@icure/api 8.0.0-RC.3 → 8.0.0-RC.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (58) hide show
  1. package/icc-api/api/IccInsuranceApi.d.ts +2 -0
  2. package/icc-api/api/IccInsuranceApi.js +12 -0
  3. package/icc-api/api/IccInsuranceApi.js.map +1 -1
  4. package/icc-api/api/{IccExchangeDataApi.d.ts → internal/IccExchangeDataApi.d.ts} +4 -4
  5. package/icc-api/api/{IccExchangeDataApi.js → internal/IccExchangeDataApi.js} +5 -5
  6. package/icc-api/api/internal/IccExchangeDataApi.js.map +1 -0
  7. package/icc-api/api/{IccExchangeDataMapApi.d.ts → internal/IccExchangeDataMapApi.d.ts} +4 -4
  8. package/icc-api/api/{IccExchangeDataMapApi.js → internal/IccExchangeDataMapApi.js} +5 -5
  9. package/icc-api/api/internal/IccExchangeDataMapApi.js.map +1 -0
  10. package/icc-api/api/internal/IccRecoveryDataApi.d.ts +19 -0
  11. package/icc-api/api/internal/IccRecoveryDataApi.js +83 -0
  12. package/icc-api/api/internal/IccRecoveryDataApi.js.map +1 -0
  13. package/icc-api/api/{IccSecureDelegationKeyMapApi.d.ts → internal/IccSecureDelegationKeyMapApi.d.ts} +6 -6
  14. package/icc-api/api/{IccSecureDelegationKeyMapApi.js → internal/IccSecureDelegationKeyMapApi.js} +5 -5
  15. package/icc-api/api/internal/IccSecureDelegationKeyMapApi.js.map +1 -0
  16. package/icc-api/model/PaginatedListInsurance.d.ts +20 -0
  17. package/icc-api/model/PaginatedListInsurance.js +10 -0
  18. package/icc-api/model/PaginatedListInsurance.js.map +1 -0
  19. package/icc-api/model/User.d.ts +19 -0
  20. package/icc-api/model/User.js +6 -0
  21. package/icc-api/model/User.js.map +1 -1
  22. package/icc-api/model/internal/ExchangeData.d.ts +20 -4
  23. package/icc-api/model/internal/ExchangeData.js +8 -2
  24. package/icc-api/model/internal/ExchangeData.js.map +1 -1
  25. package/icc-api/model/internal/RecoveryData.d.ts +47 -0
  26. package/icc-api/model/internal/RecoveryData.js +34 -0
  27. package/icc-api/model/internal/RecoveryData.js.map +1 -0
  28. package/icc-x-api/auth/JwtBridgedAuthService.d.ts +1 -0
  29. package/icc-x-api/auth/JwtBridgedAuthService.js +10 -3
  30. package/icc-x-api/auth/JwtBridgedAuthService.js.map +1 -1
  31. package/icc-x-api/crypto/BaseExchangeDataManager.d.ts +37 -25
  32. package/icc-x-api/crypto/BaseExchangeDataManager.js +123 -64
  33. package/icc-x-api/crypto/BaseExchangeDataManager.js.map +1 -1
  34. package/icc-x-api/crypto/CryptoPrimitives.d.ts +3 -0
  35. package/icc-x-api/crypto/CryptoPrimitives.js +5 -0
  36. package/icc-x-api/crypto/CryptoPrimitives.js.map +1 -1
  37. package/icc-x-api/crypto/DelegationsDeAnonymization.js +1 -1
  38. package/icc-x-api/crypto/DelegationsDeAnonymization.js.map +1 -1
  39. package/icc-x-api/crypto/ExchangeDataManager.js +14 -6
  40. package/icc-x-api/crypto/ExchangeDataManager.js.map +1 -1
  41. package/icc-x-api/crypto/ExchangeDataMapManager.d.ts +1 -1
  42. package/icc-x-api/crypto/ExchangeDataMapManager.js.map +1 -1
  43. package/icc-x-api/crypto/HMACUtils.d.ts +10 -0
  44. package/icc-x-api/crypto/HMACUtils.js +48 -0
  45. package/icc-x-api/crypto/HMACUtils.js.map +1 -0
  46. package/icc-x-api/crypto/SecureDelegationsManager.js +3 -0
  47. package/icc-x-api/crypto/SecureDelegationsManager.js.map +1 -1
  48. package/icc-x-api/icc-icure-maintenance-x-api.d.ts +1 -1
  49. package/icc-x-api/icc-icure-maintenance-x-api.js.map +1 -1
  50. package/icc-x-api/icc-recovery-x-api.d.ts +0 -0
  51. package/icc-x-api/icc-recovery-x-api.js +2 -0
  52. package/icc-x-api/icc-recovery-x-api.js.map +1 -0
  53. package/icc-x-api/index.js +2 -2
  54. package/icc-x-api/index.js.map +1 -1
  55. package/package.json +1 -1
  56. package/icc-api/api/IccExchangeDataApi.js.map +0 -1
  57. package/icc-api/api/IccExchangeDataMapApi.js.map +0 -1
  58. package/icc-api/api/IccSecureDelegationKeyMapApi.js.map +0 -1
@@ -1 +1 @@
1
- {"version":3,"file":"BaseExchangeDataManager.js","sourceRoot":"","sources":["../../../icc-x-api/crypto/BaseExchangeDataManager.ts"],"names":[],"mappings":";;;;;;;;;;;;AAEA,4EAAwE;AAExE,+CAA2C;AAC3C,IAAO,QAAQ,GAAG,SAAG,CAAC,QAAQ,CAAA;AAE9B,oCAA6E;AAC7E,4BAA2B;AAC3B,mCAA4D;AAE5D;;;;GAIG;AACH,MAAa,uBAAuB;IAClC,YACW,GAAuB,EACf,YAA8B,EAC9B,UAA4B,EAC5B,gCAAyC;QAHjD,QAAG,GAAH,GAAG,CAAoB;QACf,iBAAY,GAAZ,YAAY,CAAkB;QAC9B,eAAU,GAAV,UAAU,CAAkB;QAC5B,qCAAgC,GAAhC,gCAAgC,CAAS;IACzD,CAAC;IAEJ;;;;;;OAMG;IACG,8CAA8C;;;YAClD,IAAI,CAAC,IAAI,CAAC,gCAAgC;gBAAE,OAAO,SAAS,CAAA;YAC5D,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,qBAAqB,EAAE,CAAA;YACnE,IAAI,YAAY,GAAG,MAAM,IAAI,CAAC,GAAG,CAAC,4BAA4B,CAAC,WAAW,EAAE,SAAS,EAAE,IAAI,CAAC,CAAA;YAC5F,MAAM,YAAY,GAAG,MAAA,YAAY,CAAC,IAAI,mCAAI,EAAE,CAAA;YAC5C,OAAO,MAAA,YAAY,CAAC,WAAW,0CAAE,aAAa,EAAE;gBAC9C,YAAY,GAAG,MAAM,IAAI,CAAC,GAAG,CAAC,4BAA4B,CAAC,WAAW,EAAE,YAAY,CAAC,WAAW,CAAC,aAAa,EAAE,IAAI,CAAC,CAAA;gBACrH,IAAI,YAAY,CAAC,IAAI;oBAAE,YAAY,CAAC,IAAI,CAAC,GAAG,YAAY,CAAC,IAAI,CAAC,CAAA;aAC/D;YACD,OAAO,YAAY,CAAA;;KACpB;IAED;;;;;OAKG;IACG,sCAAsC,CAAC,WAAmB,EAAE,UAAkB;;YAClF,OAAO,MAAM,IAAI,CAAC,GAAG,CAAC,kCAAkC,CAAC,WAAW,EAAE,UAAU,CAAC,CAAA;QACnF,CAAC;KAAA;IAED;;;;OAIG;IACG,mBAAmB,CAAC,cAAsB;;YAC9C,OAAO,MAAM,IAAI,CAAC,GAAG,CAAC,mBAAmB,CAAC,cAAc,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE;gBACpE,IAAI,CAAC,YAAY,QAAQ,IAAI,CAAC,CAAC,UAAU,KAAK,GAAG,EAAE;oBACjD,OAAO,SAAS,CAAA;iBACjB;;oBAAM,MAAM,CAAC,CAAA;YAChB,CAAC,CAAC,CAAA;QACJ,CAAC;KAAA;IAED;;;;;;;;;OASG;IACG,0BAA0B,CAC9B,YAA4B,EAC5B,kBAAoF;;YAEpF,MAAM,QAAQ,GAAmB,EAAE,CAAA;YACnC,KAAK,MAAM,EAAE,IAAI,YAAY,EAAE;gBAC7B,IAAI,MAAM,IAAI,CAAC,kBAAkB,CAAC,EAAE,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,kBAAkB,CAAC,CAAC,CAAC,CAAC;oBAAE,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;aACvF;YACD,OAAO,QAAQ,CAAA;QACjB,CAAC;KAAA;IAED;;;;;;;;OAQG;IACG,kBAAkB,CACtB,YAA0B,EAC1B,kBAAoF;;YAEpF,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,qBAAqB,EAAE,CAAA;YACnE,IAAI,YAAY,CAAC,SAAS,KAAK,WAAW;gBAAE,OAAO,KAAK,CAAA;YACxD,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,YAAY,CAAC,CAAA;YAC1D,KAAK,MAAM,CAAC,EAAE,EAAE,SAAS,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,YAAY,CAAC,SAAS,CAAC,EAAE;gBACpE,MAAM,eAAe,GAAG,MAAM,kBAAkB,CAAC,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAA;gBAC/D,IAAI,eAAe,IAAI,CAAC,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,eAAe,CAAC,eAAe,EAAE,IAAA,eAAO,EAAC,SAAS,CAAC,EAAE,aAAa,CAAC,CAAC;oBAAE,OAAO,IAAI,CAAA;aACpI;YACD,OAAO,KAAK,CAAA;QACd,CAAC;KAAA;IAED;;;;;;;;;OASG;IACG,6BAA6B,CACjC,YAA4B,EAC5B,cAAsE;;YAKtE,OAAO,MAAM,IAAI,CAAC,sBAAsB,CACtC,YAAY,EACZ,cAAc,EACd,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,mBAAmB,EAC9B,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,yBAAyB,CAAC,IAAI,UAAU,CAAC,CAAC,CAAC,CAAC,CACzD,CAAA;QACH,CAAC;KAAA;IAED;;;;;;;OAOG;IACG,sBAAsB,CAC1B,YAA4B,EAC5B,cAAsE;;YAKtE,OAAO,MAAM,IAAI,CAAC,sBAAsB,CACtC,YAAY,EACZ,cAAc,EACd,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,WAAW,EACtB,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,iBAAiB,CAAC,IAAI,UAAU,CAAC,CAAC,CAAC,CAAC,CACjD,CAAA;QACH,CAAC;KAAA;IAEa,sBAAsB,CAClC,YAA4B,EAC5B,cAAsE,EACtE,qBAAuF,EACvF,kBAA0D;;YAK1D,MAAM,qBAAqB,GAAQ,EAAE,CAAA;YACrC,MAAM,iBAAiB,GAAmB,EAAE,CAAA;YAC5C,KAAK,MAAM,EAAE,IAAI,YAAY,EAAE;gBAC7B,IAAI;oBACF,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,qBAAqB,CAAC,EAAE,CAAC,EAAE,cAAc,CAAC,CAAA;oBAClF,IAAI,SAAS,EAAE;wBACb,qBAAqB,CAAC,IAAI,CAAC,MAAM,kBAAkB,CAAC,SAAS,CAAC,CAAC,CAAA;qBAChE;yBAAM;wBACL,iBAAiB,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;qBAC3B;iBACF;gBAAC,OAAO,CAAC,EAAE;oBACV,iBAAiB,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;iBAC3B;aACF;YACD,OAAO,EAAE,qBAAqB,EAAE,iBAAiB,EAAE,CAAA;QACrD,CAAC;KAAA;IAEa,UAAU,CACtB,aAAyD,EACzD,cAAwE;;;YAExE,MAAM,sBAAsB,GAAG,MAAM,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,EAAE,EAAE;gBAC7E,uCACK,IAAI,KACP,CAAC,IAAA,uBAAe,EAAC,EAAE,CAAC,CAAC,CAAC,CAAC,IAAA,yBAAiB,EAAC,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,cAAc,CAAC,EAAE,CAAC,IACvE;YACH,CAAC,EAAE,EAA4D,CAAC,CAAA;YAChE,KAAK,MAAM,CAAC,EAAE,EAAE,SAAS,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,aAAa,CAAC,EAAE;gBAC3D,IAAI;oBACF,MAAM,GAAG,GAAG,MAAA,sBAAsB,CAAC,EAAE,CAAC,0CAAE,UAAU,CAAA;oBAClD,IAAI,GAAG;wBAAE,OAAO,IAAA,cAAM,EAAC,IAAA,eAAO,EAAC,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,EAAE,IAAA,eAAO,EAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAA;iBAC5F;gBAAC,OAAO,CAAC,EAAE;oBACV,uBAAuB;iBACxB;aACF;;KACF;IAED;;;;;;;;OAQG;IACG,kBAAkB,CACtB,UAAkB,EAClB,aAA0D,EAC1D,cAA2D,EAC3D,qBAEI,EAAE;;;YAMN,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,MAAM,EAAE;gBAC7E,MAAM,IAAI,KAAK,CAAC,8CAA8C,CAAC,CAAA;aAChE;YACD,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,mBAAmB,EAAE,CAAA;YACpD,MAAM,mBAAmB,GAAG,MAAM,IAAI,CAAC,2BAA2B,EAAE,CAAA;YACpE,MAAM,oBAAoB,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,WAAW,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAA;YACjG,MAAM,4BAA4B,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,mBAAmB,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAA;YACjH,MAAM,gBAAgB,GAAG;gBACvB,EAAE,EAAE,MAAA,kBAAkB,CAAC,EAAE,mCAAI,IAAI,CAAC,UAAU,CAAC,UAAU,EAAE;gBACzD,SAAS,EAAE,MAAM,IAAI,CAAC,YAAY,CAAC,qBAAqB,EAAE;gBAC1D,QAAQ,EAAE,UAAU;gBACpB,WAAW,EAAE,oBAAoB;gBACjC,mBAAmB,EAAE,4BAA4B;aAClD,CAAA;YACD,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,MAAM,IAAI,CAAC,WAAW,CAAC,gBAAgB,CAAC,EAAE,aAAa,CAAC,CAAA;YACtG,MAAM,YAAY,GAAG,IAAI,2BAAY,iCAAM,gBAAgB,KAAE,SAAS,IAAG,CAAA;YACzE,OAAO;gBACL,YAAY,EAAE,MAAM,IAAI,CAAC,GAAG,CAAC,kBAAkB,CAAC,YAAY,CAAC;gBAC7D,WAAW,EAAE,WAAW,CAAC,GAAG;gBAC5B,mBAAmB,EAAE,mBAAmB,CAAC,MAAM;aAChD,CAAA;;KACF;IAED;;;;;;;;;;;;;;;;OAgBG;IACG,qBAAqB,CACzB,YAA0B,EAC1B,cAAsE,EACtE,iBAA8D,EAC9D,aAA0D,EAC1D,kBAAoF;;YASpF,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,qBAAqB,EAAE,CAAA;YACnE,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,YAAY,CAAC,WAAW,EAAE,cAAc,CAAC,CAAA;YACtF,MAAM,sBAAsB,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,YAAY,CAAC,mBAAmB,EAAE,cAAc,CAAC,CAAA;YACtG,IAAI,CAAC,cAAc,IAAI,CAAC,sBAAsB;gBAAE,OAAO,SAAS,CAAA;YAChE,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,IAAI,UAAU,CAAC,cAAc,CAAC,CAAC,CAAA;YAChF,MAAM,mBAAmB,GAAG,MAAM,IAAI,CAAC,yBAAyB,CAAC,IAAI,UAAU,CAAC,sBAAsB,CAAC,CAAC,CAAA;YACxG,MAAM,0BAA0B,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,WAAW,CAAC,CAAC,CAAA;YACjF,MAAM,kBAAkB,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,mBAAmB,CAAC,CAAC,CAAA;YACjF,MAAM,cAAc,GAAG,MAAM,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC,MAAM,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,kBAAkB,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,0BAA0B,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAA;YACxI,IAAI,CAAC,cAAc,CAAC,MAAM;gBAAE,OAAO,EAAE,YAAY,EAAE,WAAW,EAAE,mBAAmB,EAAE,CAAA;YACrF,MAAM,+BAA+B,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,EAAE,EAAE,EAAE;gBACxE,GAAG,CAAC,EAAE,CAAC,GAAG,iBAAiB,CAAC,EAAE,CAAC,CAAA;gBAC/B,OAAO,GAAG,CAAA;YACZ,CAAC,EAAE,EAAiD,CAAC,CAAA;YACrD,MAAM,UAAU,GAAG,YAAY,CAAC,SAAS,IAAI,WAAW,IAAI,CAAC,MAAM,IAAI,CAAC,kBAAkB,CAAC,YAAY,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,kBAAkB,CAAC,EAAE,CAAC,CAAC,CAAC,CAAA;YACzI,MAAM,mBAAmB,GAAG,CAAC,CAAC,SAAS,CAAC,YAAY,CAAC,CAAA;YACrD,mBAAmB,CAAC,WAAW,mCAC1B,YAAY,CAAC,WAAW,GACxB,CAAC,MAAM,IAAI,CAAC,mBAAmB,CAAC,cAAc,EAAE,+BAA+B,CAAC,CAAC,CACrF,CAAA;YACD,mBAAmB,CAAC,mBAAmB,mCAClC,YAAY,CAAC,mBAAmB,GAChC,CAAC,MAAM,IAAI,CAAC,mBAAmB,CAAC,sBAAsB,EAAE,+BAA+B,CAAC,CAAC,CAC7F,CAAA;YACD,IAAI,UAAU,EAAE;gBACd,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,mBAAmB,CAAC,CAAA;gBACjE,mBAAmB,CAAC,SAAS,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,aAAa,EAAE,aAAa,CAAC,CAAA;aAC1F;YACD,OAAO,EAAE,YAAY,EAAE,MAAM,IAAI,CAAC,GAAG,CAAC,kBAAkB,CAAC,IAAI,2BAAY,CAAC,mBAAmB,CAAC,CAAC,EAAE,WAAW,EAAE,mBAAmB,EAAE,CAAA;QACrI,CAAC;KAAA;IAED,sGAAsG;IACtG,mHAAmH;IACnH,iBAAiB;IACH,WAAW,CAAC,YAKzB;;YACC,SAAS,UAAU,CAAC,GAA4B;gBAC9C,OAAO,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC;qBACpB,IAAI,EAAE;qBACN,MAAM,CAAC,CAAC,MAAM,EAAE,GAAG,EAAE,EAAE;oBACtB,OAAO,CAAC,GAAG,MAAM,EAAE,CAAC,GAAG,EAAE,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,CAAA;gBACrC,CAAC,EAAE,EAAwB,CAAC,CAAA;YAChC,CAAC;YACD,MAAM,UAAU,GAAG;gBACjB,CAAC,WAAW,EAAE,YAAY,CAAC,SAAS,CAAC;gBACrC,CAAC,UAAU,EAAE,YAAY,CAAC,QAAQ,CAAC;gBACnC,CAAC,aAAa,EAAE,UAAU,CAAC,YAAY,CAAC,WAAW,CAAC,CAAC;gBACrD,CAAC,qBAAqB,EAAE,UAAU,CAAC,YAAY,CAAC,mBAAmB,CAAC,CAAC;aACtE,CAAA;YACD,MAAM,QAAQ,GAAG,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,CAAA;YAC3C,OAAO,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,IAAA,gBAAQ,EAAC,QAAQ,CAAC,CAAC,CAAA;QACnD,CAAC;KAAA;IAED,+BAA+B;IACjB,mBAAmB;;YAI/B,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC,CAAA;YACtD,OAAO;gBACL,GAAG,EAAE,MAAM,IAAI,CAAC,iBAAiB,CAAC,QAAQ,CAAC;gBAC3C,QAAQ;aACT,CAAA;QACH,CAAC;KAAA;IAEa,iBAAiB,CAAC,cAA2B;;YACzD,OAAO,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,SAAS,CAAC,KAAK,EAAE,cAAc,CAAC,CAAA;QACnE,CAAC;KAAA;IAED,wCAAwC;IAC1B,2BAA2B;;YAIvC,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC,CAAA;YACtD,OAAO;gBACL,MAAM,EAAE,MAAM,IAAI,CAAC,yBAAyB,CAAC,QAAQ,CAAC;gBACtD,QAAQ;aACT,CAAA;QACH,CAAC;KAAA;IAEO,yBAAyB,CAAC,cAA2B;QAC3D,OAAO,OAAO,CAAC,OAAO,CAAC,IAAA,cAAM,EAAC,cAAc,CAAC,CAAC,CAAA;IAChD,CAAC;IAEa,mBAAmB,CAC/B,OAAoB,EACpB,IAAmD;;YAEnD,MAAM,GAAG,GAA+C,EAAE,CAAA;YAC1D,KAAK,MAAM,CAAC,EAAE,EAAE,GAAG,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE;gBAC5C,GAAG,CAAC,IAAA,uBAAe,EAAC,EAAE,CAAC,CAAC,CAAC,CAAC,IAAA,yBAAiB,EAAC,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,GAAG,IAAA,cAAM,EAAC,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,EAAE,IAAA,gBAAQ,EAAC,IAAA,cAAM,EAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAA;aAClI;YACD,OAAO,GAAG,CAAA;QACZ,CAAC;KAAA;IAEa,gBAAgB,CAC5B,OAAoB,EACpB,IAAiD;;YAEjD,MAAM,GAAG,GAA6C,EAAE,CAAA;YACxD,KAAK,MAAM,CAAC,EAAE,EAAE,GAAG,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE;gBAC5C,GAAG,CAAC,EAAE,CAAC,GAAG,IAAA,cAAM,EAAC,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,EAAE,IAAI,UAAU,CAAC,OAAO,CAAC,CAAC,CAAC,CAAA;aAC/E;YACD,OAAO,GAAG,CAAA;QACZ,CAAC;KAAA;CACF;AArXD,0DAqXC","sourcesContent":["import { IccDataOwnerXApi } from '../icc-data-owner-x-api'\nimport { KeyPair } from './RSA'\nimport { ExchangeData } from '../../icc-api/model/internal/ExchangeData'\nimport { IccExchangeDataApi } from '../../icc-api/api/IccExchangeDataApi'\nimport { XHR } from '../../icc-api/api/XHR'\nimport XHRError = XHR.XHRError\nimport { CryptoPrimitives } from './CryptoPrimitives'\nimport { b64_2ua, hex2ua, ua2b64, ua2hex, ua2utf8, utf8_2ua } from '../utils'\nimport * as _ from 'lodash'\nimport { fingerprintV1toV2, fingerprintIsV1 } from './utils'\n\n/**\n * @internal this class is intended for internal use only and may be modified without notice\n * Functions to create and get exchange data.\n * The methods of this api require to pass the appropriate keys for encryption/decryption manually.\n */\nexport class BaseExchangeDataManager {\n constructor(\n readonly api: IccExchangeDataApi,\n private readonly dataOwnerApi: IccDataOwnerXApi,\n private readonly primitives: CryptoPrimitives,\n private readonly selfRequiresAnonymousDelegations: boolean\n ) {}\n\n /**\n * Get all the exchange data where the current data owner is the delegator or the delegate. However, some data owners, generally HCPs, may have a\n * prohibitively high amount of exchange data. If the crypto strategies specify that the current data owner requires anonymous delegation this\n * method returns all the exchange data found for the data owner, else the method returns undefined.\n * @return all the exchange data for the current data owner or undefined if the crypto strategies don't allow to retrieve all data for the current\n * data owner.\n */\n async getAllExchangeDataForCurrentDataOwnerIfAllowed(): Promise<ExchangeData[] | undefined> {\n if (!this.selfRequiresAnonymousDelegations) return undefined\n const dataOwnerId = await this.dataOwnerApi.getCurrentDataOwnerId()\n let latestResult = await this.api.getExchangeDataByParticipant(dataOwnerId, undefined, 1000)\n const allRetrieved = latestResult.rows ?? []\n while (latestResult.nextKeyPair?.startKeyDocId) {\n latestResult = await this.api.getExchangeDataByParticipant(dataOwnerId, latestResult.nextKeyPair.startKeyDocId, 1000)\n if (latestResult.rows) allRetrieved.push(...latestResult.rows)\n }\n return allRetrieved\n }\n\n /**\n * Get all exchange data for the provided delegator-delegate pair.\n * @param delegatorId id of a delegator data owner.\n * @param delegateId id of a delegate data owner.\n * @return all exchange data for the provided delegator-delegate pair.\n */\n async getExchangeDataByDelegatorDelegatePair(delegatorId: string, delegateId: string): Promise<ExchangeData[]> {\n return await this.api.getExchangeDataByDelegatorDelegate(delegatorId, delegateId)\n }\n\n /**\n * Get the exchange data with the provided id.\n * @param exchangeDataId id of the exchange data.\n * @return the exchange data with the provided id or undefined if no exchange data with such id could be found.\n */\n async getExchangeDataById(exchangeDataId: string): Promise<ExchangeData | undefined> {\n return await this.api.getExchangeDataById(exchangeDataId).catch((e) => {\n if (e instanceof XHRError && e.statusCode === 404) {\n return undefined\n } else throw e\n })\n }\n\n /**\n * Filters exchange data returning only the instances that could be verified using their signature and the provided verification\n * keys.\n * Note that all exchange data created by data owners other than the current data owner (including members of his hierarchy)\n * will always be unverified.\n * @param exchangeData the exchange data to verify.\n * @param getVerificationKey function to retrieve keys to use for verification by fingerprint.\n * @return the exchange data which could be verified given his signature and the available verification keys.\n * @throws if any of the provided exchange data has been created by a data owner other than the current data owner.\n */\n async filterVerifiedExchangeData(\n exchangeData: ExchangeData[],\n getVerificationKey: (publicKeyFingerprint: string) => Promise<CryptoKey | undefined>\n ): Promise<ExchangeData[]> {\n const verified: ExchangeData[] = []\n for (const ed of exchangeData) {\n if (await this.verifyExchangeData(ed, (x) => getVerificationKey(x))) verified.push(ed)\n }\n return verified\n }\n\n /**\n * Verifies the authenticity of the exchange data by checking the signature.\n * Note that all exchange data created by data owners other than the current data owner (including members of his hierarchy)\n * will always be unverified.\n * @param exchangeData the exchange data to verify.\n * @param getVerificationKey function to retrieve keys to use for verification by fingerprint.\n * @return the exchange data which could be verified given his signature and the available verification keys.\n * @throws if any of the provided exchange data has been created by a data owner other than the current data owner.\n */\n async verifyExchangeData(\n exchangeData: ExchangeData,\n getVerificationKey: (publicKeyFingerprint: string) => Promise<CryptoKey | undefined>\n ): Promise<boolean> {\n const dataOwnerId = await this.dataOwnerApi.getCurrentDataOwnerId()\n if (exchangeData.delegator !== dataOwnerId) return false\n const signatureData = await this.bytesToSign(exchangeData)\n for (const [fp, signature] of Object.entries(exchangeData.signature)) {\n const verificationKey = await getVerificationKey(fp.slice(-32))\n if (verificationKey && (await this.primitives.RSA.verifySignature(verificationKey, b64_2ua(signature), signatureData))) return true\n }\n return false\n }\n\n /**\n * Extracts and decrypts the access control secret from the provided exchange data.\n * These need to be hashed together with the entity class and confidentiality level in order to get the actual access control key\n * which will be sent to the server.\n * @param exchangeData the exchange data from which to extract access control secrets.\n * @param decryptionKeys rsa key pairs to use for decryption of the access control secret.\n * @return an object composed of:\n * - successfulDecryptions: array of all successfully decrypted access control keys\n * - failedDecryptions: array containing all exchange data for which the access control key could not be decrypted (using the provided keys).\n */\n async tryDecryptAccessControlSecret(\n exchangeData: ExchangeData[],\n decryptionKeys: { [publicKeyFingerprint: string]: KeyPair<CryptoKey> }\n ): Promise<{\n successfulDecryptions: string[]\n failedDecryptions: ExchangeData[]\n }> {\n return await this.tryDecryptExchangeData(\n exchangeData,\n decryptionKeys,\n (ed) => ed.accessControlSecret,\n (d) => this.importAccessControlSecret(new Uint8Array(d))\n )\n }\n\n /**\n * Extract and decrypts the exchange keys from the provided exchange data.\n * @param exchangeData the exchange data from which to extract exchange keys.\n * @param decryptionKeys rsa key pairs to use for the decryption of the exchange keys.\n * @return an object composed of:\n * - successfulDecryptions: array containing the successfully decrypted exchange keys.\n * - failedDecryptions: array containing all exchange data for which the access control key could not be decrypted (using the provided keys).\n */\n async tryDecryptExchangeKeys(\n exchangeData: ExchangeData[],\n decryptionKeys: { [publicKeyFingerprint: string]: KeyPair<CryptoKey> }\n ): Promise<{\n successfulDecryptions: CryptoKey[]\n failedDecryptions: ExchangeData[]\n }> {\n return await this.tryDecryptExchangeData(\n exchangeData,\n decryptionKeys,\n (ed) => ed.exchangeKey,\n (d) => this.importExchangeKey(new Uint8Array(d))\n )\n }\n\n private async tryDecryptExchangeData<T>(\n exchangeData: ExchangeData[],\n decryptionKeys: { [publicKeyFingerprint: string]: KeyPair<CryptoKey> },\n encryptedDataSelector: (data: ExchangeData) => { [keyPairFingerprint: string]: string },\n unmarshalDecrypted: (decrypted: ArrayBuffer) => Promise<T>\n ): Promise<{\n successfulDecryptions: T[]\n failedDecryptions: ExchangeData[]\n }> {\n const successfulDecryptions: T[] = []\n const failedDecryptions: ExchangeData[] = []\n for (const ed of exchangeData) {\n try {\n const decrypted = await this.tryDecrypt(encryptedDataSelector(ed), decryptionKeys)\n if (decrypted) {\n successfulDecryptions.push(await unmarshalDecrypted(decrypted))\n } else {\n failedDecryptions.push(ed)\n }\n } catch (e) {\n failedDecryptions.push(ed)\n }\n }\n return { successfulDecryptions, failedDecryptions }\n }\n\n private async tryDecrypt(\n encryptedData: { [keyPairFingerprintV2: string]: string },\n decryptionKeys: { [publicKeyFingerprintV1: string]: KeyPair<CryptoKey> }\n ): Promise<ArrayBuffer | undefined> {\n const decryptionKeysWithV2Fp = Object.keys(decryptionKeys).reduce((prev, fp) => {\n return {\n ...prev,\n [fingerprintIsV1(fp) ? fingerprintV1toV2(fp) : fp]: decryptionKeys[fp],\n }\n }, {} as { [publicKeyFingerprint: string]: KeyPair<CryptoKey> })\n for (const [fp, encrypted] of Object.entries(encryptedData)) {\n try {\n const key = decryptionKeysWithV2Fp[fp]?.privateKey\n if (key) return hex2ua(ua2utf8(await this.primitives.RSA.decrypt(key, b64_2ua(encrypted))))\n } catch (e) {\n // Try with another key\n }\n }\n }\n\n /**\n * Creates exchange data from the current data owner to the provided delegate, uploading the newly created exchange data to the cloud.\n * This assumes that the keys have been verified.\n * @param delegateId id of the delegate for the new exchange data.\n * @param signatureKeys private keys to use for signing the created data.\n * @param encryptionKeys public keys to use for the encryption of the exchange data (from delegator and delegate).\n * @param optionalAttributes optional precalculated attributes for the creation of data\n * @return the newly created exchange data, and its decrypted exchange key and access control secret.\n */\n async createExchangeData(\n delegateId: string,\n signatureKeys: { [keyPairFingerprint: string]: CryptoKey },\n encryptionKeys: { [keyPairFingerprint: string]: CryptoKey },\n optionalAttributes: {\n id?: string\n } = {}\n ): Promise<{\n exchangeData: ExchangeData\n exchangeKey: CryptoKey\n accessControlSecret: string\n }> {\n if (!Object.keys(signatureKeys).length || !Object.keys(encryptionKeys).length) {\n throw new Error('Must specify at least one signature key and ')\n }\n const exchangeKey = await this.generateExchangeKey()\n const accessControlSecret = await this.generateAccessControlSecret()\n const encryptedExchangeKey = await this.encryptDataWithKeys(exchangeKey.rawBytes, encryptionKeys)\n const encryptedAccessControlSecret = await this.encryptDataWithKeys(accessControlSecret.rawBytes, encryptionKeys)\n const baseExchangeData = {\n id: optionalAttributes.id ?? this.primitives.randomUuid(),\n delegator: await this.dataOwnerApi.getCurrentDataOwnerId(),\n delegate: delegateId,\n exchangeKey: encryptedExchangeKey,\n accessControlSecret: encryptedAccessControlSecret,\n }\n const signature = await this.signDataWithKeys(await this.bytesToSign(baseExchangeData), signatureKeys)\n const exchangeData = new ExchangeData({ ...baseExchangeData, signature })\n return {\n exchangeData: await this.api.createExchangeData(exchangeData),\n exchangeKey: exchangeKey.key,\n accessControlSecret: accessControlSecret.secret,\n }\n }\n\n /**\n * Updates existing exchange data and uploads it to the cloud in order to share it also with additional public keys, useful for example in cases\n * where one of the data owners involved in the exchange data has lost one of his keys.\n * If the content of the exchange data could not be decrypted using the provided keys the method will not update anything and will return undefined.\n * This method assumes that the new encryption keys have been verified.\n * If the current data owner is also the delegator of the provided exchange data and at least one of the verification keys can be used to\n * validate the current exchange data then the signature will be updated using the signature keys.\n * Instead, if the current data owner is not the delegator of the provided exchange data, or the exchange data could not be verified using\n * the provided verification keys then the updated exchange data will become unverified, and won't ever be verifiable again.\n * @param exchangeData exchange data to update.\n * @param decryptionKeys keys to use to extract the content of the exchange data which will be shared with the new keys.\n * @param signatureKeys keys to use for the new signature of the updated exchange data.\n * @param newEncryptionKeys new keys to add to the exchange data.\n * @param getVerificationKey function to retrieve keys to use for verification by fingerprint.\n * @return the updated exchange data, and its decrypted exchange key and access control secret, or undefined if the exchange data content could not\n * be decrypted and the exchange data could not be updated.\n */\n async tryUpdateExchangeData(\n exchangeData: ExchangeData,\n decryptionKeys: { [publicKeyFingerprint: string]: KeyPair<CryptoKey> },\n newEncryptionKeys: { [keyPairFingerprint: string]: CryptoKey },\n signatureKeys: { [keyPairFingerprint: string]: CryptoKey },\n getVerificationKey: (publicKeyFingerprint: string) => Promise<CryptoKey | undefined>\n ): Promise<\n | {\n exchangeData: ExchangeData\n exchangeKey: CryptoKey\n accessControlSecret: string\n }\n | undefined\n > {\n const dataOwnerId = await this.dataOwnerApi.getCurrentDataOwnerId()\n const rawExchangeKey = await this.tryDecrypt(exchangeData.exchangeKey, decryptionKeys)\n const rawAccessControlSecret = await this.tryDecrypt(exchangeData.accessControlSecret, decryptionKeys)\n if (!rawExchangeKey || !rawAccessControlSecret) return undefined\n const exchangeKey = await this.importExchangeKey(new Uint8Array(rawExchangeKey))\n const accessControlSecret = await this.importAccessControlSecret(new Uint8Array(rawAccessControlSecret))\n const existingExchangeKeyEntries = new Set(Object.keys(exchangeData.exchangeKey))\n const existingAcsEntries = new Set(Object.keys(exchangeData.accessControlSecret))\n const missingEntries = Object.keys(newEncryptionKeys).filter((fp) => !existingAcsEntries.has(fp) || !existingExchangeKeyEntries.has(fp))\n if (!missingEntries.length) return { exchangeData, exchangeKey, accessControlSecret }\n const encryptionKeysForMissingEntries = missingEntries.reduce((obj, fp) => {\n obj[fp] = newEncryptionKeys[fp]\n return obj\n }, {} as { [keyPairFingerprint: string]: CryptoKey })\n const isVerified = exchangeData.delegator == dataOwnerId && (await this.verifyExchangeData(exchangeData, (fp) => getVerificationKey(fp)))\n const updatedExchangeData = _.cloneDeep(exchangeData)\n updatedExchangeData.exchangeKey = {\n ...exchangeData.exchangeKey,\n ...(await this.encryptDataWithKeys(rawExchangeKey, encryptionKeysForMissingEntries)),\n }\n updatedExchangeData.accessControlSecret = {\n ...exchangeData.accessControlSecret,\n ...(await this.encryptDataWithKeys(rawAccessControlSecret, encryptionKeysForMissingEntries)),\n }\n if (isVerified) {\n const newDataToSign = await this.bytesToSign(updatedExchangeData)\n updatedExchangeData.signature = await this.signDataWithKeys(newDataToSign, signatureKeys)\n }\n return { exchangeData: await this.api.modifyExchangeData(new ExchangeData(updatedExchangeData)), exchangeKey, accessControlSecret }\n }\n\n // Gets a byte representation of the parts of exchange data which should be included in the signature.\n // Equivalent json representations of the exchange data should provide the same bytes (even if the order of entries\n // is different).\n private async bytesToSign(exchangeData: {\n delegate: string\n delegator: string\n exchangeKey: { [k: string]: string }\n accessControlSecret: { [k: string]: string }\n }): Promise<ArrayBuffer> {\n function sortObject(obj: { [k: string]: string }): [string, string][] {\n return Object.keys(obj)\n .sort()\n .reduce((sorted, key) => {\n return [...sorted, [key, obj[key]]]\n }, [] as [string, string][])\n }\n const signObject = [\n ['delegator', exchangeData.delegator],\n ['delegate', exchangeData.delegate],\n ['exchangeKey', sortObject(exchangeData.exchangeKey)],\n ['accessControlSecret', sortObject(exchangeData.accessControlSecret)],\n ]\n const signJson = JSON.stringify(signObject)\n return this.primitives.sha256(utf8_2ua(signJson))\n }\n\n // Generates a new exchange key\n private async generateExchangeKey(): Promise<{\n key: CryptoKey // the imported key\n rawBytes: ArrayBuffer // the bytes to encrypt for in the exchange data\n }> {\n const rawBytes = await this.primitives.randomBytes(32)\n return {\n key: await this.importExchangeKey(rawBytes),\n rawBytes,\n }\n }\n\n private async importExchangeKey(decryptedBytes: ArrayBuffer): Promise<CryptoKey> {\n return await this.primitives.AES.importKey('raw', decryptedBytes)\n }\n\n // Generates a new access control secret\n private async generateAccessControlSecret(): Promise<{\n secret: string // the imported secret\n rawBytes: ArrayBuffer // the bytes to encrypt for in the exchange data\n }> {\n const rawBytes = await this.primitives.randomBytes(16)\n return {\n secret: await this.importAccessControlSecret(rawBytes),\n rawBytes,\n }\n }\n\n private importAccessControlSecret(decryptedBytes: ArrayBuffer): Promise<string> {\n return Promise.resolve(ua2hex(decryptedBytes))\n }\n\n private async encryptDataWithKeys(\n rawData: ArrayBuffer,\n keys: { [keyPairFingerprintV1: string]: CryptoKey }\n ): Promise<{ [keyPairFingerprintV2: string]: string }> {\n const res: { [keyPairFingerprintV2: string]: string } = {}\n for (const [fp, key] of Object.entries(keys)) {\n res[fingerprintIsV1(fp) ? fingerprintV1toV2(fp) : fp] = ua2b64(await this.primitives.RSA.encrypt(key, utf8_2ua(ua2hex(rawData))))\n }\n return res\n }\n\n private async signDataWithKeys(\n rawData: ArrayBuffer,\n keys: { [keyPairFingerprint: string]: CryptoKey }\n ): Promise<{ [keyPairFingerprint: string]: string }> {\n const res: { [keyPairFingerprint: string]: string } = {}\n for (const [fp, key] of Object.entries(keys)) {\n res[fp] = ua2b64(await this.primitives.RSA.sign(key, new Uint8Array(rawData)))\n }\n return res\n }\n}\n"]}
1
+ {"version":3,"file":"BaseExchangeDataManager.js","sourceRoot":"","sources":["../../../icc-x-api/crypto/BaseExchangeDataManager.ts"],"names":[],"mappings":";;;;;;;;;;;;AAEA,4EAAwE;AAExE,+CAA2C;AAC3C,IAAO,QAAQ,GAAG,SAAG,CAAC,QAAQ,CAAA;AAE9B,oCAA6E;AAC7E,4BAA2B;AAC3B,mCAA4D;AAE5D;;;;GAIG;AACH,MAAa,uBAAuB;IAClC,YACW,GAAuB,EACf,YAA8B,EAC9B,UAA4B,EAC5B,gCAAyC;QAHjD,QAAG,GAAH,GAAG,CAAoB;QACf,iBAAY,GAAZ,YAAY,CAAkB;QAC9B,eAAU,GAAV,UAAU,CAAkB;QAC5B,qCAAgC,GAAhC,gCAAgC,CAAS;IACzD,CAAC;IAEJ;;;;;;OAMG;IACG,8CAA8C;;;YAClD,IAAI,CAAC,IAAI,CAAC,gCAAgC;gBAAE,OAAO,SAAS,CAAA;YAC5D,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,qBAAqB,EAAE,CAAA;YACnE,IAAI,YAAY,GAAG,MAAM,IAAI,CAAC,GAAG,CAAC,4BAA4B,CAAC,WAAW,EAAE,SAAS,EAAE,IAAI,CAAC,CAAA;YAC5F,MAAM,YAAY,GAAG,MAAA,YAAY,CAAC,IAAI,mCAAI,EAAE,CAAA;YAC5C,OAAO,MAAA,YAAY,CAAC,WAAW,0CAAE,aAAa,EAAE;gBAC9C,YAAY,GAAG,MAAM,IAAI,CAAC,GAAG,CAAC,4BAA4B,CAAC,WAAW,EAAE,YAAY,CAAC,WAAW,CAAC,aAAa,EAAE,IAAI,CAAC,CAAA;gBACrH,IAAI,YAAY,CAAC,IAAI;oBAAE,YAAY,CAAC,IAAI,CAAC,GAAG,YAAY,CAAC,IAAI,CAAC,CAAA;aAC/D;YACD,OAAO,YAAY,CAAA;;KACpB;IAED;;;;;OAKG;IACG,sCAAsC,CAAC,WAAmB,EAAE,UAAkB;;YAClF,OAAO,MAAM,IAAI,CAAC,GAAG,CAAC,kCAAkC,CAAC,WAAW,EAAE,UAAU,CAAC,CAAA;QACnF,CAAC;KAAA;IAED;;;;OAIG;IACG,mBAAmB,CAAC,cAAsB;;YAC9C,OAAO,MAAM,IAAI,CAAC,GAAG,CAAC,mBAAmB,CAAC,cAAc,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE;gBACpE,IAAI,CAAC,YAAY,QAAQ,IAAI,CAAC,CAAC,UAAU,KAAK,GAAG,EAAE;oBACjD,OAAO,SAAS,CAAA;iBACjB;;oBAAM,MAAM,CAAC,CAAA;YAChB,CAAC,CAAC,CAAA;QACJ,CAAC;KAAA;IAED;;;;;;;;;;;;;;OAcG;IACG,kBAAkB,CACtB,IAKC,EACD,kBAAoF,EACpF,iBAA0B;;YAE1B,IAAI,iBAAiB,IAAI,IAAI,CAAC,YAAY,CAAC,SAAS,KAAK,CAAC,MAAM,IAAI,CAAC,YAAY,CAAC,qBAAqB,EAAE,CAAC;gBAAE,OAAO,KAAK,CAAA;YACxH,IAAI,iBAAiB,IAAI,CAAC,CAAC,MAAM,IAAI,CAAC,wBAAwB,CAAC,IAAI,CAAC,YAAY,EAAE,IAAI,CAAC,2BAA2B,EAAE,kBAAkB,CAAC,CAAC;gBACtI,OAAO,KAAK,CAAA;YACd,MAAM,mBAAmB,GAAG,MAAM,IAAI,CAAC,6BAA6B,CAAC;gBACnE,4BAA4B,EAAE,IAAI,CAAC,4BAA4B;gBAC/D,oBAAoB,EAAE,IAAI,CAAC,oBAAoB;gBAC/C,SAAS,EAAE,IAAI,CAAC,YAAY,CAAC,SAAS;gBACtC,QAAQ,EAAE,IAAI,CAAC,YAAY,CAAC,QAAQ;gBACpC,wBAAwB,EAAE;oBACxB,GAAG,IAAI,GAAG,CAAC;wBACT,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,YAAY,CAAC,WAAW,CAAC;wBAC7C,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,YAAY,CAAC,mBAAmB,CAAC;wBACrD,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,YAAY,CAAC,kBAAkB,CAAC;qBACrD,CAAC;iBACH;aACF,CAAC,CAAA;YACF,OAAO,MAAM,IAAI,CAAC,uBAAuB,CAAC,mBAAmB,EAAE,IAAI,CAAC,2BAA2B,EAAE,IAAI,CAAC,YAAY,CAAC,eAAe,CAAC,CAAA;QACrI,CAAC;KAAA;IAED;;;;;;;;;OASG;IACG,6BAA6B,CACjC,YAA4B,EAC5B,cAAsE;;YAKtE,OAAO,MAAM,IAAI,CAAC,sBAAsB,CACtC,YAAY,EACZ,cAAc,EACd,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,mBAAmB,EAC9B,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,yBAAyB,CAAC,IAAI,UAAU,CAAC,CAAC,CAAC,CAAC,CACzD,CAAA;QACH,CAAC;KAAA;IAED;;;;;;;OAOG;IACG,sBAAsB,CAC1B,YAA4B,EAC5B,cAAsE;;YAKtE,OAAO,MAAM,IAAI,CAAC,sBAAsB,CACtC,YAAY,EACZ,cAAc,EACd,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,WAAW,EACtB,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,iBAAiB,CAAC,IAAI,UAAU,CAAC,CAAC,CAAC,CAAC,CACjD,CAAA;QACH,CAAC;KAAA;IAED;;;;;;;OAOG;IACG,6BAA6B,CACjC,YAA4B,EAC5B,cAAsE;;YAKtE,OAAO,MAAM,IAAI,CAAC,sBAAsB,CACtC,YAAY,EACZ,cAAc,EACd,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,kBAAkB,EAC7B,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,wBAAwB,CAAC,IAAI,UAAU,CAAC,CAAC,CAAC,CAAC,CACxD,CAAA;QACH,CAAC;KAAA;IAEa,sBAAsB,CAClC,YAA4B,EAC5B,cAAsE,EACtE,qBAAuF,EACvF,kBAA0D;;YAK1D,MAAM,qBAAqB,GAAQ,EAAE,CAAA;YACrC,MAAM,iBAAiB,GAAmB,EAAE,CAAA;YAC5C,KAAK,MAAM,EAAE,IAAI,YAAY,EAAE;gBAC7B,IAAI;oBACF,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,qBAAqB,CAAC,EAAE,CAAC,EAAE,cAAc,CAAC,CAAA;oBAClF,IAAI,SAAS,EAAE;wBACb,qBAAqB,CAAC,IAAI,CAAC,MAAM,kBAAkB,CAAC,SAAS,CAAC,CAAC,CAAA;qBAChE;yBAAM;wBACL,iBAAiB,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;qBAC3B;iBACF;gBAAC,OAAO,CAAC,EAAE;oBACV,iBAAiB,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;iBAC3B;aACF;YACD,OAAO,EAAE,qBAAqB,EAAE,iBAAiB,EAAE,CAAA;QACrD,CAAC;KAAA;IAEa,UAAU,CACtB,aAAyD,EACzD,cAAwE;;;YAExE,MAAM,sBAAsB,GAAG,MAAM,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,EAAE,EAAE;gBAC7E,uCACK,IAAI,KACP,CAAC,IAAA,uBAAe,EAAC,EAAE,CAAC,CAAC,CAAC,CAAC,IAAA,yBAAiB,EAAC,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,cAAc,CAAC,EAAE,CAAC,IACvE;YACH,CAAC,EAAE,EAA4D,CAAC,CAAA;YAChE,KAAK,MAAM,CAAC,EAAE,EAAE,SAAS,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,aAAa,CAAC,EAAE;gBAC3D,IAAI;oBACF,MAAM,GAAG,GAAG,MAAA,sBAAsB,CAAC,EAAE,CAAC,0CAAE,UAAU,CAAA;oBAClD,IAAI,GAAG;wBAAE,OAAO,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,EAAE,IAAA,eAAO,EAAC,SAAS,CAAC,CAAC,CAAA;iBAC3E;gBAAC,OAAO,CAAC,EAAE;oBACV,uBAAuB;iBACxB;aACF;;KACF;IAED;;;;;;;;OAQG;IACG,kBAAkB,CACtB,UAAkB,EAClB,aAA0D,EAC1D,cAA2D,EAC3D,qBAEI,EAAE;;;YAMN,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,MAAM,EAAE;gBAC7E,MAAM,IAAI,KAAK,CAAC,8CAA8C,CAAC,CAAA;aAChE;YACD,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,mBAAmB,EAAE,CAAA;YACpD,MAAM,mBAAmB,GAAG,MAAM,IAAI,CAAC,2BAA2B,EAAE,CAAA;YACpE,MAAM,kBAAkB,GAAG,MAAM,IAAI,CAAC,0BAA0B,EAAE,CAAA;YAClE,MAAM,oBAAoB,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,WAAW,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAA;YACjG,MAAM,4BAA4B,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,mBAAmB,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAA;YACjH,MAAM,2BAA2B,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,kBAAkB,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAA;YAC/G,MAAM,gBAAgB,GAAG;gBACvB,EAAE,EAAE,MAAA,kBAAkB,CAAC,EAAE,mCAAI,IAAI,CAAC,UAAU,CAAC,UAAU,EAAE;gBACzD,SAAS,EAAE,MAAM,IAAI,CAAC,YAAY,CAAC,qBAAqB,EAAE;gBAC1D,QAAQ,EAAE,UAAU;gBACpB,WAAW,EAAE,oBAAoB;gBACjC,mBAAmB,EAAE,4BAA4B;gBACjD,kBAAkB,EAAE,2BAA2B;aAChD,CAAA;YACD,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,qBAAqB,CACtD,MAAM,IAAI,CAAC,6BAA6B,CAAC;gBACvC,QAAQ,EAAE,gBAAgB,CAAC,QAAQ;gBACnC,SAAS,EAAE,gBAAgB,CAAC,SAAS;gBACrC,4BAA4B,EAAE,mBAAmB,CAAC,MAAM;gBACxD,oBAAoB,EAAE,WAAW,CAAC,GAAG;gBACrC,wBAAwB,EAAE,MAAM,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,GAAG,CAAC,yBAAiB,CAAC;aAC7E,CAAC,EACF,kBAAkB,CAAC,GAAG,CACvB,CAAA;YACD,MAAM,kBAAkB,GAAG,MAAM,IAAI,CAAC,yBAAyB,CAC7D,MAAM,IAAI,CAAC,gCAAgC,CAAC;gBAC1C,kBAAkB,EAAE,kBAAkB,CAAC,GAAG;aAC3C,CAAC,EACF,aAAa,CACd,CAAA;YACD,MAAM,YAAY,GAAG,IAAI,2BAAY,iCAAM,gBAAgB,KAAE,kBAAkB,EAAE,eAAe,IAAG,CAAA;YACnG,OAAO;gBACL,YAAY,EAAE,MAAM,IAAI,CAAC,GAAG,CAAC,kBAAkB,CAAC,YAAY,CAAC;gBAC7D,WAAW,EAAE,WAAW,CAAC,GAAG;gBAC5B,mBAAmB,EAAE,mBAAmB,CAAC,MAAM;aAChD,CAAA;;KACF;IAED;;;;;;;;;;OAUG;IACG,qBAAqB,CACzB,YAA0B,EAC1B,cAAsE,EACtE,iBAA8D;;YAS9D,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,qBAAqB,EAAE,CAAA;YACnE,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,YAAY,CAAC,WAAW,EAAE,cAAc,CAAC,CAAA;YACtF,MAAM,sBAAsB,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,YAAY,CAAC,mBAAmB,EAAE,cAAc,CAAC,CAAA;YACtG,MAAM,qBAAqB,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,YAAY,CAAC,kBAAkB,EAAE,cAAc,CAAC,CAAA;YACpG,IAAI,CAAC,cAAc,IAAI,CAAC,sBAAsB,IAAI,CAAC,qBAAqB;gBAAE,OAAO,SAAS,CAAA;YAC1F,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,IAAI,UAAU,CAAC,cAAc,CAAC,CAAC,CAAA;YAChF,MAAM,mBAAmB,GAAG,MAAM,IAAI,CAAC,yBAAyB,CAAC,IAAI,UAAU,CAAC,sBAAsB,CAAC,CAAC,CAAA;YACxG,MAAM,kBAAkB,GAAG,MAAM,IAAI,CAAC,wBAAwB,CAAC,IAAI,UAAU,CAAC,qBAAqB,CAAC,CAAC,CAAA;YACrG,MAAM,0BAA0B,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,WAAW,CAAC,CAAC,CAAA;YACjF,MAAM,kBAAkB,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,mBAAmB,CAAC,CAAC,CAAA;YACjF,MAAM,iCAAiC,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,kBAAkB,CAAC,CAAC,CAAA;YAC/F,MAAM,cAAc,GAAG,MAAM,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC,MAAM,CAC1D,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,kBAAkB,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,0BAA0B,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,iCAAiC,CAAC,GAAG,CAAC,EAAE,CAAC,CACzH,CAAA;YACD,IAAI,CAAC,cAAc,CAAC,MAAM;gBAAE,OAAO,EAAE,YAAY,EAAE,WAAW,EAAE,mBAAmB,EAAE,CAAA;YACrF,MAAM,+BAA+B,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,EAAE,EAAE,EAAE;gBACxE,GAAG,CAAC,EAAE,CAAC,GAAG,iBAAiB,CAAC,EAAE,CAAC,CAAA;gBAC/B,OAAO,GAAG,CAAA;YACZ,CAAC,EAAE,EAAiD,CAAC,CAAA;YACrD,MAAM,mBAAmB,GAAG,CAAC,CAAC,SAAS,CAAC,YAAY,CAAC,CAAA;YACrD,mBAAmB,CAAC,WAAW,mCAC1B,YAAY,CAAC,WAAW,GACxB,CAAC,MAAM,IAAI,CAAC,mBAAmB,CAAC,cAAc,EAAE,+BAA+B,CAAC,CAAC,CACrF,CAAA;YACD,mBAAmB,CAAC,mBAAmB,mCAClC,YAAY,CAAC,mBAAmB,GAChC,CAAC,MAAM,IAAI,CAAC,mBAAmB,CAAC,sBAAsB,EAAE,+BAA+B,CAAC,CAAC,CAC7F,CAAA;YACD,mBAAmB,CAAC,kBAAkB,mCACjC,YAAY,CAAC,kBAAkB,GAC/B,CAAC,MAAM,IAAI,CAAC,mBAAmB,CAAC,qBAAqB,EAAE,+BAA+B,CAAC,CAAC,CAC5F,CAAA;YACD,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,kBAAkB,CAC9C;gBACE,YAAY;gBACZ,4BAA4B,EAAE,mBAAmB;gBACjD,oBAAoB,EAAE,WAAW;gBACjC,2BAA2B,EAAE,kBAAkB;aAChD,EACD,GAAG,EAAE,CAAC,OAAO,CAAC,OAAO,CAAC,SAAS,CAAC,EAChC,KAAK,CACN,CAAA;YACD,IAAI,UAAU,EAAE;gBACd,mBAAmB,CAAC,eAAe,GAAG,MAAM,IAAI,CAAC,qBAAqB,CACpE,MAAM,IAAI,CAAC,6BAA6B,CAAC;oBACvC,QAAQ,EAAE,mBAAmB,CAAC,QAAQ;oBACtC,SAAS,EAAE,mBAAmB,CAAC,SAAS;oBACxC,4BAA4B,EAAE,mBAAmB;oBACjD,oBAAoB,EAAE,WAAW;oBACjC,wBAAwB,EAAE,MAAM,CAAC,IAAI,CAAC,mBAAmB,CAAC,WAAW,CAAC;iBACvE,CAAC,EACF,kBAAkB,CACnB,CAAA;aACF;YACD,OAAO,EAAE,YAAY,EAAE,MAAM,IAAI,CAAC,GAAG,CAAC,kBAAkB,CAAC,IAAI,2BAAY,CAAC,mBAAmB,CAAC,CAAC,EAAE,WAAW,EAAE,mBAAmB,EAAE,CAAA;QACrI,CAAC;KAAA;IAEa,6BAA6B,CAAC,IAM3C;;YACC,+GAA+G;YAC/G,wBAAwB;YACxB,MAAM,UAAU,GAAG;gBACjB,CAAC,WAAW,EAAE,IAAI,CAAC,SAAS,CAAC;gBAC7B,CAAC,UAAU,EAAE,IAAI,CAAC,QAAQ,CAAC;gBAC3B,CAAC,aAAa,EAAE,IAAA,cAAM,EAAC,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,SAAS,CAAC,IAAI,CAAC,oBAAoB,EAAE,KAAK,CAAC,CAAC,CAAC;gBAC9F,CAAC,qBAAqB,EAAE,IAAI,CAAC,4BAA4B,CAAC;gBAC1D,CAAC,wBAAwB,EAAE,IAAI,CAAC,wBAAwB,CAAC,IAAI,EAAE,CAAC;aACjE,CAAA;YACD,MAAM,QAAQ,GAAG,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,CAAA;YAC3C,OAAO,IAAA,gBAAQ,EAAC,QAAQ,CAAC,CAAA;QAC3B,CAAC;KAAA;IAEa,gCAAgC,CAAC,IAAuC;;YACpF,OAAO,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,MAAM,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC,CAAA;QAC9F,CAAC;KAAA;IAED,+BAA+B;IACjB,mBAAmB;;YAI/B,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC,CAAA;YACtD,OAAO;gBACL,GAAG,EAAE,MAAM,IAAI,CAAC,iBAAiB,CAAC,QAAQ,CAAC;gBAC3C,QAAQ;aACT,CAAA;QACH,CAAC;KAAA;IAEa,iBAAiB,CAAC,cAA2B;;YACzD,OAAO,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,SAAS,CAAC,KAAK,EAAE,cAAc,CAAC,CAAA;QACnE,CAAC;KAAA;IAEa,0BAA0B;;YAItC,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,WAAW,EAAE,CAAA;YACpD,OAAO,EAAE,GAAG,EAAE,QAAQ,EAAE,MAAM,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,EAAE,CAAA;QACrE,CAAC;KAAA;IAEa,wBAAwB,CAAC,cAA2B;;YAChE,OAAO,MAAM,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,cAAc,CAAC,CAAA;QAC7D,CAAC;KAAA;IAED,wCAAwC;IAC1B,2BAA2B;;YAIvC,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC,CAAA;YACtD,OAAO;gBACL,MAAM,EAAE,MAAM,IAAI,CAAC,yBAAyB,CAAC,QAAQ,CAAC;gBACtD,QAAQ;aACT,CAAA;QACH,CAAC;KAAA;IAEO,yBAAyB,CAAC,cAA2B;QAC3D,OAAO,OAAO,CAAC,OAAO,CAAC,IAAA,cAAM,EAAC,cAAc,CAAC,CAAC,CAAA;IAChD,CAAC;IAEa,mBAAmB,CAC/B,OAAoB,EACpB,IAAmD;;YAEnD,MAAM,GAAG,GAA+C,EAAE,CAAA;YAC1D,KAAK,MAAM,CAAC,EAAE,EAAE,GAAG,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE;gBAC5C,GAAG,CAAC,IAAA,uBAAe,EAAC,EAAE,CAAC,CAAC,CAAC,CAAC,IAAA,yBAAiB,EAAC,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,GAAG,IAAA,cAAM,EAAC,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,EAAE,IAAI,UAAU,CAAC,OAAO,CAAC,CAAC,CAAC,CAAA;aAChI;YACD,OAAO,GAAG,CAAA;QACZ,CAAC;KAAA;IAEa,yBAAyB,CACrC,OAAoB,EACpB,IAAiD;;YAEjD,MAAM,GAAG,GAA6C,EAAE,CAAA;YACxD,KAAK,MAAM,CAAC,EAAE,EAAE,GAAG,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE;gBAC5C,GAAG,CAAC,EAAE,CAAC,GAAG,IAAA,cAAM,EAAC,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,EAAE,IAAI,UAAU,CAAC,OAAO,CAAC,CAAC,CAAC,CAAA;aAC/E;YACD,OAAO,GAAG,CAAA;QACZ,CAAC;KAAA;IAEa,wBAAwB,CACpC,YAA0B,EAC1B,2BAAsC,EACtC,kBAAoF;;YAEpF,MAAM,sBAAsB,GAAG,MAAM,IAAI,CAAC,gCAAgC,CAAC;gBACzE,kBAAkB,EAAE,2BAA2B;aAChD,CAAC,CAAA;YACF,KAAK,MAAM,CAAC,EAAE,EAAE,SAAS,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,YAAY,CAAC,kBAAkB,CAAC,EAAE;gBAC7E,MAAM,eAAe,GAAG,MAAM,kBAAkB,CAAC,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAA;gBAC/D,IAAI,eAAe,IAAI,CAAC,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,eAAe,CAAC,eAAe,EAAE,IAAA,eAAO,EAAC,SAAS,CAAC,EAAE,sBAAsB,CAAC,CAAC;oBAAE,OAAO,IAAI,CAAA;aAC7I;YACD,OAAO,KAAK,CAAA;QACd,CAAC;KAAA;IAEa,qBAAqB,CAAC,OAAoB,EAAE,GAAc;;YACtE,OAAO,IAAA,cAAM,EAAC,MAAM,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,IAAI,UAAU,CAAC,OAAO,CAAC,CAAC,CAAC,CAAA;QAC9E,CAAC;KAAA;IAEa,uBAAuB,CAAC,OAAoB,EAAE,GAAc,EAAE,SAAiB;;YAC3F,OAAO,MAAM,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,MAAM,CAAC,GAAG,EAAE,IAAI,UAAU,CAAC,OAAO,CAAC,EAAE,IAAA,eAAO,EAAC,SAAS,CAAC,CAAC,CAAA;QAC5F,CAAC;KAAA;CACF;AAjdD,0DAidC","sourcesContent":["import { IccDataOwnerXApi } from '../icc-data-owner-x-api'\nimport { KeyPair } from './RSA'\nimport { ExchangeData } from '../../icc-api/model/internal/ExchangeData'\nimport { IccExchangeDataApi } from '../../icc-api/api/internal/IccExchangeDataApi'\nimport { XHR } from '../../icc-api/api/XHR'\nimport XHRError = XHR.XHRError\nimport { CryptoPrimitives } from './CryptoPrimitives'\nimport { b64_2ua, hex2ua, ua2b64, ua2hex, ua2utf8, utf8_2ua } from '../utils'\nimport * as _ from 'lodash'\nimport { fingerprintV1toV2, fingerprintIsV1 } from './utils'\n\n/**\n * @internal this class is intended for internal use only and may be modified without notice\n * Functions to create and get exchange data.\n * The methods of this api require to pass the appropriate keys for encryption/decryption manually.\n */\nexport class BaseExchangeDataManager {\n constructor(\n readonly api: IccExchangeDataApi,\n private readonly dataOwnerApi: IccDataOwnerXApi,\n private readonly primitives: CryptoPrimitives,\n private readonly selfRequiresAnonymousDelegations: boolean\n ) {}\n\n /**\n * Get all the exchange data where the current data owner is the delegator or the delegate. However, some data owners, generally HCPs, may have a\n * prohibitively high amount of exchange data. If the crypto strategies specify that the current data owner requires anonymous delegation this\n * method returns all the exchange data found for the data owner, else the method returns undefined.\n * @return all the exchange data for the current data owner or undefined if the crypto strategies don't allow to retrieve all data for the current\n * data owner.\n */\n async getAllExchangeDataForCurrentDataOwnerIfAllowed(): Promise<ExchangeData[] | undefined> {\n if (!this.selfRequiresAnonymousDelegations) return undefined\n const dataOwnerId = await this.dataOwnerApi.getCurrentDataOwnerId()\n let latestResult = await this.api.getExchangeDataByParticipant(dataOwnerId, undefined, 1000)\n const allRetrieved = latestResult.rows ?? []\n while (latestResult.nextKeyPair?.startKeyDocId) {\n latestResult = await this.api.getExchangeDataByParticipant(dataOwnerId, latestResult.nextKeyPair.startKeyDocId, 1000)\n if (latestResult.rows) allRetrieved.push(...latestResult.rows)\n }\n return allRetrieved\n }\n\n /**\n * Get all exchange data for the provided delegator-delegate pair.\n * @param delegatorId id of a delegator data owner.\n * @param delegateId id of a delegate data owner.\n * @return all exchange data for the provided delegator-delegate pair.\n */\n async getExchangeDataByDelegatorDelegatePair(delegatorId: string, delegateId: string): Promise<ExchangeData[]> {\n return await this.api.getExchangeDataByDelegatorDelegate(delegatorId, delegateId)\n }\n\n /**\n * Get the exchange data with the provided id.\n * @param exchangeDataId id of the exchange data.\n * @return the exchange data with the provided id or undefined if no exchange data with such id could be found.\n */\n async getExchangeDataById(exchangeDataId: string): Promise<ExchangeData | undefined> {\n return await this.api.getExchangeDataById(exchangeDataId).catch((e) => {\n if (e instanceof XHRError && e.statusCode === 404) {\n return undefined\n } else throw e\n })\n }\n\n /**\n * Verifies the authenticity of the exchange data by checking the signature.\n * Note that all exchange data created by data owners other than the current data owner (including members of his hierarchy)\n * will always be unverified.\n * @param data collects the following information about the exchange data being verified:\n * - exchangeData the exchange data to verify.\n * - decryptedAccessControlSecret the access control secret decrypted from the exchange data.\n * - decryptedExchangeKey the exchange key decrypted from the exchange data.\n * - decryptedSharedSignatureKey the shared signature key decrypted from the exchange data.\n * @param getVerificationKey function to retrieve keys to use for verification by fingerprint.\n * @param verifyAsDelegator if true the method will also verify that the hmac key used for the signature was created by the delegator of the\n * exchange data. If true and the data was not created by the current data owner this method will return false.\n * @return the exchange data which could be verified given his signature and the available verification keys.\n * @throws if any of the provided exchange data has been created by a data owner other than the current data owner.\n */\n async verifyExchangeData(\n data: {\n exchangeData: ExchangeData\n decryptedAccessControlSecret: string\n decryptedExchangeKey: CryptoKey\n decryptedSharedSignatureKey: CryptoKey\n },\n getVerificationKey: (publicKeyFingerprint: string) => Promise<CryptoKey | undefined>,\n verifyAsDelegator: boolean\n ): Promise<boolean> {\n if (verifyAsDelegator && data.exchangeData.delegator !== (await this.dataOwnerApi.getCurrentDataOwnerId())) return false\n if (verifyAsDelegator && !(await this.verifyDelegatorSignature(data.exchangeData, data.decryptedSharedSignatureKey, getVerificationKey)))\n return false\n const sharedSignatureData = await this.bytesToSignForSharedSignature({\n decryptedAccessControlSecret: data.decryptedAccessControlSecret,\n decryptedExchangeKey: data.decryptedExchangeKey,\n delegator: data.exchangeData.delegator,\n delegate: data.exchangeData.delegate,\n publicKeysFingerprintsV2: [\n ...new Set([\n ...Object.keys(data.exchangeData.exchangeKey),\n ...Object.keys(data.exchangeData.accessControlSecret),\n ...Object.keys(data.exchangeData.sharedSignatureKey),\n ]),\n ],\n })\n return await this.verifyDataWithSharedKey(sharedSignatureData, data.decryptedSharedSignatureKey, data.exchangeData.sharedSignature)\n }\n\n /**\n * Extracts and decrypts the access control secret from the provided exchange data.\n * These need to be hashed together with the entity class and confidentiality level in order to get the actual access control key\n * which will be sent to the server.\n * @param exchangeData the exchange data from which to extract access control secrets.\n * @param decryptionKeys rsa key pairs to use for decryption of the access control secret.\n * @return an object composed of:\n * - successfulDecryptions: array of all successfully decrypted access control keys\n * - failedDecryptions: array containing all exchange data for which the access control key could not be decrypted (using the provided keys).\n */\n async tryDecryptAccessControlSecret(\n exchangeData: ExchangeData[],\n decryptionKeys: { [publicKeyFingerprint: string]: KeyPair<CryptoKey> }\n ): Promise<{\n successfulDecryptions: string[]\n failedDecryptions: ExchangeData[]\n }> {\n return await this.tryDecryptExchangeData(\n exchangeData,\n decryptionKeys,\n (ed) => ed.accessControlSecret,\n (d) => this.importAccessControlSecret(new Uint8Array(d))\n )\n }\n\n /**\n * Extract and decrypts the exchange keys from the provided exchange data.\n * @param exchangeData the exchange data from which to extract exchange keys.\n * @param decryptionKeys rsa key pairs to use for the decryption of the exchange keys.\n * @return an object composed of:\n * - successfulDecryptions: array containing the successfully decrypted exchange keys.\n * - failedDecryptions: array containing all exchange data for which the access control key could not be decrypted (using the provided keys).\n */\n async tryDecryptExchangeKeys(\n exchangeData: ExchangeData[],\n decryptionKeys: { [publicKeyFingerprint: string]: KeyPair<CryptoKey> }\n ): Promise<{\n successfulDecryptions: CryptoKey[]\n failedDecryptions: ExchangeData[]\n }> {\n return await this.tryDecryptExchangeData(\n exchangeData,\n decryptionKeys,\n (ed) => ed.exchangeKey,\n (d) => this.importExchangeKey(new Uint8Array(d))\n )\n }\n\n /**\n * Extract and decrypts the shared signature key from the provided exchange data.\n * @param exchangeData the exchange data from which to extract exchange keys.\n * @param decryptionKeys rsa key pairs to use for the decryption of the exchange keys.\n * @return an object composed of:\n * - successfulDecryptions: array containing the successfully decrypted exchange keys.\n * - failedDecryptions: array containing all exchange data for which the access control key could not be decrypted (using the provided keys).\n */\n async tryDecryptSharedSignatureKeys(\n exchangeData: ExchangeData[],\n decryptionKeys: { [publicKeyFingerprint: string]: KeyPair<CryptoKey> }\n ): Promise<{\n successfulDecryptions: CryptoKey[]\n failedDecryptions: ExchangeData[]\n }> {\n return await this.tryDecryptExchangeData(\n exchangeData,\n decryptionKeys,\n (ed) => ed.sharedSignatureKey,\n (d) => this.importSharedSignatureKey(new Uint8Array(d))\n )\n }\n\n private async tryDecryptExchangeData<T>(\n exchangeData: ExchangeData[],\n decryptionKeys: { [publicKeyFingerprint: string]: KeyPair<CryptoKey> },\n encryptedDataSelector: (data: ExchangeData) => { [keyPairFingerprint: string]: string },\n unmarshalDecrypted: (decrypted: ArrayBuffer) => Promise<T>\n ): Promise<{\n successfulDecryptions: T[]\n failedDecryptions: ExchangeData[]\n }> {\n const successfulDecryptions: T[] = []\n const failedDecryptions: ExchangeData[] = []\n for (const ed of exchangeData) {\n try {\n const decrypted = await this.tryDecrypt(encryptedDataSelector(ed), decryptionKeys)\n if (decrypted) {\n successfulDecryptions.push(await unmarshalDecrypted(decrypted))\n } else {\n failedDecryptions.push(ed)\n }\n } catch (e) {\n failedDecryptions.push(ed)\n }\n }\n return { successfulDecryptions, failedDecryptions }\n }\n\n private async tryDecrypt(\n encryptedData: { [keyPairFingerprintV2: string]: string },\n decryptionKeys: { [publicKeyFingerprintV1: string]: KeyPair<CryptoKey> }\n ): Promise<ArrayBuffer | undefined> {\n const decryptionKeysWithV2Fp = Object.keys(decryptionKeys).reduce((prev, fp) => {\n return {\n ...prev,\n [fingerprintIsV1(fp) ? fingerprintV1toV2(fp) : fp]: decryptionKeys[fp],\n }\n }, {} as { [publicKeyFingerprint: string]: KeyPair<CryptoKey> })\n for (const [fp, encrypted] of Object.entries(encryptedData)) {\n try {\n const key = decryptionKeysWithV2Fp[fp]?.privateKey\n if (key) return await this.primitives.RSA.decrypt(key, b64_2ua(encrypted))\n } catch (e) {\n // Try with another key\n }\n }\n }\n\n /**\n * Creates exchange data from the current data owner to the provided delegate, uploading the newly created exchange data to the cloud.\n * This assumes that the keys have been verified.\n * @param delegateId id of the delegate for the new exchange data.\n * @param signatureKeys private keys to use for signing the created data.\n * @param encryptionKeys public keys to use for the encryption of the exchange data (from delegator and delegate).\n * @param optionalAttributes optional precalculated attributes for the creation of data\n * @return the newly created exchange data, and its decrypted exchange key and access control secret.\n */\n async createExchangeData(\n delegateId: string,\n signatureKeys: { [keyPairFingerprint: string]: CryptoKey },\n encryptionKeys: { [keyPairFingerprint: string]: CryptoKey },\n optionalAttributes: {\n id?: string\n } = {}\n ): Promise<{\n exchangeData: ExchangeData\n exchangeKey: CryptoKey\n accessControlSecret: string\n }> {\n if (!Object.keys(signatureKeys).length || !Object.keys(encryptionKeys).length) {\n throw new Error('Must specify at least one signature key and ')\n }\n const exchangeKey = await this.generateExchangeKey()\n const accessControlSecret = await this.generateAccessControlSecret()\n const sharedSignatureKey = await this.generateSharedSignatureKey()\n const encryptedExchangeKey = await this.encryptDataWithKeys(exchangeKey.rawBytes, encryptionKeys)\n const encryptedAccessControlSecret = await this.encryptDataWithKeys(accessControlSecret.rawBytes, encryptionKeys)\n const encryptedSharedSignatureKey = await this.encryptDataWithKeys(sharedSignatureKey.rawBytes, encryptionKeys)\n const baseExchangeData = {\n id: optionalAttributes.id ?? this.primitives.randomUuid(),\n delegator: await this.dataOwnerApi.getCurrentDataOwnerId(),\n delegate: delegateId,\n exchangeKey: encryptedExchangeKey,\n accessControlSecret: encryptedAccessControlSecret,\n sharedSignatureKey: encryptedSharedSignatureKey,\n }\n const sharedSignature = await this.signDataWithSharedKey(\n await this.bytesToSignForSharedSignature({\n delegate: baseExchangeData.delegate,\n delegator: baseExchangeData.delegator,\n decryptedAccessControlSecret: accessControlSecret.secret,\n decryptedExchangeKey: exchangeKey.key,\n publicKeysFingerprintsV2: Object.keys(encryptionKeys).map(fingerprintV1toV2),\n }),\n sharedSignatureKey.key\n )\n const delegatorSignature = await this.signDataWithDelegatorKeys(\n await this.bytesToSignForDelegatorSignature({\n sharedSignatureKey: sharedSignatureKey.key,\n }),\n signatureKeys\n )\n const exchangeData = new ExchangeData({ ...baseExchangeData, delegatorSignature, sharedSignature })\n return {\n exchangeData: await this.api.createExchangeData(exchangeData),\n exchangeKey: exchangeKey.key,\n accessControlSecret: accessControlSecret.secret,\n }\n }\n\n /**\n * Updates existing exchange data and uploads it to the cloud in order to share it also with additional public keys, useful for example in cases\n * where one of the data owners involved in the exchange data has lost one of his keys.\n * If the content of the exchange data could not be decrypted using the provided keys the method will not update anything and will return undefined.\n * This method assumes that the new encryption keys have been verified.\n * @param exchangeData exchange data to update.\n * @param decryptionKeys keys to use to extract the content of the exchange data which will be shared with the new keys.\n * @param newEncryptionKeys new keys to add to the exchange data.\n * @return the updated exchange data, and its decrypted exchange key and access control secret, or undefined if the exchange data content could not\n * be decrypted and the exchange data could not be updated.\n */\n async tryUpdateExchangeData(\n exchangeData: ExchangeData,\n decryptionKeys: { [publicKeyFingerprint: string]: KeyPair<CryptoKey> },\n newEncryptionKeys: { [keyPairFingerprint: string]: CryptoKey }\n ): Promise<\n | {\n exchangeData: ExchangeData\n exchangeKey: CryptoKey\n accessControlSecret: string\n }\n | undefined\n > {\n const dataOwnerId = await this.dataOwnerApi.getCurrentDataOwnerId()\n const rawExchangeKey = await this.tryDecrypt(exchangeData.exchangeKey, decryptionKeys)\n const rawAccessControlSecret = await this.tryDecrypt(exchangeData.accessControlSecret, decryptionKeys)\n const rawSharedSignatureKey = await this.tryDecrypt(exchangeData.sharedSignatureKey, decryptionKeys)\n if (!rawExchangeKey || !rawAccessControlSecret || !rawSharedSignatureKey) return undefined\n const exchangeKey = await this.importExchangeKey(new Uint8Array(rawExchangeKey))\n const accessControlSecret = await this.importAccessControlSecret(new Uint8Array(rawAccessControlSecret))\n const sharedSignatureKey = await this.importSharedSignatureKey(new Uint8Array(rawSharedSignatureKey))\n const existingExchangeKeyEntries = new Set(Object.keys(exchangeData.exchangeKey))\n const existingAcsEntries = new Set(Object.keys(exchangeData.accessControlSecret))\n const existingSharedSignatureKeyEntries = new Set(Object.keys(exchangeData.sharedSignatureKey))\n const missingEntries = Object.keys(newEncryptionKeys).filter(\n (fp) => !existingAcsEntries.has(fp) || !existingExchangeKeyEntries.has(fp) || !existingSharedSignatureKeyEntries.has(fp)\n )\n if (!missingEntries.length) return { exchangeData, exchangeKey, accessControlSecret }\n const encryptionKeysForMissingEntries = missingEntries.reduce((obj, fp) => {\n obj[fp] = newEncryptionKeys[fp]\n return obj\n }, {} as { [keyPairFingerprint: string]: CryptoKey })\n const updatedExchangeData = _.cloneDeep(exchangeData)\n updatedExchangeData.exchangeKey = {\n ...exchangeData.exchangeKey,\n ...(await this.encryptDataWithKeys(rawExchangeKey, encryptionKeysForMissingEntries)),\n }\n updatedExchangeData.accessControlSecret = {\n ...exchangeData.accessControlSecret,\n ...(await this.encryptDataWithKeys(rawAccessControlSecret, encryptionKeysForMissingEntries)),\n }\n updatedExchangeData.sharedSignatureKey = {\n ...exchangeData.sharedSignatureKey,\n ...(await this.encryptDataWithKeys(rawSharedSignatureKey, encryptionKeysForMissingEntries)),\n }\n const isVerified = await this.verifyExchangeData(\n {\n exchangeData,\n decryptedAccessControlSecret: accessControlSecret,\n decryptedExchangeKey: exchangeKey,\n decryptedSharedSignatureKey: sharedSignatureKey,\n },\n () => Promise.resolve(undefined),\n false\n )\n if (isVerified) {\n updatedExchangeData.sharedSignature = await this.signDataWithSharedKey(\n await this.bytesToSignForSharedSignature({\n delegate: updatedExchangeData.delegate,\n delegator: updatedExchangeData.delegator,\n decryptedAccessControlSecret: accessControlSecret,\n decryptedExchangeKey: exchangeKey,\n publicKeysFingerprintsV2: Object.keys(updatedExchangeData.exchangeKey),\n }),\n sharedSignatureKey\n )\n }\n return { exchangeData: await this.api.modifyExchangeData(new ExchangeData(updatedExchangeData)), exchangeKey, accessControlSecret }\n }\n\n private async bytesToSignForSharedSignature(data: {\n delegator: string\n delegate: string\n decryptedAccessControlSecret: string\n decryptedExchangeKey: CryptoKey\n publicKeysFingerprintsV2: string[]\n }): Promise<ArrayBuffer> {\n // Use array of array to ensure that order is preserved regardless of how the specific js implementation orders\n // the keys of an object\n const signObject = [\n ['delegator', data.delegator],\n ['delegate', data.delegate],\n ['exchangeKey', ua2hex(await this.primitives.AES.exportKey(data.decryptedExchangeKey, 'raw'))],\n ['accessControlSecret', data.decryptedAccessControlSecret],\n ['publicKeysFingerprints', data.publicKeysFingerprintsV2.sort()],\n ]\n const signJson = JSON.stringify(signObject)\n return utf8_2ua(signJson)\n }\n\n private async bytesToSignForDelegatorSignature(data: { sharedSignatureKey: CryptoKey }): Promise<ArrayBuffer> {\n return this.primitives.sha256(await this.primitives.HMAC.exportKey(data.sharedSignatureKey))\n }\n\n // Generates a new exchange key\n private async generateExchangeKey(): Promise<{\n key: CryptoKey // the imported key\n rawBytes: ArrayBuffer // the bytes to encrypt for in the exchange data\n }> {\n const rawBytes = await this.primitives.randomBytes(32)\n return {\n key: await this.importExchangeKey(rawBytes),\n rawBytes,\n }\n }\n\n private async importExchangeKey(decryptedBytes: ArrayBuffer): Promise<CryptoKey> {\n return await this.primitives.AES.importKey('raw', decryptedBytes)\n }\n\n private async generateSharedSignatureKey(): Promise<{\n key: CryptoKey // the imported key\n rawBytes: ArrayBuffer // the bytes to encrypt for in the exchange data\n }> {\n const key = await this.primitives.HMAC.generateKey()\n return { key, rawBytes: await this.primitives.HMAC.exportKey(key) }\n }\n\n private async importSharedSignatureKey(decryptedBytes: ArrayBuffer): Promise<CryptoKey> {\n return await this.primitives.HMAC.importKey(decryptedBytes)\n }\n\n // Generates a new access control secret\n private async generateAccessControlSecret(): Promise<{\n secret: string // the imported secret\n rawBytes: ArrayBuffer // the bytes to encrypt for in the exchange data\n }> {\n const rawBytes = await this.primitives.randomBytes(16)\n return {\n secret: await this.importAccessControlSecret(rawBytes),\n rawBytes,\n }\n }\n\n private importAccessControlSecret(decryptedBytes: ArrayBuffer): Promise<string> {\n return Promise.resolve(ua2hex(decryptedBytes))\n }\n\n private async encryptDataWithKeys(\n rawData: ArrayBuffer,\n keys: { [keyPairFingerprintV1: string]: CryptoKey }\n ): Promise<{ [keyPairFingerprintV2: string]: string }> {\n const res: { [keyPairFingerprintV2: string]: string } = {}\n for (const [fp, key] of Object.entries(keys)) {\n res[fingerprintIsV1(fp) ? fingerprintV1toV2(fp) : fp] = ua2b64(await this.primitives.RSA.encrypt(key, new Uint8Array(rawData)))\n }\n return res\n }\n\n private async signDataWithDelegatorKeys(\n rawData: ArrayBuffer,\n keys: { [keyPairFingerprint: string]: CryptoKey }\n ): Promise<{ [keyPairFingerprint: string]: string }> {\n const res: { [keyPairFingerprint: string]: string } = {}\n for (const [fp, key] of Object.entries(keys)) {\n res[fp] = ua2b64(await this.primitives.RSA.sign(key, new Uint8Array(rawData)))\n }\n return res\n }\n\n private async verifyDelegatorSignature(\n exchangeData: ExchangeData,\n decryptedSharedSignatureKey: CryptoKey,\n getVerificationKey: (publicKeyFingerprint: string) => Promise<CryptoKey | undefined>\n ): Promise<Boolean> {\n const delegatorSignatureData = await this.bytesToSignForDelegatorSignature({\n sharedSignatureKey: decryptedSharedSignatureKey,\n })\n for (const [fp, signature] of Object.entries(exchangeData.delegatorSignature)) {\n const verificationKey = await getVerificationKey(fp.slice(-32))\n if (verificationKey && (await this.primitives.RSA.verifySignature(verificationKey, b64_2ua(signature), delegatorSignatureData))) return true\n }\n return false\n }\n\n private async signDataWithSharedKey(rawData: ArrayBuffer, key: CryptoKey): Promise<string> {\n return ua2b64(await this.primitives.HMAC.sign(key, new Uint8Array(rawData)))\n }\n\n private async verifyDataWithSharedKey(rawData: ArrayBuffer, key: CryptoKey, signature: string): Promise<boolean> {\n return await this.primitives.HMAC.verify(key, new Uint8Array(rawData), b64_2ua(signature))\n }\n}\n"]}
@@ -1,6 +1,7 @@
1
1
  import { RSAUtils } from './RSA';
2
2
  import { AESUtils } from './AES';
3
3
  import { ShamirClass } from './shamir';
4
+ import { HMACUtils } from './HMACUtils';
4
5
  /**
5
6
  * Gives access to cryptographic primitives.
6
7
  */
@@ -9,10 +10,12 @@ export declare class CryptoPrimitives {
9
10
  private readonly _aes;
10
11
  private readonly _shamir;
11
12
  private readonly _crypto;
13
+ private readonly _hmac;
12
14
  get crypto(): Crypto;
13
15
  get shamir(): ShamirClass;
14
16
  get RSA(): RSAUtils;
15
17
  get AES(): AESUtils;
18
+ get HMAC(): HMACUtils;
16
19
  constructor(crypto?: Crypto);
17
20
  /**
18
21
  * Generates a UUID using a cryptographically secure random number generator.
@@ -4,6 +4,7 @@ exports.CryptoPrimitives = void 0;
4
4
  const RSA_1 = require("./RSA");
5
5
  const AES_1 = require("./AES");
6
6
  const shamir_1 = require("./shamir");
7
+ const HMACUtils_1 = require("./HMACUtils");
7
8
  /**
8
9
  * Gives access to cryptographic primitives.
9
10
  */
@@ -20,11 +21,15 @@ class CryptoPrimitives {
20
21
  get AES() {
21
22
  return this._aes;
22
23
  }
24
+ get HMAC() {
25
+ return this._hmac;
26
+ }
23
27
  constructor(crypto = typeof window !== 'undefined' ? window.crypto : typeof self !== 'undefined' ? self.crypto : {}) {
24
28
  this._crypto = crypto;
25
29
  this._rsa = new RSA_1.RSAUtils(crypto);
26
30
  this._aes = new AES_1.AESUtils(crypto);
27
31
  this._shamir = new shamir_1.ShamirClass(crypto);
32
+ this._hmac = new HMACUtils_1.HMACUtils(crypto);
28
33
  }
29
34
  /**
30
35
  * Generates a UUID using a cryptographically secure random number generator.
@@ -1 +1 @@
1
- {"version":3,"file":"CryptoPrimitives.js","sourceRoot":"","sources":["../../../icc-x-api/crypto/CryptoPrimitives.ts"],"names":[],"mappings":";;;AAAA,+BAAgC;AAChC,+BAAgC;AAChC,qCAAsC;AAEtC;;GAEG;AACH,MAAa,gBAAgB;IAM3B,IAAI,MAAM;QACR,OAAO,IAAI,CAAC,OAAO,CAAA;IACrB,CAAC;IAED,IAAI,MAAM;QACR,OAAO,IAAI,CAAC,OAAO,CAAA;IACrB,CAAC;IAED,IAAI,GAAG;QACL,OAAO,IAAI,CAAC,IAAI,CAAA;IAClB,CAAC;IAED,IAAI,GAAG;QACL,OAAO,IAAI,CAAC,IAAI,CAAA;IAClB,CAAC;IAED,YAAY,SAAiB,OAAO,MAAM,KAAK,WAAW,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO,IAAI,KAAK,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAE,EAAa;QACrI,IAAI,CAAC,OAAO,GAAG,MAAM,CAAA;QACrB,IAAI,CAAC,IAAI,GAAG,IAAI,cAAQ,CAAC,MAAM,CAAC,CAAA;QAChC,IAAI,CAAC,IAAI,GAAG,IAAI,cAAQ,CAAC,MAAM,CAAC,CAAA;QAChC,IAAI,CAAC,OAAO,GAAG,IAAI,oBAAW,CAAC,MAAM,CAAC,CAAA;IACxC,CAAC;IAED;;OAEG;IACH,UAAU;QACR,OAAO,CAAC,CAAC,GAAG,CAAC,CAAC,QAAQ,EAAE,GAAG,CAAC,GAAG,GAAG,CAAC,GAAG,GAAG,CAAC,GAAG,GAAG,CAAC,IAAI,CAAC,CAAC,OAAO,CAC5D,QAAQ;QACR,+CAA+C;QAC/C,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,CAAE,IAAI,CAAC,MAAM,CAAC,eAAe,CAAC,IAAI,UAAU,CAAC,CAAC,CAAC,CAAiB,CAAC,CAAC,CAAC,GAAG,CAAC,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CACjI,CAAA;IACH,CAAC;IAED;;;OAGG;IACH,MAAM,CAAC,IAA8B;QACnC,OAAO,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,IAAI,CAAC,CAAA;IACnD,CAAC;IAED;;;OAGG;IACH,WAAW,CAAC,CAAS;QACnB,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,CAAC,CAAC,CAAA;QAC7B,IAAI,CAAC,MAAM,CAAC,eAAe,CAAC,GAAG,CAAC,CAAA;QAChC,OAAO,GAAG,CAAA;IACZ,CAAC;CACF;AAzDD,4CAyDC","sourcesContent":["import { RSAUtils } from './RSA'\nimport { AESUtils } from './AES'\nimport { ShamirClass } from './shamir'\n\n/**\n * Gives access to cryptographic primitives.\n */\nexport class CryptoPrimitives {\n private readonly _rsa: RSAUtils\n private readonly _aes: AESUtils\n private readonly _shamir: ShamirClass\n private readonly _crypto: Crypto\n\n get crypto(): Crypto {\n return this._crypto\n }\n\n get shamir(): ShamirClass {\n return this._shamir\n }\n\n get RSA(): RSAUtils {\n return this._rsa\n }\n\n get AES(): AESUtils {\n return this._aes\n }\n\n constructor(crypto: Crypto = typeof window !== 'undefined' ? window.crypto : typeof self !== 'undefined' ? self.crypto : ({} as Crypto)) {\n this._crypto = crypto\n this._rsa = new RSAUtils(crypto)\n this._aes = new AESUtils(crypto)\n this._shamir = new ShamirClass(crypto)\n }\n\n /**\n * Generates a UUID using a cryptographically secure random number generator.\n */\n randomUuid() {\n return ((1e7).toString() + -1e3 + -4e3 + -8e3 + -1e11).replace(\n /[018]/g,\n //Keep next inlined or you will lose the random\n (c) => (Number(c) ^ ((this.crypto.getRandomValues(new Uint8Array(1))! as Uint8Array)[0] & (15 >> (Number(c) / 4)))).toString(16)\n )\n }\n\n /**\n * @param data some data\n * @return the sha256 hash of {@link data}\n */\n sha256(data: ArrayBuffer | Uint8Array): Promise<ArrayBuffer> {\n return this.crypto.subtle.digest('SHA-256', data)\n }\n\n /**\n * @param n how many bytes to generate\n * @return an array with n random bytes\n */\n randomBytes(n: number): Uint8Array {\n const res = new Uint8Array(n)\n this.crypto.getRandomValues(res)\n return res\n }\n}\n"]}
1
+ {"version":3,"file":"CryptoPrimitives.js","sourceRoot":"","sources":["../../../icc-x-api/crypto/CryptoPrimitives.ts"],"names":[],"mappings":";;;AAAA,+BAAgC;AAChC,+BAAgC;AAChC,qCAAsC;AACtC,2CAAuC;AAEvC;;GAEG;AACH,MAAa,gBAAgB;IAO3B,IAAI,MAAM;QACR,OAAO,IAAI,CAAC,OAAO,CAAA;IACrB,CAAC;IAED,IAAI,MAAM;QACR,OAAO,IAAI,CAAC,OAAO,CAAA;IACrB,CAAC;IAED,IAAI,GAAG;QACL,OAAO,IAAI,CAAC,IAAI,CAAA;IAClB,CAAC;IAED,IAAI,GAAG;QACL,OAAO,IAAI,CAAC,IAAI,CAAA;IAClB,CAAC;IAED,IAAI,IAAI;QACN,OAAO,IAAI,CAAC,KAAK,CAAA;IACnB,CAAC;IAED,YAAY,SAAiB,OAAO,MAAM,KAAK,WAAW,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO,IAAI,KAAK,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAE,EAAa;QACrI,IAAI,CAAC,OAAO,GAAG,MAAM,CAAA;QACrB,IAAI,CAAC,IAAI,GAAG,IAAI,cAAQ,CAAC,MAAM,CAAC,CAAA;QAChC,IAAI,CAAC,IAAI,GAAG,IAAI,cAAQ,CAAC,MAAM,CAAC,CAAA;QAChC,IAAI,CAAC,OAAO,GAAG,IAAI,oBAAW,CAAC,MAAM,CAAC,CAAA;QACtC,IAAI,CAAC,KAAK,GAAG,IAAI,qBAAS,CAAC,MAAM,CAAC,CAAA;IACpC,CAAC;IAED;;OAEG;IACH,UAAU;QACR,OAAO,CAAC,CAAC,GAAG,CAAC,CAAC,QAAQ,EAAE,GAAG,CAAC,GAAG,GAAG,CAAC,GAAG,GAAG,CAAC,GAAG,GAAG,CAAC,IAAI,CAAC,CAAC,OAAO,CAC5D,QAAQ;QACR,+CAA+C;QAC/C,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,CAAE,IAAI,CAAC,MAAM,CAAC,eAAe,CAAC,IAAI,UAAU,CAAC,CAAC,CAAC,CAAiB,CAAC,CAAC,CAAC,GAAG,CAAC,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CACjI,CAAA;IACH,CAAC;IAED;;;OAGG;IACH,MAAM,CAAC,IAA8B;QACnC,OAAO,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,IAAI,CAAC,CAAA;IACnD,CAAC;IAED;;;OAGG;IACH,WAAW,CAAC,CAAS;QACnB,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,CAAC,CAAC,CAAA;QAC7B,IAAI,CAAC,MAAM,CAAC,eAAe,CAAC,GAAG,CAAC,CAAA;QAChC,OAAO,GAAG,CAAA;IACZ,CAAC;CACF;AA/DD,4CA+DC","sourcesContent":["import { RSAUtils } from './RSA'\nimport { AESUtils } from './AES'\nimport { ShamirClass } from './shamir'\nimport { HMACUtils } from './HMACUtils'\n\n/**\n * Gives access to cryptographic primitives.\n */\nexport class CryptoPrimitives {\n private readonly _rsa: RSAUtils\n private readonly _aes: AESUtils\n private readonly _shamir: ShamirClass\n private readonly _crypto: Crypto\n private readonly _hmac: HMACUtils\n\n get crypto(): Crypto {\n return this._crypto\n }\n\n get shamir(): ShamirClass {\n return this._shamir\n }\n\n get RSA(): RSAUtils {\n return this._rsa\n }\n\n get AES(): AESUtils {\n return this._aes\n }\n\n get HMAC(): HMACUtils {\n return this._hmac\n }\n\n constructor(crypto: Crypto = typeof window !== 'undefined' ? window.crypto : typeof self !== 'undefined' ? self.crypto : ({} as Crypto)) {\n this._crypto = crypto\n this._rsa = new RSAUtils(crypto)\n this._aes = new AESUtils(crypto)\n this._shamir = new ShamirClass(crypto)\n this._hmac = new HMACUtils(crypto)\n }\n\n /**\n * Generates a UUID using a cryptographically secure random number generator.\n */\n randomUuid() {\n return ((1e7).toString() + -1e3 + -4e3 + -8e3 + -1e11).replace(\n /[018]/g,\n //Keep next inlined or you will lose the random\n (c) => (Number(c) ^ ((this.crypto.getRandomValues(new Uint8Array(1))! as Uint8Array)[0] & (15 >> (Number(c) / 4)))).toString(16)\n )\n }\n\n /**\n * @param data some data\n * @return the sha256 hash of {@link data}\n */\n sha256(data: ArrayBuffer | Uint8Array): Promise<ArrayBuffer> {\n return this.crypto.subtle.digest('SHA-256', data)\n }\n\n /**\n * @param n how many bytes to generate\n * @return an array with n random bytes\n */\n randomBytes(n: number): Uint8Array {\n const res = new Uint8Array(n)\n this.crypto.getRandomValues(res)\n return res\n }\n}\n"]}
@@ -17,7 +17,7 @@ const ShareMetadataBehaviour_1 = require("./ShareMetadataBehaviour");
17
17
  const EntityShareRequest_1 = require("../../icc-api/model/requests/EntityShareRequest");
18
18
  var RequestedPermissionEnum = EntityShareRequest_1.EntityShareRequest.RequestedPermissionEnum;
19
19
  const utils_1 = require("../utils");
20
- const IccSecureDelegationKeyMapApi_1 = require("../../icc-api/api/IccSecureDelegationKeyMapApi");
20
+ const IccSecureDelegationKeyMapApi_1 = require("../../icc-api/api/internal/IccSecureDelegationKeyMapApi");
21
21
  const XHR_1 = require("../../icc-api/api/XHR");
22
22
  const AuthenticationProvider_1 = require("../auth/AuthenticationProvider");
23
23
  const AccessControlKeysHeadersProvider_1 = require("./AccessControlKeysHeadersProvider");
@@ -1 +1 @@
1
- {"version":3,"file":"DelegationsDeAnonymization.js","sourceRoot":"","sources":["../../../icc-x-api/crypto/DelegationsDeAnonymization.ts"],"names":[],"mappings":";;;;;;;;;;;;AACA,2EAAuE;AACvE,IAAO,eAAe,GAAG,mCAAgB,CAAC,eAAe,CAAA;AAEzD,gGAA4F;AAE5F,qEAAiE;AACjE,wFAAoF;AACpF,IAAO,uBAAuB,GAAG,uCAAkB,CAAC,uBAAuB,CAAA;AAE3E,oCAAwE;AACxE,iGAA6F;AAC7F,+CAA2C;AAC3C,2EAAiG;AACjG,yFAAiH;AAIjH,6CAA6C;AAC7C,MAAa,0BAA0B;IAIrC,YACmB,YAA8B,EAC9B,kCAA8E,EAC9E,KAAwB,EACxB,gBAAkC,EAClC,wBAAkD,EACnE,IAAY,EACZ,OAAkC,EAClC,yBAAiD,IAAI,iDAAwB,EAAE,EAC/E,YAA2E,OAAO,MAAM,KAAK,WAAW;QACtG,CAAC,CAAC,MAAM,CAAC,KAAK;QACd,CAAC,CAAC,OAAO,IAAI,KAAK,WAAW;YAC7B,CAAC,CAAC,IAAI,CAAC,KAAK;YACZ,CAAC,CAAC,KAAK,EACQ,gCAAkE;QAblE,iBAAY,GAAZ,YAAY,CAAkB;QAC9B,uCAAkC,GAAlC,kCAAkC,CAA4C;QAC9E,UAAK,GAAL,KAAK,CAAmB;QACxB,qBAAgB,GAAhB,gBAAgB,CAAkB;QAClC,6BAAwB,GAAxB,wBAAwB,CAA0B;QASlD,qCAAgC,GAAhC,gCAAgC,CAAkC;QAEnF,IAAI,CAAC,+BAA+B,GAAG,IAAA,4BAAoB,EAAC,CAAC,UAAU,EAAE,WAAW,CAAC,EAAE,wBAAwB,CAAC,CAAA;QAChH,IAAI,CAAC,mBAAmB,GAAG,IAAI,2DAA4B,CAAC,IAAI,EAAE,OAAO,EAAE,sBAAsB,EAAE,SAAS,CAAC,CAAA;IAC/G,CAAC;IAED;;;;OAIG;IACG,iCAAiC,CAAC,cAAuC,EAAE,mBAA6B;;YAC5G,MAAM,kBAAkB,GAAG,MAAM,CAAC,OAAO,CAAC,MAAM,IAAI,CAAC,kCAAkC,CAAC,0BAA0B,CAAC,cAAc,CAAC,CAAC,CAAC,OAAO,CACzI,CAAC,CAAC,YAAY,EAAE,UAAU,CAAC,EAAE,EAAE;;gBAC7B,MAAM,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC,MAAA,MAAA,cAAc,CAAC,MAAM,CAAC,gBAAgB,0CAAE,gBAAgB,mCAAI,EAAE,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,KAAK,EAAE,KAAK,CAAC,EAAE,EAAE;oBACxH,IAAI,KAAK,IAAI,YAAY,EAAE;wBACzB,OAAO,CAAC,KAAK,CAAC,CAAA;qBACf;yBAAM;wBACL,OAAO,EAAE,CAAA;qBACV;gBACH,CAAC,CAAC,CAAA;gBACF,OAAO,CAAC,CAAC,YAAY,EAAE,UAAU,CAAC,EAAE,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,KAAK,EAAE,UAAU,CAAC,CAAC,CAAyC,CAAA;YAC7H,CAAC,CACF,CAAA;YACD,MAAM,+BAA+B,GAAG,kBAAkB,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,EAAE,EAAE;gBACxF,kEAAkE;gBAClE,OAAO,CAAC,cAAc,CAAC,aAAa,CAAA;YACtC,CAAC,CAAC,CAAA;YACF,4IAA4I;YAC5I,MAAM,mCAAmC,GAAG,+BAA+B,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,EAAE,EAAE;gBACzG,+FAA+F;gBAC/F,OAAO,CAAC,CAAC,cAAc,CAAC,QAAQ,IAAI,CAAC,CAAC,cAAc,CAAC,SAAS,IAAI,CAAC,CAAC,cAAc,CAAC,mBAAmB,CAAA;YACxG,CAAC,CAAC,CAAA;YACF,MAAM,sBAAsB,GAAG,MAAM,IAAI,CAAC,mCAAmC,CAC3E,+BAA+B,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAChD,cAAc,CAAC,IAAI,CACpB,CAAA;YACD,KAAK,MAAM,aAAa,IAAI,sBAAsB,EAAE;gBAClD,MAAM,IAAI,CAAC,gCAAgC,CAAC,cAAc,CAAC,IAAI,EAAE,aAAa,EAAE,mBAAmB,CAAC,CAAA;aACrG;YACD,MAAM,0BAA0B,GAAG,IAAI,GAAG,CAAC,sBAAsB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAA;YAC9F,MAAM,mBAAmB,GAAG,mCAAmC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,0BAA0B,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAA;YACtH,KAAK,MAAM,CAAC,MAAM,EAAE,cAAc,CAAC,IAAI,mBAAmB,EAAE;gBAC1D,MAAM,IAAI,CAAC,4BAA4B,CAAC,cAAc,CAAC,IAAI,EAAE,MAAM,EAAE,cAAc,EAAE,mBAAmB,CAAC,CAAA;aAC1G;QACH,CAAC;KAAA;IAED;;;OAGG;IACG,yBAAyB,CAAC,cAAuC;;;YAIrE,OAAO,IAAI,CAAC,gBAAgB,CAAC;gBAC3B,MAAM,IAAI,CAAC,0CAA0C,CAAC,cAAc,CAAC;gBACrE;oBACE,wBAAwB,EAAE,MAAM,CAAC,WAAW,CAAC,MAAM,CAAC,IAAI,CAAC,MAAA,cAAc,CAAC,MAAM,CAAC,WAAW,mCAAI,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,eAAe,CAAC,KAAK,CAAC,CAAC,CAAC;oBACzI,6BAA6B,EAAE,KAAK;iBACrC;aACF,CAAC,CAAA;;KACH;IAEa,0CAA0C,CAAC,cAAuC;;YAI9F,MAAM,uBAAuB,GAAG,MAAM,IAAI,CAAC,kCAAkC,CAAC,0BAA0B,CAAC,cAAc,CAAC,CAAA;YACxH,MAAM,kCAAkC,GAAG,MAAM,CAAC,OAAO,CAAC,uBAAuB,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,YAAY,EAAE,UAAU,CAAC,EAAE,EAAE;;gBACxH,IAAI,CAAC,UAAU,CAAC,QAAQ,IAAI,CAAC,UAAU,CAAC,SAAS,EAAE;oBACjD,MAAM,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC,MAAA,MAAA,cAAc,CAAC,MAAM,CAAC,gBAAgB,0CAAE,gBAAgB,mCAAI,EAAE,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,KAAK,EAAE,KAAK,CAAC,EAAE,EAAE;wBACxH,IAAI,KAAK,IAAI,YAAY,EAAE;4BACzB,OAAO,CAAC,KAAK,CAAC,CAAA;yBACf;6BAAM;4BACL,OAAO,EAAE,CAAA;yBACV;oBACH,CAAC,CAAC,CAAA;oBACF,OAAO,CAAC,EAAE,IAAI,EAAE,CAAC,YAAY,EAAE,GAAG,OAAO,CAAC,EAAE,UAAU,EAAE,CAAC,CAAA;iBAC1D;qBAAM;oBACL,OAAO,EAAE,CAAA;iBACV;YACH,CAAC,CAAC,CAAA;YACF,MAAM,sCAAsC,GAAG,MAAM,CAAC,WAAW,CAC/D,CACE,MAAM,IAAI,CAAC,mCAAmC,CAC5C,kCAAkC,CAAC,OAAO,CAAC,CAAC,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC,IAAI,CAAC,EAC9D,cAAc,CAAC,IAAI,CACpB,CACF,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,aAAa,EAAE,CAAC,CAAC,CAAC,CACnC,CAAA;YACD,MAAM,wBAAwB,GAA+C,EAAE,CAAA;YAC/E,IAAI,6BAA6B,GAAG,KAAK,CAAA;YACzC,SAAS,SAAS,CAAC,WAAmB,EAAE,KAAsB;gBAC5D,IAAI,wBAAwB,CAAC,WAAW,CAAC,KAAK,eAAe,CAAC,KAAK,EAAE;oBACnE,wBAAwB,CAAC,WAAW,CAAC,GAAG,KAAK,CAAA;iBAC9C;YACH,CAAC;YACD,KAAK,MAAM,UAAU,IAAI,MAAM,CAAC,MAAM,CAAC,uBAAuB,CAAC,EAAE;gBAC/D,IAAI,UAAU,CAAC,QAAQ;oBAAE,SAAS,CAAC,UAAU,CAAC,QAAQ,EAAE,UAAU,CAAC,WAAW,CAAC,CAAA;gBAC/E,IAAI,UAAU,CAAC,SAAS;oBAAE,SAAS,CAAC,UAAU,CAAC,SAAS,EAAE,UAAU,CAAC,WAAW,CAAC,CAAA;aAClF;YACD,KAAK,MAAM,EAAE,IAAI,EAAE,UAAU,EAAE,IAAI,kCAAkC,EAAE;gBACrE,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE;oBAC9B,MAAM,OAAO,GAAG,sCAAsC,CAAC,CAAC,CAAC,CAAA;oBACzD,OAAO,OAAO,IAAI,CAAC,CAAC,OAAO,CAAC,SAAS,IAAI,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAA;gBAC7D,CAAC,CAAC,CAAA;gBACF,IAAI,OAAO,EAAE;oBACX,MAAM,MAAM,GAAG,sCAAsC,CAAC,OAAO,CAAC,CAAA;oBAC9D,SAAS,CAAC,MAAM,CAAC,QAAS,EAAE,UAAU,CAAC,WAAW,CAAC,CAAA;oBACnD,SAAS,CAAC,MAAM,CAAC,SAAU,EAAE,UAAU,CAAC,WAAW,CAAC,CAAA;iBACrD;qBAAM;oBACL,6BAA6B,GAAG,IAAI,CAAA;iBACrC;aACF;YACD,OAAO,EAAE,wBAAwB,EAAE,6BAA6B,EAAE,CAAA;QACpE,CAAC;KAAA;IAEa,gBAAgB,CAC5B,MAGG;;YAKH,MAAM,sBAAsB,GAA+C,EAAE,CAAA;YAC7E,IAAI,6BAA6B,GAAG,KAAK,CAAA;YACzC,KAAK,MAAM,CAAC,IAAI,MAAM,EAAE;gBACtB,6BAA6B,GAAG,6BAA6B,IAAI,CAAC,CAAC,6BAA6B,CAAA;gBAChG,KAAK,MAAM,CAAC,WAAW,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,wBAAwB,CAAC,EAAE;oBAC7E,IAAI,sBAAsB,CAAC,WAAW,CAAC,KAAK,eAAe,CAAC,KAAK,EAAE;wBACjE,sBAAsB,CAAC,WAAW,CAAC,GAAG,KAAK,CAAA;qBAC5C;iBACF;aACF;YACD,OAAO;gBACL,wBAAwB,EAAE,sBAAsB;gBAChD,6BAA6B;aAC9B,CAAA;QACH,CAAC;KAAA;IAEa,mCAAmC,CAC/C,aAAuB,EACvB,UAAwC;;YAExC,IAAI,aAAa,CAAC,MAAM,EAAE;gBACxB,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,mBAAmB,CACtE,EAAE,GAAG,EAAE,aAAa,EAAE,EACtB,MAAM,IAAI,CAAC,gCAAgC,CAAC,2BAA2B,CAAC,UAAU,CAAC,CACpF,CAAA;gBACD,MAAM,GAAG,GAA6B,EAAE,CAAA;gBACxC,KAAK,MAAM,YAAY,IAAI,aAAa,EAAE;oBACxC,+BAA+B;oBAC/B,MAAM,gBAAgB,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,aAAa,CAAC,YAAY,EAAE,UAAU,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,+CAAsB,CAAC,CAAC,CAAC,CAAC,CAAA;oBACvH,IAAI,gBAAgB,CAAC,SAAS,EAAE;wBAC9B,GAAG,CAAC,IAAI,CAAC,gBAAgB,CAAC,MAAM,CAAC,CAAA;qBAClC;iBACF;gBACD,OAAO,GAAG,CAAA;aACX;;gBAAM,OAAO,EAAE,CAAA;QAClB,CAAC;KAAA;IAED,gJAAgJ;IAChJ,iFAAiF;IACnE,gCAAgC,CAAC,UAAwC,EAAE,MAA8B,EAAE,SAAmB;;YAC1I,IAAI,CAAC,MAAM,CAAC,SAAS,IAAI,CAAC,MAAM,CAAC,QAAQ;gBAAE,MAAM,IAAI,KAAK,CAAC,+DAA+D,CAAC,CAAA;YAC3H,MAAM,0CAA0C,GAAG,MAAM,CAAC,MAAM,CAC9D,MAAM,IAAI,CAAC,kCAAkC,CAAC,0BAA0B,CAAC;gBACvE,IAAI,EAAE,UAAU;gBAChB,MAAM,EAAE,MAAM;aACf,CAAC,CACH;iBACE,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAC,SAAS,CAAC,CAAC;iBACzC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAa,CAAA;YACjC,8GAA8G;YAC9G,MAAM,yBAAyB,GAAG,IAAI,GAAG,CAAC,CAAC,MAAM,CAAC,QAAQ,EAAE,MAAM,CAAC,SAAS,EAAE,GAAG,0CAA0C,CAAC,CAAC,CAAA;YAC7H,MAAM,sBAAsB,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,yBAAyB,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAA;YACzF,IAAI,sBAAsB,CAAC,MAAM,EAAE;gBACjC,CAAC;gBAAA,CACC,MAAM,IAAI,CAAC,KAAK,CAAC,0CAA0C,CACzD,EAAE,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,UAAU,EAAE,EACpC,KAAK,EACL,MAAM,CAAC,WAAW,CAChB,sBAAsB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC;oBAChC,CAAC;oBACD;wBACE,cAAc,EAAE,EAAE;wBAClB,mBAAmB,EAAE,+CAAsB,CAAC,QAAQ;wBACpD,oBAAoB,EAAE,+CAAsB,CAAC,KAAK;wBAClD,oBAAoB,EAAE,uBAAuB,CAAC,SAAS;qBACxD;iBACF,CAAC,CACH,EACD,CAAO,OAAO,EAAE,EAAE;oBAChB,OAAA,IAAI,CAAC,mBAAmB,CAAC,+BAA+B,CACtD,OAAO,EACP,MAAM,IAAI,CAAC,gCAAgC,CAAC,2BAA2B,CAAC,UAAU,CAAC,CACpF,CAAA;kBAAA,CACJ,CACF,CAAC,oBAAoB,CAAA;aACvB;QACH,CAAC;KAAA;IAED,gJAAgJ;IAChJ,iFAAiF;IACnE,4BAA4B,CACxC,UAAwC,EACxC,aAAqB,EACrB,wBAAkD,EAClD,SAAmB;;YAEnB,IAAI,CAAC,wBAAwB,CAAC,QAAQ,IAAI,CAAC,wBAAwB,CAAC,SAAS,IAAI,CAAC,wBAAwB,CAAC,mBAAmB;gBAC5H,MAAM,IAAI,KAAK,CAAC,0GAA0G,CAAC,CAAA;YAC7H,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,qBAAqB,EAAE,CAAA;YAChE,2IAA2I;YAC3I,4IAA4I;YAC5I,MAAM,gBAAgB,GAAG,CAAC,wBAAwB,CAAC,QAAQ,EAAE,wBAAwB,CAAC,SAAS,EAAE,GAAG,SAAS,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,IAAI,QAAQ,CAAC,CAAA;YAC3I,MAAM,iBAAiB,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,sCAAsC,CAC/E;gBACE,EAAE,EAAE,IAAI,CAAC,gBAAgB,CAAC,MAAM,CAAC,UAAU,EAAE;gBAC7C,QAAQ,EAAE,wBAAwB,CAAC,QAAQ;gBAC3C,SAAS,EAAE,wBAAwB,CAAC,SAAS;gBAC7C,aAAa,EAAE,aAAa;aAC7B,EACD,UAAU,EACV,SAAS,EACT,SAAS,EACT,IAAI,EACJ,KAAK,EACL,MAAM,CAAC,WAAW,CAAC,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,CAC3E,CAAA;YACD,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,gBAAgB,CACvD,iBAAiB,CAAC,aAAa,EAC/B,UAAU,EACV,IAAI,CAAC,+BAA+B,EACpC,KAAK,EACL,IAAI,EACJ,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,+CAAsB,CAAC,CAAC,CAAC,CACrC,CAAA;YACD,MAAM,IAAI,CAAC,mBAAmB,CAAC,MAAM,CACnC,eAAe,EACf,IAAI,SAAG,CAAC,MAAM,CACZ,6DAA0B,EAC1B,MAAM,IAAI,CAAC,wBAAwB,CAAC,2BAA2B,CAAC,CAAC,wBAAwB,CAAC,mBAAmB,CAAC,EAAE,UAAU,CAAC,CAC5H,CACF,CAAA;QACH,CAAC;KAAA;CACF;AA3QD,gEA2QC","sourcesContent":["import { EncryptedEntityWithType, EntityWithDelegationTypeName } from '../utils/EntityWithDelegationTypeName'\nimport { SecureDelegation } from '../../icc-api/model/SecureDelegation'\nimport AccessLevelEnum = SecureDelegation.AccessLevelEnum\nimport { DelegationMembersDetails, SecureDelegationsSecurityMetadataDecryptor } from './SecureDelegationsSecurityMetadataDecryptor'\nimport { SecureDelegationKeyMap } from '../../icc-api/model/internal/SecureDelegationKeyMap'\nimport { ExtendedApisUtils } from './ExtendedApisUtils'\nimport { ShareMetadataBehaviour } from './ShareMetadataBehaviour'\nimport { EntityShareRequest } from '../../icc-api/model/requests/EntityShareRequest'\nimport RequestedPermissionEnum = EntityShareRequest.RequestedPermissionEnum\nimport { CryptoPrimitives } from './CryptoPrimitives'\nimport { EncryptedFieldsManifest, parseEncryptedFields } from '../utils'\nimport { IccSecureDelegationKeyMapApi } from '../../icc-api/api/IccSecureDelegationKeyMapApi'\nimport { XHR } from '../../icc-api/api/XHR'\nimport { AuthenticationProvider, NoAuthenticationProvider } from '../auth/AuthenticationProvider'\nimport { ACCESS_CONTROL_KEYS_HEADER, AccessControlKeysHeadersProvider } from './AccessControlKeysHeadersProvider'\nimport { AccessControlSecretUtils } from './AccessControlSecretUtils'\nimport { IccDataOwnerXApi } from '../icc-data-owner-x-api'\n\n// TODO could be optimised using bulk methods\nexport class DelegationsDeAnonymization {\n private readonly delegationKeyMapFieldsToEncrypt: EncryptedFieldsManifest\n private readonly delegationKeyMapApi: IccSecureDelegationKeyMapApi\n\n constructor(\n private readonly dataOwnerApi: IccDataOwnerXApi,\n private readonly secureDelegationsMetadataDecryptor: SecureDelegationsSecurityMetadataDecryptor,\n private readonly xapis: ExtendedApisUtils,\n private readonly cryptoPrimitives: CryptoPrimitives,\n private readonly accessControlSecretUtils: AccessControlSecretUtils,\n host: string,\n headers: { [key: string]: string },\n authenticationProvider: AuthenticationProvider = new NoAuthenticationProvider(),\n fetchImpl: (input: RequestInfo, init?: RequestInit) => Promise<Response> = typeof window !== 'undefined'\n ? window.fetch\n : typeof self !== 'undefined'\n ? self.fetch\n : fetch,\n private readonly accessControlKeysHeadersProvider: AccessControlKeysHeadersProvider\n ) {\n this.delegationKeyMapFieldsToEncrypt = parseEncryptedFields(['delegate', 'delegator'], 'SecureDelegationKeyMap')\n this.delegationKeyMapApi = new IccSecureDelegationKeyMapApi(host, headers, authenticationProvider, fetchImpl)\n }\n\n /**\n * Creates / updates information to allow the data owners in {@link shareWithDataOwners} to de-anonymize the delegations contained within\n * {@link entity}.\n * Note that the delegation de-anonymization information may be used also with other entities of the same type.\n */\n async createOrUpdateDeAnonymizationInfo(entityWithType: EncryptedEntityWithType, shareWithDataOwners: string[]) {\n const delegationsDetails = Object.entries(await this.secureDelegationsMetadataDecryptor.getDelegationMemberDetails(entityWithType)).flatMap(\n ([canonicalKey, delegation]) => {\n const aliases = Object.entries(entityWithType.entity.securityMetadata?.keysEquivalences ?? {}).flatMap(([alias, canon]) => {\n if (canon == canonicalKey) {\n return [alias]\n } else {\n return []\n }\n })\n return [[canonicalKey, delegation], ...aliases.map((alias) => [alias, delegation])] as [string, DelegationMembersDetails][]\n }\n )\n const delegationsForDeanonInfoSharing = delegationsDetails.filter(([_, delegationInfo]) => {\n // Drop fully explicit ones: they don't need de-anonymization info\n return !delegationInfo.fullyExplicit\n })\n // A subset of delegations for which deanon info is relevant AND for which we can also create new info instead of sharing only existing one.\n const delegationsForNewDeanonInfoCreation = delegationsForDeanonInfoSharing.filter(([_, delegationInfo]) => {\n // Drop those for which we don't have the full information needed for the creation of new data.\n return !!delegationInfo.delegate && !!delegationInfo.delegator && !!delegationInfo.accessControlSecret\n })\n const existingDelegationsMap = await this.getDecryptedSecureDelegationKeyMaps(\n delegationsForDeanonInfoSharing.map((x) => x[0]),\n entityWithType.type\n )\n for (const delMapToShare of existingDelegationsMap) {\n await this.ensureDelegationKeyMapSharedWith(entityWithType.type, delMapToShare, shareWithDataOwners)\n }\n const existingDelegationsMapKeys = new Set(existingDelegationsMap.map((x) => x.delegationKey))\n const delegationsToCreate = delegationsForNewDeanonInfoCreation.filter(([k, _]) => !existingDelegationsMapKeys.has(k))\n for (const [delKey, membersDetails] of delegationsToCreate) {\n await this.createSecureDelegationKeyMap(entityWithType.type, delKey, membersDetails, shareWithDataOwners)\n }\n }\n\n /**\n * Get the data owners which can access the entity. See {@link EncryptedEntityXApi.getDataOwnersWithAccessTo} for more details.\n * @param entityWithType an entity.\n */\n async getDataOwnersWithAccessTo(entityWithType: EncryptedEntityWithType): Promise<{\n permissionsByDataOwnerId: { [dataOwnerId: string]: AccessLevelEnum }\n hasUnknownAnonymousDataOwners: boolean\n }> {\n return this.mergePermissions([\n await this.getDataOwnersWithAccessToSecureDelegations(entityWithType),\n {\n permissionsByDataOwnerId: Object.fromEntries(Object.keys(entityWithType.entity.delegations ?? {}).map((k) => [k, AccessLevelEnum.WRITE])),\n hasUnknownAnonymousDataOwners: false,\n },\n ])\n }\n\n private async getDataOwnersWithAccessToSecureDelegations(entityWithType: EncryptedEntityWithType): Promise<{\n permissionsByDataOwnerId: { [dataOwnerId: string]: AccessLevelEnum }\n hasUnknownAnonymousDataOwners: boolean\n }> {\n const secureDelegationDetails = await this.secureDelegationsMetadataDecryptor.getDelegationMemberDetails(entityWithType)\n const secureDelegationWithUnknownMembers = Object.entries(secureDelegationDetails).flatMap(([canonicalKey, delegation]) => {\n if (!delegation.delegate || !delegation.delegator) {\n const aliases = Object.entries(entityWithType.entity.securityMetadata?.keysEquivalences ?? {}).flatMap(([alias, canon]) => {\n if (canon == canonicalKey) {\n return [alias]\n } else {\n return []\n }\n })\n return [{ keys: [canonicalKey, ...aliases], delegation }]\n } else {\n return []\n }\n })\n const secureDelegationKeyMapsByDelegationKey = Object.fromEntries(\n (\n await this.getDecryptedSecureDelegationKeyMaps(\n secureDelegationWithUnknownMembers.flatMap(({ keys }) => keys),\n entityWithType.type\n )\n ).map((x) => [x.delegationKey, x])\n )\n const permissionsByDataOwnerId: { [dataOwnerId: string]: AccessLevelEnum } = {}\n let hasUnknownAnonymousDataOwners = false\n function addAccess(dataOwnerId: string, level: AccessLevelEnum) {\n if (permissionsByDataOwnerId[dataOwnerId] !== AccessLevelEnum.WRITE) {\n permissionsByDataOwnerId[dataOwnerId] = level\n }\n }\n for (const delegation of Object.values(secureDelegationDetails)) {\n if (delegation.delegate) addAccess(delegation.delegate, delegation.accessLevel)\n if (delegation.delegator) addAccess(delegation.delegator, delegation.accessLevel)\n }\n for (const { keys, delegation } of secureDelegationWithUnknownMembers) {\n const bestKey = keys.find((k) => {\n const currMap = secureDelegationKeyMapsByDelegationKey[k]\n return currMap && !!currMap.delegator && !!currMap.delegate\n })\n if (bestKey) {\n const keyMap = secureDelegationKeyMapsByDelegationKey[bestKey]\n addAccess(keyMap.delegate!, delegation.accessLevel)\n addAccess(keyMap.delegator!, delegation.accessLevel)\n } else {\n hasUnknownAnonymousDataOwners = true\n }\n }\n return { permissionsByDataOwnerId, hasUnknownAnonymousDataOwners }\n }\n\n private async mergePermissions(\n values: {\n permissionsByDataOwnerId: { [dataOwnerId: string]: AccessLevelEnum }\n hasUnknownAnonymousDataOwners: boolean\n }[]\n ): Promise<{\n permissionsByDataOwnerId: { [dataOwnerId: string]: AccessLevelEnum }\n hasUnknownAnonymousDataOwners: boolean\n }> {\n const accumulatedPermissions: { [dataOwnerId: string]: AccessLevelEnum } = {}\n let hasUnknownAnonymousDataOwners = false\n for (const v of values) {\n hasUnknownAnonymousDataOwners = hasUnknownAnonymousDataOwners || v.hasUnknownAnonymousDataOwners\n for (const [dataOwnerId, level] of Object.entries(v.permissionsByDataOwnerId)) {\n if (accumulatedPermissions[dataOwnerId] !== AccessLevelEnum.WRITE) {\n accumulatedPermissions[dataOwnerId] = level\n }\n }\n }\n return {\n permissionsByDataOwnerId: accumulatedPermissions,\n hasUnknownAnonymousDataOwners,\n }\n }\n\n private async getDecryptedSecureDelegationKeyMaps(\n delegationIds: string[],\n entityType: EntityWithDelegationTypeName\n ): Promise<SecureDelegationKeyMap[]> {\n if (delegationIds.length) {\n const encryptedMaps = await this.delegationKeyMapApi.getByDelegationKeys(\n { ids: delegationIds },\n await this.accessControlKeysHeadersProvider.getAccessControlKeysHeaders(entityType)\n )\n const res: SecureDelegationKeyMap[] = []\n for (const encryptedMap of encryptedMaps) {\n // Use the original entity type\n const decryptionResult = await this.xapis.decryptEntity(encryptedMap, entityType, (x) => new SecureDelegationKeyMap(x))\n if (decryptionResult.decrypted) {\n res.push(decryptionResult.entity)\n }\n }\n return res\n } else return []\n }\n\n // Important: to avoid potentially leaking links between entities of different types the key map calculates the secure delegation keys using the\n // same entity type as the delegation key for which they are mapping information.\n private async ensureDelegationKeyMapSharedWith(entityType: EntityWithDelegationTypeName, keyMap: SecureDelegationKeyMap, delegates: string[]) {\n if (!keyMap.delegator || !keyMap.delegate) throw new Error('Illegal state: key map is missing delegator or delegate info.')\n const dataOwnersWithAccessToMapThroughDelegation = Object.values(\n await this.secureDelegationsMetadataDecryptor.getDelegationMemberDetails({\n type: entityType,\n entity: keyMap,\n })\n )\n .flatMap((x) => [x.delegate, x.delegator])\n .filter((x) => !!x) as string[]\n // Delegator and delegate got access to the entity when it was first created: no need to share with them ever.\n const dataOwnersWithAccessToMap = new Set([keyMap.delegate, keyMap.delegator, ...dataOwnersWithAccessToMapThroughDelegation])\n const dataOwnersNeedingShare = delegates.filter((x) => !dataOwnersWithAccessToMap.has(x))\n if (dataOwnersNeedingShare.length) {\n ;(\n await this.xapis.simpleShareOrUpdateEncryptedEntityMetadata(\n { entity: keyMap, type: entityType },\n false,\n Object.fromEntries(\n dataOwnersNeedingShare.map((x) => [\n x,\n {\n shareSecretIds: [],\n shareEncryptionKeys: ShareMetadataBehaviour.REQUIRED,\n shareOwningEntityIds: ShareMetadataBehaviour.NEVER,\n requestedPermissions: RequestedPermissionEnum.FULL_READ,\n },\n ])\n ),\n async (request) =>\n this.delegationKeyMapApi.bulkShareSecureDelegationKeyMap(\n request,\n await this.accessControlKeysHeadersProvider.getAccessControlKeysHeaders(entityType)\n )\n )\n ).updatedEntityOrThrow\n }\n }\n\n // Important: to avoid potentially leaking links between entities of different types the key map calculates the secure delegation keys using the\n // same entity type as the delegation key for which they are mapping information.\n private async createSecureDelegationKeyMap(\n entityType: EntityWithDelegationTypeName,\n delegationKey: string,\n delegationMembersDetails: DelegationMembersDetails,\n delegates: string[]\n ) {\n if (!delegationMembersDetails.delegate || !delegationMembersDetails.delegator || !delegationMembersDetails.accessControlSecret)\n throw new Error('Illegal state: delegation members details are missing delegate, delegator or access control secret info.')\n const selfDoId = await this.dataOwnerApi.getCurrentDataOwnerId()\n // Ensure that both the delegator and delegate of the delegation this map refers tho can share it later on, even if they did not create it.\n // Usually either the delegator or delegate are the current data owner, but sometimes also the child of the delegator or delegate can do it.\n const initialDelegates = [delegationMembersDetails.delegate, delegationMembersDetails.delegator, ...delegates].filter((x) => x != selfDoId)\n const initalisedMapInfo = await this.xapis.entityWithInitialisedEncryptedMetadata<SecureDelegationKeyMap>(\n {\n id: this.cryptoPrimitives.crypto.randomUUID(),\n delegate: delegationMembersDetails.delegate,\n delegator: delegationMembersDetails.delegator,\n delegationKey: delegationKey,\n },\n entityType,\n undefined,\n undefined,\n true,\n false,\n Object.fromEntries(initialDelegates.map((x) => [x, AccessLevelEnum.READ]))\n )\n const encryptedKeyMap = await this.xapis.tryEncryptEntity(\n initalisedMapInfo.updatedEntity,\n entityType,\n this.delegationKeyMapFieldsToEncrypt,\n false,\n true,\n (x) => new SecureDelegationKeyMap(x)\n )\n await this.delegationKeyMapApi.create(\n encryptedKeyMap,\n new XHR.Header(\n ACCESS_CONTROL_KEYS_HEADER,\n await this.accessControlSecretUtils.getEncodedAccessControlKeys([delegationMembersDetails.accessControlSecret], entityType)\n )\n )\n }\n}\n"]}
1
+ {"version":3,"file":"DelegationsDeAnonymization.js","sourceRoot":"","sources":["../../../icc-x-api/crypto/DelegationsDeAnonymization.ts"],"names":[],"mappings":";;;;;;;;;;;;AACA,2EAAuE;AACvE,IAAO,eAAe,GAAG,mCAAgB,CAAC,eAAe,CAAA;AAEzD,gGAA4F;AAE5F,qEAAiE;AACjE,wFAAoF;AACpF,IAAO,uBAAuB,GAAG,uCAAkB,CAAC,uBAAuB,CAAA;AAE3E,oCAAwE;AACxE,0GAAsG;AACtG,+CAA2C;AAC3C,2EAAiG;AACjG,yFAAiH;AAIjH,6CAA6C;AAC7C,MAAa,0BAA0B;IAIrC,YACmB,YAA8B,EAC9B,kCAA8E,EAC9E,KAAwB,EACxB,gBAAkC,EAClC,wBAAkD,EACnE,IAAY,EACZ,OAAkC,EAClC,yBAAiD,IAAI,iDAAwB,EAAE,EAC/E,YAA2E,OAAO,MAAM,KAAK,WAAW;QACtG,CAAC,CAAC,MAAM,CAAC,KAAK;QACd,CAAC,CAAC,OAAO,IAAI,KAAK,WAAW;YAC7B,CAAC,CAAC,IAAI,CAAC,KAAK;YACZ,CAAC,CAAC,KAAK,EACQ,gCAAkE;QAblE,iBAAY,GAAZ,YAAY,CAAkB;QAC9B,uCAAkC,GAAlC,kCAAkC,CAA4C;QAC9E,UAAK,GAAL,KAAK,CAAmB;QACxB,qBAAgB,GAAhB,gBAAgB,CAAkB;QAClC,6BAAwB,GAAxB,wBAAwB,CAA0B;QASlD,qCAAgC,GAAhC,gCAAgC,CAAkC;QAEnF,IAAI,CAAC,+BAA+B,GAAG,IAAA,4BAAoB,EAAC,CAAC,UAAU,EAAE,WAAW,CAAC,EAAE,wBAAwB,CAAC,CAAA;QAChH,IAAI,CAAC,mBAAmB,GAAG,IAAI,2DAA4B,CAAC,IAAI,EAAE,OAAO,EAAE,sBAAsB,EAAE,SAAS,CAAC,CAAA;IAC/G,CAAC;IAED;;;;OAIG;IACG,iCAAiC,CAAC,cAAuC,EAAE,mBAA6B;;YAC5G,MAAM,kBAAkB,GAAG,MAAM,CAAC,OAAO,CAAC,MAAM,IAAI,CAAC,kCAAkC,CAAC,0BAA0B,CAAC,cAAc,CAAC,CAAC,CAAC,OAAO,CACzI,CAAC,CAAC,YAAY,EAAE,UAAU,CAAC,EAAE,EAAE;;gBAC7B,MAAM,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC,MAAA,MAAA,cAAc,CAAC,MAAM,CAAC,gBAAgB,0CAAE,gBAAgB,mCAAI,EAAE,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,KAAK,EAAE,KAAK,CAAC,EAAE,EAAE;oBACxH,IAAI,KAAK,IAAI,YAAY,EAAE;wBACzB,OAAO,CAAC,KAAK,CAAC,CAAA;qBACf;yBAAM;wBACL,OAAO,EAAE,CAAA;qBACV;gBACH,CAAC,CAAC,CAAA;gBACF,OAAO,CAAC,CAAC,YAAY,EAAE,UAAU,CAAC,EAAE,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,KAAK,EAAE,UAAU,CAAC,CAAC,CAAyC,CAAA;YAC7H,CAAC,CACF,CAAA;YACD,MAAM,+BAA+B,GAAG,kBAAkB,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,EAAE,EAAE;gBACxF,kEAAkE;gBAClE,OAAO,CAAC,cAAc,CAAC,aAAa,CAAA;YACtC,CAAC,CAAC,CAAA;YACF,4IAA4I;YAC5I,MAAM,mCAAmC,GAAG,+BAA+B,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,EAAE,EAAE;gBACzG,+FAA+F;gBAC/F,OAAO,CAAC,CAAC,cAAc,CAAC,QAAQ,IAAI,CAAC,CAAC,cAAc,CAAC,SAAS,IAAI,CAAC,CAAC,cAAc,CAAC,mBAAmB,CAAA;YACxG,CAAC,CAAC,CAAA;YACF,MAAM,sBAAsB,GAAG,MAAM,IAAI,CAAC,mCAAmC,CAC3E,+BAA+B,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAChD,cAAc,CAAC,IAAI,CACpB,CAAA;YACD,KAAK,MAAM,aAAa,IAAI,sBAAsB,EAAE;gBAClD,MAAM,IAAI,CAAC,gCAAgC,CAAC,cAAc,CAAC,IAAI,EAAE,aAAa,EAAE,mBAAmB,CAAC,CAAA;aACrG;YACD,MAAM,0BAA0B,GAAG,IAAI,GAAG,CAAC,sBAAsB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAA;YAC9F,MAAM,mBAAmB,GAAG,mCAAmC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,0BAA0B,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAA;YACtH,KAAK,MAAM,CAAC,MAAM,EAAE,cAAc,CAAC,IAAI,mBAAmB,EAAE;gBAC1D,MAAM,IAAI,CAAC,4BAA4B,CAAC,cAAc,CAAC,IAAI,EAAE,MAAM,EAAE,cAAc,EAAE,mBAAmB,CAAC,CAAA;aAC1G;QACH,CAAC;KAAA;IAED;;;OAGG;IACG,yBAAyB,CAAC,cAAuC;;;YAIrE,OAAO,IAAI,CAAC,gBAAgB,CAAC;gBAC3B,MAAM,IAAI,CAAC,0CAA0C,CAAC,cAAc,CAAC;gBACrE;oBACE,wBAAwB,EAAE,MAAM,CAAC,WAAW,CAAC,MAAM,CAAC,IAAI,CAAC,MAAA,cAAc,CAAC,MAAM,CAAC,WAAW,mCAAI,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,eAAe,CAAC,KAAK,CAAC,CAAC,CAAC;oBACzI,6BAA6B,EAAE,KAAK;iBACrC;aACF,CAAC,CAAA;;KACH;IAEa,0CAA0C,CAAC,cAAuC;;YAI9F,MAAM,uBAAuB,GAAG,MAAM,IAAI,CAAC,kCAAkC,CAAC,0BAA0B,CAAC,cAAc,CAAC,CAAA;YACxH,MAAM,kCAAkC,GAAG,MAAM,CAAC,OAAO,CAAC,uBAAuB,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,YAAY,EAAE,UAAU,CAAC,EAAE,EAAE;;gBACxH,IAAI,CAAC,UAAU,CAAC,QAAQ,IAAI,CAAC,UAAU,CAAC,SAAS,EAAE;oBACjD,MAAM,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC,MAAA,MAAA,cAAc,CAAC,MAAM,CAAC,gBAAgB,0CAAE,gBAAgB,mCAAI,EAAE,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,KAAK,EAAE,KAAK,CAAC,EAAE,EAAE;wBACxH,IAAI,KAAK,IAAI,YAAY,EAAE;4BACzB,OAAO,CAAC,KAAK,CAAC,CAAA;yBACf;6BAAM;4BACL,OAAO,EAAE,CAAA;yBACV;oBACH,CAAC,CAAC,CAAA;oBACF,OAAO,CAAC,EAAE,IAAI,EAAE,CAAC,YAAY,EAAE,GAAG,OAAO,CAAC,EAAE,UAAU,EAAE,CAAC,CAAA;iBAC1D;qBAAM;oBACL,OAAO,EAAE,CAAA;iBACV;YACH,CAAC,CAAC,CAAA;YACF,MAAM,sCAAsC,GAAG,MAAM,CAAC,WAAW,CAC/D,CACE,MAAM,IAAI,CAAC,mCAAmC,CAC5C,kCAAkC,CAAC,OAAO,CAAC,CAAC,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC,IAAI,CAAC,EAC9D,cAAc,CAAC,IAAI,CACpB,CACF,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,aAAa,EAAE,CAAC,CAAC,CAAC,CACnC,CAAA;YACD,MAAM,wBAAwB,GAA+C,EAAE,CAAA;YAC/E,IAAI,6BAA6B,GAAG,KAAK,CAAA;YACzC,SAAS,SAAS,CAAC,WAAmB,EAAE,KAAsB;gBAC5D,IAAI,wBAAwB,CAAC,WAAW,CAAC,KAAK,eAAe,CAAC,KAAK,EAAE;oBACnE,wBAAwB,CAAC,WAAW,CAAC,GAAG,KAAK,CAAA;iBAC9C;YACH,CAAC;YACD,KAAK,MAAM,UAAU,IAAI,MAAM,CAAC,MAAM,CAAC,uBAAuB,CAAC,EAAE;gBAC/D,IAAI,UAAU,CAAC,QAAQ;oBAAE,SAAS,CAAC,UAAU,CAAC,QAAQ,EAAE,UAAU,CAAC,WAAW,CAAC,CAAA;gBAC/E,IAAI,UAAU,CAAC,SAAS;oBAAE,SAAS,CAAC,UAAU,CAAC,SAAS,EAAE,UAAU,CAAC,WAAW,CAAC,CAAA;aAClF;YACD,KAAK,MAAM,EAAE,IAAI,EAAE,UAAU,EAAE,IAAI,kCAAkC,EAAE;gBACrE,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE;oBAC9B,MAAM,OAAO,GAAG,sCAAsC,CAAC,CAAC,CAAC,CAAA;oBACzD,OAAO,OAAO,IAAI,CAAC,CAAC,OAAO,CAAC,SAAS,IAAI,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAA;gBAC7D,CAAC,CAAC,CAAA;gBACF,IAAI,OAAO,EAAE;oBACX,MAAM,MAAM,GAAG,sCAAsC,CAAC,OAAO,CAAC,CAAA;oBAC9D,SAAS,CAAC,MAAM,CAAC,QAAS,EAAE,UAAU,CAAC,WAAW,CAAC,CAAA;oBACnD,SAAS,CAAC,MAAM,CAAC,SAAU,EAAE,UAAU,CAAC,WAAW,CAAC,CAAA;iBACrD;qBAAM;oBACL,6BAA6B,GAAG,IAAI,CAAA;iBACrC;aACF;YACD,OAAO,EAAE,wBAAwB,EAAE,6BAA6B,EAAE,CAAA;QACpE,CAAC;KAAA;IAEa,gBAAgB,CAC5B,MAGG;;YAKH,MAAM,sBAAsB,GAA+C,EAAE,CAAA;YAC7E,IAAI,6BAA6B,GAAG,KAAK,CAAA;YACzC,KAAK,MAAM,CAAC,IAAI,MAAM,EAAE;gBACtB,6BAA6B,GAAG,6BAA6B,IAAI,CAAC,CAAC,6BAA6B,CAAA;gBAChG,KAAK,MAAM,CAAC,WAAW,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,wBAAwB,CAAC,EAAE;oBAC7E,IAAI,sBAAsB,CAAC,WAAW,CAAC,KAAK,eAAe,CAAC,KAAK,EAAE;wBACjE,sBAAsB,CAAC,WAAW,CAAC,GAAG,KAAK,CAAA;qBAC5C;iBACF;aACF;YACD,OAAO;gBACL,wBAAwB,EAAE,sBAAsB;gBAChD,6BAA6B;aAC9B,CAAA;QACH,CAAC;KAAA;IAEa,mCAAmC,CAC/C,aAAuB,EACvB,UAAwC;;YAExC,IAAI,aAAa,CAAC,MAAM,EAAE;gBACxB,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,mBAAmB,CACtE,EAAE,GAAG,EAAE,aAAa,EAAE,EACtB,MAAM,IAAI,CAAC,gCAAgC,CAAC,2BAA2B,CAAC,UAAU,CAAC,CACpF,CAAA;gBACD,MAAM,GAAG,GAA6B,EAAE,CAAA;gBACxC,KAAK,MAAM,YAAY,IAAI,aAAa,EAAE;oBACxC,+BAA+B;oBAC/B,MAAM,gBAAgB,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,aAAa,CAAC,YAAY,EAAE,UAAU,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,+CAAsB,CAAC,CAAC,CAAC,CAAC,CAAA;oBACvH,IAAI,gBAAgB,CAAC,SAAS,EAAE;wBAC9B,GAAG,CAAC,IAAI,CAAC,gBAAgB,CAAC,MAAM,CAAC,CAAA;qBAClC;iBACF;gBACD,OAAO,GAAG,CAAA;aACX;;gBAAM,OAAO,EAAE,CAAA;QAClB,CAAC;KAAA;IAED,gJAAgJ;IAChJ,iFAAiF;IACnE,gCAAgC,CAAC,UAAwC,EAAE,MAA8B,EAAE,SAAmB;;YAC1I,IAAI,CAAC,MAAM,CAAC,SAAS,IAAI,CAAC,MAAM,CAAC,QAAQ;gBAAE,MAAM,IAAI,KAAK,CAAC,+DAA+D,CAAC,CAAA;YAC3H,MAAM,0CAA0C,GAAG,MAAM,CAAC,MAAM,CAC9D,MAAM,IAAI,CAAC,kCAAkC,CAAC,0BAA0B,CAAC;gBACvE,IAAI,EAAE,UAAU;gBAChB,MAAM,EAAE,MAAM;aACf,CAAC,CACH;iBACE,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAC,SAAS,CAAC,CAAC;iBACzC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAa,CAAA;YACjC,8GAA8G;YAC9G,MAAM,yBAAyB,GAAG,IAAI,GAAG,CAAC,CAAC,MAAM,CAAC,QAAQ,EAAE,MAAM,CAAC,SAAS,EAAE,GAAG,0CAA0C,CAAC,CAAC,CAAA;YAC7H,MAAM,sBAAsB,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,yBAAyB,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAA;YACzF,IAAI,sBAAsB,CAAC,MAAM,EAAE;gBACjC,CAAC;gBAAA,CACC,MAAM,IAAI,CAAC,KAAK,CAAC,0CAA0C,CACzD,EAAE,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,UAAU,EAAE,EACpC,KAAK,EACL,MAAM,CAAC,WAAW,CAChB,sBAAsB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC;oBAChC,CAAC;oBACD;wBACE,cAAc,EAAE,EAAE;wBAClB,mBAAmB,EAAE,+CAAsB,CAAC,QAAQ;wBACpD,oBAAoB,EAAE,+CAAsB,CAAC,KAAK;wBAClD,oBAAoB,EAAE,uBAAuB,CAAC,SAAS;qBACxD;iBACF,CAAC,CACH,EACD,CAAO,OAAO,EAAE,EAAE;oBAChB,OAAA,IAAI,CAAC,mBAAmB,CAAC,+BAA+B,CACtD,OAAO,EACP,MAAM,IAAI,CAAC,gCAAgC,CAAC,2BAA2B,CAAC,UAAU,CAAC,CACpF,CAAA;kBAAA,CACJ,CACF,CAAC,oBAAoB,CAAA;aACvB;QACH,CAAC;KAAA;IAED,gJAAgJ;IAChJ,iFAAiF;IACnE,4BAA4B,CACxC,UAAwC,EACxC,aAAqB,EACrB,wBAAkD,EAClD,SAAmB;;YAEnB,IAAI,CAAC,wBAAwB,CAAC,QAAQ,IAAI,CAAC,wBAAwB,CAAC,SAAS,IAAI,CAAC,wBAAwB,CAAC,mBAAmB;gBAC5H,MAAM,IAAI,KAAK,CAAC,0GAA0G,CAAC,CAAA;YAC7H,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,qBAAqB,EAAE,CAAA;YAChE,2IAA2I;YAC3I,4IAA4I;YAC5I,MAAM,gBAAgB,GAAG,CAAC,wBAAwB,CAAC,QAAQ,EAAE,wBAAwB,CAAC,SAAS,EAAE,GAAG,SAAS,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,IAAI,QAAQ,CAAC,CAAA;YAC3I,MAAM,iBAAiB,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,sCAAsC,CAC/E;gBACE,EAAE,EAAE,IAAI,CAAC,gBAAgB,CAAC,MAAM,CAAC,UAAU,EAAE;gBAC7C,QAAQ,EAAE,wBAAwB,CAAC,QAAQ;gBAC3C,SAAS,EAAE,wBAAwB,CAAC,SAAS;gBAC7C,aAAa,EAAE,aAAa;aAC7B,EACD,UAAU,EACV,SAAS,EACT,SAAS,EACT,IAAI,EACJ,KAAK,EACL,MAAM,CAAC,WAAW,CAAC,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,CAC3E,CAAA;YACD,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,gBAAgB,CACvD,iBAAiB,CAAC,aAAa,EAC/B,UAAU,EACV,IAAI,CAAC,+BAA+B,EACpC,KAAK,EACL,IAAI,EACJ,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,+CAAsB,CAAC,CAAC,CAAC,CACrC,CAAA;YACD,MAAM,IAAI,CAAC,mBAAmB,CAAC,MAAM,CACnC,eAAe,EACf,IAAI,SAAG,CAAC,MAAM,CACZ,6DAA0B,EAC1B,MAAM,IAAI,CAAC,wBAAwB,CAAC,2BAA2B,CAAC,CAAC,wBAAwB,CAAC,mBAAmB,CAAC,EAAE,UAAU,CAAC,CAC5H,CACF,CAAA;QACH,CAAC;KAAA;CACF;AA3QD,gEA2QC","sourcesContent":["import { EncryptedEntityWithType, EntityWithDelegationTypeName } from '../utils/EntityWithDelegationTypeName'\nimport { SecureDelegation } from '../../icc-api/model/SecureDelegation'\nimport AccessLevelEnum = SecureDelegation.AccessLevelEnum\nimport { DelegationMembersDetails, SecureDelegationsSecurityMetadataDecryptor } from './SecureDelegationsSecurityMetadataDecryptor'\nimport { SecureDelegationKeyMap } from '../../icc-api/model/internal/SecureDelegationKeyMap'\nimport { ExtendedApisUtils } from './ExtendedApisUtils'\nimport { ShareMetadataBehaviour } from './ShareMetadataBehaviour'\nimport { EntityShareRequest } from '../../icc-api/model/requests/EntityShareRequest'\nimport RequestedPermissionEnum = EntityShareRequest.RequestedPermissionEnum\nimport { CryptoPrimitives } from './CryptoPrimitives'\nimport { EncryptedFieldsManifest, parseEncryptedFields } from '../utils'\nimport { IccSecureDelegationKeyMapApi } from '../../icc-api/api/internal/IccSecureDelegationKeyMapApi'\nimport { XHR } from '../../icc-api/api/XHR'\nimport { AuthenticationProvider, NoAuthenticationProvider } from '../auth/AuthenticationProvider'\nimport { ACCESS_CONTROL_KEYS_HEADER, AccessControlKeysHeadersProvider } from './AccessControlKeysHeadersProvider'\nimport { AccessControlSecretUtils } from './AccessControlSecretUtils'\nimport { IccDataOwnerXApi } from '../icc-data-owner-x-api'\n\n// TODO could be optimised using bulk methods\nexport class DelegationsDeAnonymization {\n private readonly delegationKeyMapFieldsToEncrypt: EncryptedFieldsManifest\n private readonly delegationKeyMapApi: IccSecureDelegationKeyMapApi\n\n constructor(\n private readonly dataOwnerApi: IccDataOwnerXApi,\n private readonly secureDelegationsMetadataDecryptor: SecureDelegationsSecurityMetadataDecryptor,\n private readonly xapis: ExtendedApisUtils,\n private readonly cryptoPrimitives: CryptoPrimitives,\n private readonly accessControlSecretUtils: AccessControlSecretUtils,\n host: string,\n headers: { [key: string]: string },\n authenticationProvider: AuthenticationProvider = new NoAuthenticationProvider(),\n fetchImpl: (input: RequestInfo, init?: RequestInit) => Promise<Response> = typeof window !== 'undefined'\n ? window.fetch\n : typeof self !== 'undefined'\n ? self.fetch\n : fetch,\n private readonly accessControlKeysHeadersProvider: AccessControlKeysHeadersProvider\n ) {\n this.delegationKeyMapFieldsToEncrypt = parseEncryptedFields(['delegate', 'delegator'], 'SecureDelegationKeyMap')\n this.delegationKeyMapApi = new IccSecureDelegationKeyMapApi(host, headers, authenticationProvider, fetchImpl)\n }\n\n /**\n * Creates / updates information to allow the data owners in {@link shareWithDataOwners} to de-anonymize the delegations contained within\n * {@link entity}.\n * Note that the delegation de-anonymization information may be used also with other entities of the same type.\n */\n async createOrUpdateDeAnonymizationInfo(entityWithType: EncryptedEntityWithType, shareWithDataOwners: string[]) {\n const delegationsDetails = Object.entries(await this.secureDelegationsMetadataDecryptor.getDelegationMemberDetails(entityWithType)).flatMap(\n ([canonicalKey, delegation]) => {\n const aliases = Object.entries(entityWithType.entity.securityMetadata?.keysEquivalences ?? {}).flatMap(([alias, canon]) => {\n if (canon == canonicalKey) {\n return [alias]\n } else {\n return []\n }\n })\n return [[canonicalKey, delegation], ...aliases.map((alias) => [alias, delegation])] as [string, DelegationMembersDetails][]\n }\n )\n const delegationsForDeanonInfoSharing = delegationsDetails.filter(([_, delegationInfo]) => {\n // Drop fully explicit ones: they don't need de-anonymization info\n return !delegationInfo.fullyExplicit\n })\n // A subset of delegations for which deanon info is relevant AND for which we can also create new info instead of sharing only existing one.\n const delegationsForNewDeanonInfoCreation = delegationsForDeanonInfoSharing.filter(([_, delegationInfo]) => {\n // Drop those for which we don't have the full information needed for the creation of new data.\n return !!delegationInfo.delegate && !!delegationInfo.delegator && !!delegationInfo.accessControlSecret\n })\n const existingDelegationsMap = await this.getDecryptedSecureDelegationKeyMaps(\n delegationsForDeanonInfoSharing.map((x) => x[0]),\n entityWithType.type\n )\n for (const delMapToShare of existingDelegationsMap) {\n await this.ensureDelegationKeyMapSharedWith(entityWithType.type, delMapToShare, shareWithDataOwners)\n }\n const existingDelegationsMapKeys = new Set(existingDelegationsMap.map((x) => x.delegationKey))\n const delegationsToCreate = delegationsForNewDeanonInfoCreation.filter(([k, _]) => !existingDelegationsMapKeys.has(k))\n for (const [delKey, membersDetails] of delegationsToCreate) {\n await this.createSecureDelegationKeyMap(entityWithType.type, delKey, membersDetails, shareWithDataOwners)\n }\n }\n\n /**\n * Get the data owners which can access the entity. See {@link EncryptedEntityXApi.getDataOwnersWithAccessTo} for more details.\n * @param entityWithType an entity.\n */\n async getDataOwnersWithAccessTo(entityWithType: EncryptedEntityWithType): Promise<{\n permissionsByDataOwnerId: { [dataOwnerId: string]: AccessLevelEnum }\n hasUnknownAnonymousDataOwners: boolean\n }> {\n return this.mergePermissions([\n await this.getDataOwnersWithAccessToSecureDelegations(entityWithType),\n {\n permissionsByDataOwnerId: Object.fromEntries(Object.keys(entityWithType.entity.delegations ?? {}).map((k) => [k, AccessLevelEnum.WRITE])),\n hasUnknownAnonymousDataOwners: false,\n },\n ])\n }\n\n private async getDataOwnersWithAccessToSecureDelegations(entityWithType: EncryptedEntityWithType): Promise<{\n permissionsByDataOwnerId: { [dataOwnerId: string]: AccessLevelEnum }\n hasUnknownAnonymousDataOwners: boolean\n }> {\n const secureDelegationDetails = await this.secureDelegationsMetadataDecryptor.getDelegationMemberDetails(entityWithType)\n const secureDelegationWithUnknownMembers = Object.entries(secureDelegationDetails).flatMap(([canonicalKey, delegation]) => {\n if (!delegation.delegate || !delegation.delegator) {\n const aliases = Object.entries(entityWithType.entity.securityMetadata?.keysEquivalences ?? {}).flatMap(([alias, canon]) => {\n if (canon == canonicalKey) {\n return [alias]\n } else {\n return []\n }\n })\n return [{ keys: [canonicalKey, ...aliases], delegation }]\n } else {\n return []\n }\n })\n const secureDelegationKeyMapsByDelegationKey = Object.fromEntries(\n (\n await this.getDecryptedSecureDelegationKeyMaps(\n secureDelegationWithUnknownMembers.flatMap(({ keys }) => keys),\n entityWithType.type\n )\n ).map((x) => [x.delegationKey, x])\n )\n const permissionsByDataOwnerId: { [dataOwnerId: string]: AccessLevelEnum } = {}\n let hasUnknownAnonymousDataOwners = false\n function addAccess(dataOwnerId: string, level: AccessLevelEnum) {\n if (permissionsByDataOwnerId[dataOwnerId] !== AccessLevelEnum.WRITE) {\n permissionsByDataOwnerId[dataOwnerId] = level\n }\n }\n for (const delegation of Object.values(secureDelegationDetails)) {\n if (delegation.delegate) addAccess(delegation.delegate, delegation.accessLevel)\n if (delegation.delegator) addAccess(delegation.delegator, delegation.accessLevel)\n }\n for (const { keys, delegation } of secureDelegationWithUnknownMembers) {\n const bestKey = keys.find((k) => {\n const currMap = secureDelegationKeyMapsByDelegationKey[k]\n return currMap && !!currMap.delegator && !!currMap.delegate\n })\n if (bestKey) {\n const keyMap = secureDelegationKeyMapsByDelegationKey[bestKey]\n addAccess(keyMap.delegate!, delegation.accessLevel)\n addAccess(keyMap.delegator!, delegation.accessLevel)\n } else {\n hasUnknownAnonymousDataOwners = true\n }\n }\n return { permissionsByDataOwnerId, hasUnknownAnonymousDataOwners }\n }\n\n private async mergePermissions(\n values: {\n permissionsByDataOwnerId: { [dataOwnerId: string]: AccessLevelEnum }\n hasUnknownAnonymousDataOwners: boolean\n }[]\n ): Promise<{\n permissionsByDataOwnerId: { [dataOwnerId: string]: AccessLevelEnum }\n hasUnknownAnonymousDataOwners: boolean\n }> {\n const accumulatedPermissions: { [dataOwnerId: string]: AccessLevelEnum } = {}\n let hasUnknownAnonymousDataOwners = false\n for (const v of values) {\n hasUnknownAnonymousDataOwners = hasUnknownAnonymousDataOwners || v.hasUnknownAnonymousDataOwners\n for (const [dataOwnerId, level] of Object.entries(v.permissionsByDataOwnerId)) {\n if (accumulatedPermissions[dataOwnerId] !== AccessLevelEnum.WRITE) {\n accumulatedPermissions[dataOwnerId] = level\n }\n }\n }\n return {\n permissionsByDataOwnerId: accumulatedPermissions,\n hasUnknownAnonymousDataOwners,\n }\n }\n\n private async getDecryptedSecureDelegationKeyMaps(\n delegationIds: string[],\n entityType: EntityWithDelegationTypeName\n ): Promise<SecureDelegationKeyMap[]> {\n if (delegationIds.length) {\n const encryptedMaps = await this.delegationKeyMapApi.getByDelegationKeys(\n { ids: delegationIds },\n await this.accessControlKeysHeadersProvider.getAccessControlKeysHeaders(entityType)\n )\n const res: SecureDelegationKeyMap[] = []\n for (const encryptedMap of encryptedMaps) {\n // Use the original entity type\n const decryptionResult = await this.xapis.decryptEntity(encryptedMap, entityType, (x) => new SecureDelegationKeyMap(x))\n if (decryptionResult.decrypted) {\n res.push(decryptionResult.entity)\n }\n }\n return res\n } else return []\n }\n\n // Important: to avoid potentially leaking links between entities of different types the key map calculates the secure delegation keys using the\n // same entity type as the delegation key for which they are mapping information.\n private async ensureDelegationKeyMapSharedWith(entityType: EntityWithDelegationTypeName, keyMap: SecureDelegationKeyMap, delegates: string[]) {\n if (!keyMap.delegator || !keyMap.delegate) throw new Error('Illegal state: key map is missing delegator or delegate info.')\n const dataOwnersWithAccessToMapThroughDelegation = Object.values(\n await this.secureDelegationsMetadataDecryptor.getDelegationMemberDetails({\n type: entityType,\n entity: keyMap,\n })\n )\n .flatMap((x) => [x.delegate, x.delegator])\n .filter((x) => !!x) as string[]\n // Delegator and delegate got access to the entity when it was first created: no need to share with them ever.\n const dataOwnersWithAccessToMap = new Set([keyMap.delegate, keyMap.delegator, ...dataOwnersWithAccessToMapThroughDelegation])\n const dataOwnersNeedingShare = delegates.filter((x) => !dataOwnersWithAccessToMap.has(x))\n if (dataOwnersNeedingShare.length) {\n ;(\n await this.xapis.simpleShareOrUpdateEncryptedEntityMetadata(\n { entity: keyMap, type: entityType },\n false,\n Object.fromEntries(\n dataOwnersNeedingShare.map((x) => [\n x,\n {\n shareSecretIds: [],\n shareEncryptionKeys: ShareMetadataBehaviour.REQUIRED,\n shareOwningEntityIds: ShareMetadataBehaviour.NEVER,\n requestedPermissions: RequestedPermissionEnum.FULL_READ,\n },\n ])\n ),\n async (request) =>\n this.delegationKeyMapApi.bulkShareSecureDelegationKeyMap(\n request,\n await this.accessControlKeysHeadersProvider.getAccessControlKeysHeaders(entityType)\n )\n )\n ).updatedEntityOrThrow\n }\n }\n\n // Important: to avoid potentially leaking links between entities of different types the key map calculates the secure delegation keys using the\n // same entity type as the delegation key for which they are mapping information.\n private async createSecureDelegationKeyMap(\n entityType: EntityWithDelegationTypeName,\n delegationKey: string,\n delegationMembersDetails: DelegationMembersDetails,\n delegates: string[]\n ) {\n if (!delegationMembersDetails.delegate || !delegationMembersDetails.delegator || !delegationMembersDetails.accessControlSecret)\n throw new Error('Illegal state: delegation members details are missing delegate, delegator or access control secret info.')\n const selfDoId = await this.dataOwnerApi.getCurrentDataOwnerId()\n // Ensure that both the delegator and delegate of the delegation this map refers tho can share it later on, even if they did not create it.\n // Usually either the delegator or delegate are the current data owner, but sometimes also the child of the delegator or delegate can do it.\n const initialDelegates = [delegationMembersDetails.delegate, delegationMembersDetails.delegator, ...delegates].filter((x) => x != selfDoId)\n const initalisedMapInfo = await this.xapis.entityWithInitialisedEncryptedMetadata<SecureDelegationKeyMap>(\n {\n id: this.cryptoPrimitives.crypto.randomUUID(),\n delegate: delegationMembersDetails.delegate,\n delegator: delegationMembersDetails.delegator,\n delegationKey: delegationKey,\n },\n entityType,\n undefined,\n undefined,\n true,\n false,\n Object.fromEntries(initialDelegates.map((x) => [x, AccessLevelEnum.READ]))\n )\n const encryptedKeyMap = await this.xapis.tryEncryptEntity(\n initalisedMapInfo.updatedEntity,\n entityType,\n this.delegationKeyMapFieldsToEncrypt,\n false,\n true,\n (x) => new SecureDelegationKeyMap(x)\n )\n await this.delegationKeyMapApi.create(\n encryptedKeyMap,\n new XHR.Header(\n ACCESS_CONTROL_KEYS_HEADER,\n await this.accessControlSecretUtils.getEncodedAccessControlKeys([delegationMembersDetails.accessControlSecret], entityType)\n )\n )\n }\n}\n"]}
@@ -47,16 +47,24 @@ class AbstractExchangeDataManager {
47
47
  decryptData(data) {
48
48
  return __awaiter(this, void 0, void 0, function* () {
49
49
  const decryptionKeys = this.encryptionKeys.getDecryptionKeys();
50
- const decryptedKey = (yield this.base.tryDecryptExchangeKeys([data], decryptionKeys)).successfulDecryptions[0];
51
- if (!decryptedKey)
50
+ const decryptedExchangeKey = (yield this.base.tryDecryptExchangeKeys([data], decryptionKeys)).successfulDecryptions[0];
51
+ if (!decryptedExchangeKey)
52
52
  return undefined;
53
53
  const decryptedAccessControlSecret = (yield this.base.tryDecryptAccessControlSecret([data], decryptionKeys)).successfulDecryptions[0];
54
54
  if (!decryptedAccessControlSecret)
55
- throw new Error(`Decryption key could be decrypted but access control secret could not for data ${data}`);
55
+ throw new Error(`Decryption key could be decrypted but access control secret could not for data ${JSON.stringify(data)}`);
56
+ const decryptedSharedSignatureKey = (yield this.base.tryDecryptSharedSignatureKeys([data], decryptionKeys)).successfulDecryptions[0];
57
+ if (!decryptedSharedSignatureKey)
58
+ throw new Error(`Decryption key could be decrypted but shared signature key could not for data ${JSON.stringify(data)}`);
56
59
  return {
57
60
  accessControlSecret: decryptedAccessControlSecret,
58
- exchangeKey: decryptedKey,
59
- verified: yield this.base.verifyExchangeData(data, (fp) => this.signatureKeys.getSignatureVerificationKey(fp)),
61
+ exchangeKey: decryptedExchangeKey,
62
+ verified: yield this.base.verifyExchangeData({
63
+ exchangeData: data,
64
+ decryptedAccessControlSecret,
65
+ decryptedExchangeKey,
66
+ decryptedSharedSignatureKey,
67
+ }, (fp) => this.signatureKeys.getSignatureVerificationKey(fp), true),
60
68
  };
61
69
  });
62
70
  }
@@ -118,7 +126,7 @@ class AbstractExchangeDataManager {
118
126
  ];
119
127
  for (const dataToUpdate of allExchangeDataToUpdate) {
120
128
  if (!Object.keys(dataToUpdate.exchangeKey).find((fp) => fp == newKeyFp)) {
121
- const updated = yield this.base.tryUpdateExchangeData(dataToUpdate, decryptionKeys, { [newKeyFp]: importedNewKey }, { [signatureKey.fingerprint]: signatureKey.keyPair.privateKey }, (verificationFp) => this.signatureKeys.getSignatureVerificationKey(verificationFp));
129
+ const updated = yield this.base.tryUpdateExchangeData(dataToUpdate, decryptionKeys, { [newKeyFp]: importedNewKey });
122
130
  if (!updated) {
123
131
  console.warn(`Failed to give access back to exchanged data ${JSON.stringify(dataToUpdate)}`);
124
132
  }