@icure/api 8.0.0-RC.3 → 8.0.0-RC.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/icc-api/api/IccInsuranceApi.d.ts +2 -0
- package/icc-api/api/IccInsuranceApi.js +12 -0
- package/icc-api/api/IccInsuranceApi.js.map +1 -1
- package/icc-api/api/IccMessageApi.d.ts +6 -0
- package/icc-api/api/IccMessageApi.js +15 -0
- package/icc-api/api/IccMessageApi.js.map +1 -1
- package/icc-api/api/{IccExchangeDataApi.d.ts → internal/IccExchangeDataApi.d.ts} +4 -4
- package/icc-api/api/{IccExchangeDataApi.js → internal/IccExchangeDataApi.js} +5 -5
- package/icc-api/api/internal/IccExchangeDataApi.js.map +1 -0
- package/icc-api/api/{IccExchangeDataMapApi.d.ts → internal/IccExchangeDataMapApi.d.ts} +4 -4
- package/icc-api/api/{IccExchangeDataMapApi.js → internal/IccExchangeDataMapApi.js} +5 -5
- package/icc-api/api/internal/IccExchangeDataMapApi.js.map +1 -0
- package/icc-api/api/internal/IccRecoveryDataApi.d.ts +19 -0
- package/icc-api/api/internal/IccRecoveryDataApi.js +83 -0
- package/icc-api/api/internal/IccRecoveryDataApi.js.map +1 -0
- package/icc-api/api/{IccSecureDelegationKeyMapApi.d.ts → internal/IccSecureDelegationKeyMapApi.d.ts} +6 -6
- package/icc-api/api/{IccSecureDelegationKeyMapApi.js → internal/IccSecureDelegationKeyMapApi.js} +5 -5
- package/icc-api/api/internal/IccSecureDelegationKeyMapApi.js.map +1 -0
- package/icc-api/model/PaginatedListInsurance.d.ts +20 -0
- package/icc-api/model/PaginatedListInsurance.js +10 -0
- package/icc-api/model/PaginatedListInsurance.js.map +1 -0
- package/icc-api/model/User.d.ts +19 -0
- package/icc-api/model/User.js +6 -0
- package/icc-api/model/User.js.map +1 -1
- package/icc-api/model/internal/ExchangeData.d.ts +20 -4
- package/icc-api/model/internal/ExchangeData.js +8 -2
- package/icc-api/model/internal/ExchangeData.js.map +1 -1
- package/icc-api/model/internal/RecoveryData.d.ts +47 -0
- package/icc-api/model/internal/RecoveryData.js +34 -0
- package/icc-api/model/internal/RecoveryData.js.map +1 -0
- package/icc-x-api/auth/JwtBridgedAuthService.d.ts +1 -0
- package/icc-x-api/auth/JwtBridgedAuthService.js +10 -3
- package/icc-x-api/auth/JwtBridgedAuthService.js.map +1 -1
- package/icc-x-api/crypto/BaseExchangeDataManager.d.ts +37 -25
- package/icc-x-api/crypto/BaseExchangeDataManager.js +123 -64
- package/icc-x-api/crypto/BaseExchangeDataManager.js.map +1 -1
- package/icc-x-api/crypto/CryptoPrimitives.d.ts +3 -0
- package/icc-x-api/crypto/CryptoPrimitives.js +5 -0
- package/icc-x-api/crypto/CryptoPrimitives.js.map +1 -1
- package/icc-x-api/crypto/DelegationsDeAnonymization.js +1 -1
- package/icc-x-api/crypto/DelegationsDeAnonymization.js.map +1 -1
- package/icc-x-api/crypto/ExchangeDataManager.js +14 -6
- package/icc-x-api/crypto/ExchangeDataManager.js.map +1 -1
- package/icc-x-api/crypto/ExchangeDataMapManager.d.ts +1 -1
- package/icc-x-api/crypto/ExchangeDataMapManager.js.map +1 -1
- package/icc-x-api/crypto/HMACUtils.d.ts +10 -0
- package/icc-x-api/crypto/HMACUtils.js +48 -0
- package/icc-x-api/crypto/HMACUtils.js.map +1 -0
- package/icc-x-api/crypto/SecureDelegationsManager.js +3 -0
- package/icc-x-api/crypto/SecureDelegationsManager.js.map +1 -1
- package/icc-x-api/icc-icure-maintenance-x-api.d.ts +1 -1
- package/icc-x-api/icc-icure-maintenance-x-api.js.map +1 -1
- package/icc-x-api/icc-message-x-api.d.ts +1 -1
- package/icc-x-api/icc-message-x-api.js +3 -3
- package/icc-x-api/icc-message-x-api.js.map +1 -1
- package/icc-x-api/icc-recovery-x-api.d.ts +0 -0
- package/icc-x-api/icc-recovery-x-api.js +2 -0
- package/icc-x-api/icc-recovery-x-api.js.map +1 -0
- package/icc-x-api/index.js +2 -2
- package/icc-x-api/index.js.map +1 -1
- package/package.json +1 -1
- package/icc-api/api/IccExchangeDataApi.js.map +0 -1
- package/icc-api/api/IccExchangeDataMapApi.js.map +0 -1
- package/icc-api/api/IccSecureDelegationKeyMapApi.js.map +0 -1
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"SecureDelegationsManager.js","sourceRoot":"","sources":["../../../icc-x-api/crypto/SecureDelegationsManager.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,wFAAoF;AAKpF,oFAA6E;AAC7E,mCAA2F;AAK3F,oCAAyC;AAIzC,2EAAuE;AACvE,sHAAkH;AAClH,IAAO,mBAAmB,GAAG,qEAAiC,CAAC,mBAAmB,CAAA;AAClF,IAAO,eAAe,GAAG,mCAAgB,CAAC,eAAe,CAAA;AACzD,2EAAuE;AAGvE,MAAa,wBAAwB;IACnC,YACmB,mBAAwC,EACxC,sBAA8C,EAC9C,2BAAwD,EACxD,wBAAkD,EAClD,QAAmC,EACnC,UAA4B,EAC5B,YAA8B,EAC9B,gBAAkC,EAClC,6BAAsC;QARtC,wBAAmB,GAAnB,mBAAmB,CAAqB;QACxC,2BAAsB,GAAtB,sBAAsB,CAAwB;QAC9C,gCAA2B,GAA3B,2BAA2B,CAA6B;QACxD,6BAAwB,GAAxB,wBAAwB,CAA0B;QAClD,aAAQ,GAAR,QAAQ,CAA2B;QACnC,eAAU,GAAV,UAAU,CAAkB;QAC5B,iBAAY,GAAZ,YAAY,CAAkB;QAC9B,qBAAgB,GAAhB,gBAAgB,CAAkB;QAClC,kCAA6B,GAA7B,6BAA6B,CAAS;QAGxC,uBAAkB,GAO/B,IAAI,oDAAuB,CAAC,GAAG,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAA;IATvD,CAAC;IAWJ;;;;;;;;;;OAUG;IACG,sCAAsC,CAC1C,MAA2C,EAC3C,UAAwC,EACxC,SAAmB,EACnB,eAAyB,EACzB,cAAwB,EACxB,eAA2E;;YAE3E,MAAM,cAAc,GAA4B,EAAE,MAAM,EAAE,IAAI,EAAE,UAAU,EAAE,CAAA;YAC5E,MAAM,kBAAkB,GAAG,MAAM,IAAI,CAAC,wBAAwB,CAC5D,cAAc,EACd,MAAM,IAAI,CAAC,YAAY,CAAC,qBAAqB,EAAE,EAC/C,SAAS,EACT,cAAc,EACd,eAAe,EACf,eAAe,CAAC,KAAK,EACrB,SAAS,CACV,CAAA;YACD,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,qBAAqB,EAAE,CAAA;YAC9D,MAAM,oBAAoB,GAMpB,EAAE,CAAA;YACR,KAAK,MAAM,CAAC,UAAU,EAAE,WAAW,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,eAAe,CAAC,EAAE;gBACvE,IAAI,UAAU,KAAK,MAAM,EAAE;oBACzB,oBAAoB,CAAC,IAAI,CACvB,MAAM,IAAI,CAAC,wBAAwB,CACjC,cAAc,EACd,UAAU,EACV,SAAS,EACT,cAAc,EACd,eAAe,EACf,WAAW,EACX,kBAAkB,CAAC,sBAAsB,CAC1C,CACF,CAAA;iBACF;aACF;YACD,MAAM,iBAAiB,GAAG,MAAM,CAAC,WAAW,CAC1C,CAAC,kBAAkB,EAAE,GAAG,oBAAoB,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,sBAAsB,EAAE,UAAU,EAAE,EAAE,EAAE,CAAC,CAAC,sBAAsB,EAAE,UAAU,CAAC,CAAC,CACpI,CAAA;YACD,MAAM,gBAAgB,qBACjB,kBAAkB,CAAC,yBAAyB,CAChD,CAAA;YACD,KAAK,MAAM,EAAE,yBAAyB,EAAE,oBAAoB,EAAE,IAAI,oBAAoB,EAAE;gBACtF,MAAM,CAAC,MAAM,CAAC,gBAAgB,EAAE,oBAAoB,CAAC,CAAA;aACtD;YACD,MAAM,mBAAmB,GAAG,MAAM,CAAC,WAAW,CAC5C,oBAAoB;iBACjB,MAAM,CAAC,CAAC,EAAE,uBAAuB,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC,uBAAuB,CAAC;iBAClE,GAAG,CAAC,CAAC,EAAE,yBAAyB,EAAE,uBAAuB,EAAE,EAAE,EAAE,CAAC,CAAC,yBAAyB,EAAE,uBAAwB,CAAC,CAAC,CAC1H,CAAA;YACD,MAAM,IAAI,CAAC,sBAAsB,CAAC,sBAAsB,CAAC,mBAAmB,CAAC,CAAA;YAC7E,uCACK,MAAM,KACT,gBAAgB,EAAE,IAAI,mCAAgB,CAAC,EAAE,iBAAiB,EAAE,gBAAgB,EAAE,CAAC,IAChF;QACH,CAAC;KAAA;IAED;;;;;;;;;;;;;;OAcG;IACG,8BAA8B,CAClC,cAAuC,EACvC,UAAkB,EAClB,cAAwB,EACxB,mBAA6B,EAC7B,oBAA8B,EAC9B,wBAAwE;;;YAExE,MAAM,gBAAgB,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,2BAA2B,CACjF,UAAU,EACV,cAAc,CAAC,IAAI,EACnB,MAAA,cAAc,CAAC,MAAM,CAAC,iBAAiB,mCAAI,EAAE,CAC9C,CAAA;YACD,MAAM,mBAAmB,GAAG,MAAM,IAAI,CAAC,wBAAwB,CAAC,uBAAuB,CACrF,gBAAgB,CAAC,mBAAmB,EACpC,cAAc,CAAC,IAAI,EACnB,MAAA,cAAc,CAAC,MAAM,CAAC,iBAAiB,mCAAI,EAAE,CAC9C,CAAA;YACD,MAAM,wBAAwB,GAAG,IAAI,CAAC,0CAA0C,CAAC,cAAc,CAAC,MAAM,EAAE,mBAAmB,CAAC,CAAA;YAC5H,IAAI,wBAAwB,EAAE;gBAC5B,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,uBAAuB,CACrD,wBAAwB,CAAC,YAAY,EACrC,wBAAwB,CAAC,gBAAgB,EACzC,gBAAgB,EAChB,cAAc,EACd,mBAAmB,EACnB,oBAAoB,CACrB,CAAA;gBACD,OAAO,YAAY,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,YAAY,EAAE,CAAC,CAAC,CAAC,SAAS,CAAA;aAC3D;iBAAM;gBACL,MAAM,iBAAiB,GAAG,CACxB,MAAM,IAAI,CAAC,wBAAwB,CAAC,oBAAoB,CACtD,gBAAgB,CAAC,mBAAmB,EACpC,cAAc,CAAC,IAAI,EACnB,MAAA,cAAc,CAAC,MAAM,CAAC,iBAAiB,mCAAI,EAAE,CAC9C,CACF,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAA,cAAM,EAAC,CAAC,CAAC,CAAC,CAAA;gBACvB,OAAO;oBACL,KAAK,EAAE,MAAM,IAAI,CAAC,sBAAsB,CACtC,gBAAgB,EAChB,iBAAiB,EACjB,UAAU,EACV,cAAc,EACd,mBAAmB,EACnB,oBAAoB,EACpB,wBAAwB,CACzB;iBACF,CAAA;aACF;;KACF;IAEa,uBAAuB,CACnC,YAAoB,EACpB,kBAAoC,EACpC,gBAAqG,EACrG,cAAwB,EACxB,mBAA6B,EAC7B,oBAA8B;;YAE9B,MAAM,iBAAiB,GAAG,IAAI,GAAG,CAAC,MAAM,IAAI,CAAC,2BAA2B,CAAC,gBAAgB,CAAC,kBAAkB,EAAE,gBAAgB,CAAC,WAAW,CAAC,CAAC,CAAA;YAC5I,MAAM,sBAAsB,GAAG,IAAI,GAAG,CACpC,MAAM,IAAI,CAAC,2BAA2B,CAAC,qBAAqB,CAAC,kBAAkB,EAAE,gBAAgB,CAAC,WAAW,CAAC,CAC/G,CAAA;YACD,MAAM,uBAAuB,GAAG,IAAI,GAAG,CACrC,MAAM,IAAI,CAAC,2BAA2B,CAAC,sBAAsB,CAAC,kBAAkB,EAAE,gBAAgB,CAAC,WAAW,CAAC,CAChH,CAAA;YACD,MAAM,YAAY,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,iBAAiB,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAA;YAC9E,MAAM,iBAAiB,GAAG,mBAAmB,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,sBAAsB,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAA;YAC/F,MAAM,kBAAkB,GAAG,oBAAoB,CAAC,MAAM,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,uBAAuB,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAA;YAChG,IAAI,YAAY,CAAC,MAAM,IAAI,iBAAiB,CAAC,MAAM,IAAI,kBAAkB,CAAC,MAAM,EAAE;gBAChF,MAAM,qBAAqB,GAAG,MAAM,IAAI,CAAC,2BAA2B,CAAC,gBAAgB,CAAC,YAAY,EAAE,gBAAgB,CAAC,WAAW,CAAC,CAAA;gBACjI,MAAM,0BAA0B,GAAG,MAAM,IAAI,CAAC,2BAA2B,CAAC,qBAAqB,CAAC,iBAAiB,EAAE,gBAAgB,CAAC,WAAW,CAAC,CAAA;gBAChJ,MAAM,2BAA2B,GAAG,MAAM,IAAI,CAAC,2BAA2B,CAAC,sBAAsB,CAC/F,kBAAkB,EAClB,gBAAgB,CAAC,WAAW,CAC7B,CAAA;gBACD,OAAO,IAAI,qEAAiC,CAAC;oBAC3C,yBAAyB,EAAE,YAAY;oBACvC,SAAS,EAAE,MAAM,CAAC,WAAW,CAAC,qBAAqB,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,EAAE,EAAE,mBAAmB,CAAC,MAAM,CAAC,CAAC,CAAC;oBAClG,cAAc,EAAE,MAAM,CAAC,WAAW,CAAC,0BAA0B,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,GAAG,EAAE,mBAAmB,CAAC,MAAM,CAAC,CAAC,CAAC;oBAC9G,eAAe,EAAE,MAAM,CAAC,WAAW,CAAC,2BAA2B,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,EAAE,EAAE,mBAAmB,CAAC,MAAM,CAAC,CAAC,CAAC;iBAC/G,CAAC,CAAA;aACH;;gBAAM,OAAO,SAAS,CAAA;QACzB,CAAC;KAAA;IAEa,sBAAsB,CAClC,gBAAqG,EACrG,iBAA2B,EAC3B,UAAkB,EAClB,cAAwB,EACxB,mBAA6B,EAC7B,oBAA8B,EAC9B,wBAAwE;;YAExE,OAAO,IAAI,uCAAkB,iCACxB,CAAC,MAAM,IAAI,CAAC,iCAAiC,CAAC,gBAAgB,EAAE,UAAU,EAAE,cAAc,EAAE,mBAAmB,EAAE,oBAAoB,CAAC,CAAC,KAC1I,oBAAoB,EAAE,wBAAwB,EAC9C,iBAAiB,IACjB,CAAA;QACJ,CAAC;KAAA;IAEa,wBAAwB,CACpC,MAA+B,EAC/B,UAAkB,EAClB,cAAwB,EACxB,mBAA6B,EAC7B,oBAA8B,EAC9B,WAA4B,EAC5B,mBAAuC;;;YAQvC,sDAAsD;YACtD,MAAM,gBAAgB,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,2BAA2B,CACjF,UAAU,EACV,MAAM,CAAC,IAAI,EACX,MAAA,MAAM,CAAC,MAAM,CAAC,iBAAiB,mCAAI,EAAE,CACtC,CAAA;YACD,MAAM,mBAAmB,GAAG,MAAM,IAAI,CAAC,wBAAwB,CAAC,uBAAuB,CACrF,gBAAgB,CAAC,mBAAmB,EACpC,MAAM,CAAC,IAAI,EACX,MAAA,MAAM,CAAC,MAAM,CAAC,iBAAiB,mCAAI,EAAE,CACtC,CAAA;YACD,MAAM,iBAAiB,GAAG,CACxB,MAAM,IAAI,CAAC,wBAAwB,CAAC,oBAAoB,CACtD,gBAAgB,CAAC,mBAAmB,EACpC,MAAM,CAAC,IAAI,EACX,MAAA,MAAM,CAAC,MAAM,CAAC,iBAAiB,mCAAI,EAAE,CACtC,CACF,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAA,cAAM,EAAC,CAAC,CAAC,CAAC,CAAA;YACvB,MAAM,yBAAyB,GAAG,iBAAiB;iBAChD,GAAG,CAAC,CAAC,GAAG,EAAE,KAAK,EAAE,EAAE;gBAClB,OAAO,CAAC,GAAG,EAAE,mBAAmB,CAAC,KAAK,CAAC,CAAC,CAAA;YAC1C,CAAC,CAAC;iBACD,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAA;YAE3C,MAAM,YAAY,GAAG,yBAAyB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAA;YACpD,MAAM,eAAe,GAAG,MAAM,CAAC,WAAW,CAAC,yBAAyB,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC,CAAC,CAAA;YACrH,MAAM,uBAAuB,GAAG,MAAM,IAAI,CAAC,iCAAiC,CAC1E,gBAAgB,EAChB,UAAU,EACV,cAAc,EACd,mBAAmB,EACnB,oBAAoB,CACrB,CAAA;YACD,MAAM,UAAU,GAAG,IAAI,mCAAgB,CAAC;gBACtC,SAAS,EAAE,uBAAuB,aAAvB,uBAAuB,uBAAvB,uBAAuB,CAAE,iBAAiB;gBACrD,QAAQ,EAAE,uBAAuB,aAAvB,uBAAuB,uBAAvB,uBAAuB,CAAE,gBAAgB;gBACnD,SAAS,EAAE,uBAAuB,aAAvB,uBAAuB,uBAAvB,uBAAuB,CAAE,SAAS;gBAC7C,cAAc,EAAE,uBAAuB,aAAvB,uBAAuB,uBAAvB,uBAAuB,CAAE,cAAc;gBACvD,eAAe,EAAE,uBAAuB,aAAvB,uBAAuB,uBAAvB,uBAAuB,CAAE,eAAe;gBACzD,iBAAiB,EAAE,mBAAmB,CAAC,CAAC,CAAC,CAAC,mBAAmB,CAAC,CAAC,CAAC,CAAC,SAAS;gBAC1E,cAAc,EAAE,uBAAuB,aAAvB,uBAAuB,uBAAvB,uBAAuB,CAAE,cAAc;gBACvD,uBAAuB,EAAE,uBAAuB,aAAvB,uBAAuB,uBAAvB,uBAAuB,CAAE,uBAAuB;gBACzE,WAAW,EAAE,WAAW;aACzB,CAAC,CAAA;YACF,OAAO;gBACL,sBAAsB,EAAE,YAAY;gBACpC,yBAAyB,EAAE,yBAAyB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;gBAC1D,UAAU;gBACV,uBAAuB,EAAE,uBAAuB,aAAvB,uBAAuB,uBAAvB,uBAAuB,CAAE,uBAAuB;gBACzE,yBAAyB,EAAE,eAAe;aAC3C,CAAA;;KACF;IAEa,iCAAiC,CAC7C,gBAAqG,EACrG,UAAkB,EAClB,cAAwB,EACxB,mBAA6B,EAC7B,oBAA8B;;YAU9B,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,qBAAqB,EAAE,CAAA;YAC9D,MAAM,kBAAkB,GACtB,UAAU,KAAK,MAAM;gBACnB,CAAC,CAAC,IAAI,CAAC,6BAA6B,CAAC,MAAM,EAAE,gBAAgB,CAAC,YAAY,CAAC;gBAC3E,CAAC,CAAC,MAAM,IAAI,CAAC,iCAAiC,CAAC,MAAM,EAAE,UAAU,EAAE,gBAAgB,CAAC,YAAY,CAAC,CAAA;YACrG,MAAM,kBAAkB,GAAG,MAAM,IAAI,CAAC,2BAA2B,CAAC,gBAAgB,CAAC,cAAc,EAAE,gBAAgB,CAAC,WAAW,CAAC,CAAA;YAChI,MAAM,uBAAuB,GAAG,MAAM,IAAI,CAAC,2BAA2B,CAAC,qBAAqB,CAAC,mBAAmB,EAAE,gBAAgB,CAAC,WAAW,CAAC,CAAA;YAC/I,MAAM,wBAAwB,GAAG,MAAM,IAAI,CAAC,2BAA2B,CAAC,sBAAsB,CAAC,oBAAoB,EAAE,gBAAgB,CAAC,WAAW,CAAC,CAAA;YAClJ,uCACK,kBAAkB,KACrB,SAAS,EAAE,kBAAkB,EAC7B,cAAc,EAAE,uBAAuB,EACvC,eAAe,EAAE,wBAAwB,IAC1C;QACH,CAAC;KAAA;IAEa,iCAAiC,CAC7C,MAAc,EACd,UAAkB,EAClB,YAA0B;;YAO1B,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,UAAU,CAAC,CAAA;YAC5D,IAAI,CAAC,YAAY,CAAC,4BAA4B,IAAI,CAAC,IAAI,CAAC,6BAA6B,EAAE;gBACrF,OAAO;oBACL,iBAAiB,EAAE,MAAM;oBACzB,gBAAgB,EAAE,UAAU;oBAC5B,cAAc,EAAE,YAAY,CAAC,EAAE;iBAChC,CAAA;aACF;iBAAM,IAAI,YAAY,CAAC,4BAA4B,IAAI,CAAC,IAAI,CAAC,6BAA6B,EAAE;gBAC3F,OAAO;oBACL,iBAAiB,EAAE,MAAM;oBACzB,uBAAuB,EAAE,MAAM,IAAI,CAAC,2BAA2B,CAAC,qBAAqB,CACnF,YAAY,CAAC,EAAG,EAChB,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,QAAQ,CAAC,mBAAmB,EAAE,CAAC,GAAG,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,WAAW,EAAE,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CACxH;iBACF,CAAA;aACF;iBAAM,IAAI,CAAC,YAAY,CAAC,4BAA4B,IAAI,IAAI,CAAC,6BAA6B,EAAE;gBAC3F,MAAM,kCAAkC,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,WAAW,CAAC,CAAC,CAAA;gBACzF,MAAM,oBAAoB,GAAgC,EAAE,CAAA;gBAC5D,KAAK,MAAM,MAAM,IAAI,CAAC,GAAG,YAAY,CAAC,8BAA8B,EAAE,GAAG,YAAY,CAAC,gCAAgC,CAAC,EAAE;oBACvH,MAAM,MAAM,GAAG,IAAA,qBAAa,EAAC,MAAM,CAAC,CAAA;oBACpC,MAAM,UAAU,GAAG,YAAY,CAAC,8BAA8B,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAA;oBACrG,IAAI,kCAAkC,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE;wBAClD,oBAAoB,CAAC,MAAM,CAAC,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,SAAS,CAAC,MAAM,EAAE,IAAA,cAAM,EAAC,MAAM,CAAC,EAAE,CAAC,SAAS,CAAC,EAAE,UAAU,CAAC,CAAA;qBACpH;iBACF;gBACD,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC,MAAM;oBAC3C,MAAM,IAAI,KAAK,CAAC,wFAAwF,CAAC,CAAA;gBAC3G,OAAO;oBACL,gBAAgB,EAAE,UAAU;oBAC5B,uBAAuB,EAAE,MAAM,IAAI,CAAC,2BAA2B,CAAC,qBAAqB,CAAC,YAAY,CAAC,EAAG,EAAE,oBAAoB,CAAC;iBAC9H,CAAA;aACF;;gBAAM,OAAO,EAAE,CAAA;QAClB,CAAC;KAAA;IAEO,6BAA6B,CACnC,MAAc,EACd,YAA0B;QAO1B,IAAI,IAAI,CAAC,6BAA6B,EAAE;YACtC,OAAO,EAAE,CAAA;SACV;aAAM;YACL,OAAO;gBACL,cAAc,EAAE,YAAY,CAAC,EAAE;gBAC/B,iBAAiB,EAAE,MAAM;gBACzB,gBAAgB,EAAE,MAAM;aACzB,CAAA;SACF;IACH,CAAC;IAEa,gBAAgB,CAAC,WAAmB;;YAChD,OAAO,IAAI,CAAC,kBAAkB,CAAC,GAAG,CAAC,WAAW,EAAE,GAAS,EAAE;gBACzD,MAAM,iBAAiB,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,kBAAkB,CAAC,WAAW,CAAC,CAAA;gBACjF,OAAO;oBACL,IAAI,EAAE;wBACJ,4BAA4B,EAAE,IAAI,CAAC,gBAAgB,CAAC,oCAAoC,CAAC,iBAAiB,CAAC;wBAC3G,8BAA8B,EAAE,KAAK,CAAC,IAAI,CAAC,IAAA,+BAAuB,EAAC,iBAAiB,CAAC,IAAI,CAAC,CAAC;wBAC3F,gCAAgC,EAAE,KAAK,CAAC,IAAI,CAAC,IAAA,iCAAyB,EAAC,iBAAiB,CAAC,IAAI,CAAC,CAAC;qBAChG;iBACF,CAAA;YACH,CAAC,CAAA,CAAC,CAAA;QACJ,CAAC;KAAA;IAEO,0CAA0C,CAChD,MAA6C,EAC7C,MAAgB;;QAEhB,MAAM,gBAAgB,GAAG,MAAA,MAAM,CAAC,gBAAgB,mCAAI,EAAE,CAAA;QACtD,MAAM,uBAAuB,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,GAAG,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,EAAE,eAAC,OAAA,MAAA,MAAA,gBAAgB,CAAC,gBAAgB,0CAAG,IAAI,CAAC,mCAAI,EAAE,CAAA,EAAA,CAAC,CAAC,CAAC,CAAA;QAC9H,MAAM,gBAAgB,GAAG,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,EAAE;;YAC/C,MAAM,iBAAiB,GAAG,MAAA,gBAAgB,CAAC,iBAAiB,0CAAG,IAAI,CAAC,CAAA;YACpE,OAAO,iBAAiB,CAAC,CAAC,CAAC,EAAE,YAAY,EAAE,IAAI,EAAE,gBAAgB,EAAE,iBAAiB,EAAE,CAAC,CAAC,CAAC,EAAE,CAAA;QAC7F,CAAC,CAAC,CAAA;QACF,IACE,gBAAgB,CAAC,MAAM,GAAG,CAAC;YAC3B,uBAAuB,CAAC,MAAM,GAAG,CAAC;YAClC,CAAC,CAAC,CAAC,uBAAuB,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAA,MAAA,gBAAgB,CAAC,CAAC,CAAC,0CAAE,YAAY,CAAA,IAAI,uBAAuB,CAAC,CAAC,CAAC,MAAK,MAAA,gBAAgB,CAAC,CAAC,CAAC,0CAAE,YAAY,CAAA,CAAC;YAEzI,MAAM,IAAI,KAAK,CAAC,kFAAkF,CAAC,CAAA;QACrG,MAAM,yBAAyB,GAAG,uBAAuB,CAAC,CAAC,CAAC,CAAA;QAC5D,MAAM,yBAAyB,GAAG,MAAA,gBAAgB,CAAC,iBAAiB,0CAAG,yBAAyB,CAAC,CAAA;QACjG,OAAO,CACL,MAAA,gBAAgB,CAAC,CAAC,CAAC,mCACnB,CAAC,CAAC,CAAC,yBAAyB,IAAI,CAAC,CAAC,yBAAyB;YACzD,CAAC,CAAC,EAAE,YAAY,EAAE,yBAAyB,EAAE,gBAAgB,EAAE,yBAAyB,EAAE;YAC1F,CAAC,CAAC,SAAS,CAAC,CACf,CAAA;IACH,CAAC;CACF;AA5ZD,4DA4ZC","sourcesContent":["import { EntityShareRequest } from '../../icc-api/model/requests/EntityShareRequest'\nimport { IccDataOwnerXApi } from '../icc-data-owner-x-api'\nimport { UserEncryptionKeysManager } from './UserEncryptionKeysManager'\nimport { CryptoStrategies } from './CryptoStrategies'\nimport { EncryptedEntityWithType, EntityWithDelegationTypeName } from '../utils/EntityWithDelegationTypeName'\nimport { LruTemporisedAsyncCache } from '../utils/lru-temporised-async-cache'\nimport { fingerprintV2, hexPublicKeysWithSha1Of, hexPublicKeysWithSha256Of } from './utils'\nimport { ExchangeDataManager } from './ExchangeDataManager'\nimport { ExchangeData } from '../../icc-api/model/internal/ExchangeData'\nimport { SecureDelegationsEncryption } from './SecureDelegationsEncryption'\nimport { CryptoPrimitives } from './CryptoPrimitives'\nimport { hex2ua, ua2hex } from '../utils'\nimport { AccessControlSecretUtils } from './AccessControlSecretUtils'\nimport { EntityShareOrMetadataUpdateRequest } from '../../icc-api/model/requests/EntityShareOrMetadataUpdateRequest'\nimport { EncryptedEntity, EncryptedEntityStub } from '../../icc-api/model/models'\nimport { SecureDelegation } from '../../icc-api/model/SecureDelegation'\nimport { EntitySharedMetadataUpdateRequest } from '../../icc-api/model/requests/EntitySharedMetadataUpdateRequest'\nimport EntryUpdateTypeEnum = EntitySharedMetadataUpdateRequest.EntryUpdateTypeEnum\nimport AccessLevelEnum = SecureDelegation.AccessLevelEnum\nimport { SecurityMetadata } from '../../icc-api/model/SecurityMetadata'\nimport { ExchangeDataMapManager } from './ExchangeDataMapManager'\n\nexport class SecureDelegationsManager {\n constructor(\n private readonly exchangeDataManager: ExchangeDataManager,\n private readonly exchangeDataMapManager: ExchangeDataMapManager,\n private readonly secureDelegationsEncryption: SecureDelegationsEncryption,\n private readonly accessControlSecretUtils: AccessControlSecretUtils,\n private readonly userKeys: UserEncryptionKeysManager,\n private readonly primitives: CryptoPrimitives,\n private readonly dataOwnerApi: IccDataOwnerXApi,\n private readonly cryptoStrategies: CryptoStrategies,\n private readonly selfNeedsAnonymousDelegations: boolean\n ) {}\n\n private readonly dataOwnerInfoCache: LruTemporisedAsyncCache<\n string,\n {\n requiresAnonymousDelegations: boolean\n availablePublicKeysHexWithSha1: string[]\n availablePublicKeysHexWithSha256: string[]\n }\n > = new LruTemporisedAsyncCache(100, () => 30 * 60 * 1000)\n\n /**\n * Note: this method does not save the updated entity.\n * @param entity an entity, must already have secret foreign keys initialised.\n * @param entityType the type of the entity\n * @param secretIds the initial secret ids to include and share with the auto-delegations\n * @param owningEntityIds the initial owning entity ids to include and share with the auto-delegations\n * @param encryptionKeys the initial encryption keys to include and share with the auto-delegations\n * @param autoDelegations the data owners which will initially have access to the entity in addition to the current data owner and the access level\n * they will have on the entity.\n * @return the entity with the security metadata initialised for the provided parameters.\n */\n async entityWithInitialisedEncryptedMetadata<T extends EncryptedEntity>(\n entity: T & { secretForeignKeys: string[] },\n entityType: EntityWithDelegationTypeName,\n secretIds: string[],\n owningEntityIds: string[],\n encryptionKeys: string[],\n autoDelegations: { [delegateId: string]: SecureDelegation.AccessLevelEnum }\n ): Promise<T> {\n const entityWithType: EncryptedEntityWithType = { entity, type: entityType }\n const rootDelegationInfo = await this.makeSecureDelegationInfo(\n entityWithType,\n await this.dataOwnerApi.getCurrentDataOwnerId(),\n secretIds,\n encryptionKeys,\n owningEntityIds,\n AccessLevelEnum.WRITE,\n undefined\n )\n const selfId = await this.dataOwnerApi.getCurrentDataOwnerId()\n const otherDelegationsInfo: {\n canonicalDelegationKey: string\n canonicalAccessControlKey: string\n delegation: SecureDelegation\n delegationKeyEquivalences: { [p: string]: string }\n encryptedExchangeDataId: { [fp: string]: string } | undefined\n }[] = []\n for (const [delegateId, permissions] of Object.entries(autoDelegations)) {\n if (delegateId !== selfId) {\n otherDelegationsInfo.push(\n await this.makeSecureDelegationInfo(\n entityWithType,\n delegateId,\n secretIds,\n encryptionKeys,\n owningEntityIds,\n permissions,\n rootDelegationInfo.canonicalDelegationKey\n )\n )\n }\n }\n const secureDelegations = Object.fromEntries(\n [rootDelegationInfo, ...otherDelegationsInfo].map(({ canonicalDelegationKey, delegation }) => [canonicalDelegationKey, delegation])\n )\n const keysEquivalences = {\n ...rootDelegationInfo.delegationKeyEquivalences,\n }\n for (const { delegationKeyEquivalences: otherKeyEquivalences } of otherDelegationsInfo) {\n Object.assign(keysEquivalences, otherKeyEquivalences)\n }\n const newExchangeDataMaps = Object.fromEntries(\n otherDelegationsInfo\n .filter(({ encryptedExchangeDataId }) => !!encryptedExchangeDataId)\n .map(({ canonicalAccessControlKey, encryptedExchangeDataId }) => [canonicalAccessControlKey, encryptedExchangeDataId!])\n )\n await this.exchangeDataMapManager.createExchangeDataMaps(newExchangeDataMaps)\n return {\n ...entity,\n securityMetadata: new SecurityMetadata({ secureDelegations, keysEquivalences }),\n }\n }\n\n /**\n * Make a request for sharing an entity with a delegate or to update existing shared metadata by adding additional secretIds, encryptionKeys or\n * owningEntityIds if there is already some metadata shared between the current data owner and the delegate. In case there is already a delegation\n * for the delegate, and it already contains all the provided metadata, this method returns undefined, since there is no need to make any request to\n * share the provided data.\n * @param entityWithType an entity with type\n * @param delegateId the id of the delegate\n * @param shareSecretIds the secret ids to share\n * @param shareEncryptionKeys the encryption keys to share\n * @param shareOwningEntityIds the owning entity ids to share\n * @param newDelegationPermissions the permissions to grant to the delegate in case a new delegation needs to be created. If this method creates an\n * update request instead of a share request, this parameter is ignored.\n * @return the request to share the entity, or the request to update the shared metadata for the entity, or undefined if there is no need to update\n * the entity to allow the delegate to access the provided data.\n */\n async makeShareOrUpdateRequestParams(\n entityWithType: EncryptedEntityWithType,\n delegateId: string,\n shareSecretIds: string[],\n shareEncryptionKeys: string[],\n shareOwningEntityIds: string[],\n newDelegationPermissions: EntityShareRequest.RequestedPermissionInternal\n ): Promise<EntityShareOrMetadataUpdateRequest | undefined> {\n const exchangeDataInfo = await this.exchangeDataManager.getOrCreateEncryptionDataTo(\n delegateId,\n entityWithType.type,\n entityWithType.entity.secretForeignKeys ?? []\n )\n const accessControlHashes = await this.accessControlSecretUtils.secureDelegationKeysFor(\n exchangeDataInfo.accessControlSecret,\n entityWithType.type,\n entityWithType.entity.secretForeignKeys ?? []\n )\n const existingSecureDelegation = this.getExistingCanonicalKeyAndSecureDelegation(entityWithType.entity, accessControlHashes)\n if (existingSecureDelegation) {\n const updateParams = await this.makeUpdateRequestParams(\n existingSecureDelegation.canonicalKey,\n existingSecureDelegation.secureDelegation,\n exchangeDataInfo,\n shareSecretIds,\n shareEncryptionKeys,\n shareOwningEntityIds\n )\n return updateParams ? { update: updateParams } : undefined\n } else {\n const accessControlKeys = (\n await this.accessControlSecretUtils.accessControlKeysFor(\n exchangeDataInfo.accessControlSecret,\n entityWithType.type,\n entityWithType.entity.secretForeignKeys ?? []\n )\n ).map((x) => ua2hex(x))\n return {\n share: await this.makeShareRequestParams(\n exchangeDataInfo,\n accessControlKeys,\n delegateId,\n shareSecretIds,\n shareEncryptionKeys,\n shareOwningEntityIds,\n newDelegationPermissions\n ),\n }\n }\n }\n\n private async makeUpdateRequestParams(\n canonicalKey: string,\n existingDelegation: SecureDelegation,\n exchangeDataInfo: { exchangeData: ExchangeData; accessControlSecret: string; exchangeKey: CryptoKey },\n shareSecretIds: string[],\n shareEncryptionKeys: string[],\n shareOwningEntityIds: string[]\n ): Promise<EntitySharedMetadataUpdateRequest | undefined> {\n const existingSecretIds = new Set(await this.secureDelegationsEncryption.decryptSecretIds(existingDelegation, exchangeDataInfo.exchangeKey))\n const existingEncryptionKeys = new Set(\n await this.secureDelegationsEncryption.decryptEncryptionKeys(existingDelegation, exchangeDataInfo.exchangeKey)\n )\n const existingOwningEntityIds = new Set(\n await this.secureDelegationsEncryption.decryptOwningEntityIds(existingDelegation, exchangeDataInfo.exchangeKey)\n )\n const newSecretIds = shareSecretIds.filter((id) => !existingSecretIds.has(id))\n const newEncryptionKeys = shareEncryptionKeys.filter((key) => !existingEncryptionKeys.has(key))\n const newOwningEntityIds = shareOwningEntityIds.filter((id) => !existingOwningEntityIds.has(id))\n if (newSecretIds.length || newEncryptionKeys.length || newOwningEntityIds.length) {\n const encryptedNewSecretIds = await this.secureDelegationsEncryption.encryptSecretIds(newSecretIds, exchangeDataInfo.exchangeKey)\n const encryptedNewEncryptionKeys = await this.secureDelegationsEncryption.encryptEncryptionKeys(newEncryptionKeys, exchangeDataInfo.exchangeKey)\n const encryptedNewOwningEntityIds = await this.secureDelegationsEncryption.encryptOwningEntityIds(\n newOwningEntityIds,\n exchangeDataInfo.exchangeKey\n )\n return new EntitySharedMetadataUpdateRequest({\n metadataAccessControlHash: canonicalKey,\n secretIds: Object.fromEntries(encryptedNewSecretIds.map((id) => [id, EntryUpdateTypeEnum.CREATE])),\n encryptionKeys: Object.fromEntries(encryptedNewEncryptionKeys.map((key) => [key, EntryUpdateTypeEnum.CREATE])),\n owningEntityIds: Object.fromEntries(encryptedNewOwningEntityIds.map((id) => [id, EntryUpdateTypeEnum.CREATE])),\n })\n } else return undefined\n }\n\n private async makeShareRequestParams(\n exchangeDataInfo: { exchangeData: ExchangeData; accessControlSecret: string; exchangeKey: CryptoKey },\n accessControlKeys: string[],\n delegateId: string,\n shareSecretIds: string[],\n shareEncryptionKeys: string[],\n shareOwningEntityIds: string[],\n newDelegationPermissions: EntityShareRequest.RequestedPermissionInternal\n ): Promise<EntityShareRequest> {\n return new EntityShareRequest({\n ...(await this.makeSecureDelegationEncryptedData(exchangeDataInfo, delegateId, shareSecretIds, shareEncryptionKeys, shareOwningEntityIds)),\n requestedPermissions: newDelegationPermissions,\n accessControlKeys,\n })\n }\n\n private async makeSecureDelegationInfo(\n entity: EncryptedEntityWithType,\n delegateId: string,\n shareSecretIds: string[],\n shareEncryptionKeys: string[],\n shareOwningEntityIds: string[],\n permissions: AccessLevelEnum,\n parentDelegationKey: string | undefined\n ): Promise<{\n canonicalDelegationKey: string\n canonicalAccessControlKey: string\n delegation: SecureDelegation\n encryptedExchangeDataId: { [fp: string]: string } | undefined\n delegationKeyEquivalences: { [alias: string]: string }\n }> {\n // Be wary of explicit delegator and explicit delegate\n const exchangeDataInfo = await this.exchangeDataManager.getOrCreateEncryptionDataTo(\n delegateId,\n entity.type,\n entity.entity.secretForeignKeys ?? []\n )\n const accessControlHashes = await this.accessControlSecretUtils.secureDelegationKeysFor(\n exchangeDataInfo.accessControlSecret,\n entity.type,\n entity.entity.secretForeignKeys ?? []\n )\n const accessControlKeys = (\n await this.accessControlSecretUtils.accessControlKeysFor(\n exchangeDataInfo.accessControlSecret,\n entity.type,\n entity.entity.secretForeignKeys ?? []\n )\n ).map((x) => ua2hex(x))\n const accessControlKeysToHashes = accessControlKeys\n .map((key, index) => {\n return [key, accessControlHashes[index]]\n })\n .sort((a, b) => a[1].localeCompare(b[1]))\n\n const canonicalKey = accessControlKeysToHashes[0][1]\n const keyEquivalences = Object.fromEntries(accessControlKeysToHashes.slice(1).map((hash) => [hash[1], canonicalKey]))\n const encryptedDelegationInfo = await this.makeSecureDelegationEncryptedData(\n exchangeDataInfo,\n delegateId,\n shareSecretIds,\n shareEncryptionKeys,\n shareOwningEntityIds\n )\n const delegation = new SecureDelegation({\n delegator: encryptedDelegationInfo?.explicitDelegator,\n delegate: encryptedDelegationInfo?.explicitDelegate,\n secretIds: encryptedDelegationInfo?.secretIds,\n encryptionKeys: encryptedDelegationInfo?.encryptionKeys,\n owningEntityIds: encryptedDelegationInfo?.owningEntityIds,\n parentDelegations: parentDelegationKey ? [parentDelegationKey] : undefined,\n exchangeDataId: encryptedDelegationInfo?.exchangeDataId,\n encryptedExchangeDataId: encryptedDelegationInfo?.encryptedExchangeDataId,\n permissions: permissions,\n })\n return {\n canonicalDelegationKey: canonicalKey,\n canonicalAccessControlKey: accessControlKeysToHashes[0][0],\n delegation,\n encryptedExchangeDataId: encryptedDelegationInfo?.encryptedExchangeDataId,\n delegationKeyEquivalences: keyEquivalences,\n }\n }\n\n private async makeSecureDelegationEncryptedData(\n exchangeDataInfo: { exchangeData: ExchangeData; accessControlSecret: string; exchangeKey: CryptoKey },\n delegateId: string,\n shareSecretIds: string[],\n shareEncryptionKeys: string[],\n shareOwningEntityIds: string[]\n ): Promise<{\n explicitDelegator?: string\n explicitDelegate?: string\n secretIds?: string[]\n encryptionKeys?: string[]\n owningEntityIds?: string[]\n exchangeDataId?: string\n encryptedExchangeDataId?: { [fp: string]: string } // TODO if secure delegation info, check cache before calculating\n }> {\n const selfId = await this.dataOwnerApi.getCurrentDataOwnerId()\n const exchangeDataIdInfo =\n delegateId === selfId\n ? this.makeExchangeDataIdInfoForSelf(selfId, exchangeDataInfo.exchangeData)\n : await this.makeExchangeDataIdInfoForDelegate(selfId, delegateId, exchangeDataInfo.exchangeData)\n const encryptedSecretIds = await this.secureDelegationsEncryption.encryptSecretIds(shareSecretIds, exchangeDataInfo.exchangeKey)\n const encryptedEncryptionKeys = await this.secureDelegationsEncryption.encryptEncryptionKeys(shareEncryptionKeys, exchangeDataInfo.exchangeKey)\n const encryptedOwningEntityIds = await this.secureDelegationsEncryption.encryptOwningEntityIds(shareOwningEntityIds, exchangeDataInfo.exchangeKey)\n return {\n ...exchangeDataIdInfo,\n secretIds: encryptedSecretIds,\n encryptionKeys: encryptedEncryptionKeys,\n owningEntityIds: encryptedOwningEntityIds,\n }\n }\n\n private async makeExchangeDataIdInfoForDelegate(\n selfId: string,\n delegateId: string,\n exchangeData: ExchangeData\n ): Promise<{\n exchangeDataId?: string\n encryptedExchangeDataId?: { [fp: string]: string }\n explicitDelegator?: string\n explicitDelegate?: string\n }> {\n const delegateInfo = await this.getDataOwnerInfo(delegateId)\n if (!delegateInfo.requiresAnonymousDelegations && !this.selfNeedsAnonymousDelegations) {\n return {\n explicitDelegator: selfId,\n explicitDelegate: delegateId,\n exchangeDataId: exchangeData.id,\n }\n } else if (delegateInfo.requiresAnonymousDelegations && !this.selfNeedsAnonymousDelegations) {\n return {\n explicitDelegator: selfId,\n encryptedExchangeDataId: await this.secureDelegationsEncryption.encryptExchangeDataId(\n exchangeData.id!,\n Object.fromEntries(this.userKeys.getSelfVerifiedKeys().map((keyInfo) => [keyInfo.fingerprint, keyInfo.pair.publicKey]))\n ),\n }\n } else if (!delegateInfo.requiresAnonymousDelegations && this.selfNeedsAnonymousDelegations) {\n const fingerprintsOfVerifiedExchangeData = new Set(Object.keys(exchangeData.exchangeKey))\n const delegateVerifiedKeys: { [fp: string]: CryptoKey } = {}\n for (const keyHex of [...delegateInfo.availablePublicKeysHexWithSha1, ...delegateInfo.availablePublicKeysHexWithSha256]) {\n const currFp = fingerprintV2(keyHex)\n const shaVersion = delegateInfo.availablePublicKeysHexWithSha1.includes(keyHex) ? 'sha-1' : 'sha-256'\n if (fingerprintsOfVerifiedExchangeData.has(currFp)) {\n delegateVerifiedKeys[currFp] = await this.primitives.RSA.importKey('spki', hex2ua(keyHex), ['encrypt'], shaVersion)\n }\n }\n if (!Object.keys(delegateVerifiedKeys).length)\n throw new Error('Illegal state: could not find any verified key for delegate in verified exchange data.')\n return {\n explicitDelegate: delegateId,\n encryptedExchangeDataId: await this.secureDelegationsEncryption.encryptExchangeDataId(exchangeData.id!, delegateVerifiedKeys),\n }\n } else return {}\n }\n\n private makeExchangeDataIdInfoForSelf(\n selfId: string,\n exchangeData: ExchangeData\n ): {\n exchangeDataId?: string\n encryptedExchangeDataId?: { [fp: string]: string }\n explicitDelegator?: string\n explicitDelegate?: string\n } {\n if (this.selfNeedsAnonymousDelegations) {\n return {}\n } else {\n return {\n exchangeDataId: exchangeData.id,\n explicitDelegator: selfId,\n explicitDelegate: selfId,\n }\n }\n }\n\n private async getDataOwnerInfo(dataOwnerId: string) {\n return this.dataOwnerInfoCache.get(dataOwnerId, async () => {\n const dataOwnerWithType = await this.dataOwnerApi.getCryptoActorStub(dataOwnerId)\n return {\n item: {\n requiresAnonymousDelegations: this.cryptoStrategies.dataOwnerRequiresAnonymousDelegation(dataOwnerWithType),\n availablePublicKeysHexWithSha1: Array.from(hexPublicKeysWithSha1Of(dataOwnerWithType.stub)),\n availablePublicKeysHexWithSha256: Array.from(hexPublicKeysWithSha256Of(dataOwnerWithType.stub)),\n },\n }\n })\n }\n\n private getExistingCanonicalKeyAndSecureDelegation(\n entity: EncryptedEntityStub | EncryptedEntity,\n hashes: string[]\n ): { canonicalKey: string; secureDelegation: SecureDelegation } | undefined {\n const securityMetadata = entity.securityMetadata ?? {}\n const canonicalByEquivalences = Array.from(new Set(hashes.flatMap((hash) => securityMetadata.keysEquivalences?.[hash] ?? [])))\n const directRetrievals = hashes.flatMap((hash) => {\n const retrievedMetadata = securityMetadata.secureDelegations?.[hash]\n return retrievedMetadata ? { canonicalKey: hash, secureDelegation: retrievedMetadata } : []\n })\n if (\n directRetrievals.length > 1 ||\n canonicalByEquivalences.length > 1 ||\n (!!canonicalByEquivalences[0] && !!directRetrievals[0]?.canonicalKey && canonicalByEquivalences[0] !== directRetrievals[0]?.canonicalKey)\n )\n throw new Error('Illegal state: multiple secure delegations matching equivalent hashes of entity.')\n const canonicalFromEquivalences = canonicalByEquivalences[0]\n const retrievedFromEquivalences = securityMetadata.secureDelegations?.[canonicalFromEquivalences]\n return (\n directRetrievals[0] ??\n (!!canonicalFromEquivalences && !!retrievedFromEquivalences\n ? { canonicalKey: canonicalFromEquivalences, secureDelegation: retrievedFromEquivalences }\n : undefined)\n )\n }\n}\n"]}
|
|
1
|
+
{"version":3,"file":"SecureDelegationsManager.js","sourceRoot":"","sources":["../../../icc-x-api/crypto/SecureDelegationsManager.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,wFAAoF;AAKpF,oFAA6E;AAC7E,mCAA2F;AAK3F,oCAAyC;AAIzC,2EAAuE;AACvE,sHAAkH;AAClH,IAAO,mBAAmB,GAAG,qEAAiC,CAAC,mBAAmB,CAAA;AAClF,IAAO,eAAe,GAAG,mCAAgB,CAAC,eAAe,CAAA;AACzD,2EAAuE;AAGvE,MAAa,wBAAwB;IACnC,YACmB,mBAAwC,EACxC,sBAA8C,EAC9C,2BAAwD,EACxD,wBAAkD,EAClD,QAAmC,EACnC,UAA4B,EAC5B,YAA8B,EAC9B,gBAAkC,EAClC,6BAAsC;QARtC,wBAAmB,GAAnB,mBAAmB,CAAqB;QACxC,2BAAsB,GAAtB,sBAAsB,CAAwB;QAC9C,gCAA2B,GAA3B,2BAA2B,CAA6B;QACxD,6BAAwB,GAAxB,wBAAwB,CAA0B;QAClD,aAAQ,GAAR,QAAQ,CAA2B;QACnC,eAAU,GAAV,UAAU,CAAkB;QAC5B,iBAAY,GAAZ,YAAY,CAAkB;QAC9B,qBAAgB,GAAhB,gBAAgB,CAAkB;QAClC,kCAA6B,GAA7B,6BAA6B,CAAS;QAGxC,uBAAkB,GAO/B,IAAI,oDAAuB,CAAC,GAAG,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAA;IATvD,CAAC;IAWJ;;;;;;;;;;OAUG;IACG,sCAAsC,CAC1C,MAA2C,EAC3C,UAAwC,EACxC,SAAmB,EACnB,eAAyB,EACzB,cAAwB,EACxB,eAA2E;;YAE3E,MAAM,cAAc,GAA4B,EAAE,MAAM,EAAE,IAAI,EAAE,UAAU,EAAE,CAAA;YAC5E,MAAM,kBAAkB,GAAG,MAAM,IAAI,CAAC,wBAAwB,CAC5D,cAAc,EACd,MAAM,IAAI,CAAC,YAAY,CAAC,qBAAqB,EAAE,EAC/C,SAAS,EACT,cAAc,EACd,eAAe,EACf,eAAe,CAAC,KAAK,EACrB,SAAS,CACV,CAAA;YACD,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,qBAAqB,EAAE,CAAA;YAC9D,MAAM,oBAAoB,GAMpB,EAAE,CAAA;YACR,KAAK,MAAM,CAAC,UAAU,EAAE,WAAW,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,eAAe,CAAC,EAAE;gBACvE,IAAI,UAAU,KAAK,MAAM,EAAE;oBACzB,oBAAoB,CAAC,IAAI,CACvB,MAAM,IAAI,CAAC,wBAAwB,CACjC,cAAc,EACd,UAAU,EACV,SAAS,EACT,cAAc,EACd,eAAe,EACf,WAAW,EACX,kBAAkB,CAAC,sBAAsB,CAC1C,CACF,CAAA;iBACF;aACF;YACD,MAAM,iBAAiB,GAAG,MAAM,CAAC,WAAW,CAC1C,CAAC,kBAAkB,EAAE,GAAG,oBAAoB,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,sBAAsB,EAAE,UAAU,EAAE,EAAE,EAAE,CAAC,CAAC,sBAAsB,EAAE,UAAU,CAAC,CAAC,CACpI,CAAA;YACD,MAAM,gBAAgB,qBACjB,kBAAkB,CAAC,yBAAyB,CAChD,CAAA;YACD,KAAK,MAAM,EAAE,yBAAyB,EAAE,oBAAoB,EAAE,IAAI,oBAAoB,EAAE;gBACtF,MAAM,CAAC,MAAM,CAAC,gBAAgB,EAAE,oBAAoB,CAAC,CAAA;aACtD;YACD,MAAM,mBAAmB,GAAG,MAAM,CAAC,WAAW,CAC5C,oBAAoB;iBACjB,MAAM,CAAC,CAAC,EAAE,uBAAuB,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC,uBAAuB,CAAC;iBAClE,GAAG,CAAC,CAAC,EAAE,yBAAyB,EAAE,uBAAuB,EAAE,EAAE,EAAE,CAAC,CAAC,yBAAyB,EAAE,uBAAwB,CAAC,CAAC,CAC1H,CAAA;YACD,MAAM,IAAI,CAAC,sBAAsB,CAAC,sBAAsB,CAAC,mBAAmB,CAAC,CAAA;YAC7E,uCACK,MAAM,KACT,gBAAgB,EAAE,IAAI,mCAAgB,CAAC,EAAE,iBAAiB,EAAE,gBAAgB,EAAE,CAAC,IAChF;QACH,CAAC;KAAA;IAED;;;;;;;;;;;;;;OAcG;IACG,8BAA8B,CAClC,cAAuC,EACvC,UAAkB,EAClB,cAAwB,EACxB,mBAA6B,EAC7B,oBAA8B,EAC9B,wBAAwE;;;YAExE,MAAM,gBAAgB,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,2BAA2B,CACjF,UAAU,EACV,cAAc,CAAC,IAAI,EACnB,MAAA,cAAc,CAAC,MAAM,CAAC,iBAAiB,mCAAI,EAAE,CAC9C,CAAA;YACD,MAAM,mBAAmB,GAAG,MAAM,IAAI,CAAC,wBAAwB,CAAC,uBAAuB,CACrF,gBAAgB,CAAC,mBAAmB,EACpC,cAAc,CAAC,IAAI,EACnB,MAAA,cAAc,CAAC,MAAM,CAAC,iBAAiB,mCAAI,EAAE,CAC9C,CAAA;YACD,MAAM,wBAAwB,GAAG,IAAI,CAAC,0CAA0C,CAAC,cAAc,CAAC,MAAM,EAAE,mBAAmB,CAAC,CAAA;YAC5H,IAAI,wBAAwB,EAAE;gBAC5B,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,uBAAuB,CACrD,wBAAwB,CAAC,YAAY,EACrC,wBAAwB,CAAC,gBAAgB,EACzC,gBAAgB,EAChB,cAAc,EACd,mBAAmB,EACnB,oBAAoB,CACrB,CAAA;gBACD,OAAO,YAAY,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,YAAY,EAAE,CAAC,CAAC,CAAC,SAAS,CAAA;aAC3D;iBAAM;gBACL,MAAM,iBAAiB,GAAG,CACxB,MAAM,IAAI,CAAC,wBAAwB,CAAC,oBAAoB,CACtD,gBAAgB,CAAC,mBAAmB,EACpC,cAAc,CAAC,IAAI,EACnB,MAAA,cAAc,CAAC,MAAM,CAAC,iBAAiB,mCAAI,EAAE,CAC9C,CACF,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAA,cAAM,EAAC,CAAC,CAAC,CAAC,CAAA;gBACvB,OAAO;oBACL,KAAK,EAAE,MAAM,IAAI,CAAC,sBAAsB,CACtC,gBAAgB,EAChB,iBAAiB,EACjB,UAAU,EACV,cAAc,EACd,mBAAmB,EACnB,oBAAoB,EACpB,wBAAwB,CACzB;iBACF,CAAA;aACF;;KACF;IAEa,uBAAuB,CACnC,YAAoB,EACpB,kBAAoC,EACpC,gBAAqG,EACrG,cAAwB,EACxB,mBAA6B,EAC7B,oBAA8B;;YAE9B,MAAM,iBAAiB,GAAG,IAAI,GAAG,CAAC,MAAM,IAAI,CAAC,2BAA2B,CAAC,gBAAgB,CAAC,kBAAkB,EAAE,gBAAgB,CAAC,WAAW,CAAC,CAAC,CAAA;YAC5I,MAAM,sBAAsB,GAAG,IAAI,GAAG,CACpC,MAAM,IAAI,CAAC,2BAA2B,CAAC,qBAAqB,CAAC,kBAAkB,EAAE,gBAAgB,CAAC,WAAW,CAAC,CAC/G,CAAA;YACD,MAAM,uBAAuB,GAAG,IAAI,GAAG,CACrC,MAAM,IAAI,CAAC,2BAA2B,CAAC,sBAAsB,CAAC,kBAAkB,EAAE,gBAAgB,CAAC,WAAW,CAAC,CAChH,CAAA;YACD,MAAM,YAAY,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,iBAAiB,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAA;YAC9E,MAAM,iBAAiB,GAAG,mBAAmB,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,sBAAsB,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAA;YAC/F,MAAM,kBAAkB,GAAG,oBAAoB,CAAC,MAAM,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,uBAAuB,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAA;YAChG,IAAI,YAAY,CAAC,MAAM,IAAI,iBAAiB,CAAC,MAAM,IAAI,kBAAkB,CAAC,MAAM,EAAE;gBAChF,MAAM,qBAAqB,GAAG,MAAM,IAAI,CAAC,2BAA2B,CAAC,gBAAgB,CAAC,YAAY,EAAE,gBAAgB,CAAC,WAAW,CAAC,CAAA;gBACjI,MAAM,0BAA0B,GAAG,MAAM,IAAI,CAAC,2BAA2B,CAAC,qBAAqB,CAAC,iBAAiB,EAAE,gBAAgB,CAAC,WAAW,CAAC,CAAA;gBAChJ,MAAM,2BAA2B,GAAG,MAAM,IAAI,CAAC,2BAA2B,CAAC,sBAAsB,CAC/F,kBAAkB,EAClB,gBAAgB,CAAC,WAAW,CAC7B,CAAA;gBACD,OAAO,IAAI,qEAAiC,CAAC;oBAC3C,yBAAyB,EAAE,YAAY;oBACvC,SAAS,EAAE,MAAM,CAAC,WAAW,CAAC,qBAAqB,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,EAAE,EAAE,mBAAmB,CAAC,MAAM,CAAC,CAAC,CAAC;oBAClG,cAAc,EAAE,MAAM,CAAC,WAAW,CAAC,0BAA0B,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,GAAG,EAAE,mBAAmB,CAAC,MAAM,CAAC,CAAC,CAAC;oBAC9G,eAAe,EAAE,MAAM,CAAC,WAAW,CAAC,2BAA2B,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,EAAE,EAAE,mBAAmB,CAAC,MAAM,CAAC,CAAC,CAAC;iBAC/G,CAAC,CAAA;aACH;;gBAAM,OAAO,SAAS,CAAA;QACzB,CAAC;KAAA;IAEa,sBAAsB,CAClC,gBAAqG,EACrG,iBAA2B,EAC3B,UAAkB,EAClB,cAAwB,EACxB,mBAA6B,EAC7B,oBAA8B,EAC9B,wBAAwE;;YAExE,OAAO,IAAI,uCAAkB,iCACxB,CAAC,MAAM,IAAI,CAAC,iCAAiC,CAAC,gBAAgB,EAAE,UAAU,EAAE,cAAc,EAAE,mBAAmB,EAAE,oBAAoB,CAAC,CAAC,KAC1I,oBAAoB,EAAE,wBAAwB,EAC9C,iBAAiB,IACjB,CAAA;QACJ,CAAC;KAAA;IAEa,wBAAwB,CACpC,MAA+B,EAC/B,UAAkB,EAClB,cAAwB,EACxB,mBAA6B,EAC7B,oBAA8B,EAC9B,WAA4B,EAC5B,mBAAuC;;;YAQvC,sDAAsD;YACtD,MAAM,gBAAgB,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,2BAA2B,CACjF,UAAU,EACV,MAAM,CAAC,IAAI,EACX,MAAA,MAAM,CAAC,MAAM,CAAC,iBAAiB,mCAAI,EAAE,CACtC,CAAA;YACD,MAAM,mBAAmB,GAAG,MAAM,IAAI,CAAC,wBAAwB,CAAC,uBAAuB,CACrF,gBAAgB,CAAC,mBAAmB,EACpC,MAAM,CAAC,IAAI,EACX,MAAA,MAAM,CAAC,MAAM,CAAC,iBAAiB,mCAAI,EAAE,CACtC,CAAA;YACD,MAAM,iBAAiB,GAAG,CACxB,MAAM,IAAI,CAAC,wBAAwB,CAAC,oBAAoB,CACtD,gBAAgB,CAAC,mBAAmB,EACpC,MAAM,CAAC,IAAI,EACX,MAAA,MAAM,CAAC,MAAM,CAAC,iBAAiB,mCAAI,EAAE,CACtC,CACF,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAA,cAAM,EAAC,CAAC,CAAC,CAAC,CAAA;YACvB,MAAM,yBAAyB,GAAG,iBAAiB;iBAChD,GAAG,CAAC,CAAC,GAAG,EAAE,KAAK,EAAE,EAAE;gBAClB,OAAO,CAAC,GAAG,EAAE,mBAAmB,CAAC,KAAK,CAAC,CAAC,CAAA;YAC1C,CAAC,CAAC;iBACD,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAA;YAE3C,MAAM,YAAY,GAAG,yBAAyB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAA;YACpD,MAAM,eAAe,GAAG,MAAM,CAAC,WAAW,CAAC,yBAAyB,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC,CAAC,CAAA;YACrH,MAAM,uBAAuB,GAAG,MAAM,IAAI,CAAC,iCAAiC,CAC1E,gBAAgB,EAChB,UAAU,EACV,cAAc,EACd,mBAAmB,EACnB,oBAAoB,CACrB,CAAA;YACD,MAAM,UAAU,GAAG,IAAI,mCAAgB,CAAC;gBACtC,SAAS,EAAE,uBAAuB,aAAvB,uBAAuB,uBAAvB,uBAAuB,CAAE,iBAAiB;gBACrD,QAAQ,EAAE,uBAAuB,aAAvB,uBAAuB,uBAAvB,uBAAuB,CAAE,gBAAgB;gBACnD,SAAS,EAAE,uBAAuB,aAAvB,uBAAuB,uBAAvB,uBAAuB,CAAE,SAAS;gBAC7C,cAAc,EAAE,uBAAuB,aAAvB,uBAAuB,uBAAvB,uBAAuB,CAAE,cAAc;gBACvD,eAAe,EAAE,uBAAuB,aAAvB,uBAAuB,uBAAvB,uBAAuB,CAAE,eAAe;gBACzD,iBAAiB,EAAE,mBAAmB,CAAC,CAAC,CAAC,CAAC,mBAAmB,CAAC,CAAC,CAAC,CAAC,SAAS;gBAC1E,cAAc,EAAE,uBAAuB,aAAvB,uBAAuB,uBAAvB,uBAAuB,CAAE,cAAc;gBACvD,uBAAuB,EAAE,uBAAuB,aAAvB,uBAAuB,uBAAvB,uBAAuB,CAAE,uBAAuB;gBACzE,WAAW,EAAE,WAAW;aACzB,CAAC,CAAA;YACF,OAAO;gBACL,sBAAsB,EAAE,YAAY;gBACpC,yBAAyB,EAAE,yBAAyB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;gBAC1D,UAAU;gBACV,uBAAuB,EAAE,uBAAuB,aAAvB,uBAAuB,uBAAvB,uBAAuB,CAAE,uBAAuB;gBACzE,yBAAyB,EAAE,eAAe;aAC3C,CAAA;;KACF;IAEa,iCAAiC,CAC7C,gBAAqG,EACrG,UAAkB,EAClB,cAAwB,EACxB,mBAA6B,EAC7B,oBAA8B;;YAU9B,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,qBAAqB,EAAE,CAAA;YAC9D,MAAM,kBAAkB,GACtB,UAAU,KAAK,MAAM;gBACnB,CAAC,CAAC,IAAI,CAAC,6BAA6B,CAAC,MAAM,EAAE,gBAAgB,CAAC,YAAY,CAAC;gBAC3E,CAAC,CAAC,MAAM,IAAI,CAAC,iCAAiC,CAAC,MAAM,EAAE,UAAU,EAAE,gBAAgB,CAAC,YAAY,CAAC,CAAA;YACrG,MAAM,kBAAkB,GAAG,MAAM,IAAI,CAAC,2BAA2B,CAAC,gBAAgB,CAAC,cAAc,EAAE,gBAAgB,CAAC,WAAW,CAAC,CAAA;YAChI,MAAM,uBAAuB,GAAG,MAAM,IAAI,CAAC,2BAA2B,CAAC,qBAAqB,CAAC,mBAAmB,EAAE,gBAAgB,CAAC,WAAW,CAAC,CAAA;YAC/I,MAAM,wBAAwB,GAAG,MAAM,IAAI,CAAC,2BAA2B,CAAC,sBAAsB,CAAC,oBAAoB,EAAE,gBAAgB,CAAC,WAAW,CAAC,CAAA;YAClJ,uCACK,kBAAkB,KACrB,SAAS,EAAE,kBAAkB,EAC7B,cAAc,EAAE,uBAAuB,EACvC,eAAe,EAAE,wBAAwB,IAC1C;QACH,CAAC;KAAA;IAEa,iCAAiC,CAC7C,MAAc,EACd,UAAkB,EAClB,YAA0B;;YAO1B,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,UAAU,CAAC,CAAA;YAC5D,IAAI,CAAC,YAAY,CAAC,4BAA4B,IAAI,CAAC,IAAI,CAAC,6BAA6B,EAAE;gBACrF,OAAO;oBACL,iBAAiB,EAAE,MAAM;oBACzB,gBAAgB,EAAE,UAAU;oBAC5B,cAAc,EAAE,YAAY,CAAC,EAAE;iBAChC,CAAA;aACF;iBAAM,IAAI,YAAY,CAAC,4BAA4B,IAAI,CAAC,IAAI,CAAC,6BAA6B,EAAE;gBAC3F,OAAO;oBACL,iBAAiB,EAAE,MAAM;oBACzB,uBAAuB,EAAE,MAAM,IAAI,CAAC,2BAA2B,CAAC,qBAAqB,CACnF,YAAY,CAAC,EAAG,EAChB,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,QAAQ,CAAC,mBAAmB,EAAE,CAAC,GAAG,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,WAAW,EAAE,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CACxH;iBACF,CAAA;aACF;iBAAM,IAAI,CAAC,YAAY,CAAC,4BAA4B,IAAI,IAAI,CAAC,6BAA6B,EAAE;gBAC3F;;mBAEG;gBACH,MAAM,kCAAkC,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,WAAW,CAAC,CAAC,CAAA;gBACzF,MAAM,oBAAoB,GAAgC,EAAE,CAAA;gBAC5D,KAAK,MAAM,MAAM,IAAI,CAAC,GAAG,YAAY,CAAC,8BAA8B,EAAE,GAAG,YAAY,CAAC,gCAAgC,CAAC,EAAE;oBACvH,MAAM,MAAM,GAAG,IAAA,qBAAa,EAAC,MAAM,CAAC,CAAA;oBACpC,MAAM,UAAU,GAAG,YAAY,CAAC,8BAA8B,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAA;oBACrG,IAAI,kCAAkC,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE;wBAClD,oBAAoB,CAAC,MAAM,CAAC,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,SAAS,CAAC,MAAM,EAAE,IAAA,cAAM,EAAC,MAAM,CAAC,EAAE,CAAC,SAAS,CAAC,EAAE,UAAU,CAAC,CAAA;qBACpH;iBACF;gBACD,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC,MAAM;oBAC3C,MAAM,IAAI,KAAK,CAAC,wFAAwF,CAAC,CAAA;gBAC3G,OAAO;oBACL,gBAAgB,EAAE,UAAU;oBAC5B,uBAAuB,EAAE,MAAM,IAAI,CAAC,2BAA2B,CAAC,qBAAqB,CAAC,YAAY,CAAC,EAAG,EAAE,oBAAoB,CAAC;iBAC9H,CAAA;aACF;;gBAAM,OAAO,EAAE,CAAA;QAClB,CAAC;KAAA;IAEO,6BAA6B,CACnC,MAAc,EACd,YAA0B;QAO1B,IAAI,IAAI,CAAC,6BAA6B,EAAE;YACtC,OAAO,EAAE,CAAA;SACV;aAAM;YACL,OAAO;gBACL,cAAc,EAAE,YAAY,CAAC,EAAE;gBAC/B,iBAAiB,EAAE,MAAM;gBACzB,gBAAgB,EAAE,MAAM;aACzB,CAAA;SACF;IACH,CAAC;IAEa,gBAAgB,CAAC,WAAmB;;YAChD,OAAO,IAAI,CAAC,kBAAkB,CAAC,GAAG,CAAC,WAAW,EAAE,GAAS,EAAE;gBACzD,MAAM,iBAAiB,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,kBAAkB,CAAC,WAAW,CAAC,CAAA;gBACjF,OAAO;oBACL,IAAI,EAAE;wBACJ,4BAA4B,EAAE,IAAI,CAAC,gBAAgB,CAAC,oCAAoC,CAAC,iBAAiB,CAAC;wBAC3G,8BAA8B,EAAE,KAAK,CAAC,IAAI,CAAC,IAAA,+BAAuB,EAAC,iBAAiB,CAAC,IAAI,CAAC,CAAC;wBAC3F,gCAAgC,EAAE,KAAK,CAAC,IAAI,CAAC,IAAA,iCAAyB,EAAC,iBAAiB,CAAC,IAAI,CAAC,CAAC;qBAChG;iBACF,CAAA;YACH,CAAC,CAAA,CAAC,CAAA;QACJ,CAAC;KAAA;IAEO,0CAA0C,CAChD,MAA6C,EAC7C,MAAgB;;QAEhB,MAAM,gBAAgB,GAAG,MAAA,MAAM,CAAC,gBAAgB,mCAAI,EAAE,CAAA;QACtD,MAAM,uBAAuB,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,GAAG,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,EAAE,eAAC,OAAA,MAAA,MAAA,gBAAgB,CAAC,gBAAgB,0CAAG,IAAI,CAAC,mCAAI,EAAE,CAAA,EAAA,CAAC,CAAC,CAAC,CAAA;QAC9H,MAAM,gBAAgB,GAAG,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,EAAE;;YAC/C,MAAM,iBAAiB,GAAG,MAAA,gBAAgB,CAAC,iBAAiB,0CAAG,IAAI,CAAC,CAAA;YACpE,OAAO,iBAAiB,CAAC,CAAC,CAAC,EAAE,YAAY,EAAE,IAAI,EAAE,gBAAgB,EAAE,iBAAiB,EAAE,CAAC,CAAC,CAAC,EAAE,CAAA;QAC7F,CAAC,CAAC,CAAA;QACF,IACE,gBAAgB,CAAC,MAAM,GAAG,CAAC;YAC3B,uBAAuB,CAAC,MAAM,GAAG,CAAC;YAClC,CAAC,CAAC,CAAC,uBAAuB,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAA,MAAA,gBAAgB,CAAC,CAAC,CAAC,0CAAE,YAAY,CAAA,IAAI,uBAAuB,CAAC,CAAC,CAAC,MAAK,MAAA,gBAAgB,CAAC,CAAC,CAAC,0CAAE,YAAY,CAAA,CAAC;YAEzI,MAAM,IAAI,KAAK,CAAC,kFAAkF,CAAC,CAAA;QACrG,MAAM,yBAAyB,GAAG,uBAAuB,CAAC,CAAC,CAAC,CAAA;QAC5D,MAAM,yBAAyB,GAAG,MAAA,gBAAgB,CAAC,iBAAiB,0CAAG,yBAAyB,CAAC,CAAA;QACjG,OAAO,CACL,MAAA,gBAAgB,CAAC,CAAC,CAAC,mCACnB,CAAC,CAAC,CAAC,yBAAyB,IAAI,CAAC,CAAC,yBAAyB;YACzD,CAAC,CAAC,EAAE,YAAY,EAAE,yBAAyB,EAAE,gBAAgB,EAAE,yBAAyB,EAAE;YAC1F,CAAC,CAAC,SAAS,CAAC,CACf,CAAA;IACH,CAAC;CACF;AA/ZD,4DA+ZC","sourcesContent":["import { EntityShareRequest } from '../../icc-api/model/requests/EntityShareRequest'\nimport { IccDataOwnerXApi } from '../icc-data-owner-x-api'\nimport { UserEncryptionKeysManager } from './UserEncryptionKeysManager'\nimport { CryptoStrategies } from './CryptoStrategies'\nimport { EncryptedEntityWithType, EntityWithDelegationTypeName } from '../utils/EntityWithDelegationTypeName'\nimport { LruTemporisedAsyncCache } from '../utils/lru-temporised-async-cache'\nimport { fingerprintV2, hexPublicKeysWithSha1Of, hexPublicKeysWithSha256Of } from './utils'\nimport { ExchangeDataManager } from './ExchangeDataManager'\nimport { ExchangeData } from '../../icc-api/model/internal/ExchangeData'\nimport { SecureDelegationsEncryption } from './SecureDelegationsEncryption'\nimport { CryptoPrimitives } from './CryptoPrimitives'\nimport { hex2ua, ua2hex } from '../utils'\nimport { AccessControlSecretUtils } from './AccessControlSecretUtils'\nimport { EntityShareOrMetadataUpdateRequest } from '../../icc-api/model/requests/EntityShareOrMetadataUpdateRequest'\nimport { EncryptedEntity, EncryptedEntityStub } from '../../icc-api/model/models'\nimport { SecureDelegation } from '../../icc-api/model/SecureDelegation'\nimport { EntitySharedMetadataUpdateRequest } from '../../icc-api/model/requests/EntitySharedMetadataUpdateRequest'\nimport EntryUpdateTypeEnum = EntitySharedMetadataUpdateRequest.EntryUpdateTypeEnum\nimport AccessLevelEnum = SecureDelegation.AccessLevelEnum\nimport { SecurityMetadata } from '../../icc-api/model/SecurityMetadata'\nimport { ExchangeDataMapManager } from './ExchangeDataMapManager'\n\nexport class SecureDelegationsManager {\n constructor(\n private readonly exchangeDataManager: ExchangeDataManager,\n private readonly exchangeDataMapManager: ExchangeDataMapManager,\n private readonly secureDelegationsEncryption: SecureDelegationsEncryption,\n private readonly accessControlSecretUtils: AccessControlSecretUtils,\n private readonly userKeys: UserEncryptionKeysManager,\n private readonly primitives: CryptoPrimitives,\n private readonly dataOwnerApi: IccDataOwnerXApi,\n private readonly cryptoStrategies: CryptoStrategies,\n private readonly selfNeedsAnonymousDelegations: boolean\n ) {}\n\n private readonly dataOwnerInfoCache: LruTemporisedAsyncCache<\n string,\n {\n requiresAnonymousDelegations: boolean\n availablePublicKeysHexWithSha1: string[]\n availablePublicKeysHexWithSha256: string[]\n }\n > = new LruTemporisedAsyncCache(100, () => 30 * 60 * 1000)\n\n /**\n * Note: this method does not save the updated entity.\n * @param entity an entity, must already have secret foreign keys initialised.\n * @param entityType the type of the entity\n * @param secretIds the initial secret ids to include and share with the auto-delegations\n * @param owningEntityIds the initial owning entity ids to include and share with the auto-delegations\n * @param encryptionKeys the initial encryption keys to include and share with the auto-delegations\n * @param autoDelegations the data owners which will initially have access to the entity in addition to the current data owner and the access level\n * they will have on the entity.\n * @return the entity with the security metadata initialised for the provided parameters.\n */\n async entityWithInitialisedEncryptedMetadata<T extends EncryptedEntity>(\n entity: T & { secretForeignKeys: string[] },\n entityType: EntityWithDelegationTypeName,\n secretIds: string[],\n owningEntityIds: string[],\n encryptionKeys: string[],\n autoDelegations: { [delegateId: string]: SecureDelegation.AccessLevelEnum }\n ): Promise<T> {\n const entityWithType: EncryptedEntityWithType = { entity, type: entityType }\n const rootDelegationInfo = await this.makeSecureDelegationInfo(\n entityWithType,\n await this.dataOwnerApi.getCurrentDataOwnerId(),\n secretIds,\n encryptionKeys,\n owningEntityIds,\n AccessLevelEnum.WRITE,\n undefined\n )\n const selfId = await this.dataOwnerApi.getCurrentDataOwnerId()\n const otherDelegationsInfo: {\n canonicalDelegationKey: string\n canonicalAccessControlKey: string\n delegation: SecureDelegation\n delegationKeyEquivalences: { [p: string]: string }\n encryptedExchangeDataId: { [fp: string]: string } | undefined\n }[] = []\n for (const [delegateId, permissions] of Object.entries(autoDelegations)) {\n if (delegateId !== selfId) {\n otherDelegationsInfo.push(\n await this.makeSecureDelegationInfo(\n entityWithType,\n delegateId,\n secretIds,\n encryptionKeys,\n owningEntityIds,\n permissions,\n rootDelegationInfo.canonicalDelegationKey\n )\n )\n }\n }\n const secureDelegations = Object.fromEntries(\n [rootDelegationInfo, ...otherDelegationsInfo].map(({ canonicalDelegationKey, delegation }) => [canonicalDelegationKey, delegation])\n )\n const keysEquivalences = {\n ...rootDelegationInfo.delegationKeyEquivalences,\n }\n for (const { delegationKeyEquivalences: otherKeyEquivalences } of otherDelegationsInfo) {\n Object.assign(keysEquivalences, otherKeyEquivalences)\n }\n const newExchangeDataMaps = Object.fromEntries(\n otherDelegationsInfo\n .filter(({ encryptedExchangeDataId }) => !!encryptedExchangeDataId)\n .map(({ canonicalAccessControlKey, encryptedExchangeDataId }) => [canonicalAccessControlKey, encryptedExchangeDataId!])\n )\n await this.exchangeDataMapManager.createExchangeDataMaps(newExchangeDataMaps)\n return {\n ...entity,\n securityMetadata: new SecurityMetadata({ secureDelegations, keysEquivalences }),\n }\n }\n\n /**\n * Make a request for sharing an entity with a delegate or to update existing shared metadata by adding additional secretIds, encryptionKeys or\n * owningEntityIds if there is already some metadata shared between the current data owner and the delegate. In case there is already a delegation\n * for the delegate, and it already contains all the provided metadata, this method returns undefined, since there is no need to make any request to\n * share the provided data.\n * @param entityWithType an entity with type\n * @param delegateId the id of the delegate\n * @param shareSecretIds the secret ids to share\n * @param shareEncryptionKeys the encryption keys to share\n * @param shareOwningEntityIds the owning entity ids to share\n * @param newDelegationPermissions the permissions to grant to the delegate in case a new delegation needs to be created. If this method creates an\n * update request instead of a share request, this parameter is ignored.\n * @return the request to share the entity, or the request to update the shared metadata for the entity, or undefined if there is no need to update\n * the entity to allow the delegate to access the provided data.\n */\n async makeShareOrUpdateRequestParams(\n entityWithType: EncryptedEntityWithType,\n delegateId: string,\n shareSecretIds: string[],\n shareEncryptionKeys: string[],\n shareOwningEntityIds: string[],\n newDelegationPermissions: EntityShareRequest.RequestedPermissionInternal\n ): Promise<EntityShareOrMetadataUpdateRequest | undefined> {\n const exchangeDataInfo = await this.exchangeDataManager.getOrCreateEncryptionDataTo(\n delegateId,\n entityWithType.type,\n entityWithType.entity.secretForeignKeys ?? []\n )\n const accessControlHashes = await this.accessControlSecretUtils.secureDelegationKeysFor(\n exchangeDataInfo.accessControlSecret,\n entityWithType.type,\n entityWithType.entity.secretForeignKeys ?? []\n )\n const existingSecureDelegation = this.getExistingCanonicalKeyAndSecureDelegation(entityWithType.entity, accessControlHashes)\n if (existingSecureDelegation) {\n const updateParams = await this.makeUpdateRequestParams(\n existingSecureDelegation.canonicalKey,\n existingSecureDelegation.secureDelegation,\n exchangeDataInfo,\n shareSecretIds,\n shareEncryptionKeys,\n shareOwningEntityIds\n )\n return updateParams ? { update: updateParams } : undefined\n } else {\n const accessControlKeys = (\n await this.accessControlSecretUtils.accessControlKeysFor(\n exchangeDataInfo.accessControlSecret,\n entityWithType.type,\n entityWithType.entity.secretForeignKeys ?? []\n )\n ).map((x) => ua2hex(x))\n return {\n share: await this.makeShareRequestParams(\n exchangeDataInfo,\n accessControlKeys,\n delegateId,\n shareSecretIds,\n shareEncryptionKeys,\n shareOwningEntityIds,\n newDelegationPermissions\n ),\n }\n }\n }\n\n private async makeUpdateRequestParams(\n canonicalKey: string,\n existingDelegation: SecureDelegation,\n exchangeDataInfo: { exchangeData: ExchangeData; accessControlSecret: string; exchangeKey: CryptoKey },\n shareSecretIds: string[],\n shareEncryptionKeys: string[],\n shareOwningEntityIds: string[]\n ): Promise<EntitySharedMetadataUpdateRequest | undefined> {\n const existingSecretIds = new Set(await this.secureDelegationsEncryption.decryptSecretIds(existingDelegation, exchangeDataInfo.exchangeKey))\n const existingEncryptionKeys = new Set(\n await this.secureDelegationsEncryption.decryptEncryptionKeys(existingDelegation, exchangeDataInfo.exchangeKey)\n )\n const existingOwningEntityIds = new Set(\n await this.secureDelegationsEncryption.decryptOwningEntityIds(existingDelegation, exchangeDataInfo.exchangeKey)\n )\n const newSecretIds = shareSecretIds.filter((id) => !existingSecretIds.has(id))\n const newEncryptionKeys = shareEncryptionKeys.filter((key) => !existingEncryptionKeys.has(key))\n const newOwningEntityIds = shareOwningEntityIds.filter((id) => !existingOwningEntityIds.has(id))\n if (newSecretIds.length || newEncryptionKeys.length || newOwningEntityIds.length) {\n const encryptedNewSecretIds = await this.secureDelegationsEncryption.encryptSecretIds(newSecretIds, exchangeDataInfo.exchangeKey)\n const encryptedNewEncryptionKeys = await this.secureDelegationsEncryption.encryptEncryptionKeys(newEncryptionKeys, exchangeDataInfo.exchangeKey)\n const encryptedNewOwningEntityIds = await this.secureDelegationsEncryption.encryptOwningEntityIds(\n newOwningEntityIds,\n exchangeDataInfo.exchangeKey\n )\n return new EntitySharedMetadataUpdateRequest({\n metadataAccessControlHash: canonicalKey,\n secretIds: Object.fromEntries(encryptedNewSecretIds.map((id) => [id, EntryUpdateTypeEnum.CREATE])),\n encryptionKeys: Object.fromEntries(encryptedNewEncryptionKeys.map((key) => [key, EntryUpdateTypeEnum.CREATE])),\n owningEntityIds: Object.fromEntries(encryptedNewOwningEntityIds.map((id) => [id, EntryUpdateTypeEnum.CREATE])),\n })\n } else return undefined\n }\n\n private async makeShareRequestParams(\n exchangeDataInfo: { exchangeData: ExchangeData; accessControlSecret: string; exchangeKey: CryptoKey },\n accessControlKeys: string[],\n delegateId: string,\n shareSecretIds: string[],\n shareEncryptionKeys: string[],\n shareOwningEntityIds: string[],\n newDelegationPermissions: EntityShareRequest.RequestedPermissionInternal\n ): Promise<EntityShareRequest> {\n return new EntityShareRequest({\n ...(await this.makeSecureDelegationEncryptedData(exchangeDataInfo, delegateId, shareSecretIds, shareEncryptionKeys, shareOwningEntityIds)),\n requestedPermissions: newDelegationPermissions,\n accessControlKeys,\n })\n }\n\n private async makeSecureDelegationInfo(\n entity: EncryptedEntityWithType,\n delegateId: string,\n shareSecretIds: string[],\n shareEncryptionKeys: string[],\n shareOwningEntityIds: string[],\n permissions: AccessLevelEnum,\n parentDelegationKey: string | undefined\n ): Promise<{\n canonicalDelegationKey: string\n canonicalAccessControlKey: string\n delegation: SecureDelegation\n encryptedExchangeDataId: { [fp: string]: string } | undefined\n delegationKeyEquivalences: { [alias: string]: string }\n }> {\n // Be wary of explicit delegator and explicit delegate\n const exchangeDataInfo = await this.exchangeDataManager.getOrCreateEncryptionDataTo(\n delegateId,\n entity.type,\n entity.entity.secretForeignKeys ?? []\n )\n const accessControlHashes = await this.accessControlSecretUtils.secureDelegationKeysFor(\n exchangeDataInfo.accessControlSecret,\n entity.type,\n entity.entity.secretForeignKeys ?? []\n )\n const accessControlKeys = (\n await this.accessControlSecretUtils.accessControlKeysFor(\n exchangeDataInfo.accessControlSecret,\n entity.type,\n entity.entity.secretForeignKeys ?? []\n )\n ).map((x) => ua2hex(x))\n const accessControlKeysToHashes = accessControlKeys\n .map((key, index) => {\n return [key, accessControlHashes[index]]\n })\n .sort((a, b) => a[1].localeCompare(b[1]))\n\n const canonicalKey = accessControlKeysToHashes[0][1]\n const keyEquivalences = Object.fromEntries(accessControlKeysToHashes.slice(1).map((hash) => [hash[1], canonicalKey]))\n const encryptedDelegationInfo = await this.makeSecureDelegationEncryptedData(\n exchangeDataInfo,\n delegateId,\n shareSecretIds,\n shareEncryptionKeys,\n shareOwningEntityIds\n )\n const delegation = new SecureDelegation({\n delegator: encryptedDelegationInfo?.explicitDelegator,\n delegate: encryptedDelegationInfo?.explicitDelegate,\n secretIds: encryptedDelegationInfo?.secretIds,\n encryptionKeys: encryptedDelegationInfo?.encryptionKeys,\n owningEntityIds: encryptedDelegationInfo?.owningEntityIds,\n parentDelegations: parentDelegationKey ? [parentDelegationKey] : undefined,\n exchangeDataId: encryptedDelegationInfo?.exchangeDataId,\n encryptedExchangeDataId: encryptedDelegationInfo?.encryptedExchangeDataId,\n permissions: permissions,\n })\n return {\n canonicalDelegationKey: canonicalKey,\n canonicalAccessControlKey: accessControlKeysToHashes[0][0],\n delegation,\n encryptedExchangeDataId: encryptedDelegationInfo?.encryptedExchangeDataId,\n delegationKeyEquivalences: keyEquivalences,\n }\n }\n\n private async makeSecureDelegationEncryptedData(\n exchangeDataInfo: { exchangeData: ExchangeData; accessControlSecret: string; exchangeKey: CryptoKey },\n delegateId: string,\n shareSecretIds: string[],\n shareEncryptionKeys: string[],\n shareOwningEntityIds: string[]\n ): Promise<{\n explicitDelegator?: string\n explicitDelegate?: string\n secretIds?: string[]\n encryptionKeys?: string[]\n owningEntityIds?: string[]\n exchangeDataId?: string\n encryptedExchangeDataId?: { [fp: string]: string } // TODO if secure delegation info, check cache before calculating\n }> {\n const selfId = await this.dataOwnerApi.getCurrentDataOwnerId()\n const exchangeDataIdInfo =\n delegateId === selfId\n ? this.makeExchangeDataIdInfoForSelf(selfId, exchangeDataInfo.exchangeData)\n : await this.makeExchangeDataIdInfoForDelegate(selfId, delegateId, exchangeDataInfo.exchangeData)\n const encryptedSecretIds = await this.secureDelegationsEncryption.encryptSecretIds(shareSecretIds, exchangeDataInfo.exchangeKey)\n const encryptedEncryptionKeys = await this.secureDelegationsEncryption.encryptEncryptionKeys(shareEncryptionKeys, exchangeDataInfo.exchangeKey)\n const encryptedOwningEntityIds = await this.secureDelegationsEncryption.encryptOwningEntityIds(shareOwningEntityIds, exchangeDataInfo.exchangeKey)\n return {\n ...exchangeDataIdInfo,\n secretIds: encryptedSecretIds,\n encryptionKeys: encryptedEncryptionKeys,\n owningEntityIds: encryptedOwningEntityIds,\n }\n }\n\n private async makeExchangeDataIdInfoForDelegate(\n selfId: string,\n delegateId: string,\n exchangeData: ExchangeData\n ): Promise<{\n exchangeDataId?: string\n encryptedExchangeDataId?: { [fp: string]: string }\n explicitDelegator?: string\n explicitDelegate?: string\n }> {\n const delegateInfo = await this.getDataOwnerInfo(delegateId)\n if (!delegateInfo.requiresAnonymousDelegations && !this.selfNeedsAnonymousDelegations) {\n return {\n explicitDelegator: selfId,\n explicitDelegate: delegateId,\n exchangeDataId: exchangeData.id,\n }\n } else if (delegateInfo.requiresAnonymousDelegations && !this.selfNeedsAnonymousDelegations) {\n return {\n explicitDelegator: selfId,\n encryptedExchangeDataId: await this.secureDelegationsEncryption.encryptExchangeDataId(\n exchangeData.id!,\n Object.fromEntries(this.userKeys.getSelfVerifiedKeys().map((keyInfo) => [keyInfo.fingerprint, keyInfo.pair.publicKey]))\n ),\n }\n } else if (!delegateInfo.requiresAnonymousDelegations && this.selfNeedsAnonymousDelegations) {\n /**\n * Important: this requires that the exchange data signature also validates the authenticity of the public keys included in there.\n */\n const fingerprintsOfVerifiedExchangeData = new Set(Object.keys(exchangeData.exchangeKey))\n const delegateVerifiedKeys: { [fp: string]: CryptoKey } = {}\n for (const keyHex of [...delegateInfo.availablePublicKeysHexWithSha1, ...delegateInfo.availablePublicKeysHexWithSha256]) {\n const currFp = fingerprintV2(keyHex)\n const shaVersion = delegateInfo.availablePublicKeysHexWithSha1.includes(keyHex) ? 'sha-1' : 'sha-256'\n if (fingerprintsOfVerifiedExchangeData.has(currFp)) {\n delegateVerifiedKeys[currFp] = await this.primitives.RSA.importKey('spki', hex2ua(keyHex), ['encrypt'], shaVersion)\n }\n }\n if (!Object.keys(delegateVerifiedKeys).length)\n throw new Error('Illegal state: could not find any verified key for delegate in verified exchange data.')\n return {\n explicitDelegate: delegateId,\n encryptedExchangeDataId: await this.secureDelegationsEncryption.encryptExchangeDataId(exchangeData.id!, delegateVerifiedKeys),\n }\n } else return {}\n }\n\n private makeExchangeDataIdInfoForSelf(\n selfId: string,\n exchangeData: ExchangeData\n ): {\n exchangeDataId?: string\n encryptedExchangeDataId?: { [fp: string]: string }\n explicitDelegator?: string\n explicitDelegate?: string\n } {\n if (this.selfNeedsAnonymousDelegations) {\n return {}\n } else {\n return {\n exchangeDataId: exchangeData.id,\n explicitDelegator: selfId,\n explicitDelegate: selfId,\n }\n }\n }\n\n private async getDataOwnerInfo(dataOwnerId: string) {\n return this.dataOwnerInfoCache.get(dataOwnerId, async () => {\n const dataOwnerWithType = await this.dataOwnerApi.getCryptoActorStub(dataOwnerId)\n return {\n item: {\n requiresAnonymousDelegations: this.cryptoStrategies.dataOwnerRequiresAnonymousDelegation(dataOwnerWithType),\n availablePublicKeysHexWithSha1: Array.from(hexPublicKeysWithSha1Of(dataOwnerWithType.stub)),\n availablePublicKeysHexWithSha256: Array.from(hexPublicKeysWithSha256Of(dataOwnerWithType.stub)),\n },\n }\n })\n }\n\n private getExistingCanonicalKeyAndSecureDelegation(\n entity: EncryptedEntityStub | EncryptedEntity,\n hashes: string[]\n ): { canonicalKey: string; secureDelegation: SecureDelegation } | undefined {\n const securityMetadata = entity.securityMetadata ?? {}\n const canonicalByEquivalences = Array.from(new Set(hashes.flatMap((hash) => securityMetadata.keysEquivalences?.[hash] ?? [])))\n const directRetrievals = hashes.flatMap((hash) => {\n const retrievedMetadata = securityMetadata.secureDelegations?.[hash]\n return retrievedMetadata ? { canonicalKey: hash, secureDelegation: retrievedMetadata } : []\n })\n if (\n directRetrievals.length > 1 ||\n canonicalByEquivalences.length > 1 ||\n (!!canonicalByEquivalences[0] && !!directRetrievals[0]?.canonicalKey && canonicalByEquivalences[0] !== directRetrievals[0]?.canonicalKey)\n )\n throw new Error('Illegal state: multiple secure delegations matching equivalent hashes of entity.')\n const canonicalFromEquivalences = canonicalByEquivalences[0]\n const retrievedFromEquivalences = securityMetadata.secureDelegations?.[canonicalFromEquivalences]\n return (\n directRetrievals[0] ??\n (!!canonicalFromEquivalences && !!retrievedFromEquivalences\n ? { canonicalKey: canonicalFromEquivalences, secureDelegation: retrievedFromEquivalences }\n : undefined)\n )\n }\n}\n"]}
|
|
@@ -4,7 +4,7 @@ import { IccCryptoXApi } from './icc-crypto-x-api';
|
|
|
4
4
|
import { KeyPairUpdateRequest } from './maintenance/KeyPairUpdateRequest';
|
|
5
5
|
import { IccDataOwnerXApi } from './icc-data-owner-x-api';
|
|
6
6
|
import { User } from '../icc-api/model/User';
|
|
7
|
-
import { IccExchangeDataApi } from '../icc-api/api/IccExchangeDataApi';
|
|
7
|
+
import { IccExchangeDataApi } from '../icc-api/api/internal/IccExchangeDataApi';
|
|
8
8
|
import { DataOwnerTypeEnum } from '../icc-api/model/DataOwnerTypeEnum';
|
|
9
9
|
/**
|
|
10
10
|
* Api for interpreting maintenance tasks and applying required client-side actions.
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"icc-icure-maintenance-x-api.js","sourceRoot":"","sources":["../../icc-x-api/icc-icure-maintenance-x-api.ts"],"names":[],"mappings":";;;;;;;;;;;;AAEA,sEAAkE;AAClE,mCAAgC;AAChC,gEAA4D;AAC5D,wEAAoE;AACpE,wEAAoE;AAEpE,6EAAyE;AAGzE,wEAAoE;AAEpE,0EAAsE;AACtE,IAAO,eAAe,GAAG,mCAAgB,CAAC,eAAe,CAAA;AAIzD;;GAEG;AACH,MAAa,uBAAuB;IAClC,YACmB,MAAqB,EACrB,QAAgC,EAChC,YAA8B,EAC9B,eAAmC;QAHnC,WAAM,GAAN,MAAM,CAAe;QACrB,aAAQ,GAAR,QAAQ,CAAwB;QAChC,iBAAY,GAAZ,YAAY,CAAkB;QAC9B,oBAAe,GAAf,eAAe,CAAoB;IACnD,CAAC;IAEJ,iEAAiE;IAEjE;;;;;OAKG;IACG,kBAAkB,CAAC,MAA4B;;YACnD,MAAM,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,IAAI,CAAC,gBAAgB,CAClD,MAAM,CAAC,oBAAoB,EAC3B,MAAM,CAAC,YAAY,EACnB,IAAI,CAAC,MAAM,CAAC,eAAe,CAAC,iBAAiB,EAAE,CAChD,CAAA;YACD,MAAM,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,gBAAgB,CAAC,MAAM,CAAC,oBAAoB,EAAE,MAAM,CAAC,YAAY,CAAC,CAAA;QACnG,CAAC;KAAA;IAED;;;;;;;OAOG;IACG,mCAAmC,CAAC,IAAU,EAAE,OAA2B,EAAE,mBAAyC;;YAC1H,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,uBAAuB,EAAE,CAAA;YACzE,IAAI,CAAC,mBAAmB,EAAE;gBACxB,IAAI,eAAe,KAAK,QAAQ,EAAE;oBAChC,OAAO,CAAC,IAAI,CAAC,sGAAsG,CAAC,CAAA;oBACpH,OAAM;iBACP;qBAAM;oBACL,mBAAmB;wBACjB,eAAe,KAAK,qCAAiB,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,qCAAiB,CAAC,OAAO,EAAE,qCAAiB,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,qCAAiB,CAAC,GAAG,CAAC,CAAA;iBAC/H;aACF;YACD,MAAM,YAAY,GAAG,IAAA,cAAM,EAAC,MAAM,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,GAAG,CAAC,SAAS,CAAC,OAAO,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC,CAAA;YAClG,MAAM,cAAc,GAAG,YAAY,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAA;YAC9C,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,qBAAqB,EAAE,CAAA;YAC9D,MAAM,gCAAgC,GAAG,CAAC,MAAM,IAAI,CAAC,sBAAsB,CAAC,MAAM,EAAE,mBAAmB,CAAC,CAAC;iBACtG,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;iBACxD,OAAO,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC;iBAClD,MAAM,CAAC,CAAC,SAAS,EAAE,EAAE,CAAC,SAAS,KAAK,MAAM,CAAC,CAAA;YAC9C,MAAM,gCAAgC,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,sCAAsC,CACxG,MAAM,EACN,CAAC,GAAG,IAAI,GAAG,CAAC,mBAAmB,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAC5C,CAAA;YACD,MAAM,iBAAiB,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC,CAAC,GAAG,gCAAgC,EAAE,GAAG,gCAAgC,CAAC,CAAC,CAAC,CAAA;YAClH,IAAI,iBAAiB,CAAC,MAAM,GAAG,CAAC,EAAE;gBAChC,MAAM,aAAa,GAAG,iBAAiB,CAAC,GAAG,CAAC,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC;oBAC1D,QAAQ,EAAE,SAAS;oBACnB,IAAI,EAAE,IAAI,CAAC,qBAAqB,CAAC,MAAM,EAAE,YAAY,CAAC;iBACvD,CAAC,CAAC,CAAA;gBACH,KAAK,MAAM,YAAY,IAAI,aAAa,EAAE;oBACxC,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,EAAE,YAAY,CAAC,IAAI,EAAE;wBACxE,mBAAmB,EAAE,EAAE,CAAC,YAAY,CAAC,QAAQ,CAAC,EAAE,eAAe,CAAC,KAAK,EAAE;qBACxE,CAAC,CAAA;oBACF,IAAI,QAAQ,EAAE;wBACZ,sBAAsB;wBACtB,MAAM,IAAI,CAAC,QAAQ,CAAC,6BAA6B,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAA;qBAClE;iBACF;aACF;QACH,CAAC;KAAA;IAEa,sBAAsB,CAAC,WAAmB,EAAE,eAAoC;;YAC5F,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,IAAI,CAAC,sBAAsB,CAAC,WAAW,EAAE,eAAe,CAAC,CAAA;YAChH,MAAM,MAAM,GAAG,MAAM,CAAC,OAAO,CAAC,eAAe,CAAC,WAAW,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,WAAW,EAAE,iBAAiB,CAAC,EAAE,EAAE,CACtG,MAAM,CAAC,MAAM,CAAC,iBAAiB,CAAC,CAAC,GAAG,CAAC,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC;gBACvD,SAAS,EAAE,WAAW;gBACtB,QAAQ,EAAE,WAAW;gBACrB,YAAY,EAAE,IAAI,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;aAC3E,CAAC,CAAC,CACJ,CAAA;YACD,MAAM,QAAQ,GAAG,MAAM,CAAC,MAAM,CAAC,eAAe,CAAC,aAAa,CAAC,CAAC,OAAO,CAAC,CAAC,gBAAgB,EAAE,EAAE,CACzF,MAAM,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,UAAU,EAAE,aAAa,CAAC,EAAE,EAAE,CAAC,CAAC;gBACrE,SAAS,EAAE,WAAW;gBACtB,QAAQ,EAAE,UAAU;gBACpB,YAAY,EAAE,IAAI,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;aAC3E,CAAC,CAAC,CACJ,CAAA;YACD,OAAO,CAAC,GAAG,QAAQ,EAAE,GAAG,MAAM,CAAC,CAAA;QACjC,CAAC;KAAA;IAEO,qBAAqB,CAAC,OAAe,EAAE,eAAuB;QACpE,OAAO,IAAI,iCAAe,CAAC;YACzB,EAAE,EAAE,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,UAAU,EAAE;YACvC,QAAQ,EAAE,2CAAoB,CAAC,SAAS;YACxC,MAAM,EAAE,iCAAe,CAAC,UAAU,CAAC,OAAO;YAC1C,UAAU,EAAE;gBACV,IAAI,2BAAY,CAAC;oBACf,EAAE,EAAE,2CAAoB,CAAC,gBAAgB;oBACzC,IAAI,EAAE,IAAI,mCAAgB,CAAC,EAAE,IAAI,EAAE,mCAAgB,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC;oBACtE,UAAU,EAAE,IAAI,mCAAgB,CAAC;wBAC/B,IAAI,EAAE,mCAAgB,CAAC,QAAQ,CAAC,MAAM;wBACtC,WAAW,EAAE,OAAO;qBACrB,CAAC;iBACH,CAAC;gBACF,IAAI,2BAAY,CAAC;oBACf,EAAE,EAAE,2CAAoB,CAAC,iBAAiB;oBAC1C,IAAI,EAAE,IAAI,mCAAgB,CAAC,EAAE,IAAI,EAAE,mCAAgB,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC;oBACtE,UAAU,EAAE,IAAI,mCAAgB,CAAC;wBAC/B,IAAI,EAAE,mCAAgB,CAAC,QAAQ,CAAC,MAAM;wBACtC,WAAW,EAAE,eAAe;qBAC7B,CAAC;iBACH,CAAC;aACH;SACF,CAAC,CAAA;IACJ,CAAC;CACF;AArHD,0DAqHC","sourcesContent":["import { KeyPair } from './crypto/RSA'\nimport { IccMaintenanceTaskXApi } from './icc-maintenance-task-x-api'\nimport { MaintenanceTask } from '../icc-api/model/MaintenanceTask'\nimport { ua2hex } from './utils'\nimport { PropertyStub } from '../icc-api/model/PropertyStub'\nimport { PropertyTypeStub } from '../icc-api/model/PropertyTypeStub'\nimport { TypedValueObject } from '../icc-api/model/TypedValueObject'\nimport { IccCryptoXApi } from './icc-crypto-x-api'\nimport { KeyPairUpdateRequest } from './maintenance/KeyPairUpdateRequest'\nimport { IccDataOwnerXApi } from './icc-data-owner-x-api'\nimport { User } from '../icc-api/model/User'\nimport { SecureDelegation } from '../icc-api/model/SecureDelegation'\nimport { IccExchangeDataApi } from '../icc-api/api/IccExchangeDataApi'\nimport { DataOwnerTypeEnum } from '../icc-api/model/DataOwnerTypeEnum'\nimport AccessLevelEnum = SecureDelegation.AccessLevelEnum\n\ntype ExchangeKeyInfo = { delegator: string; delegate: string; fingerprints: Set<string> }\n\n/**\n * Api for interpreting maintenance tasks and applying required client-side actions.\n */\nexport class IccIcureMaintenanceXApi {\n constructor(\n private readonly crypto: IccCryptoXApi,\n private readonly tasksApi: IccMaintenanceTaskXApi,\n private readonly dataOwnerApi: IccDataOwnerXApi,\n private readonly exchangeDataApi: IccExchangeDataApi\n ) {}\n\n // TODO api to get all tasks for current owner from owner with id\n\n /**\n * Applies a key pair update request between another data owner and the current data owner to allow the other data owner to access existing exchange\n * keys shared with the current data owner. IMPORTANT: it is your responsibility to verify the authenticity of the public key / update request\n * before calling this method: this method assumes the new public key for the concerned data owner is authentic.\n * @param update a keypair update request to the current data owner.\n */\n async applyKeyPairUpdate(update: KeyPairUpdateRequest) {\n await this.crypto.exchangeKeys.base.giveAccessBackTo(\n update.concernedDataOwnerId,\n update.newPublicKey,\n this.crypto.userKeysManager.getDecryptionKeys()\n )\n await this.crypto.exchangeData.giveAccessBackTo(update.concernedDataOwnerId, update.newPublicKey)\n }\n\n /**\n * @internal This method is intended only for internal use and may be changed without notice.\n * Creates the necessary maintenance tasks to request access to existing exchange keys with the new key pair for the current user.\n * @param user the user which owns the new key pair.\n * @param keypair a new key pair for the current user.\n * @param requestToOwnerTypes specifies the types of data owner that have shared data with the current data owner or which were given access to data\n * from the current data owner will receive a 'give access back' request. If not specified, the value be inferred from the current data owner type.\n */\n async createMaintenanceTasksForNewKeypair(user: User, keypair: KeyPair<CryptoKey>, requestToOwnerTypes?: DataOwnerTypeEnum[]): Promise<void> {\n const currentUserType = await this.dataOwnerApi.getCurrentDataOwnerType()\n if (!requestToOwnerTypes) {\n if (currentUserType === 'device') {\n console.warn('Current data owner is a device and there is no need to create maintenance tasks for updated keypair.')\n return\n } else {\n requestToOwnerTypes =\n currentUserType === DataOwnerTypeEnum.Patient ? [DataOwnerTypeEnum.Patient, DataOwnerTypeEnum.Hcp] : [DataOwnerTypeEnum.Hcp]\n }\n }\n const hexNewPubKey = ua2hex(await this.crypto.primitives.RSA.exportKey(keypair.publicKey, 'spki'))\n const hexNewPubKeyFp = hexNewPubKey.slice(-32)\n const selfId = await this.dataOwnerApi.getCurrentDataOwnerId()\n const requestDataOwnersForExchangeKeys = (await this.getExchangeKeysInfosOf(selfId, requestToOwnerTypes))\n .filter((info) => !info.fingerprints.has(hexNewPubKeyFp))\n .flatMap((info) => [info.delegate, info.delegator])\n .filter((dataOwner) => dataOwner !== selfId)\n const requestDataOwnersForExchangeData = await this.exchangeDataApi.getExchangeDataParticipantCounterparts(\n selfId,\n [...new Set(requestToOwnerTypes)].join(',')\n )\n const requestDataOwners = [...new Set([...requestDataOwnersForExchangeKeys, ...requestDataOwnersForExchangeData])]\n if (requestDataOwners.length > 0) {\n const tasksToCreate = requestDataOwners.map((dataOwner) => ({\n delegate: dataOwner,\n task: this.createMaintenanceTask(selfId, hexNewPubKey),\n }))\n for (const taskToCreate of tasksToCreate) {\n const instance = await this.tasksApi.newInstance(user, taskToCreate.task, {\n additionalDelegates: { [taskToCreate.delegate]: AccessLevelEnum.WRITE },\n })\n if (instance) {\n // TODO create in bulk\n await this.tasksApi.createMaintenanceTaskWithUser(user, instance)\n }\n }\n }\n }\n\n private async getExchangeKeysInfosOf(dataOwnerId: string, otherOwnerTypes: DataOwnerTypeEnum[]): Promise<ExchangeKeyInfo[]> {\n const allExchangeKeys = await this.crypto.exchangeKeys.base.getAllExchangeKeysWith(dataOwnerId, otherOwnerTypes)\n const infoTo = Object.entries(allExchangeKeys.keysToOwner).flatMap(([delegatorId, delegatorFpToKeys]) =>\n Object.values(delegatorFpToKeys).map((encryptedKeys) => ({\n delegator: delegatorId,\n delegate: dataOwnerId,\n fingerprints: new Set(Object.keys(encryptedKeys).map((x) => x.slice(-32))),\n }))\n )\n const infoFrom = Object.values(allExchangeKeys.keysFromOwner).flatMap((delegateIdToKeys) =>\n Object.entries(delegateIdToKeys).map(([delegateId, encryptedKeys]) => ({\n delegator: dataOwnerId,\n delegate: delegateId,\n fingerprints: new Set(Object.keys(encryptedKeys).map((x) => x.slice(-32))),\n }))\n )\n return [...infoFrom, ...infoTo]\n }\n\n private createMaintenanceTask(ownerId: string, concernedPubKey: string) {\n return new MaintenanceTask({\n id: this.crypto.primitives.randomUuid(),\n taskType: KeyPairUpdateRequest.TASK_TYPE,\n status: MaintenanceTask.StatusEnum.Pending,\n properties: [\n new PropertyStub({\n id: KeyPairUpdateRequest.OWNER_ID_PROP_ID,\n type: new PropertyTypeStub({ type: PropertyTypeStub.TypeEnum.STRING }),\n typedValue: new TypedValueObject({\n type: TypedValueObject.TypeEnum.STRING,\n stringValue: ownerId,\n }),\n }),\n new PropertyStub({\n id: KeyPairUpdateRequest.OWNER_PUB_PROP_ID,\n type: new PropertyTypeStub({ type: PropertyTypeStub.TypeEnum.STRING }),\n typedValue: new TypedValueObject({\n type: TypedValueObject.TypeEnum.STRING,\n stringValue: concernedPubKey,\n }),\n }),\n ],\n })\n }\n}\n"]}
|
|
1
|
+
{"version":3,"file":"icc-icure-maintenance-x-api.js","sourceRoot":"","sources":["../../icc-x-api/icc-icure-maintenance-x-api.ts"],"names":[],"mappings":";;;;;;;;;;;;AAEA,sEAAkE;AAClE,mCAAgC;AAChC,gEAA4D;AAC5D,wEAAoE;AACpE,wEAAoE;AAEpE,6EAAyE;AAGzE,wEAAoE;AAEpE,0EAAsE;AACtE,IAAO,eAAe,GAAG,mCAAgB,CAAC,eAAe,CAAA;AAIzD;;GAEG;AACH,MAAa,uBAAuB;IAClC,YACmB,MAAqB,EACrB,QAAgC,EAChC,YAA8B,EAC9B,eAAmC;QAHnC,WAAM,GAAN,MAAM,CAAe;QACrB,aAAQ,GAAR,QAAQ,CAAwB;QAChC,iBAAY,GAAZ,YAAY,CAAkB;QAC9B,oBAAe,GAAf,eAAe,CAAoB;IACnD,CAAC;IAEJ,iEAAiE;IAEjE;;;;;OAKG;IACG,kBAAkB,CAAC,MAA4B;;YACnD,MAAM,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,IAAI,CAAC,gBAAgB,CAClD,MAAM,CAAC,oBAAoB,EAC3B,MAAM,CAAC,YAAY,EACnB,IAAI,CAAC,MAAM,CAAC,eAAe,CAAC,iBAAiB,EAAE,CAChD,CAAA;YACD,MAAM,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,gBAAgB,CAAC,MAAM,CAAC,oBAAoB,EAAE,MAAM,CAAC,YAAY,CAAC,CAAA;QACnG,CAAC;KAAA;IAED;;;;;;;OAOG;IACG,mCAAmC,CAAC,IAAU,EAAE,OAA2B,EAAE,mBAAyC;;YAC1H,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,uBAAuB,EAAE,CAAA;YACzE,IAAI,CAAC,mBAAmB,EAAE;gBACxB,IAAI,eAAe,KAAK,QAAQ,EAAE;oBAChC,OAAO,CAAC,IAAI,CAAC,sGAAsG,CAAC,CAAA;oBACpH,OAAM;iBACP;qBAAM;oBACL,mBAAmB;wBACjB,eAAe,KAAK,qCAAiB,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,qCAAiB,CAAC,OAAO,EAAE,qCAAiB,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,qCAAiB,CAAC,GAAG,CAAC,CAAA;iBAC/H;aACF;YACD,MAAM,YAAY,GAAG,IAAA,cAAM,EAAC,MAAM,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,GAAG,CAAC,SAAS,CAAC,OAAO,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC,CAAA;YAClG,MAAM,cAAc,GAAG,YAAY,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAA;YAC9C,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,qBAAqB,EAAE,CAAA;YAC9D,MAAM,gCAAgC,GAAG,CAAC,MAAM,IAAI,CAAC,sBAAsB,CAAC,MAAM,EAAE,mBAAmB,CAAC,CAAC;iBACtG,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;iBACxD,OAAO,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC;iBAClD,MAAM,CAAC,CAAC,SAAS,EAAE,EAAE,CAAC,SAAS,KAAK,MAAM,CAAC,CAAA;YAC9C,MAAM,gCAAgC,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,sCAAsC,CACxG,MAAM,EACN,CAAC,GAAG,IAAI,GAAG,CAAC,mBAAmB,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAC5C,CAAA;YACD,MAAM,iBAAiB,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC,CAAC,GAAG,gCAAgC,EAAE,GAAG,gCAAgC,CAAC,CAAC,CAAC,CAAA;YAClH,IAAI,iBAAiB,CAAC,MAAM,GAAG,CAAC,EAAE;gBAChC,MAAM,aAAa,GAAG,iBAAiB,CAAC,GAAG,CAAC,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC;oBAC1D,QAAQ,EAAE,SAAS;oBACnB,IAAI,EAAE,IAAI,CAAC,qBAAqB,CAAC,MAAM,EAAE,YAAY,CAAC;iBACvD,CAAC,CAAC,CAAA;gBACH,KAAK,MAAM,YAAY,IAAI,aAAa,EAAE;oBACxC,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,EAAE,YAAY,CAAC,IAAI,EAAE;wBACxE,mBAAmB,EAAE,EAAE,CAAC,YAAY,CAAC,QAAQ,CAAC,EAAE,eAAe,CAAC,KAAK,EAAE;qBACxE,CAAC,CAAA;oBACF,IAAI,QAAQ,EAAE;wBACZ,sBAAsB;wBACtB,MAAM,IAAI,CAAC,QAAQ,CAAC,6BAA6B,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAA;qBAClE;iBACF;aACF;QACH,CAAC;KAAA;IAEa,sBAAsB,CAAC,WAAmB,EAAE,eAAoC;;YAC5F,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,IAAI,CAAC,sBAAsB,CAAC,WAAW,EAAE,eAAe,CAAC,CAAA;YAChH,MAAM,MAAM,GAAG,MAAM,CAAC,OAAO,CAAC,eAAe,CAAC,WAAW,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,WAAW,EAAE,iBAAiB,CAAC,EAAE,EAAE,CACtG,MAAM,CAAC,MAAM,CAAC,iBAAiB,CAAC,CAAC,GAAG,CAAC,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC;gBACvD,SAAS,EAAE,WAAW;gBACtB,QAAQ,EAAE,WAAW;gBACrB,YAAY,EAAE,IAAI,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;aAC3E,CAAC,CAAC,CACJ,CAAA;YACD,MAAM,QAAQ,GAAG,MAAM,CAAC,MAAM,CAAC,eAAe,CAAC,aAAa,CAAC,CAAC,OAAO,CAAC,CAAC,gBAAgB,EAAE,EAAE,CACzF,MAAM,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,UAAU,EAAE,aAAa,CAAC,EAAE,EAAE,CAAC,CAAC;gBACrE,SAAS,EAAE,WAAW;gBACtB,QAAQ,EAAE,UAAU;gBACpB,YAAY,EAAE,IAAI,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;aAC3E,CAAC,CAAC,CACJ,CAAA;YACD,OAAO,CAAC,GAAG,QAAQ,EAAE,GAAG,MAAM,CAAC,CAAA;QACjC,CAAC;KAAA;IAEO,qBAAqB,CAAC,OAAe,EAAE,eAAuB;QACpE,OAAO,IAAI,iCAAe,CAAC;YACzB,EAAE,EAAE,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,UAAU,EAAE;YACvC,QAAQ,EAAE,2CAAoB,CAAC,SAAS;YACxC,MAAM,EAAE,iCAAe,CAAC,UAAU,CAAC,OAAO;YAC1C,UAAU,EAAE;gBACV,IAAI,2BAAY,CAAC;oBACf,EAAE,EAAE,2CAAoB,CAAC,gBAAgB;oBACzC,IAAI,EAAE,IAAI,mCAAgB,CAAC,EAAE,IAAI,EAAE,mCAAgB,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC;oBACtE,UAAU,EAAE,IAAI,mCAAgB,CAAC;wBAC/B,IAAI,EAAE,mCAAgB,CAAC,QAAQ,CAAC,MAAM;wBACtC,WAAW,EAAE,OAAO;qBACrB,CAAC;iBACH,CAAC;gBACF,IAAI,2BAAY,CAAC;oBACf,EAAE,EAAE,2CAAoB,CAAC,iBAAiB;oBAC1C,IAAI,EAAE,IAAI,mCAAgB,CAAC,EAAE,IAAI,EAAE,mCAAgB,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC;oBACtE,UAAU,EAAE,IAAI,mCAAgB,CAAC;wBAC/B,IAAI,EAAE,mCAAgB,CAAC,QAAQ,CAAC,MAAM;wBACtC,WAAW,EAAE,eAAe;qBAC7B,CAAC;iBACH,CAAC;aACH;SACF,CAAC,CAAA;IACJ,CAAC;CACF;AArHD,0DAqHC","sourcesContent":["import { KeyPair } from './crypto/RSA'\nimport { IccMaintenanceTaskXApi } from './icc-maintenance-task-x-api'\nimport { MaintenanceTask } from '../icc-api/model/MaintenanceTask'\nimport { ua2hex } from './utils'\nimport { PropertyStub } from '../icc-api/model/PropertyStub'\nimport { PropertyTypeStub } from '../icc-api/model/PropertyTypeStub'\nimport { TypedValueObject } from '../icc-api/model/TypedValueObject'\nimport { IccCryptoXApi } from './icc-crypto-x-api'\nimport { KeyPairUpdateRequest } from './maintenance/KeyPairUpdateRequest'\nimport { IccDataOwnerXApi } from './icc-data-owner-x-api'\nimport { User } from '../icc-api/model/User'\nimport { SecureDelegation } from '../icc-api/model/SecureDelegation'\nimport { IccExchangeDataApi } from '../icc-api/api/internal/IccExchangeDataApi'\nimport { DataOwnerTypeEnum } from '../icc-api/model/DataOwnerTypeEnum'\nimport AccessLevelEnum = SecureDelegation.AccessLevelEnum\n\ntype ExchangeKeyInfo = { delegator: string; delegate: string; fingerprints: Set<string> }\n\n/**\n * Api for interpreting maintenance tasks and applying required client-side actions.\n */\nexport class IccIcureMaintenanceXApi {\n constructor(\n private readonly crypto: IccCryptoXApi,\n private readonly tasksApi: IccMaintenanceTaskXApi,\n private readonly dataOwnerApi: IccDataOwnerXApi,\n private readonly exchangeDataApi: IccExchangeDataApi\n ) {}\n\n // TODO api to get all tasks for current owner from owner with id\n\n /**\n * Applies a key pair update request between another data owner and the current data owner to allow the other data owner to access existing exchange\n * keys shared with the current data owner. IMPORTANT: it is your responsibility to verify the authenticity of the public key / update request\n * before calling this method: this method assumes the new public key for the concerned data owner is authentic.\n * @param update a keypair update request to the current data owner.\n */\n async applyKeyPairUpdate(update: KeyPairUpdateRequest) {\n await this.crypto.exchangeKeys.base.giveAccessBackTo(\n update.concernedDataOwnerId,\n update.newPublicKey,\n this.crypto.userKeysManager.getDecryptionKeys()\n )\n await this.crypto.exchangeData.giveAccessBackTo(update.concernedDataOwnerId, update.newPublicKey)\n }\n\n /**\n * @internal This method is intended only for internal use and may be changed without notice.\n * Creates the necessary maintenance tasks to request access to existing exchange keys with the new key pair for the current user.\n * @param user the user which owns the new key pair.\n * @param keypair a new key pair for the current user.\n * @param requestToOwnerTypes specifies the types of data owner that have shared data with the current data owner or which were given access to data\n * from the current data owner will receive a 'give access back' request. If not specified, the value be inferred from the current data owner type.\n */\n async createMaintenanceTasksForNewKeypair(user: User, keypair: KeyPair<CryptoKey>, requestToOwnerTypes?: DataOwnerTypeEnum[]): Promise<void> {\n const currentUserType = await this.dataOwnerApi.getCurrentDataOwnerType()\n if (!requestToOwnerTypes) {\n if (currentUserType === 'device') {\n console.warn('Current data owner is a device and there is no need to create maintenance tasks for updated keypair.')\n return\n } else {\n requestToOwnerTypes =\n currentUserType === DataOwnerTypeEnum.Patient ? [DataOwnerTypeEnum.Patient, DataOwnerTypeEnum.Hcp] : [DataOwnerTypeEnum.Hcp]\n }\n }\n const hexNewPubKey = ua2hex(await this.crypto.primitives.RSA.exportKey(keypair.publicKey, 'spki'))\n const hexNewPubKeyFp = hexNewPubKey.slice(-32)\n const selfId = await this.dataOwnerApi.getCurrentDataOwnerId()\n const requestDataOwnersForExchangeKeys = (await this.getExchangeKeysInfosOf(selfId, requestToOwnerTypes))\n .filter((info) => !info.fingerprints.has(hexNewPubKeyFp))\n .flatMap((info) => [info.delegate, info.delegator])\n .filter((dataOwner) => dataOwner !== selfId)\n const requestDataOwnersForExchangeData = await this.exchangeDataApi.getExchangeDataParticipantCounterparts(\n selfId,\n [...new Set(requestToOwnerTypes)].join(',')\n )\n const requestDataOwners = [...new Set([...requestDataOwnersForExchangeKeys, ...requestDataOwnersForExchangeData])]\n if (requestDataOwners.length > 0) {\n const tasksToCreate = requestDataOwners.map((dataOwner) => ({\n delegate: dataOwner,\n task: this.createMaintenanceTask(selfId, hexNewPubKey),\n }))\n for (const taskToCreate of tasksToCreate) {\n const instance = await this.tasksApi.newInstance(user, taskToCreate.task, {\n additionalDelegates: { [taskToCreate.delegate]: AccessLevelEnum.WRITE },\n })\n if (instance) {\n // TODO create in bulk\n await this.tasksApi.createMaintenanceTaskWithUser(user, instance)\n }\n }\n }\n }\n\n private async getExchangeKeysInfosOf(dataOwnerId: string, otherOwnerTypes: DataOwnerTypeEnum[]): Promise<ExchangeKeyInfo[]> {\n const allExchangeKeys = await this.crypto.exchangeKeys.base.getAllExchangeKeysWith(dataOwnerId, otherOwnerTypes)\n const infoTo = Object.entries(allExchangeKeys.keysToOwner).flatMap(([delegatorId, delegatorFpToKeys]) =>\n Object.values(delegatorFpToKeys).map((encryptedKeys) => ({\n delegator: delegatorId,\n delegate: dataOwnerId,\n fingerprints: new Set(Object.keys(encryptedKeys).map((x) => x.slice(-32))),\n }))\n )\n const infoFrom = Object.values(allExchangeKeys.keysFromOwner).flatMap((delegateIdToKeys) =>\n Object.entries(delegateIdToKeys).map(([delegateId, encryptedKeys]) => ({\n delegator: dataOwnerId,\n delegate: delegateId,\n fingerprints: new Set(Object.keys(encryptedKeys).map((x) => x.slice(-32))),\n }))\n )\n return [...infoFrom, ...infoTo]\n }\n\n private createMaintenanceTask(ownerId: string, concernedPubKey: string) {\n return new MaintenanceTask({\n id: this.crypto.primitives.randomUuid(),\n taskType: KeyPairUpdateRequest.TASK_TYPE,\n status: MaintenanceTask.StatusEnum.Pending,\n properties: [\n new PropertyStub({\n id: KeyPairUpdateRequest.OWNER_ID_PROP_ID,\n type: new PropertyTypeStub({ type: PropertyTypeStub.TypeEnum.STRING }),\n typedValue: new TypedValueObject({\n type: TypedValueObject.TypeEnum.STRING,\n stringValue: ownerId,\n }),\n }),\n new PropertyStub({\n id: KeyPairUpdateRequest.OWNER_PUB_PROP_ID,\n type: new PropertyTypeStub({ type: PropertyTypeStub.TypeEnum.STRING }),\n typedValue: new TypedValueObject({\n type: TypedValueObject.TypeEnum.STRING,\n stringValue: concernedPubKey,\n }),\n }),\n ],\n })\n }\n}\n"]}
|
|
@@ -144,7 +144,7 @@ export declare class IccMessageXApi extends IccMessageApi implements EncryptedEn
|
|
|
144
144
|
}>;
|
|
145
145
|
getEncryptionKeysOf(entity: models.Message): Promise<string[]>;
|
|
146
146
|
filterMessagesBy(body: FilterChainMessage, startDocumentId?: string, limit?: number): Promise<PaginatedListMessage>;
|
|
147
|
-
|
|
147
|
+
encryptAndCreateMessageInTopic(body: Message): Promise<Message>;
|
|
148
148
|
setMessagesReadStatus(body?: MessagesReadStatusUpdate): Promise<Array<Message>>;
|
|
149
149
|
getAndDecryptMessage(messageId: string): Promise<Message>;
|
|
150
150
|
subscribeToMessageEvents(eventTypes: ('CREATE' | 'UPDATE' | 'DELETE')[], filter: AbstractFilter<Message> | undefined, eventFired: (message: Message) => Promise<void>, options?: SubscriptionOptions): Promise<Connection>;
|
|
@@ -195,13 +195,13 @@ class IccMessageXApi extends icc_api_1.IccMessageApi {
|
|
|
195
195
|
return Object.assign(Object.assign({}, page), { rows: decryptedMessages.map((m) => m.entity) });
|
|
196
196
|
});
|
|
197
197
|
}
|
|
198
|
-
|
|
198
|
+
encryptAndCreateMessageInTopic(body) {
|
|
199
199
|
const _super = Object.create(null, {
|
|
200
|
-
|
|
200
|
+
createMessageInTopic: { get: () => super.createMessageInTopic }
|
|
201
201
|
});
|
|
202
202
|
return __awaiter(this, void 0, void 0, function* () {
|
|
203
203
|
const encryptedMessage = yield this.encrypt([body]);
|
|
204
|
-
const createdMessage = yield _super.
|
|
204
|
+
const createdMessage = yield _super.createMessageInTopic.call(this, encryptedMessage[0]);
|
|
205
205
|
return (yield this.decrypt([createdMessage]))[0].entity;
|
|
206
206
|
});
|
|
207
207
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"icc-message-x-api.js","sourceRoot":"","sources":["../../icc-x-api/icc-message-x-api.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,wCAAsD;AAGtD,kDAAiD;AAGjD,0EAAgG;AAChG,wEAAoE;AAOpE,IAAO,eAAe,GAAG,mCAAgB,CAAC,eAAe,CAAA;AAGzD,mCAAqH;AACrH,4DAAwE;AAExE,MAAa,cAAe,SAAQ,uBAAa;IAG/C,IAAI,OAAO;QACT,OAAO,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,wBAAwB,CAAC,2BAA2B,CAAC,CAAC,EAAE,SAAS,CAAC,CAAC,CAAA;IAClH,CAAC;IAED,YACE,IAAY,EACZ,OAAkC,EACjB,MAAqB,EACrB,YAA8B,EAC9B,OAAmB,EACnB,cAAuB,EACxC,yBAAiD,IAAI,iDAAwB,EAAE,EAC/E,gBAA+B,EAAE,EACjC,YAA2E,OAAO,MAAM,KAAK,WAAW;QACtG,CAAC,CAAC,MAAM,CAAC,KAAK;QACd,CAAC,CAAC,OAAO,IAAI,KAAK,WAAW;YAC7B,CAAC,CAAC,IAAI,CAAC,KAAK;YACZ,CAAC,CAAC,KAAK;QAET,KAAK,CAAC,IAAI,EAAE,OAAO,EAAE,sBAAsB,EAAE,SAAS,CAAC,CAAA;QAZtC,WAAM,GAAN,MAAM,CAAe;QACrB,iBAAY,GAAZ,YAAY,CAAkB;QAC9B,YAAO,GAAP,OAAO,CAAY;QACnB,mBAAc,GAAd,cAAc,CAAS;QAUxC,IAAI,CAAC,eAAe,GAAG,IAAA,4BAAoB,EAAC,aAAa,EAAE,UAAU,CAAC,CAAA;IACxE,CAAC;IAED,qCAAqC;IACrC,WAAW,CAAC,IAAU,EAAE,CAAM;QAC5B,OAAO,IAAI,CAAC,sBAAsB,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,CAAA;IACnD,CAAC;IAED;;;;;;;;;;;;;OAaG;IACG,sBAAsB,CAC1B,IAAU,EACV,OAAuB,EACvB,IAAS,EAAE,EACX,UAGI,EAAE;;;YAEN,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,YAAY;gBAAE,MAAM,IAAI,KAAK,CAAC,yEAAyE,CAAC,CAAA;YAChI,MAAM,OAAO,mCACR,CAAC,CAAC,aAAD,CAAC,cAAD,CAAC,GAAI,EAAE,CAAC,KACZ,KAAK,EAAE,mCAAmC,EAC1C,EAAE,EAAE,MAAA,CAAC,aAAD,CAAC,uBAAD,CAAC,CAAE,EAAE,mCAAI,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,UAAU,EAAE,EAChD,OAAO,EAAE,MAAA,CAAC,aAAD,CAAC,uBAAD,CAAC,CAAE,OAAO,mCAAI,IAAI,IAAI,EAAE,CAAC,OAAO,EAAE,EAC3C,QAAQ,EAAE,MAAA,CAAC,aAAD,CAAC,uBAAD,CAAC,CAAE,QAAQ,mCAAI,IAAI,IAAI,EAAE,CAAC,OAAO,EAAE,EAC7C,WAAW,EAAE,MAAA,CAAC,aAAD,CAAC,uBAAD,CAAC,CAAE,WAAW,mCAAI,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,gBAAgB,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,EAC3G,MAAM,EAAE,MAAA,CAAC,aAAD,CAAC,uBAAD,CAAC,CAAE,MAAM,mCAAI,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC,EAChE,KAAK,EAAE,MAAA,CAAC,aAAD,CAAC,uBAAD,CAAC,CAAE,KAAK,mCAAI,EAAE,EACrB,IAAI,EAAE,MAAA,CAAC,aAAD,CAAC,uBAAD,CAAC,CAAE,IAAI,mCAAI,EAAE,GACpB,CAAA;YAED,MAAM,OAAO,GAAG,IAAI,CAAC,YAAY,CAAC,gBAAgB,CAAC,IAAI,CAAC,CAAA;YACxD,IAAI,OAAO,KAAK,CAAC,MAAM,IAAI,CAAC,YAAY,CAAC,qBAAqB,EAAE,CAAC;gBAAE,MAAM,IAAI,KAAK,CAAC,qDAAqD,CAAC,CAAA;YACzI,MAAM,GAAG,GAAG,OAAO;gBACjB,CAAC,CAAC,MAAA,OAAO,CAAC,YAAY,mCAAI,CAAC,MAAM,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,+BAA+B,CAAC,EAAE,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC,CAAC;gBAChI,CAAC,CAAC,SAAS,CAAA;YACb,IAAI,OAAO,IAAI,CAAC,GAAG;gBAAE,MAAM,IAAI,KAAK,CAAC,2CAA2C,OAAO,CAAC,EAAE,EAAE,CAAC,CAAA;YAC7F,MAAM,gBAAgB,mCACjB,MAAM,CAAC,WAAW,CACnB,CAAC,GAAG,CAAC,MAAA,MAAA,IAAI,CAAC,eAAe,0CAAE,GAAG,mCAAI,EAAE,CAAC,EAAE,GAAG,CAAC,MAAA,MAAA,IAAI,CAAC,eAAe,0CAAE,kBAAkB,mCAAI,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,eAAe,CAAC,KAAK,CAAC,CAAC,CACnI,GACE,CAAC,MAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,mBAAmB,mCAAI,EAAE,CAAC,CACxC,CAAA;YACD,OAAO,IAAI,MAAM,CAAC,OAAO,CACvB,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI;iBACnB,sCAAsC,CAAC,OAAO,EAAE,SAAS,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,EAAE,EAAE,GAAG,EAAE,IAAI,EAAE,IAAI,EAAE,gBAAgB,CAAC;iBAC1G,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,aAAa,CAAC,CAChC,CAAA;;KACF;IAED,OAAO,CAAC,QAA+B;QACrC,OAAO,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,OAAO,EAAE,SAAS,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAA;IACjI,CAAC;IAED,OAAO,CAAC,QAA+B;QACrC,OAAO,OAAO,CAAC,GAAG,CAChB,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,EAAE,SAAS,EAAE,IAAI,CAAC,eAAe,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CACtI,CAAA;IACH,CAAC;IAED;;;;OAIG;IACG,kBAAkB,CAAC,OAAuB;;YAC9C,OAAO,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,iBAAiB,CAAC,EAAE,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,SAAS,CAAC,CAAA;QAC5F,CAAC;KAAA;IAED;;OAEG;IACG,cAAc,CAAC,OAAuB;;YAC1C,OAAO,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,cAAc,CAAC,EAAE,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC,CAAA;QAC9E,CAAC;KAAA;IAED;;;;;;;;;;;;;;;OAeG;IACG,SAAS,CACb,UAAkB,EAClB,OAAuB,EACvB,cAAwB,EACxB,UAII,EAAE;;YAEN,OAAO,IAAI,CAAC,aAAa,CAAC,OAAO,EAAE,EAAE,CAAC,UAAU,CAAC,kCAAO,OAAO,KAAE,cAAc,GAAE,EAAE,CAAC,CAAA;QACtF,CAAC;KAAA;IAED;;;;;;;;;;;;;;OAcG;IACG,aAAa,CACjB,OAAuB,EACvB,SAOC;;YAED,OAAO,CAAC,MAAM,IAAI,CAAC,gBAAgB,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC,CAAC,oBAAoB,CAAA;QAC/E,CAAC;KAAA;IAED;;;;;;;;;;;;;;;OAeG;IACG,gBAAgB,CACpB,OAAuB,EACvB,SAOC;;YAED,8CAA8C;YAC9C,MAAM,uBAAuB,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,+BAA+B,CAAC,OAAO,EAAE,SAAS,CAAC,CAAA;YAC1G,MAAM,aAAa,GAAG,uBAAuB,CAAC,CAAC,CAAC,MAAM,IAAI,CAAC,aAAa,CAAC,uBAAuB,CAAC,CAAC,CAAC,CAAC,OAAO,CAAA;YAC3G,OAAO,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,0CAA0C,CAChE,EAAE,MAAM,EAAE,aAAa,EAAE,IAAI,EAAE,SAAS,EAAE,EAC1C,KAAK,EACL,MAAM,CAAC,WAAW,CAChB,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,UAAU,EAAE,OAAO,CAAC,EAAE,EAAE,CAAC;gBACvD,UAAU;gBACV;oBACE,oBAAoB,EAAE,OAAO,CAAC,oBAAoB;oBAClD,mBAAmB,EAAE,OAAO,CAAC,kBAAkB;oBAC/C,oBAAoB,EAAE,OAAO,CAAC,cAAc;oBAC5C,cAAc,EAAE,OAAO,CAAC,cAAc;iBACvC;aACF,CAAC,CACH,EACD,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC,CAAC,CACjC,CAAA;QACH,CAAC;KAAA;IAED;;;;OAIG;IACH,kBAAkB,CAAC,OAAuB;QACxC,OAAO,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,SAAS,CAAC,CAAA;IACtF,CAAC;IAED,yBAAyB,CACvB,MAAsB;QAEtB,OAAO,IAAI,CAAC,MAAM,CAAC,0BAA0B,CAAC,yBAAyB,CAAC,EAAE,MAAM,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC,CAAA;IACtG,CAAC;IAED,mBAAmB,CAAC,MAAsB;QACxC,OAAO,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,gBAAgB,CAAC,EAAE,MAAM,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,SAAS,CAAC,CAAA;IAClF,CAAC;IAEc,gBAAgB,CAAC,IAAwB,EAAE,eAAwB,EAAE,KAAc;;;;;;YAChG,MAAM,IAAI,GAAG,MAAM,OAAM,gBAAgB,YAAC,IAAI,EAAE,eAAe,EAAE,KAAK,CAAC,CAAA;YACvE,MAAM,iBAAiB,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,MAAA,IAAI,CAAC,IAAI,mCAAI,EAAE,CAAC,CAAA;YAC7D,IAAI,iBAAiB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;gBAAE,MAAM,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAA;YACxG,uCACK,IAAI,KACP,IAAI,EAAE,iBAAiB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,IAC7C;;KACF;IAEK,uBAAuB,CAAC,IAAa;;;;;YACzC,MAAM,gBAAgB,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,CAAC,CAAA;YACnD,MAAM,cAAc,GAAG,MAAM,OAAM,aAAa,YAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC,CAAA;YACrE,OAAO,CAAC,MAAM,IAAI,CAAC,OAAO,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAA;QACzD,CAAC;KAAA;IAEK,qBAAqB,CAAC,IAA+B;;;;;YACzD,OAAO,CAAC,MAAM,IAAI,CAAC,OAAO,CAAC,MAAM,OAAM,qBAAqB,YAAC,IAAI,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAA;QAC3F,CAAC;KAAA;IAEK,oBAAoB,CAAC,SAAiB;;;;;YAC1C,MAAM,gBAAgB,GAAG,MAAM,OAAM,UAAU,YAAC,SAAS,CAAC,CAAA;YAC1D,MAAM,gBAAgB,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,CAAC,gBAAgB,CAAC,CAAC,CAAA;YAC/D,IAAI,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC,SAAS;gBAAE,MAAM,IAAI,KAAK,CAAC,gCAAgC,CAAC,CAAA;YACrF,OAAO,gBAAgB,CAAC,CAAC,CAAC,CAAC,MAAM,CAAA;QACnC,CAAC;KAAA;IAEK,wBAAwB,CAC5B,UAA8C,EAC9C,MAA2C,EAC3C,UAA+C,EAC/C,UAA+B,EAAE;;YAEjC,OAAO,MAAM,IAAA,+BAAuB,EAClC,IAAI,CAAC,IAAI,EACT,IAAI,CAAC,OAAO,EACZ,SAAS,EACT,UAAU,EACV,MAAM,EACN,UAAU,EACV,OAAO,EACP,CAAO,SAAS,EAAE,EAAE,gDAAC,OAAA,CAAC,MAAM,IAAI,CAAC,OAAO,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAA,GAAA,CACjE,CAAC,IAAI,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,IAAI,2BAAc,CAAC,EAAE,CAAC,CAAC,CAAA;QACxC,CAAC;KAAA;IAED,uCAAuC,CAAC,MAAe,EAAE,SAAmB;QAC1E,OAAO,IAAI,CAAC,MAAM,CAAC,0BAA0B,CAAC,iCAAiC,CAAC,EAAE,MAAM,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,SAAS,CAAC,CAAA;IACzH,CAAC;CACF;AA7RD,wCA6RC","sourcesContent":["import { IccAuthApi, IccMessageApi } from '../icc-api'\nimport { IccCryptoXApi } from './icc-crypto-x-api'\n\nimport * as models from '../icc-api/model/models'\nimport {MaintenanceTask, Message, MessagesReadStatusUpdate, PaginatedListMessage, Patient, User} from '../icc-api/model/models'\nimport { IccDataOwnerXApi } from './icc-data-owner-x-api'\nimport { AuthenticationProvider, NoAuthenticationProvider } from './auth/AuthenticationProvider'\nimport { SecureDelegation } from '../icc-api/model/SecureDelegation'\nimport { ShareMetadataBehaviour } from './crypto/ShareMetadataBehaviour'\nimport { ShareResult } from './utils/ShareResult'\nimport { EntityShareRequest } from '../icc-api/model/requests/EntityShareRequest'\nimport { XHR } from '../icc-api/api/XHR'\nimport { EncryptedEntityXApi } from './basexapi/EncryptedEntityXApi'\nimport { FilterChainMessage } from '../icc-api/model/FilterChainMessage'\nimport AccessLevelEnum = SecureDelegation.AccessLevelEnum\nimport RequestedPermissionEnum = EntityShareRequest.RequestedPermissionEnum\nimport { AbstractFilter } from './filters/filters'\nimport { EncryptedFieldsManifest, parseEncryptedFields, subscribeToEntityEvents, SubscriptionOptions } from './utils'\nimport { Connection, ConnectionImpl } from '../icc-api/model/Connection'\n\nexport class IccMessageXApi extends IccMessageApi implements EncryptedEntityXApi<models.Message> {\n private readonly encryptedFields: EncryptedFieldsManifest\n\n get headers(): Promise<Array<XHR.Header>> {\n return super.headers.then((h) => this.crypto.accessControlKeysHeaders.addAccessControlKeysHeaders(h, 'Message'))\n }\n\n constructor(\n host: string,\n headers: { [key: string]: string },\n private readonly crypto: IccCryptoXApi,\n private readonly dataOwnerApi: IccDataOwnerXApi,\n private readonly authApi: IccAuthApi,\n private readonly autofillAuthor: boolean,\n authenticationProvider: AuthenticationProvider = new NoAuthenticationProvider(),\n encryptedKeys: Array<string> = [],\n fetchImpl: (input: RequestInfo, init?: RequestInit) => Promise<Response> = typeof window !== 'undefined'\n ? window.fetch\n : typeof self !== 'undefined'\n ? self.fetch\n : fetch\n ) {\n super(host, headers, authenticationProvider, fetchImpl)\n this.encryptedFields = parseEncryptedFields(encryptedKeys, 'Message.')\n }\n\n // noinspection JSUnusedGlobalSymbols\n newInstance(user: User, m: any) {\n return this.newInstanceWithPatient(user, null, m)\n }\n\n /**\n * Creates a new instance of message with initialised encryption metadata (not in the database).\n * @param user the current user.\n * @param patient the patient this message refers to.\n * @param m initialised data for the message. Metadata such as id, creation data, etc. will be automatically initialised, but you can specify\n * other kinds of data or overwrite generated metadata with this. You can't specify encryption metadata.\n * @param options optional parameters:\n * - additionalDelegates: delegates which will have access to the entity in addition to the current data owner and delegates from the\n * auto-delegations. Must be an object which associates each data owner id with the access level to give to that data owner. May overlap with\n * auto-delegations, in such case the access level specified here will be used.\n * - preferredSfk: secret id of the patient to use as the secret foreign key to use for the message. The default value will be a\n * secret id of patient known by the topmost parent in the current data owner hierarchy.\n * @return a new instance of message.\n */\n async newInstanceWithPatient(\n user: User,\n patient: Patient | null,\n m: any = {},\n options: {\n additionalDelegates?: { [dataOwnerId: string]: AccessLevelEnum }\n preferredSfk?: string\n } = {}\n ) {\n if (!patient && options.preferredSfk) throw new Error('You need to specify parent patient in order to use secret foreign keys.')\n const message = {\n ...(m ?? {}),\n _type: 'org.taktik.icure.entities.Message',\n id: m?.id ?? this.crypto.primitives.randomUuid(),\n created: m?.created ?? new Date().getTime(),\n modified: m?.modified ?? new Date().getTime(),\n responsible: m?.responsible ?? (this.autofillAuthor ? this.dataOwnerApi.getDataOwnerIdOf(user) : undefined),\n author: m?.author ?? (this.autofillAuthor ? user.id : undefined),\n codes: m?.codes ?? [],\n tags: m?.tags ?? [],\n }\n\n const ownerId = this.dataOwnerApi.getDataOwnerIdOf(user)\n if (ownerId !== (await this.dataOwnerApi.getCurrentDataOwnerId())) throw new Error('Can only initialise entities as current data owner.')\n const sfk = patient\n ? options.preferredSfk ?? (await this.crypto.confidential.getAnySecretIdSharedWithParents({ entity: patient, type: 'Patient' }))\n : undefined\n if (patient && !sfk) throw new Error(`Couldn't find any sfk of parent patient ${patient.id}`)\n const extraDelegations = {\n ...Object.fromEntries(\n [...(user.autoDelegations?.all ?? []), ...(user.autoDelegations?.medicalInformation ?? [])].map((d) => [d, AccessLevelEnum.WRITE])\n ),\n ...(options?.additionalDelegates ?? {}),\n }\n return new models.Message(\n await this.crypto.xapi\n .entityWithInitialisedEncryptedMetadata(message, 'Message', patient?.id, sfk, true, true, extraDelegations)\n .then((x) => x.updatedEntity)\n )\n }\n\n decrypt(messages: Array<models.Message>) {\n return Promise.all(messages.map((message) => this.crypto.xapi.decryptEntity(message, 'Message', (x) => new models.Message(x))))\n }\n\n encrypt(messages: Array<models.Message>): Promise<Array<models.Message>> {\n return Promise.all(\n messages.map((p) => this.crypto.xapi.tryEncryptEntity(p, 'Message', this.encryptedFields, true, false, (x) => new models.Message(x)))\n )\n }\n\n /**\n * @param message a message\n * @return the id of the patient that the message refers to, retrieved from the encrypted metadata. Normally there should only be one element\n * in the returned array, but in case of entity merges there could be multiple values.\n */\n async decryptPatientIdOf(message: models.Message): Promise<string[]> {\n return this.crypto.xapi.owningEntityIdsOf({ entity: message, type: 'Message' }, undefined)\n }\n\n /**\n * @return if the logged data owner has write access to the content of the given message\n */\n async hasWriteAccess(message: models.Message): Promise<boolean> {\n return this.crypto.xapi.hasWriteAccess({ entity: message, type: 'Message' })\n }\n\n /**\n * Share an existing message with other data owners, allowing them to access the non-encrypted data of the message and optionally also\n * the encrypted content, with read-only or read-write permissions.\n * @param delegateId the id of the data owner which will be granted access to the message.\n * @param message the message to share.\n * @param shareSecretIds the secret ids of the Message that the delegate will be given access to. Allows the delegate to search for data where the\n * shared Message is the owning entity id.\n * @param options optional parameters to customize the sharing behaviour:\n * - shareEncryptionKey: specifies if the encryption key of the access log should be shared with the delegate, giving access to all encrypted\n * content of the entity, excluding other encrypted metadata (defaults to {@link ShareMetadataBehaviour.IF_AVAILABLE}). Note that by default a\n * message does not have encrypted content.\n * - sharePatientId: specifies if the id of the patient that this message refers to should be shared with the delegate (defaults to\n * {@link ShareMetadataBehaviour.IF_AVAILABLE}).\n * - requestedPermissions: the requested permissions for the delegate, defaults to {@link RequestedPermissionEnum.MAX_WRITE}.\n * @return the updated entity\n */\n async shareWith(\n delegateId: string,\n message: models.Message,\n shareSecretIds: string[],\n options: {\n requestedPermissions?: RequestedPermissionEnum\n shareEncryptionKey?: ShareMetadataBehaviour // Defaults to ShareMetadataBehaviour.IF_AVAILABLE\n sharePatientId?: ShareMetadataBehaviour // Defaults to ShareMetadataBehaviour.IF_AVAILABLE\n } = {}\n ): Promise<models.Message> {\n return this.shareWithMany(message, { [delegateId]: { ...options, shareSecretIds } })\n }\n\n /**\n * Share an existing message with other data owners, allowing them to access the non-encrypted data of the message and optionally also\n * the encrypted content, with read-only or read-write permissions.\n * @param message the message to share.\n * @param delegates associates the id of data owners which will be granted access to the entity, to the following sharing options:\n * - shareSecretIds the secret ids of the Message that the delegate will be given access to. Allows the delegate to search for data where the\n * shared Message is the owning entity id. Mandatory.\n * - shareEncryptionKey: specifies if the encryption key of the access log should be shared with the delegate, giving access to all encrypted\n * content of the entity, excluding other encrypted metadata (defaults to {@link ShareMetadataBehaviour.IF_AVAILABLE}). Note that by default a\n * message does not have encrypted content.\n * - sharePatientId: specifies if the id of the patient that this message refers to should be shared with the delegate (defaults to\n * {@link ShareMetadataBehaviour.IF_AVAILABLE}).\n * - requestedPermissions: the requested permissions for the delegate, defaults to {@link RequestedPermissionEnum.MAX_WRITE}.\n * @return the updated entity\n */\n async shareWithMany(\n message: models.Message,\n delegates: {\n [delegateId: string]: {\n shareSecretIds: string[]\n requestedPermissions?: RequestedPermissionEnum\n shareEncryptionKey?: ShareMetadataBehaviour // Defaults to ShareMetadataBehaviour.IF_AVAILABLE\n sharePatientId?: ShareMetadataBehaviour // Defaults to ShareMetadataBehaviour.IF_AVAILABLE\n }\n }\n ): Promise<models.Message> {\n return (await this.tryShareWithMany(message, delegates)).updatedEntityOrThrow\n }\n\n /**\n * Share an existing message with other data owners, allowing them to access the non-encrypted data of the message and optionally also\n * the encrypted content, with read-only or read-write permissions.\n * @param message the message to share.\n * @param delegates associates the id of data owners which will be granted access to the entity, to the following sharing options:\n * - shareSecretIds the secret ids of the Message that the delegate will be given access to. Allows the delegate to search for data where the\n * shared Message is the owning entity id. Mandatory.\n * - shareEncryptionKey: specifies if the encryption key of the access log should be shared with the delegate, giving access to all encrypted\n * content of the entity, excluding other encrypted metadata (defaults to {@link ShareMetadataBehaviour.IF_AVAILABLE}). Note that by default a\n * message does not have encrypted content.\n * - sharePatientId: specifies if the id of the patient that this message refers to should be shared with the delegate (defaults to\n * {@link ShareMetadataBehaviour.IF_AVAILABLE}).\n * - requestedPermissions: the requested permissions for the delegate, defaults to {@link RequestedPermissionEnum.MAX_WRITE}.\n * @return a promise which will contain the result of the operation: the updated entity if the operation was successful or details of the error if\n * the operation failed.\n */\n async tryShareWithMany(\n message: models.Message,\n delegates: {\n [delegateId: string]: {\n shareSecretIds: string[]\n requestedPermissions?: RequestedPermissionEnum\n shareEncryptionKey?: ShareMetadataBehaviour // Defaults to ShareMetadataBehaviour.IF_AVAILABLE\n sharePatientId?: ShareMetadataBehaviour // Defaults to ShareMetadataBehaviour.IF_AVAILABLE\n }\n }\n ): Promise<ShareResult<models.Message>> {\n // All entities should have an encryption key.\n const entityWithEncryptionKey = await this.crypto.xapi.ensureEncryptionKeysInitialised(message, 'Message')\n const updatedEntity = entityWithEncryptionKey ? await this.modifyMessage(entityWithEncryptionKey) : message\n return this.crypto.xapi.simpleShareOrUpdateEncryptedEntityMetadata(\n { entity: updatedEntity, type: 'Message' },\n false,\n Object.fromEntries(\n Object.entries(delegates).map(([delegateId, options]) => [\n delegateId,\n {\n requestedPermissions: options.requestedPermissions,\n shareEncryptionKeys: options.shareEncryptionKey,\n shareOwningEntityIds: options.sharePatientId,\n shareSecretIds: options.shareSecretIds,\n },\n ])\n ),\n (x) => this.bulkShareMessages(x)\n )\n }\n\n /**\n * @param message a message\n * @return the secret ids of the message, retrieved from the encrypted metadata. The result may be used to find entities where the message is\n * the 'owning entity', or in the {@link shareWith} method in order to share it with other data owners.\n */\n decryptSecretIdsOf(message: models.Message): Promise<string[]> {\n return this.crypto.xapi.secretIdsOf({ entity: message, type: 'Message' }, undefined)\n }\n\n getDataOwnersWithAccessTo(\n entity: models.Message\n ): Promise<{ permissionsByDataOwnerId: { [p: string]: AccessLevelEnum }; hasUnknownAnonymousDataOwners: boolean }> {\n return this.crypto.delegationsDeAnonymization.getDataOwnersWithAccessTo({ entity, type: 'Message' })\n }\n\n getEncryptionKeysOf(entity: models.Message): Promise<string[]> {\n return this.crypto.xapi.encryptionKeysOf({ entity, type: 'Message' }, undefined)\n }\n\n override async filterMessagesBy(body: FilterChainMessage, startDocumentId?: string, limit?: number): Promise<PaginatedListMessage> {\n const page = await super.filterMessagesBy(body, startDocumentId, limit)\n const decryptedMessages = await this.decrypt(page.rows ?? [])\n if (decryptedMessages.some((m) => !m.decrypted)) throw new Error('Some messages could not be decrypted')\n return {\n ...page,\n rows: decryptedMessages.map((m) => m.entity),\n }\n }\n\n async encryptAndCreateMessage(body: Message): Promise<Message> {\n const encryptedMessage = await this.encrypt([body])\n const createdMessage = await super.createMessage(encryptedMessage[0])\n return (await this.decrypt([createdMessage]))[0].entity\n }\n\n async setMessagesReadStatus(body?: MessagesReadStatusUpdate): Promise<Array<Message>> {\n return (await this.decrypt(await super.setMessagesReadStatus(body))).map((m) => m.entity)\n }\n\n async getAndDecryptMessage(messageId: string): Promise<Message> {\n const encryptedMessage = await super.getMessage(messageId)\n const decryptedMessage = await this.decrypt([encryptedMessage])\n if (!decryptedMessage[0].decrypted) throw new Error('Message could not be decrypted')\n return decryptedMessage[0].entity\n }\n\n async subscribeToMessageEvents(\n eventTypes: ('CREATE' | 'UPDATE' | 'DELETE')[],\n filter: AbstractFilter<Message> | undefined,\n eventFired: (message: Message) => Promise<void>,\n options: SubscriptionOptions = {}\n ): Promise<Connection> {\n return await subscribeToEntityEvents(\n this.host,\n this.authApi,\n 'Message',\n eventTypes,\n filter,\n eventFired,\n options,\n async (encrypted) => (await this.decrypt([encrypted]))[0].entity\n ).then((rs) => new ConnectionImpl(rs))\n }\n\n createDelegationDeAnonymizationMetadata(entity: Message, delegates: string[]): Promise<void> {\n return this.crypto.delegationsDeAnonymization.createOrUpdateDeAnonymizationInfo({ entity, type: 'Message' }, delegates)\n }\n}\n"]}
|
|
1
|
+
{"version":3,"file":"icc-message-x-api.js","sourceRoot":"","sources":["../../icc-x-api/icc-message-x-api.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,wCAAsD;AAGtD,kDAAiD;AAGjD,0EAAgG;AAChG,wEAAoE;AAOpE,IAAO,eAAe,GAAG,mCAAgB,CAAC,eAAe,CAAA;AAGzD,mCAAqH;AACrH,4DAAwE;AAExE,MAAa,cAAe,SAAQ,uBAAa;IAG/C,IAAI,OAAO;QACT,OAAO,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,wBAAwB,CAAC,2BAA2B,CAAC,CAAC,EAAE,SAAS,CAAC,CAAC,CAAA;IAClH,CAAC;IAED,YACE,IAAY,EACZ,OAAkC,EACjB,MAAqB,EACrB,YAA8B,EAC9B,OAAmB,EACnB,cAAuB,EACxC,yBAAiD,IAAI,iDAAwB,EAAE,EAC/E,gBAA+B,EAAE,EACjC,YAA2E,OAAO,MAAM,KAAK,WAAW;QACtG,CAAC,CAAC,MAAM,CAAC,KAAK;QACd,CAAC,CAAC,OAAO,IAAI,KAAK,WAAW;YAC7B,CAAC,CAAC,IAAI,CAAC,KAAK;YACZ,CAAC,CAAC,KAAK;QAET,KAAK,CAAC,IAAI,EAAE,OAAO,EAAE,sBAAsB,EAAE,SAAS,CAAC,CAAA;QAZtC,WAAM,GAAN,MAAM,CAAe;QACrB,iBAAY,GAAZ,YAAY,CAAkB;QAC9B,YAAO,GAAP,OAAO,CAAY;QACnB,mBAAc,GAAd,cAAc,CAAS;QAUxC,IAAI,CAAC,eAAe,GAAG,IAAA,4BAAoB,EAAC,aAAa,EAAE,UAAU,CAAC,CAAA;IACxE,CAAC;IAED,qCAAqC;IACrC,WAAW,CAAC,IAAU,EAAE,CAAM;QAC5B,OAAO,IAAI,CAAC,sBAAsB,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,CAAA;IACnD,CAAC;IAED;;;;;;;;;;;;;OAaG;IACG,sBAAsB,CAC1B,IAAU,EACV,OAAuB,EACvB,IAAS,EAAE,EACX,UAGI,EAAE;;;YAEN,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,YAAY;gBAAE,MAAM,IAAI,KAAK,CAAC,yEAAyE,CAAC,CAAA;YAChI,MAAM,OAAO,mCACR,CAAC,CAAC,aAAD,CAAC,cAAD,CAAC,GAAI,EAAE,CAAC,KACZ,KAAK,EAAE,mCAAmC,EAC1C,EAAE,EAAE,MAAA,CAAC,aAAD,CAAC,uBAAD,CAAC,CAAE,EAAE,mCAAI,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,UAAU,EAAE,EAChD,OAAO,EAAE,MAAA,CAAC,aAAD,CAAC,uBAAD,CAAC,CAAE,OAAO,mCAAI,IAAI,IAAI,EAAE,CAAC,OAAO,EAAE,EAC3C,QAAQ,EAAE,MAAA,CAAC,aAAD,CAAC,uBAAD,CAAC,CAAE,QAAQ,mCAAI,IAAI,IAAI,EAAE,CAAC,OAAO,EAAE,EAC7C,WAAW,EAAE,MAAA,CAAC,aAAD,CAAC,uBAAD,CAAC,CAAE,WAAW,mCAAI,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,gBAAgB,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,EAC3G,MAAM,EAAE,MAAA,CAAC,aAAD,CAAC,uBAAD,CAAC,CAAE,MAAM,mCAAI,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC,EAChE,KAAK,EAAE,MAAA,CAAC,aAAD,CAAC,uBAAD,CAAC,CAAE,KAAK,mCAAI,EAAE,EACrB,IAAI,EAAE,MAAA,CAAC,aAAD,CAAC,uBAAD,CAAC,CAAE,IAAI,mCAAI,EAAE,GACpB,CAAA;YAED,MAAM,OAAO,GAAG,IAAI,CAAC,YAAY,CAAC,gBAAgB,CAAC,IAAI,CAAC,CAAA;YACxD,IAAI,OAAO,KAAK,CAAC,MAAM,IAAI,CAAC,YAAY,CAAC,qBAAqB,EAAE,CAAC;gBAAE,MAAM,IAAI,KAAK,CAAC,qDAAqD,CAAC,CAAA;YACzI,MAAM,GAAG,GAAG,OAAO;gBACjB,CAAC,CAAC,MAAA,OAAO,CAAC,YAAY,mCAAI,CAAC,MAAM,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,+BAA+B,CAAC,EAAE,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC,CAAC;gBAChI,CAAC,CAAC,SAAS,CAAA;YACb,IAAI,OAAO,IAAI,CAAC,GAAG;gBAAE,MAAM,IAAI,KAAK,CAAC,2CAA2C,OAAO,CAAC,EAAE,EAAE,CAAC,CAAA;YAC7F,MAAM,gBAAgB,mCACjB,MAAM,CAAC,WAAW,CACnB,CAAC,GAAG,CAAC,MAAA,MAAA,IAAI,CAAC,eAAe,0CAAE,GAAG,mCAAI,EAAE,CAAC,EAAE,GAAG,CAAC,MAAA,MAAA,IAAI,CAAC,eAAe,0CAAE,kBAAkB,mCAAI,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,eAAe,CAAC,KAAK,CAAC,CAAC,CACnI,GACE,CAAC,MAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,mBAAmB,mCAAI,EAAE,CAAC,CACxC,CAAA;YACD,OAAO,IAAI,MAAM,CAAC,OAAO,CACvB,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI;iBACnB,sCAAsC,CAAC,OAAO,EAAE,SAAS,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,EAAE,EAAE,GAAG,EAAE,IAAI,EAAE,IAAI,EAAE,gBAAgB,CAAC;iBAC1G,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,aAAa,CAAC,CAChC,CAAA;;KACF;IAED,OAAO,CAAC,QAA+B;QACrC,OAAO,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,OAAO,EAAE,SAAS,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAA;IACjI,CAAC;IAED,OAAO,CAAC,QAA+B;QACrC,OAAO,OAAO,CAAC,GAAG,CAChB,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,EAAE,SAAS,EAAE,IAAI,CAAC,eAAe,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CACtI,CAAA;IACH,CAAC;IAED;;;;OAIG;IACG,kBAAkB,CAAC,OAAuB;;YAC9C,OAAO,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,iBAAiB,CAAC,EAAE,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,SAAS,CAAC,CAAA;QAC5F,CAAC;KAAA;IAED;;OAEG;IACG,cAAc,CAAC,OAAuB;;YAC1C,OAAO,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,cAAc,CAAC,EAAE,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC,CAAA;QAC9E,CAAC;KAAA;IAED;;;;;;;;;;;;;;;OAeG;IACG,SAAS,CACb,UAAkB,EAClB,OAAuB,EACvB,cAAwB,EACxB,UAII,EAAE;;YAEN,OAAO,IAAI,CAAC,aAAa,CAAC,OAAO,EAAE,EAAE,CAAC,UAAU,CAAC,kCAAO,OAAO,KAAE,cAAc,GAAE,EAAE,CAAC,CAAA;QACtF,CAAC;KAAA;IAED;;;;;;;;;;;;;;OAcG;IACG,aAAa,CACjB,OAAuB,EACvB,SAOC;;YAED,OAAO,CAAC,MAAM,IAAI,CAAC,gBAAgB,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC,CAAC,oBAAoB,CAAA;QAC/E,CAAC;KAAA;IAED;;;;;;;;;;;;;;;OAeG;IACG,gBAAgB,CACpB,OAAuB,EACvB,SAOC;;YAED,8CAA8C;YAC9C,MAAM,uBAAuB,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,+BAA+B,CAAC,OAAO,EAAE,SAAS,CAAC,CAAA;YAC1G,MAAM,aAAa,GAAG,uBAAuB,CAAC,CAAC,CAAC,MAAM,IAAI,CAAC,aAAa,CAAC,uBAAuB,CAAC,CAAC,CAAC,CAAC,OAAO,CAAA;YAC3G,OAAO,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,0CAA0C,CAChE,EAAE,MAAM,EAAE,aAAa,EAAE,IAAI,EAAE,SAAS,EAAE,EAC1C,KAAK,EACL,MAAM,CAAC,WAAW,CAChB,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,UAAU,EAAE,OAAO,CAAC,EAAE,EAAE,CAAC;gBACvD,UAAU;gBACV;oBACE,oBAAoB,EAAE,OAAO,CAAC,oBAAoB;oBAClD,mBAAmB,EAAE,OAAO,CAAC,kBAAkB;oBAC/C,oBAAoB,EAAE,OAAO,CAAC,cAAc;oBAC5C,cAAc,EAAE,OAAO,CAAC,cAAc;iBACvC;aACF,CAAC,CACH,EACD,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC,CAAC,CACjC,CAAA;QACH,CAAC;KAAA;IAED;;;;OAIG;IACH,kBAAkB,CAAC,OAAuB;QACxC,OAAO,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,SAAS,CAAC,CAAA;IACtF,CAAC;IAED,yBAAyB,CACvB,MAAsB;QAEtB,OAAO,IAAI,CAAC,MAAM,CAAC,0BAA0B,CAAC,yBAAyB,CAAC,EAAE,MAAM,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC,CAAA;IACtG,CAAC;IAED,mBAAmB,CAAC,MAAsB;QACxC,OAAO,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,gBAAgB,CAAC,EAAE,MAAM,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,SAAS,CAAC,CAAA;IAClF,CAAC;IAEc,gBAAgB,CAAC,IAAwB,EAAE,eAAwB,EAAE,KAAc;;;;;;YAChG,MAAM,IAAI,GAAG,MAAM,OAAM,gBAAgB,YAAC,IAAI,EAAE,eAAe,EAAE,KAAK,CAAC,CAAA;YACvE,MAAM,iBAAiB,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,MAAA,IAAI,CAAC,IAAI,mCAAI,EAAE,CAAC,CAAA;YAC7D,IAAI,iBAAiB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;gBAAE,MAAM,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAA;YACxG,uCACK,IAAI,KACP,IAAI,EAAE,iBAAiB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,IAC7C;;KACF;IAEK,8BAA8B,CAAC,IAAa;;;;;YAChD,MAAM,gBAAgB,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,CAAC,CAAA;YACnD,MAAM,cAAc,GAAG,MAAM,OAAM,oBAAoB,YAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC,CAAA;YAC5E,OAAO,CAAC,MAAM,IAAI,CAAC,OAAO,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAA;QACzD,CAAC;KAAA;IAEK,qBAAqB,CAAC,IAA+B;;;;;YACzD,OAAO,CAAC,MAAM,IAAI,CAAC,OAAO,CAAC,MAAM,OAAM,qBAAqB,YAAC,IAAI,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAA;QAC3F,CAAC;KAAA;IAEK,oBAAoB,CAAC,SAAiB;;;;;YAC1C,MAAM,gBAAgB,GAAG,MAAM,OAAM,UAAU,YAAC,SAAS,CAAC,CAAA;YAC1D,MAAM,gBAAgB,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,CAAC,gBAAgB,CAAC,CAAC,CAAA;YAC/D,IAAI,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC,SAAS;gBAAE,MAAM,IAAI,KAAK,CAAC,gCAAgC,CAAC,CAAA;YACrF,OAAO,gBAAgB,CAAC,CAAC,CAAC,CAAC,MAAM,CAAA;QACnC,CAAC;KAAA;IAEK,wBAAwB,CAC5B,UAA8C,EAC9C,MAA2C,EAC3C,UAA+C,EAC/C,UAA+B,EAAE;;YAEjC,OAAO,MAAM,IAAA,+BAAuB,EAClC,IAAI,CAAC,IAAI,EACT,IAAI,CAAC,OAAO,EACZ,SAAS,EACT,UAAU,EACV,MAAM,EACN,UAAU,EACV,OAAO,EACP,CAAO,SAAS,EAAE,EAAE,gDAAC,OAAA,CAAC,MAAM,IAAI,CAAC,OAAO,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAA,GAAA,CACjE,CAAC,IAAI,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,IAAI,2BAAc,CAAC,EAAE,CAAC,CAAC,CAAA;QACxC,CAAC;KAAA;IAED,uCAAuC,CAAC,MAAe,EAAE,SAAmB;QAC1E,OAAO,IAAI,CAAC,MAAM,CAAC,0BAA0B,CAAC,iCAAiC,CAAC,EAAE,MAAM,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,SAAS,CAAC,CAAA;IACzH,CAAC;CACF;AA7RD,wCA6RC","sourcesContent":["import { IccAuthApi, IccMessageApi } from '../icc-api'\nimport { IccCryptoXApi } from './icc-crypto-x-api'\n\nimport * as models from '../icc-api/model/models'\nimport {MaintenanceTask, Message, MessagesReadStatusUpdate, PaginatedListMessage, Patient, User} from '../icc-api/model/models'\nimport { IccDataOwnerXApi } from './icc-data-owner-x-api'\nimport { AuthenticationProvider, NoAuthenticationProvider } from './auth/AuthenticationProvider'\nimport { SecureDelegation } from '../icc-api/model/SecureDelegation'\nimport { ShareMetadataBehaviour } from './crypto/ShareMetadataBehaviour'\nimport { ShareResult } from './utils/ShareResult'\nimport { EntityShareRequest } from '../icc-api/model/requests/EntityShareRequest'\nimport { XHR } from '../icc-api/api/XHR'\nimport { EncryptedEntityXApi } from './basexapi/EncryptedEntityXApi'\nimport { FilterChainMessage } from '../icc-api/model/FilterChainMessage'\nimport AccessLevelEnum = SecureDelegation.AccessLevelEnum\nimport RequestedPermissionEnum = EntityShareRequest.RequestedPermissionEnum\nimport { AbstractFilter } from './filters/filters'\nimport { EncryptedFieldsManifest, parseEncryptedFields, subscribeToEntityEvents, SubscriptionOptions } from './utils'\nimport { Connection, ConnectionImpl } from '../icc-api/model/Connection'\n\nexport class IccMessageXApi extends IccMessageApi implements EncryptedEntityXApi<models.Message> {\n private readonly encryptedFields: EncryptedFieldsManifest\n\n get headers(): Promise<Array<XHR.Header>> {\n return super.headers.then((h) => this.crypto.accessControlKeysHeaders.addAccessControlKeysHeaders(h, 'Message'))\n }\n\n constructor(\n host: string,\n headers: { [key: string]: string },\n private readonly crypto: IccCryptoXApi,\n private readonly dataOwnerApi: IccDataOwnerXApi,\n private readonly authApi: IccAuthApi,\n private readonly autofillAuthor: boolean,\n authenticationProvider: AuthenticationProvider = new NoAuthenticationProvider(),\n encryptedKeys: Array<string> = [],\n fetchImpl: (input: RequestInfo, init?: RequestInit) => Promise<Response> = typeof window !== 'undefined'\n ? window.fetch\n : typeof self !== 'undefined'\n ? self.fetch\n : fetch\n ) {\n super(host, headers, authenticationProvider, fetchImpl)\n this.encryptedFields = parseEncryptedFields(encryptedKeys, 'Message.')\n }\n\n // noinspection JSUnusedGlobalSymbols\n newInstance(user: User, m: any) {\n return this.newInstanceWithPatient(user, null, m)\n }\n\n /**\n * Creates a new instance of message with initialised encryption metadata (not in the database).\n * @param user the current user.\n * @param patient the patient this message refers to.\n * @param m initialised data for the message. Metadata such as id, creation data, etc. will be automatically initialised, but you can specify\n * other kinds of data or overwrite generated metadata with this. You can't specify encryption metadata.\n * @param options optional parameters:\n * - additionalDelegates: delegates which will have access to the entity in addition to the current data owner and delegates from the\n * auto-delegations. Must be an object which associates each data owner id with the access level to give to that data owner. May overlap with\n * auto-delegations, in such case the access level specified here will be used.\n * - preferredSfk: secret id of the patient to use as the secret foreign key to use for the message. The default value will be a\n * secret id of patient known by the topmost parent in the current data owner hierarchy.\n * @return a new instance of message.\n */\n async newInstanceWithPatient(\n user: User,\n patient: Patient | null,\n m: any = {},\n options: {\n additionalDelegates?: { [dataOwnerId: string]: AccessLevelEnum }\n preferredSfk?: string\n } = {}\n ) {\n if (!patient && options.preferredSfk) throw new Error('You need to specify parent patient in order to use secret foreign keys.')\n const message = {\n ...(m ?? {}),\n _type: 'org.taktik.icure.entities.Message',\n id: m?.id ?? this.crypto.primitives.randomUuid(),\n created: m?.created ?? new Date().getTime(),\n modified: m?.modified ?? new Date().getTime(),\n responsible: m?.responsible ?? (this.autofillAuthor ? this.dataOwnerApi.getDataOwnerIdOf(user) : undefined),\n author: m?.author ?? (this.autofillAuthor ? user.id : undefined),\n codes: m?.codes ?? [],\n tags: m?.tags ?? [],\n }\n\n const ownerId = this.dataOwnerApi.getDataOwnerIdOf(user)\n if (ownerId !== (await this.dataOwnerApi.getCurrentDataOwnerId())) throw new Error('Can only initialise entities as current data owner.')\n const sfk = patient\n ? options.preferredSfk ?? (await this.crypto.confidential.getAnySecretIdSharedWithParents({ entity: patient, type: 'Patient' }))\n : undefined\n if (patient && !sfk) throw new Error(`Couldn't find any sfk of parent patient ${patient.id}`)\n const extraDelegations = {\n ...Object.fromEntries(\n [...(user.autoDelegations?.all ?? []), ...(user.autoDelegations?.medicalInformation ?? [])].map((d) => [d, AccessLevelEnum.WRITE])\n ),\n ...(options?.additionalDelegates ?? {}),\n }\n return new models.Message(\n await this.crypto.xapi\n .entityWithInitialisedEncryptedMetadata(message, 'Message', patient?.id, sfk, true, true, extraDelegations)\n .then((x) => x.updatedEntity)\n )\n }\n\n decrypt(messages: Array<models.Message>) {\n return Promise.all(messages.map((message) => this.crypto.xapi.decryptEntity(message, 'Message', (x) => new models.Message(x))))\n }\n\n encrypt(messages: Array<models.Message>): Promise<Array<models.Message>> {\n return Promise.all(\n messages.map((p) => this.crypto.xapi.tryEncryptEntity(p, 'Message', this.encryptedFields, true, false, (x) => new models.Message(x)))\n )\n }\n\n /**\n * @param message a message\n * @return the id of the patient that the message refers to, retrieved from the encrypted metadata. Normally there should only be one element\n * in the returned array, but in case of entity merges there could be multiple values.\n */\n async decryptPatientIdOf(message: models.Message): Promise<string[]> {\n return this.crypto.xapi.owningEntityIdsOf({ entity: message, type: 'Message' }, undefined)\n }\n\n /**\n * @return if the logged data owner has write access to the content of the given message\n */\n async hasWriteAccess(message: models.Message): Promise<boolean> {\n return this.crypto.xapi.hasWriteAccess({ entity: message, type: 'Message' })\n }\n\n /**\n * Share an existing message with other data owners, allowing them to access the non-encrypted data of the message and optionally also\n * the encrypted content, with read-only or read-write permissions.\n * @param delegateId the id of the data owner which will be granted access to the message.\n * @param message the message to share.\n * @param shareSecretIds the secret ids of the Message that the delegate will be given access to. Allows the delegate to search for data where the\n * shared Message is the owning entity id.\n * @param options optional parameters to customize the sharing behaviour:\n * - shareEncryptionKey: specifies if the encryption key of the access log should be shared with the delegate, giving access to all encrypted\n * content of the entity, excluding other encrypted metadata (defaults to {@link ShareMetadataBehaviour.IF_AVAILABLE}). Note that by default a\n * message does not have encrypted content.\n * - sharePatientId: specifies if the id of the patient that this message refers to should be shared with the delegate (defaults to\n * {@link ShareMetadataBehaviour.IF_AVAILABLE}).\n * - requestedPermissions: the requested permissions for the delegate, defaults to {@link RequestedPermissionEnum.MAX_WRITE}.\n * @return the updated entity\n */\n async shareWith(\n delegateId: string,\n message: models.Message,\n shareSecretIds: string[],\n options: {\n requestedPermissions?: RequestedPermissionEnum\n shareEncryptionKey?: ShareMetadataBehaviour // Defaults to ShareMetadataBehaviour.IF_AVAILABLE\n sharePatientId?: ShareMetadataBehaviour // Defaults to ShareMetadataBehaviour.IF_AVAILABLE\n } = {}\n ): Promise<models.Message> {\n return this.shareWithMany(message, { [delegateId]: { ...options, shareSecretIds } })\n }\n\n /**\n * Share an existing message with other data owners, allowing them to access the non-encrypted data of the message and optionally also\n * the encrypted content, with read-only or read-write permissions.\n * @param message the message to share.\n * @param delegates associates the id of data owners which will be granted access to the entity, to the following sharing options:\n * - shareSecretIds the secret ids of the Message that the delegate will be given access to. Allows the delegate to search for data where the\n * shared Message is the owning entity id. Mandatory.\n * - shareEncryptionKey: specifies if the encryption key of the access log should be shared with the delegate, giving access to all encrypted\n * content of the entity, excluding other encrypted metadata (defaults to {@link ShareMetadataBehaviour.IF_AVAILABLE}). Note that by default a\n * message does not have encrypted content.\n * - sharePatientId: specifies if the id of the patient that this message refers to should be shared with the delegate (defaults to\n * {@link ShareMetadataBehaviour.IF_AVAILABLE}).\n * - requestedPermissions: the requested permissions for the delegate, defaults to {@link RequestedPermissionEnum.MAX_WRITE}.\n * @return the updated entity\n */\n async shareWithMany(\n message: models.Message,\n delegates: {\n [delegateId: string]: {\n shareSecretIds: string[]\n requestedPermissions?: RequestedPermissionEnum\n shareEncryptionKey?: ShareMetadataBehaviour // Defaults to ShareMetadataBehaviour.IF_AVAILABLE\n sharePatientId?: ShareMetadataBehaviour // Defaults to ShareMetadataBehaviour.IF_AVAILABLE\n }\n }\n ): Promise<models.Message> {\n return (await this.tryShareWithMany(message, delegates)).updatedEntityOrThrow\n }\n\n /**\n * Share an existing message with other data owners, allowing them to access the non-encrypted data of the message and optionally also\n * the encrypted content, with read-only or read-write permissions.\n * @param message the message to share.\n * @param delegates associates the id of data owners which will be granted access to the entity, to the following sharing options:\n * - shareSecretIds the secret ids of the Message that the delegate will be given access to. Allows the delegate to search for data where the\n * shared Message is the owning entity id. Mandatory.\n * - shareEncryptionKey: specifies if the encryption key of the access log should be shared with the delegate, giving access to all encrypted\n * content of the entity, excluding other encrypted metadata (defaults to {@link ShareMetadataBehaviour.IF_AVAILABLE}). Note that by default a\n * message does not have encrypted content.\n * - sharePatientId: specifies if the id of the patient that this message refers to should be shared with the delegate (defaults to\n * {@link ShareMetadataBehaviour.IF_AVAILABLE}).\n * - requestedPermissions: the requested permissions for the delegate, defaults to {@link RequestedPermissionEnum.MAX_WRITE}.\n * @return a promise which will contain the result of the operation: the updated entity if the operation was successful or details of the error if\n * the operation failed.\n */\n async tryShareWithMany(\n message: models.Message,\n delegates: {\n [delegateId: string]: {\n shareSecretIds: string[]\n requestedPermissions?: RequestedPermissionEnum\n shareEncryptionKey?: ShareMetadataBehaviour // Defaults to ShareMetadataBehaviour.IF_AVAILABLE\n sharePatientId?: ShareMetadataBehaviour // Defaults to ShareMetadataBehaviour.IF_AVAILABLE\n }\n }\n ): Promise<ShareResult<models.Message>> {\n // All entities should have an encryption key.\n const entityWithEncryptionKey = await this.crypto.xapi.ensureEncryptionKeysInitialised(message, 'Message')\n const updatedEntity = entityWithEncryptionKey ? await this.modifyMessage(entityWithEncryptionKey) : message\n return this.crypto.xapi.simpleShareOrUpdateEncryptedEntityMetadata(\n { entity: updatedEntity, type: 'Message' },\n false,\n Object.fromEntries(\n Object.entries(delegates).map(([delegateId, options]) => [\n delegateId,\n {\n requestedPermissions: options.requestedPermissions,\n shareEncryptionKeys: options.shareEncryptionKey,\n shareOwningEntityIds: options.sharePatientId,\n shareSecretIds: options.shareSecretIds,\n },\n ])\n ),\n (x) => this.bulkShareMessages(x)\n )\n }\n\n /**\n * @param message a message\n * @return the secret ids of the message, retrieved from the encrypted metadata. The result may be used to find entities where the message is\n * the 'owning entity', or in the {@link shareWith} method in order to share it with other data owners.\n */\n decryptSecretIdsOf(message: models.Message): Promise<string[]> {\n return this.crypto.xapi.secretIdsOf({ entity: message, type: 'Message' }, undefined)\n }\n\n getDataOwnersWithAccessTo(\n entity: models.Message\n ): Promise<{ permissionsByDataOwnerId: { [p: string]: AccessLevelEnum }; hasUnknownAnonymousDataOwners: boolean }> {\n return this.crypto.delegationsDeAnonymization.getDataOwnersWithAccessTo({ entity, type: 'Message' })\n }\n\n getEncryptionKeysOf(entity: models.Message): Promise<string[]> {\n return this.crypto.xapi.encryptionKeysOf({ entity, type: 'Message' }, undefined)\n }\n\n override async filterMessagesBy(body: FilterChainMessage, startDocumentId?: string, limit?: number): Promise<PaginatedListMessage> {\n const page = await super.filterMessagesBy(body, startDocumentId, limit)\n const decryptedMessages = await this.decrypt(page.rows ?? [])\n if (decryptedMessages.some((m) => !m.decrypted)) throw new Error('Some messages could not be decrypted')\n return {\n ...page,\n rows: decryptedMessages.map((m) => m.entity),\n }\n }\n\n async encryptAndCreateMessageInTopic(body: Message): Promise<Message> {\n const encryptedMessage = await this.encrypt([body])\n const createdMessage = await super.createMessageInTopic(encryptedMessage[0])\n return (await this.decrypt([createdMessage]))[0].entity\n }\n\n async setMessagesReadStatus(body?: MessagesReadStatusUpdate): Promise<Array<Message>> {\n return (await this.decrypt(await super.setMessagesReadStatus(body))).map((m) => m.entity)\n }\n\n async getAndDecryptMessage(messageId: string): Promise<Message> {\n const encryptedMessage = await super.getMessage(messageId)\n const decryptedMessage = await this.decrypt([encryptedMessage])\n if (!decryptedMessage[0].decrypted) throw new Error('Message could not be decrypted')\n return decryptedMessage[0].entity\n }\n\n async subscribeToMessageEvents(\n eventTypes: ('CREATE' | 'UPDATE' | 'DELETE')[],\n filter: AbstractFilter<Message> | undefined,\n eventFired: (message: Message) => Promise<void>,\n options: SubscriptionOptions = {}\n ): Promise<Connection> {\n return await subscribeToEntityEvents(\n this.host,\n this.authApi,\n 'Message',\n eventTypes,\n filter,\n eventFired,\n options,\n async (encrypted) => (await this.decrypt([encrypted]))[0].entity\n ).then((rs) => new ConnectionImpl(rs))\n }\n\n createDelegationDeAnonymizationMetadata(entity: Message, delegates: string[]): Promise<void> {\n return this.crypto.delegationsDeAnonymization.createOrUpdateDeAnonymizationInfo({ entity, type: 'Message' }, delegates)\n }\n}\n"]}
|
|
File without changes
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"icc-recovery-x-api.js","sourceRoot":"","sources":["../../icc-x-api/icc-recovery-x-api.ts"],"names":[],"mappings":"","sourcesContent":[""]}
|
package/icc-x-api/index.js
CHANGED
|
@@ -61,7 +61,7 @@ const utils_1 = require("./crypto/utils");
|
|
|
61
61
|
const SecureDelegationsSecurityMetadataDecryptor_1 = require("./crypto/SecureDelegationsSecurityMetadataDecryptor");
|
|
62
62
|
const ExchangeDataManager_1 = require("./crypto/ExchangeDataManager");
|
|
63
63
|
const BaseExchangeDataManager_1 = require("./crypto/BaseExchangeDataManager");
|
|
64
|
-
const IccExchangeDataApi_1 = require("../icc-api/api/IccExchangeDataApi");
|
|
64
|
+
const IccExchangeDataApi_1 = require("../icc-api/api/internal/IccExchangeDataApi");
|
|
65
65
|
const UserSignatureKeysManager_1 = require("./crypto/UserSignatureKeysManager");
|
|
66
66
|
const AccessControlSecretUtils_1 = require("./crypto/AccessControlSecretUtils");
|
|
67
67
|
const SecureDelegationsEncryption_1 = require("./crypto/SecureDelegationsEncryption");
|
|
@@ -69,7 +69,7 @@ const LegacyDelegationSecurityMetadataDecryptor_1 = require("./crypto/LegacyDele
|
|
|
69
69
|
const ExtendedApisUtilsImpl_1 = require("./crypto/ExtendedApisUtilsImpl");
|
|
70
70
|
const SecureDelegationsManager_1 = require("./crypto/SecureDelegationsManager");
|
|
71
71
|
const AccessControlKeysHeadersProvider_1 = require("./crypto/AccessControlKeysHeadersProvider");
|
|
72
|
-
const IccExchangeDataMapApi_1 = require("../icc-api/api/IccExchangeDataMapApi");
|
|
72
|
+
const IccExchangeDataMapApi_1 = require("../icc-api/api/internal/IccExchangeDataMapApi");
|
|
73
73
|
const ExchangeDataMapManager_1 = require("./crypto/ExchangeDataMapManager");
|
|
74
74
|
const icc_device_x_api_1 = require("./icc-device-x-api");
|
|
75
75
|
const icc_bekmehr_x_api_1 = require("./icc-bekmehr-x-api");
|