358. package/index.js.map +1 -1
  359. package/package.json +2 -3
  360. package/icc-x-api/crypto/EntitiesEncryption.d.ts +0 -275
  361. package/icc-x-api/crypto/EntitiesEncryption.js +0 -734
  362. package/icc-x-api/crypto/EntitiesEncryption.js.map +0 -1
  363. package/icc-x-api/crypto/KeyManager.js.map +0 -1
@@ -0,0 +1,46 @@
1
+ import { SecurityMetadataDecryptor } from './SecurityMetadataDecryptor';
2
+ import { SecureDelegation } from '../../icc-api/model/SecureDelegation';
3
+ import { ExchangeDataManager } from './ExchangeDataManager';
4
+ import { EncryptedEntityWithType } from '../utils/EntityWithDelegationTypeName';
5
+ import { SecureDelegationsEncryption } from './SecureDelegationsEncryption';
6
+ import AccessLevel = SecureDelegation.AccessLevelEnum;
7
+ import { EncryptedEntity, EncryptedEntityStub } from '../../icc-api/model/models';
8
+ import { IccDataOwnerXApi } from '../icc-data-owner-x-api';
9
+ import { ExchangeDataMapManager } from './ExchangeDataMapManager';
10
+ import AccessLevelEnum = SecureDelegation.AccessLevelEnum;
11
+ export type DelegationMembersDetails = {
12
+ delegator: string | undefined;
13
+ delegate: string | undefined;
14
+ fullyExplicit: boolean;
15
+ accessControlSecret: string | undefined;
16
+ accessLevel: AccessLevelEnum;
17
+ };
18
+ export declare class SecureDelegationsSecurityMetadataDecryptor implements SecurityMetadataDecryptor {
19
+ private readonly exchangeData;
20
+ private readonly exchangeDataMap;
21
+ private readonly secureDelegationsEncryption;
22
+ private readonly dataOwnerApi;
23
+ constructor(exchangeData: ExchangeDataManager, exchangeDataMap: ExchangeDataMapManager, secureDelegationsEncryption: SecureDelegationsEncryption, dataOwnerApi: IccDataOwnerXApi);
24
+ decryptEncryptionKeysOf(typedEntity: EncryptedEntityWithType, dataOwnersHierarchySubset: string[]): AsyncGenerator<{
25
+ decrypted: string;
26
+ dataOwnersWithAccess: string[];
27
+ }, void, never>;
28
+ decryptOwningEntityIdsOf(typedEntity: EncryptedEntityWithType, dataOwnersHierarchySubset: string[]): AsyncGenerator<{
29
+ decrypted: string;
30
+ dataOwnersWithAccess: string[];
31
+ }, void, never>;
32
+ decryptSecretIdsOf(typedEntity: EncryptedEntityWithType, dataOwnersHierarchySubset: string[]): AsyncGenerator<{
33
+ decrypted: string;
34
+ dataOwnersWithAccess: string[];
35
+ }, void, never>;
36
+ /**
37
+ * Get information for members of secure delegations in the entity. Also provides information for delegations with anonymous delegate and/or
38
+ * delegator if one of the delegation members is the current data owner (or a parent) AND has still access to the exchange data used in the .
39
+ */
40
+ getDelegationMemberDetails(typedEntity: EncryptedEntityWithType): Promise<{
41
+ [delegationKey: string]: DelegationMembersDetails;
42
+ }>;
43
+ hasAnyEncryptionKeys(entity: EncryptedEntity | EncryptedEntityStub): boolean;
44
+ getEntityAccessLevel(typedEntity: EncryptedEntityWithType, dataOwnersHierarchySubset: string[]): Promise<AccessLevel | undefined>;
45
+ private decryptSecureDelegations;
46
+ }
@@ -0,0 +1,312 @@
1
+ "use strict";
2
+ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
3
+ function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
4
+ return new (P || (P = Promise))(function (resolve, reject) {
5
+ function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
6
+ function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
7
+ function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
8
+ step((generator = generator.apply(thisArg, _arguments || [])).next());
9
+ });
10
+ };
11
+ var __await = (this && this.__await) || function (v) { return this instanceof __await ? (this.v = v, this) : new __await(v); }
12
+ var __asyncGenerator = (this && this.__asyncGenerator) || function (thisArg, _arguments, generator) {
13
+ if (!Symbol.asyncIterator) throw new TypeError("Symbol.asyncIterator is not defined.");
14
+ var g = generator.apply(thisArg, _arguments || []), i, q = [];
15
+ return i = {}, verb("next"), verb("throw"), verb("return"), i[Symbol.asyncIterator] = function () { return this; }, i;
16
+ function verb(n) { if (g[n]) i[n] = function (v) { return new Promise(function (a, b) { q.push([n, v, a, b]) > 1 || resume(n, v); }); }; }
17
+ function resume(n, v) { try { step(g[n](v)); } catch (e) { settle(q[0][3], e); } }
18
+ function step(r) { r.value instanceof __await ? Promise.resolve(r.value.v).then(fulfill, reject) : settle(q[0][2], r); }
19
+ function fulfill(value) { resume("next", value); }
20
+ function reject(value) { resume("throw", value); }
21
+ function settle(f, v) { if (f(v), q.shift(), q.length) resume(q[0][0], q[0][1]); }
22
+ };
23
+ Object.defineProperty(exports, "__esModule", { value: true });
24
+ exports.SecureDelegationsSecurityMetadataDecryptor = void 0;
25
+ const SecureDelegation_1 = require("../../icc-api/model/SecureDelegation");
26
+ var AccessLevel = SecureDelegation_1.SecureDelegation.AccessLevelEnum;
27
+ class SecureDelegationsSecurityMetadataDecryptor {
28
+ constructor(exchangeData, exchangeDataMap, secureDelegationsEncryption, dataOwnerApi) {
29
+ this.exchangeData = exchangeData;
30
+ this.exchangeDataMap = exchangeDataMap;
31
+ this.secureDelegationsEncryption = secureDelegationsEncryption;
32
+ this.dataOwnerApi = dataOwnerApi;
33
+ }
34
+ decryptEncryptionKeysOf(typedEntity, dataOwnersHierarchySubset) {
35
+ return this.decryptSecureDelegations(typedEntity, dataOwnersHierarchySubset, (d) => { var _a; return (_a = d.encryptionKeys) !== null && _a !== void 0 ? _a : []; }, (e, k) => this.secureDelegationsEncryption.decryptEncryptionKey(e, k));
36
+ }
37
+ decryptOwningEntityIdsOf(typedEntity, dataOwnersHierarchySubset) {
38
+ return this.decryptSecureDelegations(typedEntity, dataOwnersHierarchySubset, (d) => { var _a; return (_a = d.owningEntityIds) !== null && _a !== void 0 ? _a : []; }, (e, k) => this.secureDelegationsEncryption.decryptOwningEntityId(e, k));
39
+ }
40
+ decryptSecretIdsOf(typedEntity, dataOwnersHierarchySubset) {
41
+ return this.decryptSecureDelegations(typedEntity, dataOwnersHierarchySubset, (d) => { var _a; return (_a = d.secretIds) !== null && _a !== void 0 ? _a : []; }, (e, k) => this.secureDelegationsEncryption.decryptSecretId(e, k));
42
+ }
43
+ /**
44
+ * Get information for members of secure delegations in the entity. Also provides information for delegations with anonymous delegate and/or
45
+ * delegator if one of the delegation members is the current data owner (or a parent) AND has still access to the exchange data used in the .
46
+ */
47
+ getDelegationMemberDetails(typedEntity) {
48
+ var _a, _b, _c, _d, _e, _f;
49
+ return __awaiter(this, void 0, void 0, function* () {
50
+ const res = {};
51
+ // 1. Add all explicit data owners, keep only delegations with at least an anonymous data owner to check later
52
+ let remainingDelegations = Object.entries((_b = (_a = typedEntity.entity.securityMetadata) === null || _a === void 0 ? void 0 : _a.secureDelegations) !== null && _b !== void 0 ? _b : {});
53
+ let updatedRemainingDelegations = [];
54
+ for (const delegationEntry of remainingDelegations) {
55
+ const delegation = delegationEntry[1];
56
+ if (delegation.delegator && delegation.delegate) {
57
+ res[delegationEntry[0]] = {
58
+ delegate: delegation.delegate,
59
+ delegator: delegation.delegator,
60
+ fullyExplicit: true,
61
+ accessLevel: delegation.permissions,
62
+ accessControlSecret: undefined,
63
+ };
64
+ }
65
+ else {
66
+ updatedRemainingDelegations.push(delegationEntry);
67
+ }
68
+ }
69
+ remainingDelegations = updatedRemainingDelegations;
70
+ if (!remainingDelegations.length)
71
+ return res;
72
+ updatedRemainingDelegations = [];
73
+ // 2. Attempt to identify the anonymous data owner of remaining delegations by checking if we have the exchange data cached by hash
74
+ // Note: we can find exchange data by hash only if we could successfully decrypt it
75
+ const cachedExchangeData = yield this.exchangeData.getCachedDecryptionDataKeyByAccessControlHash(remainingDelegations.map((d) => d[0]), typedEntity.type, (_c = typedEntity.entity.secretForeignKeys) !== null && _c !== void 0 ? _c : []);
76
+ for (const delegationEntry of remainingDelegations) {
77
+ const exchangeDataOfDelegation = cachedExchangeData[delegationEntry[0]];
78
+ if (exchangeDataOfDelegation) {
79
+ res[delegationEntry[0]] = {
80
+ delegate: exchangeDataOfDelegation.exchangeData.delegate,
81
+ delegator: exchangeDataOfDelegation.exchangeData.delegator,
82
+ fullyExplicit: false,
83
+ accessLevel: delegationEntry[1].permissions,
84
+ accessControlSecret: exchangeDataOfDelegation.accessControlSecret,
85
+ };
86
+ }
87
+ else {
88
+ updatedRemainingDelegations.push(delegationEntry);
89
+ }
90
+ }
91
+ remainingDelegations = updatedRemainingDelegations;
92
+ if (!remainingDelegations.length)
93
+ return res;
94
+ updatedRemainingDelegations = [];
95
+ // 3. Attempt to identify the anonymous data owner of remaining delegations between us (or one of our parents) and an anonymous data owner
96
+ const hierarchy = yield this.dataOwnerApi.getCurrentDataOwnerHierarchyIds();
97
+ const allHashes = [
98
+ ...remainingDelegations.flatMap(([hash, _]) => hash),
99
+ ...Object.keys((_e = (_d = typedEntity.entity.securityMetadata) === null || _d === void 0 ? void 0 : _d.keysEquivalences) !== null && _e !== void 0 ? _e : {}),
100
+ ];
101
+ const encryptedExchangeDataIds = (yield this.exchangeDataMap.getExchangeDataMapBatch(allHashes)).reduce((maps, current) => {
102
+ return Object.assign(Object.assign({}, maps), { [current.id]: current });
103
+ }, {});
104
+ for (const [hash, delegation] of remainingDelegations) {
105
+ if (hierarchy.some((x) => x === delegation.delegate || x === delegation.delegator)) {
106
+ const dataId = !!encryptedExchangeDataIds[hash]
107
+ ? yield this.secureDelegationsEncryption.decryptExchangeDataId(encryptedExchangeDataIds[hash].encryptedExchangeDataIds)
108
+ : undefined;
109
+ const exchangeDataInfo = dataId
110
+ ? yield this.exchangeData.getDecryptionDataKeyById(dataId, typedEntity.type, (_f = typedEntity.entity.secretForeignKeys) !== null && _f !== void 0 ? _f : [], true)
111
+ : undefined;
112
+ if (exchangeDataInfo) {
113
+ res[hash] = {
114
+ delegator: exchangeDataInfo.exchangeData.delegator,
115
+ delegate: exchangeDataInfo.exchangeData.delegate,
116
+ fullyExplicit: false,
117
+ accessLevel: delegation.permissions,
118
+ accessControlSecret: exchangeDataInfo.accessControlSecret,
119
+ };
120
+ }
121
+ else {
122
+ updatedRemainingDelegations.push([hash, delegation]);
123
+ }
124
+ }
125
+ else {
126
+ updatedRemainingDelegations.push([hash, delegation]);
127
+ }
128
+ }
129
+ return Object.assign(Object.assign({}, res), Object.fromEntries(updatedRemainingDelegations.map(([hash, secureDelegation]) => [
130
+ hash,
131
+ {
132
+ delegator: secureDelegation.delegator,
133
+ delegate: secureDelegation.delegate,
134
+ fullyExplicit: false,
135
+ accessLevel: secureDelegation.permissions,
136
+ accessControlSecret: undefined,
137
+ },
138
+ ])));
139
+ });
140
+ }
141
+ hasAnyEncryptionKeys(entity) {
142
+ var _a, _b;
143
+ return Object.values((_b = (_a = entity.securityMetadata) === null || _a === void 0 ? void 0 : _a.secureDelegations) !== null && _b !== void 0 ? _b : {}).some((d) => { var _a; return (_a = d.encryptionKeys) === null || _a === void 0 ? void 0 : _a.length; });
144
+ }
145
+ getEntityAccessLevel(typedEntity, dataOwnersHierarchySubset) {
146
+ var _a, _b, _c, _d, _e, _f, _g, _h;
147
+ return __awaiter(this, void 0, void 0, function* () {
148
+ if (!dataOwnersHierarchySubset.length)
149
+ throw new Error("`dataOwnersHierarchySubset` can't be empty");
150
+ // If the data owner is explicit all delegations he can access has his id. If the delegator is anonymous all delegations he can access are
151
+ // accessible by hash. No mixed scenario possible.
152
+ let accessibleDelegations = Object.values((_b = (_a = typedEntity.entity.securityMetadata) === null || _a === void 0 ? void 0 : _a.secureDelegations) !== null && _b !== void 0 ? _b : {}).filter((secureDelegation) => dataOwnersHierarchySubset.some((dataOwner) => dataOwner === secureDelegation.delegator || dataOwner === secureDelegation.delegate));
153
+ if (!accessibleDelegations.length) {
154
+ const equivalences = (_c = typedEntity.entity.securityMetadata) === null || _c === void 0 ? void 0 : _c.keysEquivalences;
155
+ const availableCanonicalHashes = Array.from(new Set(Object.keys(yield this.exchangeData.getCachedDecryptionDataKeyByAccessControlHash([
156
+ ...Object.keys((_e = (_d = typedEntity.entity.securityMetadata) === null || _d === void 0 ? void 0 : _d.secureDelegations) !== null && _e !== void 0 ? _e : {}),
157
+ ...Object.keys((_g = (_f = typedEntity.entity.securityMetadata) === null || _f === void 0 ? void 0 : _f.keysEquivalences) !== null && _g !== void 0 ? _g : {}),
158
+ ], typedEntity.type, (_h = typedEntity.entity.secretForeignKeys) !== null && _h !== void 0 ? _h : [])).map((hash) => {
159
+ const canonicalEquivalence = equivalences ? equivalences[hash] : undefined;
160
+ return canonicalEquivalence ? canonicalEquivalence : hash;
161
+ })));
162
+ accessibleDelegations = availableCanonicalHashes.map((hash) => { var _a, _b; return ((_b = (_a = typedEntity.entity.securityMetadata) === null || _a === void 0 ? void 0 : _a.secureDelegations) !== null && _b !== void 0 ? _b : {})[hash]; });
163
+ }
164
+ const permissions = accessibleDelegations.map((secureDelegation) => secureDelegation.permissions);
165
+ let maxLevel = undefined;
166
+ for (const permission of permissions) {
167
+ if (permission === AccessLevel.WRITE) {
168
+ return AccessLevel.WRITE;
169
+ }
170
+ if (permission === AccessLevel.READ) {
171
+ maxLevel = AccessLevel.READ;
172
+ }
173
+ }
174
+ return maxLevel;
175
+ });
176
+ }
177
+ decryptSecureDelegations(typedEntity, dataOwnersHierarchySubset, getDataToDecrypt, decryptDataWithKey) {
178
+ if (!dataOwnersHierarchySubset.length)
179
+ throw new Error("`dataOwnersHierarchySubset` can't be empty");
180
+ const self = this;
181
+ function getFirstDecryptedExchangeDataIdForHash(hashes, encryptedExchangeDataIdsByDelegationKey) {
182
+ var _a;
183
+ return __awaiter(this, void 0, void 0, function* () {
184
+ for (const hash of new Set(hashes)) {
185
+ const decryptedExchangeDataId = !!encryptedExchangeDataIdsByDelegationKey[hash]
186
+ ? yield self.secureDelegationsEncryption.decryptExchangeDataId((_a = encryptedExchangeDataIdsByDelegationKey[hash]) === null || _a === void 0 ? void 0 : _a.encryptedExchangeDataIds)
187
+ : undefined;
188
+ if (!!decryptedExchangeDataId)
189
+ return decryptedExchangeDataId;
190
+ }
191
+ });
192
+ }
193
+ function decrypt(delegation, exchangeDataDetails) {
194
+ return __awaiter(this, void 0, void 0, function* () {
195
+ if (!exchangeDataDetails.exchangeKey)
196
+ return [];
197
+ const dataToDecrypt = getDataToDecrypt(delegation);
198
+ if (!dataToDecrypt.length)
199
+ return [];
200
+ if (!dataOwnersHierarchySubset.some((x) => x === exchangeDataDetails.exchangeData.delegator || x === exchangeDataDetails.exchangeData.delegate))
201
+ return [];
202
+ const dataOwnersWithAccess = [exchangeDataDetails.exchangeData.delegator, exchangeDataDetails.exchangeData.delegate];
203
+ const res = [];
204
+ for (const curr of dataToDecrypt) {
205
+ res.push({ decrypted: yield decryptDataWithKey(curr, exchangeDataDetails.exchangeKey), dataOwnersWithAccess });
206
+ }
207
+ return res;
208
+ });
209
+ }
210
+ function generator() {
211
+ var _a, _b, _c, _d, _e, _f, _g, _h, _j, _k, _l, _m;
212
+ return __asyncGenerator(this, arguments, function* generator_1() {
213
+ let remainingDelegations = Object.entries((_b = (_a = typedEntity.entity.securityMetadata) === null || _a === void 0 ? void 0 : _a.secureDelegations) !== null && _b !== void 0 ? _b : {}).map(([canonicalHash, delegation]) => {
214
+ var _a, _b;
215
+ return ({
216
+ delegation,
217
+ hashes: [
218
+ canonicalHash,
219
+ ...Object.entries((_b = (_a = typedEntity.entity.securityMetadata) === null || _a === void 0 ? void 0 : _a.keysEquivalences) !== null && _b !== void 0 ? _b : {})
220
+ .filter((x) => x[1] == canonicalHash)
221
+ .map((x) => x[0]),
222
+ ],
223
+ });
224
+ });
225
+ /*
226
+ * Generate from least expensive to most (in terms of time to decrypt). 1 and 2a have equivalent costs.
227
+ * 1) Secure delegations with cached exchange data by hash
228
+ * 2) Secure delegations with cached exchange data by id for explicit->explicit delegations where delegator and/or delegate is me or parent
229
+ * 3) Non cached secure delegations for explicit->explicit delegations where delegator and/or delegate is me or parent (half of old 3)
230
+ * 4) Decrypt secure delegation id for explicit->anonymous or anonymous->explicit where explicit is me or parent (2b and half of old3)
231
+ */
232
+ // Step 1) Secure delegations with cached exchange data by hash
233
+ if (!remainingDelegations.length)
234
+ return yield __await(void 0);
235
+ const cachedDataByHash = yield __await(self.exchangeData.getCachedDecryptionDataKeyByAccessControlHash([
236
+ ...Object.keys((_d = (_c = typedEntity.entity.securityMetadata) === null || _c === void 0 ? void 0 : _c.secureDelegations) !== null && _d !== void 0 ? _d : {}),
237
+ ...Object.keys((_f = (_e = typedEntity.entity.securityMetadata) === null || _e === void 0 ? void 0 : _e.keysEquivalences) !== null && _f !== void 0 ? _f : {}),
238
+ ], typedEntity.type, (_g = typedEntity.entity.secretForeignKeys) !== null && _g !== void 0 ? _g : []));
239
+ let updatedRemainingDelegations = [];
240
+ for (const decryptionDetails of remainingDelegations) {
241
+ const exchangeDataDetails = decryptionDetails.hashes.map((h) => cachedDataByHash === null || cachedDataByHash === void 0 ? void 0 : cachedDataByHash[h]).find((x) => !!x);
242
+ if (exchangeDataDetails) {
243
+ for (const decrypted of yield __await(decrypt(decryptionDetails.delegation, exchangeDataDetails)))
244
+ yield yield __await(decrypted);
245
+ }
246
+ else if ((!!decryptionDetails.delegation.delegate || !!decryptionDetails.delegation.delegator) &&
247
+ dataOwnersHierarchySubset.some((x) => x === decryptionDetails.delegation.delegate || x === decryptionDetails.delegation.delegator)) {
248
+ updatedRemainingDelegations.push(decryptionDetails);
249
+ }
250
+ }
251
+ remainingDelegations = updatedRemainingDelegations;
252
+ updatedRemainingDelegations = [];
253
+ // Step 2) Secure delegations with cached exchange data by id for explicit->explicit delegations where delegator and/or delegate is me or parent
254
+ if (!remainingDelegations.length)
255
+ return yield __await(void 0);
256
+ for (const decryptionDetails of remainingDelegations) {
257
+ const exchangeDataDetails = decryptionDetails.delegation.exchangeDataId
258
+ ? yield __await(self.exchangeData.getDecryptionDataKeyById(decryptionDetails.delegation.exchangeDataId, typedEntity.type, (_h = typedEntity.entity.secretForeignKeys) !== null && _h !== void 0 ? _h : [], false))
259
+ : undefined;
260
+ if (!!exchangeDataDetails) {
261
+ for (const decrypted of yield __await(decrypt(decryptionDetails.delegation, exchangeDataDetails)))
262
+ yield yield __await(decrypted);
263
+ }
264
+ else {
265
+ updatedRemainingDelegations.push(decryptionDetails);
266
+ }
267
+ }
268
+ remainingDelegations = updatedRemainingDelegations;
269
+ updatedRemainingDelegations = [];
270
+ // Step 3) Non cached secure delegations for explicit->explicit delegations where delegator and/or delegate is me or parent
271
+ if (!remainingDelegations.length)
272
+ return yield __await(void 0);
273
+ for (const decryptionDetails of remainingDelegations) {
274
+ const exchangeDataDetails = decryptionDetails.delegation.exchangeDataId
275
+ ? yield __await(self.exchangeData.getDecryptionDataKeyById(decryptionDetails.delegation.exchangeDataId, typedEntity.type, (_j = typedEntity.entity.secretForeignKeys) !== null && _j !== void 0 ? _j : [], true))
276
+ : undefined;
277
+ if (!!exchangeDataDetails) {
278
+ for (const decrypted of yield __await(decrypt(decryptionDetails.delegation, exchangeDataDetails)))
279
+ yield yield __await(decrypted);
280
+ }
281
+ else {
282
+ updatedRemainingDelegations.push(decryptionDetails);
283
+ }
284
+ }
285
+ remainingDelegations = updatedRemainingDelegations;
286
+ // Step 4) Decrypt secure delegation id for explicit->anonymous or anonymous->explicit where explicit is me or parent
287
+ if (!remainingDelegations.length)
288
+ return yield __await(void 0);
289
+ const allHashes = [
290
+ ...remainingDelegations.flatMap((x) => x.hashes),
291
+ ...Object.keys((_l = (_k = typedEntity.entity.securityMetadata) === null || _k === void 0 ? void 0 : _k.keysEquivalences) !== null && _l !== void 0 ? _l : {}),
292
+ ];
293
+ const encryptedExchangeDataIdsByDelegationKey = (yield __await(self.exchangeDataMap.getExchangeDataMapBatch(allHashes))).reduce((maps, current) => {
294
+ return Object.assign(Object.assign({}, maps), { [current.id]: current });
295
+ }, {});
296
+ for (const decryptionDetails of remainingDelegations) {
297
+ const decryptedExchangeDataId = yield __await(getFirstDecryptedExchangeDataIdForHash(decryptionDetails.hashes, encryptedExchangeDataIdsByDelegationKey));
298
+ if (decryptedExchangeDataId) {
299
+ const exchangeDataDetails = yield __await(self.exchangeData.getDecryptionDataKeyById(decryptedExchangeDataId, typedEntity.type, (_m = typedEntity.entity.secretForeignKeys) !== null && _m !== void 0 ? _m : [], true));
300
+ if (exchangeDataDetails) {
301
+ for (const decrypted of yield __await(decrypt(decryptionDetails.delegation, exchangeDataDetails)))
302
+ yield yield __await(decrypted);
303
+ }
304
+ }
305
+ }
306
+ });
307
+ }
308
+ return generator();
309
+ }
310
+ }
311
+ exports.SecureDelegationsSecurityMetadataDecryptor = SecureDelegationsSecurityMetadataDecryptor;
312
+ //# sourceMappingURL=SecureDelegationsSecurityMetadataDecryptor.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"SecureDelegationsSecurityMetadataDecryptor.js","sourceRoot":"","sources":["../../../icc-x-api/crypto/SecureDelegationsSecurityMetadataDecryptor.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;AACA,2EAAuE;AAKvE,IAAO,WAAW,GAAG,mCAAgB,CAAC,eAAe,CAAA;AAoBrD,MAAa,0CAA0C;IACrD,YACmB,YAAiC,EACjC,eAAuC,EACvC,2BAAwD,EACxD,YAA8B;QAH9B,iBAAY,GAAZ,YAAY,CAAqB;QACjC,oBAAe,GAAf,eAAe,CAAwB;QACvC,gCAA2B,GAA3B,2BAA2B,CAA6B;QACxD,iBAAY,GAAZ,YAAY,CAAkB;IAC9C,CAAC;IAEJ,uBAAuB,CACrB,WAAoC,EACpC,yBAAmC;QAEnC,OAAO,IAAI,CAAC,wBAAwB,CAClC,WAAW,EACX,yBAAyB,EACzB,CAAC,CAAC,EAAE,EAAE,WAAC,OAAA,MAAA,CAAC,CAAC,cAAc,mCAAI,EAAE,CAAA,EAAA,EAC7B,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,2BAA2B,CAAC,oBAAoB,CAAC,CAAC,EAAE,CAAC,CAAC,CACtE,CAAA;IACH,CAAC;IAED,wBAAwB,CACtB,WAAoC,EACpC,yBAAmC;QAEnC,OAAO,IAAI,CAAC,wBAAwB,CAClC,WAAW,EACX,yBAAyB,EACzB,CAAC,CAAC,EAAE,EAAE,WAAC,OAAA,MAAA,CAAC,CAAC,eAAe,mCAAI,EAAE,CAAA,EAAA,EAC9B,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,2BAA2B,CAAC,qBAAqB,CAAC,CAAC,EAAE,CAAC,CAAC,CACvE,CAAA;IACH,CAAC;IAED,kBAAkB,CAChB,WAAoC,EACpC,yBAAmC;QAEnC,OAAO,IAAI,CAAC,wBAAwB,CAClC,WAAW,EACX,yBAAyB,EACzB,CAAC,CAAC,EAAE,EAAE,WAAC,OAAA,MAAA,CAAC,CAAC,SAAS,mCAAI,EAAE,CAAA,EAAA,EACxB,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,2BAA2B,CAAC,eAAe,CAAC,CAAC,EAAE,CAAC,CAAC,CACjE,CAAA;IACH,CAAC;IAED;;;OAGG;IACG,0BAA0B,CAAC,WAAoC;;;YAGnE,MAAM,GAAG,GAA0D,EAAE,CAAA;YACrE,8GAA8G;YAC9G,IAAI,oBAAoB,GAAG,MAAM,CAAC,OAAO,CAAC,MAAA,MAAA,WAAW,CAAC,MAAM,CAAC,gBAAgB,0CAAE,iBAAiB,mCAAI,EAAE,CAAC,CAAA;YACvG,IAAI,2BAA2B,GAAiC,EAAE,CAAA;YAClE,KAAK,MAAM,eAAe,IAAI,oBAAoB,EAAE;gBAClD,MAAM,UAAU,GAAG,eAAe,CAAC,CAAC,CAAC,CAAA;gBACrC,IAAI,UAAU,CAAC,SAAS,IAAI,UAAU,CAAC,QAAQ,EAAE;oBAC/C,GAAG,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,GAAG;wBACxB,QAAQ,EAAE,UAAU,CAAC,QAAQ;wBAC7B,SAAS,EAAE,UAAU,CAAC,SAAS;wBAC/B,aAAa,EAAE,IAAI;wBACnB,WAAW,EAAE,UAAU,CAAC,WAAW;wBACnC,mBAAmB,EAAE,SAAS;qBAC/B,CAAA;iBACF;qBAAM;oBACL,2BAA2B,CAAC,IAAI,CAAC,eAAe,CAAC,CAAA;iBAClD;aACF;YACD,oBAAoB,GAAG,2BAA2B,CAAA;YAClD,IAAI,CAAC,oBAAoB,CAAC,MAAM;gBAAE,OAAO,GAAG,CAAA;YAC5C,2BAA2B,GAAG,EAAE,CAAA;YAChC,mIAAmI;YACnI,mFAAmF;YACnF,MAAM,kBAAkB,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,6CAA6C,CAC9F,oBAAoB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EACrC,WAAW,CAAC,IAAI,EAChB,MAAA,WAAW,CAAC,MAAM,CAAC,iBAAiB,mCAAI,EAAE,CAC3C,CAAA;YACD,KAAK,MAAM,eAAe,IAAI,oBAAoB,EAAE;gBAClD,MAAM,wBAAwB,GAAG,kBAAkB,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,CAAA;gBACvE,IAAI,wBAAwB,EAAE;oBAC5B,GAAG,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,GAAG;wBACxB,QAAQ,EAAE,wBAAwB,CAAC,YAAY,CAAC,QAAQ;wBACxD,SAAS,EAAE,wBAAwB,CAAC,YAAY,CAAC,SAAS;wBAC1D,aAAa,EAAE,KAAK;wBACpB,WAAW,EAAE,eAAe,CAAC,CAAC,CAAC,CAAC,WAAW;wBAC3C,mBAAmB,EAAE,wBAAwB,CAAC,mBAAmB;qBAClE,CAAA;iBACF;qBAAM;oBACL,2BAA2B,CAAC,IAAI,CAAC,eAAe,CAAC,CAAA;iBAClD;aACF;YACD,oBAAoB,GAAG,2BAA2B,CAAA;YAClD,IAAI,CAAC,oBAAoB,CAAC,MAAM;gBAAE,OAAO,GAAG,CAAA;YAC5C,2BAA2B,GAAG,EAAE,CAAA;YAChC,0IAA0I;YAC1I,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,+BAA+B,EAAE,CAAA;YAC3E,MAAM,SAAS,GAAG;gBAChB,GAAG,oBAAoB,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC;gBACpD,GAAG,MAAM,CAAC,IAAI,CAAC,MAAA,MAAA,WAAW,CAAC,MAAM,CAAC,gBAAgB,0CAAE,gBAAgB,mCAAI,EAAE,CAAC;aAC5E,CAAA;YACD,MAAM,wBAAwB,GAAG,CAAC,MAAM,IAAI,CAAC,eAAe,CAAC,uBAAuB,CAAC,SAAS,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,OAAO,EAAE,EAAE;gBACxH,uCACK,IAAI,KACP,CAAC,OAAO,CAAC,EAAE,CAAC,EAAE,OAAO,IACtB;YACH,CAAC,EAAE,EAAyC,CAAC,CAAA;YAC7C,KAAK,MAAM,CAAC,IAAI,EAAE,UAAU,CAAC,IAAI,oBAAoB,EAAE;gBACrD,IAAI,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,UAAU,CAAC,QAAQ,IAAI,CAAC,KAAK,UAAU,CAAC,SAAS,CAAC,EAAE;oBAClF,MAAM,MAAM,GAAG,CAAC,CAAC,wBAAwB,CAAC,IAAI,CAAC;wBAC7C,CAAC,CAAC,MAAM,IAAI,CAAC,2BAA2B,CAAC,qBAAqB,CAAC,wBAAwB,CAAC,IAAI,CAAC,CAAC,wBAAwB,CAAC;wBACvH,CAAC,CAAC,SAAS,CAAA;oBACb,MAAM,gBAAgB,GAAG,MAAM;wBAC7B,CAAC,CAAC,MAAM,IAAI,CAAC,YAAY,CAAC,wBAAwB,CAAC,MAAM,EAAE,WAAW,CAAC,IAAI,EAAE,MAAA,WAAW,CAAC,MAAM,CAAC,iBAAiB,mCAAI,EAAE,EAAE,IAAI,CAAC;wBAC9H,CAAC,CAAC,SAAS,CAAA;oBACb,IAAI,gBAAgB,EAAE;wBACpB,GAAG,CAAC,IAAI,CAAC,GAAG;4BACV,SAAS,EAAE,gBAAgB,CAAC,YAAY,CAAC,SAAS;4BAClD,QAAQ,EAAE,gBAAgB,CAAC,YAAY,CAAC,QAAQ;4BAChD,aAAa,EAAE,KAAK;4BACpB,WAAW,EAAE,UAAU,CAAC,WAAW;4BACnC,mBAAmB,EAAE,gBAAgB,CAAC,mBAAmB;yBAC1D,CAAA;qBACF;yBAAM;wBACL,2BAA2B,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC,CAAA;qBACrD;iBACF;qBAAM;oBACL,2BAA2B,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC,CAAA;iBACrD;aACF;YACD,uCACK,GAAG,GACH,MAAM,CAAC,WAAW,CACnB,2BAA2B,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,gBAAgB,CAAC,EAAE,EAAE,CAAC;gBAC5D,IAAI;gBACJ;oBACE,SAAS,EAAE,gBAAgB,CAAC,SAAS;oBACrC,QAAQ,EAAE,gBAAgB,CAAC,QAAQ;oBACnC,aAAa,EAAE,KAAK;oBACpB,WAAW,EAAE,gBAAgB,CAAC,WAAW;oBACzC,mBAAmB,EAAE,SAAS;iBAC/B;aACF,CAAC,CACH,EACF;;KACF;IAED,oBAAoB,CAAC,MAA6C;;QAChE,OAAO,MAAM,CAAC,MAAM,CAAC,MAAA,MAAA,MAAM,CAAC,gBAAgB,0CAAE,iBAAiB,mCAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,WAAC,OAAA,MAAA,CAAC,CAAC,cAAc,0CAAE,MAAM,CAAA,EAAA,CAAC,CAAA;IAC9G,CAAC;IAEK,oBAAoB,CAAC,WAAoC,EAAE,yBAAmC;;;YAClG,IAAI,CAAC,yBAAyB,CAAC,MAAM;gBAAE,MAAM,IAAI,KAAK,CAAC,4CAA4C,CAAC,CAAA;YACpG,0IAA0I;YAC1I,kDAAkD;YAClD,IAAI,qBAAqB,GAAuB,MAAM,CAAC,MAAM,CAAC,MAAA,MAAA,WAAW,CAAC,MAAM,CAAC,gBAAgB,0CAAE,iBAAiB,mCAAI,EAAE,CAAC,CAAC,MAAM,CAChI,CAAC,gBAAgB,EAAE,EAAE,CACnB,yBAAyB,CAAC,IAAI,CAAC,CAAC,SAAS,EAAE,EAAE,CAAC,SAAS,KAAK,gBAAgB,CAAC,SAAS,IAAI,SAAS,KAAK,gBAAgB,CAAC,QAAQ,CAAC,CACrI,CAAA;YACD,IAAI,CAAC,qBAAqB,CAAC,MAAM,EAAE;gBACjC,MAAM,YAAY,GAAG,MAAA,WAAW,CAAC,MAAM,CAAC,gBAAgB,0CAAE,gBAAgB,CAAA;gBAC1E,MAAM,wBAAwB,GAAG,KAAK,CAAC,IAAI,CACzC,IAAI,GAAG,CACL,MAAM,CAAC,IAAI,CACT,MAAM,IAAI,CAAC,YAAY,CAAC,6CAA6C,CACnE;oBACE,GAAG,MAAM,CAAC,IAAI,CAAC,MAAA,MAAA,WAAW,CAAC,MAAM,CAAC,gBAAgB,0CAAE,iBAAiB,mCAAI,EAAE,CAAC;oBAC5E,GAAG,MAAM,CAAC,IAAI,CAAC,MAAA,MAAA,WAAW,CAAC,MAAM,CAAC,gBAAgB,0CAAE,gBAAgB,mCAAI,EAAE,CAAC;iBAC5E,EACD,WAAW,CAAC,IAAI,EAChB,MAAA,WAAW,CAAC,MAAM,CAAC,iBAAiB,mCAAI,EAAE,CAC3C,CACF,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE;oBACb,MAAM,oBAAoB,GAAG,YAAY,CAAC,CAAC,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS,CAAA;oBAC1E,OAAO,oBAAoB,CAAC,CAAC,CAAC,oBAAoB,CAAC,CAAC,CAAC,IAAI,CAAA;gBAC3D,CAAC,CAAC,CACH,CACF,CAAA;gBACD,qBAAqB,GAAG,wBAAwB,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,eAAC,OAAA,CAAC,MAAA,MAAA,WAAW,CAAC,MAAM,CAAC,gBAAgB,0CAAE,iBAAiB,mCAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAA,EAAA,CAAC,CAAA;aACrI;YAED,MAAM,WAAW,GAAG,qBAAqB,CAAC,GAAG,CAAC,CAAC,gBAAgB,EAAE,EAAE,CAAC,gBAAgB,CAAC,WAAW,CAAC,CAAA;YACjG,IAAI,QAAQ,GAA4B,SAAS,CAAA;YACjD,KAAK,MAAM,UAAU,IAAI,WAAW,EAAE;gBACpC,IAAI,UAAU,KAAK,WAAW,CAAC,KAAK,EAAE;oBACpC,OAAO,WAAW,CAAC,KAAK,CAAA;iBACzB;gBACD,IAAI,UAAU,KAAK,WAAW,CAAC,IAAI,EAAE;oBACnC,QAAQ,GAAG,WAAW,CAAC,IAAI,CAAA;iBAC5B;aACF;YACD,OAAO,QAAQ,CAAA;;KAChB;IAEO,wBAAwB,CAC9B,WAAoC,EACpC,yBAAmC,EACnC,gBAA4D,EAC5D,kBAA8E;QAE9E,IAAI,CAAC,yBAAyB,CAAC,MAAM;YAAE,MAAM,IAAI,KAAK,CAAC,4CAA4C,CAAC,CAAA;QACpG,MAAM,IAAI,GAAG,IAAI,CAAA;QAEjB,SAAe,sCAAsC,CACnD,MAAgB,EAChB,uCAA4E;;;gBAE5E,KAAK,MAAM,IAAI,IAAI,IAAI,GAAG,CAAC,MAAM,CAAC,EAAE;oBAClC,MAAM,uBAAuB,GAAG,CAAC,CAAC,uCAAuC,CAAC,IAAI,CAAC;wBAC7E,CAAC,CAAC,MAAM,IAAI,CAAC,2BAA2B,CAAC,qBAAqB,CAAC,MAAA,uCAAuC,CAAC,IAAI,CAAC,0CAAE,wBAAwB,CAAC;wBACvI,CAAC,CAAC,SAAS,CAAA;oBACb,IAAI,CAAC,CAAC,uBAAuB;wBAAE,OAAO,uBAAuB,CAAA;iBAC9D;;SACF;QAED,SAAe,OAAO,CACpB,UAA4B,EAC5B,mBAAuF;;gBAEvF,IAAI,CAAC,mBAAmB,CAAC,WAAW;oBAAE,OAAO,EAAE,CAAA;gBAC/C,MAAM,aAAa,GAAG,gBAAgB,CAAC,UAAU,CAAC,CAAA;gBAClD,IAAI,CAAC,aAAa,CAAC,MAAM;oBAAE,OAAO,EAAE,CAAA;gBACpC,IAAI,CAAC,yBAAyB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,mBAAmB,CAAC,YAAY,CAAC,SAAS,IAAI,CAAC,KAAK,mBAAmB,CAAC,YAAY,CAAC,QAAQ,CAAC;oBAC7I,OAAO,EAAE,CAAA;gBACX,MAAM,oBAAoB,GAAG,CAAC,mBAAmB,CAAC,YAAY,CAAC,SAAS,EAAE,mBAAmB,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAA;gBACpH,MAAM,GAAG,GAAG,EAAE,CAAA;gBACd,KAAK,MAAM,IAAI,IAAI,aAAa,EAAE;oBAChC,GAAG,CAAC,IAAI,CAAC,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAC,IAAI,EAAE,mBAAmB,CAAC,WAAW,CAAC,EAAE,oBAAoB,EAAE,CAAC,CAAA;iBAC/G;gBACD,OAAO,GAAG,CAAA;YACZ,CAAC;SAAA;QAED,SAAgB,SAAS;;;gBACvB,IAAI,oBAAoB,GAAkC,MAAM,CAAC,OAAO,CAAC,MAAA,MAAA,WAAW,CAAC,MAAM,CAAC,gBAAgB,0CAAE,iBAAiB,mCAAI,EAAE,CAAC,CAAC,GAAG,CACxI,CAAC,CAAC,aAAa,EAAE,UAAU,CAAC,EAAE,EAAE;;oBAAC,OAAA,CAAC;wBAChC,UAAU;wBACV,MAAM,EAAE;4BACN,aAAa;4BACb,GAAG,MAAM,CAAC,OAAO,CAAC,MAAA,MAAA,WAAW,CAAC,MAAM,CAAC,gBAAgB,0CAAE,gBAAgB,mCAAI,EAAE,CAAC;iCAC3E,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,aAAa,CAAC;iCACpC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;yBACpB;qBACF,CAAC,CAAA;iBAAA,CACH,CAAA;gBAED;;;;;;mBAMG;gBAEH,+DAA+D;gBAC/D,IAAI,CAAC,oBAAoB,CAAC,MAAM;oBAAE,6BAAM;gBACxC,MAAM,gBAAgB,GAAG,cAAM,IAAI,CAAC,YAAY,CAAC,6CAA6C,CAC5F;oBACE,GAAG,MAAM,CAAC,IAAI,CAAC,MAAA,MAAA,WAAW,CAAC,MAAM,CAAC,gBAAgB,0CAAE,iBAAiB,mCAAI,EAAE,CAAC;oBAC5E,GAAG,MAAM,CAAC,IAAI,CAAC,MAAA,MAAA,WAAW,CAAC,MAAM,CAAC,gBAAgB,0CAAE,gBAAgB,mCAAI,EAAE,CAAC;iBAC5E,EACD,WAAW,CAAC,IAAI,EAChB,MAAA,WAAW,CAAC,MAAM,CAAC,iBAAiB,mCAAI,EAAE,CAC3C,CAAA,CAAA;gBACD,IAAI,2BAA2B,GAAkC,EAAE,CAAA;gBACnE,KAAK,MAAM,iBAAiB,IAAI,oBAAoB,EAAE;oBACpD,MAAM,mBAAmB,GAAG,iBAAiB,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,gBAAgB,aAAhB,gBAAgB,uBAAhB,gBAAgB,CAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAA;oBACvG,IAAI,mBAAmB,EAAE;wBACvB,KAAK,MAAM,SAAS,IAAI,cAAM,OAAO,CAAC,iBAAiB,CAAC,UAAU,EAAE,mBAAmB,CAAC,CAAA;4BAAE,oBAAM,SAAS,CAAA,CAAA;qBAC1G;yBAAM,IACL,CAAC,CAAC,CAAC,iBAAiB,CAAC,UAAU,CAAC,QAAQ,IAAI,CAAC,CAAC,iBAAiB,CAAC,UAAU,CAAC,SAAS,CAAC;wBACrF,yBAAyB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,iBAAiB,CAAC,UAAU,CAAC,QAAQ,IAAI,CAAC,KAAK,iBAAiB,CAAC,UAAU,CAAC,SAAS,CAAC,EAClI;wBACA,2BAA2B,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAA;qBACpD;iBACF;gBACD,oBAAoB,GAAG,2BAA2B,CAAA;gBAClD,2BAA2B,GAAG,EAAE,CAAA;gBAEhC,gJAAgJ;gBAChJ,IAAI,CAAC,oBAAoB,CAAC,MAAM;oBAAE,6BAAM;gBACxC,KAAK,MAAM,iBAAiB,IAAI,oBAAoB,EAAE;oBACpD,MAAM,mBAAmB,GAAG,iBAAiB,CAAC,UAAU,CAAC,cAAc;wBACrE,CAAC,CAAC,cAAM,IAAI,CAAC,YAAY,CAAC,wBAAwB,CAC9C,iBAAiB,CAAC,UAAU,CAAC,cAAc,EAC3C,WAAW,CAAC,IAAI,EAChB,MAAA,WAAW,CAAC,MAAM,CAAC,iBAAiB,mCAAI,EAAE,EAC1C,KAAK,CACN,CAAA;wBACH,CAAC,CAAC,SAAS,CAAA;oBACb,IAAI,CAAC,CAAC,mBAAmB,EAAE;wBACzB,KAAK,MAAM,SAAS,IAAI,cAAM,OAAO,CAAC,iBAAiB,CAAC,UAAU,EAAE,mBAAmB,CAAC,CAAA;4BAAE,oBAAM,SAAS,CAAA,CAAA;qBAC1G;yBAAM;wBACL,2BAA2B,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAA;qBACpD;iBACF;gBACD,oBAAoB,GAAG,2BAA2B,CAAA;gBAClD,2BAA2B,GAAG,EAAE,CAAA;gBAEhC,2HAA2H;gBAC3H,IAAI,CAAC,oBAAoB,CAAC,MAAM;oBAAE,6BAAM;gBACxC,KAAK,MAAM,iBAAiB,IAAI,oBAAoB,EAAE;oBACpD,MAAM,mBAAmB,GAAG,iBAAiB,CAAC,UAAU,CAAC,cAAc;wBACrE,CAAC,CAAC,cAAM,IAAI,CAAC,YAAY,CAAC,wBAAwB,CAC9C,iBAAiB,CAAC,UAAU,CAAC,cAAc,EAC3C,WAAW,CAAC,IAAI,EAChB,MAAA,WAAW,CAAC,MAAM,CAAC,iBAAiB,mCAAI,EAAE,EAC1C,IAAI,CACL,CAAA;wBACH,CAAC,CAAC,SAAS,CAAA;oBACb,IAAI,CAAC,CAAC,mBAAmB,EAAE;wBACzB,KAAK,MAAM,SAAS,IAAI,cAAM,OAAO,CAAC,iBAAiB,CAAC,UAAU,EAAE,mBAAmB,CAAC,CAAA;4BAAE,oBAAM,SAAS,CAAA,CAAA;qBAC1G;yBAAM;wBACL,2BAA2B,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAA;qBACpD;iBACF;gBACD,oBAAoB,GAAG,2BAA2B,CAAA;gBAElD,qHAAqH;gBACrH,IAAI,CAAC,oBAAoB,CAAC,MAAM;oBAAE,6BAAM;gBACxC,MAAM,SAAS,GAAG;oBAChB,GAAG,oBAAoB,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC;oBAChD,GAAG,MAAM,CAAC,IAAI,CAAC,MAAA,MAAA,WAAW,CAAC,MAAM,CAAC,gBAAgB,0CAAE,gBAAgB,mCAAI,EAAE,CAAC;iBAC5E,CAAA;gBACD,MAAM,uCAAuC,GAAG,CAAC,cAAM,IAAI,CAAC,eAAe,CAAC,uBAAuB,CAAC,SAAS,CAAC,CAAA,CAAC,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,OAAO,EAAE,EAAE;oBACvI,uCACK,IAAI,KACP,CAAC,OAAO,CAAC,EAAE,CAAC,EAAE,OAAO,IACtB;gBACH,CAAC,EAAE,EAAyC,CAAC,CAAA;gBAC7C,KAAK,MAAM,iBAAiB,IAAI,oBAAoB,EAAE;oBACpD,MAAM,uBAAuB,GAAG,cAAM,sCAAsC,CAC1E,iBAAiB,CAAC,MAAM,EACxB,uCAAuC,CACxC,CAAA,CAAA;oBACD,IAAI,uBAAuB,EAAE;wBAC3B,MAAM,mBAAmB,GAAG,cAAM,IAAI,CAAC,YAAY,CAAC,wBAAwB,CAC1E,uBAAuB,EACvB,WAAW,CAAC,IAAI,EAChB,MAAA,WAAW,CAAC,MAAM,CAAC,iBAAiB,mCAAI,EAAE,EAC1C,IAAI,CACL,CAAA,CAAA;wBACD,IAAI,mBAAmB,EAAE;4BACvB,KAAK,MAAM,SAAS,IAAI,cAAM,OAAO,CAAC,iBAAiB,CAAC,UAAU,EAAE,mBAAmB,CAAC,CAAA;gCAAE,oBAAM,SAAS,CAAA,CAAA;yBAC1G;qBACF;iBACF;;SACF;QAED,OAAO,SAAS,EAAE,CAAA;IACpB,CAAC;CACF;AA/VD,gGA+VC","sourcesContent":["import { SecurityMetadataDecryptor } from './SecurityMetadataDecryptor'\nimport { SecureDelegation } from '../../icc-api/model/SecureDelegation'\nimport { ExchangeDataManager } from './ExchangeDataManager'\nimport { EncryptedEntityWithType } from '../utils/EntityWithDelegationTypeName'\nimport { ExchangeData } from '../../icc-api/model/internal/ExchangeData'\nimport { SecureDelegationsEncryption } from './SecureDelegationsEncryption'\nimport AccessLevel = SecureDelegation.AccessLevelEnum\nimport { EncryptedEntity, EncryptedEntityStub } from '../../icc-api/model/models'\nimport { IccDataOwnerXApi } from '../icc-data-owner-x-api'\nimport { ExchangeDataMapManager } from './ExchangeDataMapManager'\nimport { ExchangeDataMap } from '../../icc-api/model/internal/ExchangeDataMap'\nimport AccessLevelEnum = SecureDelegation.AccessLevelEnum\n\ntype DelegationDecryptionDetails = {\n delegation: SecureDelegation\n hashes: string[]\n}\n\nexport type DelegationMembersDetails = {\n delegator: string | undefined\n delegate: string | undefined\n fullyExplicit: boolean\n accessControlSecret: string | undefined\n accessLevel: AccessLevelEnum\n}\n\nexport class SecureDelegationsSecurityMetadataDecryptor implements SecurityMetadataDecryptor {\n constructor(\n private readonly exchangeData: ExchangeDataManager,\n private readonly exchangeDataMap: ExchangeDataMapManager,\n private readonly secureDelegationsEncryption: SecureDelegationsEncryption,\n private readonly dataOwnerApi: IccDataOwnerXApi\n ) {}\n\n decryptEncryptionKeysOf(\n typedEntity: EncryptedEntityWithType,\n dataOwnersHierarchySubset: string[]\n ): AsyncGenerator<{ decrypted: string; dataOwnersWithAccess: string[] }, void, never> {\n return this.decryptSecureDelegations(\n typedEntity,\n dataOwnersHierarchySubset,\n (d) => d.encryptionKeys ?? [],\n (e, k) => this.secureDelegationsEncryption.decryptEncryptionKey(e, k)\n )\n }\n\n decryptOwningEntityIdsOf(\n typedEntity: EncryptedEntityWithType,\n dataOwnersHierarchySubset: string[]\n ): AsyncGenerator<{ decrypted: string; dataOwnersWithAccess: string[] }, void, never> {\n return this.decryptSecureDelegations(\n typedEntity,\n dataOwnersHierarchySubset,\n (d) => d.owningEntityIds ?? [],\n (e, k) => this.secureDelegationsEncryption.decryptOwningEntityId(e, k)\n )\n }\n\n decryptSecretIdsOf(\n typedEntity: EncryptedEntityWithType,\n dataOwnersHierarchySubset: string[]\n ): AsyncGenerator<{ decrypted: string; dataOwnersWithAccess: string[] }, void, never> {\n return this.decryptSecureDelegations(\n typedEntity,\n dataOwnersHierarchySubset,\n (d) => d.secretIds ?? [],\n (e, k) => this.secureDelegationsEncryption.decryptSecretId(e, k)\n )\n }\n\n /**\n * Get information for members of secure delegations in the entity. Also provides information for delegations with anonymous delegate and/or\n * delegator if one of the delegation members is the current data owner (or a parent) AND has still access to the exchange data used in the .\n */\n async getDelegationMemberDetails(typedEntity: EncryptedEntityWithType): Promise<{\n [delegationKey: string]: DelegationMembersDetails\n }> {\n const res: { [delegationKey: string]: DelegationMembersDetails } = {}\n // 1. Add all explicit data owners, keep only delegations with at least an anonymous data owner to check later\n let remainingDelegations = Object.entries(typedEntity.entity.securityMetadata?.secureDelegations ?? {})\n let updatedRemainingDelegations: [string, SecureDelegation][] = []\n for (const delegationEntry of remainingDelegations) {\n const delegation = delegationEntry[1]\n if (delegation.delegator && delegation.delegate) {\n res[delegationEntry[0]] = {\n delegate: delegation.delegate,\n delegator: delegation.delegator,\n fullyExplicit: true,\n accessLevel: delegation.permissions,\n accessControlSecret: undefined,\n }\n } else {\n updatedRemainingDelegations.push(delegationEntry)\n }\n }\n remainingDelegations = updatedRemainingDelegations\n if (!remainingDelegations.length) return res\n updatedRemainingDelegations = []\n // 2. Attempt to identify the anonymous data owner of remaining delegations by checking if we have the exchange data cached by hash\n // Note: we can find exchange data by hash only if we could successfully decrypt it\n const cachedExchangeData = await this.exchangeData.getCachedDecryptionDataKeyByAccessControlHash(\n remainingDelegations.map((d) => d[0]),\n typedEntity.type,\n typedEntity.entity.secretForeignKeys ?? []\n )\n for (const delegationEntry of remainingDelegations) {\n const exchangeDataOfDelegation = cachedExchangeData[delegationEntry[0]]\n if (exchangeDataOfDelegation) {\n res[delegationEntry[0]] = {\n delegate: exchangeDataOfDelegation.exchangeData.delegate,\n delegator: exchangeDataOfDelegation.exchangeData.delegator,\n fullyExplicit: false,\n accessLevel: delegationEntry[1].permissions,\n accessControlSecret: exchangeDataOfDelegation.accessControlSecret,\n }\n } else {\n updatedRemainingDelegations.push(delegationEntry)\n }\n }\n remainingDelegations = updatedRemainingDelegations\n if (!remainingDelegations.length) return res\n updatedRemainingDelegations = []\n // 3. Attempt to identify the anonymous data owner of remaining delegations between us (or one of our parents) and an anonymous data owner\n const hierarchy = await this.dataOwnerApi.getCurrentDataOwnerHierarchyIds()\n const allHashes = [\n ...remainingDelegations.flatMap(([hash, _]) => hash),\n ...Object.keys(typedEntity.entity.securityMetadata?.keysEquivalences ?? {}),\n ]\n const encryptedExchangeDataIds = (await this.exchangeDataMap.getExchangeDataMapBatch(allHashes)).reduce((maps, current) => {\n return {\n ...maps,\n [current.id]: current,\n }\n }, {} as { [hash: string]: ExchangeDataMap })\n for (const [hash, delegation] of remainingDelegations) {\n if (hierarchy.some((x) => x === delegation.delegate || x === delegation.delegator)) {\n const dataId = !!encryptedExchangeDataIds[hash]\n ? await this.secureDelegationsEncryption.decryptExchangeDataId(encryptedExchangeDataIds[hash].encryptedExchangeDataIds)\n : undefined\n const exchangeDataInfo = dataId\n ? await this.exchangeData.getDecryptionDataKeyById(dataId, typedEntity.type, typedEntity.entity.secretForeignKeys ?? [], true)\n : undefined\n if (exchangeDataInfo) {\n res[hash] = {\n delegator: exchangeDataInfo.exchangeData.delegator,\n delegate: exchangeDataInfo.exchangeData.delegate,\n fullyExplicit: false,\n accessLevel: delegation.permissions,\n accessControlSecret: exchangeDataInfo.accessControlSecret,\n }\n } else {\n updatedRemainingDelegations.push([hash, delegation])\n }\n } else {\n updatedRemainingDelegations.push([hash, delegation])\n }\n }\n return {\n ...res,\n ...Object.fromEntries(\n updatedRemainingDelegations.map(([hash, secureDelegation]) => [\n hash,\n {\n delegator: secureDelegation.delegator,\n delegate: secureDelegation.delegate,\n fullyExplicit: false,\n accessLevel: secureDelegation.permissions,\n accessControlSecret: undefined,\n },\n ])\n ),\n }\n }\n\n hasAnyEncryptionKeys(entity: EncryptedEntity | EncryptedEntityStub): boolean {\n return Object.values(entity.securityMetadata?.secureDelegations ?? {}).some((d) => d.encryptionKeys?.length)\n }\n\n async getEntityAccessLevel(typedEntity: EncryptedEntityWithType, dataOwnersHierarchySubset: string[]): Promise<AccessLevel | undefined> {\n if (!dataOwnersHierarchySubset.length) throw new Error(\"`dataOwnersHierarchySubset` can't be empty\")\n // If the data owner is explicit all delegations he can access has his id. If the delegator is anonymous all delegations he can access are\n // accessible by hash. No mixed scenario possible.\n let accessibleDelegations: SecureDelegation[] = Object.values(typedEntity.entity.securityMetadata?.secureDelegations ?? {}).filter(\n (secureDelegation) =>\n dataOwnersHierarchySubset.some((dataOwner) => dataOwner === secureDelegation.delegator || dataOwner === secureDelegation.delegate)\n )\n if (!accessibleDelegations.length) {\n const equivalences = typedEntity.entity.securityMetadata?.keysEquivalences\n const availableCanonicalHashes = Array.from(\n new Set(\n Object.keys(\n await this.exchangeData.getCachedDecryptionDataKeyByAccessControlHash(\n [\n ...Object.keys(typedEntity.entity.securityMetadata?.secureDelegations ?? {}),\n ...Object.keys(typedEntity.entity.securityMetadata?.keysEquivalences ?? {}),\n ],\n typedEntity.type,\n typedEntity.entity.secretForeignKeys ?? []\n )\n ).map((hash) => {\n const canonicalEquivalence = equivalences ? equivalences[hash] : undefined\n return canonicalEquivalence ? canonicalEquivalence : hash\n })\n )\n )\n accessibleDelegations = availableCanonicalHashes.map((hash) => (typedEntity.entity.securityMetadata?.secureDelegations ?? {})[hash])\n }\n\n const permissions = accessibleDelegations.map((secureDelegation) => secureDelegation.permissions)\n let maxLevel: AccessLevel | undefined = undefined\n for (const permission of permissions) {\n if (permission === AccessLevel.WRITE) {\n return AccessLevel.WRITE\n }\n if (permission === AccessLevel.READ) {\n maxLevel = AccessLevel.READ\n }\n }\n return maxLevel\n }\n\n private decryptSecureDelegations(\n typedEntity: EncryptedEntityWithType,\n dataOwnersHierarchySubset: string[],\n getDataToDecrypt: (delegation: SecureDelegation) => string[],\n decryptDataWithKey: (encryptedData: string, key: CryptoKey) => Promise<string>\n ): AsyncGenerator<{ decrypted: string; dataOwnersWithAccess: string[] }, void, never> {\n if (!dataOwnersHierarchySubset.length) throw new Error(\"`dataOwnersHierarchySubset` can't be empty\")\n const self = this\n\n async function getFirstDecryptedExchangeDataIdForHash(\n hashes: string[],\n encryptedExchangeDataIdsByDelegationKey: { [hash: string]: ExchangeDataMap }\n ): Promise<string | undefined> {\n for (const hash of new Set(hashes)) {\n const decryptedExchangeDataId = !!encryptedExchangeDataIdsByDelegationKey[hash]\n ? await self.secureDelegationsEncryption.decryptExchangeDataId(encryptedExchangeDataIdsByDelegationKey[hash]?.encryptedExchangeDataIds)\n : undefined\n if (!!decryptedExchangeDataId) return decryptedExchangeDataId\n }\n }\n\n async function decrypt(\n delegation: SecureDelegation,\n exchangeDataDetails: { exchangeData: ExchangeData; exchangeKey: CryptoKey | undefined }\n ): Promise<{ decrypted: string; dataOwnersWithAccess: string[] }[]> {\n if (!exchangeDataDetails.exchangeKey) return []\n const dataToDecrypt = getDataToDecrypt(delegation)\n if (!dataToDecrypt.length) return []\n if (!dataOwnersHierarchySubset.some((x) => x === exchangeDataDetails.exchangeData.delegator || x === exchangeDataDetails.exchangeData.delegate))\n return []\n const dataOwnersWithAccess = [exchangeDataDetails.exchangeData.delegator, exchangeDataDetails.exchangeData.delegate]\n const res = []\n for (const curr of dataToDecrypt) {\n res.push({ decrypted: await decryptDataWithKey(curr, exchangeDataDetails.exchangeKey), dataOwnersWithAccess })\n }\n return res\n }\n\n async function* generator(): AsyncGenerator<{ decrypted: string; dataOwnersWithAccess: string[] }, void, never> {\n let remainingDelegations: DelegationDecryptionDetails[] = Object.entries(typedEntity.entity.securityMetadata?.secureDelegations ?? {}).map(\n ([canonicalHash, delegation]) => ({\n delegation,\n hashes: [\n canonicalHash,\n ...Object.entries(typedEntity.entity.securityMetadata?.keysEquivalences ?? {})\n .filter((x) => x[1] == canonicalHash)\n .map((x) => x[0]),\n ],\n })\n )\n\n /*\n * Generate from least expensive to most (in terms of time to decrypt). 1 and 2a have equivalent costs.\n * 1) Secure delegations with cached exchange data by hash\n * 2) Secure delegations with cached exchange data by id for explicit->explicit delegations where delegator and/or delegate is me or parent\n * 3) Non cached secure delegations for explicit->explicit delegations where delegator and/or delegate is me or parent (half of old 3)\n * 4) Decrypt secure delegation id for explicit->anonymous or anonymous->explicit where explicit is me or parent (2b and half of old3)\n */\n\n // Step 1) Secure delegations with cached exchange data by hash\n if (!remainingDelegations.length) return\n const cachedDataByHash = await self.exchangeData.getCachedDecryptionDataKeyByAccessControlHash(\n [\n ...Object.keys(typedEntity.entity.securityMetadata?.secureDelegations ?? {}),\n ...Object.keys(typedEntity.entity.securityMetadata?.keysEquivalences ?? {}),\n ],\n typedEntity.type,\n typedEntity.entity.secretForeignKeys ?? []\n )\n let updatedRemainingDelegations: DelegationDecryptionDetails[] = []\n for (const decryptionDetails of remainingDelegations) {\n const exchangeDataDetails = decryptionDetails.hashes.map((h) => cachedDataByHash?.[h]).find((x) => !!x)\n if (exchangeDataDetails) {\n for (const decrypted of await decrypt(decryptionDetails.delegation, exchangeDataDetails)) yield decrypted\n } else if (\n (!!decryptionDetails.delegation.delegate || !!decryptionDetails.delegation.delegator) &&\n dataOwnersHierarchySubset.some((x) => x === decryptionDetails.delegation.delegate || x === decryptionDetails.delegation.delegator)\n ) {\n updatedRemainingDelegations.push(decryptionDetails)\n }\n }\n remainingDelegations = updatedRemainingDelegations\n updatedRemainingDelegations = []\n\n // Step 2) Secure delegations with cached exchange data by id for explicit->explicit delegations where delegator and/or delegate is me or parent\n if (!remainingDelegations.length) return\n for (const decryptionDetails of remainingDelegations) {\n const exchangeDataDetails = decryptionDetails.delegation.exchangeDataId\n ? await self.exchangeData.getDecryptionDataKeyById(\n decryptionDetails.delegation.exchangeDataId,\n typedEntity.type,\n typedEntity.entity.secretForeignKeys ?? [],\n false\n )\n : undefined\n if (!!exchangeDataDetails) {\n for (const decrypted of await decrypt(decryptionDetails.delegation, exchangeDataDetails)) yield decrypted\n } else {\n updatedRemainingDelegations.push(decryptionDetails)\n }\n }\n remainingDelegations = updatedRemainingDelegations\n updatedRemainingDelegations = []\n\n // Step 3) Non cached secure delegations for explicit->explicit delegations where delegator and/or delegate is me or parent\n if (!remainingDelegations.length) return\n for (const decryptionDetails of remainingDelegations) {\n const exchangeDataDetails = decryptionDetails.delegation.exchangeDataId\n ? await self.exchangeData.getDecryptionDataKeyById(\n decryptionDetails.delegation.exchangeDataId,\n typedEntity.type,\n typedEntity.entity.secretForeignKeys ?? [],\n true\n )\n : undefined\n if (!!exchangeDataDetails) {\n for (const decrypted of await decrypt(decryptionDetails.delegation, exchangeDataDetails)) yield decrypted\n } else {\n updatedRemainingDelegations.push(decryptionDetails)\n }\n }\n remainingDelegations = updatedRemainingDelegations\n\n // Step 4) Decrypt secure delegation id for explicit->anonymous or anonymous->explicit where explicit is me or parent\n if (!remainingDelegations.length) return\n const allHashes = [\n ...remainingDelegations.flatMap((x) => x.hashes),\n ...Object.keys(typedEntity.entity.securityMetadata?.keysEquivalences ?? {}),\n ]\n const encryptedExchangeDataIdsByDelegationKey = (await self.exchangeDataMap.getExchangeDataMapBatch(allHashes)).reduce((maps, current) => {\n return {\n ...maps,\n [current.id]: current,\n }\n }, {} as { [hash: string]: ExchangeDataMap })\n for (const decryptionDetails of remainingDelegations) {\n const decryptedExchangeDataId = await getFirstDecryptedExchangeDataIdForHash(\n decryptionDetails.hashes,\n encryptedExchangeDataIdsByDelegationKey\n )\n if (decryptedExchangeDataId) {\n const exchangeDataDetails = await self.exchangeData.getDecryptionDataKeyById(\n decryptedExchangeDataId,\n typedEntity.type,\n typedEntity.entity.secretForeignKeys ?? [],\n true\n )\n if (exchangeDataDetails) {\n for (const decrypted of await decrypt(decryptionDetails.delegation, exchangeDataDetails)) yield decrypted\n }\n }\n }\n }\n\n return generator()\n }\n}\n"]}
@@ -0,0 +1,97 @@
1
+ import { EncryptedEntity, EncryptedEntityStub } from '../../icc-api/model/models';
2
+ import { EncryptedEntityWithType } from '../utils/EntityWithDelegationTypeName';
3
+ import { SecureDelegation } from '../../icc-api/model/SecureDelegation';
4
+ import AccessLevelEnum = SecureDelegation.AccessLevelEnum;
5
+ /**
6
+ * @internal this class is for internal use only and may be changed without notice.
7
+ * Logic for the decryption of the metadata used for access control, encryption, and other security features in an entity.
8
+ */
9
+ export interface SecurityMetadataDecryptor {
10
+ /**
11
+ * Decrypt the encryption keys for an entity. Keys must be returned in raw hex format, removing dashes if they were generated from a UUID.
12
+ * @param typedEntity an encrypted entity or its stub.
13
+ * @param dataOwnersHierarchySubset only exchange data that is accessible to data owners in this array will be considered when decrypting. It should
14
+ * contain only data owners from the current data owner hierarchy.
15
+ * @throws if dataOwnersHierarchySubset is empty
16
+ * @return a generator for the decrypted exchange key which yields objects containing:
17
+ * - `decrypted`: a decrypted encryption key for {@link typedEntity}. Note that the same key may be yielded multiple times by the generator.
18
+ * - `dataOwnersWithAccess`: data owners which have access to the exchange data necessary for the decryption of the encrypted data from which this
19
+ * key was extracted. The generator may yield more elements with the same `decrypted` but different `dataOwnersWithAccess`
20
+ */
21
+ decryptEncryptionKeysOf(typedEntity: EncryptedEntityWithType, dataOwnersHierarchySubset: string[]): AsyncGenerator<{
22
+ decrypted: string;
23
+ dataOwnersWithAccess: string[];
24
+ }, void, never>;
25
+ /**
26
+ * Decrypt the secret ids for an entity.
27
+ * @param typedEntity an encrypted entity or its stub.
28
+ * @param dataOwnersHierarchySubset only exchange data that is accessible to data owners in this array will be considered when decrypting. It should
29
+ * contain only data owners from the current data owner hierarchy.
30
+ * @throws if dataOwnersHierarchySubset is empty
31
+ * @return a generator for the decrypted secret ids which yields objects containing:
32
+ * - `decrypted`: a decrypted secret id of {@link entity}. Note that the same id may be yielded multiple times by the generator.
33
+ * - `dataOwnersWithAccess`: data owners which have access to the exchange data necessary for the decryption of the encrypted data from which this
34
+ * id was extracted. The generator may yield more elements with the same `decrypted` but different `dataOwnersWithAccess`
35
+ */
36
+ decryptSecretIdsOf(typedEntity: EncryptedEntityWithType, dataOwnersHierarchySubset: string[]): AsyncGenerator<{
37
+ decrypted: string;
38
+ dataOwnersWithAccess: string[];
39
+ }, void, never>;
40
+ /**
41
+ * Decrypt the owning entity ids of an entity.
42
+ * @param typedEntity an encrypted entity or its stub.
43
+ * @param dataOwnersHierarchySubset only exchange data that is accessible to data owners in this array will be considered when decrypting. It should
44
+ * contain only data owners from the current data owner hierarchy.
45
+ * @throws if dataOwnersHierarchySubset is empty
46
+ * @return a generator for the decrypted owning entity ids which yields objects containing:
47
+ * - `decrypted`: a decrypted owning entity id of {@link entity}. Note that the same id may be yielded multiple times by the generator.
48
+ * - `dataOwnersWithAccess`: data owners which have access to the exchange data necessary for the decryption of the encrypted data from which this
49
+ * id was extracted. The generator may yield more elements with the same `decrypted` but different `dataOwnersWithAccess`
50
+ */
51
+ decryptOwningEntityIdsOf(typedEntity: EncryptedEntityWithType, dataOwnersHierarchySubset: string[]): AsyncGenerator<{
52
+ decrypted: string;
53
+ dataOwnersWithAccess: string[];
54
+ }, void, never>;
55
+ /**
56
+ * Get the maximum access level that any data owner in {@link dataOwnersHierarchySubset} has to {@link typedEntity}, according to the metadata
57
+ * supported by this decryptor.
58
+ * - If at least a data owner in {@link dataOwnersHierarchySubset} has write access the method returns {@link AccessLevel.WRITE}.
59
+ * - If at least a data owner in {@link dataOwnersHierarchySubset} has read access and no data owner has write access the method returns
60
+ * {@link AccessLevel.READ}.
61
+ * - If a data owner has no access to the entity the method returns undefined (this can happen if the data owner has access to an entity through
62
+ * some metadata which is not supported by this decryptor).
63
+ * @param typedEntity an entity
64
+ * @param dataOwnersHierarchySubset only exchange data that is accessible to data owners in this array will be considered when calculating the
65
+ * access level. This array should contain only data owners from the current data owner hierarchy.
66
+ * @return the access level to the entity or undefined if none of the data owners has full access to the entity.
67
+ */
68
+ getEntityAccessLevel(typedEntity: EncryptedEntityWithType, dataOwnersHierarchySubset: string[]): Promise<AccessLevelEnum | undefined>;
69
+ /**
70
+ * Verifies if there is at least one (encrypted) encryption key in the metadata supported by this decryptor, even if it can't be decrypted by the
71
+ * current data owner.
72
+ */
73
+ hasAnyEncryptionKeys(entity: EncryptedEntity | EncryptedEntityStub): boolean;
74
+ }
75
+ /**
76
+ * @internal this class is meant for internal use only and may be changed without notice.
77
+ * Security metadata decryptor which combines other existing decryptors.
78
+ */
79
+ export declare class SecurityMetadataDecryptorChain implements SecurityMetadataDecryptor {
80
+ private readonly decryptors;
81
+ constructor(decryptors: SecurityMetadataDecryptor[]);
82
+ decryptEncryptionKeysOf(typedEntity: EncryptedEntityWithType, dataOwnersHierarchySubset: string[]): AsyncGenerator<{
83
+ decrypted: string;
84
+ dataOwnersWithAccess: string[];
85
+ }, void, never>;
86
+ decryptOwningEntityIdsOf(typedEntity: EncryptedEntityWithType, dataOwnersHierarchySubset: string[]): AsyncGenerator<{
87
+ decrypted: string;
88
+ dataOwnersWithAccess: string[];
89
+ }, void, never>;
90
+ decryptSecretIdsOf(typedEntity: EncryptedEntityWithType, dataOwnersHierarchySubset: string[]): AsyncGenerator<{
91
+ decrypted: string;
92
+ dataOwnersWithAccess: string[];
93
+ }, void, never>;
94
+ getEntityAccessLevel(typedEntity: EncryptedEntityWithType, dataOwnersHierarchySubset: string[]): Promise<SecureDelegation.AccessLevelEnum | undefined>;
95
+ hasAnyEncryptionKeys(entity: EncryptedEntity | EncryptedEntityStub): boolean;
96
+ private concatenate;
97
+ }
@@ -0,0 +1,79 @@
1
+ "use strict";
2
+ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
3
+ function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
4
+ return new (P || (P = Promise))(function (resolve, reject) {
5
+ function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
6
+ function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
7
+ function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
8
+ step((generator = generator.apply(thisArg, _arguments || [])).next());
9
+ });
10
+ };
11
+ var __await = (this && this.__await) || function (v) { return this instanceof __await ? (this.v = v, this) : new __await(v); }
12
+ var __asyncGenerator = (this && this.__asyncGenerator) || function (thisArg, _arguments, generator) {
13
+ if (!Symbol.asyncIterator) throw new TypeError("Symbol.asyncIterator is not defined.");
14
+ var g = generator.apply(thisArg, _arguments || []), i, q = [];
15
+ return i = {}, verb("next"), verb("throw"), verb("return"), i[Symbol.asyncIterator] = function () { return this; }, i;
16
+ function verb(n) { if (g[n]) i[n] = function (v) { return new Promise(function (a, b) { q.push([n, v, a, b]) > 1 || resume(n, v); }); }; }
17
+ function resume(n, v) { try { step(g[n](v)); } catch (e) { settle(q[0][3], e); } }
18
+ function step(r) { r.value instanceof __await ? Promise.resolve(r.value.v).then(fulfill, reject) : settle(q[0][2], r); }
19
+ function fulfill(value) { resume("next", value); }
20
+ function reject(value) { resume("throw", value); }
21
+ function settle(f, v) { if (f(v), q.shift(), q.length) resume(q[0][0], q[0][1]); }
22
+ };
23
+ Object.defineProperty(exports, "__esModule", { value: true });
24
+ exports.SecurityMetadataDecryptorChain = void 0;
25
+ const SecureDelegation_1 = require("../../icc-api/model/SecureDelegation");
26
+ var AccessLevelEnum = SecureDelegation_1.SecureDelegation.AccessLevelEnum;
27
+ /**
28
+ * @internal this class is meant for internal use only and may be changed without notice.
29
+ * Security metadata decryptor which combines other existing decryptors.
30
+ */
31
+ class SecurityMetadataDecryptorChain {
32
+ constructor(decryptors) {
33
+ this.decryptors = decryptors;
34
+ }
35
+ decryptEncryptionKeysOf(typedEntity, dataOwnersHierarchySubset) {
36
+ return this.concatenate((d) => d.decryptEncryptionKeysOf(typedEntity, dataOwnersHierarchySubset));
37
+ }
38
+ decryptOwningEntityIdsOf(typedEntity, dataOwnersHierarchySubset) {
39
+ return this.concatenate((d) => d.decryptOwningEntityIdsOf(typedEntity, dataOwnersHierarchySubset));
40
+ }
41
+ decryptSecretIdsOf(typedEntity, dataOwnersHierarchySubset) {
42
+ return this.concatenate((d) => d.decryptSecretIdsOf(typedEntity, dataOwnersHierarchySubset));
43
+ }
44
+ getEntityAccessLevel(typedEntity, dataOwnersHierarchySubset) {
45
+ return __awaiter(this, void 0, void 0, function* () {
46
+ let currMaxLevel = undefined;
47
+ for (const d of this.decryptors) {
48
+ const currLevel = yield d.getEntityAccessLevel(typedEntity, dataOwnersHierarchySubset);
49
+ if (currLevel === AccessLevelEnum.WRITE) {
50
+ return currLevel;
51
+ }
52
+ if (currLevel === AccessLevelEnum.READ) {
53
+ currMaxLevel = AccessLevelEnum.READ;
54
+ }
55
+ }
56
+ return currMaxLevel;
57
+ });
58
+ }
59
+ hasAnyEncryptionKeys(entity) {
60
+ return this.decryptors.some((d) => d.hasAnyEncryptionKeys(entity));
61
+ }
62
+ concatenate(getGenerator) {
63
+ function generator(decryptors) {
64
+ return __asyncGenerator(this, arguments, function* generator_1() {
65
+ for (const d of decryptors) {
66
+ const currGenerator = getGenerator(d);
67
+ let next = yield __await(currGenerator.next());
68
+ while (!next.done) {
69
+ yield yield __await(next.value);
70
+ next = yield __await(currGenerator.next());
71
+ }
72
+ }
73
+ });
74
+ }
75
+ return generator(this.decryptors);
76
+ }
77
+ }
78
+ exports.SecurityMetadataDecryptorChain = SecurityMetadataDecryptorChain;
79
+ //# sourceMappingURL=SecurityMetadataDecryptor.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"SecurityMetadataDecryptor.js","sourceRoot":"","sources":["../../../icc-x-api/crypto/SecurityMetadataDecryptor.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;AAEA,2EAAuE;AACvE,IAAO,eAAe,GAAG,mCAAgB,CAAC,eAAe,CAAA;AA6EzD;;;GAGG;AACH,MAAa,8BAA8B;IACzC,YAA6B,UAAuC;QAAvC,eAAU,GAAV,UAAU,CAA6B;IAAG,CAAC;IAExE,uBAAuB,CACrB,WAAoC,EACpC,yBAAmC;QAEnC,OAAO,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,uBAAuB,CAAC,WAAW,EAAE,yBAAyB,CAAC,CAAC,CAAA;IACnG,CAAC;IAED,wBAAwB,CACtB,WAAoC,EACpC,yBAAmC;QAEnC,OAAO,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,wBAAwB,CAAC,WAAW,EAAE,yBAAyB,CAAC,CAAC,CAAA;IACpG,CAAC;IAED,kBAAkB,CAChB,WAAoC,EACpC,yBAAmC;QAEnC,OAAO,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,kBAAkB,CAAC,WAAW,EAAE,yBAAyB,CAAC,CAAC,CAAA;IAC9F,CAAC;IAEK,oBAAoB,CACxB,WAAoC,EACpC,yBAAmC;;YAEnC,IAAI,YAAY,GAAiD,SAAS,CAAA;YAC1E,KAAK,MAAM,CAAC,IAAI,IAAI,CAAC,UAAU,EAAE;gBAC/B,MAAM,SAAS,GAAG,MAAM,CAAC,CAAC,oBAAoB,CAAC,WAAW,EAAE,yBAAyB,CAAC,CAAA;gBACtF,IAAI,SAAS,KAAK,eAAe,CAAC,KAAK,EAAE;oBACvC,OAAO,SAAS,CAAA;iBACjB;gBACD,IAAI,SAAS,KAAK,eAAe,CAAC,IAAI,EAAE;oBACtC,YAAY,GAAG,eAAe,CAAC,IAAI,CAAA;iBACpC;aACF;YACD,OAAO,YAAY,CAAA;QACrB,CAAC;KAAA;IAED,oBAAoB,CAAC,MAA6C;QAChE,OAAO,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,oBAAoB,CAAC,MAAM,CAAC,CAAC,CAAA;IACpE,CAAC;IAEO,WAAW,CAAI,YAA8E;QACnG,SAAgB,SAAS,CAAC,UAAuC;;gBAC/D,KAAK,MAAM,CAAC,IAAI,UAAU,EAAE;oBAC1B,MAAM,aAAa,GAAG,YAAY,CAAC,CAAC,CAAC,CAAA;oBACrC,IAAI,IAAI,GAAG,cAAM,aAAa,CAAC,IAAI,EAAE,CAAA,CAAA;oBACrC,OAAO,CAAC,IAAI,CAAC,IAAI,EAAE;wBACjB,oBAAM,IAAI,CAAC,KAAK,CAAA,CAAA;wBAChB,IAAI,GAAG,cAAM,aAAa,CAAC,IAAI,EAAE,CAAA,CAAA;qBAClC;iBACF;YACH,CAAC;SAAA;QACD,OAAO,SAAS,CAAC,IAAI,CAAC,UAAU,CAAC,CAAA;IACnC,CAAC;CACF;AA1DD,wEA0DC","sourcesContent":["import { EncryptedEntity, EncryptedEntityStub } from '../../icc-api/model/models'\nimport { EncryptedEntityWithType } from '../utils/EntityWithDelegationTypeName'\nimport { SecureDelegation } from '../../icc-api/model/SecureDelegation'\nimport AccessLevelEnum = SecureDelegation.AccessLevelEnum\n\n/**\n * @internal this class is for internal use only and may be changed without notice.\n * Logic for the decryption of the metadata used for access control, encryption, and other security features in an entity.\n */\nexport interface SecurityMetadataDecryptor {\n /**\n * Decrypt the encryption keys for an entity. Keys must be returned in raw hex format, removing dashes if they were generated from a UUID.\n * @param typedEntity an encrypted entity or its stub.\n * @param dataOwnersHierarchySubset only exchange data that is accessible to data owners in this array will be considered when decrypting. It should\n * contain only data owners from the current data owner hierarchy.\n * @throws if dataOwnersHierarchySubset is empty\n * @return a generator for the decrypted exchange key which yields objects containing:\n * - `decrypted`: a decrypted encryption key for {@link typedEntity}. Note that the same key may be yielded multiple times by the generator.\n * - `dataOwnersWithAccess`: data owners which have access to the exchange data necessary for the decryption of the encrypted data from which this\n * key was extracted. The generator may yield more elements with the same `decrypted` but different `dataOwnersWithAccess`\n */\n decryptEncryptionKeysOf(\n typedEntity: EncryptedEntityWithType,\n dataOwnersHierarchySubset: string[]\n ): AsyncGenerator<{ decrypted: string; dataOwnersWithAccess: string[] }, void, never>\n\n /**\n * Decrypt the secret ids for an entity.\n * @param typedEntity an encrypted entity or its stub.\n * @param dataOwnersHierarchySubset only exchange data that is accessible to data owners in this array will be considered when decrypting. It should\n * contain only data owners from the current data owner hierarchy.\n * @throws if dataOwnersHierarchySubset is empty\n * @return a generator for the decrypted secret ids which yields objects containing:\n * - `decrypted`: a decrypted secret id of {@link entity}. Note that the same id may be yielded multiple times by the generator.\n * - `dataOwnersWithAccess`: data owners which have access to the exchange data necessary for the decryption of the encrypted data from which this\n * id was extracted. The generator may yield more elements with the same `decrypted` but different `dataOwnersWithAccess`\n */\n decryptSecretIdsOf(\n typedEntity: EncryptedEntityWithType,\n dataOwnersHierarchySubset: string[]\n ): AsyncGenerator<{ decrypted: string; dataOwnersWithAccess: string[] }, void, never>\n\n /**\n * Decrypt the owning entity ids of an entity.\n * @param typedEntity an encrypted entity or its stub.\n * @param dataOwnersHierarchySubset only exchange data that is accessible to data owners in this array will be considered when decrypting. It should\n * contain only data owners from the current data owner hierarchy.\n * @throws if dataOwnersHierarchySubset is empty\n * @return a generator for the decrypted owning entity ids which yields objects containing:\n * - `decrypted`: a decrypted owning entity id of {@link entity}. Note that the same id may be yielded multiple times by the generator.\n * - `dataOwnersWithAccess`: data owners which have access to the exchange data necessary for the decryption of the encrypted data from which this\n * id was extracted. The generator may yield more elements with the same `decrypted` but different `dataOwnersWithAccess`\n */\n decryptOwningEntityIdsOf(\n typedEntity: EncryptedEntityWithType,\n dataOwnersHierarchySubset: string[]\n ): AsyncGenerator<{ decrypted: string; dataOwnersWithAccess: string[] }, void, never>\n\n /**\n * Get the maximum access level that any data owner in {@link dataOwnersHierarchySubset} has to {@link typedEntity}, according to the metadata\n * supported by this decryptor.\n * - If at least a data owner in {@link dataOwnersHierarchySubset} has write access the method returns {@link AccessLevel.WRITE}.\n * - If at least a data owner in {@link dataOwnersHierarchySubset} has read access and no data owner has write access the method returns\n * {@link AccessLevel.READ}.\n * - If a data owner has no access to the entity the method returns undefined (this can happen if the data owner has access to an entity through\n * some metadata which is not supported by this decryptor).\n * @param typedEntity an entity\n * @param dataOwnersHierarchySubset only exchange data that is accessible to data owners in this array will be considered when calculating the\n * access level. This array should contain only data owners from the current data owner hierarchy.\n * @return the access level to the entity or undefined if none of the data owners has full access to the entity.\n */\n getEntityAccessLevel(typedEntity: EncryptedEntityWithType, dataOwnersHierarchySubset: string[]): Promise<AccessLevelEnum | undefined>\n\n /**\n * Verifies if there is at least one (encrypted) encryption key in the metadata supported by this decryptor, even if it can't be decrypted by the\n * current data owner.\n */\n hasAnyEncryptionKeys(entity: EncryptedEntity | EncryptedEntityStub): boolean\n}\n\n/**\n * @internal this class is meant for internal use only and may be changed without notice.\n * Security metadata decryptor which combines other existing decryptors.\n */\nexport class SecurityMetadataDecryptorChain implements SecurityMetadataDecryptor {\n constructor(private readonly decryptors: SecurityMetadataDecryptor[]) {}\n\n decryptEncryptionKeysOf(\n typedEntity: EncryptedEntityWithType,\n dataOwnersHierarchySubset: string[]\n ): AsyncGenerator<{ decrypted: string; dataOwnersWithAccess: string[] }, void, never> {\n return this.concatenate((d) => d.decryptEncryptionKeysOf(typedEntity, dataOwnersHierarchySubset))\n }\n\n decryptOwningEntityIdsOf(\n typedEntity: EncryptedEntityWithType,\n dataOwnersHierarchySubset: string[]\n ): AsyncGenerator<{ decrypted: string; dataOwnersWithAccess: string[] }, void, never> {\n return this.concatenate((d) => d.decryptOwningEntityIdsOf(typedEntity, dataOwnersHierarchySubset))\n }\n\n decryptSecretIdsOf(\n typedEntity: EncryptedEntityWithType,\n dataOwnersHierarchySubset: string[]\n ): AsyncGenerator<{ decrypted: string; dataOwnersWithAccess: string[] }, void, never> {\n return this.concatenate((d) => d.decryptSecretIdsOf(typedEntity, dataOwnersHierarchySubset))\n }\n\n async getEntityAccessLevel(\n typedEntity: EncryptedEntityWithType,\n dataOwnersHierarchySubset: string[]\n ): Promise<SecureDelegation.AccessLevelEnum | undefined> {\n let currMaxLevel: SecureDelegation.AccessLevelEnum | undefined = undefined\n for (const d of this.decryptors) {\n const currLevel = await d.getEntityAccessLevel(typedEntity, dataOwnersHierarchySubset)\n if (currLevel === AccessLevelEnum.WRITE) {\n return currLevel\n }\n if (currLevel === AccessLevelEnum.READ) {\n currMaxLevel = AccessLevelEnum.READ\n }\n }\n return currMaxLevel\n }\n\n hasAnyEncryptionKeys(entity: EncryptedEntity | EncryptedEntityStub): boolean {\n return this.decryptors.some((d) => d.hasAnyEncryptionKeys(entity))\n }\n\n private concatenate<T>(getGenerator: (d: SecurityMetadataDecryptor) => AsyncGenerator<T, void, never>): AsyncGenerator<T, void, never> {\n async function* generator(decryptors: SecurityMetadataDecryptor[]): AsyncGenerator<T, void, never> {\n for (const d of decryptors) {\n const currGenerator = getGenerator(d)\n let next = await currGenerator.next()\n while (!next.done) {\n yield next.value\n next = await currGenerator.next()\n }\n }\n }\n return generator(this.decryptors)\n }\n}\n"]}