@icure/api 8.0.0-RC.1 → 8.0.0-RC.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (208) hide show
  1. package/icc-api/api/IccDocumentApi.d.ts +6 -0
  2. package/icc-api/api/IccDocumentApi.js +15 -0
  3. package/icc-api/api/IccDocumentApi.js.map +1 -1
  4. package/icc-api/api/IccExchangeDataApi.d.ts +1 -1
  5. package/icc-api/api/IccExchangeDataApi.js +1 -1
  6. package/icc-api/api/IccExchangeDataApi.js.map +1 -1
  7. package/icc-api/api/IccExchangeDataMapApi.d.ts +1 -1
  8. package/icc-api/api/IccExchangeDataMapApi.js +1 -1
  9. package/icc-api/api/IccExchangeDataMapApi.js.map +1 -1
  10. package/icc-api/api/IccMessageApi.d.ts +16 -0
  11. package/icc-api/api/IccMessageApi.js +38 -1
  12. package/icc-api/api/IccMessageApi.js.map +1 -1
  13. package/icc-api/api/IccSecureDelegationKeyMapApi.d.ts +26 -0
  14. package/icc-api/api/IccSecureDelegationKeyMapApi.js +71 -0
  15. package/icc-api/api/IccSecureDelegationKeyMapApi.js.map +1 -0
  16. package/icc-api/api/IccTopicApi.d.ts +90 -0
  17. package/icc-api/api/IccTopicApi.js +193 -0
  18. package/icc-api/api/IccTopicApi.js.map +1 -0
  19. package/icc-api/index.d.ts +1 -0
  20. package/icc-api/index.js +1 -0
  21. package/icc-api/index.js.map +1 -1
  22. package/icc-api/model/AbstractFilterMessage.d.ts +15 -0
  23. package/icc-api/model/AbstractFilterMessage.js +21 -0
  24. package/icc-api/model/AbstractFilterMessage.js.map +1 -0
  25. package/icc-api/model/AbstractFilterTopic.d.ts +15 -0
  26. package/icc-api/model/AbstractFilterTopic.js +21 -0
  27. package/icc-api/model/AbstractFilterTopic.js.map +1 -0
  28. package/icc-api/model/AccessLog.d.ts +0 -2
  29. package/icc-api/model/AccessLog.js +0 -1
  30. package/icc-api/model/AccessLog.js.map +1 -1
  31. package/icc-api/model/Article.d.ts +0 -2
  32. package/icc-api/model/Article.js +0 -1
  33. package/icc-api/model/Article.js.map +1 -1
  34. package/icc-api/model/CalendarItem.d.ts +0 -2
  35. package/icc-api/model/CalendarItem.js +0 -1
  36. package/icc-api/model/CalendarItem.js.map +1 -1
  37. package/icc-api/model/Classification.d.ts +0 -2
  38. package/icc-api/model/Classification.js +0 -1
  39. package/icc-api/model/Classification.js.map +1 -1
  40. package/icc-api/model/Connection.d.ts +1 -1
  41. package/icc-api/model/Connection.js.map +1 -1
  42. package/icc-api/model/Contact.d.ts +0 -2
  43. package/icc-api/model/Contact.js +0 -1
  44. package/icc-api/model/Contact.js.map +1 -1
  45. package/icc-api/model/Document.d.ts +0 -2
  46. package/icc-api/model/Document.js +0 -1
  47. package/icc-api/model/Document.js.map +1 -1
  48. package/icc-api/model/FilterChainMessage.d.ts +19 -0
  49. package/icc-api/model/FilterChainMessage.js +11 -0
  50. package/icc-api/model/FilterChainMessage.js.map +1 -0
  51. package/icc-api/model/FilterChainTopic.d.ts +19 -0
  52. package/icc-api/model/FilterChainTopic.js +11 -0
  53. package/icc-api/model/FilterChainTopic.js.map +1 -0
  54. package/icc-api/model/Form.d.ts +0 -2
  55. package/icc-api/model/Form.js +0 -1
  56. package/icc-api/model/Form.js.map +1 -1
  57. package/icc-api/model/HealthElement.d.ts +0 -2
  58. package/icc-api/model/HealthElement.js +0 -1
  59. package/icc-api/model/HealthElement.js.map +1 -1
  60. package/icc-api/model/HealthcareParty.js +13 -1
  61. package/icc-api/model/HealthcareParty.js.map +1 -1
  62. package/icc-api/model/Invoice.d.ts +0 -2
  63. package/icc-api/model/Invoice.js +0 -1
  64. package/icc-api/model/Invoice.js.map +1 -1
  65. package/icc-api/model/MaintenanceTask.d.ts +11 -10
  66. package/icc-api/model/MaintenanceTask.js +13 -12
  67. package/icc-api/model/MaintenanceTask.js.map +1 -1
  68. package/icc-api/model/Message.d.ts +0 -2
  69. package/icc-api/model/Message.js +0 -1
  70. package/icc-api/model/Message.js.map +1 -1
  71. package/icc-api/model/PaginatedListExchangeData.d.ts +1 -1
  72. package/icc-api/model/PaginatedListExchangeData.js.map +1 -1
  73. package/icc-api/model/PaginatedListTopic.d.ts +20 -0
  74. package/icc-api/model/PaginatedListTopic.js +10 -0
  75. package/icc-api/model/PaginatedListTopic.js.map +1 -0
  76. package/icc-api/model/Patient.d.ts +0 -2
  77. package/icc-api/model/Patient.js +0 -1
  78. package/icc-api/model/Patient.js.map +1 -1
  79. package/icc-api/model/Receipt.d.ts +0 -2
  80. package/icc-api/model/Receipt.js +0 -1
  81. package/icc-api/model/Receipt.js.map +1 -1
  82. package/icc-api/model/TimeTable.d.ts +0 -2
  83. package/icc-api/model/TimeTable.js +0 -1
  84. package/icc-api/model/TimeTable.js.map +1 -1
  85. package/icc-api/model/Topic.d.ts +95 -0
  86. package/icc-api/model/Topic.js +16 -0
  87. package/icc-api/model/Topic.js.map +1 -0
  88. package/icc-api/model/{ExchangeData.d.ts → internal/ExchangeData.d.ts} +3 -0
  89. package/icc-api/model/{ExchangeData.js → internal/ExchangeData.js} +3 -0
  90. package/icc-api/model/internal/ExchangeData.js.map +1 -0
  91. package/icc-api/model/{ExchangeDataMap.d.ts → internal/ExchangeDataMap.d.ts} +3 -0
  92. package/icc-api/model/{ExchangeDataMap.js → internal/ExchangeDataMap.js} +3 -0
  93. package/icc-api/model/internal/ExchangeDataMap.js.map +1 -0
  94. package/icc-api/model/internal/SecureDelegationKeyMap.d.ts +14 -0
  95. package/icc-api/model/internal/SecureDelegationKeyMap.js +13 -0
  96. package/icc-api/model/internal/SecureDelegationKeyMap.js.map +1 -0
  97. package/icc-api/model/models.d.ts +6 -1
  98. package/icc-api/model/models.js +4 -0
  99. package/icc-api/model/models.js.map +1 -1
  100. package/icc-x-api/basexapi/EncryptedEntityXApi.d.ts +52 -4
  101. package/icc-x-api/basexapi/EncryptedEntityXApi.js.map +1 -1
  102. package/icc-x-api/crypto/AccessControlKeysHeadersProvider.d.ts +2 -0
  103. package/icc-x-api/crypto/AccessControlKeysHeadersProvider.js +13 -4
  104. package/icc-x-api/crypto/AccessControlKeysHeadersProvider.js.map +1 -1
  105. package/icc-x-api/crypto/AccessControlSecretUtils.d.ts +1 -0
  106. package/icc-x-api/crypto/AccessControlSecretUtils.js +11 -0
  107. package/icc-x-api/crypto/AccessControlSecretUtils.js.map +1 -1
  108. package/icc-x-api/crypto/BaseExchangeDataManager.d.ts +1 -1
  109. package/icc-x-api/crypto/BaseExchangeDataManager.js +1 -1
  110. package/icc-x-api/crypto/BaseExchangeDataManager.js.map +1 -1
  111. package/icc-x-api/crypto/DelegationsDeAnonymization.d.ts +44 -0
  112. package/icc-x-api/crypto/DelegationsDeAnonymization.js +235 -0
  113. package/icc-x-api/crypto/DelegationsDeAnonymization.js.map +1 -0
  114. package/icc-x-api/crypto/ExchangeDataManager.d.ts +3 -1
  115. package/icc-x-api/crypto/ExchangeDataManager.js +27 -19
  116. package/icc-x-api/crypto/ExchangeDataManager.js.map +1 -1
  117. package/icc-x-api/crypto/ExchangeDataMapManager.d.ts +1 -1
  118. package/icc-x-api/crypto/ExchangeDataMapManager.js.map +1 -1
  119. package/icc-x-api/crypto/ExtendedApisUtils.d.ts +0 -10
  120. package/icc-x-api/crypto/ExtendedApisUtils.js.map +1 -1
  121. package/icc-x-api/crypto/ExtendedApisUtilsImpl.d.ts +0 -7
  122. package/icc-x-api/crypto/ExtendedApisUtilsImpl.js +4 -7
  123. package/icc-x-api/crypto/ExtendedApisUtilsImpl.js.map +1 -1
  124. package/icc-x-api/crypto/LegacyDelegationSecurityMetadataDecryptor.d.ts +0 -6
  125. package/icc-x-api/crypto/LegacyDelegationSecurityMetadataDecryptor.js +0 -9
  126. package/icc-x-api/crypto/LegacyDelegationSecurityMetadataDecryptor.js.map +1 -1
  127. package/icc-x-api/crypto/SecureDelegationsManager.js.map +1 -1
  128. package/icc-x-api/crypto/SecureDelegationsSecurityMetadataDecryptor.d.ts +14 -5
  129. package/icc-x-api/crypto/SecureDelegationsSecurityMetadataDecryptor.js +44 -26
  130. package/icc-x-api/crypto/SecureDelegationsSecurityMetadataDecryptor.js.map +1 -1
  131. package/icc-x-api/crypto/SecurityMetadataDecryptor.d.ts +1 -18
  132. package/icc-x-api/crypto/SecurityMetadataDecryptor.js +4 -23
  133. package/icc-x-api/crypto/SecurityMetadataDecryptor.js.map +1 -1
  134. package/icc-x-api/filters/LatestMessageByHcPartyTransportGuidFilter.d.ts +8 -0
  135. package/icc-x-api/filters/LatestMessageByHcPartyTransportGuidFilter.js +13 -0
  136. package/icc-x-api/filters/LatestMessageByHcPartyTransportGuidFilter.js.map +1 -0
  137. package/icc-x-api/filters/MessageByHcPartyFilter.d.ts +7 -0
  138. package/icc-x-api/filters/MessageByHcPartyFilter.js +13 -0
  139. package/icc-x-api/filters/MessageByHcPartyFilter.js.map +1 -0
  140. package/icc-x-api/filters/MessageByHcPartyTransportGuidFilter.d.ts +8 -0
  141. package/icc-x-api/filters/MessageByHcPartyTransportGuidFilter.js +13 -0
  142. package/icc-x-api/filters/MessageByHcPartyTransportGuidFilter.js.map +1 -0
  143. package/icc-x-api/filters/TopicByHcPartyFilter.d.ts +7 -0
  144. package/icc-x-api/filters/TopicByHcPartyFilter.js +13 -0
  145. package/icc-x-api/filters/TopicByHcPartyFilter.js.map +1 -0
  146. package/icc-x-api/filters/TopicByParticipantFilter.d.ts +7 -0
  147. package/icc-x-api/filters/TopicByParticipantFilter.js +13 -0
  148. package/icc-x-api/filters/TopicByParticipantFilter.js.map +1 -0
  149. package/icc-x-api/filters/filters.d.ts +5 -0
  150. package/icc-x-api/filters/filters.js +5 -0
  151. package/icc-x-api/filters/filters.js.map +1 -1
  152. package/icc-x-api/icc-accesslog-x-api.d.ts +3 -1
  153. package/icc-x-api/icc-accesslog-x-api.js +7 -3
  154. package/icc-x-api/icc-accesslog-x-api.js.map +1 -1
  155. package/icc-x-api/icc-calendar-item-x-api.d.ts +3 -1
  156. package/icc-x-api/icc-calendar-item-x-api.js +7 -3
  157. package/icc-x-api/icc-calendar-item-x-api.js.map +1 -1
  158. package/icc-x-api/icc-classification-x-api.d.ts +3 -1
  159. package/icc-x-api/icc-classification-x-api.js +7 -3
  160. package/icc-x-api/icc-classification-x-api.js.map +1 -1
  161. package/icc-x-api/icc-contact-x-api.d.ts +3 -1
  162. package/icc-x-api/icc-contact-x-api.js +8 -4
  163. package/icc-x-api/icc-contact-x-api.js.map +1 -1
  164. package/icc-x-api/icc-crypto-x-api.d.ts +7 -1
  165. package/icc-x-api/icc-crypto-x-api.js +8 -1
  166. package/icc-x-api/icc-crypto-x-api.js.map +1 -1
  167. package/icc-x-api/icc-document-x-api.d.ts +3 -1
  168. package/icc-x-api/icc-document-x-api.js +8 -4
  169. package/icc-x-api/icc-document-x-api.js.map +1 -1
  170. package/icc-x-api/icc-form-x-api.d.ts +3 -1
  171. package/icc-x-api/icc-form-x-api.js +7 -3
  172. package/icc-x-api/icc-form-x-api.js.map +1 -1
  173. package/icc-x-api/icc-helement-x-api.d.ts +4 -2
  174. package/icc-x-api/icc-helement-x-api.js +8 -8
  175. package/icc-x-api/icc-helement-x-api.js.map +1 -1
  176. package/icc-x-api/icc-invoice-x-api.d.ts +3 -1
  177. package/icc-x-api/icc-invoice-x-api.js +7 -3
  178. package/icc-x-api/icc-invoice-x-api.js.map +1 -1
  179. package/icc-x-api/icc-maintenance-task-x-api.d.ts +3 -1
  180. package/icc-x-api/icc-maintenance-task-x-api.js +7 -3
  181. package/icc-x-api/icc-maintenance-task-x-api.js.map +1 -1
  182. package/icc-x-api/icc-message-x-api.d.ts +24 -6
  183. package/icc-x-api/icc-message-x-api.js +66 -6
  184. package/icc-x-api/icc-message-x-api.js.map +1 -1
  185. package/icc-x-api/icc-patient-x-api.d.ts +3 -1
  186. package/icc-x-api/icc-patient-x-api.js +7 -3
  187. package/icc-x-api/icc-patient-x-api.js.map +1 -1
  188. package/icc-x-api/icc-receipt-x-api.d.ts +3 -1
  189. package/icc-x-api/icc-receipt-x-api.js +7 -3
  190. package/icc-x-api/icc-receipt-x-api.js.map +1 -1
  191. package/icc-x-api/icc-time-table-x-api.d.ts +3 -1
  192. package/icc-x-api/icc-time-table-x-api.js +7 -3
  193. package/icc-x-api/icc-time-table-x-api.js.map +1 -1
  194. package/icc-x-api/icc-topic-x-api.d.ts +191 -0
  195. package/icc-x-api/icc-topic-x-api.js +307 -0
  196. package/icc-x-api/icc-topic-x-api.js.map +1 -0
  197. package/icc-x-api/index.d.ts +15 -0
  198. package/icc-x-api/index.js +99 -70
  199. package/icc-x-api/index.js.map +1 -1
  200. package/icc-x-api/maintenance/KeyPairUpdateRequest.d.ts +1 -1
  201. package/icc-x-api/utils/EntityWithDelegationTypeName.d.ts +1 -1
  202. package/icc-x-api/utils/EntityWithDelegationTypeName.js.map +1 -1
  203. package/icc-x-api/utils/websocket.d.ts +4 -0
  204. package/icc-x-api/utils/websocket.js +8 -0
  205. package/icc-x-api/utils/websocket.js.map +1 -1
  206. package/package.json +1 -1
  207. package/icc-api/model/ExchangeData.js.map +0 -1
  208. package/icc-api/model/ExchangeDataMap.js.map +0 -1
@@ -6,10 +6,15 @@ import AccessLevelEnum = SecureDelegation.AccessLevelEnum;
6
6
  export interface EncryptedEntityXApi<T extends EncryptedEntity> {
7
7
  /**
8
8
  * Get the ids of all data owners with access to the provided entity, including their permissions on the entity. This method also uses the
9
- * information available to the current user to attempt to identify the anonymous data owners with access to this entity. Note however that
10
- * the user may not be capable of identifying all anonymous data owners with access to the entity. In cases where there is at least an anonymous
11
- * data owner with access to the entity the value of `hasUnknownAnonymousDataOwners` in the returned object will be `true` (`false` otherwise).
12
- * Note that users are only capable of identifying anonymous data owners in delegations where the user itself is involved, meaning that if a
9
+ * information available to the current user to attempt to identify the anonymous data owners with access to this entity.
10
+ *
11
+ * Note however that the user may not be capable of identifying all anonymous data owners with access to the entity. In cases where there is at least
12
+ * an anonymous data owner with access to the entity that the current data owner can't identify the value of `hasUnknownAnonymousDataOwners` in the
13
+ * returned object will be `true` (`false` otherwise).
14
+ *
15
+ * ## Basic anonymous data owners identification
16
+ *
17
+ * Initially users are only capable of identifying anonymous data owners in delegations where the user itself is involved, meaning that if a
13
18
  * specific anonymous data owners has access to an entity through two delegations, one accessible to the current user and one not, the anonymous
14
19
  * data owner will appear in the `permissionsByDataOwnerId`, but the `hasUnknownAnonymousDataOwners` will also be `true`, since the user can't know
15
20
  * if the other delegation refers to the same anonymous data owner or not.
@@ -28,6 +33,31 @@ export interface EncryptedEntityXApi<T extends EncryptedEntity> {
28
33
  * - `P` gets `{ permissionsByDataOwnerId: { A: 'WRITE', B: 'WRITE', P: 'WRITE' }, hasUnknownAnonymousDataOwners: false }` (`P` knows the
29
34
  * delegations that he is part of)
30
35
  *
36
+ * ## Anonymous data owner identification through de-anonymization metadata
37
+ *
38
+ * You also have the possibility of identifying anonymous data owners through the de-anonymization metadata. This metadata is created on request
39
+ * by data owners that have access to the delegation anonymous data owners involved in the delegations, but can later be shared also by other
40
+ * data owners.
41
+ *
42
+ * For example consider an entity with the following delegations, where `A`, `B` and `C` are unrelated explicit data owners, and `P` is an
43
+ * anonymous data owner:
44
+ * - A -> A
45
+ * - A -> B
46
+ * - A -> P
47
+ *
48
+ * As we know initially B will not be able to identify P (B only knows that [A,B] have access to the entity), but if A creates the
49
+ * de-anonymization metadata for the delegation A->P, then B will be to do so.
50
+ *
51
+ * If later B shares the entity with C, resulting in the following delegations:
52
+ * - A -> A
53
+ * - A -> B
54
+ * - A -> P
55
+ * - B -> C
56
+ *
57
+ * C will initially be only aware of [A, B, C] having access to the entity, but now B can share with C the information that P has also
58
+ * access to the entity through the delegation A->P. Note that if A had not created the de-anonymization metadata for the delegation A->P,
59
+ * then B would not be able to share this information with C.
60
+ *
31
61
  * @param entity an entity.
32
62
  * @return an object containing:
33
63
  * - `permissionsByDataOwnerId`: a map associating each data owner id with the access level to the entity. Currently only WRITE access is supported.
@@ -40,6 +70,24 @@ export interface EncryptedEntityXApi<T extends EncryptedEntity> {
40
70
  };
41
71
  hasUnknownAnonymousDataOwners: boolean;
42
72
  }>;
73
+ /**
74
+ * Creates the metadata to support {@link delegates} in the de-anonymization of the delegations in the provided entity.
75
+ *
76
+ * Refer to {@link getDataOwnersWithAccessTo} for more information on how this metadata is used.
77
+ *
78
+ * # Important information
79
+ *
80
+ * while the metadata is created based on the delegations of the provided entity, the metadata may be used to de-anonymize
81
+ * equivalent delegations in other entities of the same type.
82
+ *
83
+ * For example if A creates an entity of type T, shares it with B and P, and then creates the de-anonymization metadata
84
+ * to allow B to de-anonymize the delegation A->P, then B will be able to de-anonymize any delegation A->P in any other
85
+ * entity of type T that B can access (through the iCure cloud or directly through database replicas).
86
+ *
87
+ * @param entity an entity.
88
+ * @param delegates users
89
+ */
90
+ createDelegationDeAnonymizationMetadata(entity: T, delegates: string[]): Promise<void>;
43
91
  /**
44
92
  * @param entity an entity.
45
93
  * @return the available encryption keys for the entity, which could be decrypted by the current data owner. Normally this array should contain at
@@ -1 +1 @@
1
- {"version":3,"file":"EncryptedEntityXApi.js","sourceRoot":"","sources":["../../../icc-x-api/basexapi/EncryptedEntityXApi.ts"],"names":[],"mappings":"","sourcesContent":["import { EncryptedEntity, SecureDelegation } from '../../icc-api/model/models'\nimport AccessLevelEnum = SecureDelegation.AccessLevelEnum\n\n/**\n * Interface of common methods for XApis of any encryptable entities.\n */\nexport interface EncryptedEntityXApi<T extends EncryptedEntity> {\n /**\n * Get the ids of all data owners with access to the provided entity, including their permissions on the entity. This method also uses the\n * information available to the current user to attempt to identify the anonymous data owners with access to this entity. Note however that\n * the user may not be capable of identifying all anonymous data owners with access to the entity. In cases where there is at least an anonymous\n * data owner with access to the entity the value of `hasUnknownAnonymousDataOwners` in the returned object will be `true` (`false` otherwise).\n * Note that users are only capable of identifying anonymous data owners in delegations where the user itself is involved, meaning that if a\n * specific anonymous data owners has access to an entity through two delegations, one accessible to the current user and one not, the anonymous\n * data owner will appear in the `permissionsByDataOwnerId`, but the `hasUnknownAnonymousDataOwners` will also be `true`, since the user can't know\n * if the other delegation refers to the same anonymous data owner or not.\n *\n * For example consider an entity with the following delegations, where `A` and `B` are unrelated explicit data owners, and `P` is an anonymous\n * data owner:\n * - A -> A - r/w\n * - A -> B - r/w\n * - A -> P - r\n * - B -> P - r/w\n * In this case we can get the following results, depending on whether the current user is `A`, `B` or `P`:\n * - `A` gets `{ permissionsByDataOwnerId: { A: 'WRITE', B: 'WRITE', P: 'READ' }, hasUnknownAnonymousDataOwners: true }` (`A` does not know that\n * `B->P` actually refers to `P`, but only that it was created by `B`)\n * - `B` gets `{ permissionsByDataOwnerId: { A: 'WRITE', B: 'WRITE', P: 'WRITE' }, hasUnknownAnonymousDataOwners: true }` (`B` does not know that\n * `A->P` actually refers to `P`, but only that it was created by `A`)\n * - `P` gets `{ permissionsByDataOwnerId: { A: 'WRITE', B: 'WRITE', P: 'WRITE' }, hasUnknownAnonymousDataOwners: false }` (`P` knows the\n * delegations that he is part of)\n *\n * @param entity an entity.\n * @return an object containing:\n * - `permissionsByDataOwnerId`: a map associating each data owner id with the access level to the entity. Currently only WRITE access is supported.\n * - `hasUnknownAnonymousDataOwners`: a boolean indicating if there are anonymous data owners with access to the entity that the current user can\n * not identify.\n */\n getDataOwnersWithAccessTo(entity: T): Promise<{\n permissionsByDataOwnerId: { [dataOwnerId: string]: AccessLevelEnum }\n hasUnknownAnonymousDataOwners: boolean\n }>\n\n /**\n * @param entity an entity.\n * @return the available encryption keys for the entity, which could be decrypted by the current data owner. Normally this array should contain at\n * most one element but this method in case of entity merges there could be multiple values.\n */\n getEncryptionKeysOf(entity: T): Promise<string[]>\n}\n"]}
1
+ {"version":3,"file":"EncryptedEntityXApi.js","sourceRoot":"","sources":["../../../icc-x-api/basexapi/EncryptedEntityXApi.ts"],"names":[],"mappings":"","sourcesContent":["import { EncryptedEntity, SecureDelegation } from '../../icc-api/model/models'\nimport AccessLevelEnum = SecureDelegation.AccessLevelEnum\n\n/**\n * Interface of common methods for XApis of any encryptable entities.\n */\nexport interface EncryptedEntityXApi<T extends EncryptedEntity> {\n /**\n * Get the ids of all data owners with access to the provided entity, including their permissions on the entity. This method also uses the\n * information available to the current user to attempt to identify the anonymous data owners with access to this entity.\n *\n * Note however that the user may not be capable of identifying all anonymous data owners with access to the entity. In cases where there is at least\n * an anonymous data owner with access to the entity that the current data owner can't identify the value of `hasUnknownAnonymousDataOwners` in the\n * returned object will be `true` (`false` otherwise).\n *\n * ## Basic anonymous data owners identification\n *\n * Initially users are only capable of identifying anonymous data owners in delegations where the user itself is involved, meaning that if a\n * specific anonymous data owners has access to an entity through two delegations, one accessible to the current user and one not, the anonymous\n * data owner will appear in the `permissionsByDataOwnerId`, but the `hasUnknownAnonymousDataOwners` will also be `true`, since the user can't know\n * if the other delegation refers to the same anonymous data owner or not.\n *\n * For example consider an entity with the following delegations, where `A` and `B` are unrelated explicit data owners, and `P` is an anonymous\n * data owner:\n * - A -> A - r/w\n * - A -> B - r/w\n * - A -> P - r\n * - B -> P - r/w\n * In this case we can get the following results, depending on whether the current user is `A`, `B` or `P`:\n * - `A` gets `{ permissionsByDataOwnerId: { A: 'WRITE', B: 'WRITE', P: 'READ' }, hasUnknownAnonymousDataOwners: true }` (`A` does not know that\n * `B->P` actually refers to `P`, but only that it was created by `B`)\n * - `B` gets `{ permissionsByDataOwnerId: { A: 'WRITE', B: 'WRITE', P: 'WRITE' }, hasUnknownAnonymousDataOwners: true }` (`B` does not know that\n * `A->P` actually refers to `P`, but only that it was created by `A`)\n * - `P` gets `{ permissionsByDataOwnerId: { A: 'WRITE', B: 'WRITE', P: 'WRITE' }, hasUnknownAnonymousDataOwners: false }` (`P` knows the\n * delegations that he is part of)\n *\n * ## Anonymous data owner identification through de-anonymization metadata\n *\n * You also have the possibility of identifying anonymous data owners through the de-anonymization metadata. This metadata is created on request\n * by data owners that have access to the delegation anonymous data owners involved in the delegations, but can later be shared also by other\n * data owners.\n *\n * For example consider an entity with the following delegations, where `A`, `B` and `C` are unrelated explicit data owners, and `P` is an\n * anonymous data owner:\n * - A -> A\n * - A -> B\n * - A -> P\n *\n * As we know initially B will not be able to identify P (B only knows that [A,B] have access to the entity), but if A creates the\n * de-anonymization metadata for the delegation A->P, then B will be to do so.\n *\n * If later B shares the entity with C, resulting in the following delegations:\n * - A -> A\n * - A -> B\n * - A -> P\n * - B -> C\n *\n * C will initially be only aware of [A, B, C] having access to the entity, but now B can share with C the information that P has also\n * access to the entity through the delegation A->P. Note that if A had not created the de-anonymization metadata for the delegation A->P,\n * then B would not be able to share this information with C.\n *\n * @param entity an entity.\n * @return an object containing:\n * - `permissionsByDataOwnerId`: a map associating each data owner id with the access level to the entity. Currently only WRITE access is supported.\n * - `hasUnknownAnonymousDataOwners`: a boolean indicating if there are anonymous data owners with access to the entity that the current user can\n * not identify.\n */\n getDataOwnersWithAccessTo(entity: T): Promise<{\n permissionsByDataOwnerId: { [dataOwnerId: string]: AccessLevelEnum }\n hasUnknownAnonymousDataOwners: boolean\n }>\n\n /**\n * Creates the metadata to support {@link delegates} in the de-anonymization of the delegations in the provided entity.\n *\n * Refer to {@link getDataOwnersWithAccessTo} for more information on how this metadata is used.\n *\n * # Important information\n *\n * while the metadata is created based on the delegations of the provided entity, the metadata may be used to de-anonymize\n * equivalent delegations in other entities of the same type.\n *\n * For example if A creates an entity of type T, shares it with B and P, and then creates the de-anonymization metadata\n * to allow B to de-anonymize the delegation A->P, then B will be able to de-anonymize any delegation A->P in any other\n * entity of type T that B can access (through the iCure cloud or directly through database replicas).\n *\n * @param entity an entity.\n * @param delegates users\n */\n createDelegationDeAnonymizationMetadata(entity: T, delegates: string[]): Promise<void>\n\n /**\n * @param entity an entity.\n * @return the available encryption keys for the entity, which could be decrypted by the current data owner. Normally this array should contain at\n * most one element but this method in case of entity merges there could be multiple values.\n */\n getEncryptionKeysOf(entity: T): Promise<string[]>\n}\n"]}
@@ -1,6 +1,7 @@
1
1
  import { ExchangeDataManager } from './ExchangeDataManager';
2
2
  import { XHR } from '../../icc-api/api/XHR';
3
3
  import { EntityWithDelegationTypeName } from '../utils/EntityWithDelegationTypeName';
4
+ export declare const ACCESS_CONTROL_KEYS_HEADER = "Icure-Access-Control-Keys";
4
5
  /**
5
6
  * @internal this class is intended for internal use only and may be changed without notice.
6
7
  */
@@ -13,4 +14,5 @@ export declare class AccessControlKeysHeadersProvider {
13
14
  * @param entityType the type of entity which the user is attempting to retrieve.
14
15
  */
15
16
  addAccessControlKeysHeaders(initialHeaders: XHR.Header[], entityType: EntityWithDelegationTypeName): Promise<XHR.Header[]>;
17
+ getAccessControlKeysHeaders(entityType: EntityWithDelegationTypeName): Promise<XHR.Header[]>;
16
18
  }
@@ -9,9 +9,9 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
9
9
  });
10
10
  };
11
11
  Object.defineProperty(exports, "__esModule", { value: true });
12
- exports.AccessControlKeysHeadersProvider = void 0;
12
+ exports.AccessControlKeysHeadersProvider = exports.ACCESS_CONTROL_KEYS_HEADER = void 0;
13
13
  const XHR_1 = require("../../icc-api/api/XHR");
14
- const ACCESS_CONTROL_KEYS_HEADER = 'Icure-Access-Control-Keys';
14
+ exports.ACCESS_CONTROL_KEYS_HEADER = 'Icure-Access-Control-Keys';
15
15
  /**
16
16
  * @internal this class is intended for internal use only and may be changed without notice.
17
17
  */
@@ -26,13 +26,22 @@ class AccessControlKeysHeadersProvider {
26
26
  * @param entityType the type of entity which the user is attempting to retrieve.
27
27
  */
28
28
  addAccessControlKeysHeaders(initialHeaders, entityType) {
29
+ return __awaiter(this, void 0, void 0, function* () {
30
+ const newHeaders = yield this.getAccessControlKeysHeaders(entityType);
31
+ if (newHeaders.length > 0)
32
+ return [...initialHeaders, ...newHeaders];
33
+ else
34
+ return initialHeaders;
35
+ });
36
+ }
37
+ getAccessControlKeysHeaders(entityType) {
29
38
  return __awaiter(this, void 0, void 0, function* () {
30
39
  const accessControlKeysValue = yield this.exchangeDataManager.getAccessControlKeysValue(entityType);
31
40
  if (accessControlKeysValue) {
32
- return [...initialHeaders, new XHR_1.XHR.Header(ACCESS_CONTROL_KEYS_HEADER, accessControlKeysValue)];
41
+ return [new XHR_1.XHR.Header(exports.ACCESS_CONTROL_KEYS_HEADER, accessControlKeysValue)];
33
42
  }
34
43
  else {
35
- return initialHeaders;
44
+ return [];
36
45
  }
37
46
  });
38
47
  }
@@ -1 +1 @@
1
- {"version":3,"file":"AccessControlKeysHeadersProvider.js","sourceRoot":"","sources":["../../../icc-x-api/crypto/AccessControlKeysHeadersProvider.ts"],"names":[],"mappings":";;;;;;;;;;;;AACA,+CAA2C;AAG3C,MAAM,0BAA0B,GAAG,2BAA2B,CAAA;AAE9D;;GAEG;AACH,MAAa,gCAAgC;IAC3C,YAA6B,mBAAwC;QAAxC,wBAAmB,GAAnB,mBAAmB,CAAqB;IAAG,CAAC;IAEzE,iGAAiG;IACjG;;;;OAIG;IACG,2BAA2B,CAAC,cAA4B,EAAE,UAAwC;;YACtG,MAAM,sBAAsB,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,yBAAyB,CAAC,UAAU,CAAC,CAAA;YACnG,IAAI,sBAAsB,EAAE;gBAC1B,OAAO,CAAC,GAAG,cAAc,EAAE,IAAI,SAAG,CAAC,MAAM,CAAC,0BAA0B,EAAE,sBAAsB,CAAC,CAAC,CAAA;aAC/F;iBAAM;gBACL,OAAO,cAAc,CAAA;aACtB;QACH,CAAC;KAAA;CACF;AAjBD,4EAiBC","sourcesContent":["import { ExchangeDataManager } from './ExchangeDataManager'\nimport { XHR } from '../../icc-api/api/XHR'\nimport { EntityWithDelegationTypeName } from '../utils/EntityWithDelegationTypeName'\n\nconst ACCESS_CONTROL_KEYS_HEADER = 'Icure-Access-Control-Keys'\n\n/**\n * @internal this class is intended for internal use only and may be changed without notice.\n */\nexport class AccessControlKeysHeadersProvider {\n constructor(private readonly exchangeDataManager: ExchangeDataManager) {}\n\n // This will be enough only as long as we don't use the entities sfks in the access control keys.\n /**\n * Add the access control keys headers to the provided initial headers, allowing access control on users with anonymous delegations.\n * @param initialHeaders the initial headers\n * @param entityType the type of entity which the user is attempting to retrieve.\n */\n async addAccessControlKeysHeaders(initialHeaders: XHR.Header[], entityType: EntityWithDelegationTypeName): Promise<XHR.Header[]> {\n const accessControlKeysValue = await this.exchangeDataManager.getAccessControlKeysValue(entityType)\n if (accessControlKeysValue) {\n return [...initialHeaders, new XHR.Header(ACCESS_CONTROL_KEYS_HEADER, accessControlKeysValue)]\n } else {\n return initialHeaders\n }\n }\n}\n"]}
1
+ {"version":3,"file":"AccessControlKeysHeadersProvider.js","sourceRoot":"","sources":["../../../icc-x-api/crypto/AccessControlKeysHeadersProvider.ts"],"names":[],"mappings":";;;;;;;;;;;;AACA,+CAA2C;AAG9B,QAAA,0BAA0B,GAAG,2BAA2B,CAAA;AAErE;;GAEG;AACH,MAAa,gCAAgC;IAC3C,YAA6B,mBAAwC;QAAxC,wBAAmB,GAAnB,mBAAmB,CAAqB;IAAG,CAAC;IAEzE,iGAAiG;IACjG;;;;OAIG;IACG,2BAA2B,CAAC,cAA4B,EAAE,UAAwC;;YACtG,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,2BAA2B,CAAC,UAAU,CAAC,CAAA;YACrE,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC;gBAAE,OAAO,CAAC,GAAG,cAAc,EAAE,GAAG,UAAU,CAAC,CAAA;;gBAC/D,OAAO,cAAc,CAAA;QAC5B,CAAC;KAAA;IAEK,2BAA2B,CAAC,UAAwC;;YACxE,MAAM,sBAAsB,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,yBAAyB,CAAC,UAAU,CAAC,CAAA;YACnG,IAAI,sBAAsB,EAAE;gBAC1B,OAAO,CAAC,IAAI,SAAG,CAAC,MAAM,CAAC,kCAA0B,EAAE,sBAAsB,CAAC,CAAC,CAAA;aAC5E;iBAAM;gBACL,OAAO,EAAE,CAAA;aACV;QACH,CAAC;KAAA;CACF;AAvBD,4EAuBC","sourcesContent":["import { ExchangeDataManager } from './ExchangeDataManager'\nimport { XHR } from '../../icc-api/api/XHR'\nimport { EntityWithDelegationTypeName } from '../utils/EntityWithDelegationTypeName'\n\nexport const ACCESS_CONTROL_KEYS_HEADER = 'Icure-Access-Control-Keys'\n\n/**\n * @internal this class is intended for internal use only and may be changed without notice.\n */\nexport class AccessControlKeysHeadersProvider {\n constructor(private readonly exchangeDataManager: ExchangeDataManager) {}\n\n // This will be enough only as long as we don't use the entities sfks in the access control keys.\n /**\n * Add the access control keys headers to the provided initial headers, allowing access control on users with anonymous delegations.\n * @param initialHeaders the initial headers\n * @param entityType the type of entity which the user is attempting to retrieve.\n */\n async addAccessControlKeysHeaders(initialHeaders: XHR.Header[], entityType: EntityWithDelegationTypeName): Promise<XHR.Header[]> {\n const newHeaders = await this.getAccessControlKeysHeaders(entityType)\n if (newHeaders.length > 0) return [...initialHeaders, ...newHeaders]\n else return initialHeaders\n }\n\n async getAccessControlKeysHeaders(entityType: EntityWithDelegationTypeName): Promise<XHR.Header[]> {\n const accessControlKeysValue = await this.exchangeDataManager.getAccessControlKeysValue(entityType)\n if (accessControlKeysValue) {\n return [new XHR.Header(ACCESS_CONTROL_KEYS_HEADER, accessControlKeysValue)]\n } else {\n return []\n }\n }\n}\n"]}
@@ -38,5 +38,6 @@ export declare class AccessControlSecretUtils {
38
38
  * Get the secure delegations keys which can be used on an entity of provided type with the provided secret foreign keys.
39
39
  */
40
40
  secureDelegationKeysFor(accessControlSecret: string, entityTypeName: EntityWithDelegationTypeName, secretForeignKeys: string[]): Promise<string[]>;
41
+ getEncodedAccessControlKeys(accessControlSecrets: string[], entityTypeName: EntityWithDelegationTypeName): Promise<string>;
41
42
  private getKeys;
42
43
  }
@@ -71,6 +71,17 @@ class AccessControlSecretUtils {
71
71
  return yield this.getKeys(accessControlSecret, entityTypeName, secretForeignKeys, (a, b, c) => this.secureDelegationKeyFor(a, b, c));
72
72
  });
73
73
  }
74
+ getEncodedAccessControlKeys(accessControlSecrets, entityTypeName) {
75
+ return __awaiter(this, void 0, void 0, function* () {
76
+ const fullBuffer = new Uint8Array(accessControlSecrets.length * this.accessControlKeyLengthBytes);
77
+ for (let i = 0; i < accessControlSecrets.length; i++) {
78
+ const accessControlSecret = accessControlSecrets[i];
79
+ const key = yield this.accessControlKeyFor(accessControlSecret, entityTypeName, undefined);
80
+ fullBuffer.set(new Uint8Array(key), i * this.accessControlKeyLengthBytes);
81
+ }
82
+ return (0, utils_1.ua2b64)(fullBuffer);
83
+ });
84
+ }
74
85
  getKeys(accessControlSecret, entityTypeName, secretForeignKeys, getKey) {
75
86
  return __awaiter(this, void 0, void 0, function* () {
76
87
  // Usage of sfks in secure delegation key should be configurable: it is not necessary for all users and it has some performance impact
@@ -1 +1 @@
1
- {"version":3,"file":"AccessControlSecretUtils.js","sourceRoot":"","sources":["../../../icc-x-api/crypto/AccessControlSecretUtils.ts"],"names":[],"mappings":";;;;;;;;;;;;AAEA,oCAA2C;AAE3C,MAAM,+BAA+B,GAAG,EAAE,CAAA;AAE1C;;GAEG;AACH,MAAa,wBAAwB;IACnC,YAA6B,UAA4B;QAA5B,eAAU,GAAV,UAAU,CAAkB;IAAG,CAAC;IAE7D;;OAEG;IACH,IAAI,2BAA2B;QAC7B,OAAO,+BAA+B,CAAA;IACxC,CAAC;IAED;;;;;;;;OAQG;IACG,mBAAmB,CACvB,mBAA2B,EAC3B,cAA4C,EAC5C,gBAAoC;;YAEpC,sIAAsI;YACtI,oCAAoC;YACpC,OAAO,CAAC,MAAM,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,IAAA,gBAAQ,EAAC,mBAAmB,GAAG,cAAc,CAAC,+BAA+B,CAAC,CAAC,CAAC,CAAC,KAAK,CACzH,CAAC,EACD,+BAA+B,CAChC,CAAA;QACH,CAAC;KAAA;IAED;;OAEG;IACG,oBAAoB,CACxB,mBAA2B,EAC3B,cAA4C,EAC5C,iBAA2B;;YAE3B,OAAO,MAAM,IAAI,CAAC,OAAO,CAAC,mBAAmB,EAAE,cAAc,EAAE,iBAAiB,EAAE,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC,CAAA;QACnI,CAAC;KAAA;IAED;;;;;;;;OAQG;IACG,sBAAsB,CAC1B,mBAA2B,EAC3B,cAA4C,EAC5C,gBAAoC;;YAEpC,OAAO,IAAA,cAAM,EAAC,MAAM,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,MAAM,IAAI,CAAC,mBAAmB,CAAC,mBAAmB,EAAE,cAAc,EAAE,gBAAgB,CAAC,CAAC,CAAC,CAAA;QACpI,CAAC;KAAA;IAED;;OAEG;IACG,uBAAuB,CAC3B,mBAA2B,EAC3B,cAA4C,EAC5C,iBAA2B;;YAE3B,OAAO,MAAM,IAAI,CAAC,OAAO,CAAC,mBAAmB,EAAE,cAAc,EAAE,iBAAiB,EAAE,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC,CAAA;QACtI,CAAC;KAAA;IAEa,OAAO,CACnB,mBAA2B,EAC3B,cAA4C,EAC5C,iBAA2B,EAC3B,MAAuI;;YAEvI,sIAAsI;YAEtI,mCAAmC;YACnC,OAAO,CAAC,MAAM,MAAM,CAAC,mBAAmB,EAAE,cAAc,EAAE,SAAS,CAAC,CAAC,CAAA;YACrE,WAAW;YACX,+GAA+G;YAC/G,IAAI;QACN,CAAC;KAAA;CACF;AArFD,4DAqFC","sourcesContent":["import { CryptoPrimitives } from './CryptoPrimitives'\nimport { EntityWithDelegationTypeName } from '../utils/EntityWithDelegationTypeName'\nimport { ua2hex, utf8_2ua } from '../utils'\n\nconst ACCESS_CONTROL_KEY_LENGTH_BYTES = 16\n\n/**\n * @internal this class is intended for internal use only and may be changed without notice.\n */\nexport class AccessControlSecretUtils {\n constructor(private readonly primitives: CryptoPrimitives) {}\n\n /**\n * Size of the access control keys returned by this class.\n */\n get accessControlKeyLengthBytes(): number {\n return ACCESS_CONTROL_KEY_LENGTH_BYTES\n }\n\n /**\n * Get the access control key to use for entities of the provided type and using the provided secret foreign key. The combination of secret foreign\n * keys and entity type ensures that unauthorised people will not be able to draw links between entities of different types of data or different\n * confidentiality levels.\n * These keys will be sent to the icure server for access control of data owners which require anonymous delegations.\n * @param accessControlSecret an access control secret\n * @param entityTypeName an entity type name\n * @param secretForeignKey optionally a secret foreign key to include in the secret. \"\" and undefined are equivalent.\n */\n async accessControlKeyFor(\n accessControlSecret: string,\n entityTypeName: EntityWithDelegationTypeName,\n secretForeignKey: string | undefined\n ): Promise<ArrayBuffer> {\n // Usage of sfks in secure delegation key should be configurable: it is not necessary for all users and it has some performance impact\n // Ignore secret foreign key for now\n return (await this.primitives.sha256(utf8_2ua(accessControlSecret + entityTypeName /* + (secretForeignKey ?? '')*/))).slice(\n 0,\n ACCESS_CONTROL_KEY_LENGTH_BYTES\n )\n }\n\n /**\n * Get the access control keys for proving access to an entity of provided type with the provided secret foreign keys.\n */\n async accessControlKeysFor(\n accessControlSecret: string,\n entityTypeName: EntityWithDelegationTypeName,\n secretForeignKeys: string[]\n ): Promise<ArrayBuffer[]> {\n return await this.getKeys(accessControlSecret, entityTypeName, secretForeignKeys, (a, b, c) => this.accessControlKeyFor(a, b, c))\n }\n\n /**\n * Get value to use as key in secure delegations for entities of the provided type with the provided secret foreign key. The combination of secret\n * foreign keys and entity type ensures that unauthorised people will not be able to draw links between entities of different types of data or\n * different confidentiality levels.\n * These keys will be used in the secure delegations map of security metadata.\n * @param accessControlSecret an access control secret\n * @param entityTypeName an entity type name\n * @param secretForeignKey optionally a secret foreign key to include in the secret. \"\" and undefined are equivalent.\n */\n async secureDelegationKeyFor(\n accessControlSecret: string,\n entityTypeName: EntityWithDelegationTypeName,\n secretForeignKey: string | undefined\n ): Promise<string> {\n return ua2hex(await this.primitives.sha256(await this.accessControlKeyFor(accessControlSecret, entityTypeName, secretForeignKey)))\n }\n\n /**\n * Get the secure delegations keys which can be used on an entity of provided type with the provided secret foreign keys.\n */\n async secureDelegationKeysFor(\n accessControlSecret: string,\n entityTypeName: EntityWithDelegationTypeName,\n secretForeignKeys: string[]\n ): Promise<string[]> {\n return await this.getKeys(accessControlSecret, entityTypeName, secretForeignKeys, (a, b, c) => this.secureDelegationKeyFor(a, b, c))\n }\n\n private async getKeys<T>(\n accessControlSecret: string,\n entityTypeName: EntityWithDelegationTypeName,\n secretForeignKeys: string[],\n getKey: (accessControlSecret: string, entityTypeName: EntityWithDelegationTypeName, secretForeignKey: string | undefined) => Promise<T>\n ): Promise<T[]> {\n // Usage of sfks in secure delegation key should be configurable: it is not necessary for all users and it has some performance impact\n\n // if (!secretForeignKeys.length) {\n return [await getKey(accessControlSecret, entityTypeName, undefined)]\n // } else {\n // return await Promise.all(secretForeignKeys.map((sfk) => getKey(accessControlSecret, entityTypeName, sfk)))\n // }\n }\n}\n"]}
1
+ {"version":3,"file":"AccessControlSecretUtils.js","sourceRoot":"","sources":["../../../icc-x-api/crypto/AccessControlSecretUtils.ts"],"names":[],"mappings":";;;;;;;;;;;;AAEA,oCAAmD;AAEnD,MAAM,+BAA+B,GAAG,EAAE,CAAA;AAE1C;;GAEG;AACH,MAAa,wBAAwB;IACnC,YAA6B,UAA4B;QAA5B,eAAU,GAAV,UAAU,CAAkB;IAAG,CAAC;IAE7D;;OAEG;IACH,IAAI,2BAA2B;QAC7B,OAAO,+BAA+B,CAAA;IACxC,CAAC;IAED;;;;;;;;OAQG;IACG,mBAAmB,CACvB,mBAA2B,EAC3B,cAA4C,EAC5C,gBAAoC;;YAEpC,sIAAsI;YACtI,oCAAoC;YACpC,OAAO,CAAC,MAAM,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,IAAA,gBAAQ,EAAC,mBAAmB,GAAG,cAAc,CAAC,+BAA+B,CAAC,CAAC,CAAC,CAAC,KAAK,CACzH,CAAC,EACD,+BAA+B,CAChC,CAAA;QACH,CAAC;KAAA;IAED;;OAEG;IACG,oBAAoB,CACxB,mBAA2B,EAC3B,cAA4C,EAC5C,iBAA2B;;YAE3B,OAAO,MAAM,IAAI,CAAC,OAAO,CAAC,mBAAmB,EAAE,cAAc,EAAE,iBAAiB,EAAE,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC,CAAA;QACnI,CAAC;KAAA;IAED;;;;;;;;OAQG;IACG,sBAAsB,CAC1B,mBAA2B,EAC3B,cAA4C,EAC5C,gBAAoC;;YAEpC,OAAO,IAAA,cAAM,EAAC,MAAM,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,MAAM,IAAI,CAAC,mBAAmB,CAAC,mBAAmB,EAAE,cAAc,EAAE,gBAAgB,CAAC,CAAC,CAAC,CAAA;QACpI,CAAC;KAAA;IAED;;OAEG;IACG,uBAAuB,CAC3B,mBAA2B,EAC3B,cAA4C,EAC5C,iBAA2B;;YAE3B,OAAO,MAAM,IAAI,CAAC,OAAO,CAAC,mBAAmB,EAAE,cAAc,EAAE,iBAAiB,EAAE,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC,CAAA;QACtI,CAAC;KAAA;IAEK,2BAA2B,CAAC,oBAA8B,EAAE,cAA4C;;YAC5G,MAAM,UAAU,GAAG,IAAI,UAAU,CAAC,oBAAoB,CAAC,MAAM,GAAG,IAAI,CAAC,2BAA2B,CAAC,CAAA;YACjG,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,oBAAoB,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE;gBACpD,MAAM,mBAAmB,GAAG,oBAAoB,CAAC,CAAC,CAAC,CAAA;gBACnD,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,mBAAmB,EAAE,cAAc,EAAE,SAAS,CAAC,CAAA;gBAC1F,UAAU,CAAC,GAAG,CAAC,IAAI,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,2BAA2B,CAAC,CAAA;aAC1E;YACD,OAAO,IAAA,cAAM,EAAC,UAAU,CAAC,CAAA;QAC3B,CAAC;KAAA;IAEa,OAAO,CACnB,mBAA2B,EAC3B,cAA4C,EAC5C,iBAA2B,EAC3B,MAAuI;;YAEvI,sIAAsI;YAEtI,mCAAmC;YACnC,OAAO,CAAC,MAAM,MAAM,CAAC,mBAAmB,EAAE,cAAc,EAAE,SAAS,CAAC,CAAC,CAAA;YACrE,WAAW;YACX,+GAA+G;YAC/G,IAAI;QACN,CAAC;KAAA;CACF;AA/FD,4DA+FC","sourcesContent":["import { CryptoPrimitives } from './CryptoPrimitives'\nimport { EntityWithDelegationTypeName } from '../utils/EntityWithDelegationTypeName'\nimport { ua2b64, ua2hex, utf8_2ua } from '../utils'\n\nconst ACCESS_CONTROL_KEY_LENGTH_BYTES = 16\n\n/**\n * @internal this class is intended for internal use only and may be changed without notice.\n */\nexport class AccessControlSecretUtils {\n constructor(private readonly primitives: CryptoPrimitives) {}\n\n /**\n * Size of the access control keys returned by this class.\n */\n get accessControlKeyLengthBytes(): number {\n return ACCESS_CONTROL_KEY_LENGTH_BYTES\n }\n\n /**\n * Get the access control key to use for entities of the provided type and using the provided secret foreign key. The combination of secret foreign\n * keys and entity type ensures that unauthorised people will not be able to draw links between entities of different types of data or different\n * confidentiality levels.\n * These keys will be sent to the icure server for access control of data owners which require anonymous delegations.\n * @param accessControlSecret an access control secret\n * @param entityTypeName an entity type name\n * @param secretForeignKey optionally a secret foreign key to include in the secret. \"\" and undefined are equivalent.\n */\n async accessControlKeyFor(\n accessControlSecret: string,\n entityTypeName: EntityWithDelegationTypeName,\n secretForeignKey: string | undefined\n ): Promise<ArrayBuffer> {\n // Usage of sfks in secure delegation key should be configurable: it is not necessary for all users and it has some performance impact\n // Ignore secret foreign key for now\n return (await this.primitives.sha256(utf8_2ua(accessControlSecret + entityTypeName /* + (secretForeignKey ?? '')*/))).slice(\n 0,\n ACCESS_CONTROL_KEY_LENGTH_BYTES\n )\n }\n\n /**\n * Get the access control keys for proving access to an entity of provided type with the provided secret foreign keys.\n */\n async accessControlKeysFor(\n accessControlSecret: string,\n entityTypeName: EntityWithDelegationTypeName,\n secretForeignKeys: string[]\n ): Promise<ArrayBuffer[]> {\n return await this.getKeys(accessControlSecret, entityTypeName, secretForeignKeys, (a, b, c) => this.accessControlKeyFor(a, b, c))\n }\n\n /**\n * Get value to use as key in secure delegations for entities of the provided type with the provided secret foreign key. The combination of secret\n * foreign keys and entity type ensures that unauthorised people will not be able to draw links between entities of different types of data or\n * different confidentiality levels.\n * These keys will be used in the secure delegations map of security metadata.\n * @param accessControlSecret an access control secret\n * @param entityTypeName an entity type name\n * @param secretForeignKey optionally a secret foreign key to include in the secret. \"\" and undefined are equivalent.\n */\n async secureDelegationKeyFor(\n accessControlSecret: string,\n entityTypeName: EntityWithDelegationTypeName,\n secretForeignKey: string | undefined\n ): Promise<string> {\n return ua2hex(await this.primitives.sha256(await this.accessControlKeyFor(accessControlSecret, entityTypeName, secretForeignKey)))\n }\n\n /**\n * Get the secure delegations keys which can be used on an entity of provided type with the provided secret foreign keys.\n */\n async secureDelegationKeysFor(\n accessControlSecret: string,\n entityTypeName: EntityWithDelegationTypeName,\n secretForeignKeys: string[]\n ): Promise<string[]> {\n return await this.getKeys(accessControlSecret, entityTypeName, secretForeignKeys, (a, b, c) => this.secureDelegationKeyFor(a, b, c))\n }\n\n async getEncodedAccessControlKeys(accessControlSecrets: string[], entityTypeName: EntityWithDelegationTypeName): Promise<string> {\n const fullBuffer = new Uint8Array(accessControlSecrets.length * this.accessControlKeyLengthBytes)\n for (let i = 0; i < accessControlSecrets.length; i++) {\n const accessControlSecret = accessControlSecrets[i]\n const key = await this.accessControlKeyFor(accessControlSecret, entityTypeName, undefined)\n fullBuffer.set(new Uint8Array(key), i * this.accessControlKeyLengthBytes)\n }\n return ua2b64(fullBuffer)\n }\n\n private async getKeys<T>(\n accessControlSecret: string,\n entityTypeName: EntityWithDelegationTypeName,\n secretForeignKeys: string[],\n getKey: (accessControlSecret: string, entityTypeName: EntityWithDelegationTypeName, secretForeignKey: string | undefined) => Promise<T>\n ): Promise<T[]> {\n // Usage of sfks in secure delegation key should be configurable: it is not necessary for all users and it has some performance impact\n\n // if (!secretForeignKeys.length) {\n return [await getKey(accessControlSecret, entityTypeName, undefined)]\n // } else {\n // return await Promise.all(secretForeignKeys.map((sfk) => getKey(accessControlSecret, entityTypeName, sfk)))\n // }\n }\n}\n"]}
@@ -1,6 +1,6 @@
1
1
  import { IccDataOwnerXApi } from '../icc-data-owner-x-api';
2
2
  import { KeyPair } from './RSA';
3
- import { ExchangeData } from '../../icc-api/model/ExchangeData';
3
+ import { ExchangeData } from '../../icc-api/model/internal/ExchangeData';
4
4
  import { IccExchangeDataApi } from '../../icc-api/api/IccExchangeDataApi';
5
5
  import { CryptoPrimitives } from './CryptoPrimitives';
6
6
  /**
@@ -10,7 +10,7 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
10
10
  };
11
11
  Object.defineProperty(exports, "__esModule", { value: true });
12
12
  exports.BaseExchangeDataManager = void 0;
13
- const ExchangeData_1 = require("../../icc-api/model/ExchangeData");
13
+ const ExchangeData_1 = require("../../icc-api/model/internal/ExchangeData");
14
14
  const XHR_1 = require("../../icc-api/api/XHR");
15
15
  var XHRError = XHR_1.XHR.XHRError;
16
16
  const utils_1 = require("../utils");
@@ -1 +1 @@
1
- {"version":3,"file":"BaseExchangeDataManager.js","sourceRoot":"","sources":["../../../icc-x-api/crypto/BaseExchangeDataManager.ts"],"names":[],"mappings":";;;;;;;;;;;;AAEA,mEAA+D;AAE/D,+CAA2C;AAC3C,IAAO,QAAQ,GAAG,SAAG,CAAC,QAAQ,CAAA;AAE9B,oCAA6E;AAC7E,4BAA2B;AAC3B,mCAA4D;AAE5D;;;;GAIG;AACH,MAAa,uBAAuB;IAClC,YACW,GAAuB,EACf,YAA8B,EAC9B,UAA4B,EAC5B,gCAAyC;QAHjD,QAAG,GAAH,GAAG,CAAoB;QACf,iBAAY,GAAZ,YAAY,CAAkB;QAC9B,eAAU,GAAV,UAAU,CAAkB;QAC5B,qCAAgC,GAAhC,gCAAgC,CAAS;IACzD,CAAC;IAEJ;;;;;;OAMG;IACG,8CAA8C;;;YAClD,IAAI,CAAC,IAAI,CAAC,gCAAgC;gBAAE,OAAO,SAAS,CAAA;YAC5D,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,qBAAqB,EAAE,CAAA;YACnE,IAAI,YAAY,GAAG,MAAM,IAAI,CAAC,GAAG,CAAC,4BAA4B,CAAC,WAAW,EAAE,SAAS,EAAE,IAAI,CAAC,CAAA;YAC5F,MAAM,YAAY,GAAG,MAAA,YAAY,CAAC,IAAI,mCAAI,EAAE,CAAA;YAC5C,OAAO,MAAA,YAAY,CAAC,WAAW,0CAAE,aAAa,EAAE;gBAC9C,YAAY,GAAG,MAAM,IAAI,CAAC,GAAG,CAAC,4BAA4B,CAAC,WAAW,EAAE,YAAY,CAAC,WAAW,CAAC,aAAa,EAAE,IAAI,CAAC,CAAA;gBACrH,IAAI,YAAY,CAAC,IAAI;oBAAE,YAAY,CAAC,IAAI,CAAC,GAAG,YAAY,CAAC,IAAI,CAAC,CAAA;aAC/D;YACD,OAAO,YAAY,CAAA;;KACpB;IAED;;;;;OAKG;IACG,sCAAsC,CAAC,WAAmB,EAAE,UAAkB;;YAClF,OAAO,MAAM,IAAI,CAAC,GAAG,CAAC,kCAAkC,CAAC,WAAW,EAAE,UAAU,CAAC,CAAA;QACnF,CAAC;KAAA;IAED;;;;OAIG;IACG,mBAAmB,CAAC,cAAsB;;YAC9C,OAAO,MAAM,IAAI,CAAC,GAAG,CAAC,mBAAmB,CAAC,cAAc,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE;gBACpE,IAAI,CAAC,YAAY,QAAQ,IAAI,CAAC,CAAC,UAAU,KAAK,GAAG,EAAE;oBACjD,OAAO,SAAS,CAAA;iBACjB;;oBAAM,MAAM,CAAC,CAAA;YAChB,CAAC,CAAC,CAAA;QACJ,CAAC;KAAA;IAED;;;;;;;;;OASG;IACG,0BAA0B,CAC9B,YAA4B,EAC5B,kBAAoF;;YAEpF,MAAM,QAAQ,GAAmB,EAAE,CAAA;YACnC,KAAK,MAAM,EAAE,IAAI,YAAY,EAAE;gBAC7B,IAAI,MAAM,IAAI,CAAC,kBAAkB,CAAC,EAAE,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,kBAAkB,CAAC,CAAC,CAAC,CAAC;oBAAE,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;aACvF;YACD,OAAO,QAAQ,CAAA;QACjB,CAAC;KAAA;IAED;;;;;;;;OAQG;IACG,kBAAkB,CACtB,YAA0B,EAC1B,kBAAoF;;YAEpF,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,qBAAqB,EAAE,CAAA;YACnE,IAAI,YAAY,CAAC,SAAS,KAAK,WAAW;gBAAE,OAAO,KAAK,CAAA;YACxD,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,YAAY,CAAC,CAAA;YAC1D,KAAK,MAAM,CAAC,EAAE,EAAE,SAAS,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,YAAY,CAAC,SAAS,CAAC,EAAE;gBACpE,MAAM,eAAe,GAAG,MAAM,kBAAkB,CAAC,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAA;gBAC/D,IAAI,eAAe,IAAI,CAAC,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,eAAe,CAAC,eAAe,EAAE,IAAA,eAAO,EAAC,SAAS,CAAC,EAAE,aAAa,CAAC,CAAC;oBAAE,OAAO,IAAI,CAAA;aACpI;YACD,OAAO,KAAK,CAAA;QACd,CAAC;KAAA;IAED;;;;;;;;;OASG;IACG,6BAA6B,CACjC,YAA4B,EAC5B,cAAsE;;YAKtE,OAAO,MAAM,IAAI,CAAC,sBAAsB,CACtC,YAAY,EACZ,cAAc,EACd,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,mBAAmB,EAC9B,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,yBAAyB,CAAC,IAAI,UAAU,CAAC,CAAC,CAAC,CAAC,CACzD,CAAA;QACH,CAAC;KAAA;IAED;;;;;;;OAOG;IACG,sBAAsB,CAC1B,YAA4B,EAC5B,cAAsE;;YAKtE,OAAO,MAAM,IAAI,CAAC,sBAAsB,CACtC,YAAY,EACZ,cAAc,EACd,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,WAAW,EACtB,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,iBAAiB,CAAC,IAAI,UAAU,CAAC,CAAC,CAAC,CAAC,CACjD,CAAA;QACH,CAAC;KAAA;IAEa,sBAAsB,CAClC,YAA4B,EAC5B,cAAsE,EACtE,qBAAuF,EACvF,kBAA0D;;YAK1D,MAAM,qBAAqB,GAAQ,EAAE,CAAA;YACrC,MAAM,iBAAiB,GAAmB,EAAE,CAAA;YAC5C,KAAK,MAAM,EAAE,IAAI,YAAY,EAAE;gBAC7B,IAAI;oBACF,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,qBAAqB,CAAC,EAAE,CAAC,EAAE,cAAc,CAAC,CAAA;oBAClF,IAAI,SAAS,EAAE;wBACb,qBAAqB,CAAC,IAAI,CAAC,MAAM,kBAAkB,CAAC,SAAS,CAAC,CAAC,CAAA;qBAChE;yBAAM;wBACL,iBAAiB,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;qBAC3B;iBACF;gBAAC,OAAO,CAAC,EAAE;oBACV,iBAAiB,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;iBAC3B;aACF;YACD,OAAO,EAAE,qBAAqB,EAAE,iBAAiB,EAAE,CAAA;QACrD,CAAC;KAAA;IAEa,UAAU,CACtB,aAAyD,EACzD,cAAwE;;;YAExE,MAAM,sBAAsB,GAAG,MAAM,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,EAAE,EAAE;gBAC7E,uCACK,IAAI,KACP,CAAC,IAAA,uBAAe,EAAC,EAAE,CAAC,CAAC,CAAC,CAAC,IAAA,yBAAiB,EAAC,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,cAAc,CAAC,EAAE,CAAC,IACvE;YACH,CAAC,EAAE,EAA4D,CAAC,CAAA;YAChE,KAAK,MAAM,CAAC,EAAE,EAAE,SAAS,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,aAAa,CAAC,EAAE;gBAC3D,IAAI;oBACF,MAAM,GAAG,GAAG,MAAA,sBAAsB,CAAC,EAAE,CAAC,0CAAE,UAAU,CAAA;oBAClD,IAAI,GAAG;wBAAE,OAAO,IAAA,cAAM,EAAC,IAAA,eAAO,EAAC,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,EAAE,IAAA,eAAO,EAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAA;iBAC5F;gBAAC,OAAO,CAAC,EAAE;oBACV,uBAAuB;iBACxB;aACF;;KACF;IAED;;;;;;;;OAQG;IACG,kBAAkB,CACtB,UAAkB,EAClB,aAA0D,EAC1D,cAA2D,EAC3D,qBAEI,EAAE;;;YAMN,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,MAAM,EAAE;gBAC7E,MAAM,IAAI,KAAK,CAAC,8CAA8C,CAAC,CAAA;aAChE;YACD,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,mBAAmB,EAAE,CAAA;YACpD,MAAM,mBAAmB,GAAG,MAAM,IAAI,CAAC,2BAA2B,EAAE,CAAA;YACpE,MAAM,oBAAoB,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,WAAW,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAA;YACjG,MAAM,4BAA4B,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,mBAAmB,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAA;YACjH,MAAM,gBAAgB,GAAG;gBACvB,EAAE,EAAE,MAAA,kBAAkB,CAAC,EAAE,mCAAI,IAAI,CAAC,UAAU,CAAC,UAAU,EAAE;gBACzD,SAAS,EAAE,MAAM,IAAI,CAAC,YAAY,CAAC,qBAAqB,EAAE;gBAC1D,QAAQ,EAAE,UAAU;gBACpB,WAAW,EAAE,oBAAoB;gBACjC,mBAAmB,EAAE,4BAA4B;aAClD,CAAA;YACD,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,MAAM,IAAI,CAAC,WAAW,CAAC,gBAAgB,CAAC,EAAE,aAAa,CAAC,CAAA;YACtG,MAAM,YAAY,GAAG,IAAI,2BAAY,iCAAM,gBAAgB,KAAE,SAAS,IAAG,CAAA;YACzE,OAAO;gBACL,YAAY,EAAE,MAAM,IAAI,CAAC,GAAG,CAAC,kBAAkB,CAAC,YAAY,CAAC;gBAC7D,WAAW,EAAE,WAAW,CAAC,GAAG;gBAC5B,mBAAmB,EAAE,mBAAmB,CAAC,MAAM;aAChD,CAAA;;KACF;IAED;;;;;;;;;;;;;;;;OAgBG;IACG,qBAAqB,CACzB,YAA0B,EAC1B,cAAsE,EACtE,iBAA8D,EAC9D,aAA0D,EAC1D,kBAAoF;;YASpF,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,qBAAqB,EAAE,CAAA;YACnE,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,YAAY,CAAC,WAAW,EAAE,cAAc,CAAC,CAAA;YACtF,MAAM,sBAAsB,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,YAAY,CAAC,mBAAmB,EAAE,cAAc,CAAC,CAAA;YACtG,IAAI,CAAC,cAAc,IAAI,CAAC,sBAAsB;gBAAE,OAAO,SAAS,CAAA;YAChE,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,IAAI,UAAU,CAAC,cAAc,CAAC,CAAC,CAAA;YAChF,MAAM,mBAAmB,GAAG,MAAM,IAAI,CAAC,yBAAyB,CAAC,IAAI,UAAU,CAAC,sBAAsB,CAAC,CAAC,CAAA;YACxG,MAAM,0BAA0B,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,WAAW,CAAC,CAAC,CAAA;YACjF,MAAM,kBAAkB,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,mBAAmB,CAAC,CAAC,CAAA;YACjF,MAAM,cAAc,GAAG,MAAM,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC,MAAM,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,kBAAkB,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,0BAA0B,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAA;YACxI,IAAI,CAAC,cAAc,CAAC,MAAM;gBAAE,OAAO,EAAE,YAAY,EAAE,WAAW,EAAE,mBAAmB,EAAE,CAAA;YACrF,MAAM,+BAA+B,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,EAAE,EAAE,EAAE;gBACxE,GAAG,CAAC,EAAE,CAAC,GAAG,iBAAiB,CAAC,EAAE,CAAC,CAAA;gBAC/B,OAAO,GAAG,CAAA;YACZ,CAAC,EAAE,EAAiD,CAAC,CAAA;YACrD,MAAM,UAAU,GAAG,YAAY,CAAC,SAAS,IAAI,WAAW,IAAI,CAAC,MAAM,IAAI,CAAC,kBAAkB,CAAC,YAAY,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,kBAAkB,CAAC,EAAE,CAAC,CAAC,CAAC,CAAA;YACzI,MAAM,mBAAmB,GAAG,CAAC,CAAC,SAAS,CAAC,YAAY,CAAC,CAAA;YACrD,mBAAmB,CAAC,WAAW,mCAC1B,YAAY,CAAC,WAAW,GACxB,CAAC,MAAM,IAAI,CAAC,mBAAmB,CAAC,cAAc,EAAE,+BAA+B,CAAC,CAAC,CACrF,CAAA;YACD,mBAAmB,CAAC,mBAAmB,mCAClC,YAAY,CAAC,mBAAmB,GAChC,CAAC,MAAM,IAAI,CAAC,mBAAmB,CAAC,sBAAsB,EAAE,+BAA+B,CAAC,CAAC,CAC7F,CAAA;YACD,IAAI,UAAU,EAAE;gBACd,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,mBAAmB,CAAC,CAAA;gBACjE,mBAAmB,CAAC,SAAS,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,aAAa,EAAE,aAAa,CAAC,CAAA;aAC1F;YACD,OAAO,EAAE,YAAY,EAAE,MAAM,IAAI,CAAC,GAAG,CAAC,kBAAkB,CAAC,IAAI,2BAAY,CAAC,mBAAmB,CAAC,CAAC,EAAE,WAAW,EAAE,mBAAmB,EAAE,CAAA;QACrI,CAAC;KAAA;IAED,sGAAsG;IACtG,mHAAmH;IACnH,iBAAiB;IACH,WAAW,CAAC,YAKzB;;YACC,SAAS,UAAU,CAAC,GAA4B;gBAC9C,OAAO,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC;qBACpB,IAAI,EAAE;qBACN,MAAM,CAAC,CAAC,MAAM,EAAE,GAAG,EAAE,EAAE;oBACtB,OAAO,CAAC,GAAG,MAAM,EAAE,CAAC,GAAG,EAAE,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,CAAA;gBACrC,CAAC,EAAE,EAAwB,CAAC,CAAA;YAChC,CAAC;YACD,MAAM,UAAU,GAAG;gBACjB,CAAC,WAAW,EAAE,YAAY,CAAC,SAAS,CAAC;gBACrC,CAAC,UAAU,EAAE,YAAY,CAAC,QAAQ,CAAC;gBACnC,CAAC,aAAa,EAAE,UAAU,CAAC,YAAY,CAAC,WAAW,CAAC,CAAC;gBACrD,CAAC,qBAAqB,EAAE,UAAU,CAAC,YAAY,CAAC,mBAAmB,CAAC,CAAC;aACtE,CAAA;YACD,MAAM,QAAQ,GAAG,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,CAAA;YAC3C,OAAO,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,IAAA,gBAAQ,EAAC,QAAQ,CAAC,CAAC,CAAA;QACnD,CAAC;KAAA;IAED,+BAA+B;IACjB,mBAAmB;;YAI/B,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC,CAAA;YACtD,OAAO;gBACL,GAAG,EAAE,MAAM,IAAI,CAAC,iBAAiB,CAAC,QAAQ,CAAC;gBAC3C,QAAQ;aACT,CAAA;QACH,CAAC;KAAA;IAEa,iBAAiB,CAAC,cAA2B;;YACzD,OAAO,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,SAAS,CAAC,KAAK,EAAE,cAAc,CAAC,CAAA;QACnE,CAAC;KAAA;IAED,wCAAwC;IAC1B,2BAA2B;;YAIvC,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC,CAAA;YACtD,OAAO;gBACL,MAAM,EAAE,MAAM,IAAI,CAAC,yBAAyB,CAAC,QAAQ,CAAC;gBACtD,QAAQ;aACT,CAAA;QACH,CAAC;KAAA;IAEO,yBAAyB,CAAC,cAA2B;QAC3D,OAAO,OAAO,CAAC,OAAO,CAAC,IAAA,cAAM,EAAC,cAAc,CAAC,CAAC,CAAA;IAChD,CAAC;IAEa,mBAAmB,CAC/B,OAAoB,EACpB,IAAmD;;YAEnD,MAAM,GAAG,GAA+C,EAAE,CAAA;YAC1D,KAAK,MAAM,CAAC,EAAE,EAAE,GAAG,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE;gBAC5C,GAAG,CAAC,IAAA,uBAAe,EAAC,EAAE,CAAC,CAAC,CAAC,CAAC,IAAA,yBAAiB,EAAC,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,GAAG,IAAA,cAAM,EAAC,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,EAAE,IAAA,gBAAQ,EAAC,IAAA,cAAM,EAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAA;aAClI;YACD,OAAO,GAAG,CAAA;QACZ,CAAC;KAAA;IAEa,gBAAgB,CAC5B,OAAoB,EACpB,IAAiD;;YAEjD,MAAM,GAAG,GAA6C,EAAE,CAAA;YACxD,KAAK,MAAM,CAAC,EAAE,EAAE,GAAG,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE;gBAC5C,GAAG,CAAC,EAAE,CAAC,GAAG,IAAA,cAAM,EAAC,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,EAAE,IAAI,UAAU,CAAC,OAAO,CAAC,CAAC,CAAC,CAAA;aAC/E;YACD,OAAO,GAAG,CAAA;QACZ,CAAC;KAAA;CACF;AArXD,0DAqXC","sourcesContent":["import { IccDataOwnerXApi } from '../icc-data-owner-x-api'\nimport { KeyPair } from './RSA'\nimport { ExchangeData } from '../../icc-api/model/ExchangeData'\nimport { IccExchangeDataApi } from '../../icc-api/api/IccExchangeDataApi'\nimport { XHR } from '../../icc-api/api/XHR'\nimport XHRError = XHR.XHRError\nimport { CryptoPrimitives } from './CryptoPrimitives'\nimport { b64_2ua, hex2ua, ua2b64, ua2hex, ua2utf8, utf8_2ua } from '../utils'\nimport * as _ from 'lodash'\nimport { fingerprintV1toV2, fingerprintIsV1 } from './utils'\n\n/**\n * @internal this class is intended for internal use only and may be modified without notice\n * Functions to create and get exchange data.\n * The methods of this api require to pass the appropriate keys for encryption/decryption manually.\n */\nexport class BaseExchangeDataManager {\n constructor(\n readonly api: IccExchangeDataApi,\n private readonly dataOwnerApi: IccDataOwnerXApi,\n private readonly primitives: CryptoPrimitives,\n private readonly selfRequiresAnonymousDelegations: boolean\n ) {}\n\n /**\n * Get all the exchange data where the current data owner is the delegator or the delegate. However, some data owners, generally HCPs, may have a\n * prohibitively high amount of exchange data. If the crypto strategies specify that the current data owner requires anonymous delegation this\n * method returns all the exchange data found for the data owner, else the method returns undefined.\n * @return all the exchange data for the current data owner or undefined if the crypto strategies don't allow to retrieve all data for the current\n * data owner.\n */\n async getAllExchangeDataForCurrentDataOwnerIfAllowed(): Promise<ExchangeData[] | undefined> {\n if (!this.selfRequiresAnonymousDelegations) return undefined\n const dataOwnerId = await this.dataOwnerApi.getCurrentDataOwnerId()\n let latestResult = await this.api.getExchangeDataByParticipant(dataOwnerId, undefined, 1000)\n const allRetrieved = latestResult.rows ?? []\n while (latestResult.nextKeyPair?.startKeyDocId) {\n latestResult = await this.api.getExchangeDataByParticipant(dataOwnerId, latestResult.nextKeyPair.startKeyDocId, 1000)\n if (latestResult.rows) allRetrieved.push(...latestResult.rows)\n }\n return allRetrieved\n }\n\n /**\n * Get all exchange data for the provided delegator-delegate pair.\n * @param delegatorId id of a delegator data owner.\n * @param delegateId id of a delegate data owner.\n * @return all exchange data for the provided delegator-delegate pair.\n */\n async getExchangeDataByDelegatorDelegatePair(delegatorId: string, delegateId: string): Promise<ExchangeData[]> {\n return await this.api.getExchangeDataByDelegatorDelegate(delegatorId, delegateId)\n }\n\n /**\n * Get the exchange data with the provided id.\n * @param exchangeDataId id of the exchange data.\n * @return the exchange data with the provided id or undefined if no exchange data with such id could be found.\n */\n async getExchangeDataById(exchangeDataId: string): Promise<ExchangeData | undefined> {\n return await this.api.getExchangeDataById(exchangeDataId).catch((e) => {\n if (e instanceof XHRError && e.statusCode === 404) {\n return undefined\n } else throw e\n })\n }\n\n /**\n * Filters exchange data returning only the instances that could be verified using their signature and the provided verification\n * keys.\n * Note that all exchange data created by data owners other than the current data owner (including members of his hierarchy)\n * will always be unverified.\n * @param exchangeData the exchange data to verify.\n * @param getVerificationKey function to retrieve keys to use for verification by fingerprint.\n * @return the exchange data which could be verified given his signature and the available verification keys.\n * @throws if any of the provided exchange data has been created by a data owner other than the current data owner.\n */\n async filterVerifiedExchangeData(\n exchangeData: ExchangeData[],\n getVerificationKey: (publicKeyFingerprint: string) => Promise<CryptoKey | undefined>\n ): Promise<ExchangeData[]> {\n const verified: ExchangeData[] = []\n for (const ed of exchangeData) {\n if (await this.verifyExchangeData(ed, (x) => getVerificationKey(x))) verified.push(ed)\n }\n return verified\n }\n\n /**\n * Verifies the authenticity of the exchange data by checking the signature.\n * Note that all exchange data created by data owners other than the current data owner (including members of his hierarchy)\n * will always be unverified.\n * @param exchangeData the exchange data to verify.\n * @param getVerificationKey function to retrieve keys to use for verification by fingerprint.\n * @return the exchange data which could be verified given his signature and the available verification keys.\n * @throws if any of the provided exchange data has been created by a data owner other than the current data owner.\n */\n async verifyExchangeData(\n exchangeData: ExchangeData,\n getVerificationKey: (publicKeyFingerprint: string) => Promise<CryptoKey | undefined>\n ): Promise<boolean> {\n const dataOwnerId = await this.dataOwnerApi.getCurrentDataOwnerId()\n if (exchangeData.delegator !== dataOwnerId) return false\n const signatureData = await this.bytesToSign(exchangeData)\n for (const [fp, signature] of Object.entries(exchangeData.signature)) {\n const verificationKey = await getVerificationKey(fp.slice(-32))\n if (verificationKey && (await this.primitives.RSA.verifySignature(verificationKey, b64_2ua(signature), signatureData))) return true\n }\n return false\n }\n\n /**\n * Extracts and decrypts the access control secret from the provided exchange data.\n * These need to be hashed together with the entity class and confidentiality level in order to get the actual access control key\n * which will be sent to the server.\n * @param exchangeData the exchange data from which to extract access control secrets.\n * @param decryptionKeys rsa key pairs to use for decryption of the access control secret.\n * @return an object composed of:\n * - successfulDecryptions: array of all successfully decrypted access control keys\n * - failedDecryptions: array containing all exchange data for which the access control key could not be decrypted (using the provided keys).\n */\n async tryDecryptAccessControlSecret(\n exchangeData: ExchangeData[],\n decryptionKeys: { [publicKeyFingerprint: string]: KeyPair<CryptoKey> }\n ): Promise<{\n successfulDecryptions: string[]\n failedDecryptions: ExchangeData[]\n }> {\n return await this.tryDecryptExchangeData(\n exchangeData,\n decryptionKeys,\n (ed) => ed.accessControlSecret,\n (d) => this.importAccessControlSecret(new Uint8Array(d))\n )\n }\n\n /**\n * Extract and decrypts the exchange keys from the provided exchange data.\n * @param exchangeData the exchange data from which to extract exchange keys.\n * @param decryptionKeys rsa key pairs to use for the decryption of the exchange keys.\n * @return an object composed of:\n * - successfulDecryptions: array containing the successfully decrypted exchange keys.\n * - failedDecryptions: array containing all exchange data for which the access control key could not be decrypted (using the provided keys).\n */\n async tryDecryptExchangeKeys(\n exchangeData: ExchangeData[],\n decryptionKeys: { [publicKeyFingerprint: string]: KeyPair<CryptoKey> }\n ): Promise<{\n successfulDecryptions: CryptoKey[]\n failedDecryptions: ExchangeData[]\n }> {\n return await this.tryDecryptExchangeData(\n exchangeData,\n decryptionKeys,\n (ed) => ed.exchangeKey,\n (d) => this.importExchangeKey(new Uint8Array(d))\n )\n }\n\n private async tryDecryptExchangeData<T>(\n exchangeData: ExchangeData[],\n decryptionKeys: { [publicKeyFingerprint: string]: KeyPair<CryptoKey> },\n encryptedDataSelector: (data: ExchangeData) => { [keyPairFingerprint: string]: string },\n unmarshalDecrypted: (decrypted: ArrayBuffer) => Promise<T>\n ): Promise<{\n successfulDecryptions: T[]\n failedDecryptions: ExchangeData[]\n }> {\n const successfulDecryptions: T[] = []\n const failedDecryptions: ExchangeData[] = []\n for (const ed of exchangeData) {\n try {\n const decrypted = await this.tryDecrypt(encryptedDataSelector(ed), decryptionKeys)\n if (decrypted) {\n successfulDecryptions.push(await unmarshalDecrypted(decrypted))\n } else {\n failedDecryptions.push(ed)\n }\n } catch (e) {\n failedDecryptions.push(ed)\n }\n }\n return { successfulDecryptions, failedDecryptions }\n }\n\n private async tryDecrypt(\n encryptedData: { [keyPairFingerprintV2: string]: string },\n decryptionKeys: { [publicKeyFingerprintV1: string]: KeyPair<CryptoKey> }\n ): Promise<ArrayBuffer | undefined> {\n const decryptionKeysWithV2Fp = Object.keys(decryptionKeys).reduce((prev, fp) => {\n return {\n ...prev,\n [fingerprintIsV1(fp) ? fingerprintV1toV2(fp) : fp]: decryptionKeys[fp],\n }\n }, {} as { [publicKeyFingerprint: string]: KeyPair<CryptoKey> })\n for (const [fp, encrypted] of Object.entries(encryptedData)) {\n try {\n const key = decryptionKeysWithV2Fp[fp]?.privateKey\n if (key) return hex2ua(ua2utf8(await this.primitives.RSA.decrypt(key, b64_2ua(encrypted))))\n } catch (e) {\n // Try with another key\n }\n }\n }\n\n /**\n * Creates exchange data from the current data owner to the provided delegate, uploading the newly created exchange data to the cloud.\n * This assumes that the keys have been verified.\n * @param delegateId id of the delegate for the new exchange data.\n * @param signatureKeys private keys to use for signing the created data.\n * @param encryptionKeys public keys to use for the encryption of the exchange data (from delegator and delegate).\n * @param optionalAttributes optional precalculated attributes for the creation of data\n * @return the newly created exchange data, and its decrypted exchange key and access control secret.\n */\n async createExchangeData(\n delegateId: string,\n signatureKeys: { [keyPairFingerprint: string]: CryptoKey },\n encryptionKeys: { [keyPairFingerprint: string]: CryptoKey },\n optionalAttributes: {\n id?: string\n } = {}\n ): Promise<{\n exchangeData: ExchangeData\n exchangeKey: CryptoKey\n accessControlSecret: string\n }> {\n if (!Object.keys(signatureKeys).length || !Object.keys(encryptionKeys).length) {\n throw new Error('Must specify at least one signature key and ')\n }\n const exchangeKey = await this.generateExchangeKey()\n const accessControlSecret = await this.generateAccessControlSecret()\n const encryptedExchangeKey = await this.encryptDataWithKeys(exchangeKey.rawBytes, encryptionKeys)\n const encryptedAccessControlSecret = await this.encryptDataWithKeys(accessControlSecret.rawBytes, encryptionKeys)\n const baseExchangeData = {\n id: optionalAttributes.id ?? this.primitives.randomUuid(),\n delegator: await this.dataOwnerApi.getCurrentDataOwnerId(),\n delegate: delegateId,\n exchangeKey: encryptedExchangeKey,\n accessControlSecret: encryptedAccessControlSecret,\n }\n const signature = await this.signDataWithKeys(await this.bytesToSign(baseExchangeData), signatureKeys)\n const exchangeData = new ExchangeData({ ...baseExchangeData, signature })\n return {\n exchangeData: await this.api.createExchangeData(exchangeData),\n exchangeKey: exchangeKey.key,\n accessControlSecret: accessControlSecret.secret,\n }\n }\n\n /**\n * Updates existing exchange data and uploads it to the cloud in order to share it also with additional public keys, useful for example in cases\n * where one of the data owners involved in the exchange data has lost one of his keys.\n * If the content of the exchange data could not be decrypted using the provided keys the method will not update anything and will return undefined.\n * This method assumes that the new encryption keys have been verified.\n * If the current data owner is also the delegator of the provided exchange data and at least one of the verification keys can be used to\n * validate the current exchange data then the signature will be updated using the signature keys.\n * Instead, if the current data owner is not the delegator of the provided exchange data, or the exchange data could not be verified using\n * the provided verification keys then the updated exchange data will become unverified, and won't ever be verifiable again.\n * @param exchangeData exchange data to update.\n * @param decryptionKeys keys to use to extract the content of the exchange data which will be shared with the new keys.\n * @param signatureKeys keys to use for the new signature of the updated exchange data.\n * @param newEncryptionKeys new keys to add to the exchange data.\n * @param getVerificationKey function to retrieve keys to use for verification by fingerprint.\n * @return the updated exchange data, and its decrypted exchange key and access control secret, or undefined if the exchange data content could not\n * be decrypted and the exchange data could not be updated.\n */\n async tryUpdateExchangeData(\n exchangeData: ExchangeData,\n decryptionKeys: { [publicKeyFingerprint: string]: KeyPair<CryptoKey> },\n newEncryptionKeys: { [keyPairFingerprint: string]: CryptoKey },\n signatureKeys: { [keyPairFingerprint: string]: CryptoKey },\n getVerificationKey: (publicKeyFingerprint: string) => Promise<CryptoKey | undefined>\n ): Promise<\n | {\n exchangeData: ExchangeData\n exchangeKey: CryptoKey\n accessControlSecret: string\n }\n | undefined\n > {\n const dataOwnerId = await this.dataOwnerApi.getCurrentDataOwnerId()\n const rawExchangeKey = await this.tryDecrypt(exchangeData.exchangeKey, decryptionKeys)\n const rawAccessControlSecret = await this.tryDecrypt(exchangeData.accessControlSecret, decryptionKeys)\n if (!rawExchangeKey || !rawAccessControlSecret) return undefined\n const exchangeKey = await this.importExchangeKey(new Uint8Array(rawExchangeKey))\n const accessControlSecret = await this.importAccessControlSecret(new Uint8Array(rawAccessControlSecret))\n const existingExchangeKeyEntries = new Set(Object.keys(exchangeData.exchangeKey))\n const existingAcsEntries = new Set(Object.keys(exchangeData.accessControlSecret))\n const missingEntries = Object.keys(newEncryptionKeys).filter((fp) => !existingAcsEntries.has(fp) || !existingExchangeKeyEntries.has(fp))\n if (!missingEntries.length) return { exchangeData, exchangeKey, accessControlSecret }\n const encryptionKeysForMissingEntries = missingEntries.reduce((obj, fp) => {\n obj[fp] = newEncryptionKeys[fp]\n return obj\n }, {} as { [keyPairFingerprint: string]: CryptoKey })\n const isVerified = exchangeData.delegator == dataOwnerId && (await this.verifyExchangeData(exchangeData, (fp) => getVerificationKey(fp)))\n const updatedExchangeData = _.cloneDeep(exchangeData)\n updatedExchangeData.exchangeKey = {\n ...exchangeData.exchangeKey,\n ...(await this.encryptDataWithKeys(rawExchangeKey, encryptionKeysForMissingEntries)),\n }\n updatedExchangeData.accessControlSecret = {\n ...exchangeData.accessControlSecret,\n ...(await this.encryptDataWithKeys(rawAccessControlSecret, encryptionKeysForMissingEntries)),\n }\n if (isVerified) {\n const newDataToSign = await this.bytesToSign(updatedExchangeData)\n updatedExchangeData.signature = await this.signDataWithKeys(newDataToSign, signatureKeys)\n }\n return { exchangeData: await this.api.modifyExchangeData(new ExchangeData(updatedExchangeData)), exchangeKey, accessControlSecret }\n }\n\n // Gets a byte representation of the parts of exchange data which should be included in the signature.\n // Equivalent json representations of the exchange data should provide the same bytes (even if the order of entries\n // is different).\n private async bytesToSign(exchangeData: {\n delegate: string\n delegator: string\n exchangeKey: { [k: string]: string }\n accessControlSecret: { [k: string]: string }\n }): Promise<ArrayBuffer> {\n function sortObject(obj: { [k: string]: string }): [string, string][] {\n return Object.keys(obj)\n .sort()\n .reduce((sorted, key) => {\n return [...sorted, [key, obj[key]]]\n }, [] as [string, string][])\n }\n const signObject = [\n ['delegator', exchangeData.delegator],\n ['delegate', exchangeData.delegate],\n ['exchangeKey', sortObject(exchangeData.exchangeKey)],\n ['accessControlSecret', sortObject(exchangeData.accessControlSecret)],\n ]\n const signJson = JSON.stringify(signObject)\n return this.primitives.sha256(utf8_2ua(signJson))\n }\n\n // Generates a new exchange key\n private async generateExchangeKey(): Promise<{\n key: CryptoKey // the imported key\n rawBytes: ArrayBuffer // the bytes to encrypt for in the exchange data\n }> {\n const rawBytes = await this.primitives.randomBytes(32)\n return {\n key: await this.importExchangeKey(rawBytes),\n rawBytes,\n }\n }\n\n private async importExchangeKey(decryptedBytes: ArrayBuffer): Promise<CryptoKey> {\n return await this.primitives.AES.importKey('raw', decryptedBytes)\n }\n\n // Generates a new access control secret\n private async generateAccessControlSecret(): Promise<{\n secret: string // the imported secret\n rawBytes: ArrayBuffer // the bytes to encrypt for in the exchange data\n }> {\n const rawBytes = await this.primitives.randomBytes(16)\n return {\n secret: await this.importAccessControlSecret(rawBytes),\n rawBytes,\n }\n }\n\n private importAccessControlSecret(decryptedBytes: ArrayBuffer): Promise<string> {\n return Promise.resolve(ua2hex(decryptedBytes))\n }\n\n private async encryptDataWithKeys(\n rawData: ArrayBuffer,\n keys: { [keyPairFingerprintV1: string]: CryptoKey }\n ): Promise<{ [keyPairFingerprintV2: string]: string }> {\n const res: { [keyPairFingerprintV2: string]: string } = {}\n for (const [fp, key] of Object.entries(keys)) {\n res[fingerprintIsV1(fp) ? fingerprintV1toV2(fp) : fp] = ua2b64(await this.primitives.RSA.encrypt(key, utf8_2ua(ua2hex(rawData))))\n }\n return res\n }\n\n private async signDataWithKeys(\n rawData: ArrayBuffer,\n keys: { [keyPairFingerprint: string]: CryptoKey }\n ): Promise<{ [keyPairFingerprint: string]: string }> {\n const res: { [keyPairFingerprint: string]: string } = {}\n for (const [fp, key] of Object.entries(keys)) {\n res[fp] = ua2b64(await this.primitives.RSA.sign(key, new Uint8Array(rawData)))\n }\n return res\n }\n}\n"]}
1
+ {"version":3,"file":"BaseExchangeDataManager.js","sourceRoot":"","sources":["../../../icc-x-api/crypto/BaseExchangeDataManager.ts"],"names":[],"mappings":";;;;;;;;;;;;AAEA,4EAAwE;AAExE,+CAA2C;AAC3C,IAAO,QAAQ,GAAG,SAAG,CAAC,QAAQ,CAAA;AAE9B,oCAA6E;AAC7E,4BAA2B;AAC3B,mCAA4D;AAE5D;;;;GAIG;AACH,MAAa,uBAAuB;IAClC,YACW,GAAuB,EACf,YAA8B,EAC9B,UAA4B,EAC5B,gCAAyC;QAHjD,QAAG,GAAH,GAAG,CAAoB;QACf,iBAAY,GAAZ,YAAY,CAAkB;QAC9B,eAAU,GAAV,UAAU,CAAkB;QAC5B,qCAAgC,GAAhC,gCAAgC,CAAS;IACzD,CAAC;IAEJ;;;;;;OAMG;IACG,8CAA8C;;;YAClD,IAAI,CAAC,IAAI,CAAC,gCAAgC;gBAAE,OAAO,SAAS,CAAA;YAC5D,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,qBAAqB,EAAE,CAAA;YACnE,IAAI,YAAY,GAAG,MAAM,IAAI,CAAC,GAAG,CAAC,4BAA4B,CAAC,WAAW,EAAE,SAAS,EAAE,IAAI,CAAC,CAAA;YAC5F,MAAM,YAAY,GAAG,MAAA,YAAY,CAAC,IAAI,mCAAI,EAAE,CAAA;YAC5C,OAAO,MAAA,YAAY,CAAC,WAAW,0CAAE,aAAa,EAAE;gBAC9C,YAAY,GAAG,MAAM,IAAI,CAAC,GAAG,CAAC,4BAA4B,CAAC,WAAW,EAAE,YAAY,CAAC,WAAW,CAAC,aAAa,EAAE,IAAI,CAAC,CAAA;gBACrH,IAAI,YAAY,CAAC,IAAI;oBAAE,YAAY,CAAC,IAAI,CAAC,GAAG,YAAY,CAAC,IAAI,CAAC,CAAA;aAC/D;YACD,OAAO,YAAY,CAAA;;KACpB;IAED;;;;;OAKG;IACG,sCAAsC,CAAC,WAAmB,EAAE,UAAkB;;YAClF,OAAO,MAAM,IAAI,CAAC,GAAG,CAAC,kCAAkC,CAAC,WAAW,EAAE,UAAU,CAAC,CAAA;QACnF,CAAC;KAAA;IAED;;;;OAIG;IACG,mBAAmB,CAAC,cAAsB;;YAC9C,OAAO,MAAM,IAAI,CAAC,GAAG,CAAC,mBAAmB,CAAC,cAAc,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE;gBACpE,IAAI,CAAC,YAAY,QAAQ,IAAI,CAAC,CAAC,UAAU,KAAK,GAAG,EAAE;oBACjD,OAAO,SAAS,CAAA;iBACjB;;oBAAM,MAAM,CAAC,CAAA;YAChB,CAAC,CAAC,CAAA;QACJ,CAAC;KAAA;IAED;;;;;;;;;OASG;IACG,0BAA0B,CAC9B,YAA4B,EAC5B,kBAAoF;;YAEpF,MAAM,QAAQ,GAAmB,EAAE,CAAA;YACnC,KAAK,MAAM,EAAE,IAAI,YAAY,EAAE;gBAC7B,IAAI,MAAM,IAAI,CAAC,kBAAkB,CAAC,EAAE,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,kBAAkB,CAAC,CAAC,CAAC,CAAC;oBAAE,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;aACvF;YACD,OAAO,QAAQ,CAAA;QACjB,CAAC;KAAA;IAED;;;;;;;;OAQG;IACG,kBAAkB,CACtB,YAA0B,EAC1B,kBAAoF;;YAEpF,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,qBAAqB,EAAE,CAAA;YACnE,IAAI,YAAY,CAAC,SAAS,KAAK,WAAW;gBAAE,OAAO,KAAK,CAAA;YACxD,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,YAAY,CAAC,CAAA;YAC1D,KAAK,MAAM,CAAC,EAAE,EAAE,SAAS,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,YAAY,CAAC,SAAS,CAAC,EAAE;gBACpE,MAAM,eAAe,GAAG,MAAM,kBAAkB,CAAC,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAA;gBAC/D,IAAI,eAAe,IAAI,CAAC,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,eAAe,CAAC,eAAe,EAAE,IAAA,eAAO,EAAC,SAAS,CAAC,EAAE,aAAa,CAAC,CAAC;oBAAE,OAAO,IAAI,CAAA;aACpI;YACD,OAAO,KAAK,CAAA;QACd,CAAC;KAAA;IAED;;;;;;;;;OASG;IACG,6BAA6B,CACjC,YAA4B,EAC5B,cAAsE;;YAKtE,OAAO,MAAM,IAAI,CAAC,sBAAsB,CACtC,YAAY,EACZ,cAAc,EACd,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,mBAAmB,EAC9B,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,yBAAyB,CAAC,IAAI,UAAU,CAAC,CAAC,CAAC,CAAC,CACzD,CAAA;QACH,CAAC;KAAA;IAED;;;;;;;OAOG;IACG,sBAAsB,CAC1B,YAA4B,EAC5B,cAAsE;;YAKtE,OAAO,MAAM,IAAI,CAAC,sBAAsB,CACtC,YAAY,EACZ,cAAc,EACd,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,WAAW,EACtB,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,iBAAiB,CAAC,IAAI,UAAU,CAAC,CAAC,CAAC,CAAC,CACjD,CAAA;QACH,CAAC;KAAA;IAEa,sBAAsB,CAClC,YAA4B,EAC5B,cAAsE,EACtE,qBAAuF,EACvF,kBAA0D;;YAK1D,MAAM,qBAAqB,GAAQ,EAAE,CAAA;YACrC,MAAM,iBAAiB,GAAmB,EAAE,CAAA;YAC5C,KAAK,MAAM,EAAE,IAAI,YAAY,EAAE;gBAC7B,IAAI;oBACF,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,qBAAqB,CAAC,EAAE,CAAC,EAAE,cAAc,CAAC,CAAA;oBAClF,IAAI,SAAS,EAAE;wBACb,qBAAqB,CAAC,IAAI,CAAC,MAAM,kBAAkB,CAAC,SAAS,CAAC,CAAC,CAAA;qBAChE;yBAAM;wBACL,iBAAiB,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;qBAC3B;iBACF;gBAAC,OAAO,CAAC,EAAE;oBACV,iBAAiB,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;iBAC3B;aACF;YACD,OAAO,EAAE,qBAAqB,EAAE,iBAAiB,EAAE,CAAA;QACrD,CAAC;KAAA;IAEa,UAAU,CACtB,aAAyD,EACzD,cAAwE;;;YAExE,MAAM,sBAAsB,GAAG,MAAM,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,EAAE,EAAE;gBAC7E,uCACK,IAAI,KACP,CAAC,IAAA,uBAAe,EAAC,EAAE,CAAC,CAAC,CAAC,CAAC,IAAA,yBAAiB,EAAC,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,cAAc,CAAC,EAAE,CAAC,IACvE;YACH,CAAC,EAAE,EAA4D,CAAC,CAAA;YAChE,KAAK,MAAM,CAAC,EAAE,EAAE,SAAS,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,aAAa,CAAC,EAAE;gBAC3D,IAAI;oBACF,MAAM,GAAG,GAAG,MAAA,sBAAsB,CAAC,EAAE,CAAC,0CAAE,UAAU,CAAA;oBAClD,IAAI,GAAG;wBAAE,OAAO,IAAA,cAAM,EAAC,IAAA,eAAO,EAAC,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,EAAE,IAAA,eAAO,EAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAA;iBAC5F;gBAAC,OAAO,CAAC,EAAE;oBACV,uBAAuB;iBACxB;aACF;;KACF;IAED;;;;;;;;OAQG;IACG,kBAAkB,CACtB,UAAkB,EAClB,aAA0D,EAC1D,cAA2D,EAC3D,qBAEI,EAAE;;;YAMN,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,MAAM,EAAE;gBAC7E,MAAM,IAAI,KAAK,CAAC,8CAA8C,CAAC,CAAA;aAChE;YACD,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,mBAAmB,EAAE,CAAA;YACpD,MAAM,mBAAmB,GAAG,MAAM,IAAI,CAAC,2BAA2B,EAAE,CAAA;YACpE,MAAM,oBAAoB,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,WAAW,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAA;YACjG,MAAM,4BAA4B,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,mBAAmB,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAA;YACjH,MAAM,gBAAgB,GAAG;gBACvB,EAAE,EAAE,MAAA,kBAAkB,CAAC,EAAE,mCAAI,IAAI,CAAC,UAAU,CAAC,UAAU,EAAE;gBACzD,SAAS,EAAE,MAAM,IAAI,CAAC,YAAY,CAAC,qBAAqB,EAAE;gBAC1D,QAAQ,EAAE,UAAU;gBACpB,WAAW,EAAE,oBAAoB;gBACjC,mBAAmB,EAAE,4BAA4B;aAClD,CAAA;YACD,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,MAAM,IAAI,CAAC,WAAW,CAAC,gBAAgB,CAAC,EAAE,aAAa,CAAC,CAAA;YACtG,MAAM,YAAY,GAAG,IAAI,2BAAY,iCAAM,gBAAgB,KAAE,SAAS,IAAG,CAAA;YACzE,OAAO;gBACL,YAAY,EAAE,MAAM,IAAI,CAAC,GAAG,CAAC,kBAAkB,CAAC,YAAY,CAAC;gBAC7D,WAAW,EAAE,WAAW,CAAC,GAAG;gBAC5B,mBAAmB,EAAE,mBAAmB,CAAC,MAAM;aAChD,CAAA;;KACF;IAED;;;;;;;;;;;;;;;;OAgBG;IACG,qBAAqB,CACzB,YAA0B,EAC1B,cAAsE,EACtE,iBAA8D,EAC9D,aAA0D,EAC1D,kBAAoF;;YASpF,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,qBAAqB,EAAE,CAAA;YACnE,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,YAAY,CAAC,WAAW,EAAE,cAAc,CAAC,CAAA;YACtF,MAAM,sBAAsB,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,YAAY,CAAC,mBAAmB,EAAE,cAAc,CAAC,CAAA;YACtG,IAAI,CAAC,cAAc,IAAI,CAAC,sBAAsB;gBAAE,OAAO,SAAS,CAAA;YAChE,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,IAAI,UAAU,CAAC,cAAc,CAAC,CAAC,CAAA;YAChF,MAAM,mBAAmB,GAAG,MAAM,IAAI,CAAC,yBAAyB,CAAC,IAAI,UAAU,CAAC,sBAAsB,CAAC,CAAC,CAAA;YACxG,MAAM,0BAA0B,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,WAAW,CAAC,CAAC,CAAA;YACjF,MAAM,kBAAkB,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,mBAAmB,CAAC,CAAC,CAAA;YACjF,MAAM,cAAc,GAAG,MAAM,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC,MAAM,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,kBAAkB,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,0BAA0B,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAA;YACxI,IAAI,CAAC,cAAc,CAAC,MAAM;gBAAE,OAAO,EAAE,YAAY,EAAE,WAAW,EAAE,mBAAmB,EAAE,CAAA;YACrF,MAAM,+BAA+B,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,EAAE,EAAE,EAAE;gBACxE,GAAG,CAAC,EAAE,CAAC,GAAG,iBAAiB,CAAC,EAAE,CAAC,CAAA;gBAC/B,OAAO,GAAG,CAAA;YACZ,CAAC,EAAE,EAAiD,CAAC,CAAA;YACrD,MAAM,UAAU,GAAG,YAAY,CAAC,SAAS,IAAI,WAAW,IAAI,CAAC,MAAM,IAAI,CAAC,kBAAkB,CAAC,YAAY,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,kBAAkB,CAAC,EAAE,CAAC,CAAC,CAAC,CAAA;YACzI,MAAM,mBAAmB,GAAG,CAAC,CAAC,SAAS,CAAC,YAAY,CAAC,CAAA;YACrD,mBAAmB,CAAC,WAAW,mCAC1B,YAAY,CAAC,WAAW,GACxB,CAAC,MAAM,IAAI,CAAC,mBAAmB,CAAC,cAAc,EAAE,+BAA+B,CAAC,CAAC,CACrF,CAAA;YACD,mBAAmB,CAAC,mBAAmB,mCAClC,YAAY,CAAC,mBAAmB,GAChC,CAAC,MAAM,IAAI,CAAC,mBAAmB,CAAC,sBAAsB,EAAE,+BAA+B,CAAC,CAAC,CAC7F,CAAA;YACD,IAAI,UAAU,EAAE;gBACd,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,mBAAmB,CAAC,CAAA;gBACjE,mBAAmB,CAAC,SAAS,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,aAAa,EAAE,aAAa,CAAC,CAAA;aAC1F;YACD,OAAO,EAAE,YAAY,EAAE,MAAM,IAAI,CAAC,GAAG,CAAC,kBAAkB,CAAC,IAAI,2BAAY,CAAC,mBAAmB,CAAC,CAAC,EAAE,WAAW,EAAE,mBAAmB,EAAE,CAAA;QACrI,CAAC;KAAA;IAED,sGAAsG;IACtG,mHAAmH;IACnH,iBAAiB;IACH,WAAW,CAAC,YAKzB;;YACC,SAAS,UAAU,CAAC,GAA4B;gBAC9C,OAAO,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC;qBACpB,IAAI,EAAE;qBACN,MAAM,CAAC,CAAC,MAAM,EAAE,GAAG,EAAE,EAAE;oBACtB,OAAO,CAAC,GAAG,MAAM,EAAE,CAAC,GAAG,EAAE,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,CAAA;gBACrC,CAAC,EAAE,EAAwB,CAAC,CAAA;YAChC,CAAC;YACD,MAAM,UAAU,GAAG;gBACjB,CAAC,WAAW,EAAE,YAAY,CAAC,SAAS,CAAC;gBACrC,CAAC,UAAU,EAAE,YAAY,CAAC,QAAQ,CAAC;gBACnC,CAAC,aAAa,EAAE,UAAU,CAAC,YAAY,CAAC,WAAW,CAAC,CAAC;gBACrD,CAAC,qBAAqB,EAAE,UAAU,CAAC,YAAY,CAAC,mBAAmB,CAAC,CAAC;aACtE,CAAA;YACD,MAAM,QAAQ,GAAG,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,CAAA;YAC3C,OAAO,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,IAAA,gBAAQ,EAAC,QAAQ,CAAC,CAAC,CAAA;QACnD,CAAC;KAAA;IAED,+BAA+B;IACjB,mBAAmB;;YAI/B,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC,CAAA;YACtD,OAAO;gBACL,GAAG,EAAE,MAAM,IAAI,CAAC,iBAAiB,CAAC,QAAQ,CAAC;gBAC3C,QAAQ;aACT,CAAA;QACH,CAAC;KAAA;IAEa,iBAAiB,CAAC,cAA2B;;YACzD,OAAO,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,SAAS,CAAC,KAAK,EAAE,cAAc,CAAC,CAAA;QACnE,CAAC;KAAA;IAED,wCAAwC;IAC1B,2BAA2B;;YAIvC,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC,CAAA;YACtD,OAAO;gBACL,MAAM,EAAE,MAAM,IAAI,CAAC,yBAAyB,CAAC,QAAQ,CAAC;gBACtD,QAAQ;aACT,CAAA;QACH,CAAC;KAAA;IAEO,yBAAyB,CAAC,cAA2B;QAC3D,OAAO,OAAO,CAAC,OAAO,CAAC,IAAA,cAAM,EAAC,cAAc,CAAC,CAAC,CAAA;IAChD,CAAC;IAEa,mBAAmB,CAC/B,OAAoB,EACpB,IAAmD;;YAEnD,MAAM,GAAG,GAA+C,EAAE,CAAA;YAC1D,KAAK,MAAM,CAAC,EAAE,EAAE,GAAG,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE;gBAC5C,GAAG,CAAC,IAAA,uBAAe,EAAC,EAAE,CAAC,CAAC,CAAC,CAAC,IAAA,yBAAiB,EAAC,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,GAAG,IAAA,cAAM,EAAC,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,EAAE,IAAA,gBAAQ,EAAC,IAAA,cAAM,EAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAA;aAClI;YACD,OAAO,GAAG,CAAA;QACZ,CAAC;KAAA;IAEa,gBAAgB,CAC5B,OAAoB,EACpB,IAAiD;;YAEjD,MAAM,GAAG,GAA6C,EAAE,CAAA;YACxD,KAAK,MAAM,CAAC,EAAE,EAAE,GAAG,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE;gBAC5C,GAAG,CAAC,EAAE,CAAC,GAAG,IAAA,cAAM,EAAC,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,EAAE,IAAI,UAAU,CAAC,OAAO,CAAC,CAAC,CAAC,CAAA;aAC/E;YACD,OAAO,GAAG,CAAA;QACZ,CAAC;KAAA;CACF;AArXD,0DAqXC","sourcesContent":["import { IccDataOwnerXApi } from '../icc-data-owner-x-api'\nimport { KeyPair } from './RSA'\nimport { ExchangeData } from '../../icc-api/model/internal/ExchangeData'\nimport { IccExchangeDataApi } from '../../icc-api/api/IccExchangeDataApi'\nimport { XHR } from '../../icc-api/api/XHR'\nimport XHRError = XHR.XHRError\nimport { CryptoPrimitives } from './CryptoPrimitives'\nimport { b64_2ua, hex2ua, ua2b64, ua2hex, ua2utf8, utf8_2ua } from '../utils'\nimport * as _ from 'lodash'\nimport { fingerprintV1toV2, fingerprintIsV1 } from './utils'\n\n/**\n * @internal this class is intended for internal use only and may be modified without notice\n * Functions to create and get exchange data.\n * The methods of this api require to pass the appropriate keys for encryption/decryption manually.\n */\nexport class BaseExchangeDataManager {\n constructor(\n readonly api: IccExchangeDataApi,\n private readonly dataOwnerApi: IccDataOwnerXApi,\n private readonly primitives: CryptoPrimitives,\n private readonly selfRequiresAnonymousDelegations: boolean\n ) {}\n\n /**\n * Get all the exchange data where the current data owner is the delegator or the delegate. However, some data owners, generally HCPs, may have a\n * prohibitively high amount of exchange data. If the crypto strategies specify that the current data owner requires anonymous delegation this\n * method returns all the exchange data found for the data owner, else the method returns undefined.\n * @return all the exchange data for the current data owner or undefined if the crypto strategies don't allow to retrieve all data for the current\n * data owner.\n */\n async getAllExchangeDataForCurrentDataOwnerIfAllowed(): Promise<ExchangeData[] | undefined> {\n if (!this.selfRequiresAnonymousDelegations) return undefined\n const dataOwnerId = await this.dataOwnerApi.getCurrentDataOwnerId()\n let latestResult = await this.api.getExchangeDataByParticipant(dataOwnerId, undefined, 1000)\n const allRetrieved = latestResult.rows ?? []\n while (latestResult.nextKeyPair?.startKeyDocId) {\n latestResult = await this.api.getExchangeDataByParticipant(dataOwnerId, latestResult.nextKeyPair.startKeyDocId, 1000)\n if (latestResult.rows) allRetrieved.push(...latestResult.rows)\n }\n return allRetrieved\n }\n\n /**\n * Get all exchange data for the provided delegator-delegate pair.\n * @param delegatorId id of a delegator data owner.\n * @param delegateId id of a delegate data owner.\n * @return all exchange data for the provided delegator-delegate pair.\n */\n async getExchangeDataByDelegatorDelegatePair(delegatorId: string, delegateId: string): Promise<ExchangeData[]> {\n return await this.api.getExchangeDataByDelegatorDelegate(delegatorId, delegateId)\n }\n\n /**\n * Get the exchange data with the provided id.\n * @param exchangeDataId id of the exchange data.\n * @return the exchange data with the provided id or undefined if no exchange data with such id could be found.\n */\n async getExchangeDataById(exchangeDataId: string): Promise<ExchangeData | undefined> {\n return await this.api.getExchangeDataById(exchangeDataId).catch((e) => {\n if (e instanceof XHRError && e.statusCode === 404) {\n return undefined\n } else throw e\n })\n }\n\n /**\n * Filters exchange data returning only the instances that could be verified using their signature and the provided verification\n * keys.\n * Note that all exchange data created by data owners other than the current data owner (including members of his hierarchy)\n * will always be unverified.\n * @param exchangeData the exchange data to verify.\n * @param getVerificationKey function to retrieve keys to use for verification by fingerprint.\n * @return the exchange data which could be verified given his signature and the available verification keys.\n * @throws if any of the provided exchange data has been created by a data owner other than the current data owner.\n */\n async filterVerifiedExchangeData(\n exchangeData: ExchangeData[],\n getVerificationKey: (publicKeyFingerprint: string) => Promise<CryptoKey | undefined>\n ): Promise<ExchangeData[]> {\n const verified: ExchangeData[] = []\n for (const ed of exchangeData) {\n if (await this.verifyExchangeData(ed, (x) => getVerificationKey(x))) verified.push(ed)\n }\n return verified\n }\n\n /**\n * Verifies the authenticity of the exchange data by checking the signature.\n * Note that all exchange data created by data owners other than the current data owner (including members of his hierarchy)\n * will always be unverified.\n * @param exchangeData the exchange data to verify.\n * @param getVerificationKey function to retrieve keys to use for verification by fingerprint.\n * @return the exchange data which could be verified given his signature and the available verification keys.\n * @throws if any of the provided exchange data has been created by a data owner other than the current data owner.\n */\n async verifyExchangeData(\n exchangeData: ExchangeData,\n getVerificationKey: (publicKeyFingerprint: string) => Promise<CryptoKey | undefined>\n ): Promise<boolean> {\n const dataOwnerId = await this.dataOwnerApi.getCurrentDataOwnerId()\n if (exchangeData.delegator !== dataOwnerId) return false\n const signatureData = await this.bytesToSign(exchangeData)\n for (const [fp, signature] of Object.entries(exchangeData.signature)) {\n const verificationKey = await getVerificationKey(fp.slice(-32))\n if (verificationKey && (await this.primitives.RSA.verifySignature(verificationKey, b64_2ua(signature), signatureData))) return true\n }\n return false\n }\n\n /**\n * Extracts and decrypts the access control secret from the provided exchange data.\n * These need to be hashed together with the entity class and confidentiality level in order to get the actual access control key\n * which will be sent to the server.\n * @param exchangeData the exchange data from which to extract access control secrets.\n * @param decryptionKeys rsa key pairs to use for decryption of the access control secret.\n * @return an object composed of:\n * - successfulDecryptions: array of all successfully decrypted access control keys\n * - failedDecryptions: array containing all exchange data for which the access control key could not be decrypted (using the provided keys).\n */\n async tryDecryptAccessControlSecret(\n exchangeData: ExchangeData[],\n decryptionKeys: { [publicKeyFingerprint: string]: KeyPair<CryptoKey> }\n ): Promise<{\n successfulDecryptions: string[]\n failedDecryptions: ExchangeData[]\n }> {\n return await this.tryDecryptExchangeData(\n exchangeData,\n decryptionKeys,\n (ed) => ed.accessControlSecret,\n (d) => this.importAccessControlSecret(new Uint8Array(d))\n )\n }\n\n /**\n * Extract and decrypts the exchange keys from the provided exchange data.\n * @param exchangeData the exchange data from which to extract exchange keys.\n * @param decryptionKeys rsa key pairs to use for the decryption of the exchange keys.\n * @return an object composed of:\n * - successfulDecryptions: array containing the successfully decrypted exchange keys.\n * - failedDecryptions: array containing all exchange data for which the access control key could not be decrypted (using the provided keys).\n */\n async tryDecryptExchangeKeys(\n exchangeData: ExchangeData[],\n decryptionKeys: { [publicKeyFingerprint: string]: KeyPair<CryptoKey> }\n ): Promise<{\n successfulDecryptions: CryptoKey[]\n failedDecryptions: ExchangeData[]\n }> {\n return await this.tryDecryptExchangeData(\n exchangeData,\n decryptionKeys,\n (ed) => ed.exchangeKey,\n (d) => this.importExchangeKey(new Uint8Array(d))\n )\n }\n\n private async tryDecryptExchangeData<T>(\n exchangeData: ExchangeData[],\n decryptionKeys: { [publicKeyFingerprint: string]: KeyPair<CryptoKey> },\n encryptedDataSelector: (data: ExchangeData) => { [keyPairFingerprint: string]: string },\n unmarshalDecrypted: (decrypted: ArrayBuffer) => Promise<T>\n ): Promise<{\n successfulDecryptions: T[]\n failedDecryptions: ExchangeData[]\n }> {\n const successfulDecryptions: T[] = []\n const failedDecryptions: ExchangeData[] = []\n for (const ed of exchangeData) {\n try {\n const decrypted = await this.tryDecrypt(encryptedDataSelector(ed), decryptionKeys)\n if (decrypted) {\n successfulDecryptions.push(await unmarshalDecrypted(decrypted))\n } else {\n failedDecryptions.push(ed)\n }\n } catch (e) {\n failedDecryptions.push(ed)\n }\n }\n return { successfulDecryptions, failedDecryptions }\n }\n\n private async tryDecrypt(\n encryptedData: { [keyPairFingerprintV2: string]: string },\n decryptionKeys: { [publicKeyFingerprintV1: string]: KeyPair<CryptoKey> }\n ): Promise<ArrayBuffer | undefined> {\n const decryptionKeysWithV2Fp = Object.keys(decryptionKeys).reduce((prev, fp) => {\n return {\n ...prev,\n [fingerprintIsV1(fp) ? fingerprintV1toV2(fp) : fp]: decryptionKeys[fp],\n }\n }, {} as { [publicKeyFingerprint: string]: KeyPair<CryptoKey> })\n for (const [fp, encrypted] of Object.entries(encryptedData)) {\n try {\n const key = decryptionKeysWithV2Fp[fp]?.privateKey\n if (key) return hex2ua(ua2utf8(await this.primitives.RSA.decrypt(key, b64_2ua(encrypted))))\n } catch (e) {\n // Try with another key\n }\n }\n }\n\n /**\n * Creates exchange data from the current data owner to the provided delegate, uploading the newly created exchange data to the cloud.\n * This assumes that the keys have been verified.\n * @param delegateId id of the delegate for the new exchange data.\n * @param signatureKeys private keys to use for signing the created data.\n * @param encryptionKeys public keys to use for the encryption of the exchange data (from delegator and delegate).\n * @param optionalAttributes optional precalculated attributes for the creation of data\n * @return the newly created exchange data, and its decrypted exchange key and access control secret.\n */\n async createExchangeData(\n delegateId: string,\n signatureKeys: { [keyPairFingerprint: string]: CryptoKey },\n encryptionKeys: { [keyPairFingerprint: string]: CryptoKey },\n optionalAttributes: {\n id?: string\n } = {}\n ): Promise<{\n exchangeData: ExchangeData\n exchangeKey: CryptoKey\n accessControlSecret: string\n }> {\n if (!Object.keys(signatureKeys).length || !Object.keys(encryptionKeys).length) {\n throw new Error('Must specify at least one signature key and ')\n }\n const exchangeKey = await this.generateExchangeKey()\n const accessControlSecret = await this.generateAccessControlSecret()\n const encryptedExchangeKey = await this.encryptDataWithKeys(exchangeKey.rawBytes, encryptionKeys)\n const encryptedAccessControlSecret = await this.encryptDataWithKeys(accessControlSecret.rawBytes, encryptionKeys)\n const baseExchangeData = {\n id: optionalAttributes.id ?? this.primitives.randomUuid(),\n delegator: await this.dataOwnerApi.getCurrentDataOwnerId(),\n delegate: delegateId,\n exchangeKey: encryptedExchangeKey,\n accessControlSecret: encryptedAccessControlSecret,\n }\n const signature = await this.signDataWithKeys(await this.bytesToSign(baseExchangeData), signatureKeys)\n const exchangeData = new ExchangeData({ ...baseExchangeData, signature })\n return {\n exchangeData: await this.api.createExchangeData(exchangeData),\n exchangeKey: exchangeKey.key,\n accessControlSecret: accessControlSecret.secret,\n }\n }\n\n /**\n * Updates existing exchange data and uploads it to the cloud in order to share it also with additional public keys, useful for example in cases\n * where one of the data owners involved in the exchange data has lost one of his keys.\n * If the content of the exchange data could not be decrypted using the provided keys the method will not update anything and will return undefined.\n * This method assumes that the new encryption keys have been verified.\n * If the current data owner is also the delegator of the provided exchange data and at least one of the verification keys can be used to\n * validate the current exchange data then the signature will be updated using the signature keys.\n * Instead, if the current data owner is not the delegator of the provided exchange data, or the exchange data could not be verified using\n * the provided verification keys then the updated exchange data will become unverified, and won't ever be verifiable again.\n * @param exchangeData exchange data to update.\n * @param decryptionKeys keys to use to extract the content of the exchange data which will be shared with the new keys.\n * @param signatureKeys keys to use for the new signature of the updated exchange data.\n * @param newEncryptionKeys new keys to add to the exchange data.\n * @param getVerificationKey function to retrieve keys to use for verification by fingerprint.\n * @return the updated exchange data, and its decrypted exchange key and access control secret, or undefined if the exchange data content could not\n * be decrypted and the exchange data could not be updated.\n */\n async tryUpdateExchangeData(\n exchangeData: ExchangeData,\n decryptionKeys: { [publicKeyFingerprint: string]: KeyPair<CryptoKey> },\n newEncryptionKeys: { [keyPairFingerprint: string]: CryptoKey },\n signatureKeys: { [keyPairFingerprint: string]: CryptoKey },\n getVerificationKey: (publicKeyFingerprint: string) => Promise<CryptoKey | undefined>\n ): Promise<\n | {\n exchangeData: ExchangeData\n exchangeKey: CryptoKey\n accessControlSecret: string\n }\n | undefined\n > {\n const dataOwnerId = await this.dataOwnerApi.getCurrentDataOwnerId()\n const rawExchangeKey = await this.tryDecrypt(exchangeData.exchangeKey, decryptionKeys)\n const rawAccessControlSecret = await this.tryDecrypt(exchangeData.accessControlSecret, decryptionKeys)\n if (!rawExchangeKey || !rawAccessControlSecret) return undefined\n const exchangeKey = await this.importExchangeKey(new Uint8Array(rawExchangeKey))\n const accessControlSecret = await this.importAccessControlSecret(new Uint8Array(rawAccessControlSecret))\n const existingExchangeKeyEntries = new Set(Object.keys(exchangeData.exchangeKey))\n const existingAcsEntries = new Set(Object.keys(exchangeData.accessControlSecret))\n const missingEntries = Object.keys(newEncryptionKeys).filter((fp) => !existingAcsEntries.has(fp) || !existingExchangeKeyEntries.has(fp))\n if (!missingEntries.length) return { exchangeData, exchangeKey, accessControlSecret }\n const encryptionKeysForMissingEntries = missingEntries.reduce((obj, fp) => {\n obj[fp] = newEncryptionKeys[fp]\n return obj\n }, {} as { [keyPairFingerprint: string]: CryptoKey })\n const isVerified = exchangeData.delegator == dataOwnerId && (await this.verifyExchangeData(exchangeData, (fp) => getVerificationKey(fp)))\n const updatedExchangeData = _.cloneDeep(exchangeData)\n updatedExchangeData.exchangeKey = {\n ...exchangeData.exchangeKey,\n ...(await this.encryptDataWithKeys(rawExchangeKey, encryptionKeysForMissingEntries)),\n }\n updatedExchangeData.accessControlSecret = {\n ...exchangeData.accessControlSecret,\n ...(await this.encryptDataWithKeys(rawAccessControlSecret, encryptionKeysForMissingEntries)),\n }\n if (isVerified) {\n const newDataToSign = await this.bytesToSign(updatedExchangeData)\n updatedExchangeData.signature = await this.signDataWithKeys(newDataToSign, signatureKeys)\n }\n return { exchangeData: await this.api.modifyExchangeData(new ExchangeData(updatedExchangeData)), exchangeKey, accessControlSecret }\n }\n\n // Gets a byte representation of the parts of exchange data which should be included in the signature.\n // Equivalent json representations of the exchange data should provide the same bytes (even if the order of entries\n // is different).\n private async bytesToSign(exchangeData: {\n delegate: string\n delegator: string\n exchangeKey: { [k: string]: string }\n accessControlSecret: { [k: string]: string }\n }): Promise<ArrayBuffer> {\n function sortObject(obj: { [k: string]: string }): [string, string][] {\n return Object.keys(obj)\n .sort()\n .reduce((sorted, key) => {\n return [...sorted, [key, obj[key]]]\n }, [] as [string, string][])\n }\n const signObject = [\n ['delegator', exchangeData.delegator],\n ['delegate', exchangeData.delegate],\n ['exchangeKey', sortObject(exchangeData.exchangeKey)],\n ['accessControlSecret', sortObject(exchangeData.accessControlSecret)],\n ]\n const signJson = JSON.stringify(signObject)\n return this.primitives.sha256(utf8_2ua(signJson))\n }\n\n // Generates a new exchange key\n private async generateExchangeKey(): Promise<{\n key: CryptoKey // the imported key\n rawBytes: ArrayBuffer // the bytes to encrypt for in the exchange data\n }> {\n const rawBytes = await this.primitives.randomBytes(32)\n return {\n key: await this.importExchangeKey(rawBytes),\n rawBytes,\n }\n }\n\n private async importExchangeKey(decryptedBytes: ArrayBuffer): Promise<CryptoKey> {\n return await this.primitives.AES.importKey('raw', decryptedBytes)\n }\n\n // Generates a new access control secret\n private async generateAccessControlSecret(): Promise<{\n secret: string // the imported secret\n rawBytes: ArrayBuffer // the bytes to encrypt for in the exchange data\n }> {\n const rawBytes = await this.primitives.randomBytes(16)\n return {\n secret: await this.importAccessControlSecret(rawBytes),\n rawBytes,\n }\n }\n\n private importAccessControlSecret(decryptedBytes: ArrayBuffer): Promise<string> {\n return Promise.resolve(ua2hex(decryptedBytes))\n }\n\n private async encryptDataWithKeys(\n rawData: ArrayBuffer,\n keys: { [keyPairFingerprintV1: string]: CryptoKey }\n ): Promise<{ [keyPairFingerprintV2: string]: string }> {\n const res: { [keyPairFingerprintV2: string]: string } = {}\n for (const [fp, key] of Object.entries(keys)) {\n res[fingerprintIsV1(fp) ? fingerprintV1toV2(fp) : fp] = ua2b64(await this.primitives.RSA.encrypt(key, utf8_2ua(ua2hex(rawData))))\n }\n return res\n }\n\n private async signDataWithKeys(\n rawData: ArrayBuffer,\n keys: { [keyPairFingerprint: string]: CryptoKey }\n ): Promise<{ [keyPairFingerprint: string]: string }> {\n const res: { [keyPairFingerprint: string]: string } = {}\n for (const [fp, key] of Object.entries(keys)) {\n res[fp] = ua2b64(await this.primitives.RSA.sign(key, new Uint8Array(rawData)))\n }\n return res\n }\n}\n"]}
@@ -0,0 +1,44 @@
1
+ import { EncryptedEntityWithType } from '../utils/EntityWithDelegationTypeName';
2
+ import { SecureDelegation } from '../../icc-api/model/SecureDelegation';
3
+ import AccessLevelEnum = SecureDelegation.AccessLevelEnum;
4
+ import { SecureDelegationsSecurityMetadataDecryptor } from './SecureDelegationsSecurityMetadataDecryptor';
5
+ import { ExtendedApisUtils } from './ExtendedApisUtils';
6
+ import { CryptoPrimitives } from './CryptoPrimitives';
7
+ import { AuthenticationProvider } from '../auth/AuthenticationProvider';
8
+ import { AccessControlKeysHeadersProvider } from './AccessControlKeysHeadersProvider';
9
+ import { AccessControlSecretUtils } from './AccessControlSecretUtils';
10
+ import { IccDataOwnerXApi } from '../icc-data-owner-x-api';
11
+ export declare class DelegationsDeAnonymization {
12
+ private readonly dataOwnerApi;
13
+ private readonly secureDelegationsMetadataDecryptor;
14
+ private readonly xapis;
15
+ private readonly cryptoPrimitives;
16
+ private readonly accessControlSecretUtils;
17
+ private readonly accessControlKeysHeadersProvider;
18
+ private readonly delegationKeyMapFieldsToEncrypt;
19
+ private readonly delegationKeyMapApi;
20
+ constructor(dataOwnerApi: IccDataOwnerXApi, secureDelegationsMetadataDecryptor: SecureDelegationsSecurityMetadataDecryptor, xapis: ExtendedApisUtils, cryptoPrimitives: CryptoPrimitives, accessControlSecretUtils: AccessControlSecretUtils, host: string, headers: {
21
+ [key: string]: string;
22
+ }, authenticationProvider: AuthenticationProvider | undefined, fetchImpl: ((input: RequestInfo, init?: RequestInit) => Promise<Response>) | undefined, accessControlKeysHeadersProvider: AccessControlKeysHeadersProvider);
23
+ /**
24
+ * Creates / updates information to allow the data owners in {@link shareWithDataOwners} to de-anonymize the delegations contained within
25
+ * {@link entity}.
26
+ * Note that the delegation de-anonymization information may be used also with other entities of the same type.
27
+ */
28
+ createOrUpdateDeAnonymizationInfo(entityWithType: EncryptedEntityWithType, shareWithDataOwners: string[]): Promise<void>;
29
+ /**
30
+ * Get the data owners which can access the entity. See {@link EncryptedEntityXApi.getDataOwnersWithAccessTo} for more details.
31
+ * @param entityWithType an entity.
32
+ */
33
+ getDataOwnersWithAccessTo(entityWithType: EncryptedEntityWithType): Promise<{
34
+ permissionsByDataOwnerId: {
35
+ [dataOwnerId: string]: AccessLevelEnum;
36
+ };
37
+ hasUnknownAnonymousDataOwners: boolean;
38
+ }>;
39
+ private getDataOwnersWithAccessToSecureDelegations;
40
+ private mergePermissions;
41
+ private getDecryptedSecureDelegationKeyMaps;
42
+ private ensureDelegationKeyMapSharedWith;
43
+ private createSecureDelegationKeyMap;
44
+ }