@icure/api 8.0.0-RC.1 → 8.0.0-RC.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (345) hide show
  1. package/icc-api/api/IccAccesslogApi.d.ts +12 -4
  2. package/icc-api/api/IccAccesslogApi.js +23 -18
  3. package/icc-api/api/IccAccesslogApi.js.map +1 -1
  4. package/icc-api/api/IccAgendaApi.d.ts +13 -4
  5. package/icc-api/api/IccAgendaApi.js +42 -19
  6. package/icc-api/api/IccAgendaApi.js.map +1 -1
  7. package/icc-api/api/IccApplicationsettingsApi.d.ts +1 -1
  8. package/icc-api/api/IccApplicationsettingsApi.js +2 -2
  9. package/icc-api/api/IccApplicationsettingsApi.js.map +1 -1
  10. package/icc-api/api/IccArticleApi.d.ts +13 -4
  11. package/icc-api/api/IccArticleApi.js +50 -26
  12. package/icc-api/api/IccArticleApi.js.map +1 -1
  13. package/icc-api/api/IccAuthApi.d.ts +1 -1
  14. package/icc-api/api/IccAuthApi.js +2 -2
  15. package/icc-api/api/IccAuthApi.js.map +1 -1
  16. package/icc-api/api/IccCalendarItemApi.d.ts +8 -4
  17. package/icc-api/api/IccCalendarItemApi.js +15 -22
  18. package/icc-api/api/IccCalendarItemApi.js.map +1 -1
  19. package/icc-api/api/IccCalendarItemTypeApi.d.ts +6 -4
  20. package/icc-api/api/IccCalendarItemTypeApi.js +60 -45
  21. package/icc-api/api/IccCalendarItemTypeApi.js.map +1 -1
  22. package/icc-api/api/IccClassificationApi.d.ts +14 -5
  23. package/icc-api/api/IccClassificationApi.js +22 -12
  24. package/icc-api/api/IccClassificationApi.js.map +1 -1
  25. package/icc-api/api/IccClassificationTemplateApi.d.ts +14 -5
  26. package/icc-api/api/IccClassificationTemplateApi.js +102 -70
  27. package/icc-api/api/IccClassificationTemplateApi.js.map +1 -1
  28. package/icc-api/api/IccCodeApi.d.ts +1 -1
  29. package/icc-api/api/IccCodeApi.js +2 -2
  30. package/icc-api/api/IccCodeApi.js.map +1 -1
  31. package/icc-api/api/IccContactApi.d.ts +11 -4
  32. package/icc-api/api/IccContactApi.js +20 -13
  33. package/icc-api/api/IccContactApi.js.map +1 -1
  34. package/icc-api/api/IccDataownerApi.d.ts +1 -1
  35. package/icc-api/api/IccDataownerApi.js +44 -27
  36. package/icc-api/api/IccDataownerApi.js.map +1 -1
  37. package/icc-api/api/IccDeviceApi.d.ts +1 -1
  38. package/icc-api/api/IccDeviceApi.js +43 -32
  39. package/icc-api/api/IccDeviceApi.js.map +1 -1
  40. package/icc-api/api/IccDoctemplateApi.d.ts +10 -8
  41. package/icc-api/api/IccDoctemplateApi.js +121 -101
  42. package/icc-api/api/IccDoctemplateApi.js.map +1 -1
  43. package/icc-api/api/IccDocumentApi.d.ts +19 -5
  44. package/icc-api/api/IccDocumentApi.js +38 -13
  45. package/icc-api/api/IccDocumentApi.js.map +1 -1
  46. package/icc-api/api/IccEntityrefApi.d.ts +1 -1
  47. package/icc-api/api/IccEntityrefApi.js +27 -16
  48. package/icc-api/api/IccEntityrefApi.js.map +1 -1
  49. package/icc-api/api/IccEntitytemplateApi.d.ts +6 -4
  50. package/icc-api/api/IccEntitytemplateApi.js +118 -97
  51. package/icc-api/api/IccEntitytemplateApi.js.map +1 -1
  52. package/icc-api/api/IccExchangeDataApi.d.ts +2 -2
  53. package/icc-api/api/IccExchangeDataApi.js +73 -52
  54. package/icc-api/api/IccExchangeDataApi.js.map +1 -1
  55. package/icc-api/api/IccExchangeDataMapApi.d.ts +2 -2
  56. package/icc-api/api/IccExchangeDataMapApi.js +53 -34
  57. package/icc-api/api/IccExchangeDataMapApi.js.map +1 -1
  58. package/icc-api/api/IccFormApi.d.ts +13 -5
  59. package/icc-api/api/IccFormApi.js +24 -18
  60. package/icc-api/api/IccFormApi.js.map +1 -1
  61. package/icc-api/api/IccFrontendmigrationApi.d.ts +1 -1
  62. package/icc-api/api/IccFrontendmigrationApi.js +19 -10
  63. package/icc-api/api/IccFrontendmigrationApi.js.map +1 -1
  64. package/icc-api/api/IccGroupApi.d.ts +16 -2
  65. package/icc-api/api/IccGroupApi.js +29 -3
  66. package/icc-api/api/IccGroupApi.js.map +1 -1
  67. package/icc-api/api/IccHcpartyApi.d.ts +25 -10
  68. package/icc-api/api/IccHcpartyApi.js +84 -53
  69. package/icc-api/api/IccHcpartyApi.js.map +1 -1
  70. package/icc-api/api/IccHelementApi.d.ts +13 -5
  71. package/icc-api/api/IccHelementApi.js +25 -21
  72. package/icc-api/api/IccHelementApi.js.map +1 -1
  73. package/icc-api/api/IccIcureApi.d.ts +1 -1
  74. package/icc-api/api/IccIcureApi.js +2 -2
  75. package/icc-api/api/IccIcureApi.js.map +1 -1
  76. package/icc-api/api/IccInsuranceApi.d.ts +1 -1
  77. package/icc-api/api/IccInsuranceApi.js +67 -50
  78. package/icc-api/api/IccInsuranceApi.js.map +1 -1
  79. package/icc-api/api/IccInvoiceApi.d.ts +1 -1
  80. package/icc-api/api/IccInvoiceApi.js +5 -11
  81. package/icc-api/api/IccInvoiceApi.js.map +1 -1
  82. package/icc-api/api/IccKeywordApi.d.ts +6 -5
  83. package/icc-api/api/IccKeywordApi.js +59 -45
  84. package/icc-api/api/IccKeywordApi.js.map +1 -1
  85. package/icc-api/api/IccMaintenanceTaskApi.d.ts +13 -4
  86. package/icc-api/api/IccMaintenanceTaskApi.js +22 -12
  87. package/icc-api/api/IccMaintenanceTaskApi.js.map +1 -1
  88. package/icc-api/api/IccMedexApi.d.ts +1 -1
  89. package/icc-api/api/IccMedexApi.js +19 -10
  90. package/icc-api/api/IccMedexApi.js.map +1 -1
  91. package/icc-api/api/IccMedicallocationApi.d.ts +6 -4
  92. package/icc-api/api/IccMedicallocationApi.js +52 -39
  93. package/icc-api/api/IccMedicallocationApi.js.map +1 -1
  94. package/icc-api/api/IccMessageApi.d.ts +25 -7
  95. package/icc-api/api/IccMessageApi.js +52 -22
  96. package/icc-api/api/IccMessageApi.js.map +1 -1
  97. package/icc-api/api/IccPatientApi.d.ts +13 -5
  98. package/icc-api/api/IccPatientApi.js +23 -13
  99. package/icc-api/api/IccPatientApi.js.map +1 -1
  100. package/icc-api/api/IccPermissionApi.d.ts +1 -1
  101. package/icc-api/api/IccPermissionApi.js +19 -10
  102. package/icc-api/api/IccPermissionApi.js.map +1 -1
  103. package/icc-api/api/IccPlaceApi.d.ts +7 -5
  104. package/icc-api/api/IccPlaceApi.js +53 -40
  105. package/icc-api/api/IccPlaceApi.js.map +1 -1
  106. package/icc-api/api/IccReceiptApi.d.ts +13 -4
  107. package/icc-api/api/IccReceiptApi.js +23 -13
  108. package/icc-api/api/IccReceiptApi.js.map +1 -1
  109. package/icc-api/api/IccReplicationApi.d.ts +1 -1
  110. package/icc-api/api/IccReplicationApi.js +3 -5
  111. package/icc-api/api/IccReplicationApi.js.map +1 -1
  112. package/icc-api/api/IccRoleApi.d.ts +16 -0
  113. package/icc-api/api/IccRoleApi.js +42 -0
  114. package/icc-api/api/IccRoleApi.js.map +1 -0
  115. package/icc-api/api/IccSecureDelegationKeyMapApi.d.ts +26 -0
  116. package/icc-api/api/IccSecureDelegationKeyMapApi.js +71 -0
  117. package/icc-api/api/IccSecureDelegationKeyMapApi.js.map +1 -0
  118. package/icc-api/api/IccTarificationApi.d.ts +1 -1
  119. package/icc-api/api/IccTarificationApi.js +19 -10
  120. package/icc-api/api/IccTarificationApi.js.map +1 -1
  121. package/icc-api/api/IccTimeTableApi.d.ts +13 -4
  122. package/icc-api/api/IccTimeTableApi.js +21 -9
  123. package/icc-api/api/IccTimeTableApi.js.map +1 -1
  124. package/icc-api/api/IccTopicApi.d.ts +97 -0
  125. package/icc-api/api/IccTopicApi.js +208 -0
  126. package/icc-api/api/IccTopicApi.js.map +1 -0
  127. package/icc-api/api/IccUserApi.d.ts +31 -1
  128. package/icc-api/api/IccUserApi.js +65 -2
  129. package/icc-api/api/IccUserApi.js.map +1 -1
  130. package/icc-api/index.d.ts +1 -0
  131. package/icc-api/index.js +1 -0
  132. package/icc-api/index.js.map +1 -1
  133. package/icc-api/model/AbstractFilterMessage.d.ts +15 -0
  134. package/icc-api/model/AbstractFilterMessage.js +21 -0
  135. package/icc-api/model/AbstractFilterMessage.js.map +1 -0
  136. package/icc-api/model/AbstractFilterTopic.d.ts +15 -0
  137. package/icc-api/model/AbstractFilterTopic.js +21 -0
  138. package/icc-api/model/AbstractFilterTopic.js.map +1 -0
  139. package/icc-api/model/AccessLog.d.ts +0 -2
  140. package/icc-api/model/AccessLog.js +0 -1
  141. package/icc-api/model/AccessLog.js.map +1 -1
  142. package/icc-api/model/Article.d.ts +0 -2
  143. package/icc-api/model/Article.js +0 -1
  144. package/icc-api/model/Article.js.map +1 -1
  145. package/icc-api/model/CalendarItem.d.ts +0 -2
  146. package/icc-api/model/CalendarItem.js +0 -1
  147. package/icc-api/model/CalendarItem.js.map +1 -1
  148. package/icc-api/model/Classification.d.ts +0 -2
  149. package/icc-api/model/Classification.js +0 -1
  150. package/icc-api/model/Classification.js.map +1 -1
  151. package/icc-api/model/Connection.d.ts +1 -1
  152. package/icc-api/model/Connection.js.map +1 -1
  153. package/icc-api/model/Contact.d.ts +0 -2
  154. package/icc-api/model/Contact.js +0 -1
  155. package/icc-api/model/Contact.js.map +1 -1
  156. package/icc-api/model/Document.d.ts +0 -2
  157. package/icc-api/model/Document.js +0 -1
  158. package/icc-api/model/Document.js.map +1 -1
  159. package/icc-api/model/FilterChainMessage.d.ts +19 -0
  160. package/icc-api/model/FilterChainMessage.js +11 -0
  161. package/icc-api/model/FilterChainMessage.js.map +1 -0
  162. package/icc-api/model/FilterChainTopic.d.ts +19 -0
  163. package/icc-api/model/FilterChainTopic.js +11 -0
  164. package/icc-api/model/FilterChainTopic.js.map +1 -0
  165. package/icc-api/model/Form.d.ts +0 -2
  166. package/icc-api/model/Form.js +0 -1
  167. package/icc-api/model/Form.js.map +1 -1
  168. package/icc-api/model/Group.d.ts +4 -0
  169. package/icc-api/model/Group.js.map +1 -1
  170. package/icc-api/model/HealthElement.d.ts +0 -2
  171. package/icc-api/model/HealthElement.js +0 -1
  172. package/icc-api/model/HealthElement.js.map +1 -1
  173. package/icc-api/model/HealthcareParty.js +13 -1
  174. package/icc-api/model/HealthcareParty.js.map +1 -1
  175. package/icc-api/model/Invoice.d.ts +0 -2
  176. package/icc-api/model/Invoice.js +0 -1
  177. package/icc-api/model/Invoice.js.map +1 -1
  178. package/icc-api/model/MaintenanceTask.d.ts +11 -10
  179. package/icc-api/model/MaintenanceTask.js +13 -12
  180. package/icc-api/model/MaintenanceTask.js.map +1 -1
  181. package/icc-api/model/Message.d.ts +5 -2
  182. package/icc-api/model/Message.js +0 -1
  183. package/icc-api/model/Message.js.map +1 -1
  184. package/icc-api/model/MessageAttachment.d.ts +10 -0
  185. package/icc-api/model/MessageAttachment.js +10 -0
  186. package/icc-api/model/MessageAttachment.js.map +1 -0
  187. package/icc-api/model/PaginatedListExchangeData.d.ts +1 -1
  188. package/icc-api/model/PaginatedListExchangeData.js.map +1 -1
  189. package/icc-api/model/PaginatedListTopic.d.ts +20 -0
  190. package/icc-api/model/PaginatedListTopic.js +10 -0
  191. package/icc-api/model/PaginatedListTopic.js.map +1 -0
  192. package/icc-api/model/Patient.d.ts +0 -2
  193. package/icc-api/model/Patient.js +0 -1
  194. package/icc-api/model/Patient.js.map +1 -1
  195. package/icc-api/model/Receipt.d.ts +0 -2
  196. package/icc-api/model/Receipt.js +0 -1
  197. package/icc-api/model/Receipt.js.map +1 -1
  198. package/icc-api/model/Role.d.ts +11 -0
  199. package/icc-api/model/Role.js +10 -0
  200. package/icc-api/model/Role.js.map +1 -0
  201. package/icc-api/model/RoleConfiguration.d.ts +6 -0
  202. package/icc-api/model/RoleConfiguration.js +10 -0
  203. package/icc-api/model/RoleConfiguration.js.map +1 -0
  204. package/icc-api/model/RoleSourceEnum.d.ts +11 -0
  205. package/icc-api/model/RoleSourceEnum.js +16 -0
  206. package/icc-api/model/RoleSourceEnum.js.map +1 -0
  207. package/icc-api/model/TimeTable.d.ts +0 -2
  208. package/icc-api/model/TimeTable.js +0 -1
  209. package/icc-api/model/TimeTable.js.map +1 -1
  210. package/icc-api/model/Topic.d.ts +95 -0
  211. package/icc-api/model/Topic.js +16 -0
  212. package/icc-api/model/Topic.js.map +1 -0
  213. package/icc-api/model/UserTypeEnum.d.ts +9 -0
  214. package/icc-api/model/UserTypeEnum.js +14 -0
  215. package/icc-api/model/UserTypeEnum.js.map +1 -0
  216. package/icc-api/model/{ExchangeData.d.ts → internal/ExchangeData.d.ts} +3 -0
  217. package/icc-api/model/{ExchangeData.js → internal/ExchangeData.js} +3 -0
  218. package/icc-api/model/internal/ExchangeData.js.map +1 -0
  219. package/icc-api/model/{ExchangeDataMap.d.ts → internal/ExchangeDataMap.d.ts} +3 -0
  220. package/icc-api/model/{ExchangeDataMap.js → internal/ExchangeDataMap.js} +3 -0
  221. package/icc-api/model/internal/ExchangeDataMap.js.map +1 -0
  222. package/icc-api/model/internal/SecureDelegationKeyMap.d.ts +14 -0
  223. package/icc-api/model/internal/SecureDelegationKeyMap.js +13 -0
  224. package/icc-api/model/internal/SecureDelegationKeyMap.js.map +1 -0
  225. package/icc-api/model/models.d.ts +11 -1
  226. package/icc-api/model/models.js +9 -0
  227. package/icc-api/model/models.js.map +1 -1
  228. package/icc-x-api/basexapi/EncryptedEntityXApi.d.ts +52 -4
  229. package/icc-x-api/basexapi/EncryptedEntityXApi.js.map +1 -1
  230. package/icc-x-api/crypto/AccessControlKeysHeadersProvider.d.ts +2 -0
  231. package/icc-x-api/crypto/AccessControlKeysHeadersProvider.js +13 -4
  232. package/icc-x-api/crypto/AccessControlKeysHeadersProvider.js.map +1 -1
  233. package/icc-x-api/crypto/AccessControlSecretUtils.d.ts +1 -0
  234. package/icc-x-api/crypto/AccessControlSecretUtils.js +11 -0
  235. package/icc-x-api/crypto/AccessControlSecretUtils.js.map +1 -1
  236. package/icc-x-api/crypto/BaseExchangeDataManager.d.ts +1 -1
  237. package/icc-x-api/crypto/BaseExchangeDataManager.js +1 -1
  238. package/icc-x-api/crypto/BaseExchangeDataManager.js.map +1 -1
  239. package/icc-x-api/crypto/DelegationsDeAnonymization.d.ts +44 -0
  240. package/icc-x-api/crypto/DelegationsDeAnonymization.js +235 -0
  241. package/icc-x-api/crypto/DelegationsDeAnonymization.js.map +1 -0
  242. package/icc-x-api/crypto/ExchangeDataManager.d.ts +3 -1
  243. package/icc-x-api/crypto/ExchangeDataManager.js +27 -19
  244. package/icc-x-api/crypto/ExchangeDataManager.js.map +1 -1
  245. package/icc-x-api/crypto/ExchangeDataMapManager.d.ts +1 -1
  246. package/icc-x-api/crypto/ExchangeDataMapManager.js.map +1 -1
  247. package/icc-x-api/crypto/ExtendedApisUtils.d.ts +0 -10
  248. package/icc-x-api/crypto/ExtendedApisUtils.js.map +1 -1
  249. package/icc-x-api/crypto/ExtendedApisUtilsImpl.d.ts +0 -7
  250. package/icc-x-api/crypto/ExtendedApisUtilsImpl.js +4 -7
  251. package/icc-x-api/crypto/ExtendedApisUtilsImpl.js.map +1 -1
  252. package/icc-x-api/crypto/LegacyDelegationSecurityMetadataDecryptor.d.ts +0 -6
  253. package/icc-x-api/crypto/LegacyDelegationSecurityMetadataDecryptor.js +0 -9
  254. package/icc-x-api/crypto/LegacyDelegationSecurityMetadataDecryptor.js.map +1 -1
  255. package/icc-x-api/crypto/SecureDelegationsManager.js.map +1 -1
  256. package/icc-x-api/crypto/SecureDelegationsSecurityMetadataDecryptor.d.ts +14 -5
  257. package/icc-x-api/crypto/SecureDelegationsSecurityMetadataDecryptor.js +44 -26
  258. package/icc-x-api/crypto/SecureDelegationsSecurityMetadataDecryptor.js.map +1 -1
  259. package/icc-x-api/crypto/SecurityMetadataDecryptor.d.ts +1 -18
  260. package/icc-x-api/crypto/SecurityMetadataDecryptor.js +4 -23
  261. package/icc-x-api/crypto/SecurityMetadataDecryptor.js.map +1 -1
  262. package/icc-x-api/crypto/UserSignatureKeysManager.d.ts +1 -1
  263. package/icc-x-api/crypto/UserSignatureKeysManager.js +2 -2
  264. package/icc-x-api/crypto/UserSignatureKeysManager.js.map +1 -1
  265. package/icc-x-api/filters/LatestMessageByHcPartyTransportGuidFilter.d.ts +8 -0
  266. package/icc-x-api/filters/LatestMessageByHcPartyTransportGuidFilter.js +13 -0
  267. package/icc-x-api/filters/LatestMessageByHcPartyTransportGuidFilter.js.map +1 -0
  268. package/icc-x-api/filters/MessageByHcPartyFilter.d.ts +7 -0
  269. package/icc-x-api/filters/MessageByHcPartyFilter.js +13 -0
  270. package/icc-x-api/filters/MessageByHcPartyFilter.js.map +1 -0
  271. package/icc-x-api/filters/MessageByHcPartyTransportGuidFilter.d.ts +8 -0
  272. package/icc-x-api/filters/MessageByHcPartyTransportGuidFilter.js +13 -0
  273. package/icc-x-api/filters/MessageByHcPartyTransportGuidFilter.js.map +1 -0
  274. package/icc-x-api/filters/TopicByHcPartyFilter.d.ts +7 -0
  275. package/icc-x-api/filters/TopicByHcPartyFilter.js +13 -0
  276. package/icc-x-api/filters/TopicByHcPartyFilter.js.map +1 -0
  277. package/icc-x-api/filters/TopicByParticipantFilter.d.ts +7 -0
  278. package/icc-x-api/filters/TopicByParticipantFilter.js +13 -0
  279. package/icc-x-api/filters/TopicByParticipantFilter.js.map +1 -0
  280. package/icc-x-api/filters/filters.d.ts +5 -0
  281. package/icc-x-api/filters/filters.js +5 -0
  282. package/icc-x-api/filters/filters.js.map +1 -1
  283. package/icc-x-api/icc-accesslog-x-api.d.ts +3 -1
  284. package/icc-x-api/icc-accesslog-x-api.js +7 -3
  285. package/icc-x-api/icc-accesslog-x-api.js.map +1 -1
  286. package/icc-x-api/icc-calendar-item-x-api.d.ts +3 -1
  287. package/icc-x-api/icc-calendar-item-x-api.js +7 -3
  288. package/icc-x-api/icc-calendar-item-x-api.js.map +1 -1
  289. package/icc-x-api/icc-classification-x-api.d.ts +3 -1
  290. package/icc-x-api/icc-classification-x-api.js +7 -3
  291. package/icc-x-api/icc-classification-x-api.js.map +1 -1
  292. package/icc-x-api/icc-contact-x-api.d.ts +3 -1
  293. package/icc-x-api/icc-contact-x-api.js +8 -4
  294. package/icc-x-api/icc-contact-x-api.js.map +1 -1
  295. package/icc-x-api/icc-crypto-x-api.d.ts +7 -1
  296. package/icc-x-api/icc-crypto-x-api.js +8 -1
  297. package/icc-x-api/icc-crypto-x-api.js.map +1 -1
  298. package/icc-x-api/icc-document-x-api.d.ts +3 -1
  299. package/icc-x-api/icc-document-x-api.js +8 -4
  300. package/icc-x-api/icc-document-x-api.js.map +1 -1
  301. package/icc-x-api/icc-form-x-api.d.ts +3 -1
  302. package/icc-x-api/icc-form-x-api.js +7 -3
  303. package/icc-x-api/icc-form-x-api.js.map +1 -1
  304. package/icc-x-api/icc-helement-x-api.d.ts +4 -2
  305. package/icc-x-api/icc-helement-x-api.js +8 -8
  306. package/icc-x-api/icc-helement-x-api.js.map +1 -1
  307. package/icc-x-api/icc-invoice-x-api.d.ts +3 -1
  308. package/icc-x-api/icc-invoice-x-api.js +7 -3
  309. package/icc-x-api/icc-invoice-x-api.js.map +1 -1
  310. package/icc-x-api/icc-maintenance-task-x-api.d.ts +8 -4
  311. package/icc-x-api/icc-maintenance-task-x-api.js +14 -4
  312. package/icc-x-api/icc-maintenance-task-x-api.js.map +1 -1
  313. package/icc-x-api/icc-message-x-api.d.ts +24 -6
  314. package/icc-x-api/icc-message-x-api.js +66 -6
  315. package/icc-x-api/icc-message-x-api.js.map +1 -1
  316. package/icc-x-api/icc-patient-x-api.d.ts +3 -1
  317. package/icc-x-api/icc-patient-x-api.js +7 -3
  318. package/icc-x-api/icc-patient-x-api.js.map +1 -1
  319. package/icc-x-api/icc-receipt-x-api.d.ts +3 -1
  320. package/icc-x-api/icc-receipt-x-api.js +7 -3
  321. package/icc-x-api/icc-receipt-x-api.js.map +1 -1
  322. package/icc-x-api/icc-time-table-x-api.d.ts +3 -1
  323. package/icc-x-api/icc-time-table-x-api.js +7 -3
  324. package/icc-x-api/icc-time-table-x-api.js.map +1 -1
  325. package/icc-x-api/icc-topic-x-api.d.ts +191 -0
  326. package/icc-x-api/icc-topic-x-api.js +307 -0
  327. package/icc-x-api/icc-topic-x-api.js.map +1 -0
  328. package/icc-x-api/index.d.ts +17 -0
  329. package/icc-x-api/index.js +104 -70
  330. package/icc-x-api/index.js.map +1 -1
  331. package/icc-x-api/maintenance/KeyPairUpdateRequest.d.ts +1 -1
  332. package/icc-x-api/storage/KeyStorageImpl.d.ts +1 -0
  333. package/icc-x-api/storage/KeyStorageImpl.js +20 -12
  334. package/icc-x-api/storage/KeyStorageImpl.js.map +1 -1
  335. package/icc-x-api/utils/EntityWithDelegationTypeName.d.ts +1 -1
  336. package/icc-x-api/utils/EntityWithDelegationTypeName.js.map +1 -1
  337. package/icc-x-api/utils/websocket.d.ts +4 -0
  338. package/icc-x-api/utils/websocket.js +8 -0
  339. package/icc-x-api/utils/websocket.js.map +1 -1
  340. package/package.json +1 -1
  341. package/icc-api/api/IccDocumentTemplateApi.d.ts +0 -106
  342. package/icc-api/api/IccDocumentTemplateApi.js +0 -223
  343. package/icc-api/api/IccDocumentTemplateApi.js.map +0 -1
  344. package/icc-api/model/ExchangeData.js.map +0 -1
  345. package/icc-api/model/ExchangeDataMap.js.map +0 -1
@@ -0,0 +1,235 @@
1
+ "use strict";
2
+ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
3
+ function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
4
+ return new (P || (P = Promise))(function (resolve, reject) {
5
+ function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
6
+ function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
7
+ function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
8
+ step((generator = generator.apply(thisArg, _arguments || [])).next());
9
+ });
10
+ };
11
+ Object.defineProperty(exports, "__esModule", { value: true });
12
+ exports.DelegationsDeAnonymization = void 0;
13
+ const SecureDelegation_1 = require("../../icc-api/model/SecureDelegation");
14
+ var AccessLevelEnum = SecureDelegation_1.SecureDelegation.AccessLevelEnum;
15
+ const SecureDelegationKeyMap_1 = require("../../icc-api/model/internal/SecureDelegationKeyMap");
16
+ const ShareMetadataBehaviour_1 = require("./ShareMetadataBehaviour");
17
+ const EntityShareRequest_1 = require("../../icc-api/model/requests/EntityShareRequest");
18
+ var RequestedPermissionEnum = EntityShareRequest_1.EntityShareRequest.RequestedPermissionEnum;
19
+ const utils_1 = require("../utils");
20
+ const IccSecureDelegationKeyMapApi_1 = require("../../icc-api/api/IccSecureDelegationKeyMapApi");
21
+ const XHR_1 = require("../../icc-api/api/XHR");
22
+ const AuthenticationProvider_1 = require("../auth/AuthenticationProvider");
23
+ const AccessControlKeysHeadersProvider_1 = require("./AccessControlKeysHeadersProvider");
24
+ // TODO could be optimised using bulk methods
25
+ class DelegationsDeAnonymization {
26
+ constructor(dataOwnerApi, secureDelegationsMetadataDecryptor, xapis, cryptoPrimitives, accessControlSecretUtils, host, headers, authenticationProvider = new AuthenticationProvider_1.NoAuthenticationProvider(), fetchImpl = typeof window !== 'undefined'
27
+ ? window.fetch
28
+ : typeof self !== 'undefined'
29
+ ? self.fetch
30
+ : fetch, accessControlKeysHeadersProvider) {
31
+ this.dataOwnerApi = dataOwnerApi;
32
+ this.secureDelegationsMetadataDecryptor = secureDelegationsMetadataDecryptor;
33
+ this.xapis = xapis;
34
+ this.cryptoPrimitives = cryptoPrimitives;
35
+ this.accessControlSecretUtils = accessControlSecretUtils;
36
+ this.accessControlKeysHeadersProvider = accessControlKeysHeadersProvider;
37
+ this.delegationKeyMapFieldsToEncrypt = (0, utils_1.parseEncryptedFields)(['delegate', 'delegator'], 'SecureDelegationKeyMap');
38
+ this.delegationKeyMapApi = new IccSecureDelegationKeyMapApi_1.IccSecureDelegationKeyMapApi(host, headers, authenticationProvider, fetchImpl);
39
+ }
40
+ /**
41
+ * Creates / updates information to allow the data owners in {@link shareWithDataOwners} to de-anonymize the delegations contained within
42
+ * {@link entity}.
43
+ * Note that the delegation de-anonymization information may be used also with other entities of the same type.
44
+ */
45
+ createOrUpdateDeAnonymizationInfo(entityWithType, shareWithDataOwners) {
46
+ return __awaiter(this, void 0, void 0, function* () {
47
+ const delegationsDetails = Object.entries(yield this.secureDelegationsMetadataDecryptor.getDelegationMemberDetails(entityWithType)).flatMap(([canonicalKey, delegation]) => {
48
+ var _a, _b;
49
+ const aliases = Object.entries((_b = (_a = entityWithType.entity.securityMetadata) === null || _a === void 0 ? void 0 : _a.keysEquivalences) !== null && _b !== void 0 ? _b : {}).flatMap(([alias, canon]) => {
50
+ if (canon == canonicalKey) {
51
+ return [alias];
52
+ }
53
+ else {
54
+ return [];
55
+ }
56
+ });
57
+ return [[canonicalKey, delegation], ...aliases.map((alias) => [alias, delegation])];
58
+ });
59
+ const delegationsForDeanonInfoSharing = delegationsDetails.filter(([_, delegationInfo]) => {
60
+ // Drop fully explicit ones: they don't need de-anonymization info
61
+ return !delegationInfo.fullyExplicit;
62
+ });
63
+ // A subset of delegations for which deanon info is relevant AND for which we can also create new info instead of sharing only existing one.
64
+ const delegationsForNewDeanonInfoCreation = delegationsForDeanonInfoSharing.filter(([_, delegationInfo]) => {
65
+ // Drop those for which we don't have the full information needed for the creation of new data.
66
+ return !!delegationInfo.delegate && !!delegationInfo.delegator && !!delegationInfo.accessControlSecret;
67
+ });
68
+ const existingDelegationsMap = yield this.getDecryptedSecureDelegationKeyMaps(delegationsForDeanonInfoSharing.map((x) => x[0]), entityWithType.type);
69
+ for (const delMapToShare of existingDelegationsMap) {
70
+ yield this.ensureDelegationKeyMapSharedWith(entityWithType.type, delMapToShare, shareWithDataOwners);
71
+ }
72
+ const existingDelegationsMapKeys = new Set(existingDelegationsMap.map((x) => x.delegationKey));
73
+ const delegationsToCreate = delegationsForNewDeanonInfoCreation.filter(([k, _]) => !existingDelegationsMapKeys.has(k));
74
+ for (const [delKey, membersDetails] of delegationsToCreate) {
75
+ yield this.createSecureDelegationKeyMap(entityWithType.type, delKey, membersDetails, shareWithDataOwners);
76
+ }
77
+ });
78
+ }
79
+ /**
80
+ * Get the data owners which can access the entity. See {@link EncryptedEntityXApi.getDataOwnersWithAccessTo} for more details.
81
+ * @param entityWithType an entity.
82
+ */
83
+ getDataOwnersWithAccessTo(entityWithType) {
84
+ var _a;
85
+ return __awaiter(this, void 0, void 0, function* () {
86
+ return this.mergePermissions([
87
+ yield this.getDataOwnersWithAccessToSecureDelegations(entityWithType),
88
+ {
89
+ permissionsByDataOwnerId: Object.fromEntries(Object.keys((_a = entityWithType.entity.delegations) !== null && _a !== void 0 ? _a : {}).map((k) => [k, AccessLevelEnum.WRITE])),
90
+ hasUnknownAnonymousDataOwners: false,
91
+ },
92
+ ]);
93
+ });
94
+ }
95
+ getDataOwnersWithAccessToSecureDelegations(entityWithType) {
96
+ return __awaiter(this, void 0, void 0, function* () {
97
+ const secureDelegationDetails = yield this.secureDelegationsMetadataDecryptor.getDelegationMemberDetails(entityWithType);
98
+ const secureDelegationWithUnknownMembers = Object.entries(secureDelegationDetails).flatMap(([canonicalKey, delegation]) => {
99
+ var _a, _b;
100
+ if (!delegation.delegate || !delegation.delegator) {
101
+ const aliases = Object.entries((_b = (_a = entityWithType.entity.securityMetadata) === null || _a === void 0 ? void 0 : _a.keysEquivalences) !== null && _b !== void 0 ? _b : {}).flatMap(([alias, canon]) => {
102
+ if (canon == canonicalKey) {
103
+ return [alias];
104
+ }
105
+ else {
106
+ return [];
107
+ }
108
+ });
109
+ return [{ keys: [canonicalKey, ...aliases], delegation }];
110
+ }
111
+ else {
112
+ return [];
113
+ }
114
+ });
115
+ const secureDelegationKeyMapsByDelegationKey = Object.fromEntries((yield this.getDecryptedSecureDelegationKeyMaps(secureDelegationWithUnknownMembers.flatMap(({ keys }) => keys), entityWithType.type)).map((x) => [x.delegationKey, x]));
116
+ const permissionsByDataOwnerId = {};
117
+ let hasUnknownAnonymousDataOwners = false;
118
+ function addAccess(dataOwnerId, level) {
119
+ if (permissionsByDataOwnerId[dataOwnerId] !== AccessLevelEnum.WRITE) {
120
+ permissionsByDataOwnerId[dataOwnerId] = level;
121
+ }
122
+ }
123
+ for (const delegation of Object.values(secureDelegationDetails)) {
124
+ if (delegation.delegate)
125
+ addAccess(delegation.delegate, delegation.accessLevel);
126
+ if (delegation.delegator)
127
+ addAccess(delegation.delegator, delegation.accessLevel);
128
+ }
129
+ for (const { keys, delegation } of secureDelegationWithUnknownMembers) {
130
+ const bestKey = keys.find((k) => {
131
+ const currMap = secureDelegationKeyMapsByDelegationKey[k];
132
+ return currMap && !!currMap.delegator && !!currMap.delegate;
133
+ });
134
+ if (bestKey) {
135
+ const keyMap = secureDelegationKeyMapsByDelegationKey[bestKey];
136
+ addAccess(keyMap.delegate, delegation.accessLevel);
137
+ addAccess(keyMap.delegator, delegation.accessLevel);
138
+ }
139
+ else {
140
+ hasUnknownAnonymousDataOwners = true;
141
+ }
142
+ }
143
+ return { permissionsByDataOwnerId, hasUnknownAnonymousDataOwners };
144
+ });
145
+ }
146
+ mergePermissions(values) {
147
+ return __awaiter(this, void 0, void 0, function* () {
148
+ const accumulatedPermissions = {};
149
+ let hasUnknownAnonymousDataOwners = false;
150
+ for (const v of values) {
151
+ hasUnknownAnonymousDataOwners = hasUnknownAnonymousDataOwners || v.hasUnknownAnonymousDataOwners;
152
+ for (const [dataOwnerId, level] of Object.entries(v.permissionsByDataOwnerId)) {
153
+ if (accumulatedPermissions[dataOwnerId] !== AccessLevelEnum.WRITE) {
154
+ accumulatedPermissions[dataOwnerId] = level;
155
+ }
156
+ }
157
+ }
158
+ return {
159
+ permissionsByDataOwnerId: accumulatedPermissions,
160
+ hasUnknownAnonymousDataOwners,
161
+ };
162
+ });
163
+ }
164
+ getDecryptedSecureDelegationKeyMaps(delegationIds, entityType) {
165
+ return __awaiter(this, void 0, void 0, function* () {
166
+ if (delegationIds.length) {
167
+ const encryptedMaps = yield this.delegationKeyMapApi.getByDelegationKeys({ ids: delegationIds }, yield this.accessControlKeysHeadersProvider.getAccessControlKeysHeaders(entityType));
168
+ const res = [];
169
+ for (const encryptedMap of encryptedMaps) {
170
+ // Use the original entity type
171
+ const decryptionResult = yield this.xapis.decryptEntity(encryptedMap, entityType, (x) => new SecureDelegationKeyMap_1.SecureDelegationKeyMap(x));
172
+ if (decryptionResult.decrypted) {
173
+ res.push(decryptionResult.entity);
174
+ }
175
+ }
176
+ return res;
177
+ }
178
+ else
179
+ return [];
180
+ });
181
+ }
182
+ // Important: to avoid potentially leaking links between entities of different types the key map calculates the secure delegation keys using the
183
+ // same entity type as the delegation key for which they are mapping information.
184
+ ensureDelegationKeyMapSharedWith(entityType, keyMap, delegates) {
185
+ return __awaiter(this, void 0, void 0, function* () {
186
+ if (!keyMap.delegator || !keyMap.delegate)
187
+ throw new Error('Illegal state: key map is missing delegator or delegate info.');
188
+ const dataOwnersWithAccessToMapThroughDelegation = Object.values(yield this.secureDelegationsMetadataDecryptor.getDelegationMemberDetails({
189
+ type: entityType,
190
+ entity: keyMap,
191
+ }))
192
+ .flatMap((x) => [x.delegate, x.delegator])
193
+ .filter((x) => !!x);
194
+ // Delegator and delegate got access to the entity when it was first created: no need to share with them ever.
195
+ const dataOwnersWithAccessToMap = new Set([keyMap.delegate, keyMap.delegator, ...dataOwnersWithAccessToMapThroughDelegation]);
196
+ const dataOwnersNeedingShare = delegates.filter((x) => !dataOwnersWithAccessToMap.has(x));
197
+ if (dataOwnersNeedingShare.length) {
198
+ ;
199
+ (yield this.xapis.simpleShareOrUpdateEncryptedEntityMetadata({ entity: keyMap, type: entityType }, false, Object.fromEntries(dataOwnersNeedingShare.map((x) => [
200
+ x,
201
+ {
202
+ shareSecretIds: [],
203
+ shareEncryptionKeys: ShareMetadataBehaviour_1.ShareMetadataBehaviour.REQUIRED,
204
+ shareOwningEntityIds: ShareMetadataBehaviour_1.ShareMetadataBehaviour.NEVER,
205
+ requestedPermissions: RequestedPermissionEnum.FULL_READ,
206
+ },
207
+ ])), (request) => __awaiter(this, void 0, void 0, function* () {
208
+ return this.delegationKeyMapApi.bulkShareSecureDelegationKeyMap(request, yield this.accessControlKeysHeadersProvider.getAccessControlKeysHeaders(entityType));
209
+ }))).updatedEntityOrThrow;
210
+ }
211
+ });
212
+ }
213
+ // Important: to avoid potentially leaking links between entities of different types the key map calculates the secure delegation keys using the
214
+ // same entity type as the delegation key for which they are mapping information.
215
+ createSecureDelegationKeyMap(entityType, delegationKey, delegationMembersDetails, delegates) {
216
+ return __awaiter(this, void 0, void 0, function* () {
217
+ if (!delegationMembersDetails.delegate || !delegationMembersDetails.delegator || !delegationMembersDetails.accessControlSecret)
218
+ throw new Error('Illegal state: delegation members details are missing delegate, delegator or access control secret info.');
219
+ const selfDoId = yield this.dataOwnerApi.getCurrentDataOwnerId();
220
+ // Ensure that both the delegator and delegate of the delegation this map refers tho can share it later on, even if they did not create it.
221
+ // Usually either the delegator or delegate are the current data owner, but sometimes also the child of the delegator or delegate can do it.
222
+ const initialDelegates = [delegationMembersDetails.delegate, delegationMembersDetails.delegator, ...delegates].filter((x) => x != selfDoId);
223
+ const initalisedMapInfo = yield this.xapis.entityWithInitialisedEncryptedMetadata({
224
+ id: this.cryptoPrimitives.crypto.randomUUID(),
225
+ delegate: delegationMembersDetails.delegate,
226
+ delegator: delegationMembersDetails.delegator,
227
+ delegationKey: delegationKey,
228
+ }, entityType, undefined, undefined, true, false, Object.fromEntries(initialDelegates.map((x) => [x, AccessLevelEnum.READ])));
229
+ const encryptedKeyMap = yield this.xapis.tryEncryptEntity(initalisedMapInfo.updatedEntity, entityType, this.delegationKeyMapFieldsToEncrypt, false, true, (x) => new SecureDelegationKeyMap_1.SecureDelegationKeyMap(x));
230
+ yield this.delegationKeyMapApi.create(encryptedKeyMap, new XHR_1.XHR.Header(AccessControlKeysHeadersProvider_1.ACCESS_CONTROL_KEYS_HEADER, yield this.accessControlSecretUtils.getEncodedAccessControlKeys([delegationMembersDetails.accessControlSecret], entityType)));
231
+ });
232
+ }
233
+ }
234
+ exports.DelegationsDeAnonymization = DelegationsDeAnonymization;
235
+ //# sourceMappingURL=DelegationsDeAnonymization.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"DelegationsDeAnonymization.js","sourceRoot":"","sources":["../../../icc-x-api/crypto/DelegationsDeAnonymization.ts"],"names":[],"mappings":";;;;;;;;;;;;AACA,2EAAuE;AACvE,IAAO,eAAe,GAAG,mCAAgB,CAAC,eAAe,CAAA;AAEzD,gGAA4F;AAE5F,qEAAiE;AACjE,wFAAoF;AACpF,IAAO,uBAAuB,GAAG,uCAAkB,CAAC,uBAAuB,CAAA;AAE3E,oCAAwE;AACxE,iGAA6F;AAC7F,+CAA2C;AAC3C,2EAAiG;AACjG,yFAAiH;AAIjH,6CAA6C;AAC7C,MAAa,0BAA0B;IAIrC,YACmB,YAA8B,EAC9B,kCAA8E,EAC9E,KAAwB,EACxB,gBAAkC,EAClC,wBAAkD,EACnE,IAAY,EACZ,OAAkC,EAClC,yBAAiD,IAAI,iDAAwB,EAAE,EAC/E,YAA2E,OAAO,MAAM,KAAK,WAAW;QACtG,CAAC,CAAC,MAAM,CAAC,KAAK;QACd,CAAC,CAAC,OAAO,IAAI,KAAK,WAAW;YAC7B,CAAC,CAAC,IAAI,CAAC,KAAK;YACZ,CAAC,CAAC,KAAK,EACQ,gCAAkE;QAblE,iBAAY,GAAZ,YAAY,CAAkB;QAC9B,uCAAkC,GAAlC,kCAAkC,CAA4C;QAC9E,UAAK,GAAL,KAAK,CAAmB;QACxB,qBAAgB,GAAhB,gBAAgB,CAAkB;QAClC,6BAAwB,GAAxB,wBAAwB,CAA0B;QASlD,qCAAgC,GAAhC,gCAAgC,CAAkC;QAEnF,IAAI,CAAC,+BAA+B,GAAG,IAAA,4BAAoB,EAAC,CAAC,UAAU,EAAE,WAAW,CAAC,EAAE,wBAAwB,CAAC,CAAA;QAChH,IAAI,CAAC,mBAAmB,GAAG,IAAI,2DAA4B,CAAC,IAAI,EAAE,OAAO,EAAE,sBAAsB,EAAE,SAAS,CAAC,CAAA;IAC/G,CAAC;IAED;;;;OAIG;IACG,iCAAiC,CAAC,cAAuC,EAAE,mBAA6B;;YAC5G,MAAM,kBAAkB,GAAG,MAAM,CAAC,OAAO,CAAC,MAAM,IAAI,CAAC,kCAAkC,CAAC,0BAA0B,CAAC,cAAc,CAAC,CAAC,CAAC,OAAO,CACzI,CAAC,CAAC,YAAY,EAAE,UAAU,CAAC,EAAE,EAAE;;gBAC7B,MAAM,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC,MAAA,MAAA,cAAc,CAAC,MAAM,CAAC,gBAAgB,0CAAE,gBAAgB,mCAAI,EAAE,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,KAAK,EAAE,KAAK,CAAC,EAAE,EAAE;oBACxH,IAAI,KAAK,IAAI,YAAY,EAAE;wBACzB,OAAO,CAAC,KAAK,CAAC,CAAA;qBACf;yBAAM;wBACL,OAAO,EAAE,CAAA;qBACV;gBACH,CAAC,CAAC,CAAA;gBACF,OAAO,CAAC,CAAC,YAAY,EAAE,UAAU,CAAC,EAAE,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,KAAK,EAAE,UAAU,CAAC,CAAC,CAAyC,CAAA;YAC7H,CAAC,CACF,CAAA;YACD,MAAM,+BAA+B,GAAG,kBAAkB,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,EAAE,EAAE;gBACxF,kEAAkE;gBAClE,OAAO,CAAC,cAAc,CAAC,aAAa,CAAA;YACtC,CAAC,CAAC,CAAA;YACF,4IAA4I;YAC5I,MAAM,mCAAmC,GAAG,+BAA+B,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,EAAE,EAAE;gBACzG,+FAA+F;gBAC/F,OAAO,CAAC,CAAC,cAAc,CAAC,QAAQ,IAAI,CAAC,CAAC,cAAc,CAAC,SAAS,IAAI,CAAC,CAAC,cAAc,CAAC,mBAAmB,CAAA;YACxG,CAAC,CAAC,CAAA;YACF,MAAM,sBAAsB,GAAG,MAAM,IAAI,CAAC,mCAAmC,CAC3E,+BAA+B,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAChD,cAAc,CAAC,IAAI,CACpB,CAAA;YACD,KAAK,MAAM,aAAa,IAAI,sBAAsB,EAAE;gBAClD,MAAM,IAAI,CAAC,gCAAgC,CAAC,cAAc,CAAC,IAAI,EAAE,aAAa,EAAE,mBAAmB,CAAC,CAAA;aACrG;YACD,MAAM,0BAA0B,GAAG,IAAI,GAAG,CAAC,sBAAsB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAA;YAC9F,MAAM,mBAAmB,GAAG,mCAAmC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,0BAA0B,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAA;YACtH,KAAK,MAAM,CAAC,MAAM,EAAE,cAAc,CAAC,IAAI,mBAAmB,EAAE;gBAC1D,MAAM,IAAI,CAAC,4BAA4B,CAAC,cAAc,CAAC,IAAI,EAAE,MAAM,EAAE,cAAc,EAAE,mBAAmB,CAAC,CAAA;aAC1G;QACH,CAAC;KAAA;IAED;;;OAGG;IACG,yBAAyB,CAAC,cAAuC;;;YAIrE,OAAO,IAAI,CAAC,gBAAgB,CAAC;gBAC3B,MAAM,IAAI,CAAC,0CAA0C,CAAC,cAAc,CAAC;gBACrE;oBACE,wBAAwB,EAAE,MAAM,CAAC,WAAW,CAAC,MAAM,CAAC,IAAI,CAAC,MAAA,cAAc,CAAC,MAAM,CAAC,WAAW,mCAAI,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,eAAe,CAAC,KAAK,CAAC,CAAC,CAAC;oBACzI,6BAA6B,EAAE,KAAK;iBACrC;aACF,CAAC,CAAA;;KACH;IAEa,0CAA0C,CAAC,cAAuC;;YAI9F,MAAM,uBAAuB,GAAG,MAAM,IAAI,CAAC,kCAAkC,CAAC,0BAA0B,CAAC,cAAc,CAAC,CAAA;YACxH,MAAM,kCAAkC,GAAG,MAAM,CAAC,OAAO,CAAC,uBAAuB,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,YAAY,EAAE,UAAU,CAAC,EAAE,EAAE;;gBACxH,IAAI,CAAC,UAAU,CAAC,QAAQ,IAAI,CAAC,UAAU,CAAC,SAAS,EAAE;oBACjD,MAAM,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC,MAAA,MAAA,cAAc,CAAC,MAAM,CAAC,gBAAgB,0CAAE,gBAAgB,mCAAI,EAAE,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,KAAK,EAAE,KAAK,CAAC,EAAE,EAAE;wBACxH,IAAI,KAAK,IAAI,YAAY,EAAE;4BACzB,OAAO,CAAC,KAAK,CAAC,CAAA;yBACf;6BAAM;4BACL,OAAO,EAAE,CAAA;yBACV;oBACH,CAAC,CAAC,CAAA;oBACF,OAAO,CAAC,EAAE,IAAI,EAAE,CAAC,YAAY,EAAE,GAAG,OAAO,CAAC,EAAE,UAAU,EAAE,CAAC,CAAA;iBAC1D;qBAAM;oBACL,OAAO,EAAE,CAAA;iBACV;YACH,CAAC,CAAC,CAAA;YACF,MAAM,sCAAsC,GAAG,MAAM,CAAC,WAAW,CAC/D,CACE,MAAM,IAAI,CAAC,mCAAmC,CAC5C,kCAAkC,CAAC,OAAO,CAAC,CAAC,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC,IAAI,CAAC,EAC9D,cAAc,CAAC,IAAI,CACpB,CACF,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,aAAa,EAAE,CAAC,CAAC,CAAC,CACnC,CAAA;YACD,MAAM,wBAAwB,GAA+C,EAAE,CAAA;YAC/E,IAAI,6BAA6B,GAAG,KAAK,CAAA;YACzC,SAAS,SAAS,CAAC,WAAmB,EAAE,KAAsB;gBAC5D,IAAI,wBAAwB,CAAC,WAAW,CAAC,KAAK,eAAe,CAAC,KAAK,EAAE;oBACnE,wBAAwB,CAAC,WAAW,CAAC,GAAG,KAAK,CAAA;iBAC9C;YACH,CAAC;YACD,KAAK,MAAM,UAAU,IAAI,MAAM,CAAC,MAAM,CAAC,uBAAuB,CAAC,EAAE;gBAC/D,IAAI,UAAU,CAAC,QAAQ;oBAAE,SAAS,CAAC,UAAU,CAAC,QAAQ,EAAE,UAAU,CAAC,WAAW,CAAC,CAAA;gBAC/E,IAAI,UAAU,CAAC,SAAS;oBAAE,SAAS,CAAC,UAAU,CAAC,SAAS,EAAE,UAAU,CAAC,WAAW,CAAC,CAAA;aAClF;YACD,KAAK,MAAM,EAAE,IAAI,EAAE,UAAU,EAAE,IAAI,kCAAkC,EAAE;gBACrE,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE;oBAC9B,MAAM,OAAO,GAAG,sCAAsC,CAAC,CAAC,CAAC,CAAA;oBACzD,OAAO,OAAO,IAAI,CAAC,CAAC,OAAO,CAAC,SAAS,IAAI,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAA;gBAC7D,CAAC,CAAC,CAAA;gBACF,IAAI,OAAO,EAAE;oBACX,MAAM,MAAM,GAAG,sCAAsC,CAAC,OAAO,CAAC,CAAA;oBAC9D,SAAS,CAAC,MAAM,CAAC,QAAS,EAAE,UAAU,CAAC,WAAW,CAAC,CAAA;oBACnD,SAAS,CAAC,MAAM,CAAC,SAAU,EAAE,UAAU,CAAC,WAAW,CAAC,CAAA;iBACrD;qBAAM;oBACL,6BAA6B,GAAG,IAAI,CAAA;iBACrC;aACF;YACD,OAAO,EAAE,wBAAwB,EAAE,6BAA6B,EAAE,CAAA;QACpE,CAAC;KAAA;IAEa,gBAAgB,CAC5B,MAGG;;YAKH,MAAM,sBAAsB,GAA+C,EAAE,CAAA;YAC7E,IAAI,6BAA6B,GAAG,KAAK,CAAA;YACzC,KAAK,MAAM,CAAC,IAAI,MAAM,EAAE;gBACtB,6BAA6B,GAAG,6BAA6B,IAAI,CAAC,CAAC,6BAA6B,CAAA;gBAChG,KAAK,MAAM,CAAC,WAAW,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,wBAAwB,CAAC,EAAE;oBAC7E,IAAI,sBAAsB,CAAC,WAAW,CAAC,KAAK,eAAe,CAAC,KAAK,EAAE;wBACjE,sBAAsB,CAAC,WAAW,CAAC,GAAG,KAAK,CAAA;qBAC5C;iBACF;aACF;YACD,OAAO;gBACL,wBAAwB,EAAE,sBAAsB;gBAChD,6BAA6B;aAC9B,CAAA;QACH,CAAC;KAAA;IAEa,mCAAmC,CAC/C,aAAuB,EACvB,UAAwC;;YAExC,IAAI,aAAa,CAAC,MAAM,EAAE;gBACxB,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,mBAAmB,CACtE,EAAE,GAAG,EAAE,aAAa,EAAE,EACtB,MAAM,IAAI,CAAC,gCAAgC,CAAC,2BAA2B,CAAC,UAAU,CAAC,CACpF,CAAA;gBACD,MAAM,GAAG,GAA6B,EAAE,CAAA;gBACxC,KAAK,MAAM,YAAY,IAAI,aAAa,EAAE;oBACxC,+BAA+B;oBAC/B,MAAM,gBAAgB,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,aAAa,CAAC,YAAY,EAAE,UAAU,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,+CAAsB,CAAC,CAAC,CAAC,CAAC,CAAA;oBACvH,IAAI,gBAAgB,CAAC,SAAS,EAAE;wBAC9B,GAAG,CAAC,IAAI,CAAC,gBAAgB,CAAC,MAAM,CAAC,CAAA;qBAClC;iBACF;gBACD,OAAO,GAAG,CAAA;aACX;;gBAAM,OAAO,EAAE,CAAA;QAClB,CAAC;KAAA;IAED,gJAAgJ;IAChJ,iFAAiF;IACnE,gCAAgC,CAAC,UAAwC,EAAE,MAA8B,EAAE,SAAmB;;YAC1I,IAAI,CAAC,MAAM,CAAC,SAAS,IAAI,CAAC,MAAM,CAAC,QAAQ;gBAAE,MAAM,IAAI,KAAK,CAAC,+DAA+D,CAAC,CAAA;YAC3H,MAAM,0CAA0C,GAAG,MAAM,CAAC,MAAM,CAC9D,MAAM,IAAI,CAAC,kCAAkC,CAAC,0BAA0B,CAAC;gBACvE,IAAI,EAAE,UAAU;gBAChB,MAAM,EAAE,MAAM;aACf,CAAC,CACH;iBACE,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAC,SAAS,CAAC,CAAC;iBACzC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAa,CAAA;YACjC,8GAA8G;YAC9G,MAAM,yBAAyB,GAAG,IAAI,GAAG,CAAC,CAAC,MAAM,CAAC,QAAQ,EAAE,MAAM,CAAC,SAAS,EAAE,GAAG,0CAA0C,CAAC,CAAC,CAAA;YAC7H,MAAM,sBAAsB,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,yBAAyB,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAA;YACzF,IAAI,sBAAsB,CAAC,MAAM,EAAE;gBACjC,CAAC;gBAAA,CACC,MAAM,IAAI,CAAC,KAAK,CAAC,0CAA0C,CACzD,EAAE,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,UAAU,EAAE,EACpC,KAAK,EACL,MAAM,CAAC,WAAW,CAChB,sBAAsB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC;oBAChC,CAAC;oBACD;wBACE,cAAc,EAAE,EAAE;wBAClB,mBAAmB,EAAE,+CAAsB,CAAC,QAAQ;wBACpD,oBAAoB,EAAE,+CAAsB,CAAC,KAAK;wBAClD,oBAAoB,EAAE,uBAAuB,CAAC,SAAS;qBACxD;iBACF,CAAC,CACH,EACD,CAAO,OAAO,EAAE,EAAE;oBAChB,OAAA,IAAI,CAAC,mBAAmB,CAAC,+BAA+B,CACtD,OAAO,EACP,MAAM,IAAI,CAAC,gCAAgC,CAAC,2BAA2B,CAAC,UAAU,CAAC,CACpF,CAAA;kBAAA,CACJ,CACF,CAAC,oBAAoB,CAAA;aACvB;QACH,CAAC;KAAA;IAED,gJAAgJ;IAChJ,iFAAiF;IACnE,4BAA4B,CACxC,UAAwC,EACxC,aAAqB,EACrB,wBAAkD,EAClD,SAAmB;;YAEnB,IAAI,CAAC,wBAAwB,CAAC,QAAQ,IAAI,CAAC,wBAAwB,CAAC,SAAS,IAAI,CAAC,wBAAwB,CAAC,mBAAmB;gBAC5H,MAAM,IAAI,KAAK,CAAC,0GAA0G,CAAC,CAAA;YAC7H,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,qBAAqB,EAAE,CAAA;YAChE,2IAA2I;YAC3I,4IAA4I;YAC5I,MAAM,gBAAgB,GAAG,CAAC,wBAAwB,CAAC,QAAQ,EAAE,wBAAwB,CAAC,SAAS,EAAE,GAAG,SAAS,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,IAAI,QAAQ,CAAC,CAAA;YAC3I,MAAM,iBAAiB,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,sCAAsC,CAC/E;gBACE,EAAE,EAAE,IAAI,CAAC,gBAAgB,CAAC,MAAM,CAAC,UAAU,EAAE;gBAC7C,QAAQ,EAAE,wBAAwB,CAAC,QAAQ;gBAC3C,SAAS,EAAE,wBAAwB,CAAC,SAAS;gBAC7C,aAAa,EAAE,aAAa;aAC7B,EACD,UAAU,EACV,SAAS,EACT,SAAS,EACT,IAAI,EACJ,KAAK,EACL,MAAM,CAAC,WAAW,CAAC,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,CAC3E,CAAA;YACD,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,gBAAgB,CACvD,iBAAiB,CAAC,aAAa,EAC/B,UAAU,EACV,IAAI,CAAC,+BAA+B,EACpC,KAAK,EACL,IAAI,EACJ,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,+CAAsB,CAAC,CAAC,CAAC,CACrC,CAAA;YACD,MAAM,IAAI,CAAC,mBAAmB,CAAC,MAAM,CACnC,eAAe,EACf,IAAI,SAAG,CAAC,MAAM,CACZ,6DAA0B,EAC1B,MAAM,IAAI,CAAC,wBAAwB,CAAC,2BAA2B,CAAC,CAAC,wBAAwB,CAAC,mBAAmB,CAAC,EAAE,UAAU,CAAC,CAC5H,CACF,CAAA;QACH,CAAC;KAAA;CACF;AA3QD,gEA2QC","sourcesContent":["import { EncryptedEntityWithType, EntityWithDelegationTypeName } from '../utils/EntityWithDelegationTypeName'\nimport { SecureDelegation } from '../../icc-api/model/SecureDelegation'\nimport AccessLevelEnum = SecureDelegation.AccessLevelEnum\nimport { DelegationMembersDetails, SecureDelegationsSecurityMetadataDecryptor } from './SecureDelegationsSecurityMetadataDecryptor'\nimport { SecureDelegationKeyMap } from '../../icc-api/model/internal/SecureDelegationKeyMap'\nimport { ExtendedApisUtils } from './ExtendedApisUtils'\nimport { ShareMetadataBehaviour } from './ShareMetadataBehaviour'\nimport { EntityShareRequest } from '../../icc-api/model/requests/EntityShareRequest'\nimport RequestedPermissionEnum = EntityShareRequest.RequestedPermissionEnum\nimport { CryptoPrimitives } from './CryptoPrimitives'\nimport { EncryptedFieldsManifest, parseEncryptedFields } from '../utils'\nimport { IccSecureDelegationKeyMapApi } from '../../icc-api/api/IccSecureDelegationKeyMapApi'\nimport { XHR } from '../../icc-api/api/XHR'\nimport { AuthenticationProvider, NoAuthenticationProvider } from '../auth/AuthenticationProvider'\nimport { ACCESS_CONTROL_KEYS_HEADER, AccessControlKeysHeadersProvider } from './AccessControlKeysHeadersProvider'\nimport { AccessControlSecretUtils } from './AccessControlSecretUtils'\nimport { IccDataOwnerXApi } from '../icc-data-owner-x-api'\n\n// TODO could be optimised using bulk methods\nexport class DelegationsDeAnonymization {\n private readonly delegationKeyMapFieldsToEncrypt: EncryptedFieldsManifest\n private readonly delegationKeyMapApi: IccSecureDelegationKeyMapApi\n\n constructor(\n private readonly dataOwnerApi: IccDataOwnerXApi,\n private readonly secureDelegationsMetadataDecryptor: SecureDelegationsSecurityMetadataDecryptor,\n private readonly xapis: ExtendedApisUtils,\n private readonly cryptoPrimitives: CryptoPrimitives,\n private readonly accessControlSecretUtils: AccessControlSecretUtils,\n host: string,\n headers: { [key: string]: string },\n authenticationProvider: AuthenticationProvider = new NoAuthenticationProvider(),\n fetchImpl: (input: RequestInfo, init?: RequestInit) => Promise<Response> = typeof window !== 'undefined'\n ? window.fetch\n : typeof self !== 'undefined'\n ? self.fetch\n : fetch,\n private readonly accessControlKeysHeadersProvider: AccessControlKeysHeadersProvider\n ) {\n this.delegationKeyMapFieldsToEncrypt = parseEncryptedFields(['delegate', 'delegator'], 'SecureDelegationKeyMap')\n this.delegationKeyMapApi = new IccSecureDelegationKeyMapApi(host, headers, authenticationProvider, fetchImpl)\n }\n\n /**\n * Creates / updates information to allow the data owners in {@link shareWithDataOwners} to de-anonymize the delegations contained within\n * {@link entity}.\n * Note that the delegation de-anonymization information may be used also with other entities of the same type.\n */\n async createOrUpdateDeAnonymizationInfo(entityWithType: EncryptedEntityWithType, shareWithDataOwners: string[]) {\n const delegationsDetails = Object.entries(await this.secureDelegationsMetadataDecryptor.getDelegationMemberDetails(entityWithType)).flatMap(\n ([canonicalKey, delegation]) => {\n const aliases = Object.entries(entityWithType.entity.securityMetadata?.keysEquivalences ?? {}).flatMap(([alias, canon]) => {\n if (canon == canonicalKey) {\n return [alias]\n } else {\n return []\n }\n })\n return [[canonicalKey, delegation], ...aliases.map((alias) => [alias, delegation])] as [string, DelegationMembersDetails][]\n }\n )\n const delegationsForDeanonInfoSharing = delegationsDetails.filter(([_, delegationInfo]) => {\n // Drop fully explicit ones: they don't need de-anonymization info\n return !delegationInfo.fullyExplicit\n })\n // A subset of delegations for which deanon info is relevant AND for which we can also create new info instead of sharing only existing one.\n const delegationsForNewDeanonInfoCreation = delegationsForDeanonInfoSharing.filter(([_, delegationInfo]) => {\n // Drop those for which we don't have the full information needed for the creation of new data.\n return !!delegationInfo.delegate && !!delegationInfo.delegator && !!delegationInfo.accessControlSecret\n })\n const existingDelegationsMap = await this.getDecryptedSecureDelegationKeyMaps(\n delegationsForDeanonInfoSharing.map((x) => x[0]),\n entityWithType.type\n )\n for (const delMapToShare of existingDelegationsMap) {\n await this.ensureDelegationKeyMapSharedWith(entityWithType.type, delMapToShare, shareWithDataOwners)\n }\n const existingDelegationsMapKeys = new Set(existingDelegationsMap.map((x) => x.delegationKey))\n const delegationsToCreate = delegationsForNewDeanonInfoCreation.filter(([k, _]) => !existingDelegationsMapKeys.has(k))\n for (const [delKey, membersDetails] of delegationsToCreate) {\n await this.createSecureDelegationKeyMap(entityWithType.type, delKey, membersDetails, shareWithDataOwners)\n }\n }\n\n /**\n * Get the data owners which can access the entity. See {@link EncryptedEntityXApi.getDataOwnersWithAccessTo} for more details.\n * @param entityWithType an entity.\n */\n async getDataOwnersWithAccessTo(entityWithType: EncryptedEntityWithType): Promise<{\n permissionsByDataOwnerId: { [dataOwnerId: string]: AccessLevelEnum }\n hasUnknownAnonymousDataOwners: boolean\n }> {\n return this.mergePermissions([\n await this.getDataOwnersWithAccessToSecureDelegations(entityWithType),\n {\n permissionsByDataOwnerId: Object.fromEntries(Object.keys(entityWithType.entity.delegations ?? {}).map((k) => [k, AccessLevelEnum.WRITE])),\n hasUnknownAnonymousDataOwners: false,\n },\n ])\n }\n\n private async getDataOwnersWithAccessToSecureDelegations(entityWithType: EncryptedEntityWithType): Promise<{\n permissionsByDataOwnerId: { [dataOwnerId: string]: AccessLevelEnum }\n hasUnknownAnonymousDataOwners: boolean\n }> {\n const secureDelegationDetails = await this.secureDelegationsMetadataDecryptor.getDelegationMemberDetails(entityWithType)\n const secureDelegationWithUnknownMembers = Object.entries(secureDelegationDetails).flatMap(([canonicalKey, delegation]) => {\n if (!delegation.delegate || !delegation.delegator) {\n const aliases = Object.entries(entityWithType.entity.securityMetadata?.keysEquivalences ?? {}).flatMap(([alias, canon]) => {\n if (canon == canonicalKey) {\n return [alias]\n } else {\n return []\n }\n })\n return [{ keys: [canonicalKey, ...aliases], delegation }]\n } else {\n return []\n }\n })\n const secureDelegationKeyMapsByDelegationKey = Object.fromEntries(\n (\n await this.getDecryptedSecureDelegationKeyMaps(\n secureDelegationWithUnknownMembers.flatMap(({ keys }) => keys),\n entityWithType.type\n )\n ).map((x) => [x.delegationKey, x])\n )\n const permissionsByDataOwnerId: { [dataOwnerId: string]: AccessLevelEnum } = {}\n let hasUnknownAnonymousDataOwners = false\n function addAccess(dataOwnerId: string, level: AccessLevelEnum) {\n if (permissionsByDataOwnerId[dataOwnerId] !== AccessLevelEnum.WRITE) {\n permissionsByDataOwnerId[dataOwnerId] = level\n }\n }\n for (const delegation of Object.values(secureDelegationDetails)) {\n if (delegation.delegate) addAccess(delegation.delegate, delegation.accessLevel)\n if (delegation.delegator) addAccess(delegation.delegator, delegation.accessLevel)\n }\n for (const { keys, delegation } of secureDelegationWithUnknownMembers) {\n const bestKey = keys.find((k) => {\n const currMap = secureDelegationKeyMapsByDelegationKey[k]\n return currMap && !!currMap.delegator && !!currMap.delegate\n })\n if (bestKey) {\n const keyMap = secureDelegationKeyMapsByDelegationKey[bestKey]\n addAccess(keyMap.delegate!, delegation.accessLevel)\n addAccess(keyMap.delegator!, delegation.accessLevel)\n } else {\n hasUnknownAnonymousDataOwners = true\n }\n }\n return { permissionsByDataOwnerId, hasUnknownAnonymousDataOwners }\n }\n\n private async mergePermissions(\n values: {\n permissionsByDataOwnerId: { [dataOwnerId: string]: AccessLevelEnum }\n hasUnknownAnonymousDataOwners: boolean\n }[]\n ): Promise<{\n permissionsByDataOwnerId: { [dataOwnerId: string]: AccessLevelEnum }\n hasUnknownAnonymousDataOwners: boolean\n }> {\n const accumulatedPermissions: { [dataOwnerId: string]: AccessLevelEnum } = {}\n let hasUnknownAnonymousDataOwners = false\n for (const v of values) {\n hasUnknownAnonymousDataOwners = hasUnknownAnonymousDataOwners || v.hasUnknownAnonymousDataOwners\n for (const [dataOwnerId, level] of Object.entries(v.permissionsByDataOwnerId)) {\n if (accumulatedPermissions[dataOwnerId] !== AccessLevelEnum.WRITE) {\n accumulatedPermissions[dataOwnerId] = level\n }\n }\n }\n return {\n permissionsByDataOwnerId: accumulatedPermissions,\n hasUnknownAnonymousDataOwners,\n }\n }\n\n private async getDecryptedSecureDelegationKeyMaps(\n delegationIds: string[],\n entityType: EntityWithDelegationTypeName\n ): Promise<SecureDelegationKeyMap[]> {\n if (delegationIds.length) {\n const encryptedMaps = await this.delegationKeyMapApi.getByDelegationKeys(\n { ids: delegationIds },\n await this.accessControlKeysHeadersProvider.getAccessControlKeysHeaders(entityType)\n )\n const res: SecureDelegationKeyMap[] = []\n for (const encryptedMap of encryptedMaps) {\n // Use the original entity type\n const decryptionResult = await this.xapis.decryptEntity(encryptedMap, entityType, (x) => new SecureDelegationKeyMap(x))\n if (decryptionResult.decrypted) {\n res.push(decryptionResult.entity)\n }\n }\n return res\n } else return []\n }\n\n // Important: to avoid potentially leaking links between entities of different types the key map calculates the secure delegation keys using the\n // same entity type as the delegation key for which they are mapping information.\n private async ensureDelegationKeyMapSharedWith(entityType: EntityWithDelegationTypeName, keyMap: SecureDelegationKeyMap, delegates: string[]) {\n if (!keyMap.delegator || !keyMap.delegate) throw new Error('Illegal state: key map is missing delegator or delegate info.')\n const dataOwnersWithAccessToMapThroughDelegation = Object.values(\n await this.secureDelegationsMetadataDecryptor.getDelegationMemberDetails({\n type: entityType,\n entity: keyMap,\n })\n )\n .flatMap((x) => [x.delegate, x.delegator])\n .filter((x) => !!x) as string[]\n // Delegator and delegate got access to the entity when it was first created: no need to share with them ever.\n const dataOwnersWithAccessToMap = new Set([keyMap.delegate, keyMap.delegator, ...dataOwnersWithAccessToMapThroughDelegation])\n const dataOwnersNeedingShare = delegates.filter((x) => !dataOwnersWithAccessToMap.has(x))\n if (dataOwnersNeedingShare.length) {\n ;(\n await this.xapis.simpleShareOrUpdateEncryptedEntityMetadata(\n { entity: keyMap, type: entityType },\n false,\n Object.fromEntries(\n dataOwnersNeedingShare.map((x) => [\n x,\n {\n shareSecretIds: [],\n shareEncryptionKeys: ShareMetadataBehaviour.REQUIRED,\n shareOwningEntityIds: ShareMetadataBehaviour.NEVER,\n requestedPermissions: RequestedPermissionEnum.FULL_READ,\n },\n ])\n ),\n async (request) =>\n this.delegationKeyMapApi.bulkShareSecureDelegationKeyMap(\n request,\n await this.accessControlKeysHeadersProvider.getAccessControlKeysHeaders(entityType)\n )\n )\n ).updatedEntityOrThrow\n }\n }\n\n // Important: to avoid potentially leaking links between entities of different types the key map calculates the secure delegation keys using the\n // same entity type as the delegation key for which they are mapping information.\n private async createSecureDelegationKeyMap(\n entityType: EntityWithDelegationTypeName,\n delegationKey: string,\n delegationMembersDetails: DelegationMembersDetails,\n delegates: string[]\n ) {\n if (!delegationMembersDetails.delegate || !delegationMembersDetails.delegator || !delegationMembersDetails.accessControlSecret)\n throw new Error('Illegal state: delegation members details are missing delegate, delegator or access control secret info.')\n const selfDoId = await this.dataOwnerApi.getCurrentDataOwnerId()\n // Ensure that both the delegator and delegate of the delegation this map refers tho can share it later on, even if they did not create it.\n // Usually either the delegator or delegate are the current data owner, but sometimes also the child of the delegator or delegate can do it.\n const initialDelegates = [delegationMembersDetails.delegate, delegationMembersDetails.delegator, ...delegates].filter((x) => x != selfDoId)\n const initalisedMapInfo = await this.xapis.entityWithInitialisedEncryptedMetadata<SecureDelegationKeyMap>(\n {\n id: this.cryptoPrimitives.crypto.randomUUID(),\n delegate: delegationMembersDetails.delegate,\n delegator: delegationMembersDetails.delegator,\n delegationKey: delegationKey,\n },\n entityType,\n undefined,\n undefined,\n true,\n false,\n Object.fromEntries(initialDelegates.map((x) => [x, AccessLevelEnum.READ]))\n )\n const encryptedKeyMap = await this.xapis.tryEncryptEntity(\n initalisedMapInfo.updatedEntity,\n entityType,\n this.delegationKeyMapFieldsToEncrypt,\n false,\n true,\n (x) => new SecureDelegationKeyMap(x)\n )\n await this.delegationKeyMapApi.create(\n encryptedKeyMap,\n new XHR.Header(\n ACCESS_CONTROL_KEYS_HEADER,\n await this.accessControlSecretUtils.getEncodedAccessControlKeys([delegationMembersDetails.accessControlSecret], entityType)\n )\n )\n }\n}\n"]}
@@ -1,4 +1,4 @@
1
- import { ExchangeData } from '../../icc-api/model/ExchangeData';
1
+ import { ExchangeData } from '../../icc-api/model/internal/ExchangeData';
2
2
  import { IccDataOwnerXApi } from '../icc-data-owner-x-api';
3
3
  import { BaseExchangeDataManager } from './BaseExchangeDataManager';
4
4
  import { UserEncryptionKeysManager } from './UserEncryptionKeysManager';
@@ -55,6 +55,7 @@ export interface ExchangeDataManager {
55
55
  getCachedDecryptionDataKeyByAccessControlHash(hashes: string[], entityType: EntityWithDelegationTypeName, entitySecretForeignKeys: string[]): Promise<{
56
56
  [hash: string]: {
57
57
  exchangeData: ExchangeData;
58
+ accessControlSecret: string;
58
59
  exchangeKey: CryptoKey;
59
60
  };
60
61
  }>;
@@ -75,6 +76,7 @@ export interface ExchangeDataManager {
75
76
  */
76
77
  getDecryptionDataKeyById(id: string, entityType: EntityWithDelegationTypeName | undefined, entitySecretForeignKeys: string[] | undefined, retrieveIfNotCached: boolean): Promise<{
77
78
  exchangeKey: CryptoKey | undefined;
79
+ accessControlSecret: string | undefined;
78
80
  exchangeData: ExchangeData;
79
81
  } | undefined>;
80
82
  /**
@@ -160,12 +160,15 @@ class FullyCachedExchangeDataManager extends AbstractExchangeDataManager {
160
160
  return __awaiter(this, void 0, void 0, function* () {
161
161
  function retrieveByHashesFromCaches(caches) {
162
162
  return hashes.reduce((res, hash) => {
163
- var _a;
164
163
  const id = caches.hashToId.get(hash);
165
164
  if (id) {
166
165
  const cached = caches.dataById[id];
167
- if ((_a = cached === null || cached === void 0 ? void 0 : cached.decrypted) === null || _a === void 0 ? void 0 : _a.exchangeKey) {
168
- res[hash] = { exchangeData: cached.exchangeData, exchangeKey: cached.decrypted.exchangeKey };
166
+ if (cached === null || cached === void 0 ? void 0 : cached.decrypted) {
167
+ res[hash] = {
168
+ exchangeData: cached.exchangeData,
169
+ exchangeKey: cached.decrypted.exchangeKey,
170
+ accessControlSecret: cached.decrypted.accessControlSecret,
171
+ };
169
172
  }
170
173
  }
171
174
  return res;
@@ -207,12 +210,16 @@ class FullyCachedExchangeDataManager extends AbstractExchangeDataManager {
207
210
  });
208
211
  }
209
212
  getDecryptionDataKeyById(id, entityType, entitySecretForeignKeys, retrieveIfNotCached) {
210
- var _a;
213
+ var _a, _b;
211
214
  return __awaiter(this, void 0, void 0, function* () {
212
215
  const caches = yield this.caches;
213
216
  const cachedData = caches.dataById[id];
214
217
  if (cachedData) {
215
- return { exchangeData: cachedData.exchangeData, exchangeKey: (_a = cachedData.decrypted) === null || _a === void 0 ? void 0 : _a.exchangeKey };
218
+ return {
219
+ exchangeData: cachedData.exchangeData,
220
+ exchangeKey: (_a = cachedData.decrypted) === null || _a === void 0 ? void 0 : _a.exchangeKey,
221
+ accessControlSecret: (_b = cachedData.decrypted) === null || _b === void 0 ? void 0 : _b.accessControlSecret,
222
+ };
216
223
  }
217
224
  else if (retrieveIfNotCached) {
218
225
  const data = yield this.base.getExchangeDataById(id);
@@ -220,7 +227,7 @@ class FullyCachedExchangeDataManager extends AbstractExchangeDataManager {
220
227
  throw new Error(`Could not find exchange data with id ${id}`);
221
228
  const decrypted = yield this.decryptData(data);
222
229
  this.cacheData(data, decrypted, entityType, entitySecretForeignKeys);
223
- return { exchangeData: data, exchangeKey: decrypted === null || decrypted === void 0 ? void 0 : decrypted.exchangeKey };
230
+ return { exchangeData: data, exchangeKey: decrypted === null || decrypted === void 0 ? void 0 : decrypted.exchangeKey, accessControlSecret: decrypted === null || decrypted === void 0 ? void 0 : decrypted.accessControlSecret };
224
231
  }
225
232
  else
226
233
  return undefined;
@@ -271,13 +278,7 @@ class FullyCachedExchangeDataManager extends AbstractExchangeDataManager {
271
278
  if (cached)
272
279
  return cached;
273
280
  const accessControlSecrets = Object.values(caches.dataById).flatMap((x) => (x.decrypted ? [x.decrypted.accessControlSecret] : []));
274
- const fullBuffer = new Uint8Array(accessControlSecrets.length * this.accessControlSecret.accessControlKeyLengthBytes);
275
- for (let i = 0; i < accessControlSecrets.length; i++) {
276
- const accessControlSecret = accessControlSecrets[i];
277
- const key = yield this.accessControlSecret.accessControlKeyFor(accessControlSecret, entityType, undefined);
278
- fullBuffer.set(new Uint8Array(key), i * this.accessControlSecret.accessControlKeyLengthBytes);
279
- }
280
- const fullData = (0, utils_2.ua2b64)(fullBuffer);
281
+ const fullData = yield this.accessControlSecret.getEncodedAccessControlKeys(accessControlSecrets, entityType);
281
282
  caches.entityTypeToAccessControlKeysValue[entityType] = fullData;
282
283
  return fullData;
283
284
  });
@@ -311,7 +312,6 @@ class LimitedLruCacheExchangeDataManager extends AbstractExchangeDataManager {
311
312
  });
312
313
  }
313
314
  getCachedDecryptionDataKeyByAccessControlHash(hashes, entityType, entitySecretForeignKeys) {
314
- var _a;
315
315
  return __awaiter(this, void 0, void 0, function* () {
316
316
  const res = {};
317
317
  for (const hash of hashes) {
@@ -320,8 +320,12 @@ class LimitedLruCacheExchangeDataManager extends AbstractExchangeDataManager {
320
320
  const retrieved = yield this.idToDataCache.get(dataId, () => {
321
321
  throw new Error(`Data with id ${dataId} should have been already cached.`);
322
322
  });
323
- if ((_a = retrieved === null || retrieved === void 0 ? void 0 : retrieved.decrypted) === null || _a === void 0 ? void 0 : _a.exchangeKey) {
324
- res[hash] = { exchangeData: retrieved.exchangeData, exchangeKey: retrieved.decrypted.exchangeKey };
323
+ if (retrieved.decrypted) {
324
+ res[hash] = {
325
+ exchangeData: retrieved.exchangeData,
326
+ exchangeKey: retrieved.decrypted.exchangeKey,
327
+ accessControlSecret: retrieved.decrypted.accessControlSecret,
328
+ };
325
329
  }
326
330
  }
327
331
  }
@@ -345,7 +349,7 @@ class LimitedLruCacheExchangeDataManager extends AbstractExchangeDataManager {
345
349
  });
346
350
  }
347
351
  getDecryptionDataKeyById(id, entityType, entitySecretForeignKeys, retrieveIfNotCached) {
348
- var _a;
352
+ var _a, _b;
349
353
  return __awaiter(this, void 0, void 0, function* () {
350
354
  const cached = yield this.idToDataCache.getIfCachedJob(id);
351
355
  if (cached) {
@@ -364,7 +368,11 @@ class LimitedLruCacheExchangeDataManager extends AbstractExchangeDataManager {
364
368
  }
365
369
  return { item: toUpdate, onEviction: (b) => this.doOnEvictionJob(b, toUpdate) };
366
370
  }), () => true);
367
- return { exchangeData: updated.exchangeData, exchangeKey: (_a = updated.decrypted) === null || _a === void 0 ? void 0 : _a.exchangeKey };
371
+ return {
372
+ exchangeData: updated.exchangeData,
373
+ exchangeKey: (_a = updated.decrypted) === null || _a === void 0 ? void 0 : _a.exchangeKey,
374
+ accessControlSecret: (_b = updated.decrypted) === null || _b === void 0 ? void 0 : _b.accessControlSecret,
375
+ };
368
376
  }
369
377
  else if (retrieveIfNotCached) {
370
378
  return yield this.idToDataCache
@@ -383,7 +391,7 @@ class LimitedLruCacheExchangeDataManager extends AbstractExchangeDataManager {
383
391
  }
384
392
  }));
385
393
  }))
386
- .then((x) => { var _a; return ({ exchangeData: x.exchangeData, exchangeKey: (_a = x.decrypted) === null || _a === void 0 ? void 0 : _a.exchangeKey }); });
394
+ .then((x) => { var _a, _b; return ({ exchangeData: x.exchangeData, exchangeKey: (_a = x.decrypted) === null || _a === void 0 ? void 0 : _a.exchangeKey, accessControlSecret: (_b = x.decrypted) === null || _b === void 0 ? void 0 : _b.accessControlSecret }); });
387
395
  }
388
396
  else
389
397
  return undefined;