@icure/api 7.1.16 → 8.0.0-RC.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/icc-api/api/IccAccesslogApi.d.ts +12 -1
- package/icc-api/api/IccAccesslogApi.js +142 -98
- package/icc-api/api/IccAccesslogApi.js.map +1 -1
- package/icc-api/api/IccBemikronoApi.d.ts +81 -0
- package/icc-api/api/IccBemikronoApi.js +163 -0
- package/icc-api/api/IccBemikronoApi.js.map +1 -0
- package/icc-api/api/IccCalendarItemApi.d.ts +21 -1
- package/icc-api/api/IccCalendarItemApi.js +183 -117
- package/icc-api/api/IccCalendarItemApi.js.map +1 -1
- package/icc-api/api/IccClassificationApi.d.ts +21 -1
- package/icc-api/api/IccClassificationApi.js +119 -63
- package/icc-api/api/IccClassificationApi.js.map +1 -1
- package/icc-api/api/IccContactApi.d.ts +21 -1
- package/icc-api/api/IccContactApi.js +385 -294
- package/icc-api/api/IccContactApi.js.map +1 -1
- package/icc-api/api/IccDocumentApi.d.ts +38 -25
- package/icc-api/api/IccDocumentApi.js +279 -212
- package/icc-api/api/IccDocumentApi.js.map +1 -1
- package/icc-api/api/IccExchangeDataApi.d.ts +19 -0
- package/icc-api/api/IccExchangeDataApi.js +85 -0
- package/icc-api/api/IccExchangeDataApi.js.map +1 -0
- package/icc-api/api/IccExchangeDataMapApi.d.ts +18 -0
- package/icc-api/api/IccExchangeDataMapApi.js +65 -0
- package/icc-api/api/IccExchangeDataMapApi.js.map +1 -0
- package/icc-api/api/IccFormApi.d.ts +21 -1
- package/icc-api/api/IccFormApi.js +321 -229
- package/icc-api/api/IccFormApi.js.map +1 -1
- package/icc-api/api/IccHelementApi.d.ts +21 -1
- package/icc-api/api/IccHelementApi.js +207 -137
- package/icc-api/api/IccHelementApi.js.map +1 -1
- package/icc-api/api/IccInvoiceApi.d.ts +21 -1
- package/icc-api/api/IccInvoiceApi.js +404 -298
- package/icc-api/api/IccInvoiceApi.js.map +1 -1
- package/icc-api/api/IccMaintenanceTaskApi.d.ts +12 -1
- package/icc-api/api/IccMaintenanceTaskApi.js +79 -43
- package/icc-api/api/IccMaintenanceTaskApi.js.map +1 -1
- package/icc-api/api/IccMessageApi.d.ts +28 -1
- package/icc-api/api/IccMessageApi.js +294 -191
- package/icc-api/api/IccMessageApi.js.map +1 -1
- package/icc-api/api/IccPatientApi.d.ts +12 -1
- package/icc-api/api/IccPatientApi.js +447 -351
- package/icc-api/api/IccPatientApi.js.map +1 -1
- package/icc-api/api/IccReceiptApi.d.ts +22 -8
- package/icc-api/api/IccReceiptApi.js +121 -64
- package/icc-api/api/IccReceiptApi.js.map +1 -1
- package/icc-api/api/IccRestApiPath.js +1 -1
- package/icc-api/api/IccRestApiPath.js.map +1 -1
- package/icc-api/api/IccSecureDelegationKeyMapApi.d.ts +26 -0
- package/icc-api/api/IccSecureDelegationKeyMapApi.js +71 -0
- package/icc-api/api/IccSecureDelegationKeyMapApi.js.map +1 -0
- package/icc-api/api/IccTimeTableApi.d.ts +12 -1
- package/icc-api/api/IccTimeTableApi.js +86 -48
- package/icc-api/api/IccTimeTableApi.js.map +1 -1
- package/icc-api/api/IccTopicApi.d.ts +90 -0
- package/icc-api/api/IccTopicApi.js +193 -0
- package/icc-api/api/IccTopicApi.js.map +1 -0
- package/icc-api/index.d.ts +2 -0
- package/icc-api/index.js +2 -0
- package/icc-api/index.js.map +1 -1
- package/icc-api/model/AbstractFilterMessage.d.ts +15 -0
- package/icc-api/model/AbstractFilterMessage.js +21 -0
- package/icc-api/model/AbstractFilterMessage.js.map +1 -0
- package/icc-api/model/AbstractFilterTopic.d.ts +15 -0
- package/icc-api/model/AbstractFilterTopic.js +21 -0
- package/icc-api/model/AbstractFilterTopic.js.map +1 -0
- package/icc-api/model/AccessLog.d.ts +2 -0
- package/icc-api/model/AccessLog.js.map +1 -1
- package/icc-api/model/Article.d.ts +2 -0
- package/icc-api/model/Article.js.map +1 -1
- package/icc-api/model/CalendarItem.d.ts +2 -0
- package/icc-api/model/CalendarItem.js.map +1 -1
- package/icc-api/model/Classification.d.ts +2 -0
- package/icc-api/model/Classification.js.map +1 -1
- package/icc-api/model/ClassificationTemplate.d.ts +2 -0
- package/icc-api/model/ClassificationTemplate.js.map +1 -1
- package/icc-api/model/Connection.d.ts +1 -1
- package/icc-api/model/Connection.js.map +1 -1
- package/icc-api/model/Contact.d.ts +2 -0
- package/icc-api/model/Contact.js.map +1 -1
- package/icc-api/model/Device.d.ts +4 -4
- package/icc-api/model/Device.js.map +1 -1
- package/icc-api/model/Document.d.ts +2 -0
- package/icc-api/model/Document.js.map +1 -1
- package/icc-api/model/ExchangeDataMapCreationBatch.d.ts +13 -0
- package/icc-api/model/ExchangeDataMapCreationBatch.js +10 -0
- package/icc-api/model/ExchangeDataMapCreationBatch.js.map +1 -0
- package/icc-api/model/FilterChainMessage.d.ts +19 -0
- package/icc-api/model/FilterChainMessage.js +11 -0
- package/icc-api/model/FilterChainMessage.js.map +1 -0
- package/icc-api/model/FilterChainTopic.d.ts +19 -0
- package/icc-api/model/FilterChainTopic.js +11 -0
- package/icc-api/model/FilterChainTopic.js.map +1 -0
- package/icc-api/model/Form.d.ts +2 -0
- package/icc-api/model/Form.js.map +1 -1
- package/icc-api/model/HealthElement.d.ts +2 -0
- package/icc-api/model/HealthElement.js.map +1 -1
- package/icc-api/model/HealthcareParty.d.ts +2 -2
- package/icc-api/model/HealthcareParty.js +13 -1
- package/icc-api/model/HealthcareParty.js.map +1 -1
- package/icc-api/model/IcureStub.d.ts +2 -0
- package/icc-api/model/IcureStub.js.map +1 -1
- package/icc-api/model/Invoice.d.ts +2 -0
- package/icc-api/model/Invoice.js.map +1 -1
- package/icc-api/model/MaintenanceTask.d.ts +13 -10
- package/icc-api/model/MaintenanceTask.js +13 -11
- package/icc-api/model/MaintenanceTask.js.map +1 -1
- package/icc-api/model/Message.d.ts +2 -0
- package/icc-api/model/Message.js.map +1 -1
- package/icc-api/model/PaginatedListExchangeData.d.ts +9 -0
- package/icc-api/model/PaginatedListExchangeData.js +10 -0
- package/icc-api/model/PaginatedListExchangeData.js.map +1 -0
- package/icc-api/model/PaginatedListTopic.d.ts +20 -0
- package/icc-api/model/PaginatedListTopic.js +10 -0
- package/icc-api/model/PaginatedListTopic.js.map +1 -0
- package/icc-api/model/Patient.d.ts +4 -2
- package/icc-api/model/Patient.js.map +1 -1
- package/icc-api/model/PatientByHcPartyGenderEducationProfession.d.ts +31 -0
- package/icc-api/model/PatientByHcPartyGenderEducationProfession.js +32 -0
- package/icc-api/model/PatientByHcPartyGenderEducationProfession.js.map +1 -0
- package/icc-api/model/Receipt.d.ts +2 -0
- package/icc-api/model/Receipt.js.map +1 -1
- package/icc-api/model/SecureDelegation.d.ts +52 -0
- package/icc-api/model/SecureDelegation.js +16 -0
- package/icc-api/model/SecureDelegation.js.map +1 -0
- package/icc-api/model/SecurityMetadata.d.ts +33 -0
- package/icc-api/model/SecurityMetadata.js +13 -0
- package/icc-api/model/SecurityMetadata.js.map +1 -0
- package/icc-api/model/Service.d.ts +2 -0
- package/icc-api/model/Service.js.map +1 -1
- package/icc-api/model/TimeTable.d.ts +2 -0
- package/icc-api/model/TimeTable.js.map +1 -1
- package/icc-api/model/Topic.d.ts +95 -0
- package/icc-api/model/Topic.js +16 -0
- package/icc-api/model/Topic.js.map +1 -0
- package/icc-api/model/internal/ExchangeData.d.ts +64 -0
- package/icc-api/model/internal/ExchangeData.js +15 -0
- package/icc-api/model/internal/ExchangeData.js.map +1 -0
- package/icc-api/model/internal/ExchangeDataMap.d.ts +24 -0
- package/icc-api/model/internal/ExchangeDataMap.js +13 -0
- package/icc-api/model/internal/ExchangeDataMap.js.map +1 -0
- package/icc-api/model/internal/SecureDelegationKeyMap.d.ts +14 -0
- package/icc-api/model/internal/SecureDelegationKeyMap.js +13 -0
- package/icc-api/model/internal/SecureDelegationKeyMap.js.map +1 -0
- package/icc-api/model/models.d.ts +26 -40
- package/icc-api/model/models.js +19 -37
- package/icc-api/model/models.js.map +1 -1
- package/icc-api/model/requests/EntityBulkShareResult.d.ts +28 -0
- package/icc-api/model/requests/EntityBulkShareResult.js +16 -0
- package/icc-api/model/requests/EntityBulkShareResult.js.map +1 -0
- package/icc-api/model/requests/EntityShareOrMetadataUpdateRequest.d.ts +10 -0
- package/icc-api/model/requests/EntityShareOrMetadataUpdateRequest.js +17 -0
- package/icc-api/model/requests/EntityShareOrMetadataUpdateRequest.js.map +1 -0
- package/icc-api/model/requests/EntityShareRequest.d.ts +110 -0
- package/icc-api/model/requests/EntityShareRequest.js +63 -0
- package/icc-api/model/requests/EntityShareRequest.js.map +1 -0
- package/icc-api/model/requests/EntitySharedMetadataUpdateRequest.d.ts +54 -0
- package/icc-api/model/requests/EntitySharedMetadataUpdateRequest.js +24 -0
- package/icc-api/model/requests/EntitySharedMetadataUpdateRequest.js.map +1 -0
- package/icc-api/model/requests/MinimalEntityBulkShareResult.d.ts +23 -0
- package/icc-api/model/requests/MinimalEntityBulkShareResult.js +13 -0
- package/icc-api/model/requests/MinimalEntityBulkShareResult.js.map +1 -0
- package/icc-api/model/requests/RejectedShareOrMetadataUpdateRequest.d.ts +21 -0
- package/icc-api/model/requests/RejectedShareOrMetadataUpdateRequest.js +14 -0
- package/icc-api/model/requests/RejectedShareOrMetadataUpdateRequest.js.map +1 -0
- package/icc-x-api/basexapi/EncryptedEntityXApi.d.ts +55 -6
- package/icc-x-api/basexapi/EncryptedEntityXApi.js.map +1 -1
- package/icc-x-api/crypto/AES.js +1 -1
- package/icc-x-api/crypto/AES.js.map +1 -1
- package/icc-x-api/crypto/AccessControlKeysHeadersProvider.d.ts +18 -0
- package/icc-x-api/crypto/AccessControlKeysHeadersProvider.js +50 -0
- package/icc-x-api/crypto/AccessControlKeysHeadersProvider.js.map +1 -0
- package/icc-x-api/crypto/AccessControlSecretUtils.d.ts +43 -0
- package/icc-x-api/crypto/AccessControlSecretUtils.js +97 -0
- package/icc-x-api/crypto/AccessControlSecretUtils.js.map +1 -0
- package/icc-x-api/crypto/BaseExchangeDataManager.d.ts +146 -0
- package/icc-x-api/crypto/BaseExchangeDataManager.js +342 -0
- package/icc-x-api/crypto/BaseExchangeDataManager.js.map +1 -0
- package/icc-x-api/crypto/BaseExchangeKeysManager.d.ts +0 -18
- package/icc-x-api/crypto/BaseExchangeKeysManager.js +11 -85
- package/icc-x-api/crypto/BaseExchangeKeysManager.js.map +1 -1
- package/icc-x-api/crypto/ConfidentialEntities.d.ts +26 -16
- package/icc-x-api/crypto/ConfidentialEntities.js +30 -17
- package/icc-x-api/crypto/ConfidentialEntities.js.map +1 -1
- package/icc-x-api/crypto/CryptoStrategies.d.ts +8 -1
- package/icc-x-api/crypto/CryptoStrategies.js.map +1 -1
- package/icc-x-api/crypto/DelegationsDeAnonymization.d.ts +44 -0
- package/icc-x-api/crypto/DelegationsDeAnonymization.js +235 -0
- package/icc-x-api/crypto/DelegationsDeAnonymization.js.map +1 -0
- package/icc-x-api/crypto/ExchangeDataManager.d.ts +97 -0
- package/icc-x-api/crypto/ExchangeDataManager.js +501 -0
- package/icc-x-api/crypto/ExchangeDataManager.js.map +1 -0
- package/icc-x-api/crypto/ExchangeDataMapManager.d.ts +32 -0
- package/icc-x-api/crypto/ExchangeDataMapManager.js +70 -0
- package/icc-x-api/crypto/ExchangeDataMapManager.js.map +1 -0
- package/icc-x-api/crypto/ExchangeKeysManager.d.ts +4 -16
- package/icc-x-api/crypto/ExchangeKeysManager.js +4 -62
- package/icc-x-api/crypto/ExchangeKeysManager.js.map +1 -1
- package/icc-x-api/crypto/ExtendedApisUtils.d.ts +326 -0
- package/icc-x-api/crypto/ExtendedApisUtils.js +3 -0
- package/icc-x-api/crypto/ExtendedApisUtils.js.map +1 -0
- package/icc-x-api/crypto/ExtendedApisUtilsImpl.d.ts +174 -0
- package/icc-x-api/crypto/ExtendedApisUtilsImpl.js +559 -0
- package/icc-x-api/crypto/ExtendedApisUtilsImpl.js.map +1 -0
- package/icc-x-api/crypto/KeyRecovery.d.ts +5 -2
- package/icc-x-api/crypto/KeyRecovery.js +59 -29
- package/icc-x-api/crypto/KeyRecovery.js.map +1 -1
- package/icc-x-api/crypto/LegacyCryptoStrategies.d.ts +7 -2
- package/icc-x-api/crypto/LegacyCryptoStrategies.js +8 -1
- package/icc-x-api/crypto/LegacyCryptoStrategies.js.map +1 -1
- package/icc-x-api/crypto/LegacyDelegationSecurityMetadataDecryptor.d.ts +33 -0
- package/icc-x-api/crypto/LegacyDelegationSecurityMetadataDecryptor.js +141 -0
- package/icc-x-api/crypto/LegacyDelegationSecurityMetadataDecryptor.js.map +1 -0
- package/icc-x-api/crypto/RSA.d.ts +34 -8
- package/icc-x-api/crypto/RSA.js +80 -13
- package/icc-x-api/crypto/RSA.js.map +1 -1
- package/icc-x-api/crypto/SecureDelegationsEncryption.d.ts +54 -0
- package/icc-x-api/crypto/SecureDelegationsEncryption.js +178 -0
- package/icc-x-api/crypto/SecureDelegationsEncryption.js.map +1 -0
- package/icc-x-api/crypto/SecureDelegationsManager.d.ts +66 -0
- package/icc-x-api/crypto/SecureDelegationsManager.js +261 -0
- package/icc-x-api/crypto/SecureDelegationsManager.js.map +1 -0
- package/icc-x-api/crypto/SecureDelegationsSecurityMetadataDecryptor.d.ts +46 -0
- package/icc-x-api/crypto/SecureDelegationsSecurityMetadataDecryptor.js +312 -0
- package/icc-x-api/crypto/SecureDelegationsSecurityMetadataDecryptor.js.map +1 -0
- package/icc-x-api/crypto/SecurityMetadataDecryptor.d.ts +97 -0
- package/icc-x-api/crypto/SecurityMetadataDecryptor.js +79 -0
- package/icc-x-api/crypto/SecurityMetadataDecryptor.js.map +1 -0
- package/icc-x-api/crypto/ShamirKeysManager.d.ts +5 -5
- package/icc-x-api/crypto/ShamirKeysManager.js +6 -9
- package/icc-x-api/crypto/ShamirKeysManager.js.map +1 -1
- package/icc-x-api/crypto/TransferKeysManager.d.ts +8 -6
- package/icc-x-api/crypto/TransferKeysManager.js +75 -52
- package/icc-x-api/crypto/TransferKeysManager.js.map +1 -1
- package/icc-x-api/crypto/{KeyManager.d.ts → UserEncryptionKeysManager.d.ts} +4 -6
- package/icc-x-api/crypto/{KeyManager.js → UserEncryptionKeysManager.js} +43 -23
- package/icc-x-api/crypto/UserEncryptionKeysManager.js.map +1 -0
- package/icc-x-api/crypto/UserSignatureKeysManager.d.ts +26 -0
- package/icc-x-api/crypto/UserSignatureKeysManager.js +74 -0
- package/icc-x-api/crypto/UserSignatureKeysManager.js.map +1 -0
- package/icc-x-api/crypto/utils.d.ts +61 -11
- package/icc-x-api/crypto/utils.js +113 -44
- package/icc-x-api/crypto/utils.js.map +1 -1
- package/icc-x-api/filters/LatestMessageByHcPartyTransportGuidFilter.d.ts +8 -0
- package/icc-x-api/filters/LatestMessageByHcPartyTransportGuidFilter.js +13 -0
- package/icc-x-api/filters/LatestMessageByHcPartyTransportGuidFilter.js.map +1 -0
- package/icc-x-api/filters/MessageByHcPartyFilter.d.ts +7 -0
- package/icc-x-api/filters/MessageByHcPartyFilter.js +13 -0
- package/icc-x-api/filters/MessageByHcPartyFilter.js.map +1 -0
- package/icc-x-api/filters/MessageByHcPartyTransportGuidFilter.d.ts +8 -0
- package/icc-x-api/filters/MessageByHcPartyTransportGuidFilter.js +13 -0
- package/icc-x-api/filters/MessageByHcPartyTransportGuidFilter.js.map +1 -0
- package/icc-x-api/filters/TopicByHcPartyFilter.d.ts +7 -0
- package/icc-x-api/filters/TopicByHcPartyFilter.js +13 -0
- package/icc-x-api/filters/TopicByHcPartyFilter.js.map +1 -0
- package/icc-x-api/filters/TopicByParticipantFilter.d.ts +7 -0
- package/icc-x-api/filters/TopicByParticipantFilter.js +13 -0
- package/icc-x-api/filters/TopicByParticipantFilter.js.map +1 -0
- package/icc-x-api/filters/filters.d.ts +5 -0
- package/icc-x-api/filters/filters.js +5 -0
- package/icc-x-api/filters/filters.js.map +1 -1
- package/icc-x-api/icc-accesslog-x-api.d.ts +49 -12
- package/icc-x-api/icc-accesslog-x-api.js +81 -44
- package/icc-x-api/icc-accesslog-x-api.js.map +1 -1
- package/icc-x-api/icc-calendar-item-x-api.d.ts +53 -15
- package/icc-x-api/icc-calendar-item-x-api.js +105 -51
- package/icc-x-api/icc-calendar-item-x-api.js.map +1 -1
- package/icc-x-api/icc-classification-x-api.d.ts +47 -10
- package/icc-x-api/icc-classification-x-api.js +62 -33
- package/icc-x-api/icc-classification-x-api.js.map +1 -1
- package/icc-x-api/icc-contact-x-api.d.ts +59 -33
- package/icc-x-api/icc-contact-x-api.js +101 -66
- package/icc-x-api/icc-contact-x-api.js.map +1 -1
- package/icc-x-api/icc-crypto-x-api.d.ts +33 -333
- package/icc-x-api/icc-crypto-x-api.js +47 -764
- package/icc-x-api/icc-crypto-x-api.js.map +1 -1
- package/icc-x-api/icc-data-owner-x-api.d.ts +20 -8
- package/icc-x-api/icc-data-owner-x-api.js +31 -10
- package/icc-x-api/icc-data-owner-x-api.js.map +1 -1
- package/icc-x-api/icc-document-x-api.d.ts +51 -12
- package/icc-x-api/icc-document-x-api.js +117 -66
- package/icc-x-api/icc-document-x-api.js.map +1 -1
- package/icc-x-api/icc-form-x-api.d.ts +48 -11
- package/icc-x-api/icc-form-x-api.js +71 -37
- package/icc-x-api/icc-form-x-api.js.map +1 -1
- package/icc-x-api/icc-hcparty-x-api.d.ts +2 -2
- package/icc-x-api/icc-hcparty-x-api.js +3 -3
- package/icc-x-api/icc-hcparty-x-api.js.map +1 -1
- package/icc-x-api/icc-helement-x-api.d.ts +59 -20
- package/icc-x-api/icc-helement-x-api.js +78 -43
- package/icc-x-api/icc-helement-x-api.js.map +1 -1
- package/icc-x-api/icc-icure-maintenance-x-api.d.ts +7 -2
- package/icc-x-api/icc-icure-maintenance-x-api.js +38 -27
- package/icc-x-api/icc-icure-maintenance-x-api.js.map +1 -1
- package/icc-x-api/icc-invoice-x-api.d.ts +53 -16
- package/icc-x-api/icc-invoice-x-api.js +69 -35
- package/icc-x-api/icc-invoice-x-api.js.map +1 -1
- package/icc-x-api/icc-maintenance-task-x-api.d.ts +56 -22
- package/icc-x-api/icc-maintenance-task-x-api.js +77 -36
- package/icc-x-api/icc-maintenance-task-x-api.js.map +1 -1
- package/icc-x-api/icc-message-x-api.d.ts +75 -19
- package/icc-x-api/icc-message-x-api.js +126 -37
- package/icc-x-api/icc-message-x-api.js.map +1 -1
- package/icc-x-api/icc-patient-x-api.d.ts +86 -29
- package/icc-x-api/icc-patient-x-api.js +318 -379
- package/icc-x-api/icc-patient-x-api.js.map +1 -1
- package/icc-x-api/icc-receipt-x-api.d.ts +47 -13
- package/icc-x-api/icc-receipt-x-api.js +72 -36
- package/icc-x-api/icc-receipt-x-api.js.map +1 -1
- package/icc-x-api/icc-time-table-x-api.d.ts +46 -13
- package/icc-x-api/icc-time-table-x-api.js +61 -27
- package/icc-x-api/icc-time-table-x-api.js.map +1 -1
- package/icc-x-api/icc-topic-x-api.d.ts +191 -0
- package/icc-x-api/icc-topic-x-api.js +307 -0
- package/icc-x-api/icc-topic-x-api.js.map +1 -0
- package/icc-x-api/icc-user-x-api.d.ts +2 -2
- package/icc-x-api/icc-user-x-api.js +3 -3
- package/icc-x-api/icc-user-x-api.js.map +1 -1
- package/icc-x-api/index.d.ts +18 -2
- package/icc-x-api/index.js +203 -156
- package/icc-x-api/index.js.map +1 -1
- package/icc-x-api/maintenance/KeyPairUpdateRequest.d.ts +1 -1
- package/icc-x-api/storage/DefaultStorageEntryKeysFactory.d.ts +2 -0
- package/icc-x-api/storage/DefaultStorageEntryKeysFactory.js +9 -2
- package/icc-x-api/storage/DefaultStorageEntryKeysFactory.js.map +1 -1
- package/icc-x-api/storage/IcureStorageFacade.d.ts +23 -2
- package/icc-x-api/storage/IcureStorageFacade.js +36 -2
- package/icc-x-api/storage/IcureStorageFacade.js.map +1 -1
- package/icc-x-api/storage/KeyStorageFacade.d.ts +12 -0
- package/icc-x-api/storage/KeyStorageFacade.js.map +1 -1
- package/icc-x-api/storage/KeyStorageImpl.d.ts +2 -0
- package/icc-x-api/storage/KeyStorageImpl.js +10 -0
- package/icc-x-api/storage/KeyStorageImpl.js.map +1 -1
- package/icc-x-api/storage/StorageEntryKeysFactory.d.ts +14 -1
- package/icc-x-api/storage/StorageEntryKeysFactory.js.map +1 -1
- package/icc-x-api/utils/EntityWithDelegationTypeName.d.ts +32 -0
- package/icc-x-api/utils/EntityWithDelegationTypeName.js +75 -0
- package/icc-x-api/utils/EntityWithDelegationTypeName.js.map +1 -0
- package/icc-x-api/utils/ShareResult.d.ts +74 -0
- package/icc-x-api/utils/ShareResult.js +61 -0
- package/icc-x-api/utils/ShareResult.js.map +1 -0
- package/icc-x-api/utils/binary-utils.d.ts +1 -0
- package/icc-x-api/utils/binary-utils.js +8 -1
- package/icc-x-api/utils/binary-utils.js.map +1 -1
- package/icc-x-api/utils/collection-utils.d.ts +5 -0
- package/icc-x-api/utils/collection-utils.js +26 -1
- package/icc-x-api/utils/collection-utils.js.map +1 -1
- package/icc-x-api/utils/crypto-utils.d.ts +4 -3
- package/icc-x-api/utils/crypto-utils.js +5 -4
- package/icc-x-api/utils/crypto-utils.js.map +1 -1
- package/icc-x-api/utils/lru-temporised-async-cache.d.ts +26 -3
- package/icc-x-api/utils/lru-temporised-async-cache.js +75 -15
- package/icc-x-api/utils/lru-temporised-async-cache.js.map +1 -1
- package/icc-x-api/utils/websocket.d.ts +14 -10
- package/icc-x-api/utils/websocket.js +26 -9
- package/icc-x-api/utils/websocket.js.map +1 -1
- package/index.d.ts +1 -1
- package/index.js +3 -1
- package/index.js.map +1 -1
- package/package.json +2 -3
- package/icc-x-api/crypto/EntitiesEncryption.d.ts +0 -275
- package/icc-x-api/crypto/EntitiesEncryption.js +0 -734
- package/icc-x-api/crypto/EntitiesEncryption.js.map +0 -1
- package/icc-x-api/crypto/KeyManager.js.map +0 -1
|
@@ -1,734 +0,0 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
|
|
3
|
-
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
|
|
4
|
-
return new (P || (P = Promise))(function (resolve, reject) {
|
|
5
|
-
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
|
|
6
|
-
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
|
|
7
|
-
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
|
|
8
|
-
step((generator = generator.apply(thisArg, _arguments || [])).next());
|
|
9
|
-
});
|
|
10
|
-
};
|
|
11
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
12
|
-
exports.EntitiesEncryption = void 0;
|
|
13
|
-
const utils_1 = require("../utils");
|
|
14
|
-
const _ = require("lodash");
|
|
15
|
-
const collection_utils_1 = require("../utils/collection-utils");
|
|
16
|
-
const ShareMetadataBehaviour_1 = require("./ShareMetadataBehaviour");
|
|
17
|
-
/**
|
|
18
|
-
* @internal this class is for internal use only and may be changed without notice
|
|
19
|
-
* Give access to functions for retrieving encryption metadata of entities.
|
|
20
|
-
*/
|
|
21
|
-
class EntitiesEncryption {
|
|
22
|
-
constructor(primitives, dataOwnerApi, exchangeKeysManager, useParentKeys) {
|
|
23
|
-
this.primitives = primitives;
|
|
24
|
-
this.dataOwnerApi = dataOwnerApi;
|
|
25
|
-
this.exchangeKeysManager = exchangeKeysManager;
|
|
26
|
-
this.useParentKeys = useParentKeys;
|
|
27
|
-
}
|
|
28
|
-
/**
|
|
29
|
-
* Get the data owners which can access the entity
|
|
30
|
-
* @param entity an entity.
|
|
31
|
-
*/
|
|
32
|
-
getDataOwnersWithAccessTo(entity) {
|
|
33
|
-
var _a;
|
|
34
|
-
return __awaiter(this, void 0, void 0, function* () {
|
|
35
|
-
return {
|
|
36
|
-
permissionsByDataOwnerId: Object.fromEntries(Object.keys((_a = entity.delegations) !== null && _a !== void 0 ? _a : {}).map((x) => [x, 'WRITE'])),
|
|
37
|
-
hasUnknownAnonymousDataOwners: false,
|
|
38
|
-
};
|
|
39
|
-
});
|
|
40
|
-
}
|
|
41
|
-
/**
|
|
42
|
-
* Get the encryption keys of an entity that the provided data owner can access, potentially using the keys for his parent.
|
|
43
|
-
* There should only be one encryption key for each entity, but the method supports more to allow to deal with conflicts and merged duplicate data.
|
|
44
|
-
* @param entity an encrypted entity.
|
|
45
|
-
* @param dataOwnerId optionally a data owner part of the hierarchy for the current data owner, defaults to the current data owner.
|
|
46
|
-
* @param tagsFilter allows to obtain only encryption keys associated to tags which satisfy the provided filter.
|
|
47
|
-
* @return the encryption keys that the provided data owner can decrypt, deduplicated.
|
|
48
|
-
*/
|
|
49
|
-
encryptionKeysOf(entity, dataOwnerId, tagsFilter = () => Promise.resolve(true)) {
|
|
50
|
-
var _a, _b;
|
|
51
|
-
return __awaiter(this, void 0, void 0, function* () {
|
|
52
|
-
// Legacy entities may have encryption keys in delegations.
|
|
53
|
-
return this.extractMergedHierarchyFromDelegationAndOwner(Object.keys((_a = entity.encryptionKeys) !== null && _a !== void 0 ? _a : {}).length > 0 ? entity.encryptionKeys : (_b = entity.delegations) !== null && _b !== void 0 ? _b : {}, dataOwnerId, (k) => this.validateEncryptionKey(k), (t) => tagsFilter(t));
|
|
54
|
-
});
|
|
55
|
-
}
|
|
56
|
-
/**
|
|
57
|
-
* Get the encryption keys of an entity that the current data owner and his parents can access. The resulting array contains the keys for each data
|
|
58
|
-
* owner in the hierarchy which can be decrypted using only that data owner keys (excludes keys accessible through the parent keys). The order of
|
|
59
|
-
* the array is the same as in {@link IccDataOwnerXApi.getCurrentDataOwnerHierarchyIds}.
|
|
60
|
-
* Note that different data owners may have access to the same keys, but the keys extracted for each data owner are deduplicated.
|
|
61
|
-
* There should only be one encryption key for each entity, but the method supports more to allow to deal with conflicts and merged duplicate data.
|
|
62
|
-
* @param entity an encrypted entity.
|
|
63
|
-
* @param tagsFilter allows to obtain only encryption keys associated to tags which satisfy the provided filter.
|
|
64
|
-
* @return the encryption keys that each member of the current data owner hierarchy can decrypt using only his keys and not keys of his parents.
|
|
65
|
-
*/
|
|
66
|
-
encryptionKeysForHcpHierarchyOf(entity, tagsFilter = () => Promise.resolve(true)) {
|
|
67
|
-
var _a;
|
|
68
|
-
return __awaiter(this, void 0, void 0, function* () {
|
|
69
|
-
return this.extractedHierarchyFromDelegation((_a = entity.encryptionKeys) !== null && _a !== void 0 ? _a : {}, (k) => this.validateEncryptionKey(k), (t) => tagsFilter(t));
|
|
70
|
-
});
|
|
71
|
-
}
|
|
72
|
-
/**
|
|
73
|
-
* Get the secret ids (SFKs) of an entity that the provided data owner can access, potentially using the keys for his parent.
|
|
74
|
-
* @param entity an encrypted entity.
|
|
75
|
-
* @param dataOwnerId optionally a data owner part of the hierarchy for the current data owner, defaults to the current data owner.
|
|
76
|
-
* @param tagsFilter allows to obtain only secret ids associated to tags which satisfy the provided filter.
|
|
77
|
-
* @return the secret ids (SFKs) that the provided data owner can decrypt, deduplicated.
|
|
78
|
-
*/
|
|
79
|
-
secretIdsOf(entity, dataOwnerId, tagsFilter = () => Promise.resolve(true)) {
|
|
80
|
-
var _a;
|
|
81
|
-
return __awaiter(this, void 0, void 0, function* () {
|
|
82
|
-
return this.extractMergedHierarchyFromDelegationAndOwner((_a = entity.delegations) !== null && _a !== void 0 ? _a : {}, dataOwnerId, (k) => this.validateSecretId(k), (t) => tagsFilter(t));
|
|
83
|
-
});
|
|
84
|
-
}
|
|
85
|
-
/**
|
|
86
|
-
* Get the secret ids (SFKs) of an entity that the current data owner and his parents can access. The resulting array contains the ids for each data
|
|
87
|
-
* owner in the hierarchy which can be decrypted using only that data owner keys (excludes ids accessible through the parent keys). The order of
|
|
88
|
-
* the array is the same as in {@link IccDataOwnerXApi.getCurrentDataOwnerHierarchyIds}.
|
|
89
|
-
* Note that different data owners may have access to the same secret ids, but the secret ids extracted for each data owner are deduplicated.
|
|
90
|
-
* @param entity an encrypted entity.
|
|
91
|
-
* @param tagsFilter allows to obtain only secret ids associated to tags which satisfy the provided filter.
|
|
92
|
-
* @return the secret ids that each member of the current data owner hierarchy can decrypt using only his keys and not keys of his parents.
|
|
93
|
-
*/
|
|
94
|
-
secretIdsForHcpHierarchyOf(entity, tagsFilter = () => Promise.resolve(true)) {
|
|
95
|
-
var _a;
|
|
96
|
-
return __awaiter(this, void 0, void 0, function* () {
|
|
97
|
-
return this.extractedHierarchyFromDelegation((_a = entity.delegations) !== null && _a !== void 0 ? _a : {}, (k) => this.validateSecretId(k), (t) => tagsFilter(t));
|
|
98
|
-
});
|
|
99
|
-
}
|
|
100
|
-
/**
|
|
101
|
-
* Get the decrypted owning entity ids (formerly CFKs) for the provided entity that can be decrypted using the private keys of the current data
|
|
102
|
-
* owner and his parents. The owning entity id would be, for example, the id of a patient for contact and healthcare elements, or the id of a
|
|
103
|
-
* message for documents.
|
|
104
|
-
* There should only be one owning entity id for each entity, but the method supports more to allow to deal with conflicts and merged duplicate
|
|
105
|
-
* data.
|
|
106
|
-
* @param entity an encrypted entity.
|
|
107
|
-
* @param dataOwnerId optionally a data owner part of the hierarchy for the current data owner, defaults to the current data owner.
|
|
108
|
-
* @param tagsFilter allows to obtain only owning entity ids associated to tags which satisfy the provided filter.
|
|
109
|
-
* @return the owning entity ids (CFKs) that the provided data owner can decrypt, deduplicated.
|
|
110
|
-
*/
|
|
111
|
-
owningEntityIdsOf(entity, dataOwnerId, tagsFilter = () => Promise.resolve(true)) {
|
|
112
|
-
var _a;
|
|
113
|
-
return __awaiter(this, void 0, void 0, function* () {
|
|
114
|
-
return this.extractMergedHierarchyFromDelegationAndOwner((_a = entity.cryptedForeignKeys) !== null && _a !== void 0 ? _a : {}, dataOwnerId, (k) => this.validateOwningEntityId(k), (t) => tagsFilter(t));
|
|
115
|
-
});
|
|
116
|
-
}
|
|
117
|
-
/**
|
|
118
|
-
* Get the decrypted owning entity ids (formerly CFKs) for the provided entity that can be decrypted using the private keys of the current data
|
|
119
|
-
* owner and his parents. The owning entity id would be, for example, the id of a patient for contact and healthcare elements, or the id of a
|
|
120
|
-
* message for documents.
|
|
121
|
-
* The resulting array contains the ids for each data owner in the hierarchy which can be decrypted using only that data owner keys (excludes ids
|
|
122
|
-
* accessible through the parent keys). The order of the array is the same as in {@link IccDataOwnerXApi.getCurrentDataOwnerHierarchyIds}.
|
|
123
|
-
* Note that different data owners may have access to the same owning entity ids, but the owning entity ids extracted for each data owner are
|
|
124
|
-
* deduplicated in case they could be accessed through different delegations.
|
|
125
|
-
* There should only be one owning entity id for each entity, but the method supports more to allow to deal with conflicts and merged duplicate
|
|
126
|
-
* data.
|
|
127
|
-
* @param entity an encrypted entity.
|
|
128
|
-
* @param tagsFilter allows to obtain only owning entity ids associated to tags which satisfy the provided filter.
|
|
129
|
-
* @return the owning entity ids that each member of the current data owner hierarchy can decrypt using only his keys and not keys of his parents.
|
|
130
|
-
*/
|
|
131
|
-
owningEntityIdsForHcpHierarchyOf(entity, tagsFilter = () => Promise.resolve(true)) {
|
|
132
|
-
var _a;
|
|
133
|
-
return __awaiter(this, void 0, void 0, function* () {
|
|
134
|
-
return this.extractedHierarchyFromDelegation((_a = entity.cryptedForeignKeys) !== null && _a !== void 0 ? _a : {}, (k) => this.validateOwningEntityId(k), (t) => tagsFilter(t));
|
|
135
|
-
});
|
|
136
|
-
}
|
|
137
|
-
/**
|
|
138
|
-
* @internal this method is intended only for internal use and may be changed without notice.
|
|
139
|
-
* Initializes encryption metadata for an entity. This includes the encrypted secret id, owning entity id, and encryption key for the entity, and
|
|
140
|
-
* the clear text secret foreign key of the parent entity.
|
|
141
|
-
* This method returns a modified copy of the entity.
|
|
142
|
-
* @param entity entity which requires encryption metadata initialisation.
|
|
143
|
-
* @param owningEntity id of the owning entity, if any (e.g. patient id for Contact/HealtchareElement, message id for Document, ...).
|
|
144
|
-
* @param owningEntitySecretId secret id of the parent entity, to use in the secret foreign keys for the provided entity, if any.
|
|
145
|
-
* @param initialiseEncryptionKeys if false this method will not initialize any encryption keys. Use only for entities which use delegations for
|
|
146
|
-
* access control but don't actually have any encrypted content.
|
|
147
|
-
* @param additionalDelegations automatically shares the
|
|
148
|
-
* @param tags tags to associate with the initial encryption keys and metadata
|
|
149
|
-
* @throws if the entity already has non-empty values for encryption metadata.
|
|
150
|
-
* @return an updated copy of the entity.
|
|
151
|
-
*/
|
|
152
|
-
entityWithInitialisedEncryptedMetadata(entity, owningEntity, owningEntitySecretId, initialiseEncryptionKeys, additionalDelegations = [], tags = []) {
|
|
153
|
-
return __awaiter(this, arguments, void 0, function* () {
|
|
154
|
-
this.throwDetailedExceptionForInvalidParameter('entity.id', entity.id, 'entityWithInitialisedEncryptedMetadata', arguments);
|
|
155
|
-
this.checkEmptyEncryptionMetadata(entity);
|
|
156
|
-
const secretId = this.primitives.randomUuid();
|
|
157
|
-
const rawEncryptionKey = initialiseEncryptionKeys ? (0, utils_1.ua2hex)(this.primitives.randomBytes(16)) : undefined;
|
|
158
|
-
const selfId = yield this.dataOwnerApi.getCurrentDataOwnerId();
|
|
159
|
-
const allIds = [selfId, ...new Set(additionalDelegations.filter((x) => x !== selfId))];
|
|
160
|
-
const loadKeysResult = yield this.loadEncryptionKeysForDelegates(entity, allIds);
|
|
161
|
-
const updatedEntity = yield allIds.reduce((prevUpdate, delegateId) => __awaiter(this, void 0, void 0, function* () {
|
|
162
|
-
return yield this.createOrUpdateEntityDelegations(yield prevUpdate, delegateId, [], [], [], [secretId], initialiseEncryptionKeys ? [rawEncryptionKey] : [], owningEntity ? [owningEntity] : [], tags, loadKeysResult.keysForDelegates);
|
|
163
|
-
}), Promise.resolve(loadKeysResult.updatedEntity));
|
|
164
|
-
if (owningEntitySecretId) {
|
|
165
|
-
updatedEntity.secretForeignKeys = [owningEntitySecretId];
|
|
166
|
-
}
|
|
167
|
-
return { updatedEntity, secretId, rawEncryptionKey };
|
|
168
|
-
});
|
|
169
|
-
}
|
|
170
|
-
entityWithAutoExtendedEncryptedMetadata(entity, autoShareSecretIds, delegatesShareInfo) {
|
|
171
|
-
var _a, _b;
|
|
172
|
-
return __awaiter(this, void 0, void 0, function* () {
|
|
173
|
-
if (!Object.keys(delegatesShareInfo).length) {
|
|
174
|
-
throw new Error('Must specify at least a delegate');
|
|
175
|
-
}
|
|
176
|
-
let defaultSecretIds;
|
|
177
|
-
if (autoShareSecretIds) {
|
|
178
|
-
const availableSecretIds = yield this.secretIdsOf(entity);
|
|
179
|
-
if (availableSecretIds.length) {
|
|
180
|
-
defaultSecretIds = availableSecretIds;
|
|
181
|
-
}
|
|
182
|
-
else {
|
|
183
|
-
defaultSecretIds = [this.primitives.randomUuid()];
|
|
184
|
-
}
|
|
185
|
-
}
|
|
186
|
-
const availableEncryptionKeys = yield this.encryptionKeysOf(entity);
|
|
187
|
-
const availableOwningEntityIds = yield this.owningEntityIdsOf(entity);
|
|
188
|
-
let updatedEntity = undefined;
|
|
189
|
-
for (const [delegateId, requests] of Object.entries(delegatesShareInfo)) {
|
|
190
|
-
let shareSecretIds = autoShareSecretIds ? defaultSecretIds : (_a = requests.shareSecretIds) !== null && _a !== void 0 ? _a : [];
|
|
191
|
-
let actualShareEncryptionKeys = [];
|
|
192
|
-
if (requests.shareEncryptionKey !== ShareMetadataBehaviour_1.ShareMetadataBehaviour.NEVER) {
|
|
193
|
-
if (!availableEncryptionKeys.length && requests.shareEncryptionKey === ShareMetadataBehaviour_1.ShareMetadataBehaviour.REQUIRED) {
|
|
194
|
-
throw new Error(`Entity ${JSON.stringify(entity)} has no encryption keys or the current data owner can't access any encryption keys.`);
|
|
195
|
-
}
|
|
196
|
-
actualShareEncryptionKeys = availableEncryptionKeys;
|
|
197
|
-
}
|
|
198
|
-
let actualShareOwningEntityIds = [];
|
|
199
|
-
if (requests.shareOwningEntityIds !== ShareMetadataBehaviour_1.ShareMetadataBehaviour.NEVER) {
|
|
200
|
-
if (!availableOwningEntityIds.length && requests.shareOwningEntityIds === ShareMetadataBehaviour_1.ShareMetadataBehaviour.REQUIRED) {
|
|
201
|
-
throw new Error(`Entity ${JSON.stringify(entity)} has no owning entity ids or the current data owner can't access any owning entity ids.`);
|
|
202
|
-
}
|
|
203
|
-
actualShareOwningEntityIds = availableOwningEntityIds;
|
|
204
|
-
}
|
|
205
|
-
updatedEntity =
|
|
206
|
-
(_b = (yield this.entityWithExtendedEncryptedMetadata(updatedEntity !== null && updatedEntity !== void 0 ? updatedEntity : entity, delegateId, shareSecretIds, actualShareEncryptionKeys, actualShareOwningEntityIds))) !== null && _b !== void 0 ? _b : updatedEntity;
|
|
207
|
-
}
|
|
208
|
-
return updatedEntity;
|
|
209
|
-
});
|
|
210
|
-
}
|
|
211
|
-
/**
|
|
212
|
-
* Updates encryption metadata for an entity in order to share it with a delegate or in order to add additional encrypted metadata for an existing
|
|
213
|
-
* delegate.
|
|
214
|
-
* The first time this method is used for a specific delegate it will give access to all unencrypted content of the entity to the delegate data
|
|
215
|
-
* owner. Additionally, this method also allows to share new or existing secret ids (shareSecretId), encryption keys (shareEncryptionKeys) and
|
|
216
|
-
* owning entity ids (shareOwningEntityIds) for the entity.
|
|
217
|
-
* You can use methods like {@link secretIdsOf}, {@link secretIdsForHcpHierarchyOf}, {@link encryptionKeysOf}, ... to retrieve the data you want to
|
|
218
|
-
* share. In most cases you may want to share everything related to the entity, but note that if you use confidential delegations for patients you
|
|
219
|
-
* may want to avoid sharing the confidential secret ids of the current user with other hcps.
|
|
220
|
-
* This method returns a modified copy of the entity.
|
|
221
|
-
* @param entity entity which requires encryption metadata initialisation.
|
|
222
|
-
* @param delegateId id of the delegate to share data with.
|
|
223
|
-
* @param shareSecretIds secret ids to share.
|
|
224
|
-
* @param shareEncryptionKeys encryption keys to share.
|
|
225
|
-
* @param shareOwningEntityIds owning enttiy ids to share.
|
|
226
|
-
* @param newTags tags to associate with the new encryption keys and metadata. Existing data won't be changed.
|
|
227
|
-
* @throws if any of the shareX parameters is set to `true` but the corresponding piece of data could not be retrieved.
|
|
228
|
-
* @return an updated copy of the entity.
|
|
229
|
-
*/
|
|
230
|
-
entityWithExtendedEncryptedMetadata(entity, delegateId, shareSecretIds, shareEncryptionKeys, shareOwningEntityIds, newTags = []) {
|
|
231
|
-
var _a, _b, _c;
|
|
232
|
-
return __awaiter(this, arguments, void 0, function* () {
|
|
233
|
-
this.throwDetailedExceptionForInvalidParameter('entity.id', entity.id, 'entityWithSharedEncryptedMetadata', arguments);
|
|
234
|
-
function checkInputAndGet(input, inputName, validate) {
|
|
235
|
-
return __awaiter(this, void 0, void 0, function* () {
|
|
236
|
-
for (const x of input) {
|
|
237
|
-
const validation = validate(x);
|
|
238
|
-
if (validation !== true && validation !== false && !(yield validation))
|
|
239
|
-
throw new Error(`Invalid input for ${inputName}.`);
|
|
240
|
-
}
|
|
241
|
-
return input;
|
|
242
|
-
});
|
|
243
|
-
}
|
|
244
|
-
const secretIdsToShare = yield checkInputAndGet(shareSecretIds, 'secretIds', (x) => this.validateSecretId(x));
|
|
245
|
-
const encryptionKeysToShare = yield checkInputAndGet(shareEncryptionKeys, 'encryptionKeys', (x) => this.validateEncryptionKey(x));
|
|
246
|
-
const owningEntityIdsToShare = yield checkInputAndGet(shareOwningEntityIds, 'owningEntityIds', (x) => this.validateOwningEntityId(x));
|
|
247
|
-
const deduplicateInfoSecretIds = yield this.deduplicateDelegationsAndFilterRequiredEntries(delegateId, (_a = entity.delegations) !== null && _a !== void 0 ? _a : {}, secretIdsToShare, (x) => this.validateSecretId(x));
|
|
248
|
-
const deduplicateInfoEncryptionKeys = yield this.deduplicateDelegationsAndFilterRequiredEntries(delegateId, (_b = entity.encryptionKeys) !== null && _b !== void 0 ? _b : {}, encryptionKeysToShare, (x) => this.validateEncryptionKey(x));
|
|
249
|
-
const deduplicateInfoOwningEntityIds = yield this.deduplicateDelegationsAndFilterRequiredEntries(delegateId, (_c = entity.cryptedForeignKeys) !== null && _c !== void 0 ? _c : {}, owningEntityIdsToShare, (x) => this.validateOwningEntityId(x));
|
|
250
|
-
/*TODO
|
|
251
|
-
* Temporary hack since secret id is necessary to create a delegation for access control: if there is no delegation existing from me to the
|
|
252
|
-
* delegate and there is no new secret id to be created create a new random id.
|
|
253
|
-
*/
|
|
254
|
-
const selfId = yield this.dataOwnerApi.getCurrentDataOwnerId();
|
|
255
|
-
if (deduplicateInfoSecretIds.missingEntries.length === 0 && !deduplicateInfoSecretIds.deduplicatedDelegations.some((d) => d.owner === selfId)) {
|
|
256
|
-
deduplicateInfoSecretIds.missingEntries.push(this.primitives.randomUuid());
|
|
257
|
-
}
|
|
258
|
-
if (deduplicateInfoSecretIds.missingEntries.length === 0 &&
|
|
259
|
-
deduplicateInfoEncryptionKeys.missingEntries.length === 0 &&
|
|
260
|
-
deduplicateInfoOwningEntityIds.missingEntries.length === 0)
|
|
261
|
-
return undefined;
|
|
262
|
-
const { updatedEntity, keysForDelegates } = yield this.loadEncryptionKeysForDelegates(entity, [delegateId]);
|
|
263
|
-
return this.createOrUpdateEntityDelegations(updatedEntity, delegateId, deduplicateInfoSecretIds.deduplicatedDelegations, deduplicateInfoEncryptionKeys.deduplicatedDelegations, deduplicateInfoOwningEntityIds.deduplicatedDelegations, deduplicateInfoSecretIds.missingEntries, deduplicateInfoEncryptionKeys.missingEntries, deduplicateInfoOwningEntityIds.missingEntries, newTags, keysForDelegates);
|
|
264
|
-
});
|
|
265
|
-
}
|
|
266
|
-
/**
|
|
267
|
-
* Encrypts data using a key of the entity that the provided data owner can access (current data owner by default). If the provided data owner can
|
|
268
|
-
* access multiple encryption keys of the entity there is no guarantee on which key will be used.
|
|
269
|
-
* Note: you should not use this method to encrypt the `encryptedSelf` of iCure entities, since that will be automatically handled by the extended
|
|
270
|
-
* apis. You should use this method only to encrypt additional data, such as document attachments.
|
|
271
|
-
* @param entity an entity.
|
|
272
|
-
* @param content data of the entity which you want to encrypt.
|
|
273
|
-
* @param dataOwnerId optionally a data owner part of the hierarchy for the current data owner, defaults to the current data owner.
|
|
274
|
-
* @param tagsFilter allows to use for encryption only keys associated to tags which pass the filter.
|
|
275
|
-
* @return the encrypted data.
|
|
276
|
-
* @throws if the provided data owner can't access any encryption keys for the entity.
|
|
277
|
-
*/
|
|
278
|
-
encryptDataOf(entity, content, dataOwnerId, tagsFilter = () => Promise.resolve(true)) {
|
|
279
|
-
var _a;
|
|
280
|
-
return __awaiter(this, void 0, void 0, function* () {
|
|
281
|
-
const keys = yield this.encryptionKeysOf((_a = (yield this.ensureEncryptionKeysInitialised(entity))) !== null && _a !== void 0 ? _a : entity, dataOwnerId, tagsFilter);
|
|
282
|
-
if (keys.length === 0)
|
|
283
|
-
throw new Error(`Could not extract any encryption keys of entity ${entity} for data owner ${dataOwnerId !== null && dataOwnerId !== void 0 ? dataOwnerId : (yield this.dataOwnerApi.getCurrentDataOwnerId())}.`);
|
|
284
|
-
return this.primitives.AES.encryptWithRawKey(keys[0], content);
|
|
285
|
-
});
|
|
286
|
-
}
|
|
287
|
-
/**
|
|
288
|
-
* Decrypts data using a key of the entity that the provided data owner can access (current data owner by default). If the provided data owner can
|
|
289
|
-
* access multiple encryption keys each of them will be tried for decryption until one of them gives a result that is valid according to the
|
|
290
|
-
* provided validator.
|
|
291
|
-
* Note: you should not use this method to decrypt the `encryptedSelf` of iCure entities, since that will be automatically handled by the extended
|
|
292
|
-
* apis. You should use this method only to decrypt additional data, such as document attachments.
|
|
293
|
-
* @param entity an entity.
|
|
294
|
-
* @param content data of the entity which you want to decrypt.
|
|
295
|
-
* @param dataOwnerId optionally a data owner part of the hierarchy for the current data owner, defaults to the current data owner.
|
|
296
|
-
* @param validator a function which verifies the correctness of decrypted content: helps to identify decryption with the wrong key without relying
|
|
297
|
-
* solely on padding.
|
|
298
|
-
* @param tagsFilter allows to use for decryption only keys associated to tags which pass the filter.
|
|
299
|
-
* @return the decrypted data.
|
|
300
|
-
* @throws if the provided data owner can't access any encryption keys for the entity, or if no key could be found which provided valid decrypted
|
|
301
|
-
* content according to the validator.
|
|
302
|
-
*/
|
|
303
|
-
tryDecryptDataOf(entity, content, validator = () => Promise.resolve(true), dataOwnerId, tagsFilter = () => Promise.resolve(true)) {
|
|
304
|
-
return __awaiter(this, void 0, void 0, function* () {
|
|
305
|
-
const keys = yield this.encryptionKeysOf(entity, dataOwnerId, tagsFilter);
|
|
306
|
-
for (const key of keys) {
|
|
307
|
-
try {
|
|
308
|
-
const decrypted = yield this.primitives.AES.decryptWithRawKey(key, content);
|
|
309
|
-
if (yield validator(decrypted))
|
|
310
|
-
return { data: decrypted, wasDecrypted: true };
|
|
311
|
-
}
|
|
312
|
-
catch (e) {
|
|
313
|
-
/* ignore */
|
|
314
|
-
}
|
|
315
|
-
}
|
|
316
|
-
return { data: content, wasDecrypted: false };
|
|
317
|
-
});
|
|
318
|
-
}
|
|
319
|
-
/**
|
|
320
|
-
* @internal this method is intended for internal use only and may be changed without notice.
|
|
321
|
-
* Decrypts the content of an encrypted entity.
|
|
322
|
-
*/
|
|
323
|
-
decryptEntity(entity, ownerId, constructor) {
|
|
324
|
-
return __awaiter(this, void 0, void 0, function* () {
|
|
325
|
-
const encryptionKeys = yield this.importAllValidKeys(yield this.encryptionKeysOf(entity, ownerId));
|
|
326
|
-
if (!encryptionKeys.length)
|
|
327
|
-
return { entity, decrypted: false };
|
|
328
|
-
return {
|
|
329
|
-
entity: constructor(yield (0, utils_1.decryptObject)(entity, (encrypted) => __awaiter(this, void 0, void 0, function* () {
|
|
330
|
-
var _a;
|
|
331
|
-
return (_a = (yield this.tryDecryptJson(encryptionKeys, encrypted, false))) !== null && _a !== void 0 ? _a : {};
|
|
332
|
-
}))),
|
|
333
|
-
decrypted: true,
|
|
334
|
-
};
|
|
335
|
-
});
|
|
336
|
-
}
|
|
337
|
-
/**
|
|
338
|
-
* @internal this method is intended for internal use only and may be changed without notice.
|
|
339
|
-
* Tries using the provided keys to decrypt some json.
|
|
340
|
-
*/
|
|
341
|
-
tryDecryptJson(potentialKeys, encrypted, truncateTrailingDecryptedNulls) {
|
|
342
|
-
var _a;
|
|
343
|
-
return __awaiter(this, void 0, void 0, function* () {
|
|
344
|
-
for (const key of potentialKeys) {
|
|
345
|
-
try {
|
|
346
|
-
const decrypted = (_a = (yield this.primitives.AES.decrypt(key.key, encrypted, key.raw))) !== null && _a !== void 0 ? _a : encrypted;
|
|
347
|
-
const text = (0, utils_1.ua2utf8)(truncateTrailingDecryptedNulls ? (0, utils_1.truncateTrailingNulls)(new Uint8Array(decrypted)) : decrypted);
|
|
348
|
-
return JSON.parse(text);
|
|
349
|
-
}
|
|
350
|
-
catch (e) { }
|
|
351
|
-
}
|
|
352
|
-
return undefined;
|
|
353
|
-
});
|
|
354
|
-
}
|
|
355
|
-
/**
|
|
356
|
-
* @internal this method is intended for internal use only and may be changed without notice.
|
|
357
|
-
* Tries to encrypt the content of an encrypted entity.
|
|
358
|
-
* 1. If valid key for encryption is found the method returns the entity with the encrypted fields specified by cryptedKeys
|
|
359
|
-
* 2. If requireEncryption is true and no key could be found for encryption of the entity the method fails.
|
|
360
|
-
* 3. If requireEncryption is false and no key could be found for encryption the method will only check that the entity does not specify any value
|
|
361
|
-
* for fields which should be encrypted according to cryptedKeys (e.g. note in a patient by default). If the entity specifies a value for any field
|
|
362
|
-
* which should be encrypted the method throws an error, otherwise the method returns the original entity.
|
|
363
|
-
*/
|
|
364
|
-
tryEncryptEntity(entity, dataOwnerId, fieldsToEncrypt, encodeBinaryData, requireEncryption, constructor) {
|
|
365
|
-
return __awaiter(this, void 0, void 0, function* () {
|
|
366
|
-
const entityWithInitialisedEncryptionKeys = yield this.ensureEncryptionKeysInitialised(entity);
|
|
367
|
-
const encryptionKey = yield this.tryImportFirstValidKey(yield this.encryptionKeysOf(entity, dataOwnerId), entity.id);
|
|
368
|
-
if (!!encryptionKey) {
|
|
369
|
-
return constructor(yield (0, utils_1.encryptObject)(entityWithInitialisedEncryptionKeys !== null && entityWithInitialisedEncryptionKeys !== void 0 ? entityWithInitialisedEncryptionKeys : entity, (obj) => {
|
|
370
|
-
// TODO should encoding of binary data should probably be applied to everything?
|
|
371
|
-
const json = encodeBinaryData
|
|
372
|
-
? JSON.stringify(obj, (k, v) => {
|
|
373
|
-
return v instanceof ArrayBuffer || ArrayBuffer.isView(v)
|
|
374
|
-
? (0, utils_1.b2a)(new Uint8Array(v).reduce((d, b) => d + String.fromCharCode(b), ''))
|
|
375
|
-
: v;
|
|
376
|
-
})
|
|
377
|
-
: JSON.stringify(obj);
|
|
378
|
-
return this.primitives.AES.encrypt(encryptionKey.key, (0, utils_1.utf8_2ua)(json), encryptionKey.raw);
|
|
379
|
-
}, fieldsToEncrypt, 'entity'));
|
|
380
|
-
}
|
|
381
|
-
else if (requireEncryption) {
|
|
382
|
-
throw new Error(`No key found for encryption of entity ${entity}`);
|
|
383
|
-
}
|
|
384
|
-
else {
|
|
385
|
-
yield (0, utils_1.encryptObject)(entity, (obj) => __awaiter(this, void 0, void 0, function* () {
|
|
386
|
-
const hasNonEmptyValues = Object.values(obj).some((v) => v !== undefined && (typeof v !== 'object' || (Array.isArray(v) && v.length > 0) || Object.keys(v).length > 0));
|
|
387
|
-
if (hasNonEmptyValues) {
|
|
388
|
-
throw new Error(`Impossible to modify encrypted content of an entity if no encryption key is known.\nEntity: ${JSON.stringify(entity)}\nTo encrypt: ${JSON.stringify(obj)}`);
|
|
389
|
-
}
|
|
390
|
-
return Promise.resolve(new ArrayBuffer(1));
|
|
391
|
-
}), fieldsToEncrypt, 'entity');
|
|
392
|
-
return entity;
|
|
393
|
-
}
|
|
394
|
-
});
|
|
395
|
-
}
|
|
396
|
-
/**
|
|
397
|
-
* @internal This method is for internal use only and may be changed without notice.
|
|
398
|
-
* Ensures that the encryption keys of an entity are initialised. If not will throw an exception or initialise them depending on the content of
|
|
399
|
-
* the entity. This function supports migration of entities using older encryption schemes (delegation only without encrypted keys) or entities
|
|
400
|
-
* which were previously not encrypted.
|
|
401
|
-
*/
|
|
402
|
-
ensureEncryptionKeysInitialised(entity) {
|
|
403
|
-
var _a;
|
|
404
|
-
return __awaiter(this, void 0, void 0, function* () {
|
|
405
|
-
if (Object.keys((_a = entity.encryptionKeys) !== null && _a !== void 0 ? _a : {}).length > 0)
|
|
406
|
-
return undefined;
|
|
407
|
-
if (!entity.rev) {
|
|
408
|
-
throw new Error('New encrypted entity is lacking encryption metadata. ' +
|
|
409
|
-
'Please instantiate new entities using the `newInstance` method from the respective extended api.');
|
|
410
|
-
}
|
|
411
|
-
/*
|
|
412
|
-
* If entity was using delegations as legacy encryption keys we will essentially revoke the access to the encrypted data for all other data
|
|
413
|
-
* owners. This however should not be a problem as this form of legacy entities should not exist anymore, and it should be present only in the
|
|
414
|
-
* databases of hcps without collaborators.
|
|
415
|
-
*/
|
|
416
|
-
return yield this.entityWithExtendedEncryptedMetadata(entity, yield this.dataOwnerApi.getCurrentDataOwnerId(), [], [(0, utils_1.ua2hex)(this.primitives.randomBytes(16))], []);
|
|
417
|
-
});
|
|
418
|
-
}
|
|
419
|
-
/**
|
|
420
|
-
* Get the decrypted content of a delegation-like object which the provided data owner would be able to access using ONLY HIS EXCHANGE KEYS (does
|
|
421
|
-
* not consider exchange keys for parents).
|
|
422
|
-
* Note that the retrieved exchange keys are decrypted using the private keys available on the device, and results may vary from other devices.
|
|
423
|
-
* @param dataOwnerId id of a data owner, he should be part of the current data owner hierarchy.
|
|
424
|
-
* @param delegations a delegation-like object containing the encrypted key
|
|
425
|
-
* @param includeFromDelegations if true also considers delegation from the provided data owner (or parents) to look for values. This allows to
|
|
426
|
-
* decrypt delegations associated to exchange keys recovered after a giveAccessBack request.
|
|
427
|
-
* @param validateDecrypted validates the decrypted result, to drop decryption results with wrong key that still gave a valid checksum.
|
|
428
|
-
* @param tagsFilter allows to obtain only encryption keys associated to tags which satisfy the provided filter.
|
|
429
|
-
* @return the key which could be decrypted using only keys available on the current device and delegations from/to the provided data owner. May
|
|
430
|
-
* contain duplicates.
|
|
431
|
-
*/
|
|
432
|
-
extractFromDelegationsForDataOwner(dataOwnerId, delegations, includeFromDelegations, validateDecrypted, tagsFilter) {
|
|
433
|
-
var _a, _b;
|
|
434
|
-
return __awaiter(this, void 0, void 0, function* () {
|
|
435
|
-
const delegationsWithOwner = includeFromDelegations
|
|
436
|
-
? Object.entries(delegations).flatMap(([delegateId, delegations]) => dataOwnerId === delegateId
|
|
437
|
-
? this.populateDelegatedTo(delegateId, delegations)
|
|
438
|
-
: this.populateDelegatedTo(delegateId, delegations.filter((d) => d.owner === dataOwnerId)))
|
|
439
|
-
: (_a = delegations[dataOwnerId]) !== null && _a !== void 0 ? _a : [];
|
|
440
|
-
const res = [];
|
|
441
|
-
for (const delegation of delegationsWithOwner) {
|
|
442
|
-
if (yield tagsFilter((_b = delegation.tags) !== null && _b !== void 0 ? _b : [])) {
|
|
443
|
-
const decrypted = yield this.tryDecryptDelegation(delegation, (k) => validateDecrypted(k));
|
|
444
|
-
if (decrypted)
|
|
445
|
-
res.push(decrypted);
|
|
446
|
-
}
|
|
447
|
-
}
|
|
448
|
-
return res;
|
|
449
|
-
});
|
|
450
|
-
}
|
|
451
|
-
// Ensures that the delegatedTo field of delegations has the appropriate values, else returns a copy of the delegations with the appropriate value.
|
|
452
|
-
populateDelegatedTo(delegateId, delegations) {
|
|
453
|
-
return delegations.map((d) => (d.delegatedTo === delegateId ? d : Object.assign(Object.assign({}, d), { delegatedTo: delegateId })));
|
|
454
|
-
}
|
|
455
|
-
extractedHierarchyFromDelegation(delegations, validateDecrypted, tagsFilter) {
|
|
456
|
-
return __awaiter(this, void 0, void 0, function* () {
|
|
457
|
-
const canDecryptOwnerIds = this.useParentKeys
|
|
458
|
-
? yield this.dataOwnerApi.getCurrentDataOwnerHierarchyIds()
|
|
459
|
-
: [yield this.dataOwnerApi.getCurrentDataOwnerId()];
|
|
460
|
-
return Promise.all(canDecryptOwnerIds.map((ownerId) => __awaiter(this, void 0, void 0, function* () {
|
|
461
|
-
const extracted = this.deduplicate(yield this.extractFromDelegationsForDataOwner(ownerId, delegations, true, (k) => validateDecrypted(k), (t) => tagsFilter(t)));
|
|
462
|
-
return { ownerId, extracted };
|
|
463
|
-
})));
|
|
464
|
-
});
|
|
465
|
-
}
|
|
466
|
-
/**
|
|
467
|
-
* @internal This method should be private but is currently public/internal to allow to continue supporting legacy methods
|
|
468
|
-
*/
|
|
469
|
-
extractMergedHierarchyFromDelegationAndOwner(delegations, dataOwnerId, validateDecrypted, tagsFilter) {
|
|
470
|
-
return __awaiter(this, void 0, void 0, function* () {
|
|
471
|
-
const hierarchy = this.useParentKeys
|
|
472
|
-
? dataOwnerId
|
|
473
|
-
? yield this.dataOwnerApi.getCurrentDataOwnerHierarchyIdsFrom(dataOwnerId)
|
|
474
|
-
: yield this.dataOwnerApi.getCurrentDataOwnerHierarchyIds()
|
|
475
|
-
: [dataOwnerId !== null && dataOwnerId !== void 0 ? dataOwnerId : (yield this.dataOwnerApi.getCurrentDataOwnerId())];
|
|
476
|
-
const extractedByOwner = yield Promise.all(
|
|
477
|
-
// Reverse is just to keep method behaviour as close as possible to the legacy behaviour, in case someone depended on the ordering.
|
|
478
|
-
[...hierarchy].reverse().map((ownerId) => this.extractFromDelegationsForDataOwner(ownerId, delegations, true, (k) => validateDecrypted(k), (t) => tagsFilter(t))));
|
|
479
|
-
return this.deduplicate(extractedByOwner.flatMap((x) => x));
|
|
480
|
-
});
|
|
481
|
-
}
|
|
482
|
-
tryDecryptDelegation(delegation, validateDecrypted) {
|
|
483
|
-
return __awaiter(this, void 0, void 0, function* () {
|
|
484
|
-
const exchangeKeys = yield this.exchangeKeysManager.getDecryptionExchangeKeysFor(delegation.owner, delegation.delegatedTo);
|
|
485
|
-
for (const key of exchangeKeys) {
|
|
486
|
-
try {
|
|
487
|
-
// Format of encrypted key for any delegation should be entityId:key, but with the merging of entities the entityId might not match the
|
|
488
|
-
// current id. As a checksum we are only verifying that the decrypted bytes can be represented as a string with exactly one ':'.
|
|
489
|
-
// Additionally, we also have a validator that is specific for each type of delegation content (encryption key, secret id, ...)
|
|
490
|
-
const decrypted = (0, utils_1.ua2string)(yield this.primitives.AES.decrypt(key, (0, utils_1.hex2ua)(delegation.key)));
|
|
491
|
-
const decryptedSplit = decrypted.split(':');
|
|
492
|
-
if (decryptedSplit.length === 2) {
|
|
493
|
-
const validation = validateDecrypted(decryptedSplit[1]);
|
|
494
|
-
if (validation === true || (validation !== false && (yield validation)))
|
|
495
|
-
return decryptedSplit[1];
|
|
496
|
-
}
|
|
497
|
-
else {
|
|
498
|
-
console.warn("Error in the decrypted delegation: content should contain exactly 1 ':', the delegation is ignored.");
|
|
499
|
-
}
|
|
500
|
-
}
|
|
501
|
-
catch (e) {
|
|
502
|
-
// Do nothing: the delegation uses another exchange key owner->delegator
|
|
503
|
-
}
|
|
504
|
-
}
|
|
505
|
-
});
|
|
506
|
-
}
|
|
507
|
-
tryImportKey(key) {
|
|
508
|
-
return __awaiter(this, void 0, void 0, function* () {
|
|
509
|
-
if (!/^[0-9A-Fa-f\-]+$/g.test(key))
|
|
510
|
-
return undefined;
|
|
511
|
-
try {
|
|
512
|
-
return yield this.primitives.AES.importKey('raw', (0, utils_1.hex2ua)(key.replace(/-/g, '')));
|
|
513
|
-
}
|
|
514
|
-
catch (e) {
|
|
515
|
-
console.warn(`Could not import key ${key} as an encryption key.`, e);
|
|
516
|
-
return undefined;
|
|
517
|
-
}
|
|
518
|
-
});
|
|
519
|
-
}
|
|
520
|
-
/**
|
|
521
|
-
* @internal this method is for internal use only and may be changed without notice.
|
|
522
|
-
*/
|
|
523
|
-
importFirstValidKey(keys, entityId) {
|
|
524
|
-
return __awaiter(this, void 0, void 0, function* () {
|
|
525
|
-
const res = yield this.tryImportFirstValidKey(keys, entityId);
|
|
526
|
-
if (!res)
|
|
527
|
-
throw new Error(`Could not find any valid key for entity ${entityId}.`);
|
|
528
|
-
return res;
|
|
529
|
-
});
|
|
530
|
-
}
|
|
531
|
-
tryImportFirstValidKey(keys, entityId) {
|
|
532
|
-
return __awaiter(this, void 0, void 0, function* () {
|
|
533
|
-
for (const key of keys) {
|
|
534
|
-
const imported = yield this.tryImportKey(key);
|
|
535
|
-
if (imported)
|
|
536
|
-
return { key: imported, raw: key };
|
|
537
|
-
}
|
|
538
|
-
});
|
|
539
|
-
}
|
|
540
|
-
/**
|
|
541
|
-
* @internal this method is for internal use only and may be changed without notice.
|
|
542
|
-
*/
|
|
543
|
-
importAllValidKeys(keys) {
|
|
544
|
-
return __awaiter(this, void 0, void 0, function* () {
|
|
545
|
-
const res = [];
|
|
546
|
-
for (const key of keys) {
|
|
547
|
-
const imported = yield this.tryImportKey(key);
|
|
548
|
-
if (imported)
|
|
549
|
-
res.push({ key: imported, raw: key });
|
|
550
|
-
}
|
|
551
|
-
return res;
|
|
552
|
-
});
|
|
553
|
-
}
|
|
554
|
-
validateEncryptionKey(key) {
|
|
555
|
-
return __awaiter(this, void 0, void 0, function* () {
|
|
556
|
-
return !!(yield this.tryImportKey(key));
|
|
557
|
-
});
|
|
558
|
-
}
|
|
559
|
-
validateSecretId(key) {
|
|
560
|
-
return !!key;
|
|
561
|
-
}
|
|
562
|
-
validateOwningEntityId(key) {
|
|
563
|
-
return !!key;
|
|
564
|
-
}
|
|
565
|
-
createEncryptionKeyDelegation(entityId, delegateId, exchangeKey, encryptionKey, newTags) {
|
|
566
|
-
return __awaiter(this, void 0, void 0, function* () {
|
|
567
|
-
if (!(yield this.validateEncryptionKey(encryptionKey)))
|
|
568
|
-
throw new Error(`Invalid encryption key ${encryptionKey}`);
|
|
569
|
-
return this.createDelegation(entityId, delegateId, exchangeKey, encryptionKey, newTags);
|
|
570
|
-
});
|
|
571
|
-
}
|
|
572
|
-
createSecretIdDelegation(entityId, delegateId, exchangeKey, secretId, newTags) {
|
|
573
|
-
return __awaiter(this, void 0, void 0, function* () {
|
|
574
|
-
if (!this.validateSecretId(secretId))
|
|
575
|
-
throw new Error(`Invalid secret id ${secretId}`);
|
|
576
|
-
return this.createDelegation(entityId, delegateId, exchangeKey, secretId, newTags);
|
|
577
|
-
});
|
|
578
|
-
}
|
|
579
|
-
createOwningEntityIdDelegation(entityId, delegateId, exchangeKey, owningEntityId, newTags) {
|
|
580
|
-
return __awaiter(this, void 0, void 0, function* () {
|
|
581
|
-
if (!this.validateOwningEntityId(owningEntityId))
|
|
582
|
-
throw new Error(`Invalid owning id ${owningEntityId}`);
|
|
583
|
-
return this.createDelegation(entityId, delegateId, exchangeKey, owningEntityId, newTags);
|
|
584
|
-
});
|
|
585
|
-
}
|
|
586
|
-
createDelegation(entityId, delegateId, exchangeKey, content, newTags) {
|
|
587
|
-
return __awaiter(this, void 0, void 0, function* () {
|
|
588
|
-
if (entityId.includes(':'))
|
|
589
|
-
throw new Error("Ids for encrypted entities are not allowed to contain ':'");
|
|
590
|
-
if (content.includes(':'))
|
|
591
|
-
throw new Error("Content of delegations can not contain ':'");
|
|
592
|
-
return {
|
|
593
|
-
delegatedTo: delegateId,
|
|
594
|
-
owner: yield this.dataOwnerApi.getCurrentDataOwnerId(),
|
|
595
|
-
key: (0, utils_1.ua2hex)(yield this.primitives.AES.encrypt(exchangeKey, (0, utils_1.string2ua)(entityId + ':' + content))),
|
|
596
|
-
tags: newTags,
|
|
597
|
-
};
|
|
598
|
-
});
|
|
599
|
-
}
|
|
600
|
-
loadEncryptionKeysForDelegates(entity, delegates) {
|
|
601
|
-
var _a;
|
|
602
|
-
return __awaiter(this, void 0, void 0, function* () {
|
|
603
|
-
const { updatedDelegator, keysForDelegates } = yield delegates.reduce((acc, delegateId) => __awaiter(this, void 0, void 0, function* () {
|
|
604
|
-
var _b;
|
|
605
|
-
const awaitedAcc = yield acc;
|
|
606
|
-
const currUpdateResult = yield this.exchangeKeysManager.getOrCreateEncryptionExchangeKeysTo(delegateId);
|
|
607
|
-
return {
|
|
608
|
-
updatedDelegator: (_b = currUpdateResult.updatedDelegator) !== null && _b !== void 0 ? _b : awaitedAcc.updatedDelegator,
|
|
609
|
-
keysForDelegates: Object.assign(Object.assign({}, awaitedAcc.keysForDelegates), { [delegateId]: currUpdateResult.keys }),
|
|
610
|
-
};
|
|
611
|
-
}), Promise.resolve({
|
|
612
|
-
updatedDelegator: undefined,
|
|
613
|
-
keysForDelegates: {},
|
|
614
|
-
}));
|
|
615
|
-
const updatedEntity = entity.id === ((_a = updatedDelegator === null || updatedDelegator === void 0 ? void 0 : updatedDelegator.stub) === null || _a === void 0 ? void 0 : _a.id)
|
|
616
|
-
? Object.assign(Object.assign({}, entity), { rev: updatedDelegator.stub.rev, hcPartyKeys: updatedDelegator.stub.hcPartyKeys, aesExchangeKeys: updatedDelegator.stub.aesExchangeKeys }) : entity;
|
|
617
|
-
return { updatedEntity, keysForDelegates };
|
|
618
|
-
});
|
|
619
|
-
}
|
|
620
|
-
createOrUpdateEntityDelegations(entity, delegateId, existingSecretIds, existingEncryptionKeys, existingOwningEntityIds, newSecretIds, newEncryptionKeys, newOwningEntityIds, newTags, keysForDelegates) {
|
|
621
|
-
var _a, _b, _c;
|
|
622
|
-
return __awaiter(this, void 0, void 0, function* () {
|
|
623
|
-
const entityCopy = _.cloneDeep(entity);
|
|
624
|
-
if (newSecretIds.length === 0 && newEncryptionKeys.length === 0 && newOwningEntityIds.length === 0)
|
|
625
|
-
return entityCopy;
|
|
626
|
-
const chosenKey = keysForDelegates[delegateId][0];
|
|
627
|
-
const updatedSecretIds = [
|
|
628
|
-
...existingSecretIds,
|
|
629
|
-
...(yield Promise.all(newSecretIds.map((x) => this.createSecretIdDelegation(entity.id, delegateId, chosenKey, x, newTags)))),
|
|
630
|
-
];
|
|
631
|
-
const updatedEncryptionKeys = [
|
|
632
|
-
...existingEncryptionKeys,
|
|
633
|
-
...(yield Promise.all(newEncryptionKeys.map((x) => this.createEncryptionKeyDelegation(entity.id, delegateId, chosenKey, x, newTags)))),
|
|
634
|
-
];
|
|
635
|
-
const updatedOwningEntityIds = [
|
|
636
|
-
...existingOwningEntityIds,
|
|
637
|
-
...(yield Promise.all(newOwningEntityIds.map((x) => this.createOwningEntityIdDelegation(entity.id, delegateId, chosenKey, x, newTags)))),
|
|
638
|
-
];
|
|
639
|
-
if (updatedSecretIds.length > 0) {
|
|
640
|
-
entityCopy.delegations = Object.assign(Object.assign({}, ((_a = entity.delegations) !== null && _a !== void 0 ? _a : {})), { [delegateId]: updatedSecretIds });
|
|
641
|
-
}
|
|
642
|
-
if (updatedEncryptionKeys.length > 0) {
|
|
643
|
-
entityCopy.encryptionKeys = Object.assign(Object.assign({}, ((_b = entity.encryptionKeys) !== null && _b !== void 0 ? _b : {})), { [delegateId]: updatedEncryptionKeys });
|
|
644
|
-
}
|
|
645
|
-
if (updatedOwningEntityIds.length > 0) {
|
|
646
|
-
entityCopy.cryptedForeignKeys = Object.assign(Object.assign({}, ((_c = entity.cryptedForeignKeys) !== null && _c !== void 0 ? _c : {})), { [delegateId]: updatedOwningEntityIds });
|
|
647
|
-
}
|
|
648
|
-
return entityCopy;
|
|
649
|
-
});
|
|
650
|
-
}
|
|
651
|
-
/**
|
|
652
|
-
* De-duplicates all currently accessible delegations, by removing any delegations created by the current data owner which have duplicated content,
|
|
653
|
-
* and checks if any of the required entries are currently available to the delegate through the existing delegations.
|
|
654
|
-
* @param delegateId id of the delegate.
|
|
655
|
-
* @param allDelegations delegations of the entity.
|
|
656
|
-
* @param requiredEntries potentially new entries that the delegate needs to be able to access from the delegations.
|
|
657
|
-
* @param validateDecrypted validator for decrypted delegation content
|
|
658
|
-
* @return the deduplicated delegations
|
|
659
|
-
*/
|
|
660
|
-
deduplicateDelegationsAndFilterRequiredEntries(delegateId, allDelegations, requiredEntries, validateDecrypted) {
|
|
661
|
-
var _a, _b;
|
|
662
|
-
return __awaiter(this, void 0, void 0, function* () {
|
|
663
|
-
const selfId = yield this.dataOwnerApi.getCurrentDataOwnerId();
|
|
664
|
-
const delegationsToDelegate = (_a = allDelegations[delegateId]) !== null && _a !== void 0 ? _a : [];
|
|
665
|
-
const decryptedDelegations = yield Promise.all(delegationsToDelegate.map((d) => __awaiter(this, void 0, void 0, function* () {
|
|
666
|
-
return ({
|
|
667
|
-
delegation: d,
|
|
668
|
-
content: d.owner === selfId ? yield this.tryDecryptDelegation(d, (x) => validateDecrypted(x)) : undefined,
|
|
669
|
-
});
|
|
670
|
-
})));
|
|
671
|
-
const deduplicatedDelegations = [];
|
|
672
|
-
const deduplicatedContent = new Map();
|
|
673
|
-
decryptedDelegations.forEach(({ delegation, content }) => {
|
|
674
|
-
var _a, _b;
|
|
675
|
-
if (content === undefined) {
|
|
676
|
-
// Keep all delegations we could not decrypt or from other data owners
|
|
677
|
-
deduplicatedDelegations.push(delegation);
|
|
678
|
-
}
|
|
679
|
-
else {
|
|
680
|
-
const deduplicatedTags = deduplicatedContent.get(content);
|
|
681
|
-
if (!deduplicatedTags) {
|
|
682
|
-
deduplicatedContent.set(content, [(_a = delegation.tags) !== null && _a !== void 0 ? _a : []]);
|
|
683
|
-
deduplicatedDelegations.push(delegation);
|
|
684
|
-
}
|
|
685
|
-
else if (!deduplicatedTags.some((t) => { var _a; return (0, collection_utils_1.arrayEquals)(t, (_a = delegation.tags) !== null && _a !== void 0 ? _a : []); })) {
|
|
686
|
-
deduplicatedTags.push((_b = delegation.tags) !== null && _b !== void 0 ? _b : []);
|
|
687
|
-
deduplicatedDelegations.push(delegation);
|
|
688
|
-
}
|
|
689
|
-
}
|
|
690
|
-
});
|
|
691
|
-
const delegationsFromDelegateToSelf = ((_b = allDelegations[selfId]) !== null && _b !== void 0 ? _b : []).filter((d) => d.owner === delegateId);
|
|
692
|
-
const decryptedDelegationsFromDelegate = new Set(yield Promise.all(delegationsFromDelegateToSelf.map((d) => this.tryDecryptDelegation(d, (x) => validateDecrypted(x)))).then((dels) => dels.flatMap((x) => (x ? [x] : []))));
|
|
693
|
-
return {
|
|
694
|
-
deduplicatedDelegations,
|
|
695
|
-
missingEntries: requiredEntries.filter((entry) => !(deduplicatedContent.has(entry) || decryptedDelegationsFromDelegate.has(entry))),
|
|
696
|
-
};
|
|
697
|
-
});
|
|
698
|
-
}
|
|
699
|
-
deduplicate(values) {
|
|
700
|
-
return [...new Set(values)];
|
|
701
|
-
}
|
|
702
|
-
throwDetailedExceptionForInvalidParameter(argName, argValue, methodName, methodArgs) {
|
|
703
|
-
if (argValue)
|
|
704
|
-
return;
|
|
705
|
-
let details = '\nMethod name: icc-crypto-x-api.' + methodName + '()\nArguments:';
|
|
706
|
-
if (methodArgs) {
|
|
707
|
-
try {
|
|
708
|
-
const argsArray = [...methodArgs];
|
|
709
|
-
_.each(argsArray, (arg, index) => (details += '\n[' + index + ']: ' + JSON.stringify(arg)));
|
|
710
|
-
}
|
|
711
|
-
catch (ex) {
|
|
712
|
-
details += '; a problem occured while logging arguments details: ' + ex;
|
|
713
|
-
}
|
|
714
|
-
}
|
|
715
|
-
throw new Error('### THIS SHOULD NOT HAPPEN: ' + argName + ' has an invalid value: ' + argValue + details);
|
|
716
|
-
}
|
|
717
|
-
checkEmptyEncryptionMetadata(entity) {
|
|
718
|
-
const existingMetadata = [];
|
|
719
|
-
if (entity.delegations && Object.keys(entity.delegations).length)
|
|
720
|
-
existingMetadata.push('delegations');
|
|
721
|
-
if (entity.cryptedForeignKeys && Object.keys(entity.cryptedForeignKeys).length)
|
|
722
|
-
existingMetadata.push('cryptedForeignKeys');
|
|
723
|
-
if (entity.encryptionKeys && Object.keys(entity.encryptionKeys).length)
|
|
724
|
-
existingMetadata.push('encryptionKeys');
|
|
725
|
-
if (entity.secretForeignKeys && entity.secretForeignKeys.length)
|
|
726
|
-
existingMetadata.push('secretForeignKeys');
|
|
727
|
-
if (existingMetadata.length > 0) {
|
|
728
|
-
throw new Error(`Entity should have no encryption metadata on initialisation, but the following fields already have some values: ${existingMetadata}\n` +
|
|
729
|
-
JSON.stringify(entity, undefined, 2));
|
|
730
|
-
}
|
|
731
|
-
}
|
|
732
|
-
}
|
|
733
|
-
exports.EntitiesEncryption = EntitiesEncryption;
|
|
734
|
-
//# sourceMappingURL=EntitiesEncryption.js.map
|