@icure/api 8.0.10 → 8.0.12
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/icc-x-api/crypto/SecureDelegationsManager.js +1 -1
- package/icc-x-api/crypto/SecureDelegationsManager.js.map +1 -1
- package/icc-x-api/crypto/utils.js +2 -1
- package/icc-x-api/crypto/utils.js.map +1 -1
- package/icc-x-api/index.d.ts +1 -0
- package/icc-x-api/index.js +3 -1
- package/icc-x-api/index.js.map +1 -1
- package/package.json +1 -1
|
@@ -188,7 +188,7 @@ class SecureDelegationsManager {
|
|
|
188
188
|
else if (delegateInfo.requiresAnonymousDelegations && !this.selfNeedsAnonymousDelegations) {
|
|
189
189
|
return {
|
|
190
190
|
explicitDelegator: selfId,
|
|
191
|
-
encryptedExchangeDataId: yield this.secureDelegationsEncryption.encryptExchangeDataId(exchangeData.id, Object.fromEntries(this.userKeys.getSelfVerifiedKeys().map((keyInfo) => [keyInfo.fingerprint, keyInfo.pair.publicKey]))),
|
|
191
|
+
encryptedExchangeDataId: yield this.secureDelegationsEncryption.encryptExchangeDataId(exchangeData.id, Object.fromEntries(this.userKeys.getSelfVerifiedKeys().map((keyInfo) => [(0, utils_1.fingerprintV1toV2)(keyInfo.fingerprint), keyInfo.pair.publicKey]))),
|
|
192
192
|
};
|
|
193
193
|
}
|
|
194
194
|
else if (!delegateInfo.requiresAnonymousDelegations && this.selfNeedsAnonymousDelegations) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"SecureDelegationsManager.js","sourceRoot":"","sources":["../../../icc-x-api/crypto/SecureDelegationsManager.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,wFAAoF;AAKpF,oFAA6E;AAC7E,mCAA2F;AAK3F,oCAAyC;AAIzC,2EAAuE;AACvE,sHAAkH;AAClH,IAAO,mBAAmB,GAAG,qEAAiC,CAAC,mBAAmB,CAAA;AAClF,IAAO,eAAe,GAAG,mCAAgB,CAAC,eAAe,CAAA;AACzD,2EAAuE;AAEvE,+BAAkC;AAElC,MAAa,wBAAwB;IACnC,YACmB,mBAAwC,EACxC,sBAA8C,EAC9C,2BAAwD,EACxD,wBAAkD,EAClD,QAAmC,EACnC,UAA4B,EAC5B,YAA8B,EAC9B,gBAAkC,EAClC,6BAAsC;QARtC,wBAAmB,GAAnB,mBAAmB,CAAqB;QACxC,2BAAsB,GAAtB,sBAAsB,CAAwB;QAC9C,gCAA2B,GAA3B,2BAA2B,CAA6B;QACxD,6BAAwB,GAAxB,wBAAwB,CAA0B;QAClD,aAAQ,GAAR,QAAQ,CAA2B;QACnC,eAAU,GAAV,UAAU,CAAkB;QAC5B,iBAAY,GAAZ,YAAY,CAAkB;QAC9B,qBAAgB,GAAhB,gBAAgB,CAAkB;QAClC,kCAA6B,GAA7B,6BAA6B,CAAS;QAGxC,uBAAkB,GAO/B,IAAI,oDAAuB,CAAC,GAAG,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAA;IATvD,CAAC;IAWJ;;;;;;;;;;OAUG;IACG,sCAAsC,CAC1C,MAA2C,EAC3C,UAAwC,EACxC,SAAmB,EACnB,eAAyB,EACzB,cAAwB,EACxB,eAA2E;;YAE3E,MAAM,cAAc,GAA4B,EAAE,MAAM,EAAE,IAAI,EAAE,UAAU,EAAE,CAAA;YAC5E,MAAM,kBAAkB,GAAG,MAAM,IAAI,CAAC,wBAAwB,CAC5D,cAAc,EACd,MAAM,IAAI,CAAC,YAAY,CAAC,qBAAqB,EAAE,EAC/C,SAAS,EACT,cAAc,EACd,eAAe,EACf,eAAe,CAAC,KAAK,EACrB,SAAS,CACV,CAAA;YACD,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,qBAAqB,EAAE,CAAA;YAC9D,MAAM,oBAAoB,GAMpB,EAAE,CAAA;YACR,KAAK,MAAM,CAAC,UAAU,EAAE,WAAW,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,eAAe,CAAC,EAAE;gBACvE,IAAI,UAAU,KAAK,MAAM,EAAE;oBACzB,oBAAoB,CAAC,IAAI,CACvB,MAAM,IAAI,CAAC,wBAAwB,CACjC,cAAc,EACd,UAAU,EACV,SAAS,EACT,cAAc,EACd,eAAe,EACf,WAAW,EACX,kBAAkB,CAAC,sBAAsB,CAC1C,CACF,CAAA;iBACF;aACF;YACD,MAAM,iBAAiB,GAAG,MAAM,CAAC,WAAW,CAC1C,CAAC,kBAAkB,EAAE,GAAG,oBAAoB,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,sBAAsB,EAAE,UAAU,EAAE,EAAE,EAAE,CAAC,CAAC,sBAAsB,EAAE,UAAU,CAAC,CAAC,CACpI,CAAA;YACD,MAAM,gBAAgB,qBACjB,kBAAkB,CAAC,yBAAyB,CAChD,CAAA;YACD,KAAK,MAAM,EAAE,yBAAyB,EAAE,oBAAoB,EAAE,IAAI,oBAAoB,EAAE;gBACtF,MAAM,CAAC,MAAM,CAAC,gBAAgB,EAAE,oBAAoB,CAAC,CAAA;aACtD;YACD,MAAM,mBAAmB,GAAG,MAAM,CAAC,WAAW,CAC5C,oBAAoB;iBACjB,MAAM,CAAC,CAAC,EAAE,uBAAuB,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC,uBAAuB,CAAC;iBAClE,GAAG,CAAC,CAAC,EAAE,yBAAyB,EAAE,uBAAuB,EAAE,EAAE,EAAE,CAAC,CAAC,yBAAyB,EAAE,uBAAwB,CAAC,CAAC,CAC1H,CAAA;YACD,MAAM,IAAI,CAAC,sBAAsB,CAAC,sBAAsB,CAAC,mBAAmB,CAAC,CAAA;YAC7E,uCACK,MAAM,KACT,gBAAgB,EAAE,IAAI,mCAAgB,CAAC,EAAE,iBAAiB,EAAE,gBAAgB,EAAE,CAAC,IAChF;QACH,CAAC;KAAA;IAED;;;;;;;;;;;;;;OAcG;IACG,8BAA8B,CAClC,cAAuC,EACvC,UAAkB,EAClB,cAAwB,EACxB,mBAA6B,EAC7B,oBAA8B,EAC9B,wBAAwE;;;YAExE,MAAM,gBAAgB,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,2BAA2B,CACjF,UAAU,EACV,cAAc,CAAC,IAAI,EACnB,MAAA,cAAc,CAAC,MAAM,CAAC,iBAAiB,mCAAI,EAAE,EAC7C,KAAK,CACN,CAAA;YACD,MAAM,mBAAmB,GAAG,MAAM,IAAI,CAAC,wBAAwB,CAAC,uBAAuB,CACrF,gBAAgB,CAAC,mBAAmB,EACpC,cAAc,CAAC,IAAI,EACnB,MAAA,cAAc,CAAC,MAAM,CAAC,iBAAiB,mCAAI,EAAE,CAC9C,CAAA;YACD,MAAM,wBAAwB,GAAG,IAAI,CAAC,0CAA0C,CAAC,cAAc,CAAC,MAAM,EAAE,mBAAmB,CAAC,CAAA;YAC5H,IAAI,wBAAwB,EAAE;gBAC5B,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,uBAAuB,CACrD,wBAAwB,CAAC,YAAY,EACrC,wBAAwB,CAAC,gBAAgB,EACzC,gBAAgB,EAChB,cAAc,EACd,mBAAmB,EACnB,oBAAoB,CACrB,CAAA;gBACD,OAAO,YAAY,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,YAAY,EAAE,CAAC,CAAC,CAAC,SAAS,CAAA;aAC3D;iBAAM;gBACL,MAAM,iBAAiB,GAAG,CACxB,MAAM,IAAI,CAAC,wBAAwB,CAAC,oBAAoB,CACtD,gBAAgB,CAAC,mBAAmB,EACpC,cAAc,CAAC,IAAI,EACnB,MAAA,cAAc,CAAC,MAAM,CAAC,iBAAiB,mCAAI,EAAE,CAC9C,CACF,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAA,cAAM,EAAC,CAAC,CAAC,CAAC,CAAA;gBACvB,OAAO;oBACL,KAAK,EAAE,MAAM,IAAI,CAAC,sBAAsB,CACtC,gBAAgB,EAChB,iBAAiB,EACjB,UAAU,EACV,cAAc,EACd,mBAAmB,EACnB,oBAAoB,EACpB,wBAAwB,CACzB;iBACF,CAAA;aACF;;KACF;IAEa,uBAAuB,CACnC,YAAoB,EACpB,kBAAoC,EACpC,gBAAqG,EACrG,cAAwB,EACxB,mBAA6B,EAC7B,oBAA8B;;YAE9B,MAAM,iBAAiB,GAAG,IAAI,GAAG,CAAC,MAAM,IAAI,CAAC,2BAA2B,CAAC,gBAAgB,CAAC,kBAAkB,EAAE,gBAAgB,CAAC,WAAW,CAAC,CAAC,CAAA;YAC5I,MAAM,sBAAsB,GAAG,IAAI,GAAG,CACpC,MAAM,IAAI,CAAC,2BAA2B,CAAC,qBAAqB,CAAC,kBAAkB,EAAE,gBAAgB,CAAC,WAAW,CAAC,CAC/G,CAAA;YACD,MAAM,uBAAuB,GAAG,IAAI,GAAG,CACrC,MAAM,IAAI,CAAC,2BAA2B,CAAC,sBAAsB,CAAC,kBAAkB,EAAE,gBAAgB,CAAC,WAAW,CAAC,CAChH,CAAA;YACD,MAAM,YAAY,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,iBAAiB,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAA;YAC9E,MAAM,iBAAiB,GAAG,mBAAmB,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,sBAAsB,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAA;YAC/F,MAAM,kBAAkB,GAAG,oBAAoB,CAAC,MAAM,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,uBAAuB,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAA;YAChG,IAAI,YAAY,CAAC,MAAM,IAAI,iBAAiB,CAAC,MAAM,IAAI,kBAAkB,CAAC,MAAM,EAAE;gBAChF,MAAM,qBAAqB,GAAG,MAAM,IAAI,CAAC,2BAA2B,CAAC,gBAAgB,CAAC,YAAY,EAAE,gBAAgB,CAAC,WAAW,CAAC,CAAA;gBACjI,MAAM,0BAA0B,GAAG,MAAM,IAAI,CAAC,2BAA2B,CAAC,qBAAqB,CAAC,iBAAiB,EAAE,gBAAgB,CAAC,WAAW,CAAC,CAAA;gBAChJ,MAAM,2BAA2B,GAAG,MAAM,IAAI,CAAC,2BAA2B,CAAC,sBAAsB,CAC/F,kBAAkB,EAClB,gBAAgB,CAAC,WAAW,CAC7B,CAAA;gBACD,OAAO,IAAI,qEAAiC,CAAC;oBAC3C,yBAAyB,EAAE,YAAY;oBACvC,SAAS,EAAE,MAAM,CAAC,WAAW,CAAC,qBAAqB,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,EAAE,EAAE,mBAAmB,CAAC,MAAM,CAAC,CAAC,CAAC;oBAClG,cAAc,EAAE,MAAM,CAAC,WAAW,CAAC,0BAA0B,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,GAAG,EAAE,mBAAmB,CAAC,MAAM,CAAC,CAAC,CAAC;oBAC9G,eAAe,EAAE,MAAM,CAAC,WAAW,CAAC,2BAA2B,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,EAAE,EAAE,mBAAmB,CAAC,MAAM,CAAC,CAAC,CAAC;iBAC/G,CAAC,CAAA;aACH;;gBAAM,OAAO,SAAS,CAAA;QACzB,CAAC;KAAA;IAEa,sBAAsB,CAClC,gBAAqG,EACrG,iBAA2B,EAC3B,UAAkB,EAClB,cAAwB,EACxB,mBAA6B,EAC7B,oBAA8B,EAC9B,wBAAwE;;YAExE,OAAO,IAAI,uCAAkB,iCACxB,CAAC,MAAM,IAAI,CAAC,iCAAiC,CAAC,gBAAgB,EAAE,UAAU,EAAE,cAAc,EAAE,mBAAmB,EAAE,oBAAoB,CAAC,CAAC,KAC1I,oBAAoB,EAAE,wBAAwB,EAC9C,iBAAiB,IACjB,CAAA;QACJ,CAAC;KAAA;IAEa,wBAAwB,CACpC,MAA+B,EAC/B,UAAkB,EAClB,cAAwB,EACxB,mBAA6B,EAC7B,oBAA8B,EAC9B,WAA4B,EAC5B,mBAAuC;;;YAQvC,sDAAsD;YACtD,MAAM,gBAAgB,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,2BAA2B,CACjF,UAAU,EACV,MAAM,CAAC,IAAI,EACX,MAAA,MAAM,CAAC,MAAM,CAAC,iBAAiB,mCAAI,EAAE,EACrC,KAAK,CACN,CAAA;YACD,MAAM,mBAAmB,GAAG,MAAM,IAAI,CAAC,wBAAwB,CAAC,uBAAuB,CACrF,gBAAgB,CAAC,mBAAmB,EACpC,MAAM,CAAC,IAAI,EACX,MAAA,MAAM,CAAC,MAAM,CAAC,iBAAiB,mCAAI,EAAE,CACtC,CAAA;YACD,MAAM,iBAAiB,GAAG,CACxB,MAAM,IAAI,CAAC,wBAAwB,CAAC,oBAAoB,CACtD,gBAAgB,CAAC,mBAAmB,EACpC,MAAM,CAAC,IAAI,EACX,MAAA,MAAM,CAAC,MAAM,CAAC,iBAAiB,mCAAI,EAAE,CACtC,CACF,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAA,cAAM,EAAC,CAAC,CAAC,CAAC,CAAA;YACvB,MAAM,yBAAyB,GAAG,iBAAiB;iBAChD,GAAG,CAAC,CAAC,GAAG,EAAE,KAAK,EAAE,EAAE;gBAClB,OAAO,CAAC,GAAG,EAAE,mBAAmB,CAAC,KAAK,CAAC,CAAC,CAAA;YAC1C,CAAC,CAAC;iBACD,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAA;YAE3C,MAAM,YAAY,GAAG,yBAAyB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAA;YACpD,MAAM,eAAe,GAAG,MAAM,CAAC,WAAW,CAAC,yBAAyB,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC,CAAC,CAAA;YACrH,MAAM,uBAAuB,GAAG,MAAM,IAAI,CAAC,iCAAiC,CAC1E,gBAAgB,EAChB,UAAU,EACV,cAAc,EACd,mBAAmB,EACnB,oBAAoB,CACrB,CAAA;YACD,MAAM,UAAU,GAAG,IAAI,mCAAgB,CAAC;gBACtC,SAAS,EAAE,uBAAuB,aAAvB,uBAAuB,uBAAvB,uBAAuB,CAAE,iBAAiB;gBACrD,QAAQ,EAAE,uBAAuB,aAAvB,uBAAuB,uBAAvB,uBAAuB,CAAE,gBAAgB;gBACnD,SAAS,EAAE,uBAAuB,aAAvB,uBAAuB,uBAAvB,uBAAuB,CAAE,SAAS;gBAC7C,cAAc,EAAE,uBAAuB,aAAvB,uBAAuB,uBAAvB,uBAAuB,CAAE,cAAc;gBACvD,eAAe,EAAE,uBAAuB,aAAvB,uBAAuB,uBAAvB,uBAAuB,CAAE,eAAe;gBACzD,iBAAiB,EAAE,mBAAmB,CAAC,CAAC,CAAC,CAAC,mBAAmB,CAAC,CAAC,CAAC,CAAC,SAAS;gBAC1E,cAAc,EAAE,uBAAuB,aAAvB,uBAAuB,uBAAvB,uBAAuB,CAAE,cAAc;gBACvD,uBAAuB,EAAE,uBAAuB,aAAvB,uBAAuB,uBAAvB,uBAAuB,CAAE,uBAAuB;gBACzE,WAAW,EAAE,WAAW;aACzB,CAAC,CAAA;YACF,OAAO;gBACL,sBAAsB,EAAE,YAAY;gBACpC,yBAAyB,EAAE,yBAAyB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;gBAC1D,UAAU;gBACV,uBAAuB,EAAE,uBAAuB,aAAvB,uBAAuB,uBAAvB,uBAAuB,CAAE,uBAAuB;gBACzE,yBAAyB,EAAE,eAAe;aAC3C,CAAA;;KACF;IAEa,iCAAiC,CAC7C,gBAAqG,EACrG,UAAkB,EAClB,cAAwB,EACxB,mBAA6B,EAC7B,oBAA8B;;YAU9B,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,qBAAqB,EAAE,CAAA;YAC9D,MAAM,kBAAkB,GACtB,UAAU,KAAK,MAAM;gBACnB,CAAC,CAAC,IAAI,CAAC,6BAA6B,CAAC,MAAM,EAAE,gBAAgB,CAAC,YAAY,CAAC;gBAC3E,CAAC,CAAC,MAAM,IAAI,CAAC,iCAAiC,CAAC,MAAM,EAAE,UAAU,EAAE,gBAAgB,CAAC,YAAY,CAAC,CAAA;YACrG,MAAM,kBAAkB,GAAG,MAAM,IAAI,CAAC,2BAA2B,CAAC,gBAAgB,CAAC,cAAc,EAAE,gBAAgB,CAAC,WAAW,CAAC,CAAA;YAChI,MAAM,uBAAuB,GAAG,MAAM,IAAI,CAAC,2BAA2B,CAAC,qBAAqB,CAAC,mBAAmB,EAAE,gBAAgB,CAAC,WAAW,CAAC,CAAA;YAC/I,MAAM,wBAAwB,GAAG,MAAM,IAAI,CAAC,2BAA2B,CAAC,sBAAsB,CAAC,oBAAoB,EAAE,gBAAgB,CAAC,WAAW,CAAC,CAAA;YAClJ,uCACK,kBAAkB,KACrB,SAAS,EAAE,kBAAkB,EAC7B,cAAc,EAAE,uBAAuB,EACvC,eAAe,EAAE,wBAAwB,IAC1C;QACH,CAAC;KAAA;IAEa,iCAAiC,CAC7C,MAAc,EACd,UAAkB,EAClB,YAA0B;;YAO1B,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,UAAU,CAAC,CAAA;YAC5D,IAAI,CAAC,YAAY,CAAC,4BAA4B,IAAI,CAAC,IAAI,CAAC,6BAA6B,EAAE;gBACrF,OAAO;oBACL,iBAAiB,EAAE,MAAM;oBACzB,gBAAgB,EAAE,UAAU;oBAC5B,cAAc,EAAE,YAAY,CAAC,EAAE;iBAChC,CAAA;aACF;iBAAM,IAAI,YAAY,CAAC,4BAA4B,IAAI,CAAC,IAAI,CAAC,6BAA6B,EAAE;gBAC3F,OAAO;oBACL,iBAAiB,EAAE,MAAM;oBACzB,uBAAuB,EAAE,MAAM,IAAI,CAAC,2BAA2B,CAAC,qBAAqB,CACnF,YAAY,CAAC,EAAG,EAChB,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,QAAQ,CAAC,mBAAmB,EAAE,CAAC,GAAG,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,WAAW,EAAE,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CACxH;iBACF,CAAA;aACF;iBAAM,IAAI,CAAC,YAAY,CAAC,4BAA4B,IAAI,IAAI,CAAC,6BAA6B,EAAE;gBAC3F;;mBAEG;gBACH,MAAM,kCAAkC,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,WAAW,CAAC,CAAC,CAAA;gBACzF,MAAM,oBAAoB,GAAgC,EAAE,CAAA;gBAC5D,KAAK,MAAM,MAAM,IAAI,CAAC,GAAG,YAAY,CAAC,8BAA8B,EAAE,GAAG,YAAY,CAAC,gCAAgC,CAAC,EAAE;oBACvH,MAAM,MAAM,GAAG,IAAA,qBAAa,EAAC,MAAM,CAAC,CAAA;oBACpC,MAAM,UAAU,GAAG,YAAY,CAAC,8BAA8B,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,gBAAU,CAAC,IAAI,CAAC,CAAC,CAAC,gBAAU,CAAC,MAAM,CAAA;oBACrH,IAAI,kCAAkC,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE;wBAClD,oBAAoB,CAAC,MAAM,CAAC,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,SAAS,CAAC,MAAM,EAAE,IAAA,cAAM,EAAC,MAAM,CAAC,EAAE,CAAC,SAAS,CAAC,EAAE,UAAU,CAAC,CAAA;qBACpH;iBACF;gBACD,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC,MAAM;oBAC3C,MAAM,IAAI,KAAK,CAAC,wFAAwF,CAAC,CAAA;gBAC3G,OAAO;oBACL,gBAAgB,EAAE,UAAU;oBAC5B,uBAAuB,EAAE,MAAM,IAAI,CAAC,2BAA2B,CAAC,qBAAqB,CAAC,YAAY,CAAC,EAAG,EAAE,oBAAoB,CAAC;iBAC9H,CAAA;aACF;;gBAAM,OAAO,EAAE,CAAA;QAClB,CAAC;KAAA;IAEO,6BAA6B,CACnC,MAAc,EACd,YAA0B;QAO1B,IAAI,IAAI,CAAC,6BAA6B,EAAE;YACtC,OAAO,EAAE,CAAA;SACV;aAAM;YACL,OAAO;gBACL,cAAc,EAAE,YAAY,CAAC,EAAE;gBAC/B,iBAAiB,EAAE,MAAM;gBACzB,gBAAgB,EAAE,MAAM;aACzB,CAAA;SACF;IACH,CAAC;IAEa,gBAAgB,CAAC,WAAmB;;YAChD,OAAO,IAAI,CAAC,kBAAkB,CAAC,GAAG,CAAC,WAAW,EAAE,GAAS,EAAE;gBACzD,MAAM,iBAAiB,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,kBAAkB,CAAC,WAAW,CAAC,CAAA;gBACjF,OAAO;oBACL,IAAI,EAAE;wBACJ,4BAA4B,EAAE,IAAI,CAAC,gBAAgB,CAAC,oCAAoC,CAAC,iBAAiB,CAAC;wBAC3G,8BAA8B,EAAE,KAAK,CAAC,IAAI,CAAC,IAAA,+BAAuB,EAAC,iBAAiB,CAAC,IAAI,CAAC,CAAC;wBAC3F,gCAAgC,EAAE,KAAK,CAAC,IAAI,CAAC,IAAA,iCAAyB,EAAC,iBAAiB,CAAC,IAAI,CAAC,CAAC;qBAChG;iBACF,CAAA;YACH,CAAC,CAAA,CAAC,CAAA;QACJ,CAAC;KAAA;IAEO,0CAA0C,CAChD,MAA6C,EAC7C,MAAgB;;QAEhB,MAAM,gBAAgB,GAAG,MAAA,MAAM,CAAC,gBAAgB,mCAAI,EAAE,CAAA;QACtD,MAAM,uBAAuB,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,GAAG,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,EAAE,eAAC,OAAA,MAAA,MAAA,gBAAgB,CAAC,gBAAgB,0CAAG,IAAI,CAAC,mCAAI,EAAE,CAAA,EAAA,CAAC,CAAC,CAAC,CAAA;QAC9H,MAAM,gBAAgB,GAAG,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,EAAE;;YAC/C,MAAM,iBAAiB,GAAG,MAAA,gBAAgB,CAAC,iBAAiB,0CAAG,IAAI,CAAC,CAAA;YACpE,OAAO,iBAAiB,CAAC,CAAC,CAAC,EAAE,YAAY,EAAE,IAAI,EAAE,gBAAgB,EAAE,iBAAiB,EAAE,CAAC,CAAC,CAAC,EAAE,CAAA;QAC7F,CAAC,CAAC,CAAA;QACF,IACE,gBAAgB,CAAC,MAAM,GAAG,CAAC;YAC3B,uBAAuB,CAAC,MAAM,GAAG,CAAC;YAClC,CAAC,CAAC,CAAC,uBAAuB,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAA,MAAA,gBAAgB,CAAC,CAAC,CAAC,0CAAE,YAAY,CAAA,IAAI,uBAAuB,CAAC,CAAC,CAAC,MAAK,MAAA,gBAAgB,CAAC,CAAC,CAAC,0CAAE,YAAY,CAAA,CAAC;YAEzI,MAAM,IAAI,KAAK,CAAC,kFAAkF,CAAC,CAAA;QACrG,MAAM,yBAAyB,GAAG,uBAAuB,CAAC,CAAC,CAAC,CAAA;QAC5D,MAAM,yBAAyB,GAAG,MAAA,gBAAgB,CAAC,iBAAiB,0CAAG,yBAAyB,CAAC,CAAA;QACjG,OAAO,CACL,MAAA,gBAAgB,CAAC,CAAC,CAAC,mCACnB,CAAC,CAAC,CAAC,yBAAyB,IAAI,CAAC,CAAC,yBAAyB;YACzD,CAAC,CAAC,EAAE,YAAY,EAAE,yBAAyB,EAAE,gBAAgB,EAAE,yBAAyB,EAAE;YAC1F,CAAC,CAAC,SAAS,CAAC,CACf,CAAA;IACH,CAAC;CACF;AAjaD,4DAiaC","sourcesContent":["import { EntityShareRequest } from '../../icc-api/model/requests/EntityShareRequest'\nimport { IccDataOwnerXApi } from '../icc-data-owner-x-api'\nimport { UserEncryptionKeysManager } from './UserEncryptionKeysManager'\nimport { CryptoStrategies } from './CryptoStrategies'\nimport { EncryptedEntityWithType, EntityWithDelegationTypeName } from '../utils/EntityWithDelegationTypeName'\nimport { LruTemporisedAsyncCache } from '../utils/lru-temporised-async-cache'\nimport { fingerprintV2, hexPublicKeysWithSha1Of, hexPublicKeysWithSha256Of } from './utils'\nimport { ExchangeDataManager } from './ExchangeDataManager'\nimport { ExchangeData } from '../../icc-api/model/internal/ExchangeData'\nimport { SecureDelegationsEncryption } from './SecureDelegationsEncryption'\nimport { CryptoPrimitives } from './CryptoPrimitives'\nimport { hex2ua, ua2hex } from '../utils'\nimport { AccessControlSecretUtils } from './AccessControlSecretUtils'\nimport { EntityShareOrMetadataUpdateRequest } from '../../icc-api/model/requests/EntityShareOrMetadataUpdateRequest'\nimport { EncryptedEntity, EncryptedEntityStub } from '../../icc-api/model/models'\nimport { SecureDelegation } from '../../icc-api/model/SecureDelegation'\nimport { EntitySharedMetadataUpdateRequest } from '../../icc-api/model/requests/EntitySharedMetadataUpdateRequest'\nimport EntryUpdateTypeEnum = EntitySharedMetadataUpdateRequest.EntryUpdateTypeEnum\nimport AccessLevelEnum = SecureDelegation.AccessLevelEnum\nimport { SecurityMetadata } from '../../icc-api/model/SecurityMetadata'\nimport { ExchangeDataMapManager } from './ExchangeDataMapManager'\nimport { ShaVersion } from './RSA'\n\nexport class SecureDelegationsManager {\n constructor(\n private readonly exchangeDataManager: ExchangeDataManager,\n private readonly exchangeDataMapManager: ExchangeDataMapManager,\n private readonly secureDelegationsEncryption: SecureDelegationsEncryption,\n private readonly accessControlSecretUtils: AccessControlSecretUtils,\n private readonly userKeys: UserEncryptionKeysManager,\n private readonly primitives: CryptoPrimitives,\n private readonly dataOwnerApi: IccDataOwnerXApi,\n private readonly cryptoStrategies: CryptoStrategies,\n private readonly selfNeedsAnonymousDelegations: boolean\n ) {}\n\n private readonly dataOwnerInfoCache: LruTemporisedAsyncCache<\n string,\n {\n requiresAnonymousDelegations: boolean\n availablePublicKeysHexWithSha1: string[]\n availablePublicKeysHexWithSha256: string[]\n }\n > = new LruTemporisedAsyncCache(100, () => 30 * 60 * 1000)\n\n /**\n * Note: this method does not save the updated entity.\n * @param entity an entity, must already have secret foreign keys initialised.\n * @param entityType the type of the entity\n * @param secretIds the initial secret ids to include and share with the auto-delegations\n * @param owningEntityIds the initial owning entity ids to include and share with the auto-delegations\n * @param encryptionKeys the initial encryption keys to include and share with the auto-delegations\n * @param autoDelegations the data owners which will initially have access to the entity in addition to the current data owner and the access level\n * they will have on the entity.\n * @return the entity with the security metadata initialised for the provided parameters.\n */\n async entityWithInitialisedEncryptedMetadata<T extends EncryptedEntity>(\n entity: T & { secretForeignKeys: string[] },\n entityType: EntityWithDelegationTypeName,\n secretIds: string[],\n owningEntityIds: string[],\n encryptionKeys: string[],\n autoDelegations: { [delegateId: string]: SecureDelegation.AccessLevelEnum }\n ): Promise<T> {\n const entityWithType: EncryptedEntityWithType = { entity, type: entityType }\n const rootDelegationInfo = await this.makeSecureDelegationInfo(\n entityWithType,\n await this.dataOwnerApi.getCurrentDataOwnerId(),\n secretIds,\n encryptionKeys,\n owningEntityIds,\n AccessLevelEnum.WRITE,\n undefined\n )\n const selfId = await this.dataOwnerApi.getCurrentDataOwnerId()\n const otherDelegationsInfo: {\n canonicalDelegationKey: string\n canonicalAccessControlKey: string\n delegation: SecureDelegation\n delegationKeyEquivalences: { [p: string]: string }\n encryptedExchangeDataId: { [fp: string]: string } | undefined\n }[] = []\n for (const [delegateId, permissions] of Object.entries(autoDelegations)) {\n if (delegateId !== selfId) {\n otherDelegationsInfo.push(\n await this.makeSecureDelegationInfo(\n entityWithType,\n delegateId,\n secretIds,\n encryptionKeys,\n owningEntityIds,\n permissions,\n rootDelegationInfo.canonicalDelegationKey\n )\n )\n }\n }\n const secureDelegations = Object.fromEntries(\n [rootDelegationInfo, ...otherDelegationsInfo].map(({ canonicalDelegationKey, delegation }) => [canonicalDelegationKey, delegation])\n )\n const keysEquivalences = {\n ...rootDelegationInfo.delegationKeyEquivalences,\n }\n for (const { delegationKeyEquivalences: otherKeyEquivalences } of otherDelegationsInfo) {\n Object.assign(keysEquivalences, otherKeyEquivalences)\n }\n const newExchangeDataMaps = Object.fromEntries(\n otherDelegationsInfo\n .filter(({ encryptedExchangeDataId }) => !!encryptedExchangeDataId)\n .map(({ canonicalAccessControlKey, encryptedExchangeDataId }) => [canonicalAccessControlKey, encryptedExchangeDataId!])\n )\n await this.exchangeDataMapManager.createExchangeDataMaps(newExchangeDataMaps)\n return {\n ...entity,\n securityMetadata: new SecurityMetadata({ secureDelegations, keysEquivalences }),\n }\n }\n\n /**\n * Make a request for sharing an entity with a delegate or to update existing shared metadata by adding additional secretIds, encryptionKeys or\n * owningEntityIds if there is already some metadata shared between the current data owner and the delegate. In case there is already a delegation\n * for the delegate, and it already contains all the provided metadata, this method returns undefined, since there is no need to make any request to\n * share the provided data.\n * @param entityWithType an entity with type\n * @param delegateId the id of the delegate\n * @param shareSecretIds the secret ids to share\n * @param shareEncryptionKeys the encryption keys to share\n * @param shareOwningEntityIds the owning entity ids to share\n * @param newDelegationPermissions the permissions to grant to the delegate in case a new delegation needs to be created. If this method creates an\n * update request instead of a share request, this parameter is ignored.\n * @return the request to share the entity, or the request to update the shared metadata for the entity, or undefined if there is no need to update\n * the entity to allow the delegate to access the provided data.\n */\n async makeShareOrUpdateRequestParams(\n entityWithType: EncryptedEntityWithType,\n delegateId: string,\n shareSecretIds: string[],\n shareEncryptionKeys: string[],\n shareOwningEntityIds: string[],\n newDelegationPermissions: EntityShareRequest.RequestedPermissionInternal\n ): Promise<EntityShareOrMetadataUpdateRequest | undefined> {\n const exchangeDataInfo = await this.exchangeDataManager.getOrCreateEncryptionDataTo(\n delegateId,\n entityWithType.type,\n entityWithType.entity.secretForeignKeys ?? [],\n false\n )\n const accessControlHashes = await this.accessControlSecretUtils.secureDelegationKeysFor(\n exchangeDataInfo.accessControlSecret,\n entityWithType.type,\n entityWithType.entity.secretForeignKeys ?? []\n )\n const existingSecureDelegation = this.getExistingCanonicalKeyAndSecureDelegation(entityWithType.entity, accessControlHashes)\n if (existingSecureDelegation) {\n const updateParams = await this.makeUpdateRequestParams(\n existingSecureDelegation.canonicalKey,\n existingSecureDelegation.secureDelegation,\n exchangeDataInfo,\n shareSecretIds,\n shareEncryptionKeys,\n shareOwningEntityIds\n )\n return updateParams ? { update: updateParams } : undefined\n } else {\n const accessControlKeys = (\n await this.accessControlSecretUtils.accessControlKeysFor(\n exchangeDataInfo.accessControlSecret,\n entityWithType.type,\n entityWithType.entity.secretForeignKeys ?? []\n )\n ).map((x) => ua2hex(x))\n return {\n share: await this.makeShareRequestParams(\n exchangeDataInfo,\n accessControlKeys,\n delegateId,\n shareSecretIds,\n shareEncryptionKeys,\n shareOwningEntityIds,\n newDelegationPermissions\n ),\n }\n }\n }\n\n private async makeUpdateRequestParams(\n canonicalKey: string,\n existingDelegation: SecureDelegation,\n exchangeDataInfo: { exchangeData: ExchangeData; accessControlSecret: string; exchangeKey: CryptoKey },\n shareSecretIds: string[],\n shareEncryptionKeys: string[],\n shareOwningEntityIds: string[]\n ): Promise<EntitySharedMetadataUpdateRequest | undefined> {\n const existingSecretIds = new Set(await this.secureDelegationsEncryption.decryptSecretIds(existingDelegation, exchangeDataInfo.exchangeKey))\n const existingEncryptionKeys = new Set(\n await this.secureDelegationsEncryption.decryptEncryptionKeys(existingDelegation, exchangeDataInfo.exchangeKey)\n )\n const existingOwningEntityIds = new Set(\n await this.secureDelegationsEncryption.decryptOwningEntityIds(existingDelegation, exchangeDataInfo.exchangeKey)\n )\n const newSecretIds = shareSecretIds.filter((id) => !existingSecretIds.has(id))\n const newEncryptionKeys = shareEncryptionKeys.filter((key) => !existingEncryptionKeys.has(key))\n const newOwningEntityIds = shareOwningEntityIds.filter((id) => !existingOwningEntityIds.has(id))\n if (newSecretIds.length || newEncryptionKeys.length || newOwningEntityIds.length) {\n const encryptedNewSecretIds = await this.secureDelegationsEncryption.encryptSecretIds(newSecretIds, exchangeDataInfo.exchangeKey)\n const encryptedNewEncryptionKeys = await this.secureDelegationsEncryption.encryptEncryptionKeys(newEncryptionKeys, exchangeDataInfo.exchangeKey)\n const encryptedNewOwningEntityIds = await this.secureDelegationsEncryption.encryptOwningEntityIds(\n newOwningEntityIds,\n exchangeDataInfo.exchangeKey\n )\n return new EntitySharedMetadataUpdateRequest({\n metadataAccessControlHash: canonicalKey,\n secretIds: Object.fromEntries(encryptedNewSecretIds.map((id) => [id, EntryUpdateTypeEnum.CREATE])),\n encryptionKeys: Object.fromEntries(encryptedNewEncryptionKeys.map((key) => [key, EntryUpdateTypeEnum.CREATE])),\n owningEntityIds: Object.fromEntries(encryptedNewOwningEntityIds.map((id) => [id, EntryUpdateTypeEnum.CREATE])),\n })\n } else return undefined\n }\n\n private async makeShareRequestParams(\n exchangeDataInfo: { exchangeData: ExchangeData; accessControlSecret: string; exchangeKey: CryptoKey },\n accessControlKeys: string[],\n delegateId: string,\n shareSecretIds: string[],\n shareEncryptionKeys: string[],\n shareOwningEntityIds: string[],\n newDelegationPermissions: EntityShareRequest.RequestedPermissionInternal\n ): Promise<EntityShareRequest> {\n return new EntityShareRequest({\n ...(await this.makeSecureDelegationEncryptedData(exchangeDataInfo, delegateId, shareSecretIds, shareEncryptionKeys, shareOwningEntityIds)),\n requestedPermissions: newDelegationPermissions,\n accessControlKeys,\n })\n }\n\n private async makeSecureDelegationInfo(\n entity: EncryptedEntityWithType,\n delegateId: string,\n shareSecretIds: string[],\n shareEncryptionKeys: string[],\n shareOwningEntityIds: string[],\n permissions: AccessLevelEnum,\n parentDelegationKey: string | undefined\n ): Promise<{\n canonicalDelegationKey: string\n canonicalAccessControlKey: string\n delegation: SecureDelegation\n encryptedExchangeDataId: { [fp: string]: string } | undefined\n delegationKeyEquivalences: { [alias: string]: string }\n }> {\n // Be wary of explicit delegator and explicit delegate\n const exchangeDataInfo = await this.exchangeDataManager.getOrCreateEncryptionDataTo(\n delegateId,\n entity.type,\n entity.entity.secretForeignKeys ?? [],\n false\n )\n const accessControlHashes = await this.accessControlSecretUtils.secureDelegationKeysFor(\n exchangeDataInfo.accessControlSecret,\n entity.type,\n entity.entity.secretForeignKeys ?? []\n )\n const accessControlKeys = (\n await this.accessControlSecretUtils.accessControlKeysFor(\n exchangeDataInfo.accessControlSecret,\n entity.type,\n entity.entity.secretForeignKeys ?? []\n )\n ).map((x) => ua2hex(x))\n const accessControlKeysToHashes = accessControlKeys\n .map((key, index) => {\n return [key, accessControlHashes[index]]\n })\n .sort((a, b) => a[1].localeCompare(b[1]))\n\n const canonicalKey = accessControlKeysToHashes[0][1]\n const keyEquivalences = Object.fromEntries(accessControlKeysToHashes.slice(1).map((hash) => [hash[1], canonicalKey]))\n const encryptedDelegationInfo = await this.makeSecureDelegationEncryptedData(\n exchangeDataInfo,\n delegateId,\n shareSecretIds,\n shareEncryptionKeys,\n shareOwningEntityIds\n )\n const delegation = new SecureDelegation({\n delegator: encryptedDelegationInfo?.explicitDelegator,\n delegate: encryptedDelegationInfo?.explicitDelegate,\n secretIds: encryptedDelegationInfo?.secretIds,\n encryptionKeys: encryptedDelegationInfo?.encryptionKeys,\n owningEntityIds: encryptedDelegationInfo?.owningEntityIds,\n parentDelegations: parentDelegationKey ? [parentDelegationKey] : undefined,\n exchangeDataId: encryptedDelegationInfo?.exchangeDataId,\n encryptedExchangeDataId: encryptedDelegationInfo?.encryptedExchangeDataId,\n permissions: permissions,\n })\n return {\n canonicalDelegationKey: canonicalKey,\n canonicalAccessControlKey: accessControlKeysToHashes[0][0],\n delegation,\n encryptedExchangeDataId: encryptedDelegationInfo?.encryptedExchangeDataId,\n delegationKeyEquivalences: keyEquivalences,\n }\n }\n\n private async makeSecureDelegationEncryptedData(\n exchangeDataInfo: { exchangeData: ExchangeData; accessControlSecret: string; exchangeKey: CryptoKey },\n delegateId: string,\n shareSecretIds: string[],\n shareEncryptionKeys: string[],\n shareOwningEntityIds: string[]\n ): Promise<{\n explicitDelegator?: string\n explicitDelegate?: string\n secretIds?: string[]\n encryptionKeys?: string[]\n owningEntityIds?: string[]\n exchangeDataId?: string\n encryptedExchangeDataId?: { [fp: string]: string } // TODO if secure delegation info, check cache before calculating\n }> {\n const selfId = await this.dataOwnerApi.getCurrentDataOwnerId()\n const exchangeDataIdInfo =\n delegateId === selfId\n ? this.makeExchangeDataIdInfoForSelf(selfId, exchangeDataInfo.exchangeData)\n : await this.makeExchangeDataIdInfoForDelegate(selfId, delegateId, exchangeDataInfo.exchangeData)\n const encryptedSecretIds = await this.secureDelegationsEncryption.encryptSecretIds(shareSecretIds, exchangeDataInfo.exchangeKey)\n const encryptedEncryptionKeys = await this.secureDelegationsEncryption.encryptEncryptionKeys(shareEncryptionKeys, exchangeDataInfo.exchangeKey)\n const encryptedOwningEntityIds = await this.secureDelegationsEncryption.encryptOwningEntityIds(shareOwningEntityIds, exchangeDataInfo.exchangeKey)\n return {\n ...exchangeDataIdInfo,\n secretIds: encryptedSecretIds,\n encryptionKeys: encryptedEncryptionKeys,\n owningEntityIds: encryptedOwningEntityIds,\n }\n }\n\n private async makeExchangeDataIdInfoForDelegate(\n selfId: string,\n delegateId: string,\n exchangeData: ExchangeData\n ): Promise<{\n exchangeDataId?: string\n encryptedExchangeDataId?: { [fp: string]: string }\n explicitDelegator?: string\n explicitDelegate?: string\n }> {\n const delegateInfo = await this.getDataOwnerInfo(delegateId)\n if (!delegateInfo.requiresAnonymousDelegations && !this.selfNeedsAnonymousDelegations) {\n return {\n explicitDelegator: selfId,\n explicitDelegate: delegateId,\n exchangeDataId: exchangeData.id,\n }\n } else if (delegateInfo.requiresAnonymousDelegations && !this.selfNeedsAnonymousDelegations) {\n return {\n explicitDelegator: selfId,\n encryptedExchangeDataId: await this.secureDelegationsEncryption.encryptExchangeDataId(\n exchangeData.id!,\n Object.fromEntries(this.userKeys.getSelfVerifiedKeys().map((keyInfo) => [keyInfo.fingerprint, keyInfo.pair.publicKey]))\n ),\n }\n } else if (!delegateInfo.requiresAnonymousDelegations && this.selfNeedsAnonymousDelegations) {\n /**\n * Important: this requires that the exchange data signature also validates the authenticity of the public keys included in there.\n */\n const fingerprintsOfVerifiedExchangeData = new Set(Object.keys(exchangeData.exchangeKey))\n const delegateVerifiedKeys: { [fp: string]: CryptoKey } = {}\n for (const keyHex of [...delegateInfo.availablePublicKeysHexWithSha1, ...delegateInfo.availablePublicKeysHexWithSha256]) {\n const currFp = fingerprintV2(keyHex)\n const shaVersion = delegateInfo.availablePublicKeysHexWithSha1.includes(keyHex) ? ShaVersion.Sha1 : ShaVersion.Sha256\n if (fingerprintsOfVerifiedExchangeData.has(currFp)) {\n delegateVerifiedKeys[currFp] = await this.primitives.RSA.importKey('spki', hex2ua(keyHex), ['encrypt'], shaVersion)\n }\n }\n if (!Object.keys(delegateVerifiedKeys).length)\n throw new Error('Illegal state: could not find any verified key for delegate in verified exchange data.')\n return {\n explicitDelegate: delegateId,\n encryptedExchangeDataId: await this.secureDelegationsEncryption.encryptExchangeDataId(exchangeData.id!, delegateVerifiedKeys),\n }\n } else return {}\n }\n\n private makeExchangeDataIdInfoForSelf(\n selfId: string,\n exchangeData: ExchangeData\n ): {\n exchangeDataId?: string\n encryptedExchangeDataId?: { [fp: string]: string }\n explicitDelegator?: string\n explicitDelegate?: string\n } {\n if (this.selfNeedsAnonymousDelegations) {\n return {}\n } else {\n return {\n exchangeDataId: exchangeData.id,\n explicitDelegator: selfId,\n explicitDelegate: selfId,\n }\n }\n }\n\n private async getDataOwnerInfo(dataOwnerId: string) {\n return this.dataOwnerInfoCache.get(dataOwnerId, async () => {\n const dataOwnerWithType = await this.dataOwnerApi.getCryptoActorStub(dataOwnerId)\n return {\n item: {\n requiresAnonymousDelegations: this.cryptoStrategies.dataOwnerRequiresAnonymousDelegation(dataOwnerWithType),\n availablePublicKeysHexWithSha1: Array.from(hexPublicKeysWithSha1Of(dataOwnerWithType.stub)),\n availablePublicKeysHexWithSha256: Array.from(hexPublicKeysWithSha256Of(dataOwnerWithType.stub)),\n },\n }\n })\n }\n\n private getExistingCanonicalKeyAndSecureDelegation(\n entity: EncryptedEntityStub | EncryptedEntity,\n hashes: string[]\n ): { canonicalKey: string; secureDelegation: SecureDelegation } | undefined {\n const securityMetadata = entity.securityMetadata ?? {}\n const canonicalByEquivalences = Array.from(new Set(hashes.flatMap((hash) => securityMetadata.keysEquivalences?.[hash] ?? [])))\n const directRetrievals = hashes.flatMap((hash) => {\n const retrievedMetadata = securityMetadata.secureDelegations?.[hash]\n return retrievedMetadata ? { canonicalKey: hash, secureDelegation: retrievedMetadata } : []\n })\n if (\n directRetrievals.length > 1 ||\n canonicalByEquivalences.length > 1 ||\n (!!canonicalByEquivalences[0] && !!directRetrievals[0]?.canonicalKey && canonicalByEquivalences[0] !== directRetrievals[0]?.canonicalKey)\n )\n throw new Error('Illegal state: multiple secure delegations matching equivalent hashes of entity.')\n const canonicalFromEquivalences = canonicalByEquivalences[0]\n const retrievedFromEquivalences = securityMetadata.secureDelegations?.[canonicalFromEquivalences]\n return (\n directRetrievals[0] ??\n (!!canonicalFromEquivalences && !!retrievedFromEquivalences\n ? { canonicalKey: canonicalFromEquivalences, secureDelegation: retrievedFromEquivalences }\n : undefined)\n )\n }\n}\n"]}
|
|
1
|
+
{"version":3,"file":"SecureDelegationsManager.js","sourceRoot":"","sources":["../../../icc-x-api/crypto/SecureDelegationsManager.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,wFAAoF;AAKpF,oFAA6E;AAC7E,mCAA8G;AAK9G,oCAAyC;AAIzC,2EAAuE;AACvE,sHAAkH;AAClH,IAAO,mBAAmB,GAAG,qEAAiC,CAAC,mBAAmB,CAAA;AAClF,IAAO,eAAe,GAAG,mCAAgB,CAAC,eAAe,CAAA;AACzD,2EAAuE;AAEvE,+BAAkC;AAElC,MAAa,wBAAwB;IACnC,YACmB,mBAAwC,EACxC,sBAA8C,EAC9C,2BAAwD,EACxD,wBAAkD,EAClD,QAAmC,EACnC,UAA4B,EAC5B,YAA8B,EAC9B,gBAAkC,EAClC,6BAAsC;QARtC,wBAAmB,GAAnB,mBAAmB,CAAqB;QACxC,2BAAsB,GAAtB,sBAAsB,CAAwB;QAC9C,gCAA2B,GAA3B,2BAA2B,CAA6B;QACxD,6BAAwB,GAAxB,wBAAwB,CAA0B;QAClD,aAAQ,GAAR,QAAQ,CAA2B;QACnC,eAAU,GAAV,UAAU,CAAkB;QAC5B,iBAAY,GAAZ,YAAY,CAAkB;QAC9B,qBAAgB,GAAhB,gBAAgB,CAAkB;QAClC,kCAA6B,GAA7B,6BAA6B,CAAS;QAGxC,uBAAkB,GAO/B,IAAI,oDAAuB,CAAC,GAAG,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAA;IATvD,CAAC;IAWJ;;;;;;;;;;OAUG;IACG,sCAAsC,CAC1C,MAA2C,EAC3C,UAAwC,EACxC,SAAmB,EACnB,eAAyB,EACzB,cAAwB,EACxB,eAA2E;;YAE3E,MAAM,cAAc,GAA4B,EAAE,MAAM,EAAE,IAAI,EAAE,UAAU,EAAE,CAAA;YAC5E,MAAM,kBAAkB,GAAG,MAAM,IAAI,CAAC,wBAAwB,CAC5D,cAAc,EACd,MAAM,IAAI,CAAC,YAAY,CAAC,qBAAqB,EAAE,EAC/C,SAAS,EACT,cAAc,EACd,eAAe,EACf,eAAe,CAAC,KAAK,EACrB,SAAS,CACV,CAAA;YACD,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,qBAAqB,EAAE,CAAA;YAC9D,MAAM,oBAAoB,GAMpB,EAAE,CAAA;YACR,KAAK,MAAM,CAAC,UAAU,EAAE,WAAW,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,eAAe,CAAC,EAAE;gBACvE,IAAI,UAAU,KAAK,MAAM,EAAE;oBACzB,oBAAoB,CAAC,IAAI,CACvB,MAAM,IAAI,CAAC,wBAAwB,CACjC,cAAc,EACd,UAAU,EACV,SAAS,EACT,cAAc,EACd,eAAe,EACf,WAAW,EACX,kBAAkB,CAAC,sBAAsB,CAC1C,CACF,CAAA;iBACF;aACF;YACD,MAAM,iBAAiB,GAAG,MAAM,CAAC,WAAW,CAC1C,CAAC,kBAAkB,EAAE,GAAG,oBAAoB,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,sBAAsB,EAAE,UAAU,EAAE,EAAE,EAAE,CAAC,CAAC,sBAAsB,EAAE,UAAU,CAAC,CAAC,CACpI,CAAA;YACD,MAAM,gBAAgB,qBACjB,kBAAkB,CAAC,yBAAyB,CAChD,CAAA;YACD,KAAK,MAAM,EAAE,yBAAyB,EAAE,oBAAoB,EAAE,IAAI,oBAAoB,EAAE;gBACtF,MAAM,CAAC,MAAM,CAAC,gBAAgB,EAAE,oBAAoB,CAAC,CAAA;aACtD;YACD,MAAM,mBAAmB,GAAG,MAAM,CAAC,WAAW,CAC5C,oBAAoB;iBACjB,MAAM,CAAC,CAAC,EAAE,uBAAuB,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC,uBAAuB,CAAC;iBAClE,GAAG,CAAC,CAAC,EAAE,yBAAyB,EAAE,uBAAuB,EAAE,EAAE,EAAE,CAAC,CAAC,yBAAyB,EAAE,uBAAwB,CAAC,CAAC,CAC1H,CAAA;YACD,MAAM,IAAI,CAAC,sBAAsB,CAAC,sBAAsB,CAAC,mBAAmB,CAAC,CAAA;YAC7E,uCACK,MAAM,KACT,gBAAgB,EAAE,IAAI,mCAAgB,CAAC,EAAE,iBAAiB,EAAE,gBAAgB,EAAE,CAAC,IAChF;QACH,CAAC;KAAA;IAED;;;;;;;;;;;;;;OAcG;IACG,8BAA8B,CAClC,cAAuC,EACvC,UAAkB,EAClB,cAAwB,EACxB,mBAA6B,EAC7B,oBAA8B,EAC9B,wBAAwE;;;YAExE,MAAM,gBAAgB,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,2BAA2B,CACjF,UAAU,EACV,cAAc,CAAC,IAAI,EACnB,MAAA,cAAc,CAAC,MAAM,CAAC,iBAAiB,mCAAI,EAAE,EAC7C,KAAK,CACN,CAAA;YACD,MAAM,mBAAmB,GAAG,MAAM,IAAI,CAAC,wBAAwB,CAAC,uBAAuB,CACrF,gBAAgB,CAAC,mBAAmB,EACpC,cAAc,CAAC,IAAI,EACnB,MAAA,cAAc,CAAC,MAAM,CAAC,iBAAiB,mCAAI,EAAE,CAC9C,CAAA;YACD,MAAM,wBAAwB,GAAG,IAAI,CAAC,0CAA0C,CAAC,cAAc,CAAC,MAAM,EAAE,mBAAmB,CAAC,CAAA;YAC5H,IAAI,wBAAwB,EAAE;gBAC5B,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,uBAAuB,CACrD,wBAAwB,CAAC,YAAY,EACrC,wBAAwB,CAAC,gBAAgB,EACzC,gBAAgB,EAChB,cAAc,EACd,mBAAmB,EACnB,oBAAoB,CACrB,CAAA;gBACD,OAAO,YAAY,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,YAAY,EAAE,CAAC,CAAC,CAAC,SAAS,CAAA;aAC3D;iBAAM;gBACL,MAAM,iBAAiB,GAAG,CACxB,MAAM,IAAI,CAAC,wBAAwB,CAAC,oBAAoB,CACtD,gBAAgB,CAAC,mBAAmB,EACpC,cAAc,CAAC,IAAI,EACnB,MAAA,cAAc,CAAC,MAAM,CAAC,iBAAiB,mCAAI,EAAE,CAC9C,CACF,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAA,cAAM,EAAC,CAAC,CAAC,CAAC,CAAA;gBACvB,OAAO;oBACL,KAAK,EAAE,MAAM,IAAI,CAAC,sBAAsB,CACtC,gBAAgB,EAChB,iBAAiB,EACjB,UAAU,EACV,cAAc,EACd,mBAAmB,EACnB,oBAAoB,EACpB,wBAAwB,CACzB;iBACF,CAAA;aACF;;KACF;IAEa,uBAAuB,CACnC,YAAoB,EACpB,kBAAoC,EACpC,gBAAqG,EACrG,cAAwB,EACxB,mBAA6B,EAC7B,oBAA8B;;YAE9B,MAAM,iBAAiB,GAAG,IAAI,GAAG,CAAC,MAAM,IAAI,CAAC,2BAA2B,CAAC,gBAAgB,CAAC,kBAAkB,EAAE,gBAAgB,CAAC,WAAW,CAAC,CAAC,CAAA;YAC5I,MAAM,sBAAsB,GAAG,IAAI,GAAG,CACpC,MAAM,IAAI,CAAC,2BAA2B,CAAC,qBAAqB,CAAC,kBAAkB,EAAE,gBAAgB,CAAC,WAAW,CAAC,CAC/G,CAAA;YACD,MAAM,uBAAuB,GAAG,IAAI,GAAG,CACrC,MAAM,IAAI,CAAC,2BAA2B,CAAC,sBAAsB,CAAC,kBAAkB,EAAE,gBAAgB,CAAC,WAAW,CAAC,CAChH,CAAA;YACD,MAAM,YAAY,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,iBAAiB,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAA;YAC9E,MAAM,iBAAiB,GAAG,mBAAmB,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,sBAAsB,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAA;YAC/F,MAAM,kBAAkB,GAAG,oBAAoB,CAAC,MAAM,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,uBAAuB,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAA;YAChG,IAAI,YAAY,CAAC,MAAM,IAAI,iBAAiB,CAAC,MAAM,IAAI,kBAAkB,CAAC,MAAM,EAAE;gBAChF,MAAM,qBAAqB,GAAG,MAAM,IAAI,CAAC,2BAA2B,CAAC,gBAAgB,CAAC,YAAY,EAAE,gBAAgB,CAAC,WAAW,CAAC,CAAA;gBACjI,MAAM,0BAA0B,GAAG,MAAM,IAAI,CAAC,2BAA2B,CAAC,qBAAqB,CAAC,iBAAiB,EAAE,gBAAgB,CAAC,WAAW,CAAC,CAAA;gBAChJ,MAAM,2BAA2B,GAAG,MAAM,IAAI,CAAC,2BAA2B,CAAC,sBAAsB,CAC/F,kBAAkB,EAClB,gBAAgB,CAAC,WAAW,CAC7B,CAAA;gBACD,OAAO,IAAI,qEAAiC,CAAC;oBAC3C,yBAAyB,EAAE,YAAY;oBACvC,SAAS,EAAE,MAAM,CAAC,WAAW,CAAC,qBAAqB,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,EAAE,EAAE,mBAAmB,CAAC,MAAM,CAAC,CAAC,CAAC;oBAClG,cAAc,EAAE,MAAM,CAAC,WAAW,CAAC,0BAA0B,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,GAAG,EAAE,mBAAmB,CAAC,MAAM,CAAC,CAAC,CAAC;oBAC9G,eAAe,EAAE,MAAM,CAAC,WAAW,CAAC,2BAA2B,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,EAAE,EAAE,mBAAmB,CAAC,MAAM,CAAC,CAAC,CAAC;iBAC/G,CAAC,CAAA;aACH;;gBAAM,OAAO,SAAS,CAAA;QACzB,CAAC;KAAA;IAEa,sBAAsB,CAClC,gBAAqG,EACrG,iBAA2B,EAC3B,UAAkB,EAClB,cAAwB,EACxB,mBAA6B,EAC7B,oBAA8B,EAC9B,wBAAwE;;YAExE,OAAO,IAAI,uCAAkB,iCACxB,CAAC,MAAM,IAAI,CAAC,iCAAiC,CAAC,gBAAgB,EAAE,UAAU,EAAE,cAAc,EAAE,mBAAmB,EAAE,oBAAoB,CAAC,CAAC,KAC1I,oBAAoB,EAAE,wBAAwB,EAC9C,iBAAiB,IACjB,CAAA;QACJ,CAAC;KAAA;IAEa,wBAAwB,CACpC,MAA+B,EAC/B,UAAkB,EAClB,cAAwB,EACxB,mBAA6B,EAC7B,oBAA8B,EAC9B,WAA4B,EAC5B,mBAAuC;;;YAQvC,sDAAsD;YACtD,MAAM,gBAAgB,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,2BAA2B,CACjF,UAAU,EACV,MAAM,CAAC,IAAI,EACX,MAAA,MAAM,CAAC,MAAM,CAAC,iBAAiB,mCAAI,EAAE,EACrC,KAAK,CACN,CAAA;YACD,MAAM,mBAAmB,GAAG,MAAM,IAAI,CAAC,wBAAwB,CAAC,uBAAuB,CACrF,gBAAgB,CAAC,mBAAmB,EACpC,MAAM,CAAC,IAAI,EACX,MAAA,MAAM,CAAC,MAAM,CAAC,iBAAiB,mCAAI,EAAE,CACtC,CAAA;YACD,MAAM,iBAAiB,GAAG,CACxB,MAAM,IAAI,CAAC,wBAAwB,CAAC,oBAAoB,CACtD,gBAAgB,CAAC,mBAAmB,EACpC,MAAM,CAAC,IAAI,EACX,MAAA,MAAM,CAAC,MAAM,CAAC,iBAAiB,mCAAI,EAAE,CACtC,CACF,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAA,cAAM,EAAC,CAAC,CAAC,CAAC,CAAA;YACvB,MAAM,yBAAyB,GAAG,iBAAiB;iBAChD,GAAG,CAAC,CAAC,GAAG,EAAE,KAAK,EAAE,EAAE;gBAClB,OAAO,CAAC,GAAG,EAAE,mBAAmB,CAAC,KAAK,CAAC,CAAC,CAAA;YAC1C,CAAC,CAAC;iBACD,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAA;YAE3C,MAAM,YAAY,GAAG,yBAAyB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAA;YACpD,MAAM,eAAe,GAAG,MAAM,CAAC,WAAW,CAAC,yBAAyB,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC,CAAC,CAAA;YACrH,MAAM,uBAAuB,GAAG,MAAM,IAAI,CAAC,iCAAiC,CAC1E,gBAAgB,EAChB,UAAU,EACV,cAAc,EACd,mBAAmB,EACnB,oBAAoB,CACrB,CAAA;YACD,MAAM,UAAU,GAAG,IAAI,mCAAgB,CAAC;gBACtC,SAAS,EAAE,uBAAuB,aAAvB,uBAAuB,uBAAvB,uBAAuB,CAAE,iBAAiB;gBACrD,QAAQ,EAAE,uBAAuB,aAAvB,uBAAuB,uBAAvB,uBAAuB,CAAE,gBAAgB;gBACnD,SAAS,EAAE,uBAAuB,aAAvB,uBAAuB,uBAAvB,uBAAuB,CAAE,SAAS;gBAC7C,cAAc,EAAE,uBAAuB,aAAvB,uBAAuB,uBAAvB,uBAAuB,CAAE,cAAc;gBACvD,eAAe,EAAE,uBAAuB,aAAvB,uBAAuB,uBAAvB,uBAAuB,CAAE,eAAe;gBACzD,iBAAiB,EAAE,mBAAmB,CAAC,CAAC,CAAC,CAAC,mBAAmB,CAAC,CAAC,CAAC,CAAC,SAAS;gBAC1E,cAAc,EAAE,uBAAuB,aAAvB,uBAAuB,uBAAvB,uBAAuB,CAAE,cAAc;gBACvD,uBAAuB,EAAE,uBAAuB,aAAvB,uBAAuB,uBAAvB,uBAAuB,CAAE,uBAAuB;gBACzE,WAAW,EAAE,WAAW;aACzB,CAAC,CAAA;YACF,OAAO;gBACL,sBAAsB,EAAE,YAAY;gBACpC,yBAAyB,EAAE,yBAAyB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;gBAC1D,UAAU;gBACV,uBAAuB,EAAE,uBAAuB,aAAvB,uBAAuB,uBAAvB,uBAAuB,CAAE,uBAAuB;gBACzE,yBAAyB,EAAE,eAAe;aAC3C,CAAA;;KACF;IAEa,iCAAiC,CAC7C,gBAAqG,EACrG,UAAkB,EAClB,cAAwB,EACxB,mBAA6B,EAC7B,oBAA8B;;YAU9B,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,qBAAqB,EAAE,CAAA;YAC9D,MAAM,kBAAkB,GACtB,UAAU,KAAK,MAAM;gBACnB,CAAC,CAAC,IAAI,CAAC,6BAA6B,CAAC,MAAM,EAAE,gBAAgB,CAAC,YAAY,CAAC;gBAC3E,CAAC,CAAC,MAAM,IAAI,CAAC,iCAAiC,CAAC,MAAM,EAAE,UAAU,EAAE,gBAAgB,CAAC,YAAY,CAAC,CAAA;YACrG,MAAM,kBAAkB,GAAG,MAAM,IAAI,CAAC,2BAA2B,CAAC,gBAAgB,CAAC,cAAc,EAAE,gBAAgB,CAAC,WAAW,CAAC,CAAA;YAChI,MAAM,uBAAuB,GAAG,MAAM,IAAI,CAAC,2BAA2B,CAAC,qBAAqB,CAAC,mBAAmB,EAAE,gBAAgB,CAAC,WAAW,CAAC,CAAA;YAC/I,MAAM,wBAAwB,GAAG,MAAM,IAAI,CAAC,2BAA2B,CAAC,sBAAsB,CAAC,oBAAoB,EAAE,gBAAgB,CAAC,WAAW,CAAC,CAAA;YAClJ,uCACK,kBAAkB,KACrB,SAAS,EAAE,kBAAkB,EAC7B,cAAc,EAAE,uBAAuB,EACvC,eAAe,EAAE,wBAAwB,IAC1C;QACH,CAAC;KAAA;IAEa,iCAAiC,CAC7C,MAAc,EACd,UAAkB,EAClB,YAA0B;;YAO1B,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,UAAU,CAAC,CAAA;YAC5D,IAAI,CAAC,YAAY,CAAC,4BAA4B,IAAI,CAAC,IAAI,CAAC,6BAA6B,EAAE;gBACrF,OAAO;oBACL,iBAAiB,EAAE,MAAM;oBACzB,gBAAgB,EAAE,UAAU;oBAC5B,cAAc,EAAE,YAAY,CAAC,EAAE;iBAChC,CAAA;aACF;iBAAM,IAAI,YAAY,CAAC,4BAA4B,IAAI,CAAC,IAAI,CAAC,6BAA6B,EAAE;gBAC3F,OAAO;oBACL,iBAAiB,EAAE,MAAM;oBACzB,uBAAuB,EAAE,MAAM,IAAI,CAAC,2BAA2B,CAAC,qBAAqB,CACnF,YAAY,CAAC,EAAG,EAChB,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,QAAQ,CAAC,mBAAmB,EAAE,CAAC,GAAG,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,IAAA,yBAAiB,EAAC,OAAO,CAAC,WAAW,CAAC,EAAE,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAC3I;iBACF,CAAA;aACF;iBAAM,IAAI,CAAC,YAAY,CAAC,4BAA4B,IAAI,IAAI,CAAC,6BAA6B,EAAE;gBAC3F;;mBAEG;gBACH,MAAM,kCAAkC,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,WAAW,CAAC,CAAC,CAAA;gBACzF,MAAM,oBAAoB,GAAgC,EAAE,CAAA;gBAC5D,KAAK,MAAM,MAAM,IAAI,CAAC,GAAG,YAAY,CAAC,8BAA8B,EAAE,GAAG,YAAY,CAAC,gCAAgC,CAAC,EAAE;oBACvH,MAAM,MAAM,GAAG,IAAA,qBAAa,EAAC,MAAM,CAAC,CAAA;oBACpC,MAAM,UAAU,GAAG,YAAY,CAAC,8BAA8B,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,gBAAU,CAAC,IAAI,CAAC,CAAC,CAAC,gBAAU,CAAC,MAAM,CAAA;oBACrH,IAAI,kCAAkC,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE;wBAClD,oBAAoB,CAAC,MAAM,CAAC,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,SAAS,CAAC,MAAM,EAAE,IAAA,cAAM,EAAC,MAAM,CAAC,EAAE,CAAC,SAAS,CAAC,EAAE,UAAU,CAAC,CAAA;qBACpH;iBACF;gBACD,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC,MAAM;oBAC3C,MAAM,IAAI,KAAK,CAAC,wFAAwF,CAAC,CAAA;gBAC3G,OAAO;oBACL,gBAAgB,EAAE,UAAU;oBAC5B,uBAAuB,EAAE,MAAM,IAAI,CAAC,2BAA2B,CAAC,qBAAqB,CAAC,YAAY,CAAC,EAAG,EAAE,oBAAoB,CAAC;iBAC9H,CAAA;aACF;;gBAAM,OAAO,EAAE,CAAA;QAClB,CAAC;KAAA;IAEO,6BAA6B,CACnC,MAAc,EACd,YAA0B;QAO1B,IAAI,IAAI,CAAC,6BAA6B,EAAE;YACtC,OAAO,EAAE,CAAA;SACV;aAAM;YACL,OAAO;gBACL,cAAc,EAAE,YAAY,CAAC,EAAE;gBAC/B,iBAAiB,EAAE,MAAM;gBACzB,gBAAgB,EAAE,MAAM;aACzB,CAAA;SACF;IACH,CAAC;IAEa,gBAAgB,CAAC,WAAmB;;YAChD,OAAO,IAAI,CAAC,kBAAkB,CAAC,GAAG,CAAC,WAAW,EAAE,GAAS,EAAE;gBACzD,MAAM,iBAAiB,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,kBAAkB,CAAC,WAAW,CAAC,CAAA;gBACjF,OAAO;oBACL,IAAI,EAAE;wBACJ,4BAA4B,EAAE,IAAI,CAAC,gBAAgB,CAAC,oCAAoC,CAAC,iBAAiB,CAAC;wBAC3G,8BAA8B,EAAE,KAAK,CAAC,IAAI,CAAC,IAAA,+BAAuB,EAAC,iBAAiB,CAAC,IAAI,CAAC,CAAC;wBAC3F,gCAAgC,EAAE,KAAK,CAAC,IAAI,CAAC,IAAA,iCAAyB,EAAC,iBAAiB,CAAC,IAAI,CAAC,CAAC;qBAChG;iBACF,CAAA;YACH,CAAC,CAAA,CAAC,CAAA;QACJ,CAAC;KAAA;IAEO,0CAA0C,CAChD,MAA6C,EAC7C,MAAgB;;QAEhB,MAAM,gBAAgB,GAAG,MAAA,MAAM,CAAC,gBAAgB,mCAAI,EAAE,CAAA;QACtD,MAAM,uBAAuB,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,GAAG,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,EAAE,eAAC,OAAA,MAAA,MAAA,gBAAgB,CAAC,gBAAgB,0CAAG,IAAI,CAAC,mCAAI,EAAE,CAAA,EAAA,CAAC,CAAC,CAAC,CAAA;QAC9H,MAAM,gBAAgB,GAAG,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,EAAE;;YAC/C,MAAM,iBAAiB,GAAG,MAAA,gBAAgB,CAAC,iBAAiB,0CAAG,IAAI,CAAC,CAAA;YACpE,OAAO,iBAAiB,CAAC,CAAC,CAAC,EAAE,YAAY,EAAE,IAAI,EAAE,gBAAgB,EAAE,iBAAiB,EAAE,CAAC,CAAC,CAAC,EAAE,CAAA;QAC7F,CAAC,CAAC,CAAA;QACF,IACE,gBAAgB,CAAC,MAAM,GAAG,CAAC;YAC3B,uBAAuB,CAAC,MAAM,GAAG,CAAC;YAClC,CAAC,CAAC,CAAC,uBAAuB,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAA,MAAA,gBAAgB,CAAC,CAAC,CAAC,0CAAE,YAAY,CAAA,IAAI,uBAAuB,CAAC,CAAC,CAAC,MAAK,MAAA,gBAAgB,CAAC,CAAC,CAAC,0CAAE,YAAY,CAAA,CAAC;YAEzI,MAAM,IAAI,KAAK,CAAC,kFAAkF,CAAC,CAAA;QACrG,MAAM,yBAAyB,GAAG,uBAAuB,CAAC,CAAC,CAAC,CAAA;QAC5D,MAAM,yBAAyB,GAAG,MAAA,gBAAgB,CAAC,iBAAiB,0CAAG,yBAAyB,CAAC,CAAA;QACjG,OAAO,CACL,MAAA,gBAAgB,CAAC,CAAC,CAAC,mCACnB,CAAC,CAAC,CAAC,yBAAyB,IAAI,CAAC,CAAC,yBAAyB;YACzD,CAAC,CAAC,EAAE,YAAY,EAAE,yBAAyB,EAAE,gBAAgB,EAAE,yBAAyB,EAAE;YAC1F,CAAC,CAAC,SAAS,CAAC,CACf,CAAA;IACH,CAAC;CACF;AAjaD,4DAiaC","sourcesContent":["import { EntityShareRequest } from '../../icc-api/model/requests/EntityShareRequest'\nimport { IccDataOwnerXApi } from '../icc-data-owner-x-api'\nimport { UserEncryptionKeysManager } from './UserEncryptionKeysManager'\nimport { CryptoStrategies } from './CryptoStrategies'\nimport { EncryptedEntityWithType, EntityWithDelegationTypeName } from '../utils/EntityWithDelegationTypeName'\nimport { LruTemporisedAsyncCache } from '../utils/lru-temporised-async-cache'\nimport { fingerprintV1toV2, fingerprintV2, hexPublicKeysWithSha1Of, hexPublicKeysWithSha256Of } from './utils'\nimport { ExchangeDataManager } from './ExchangeDataManager'\nimport { ExchangeData } from '../../icc-api/model/internal/ExchangeData'\nimport { SecureDelegationsEncryption } from './SecureDelegationsEncryption'\nimport { CryptoPrimitives } from './CryptoPrimitives'\nimport { hex2ua, ua2hex } from '../utils'\nimport { AccessControlSecretUtils } from './AccessControlSecretUtils'\nimport { EntityShareOrMetadataUpdateRequest } from '../../icc-api/model/requests/EntityShareOrMetadataUpdateRequest'\nimport { EncryptedEntity, EncryptedEntityStub } from '../../icc-api/model/models'\nimport { SecureDelegation } from '../../icc-api/model/SecureDelegation'\nimport { EntitySharedMetadataUpdateRequest } from '../../icc-api/model/requests/EntitySharedMetadataUpdateRequest'\nimport EntryUpdateTypeEnum = EntitySharedMetadataUpdateRequest.EntryUpdateTypeEnum\nimport AccessLevelEnum = SecureDelegation.AccessLevelEnum\nimport { SecurityMetadata } from '../../icc-api/model/SecurityMetadata'\nimport { ExchangeDataMapManager } from './ExchangeDataMapManager'\nimport { ShaVersion } from './RSA'\n\nexport class SecureDelegationsManager {\n constructor(\n private readonly exchangeDataManager: ExchangeDataManager,\n private readonly exchangeDataMapManager: ExchangeDataMapManager,\n private readonly secureDelegationsEncryption: SecureDelegationsEncryption,\n private readonly accessControlSecretUtils: AccessControlSecretUtils,\n private readonly userKeys: UserEncryptionKeysManager,\n private readonly primitives: CryptoPrimitives,\n private readonly dataOwnerApi: IccDataOwnerXApi,\n private readonly cryptoStrategies: CryptoStrategies,\n private readonly selfNeedsAnonymousDelegations: boolean\n ) {}\n\n private readonly dataOwnerInfoCache: LruTemporisedAsyncCache<\n string,\n {\n requiresAnonymousDelegations: boolean\n availablePublicKeysHexWithSha1: string[]\n availablePublicKeysHexWithSha256: string[]\n }\n > = new LruTemporisedAsyncCache(100, () => 30 * 60 * 1000)\n\n /**\n * Note: this method does not save the updated entity.\n * @param entity an entity, must already have secret foreign keys initialised.\n * @param entityType the type of the entity\n * @param secretIds the initial secret ids to include and share with the auto-delegations\n * @param owningEntityIds the initial owning entity ids to include and share with the auto-delegations\n * @param encryptionKeys the initial encryption keys to include and share with the auto-delegations\n * @param autoDelegations the data owners which will initially have access to the entity in addition to the current data owner and the access level\n * they will have on the entity.\n * @return the entity with the security metadata initialised for the provided parameters.\n */\n async entityWithInitialisedEncryptedMetadata<T extends EncryptedEntity>(\n entity: T & { secretForeignKeys: string[] },\n entityType: EntityWithDelegationTypeName,\n secretIds: string[],\n owningEntityIds: string[],\n encryptionKeys: string[],\n autoDelegations: { [delegateId: string]: SecureDelegation.AccessLevelEnum }\n ): Promise<T> {\n const entityWithType: EncryptedEntityWithType = { entity, type: entityType }\n const rootDelegationInfo = await this.makeSecureDelegationInfo(\n entityWithType,\n await this.dataOwnerApi.getCurrentDataOwnerId(),\n secretIds,\n encryptionKeys,\n owningEntityIds,\n AccessLevelEnum.WRITE,\n undefined\n )\n const selfId = await this.dataOwnerApi.getCurrentDataOwnerId()\n const otherDelegationsInfo: {\n canonicalDelegationKey: string\n canonicalAccessControlKey: string\n delegation: SecureDelegation\n delegationKeyEquivalences: { [p: string]: string }\n encryptedExchangeDataId: { [fp: string]: string } | undefined\n }[] = []\n for (const [delegateId, permissions] of Object.entries(autoDelegations)) {\n if (delegateId !== selfId) {\n otherDelegationsInfo.push(\n await this.makeSecureDelegationInfo(\n entityWithType,\n delegateId,\n secretIds,\n encryptionKeys,\n owningEntityIds,\n permissions,\n rootDelegationInfo.canonicalDelegationKey\n )\n )\n }\n }\n const secureDelegations = Object.fromEntries(\n [rootDelegationInfo, ...otherDelegationsInfo].map(({ canonicalDelegationKey, delegation }) => [canonicalDelegationKey, delegation])\n )\n const keysEquivalences = {\n ...rootDelegationInfo.delegationKeyEquivalences,\n }\n for (const { delegationKeyEquivalences: otherKeyEquivalences } of otherDelegationsInfo) {\n Object.assign(keysEquivalences, otherKeyEquivalences)\n }\n const newExchangeDataMaps = Object.fromEntries(\n otherDelegationsInfo\n .filter(({ encryptedExchangeDataId }) => !!encryptedExchangeDataId)\n .map(({ canonicalAccessControlKey, encryptedExchangeDataId }) => [canonicalAccessControlKey, encryptedExchangeDataId!])\n )\n await this.exchangeDataMapManager.createExchangeDataMaps(newExchangeDataMaps)\n return {\n ...entity,\n securityMetadata: new SecurityMetadata({ secureDelegations, keysEquivalences }),\n }\n }\n\n /**\n * Make a request for sharing an entity with a delegate or to update existing shared metadata by adding additional secretIds, encryptionKeys or\n * owningEntityIds if there is already some metadata shared between the current data owner and the delegate. In case there is already a delegation\n * for the delegate, and it already contains all the provided metadata, this method returns undefined, since there is no need to make any request to\n * share the provided data.\n * @param entityWithType an entity with type\n * @param delegateId the id of the delegate\n * @param shareSecretIds the secret ids to share\n * @param shareEncryptionKeys the encryption keys to share\n * @param shareOwningEntityIds the owning entity ids to share\n * @param newDelegationPermissions the permissions to grant to the delegate in case a new delegation needs to be created. If this method creates an\n * update request instead of a share request, this parameter is ignored.\n * @return the request to share the entity, or the request to update the shared metadata for the entity, or undefined if there is no need to update\n * the entity to allow the delegate to access the provided data.\n */\n async makeShareOrUpdateRequestParams(\n entityWithType: EncryptedEntityWithType,\n delegateId: string,\n shareSecretIds: string[],\n shareEncryptionKeys: string[],\n shareOwningEntityIds: string[],\n newDelegationPermissions: EntityShareRequest.RequestedPermissionInternal\n ): Promise<EntityShareOrMetadataUpdateRequest | undefined> {\n const exchangeDataInfo = await this.exchangeDataManager.getOrCreateEncryptionDataTo(\n delegateId,\n entityWithType.type,\n entityWithType.entity.secretForeignKeys ?? [],\n false\n )\n const accessControlHashes = await this.accessControlSecretUtils.secureDelegationKeysFor(\n exchangeDataInfo.accessControlSecret,\n entityWithType.type,\n entityWithType.entity.secretForeignKeys ?? []\n )\n const existingSecureDelegation = this.getExistingCanonicalKeyAndSecureDelegation(entityWithType.entity, accessControlHashes)\n if (existingSecureDelegation) {\n const updateParams = await this.makeUpdateRequestParams(\n existingSecureDelegation.canonicalKey,\n existingSecureDelegation.secureDelegation,\n exchangeDataInfo,\n shareSecretIds,\n shareEncryptionKeys,\n shareOwningEntityIds\n )\n return updateParams ? { update: updateParams } : undefined\n } else {\n const accessControlKeys = (\n await this.accessControlSecretUtils.accessControlKeysFor(\n exchangeDataInfo.accessControlSecret,\n entityWithType.type,\n entityWithType.entity.secretForeignKeys ?? []\n )\n ).map((x) => ua2hex(x))\n return {\n share: await this.makeShareRequestParams(\n exchangeDataInfo,\n accessControlKeys,\n delegateId,\n shareSecretIds,\n shareEncryptionKeys,\n shareOwningEntityIds,\n newDelegationPermissions\n ),\n }\n }\n }\n\n private async makeUpdateRequestParams(\n canonicalKey: string,\n existingDelegation: SecureDelegation,\n exchangeDataInfo: { exchangeData: ExchangeData; accessControlSecret: string; exchangeKey: CryptoKey },\n shareSecretIds: string[],\n shareEncryptionKeys: string[],\n shareOwningEntityIds: string[]\n ): Promise<EntitySharedMetadataUpdateRequest | undefined> {\n const existingSecretIds = new Set(await this.secureDelegationsEncryption.decryptSecretIds(existingDelegation, exchangeDataInfo.exchangeKey))\n const existingEncryptionKeys = new Set(\n await this.secureDelegationsEncryption.decryptEncryptionKeys(existingDelegation, exchangeDataInfo.exchangeKey)\n )\n const existingOwningEntityIds = new Set(\n await this.secureDelegationsEncryption.decryptOwningEntityIds(existingDelegation, exchangeDataInfo.exchangeKey)\n )\n const newSecretIds = shareSecretIds.filter((id) => !existingSecretIds.has(id))\n const newEncryptionKeys = shareEncryptionKeys.filter((key) => !existingEncryptionKeys.has(key))\n const newOwningEntityIds = shareOwningEntityIds.filter((id) => !existingOwningEntityIds.has(id))\n if (newSecretIds.length || newEncryptionKeys.length || newOwningEntityIds.length) {\n const encryptedNewSecretIds = await this.secureDelegationsEncryption.encryptSecretIds(newSecretIds, exchangeDataInfo.exchangeKey)\n const encryptedNewEncryptionKeys = await this.secureDelegationsEncryption.encryptEncryptionKeys(newEncryptionKeys, exchangeDataInfo.exchangeKey)\n const encryptedNewOwningEntityIds = await this.secureDelegationsEncryption.encryptOwningEntityIds(\n newOwningEntityIds,\n exchangeDataInfo.exchangeKey\n )\n return new EntitySharedMetadataUpdateRequest({\n metadataAccessControlHash: canonicalKey,\n secretIds: Object.fromEntries(encryptedNewSecretIds.map((id) => [id, EntryUpdateTypeEnum.CREATE])),\n encryptionKeys: Object.fromEntries(encryptedNewEncryptionKeys.map((key) => [key, EntryUpdateTypeEnum.CREATE])),\n owningEntityIds: Object.fromEntries(encryptedNewOwningEntityIds.map((id) => [id, EntryUpdateTypeEnum.CREATE])),\n })\n } else return undefined\n }\n\n private async makeShareRequestParams(\n exchangeDataInfo: { exchangeData: ExchangeData; accessControlSecret: string; exchangeKey: CryptoKey },\n accessControlKeys: string[],\n delegateId: string,\n shareSecretIds: string[],\n shareEncryptionKeys: string[],\n shareOwningEntityIds: string[],\n newDelegationPermissions: EntityShareRequest.RequestedPermissionInternal\n ): Promise<EntityShareRequest> {\n return new EntityShareRequest({\n ...(await this.makeSecureDelegationEncryptedData(exchangeDataInfo, delegateId, shareSecretIds, shareEncryptionKeys, shareOwningEntityIds)),\n requestedPermissions: newDelegationPermissions,\n accessControlKeys,\n })\n }\n\n private async makeSecureDelegationInfo(\n entity: EncryptedEntityWithType,\n delegateId: string,\n shareSecretIds: string[],\n shareEncryptionKeys: string[],\n shareOwningEntityIds: string[],\n permissions: AccessLevelEnum,\n parentDelegationKey: string | undefined\n ): Promise<{\n canonicalDelegationKey: string\n canonicalAccessControlKey: string\n delegation: SecureDelegation\n encryptedExchangeDataId: { [fp: string]: string } | undefined\n delegationKeyEquivalences: { [alias: string]: string }\n }> {\n // Be wary of explicit delegator and explicit delegate\n const exchangeDataInfo = await this.exchangeDataManager.getOrCreateEncryptionDataTo(\n delegateId,\n entity.type,\n entity.entity.secretForeignKeys ?? [],\n false\n )\n const accessControlHashes = await this.accessControlSecretUtils.secureDelegationKeysFor(\n exchangeDataInfo.accessControlSecret,\n entity.type,\n entity.entity.secretForeignKeys ?? []\n )\n const accessControlKeys = (\n await this.accessControlSecretUtils.accessControlKeysFor(\n exchangeDataInfo.accessControlSecret,\n entity.type,\n entity.entity.secretForeignKeys ?? []\n )\n ).map((x) => ua2hex(x))\n const accessControlKeysToHashes = accessControlKeys\n .map((key, index) => {\n return [key, accessControlHashes[index]]\n })\n .sort((a, b) => a[1].localeCompare(b[1]))\n\n const canonicalKey = accessControlKeysToHashes[0][1]\n const keyEquivalences = Object.fromEntries(accessControlKeysToHashes.slice(1).map((hash) => [hash[1], canonicalKey]))\n const encryptedDelegationInfo = await this.makeSecureDelegationEncryptedData(\n exchangeDataInfo,\n delegateId,\n shareSecretIds,\n shareEncryptionKeys,\n shareOwningEntityIds\n )\n const delegation = new SecureDelegation({\n delegator: encryptedDelegationInfo?.explicitDelegator,\n delegate: encryptedDelegationInfo?.explicitDelegate,\n secretIds: encryptedDelegationInfo?.secretIds,\n encryptionKeys: encryptedDelegationInfo?.encryptionKeys,\n owningEntityIds: encryptedDelegationInfo?.owningEntityIds,\n parentDelegations: parentDelegationKey ? [parentDelegationKey] : undefined,\n exchangeDataId: encryptedDelegationInfo?.exchangeDataId,\n encryptedExchangeDataId: encryptedDelegationInfo?.encryptedExchangeDataId,\n permissions: permissions,\n })\n return {\n canonicalDelegationKey: canonicalKey,\n canonicalAccessControlKey: accessControlKeysToHashes[0][0],\n delegation,\n encryptedExchangeDataId: encryptedDelegationInfo?.encryptedExchangeDataId,\n delegationKeyEquivalences: keyEquivalences,\n }\n }\n\n private async makeSecureDelegationEncryptedData(\n exchangeDataInfo: { exchangeData: ExchangeData; accessControlSecret: string; exchangeKey: CryptoKey },\n delegateId: string,\n shareSecretIds: string[],\n shareEncryptionKeys: string[],\n shareOwningEntityIds: string[]\n ): Promise<{\n explicitDelegator?: string\n explicitDelegate?: string\n secretIds?: string[]\n encryptionKeys?: string[]\n owningEntityIds?: string[]\n exchangeDataId?: string\n encryptedExchangeDataId?: { [fp: string]: string } // TODO if secure delegation info, check cache before calculating\n }> {\n const selfId = await this.dataOwnerApi.getCurrentDataOwnerId()\n const exchangeDataIdInfo =\n delegateId === selfId\n ? this.makeExchangeDataIdInfoForSelf(selfId, exchangeDataInfo.exchangeData)\n : await this.makeExchangeDataIdInfoForDelegate(selfId, delegateId, exchangeDataInfo.exchangeData)\n const encryptedSecretIds = await this.secureDelegationsEncryption.encryptSecretIds(shareSecretIds, exchangeDataInfo.exchangeKey)\n const encryptedEncryptionKeys = await this.secureDelegationsEncryption.encryptEncryptionKeys(shareEncryptionKeys, exchangeDataInfo.exchangeKey)\n const encryptedOwningEntityIds = await this.secureDelegationsEncryption.encryptOwningEntityIds(shareOwningEntityIds, exchangeDataInfo.exchangeKey)\n return {\n ...exchangeDataIdInfo,\n secretIds: encryptedSecretIds,\n encryptionKeys: encryptedEncryptionKeys,\n owningEntityIds: encryptedOwningEntityIds,\n }\n }\n\n private async makeExchangeDataIdInfoForDelegate(\n selfId: string,\n delegateId: string,\n exchangeData: ExchangeData\n ): Promise<{\n exchangeDataId?: string\n encryptedExchangeDataId?: { [fp: string]: string }\n explicitDelegator?: string\n explicitDelegate?: string\n }> {\n const delegateInfo = await this.getDataOwnerInfo(delegateId)\n if (!delegateInfo.requiresAnonymousDelegations && !this.selfNeedsAnonymousDelegations) {\n return {\n explicitDelegator: selfId,\n explicitDelegate: delegateId,\n exchangeDataId: exchangeData.id,\n }\n } else if (delegateInfo.requiresAnonymousDelegations && !this.selfNeedsAnonymousDelegations) {\n return {\n explicitDelegator: selfId,\n encryptedExchangeDataId: await this.secureDelegationsEncryption.encryptExchangeDataId(\n exchangeData.id!,\n Object.fromEntries(this.userKeys.getSelfVerifiedKeys().map((keyInfo) => [fingerprintV1toV2(keyInfo.fingerprint), keyInfo.pair.publicKey]))\n ),\n }\n } else if (!delegateInfo.requiresAnonymousDelegations && this.selfNeedsAnonymousDelegations) {\n /**\n * Important: this requires that the exchange data signature also validates the authenticity of the public keys included in there.\n */\n const fingerprintsOfVerifiedExchangeData = new Set(Object.keys(exchangeData.exchangeKey))\n const delegateVerifiedKeys: { [fp: string]: CryptoKey } = {}\n for (const keyHex of [...delegateInfo.availablePublicKeysHexWithSha1, ...delegateInfo.availablePublicKeysHexWithSha256]) {\n const currFp = fingerprintV2(keyHex)\n const shaVersion = delegateInfo.availablePublicKeysHexWithSha1.includes(keyHex) ? ShaVersion.Sha1 : ShaVersion.Sha256\n if (fingerprintsOfVerifiedExchangeData.has(currFp)) {\n delegateVerifiedKeys[currFp] = await this.primitives.RSA.importKey('spki', hex2ua(keyHex), ['encrypt'], shaVersion)\n }\n }\n if (!Object.keys(delegateVerifiedKeys).length)\n throw new Error('Illegal state: could not find any verified key for delegate in verified exchange data.')\n return {\n explicitDelegate: delegateId,\n encryptedExchangeDataId: await this.secureDelegationsEncryption.encryptExchangeDataId(exchangeData.id!, delegateVerifiedKeys),\n }\n } else return {}\n }\n\n private makeExchangeDataIdInfoForSelf(\n selfId: string,\n exchangeData: ExchangeData\n ): {\n exchangeDataId?: string\n encryptedExchangeDataId?: { [fp: string]: string }\n explicitDelegator?: string\n explicitDelegate?: string\n } {\n if (this.selfNeedsAnonymousDelegations) {\n return {}\n } else {\n return {\n exchangeDataId: exchangeData.id,\n explicitDelegator: selfId,\n explicitDelegate: selfId,\n }\n }\n }\n\n private async getDataOwnerInfo(dataOwnerId: string) {\n return this.dataOwnerInfoCache.get(dataOwnerId, async () => {\n const dataOwnerWithType = await this.dataOwnerApi.getCryptoActorStub(dataOwnerId)\n return {\n item: {\n requiresAnonymousDelegations: this.cryptoStrategies.dataOwnerRequiresAnonymousDelegation(dataOwnerWithType),\n availablePublicKeysHexWithSha1: Array.from(hexPublicKeysWithSha1Of(dataOwnerWithType.stub)),\n availablePublicKeysHexWithSha256: Array.from(hexPublicKeysWithSha256Of(dataOwnerWithType.stub)),\n },\n }\n })\n }\n\n private getExistingCanonicalKeyAndSecureDelegation(\n entity: EncryptedEntityStub | EncryptedEntity,\n hashes: string[]\n ): { canonicalKey: string; secureDelegation: SecureDelegation } | undefined {\n const securityMetadata = entity.securityMetadata ?? {}\n const canonicalByEquivalences = Array.from(new Set(hashes.flatMap((hash) => securityMetadata.keysEquivalences?.[hash] ?? [])))\n const directRetrievals = hashes.flatMap((hash) => {\n const retrievedMetadata = securityMetadata.secureDelegations?.[hash]\n return retrievedMetadata ? { canonicalKey: hash, secureDelegation: retrievedMetadata } : []\n })\n if (\n directRetrievals.length > 1 ||\n canonicalByEquivalences.length > 1 ||\n (!!canonicalByEquivalences[0] && !!directRetrievals[0]?.canonicalKey && canonicalByEquivalences[0] !== directRetrievals[0]?.canonicalKey)\n )\n throw new Error('Illegal state: multiple secure delegations matching equivalent hashes of entity.')\n const canonicalFromEquivalences = canonicalByEquivalences[0]\n const retrievedFromEquivalences = securityMetadata.secureDelegations?.[canonicalFromEquivalences]\n return (\n directRetrievals[0] ??\n (!!canonicalFromEquivalences && !!retrievedFromEquivalences\n ? { canonicalKey: canonicalFromEquivalences, secureDelegation: retrievedFromEquivalences }\n : undefined)\n )\n }\n}\n"]}
|
|
@@ -170,7 +170,8 @@ exports.fingerprintV2 = fingerprintV2;
|
|
|
170
170
|
* @return the fingerprint of the key in the v2 format.
|
|
171
171
|
*/
|
|
172
172
|
function fingerprintV1toV2(fp) {
|
|
173
|
-
|
|
173
|
+
// Conversion resilient to mistakes: if the fingerprint is already in V2 format it will be returned as is.
|
|
174
|
+
return fp.slice(0, 22);
|
|
174
175
|
}
|
|
175
176
|
exports.fingerprintV1toV2 = fingerprintV1toV2;
|
|
176
177
|
/**
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"utils.js","sourceRoot":"","sources":["../../../icc-x-api/crypto/utils.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,wBAAwB;AACxB,sDAAsF;AAEtF,+BAA4C;AAC5C,oCAA+D;AAC/D,yDAAqD;AAKrD,qEAAiE;AACjE,wFAAoF;AAEpF,6EAAyE;AACzE,IAAO,uBAAuB,GAAG,uCAAkB,CAAC,uBAAuB,CAAA;AAE3E;;;GAGG;AACH,SAAgB,yBAAyB,CAAC,SAAoB;;IAC5D,OAAO,IAAI,GAAG,CAAC,CAAC,GAAG,CAAC,MAAA,SAAS,CAAC,2BAA2B,mCAAI,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,CAAa,CAAC,CAAA;AAC7G,CAAC;AAFD,8DAEC;AAED;;;GAGG;AACH,SAAgB,uBAAuB,CAAC,SAAoB;;IAC1D,OAAO,IAAI,GAAG,CAAC,CAAC,SAAS,CAAC,SAAS,EAAE,GAAG,MAAM,CAAC,IAAI,CAAC,MAAA,SAAS,CAAC,eAAe,mCAAI,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,CAAa,CAAC,CAAA;AACjI,CAAC;AAFD,0DAEC;AAED;;;;;;GAMG;AACH,SAAgB,qBAAqB,CAAC,SAAoB;;IACxD,MAAM,UAAU,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,GAAG,uBAAuB,CAAC,SAAS,CAAC,EAAE,GAAG,yBAAyB,CAAC,SAAS,CAAC,CAAC,CAAC,CAAA;IAC/G,MAAM,KAAK,GAAuB,EAAE,CAAA;IACpC,MAAM,CAAC,OAAO,CAAC,MAAA,SAAS,CAAC,YAAY,mCAAI,EAAE,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,EAAE,GAAG,CAAC,EAAE,EAAE;QACnE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,CAAC,EAAE,EAAE,EAAE;YAC9B,KAAK,CAAC,IAAI,CAAC,CAAC,aAAa,CAAC,IAAI,CAAC,EAAE,aAAa,CAAC,EAAE,CAAC,CAAC,CAAC,CAAA;QACtD,CAAC,CAAC,CAAA;IACJ,CAAC,CAAC,CAAA;IACF,OAAO,IAAA,qBAAO,EACZ,IAAA,4BAAc,EACZ,KAAK,EACL,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,CACxC,CACF,CAAA;AACH,CAAC;AAdD,sDAcC;AAED;;;;;;GAMG;AACH,SAAgB,4BAA4B,CAAC,SAAoB,EAAE,UAAsB;IACvF,MAAM,UAAU,GAAG,UAAU,KAAK,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,uBAAuB,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,yBAAyB,CAAC,SAAS,CAAC,CAAC,CAAA;IAC7I,MAAM,GAAG,GAA6B,EAAE,CAAA;IACxC,UAAU,CAAC,OAAO,CAAC,CAAC,EAAE,EAAE,EAAE;QACxB,GAAG,CAAC,aAAa,CAAC,EAAE,CAAC,CAAC,GAAG,EAAE,CAAA;IAC7B,CAAC,CAAC,CAAA;IACF,OAAO,GAAG,CAAA;AACZ,CAAC;AAPD,oEAOC;AAED;;;;;;;GAOG;AACH,SAAsB,cAAc,CAClC,GAAa,EACb,iBAA2B,EAC3B,UAAsB;;QAEtB,OAAO,MAAM,CAAC,WAAW,CACvB,MAAM,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,GAAG,CAAC,CAAO,CAAC,EAAE,EAAE,gDAAC,OAAA,CAAC,aAAa,CAAC,CAAC,CAAC,EAAE,MAAM,GAAG,CAAC,SAAS,CAAC,MAAM,EAAE,IAAA,cAAM,EAAC,CAAC,CAAC,EAAE,CAAC,SAAS,CAAC,EAAE,UAAU,CAAC,CAAC,CAAA,GAAA,CAAC,CAAC,CAC3I,CAAA;IACH,CAAC;CAAA;AARD,wCAQC;AAED;;;;GAIG;AACH,SAAsB,uBAAuB,CAC3C,YAA8B,EAC9B,IAAuB,EACvB,UAAyB,EACzB,gBAAkC;;QAElC,MAAM,IAAI,GAAG,MAAM,YAAY,CAAC,mBAAmB,EAAE,CAAA;QACrD,IAAI,IAAI,CAAC,IAAI,KAAK,SAAS,EAAE;YAC3B,MAAM,OAAO,GAAG,IAAI,iBAAO,CAAC,IAAI,CAAC,SAAS,CAAC,CAAA;YAC3C,MAAM,eAAe,GAA4B,EAAE,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,oCAA4B,CAAC,OAAO,EAAE,CAAA;YAChH,MAAM,kBAAkB,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,eAAe,EAAE,SAAS,CAAC,CAAA;YAC7E,IAAI,kBAAkB,CAAC,MAAM,EAAE;gBAC7B,OAAO,IAAI,CAAA;aACZ;iBAAM;gBACL,IAAI,IAAI,CAAC,0BAA0B,CAAC,OAAO,CAAC,EAAE;oBAC5C,0HAA0H;oBAC1H,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,sCAAsC,CACtE,OAAO,EACP,oCAA4B,CAAC,OAAO,EACpC,SAAS,EACT,SAAS,EACT,IAAI,EACJ,IAAI,EACJ,EAAE,CACH,CAAA;oBACD,OAAO,EAAE,SAAS,EAAE,MAAM,UAAU,CAAC,aAAa,CAAC,cAAc,CAAC,aAAa,CAAC,EAAE,IAAI,EAAE,qCAAiB,CAAC,OAAO,EAAE,CAAA;iBACpH;qBAAM;oBACL,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,0CAA0C,CAC1E,EAAE,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,oCAA4B,CAAC,OAAO,EAAE,EAC/D,KAAK,EACL;wBACE,CAAC,OAAO,CAAC,EAAG,CAAC,EAAE;4BACb,mBAAmB,EAAE,+CAAsB,CAAC,YAAY;4BACxD,oBAAoB,EAAE,+CAAsB,CAAC,KAAK;4BAClD,cAAc,EAAE,CAAC,gBAAgB,CAAC,UAAU,EAAE,CAAC;4BAC/C,oBAAoB,EAAE,uBAAuB,CAAC,UAAU;yBACzD;qBACF,EACD,CAAC,CAAC,EAAE,EAAE,CAAC,UAAU,CAAC,iBAAiB,CAAC,CAAC,CAAC,CACvC,CAAA;oBACD,OAAO,EAAE,SAAS,EAAE,cAAc,CAAC,oBAAoB,EAAE,IAAI,EAAE,qCAAiB,CAAC,OAAO,EAAE,CAAA;iBAC3F;aACF;SACF;aAAM;YACL,OAAO,IAAI,CAAA;SACZ;IACH,CAAC;CAAA;AA9CD,0DA8CC;AAED;;;;;GAKG;AACH,SAAgB,mBAAmB,CAAC,SAA0B,EAAE,SAAiB;;IAC/E,OAAO,SAAS,CAAC,SAAS,KAAK,SAAS,IAAI,MAAM,CAAC,IAAI,CAAC,MAAA,SAAS,CAAC,eAAe,mCAAI,EAAE,CAAC,CAAC,QAAQ,CAAC,SAAS,CAAC;QAC1G,CAAC,CAAC,gBAAU,CAAC,IAAI;QACjB,CAAC,CAAC,CAAC,CAAC,CAAA,MAAA,SAAS,CAAC,2BAA2B,0CAAE,QAAQ,CAAC,SAAS,CAAC,CAAA;YAC9D,CAAC,CAAC,gBAAU,CAAC,MAAM;YACnB,CAAC,CAAC,SAAS,CAAA;AACf,CAAC;AAND,kDAMC;AAED;;;;;;GAMG;AACH,SAAgB,aAAa,CAAC,GAAW;IACvC,OAAO,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAA;AACvB,CAAC;AAFD,sCAEC;AAED;;;;;;GAMG;AACH,SAAgB,aAAa,CAAC,GAAW;IACvC,OAAO,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC,CAAA;AAC5B,CAAC;AAFD,sCAEC;AAED;;;;;GAKG;AACH,SAAgB,iBAAiB,CAAC,EAAU;IAC1C,OAAO,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,CAAA;AACzB,CAAC;AAFD,8CAEC;AAED;;;;GAIG;AACH,SAAgB,eAAe,CAAC,EAAU;IACxC,OAAO,EAAE,CAAC,MAAM,KAAK,EAAE,CAAA;AACzB,CAAC;AAFD,0CAEC;AAED;;;;GAIG;AACH,SAAgB,eAAe,CAAC,EAAU;IACxC,OAAO,EAAE,CAAC,MAAM,KAAK,EAAE,CAAA;AACzB,CAAC;AAFD,0CAEC;AAED;;;;GAIG;AACH,SAAgB,yBAAyB,CAAC,EAAU;IAClD,OAAO,EAAE,GAAG,YAAY,CAAA;AAC1B,CAAC;AAFD,8DAEC;AAED;;;;GAIG;AACH,SAAgB,0BAA0B,CAAC,eAAuB;IAChE,IAAI,eAAe,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,IAAI,YAAY,EAAE;QAC9C,MAAM,IAAI,KAAK,CAAC,gEAAgE,CAAC,CAAA;KAClF;AACH,CAAC;AAJD,gEAIC","sourcesContent":["// Uses fp as node names\nimport { acyclic, graphFromEdges, StronglyConnectedGraph } from '../utils/graph-utils'\nimport { DataOwner, DataOwnerOrStub, IccDataOwnerXApi } from '../icc-data-owner-x-api'\nimport { RSAUtils, ShaVersion } from './RSA'\nimport { EntityWithDelegationTypeName, hex2ua } from '../utils'\nimport { Patient } from '../../icc-api/model/Patient'\nimport { ExtendedApisUtils } from './ExtendedApisUtils'\nimport { CryptoPrimitives } from './CryptoPrimitives'\nimport { EncryptedEntityWithType } from '../utils/EntityWithDelegationTypeName'\nimport { IccPatientApi } from '../../icc-api'\nimport { ShareMetadataBehaviour } from './ShareMetadataBehaviour'\nimport { EntityShareRequest } from '../../icc-api/model/requests/EntityShareRequest'\nimport { DataOwnerWithType } from '../../icc-api/model/DataOwnerWithType'\nimport { DataOwnerTypeEnum } from '../../icc-api/model/DataOwnerTypeEnum'\nimport RequestedPermissionEnum = EntityShareRequest.RequestedPermissionEnum\n\n/**\n * Get the public keys of a data owner which should be used for RSA-OAEP with sha256.\n * @param dataOwner\n */\nexport function hexPublicKeysWithSha256Of(dataOwner: DataOwner) {\n return new Set([...(dataOwner.publicKeysForOaepWithSha256 ?? [])].filter((pubKey) => !!pubKey) as string[])\n}\n\n/**\n * Get the public keys of a data owner which should be used for RSA-OAEP with sha1.\n * @param dataOwner\n */\nexport function hexPublicKeysWithSha1Of(dataOwner: DataOwner) {\n return new Set([dataOwner.publicKey, ...Object.keys(dataOwner.aesExchangeKeys ?? {})].filter((pubKey) => !!pubKey) as string[])\n}\n\n/**\n * @internal this function is meant only for internal use and may be changed without notice.\n * Get the transfer key graph for a data owner. Node names are the public key fingerprints of the data owner's keys, and an edge represents a key\n * which can be retrieved from another key using the transfer keys.\n * @param dataOwner a data owner.\n * @return a graph representing the possible key recovery paths using transfer keys for hte provided data owner.\n */\nexport function transferKeysFpGraphOf(dataOwner: DataOwner): StronglyConnectedGraph {\n const publicKeys = Array.from([...hexPublicKeysWithSha1Of(dataOwner), ...hexPublicKeysWithSha256Of(dataOwner)])\n const edges: [string, string][] = []\n Object.entries(dataOwner.transferKeys ?? {}).forEach(([from, tos]) => {\n Object.keys(tos).forEach((to) => {\n edges.push([fingerprintV1(from), fingerprintV1(to)])\n })\n })\n return acyclic(\n graphFromEdges(\n edges,\n publicKeys.map((x) => fingerprintV1(x))\n )\n )\n}\n\n/**\n * @internal this function is meant only for internal use and may be changed without notice.\n * Get a map for converting public keys fingerprint to full public keys for the provided data owner.\n * @param dataOwner a data owner.\n * @param shaVersion gets only the keys that are generated with this SHA version (default: 'sha-1').\n * @return a map to convert fingerprints of the data owner into full public keys.\n */\nexport function fingerprintToPublicKeysMapOf(dataOwner: DataOwner, shaVersion: ShaVersion): { [fp: string]: string } {\n const publicKeys = shaVersion === 'sha-1' ? Array.from(hexPublicKeysWithSha1Of(dataOwner)) : Array.from(hexPublicKeysWithSha256Of(dataOwner))\n const res: { [fp: string]: string } = {}\n publicKeys.forEach((pk) => {\n res[fingerprintV1(pk)] = pk\n })\n return res\n}\n\n/**\n * @internal this function is meant only for internal use and may be changed without notice.\n * Load many public keys in spki format.\n * @param rsa the rsa service\n * @param publicKeysSpkiHex public keys in spki format, hex encoded.\n * @param shaVersion the version of the Sha algorithm used in the keys generations. ()\n * @return public keys as crypto keys by their fingerprint.\n */\nexport async function loadPublicKeys(\n rsa: RSAUtils,\n publicKeysSpkiHex: string[],\n shaVersion: ShaVersion\n): Promise<{ [publicKeyFingerprint: string]: CryptoKey }> {\n return Object.fromEntries(\n await Promise.all(publicKeysSpkiHex.map(async (x) => [fingerprintV1(x), await rsa.importKey('spki', hex2ua(x), ['encrypt'], shaVersion)]))\n )\n}\n\n/**\n * @internal This method is intended only for internal use and may be changed without notice.\n * Creates a delegation for the current data owner if the data owner is an encrypted entity and there is no delegation to himself.\n * @return the updated self.\n */\nexport async function ensureDelegationForSelf(\n dataOwnerApi: IccDataOwnerXApi,\n xapi: ExtendedApisUtils,\n patientApi: IccPatientApi,\n cryptoPrimitives: CryptoPrimitives\n): Promise<DataOwnerWithType> {\n const self = await dataOwnerApi.getCurrentDataOwner()\n if (self.type === 'patient') {\n const patient = new Patient(self.dataOwner)\n const patientWithType: EncryptedEntityWithType = { entity: patient, type: EntityWithDelegationTypeName.Patient }\n const availableSecretIds = await xapi.secretIdsOf(patientWithType, undefined)\n if (availableSecretIds.length) {\n return self\n } else {\n if (xapi.hasEmptyEncryptionMetadata(patient)) {\n // This should not really happen, usually some user will have already initialised the patient and its encryption metadata.\n const updatedPatient = await xapi.entityWithInitialisedEncryptedMetadata(\n patient,\n EntityWithDelegationTypeName.Patient,\n undefined,\n undefined,\n true,\n true,\n {}\n )\n return { dataOwner: await patientApi.modifyPatient(updatedPatient.updatedEntity), type: DataOwnerTypeEnum.Patient }\n } else {\n const updatedPatient = await xapi.simpleShareOrUpdateEncryptedEntityMetadata(\n { entity: patient, type: EntityWithDelegationTypeName.Patient },\n false,\n {\n [patient.id!]: {\n shareEncryptionKeys: ShareMetadataBehaviour.IF_AVAILABLE,\n shareOwningEntityIds: ShareMetadataBehaviour.NEVER,\n shareSecretIds: [cryptoPrimitives.randomUuid()],\n requestedPermissions: RequestedPermissionEnum.FULL_WRITE,\n },\n },\n (x) => patientApi.bulkSharePatients(x)\n )\n return { dataOwner: updatedPatient.updatedEntityOrThrow, type: DataOwnerTypeEnum.Patient }\n }\n }\n } else {\n return self\n }\n}\n\n/**\n * Search a public key in the data owner and returns the corresponding SHA version used to generate it or undefined if not found.\n * @param dataOwner the data owner.\n * @param publicKey the public key.\n * @return 'sha-1', 'sha-256', undefined\n */\nexport function getShaVersionForKey(dataOwner: DataOwnerOrStub, publicKey: string): ShaVersion | undefined {\n return dataOwner.publicKey === publicKey || Object.keys(dataOwner.aesExchangeKeys ?? {}).includes(publicKey)\n ? ShaVersion.Sha1\n : !!dataOwner.publicKeysForOaepWithSha256?.includes(publicKey)\n ? ShaVersion.Sha256\n : undefined\n}\n\n/**\n * @internal this function is meant only for internal use and may be changed without notice.\n * Calculates the fingerprint from the hexadecimal representation of a SPKI key. The fingerprint is calculated as the last 16 bytes (32 characters)\n * of the SPKI key.\n * @param key the hexadecimal representation of the SPKI key.\n * @return the fingerprint.\n */\nexport function fingerprintV1(key: string): string {\n return key.slice(-32)\n}\n\n/**\n * @internal this function is meant only for internal use and may be changed without notice.\n * Calculates the fingerprint from the hexadecimal representation of a SPKI key. The fingerprint is calculated as the last 16 bytes (32 characters) from which the\n * last 5 (10 characters) are removed because they are a constant of the SPKI format.\n * @param key the hexadecimal representation of the SPKI key.\n * @return the fingerprint.\n */\nexport function fingerprintV2(key: string): string {\n return key.slice(-32, -10)\n}\n\n/**\n * @internal this function is meant only for internal use and may be changed without notice.\n * Converts the fingerprint of a key from a V1 format to a V2 format.\n * @param fp the fingerprint of the key in the V1 format.\n * @return the fingerprint of the key in the v2 format.\n */\nexport function fingerprintV1toV2(fp: string): string {\n return fp.slice(0, -10)\n}\n\n/**\n * @internal this function is meant only for internal use and may be changed without notice.\n * @param fp the fingerprint.\n * @return true if the fingerprint is in V1 format, false otherwise.\n */\nexport function fingerprintIsV1(fp: string): boolean {\n return fp.length === 32\n}\n\n/**\n * @internal this function is meant only for internal use and may be changed without notice.\n * @param fp the fingerprint.\n * @return true if the fingerprint is in V2 format, false otherwise.\n */\nexport function fingerprintIsV2(fp: string): boolean {\n return fp.length === 22\n}\n\n/**\n * @internal this function is meant only for internal use and may be changed without notice.\n * @param fp the fingerprint v2.\n * @return the fingerprint v1 using the standard tail.\n */\nexport function fingerprintV2ToStandardV1(fp: string): string {\n return fp + '0203010001'\n}\n\n/**\n * @internal this function is meant only for internal use and may be changed without notice.\n * @param publicKeyOrFpv1 a public key in spki format or a public key fp v1\n * @throws if the input does not terminate with 0203010001\n */\nexport function checkStandardPublicKeyTail(publicKeyOrFpv1: string) {\n if (publicKeyOrFpv1.slice(-10) != '0203010001') {\n throw new Error('Illegal state: generated public key should end with 0203010001')\n }\n}\n"]}
|
|
1
|
+
{"version":3,"file":"utils.js","sourceRoot":"","sources":["../../../icc-x-api/crypto/utils.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,wBAAwB;AACxB,sDAAsF;AAEtF,+BAA4C;AAC5C,oCAA+D;AAC/D,yDAAqD;AAKrD,qEAAiE;AACjE,wFAAoF;AAEpF,6EAAyE;AACzE,IAAO,uBAAuB,GAAG,uCAAkB,CAAC,uBAAuB,CAAA;AAE3E;;;GAGG;AACH,SAAgB,yBAAyB,CAAC,SAAoB;;IAC5D,OAAO,IAAI,GAAG,CAAC,CAAC,GAAG,CAAC,MAAA,SAAS,CAAC,2BAA2B,mCAAI,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,CAAa,CAAC,CAAA;AAC7G,CAAC;AAFD,8DAEC;AAED;;;GAGG;AACH,SAAgB,uBAAuB,CAAC,SAAoB;;IAC1D,OAAO,IAAI,GAAG,CAAC,CAAC,SAAS,CAAC,SAAS,EAAE,GAAG,MAAM,CAAC,IAAI,CAAC,MAAA,SAAS,CAAC,eAAe,mCAAI,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,CAAa,CAAC,CAAA;AACjI,CAAC;AAFD,0DAEC;AAED;;;;;;GAMG;AACH,SAAgB,qBAAqB,CAAC,SAAoB;;IACxD,MAAM,UAAU,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,GAAG,uBAAuB,CAAC,SAAS,CAAC,EAAE,GAAG,yBAAyB,CAAC,SAAS,CAAC,CAAC,CAAC,CAAA;IAC/G,MAAM,KAAK,GAAuB,EAAE,CAAA;IACpC,MAAM,CAAC,OAAO,CAAC,MAAA,SAAS,CAAC,YAAY,mCAAI,EAAE,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,EAAE,GAAG,CAAC,EAAE,EAAE;QACnE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,CAAC,EAAE,EAAE,EAAE;YAC9B,KAAK,CAAC,IAAI,CAAC,CAAC,aAAa,CAAC,IAAI,CAAC,EAAE,aAAa,CAAC,EAAE,CAAC,CAAC,CAAC,CAAA;QACtD,CAAC,CAAC,CAAA;IACJ,CAAC,CAAC,CAAA;IACF,OAAO,IAAA,qBAAO,EACZ,IAAA,4BAAc,EACZ,KAAK,EACL,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,CACxC,CACF,CAAA;AACH,CAAC;AAdD,sDAcC;AAED;;;;;;GAMG;AACH,SAAgB,4BAA4B,CAAC,SAAoB,EAAE,UAAsB;IACvF,MAAM,UAAU,GAAG,UAAU,KAAK,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,uBAAuB,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,yBAAyB,CAAC,SAAS,CAAC,CAAC,CAAA;IAC7I,MAAM,GAAG,GAA6B,EAAE,CAAA;IACxC,UAAU,CAAC,OAAO,CAAC,CAAC,EAAE,EAAE,EAAE;QACxB,GAAG,CAAC,aAAa,CAAC,EAAE,CAAC,CAAC,GAAG,EAAE,CAAA;IAC7B,CAAC,CAAC,CAAA;IACF,OAAO,GAAG,CAAA;AACZ,CAAC;AAPD,oEAOC;AAED;;;;;;;GAOG;AACH,SAAsB,cAAc,CAClC,GAAa,EACb,iBAA2B,EAC3B,UAAsB;;QAEtB,OAAO,MAAM,CAAC,WAAW,CACvB,MAAM,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,GAAG,CAAC,CAAO,CAAC,EAAE,EAAE,gDAAC,OAAA,CAAC,aAAa,CAAC,CAAC,CAAC,EAAE,MAAM,GAAG,CAAC,SAAS,CAAC,MAAM,EAAE,IAAA,cAAM,EAAC,CAAC,CAAC,EAAE,CAAC,SAAS,CAAC,EAAE,UAAU,CAAC,CAAC,CAAA,GAAA,CAAC,CAAC,CAC3I,CAAA;IACH,CAAC;CAAA;AARD,wCAQC;AAED;;;;GAIG;AACH,SAAsB,uBAAuB,CAC3C,YAA8B,EAC9B,IAAuB,EACvB,UAAyB,EACzB,gBAAkC;;QAElC,MAAM,IAAI,GAAG,MAAM,YAAY,CAAC,mBAAmB,EAAE,CAAA;QACrD,IAAI,IAAI,CAAC,IAAI,KAAK,SAAS,EAAE;YAC3B,MAAM,OAAO,GAAG,IAAI,iBAAO,CAAC,IAAI,CAAC,SAAS,CAAC,CAAA;YAC3C,MAAM,eAAe,GAA4B,EAAE,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,oCAA4B,CAAC,OAAO,EAAE,CAAA;YAChH,MAAM,kBAAkB,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,eAAe,EAAE,SAAS,CAAC,CAAA;YAC7E,IAAI,kBAAkB,CAAC,MAAM,EAAE;gBAC7B,OAAO,IAAI,CAAA;aACZ;iBAAM;gBACL,IAAI,IAAI,CAAC,0BAA0B,CAAC,OAAO,CAAC,EAAE;oBAC5C,0HAA0H;oBAC1H,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,sCAAsC,CACtE,OAAO,EACP,oCAA4B,CAAC,OAAO,EACpC,SAAS,EACT,SAAS,EACT,IAAI,EACJ,IAAI,EACJ,EAAE,CACH,CAAA;oBACD,OAAO,EAAE,SAAS,EAAE,MAAM,UAAU,CAAC,aAAa,CAAC,cAAc,CAAC,aAAa,CAAC,EAAE,IAAI,EAAE,qCAAiB,CAAC,OAAO,EAAE,CAAA;iBACpH;qBAAM;oBACL,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,0CAA0C,CAC1E,EAAE,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,oCAA4B,CAAC,OAAO,EAAE,EAC/D,KAAK,EACL;wBACE,CAAC,OAAO,CAAC,EAAG,CAAC,EAAE;4BACb,mBAAmB,EAAE,+CAAsB,CAAC,YAAY;4BACxD,oBAAoB,EAAE,+CAAsB,CAAC,KAAK;4BAClD,cAAc,EAAE,CAAC,gBAAgB,CAAC,UAAU,EAAE,CAAC;4BAC/C,oBAAoB,EAAE,uBAAuB,CAAC,UAAU;yBACzD;qBACF,EACD,CAAC,CAAC,EAAE,EAAE,CAAC,UAAU,CAAC,iBAAiB,CAAC,CAAC,CAAC,CACvC,CAAA;oBACD,OAAO,EAAE,SAAS,EAAE,cAAc,CAAC,oBAAoB,EAAE,IAAI,EAAE,qCAAiB,CAAC,OAAO,EAAE,CAAA;iBAC3F;aACF;SACF;aAAM;YACL,OAAO,IAAI,CAAA;SACZ;IACH,CAAC;CAAA;AA9CD,0DA8CC;AAED;;;;;GAKG;AACH,SAAgB,mBAAmB,CAAC,SAA0B,EAAE,SAAiB;;IAC/E,OAAO,SAAS,CAAC,SAAS,KAAK,SAAS,IAAI,MAAM,CAAC,IAAI,CAAC,MAAA,SAAS,CAAC,eAAe,mCAAI,EAAE,CAAC,CAAC,QAAQ,CAAC,SAAS,CAAC;QAC1G,CAAC,CAAC,gBAAU,CAAC,IAAI;QACjB,CAAC,CAAC,CAAC,CAAC,CAAA,MAAA,SAAS,CAAC,2BAA2B,0CAAE,QAAQ,CAAC,SAAS,CAAC,CAAA;YAC9D,CAAC,CAAC,gBAAU,CAAC,MAAM;YACnB,CAAC,CAAC,SAAS,CAAA;AACf,CAAC;AAND,kDAMC;AAED;;;;;;GAMG;AACH,SAAgB,aAAa,CAAC,GAAW;IACvC,OAAO,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAA;AACvB,CAAC;AAFD,sCAEC;AAED;;;;;;GAMG;AACH,SAAgB,aAAa,CAAC,GAAW;IACvC,OAAO,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC,CAAA;AAC5B,CAAC;AAFD,sCAEC;AAED;;;;;GAKG;AACH,SAAgB,iBAAiB,CAAC,EAAU;IAC1C,0GAA0G;IAC1G,OAAO,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAA;AACxB,CAAC;AAHD,8CAGC;AAED;;;;GAIG;AACH,SAAgB,eAAe,CAAC,EAAU;IACxC,OAAO,EAAE,CAAC,MAAM,KAAK,EAAE,CAAA;AACzB,CAAC;AAFD,0CAEC;AAED;;;;GAIG;AACH,SAAgB,eAAe,CAAC,EAAU;IACxC,OAAO,EAAE,CAAC,MAAM,KAAK,EAAE,CAAA;AACzB,CAAC;AAFD,0CAEC;AAED;;;;GAIG;AACH,SAAgB,yBAAyB,CAAC,EAAU;IAClD,OAAO,EAAE,GAAG,YAAY,CAAA;AAC1B,CAAC;AAFD,8DAEC;AAED;;;;GAIG;AACH,SAAgB,0BAA0B,CAAC,eAAuB;IAChE,IAAI,eAAe,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,IAAI,YAAY,EAAE;QAC9C,MAAM,IAAI,KAAK,CAAC,gEAAgE,CAAC,CAAA;KAClF;AACH,CAAC;AAJD,gEAIC","sourcesContent":["// Uses fp as node names\nimport { acyclic, graphFromEdges, StronglyConnectedGraph } from '../utils/graph-utils'\nimport { DataOwner, DataOwnerOrStub, IccDataOwnerXApi } from '../icc-data-owner-x-api'\nimport { RSAUtils, ShaVersion } from './RSA'\nimport { EntityWithDelegationTypeName, hex2ua } from '../utils'\nimport { Patient } from '../../icc-api/model/Patient'\nimport { ExtendedApisUtils } from './ExtendedApisUtils'\nimport { CryptoPrimitives } from './CryptoPrimitives'\nimport { EncryptedEntityWithType } from '../utils/EntityWithDelegationTypeName'\nimport { IccPatientApi } from '../../icc-api'\nimport { ShareMetadataBehaviour } from './ShareMetadataBehaviour'\nimport { EntityShareRequest } from '../../icc-api/model/requests/EntityShareRequest'\nimport { DataOwnerWithType } from '../../icc-api/model/DataOwnerWithType'\nimport { DataOwnerTypeEnum } from '../../icc-api/model/DataOwnerTypeEnum'\nimport RequestedPermissionEnum = EntityShareRequest.RequestedPermissionEnum\n\n/**\n * Get the public keys of a data owner which should be used for RSA-OAEP with sha256.\n * @param dataOwner\n */\nexport function hexPublicKeysWithSha256Of(dataOwner: DataOwner) {\n return new Set([...(dataOwner.publicKeysForOaepWithSha256 ?? [])].filter((pubKey) => !!pubKey) as string[])\n}\n\n/**\n * Get the public keys of a data owner which should be used for RSA-OAEP with sha1.\n * @param dataOwner\n */\nexport function hexPublicKeysWithSha1Of(dataOwner: DataOwner) {\n return new Set([dataOwner.publicKey, ...Object.keys(dataOwner.aesExchangeKeys ?? {})].filter((pubKey) => !!pubKey) as string[])\n}\n\n/**\n * @internal this function is meant only for internal use and may be changed without notice.\n * Get the transfer key graph for a data owner. Node names are the public key fingerprints of the data owner's keys, and an edge represents a key\n * which can be retrieved from another key using the transfer keys.\n * @param dataOwner a data owner.\n * @return a graph representing the possible key recovery paths using transfer keys for hte provided data owner.\n */\nexport function transferKeysFpGraphOf(dataOwner: DataOwner): StronglyConnectedGraph {\n const publicKeys = Array.from([...hexPublicKeysWithSha1Of(dataOwner), ...hexPublicKeysWithSha256Of(dataOwner)])\n const edges: [string, string][] = []\n Object.entries(dataOwner.transferKeys ?? {}).forEach(([from, tos]) => {\n Object.keys(tos).forEach((to) => {\n edges.push([fingerprintV1(from), fingerprintV1(to)])\n })\n })\n return acyclic(\n graphFromEdges(\n edges,\n publicKeys.map((x) => fingerprintV1(x))\n )\n )\n}\n\n/**\n * @internal this function is meant only for internal use and may be changed without notice.\n * Get a map for converting public keys fingerprint to full public keys for the provided data owner.\n * @param dataOwner a data owner.\n * @param shaVersion gets only the keys that are generated with this SHA version (default: 'sha-1').\n * @return a map to convert fingerprints of the data owner into full public keys.\n */\nexport function fingerprintToPublicKeysMapOf(dataOwner: DataOwner, shaVersion: ShaVersion): { [fp: string]: string } {\n const publicKeys = shaVersion === 'sha-1' ? Array.from(hexPublicKeysWithSha1Of(dataOwner)) : Array.from(hexPublicKeysWithSha256Of(dataOwner))\n const res: { [fp: string]: string } = {}\n publicKeys.forEach((pk) => {\n res[fingerprintV1(pk)] = pk\n })\n return res\n}\n\n/**\n * @internal this function is meant only for internal use and may be changed without notice.\n * Load many public keys in spki format.\n * @param rsa the rsa service\n * @param publicKeysSpkiHex public keys in spki format, hex encoded.\n * @param shaVersion the version of the Sha algorithm used in the keys generations. ()\n * @return public keys as crypto keys by their fingerprint.\n */\nexport async function loadPublicKeys(\n rsa: RSAUtils,\n publicKeysSpkiHex: string[],\n shaVersion: ShaVersion\n): Promise<{ [publicKeyFingerprint: string]: CryptoKey }> {\n return Object.fromEntries(\n await Promise.all(publicKeysSpkiHex.map(async (x) => [fingerprintV1(x), await rsa.importKey('spki', hex2ua(x), ['encrypt'], shaVersion)]))\n )\n}\n\n/**\n * @internal This method is intended only for internal use and may be changed without notice.\n * Creates a delegation for the current data owner if the data owner is an encrypted entity and there is no delegation to himself.\n * @return the updated self.\n */\nexport async function ensureDelegationForSelf(\n dataOwnerApi: IccDataOwnerXApi,\n xapi: ExtendedApisUtils,\n patientApi: IccPatientApi,\n cryptoPrimitives: CryptoPrimitives\n): Promise<DataOwnerWithType> {\n const self = await dataOwnerApi.getCurrentDataOwner()\n if (self.type === 'patient') {\n const patient = new Patient(self.dataOwner)\n const patientWithType: EncryptedEntityWithType = { entity: patient, type: EntityWithDelegationTypeName.Patient }\n const availableSecretIds = await xapi.secretIdsOf(patientWithType, undefined)\n if (availableSecretIds.length) {\n return self\n } else {\n if (xapi.hasEmptyEncryptionMetadata(patient)) {\n // This should not really happen, usually some user will have already initialised the patient and its encryption metadata.\n const updatedPatient = await xapi.entityWithInitialisedEncryptedMetadata(\n patient,\n EntityWithDelegationTypeName.Patient,\n undefined,\n undefined,\n true,\n true,\n {}\n )\n return { dataOwner: await patientApi.modifyPatient(updatedPatient.updatedEntity), type: DataOwnerTypeEnum.Patient }\n } else {\n const updatedPatient = await xapi.simpleShareOrUpdateEncryptedEntityMetadata(\n { entity: patient, type: EntityWithDelegationTypeName.Patient },\n false,\n {\n [patient.id!]: {\n shareEncryptionKeys: ShareMetadataBehaviour.IF_AVAILABLE,\n shareOwningEntityIds: ShareMetadataBehaviour.NEVER,\n shareSecretIds: [cryptoPrimitives.randomUuid()],\n requestedPermissions: RequestedPermissionEnum.FULL_WRITE,\n },\n },\n (x) => patientApi.bulkSharePatients(x)\n )\n return { dataOwner: updatedPatient.updatedEntityOrThrow, type: DataOwnerTypeEnum.Patient }\n }\n }\n } else {\n return self\n }\n}\n\n/**\n * Search a public key in the data owner and returns the corresponding SHA version used to generate it or undefined if not found.\n * @param dataOwner the data owner.\n * @param publicKey the public key.\n * @return 'sha-1', 'sha-256', undefined\n */\nexport function getShaVersionForKey(dataOwner: DataOwnerOrStub, publicKey: string): ShaVersion | undefined {\n return dataOwner.publicKey === publicKey || Object.keys(dataOwner.aesExchangeKeys ?? {}).includes(publicKey)\n ? ShaVersion.Sha1\n : !!dataOwner.publicKeysForOaepWithSha256?.includes(publicKey)\n ? ShaVersion.Sha256\n : undefined\n}\n\n/**\n * @internal this function is meant only for internal use and may be changed without notice.\n * Calculates the fingerprint from the hexadecimal representation of a SPKI key. The fingerprint is calculated as the last 16 bytes (32 characters)\n * of the SPKI key.\n * @param key the hexadecimal representation of the SPKI key.\n * @return the fingerprint.\n */\nexport function fingerprintV1(key: string): string {\n return key.slice(-32)\n}\n\n/**\n * @internal this function is meant only for internal use and may be changed without notice.\n * Calculates the fingerprint from the hexadecimal representation of a SPKI key. The fingerprint is calculated as the last 16 bytes (32 characters) from which the\n * last 5 (10 characters) are removed because they are a constant of the SPKI format.\n * @param key the hexadecimal representation of the SPKI key.\n * @return the fingerprint.\n */\nexport function fingerprintV2(key: string): string {\n return key.slice(-32, -10)\n}\n\n/**\n * @internal this function is meant only for internal use and may be changed without notice.\n * Converts the fingerprint of a key from a V1 format to a V2 format.\n * @param fp the fingerprint of the key in the V1 format.\n * @return the fingerprint of the key in the v2 format.\n */\nexport function fingerprintV1toV2(fp: string): string {\n // Conversion resilient to mistakes: if the fingerprint is already in V2 format it will be returned as is.\n return fp.slice(0, 22)\n}\n\n/**\n * @internal this function is meant only for internal use and may be changed without notice.\n * @param fp the fingerprint.\n * @return true if the fingerprint is in V1 format, false otherwise.\n */\nexport function fingerprintIsV1(fp: string): boolean {\n return fp.length === 32\n}\n\n/**\n * @internal this function is meant only for internal use and may be changed without notice.\n * @param fp the fingerprint.\n * @return true if the fingerprint is in V2 format, false otherwise.\n */\nexport function fingerprintIsV2(fp: string): boolean {\n return fp.length === 22\n}\n\n/**\n * @internal this function is meant only for internal use and may be changed without notice.\n * @param fp the fingerprint v2.\n * @return the fingerprint v1 using the standard tail.\n */\nexport function fingerprintV2ToStandardV1(fp: string): string {\n return fp + '0203010001'\n}\n\n/**\n * @internal this function is meant only for internal use and may be changed without notice.\n * @param publicKeyOrFpv1 a public key in spki format or a public key fp v1\n * @throws if the input does not terminate with 0203010001\n */\nexport function checkStandardPublicKeyTail(publicKeyOrFpv1: string) {\n if (publicKeyOrFpv1.slice(-10) != '0203010001') {\n throw new Error('Illegal state: generated public key should end with 0203010001')\n }\n}\n"]}
|
package/icc-x-api/index.d.ts
CHANGED
|
@@ -62,6 +62,7 @@ export { LocalStorageImpl } from './storage/LocalStorageImpl';
|
|
|
62
62
|
export { StorageFacade } from './storage/StorageFacade';
|
|
63
63
|
export { KeyStorageImpl } from './storage/KeyStorageImpl';
|
|
64
64
|
export { CryptoStrategies } from './crypto/CryptoStrategies';
|
|
65
|
+
export { getShaVersionForKey } from './crypto/utils';
|
|
65
66
|
export interface BasicApis {
|
|
66
67
|
readonly authApi: IccAuthApi;
|
|
67
68
|
readonly codeApi: IccCodeXApi;
|
package/icc-x-api/index.js
CHANGED
|
@@ -23,7 +23,7 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
|
|
|
23
23
|
});
|
|
24
24
|
};
|
|
25
25
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
26
|
-
exports.BasicApis = exports.IcureApi = exports.EncryptedFieldsConfig = exports.KeyStorageImpl = exports.LocalStorageImpl = void 0;
|
|
26
|
+
exports.BasicApis = exports.IcureApi = exports.EncryptedFieldsConfig = exports.getShaVersionForKey = exports.KeyStorageImpl = exports.LocalStorageImpl = void 0;
|
|
27
27
|
const icc_api_1 = require("../icc-api");
|
|
28
28
|
const icc_user_x_api_1 = require("./icc-user-x-api");
|
|
29
29
|
const icc_crypto_x_api_1 = require("./icc-crypto-x-api");
|
|
@@ -114,6 +114,8 @@ var LocalStorageImpl_2 = require("./storage/LocalStorageImpl");
|
|
|
114
114
|
Object.defineProperty(exports, "LocalStorageImpl", { enumerable: true, get: function () { return LocalStorageImpl_2.LocalStorageImpl; } });
|
|
115
115
|
var KeyStorageImpl_2 = require("./storage/KeyStorageImpl");
|
|
116
116
|
Object.defineProperty(exports, "KeyStorageImpl", { enumerable: true, get: function () { return KeyStorageImpl_2.KeyStorageImpl; } });
|
|
117
|
+
var utils_2 = require("./crypto/utils");
|
|
118
|
+
Object.defineProperty(exports, "getShaVersionForKey", { enumerable: true, get: function () { return utils_2.getShaVersionForKey; } });
|
|
117
119
|
var IcureApiOptions;
|
|
118
120
|
(function (IcureApiOptions) {
|
|
119
121
|
let Defaults;
|
package/icc-x-api/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../icc-x-api/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,wCA8BmB;AACnB,qDAA8C;AAC9C,yDAAkD;AAClD,2DAAoD;AACpD,2DAAoD;AACpD,6DAAsD;AACtD,2DAAoD;AACpD,qDAA8C;AAC9C,6DAAsD;AACtD,yEAAkE;AAClE,uEAA+D;AAC/D,2DAAoD;AACpD,2DAAoD;AACpD,2DAAoD;AACpD,+DAAwD;AACxD,iEAAyD;AACzD,qDAA8C;AAC9C,6EAAqE;AACrE,iEAAyD;AAGzD,iEAA6D;AAC7D,6DAAyD;AACzD,0EAMsC;AACtC,gEAA4D;AAC5D,kFAA8E;AAC9E,qEAAiE;AACjE,6FAAyF;AACzF,sDAAkD;AAClD,8EAA0E;AAG1E,sEAAkE;AAClE,kEAA8D;AAC9D,sEAAkE;AAClE,+EAAuE;AACvE,wEAAoE;AACpE,0CAAwD;AACxD,oHAAgH;AAChH,sEAA+F;AAC/F,8EAA0E;AAC1E,mFAA+E;AAC/E,gFAA4E;AAC5E,gFAA4E;AAC5E,sFAAkF;AAClF,kHAA8G;AAC9G,0EAAsE;AACtE,gFAA4E;AAC5E,gGAA4F;AAC5F,yFAAqF;AACrF,4EAAwE;AACxE,yDAAkD;AAClD,2DAAoD;AACpD,mEAA4D;AAE5D,uDAAgD;AAChD,0DAAsD;AACtD,0EAAsE;AACtE,oFAAgF;AAChF,wEAAoE;AACpE,gEAAgF;AAChF,gEAA4D;AAC5D,mFAA+E;AAC/E,4EAAwE;AACxE,6DAAsD;AAEtD,wDAAqC;AACrC,sDAAmC;AACnC,4DAAyC;AACzC,6DAA0C;AAC1C,mDAAgC;AAChC,sDAAmC;AACnC,qDAAkC;AAClC,0DAAuC;AACvC,uDAAoC;AACpC,mDAAgC;AAChC,sDAAmC;AACnC,uDAAoC;AACpC,sDAAmC;AACnC,sDAAmC;AACnC,sDAAmC;AACnC,mDAAgC;AAChC,yDAAsC;AACtC,sDAAmC;AACnC,yDAAsC;AACtC,gEAA6C;AAC7C,+DAA4C;AAC5C,0CAAuB;AAEvB,+CAA4B;AAC5B,4DAAyC;AACzC,kEAA+C;AAC/C,gEAA6C;AAG7C,+DAA6D;AAApD,oHAAA,gBAAgB,OAAA;AAEzB,2DAAyD;AAAhD,gHAAA,cAAc,OAAA;AAsHvB,IAAU,eAAe,CA4BxB;AA5BD,WAAU,eAAe;IACvB,IAAiB,QAAQ,CAIxB;IAJD,WAAiB,QAAQ;QACV,yBAAgB,GAAG,IAAI,+DAA8B,EAAE,CAAA;QACvD,uCAA8B,GAAG,IAAI,CAAA;QACrC,gBAAO,GAAG,EAAE,CAAA;IAC3B,CAAC,EAJgB,QAAQ,GAAR,wBAAQ,KAAR,wBAAQ,QAIxB;IAED,MAAa,YAAY;QAUvB,YAAY,MAAuB;;YACjC,IAAI,CAAC,gBAAgB,GAAG,MAAA,MAAM,CAAC,gBAAgB,mCAAI,QAAQ,CAAC,gBAAgB,CAAA;YAC5E,IAAI,CAAC,8BAA8B,GAAG,MAAA,MAAM,CAAC,8BAA8B,mCAAI,QAAQ,CAAC,8BAA8B,CAAA;YACtH,IAAI,CAAC,OAAO,GAAG,MAAA,MAAM,CAAC,OAAO,mCAAI,IAAI,mCAAgB,EAAE,CAAA;YACvD,IAAI,CAAC,UAAU,GAAG,MAAA,MAAM,CAAC,UAAU,mCAAI,IAAI,+BAAc,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;YACvE,IAAI,CAAC,OAAO,GAAG,MAAA,MAAM,CAAC,OAAO,mCAAI,QAAQ,CAAC,OAAO,CAAA;YACjD,IAAI,CAAC,qBAAqB,GAAG,MAAA,MAAM,CAAC,qBAAqB,mCAAI,EAAE,CAAA;YAC/D,IAAI,CAAC,aAAa,GAAG,MAAA,MAAM,CAAC,aAAa,mCAAI,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,OAAQ,CAAC,CAAC,CAAA;YAC9F,IAAI,CAAC,+BAA+B,GAAG,MAAA,MAAM,CAAC,+BAA+B,mCAAI,KAAK,CAAA;QACxF,CAAC;KACF;IApBY,4BAAY,eAoBxB,CAAA;AACH,CAAC,EA5BS,eAAe,KAAf,eAAe,QA4BxB;AAwJD,IAAiB,qBAAqB,CAYrC;AAZD,WAAiB,qBAAqB;IACvB,8BAAQ,GAAG;QACtB,SAAS,EAAE,CAAC,QAAQ,EAAE,UAAU,CAAC;QACjC,YAAY,EAAE,CAAC,SAAS,EAAE,OAAO,EAAE,WAAW,CAAC;QAC/C,OAAO,EAAE,CAAC,OAAO,CAAC;QAClB,OAAO,EAAE,CAAC,kBAAkB,CAAC;QAC7B,aAAa,EAAE,CAAC,OAAO,EAAE,MAAM,EAAE,kBAAkB,CAAC;QACpD,eAAe,EAAE,CAAC,YAAY,CAAC;QAC/B,OAAO,EAAE,CAAC,MAAM,EAAE,kBAAkB,CAAC;QACrC,OAAO,EAAE,EAAE;QACX,KAAK,EAAE,CAAC,aAAa,EAAE,gBAAgB,EAAE,sBAAsB,CAAC;KACjE,CAAA;AACH,CAAC,EAZgB,qBAAqB,GAArB,6BAAqB,KAArB,6BAAqB,QAYrC;AA4ED,IAAiB,QAAQ,CA+CxB;AA/CD,WAAiB,QAAQ;IACvB;;OAEG;IACH,SAAsB,UAAU,CAC9B,IAAY,EACZ,qBAAqE,EACrE,gBAAkC,EAClC,SAAiB,OAAO,MAAM,KAAK,WAAW,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO,IAAI,KAAK,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAE,EAAa,EAC3H,YAA2E,OAAO,MAAM,KAAK,WAAW;QACtG,CAAC,CAAC,MAAM,CAAC,KAAK;QACd,CAAC,CAAC,OAAO,IAAI,KAAK,WAAW;YAC7B,CAAC,CAAC,IAAI,CAAC,KAAK;YACZ,CAAC,CAAC,KAAK,EACT,UAA2B,EAAE;;;YAE7B,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC,YAAY,CAAC,OAAO,CAAC,CAAA;YACxD,IAAI,+BAA+B,GAAG,MAAM,yBAAyB,CAAC,IAAI,EAAE,qBAAqB,EAAE,MAAM,CAAC,OAAO,EAAE,SAAS,CAAC,CAAA;YAC7H,mIAAmI;YACnI,MAAM,gBAAgB,GAAG,IAAI,oBAAU,CAAC,IAAI,EAAE,MAAM,CAAC,OAAO,EAAE,+BAA+B,EAAE,SAAS,CAAC,CAAA;YACzG,MAAM,OAAO,GAAG,MAAM,iBAAiB,CAAC,gBAAgB,CAAC,CAAA;YACzD,MAAM,aAAa,GAAG,OAAO,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC,CAAC,MAAM,OAAO,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,MAAA,OAAO,CAAC,CAAC,CAAC,0CAAE,OAAO,CAAA;YAChI,MAAM,uCAAuC,GAC3C,OAAO,CAAC,MAAM,GAAG,CAAC,IAAI,aAAa;gBACjC,CAAC,CAAC,MAAM,+BAA+B,CAAC,WAAW,CAAC,aAAa,EAAE,OAAO,CAAC;gBAC3E,CAAC,CAAC,EAAE,gBAAgB,EAAE,+BAA+B,EAAE,aAAa,EAAE,KAAK,EAAE,CAAA;YACjF;;;eAGG;YACH,MAAM,mCAAmC,GACvC,OAAO,CAAC,MAAM,GAAG,CAAC,IAAI,aAAa;gBACjC,CAAC,CAAC,MAAM,+BAA+B,CAAC,WAAW,CAAC,aAAa,EAAE,OAAO,CAAC;gBAC3E,CAAC,CAAC,+BAA+B,CAAA;YACrC,MAAM,cAAc,GAAG,MAAM,4BAA4B,CAAC,IAAI,EAAE,SAAS,EAAE,mCAAmC,EAAE,MAAM,EAAE,gBAAgB,EAAE,MAAM,CAAC,CAAA;YACjJ,OAAO,IAAI,YAAY,CACrB,cAAc,EACd,IAAI,EACJ,mCAAmC,EACnC,KAAK,EACL,gBAAgB,EAChB,OAAO,EACP,OAAO,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,OAAO,KAAK,aAAa,CAAC,EACxD,MAAM,EACN,gBAAgB,CACjB,CAAA;;KACF;IA1CqB,mBAAU,aA0C/B,CAAA;AACH,CAAC,EA/CgB,QAAQ,GAAR,gBAAQ,KAAR,gBAAQ,QA+CxB;AAED,SAAe,yBAAyB,CACtC,IAAY,EACZ,qBAAqE,EACrE,OAAyC,EACzC,SAAwE;;;QAExE,IAAI,sBAA8C,CAAA;QAClD,IAAI,gBAAgB,IAAI,qBAAqB,IAAI,aAAa,IAAI,qBAAqB,IAAI,gBAAgB,IAAI,qBAAqB,EAAE;YACpI,sBAAsB,GAAG,qBAAqB,CAAA;SAC/C;aAAM,IAAI,aAAa,IAAI,qBAAqB,IAAI,CAAC,CAAC,qBAAqB,CAAC,WAAW,EAAE;YACxF,sBAAsB,GAAG,IAAI,kDAAyB,CACpD,IAAI,oBAAU,CAAC,IAAI,EAAE,OAAO,EAAE,IAAI,iDAAwB,EAAE,EAAE,SAAS,CAAC,EACxE,MAAA,qBAAqB,aAArB,qBAAqB,uBAArB,qBAAqB,CAAE,WAAW,0CAAE,QAAQ,EAC5C,MAAA,qBAAqB,aAArB,qBAAqB,uBAArB,qBAAqB,CAAE,WAAW,0CAAE,QAAQ,EAC5C,SAAS,EACT,qBAAqB,CAAC,WAAW,CAClC,CAAA;SACF;aAAM,IACL,UAAU,IAAI,qBAAqB;YACnC,UAAU,IAAI,qBAAqB;YACnC,CAAC,CAAC,qBAAqB,CAAC,QAAQ;YAChC,CAAC,CAAC,qBAAqB,CAAC,QAAQ,EAChC;YACA,sBAAsB,GAAG,IAAI,uDAA8B,CACzD,IAAI,oBAAU,CAAC,IAAI,EAAE,OAAO,EAAE,IAAI,iDAAwB,EAAE,EAAE,SAAS,CAAC,EACxE,qBAAqB,CAAC,QAAQ,EAC9B,qBAAqB,CAAC,QAAQ,EAC9B,IAAI,EACJ,SAAS,EACT,SAAS,EACT,qBAAqB,CAAC,gBAAgB,CACvC,CAAA;SACF;aAAM,IAAI,kBAAkB,IAAI,qBAAqB,IAAI,CAAC,CAAC,qBAAqB,CAAC,gBAAgB,EAAE;YAClG,sBAAsB,GAAG,IAAI,kDAAyB,CACpD,IAAI,oBAAU,CAAC,IAAI,EAAE,OAAO,EAAE,IAAI,iDAAwB,EAAE,EAAE,SAAS,CAAC,EACxE,SAAS,EACT,SAAS,EACT,IAAI,6CAAqB,CACvB,IAAI,oBAAU,CAAC,IAAI,EAAE,OAAO,EAAE,IAAI,iDAAwB,EAAE,EAAE,SAAS,CAAC,EACxE,SAAS,EACT,SAAS,EACT,qBAAqB,CAAC,gBAAgB,EACtC,SAAS,CACV,CACF,CAAA;SACF;aAAM,IAAI,UAAU,IAAI,qBAAqB,IAAI,gBAAgB,IAAI,qBAAqB,EAAE;YAC3F,sBAAsB,GAAG,qCAAiB,CAAC,UAAU,CACnD,IAAI,oBAAU,CAAC,IAAI,EAAE,OAAO,EAAE,IAAI,iDAAwB,EAAE,EAAE,SAAS,CAAC,EACxE,qBAAqB,CAAC,QAAQ,EAC9B,qBAAqB,CAAC,cAAc,EACpC;gBACE,aAAa,EAAE,qBAAqB,CAAC,aAAa;gBAClD,gBAAgB,EAAE,qBAAqB,CAAC,gBAAgB;gBACxD,mBAAmB,EAAE,qBAAqB,CAAC,mBAAmB;aAC/D,CACF,CAAA;SACF;aAAM;YACL,MAAM,IAAI,KAAK,CAAC,yCAAyC,CAAC,CAAA;SAC3D;QACD,OAAO,sBAAsB,CAAA;;CAC9B;AAiBD,MAAM,gCAAgC,GAAG,iCAAiC,CAAA;AAE1E,SAAe,4BAA4B,CACzC,IAAY,EACZ,SAAwE,EACxE,mCAA2D,EAC3D,MAAoC,EACpC,gBAAkC,EAClC,MAAc;;;QAEd,MAAM,oBAAoB,GAAG,MAAM,IAAI,uCAAgB,CACrD,IAAI,EACJ,MAAM,CAAC,OAAO,EACd,mCAAmC,EACnC,SAAS,CACV,CAAC,uBAAuB,EAAE,CAAA;QAC3B,MAAM,oCAAoC,GAAG,gBAAgB,CAAC,oCAAoC,CAAC,oBAAoB,CAAC,CAAA;QACxH,IAAI,cAAc,GAAG,MAAM,CAAC,OAAO,CAAA;QACnC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,QAAQ,CAAC,gCAAgC,CAAC,EAAE;YAC3E,IAAI,oBAAoB,CAAC,IAAI,IAAI,qCAAiB,CAAC,OAAO,IAAI,oBAAoB,CAAC,IAAI,IAAI,qCAAiB,CAAC,MAAM,EAAE;gBACnH,IAAI,CAAC,oCAAoC,EAAE;oBACzC,cAAc,mCAAQ,cAAc,KAAE,CAAC,gCAAgC,CAAC,EAAE,OAAO,GAAE,CAAA;iBACpF;aACF;iBAAM;gBACL,IAAI,oCAAoC,EAAE;oBACxC,cAAc,mCAAQ,cAAc,KAAE,CAAC,gCAAgC,CAAC,EAAE,MAAM,GAAE,CAAA;iBACnF;aACF;SACF;QAED,MAAM,OAAO,GAAG,IAAI,oBAAU,CAAC,IAAI,EAAE,cAAc,EAAE,mCAAmC,EAAE,SAAS,CAAC,CAAA;QACpG,MAAM,OAAO,GAAG,IAAI,4BAAW,CAAC,IAAI,EAAE,cAAc,EAAE,mCAAmC,EAAE,OAAO,EAAE,SAAS,CAAC,CAAA;QAC9G,MAAM,kBAAkB,GAAG,IAAI,kCAAc,CAAC,IAAI,EAAE,cAAc,EAAE,mCAAmC,EAAE,OAAO,EAAE,SAAS,CAAC,CAAA;QAC5H,MAAM,SAAS,GAAG,IAAI,gCAAa,CAAC,IAAI,EAAE,cAAc,EAAE,mCAAmC,EAAE,OAAO,EAAE,OAAO,EAAE,SAAS,CAAC,CAAA;QAC3H,MAAM,cAAc,GAAG,IAAI,uBAAa,CAAC,IAAI,EAAE,cAAc,EAAE,mCAAmC,EAAE,SAAS,CAAC,CAAA;QAC9G,MAAM,YAAY,GAAG,IAAI,uCAAgB,CAAC,IAAI,EAAE,cAAc,EAAE,mCAAmC,EAAE,SAAS,CAAC,CAAA;QAC/G,MAAM,eAAe,GAAG,IAAI,uCAAkB,CAAC,IAAI,EAAE,cAAc,EAAE,mCAAmC,EAAE,SAAS,CAAC,CAAA;QACpH,MAAM,mBAAmB,GAAG,IAAI,uCAAkB,CAAC,IAAI,EAAE,cAAc,EAAE,mCAAmC,EAAE,SAAS,CAAC,CAAA;QACxH,wBAAwB;QACxB,MAAM,YAAY,GAAG,IAAI,uCAAkB,CAAC,MAAM,CAAC,UAAU,EAAE,MAAM,CAAC,OAAO,EAAE,MAAM,CAAC,gBAAgB,CAAC,CAAA;QACvG,MAAM,gBAAgB,GAAG,IAAI,mCAAgB,CAAC,MAAM,CAAC,CAAA;QACrD,MAAM,uBAAuB,GAAG,IAAI,iDAAuB,CAAC,gBAAgB,EAAE,YAAY,EAAE,kBAAkB,EAAE,cAAc,EAAE,SAAS,CAAC,CAAA;QAC1I,MAAM,uBAAuB,GAAG,IAAI,iDAAuB,CAAC,eAAe,EAAE,YAAY,EAAE,gBAAgB,EAAE,oCAAoC,CAAC,CAAA;QAClJ,MAAM,WAAW,GAAG,IAAI,yBAAW,CAAC,gBAAgB,EAAE,YAAY,EAAE,uBAAuB,EAAE,uBAAuB,CAAC,CAAA;QACrH,MAAM,sBAAsB,GAAG,IAAI,+CAAsB,CAAC,gBAAgB,EAAE,mBAAmB,CAAC,CAAA;QAChG,MAAM,gBAAgB,GAAG,IAAI,mCAAgB,CAAC,sBAAsB,CAAC,CAAA;QACrE,MAAM,yBAAyB,GAAG,IAAI,qDAAyB,CAC7D,gBAAgB,EAChB,YAAY,EACZ,YAAY,EACZ,WAAW,EACX,gBAAgB,EAChB,CAAC,MAAM,CAAC,+BAA+B,EACvC,gBAAgB,CACjB,CAAA;QACD,MAAM,wBAAwB,GAAG,IAAI,mDAAwB,CAAC,YAAY,EAAE,YAAY,EAAE,gBAAgB,CAAC,CAAA;QAC3G,MAAM,MAAM,GAAG,MAAM,yBAAyB,CAAC,cAAc,EAAE,CAAA;QAC/D,MAAM,IAAI,yCAAmB,CAC3B,gBAAgB,EAChB,uBAAuB,EACvB,YAAY,EACZ,yBAAyB,EACzB,wBAAwB,EACxB,YAAY,CACb,CAAC,kBAAkB,CAAC,MAAM,YAAY,CAAC,uBAAuB,EAAE,CAAC,CAAA;QAClE,6BAA6B;QAC7B,MAAM,mBAAmB,GAAG,IAAI,yCAAmB,CACjD,GAAG,EACH,GAAG,EACH,MAAM,EACN,KAAK,EACL,gBAAgB,EAChB,gBAAgB,EAChB,yBAAyB,EACzB,uBAAuB,EACvB,YAAY,EACZ,CAAC,MAAM,CAAC,+BAA+B,EACvC,YAAY,CACb,CAAA;QACD,MAAM,wBAAwB,GAAG,IAAI,mDAAwB,CAAC,gBAAgB,CAAC,CAAA;QAC/E,MAAM,mBAAmB,GAAG,MAAM,IAAA,sEAAgD,EAChF,uBAAuB,EACvB,yBAAyB,EACzB,wBAAwB,EACxB,wBAAwB,EACxB,gBAAgB,EAChB,YAAY,EACZ,gBAAgB,EAChB,CAAC,MAAM,CAAC,+BAA+B,CACxC,CAAA;QACD,MAAM,sBAAsB,GAAG,IAAI,+CAAsB,CACvD,IAAI,6CAAqB,CAAC,IAAI,EAAE,cAAc,EAAE,mCAAmC,EAAE,SAAS,CAAC,CAChG,CAAA;QACD,MAAM,2BAA2B,GAAG,IAAI,yDAA2B,CAAC,yBAAyB,EAAE,gBAAgB,CAAC,CAAA;QAChH,MAAM,2CAA2C,GAAG,IAAI,uFAA0C,CAChG,mBAAmB,EACnB,sBAAsB,EACtB,2BAA2B,EAC3B,YAAY,CACb,CAAA;QACD,MAAM,SAAS,GAAG,IAAI,6CAAqB,CACzC,gBAAgB,EAChB,YAAY,EACZ,IAAI,qFAAyC,CAAC,mBAAmB,EAAE,gBAAgB,CAAC,EACpF,2CAA2C,EAC3C,IAAI,mDAAwB,CAC1B,mBAAmB,EACnB,sBAAsB,EACtB,2BAA2B,EAC3B,wBAAwB,EACxB,yBAAyB,EACzB,gBAAgB,EAChB,YAAY,EACZ,gBAAgB,EAChB,oCAAoC,CACrC,EACD,OAAO,EACP,CAAC,MAAM,CAAC,+BAA+B,CACxC,CAAA;QACD,MAAM,aAAa,GAAG,IAAI,qCAAiB,CAAC,gBAAgB,EAAE,YAAY,EAAE,yBAAyB,EAAE,mBAAmB,CAAC,CAAA;QAC3H,MAAM,qBAAqB,GAAG,IAAI,2CAAoB,CAAC,SAAS,EAAE,gBAAgB,EAAE,YAAY,CAAC,CAAA;QACjG,MAAM,IAAA,+BAAuB,EAAC,YAAY,EAAE,SAAS,EAAE,cAAc,EAAE,gBAAgB,CAAC,CAAA;QACxF,MAAM,gCAAgC,GAAG,IAAI,mEAAgC,CAAC,mBAAmB,CAAC,CAAA;QAClG,MAAM,0BAA0B,GAAG,IAAI,uDAA0B,CAC/D,YAAY,EACZ,2CAA2C,EAC3C,SAAS,EACT,gBAAgB,EAChB,wBAAwB,EACxB,IAAI,EACJ,cAAc,EACd,mCAAmC,EACnC,SAAS,EACT,gCAAgC,CACjC,CAAA;QACD,MAAM,SAAS,GAAG,IAAI,gCAAa,CACjC,mBAAmB,EACnB,gBAAgB,EAChB,yBAAyB,EACzB,YAAY,EACZ,SAAS,EACT,aAAa,EACb,MAAM,CAAC,OAAO,EACd,MAAM,CAAC,UAAU,EACjB,qBAAqB,EACrB,mBAAmB,EACnB,gCAAgC,EAChC,0BAA0B,CAC3B,CAAA;QACD,MAAM,kBAAkB,GAAG,IAAI,mDAAsB,CACnD,IAAI,EACJ,cAAc,EACd,SAAS,EACT,kBAAkB,EAClB,YAAY,EACZ,OAAO,EACP,OAAO,EACP,CAAC,oCAAoC,EACrC,MAAA,MAAM,CAAC,qBAAqB,CAAC,eAAe,mCAAI,qBAAqB,CAAC,QAAQ,CAAC,eAAe,EAC9F,mCAAmC,EACnC,SAAS,CACV,CAAA;QACD,MAAM,uBAAuB,GAAG,IAAI,qDAAuB,CAAC,SAAS,EAAE,kBAAkB,EAAE,YAAY,EAAE,eAAe,CAAC,CAAA;QAEzH,IAAI,MAAM,IAAI,MAAM,CAAC,8BAA8B,EAAE;YACnD,MAAM,uBAAuB,CAAC,mCAAmC,CAAC,MAAM,OAAO,CAAC,cAAc,EAAE,EAAE,MAAM,CAAC,UAAU,CAAC,CAAA;SACrH;QACD,OAAO;YACL,SAAS;YACT,OAAO;YACP,kBAAkB;YAClB,SAAS;YACT,kBAAkB;YAClB,YAAY;YACZ,uBAAuB;YACvB,OAAO,EAAE,cAAc;YACvB,oCAAoC;YACpC,WAAW,EAAE,IAAI,oCAAe,CAC9B,mBAAmB,EACnB,sBAAsB,EACtB,yBAAyB,EACzB,YAAY,EACZ,gBAAgB,EAChB,mBAAmB,CACpB;SACF,CAAA;;CACF;AAED,MAAM,YAAY;IAGhB,YACmB,eAAyC,EACzC,IAAY,EACZ,mCAA2D,EAC3D,KAAoE,EACpE,gBAA4B,EAC7C,aAA0B,EACT,gBAAuC,EACvC,MAAoC,EACpC,gBAAkC;QARlC,oBAAe,GAAf,eAAe,CAA0B;QACzC,SAAI,GAAJ,IAAI,CAAQ;QACZ,wCAAmC,GAAnC,mCAAmC,CAAwB;QAC3D,UAAK,GAAL,KAAK,CAA+D;QACpE,qBAAgB,GAAhB,gBAAgB,CAAY;QAE5B,qBAAgB,GAAhB,gBAAgB,CAAuB;QACvC,WAAM,GAAN,MAAM,CAA8B;QACpC,qBAAgB,GAAhB,gBAAgB,CAAkB;QAEnD,IAAI,CAAC,mBAAmB,GAAG,OAAO,CAAC,OAAO,CAAC,aAAa,CAAC,CAAA;IAC3D,CAAC;IAID,IAAI,WAAW;QACb,OAAO,IAAI,CAAC,eAAe,CAAC,WAAW,CAAA;IACzC,CAAC;IAED,IAAI,OAAO;;QACT,OAAO,CACL,MAAA,IAAI,CAAC,QAAQ,mCAAI,CAAC,IAAI,CAAC,QAAQ,GAAG,IAAI,oBAAU,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,eAAe,CAAC,OAAO,EAAE,IAAI,CAAC,mCAAmC,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,CACjJ,CAAA;IACH,CAAC;IAID,IAAI,OAAO;;QACT,OAAO,CACL,MAAA,IAAI,CAAC,QAAQ,mCACb,CAAC,IAAI,CAAC,QAAQ,GAAG,IAAI,4BAAW,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,eAAe,CAAC,OAAO,EAAE,IAAI,CAAC,mCAAmC,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,CACjI,CAAA;IACH,CAAC;IAID,IAAI,mBAAmB;;QACrB,OAAO,CACL,MAAA,IAAI,CAAC,oBAAoB,mCACzB,CAAC,IAAI,CAAC,oBAAoB,GAAG,IAAI,gCAAsB,CACrD,IAAI,CAAC,IAAI,EACT,IAAI,CAAC,eAAe,CAAC,OAAO,EAC5B,IAAI,CAAC,mCAAmC,EACxC,IAAI,CAAC,KAAK,CACX,CAAC,CACH,CAAA;IACH,CAAC;IAID,IAAI,kBAAkB;;QACpB,OAAO,CACL,MAAA,IAAI,CAAC,mBAAmB,mCACxB,CAAC,IAAI,CAAC,mBAAmB,GAAG,IAAI,+BAAqB,CACnD,IAAI,CAAC,IAAI,EACT,IAAI,CAAC,eAAe,CAAC,OAAO,EAC5B,IAAI,CAAC,mCAAmC,EACxC,IAAI,CAAC,KAAK,CACX,CAAC,CACH,CAAA;IACH,CAAC;IAID,IAAI,OAAO;;QACT,OAAO,MAAA,IAAI,CAAC,QAAQ,mCAAI,CAAC,IAAI,CAAC,QAAQ,GAAG,IAAI,uBAAU,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,IAAI,CAAC,mCAAmC,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,CAAA;IAChJ,CAAC;IAID,IAAI,kBAAkB;;QACpB,OAAO,CACL,MAAA,IAAI,CAAC,mBAAmB,mCACxB,CAAC,IAAI,CAAC,mBAAmB,GAAG,IAAI,yBAAe,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,eAAe,CAAC,OAAO,EAAE,IAAI,CAAC,mCAAmC,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,CAChJ,CAAA;IACH,CAAC;IAID,IAAI,aAAa;;QACf,OAAO,CACL,MAAA,IAAI,CAAC,cAAc,mCACnB,CAAC,IAAI,CAAC,cAAc,GAAG,IAAI,0BAAgB,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,eAAe,CAAC,OAAO,EAAE,IAAI,CAAC,mCAAmC,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,CAC5I,CAAA;IACH,CAAC;IAID,IAAI,YAAY;;QACd,OAAO,CACL,MAAA,IAAI,CAAC,aAAa,mCAClB,CAAC,IAAI,CAAC,aAAa,GAAG,IAAI,sCAAgB,CACxC,IAAI,CAAC,IAAI,EACT,IAAI,CAAC,eAAe,CAAC,OAAO,EAC5B,IAAI,CAAC,SAAS,EACd,IAAI,CAAC,YAAY,EACjB,CAAC,IAAI,CAAC,eAAe,CAAC,oCAAoC,EAC1D,MAAA,IAAI,CAAC,MAAM,CAAC,qBAAqB,CAAC,SAAS,mCAAI,qBAAqB,CAAC,QAAQ,CAAC,SAAS,EACvF,IAAI,CAAC,mCAAmC,EACxC,IAAI,CAAC,KAAK,CACX,CAAC,CACH,CAAA;IACH,CAAC;IAID,IAAI,SAAS;;QACX,OAAO,CACL,MAAA,IAAI,CAAC,UAAU,mCACf,CAAC,IAAI,CAAC,UAAU,GAAG,IAAI,sBAAY,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,eAAe,CAAC,OAAO,EAAE,IAAI,CAAC,mCAAmC,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,CACpI,CAAA;IACH,CAAC;IAID,IAAI,UAAU;;QACZ,OAAO,CACL,MAAA,IAAI,CAAC,WAAW,mCAChB,CAAC,IAAI,CAAC,WAAW,GAAG,IAAI,kCAAc,CACpC,IAAI,CAAC,IAAI,EACT,IAAI,CAAC,eAAe,CAAC,OAAO,EAC5B,IAAI,CAAC,SAAS,EACd,IAAI,CAAC,YAAY,EACjB,IAAI,CAAC,OAAO,EACZ,IAAI,CAAC,OAAO,EACZ,CAAC,IAAI,CAAC,eAAe,CAAC,oCAAoC,EAC1D,IAAI,CAAC,mCAAmC,EACxC,IAAI,CAAC,KAAK,EACV,MAAA,IAAI,CAAC,MAAM,CAAC,qBAAqB,CAAC,OAAO,mCAAI,qBAAqB,CAAC,QAAQ,CAAC,OAAO,EACnF,MAAA,IAAI,CAAC,MAAM,CAAC,qBAAqB,CAAC,OAAO,mCAAI,qBAAqB,CAAC,QAAQ,CAAC,OAAO,CACpF,CAAC,CACH,CAAA;IACH,CAAC;IAID,IAAI,OAAO;;QACT,OAAO,CACL,MAAA,IAAI,CAAC,QAAQ,mCACb,CAAC,IAAI,CAAC,QAAQ,GAAG,IAAI,4BAAW,CAC9B,IAAI,CAAC,IAAI,EACT,IAAI,CAAC,eAAe,CAAC,OAAO,EAC5B,IAAI,CAAC,SAAS,EACd,IAAI,CAAC,YAAY,EACjB,CAAC,IAAI,CAAC,eAAe,CAAC,oCAAoC,EAC1D,IAAI,CAAC,mCAAmC,EACxC,IAAI,CAAC,KAAK,CACX,CAAC,CACH,CAAA;IACH,CAAC;IAID,IAAI,QAAQ;;QACV,OAAO,CACL,MAAA,IAAI,CAAC,SAAS,mCACd,CAAC,IAAI,CAAC,SAAS,GAAG,IAAI,qBAAW,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,eAAe,CAAC,OAAO,EAAE,IAAI,CAAC,mCAAmC,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,CAClI,CAAA;IACH,CAAC;IAID,IAAI,UAAU;;QACZ,OAAO,CACL,MAAA,IAAI,CAAC,WAAW,mCAChB,CAAC,IAAI,CAAC,WAAW,GAAG,IAAI,kCAAc,CACpC,IAAI,CAAC,IAAI,EACT,IAAI,CAAC,eAAe,CAAC,OAAO,EAC5B,IAAI,CAAC,SAAS,EACd,IAAI,CAAC,kBAAkB,EACvB,IAAI,CAAC,YAAY,EACjB,CAAC,IAAI,CAAC,eAAe,CAAC,oCAAoC,EAC1D,IAAI,CAAC,mCAAmC,EACxC,IAAI,CAAC,KAAK,CACX,CAAC,CACH,CAAA;IACH,CAAC;IAID,IAAI,YAAY;;QACd,OAAO,CACL,MAAA,IAAI,CAAC,aAAa,mCAClB,CAAC,IAAI,CAAC,aAAa,GAAG,IAAI,yBAAe,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,eAAe,CAAC,OAAO,EAAE,IAAI,CAAC,mCAAmC,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,CAC1I,CAAA;IACH,CAAC;IAID,IAAI,WAAW;;QACb,OAAO,CACL,MAAA,IAAI,CAAC,YAAY,mCACjB,CAAC,IAAI,CAAC,YAAY,GAAG,IAAI,oCAAe,CACtC,IAAI,CAAC,IAAI,EACT,IAAI,CAAC,eAAe,CAAC,OAAO,EAC5B,IAAI,CAAC,SAAS,EACd,IAAI,CAAC,OAAO,EACZ,IAAI,CAAC,YAAY,EACjB,CAAC,IAAI,CAAC,eAAe,CAAC,oCAAoC,EAC1D,IAAI,CAAC,mCAAmC,EACxC,IAAI,CAAC,KAAK,CACX,CAAC,CACH,CAAA;IACH,CAAC;IAID,IAAI,oBAAoB;;QACtB,OAAO,CACL,MAAA,IAAI,CAAC,qBAAqB,mCAC1B,CAAC,IAAI,CAAC,qBAAqB,GAAG,IAAI,oCAAe,CAC/C,IAAI,CAAC,IAAI,EACT,IAAI,CAAC,eAAe,CAAC,OAAO,EAC5B,IAAI,CAAC,SAAS,EACd,IAAI,CAAC,YAAY,EACjB,IAAI,CAAC,OAAO,EACZ,IAAI,CAAC,OAAO,EACZ,CAAC,IAAI,CAAC,eAAe,CAAC,oCAAoC,EAC1D,MAAA,IAAI,CAAC,MAAM,CAAC,qBAAqB,CAAC,aAAa,mCAAI,qBAAqB,CAAC,QAAQ,CAAC,aAAa,EAC/F,IAAI,CAAC,mCAAmC,EACxC,IAAI,CAAC,KAAK,CACX,CAAC,CACH,CAAA;IACH,CAAC;IAID,IAAI,iBAAiB;;QACnB,OAAO,CACL,MAAA,IAAI,CAAC,kBAAkB,mCACvB,CAAC,IAAI,CAAC,kBAAkB,GAAG,IAAI,gDAAqB,CAClD,IAAI,CAAC,IAAI,EACT,IAAI,CAAC,eAAe,CAAC,OAAO,EAC5B,IAAI,CAAC,SAAS,EACd,IAAI,CAAC,YAAY,EACjB,CAAC,IAAI,CAAC,eAAe,CAAC,oCAAoC,EAC1D,IAAI,CAAC,mCAAmC,EACxC,IAAI,CAAC,KAAK,CACX,CAAC,CACH,CAAA;IACH,CAAC;IAID,IAAI,eAAe;;QACjB,OAAO,CACL,MAAA,IAAI,CAAC,gBAAgB,mCACrB,CAAC,IAAI,CAAC,gBAAgB,GAAG,IAAI,6CAAmB,CAC9C,IAAI,CAAC,IAAI,EACT,IAAI,CAAC,eAAe,CAAC,OAAO,EAC5B,IAAI,CAAC,SAAS,EACd,IAAI,CAAC,YAAY,EACjB,CAAC,IAAI,CAAC,eAAe,CAAC,oCAAoC,EAC1D,MAAA,IAAI,CAAC,MAAM,CAAC,qBAAqB,CAAC,YAAY,mCAAI,qBAAqB,CAAC,QAAQ,CAAC,YAAY,EAC7F,IAAI,CAAC,mCAAmC,EACxC,IAAI,CAAC,KAAK,CACX,CAAC,CACH,CAAA;IACH,CAAC;IAID,IAAI,UAAU;;QACZ,OAAO,CACL,MAAA,IAAI,CAAC,WAAW,mCAChB,CAAC,IAAI,CAAC,WAAW,GAAG,IAAI,kCAAc,CACpC,IAAI,CAAC,IAAI,EACT,IAAI,CAAC,eAAe,CAAC,OAAO,EAC5B,IAAI,CAAC,SAAS,EACd,IAAI,CAAC,YAAY,EACjB,CAAC,IAAI,CAAC,eAAe,CAAC,oCAAoC,EAC1D,IAAI,CAAC,mCAAmC,EACxC,IAAI,CAAC,KAAK,CACX,CAAC,CACH,CAAA;IACH,CAAC;IAID,IAAI,YAAY;;QACd,OAAO,CACL,MAAA,IAAI,CAAC,aAAa,mCAClB,CAAC,IAAI,CAAC,aAAa,GAAG,IAAI,uCAAgB,CACxC,IAAI,CAAC,IAAI,EACT,IAAI,CAAC,eAAe,CAAC,OAAO,EAC5B,IAAI,CAAC,SAAS,EACd,IAAI,CAAC,YAAY,EACjB,CAAC,IAAI,CAAC,eAAe,CAAC,oCAAoC,EAC1D,IAAI,CAAC,mCAAmC,EACxC,IAAI,CAAC,KAAK,CACX,CAAC,CACH,CAAA;IACH,CAAC;IAID,IAAI,UAAU;;QACZ,OAAO,CACL,MAAA,IAAI,CAAC,WAAW,mCAChB,CAAC,IAAI,CAAC,WAAW,GAAG,IAAI,kCAAc,CACpC,IAAI,CAAC,IAAI,EACT,IAAI,CAAC,eAAe,CAAC,OAAO,EAC5B,IAAI,CAAC,SAAS,EACd,IAAI,CAAC,UAAU,EACf,IAAI,CAAC,OAAO,EACZ,IAAI,CAAC,oBAAoB,EACzB,IAAI,CAAC,UAAU,EACf,IAAI,CAAC,WAAW,EAChB,IAAI,CAAC,kBAAkB,EACvB,IAAI,CAAC,iBAAiB,EACtB,IAAI,CAAC,YAAY,EACjB,IAAI,CAAC,eAAe,EACpB,IAAI,CAAC,OAAO,EACZ,IAAI,CAAC,OAAO,EACZ,CAAC,IAAI,CAAC,eAAe,CAAC,oCAAoC,EAC1D,MAAA,IAAI,CAAC,MAAM,CAAC,qBAAqB,CAAC,OAAO,mCAAI,qBAAqB,CAAC,QAAQ,CAAC,OAAO,EACnF,IAAI,CAAC,mCAAmC,EACxC,IAAI,CAAC,KAAK,CACX,CAAC,CACH,CAAA;IACH,CAAC;IAID,IAAI,UAAU;;QACZ,OAAO,CACL,MAAA,IAAI,CAAC,WAAW,mCAChB,CAAC,IAAI,CAAC,WAAW,GAAG,IAAI,kCAAc,CACpC,IAAI,CAAC,IAAI,EACT,IAAI,CAAC,eAAe,CAAC,OAAO,EAC5B,IAAI,CAAC,SAAS,EACd,IAAI,CAAC,YAAY,EACjB,IAAI,CAAC,OAAO,EACZ,CAAC,IAAI,CAAC,eAAe,CAAC,oCAAoC,EAC1D,IAAI,CAAC,mCAAmC,EACxC,MAAA,IAAI,CAAC,MAAM,CAAC,qBAAqB,CAAC,OAAO,mCAAI,qBAAqB,CAAC,QAAQ,CAAC,OAAO,EACnF,IAAI,CAAC,KAAK,CACX,CAAC,CACH,CAAA;IACH,CAAC;IAID,IAAI,QAAQ;;QACV,OAAO,CACL,MAAA,IAAI,CAAC,SAAS,mCACd,CAAC,IAAI,CAAC,SAAS,GAAG,IAAI,8BAAY,CAChC,IAAI,CAAC,IAAI,EACT,IAAI,CAAC,eAAe,CAAC,OAAO,EAC5B,IAAI,CAAC,SAAS,EACd,IAAI,CAAC,YAAY,EACjB,IAAI,CAAC,OAAO,EACZ,CAAC,IAAI,CAAC,eAAe,CAAC,oCAAoC,EAC1D,IAAI,CAAC,mCAAmC,EACxC,MAAA,IAAI,CAAC,MAAM,CAAC,qBAAqB,CAAC,KAAK,mCAAI,qBAAqB,CAAC,QAAQ,CAAC,KAAK,EAC/E,IAAI,CAAC,KAAK,CACX,CAAC,CACH,CAAA;IACH,CAAC;IAID,IAAI,kBAAkB;;QACpB,OAAO,CACL,MAAA,IAAI,CAAC,mBAAmB,mCACxB,CAAC,IAAI,CAAC,mBAAmB,GAAG,IAAI,+BAAqB,CACnD,IAAI,CAAC,IAAI,EACT,IAAI,CAAC,eAAe,CAAC,OAAO,EAC5B,IAAI,CAAC,mCAAmC,EACxC,IAAI,CAAC,KAAK,CACX,CAAC,CACH,CAAA;IACH,CAAC;IAID,IAAI,sBAAsB;;QACxB,OAAO,CACL,MAAA,IAAI,CAAC,uBAAuB,mCAC5B,CAAC,IAAI,CAAC,uBAAuB,GAAG,IAAI,mCAAyB,CAC3D,IAAI,CAAC,IAAI,EACT,IAAI,CAAC,eAAe,CAAC,OAAO,EAC5B,IAAI,CAAC,mCAAmC,EACxC,IAAI,CAAC,KAAK,CACX,CAAC,CACH,CAAA;IACH,CAAC;IAID,IAAI,UAAU;;QACZ,OAAO,CACL,MAAA,IAAI,CAAC,WAAW,mCAChB,CAAC,IAAI,CAAC,WAAW,GAAG,IAAI,uBAAa,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,eAAe,CAAC,OAAO,EAAE,IAAI,CAAC,mCAAmC,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,CACtI,CAAA;IACH,CAAC;IAID,IAAI,UAAU;;QACZ,OAAO,CACL,MAAA,IAAI,CAAC,WAAW,mCAChB,CAAC,IAAI,CAAC,WAAW,GAAG,IAAI,kCAAc,CACpC,IAAI,CAAC,IAAI,EACT,IAAI,CAAC,eAAe,CAAC,OAAO,EAC5B,IAAI,CAAC,OAAO,EACZ,IAAI,CAAC,UAAU,EACf,IAAI,CAAC,oBAAoB,EACzB,IAAI,CAAC,WAAW,EAChB,IAAI,CAAC,mCAAmC,EACxC,IAAI,CAAC,KAAK,CACX,CAAC,CACH,CAAA;IACH,CAAC;IAID,IAAI,UAAU;;QACZ,OAAO,CACL,MAAA,IAAI,CAAC,WAAW,mCAChB,CAAC,IAAI,CAAC,WAAW,GAAG,IAAI,uBAAa,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,eAAe,CAAC,OAAO,EAAE,IAAI,CAAC,mCAAmC,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,CACtI,CAAA;IACH,CAAC;IAID,IAAI,iBAAiB;;QACnB,OAAO,CACL,MAAA,IAAI,CAAC,kBAAkB,mCACvB,CAAC,IAAI,CAAC,kBAAkB,GAAG,IAAI,8BAAoB,CACjD,IAAI,CAAC,IAAI,EACT,IAAI,CAAC,eAAe,CAAC,OAAO,EAC5B,IAAI,CAAC,mCAAmC,EACxC,IAAI,CAAC,KAAK,CACX,CAAC,CACH,CAAA;IACH,CAAC;IAID,IAAI,iBAAiB;;QACnB,OAAO,CACL,MAAA,IAAI,CAAC,kBAAkB,mCACvB,CAAC,IAAI,CAAC,kBAAkB,GAAG,IAAI,8BAAoB,CACjD,IAAI,CAAC,IAAI,EACT,IAAI,CAAC,eAAe,CAAC,OAAO,EAC5B,IAAI,CAAC,mCAAmC,EACxC,IAAI,CAAC,KAAK,CACX,CAAC,CACH,CAAA;IACH,CAAC;IAID,IAAI,UAAU;;QACZ,OAAO,CACL,MAAA,IAAI,CAAC,WAAW,mCAChB,CAAC,IAAI,CAAC,WAAW,GAAG,IAAI,uBAAa,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,eAAe,CAAC,OAAO,EAAE,IAAI,CAAC,mCAAmC,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,CACtI,CAAA;IACH,CAAC;IAID,IAAI,yBAAyB;;QAC3B,OAAO,CACL,MAAA,IAAI,CAAC,0BAA0B,mCAC/B,CAAC,IAAI,CAAC,0BAA0B,GAAG,IAAI,sCAA4B,CACjE,IAAI,CAAC,IAAI,EACT,IAAI,CAAC,eAAe,CAAC,OAAO,EAC5B,IAAI,CAAC,mCAAmC,EACxC,IAAI,CAAC,KAAK,CACX,CAAC,CACH,CAAA;IACH,CAAC;IAID,IAAI,cAAc;;QAChB,OAAO,CACL,MAAA,IAAI,CAAC,eAAe,mCACpB,CAAC,IAAI,CAAC,eAAe,GAAG,IAAI,0CAAkB,CAC5C,IAAI,CAAC,IAAI,EACT,IAAI,CAAC,eAAe,CAAC,OAAO,EAC5B,IAAI,CAAC,SAAS,EACd,IAAI,CAAC,mCAAmC,EACxC,IAAI,CAAC,KAAK,CACX,CAAC,CACH,CAAA;IACH,CAAC;IAID,IAAI,iBAAiB;;QACnB,OAAO,CACL,MAAA,IAAI,CAAC,kBAAkB,mCACvB,CAAC,IAAI,CAAC,kBAAkB,GAAG,IAAI,8BAAoB,CACjD,IAAI,CAAC,IAAI,EACT,IAAI,CAAC,eAAe,CAAC,OAAO,EAC5B,IAAI,CAAC,mCAAmC,EACxC,IAAI,CAAC,KAAK,CACX,CAAC,CACH,CAAA;IACH,CAAC;IAID,IAAI,oBAAoB;;QACtB,OAAO,CACL,MAAA,IAAI,CAAC,qBAAqB,mCAC1B,CAAC,IAAI,CAAC,qBAAqB,GAAG,IAAI,iCAAuB,CACvD,IAAI,CAAC,IAAI,EACT,IAAI,CAAC,eAAe,CAAC,OAAO,EAC5B,IAAI,CAAC,mCAAmC,EACxC,IAAI,CAAC,KAAK,CACX,CAAC,CACH,CAAA;IACH,CAAC;IAID,IAAI,QAAQ;;QACV,OAAO,CACL,MAAA,IAAI,CAAC,SAAS,mCACd,CAAC,IAAI,CAAC,SAAS,GAAG,IAAI,qBAAW,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,eAAe,CAAC,OAAO,EAAE,IAAI,CAAC,mCAAmC,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,CAClI,CAAA;IACH,CAAC;IAID,IAAI,UAAU;;QACZ,OAAO,CACL,MAAA,IAAI,CAAC,WAAW,mCAChB,CAAC,IAAI,CAAC,WAAW,GAAG,IAAI,uBAAa,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,eAAe,CAAC,OAAO,EAAE,IAAI,CAAC,mCAAmC,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,CACtI,CAAA;IACH,CAAC;IAID,IAAI,QAAQ;;QACV,OAAO,CACL,MAAA,IAAI,CAAC,SAAS,mCACd,CAAC,IAAI,CAAC,SAAS,GAAG,IAAI,qBAAW,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,eAAe,CAAC,OAAO,EAAE,IAAI,CAAC,mCAAmC,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,CAClI,CAAA;IACH,CAAC;IAID,IAAI,QAAQ;;QACV,OAAO,CACL,MAAA,IAAI,CAAC,SAAS,mCACd,CAAC,IAAI,CAAC,SAAS,GAAG,IAAI,qBAAW,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,eAAe,CAAC,OAAO,EAAE,IAAI,CAAC,mCAAmC,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,CAClI,CAAA;IACH,CAAC;IAID,IAAI,SAAS;;QACX,OAAO,CACL,MAAA,IAAI,CAAC,UAAU,mCACf,CAAC,IAAI,CAAC,UAAU,GAAG,IAAI,sBAAY,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,eAAe,CAAC,OAAO,EAAE,IAAI,CAAC,mCAAmC,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,CACpI,CAAA;IACH,CAAC;IAID,IAAI,cAAc;;QAChB,OAAO,CACL,MAAA,IAAI,CAAC,eAAe,mCACpB,CAAC,IAAI,CAAC,eAAe,GAAG,IAAI,2BAAiB,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,eAAe,CAAC,OAAO,EAAE,IAAI,CAAC,mCAAmC,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,CAC9I,CAAA;IACH,CAAC;IAID,IAAI,eAAe;;QACjB,OAAO,CACL,MAAA,IAAI,CAAC,gBAAgB,mCACrB,CAAC,IAAI,CAAC,gBAAgB,GAAG,IAAI,4BAAkB,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,eAAe,CAAC,OAAO,EAAE,IAAI,CAAC,mCAAmC,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,CAChJ,CAAA;IACH,CAAC;IAID,IAAI,MAAM;;QACR,OAAO,CACL,MAAA,IAAI,CAAC,OAAO,mCAAI,CAAC,IAAI,CAAC,OAAO,GAAG,IAAI,mBAAS,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,eAAe,CAAC,OAAO,EAAE,IAAI,CAAC,mCAAmC,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,CAC9I,CAAA;IACH,CAAC;IAED,IAAI,SAAS;QACX,OAAO,IAAI,CAAC,eAAe,CAAC,SAAS,CAAA;IACvC,CAAC;IAED,IAAI,YAAY;QACd,OAAO,IAAI,CAAC,eAAe,CAAC,YAAY,CAAA;IAC1C,CAAC;IAED,IAAI,SAAS;QACX,OAAO,IAAI,CAAC,eAAe,CAAC,SAAS,CAAA;IACvC,CAAC;IAED,IAAI,kBAAkB;QACpB,OAAO,IAAI,CAAC,eAAe,CAAC,kBAAkB,CAAA;IAChD,CAAC;IAED,IAAI,uBAAuB;QACzB,OAAO,IAAI,CAAC,eAAe,CAAC,uBAAuB,CAAA;IACrD,CAAC;IAED,IAAI,kBAAkB;QACpB,OAAO,IAAI,CAAC,eAAe,CAAC,kBAAkB,CAAA;IAChD,CAAC;IAED,IAAI,OAAO;QACT,OAAO,IAAI,CAAC,eAAe,CAAC,OAAO,CAAA;IACrC,CAAC;IAEK,aAAa;;YACjB,IAAI,CAAC,mBAAmB,GAAG,IAAI,CAAC,gBAAgB,CAAC,gBAAgB,EAAE,CAAA;YACnE,OAAO,EAAE,YAAY,EAAE,IAAI,CAAC,gBAAgB,EAAE,eAAe,EAAE,MAAM,IAAI,CAAC,mBAAmB,EAAE,CAAA;QACjG,CAAC;KAAA;IAEK,WAAW,CAAC,UAAkB;;YAClC,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAA;YACtD,MAAM,gBAAgB,GAAG,MAAM,IAAI,CAAC,mCAAmC,CAAC,WAAW,CAAC,UAAU,EAAE,eAAe,CAAC,CAAA;YAChH,MAAM,eAAe,GAAG,MAAM,4BAA4B,CACxD,IAAI,CAAC,IAAI,EACT,IAAI,CAAC,KAAK,EACV,gBAAgB,EAChB,IAAI,CAAC,MAAM,EACX,IAAI,CAAC,gBAAgB,EACrB,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,MAAM,CACjC,CAAA;YACD,OAAO,IAAI,YAAY,CACrB,eAAe,EACf,IAAI,CAAC,IAAI,EACT,gBAAgB,EAChB,IAAI,CAAC,KAAK,EACV,IAAI,CAAC,gBAAgB,EACrB,eAAe,EACf,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,KAAK,UAAU,CAAE,EACtD,IAAI,CAAC,MAAM,EACX,IAAI,CAAC,gBAAgB,CACtB,CAAA;QACH,CAAC;KAAA;CACF;AAED;;;;GAIG;AACI,MAAM,SAAS,GAAG,UACvB,IAAY,EACZ,qBAAqE,EACrE,SAAiB,OAAO,MAAM,KAAK,WAAW,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO,IAAI,KAAK,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAE,EAAa,EAC3H,YAA2E,OAAO,MAAM,KAAK,WAAW;IACtG,CAAC,CAAC,MAAM,CAAC,KAAK;IACd,CAAC,CAAC,OAAO,IAAI,KAAK,WAAW;QAC7B,CAAC,CAAC,IAAI,CAAC,KAAK;QACZ,CAAC,CAAC,KAAK,EACT,UAA0D,EAAE;;;QAE5D,MAAM,sBAAsB,GAAG,MAAM,yBAAyB,CAAC,IAAI,EAAE,qBAAqB,EAAE,MAAA,OAAO,CAAC,OAAO,mCAAI,EAAE,EAAE,SAAS,CAAC,CAAA;QAC7H,MAAM,OAAO,GAAG,IAAI,oBAAU,CAAC,IAAI,EAAE,MAAA,OAAO,CAAC,OAAO,mCAAI,EAAE,EAAE,sBAAsB,EAAE,SAAS,CAAC,CAAA;QAE9F,MAAM,OAAO,GAAG,IAAI,4BAAW,CAAC,IAAI,EAAE,MAAA,OAAO,CAAC,OAAO,mCAAI,EAAE,EAAE,sBAAsB,EAAE,SAAS,CAAC,CAAA;QAC/F,MAAM,kBAAkB,GAAG,IAAI,yBAAe,CAAC,IAAI,EAAE,MAAA,OAAO,CAAC,OAAO,mCAAI,EAAE,EAAE,sBAAsB,EAAE,SAAS,CAAC,CAAA;QAC9G,MAAM,OAAO,GAAG,IAAI,4BAAW,CAAC,IAAI,EAAE,MAAA,OAAO,CAAC,OAAO,mCAAI,EAAE,EAAE,sBAAsB,EAAE,OAAO,EAAE,SAAS,CAAC,CAAA;QACxG,MAAM,SAAS,GAAG,IAAI,gCAAa,CAAC,IAAI,EAAE,MAAA,OAAO,CAAC,OAAO,mCAAI,EAAE,EAAE,sBAAsB,EAAE,OAAO,EAAE,OAAO,EAAE,SAAS,CAAC,CAAA;QACrH,MAAM,aAAa,GAAG,IAAI,0BAAgB,CAAC,IAAI,EAAE,MAAA,OAAO,CAAC,OAAO,mCAAI,EAAE,EAAE,sBAAsB,EAAE,SAAS,CAAC,CAAA;QAC1G,MAAM,SAAS,GAAG,IAAI,sBAAY,CAAC,IAAI,EAAE,MAAA,OAAO,CAAC,OAAO,mCAAI,EAAE,EAAE,sBAAsB,EAAE,SAAS,CAAC,CAAA;QAClG,MAAM,QAAQ,GAAG,IAAI,qBAAW,CAAC,IAAI,EAAE,MAAA,OAAO,CAAC,OAAO,mCAAI,EAAE,EAAE,sBAAsB,CAAC,CAAA;QACrF,MAAM,YAAY,GAAG,IAAI,yBAAe,CAAC,IAAI,EAAE,MAAA,OAAO,CAAC,OAAO,mCAAI,EAAE,EAAE,sBAAsB,EAAE,SAAS,CAAC,CAAA;QACxG,MAAM,kBAAkB,GAAG,IAAI,kCAAc,CAAC,IAAI,EAAE,MAAA,OAAO,CAAC,OAAO,mCAAI,EAAE,EAAE,sBAAsB,EAAE,OAAO,EAAE,SAAS,CAAC,CAAA;QAEtH,OAAO;YACL,OAAO;YACP,SAAS;YACT,OAAO;YACP,OAAO;YACP,aAAa;YACb,YAAY;YACZ,kBAAkB;YAClB,SAAS;YACT,QAAQ;YACR,kBAAkB;SACnB,CAAA;;CACF,CAAA;AApCY,QAAA,SAAS,aAoCrB;AAED,SAAe,iBAAiB,CAAC,OAAmB;;QAClD,IAAI;YACF,OAAO,MAAM,OAAO,CAAC,gBAAgB,EAAE,CAAA;SACxC;QAAC,OAAO,GAAG,EAAE;YACZ,IAAI,GAAG,YAAY,KAAK,IAAI,YAAY,IAAI,GAAG,IAAK,GAAW,CAAC,UAAU,KAAK,GAAG;gBAAE,OAAO,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC,CAAA;;gBACzG,OAAO,OAAO,CAAC,MAAM,CAAC,GAAG,CAAC,CAAA;SAChC;IACH,CAAC;CAAA","sourcesContent":["import {\n IccAgendaApi,\n IccAnonymousAccessApi,\n IccApplicationsettingsApi,\n IccArticleApi,\n IccAuthApi,\n IccBeefactApi,\n IccBeresultexportApi,\n IccBeresultimportApi,\n IccBesamv2Api,\n IccCalendarItemTypeApi,\n IccClassificationTemplateApi,\n IccEntityrefApi,\n IccEntitytemplateApi,\n IccFrontendmigrationApi,\n IccGroupApi,\n IccIcureApi,\n IccInsuranceApi,\n IccKeywordApi,\n IccMedexApi,\n IccMedicallocationApi,\n IccPatientApi,\n IccPermissionApi,\n IccPlaceApi,\n IccPubsubApi,\n IccReplicationApi,\n IccTarificationApi,\n IccTmpApi,\n IccUserApi,\n OAuthThirdParty,\n} from '../icc-api'\nimport { IccUserXApi } from './icc-user-x-api'\nimport { IccCryptoXApi } from './icc-crypto-x-api'\nimport { IccContactXApi } from './icc-contact-x-api'\nimport { IccInvoiceXApi } from './icc-invoice-x-api'\nimport { IccDocumentXApi } from './icc-document-x-api'\nimport { IccHcpartyXApi } from './icc-hcparty-x-api'\nimport { IccFormXApi } from './icc-form-x-api'\nimport { IccHelementXApi } from './icc-helement-x-api'\nimport { IccClassificationXApi } from './icc-classification-x-api'\nimport { IccCalendarItemXApi } from './icc-calendar-item-x-api'\nimport { IccPatientXApi } from './icc-patient-x-api'\nimport { IccMessageXApi } from './icc-message-x-api'\nimport { IccReceiptXApi } from './icc-receipt-x-api'\nimport { IccAccesslogXApi } from './icc-accesslog-x-api'\nimport { IccTimeTableXApi } from './icc-time-table-x-api'\nimport { IccCodeXApi } from './icc-code-x-api'\nimport { IccMaintenanceTaskXApi } from './icc-maintenance-task-x-api'\nimport { IccDataOwnerXApi } from './icc-data-owner-x-api'\nimport { StorageFacade } from './storage/StorageFacade'\nimport { KeyStorageFacade } from './storage/KeyStorageFacade'\nimport { LocalStorageImpl } from './storage/LocalStorageImpl'\nimport { KeyStorageImpl } from './storage/KeyStorageImpl'\nimport {\n AuthenticationProvider,\n BasicAuthenticationProvider,\n EnsembleAuthenticationProvider,\n JwtAuthenticationProvider,\n NoAuthenticationProvider,\n} from './auth/AuthenticationProvider'\nimport { CryptoPrimitives } from './crypto/CryptoPrimitives'\nimport { UserEncryptionKeysManager } from './crypto/UserEncryptionKeysManager'\nimport { IcureStorageFacade } from './storage/IcureStorageFacade'\nimport { DefaultStorageEntryKeysFactory } from './storage/DefaultStorageEntryKeysFactory'\nimport { KeyRecovery } from './crypto/KeyRecovery'\nimport { BaseExchangeKeysManager } from './crypto/BaseExchangeKeysManager'\nimport { StorageEntryKeysFactory } from './storage/StorageEntryKeysFactory'\nimport { CryptoStrategies } from './crypto/CryptoStrategies'\nimport { ExchangeKeysManager } from './crypto/ExchangeKeysManager'\nimport { ShamirKeysManager } from './crypto/ShamirKeysManager'\nimport { TransferKeysManager } from './crypto/TransferKeysManager'\nimport { IccIcureMaintenanceXApi } from './icc-icure-maintenance-x-api'\nimport { ConfidentialEntities } from './crypto/ConfidentialEntities'\nimport { ensureDelegationForSelf } from './crypto/utils'\nimport { SecureDelegationsSecurityMetadataDecryptor } from './crypto/SecureDelegationsSecurityMetadataDecryptor'\nimport { initialiseExchangeDataManagerForCurrentDataOwner } from './crypto/ExchangeDataManager'\nimport { BaseExchangeDataManager } from './crypto/BaseExchangeDataManager'\nimport { IccExchangeDataApi } from '../icc-api/api/internal/IccExchangeDataApi'\nimport { UserSignatureKeysManager } from './crypto/UserSignatureKeysManager'\nimport { AccessControlSecretUtils } from './crypto/AccessControlSecretUtils'\nimport { SecureDelegationsEncryption } from './crypto/SecureDelegationsEncryption'\nimport { LegacyDelegationSecurityMetadataDecryptor } from './crypto/LegacyDelegationSecurityMetadataDecryptor'\nimport { ExtendedApisUtilsImpl } from './crypto/ExtendedApisUtilsImpl'\nimport { SecureDelegationsManager } from './crypto/SecureDelegationsManager'\nimport { AccessControlKeysHeadersProvider } from './crypto/AccessControlKeysHeadersProvider'\nimport { IccExchangeDataMapApi } from '../icc-api/api/internal/IccExchangeDataMapApi'\nimport { ExchangeDataMapManager } from './crypto/ExchangeDataMapManager'\nimport { IccDeviceXApi } from './icc-device-x-api'\nimport { IccBekmehrXApi } from './icc-bekmehr-x-api'\nimport { IccDoctemplateXApi } from './icc-doctemplate-x-api'\nimport { UserGroup } from '../icc-api/model/UserGroup'\nimport { IccTopicXApi } from './icc-topic-x-api'\nimport { IccRoleApi } from '../icc-api/api/IccRoleApi'\nimport { DataOwnerTypeEnum } from '../icc-api/model/DataOwnerTypeEnum'\nimport { DelegationsDeAnonymization } from './crypto/DelegationsDeAnonymization'\nimport { JwtBridgedAuthService } from './auth/JwtBridgedAuthService'\nimport { AuthSecretProvider, SmartAuthProvider } from './auth/SmartAuthProvider'\nimport { KeyPairRecoverer } from './crypto/KeyPairRecoverer'\nimport { IccRecoveryDataApi } from '../icc-api/api/internal/IccRecoveryDataApi'\nimport { RecoveryDataEncryption } from './crypto/RecoveryDataEncryption'\nimport { IccRecoveryXApi } from './icc-recovery-x-api'\n\nexport * from './icc-accesslog-x-api'\nexport * from './icc-bekmehr-x-api'\nexport * from './icc-calendar-item-x-api'\nexport * from './icc-classification-x-api'\nexport * from './icc-code-x-api'\nexport * from './icc-contact-x-api'\nexport * from './icc-crypto-x-api'\nexport * from './icc-doctemplate-x-api'\nexport * from './icc-document-x-api'\nexport * from './icc-form-x-api'\nexport * from './icc-hcparty-x-api'\nexport * from './icc-helement-x-api'\nexport * from './icc-invoice-x-api'\nexport * from './icc-message-x-api'\nexport * from './icc-patient-x-api'\nexport * from './icc-user-x-api'\nexport * from './icc-time-table-x-api'\nexport * from './icc-receipt-x-api'\nexport * from './icc-data-owner-x-api'\nexport * from './icc-icure-maintenance-x-api'\nexport * from './icc-maintenance-task-x-api'\nexport * from './utils'\n\nexport * from './crypto/RSA'\nexport * from './crypto/CryptoPrimitives'\nexport * from './crypto/ShareMetadataBehaviour'\nexport * from './auth/AuthenticationProvider'\n\nexport { KeyStorageFacade } from './storage/KeyStorageFacade'\nexport { LocalStorageImpl } from './storage/LocalStorageImpl'\nexport { StorageFacade } from './storage/StorageFacade'\nexport { KeyStorageImpl } from './storage/KeyStorageImpl'\nexport { CryptoStrategies } from './crypto/CryptoStrategies'\n\nexport interface BasicApis {\n readonly authApi: IccAuthApi\n readonly codeApi: IccCodeXApi\n readonly userApi: IccUserXApi\n readonly permissionApi: IccPermissionApi\n readonly insuranceApi: IccInsuranceApi\n readonly entityReferenceApi: IccEntityrefApi\n readonly agendaApi: IccAgendaApi\n readonly groupApi: IccGroupApi\n readonly healthcarePartyApi: IccHcpartyXApi\n readonly deviceApi: IccDeviceXApi\n}\nexport interface Apis extends BasicApis {\n readonly calendarItemTypeApi: IccCalendarItemTypeApi\n readonly medicalLocationApi: IccMedicallocationApi\n readonly cryptoApi: IccCryptoXApi\n readonly accessLogApi: IccAccesslogXApi\n readonly contactApi: IccContactXApi\n readonly formApi: IccFormXApi\n readonly invoiceApi: IccInvoiceXApi\n readonly documentApi: IccDocumentXApi\n readonly healthcareElementApi: IccHelementXApi\n readonly classificationApi: IccClassificationXApi\n readonly calendarItemApi: IccCalendarItemXApi\n readonly receiptApi: IccReceiptXApi\n readonly timetableApi: IccTimeTableXApi\n readonly patientApi: IccPatientXApi\n readonly messageApi: IccMessageXApi\n readonly maintenanceTaskApi: IccMaintenanceTaskXApi\n readonly dataOwnerApi: IccDataOwnerXApi\n readonly icureMaintenanceTaskApi: IccIcureMaintenanceXApi\n readonly anonymousAccessApi: IccAnonymousAccessApi\n readonly applicationSettingsApi: IccApplicationsettingsApi\n readonly articleApi: IccArticleApi\n readonly bekmehrApi: IccBekmehrXApi\n readonly beefactApi: IccBeefactApi\n readonly beresultexportApi: IccBeresultexportApi\n readonly beresultimportApi: IccBeresultimportApi\n readonly besamv2Api: IccBesamv2Api\n readonly classificationTemplateApi: IccClassificationTemplateApi\n readonly doctemplateApi: IccDoctemplateXApi\n readonly entitytemplateApi: IccEntitytemplateApi\n readonly frontendmigrationApi: IccFrontendmigrationApi\n readonly icureApi: IccIcureApi\n readonly keywordApi: IccKeywordApi\n readonly medexApi: IccMedexApi\n readonly placeApi: IccPlaceApi\n readonly pubsubApi: IccPubsubApi\n readonly replicationApi: IccReplicationApi\n readonly tarificationApi: IccTarificationApi\n readonly tmpApi: IccTmpApi\n readonly topicApi: IccTopicXApi\n readonly roleApi: IccRoleApi\n readonly recoveryApi: IccRecoveryXApi\n}\n\n/**\n * Allows to customise the behaviour of the iCure API by providing various optional parameters.\n */\nexport interface IcureApiOptions {\n /**\n * Specifies how iCure can store string values (e.g. json). In production this should be persistent storage.\n * @default the browser's localStorage.\n */\n readonly storage?: StorageFacade<string>\n /**\n * Specifies how iCure can store cryptographic keys. Preferably this should be some ad-hoc storage key storage.\n * @default stores the json of the jwk representation of the key in {@link storage}.\n */\n readonly keyStorage?: KeyStorageFacade\n /**\n * Specifies where iCure should store his data within the {@link storage} and {@link keyStorage}.\n * @default {@link DefaultStorageEntryKeysFactory}\n */\n readonly entryKeysFactory?: StorageEntryKeysFactory\n /**\n * Specifies if iCure should automatically create maintenance tasks for requesting access back when a new key is generated at initialisation time.\n * Note that the maintenance task will be created only towards HCP data owners: if you want to create a maintenance task also to other types of data\n * owners you should disable this and call {@link IccIcureMaintenanceXApi.createMaintenanceTasksForNewKeypair} yourself.\n * @default true\n */\n readonly createMaintenanceTasksOnNewKey?: boolean\n /**\n * Additional headers to use on each request made by the iCure api.\n * @default no additional headers\n */\n readonly headers?: { [headerName: string]: string }\n /**\n * Specifies which fields should be encrypted for each kind of encryptable entity. You should make sure that every application in your environment\n * specifies the same values for this configuration.\n * @default see documentation for {@link EncryptedFieldsConfig}\n */\n readonly encryptedFieldsConfig?: EncryptedFieldsConfig\n /**\n * Each user may exist in multiple groups, but an instance of {@link IcureApi} is specialised for a single group. This function allows you to decide\n * the group to use for a given user. This functions will be called only if a user exists in at least 2 groups, takes in input the information on\n * the groups the user can access (in no specific order) and must return the id of one of these groups.\n * @default takes the first group provided. The group chosen by this method may vary between different instantiations of the {@link IcureApi} even\n * if for the same user and if the groups available for the user do not change.\n */\n readonly groupSelector?: (availableGroupsInfo: UserGroup[]) => Promise<string>\n /**\n * Temporary value to support EHR Lite and MedTech api implementations.\n *\n * Currently, all hcps are able to access encrypted data shared with any of their parents, and on initialisation the api will verify that there is a\n * key pair available for the current user and for every parent of the user. If this option is set to true, the api will not load keys for the\n * parent users.\n *\n * This \"implicit data-sharing scheme\" (each parent HCP is essentially sharing data with all its children HCPs), however, may not be ideal for all\n * use cases, and it will be changed in future to be configurable in order to make it more general.\n * @default false, equivalent to previous behaviour.\n */\n readonly disableParentKeysInitialisation?: boolean\n}\n\nnamespace IcureApiOptions {\n export namespace Defaults {\n export const entryKeysFactory = new DefaultStorageEntryKeysFactory()\n export const createMaintenanceTasksOnNewKey = true\n export const headers = {}\n }\n\n export class WithDefaults implements IcureApiOptions {\n readonly entryKeysFactory: StorageEntryKeysFactory\n readonly createMaintenanceTasksOnNewKey: boolean\n readonly storage: StorageFacade<string>\n readonly keyStorage: KeyStorageFacade\n readonly headers: { [headerName: string]: string }\n readonly encryptedFieldsConfig: EncryptedFieldsConfig\n readonly groupSelector: (availableGroupsInfo: UserGroup[]) => Promise<string>\n readonly disableParentKeysInitialisation: boolean\n\n constructor(custom: IcureApiOptions) {\n this.entryKeysFactory = custom.entryKeysFactory ?? Defaults.entryKeysFactory\n this.createMaintenanceTasksOnNewKey = custom.createMaintenanceTasksOnNewKey ?? Defaults.createMaintenanceTasksOnNewKey\n this.storage = custom.storage ?? new LocalStorageImpl()\n this.keyStorage = custom.keyStorage ?? new KeyStorageImpl(this.storage)\n this.headers = custom.headers ?? Defaults.headers\n this.encryptedFieldsConfig = custom.encryptedFieldsConfig ?? {}\n this.groupSelector = custom.groupSelector ?? ((groups) => Promise.resolve(groups[0].groupId!))\n this.disableParentKeysInitialisation = custom.disableParentKeysInitialisation ?? false\n }\n }\n}\n\n/**\n * Specifies which fields should be encrypted for each kind of encryptable entity.\n *\n * Note that any value you specify here overrides the default values. For example if you specify `['medicalLocationId']` for `healthElement` the\n * fields `['descr', 'note']` which are usually encrypted by default will no longer be encrypted. If you want to add fields to the default values\n * you can use {@link EncryptedFieldsConfig.Defaults}, for example `[...EncryptedFieldsConfig.Defaults.healthElement, 'medicalLocationId'].\n *\n * # Encrypted fields syntax\n *\n * ## Grammar\n *\n * The grammar for each encrypted field is the following:\n * ```\n * fieldName :=\n * regex([a-zA-Z_][a-zA-Z0-9_]+)\n * encryptedField :=\n * fieldName\n * | fieldName + (\".\" | \".*.\" | \"[].\") + encryptedField\n * ```\n *\n * This grammar allows you to specify the fields to encrypt for the object and recursively for nested objects.\n * - A string containing only a single `fieldName` will encrypt the field with the given name.\n * - A string starting with `fieldName.` allows to specify the encrypted fields of a nested object. The encrypted values of the\n * fields in the nested object will be saved in the nested object.\n * - A string starting with `fieldName.*.` treats `fieldName` as a map/dictionary data structure and allows to specify the encrypted fields of the\n * values of the map. Note that the values of the map must be objects as well. The encrypted content of each map value is stored in that value.\n * - A string starting with `fieldName[].` treats `fieldName` as an array and allows to specify the encrypted fields of the values of the array.\n * Note that the values of the array must be objects as well. The encrypted content of each array element is stored in that element.\n *\n * ## Example\n *\n * Consider the following object and encryption keys:\n * ```javascript\n * const obj = {\n * a: { x: 0, y: 1 },\n * b: \"hello\",\n * c: [ { public: \"a\", secret: \"b\" }, { public: \"c\", secret: \"d\" } ],\n * d: \"ok\",\n * e: {\n * info: \"something\",\n * private: \"secret\",\n * dataMap: {\n * \"en\": {\n * a: 1,\n * b: 2\n * },\n * \"fr\": {\n * a: 3,\n * b: 4\n * }\n * }\n * }\n * }\n * const encryptedFields = [\n * \"a\",\n * \"c[].secret\",\n * \"d\",\n * \"e.private\",\n * \"e.datamap.*.a\"\n * ]\n * ```\n * If you use them with the crypt method you will get the following result:\n * ```json\n * {\n * b: \"hello\",\n * c: [\n * { public: \"a\", encryptedSelf: 'encrypted+encoded { secret: \"b\" }' },\n * { public: \"c\", encryptedSelf: 'encrypted+encoded { secret: \"d\" }' }\n * ],\n * e: {\n * info: \"something\",\n * dataMap: {\n * \"en\": { b: 2, encryptedSelf: 'encrypted+encoded { a: 1 }' },\n * \"fr\": { b: 4, encryptedSelf: 'encrypted+encoded { a: 3 }' }\n * },\n * encryptedSelf: 'encrypted+encoded { private: \"secret\" }'\n * },\n * encryptedSelf: 'encrypted+encoded { a: { x: 0, y: 1 }, d: \"ok\" }'\n * }\n * ```\n *\n * ## Shortened representation\n *\n * You can also group encrypted fields having the same prefix by concatenating to the prefix the JSON representation of an array of all the postfixes.\n * For example the following encrypted fields:\n * ```javascript\n * const encryptedFields = [\"a.b.c.d.e.f1\", \"a.b.c.d.e.f2\", \"a.b.c.d.e.f3\", \"a.b.c.d.e.f4\"]\n * ```\n * can be shortened to\n * ```javascript\n * const encryptedFields = ['a.b.c.d.e.[\"f1\",\"f2\",\"f3\",\"f4\"]'] // Note the use of single quotes to avoid escaping the double quotes\n * ```\n * If you use the shortened representation you may need to escape nested json representations. In that case the use of `JSON.stringify` is\n * recommended.\n */\nexport interface EncryptedFieldsConfig {\n /**\n * Fields to encrypt for entities of type {@link AccessLog}\n * @default ['detail', 'objectId']\n */\n readonly accessLog?: string[]\n /**\n * Fields to encrypt for entities of type {@link CalendarItem}\n * @default ['details', 'title', 'patientId']\n */\n readonly calendarItem?: string[]\n /**\n * Fields to encrypt for entities of type {@link Contact}, excluding `services`. You can specify which fields of `services` should be encrypted\n * using {@link service}.\n * @default ['descr'] // encryption of `services` is managed through {@link service}\n */\n readonly contact?: string[]\n /**\n * Fields to encrypt for entities of type {@link Service}. Note that encryption of the `content` field and recursively contained `Services` through\n * `content.compoundValue` is automatically managed by the sdk, and you are not allowed to modify it.\n *\n * Note: any non-empty values for this field will break bi-directional data compatibility between v7 and previous: Contacts created with\n * v7 will not be read properly by previous versions. If you want\n * @default ['notes[].markdown'] // encryption of `content` is managed in a special way\n */\n readonly service?: string[]\n /**\n * Fields to encrypt for entities of type {@link HealthElement}\n * @default ['descr', 'note', 'notes[].markdown']\n */\n readonly healthElement?: string[]\n /**\n * Fields to encrypt for entities of type {@link MaintenanceTask}\n * @default ['properties']\n */\n readonly maintenanceTask?: string[]\n /**\n * Fields to encrypt for entities of type {@link Patient}\n * @default ['note', 'notes[].markdown']\n */\n readonly patient?: string[]\n\n /**\n * Fields to encrypt for entities of type {@link Message}\n * @default []\n */\n readonly message?: string[]\n\n /**\n * Fields to encrypt for entities of type {@link Topic}\n * @default ['description']\n */\n readonly topic?: string[]\n}\n\nexport namespace EncryptedFieldsConfig {\n export const Defaults = {\n accessLog: ['detail', 'objectId'],\n calendarItem: ['details', 'title', 'patientId'],\n contact: ['descr'],\n service: ['notes[].markdown'],\n healthElement: ['descr', 'note', 'notes[].markdown'],\n maintenanceTask: ['properties'],\n patient: ['note', 'notes[].markdown'],\n message: [],\n topic: ['description', 'linkedServices', 'linkedHealthElements'],\n }\n}\n\n/**\n * Details for the authentication of a user\n */\nexport type AuthenticationDetails =\n | {\n username: string\n password: string\n thirdPartyTokens?: { [thirdParty: string]: string }\n }\n | {\n icureTokens: { token: string; refreshToken: string }\n credentials?: { username: string; password: string }\n }\n | {\n thirdPartyTokens: { [thirdParty: string]: string }\n }\n | SmartAuthenticationDetails\n\n/**\n * Allows to perform authentication through an {@link AuthSecretProvider}.\n *\n * The iCure SDK can authenticate to the backend using different kinds of secrets, such as passwords, long-lived authentication tokens, and\n * short-lived authentication tokens generated through the message gateway. iCure associates to each kind of secret a certain security level, and for\n * some sensitive operations, depending on the configurations of the user and his group, some operations may require a secret of a certain security\n * level. For example, with the default configurations, in order to change his own email the user can't have logged in with a long-lived token, but he\n * needs to provide his current password or a short-lived token.\n *\n * By using this authentication option, the iCure SDK will automatically request and cache the secret from the {@link AuthSecretProvider} only when\n * needed, which should help to minimise the interaction with the user.\n *\n * Another advantage of using this authentication option over others is that in case all the cached tokens and secrets were to expire while performing\n * a request, instead of having the request fail the SDK will ask for a new secret from the {@link SmartAuthProvider} and the request will\n * automatically be retried with the new secret.\n *\n * You must provide the following information:\n * - username: any kind of value that can identify the user (userId, groupId/userId, username, email, ...). More generic identifiers, valid\n * on multiple groups, allow for simpler group switching by using {@link IcureApi.switchGroup}.\n * - secretProvider: the secret provider to use for authentication. Will handle interaction with the gui.\n *\n * You can also provide the following optional information, which may allow to reduce the requests for secrets initially:\n * - initialSecret: an initial secret (password, token, ...) that will be used to get new authentication tokens as needed. If it is expired it will be ignored.\n * - initialAuthToken: an initial authentication token used on each request. If it is expired it will be ignored.\n * - initialRefreshToken: an initial refresh token used to get new authentication tokens as needed. If it is expired it will be ignored.\n */\nexport type SmartAuthenticationDetails = {\n username: string\n secretProvider: AuthSecretProvider\n initialSecret?: { plainSecret: string } | { oauthToken: string; oauthType: OAuthThirdParty }\n initialAuthToken?: string\n initialRefreshToken?: string\n}\n\n/**\n * Main entry point for the iCure API. Provides entity-specific sub-apis and some general methods which are not related to a specific entity.\n */\nexport interface IcureApi extends Apis {\n /**\n * Get the information on groups that the current user can access and the current group that this api instance is working on.\n * Note that the values you will get for `availableGroups` may differ from the values you would get if you call {@link IccUserApi.getMatchingUsers}\n * on {@link Apis.userApi}, since the latter is specialised on the specific instance of the user in `currentGroup`.\n * - `currentGroup`: the group that this api instance is working on, or undefined if the backend environment is not multi-group.\n * - `availableGroups`: the list of groups that the current user can access with the provided secret. Empty if the backend environment is not\n * multi-group.\n */\n getGroupsInfo(): Promise<{ currentGroup: UserGroup | undefined; availableGroups: UserGroup[] }>\n\n /**\n * Switches the api to allow the user to work on a different group.\n * @param newGroupId the id of the group to switch to.\n * @return a new api for the specified group.\n */\n switchGroup(newGroupId: string): Promise<IcureApi>\n}\n\nexport namespace IcureApi {\n /**\n * Initialises a new instance of the iCure API.\n */\n export async function initialise(\n host: string,\n authenticationOptions: AuthenticationDetails | AuthenticationProvider,\n cryptoStrategies: CryptoStrategies,\n crypto: Crypto = typeof window !== 'undefined' ? window.crypto : typeof self !== 'undefined' ? self.crypto : ({} as Crypto),\n fetchImpl: (input: RequestInfo, init?: RequestInit) => Promise<Response> = typeof window !== 'undefined'\n ? window.fetch\n : typeof self !== 'undefined'\n ? self.fetch\n : fetch,\n options: IcureApiOptions = {}\n ): Promise<IcureApi> {\n const params = new IcureApiOptions.WithDefaults(options)\n let grouplessAuthenticationProvider = await getAuthenticationProvider(host, authenticationOptions, params.headers, fetchImpl)\n // TODO if this uses a smart auth provider the groupless auth provider does not share the secret cache with the group specific one.\n const grouplessUserApi = new IccUserApi(host, params.headers, grouplessAuthenticationProvider, fetchImpl)\n const matches = await getMatchesOrEmpty(grouplessUserApi)\n const chosenGroupId = matches.length > 1 && !!options.groupSelector ? await options.groupSelector(matches) : matches[0]?.groupId\n const groupSpecificAuthenticationProviderInfo =\n matches.length > 1 && chosenGroupId\n ? await grouplessAuthenticationProvider.switchGroup(chosenGroupId, matches)\n : { switchedProvider: grouplessAuthenticationProvider, isGroupLocked: false }\n /*TODO\n * On new very new users switching the authentication provider to a specific group may fail and block the user for too many requests. This is\n * probably linked to replication of the user in the fallback database.\n */\n const groupSpecificAuthenticationProvider =\n matches.length > 1 && chosenGroupId\n ? await grouplessAuthenticationProvider.switchGroup(chosenGroupId, matches)\n : grouplessAuthenticationProvider\n const cryptoInitInfo = await initialiseCryptoWithProvider(host, fetchImpl, groupSpecificAuthenticationProvider, params, cryptoStrategies, crypto)\n return new IcureApiImpl(\n cryptoInitInfo,\n host,\n groupSpecificAuthenticationProvider,\n fetch,\n grouplessUserApi,\n matches,\n matches.find((match) => match.groupId === chosenGroupId),\n params,\n cryptoStrategies\n )\n }\n}\n\nasync function getAuthenticationProvider(\n host: string,\n authenticationOptions: AuthenticationDetails | AuthenticationProvider,\n headers: { [headerName: string]: string },\n fetchImpl: (input: RequestInfo, init?: RequestInit) => Promise<Response>\n) {\n let authenticationProvider: AuthenticationProvider\n if ('getIcureTokens' in authenticationOptions && 'switchGroup' in authenticationOptions && 'getAuthService' in authenticationOptions) {\n authenticationProvider = authenticationOptions\n } else if ('icureTokens' in authenticationOptions && !!authenticationOptions.icureTokens) {\n authenticationProvider = new JwtAuthenticationProvider(\n new IccAuthApi(host, headers, new NoAuthenticationProvider(), fetchImpl),\n authenticationOptions?.credentials?.username,\n authenticationOptions?.credentials?.password,\n undefined,\n authenticationOptions.icureTokens\n )\n } else if (\n 'username' in authenticationOptions &&\n 'password' in authenticationOptions &&\n !!authenticationOptions.username &&\n !!authenticationOptions.password\n ) {\n authenticationProvider = new EnsembleAuthenticationProvider(\n new IccAuthApi(host, headers, new NoAuthenticationProvider(), fetchImpl),\n authenticationOptions.username,\n authenticationOptions.password,\n 3600,\n undefined,\n undefined,\n authenticationOptions.thirdPartyTokens\n )\n } else if ('thirdPartyTokens' in authenticationOptions && !!authenticationOptions.thirdPartyTokens) {\n authenticationProvider = new JwtAuthenticationProvider(\n new IccAuthApi(host, headers, new NoAuthenticationProvider(), fetchImpl),\n undefined,\n undefined,\n new JwtBridgedAuthService(\n new IccAuthApi(host, headers, new NoAuthenticationProvider(), fetchImpl),\n undefined,\n undefined,\n authenticationOptions.thirdPartyTokens,\n undefined\n )\n )\n } else if ('username' in authenticationOptions && 'secretProvider' in authenticationOptions) {\n authenticationProvider = SmartAuthProvider.initialise(\n new IccAuthApi(host, headers, new NoAuthenticationProvider(), fetchImpl),\n authenticationOptions.username,\n authenticationOptions.secretProvider,\n {\n initialSecret: authenticationOptions.initialSecret,\n initialAuthToken: authenticationOptions.initialAuthToken,\n initialRefreshToken: authenticationOptions.initialRefreshToken,\n }\n )\n } else {\n throw new Error('Invalid authentication options provided')\n }\n return authenticationProvider\n}\n\n// Apis which are used during crypto api initialisation, to avoid re-instantiating them later\ntype CryptoInitialisationInfo = {\n cryptoApi: IccCryptoXApi\n healthcarePartyApi: IccHcpartyXApi\n deviceApi: IccDeviceXApi\n // no patient api since it is base\n dataOwnerApi: IccDataOwnerXApi\n userApi: IccUserXApi\n icureMaintenanceTaskApi: IccIcureMaintenanceXApi\n maintenanceTaskApi: IccMaintenanceTaskXApi\n headers: { [headerName: string]: string }\n dataOwnerRequiresAnonymousDelegation: boolean\n recoveryApi: IccRecoveryXApi\n}\n\nconst REQUEST_AUTOFIX_ANONYMITY_HEADER = 'Icure-Request-Autofix-Anonymity'\n\nasync function initialiseCryptoWithProvider(\n host: string,\n fetchImpl: (input: RequestInfo, init?: RequestInit) => Promise<Response>,\n groupSpecificAuthenticationProvider: AuthenticationProvider,\n params: IcureApiOptions.WithDefaults,\n cryptoStrategies: CryptoStrategies,\n crypto: Crypto\n): Promise<CryptoInitialisationInfo> {\n const initialDataOwnerStub = await new IccDataOwnerXApi(\n host,\n params.headers,\n groupSpecificAuthenticationProvider,\n fetchImpl\n ).getCurrentDataOwnerStub()\n const dataOwnerRequiresAnonymousDelegation = cryptoStrategies.dataOwnerRequiresAnonymousDelegation(initialDataOwnerStub)\n let updatedHeaders = params.headers\n if (!Object.keys(updatedHeaders).includes(REQUEST_AUTOFIX_ANONYMITY_HEADER)) {\n if (initialDataOwnerStub.type == DataOwnerTypeEnum.Patient || initialDataOwnerStub.type == DataOwnerTypeEnum.Device) {\n if (!dataOwnerRequiresAnonymousDelegation) {\n updatedHeaders = { ...updatedHeaders, [REQUEST_AUTOFIX_ANONYMITY_HEADER]: 'false' }\n }\n } else {\n if (dataOwnerRequiresAnonymousDelegation) {\n updatedHeaders = { ...updatedHeaders, [REQUEST_AUTOFIX_ANONYMITY_HEADER]: 'true' }\n }\n }\n }\n\n const authApi = new IccAuthApi(host, updatedHeaders, groupSpecificAuthenticationProvider, fetchImpl)\n const userApi = new IccUserXApi(host, updatedHeaders, groupSpecificAuthenticationProvider, authApi, fetchImpl)\n const healthcarePartyApi = new IccHcpartyXApi(host, updatedHeaders, groupSpecificAuthenticationProvider, authApi, fetchImpl)\n const deviceApi = new IccDeviceXApi(host, updatedHeaders, groupSpecificAuthenticationProvider, userApi, authApi, fetchImpl)\n const basePatientApi = new IccPatientApi(host, updatedHeaders, groupSpecificAuthenticationProvider, fetchImpl)\n const dataOwnerApi = new IccDataOwnerXApi(host, updatedHeaders, groupSpecificAuthenticationProvider, fetchImpl)\n const exchangeDataApi = new IccExchangeDataApi(host, updatedHeaders, groupSpecificAuthenticationProvider, fetchImpl)\n const baseRecoveryDataApi = new IccRecoveryDataApi(host, updatedHeaders, groupSpecificAuthenticationProvider, fetchImpl)\n // Crypto initialisation\n const icureStorage = new IcureStorageFacade(params.keyStorage, params.storage, params.entryKeysFactory)\n const cryptoPrimitives = new CryptoPrimitives(crypto)\n const baseExchangeKeysManager = new BaseExchangeKeysManager(cryptoPrimitives, dataOwnerApi, healthcarePartyApi, basePatientApi, deviceApi)\n const baseExchangeDataManager = new BaseExchangeDataManager(exchangeDataApi, dataOwnerApi, cryptoPrimitives, dataOwnerRequiresAnonymousDelegation)\n const keyRecovery = new KeyRecovery(cryptoPrimitives, dataOwnerApi, baseExchangeKeysManager, baseExchangeDataManager)\n const recoveryDataEncryption = new RecoveryDataEncryption(cryptoPrimitives, baseRecoveryDataApi)\n const keyPairRecoverer = new KeyPairRecoverer(recoveryDataEncryption)\n const userEncryptionKeysManager = new UserEncryptionKeysManager(\n cryptoPrimitives,\n dataOwnerApi,\n icureStorage,\n keyRecovery,\n cryptoStrategies,\n !params.disableParentKeysInitialisation,\n keyPairRecoverer\n )\n const userSignatureKeysManager = new UserSignatureKeysManager(icureStorage, dataOwnerApi, cryptoPrimitives)\n const newKey = await userEncryptionKeysManager.initialiseKeys()\n await new TransferKeysManager(\n cryptoPrimitives,\n baseExchangeDataManager,\n dataOwnerApi,\n userEncryptionKeysManager,\n userSignatureKeysManager,\n icureStorage\n ).updateTransferKeys(await dataOwnerApi.getCurrentDataOwnerStub())\n // TODO customise cache size?\n const exchangeKeysManager = new ExchangeKeysManager(\n 100,\n 500,\n 600000,\n 60000,\n cryptoStrategies,\n cryptoPrimitives,\n userEncryptionKeysManager,\n baseExchangeKeysManager,\n dataOwnerApi,\n !params.disableParentKeysInitialisation,\n icureStorage\n )\n const accessControlSecretUtils = new AccessControlSecretUtils(cryptoPrimitives)\n const exchangeDataManager = await initialiseExchangeDataManagerForCurrentDataOwner(\n baseExchangeDataManager,\n userEncryptionKeysManager,\n userSignatureKeysManager,\n accessControlSecretUtils,\n cryptoStrategies,\n dataOwnerApi,\n cryptoPrimitives,\n !params.disableParentKeysInitialisation\n )\n const exchangeDataMapManager = new ExchangeDataMapManager(\n new IccExchangeDataMapApi(host, updatedHeaders, groupSpecificAuthenticationProvider, fetchImpl)\n )\n const secureDelegationsEncryption = new SecureDelegationsEncryption(userEncryptionKeysManager, cryptoPrimitives)\n const secureDelegationsSecurityMetadataEncryption = new SecureDelegationsSecurityMetadataDecryptor(\n exchangeDataManager,\n exchangeDataMapManager,\n secureDelegationsEncryption,\n dataOwnerApi\n )\n const xApiUtils = new ExtendedApisUtilsImpl(\n cryptoPrimitives,\n dataOwnerApi,\n new LegacyDelegationSecurityMetadataDecryptor(exchangeKeysManager, cryptoPrimitives),\n secureDelegationsSecurityMetadataEncryption,\n new SecureDelegationsManager(\n exchangeDataManager,\n exchangeDataMapManager,\n secureDelegationsEncryption,\n accessControlSecretUtils,\n userEncryptionKeysManager,\n cryptoPrimitives,\n dataOwnerApi,\n cryptoStrategies,\n dataOwnerRequiresAnonymousDelegation\n ),\n userApi,\n !params.disableParentKeysInitialisation\n )\n const shamirManager = new ShamirKeysManager(cryptoPrimitives, dataOwnerApi, userEncryptionKeysManager, exchangeDataManager)\n const confidentialEntitites = new ConfidentialEntities(xApiUtils, cryptoPrimitives, dataOwnerApi)\n await ensureDelegationForSelf(dataOwnerApi, xApiUtils, basePatientApi, cryptoPrimitives)\n const accessControlKeysHeadersProvider = new AccessControlKeysHeadersProvider(exchangeDataManager)\n const delegationsDeAnonymisation = new DelegationsDeAnonymization(\n dataOwnerApi,\n secureDelegationsSecurityMetadataEncryption,\n xApiUtils,\n cryptoPrimitives,\n accessControlSecretUtils,\n host,\n updatedHeaders,\n groupSpecificAuthenticationProvider,\n fetchImpl,\n accessControlKeysHeadersProvider\n )\n const cryptoApi = new IccCryptoXApi(\n exchangeKeysManager,\n cryptoPrimitives,\n userEncryptionKeysManager,\n dataOwnerApi,\n xApiUtils,\n shamirManager,\n params.storage,\n params.keyStorage,\n confidentialEntitites,\n exchangeDataManager,\n accessControlKeysHeadersProvider,\n delegationsDeAnonymisation\n )\n const maintenanceTaskApi = new IccMaintenanceTaskXApi(\n host,\n updatedHeaders,\n cryptoApi,\n healthcarePartyApi,\n dataOwnerApi,\n userApi,\n authApi,\n !dataOwnerRequiresAnonymousDelegation,\n params.encryptedFieldsConfig.maintenanceTask ?? EncryptedFieldsConfig.Defaults.maintenanceTask,\n groupSpecificAuthenticationProvider,\n fetchImpl\n )\n const icureMaintenanceTaskApi = new IccIcureMaintenanceXApi(cryptoApi, maintenanceTaskApi, dataOwnerApi, exchangeDataApi)\n\n if (newKey && params.createMaintenanceTasksOnNewKey) {\n await icureMaintenanceTaskApi.createMaintenanceTasksForNewKeypair(await userApi.getCurrentUser(), newKey.newKeyPair)\n }\n return {\n cryptoApi,\n userApi,\n healthcarePartyApi,\n deviceApi,\n maintenanceTaskApi,\n dataOwnerApi,\n icureMaintenanceTaskApi,\n headers: updatedHeaders,\n dataOwnerRequiresAnonymousDelegation,\n recoveryApi: new IccRecoveryXApi(\n baseRecoveryDataApi,\n recoveryDataEncryption,\n userEncryptionKeysManager,\n dataOwnerApi,\n cryptoPrimitives,\n exchangeDataManager\n ),\n }\n}\n\nclass IcureApiImpl implements IcureApi {\n private latestGroupsRequest: Promise<UserGroup[]>\n\n constructor(\n private readonly cryptoInitInfos: CryptoInitialisationInfo,\n private readonly host: string,\n private readonly groupSpecificAuthenticationProvider: AuthenticationProvider,\n private readonly fetch: (input: RequestInfo, init?: RequestInit) => Promise<Response>,\n private readonly grouplessUserApi: IccUserApi,\n latestMatches: UserGroup[],\n private readonly currentGroupInfo: UserGroup | undefined,\n private readonly params: IcureApiOptions.WithDefaults,\n private readonly cryptoStrategies: CryptoStrategies\n ) {\n this.latestGroupsRequest = Promise.resolve(latestMatches)\n }\n\n private _authApi: IccAuthApi | undefined\n\n get recoveryApi(): IccRecoveryXApi {\n return this.cryptoInitInfos.recoveryApi\n }\n\n get authApi(): IccAuthApi {\n return (\n this._authApi ?? (this._authApi = new IccAuthApi(this.host, this.cryptoInitInfos.headers, this.groupSpecificAuthenticationProvider, this.fetch))\n )\n }\n\n private _codeApi: IccCodeXApi | undefined\n\n get codeApi(): IccCodeXApi {\n return (\n this._codeApi ??\n (this._codeApi = new IccCodeXApi(this.host, this.cryptoInitInfos.headers, this.groupSpecificAuthenticationProvider, this.fetch))\n )\n }\n\n private _calendarItemTypeApi: IccCalendarItemTypeApi | undefined\n\n get calendarItemTypeApi(): IccCalendarItemTypeApi {\n return (\n this._calendarItemTypeApi ??\n (this._calendarItemTypeApi = new IccCalendarItemTypeApi(\n this.host,\n this.cryptoInitInfos.headers,\n this.groupSpecificAuthenticationProvider,\n this.fetch\n ))\n )\n }\n\n private _medicalLocationApi: IccMedicallocationApi | undefined\n\n get medicalLocationApi(): IccMedicallocationApi {\n return (\n this._medicalLocationApi ??\n (this._medicalLocationApi = new IccMedicallocationApi(\n this.host,\n this.cryptoInitInfos.headers,\n this.groupSpecificAuthenticationProvider,\n this.fetch\n ))\n )\n }\n\n private _roleApi: IccRoleApi | undefined\n\n get roleApi(): IccRoleApi {\n return this._roleApi ?? (this._roleApi = new IccRoleApi(this.host, this.params.headers, this.groupSpecificAuthenticationProvider, this.fetch))\n }\n\n private _entityReferenceApi: IccEntityrefApi | undefined\n\n get entityReferenceApi(): IccEntityrefApi {\n return (\n this._entityReferenceApi ??\n (this._entityReferenceApi = new IccEntityrefApi(this.host, this.cryptoInitInfos.headers, this.groupSpecificAuthenticationProvider, this.fetch))\n )\n }\n\n private _permissionApi: IccPermissionApi | undefined\n\n get permissionApi(): IccPermissionApi {\n return (\n this._permissionApi ??\n (this._permissionApi = new IccPermissionApi(this.host, this.cryptoInitInfos.headers, this.groupSpecificAuthenticationProvider, this.fetch))\n )\n }\n\n private _accessLogApi: IccAccesslogXApi | undefined\n\n get accessLogApi(): IccAccesslogXApi {\n return (\n this._accessLogApi ??\n (this._accessLogApi = new IccAccesslogXApi(\n this.host,\n this.cryptoInitInfos.headers,\n this.cryptoApi,\n this.dataOwnerApi,\n !this.cryptoInitInfos.dataOwnerRequiresAnonymousDelegation,\n this.params.encryptedFieldsConfig.accessLog ?? EncryptedFieldsConfig.Defaults.accessLog,\n this.groupSpecificAuthenticationProvider,\n this.fetch\n ))\n )\n }\n\n private _agendaApi: IccAgendaApi | undefined\n\n get agendaApi(): IccAgendaApi {\n return (\n this._agendaApi ??\n (this._agendaApi = new IccAgendaApi(this.host, this.cryptoInitInfos.headers, this.groupSpecificAuthenticationProvider, this.fetch))\n )\n }\n\n private _contactApi: IccContactXApi | undefined\n\n get contactApi(): IccContactXApi {\n return (\n this._contactApi ??\n (this._contactApi = new IccContactXApi(\n this.host,\n this.cryptoInitInfos.headers,\n this.cryptoApi,\n this.dataOwnerApi,\n this.userApi,\n this.authApi,\n !this.cryptoInitInfos.dataOwnerRequiresAnonymousDelegation,\n this.groupSpecificAuthenticationProvider,\n this.fetch,\n this.params.encryptedFieldsConfig.contact ?? EncryptedFieldsConfig.Defaults.contact,\n this.params.encryptedFieldsConfig.service ?? EncryptedFieldsConfig.Defaults.service\n ))\n )\n }\n\n private _formApi: IccFormXApi | undefined\n\n get formApi(): IccFormXApi {\n return (\n this._formApi ??\n (this._formApi = new IccFormXApi(\n this.host,\n this.cryptoInitInfos.headers,\n this.cryptoApi,\n this.dataOwnerApi,\n !this.cryptoInitInfos.dataOwnerRequiresAnonymousDelegation,\n this.groupSpecificAuthenticationProvider,\n this.fetch\n ))\n )\n }\n\n private _groupApi: IccGroupApi | undefined\n\n get groupApi(): IccGroupApi {\n return (\n this._groupApi ??\n (this._groupApi = new IccGroupApi(this.host, this.cryptoInitInfos.headers, this.groupSpecificAuthenticationProvider, this.fetch))\n )\n }\n\n private _invoiceApi: IccInvoiceXApi | undefined\n\n get invoiceApi(): IccInvoiceXApi {\n return (\n this._invoiceApi ??\n (this._invoiceApi = new IccInvoiceXApi(\n this.host,\n this.cryptoInitInfos.headers,\n this.cryptoApi,\n this.entityReferenceApi,\n this.dataOwnerApi,\n !this.cryptoInitInfos.dataOwnerRequiresAnonymousDelegation,\n this.groupSpecificAuthenticationProvider,\n this.fetch\n ))\n )\n }\n\n private _insuranceApi: IccInsuranceApi | undefined\n\n get insuranceApi(): IccInsuranceApi {\n return (\n this._insuranceApi ??\n (this._insuranceApi = new IccInsuranceApi(this.host, this.cryptoInitInfos.headers, this.groupSpecificAuthenticationProvider, this.fetch))\n )\n }\n\n private _documentApi: IccDocumentXApi | undefined\n\n get documentApi(): IccDocumentXApi {\n return (\n this._documentApi ??\n (this._documentApi = new IccDocumentXApi(\n this.host,\n this.cryptoInitInfos.headers,\n this.cryptoApi,\n this.authApi,\n this.dataOwnerApi,\n !this.cryptoInitInfos.dataOwnerRequiresAnonymousDelegation,\n this.groupSpecificAuthenticationProvider,\n this.fetch\n ))\n )\n }\n\n private _healthcareElementApi: IccHelementXApi | undefined\n\n get healthcareElementApi(): IccHelementXApi {\n return (\n this._healthcareElementApi ??\n (this._healthcareElementApi = new IccHelementXApi(\n this.host,\n this.cryptoInitInfos.headers,\n this.cryptoApi,\n this.dataOwnerApi,\n this.userApi,\n this.authApi,\n !this.cryptoInitInfos.dataOwnerRequiresAnonymousDelegation,\n this.params.encryptedFieldsConfig.healthElement ?? EncryptedFieldsConfig.Defaults.healthElement,\n this.groupSpecificAuthenticationProvider,\n this.fetch\n ))\n )\n }\n\n private _classificationApi: IccClassificationXApi | undefined\n\n get classificationApi(): IccClassificationXApi {\n return (\n this._classificationApi ??\n (this._classificationApi = new IccClassificationXApi(\n this.host,\n this.cryptoInitInfos.headers,\n this.cryptoApi,\n this.dataOwnerApi,\n !this.cryptoInitInfos.dataOwnerRequiresAnonymousDelegation,\n this.groupSpecificAuthenticationProvider,\n this.fetch\n ))\n )\n }\n\n private _calendarItemApi: IccCalendarItemXApi | undefined\n\n get calendarItemApi(): IccCalendarItemXApi {\n return (\n this._calendarItemApi ??\n (this._calendarItemApi = new IccCalendarItemXApi(\n this.host,\n this.cryptoInitInfos.headers,\n this.cryptoApi,\n this.dataOwnerApi,\n !this.cryptoInitInfos.dataOwnerRequiresAnonymousDelegation,\n this.params.encryptedFieldsConfig.calendarItem ?? EncryptedFieldsConfig.Defaults.calendarItem,\n this.groupSpecificAuthenticationProvider,\n this.fetch\n ))\n )\n }\n\n private _receiptApi: IccReceiptXApi | undefined\n\n get receiptApi(): IccReceiptXApi {\n return (\n this._receiptApi ??\n (this._receiptApi = new IccReceiptXApi(\n this.host,\n this.cryptoInitInfos.headers,\n this.cryptoApi,\n this.dataOwnerApi,\n !this.cryptoInitInfos.dataOwnerRequiresAnonymousDelegation,\n this.groupSpecificAuthenticationProvider,\n this.fetch\n ))\n )\n }\n\n private _timetableApi: IccTimeTableXApi | undefined\n\n get timetableApi(): IccTimeTableXApi {\n return (\n this._timetableApi ??\n (this._timetableApi = new IccTimeTableXApi(\n this.host,\n this.cryptoInitInfos.headers,\n this.cryptoApi,\n this.dataOwnerApi,\n !this.cryptoInitInfos.dataOwnerRequiresAnonymousDelegation,\n this.groupSpecificAuthenticationProvider,\n this.fetch\n ))\n )\n }\n\n private _patientApi: IccPatientXApi | undefined\n\n get patientApi(): IccPatientXApi {\n return (\n this._patientApi ??\n (this._patientApi = new IccPatientXApi(\n this.host,\n this.cryptoInitInfos.headers,\n this.cryptoApi,\n this.contactApi,\n this.formApi,\n this.healthcareElementApi,\n this.invoiceApi,\n this.documentApi,\n this.healthcarePartyApi,\n this.classificationApi,\n this.dataOwnerApi,\n this.calendarItemApi,\n this.userApi,\n this.authApi,\n !this.cryptoInitInfos.dataOwnerRequiresAnonymousDelegation,\n this.params.encryptedFieldsConfig.patient ?? EncryptedFieldsConfig.Defaults.patient,\n this.groupSpecificAuthenticationProvider,\n this.fetch\n ))\n )\n }\n\n private _messageApi: IccMessageXApi | undefined\n\n get messageApi(): IccMessageXApi {\n return (\n this._messageApi ??\n (this._messageApi = new IccMessageXApi(\n this.host,\n this.cryptoInitInfos.headers,\n this.cryptoApi,\n this.dataOwnerApi,\n this.authApi,\n !this.cryptoInitInfos.dataOwnerRequiresAnonymousDelegation,\n this.groupSpecificAuthenticationProvider,\n this.params.encryptedFieldsConfig.message ?? EncryptedFieldsConfig.Defaults.message,\n this.fetch\n ))\n )\n }\n\n private _topicApi: IccTopicXApi | undefined\n\n get topicApi(): IccTopicXApi {\n return (\n this._topicApi ??\n (this._topicApi = new IccTopicXApi(\n this.host,\n this.cryptoInitInfos.headers,\n this.cryptoApi,\n this.dataOwnerApi,\n this.authApi,\n !this.cryptoInitInfos.dataOwnerRequiresAnonymousDelegation,\n this.groupSpecificAuthenticationProvider,\n this.params.encryptedFieldsConfig.topic ?? EncryptedFieldsConfig.Defaults.topic,\n this.fetch\n ))\n )\n }\n\n private _anonymousAccessApi: IccAnonymousAccessApi | undefined\n\n get anonymousAccessApi(): IccAnonymousAccessApi {\n return (\n this._anonymousAccessApi ??\n (this._anonymousAccessApi = new IccAnonymousAccessApi(\n this.host,\n this.cryptoInitInfos.headers,\n this.groupSpecificAuthenticationProvider,\n this.fetch\n ))\n )\n }\n\n private _applicationSettingsApi: IccApplicationsettingsApi | undefined\n\n get applicationSettingsApi(): IccApplicationsettingsApi {\n return (\n this._applicationSettingsApi ??\n (this._applicationSettingsApi = new IccApplicationsettingsApi(\n this.host,\n this.cryptoInitInfos.headers,\n this.groupSpecificAuthenticationProvider,\n this.fetch\n ))\n )\n }\n\n private _articleApi: IccArticleApi | undefined\n\n get articleApi(): IccArticleApi {\n return (\n this._articleApi ??\n (this._articleApi = new IccArticleApi(this.host, this.cryptoInitInfos.headers, this.groupSpecificAuthenticationProvider, this.fetch))\n )\n }\n\n private _bekmehrApi: IccBekmehrXApi | undefined\n\n get bekmehrApi(): IccBekmehrXApi {\n return (\n this._bekmehrApi ??\n (this._bekmehrApi = new IccBekmehrXApi(\n this.host,\n this.cryptoInitInfos.headers,\n this.authApi,\n this.contactApi,\n this.healthcareElementApi,\n this.documentApi,\n this.groupSpecificAuthenticationProvider,\n this.fetch\n ))\n )\n }\n\n private _beefactApi: IccBeefactApi | undefined\n\n get beefactApi(): IccBeefactApi {\n return (\n this._beefactApi ??\n (this._beefactApi = new IccBeefactApi(this.host, this.cryptoInitInfos.headers, this.groupSpecificAuthenticationProvider, this.fetch))\n )\n }\n\n private _beresultexportApi: IccBeresultexportApi | undefined\n\n get beresultexportApi(): IccBeresultexportApi {\n return (\n this._beresultexportApi ??\n (this._beresultexportApi = new IccBeresultexportApi(\n this.host,\n this.cryptoInitInfos.headers,\n this.groupSpecificAuthenticationProvider,\n this.fetch\n ))\n )\n }\n\n private _beresultimportApi: IccBeresultimportApi | undefined\n\n get beresultimportApi(): IccBeresultimportApi {\n return (\n this._beresultimportApi ??\n (this._beresultimportApi = new IccBeresultimportApi(\n this.host,\n this.cryptoInitInfos.headers,\n this.groupSpecificAuthenticationProvider,\n this.fetch\n ))\n )\n }\n\n private _besamv2Api: IccBesamv2Api | undefined\n\n get besamv2Api(): IccBesamv2Api {\n return (\n this._besamv2Api ??\n (this._besamv2Api = new IccBesamv2Api(this.host, this.cryptoInitInfos.headers, this.groupSpecificAuthenticationProvider, this.fetch))\n )\n }\n\n private _classificationTemplateApi: IccClassificationTemplateApi | undefined\n\n get classificationTemplateApi(): IccClassificationTemplateApi {\n return (\n this._classificationTemplateApi ??\n (this._classificationTemplateApi = new IccClassificationTemplateApi(\n this.host,\n this.cryptoInitInfos.headers,\n this.groupSpecificAuthenticationProvider,\n this.fetch\n ))\n )\n }\n\n private _doctemplateApi: IccDoctemplateXApi | undefined\n\n get doctemplateApi(): IccDoctemplateXApi {\n return (\n this._doctemplateApi ??\n (this._doctemplateApi = new IccDoctemplateXApi(\n this.host,\n this.cryptoInitInfos.headers,\n this.cryptoApi,\n this.groupSpecificAuthenticationProvider,\n this.fetch\n ))\n )\n }\n\n private _entitytemplateApi: IccEntitytemplateApi | undefined\n\n get entitytemplateApi(): IccEntitytemplateApi {\n return (\n this._entitytemplateApi ??\n (this._entitytemplateApi = new IccEntitytemplateApi(\n this.host,\n this.cryptoInitInfos.headers,\n this.groupSpecificAuthenticationProvider,\n this.fetch\n ))\n )\n }\n\n private _frontendmigrationApi: IccFrontendmigrationApi | undefined\n\n get frontendmigrationApi(): IccFrontendmigrationApi {\n return (\n this._frontendmigrationApi ??\n (this._frontendmigrationApi = new IccFrontendmigrationApi(\n this.host,\n this.cryptoInitInfos.headers,\n this.groupSpecificAuthenticationProvider,\n this.fetch\n ))\n )\n }\n\n private _icureApi: IccIcureApi | undefined\n\n get icureApi(): IccIcureApi {\n return (\n this._icureApi ??\n (this._icureApi = new IccIcureApi(this.host, this.cryptoInitInfos.headers, this.groupSpecificAuthenticationProvider, this.fetch))\n )\n }\n\n private _keywordApi: IccKeywordApi | undefined\n\n get keywordApi(): IccKeywordApi {\n return (\n this._keywordApi ??\n (this._keywordApi = new IccKeywordApi(this.host, this.cryptoInitInfos.headers, this.groupSpecificAuthenticationProvider, this.fetch))\n )\n }\n\n private _medexApi: IccMedexApi | undefined\n\n get medexApi(): IccMedexApi {\n return (\n this._medexApi ??\n (this._medexApi = new IccMedexApi(this.host, this.cryptoInitInfos.headers, this.groupSpecificAuthenticationProvider, this.fetch))\n )\n }\n\n private _placeApi: IccPlaceApi | undefined\n\n get placeApi(): IccPlaceApi {\n return (\n this._placeApi ??\n (this._placeApi = new IccPlaceApi(this.host, this.cryptoInitInfos.headers, this.groupSpecificAuthenticationProvider, this.fetch))\n )\n }\n\n private _pubsubApi: IccPubsubApi | undefined\n\n get pubsubApi(): IccPubsubApi {\n return (\n this._pubsubApi ??\n (this._pubsubApi = new IccPubsubApi(this.host, this.cryptoInitInfos.headers, this.groupSpecificAuthenticationProvider, this.fetch))\n )\n }\n\n private _replicationApi: IccReplicationApi | undefined\n\n get replicationApi(): IccReplicationApi {\n return (\n this._replicationApi ??\n (this._replicationApi = new IccReplicationApi(this.host, this.cryptoInitInfos.headers, this.groupSpecificAuthenticationProvider, this.fetch))\n )\n }\n\n private _tarificationApi: IccTarificationApi | undefined\n\n get tarificationApi(): IccTarificationApi {\n return (\n this._tarificationApi ??\n (this._tarificationApi = new IccTarificationApi(this.host, this.cryptoInitInfos.headers, this.groupSpecificAuthenticationProvider, this.fetch))\n )\n }\n\n private _tmpApi: IccTmpApi | undefined\n\n get tmpApi(): IccTmpApi {\n return (\n this._tmpApi ?? (this._tmpApi = new IccTmpApi(this.host, this.cryptoInitInfos.headers, this.groupSpecificAuthenticationProvider, this.fetch))\n )\n }\n\n get cryptoApi(): IccCryptoXApi {\n return this.cryptoInitInfos.cryptoApi\n }\n\n get dataOwnerApi(): IccDataOwnerXApi {\n return this.cryptoInitInfos.dataOwnerApi\n }\n\n get deviceApi(): IccDeviceXApi {\n return this.cryptoInitInfos.deviceApi\n }\n\n get healthcarePartyApi(): IccHcpartyXApi {\n return this.cryptoInitInfos.healthcarePartyApi\n }\n\n get icureMaintenanceTaskApi(): IccIcureMaintenanceXApi {\n return this.cryptoInitInfos.icureMaintenanceTaskApi\n }\n\n get maintenanceTaskApi(): IccMaintenanceTaskXApi {\n return this.cryptoInitInfos.maintenanceTaskApi\n }\n\n get userApi(): IccUserXApi {\n return this.cryptoInitInfos.userApi\n }\n\n async getGroupsInfo(): Promise<{ currentGroup: UserGroup | undefined; availableGroups: UserGroup[] }> {\n this.latestGroupsRequest = this.grouplessUserApi.getMatchingUsers()\n return { currentGroup: this.currentGroupInfo, availableGroups: await this.latestGroupsRequest }\n }\n\n async switchGroup(newGroupId: string): Promise<IcureApi> {\n const availableGroups = await this.latestGroupsRequest\n const switchedProvider = await this.groupSpecificAuthenticationProvider.switchGroup(newGroupId, availableGroups)\n const cryptoInitInfos = await initialiseCryptoWithProvider(\n this.host,\n this.fetch,\n switchedProvider,\n this.params,\n this.cryptoStrategies,\n this.cryptoApi.primitives.crypto\n )\n return new IcureApiImpl(\n cryptoInitInfos,\n this.host,\n switchedProvider,\n this.fetch,\n this.grouplessUserApi,\n availableGroups,\n availableGroups.find((x) => x.groupId === newGroupId)!,\n this.params,\n this.cryptoStrategies\n )\n }\n}\n\n/**\n /**\n * @experimental This function still needs development and will be changed\n * Build apis which do not need crypto and can be used by non-data-owner users\n */\nexport const BasicApis = async function (\n host: string,\n authenticationOptions: AuthenticationDetails | AuthenticationProvider,\n crypto: Crypto = typeof window !== 'undefined' ? window.crypto : typeof self !== 'undefined' ? self.crypto : ({} as Crypto),\n fetchImpl: (input: RequestInfo, init?: RequestInit) => Promise<Response> = typeof window !== 'undefined'\n ? window.fetch\n : typeof self !== 'undefined'\n ? self.fetch\n : fetch,\n options: { headers?: { [headerName: string]: string } } = {}\n): Promise<BasicApis> {\n const authenticationProvider = await getAuthenticationProvider(host, authenticationOptions, options.headers ?? {}, fetchImpl)\n const authApi = new IccAuthApi(host, options.headers ?? {}, authenticationProvider, fetchImpl)\n\n const codeApi = new IccCodeXApi(host, options.headers ?? {}, authenticationProvider, fetchImpl)\n const entityReferenceApi = new IccEntityrefApi(host, options.headers ?? {}, authenticationProvider, fetchImpl)\n const userApi = new IccUserXApi(host, options.headers ?? {}, authenticationProvider, authApi, fetchImpl)\n const deviceApi = new IccDeviceXApi(host, options.headers ?? {}, authenticationProvider, userApi, authApi, fetchImpl)\n const permissionApi = new IccPermissionApi(host, options.headers ?? {}, authenticationProvider, fetchImpl)\n const agendaApi = new IccAgendaApi(host, options.headers ?? {}, authenticationProvider, fetchImpl)\n const groupApi = new IccGroupApi(host, options.headers ?? {}, authenticationProvider)\n const insuranceApi = new IccInsuranceApi(host, options.headers ?? {}, authenticationProvider, fetchImpl)\n const healthcarePartyApi = new IccHcpartyXApi(host, options.headers ?? {}, authenticationProvider, authApi, fetchImpl)\n\n return {\n authApi,\n deviceApi,\n codeApi,\n userApi,\n permissionApi,\n insuranceApi,\n entityReferenceApi,\n agendaApi,\n groupApi,\n healthcarePartyApi,\n }\n}\n\nasync function getMatchesOrEmpty(userApi: IccUserApi): Promise<UserGroup[]> {\n try {\n return await userApi.getMatchingUsers()\n } catch (err) {\n if (err instanceof Error && 'statusCode' in err && (err as any).statusCode === 404) return Promise.resolve([])\n else return Promise.reject(err)\n }\n}\n"]}
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../icc-x-api/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,wCA8BmB;AACnB,qDAA8C;AAC9C,yDAAkD;AAClD,2DAAoD;AACpD,2DAAoD;AACpD,6DAAsD;AACtD,2DAAoD;AACpD,qDAA8C;AAC9C,6DAAsD;AACtD,yEAAkE;AAClE,uEAA+D;AAC/D,2DAAoD;AACpD,2DAAoD;AACpD,2DAAoD;AACpD,+DAAwD;AACxD,iEAAyD;AACzD,qDAA8C;AAC9C,6EAAqE;AACrE,iEAAyD;AAGzD,iEAA6D;AAC7D,6DAAyD;AACzD,0EAMsC;AACtC,gEAA4D;AAC5D,kFAA8E;AAC9E,qEAAiE;AACjE,6FAAyF;AACzF,sDAAkD;AAClD,8EAA0E;AAG1E,sEAAkE;AAClE,kEAA8D;AAC9D,sEAAkE;AAClE,+EAAuE;AACvE,wEAAoE;AACpE,0CAAwD;AACxD,oHAAgH;AAChH,sEAA+F;AAC/F,8EAA0E;AAC1E,mFAA+E;AAC/E,gFAA4E;AAC5E,gFAA4E;AAC5E,sFAAkF;AAClF,kHAA8G;AAC9G,0EAAsE;AACtE,gFAA4E;AAC5E,gGAA4F;AAC5F,yFAAqF;AACrF,4EAAwE;AACxE,yDAAkD;AAClD,2DAAoD;AACpD,mEAA4D;AAE5D,uDAAgD;AAChD,0DAAsD;AACtD,0EAAsE;AACtE,oFAAgF;AAChF,wEAAoE;AACpE,gEAAgF;AAChF,gEAA4D;AAC5D,mFAA+E;AAC/E,4EAAwE;AACxE,6DAAsD;AAEtD,wDAAqC;AACrC,sDAAmC;AACnC,4DAAyC;AACzC,6DAA0C;AAC1C,mDAAgC;AAChC,sDAAmC;AACnC,qDAAkC;AAClC,0DAAuC;AACvC,uDAAoC;AACpC,mDAAgC;AAChC,sDAAmC;AACnC,uDAAoC;AACpC,sDAAmC;AACnC,sDAAmC;AACnC,sDAAmC;AACnC,mDAAgC;AAChC,yDAAsC;AACtC,sDAAmC;AACnC,yDAAsC;AACtC,gEAA6C;AAC7C,+DAA4C;AAC5C,0CAAuB;AAEvB,+CAA4B;AAC5B,4DAAyC;AACzC,kEAA+C;AAC/C,gEAA6C;AAG7C,+DAA6D;AAApD,oHAAA,gBAAgB,OAAA;AAEzB,2DAAyD;AAAhD,gHAAA,cAAc,OAAA;AAEvB,wCAAoD;AAA3C,4GAAA,mBAAmB,OAAA;AAqH5B,IAAU,eAAe,CA4BxB;AA5BD,WAAU,eAAe;IACvB,IAAiB,QAAQ,CAIxB;IAJD,WAAiB,QAAQ;QACV,yBAAgB,GAAG,IAAI,+DAA8B,EAAE,CAAA;QACvD,uCAA8B,GAAG,IAAI,CAAA;QACrC,gBAAO,GAAG,EAAE,CAAA;IAC3B,CAAC,EAJgB,QAAQ,GAAR,wBAAQ,KAAR,wBAAQ,QAIxB;IAED,MAAa,YAAY;QAUvB,YAAY,MAAuB;;YACjC,IAAI,CAAC,gBAAgB,GAAG,MAAA,MAAM,CAAC,gBAAgB,mCAAI,QAAQ,CAAC,gBAAgB,CAAA;YAC5E,IAAI,CAAC,8BAA8B,GAAG,MAAA,MAAM,CAAC,8BAA8B,mCAAI,QAAQ,CAAC,8BAA8B,CAAA;YACtH,IAAI,CAAC,OAAO,GAAG,MAAA,MAAM,CAAC,OAAO,mCAAI,IAAI,mCAAgB,EAAE,CAAA;YACvD,IAAI,CAAC,UAAU,GAAG,MAAA,MAAM,CAAC,UAAU,mCAAI,IAAI,+BAAc,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;YACvE,IAAI,CAAC,OAAO,GAAG,MAAA,MAAM,CAAC,OAAO,mCAAI,QAAQ,CAAC,OAAO,CAAA;YACjD,IAAI,CAAC,qBAAqB,GAAG,MAAA,MAAM,CAAC,qBAAqB,mCAAI,EAAE,CAAA;YAC/D,IAAI,CAAC,aAAa,GAAG,MAAA,MAAM,CAAC,aAAa,mCAAI,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,OAAQ,CAAC,CAAC,CAAA;YAC9F,IAAI,CAAC,+BAA+B,GAAG,MAAA,MAAM,CAAC,+BAA+B,mCAAI,KAAK,CAAA;QACxF,CAAC;KACF;IApBY,4BAAY,eAoBxB,CAAA;AACH,CAAC,EA5BS,eAAe,KAAf,eAAe,QA4BxB;AAwJD,IAAiB,qBAAqB,CAYrC;AAZD,WAAiB,qBAAqB;IACvB,8BAAQ,GAAG;QACtB,SAAS,EAAE,CAAC,QAAQ,EAAE,UAAU,CAAC;QACjC,YAAY,EAAE,CAAC,SAAS,EAAE,OAAO,EAAE,WAAW,CAAC;QAC/C,OAAO,EAAE,CAAC,OAAO,CAAC;QAClB,OAAO,EAAE,CAAC,kBAAkB,CAAC;QAC7B,aAAa,EAAE,CAAC,OAAO,EAAE,MAAM,EAAE,kBAAkB,CAAC;QACpD,eAAe,EAAE,CAAC,YAAY,CAAC;QAC/B,OAAO,EAAE,CAAC,MAAM,EAAE,kBAAkB,CAAC;QACrC,OAAO,EAAE,EAAE;QACX,KAAK,EAAE,CAAC,aAAa,EAAE,gBAAgB,EAAE,sBAAsB,CAAC;KACjE,CAAA;AACH,CAAC,EAZgB,qBAAqB,GAArB,6BAAqB,KAArB,6BAAqB,QAYrC;AA4ED,IAAiB,QAAQ,CA+CxB;AA/CD,WAAiB,QAAQ;IACvB;;OAEG;IACH,SAAsB,UAAU,CAC9B,IAAY,EACZ,qBAAqE,EACrE,gBAAkC,EAClC,SAAiB,OAAO,MAAM,KAAK,WAAW,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO,IAAI,KAAK,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAE,EAAa,EAC3H,YAA2E,OAAO,MAAM,KAAK,WAAW;QACtG,CAAC,CAAC,MAAM,CAAC,KAAK;QACd,CAAC,CAAC,OAAO,IAAI,KAAK,WAAW;YAC7B,CAAC,CAAC,IAAI,CAAC,KAAK;YACZ,CAAC,CAAC,KAAK,EACT,UAA2B,EAAE;;;YAE7B,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC,YAAY,CAAC,OAAO,CAAC,CAAA;YACxD,IAAI,+BAA+B,GAAG,MAAM,yBAAyB,CAAC,IAAI,EAAE,qBAAqB,EAAE,MAAM,CAAC,OAAO,EAAE,SAAS,CAAC,CAAA;YAC7H,mIAAmI;YACnI,MAAM,gBAAgB,GAAG,IAAI,oBAAU,CAAC,IAAI,EAAE,MAAM,CAAC,OAAO,EAAE,+BAA+B,EAAE,SAAS,CAAC,CAAA;YACzG,MAAM,OAAO,GAAG,MAAM,iBAAiB,CAAC,gBAAgB,CAAC,CAAA;YACzD,MAAM,aAAa,GAAG,OAAO,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC,CAAC,MAAM,OAAO,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,MAAA,OAAO,CAAC,CAAC,CAAC,0CAAE,OAAO,CAAA;YAChI,MAAM,uCAAuC,GAC3C,OAAO,CAAC,MAAM,GAAG,CAAC,IAAI,aAAa;gBACjC,CAAC,CAAC,MAAM,+BAA+B,CAAC,WAAW,CAAC,aAAa,EAAE,OAAO,CAAC;gBAC3E,CAAC,CAAC,EAAE,gBAAgB,EAAE,+BAA+B,EAAE,aAAa,EAAE,KAAK,EAAE,CAAA;YACjF;;;eAGG;YACH,MAAM,mCAAmC,GACvC,OAAO,CAAC,MAAM,GAAG,CAAC,IAAI,aAAa;gBACjC,CAAC,CAAC,MAAM,+BAA+B,CAAC,WAAW,CAAC,aAAa,EAAE,OAAO,CAAC;gBAC3E,CAAC,CAAC,+BAA+B,CAAA;YACrC,MAAM,cAAc,GAAG,MAAM,4BAA4B,CAAC,IAAI,EAAE,SAAS,EAAE,mCAAmC,EAAE,MAAM,EAAE,gBAAgB,EAAE,MAAM,CAAC,CAAA;YACjJ,OAAO,IAAI,YAAY,CACrB,cAAc,EACd,IAAI,EACJ,mCAAmC,EACnC,KAAK,EACL,gBAAgB,EAChB,OAAO,EACP,OAAO,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,OAAO,KAAK,aAAa,CAAC,EACxD,MAAM,EACN,gBAAgB,CACjB,CAAA;;KACF;IA1CqB,mBAAU,aA0C/B,CAAA;AACH,CAAC,EA/CgB,QAAQ,GAAR,gBAAQ,KAAR,gBAAQ,QA+CxB;AAED,SAAe,yBAAyB,CACtC,IAAY,EACZ,qBAAqE,EACrE,OAAyC,EACzC,SAAwE;;;QAExE,IAAI,sBAA8C,CAAA;QAClD,IAAI,gBAAgB,IAAI,qBAAqB,IAAI,aAAa,IAAI,qBAAqB,IAAI,gBAAgB,IAAI,qBAAqB,EAAE;YACpI,sBAAsB,GAAG,qBAAqB,CAAA;SAC/C;aAAM,IAAI,aAAa,IAAI,qBAAqB,IAAI,CAAC,CAAC,qBAAqB,CAAC,WAAW,EAAE;YACxF,sBAAsB,GAAG,IAAI,kDAAyB,CACpD,IAAI,oBAAU,CAAC,IAAI,EAAE,OAAO,EAAE,IAAI,iDAAwB,EAAE,EAAE,SAAS,CAAC,EACxE,MAAA,qBAAqB,aAArB,qBAAqB,uBAArB,qBAAqB,CAAE,WAAW,0CAAE,QAAQ,EAC5C,MAAA,qBAAqB,aAArB,qBAAqB,uBAArB,qBAAqB,CAAE,WAAW,0CAAE,QAAQ,EAC5C,SAAS,EACT,qBAAqB,CAAC,WAAW,CAClC,CAAA;SACF;aAAM,IACL,UAAU,IAAI,qBAAqB;YACnC,UAAU,IAAI,qBAAqB;YACnC,CAAC,CAAC,qBAAqB,CAAC,QAAQ;YAChC,CAAC,CAAC,qBAAqB,CAAC,QAAQ,EAChC;YACA,sBAAsB,GAAG,IAAI,uDAA8B,CACzD,IAAI,oBAAU,CAAC,IAAI,EAAE,OAAO,EAAE,IAAI,iDAAwB,EAAE,EAAE,SAAS,CAAC,EACxE,qBAAqB,CAAC,QAAQ,EAC9B,qBAAqB,CAAC,QAAQ,EAC9B,IAAI,EACJ,SAAS,EACT,SAAS,EACT,qBAAqB,CAAC,gBAAgB,CACvC,CAAA;SACF;aAAM,IAAI,kBAAkB,IAAI,qBAAqB,IAAI,CAAC,CAAC,qBAAqB,CAAC,gBAAgB,EAAE;YAClG,sBAAsB,GAAG,IAAI,kDAAyB,CACpD,IAAI,oBAAU,CAAC,IAAI,EAAE,OAAO,EAAE,IAAI,iDAAwB,EAAE,EAAE,SAAS,CAAC,EACxE,SAAS,EACT,SAAS,EACT,IAAI,6CAAqB,CACvB,IAAI,oBAAU,CAAC,IAAI,EAAE,OAAO,EAAE,IAAI,iDAAwB,EAAE,EAAE,SAAS,CAAC,EACxE,SAAS,EACT,SAAS,EACT,qBAAqB,CAAC,gBAAgB,EACtC,SAAS,CACV,CACF,CAAA;SACF;aAAM,IAAI,UAAU,IAAI,qBAAqB,IAAI,gBAAgB,IAAI,qBAAqB,EAAE;YAC3F,sBAAsB,GAAG,qCAAiB,CAAC,UAAU,CACnD,IAAI,oBAAU,CAAC,IAAI,EAAE,OAAO,EAAE,IAAI,iDAAwB,EAAE,EAAE,SAAS,CAAC,EACxE,qBAAqB,CAAC,QAAQ,EAC9B,qBAAqB,CAAC,cAAc,EACpC;gBACE,aAAa,EAAE,qBAAqB,CAAC,aAAa;gBAClD,gBAAgB,EAAE,qBAAqB,CAAC,gBAAgB;gBACxD,mBAAmB,EAAE,qBAAqB,CAAC,mBAAmB;aAC/D,CACF,CAAA;SACF;aAAM;YACL,MAAM,IAAI,KAAK,CAAC,yCAAyC,CAAC,CAAA;SAC3D;QACD,OAAO,sBAAsB,CAAA;;CAC9B;AAiBD,MAAM,gCAAgC,GAAG,iCAAiC,CAAA;AAE1E,SAAe,4BAA4B,CACzC,IAAY,EACZ,SAAwE,EACxE,mCAA2D,EAC3D,MAAoC,EACpC,gBAAkC,EAClC,MAAc;;;QAEd,MAAM,oBAAoB,GAAG,MAAM,IAAI,uCAAgB,CACrD,IAAI,EACJ,MAAM,CAAC,OAAO,EACd,mCAAmC,EACnC,SAAS,CACV,CAAC,uBAAuB,EAAE,CAAA;QAC3B,MAAM,oCAAoC,GAAG,gBAAgB,CAAC,oCAAoC,CAAC,oBAAoB,CAAC,CAAA;QACxH,IAAI,cAAc,GAAG,MAAM,CAAC,OAAO,CAAA;QACnC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,QAAQ,CAAC,gCAAgC,CAAC,EAAE;YAC3E,IAAI,oBAAoB,CAAC,IAAI,IAAI,qCAAiB,CAAC,OAAO,IAAI,oBAAoB,CAAC,IAAI,IAAI,qCAAiB,CAAC,MAAM,EAAE;gBACnH,IAAI,CAAC,oCAAoC,EAAE;oBACzC,cAAc,mCAAQ,cAAc,KAAE,CAAC,gCAAgC,CAAC,EAAE,OAAO,GAAE,CAAA;iBACpF;aACF;iBAAM;gBACL,IAAI,oCAAoC,EAAE;oBACxC,cAAc,mCAAQ,cAAc,KAAE,CAAC,gCAAgC,CAAC,EAAE,MAAM,GAAE,CAAA;iBACnF;aACF;SACF;QAED,MAAM,OAAO,GAAG,IAAI,oBAAU,CAAC,IAAI,EAAE,cAAc,EAAE,mCAAmC,EAAE,SAAS,CAAC,CAAA;QACpG,MAAM,OAAO,GAAG,IAAI,4BAAW,CAAC,IAAI,EAAE,cAAc,EAAE,mCAAmC,EAAE,OAAO,EAAE,SAAS,CAAC,CAAA;QAC9G,MAAM,kBAAkB,GAAG,IAAI,kCAAc,CAAC,IAAI,EAAE,cAAc,EAAE,mCAAmC,EAAE,OAAO,EAAE,SAAS,CAAC,CAAA;QAC5H,MAAM,SAAS,GAAG,IAAI,gCAAa,CAAC,IAAI,EAAE,cAAc,EAAE,mCAAmC,EAAE,OAAO,EAAE,OAAO,EAAE,SAAS,CAAC,CAAA;QAC3H,MAAM,cAAc,GAAG,IAAI,uBAAa,CAAC,IAAI,EAAE,cAAc,EAAE,mCAAmC,EAAE,SAAS,CAAC,CAAA;QAC9G,MAAM,YAAY,GAAG,IAAI,uCAAgB,CAAC,IAAI,EAAE,cAAc,EAAE,mCAAmC,EAAE,SAAS,CAAC,CAAA;QAC/G,MAAM,eAAe,GAAG,IAAI,uCAAkB,CAAC,IAAI,EAAE,cAAc,EAAE,mCAAmC,EAAE,SAAS,CAAC,CAAA;QACpH,MAAM,mBAAmB,GAAG,IAAI,uCAAkB,CAAC,IAAI,EAAE,cAAc,EAAE,mCAAmC,EAAE,SAAS,CAAC,CAAA;QACxH,wBAAwB;QACxB,MAAM,YAAY,GAAG,IAAI,uCAAkB,CAAC,MAAM,CAAC,UAAU,EAAE,MAAM,CAAC,OAAO,EAAE,MAAM,CAAC,gBAAgB,CAAC,CAAA;QACvG,MAAM,gBAAgB,GAAG,IAAI,mCAAgB,CAAC,MAAM,CAAC,CAAA;QACrD,MAAM,uBAAuB,GAAG,IAAI,iDAAuB,CAAC,gBAAgB,EAAE,YAAY,EAAE,kBAAkB,EAAE,cAAc,EAAE,SAAS,CAAC,CAAA;QAC1I,MAAM,uBAAuB,GAAG,IAAI,iDAAuB,CAAC,eAAe,EAAE,YAAY,EAAE,gBAAgB,EAAE,oCAAoC,CAAC,CAAA;QAClJ,MAAM,WAAW,GAAG,IAAI,yBAAW,CAAC,gBAAgB,EAAE,YAAY,EAAE,uBAAuB,EAAE,uBAAuB,CAAC,CAAA;QACrH,MAAM,sBAAsB,GAAG,IAAI,+CAAsB,CAAC,gBAAgB,EAAE,mBAAmB,CAAC,CAAA;QAChG,MAAM,gBAAgB,GAAG,IAAI,mCAAgB,CAAC,sBAAsB,CAAC,CAAA;QACrE,MAAM,yBAAyB,GAAG,IAAI,qDAAyB,CAC7D,gBAAgB,EAChB,YAAY,EACZ,YAAY,EACZ,WAAW,EACX,gBAAgB,EAChB,CAAC,MAAM,CAAC,+BAA+B,EACvC,gBAAgB,CACjB,CAAA;QACD,MAAM,wBAAwB,GAAG,IAAI,mDAAwB,CAAC,YAAY,EAAE,YAAY,EAAE,gBAAgB,CAAC,CAAA;QAC3G,MAAM,MAAM,GAAG,MAAM,yBAAyB,CAAC,cAAc,EAAE,CAAA;QAC/D,MAAM,IAAI,yCAAmB,CAC3B,gBAAgB,EAChB,uBAAuB,EACvB,YAAY,EACZ,yBAAyB,EACzB,wBAAwB,EACxB,YAAY,CACb,CAAC,kBAAkB,CAAC,MAAM,YAAY,CAAC,uBAAuB,EAAE,CAAC,CAAA;QAClE,6BAA6B;QAC7B,MAAM,mBAAmB,GAAG,IAAI,yCAAmB,CACjD,GAAG,EACH,GAAG,EACH,MAAM,EACN,KAAK,EACL,gBAAgB,EAChB,gBAAgB,EAChB,yBAAyB,EACzB,uBAAuB,EACvB,YAAY,EACZ,CAAC,MAAM,CAAC,+BAA+B,EACvC,YAAY,CACb,CAAA;QACD,MAAM,wBAAwB,GAAG,IAAI,mDAAwB,CAAC,gBAAgB,CAAC,CAAA;QAC/E,MAAM,mBAAmB,GAAG,MAAM,IAAA,sEAAgD,EAChF,uBAAuB,EACvB,yBAAyB,EACzB,wBAAwB,EACxB,wBAAwB,EACxB,gBAAgB,EAChB,YAAY,EACZ,gBAAgB,EAChB,CAAC,MAAM,CAAC,+BAA+B,CACxC,CAAA;QACD,MAAM,sBAAsB,GAAG,IAAI,+CAAsB,CACvD,IAAI,6CAAqB,CAAC,IAAI,EAAE,cAAc,EAAE,mCAAmC,EAAE,SAAS,CAAC,CAChG,CAAA;QACD,MAAM,2BAA2B,GAAG,IAAI,yDAA2B,CAAC,yBAAyB,EAAE,gBAAgB,CAAC,CAAA;QAChH,MAAM,2CAA2C,GAAG,IAAI,uFAA0C,CAChG,mBAAmB,EACnB,sBAAsB,EACtB,2BAA2B,EAC3B,YAAY,CACb,CAAA;QACD,MAAM,SAAS,GAAG,IAAI,6CAAqB,CACzC,gBAAgB,EAChB,YAAY,EACZ,IAAI,qFAAyC,CAAC,mBAAmB,EAAE,gBAAgB,CAAC,EACpF,2CAA2C,EAC3C,IAAI,mDAAwB,CAC1B,mBAAmB,EACnB,sBAAsB,EACtB,2BAA2B,EAC3B,wBAAwB,EACxB,yBAAyB,EACzB,gBAAgB,EAChB,YAAY,EACZ,gBAAgB,EAChB,oCAAoC,CACrC,EACD,OAAO,EACP,CAAC,MAAM,CAAC,+BAA+B,CACxC,CAAA;QACD,MAAM,aAAa,GAAG,IAAI,qCAAiB,CAAC,gBAAgB,EAAE,YAAY,EAAE,yBAAyB,EAAE,mBAAmB,CAAC,CAAA;QAC3H,MAAM,qBAAqB,GAAG,IAAI,2CAAoB,CAAC,SAAS,EAAE,gBAAgB,EAAE,YAAY,CAAC,CAAA;QACjG,MAAM,IAAA,+BAAuB,EAAC,YAAY,EAAE,SAAS,EAAE,cAAc,EAAE,gBAAgB,CAAC,CAAA;QACxF,MAAM,gCAAgC,GAAG,IAAI,mEAAgC,CAAC,mBAAmB,CAAC,CAAA;QAClG,MAAM,0BAA0B,GAAG,IAAI,uDAA0B,CAC/D,YAAY,EACZ,2CAA2C,EAC3C,SAAS,EACT,gBAAgB,EAChB,wBAAwB,EACxB,IAAI,EACJ,cAAc,EACd,mCAAmC,EACnC,SAAS,EACT,gCAAgC,CACjC,CAAA;QACD,MAAM,SAAS,GAAG,IAAI,gCAAa,CACjC,mBAAmB,EACnB,gBAAgB,EAChB,yBAAyB,EACzB,YAAY,EACZ,SAAS,EACT,aAAa,EACb,MAAM,CAAC,OAAO,EACd,MAAM,CAAC,UAAU,EACjB,qBAAqB,EACrB,mBAAmB,EACnB,gCAAgC,EAChC,0BAA0B,CAC3B,CAAA;QACD,MAAM,kBAAkB,GAAG,IAAI,mDAAsB,CACnD,IAAI,EACJ,cAAc,EACd,SAAS,EACT,kBAAkB,EAClB,YAAY,EACZ,OAAO,EACP,OAAO,EACP,CAAC,oCAAoC,EACrC,MAAA,MAAM,CAAC,qBAAqB,CAAC,eAAe,mCAAI,qBAAqB,CAAC,QAAQ,CAAC,eAAe,EAC9F,mCAAmC,EACnC,SAAS,CACV,CAAA;QACD,MAAM,uBAAuB,GAAG,IAAI,qDAAuB,CAAC,SAAS,EAAE,kBAAkB,EAAE,YAAY,EAAE,eAAe,CAAC,CAAA;QAEzH,IAAI,MAAM,IAAI,MAAM,CAAC,8BAA8B,EAAE;YACnD,MAAM,uBAAuB,CAAC,mCAAmC,CAAC,MAAM,OAAO,CAAC,cAAc,EAAE,EAAE,MAAM,CAAC,UAAU,CAAC,CAAA;SACrH;QACD,OAAO;YACL,SAAS;YACT,OAAO;YACP,kBAAkB;YAClB,SAAS;YACT,kBAAkB;YAClB,YAAY;YACZ,uBAAuB;YACvB,OAAO,EAAE,cAAc;YACvB,oCAAoC;YACpC,WAAW,EAAE,IAAI,oCAAe,CAC9B,mBAAmB,EACnB,sBAAsB,EACtB,yBAAyB,EACzB,YAAY,EACZ,gBAAgB,EAChB,mBAAmB,CACpB;SACF,CAAA;;CACF;AAED,MAAM,YAAY;IAGhB,YACmB,eAAyC,EACzC,IAAY,EACZ,mCAA2D,EAC3D,KAAoE,EACpE,gBAA4B,EAC7C,aAA0B,EACT,gBAAuC,EACvC,MAAoC,EACpC,gBAAkC;QARlC,oBAAe,GAAf,eAAe,CAA0B;QACzC,SAAI,GAAJ,IAAI,CAAQ;QACZ,wCAAmC,GAAnC,mCAAmC,CAAwB;QAC3D,UAAK,GAAL,KAAK,CAA+D;QACpE,qBAAgB,GAAhB,gBAAgB,CAAY;QAE5B,qBAAgB,GAAhB,gBAAgB,CAAuB;QACvC,WAAM,GAAN,MAAM,CAA8B;QACpC,qBAAgB,GAAhB,gBAAgB,CAAkB;QAEnD,IAAI,CAAC,mBAAmB,GAAG,OAAO,CAAC,OAAO,CAAC,aAAa,CAAC,CAAA;IAC3D,CAAC;IAID,IAAI,WAAW;QACb,OAAO,IAAI,CAAC,eAAe,CAAC,WAAW,CAAA;IACzC,CAAC;IAED,IAAI,OAAO;;QACT,OAAO,CACL,MAAA,IAAI,CAAC,QAAQ,mCAAI,CAAC,IAAI,CAAC,QAAQ,GAAG,IAAI,oBAAU,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,eAAe,CAAC,OAAO,EAAE,IAAI,CAAC,mCAAmC,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,CACjJ,CAAA;IACH,CAAC;IAID,IAAI,OAAO;;QACT,OAAO,CACL,MAAA,IAAI,CAAC,QAAQ,mCACb,CAAC,IAAI,CAAC,QAAQ,GAAG,IAAI,4BAAW,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,eAAe,CAAC,OAAO,EAAE,IAAI,CAAC,mCAAmC,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,CACjI,CAAA;IACH,CAAC;IAID,IAAI,mBAAmB;;QACrB,OAAO,CACL,MAAA,IAAI,CAAC,oBAAoB,mCACzB,CAAC,IAAI,CAAC,oBAAoB,GAAG,IAAI,gCAAsB,CACrD,IAAI,CAAC,IAAI,EACT,IAAI,CAAC,eAAe,CAAC,OAAO,EAC5B,IAAI,CAAC,mCAAmC,EACxC,IAAI,CAAC,KAAK,CACX,CAAC,CACH,CAAA;IACH,CAAC;IAID,IAAI,kBAAkB;;QACpB,OAAO,CACL,MAAA,IAAI,CAAC,mBAAmB,mCACxB,CAAC,IAAI,CAAC,mBAAmB,GAAG,IAAI,+BAAqB,CACnD,IAAI,CAAC,IAAI,EACT,IAAI,CAAC,eAAe,CAAC,OAAO,EAC5B,IAAI,CAAC,mCAAmC,EACxC,IAAI,CAAC,KAAK,CACX,CAAC,CACH,CAAA;IACH,CAAC;IAID,IAAI,OAAO;;QACT,OAAO,MAAA,IAAI,CAAC,QAAQ,mCAAI,CAAC,IAAI,CAAC,QAAQ,GAAG,IAAI,uBAAU,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,IAAI,CAAC,mCAAmC,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,CAAA;IAChJ,CAAC;IAID,IAAI,kBAAkB;;QACpB,OAAO,CACL,MAAA,IAAI,CAAC,mBAAmB,mCACxB,CAAC,IAAI,CAAC,mBAAmB,GAAG,IAAI,yBAAe,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,eAAe,CAAC,OAAO,EAAE,IAAI,CAAC,mCAAmC,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,CAChJ,CAAA;IACH,CAAC;IAID,IAAI,aAAa;;QACf,OAAO,CACL,MAAA,IAAI,CAAC,cAAc,mCACnB,CAAC,IAAI,CAAC,cAAc,GAAG,IAAI,0BAAgB,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,eAAe,CAAC,OAAO,EAAE,IAAI,CAAC,mCAAmC,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,CAC5I,CAAA;IACH,CAAC;IAID,IAAI,YAAY;;QACd,OAAO,CACL,MAAA,IAAI,CAAC,aAAa,mCAClB,CAAC,IAAI,CAAC,aAAa,GAAG,IAAI,sCAAgB,CACxC,IAAI,CAAC,IAAI,EACT,IAAI,CAAC,eAAe,CAAC,OAAO,EAC5B,IAAI,CAAC,SAAS,EACd,IAAI,CAAC,YAAY,EACjB,CAAC,IAAI,CAAC,eAAe,CAAC,oCAAoC,EAC1D,MAAA,IAAI,CAAC,MAAM,CAAC,qBAAqB,CAAC,SAAS,mCAAI,qBAAqB,CAAC,QAAQ,CAAC,SAAS,EACvF,IAAI,CAAC,mCAAmC,EACxC,IAAI,CAAC,KAAK,CACX,CAAC,CACH,CAAA;IACH,CAAC;IAID,IAAI,SAAS;;QACX,OAAO,CACL,MAAA,IAAI,CAAC,UAAU,mCACf,CAAC,IAAI,CAAC,UAAU,GAAG,IAAI,sBAAY,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,eAAe,CAAC,OAAO,EAAE,IAAI,CAAC,mCAAmC,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,CACpI,CAAA;IACH,CAAC;IAID,IAAI,UAAU;;QACZ,OAAO,CACL,MAAA,IAAI,CAAC,WAAW,mCAChB,CAAC,IAAI,CAAC,WAAW,GAAG,IAAI,kCAAc,CACpC,IAAI,CAAC,IAAI,EACT,IAAI,CAAC,eAAe,CAAC,OAAO,EAC5B,IAAI,CAAC,SAAS,EACd,IAAI,CAAC,YAAY,EACjB,IAAI,CAAC,OAAO,EACZ,IAAI,CAAC,OAAO,EACZ,CAAC,IAAI,CAAC,eAAe,CAAC,oCAAoC,EAC1D,IAAI,CAAC,mCAAmC,EACxC,IAAI,CAAC,KAAK,EACV,MAAA,IAAI,CAAC,MAAM,CAAC,qBAAqB,CAAC,OAAO,mCAAI,qBAAqB,CAAC,QAAQ,CAAC,OAAO,EACnF,MAAA,IAAI,CAAC,MAAM,CAAC,qBAAqB,CAAC,OAAO,mCAAI,qBAAqB,CAAC,QAAQ,CAAC,OAAO,CACpF,CAAC,CACH,CAAA;IACH,CAAC;IAID,IAAI,OAAO;;QACT,OAAO,CACL,MAAA,IAAI,CAAC,QAAQ,mCACb,CAAC,IAAI,CAAC,QAAQ,GAAG,IAAI,4BAAW,CAC9B,IAAI,CAAC,IAAI,EACT,IAAI,CAAC,eAAe,CAAC,OAAO,EAC5B,IAAI,CAAC,SAAS,EACd,IAAI,CAAC,YAAY,EACjB,CAAC,IAAI,CAAC,eAAe,CAAC,oCAAoC,EAC1D,IAAI,CAAC,mCAAmC,EACxC,IAAI,CAAC,KAAK,CACX,CAAC,CACH,CAAA;IACH,CAAC;IAID,IAAI,QAAQ;;QACV,OAAO,CACL,MAAA,IAAI,CAAC,SAAS,mCACd,CAAC,IAAI,CAAC,SAAS,GAAG,IAAI,qBAAW,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,eAAe,CAAC,OAAO,EAAE,IAAI,CAAC,mCAAmC,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,CAClI,CAAA;IACH,CAAC;IAID,IAAI,UAAU;;QACZ,OAAO,CACL,MAAA,IAAI,CAAC,WAAW,mCAChB,CAAC,IAAI,CAAC,WAAW,GAAG,IAAI,kCAAc,CACpC,IAAI,CAAC,IAAI,EACT,IAAI,CAAC,eAAe,CAAC,OAAO,EAC5B,IAAI,CAAC,SAAS,EACd,IAAI,CAAC,kBAAkB,EACvB,IAAI,CAAC,YAAY,EACjB,CAAC,IAAI,CAAC,eAAe,CAAC,oCAAoC,EAC1D,IAAI,CAAC,mCAAmC,EACxC,IAAI,CAAC,KAAK,CACX,CAAC,CACH,CAAA;IACH,CAAC;IAID,IAAI,YAAY;;QACd,OAAO,CACL,MAAA,IAAI,CAAC,aAAa,mCAClB,CAAC,IAAI,CAAC,aAAa,GAAG,IAAI,yBAAe,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,eAAe,CAAC,OAAO,EAAE,IAAI,CAAC,mCAAmC,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,CAC1I,CAAA;IACH,CAAC;IAID,IAAI,WAAW;;QACb,OAAO,CACL,MAAA,IAAI,CAAC,YAAY,mCACjB,CAAC,IAAI,CAAC,YAAY,GAAG,IAAI,oCAAe,CACtC,IAAI,CAAC,IAAI,EACT,IAAI,CAAC,eAAe,CAAC,OAAO,EAC5B,IAAI,CAAC,SAAS,EACd,IAAI,CAAC,OAAO,EACZ,IAAI,CAAC,YAAY,EACjB,CAAC,IAAI,CAAC,eAAe,CAAC,oCAAoC,EAC1D,IAAI,CAAC,mCAAmC,EACxC,IAAI,CAAC,KAAK,CACX,CAAC,CACH,CAAA;IACH,CAAC;IAID,IAAI,oBAAoB;;QACtB,OAAO,CACL,MAAA,IAAI,CAAC,qBAAqB,mCAC1B,CAAC,IAAI,CAAC,qBAAqB,GAAG,IAAI,oCAAe,CAC/C,IAAI,CAAC,IAAI,EACT,IAAI,CAAC,eAAe,CAAC,OAAO,EAC5B,IAAI,CAAC,SAAS,EACd,IAAI,CAAC,YAAY,EACjB,IAAI,CAAC,OAAO,EACZ,IAAI,CAAC,OAAO,EACZ,CAAC,IAAI,CAAC,eAAe,CAAC,oCAAoC,EAC1D,MAAA,IAAI,CAAC,MAAM,CAAC,qBAAqB,CAAC,aAAa,mCAAI,qBAAqB,CAAC,QAAQ,CAAC,aAAa,EAC/F,IAAI,CAAC,mCAAmC,EACxC,IAAI,CAAC,KAAK,CACX,CAAC,CACH,CAAA;IACH,CAAC;IAID,IAAI,iBAAiB;;QACnB,OAAO,CACL,MAAA,IAAI,CAAC,kBAAkB,mCACvB,CAAC,IAAI,CAAC,kBAAkB,GAAG,IAAI,gDAAqB,CAClD,IAAI,CAAC,IAAI,EACT,IAAI,CAAC,eAAe,CAAC,OAAO,EAC5B,IAAI,CAAC,SAAS,EACd,IAAI,CAAC,YAAY,EACjB,CAAC,IAAI,CAAC,eAAe,CAAC,oCAAoC,EAC1D,IAAI,CAAC,mCAAmC,EACxC,IAAI,CAAC,KAAK,CACX,CAAC,CACH,CAAA;IACH,CAAC;IAID,IAAI,eAAe;;QACjB,OAAO,CACL,MAAA,IAAI,CAAC,gBAAgB,mCACrB,CAAC,IAAI,CAAC,gBAAgB,GAAG,IAAI,6CAAmB,CAC9C,IAAI,CAAC,IAAI,EACT,IAAI,CAAC,eAAe,CAAC,OAAO,EAC5B,IAAI,CAAC,SAAS,EACd,IAAI,CAAC,YAAY,EACjB,CAAC,IAAI,CAAC,eAAe,CAAC,oCAAoC,EAC1D,MAAA,IAAI,CAAC,MAAM,CAAC,qBAAqB,CAAC,YAAY,mCAAI,qBAAqB,CAAC,QAAQ,CAAC,YAAY,EAC7F,IAAI,CAAC,mCAAmC,EACxC,IAAI,CAAC,KAAK,CACX,CAAC,CACH,CAAA;IACH,CAAC;IAID,IAAI,UAAU;;QACZ,OAAO,CACL,MAAA,IAAI,CAAC,WAAW,mCAChB,CAAC,IAAI,CAAC,WAAW,GAAG,IAAI,kCAAc,CACpC,IAAI,CAAC,IAAI,EACT,IAAI,CAAC,eAAe,CAAC,OAAO,EAC5B,IAAI,CAAC,SAAS,EACd,IAAI,CAAC,YAAY,EACjB,CAAC,IAAI,CAAC,eAAe,CAAC,oCAAoC,EAC1D,IAAI,CAAC,mCAAmC,EACxC,IAAI,CAAC,KAAK,CACX,CAAC,CACH,CAAA;IACH,CAAC;IAID,IAAI,YAAY;;QACd,OAAO,CACL,MAAA,IAAI,CAAC,aAAa,mCAClB,CAAC,IAAI,CAAC,aAAa,GAAG,IAAI,uCAAgB,CACxC,IAAI,CAAC,IAAI,EACT,IAAI,CAAC,eAAe,CAAC,OAAO,EAC5B,IAAI,CAAC,SAAS,EACd,IAAI,CAAC,YAAY,EACjB,CAAC,IAAI,CAAC,eAAe,CAAC,oCAAoC,EAC1D,IAAI,CAAC,mCAAmC,EACxC,IAAI,CAAC,KAAK,CACX,CAAC,CACH,CAAA;IACH,CAAC;IAID,IAAI,UAAU;;QACZ,OAAO,CACL,MAAA,IAAI,CAAC,WAAW,mCAChB,CAAC,IAAI,CAAC,WAAW,GAAG,IAAI,kCAAc,CACpC,IAAI,CAAC,IAAI,EACT,IAAI,CAAC,eAAe,CAAC,OAAO,EAC5B,IAAI,CAAC,SAAS,EACd,IAAI,CAAC,UAAU,EACf,IAAI,CAAC,OAAO,EACZ,IAAI,CAAC,oBAAoB,EACzB,IAAI,CAAC,UAAU,EACf,IAAI,CAAC,WAAW,EAChB,IAAI,CAAC,kBAAkB,EACvB,IAAI,CAAC,iBAAiB,EACtB,IAAI,CAAC,YAAY,EACjB,IAAI,CAAC,eAAe,EACpB,IAAI,CAAC,OAAO,EACZ,IAAI,CAAC,OAAO,EACZ,CAAC,IAAI,CAAC,eAAe,CAAC,oCAAoC,EAC1D,MAAA,IAAI,CAAC,MAAM,CAAC,qBAAqB,CAAC,OAAO,mCAAI,qBAAqB,CAAC,QAAQ,CAAC,OAAO,EACnF,IAAI,CAAC,mCAAmC,EACxC,IAAI,CAAC,KAAK,CACX,CAAC,CACH,CAAA;IACH,CAAC;IAID,IAAI,UAAU;;QACZ,OAAO,CACL,MAAA,IAAI,CAAC,WAAW,mCAChB,CAAC,IAAI,CAAC,WAAW,GAAG,IAAI,kCAAc,CACpC,IAAI,CAAC,IAAI,EACT,IAAI,CAAC,eAAe,CAAC,OAAO,EAC5B,IAAI,CAAC,SAAS,EACd,IAAI,CAAC,YAAY,EACjB,IAAI,CAAC,OAAO,EACZ,CAAC,IAAI,CAAC,eAAe,CAAC,oCAAoC,EAC1D,IAAI,CAAC,mCAAmC,EACxC,MAAA,IAAI,CAAC,MAAM,CAAC,qBAAqB,CAAC,OAAO,mCAAI,qBAAqB,CAAC,QAAQ,CAAC,OAAO,EACnF,IAAI,CAAC,KAAK,CACX,CAAC,CACH,CAAA;IACH,CAAC;IAID,IAAI,QAAQ;;QACV,OAAO,CACL,MAAA,IAAI,CAAC,SAAS,mCACd,CAAC,IAAI,CAAC,SAAS,GAAG,IAAI,8BAAY,CAChC,IAAI,CAAC,IAAI,EACT,IAAI,CAAC,eAAe,CAAC,OAAO,EAC5B,IAAI,CAAC,SAAS,EACd,IAAI,CAAC,YAAY,EACjB,IAAI,CAAC,OAAO,EACZ,CAAC,IAAI,CAAC,eAAe,CAAC,oCAAoC,EAC1D,IAAI,CAAC,mCAAmC,EACxC,MAAA,IAAI,CAAC,MAAM,CAAC,qBAAqB,CAAC,KAAK,mCAAI,qBAAqB,CAAC,QAAQ,CAAC,KAAK,EAC/E,IAAI,CAAC,KAAK,CACX,CAAC,CACH,CAAA;IACH,CAAC;IAID,IAAI,kBAAkB;;QACpB,OAAO,CACL,MAAA,IAAI,CAAC,mBAAmB,mCACxB,CAAC,IAAI,CAAC,mBAAmB,GAAG,IAAI,+BAAqB,CACnD,IAAI,CAAC,IAAI,EACT,IAAI,CAAC,eAAe,CAAC,OAAO,EAC5B,IAAI,CAAC,mCAAmC,EACxC,IAAI,CAAC,KAAK,CACX,CAAC,CACH,CAAA;IACH,CAAC;IAID,IAAI,sBAAsB;;QACxB,OAAO,CACL,MAAA,IAAI,CAAC,uBAAuB,mCAC5B,CAAC,IAAI,CAAC,uBAAuB,GAAG,IAAI,mCAAyB,CAC3D,IAAI,CAAC,IAAI,EACT,IAAI,CAAC,eAAe,CAAC,OAAO,EAC5B,IAAI,CAAC,mCAAmC,EACxC,IAAI,CAAC,KAAK,CACX,CAAC,CACH,CAAA;IACH,CAAC;IAID,IAAI,UAAU;;QACZ,OAAO,CACL,MAAA,IAAI,CAAC,WAAW,mCAChB,CAAC,IAAI,CAAC,WAAW,GAAG,IAAI,uBAAa,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,eAAe,CAAC,OAAO,EAAE,IAAI,CAAC,mCAAmC,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,CACtI,CAAA;IACH,CAAC;IAID,IAAI,UAAU;;QACZ,OAAO,CACL,MAAA,IAAI,CAAC,WAAW,mCAChB,CAAC,IAAI,CAAC,WAAW,GAAG,IAAI,kCAAc,CACpC,IAAI,CAAC,IAAI,EACT,IAAI,CAAC,eAAe,CAAC,OAAO,EAC5B,IAAI,CAAC,OAAO,EACZ,IAAI,CAAC,UAAU,EACf,IAAI,CAAC,oBAAoB,EACzB,IAAI,CAAC,WAAW,EAChB,IAAI,CAAC,mCAAmC,EACxC,IAAI,CAAC,KAAK,CACX,CAAC,CACH,CAAA;IACH,CAAC;IAID,IAAI,UAAU;;QACZ,OAAO,CACL,MAAA,IAAI,CAAC,WAAW,mCAChB,CAAC,IAAI,CAAC,WAAW,GAAG,IAAI,uBAAa,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,eAAe,CAAC,OAAO,EAAE,IAAI,CAAC,mCAAmC,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,CACtI,CAAA;IACH,CAAC;IAID,IAAI,iBAAiB;;QACnB,OAAO,CACL,MAAA,IAAI,CAAC,kBAAkB,mCACvB,CAAC,IAAI,CAAC,kBAAkB,GAAG,IAAI,8BAAoB,CACjD,IAAI,CAAC,IAAI,EACT,IAAI,CAAC,eAAe,CAAC,OAAO,EAC5B,IAAI,CAAC,mCAAmC,EACxC,IAAI,CAAC,KAAK,CACX,CAAC,CACH,CAAA;IACH,CAAC;IAID,IAAI,iBAAiB;;QACnB,OAAO,CACL,MAAA,IAAI,CAAC,kBAAkB,mCACvB,CAAC,IAAI,CAAC,kBAAkB,GAAG,IAAI,8BAAoB,CACjD,IAAI,CAAC,IAAI,EACT,IAAI,CAAC,eAAe,CAAC,OAAO,EAC5B,IAAI,CAAC,mCAAmC,EACxC,IAAI,CAAC,KAAK,CACX,CAAC,CACH,CAAA;IACH,CAAC;IAID,IAAI,UAAU;;QACZ,OAAO,CACL,MAAA,IAAI,CAAC,WAAW,mCAChB,CAAC,IAAI,CAAC,WAAW,GAAG,IAAI,uBAAa,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,eAAe,CAAC,OAAO,EAAE,IAAI,CAAC,mCAAmC,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,CACtI,CAAA;IACH,CAAC;IAID,IAAI,yBAAyB;;QAC3B,OAAO,CACL,MAAA,IAAI,CAAC,0BAA0B,mCAC/B,CAAC,IAAI,CAAC,0BAA0B,GAAG,IAAI,sCAA4B,CACjE,IAAI,CAAC,IAAI,EACT,IAAI,CAAC,eAAe,CAAC,OAAO,EAC5B,IAAI,CAAC,mCAAmC,EACxC,IAAI,CAAC,KAAK,CACX,CAAC,CACH,CAAA;IACH,CAAC;IAID,IAAI,cAAc;;QAChB,OAAO,CACL,MAAA,IAAI,CAAC,eAAe,mCACpB,CAAC,IAAI,CAAC,eAAe,GAAG,IAAI,0CAAkB,CAC5C,IAAI,CAAC,IAAI,EACT,IAAI,CAAC,eAAe,CAAC,OAAO,EAC5B,IAAI,CAAC,SAAS,EACd,IAAI,CAAC,mCAAmC,EACxC,IAAI,CAAC,KAAK,CACX,CAAC,CACH,CAAA;IACH,CAAC;IAID,IAAI,iBAAiB;;QACnB,OAAO,CACL,MAAA,IAAI,CAAC,kBAAkB,mCACvB,CAAC,IAAI,CAAC,kBAAkB,GAAG,IAAI,8BAAoB,CACjD,IAAI,CAAC,IAAI,EACT,IAAI,CAAC,eAAe,CAAC,OAAO,EAC5B,IAAI,CAAC,mCAAmC,EACxC,IAAI,CAAC,KAAK,CACX,CAAC,CACH,CAAA;IACH,CAAC;IAID,IAAI,oBAAoB;;QACtB,OAAO,CACL,MAAA,IAAI,CAAC,qBAAqB,mCAC1B,CAAC,IAAI,CAAC,qBAAqB,GAAG,IAAI,iCAAuB,CACvD,IAAI,CAAC,IAAI,EACT,IAAI,CAAC,eAAe,CAAC,OAAO,EAC5B,IAAI,CAAC,mCAAmC,EACxC,IAAI,CAAC,KAAK,CACX,CAAC,CACH,CAAA;IACH,CAAC;IAID,IAAI,QAAQ;;QACV,OAAO,CACL,MAAA,IAAI,CAAC,SAAS,mCACd,CAAC,IAAI,CAAC,SAAS,GAAG,IAAI,qBAAW,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,eAAe,CAAC,OAAO,EAAE,IAAI,CAAC,mCAAmC,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,CAClI,CAAA;IACH,CAAC;IAID,IAAI,UAAU;;QACZ,OAAO,CACL,MAAA,IAAI,CAAC,WAAW,mCAChB,CAAC,IAAI,CAAC,WAAW,GAAG,IAAI,uBAAa,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,eAAe,CAAC,OAAO,EAAE,IAAI,CAAC,mCAAmC,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,CACtI,CAAA;IACH,CAAC;IAID,IAAI,QAAQ;;QACV,OAAO,CACL,MAAA,IAAI,CAAC,SAAS,mCACd,CAAC,IAAI,CAAC,SAAS,GAAG,IAAI,qBAAW,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,eAAe,CAAC,OAAO,EAAE,IAAI,CAAC,mCAAmC,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,CAClI,CAAA;IACH,CAAC;IAID,IAAI,QAAQ;;QACV,OAAO,CACL,MAAA,IAAI,CAAC,SAAS,mCACd,CAAC,IAAI,CAAC,SAAS,GAAG,IAAI,qBAAW,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,eAAe,CAAC,OAAO,EAAE,IAAI,CAAC,mCAAmC,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,CAClI,CAAA;IACH,CAAC;IAID,IAAI,SAAS;;QACX,OAAO,CACL,MAAA,IAAI,CAAC,UAAU,mCACf,CAAC,IAAI,CAAC,UAAU,GAAG,IAAI,sBAAY,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,eAAe,CAAC,OAAO,EAAE,IAAI,CAAC,mCAAmC,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,CACpI,CAAA;IACH,CAAC;IAID,IAAI,cAAc;;QAChB,OAAO,CACL,MAAA,IAAI,CAAC,eAAe,mCACpB,CAAC,IAAI,CAAC,eAAe,GAAG,IAAI,2BAAiB,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,eAAe,CAAC,OAAO,EAAE,IAAI,CAAC,mCAAmC,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,CAC9I,CAAA;IACH,CAAC;IAID,IAAI,eAAe;;QACjB,OAAO,CACL,MAAA,IAAI,CAAC,gBAAgB,mCACrB,CAAC,IAAI,CAAC,gBAAgB,GAAG,IAAI,4BAAkB,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,eAAe,CAAC,OAAO,EAAE,IAAI,CAAC,mCAAmC,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,CAChJ,CAAA;IACH,CAAC;IAID,IAAI,MAAM;;QACR,OAAO,CACL,MAAA,IAAI,CAAC,OAAO,mCAAI,CAAC,IAAI,CAAC,OAAO,GAAG,IAAI,mBAAS,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,eAAe,CAAC,OAAO,EAAE,IAAI,CAAC,mCAAmC,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,CAC9I,CAAA;IACH,CAAC;IAED,IAAI,SAAS;QACX,OAAO,IAAI,CAAC,eAAe,CAAC,SAAS,CAAA;IACvC,CAAC;IAED,IAAI,YAAY;QACd,OAAO,IAAI,CAAC,eAAe,CAAC,YAAY,CAAA;IAC1C,CAAC;IAED,IAAI,SAAS;QACX,OAAO,IAAI,CAAC,eAAe,CAAC,SAAS,CAAA;IACvC,CAAC;IAED,IAAI,kBAAkB;QACpB,OAAO,IAAI,CAAC,eAAe,CAAC,kBAAkB,CAAA;IAChD,CAAC;IAED,IAAI,uBAAuB;QACzB,OAAO,IAAI,CAAC,eAAe,CAAC,uBAAuB,CAAA;IACrD,CAAC;IAED,IAAI,kBAAkB;QACpB,OAAO,IAAI,CAAC,eAAe,CAAC,kBAAkB,CAAA;IAChD,CAAC;IAED,IAAI,OAAO;QACT,OAAO,IAAI,CAAC,eAAe,CAAC,OAAO,CAAA;IACrC,CAAC;IAEK,aAAa;;YACjB,IAAI,CAAC,mBAAmB,GAAG,IAAI,CAAC,gBAAgB,CAAC,gBAAgB,EAAE,CAAA;YACnE,OAAO,EAAE,YAAY,EAAE,IAAI,CAAC,gBAAgB,EAAE,eAAe,EAAE,MAAM,IAAI,CAAC,mBAAmB,EAAE,CAAA;QACjG,CAAC;KAAA;IAEK,WAAW,CAAC,UAAkB;;YAClC,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAA;YACtD,MAAM,gBAAgB,GAAG,MAAM,IAAI,CAAC,mCAAmC,CAAC,WAAW,CAAC,UAAU,EAAE,eAAe,CAAC,CAAA;YAChH,MAAM,eAAe,GAAG,MAAM,4BAA4B,CACxD,IAAI,CAAC,IAAI,EACT,IAAI,CAAC,KAAK,EACV,gBAAgB,EAChB,IAAI,CAAC,MAAM,EACX,IAAI,CAAC,gBAAgB,EACrB,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,MAAM,CACjC,CAAA;YACD,OAAO,IAAI,YAAY,CACrB,eAAe,EACf,IAAI,CAAC,IAAI,EACT,gBAAgB,EAChB,IAAI,CAAC,KAAK,EACV,IAAI,CAAC,gBAAgB,EACrB,eAAe,EACf,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,KAAK,UAAU,CAAE,EACtD,IAAI,CAAC,MAAM,EACX,IAAI,CAAC,gBAAgB,CACtB,CAAA;QACH,CAAC;KAAA;CACF;AAED;;;;GAIG;AACI,MAAM,SAAS,GAAG,UACvB,IAAY,EACZ,qBAAqE,EACrE,SAAiB,OAAO,MAAM,KAAK,WAAW,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO,IAAI,KAAK,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAE,EAAa,EAC3H,YAA2E,OAAO,MAAM,KAAK,WAAW;IACtG,CAAC,CAAC,MAAM,CAAC,KAAK;IACd,CAAC,CAAC,OAAO,IAAI,KAAK,WAAW;QAC7B,CAAC,CAAC,IAAI,CAAC,KAAK;QACZ,CAAC,CAAC,KAAK,EACT,UAA0D,EAAE;;;QAE5D,MAAM,sBAAsB,GAAG,MAAM,yBAAyB,CAAC,IAAI,EAAE,qBAAqB,EAAE,MAAA,OAAO,CAAC,OAAO,mCAAI,EAAE,EAAE,SAAS,CAAC,CAAA;QAC7H,MAAM,OAAO,GAAG,IAAI,oBAAU,CAAC,IAAI,EAAE,MAAA,OAAO,CAAC,OAAO,mCAAI,EAAE,EAAE,sBAAsB,EAAE,SAAS,CAAC,CAAA;QAE9F,MAAM,OAAO,GAAG,IAAI,4BAAW,CAAC,IAAI,EAAE,MAAA,OAAO,CAAC,OAAO,mCAAI,EAAE,EAAE,sBAAsB,EAAE,SAAS,CAAC,CAAA;QAC/F,MAAM,kBAAkB,GAAG,IAAI,yBAAe,CAAC,IAAI,EAAE,MAAA,OAAO,CAAC,OAAO,mCAAI,EAAE,EAAE,sBAAsB,EAAE,SAAS,CAAC,CAAA;QAC9G,MAAM,OAAO,GAAG,IAAI,4BAAW,CAAC,IAAI,EAAE,MAAA,OAAO,CAAC,OAAO,mCAAI,EAAE,EAAE,sBAAsB,EAAE,OAAO,EAAE,SAAS,CAAC,CAAA;QACxG,MAAM,SAAS,GAAG,IAAI,gCAAa,CAAC,IAAI,EAAE,MAAA,OAAO,CAAC,OAAO,mCAAI,EAAE,EAAE,sBAAsB,EAAE,OAAO,EAAE,OAAO,EAAE,SAAS,CAAC,CAAA;QACrH,MAAM,aAAa,GAAG,IAAI,0BAAgB,CAAC,IAAI,EAAE,MAAA,OAAO,CAAC,OAAO,mCAAI,EAAE,EAAE,sBAAsB,EAAE,SAAS,CAAC,CAAA;QAC1G,MAAM,SAAS,GAAG,IAAI,sBAAY,CAAC,IAAI,EAAE,MAAA,OAAO,CAAC,OAAO,mCAAI,EAAE,EAAE,sBAAsB,EAAE,SAAS,CAAC,CAAA;QAClG,MAAM,QAAQ,GAAG,IAAI,qBAAW,CAAC,IAAI,EAAE,MAAA,OAAO,CAAC,OAAO,mCAAI,EAAE,EAAE,sBAAsB,CAAC,CAAA;QACrF,MAAM,YAAY,GAAG,IAAI,yBAAe,CAAC,IAAI,EAAE,MAAA,OAAO,CAAC,OAAO,mCAAI,EAAE,EAAE,sBAAsB,EAAE,SAAS,CAAC,CAAA;QACxG,MAAM,kBAAkB,GAAG,IAAI,kCAAc,CAAC,IAAI,EAAE,MAAA,OAAO,CAAC,OAAO,mCAAI,EAAE,EAAE,sBAAsB,EAAE,OAAO,EAAE,SAAS,CAAC,CAAA;QAEtH,OAAO;YACL,OAAO;YACP,SAAS;YACT,OAAO;YACP,OAAO;YACP,aAAa;YACb,YAAY;YACZ,kBAAkB;YAClB,SAAS;YACT,QAAQ;YACR,kBAAkB;SACnB,CAAA;;CACF,CAAA;AApCY,QAAA,SAAS,aAoCrB;AAED,SAAe,iBAAiB,CAAC,OAAmB;;QAClD,IAAI;YACF,OAAO,MAAM,OAAO,CAAC,gBAAgB,EAAE,CAAA;SACxC;QAAC,OAAO,GAAG,EAAE;YACZ,IAAI,GAAG,YAAY,KAAK,IAAI,YAAY,IAAI,GAAG,IAAK,GAAW,CAAC,UAAU,KAAK,GAAG;gBAAE,OAAO,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC,CAAA;;gBACzG,OAAO,OAAO,CAAC,MAAM,CAAC,GAAG,CAAC,CAAA;SAChC;IACH,CAAC;CAAA","sourcesContent":["import {\n IccAgendaApi,\n IccAnonymousAccessApi,\n IccApplicationsettingsApi,\n IccArticleApi,\n IccAuthApi,\n IccBeefactApi,\n IccBeresultexportApi,\n IccBeresultimportApi,\n IccBesamv2Api,\n IccCalendarItemTypeApi,\n IccClassificationTemplateApi,\n IccEntityrefApi,\n IccEntitytemplateApi,\n IccFrontendmigrationApi,\n IccGroupApi,\n IccIcureApi,\n IccInsuranceApi,\n IccKeywordApi,\n IccMedexApi,\n IccMedicallocationApi,\n IccPatientApi,\n IccPermissionApi,\n IccPlaceApi,\n IccPubsubApi,\n IccReplicationApi,\n IccTarificationApi,\n IccTmpApi,\n IccUserApi,\n OAuthThirdParty,\n} from '../icc-api'\nimport { IccUserXApi } from './icc-user-x-api'\nimport { IccCryptoXApi } from './icc-crypto-x-api'\nimport { IccContactXApi } from './icc-contact-x-api'\nimport { IccInvoiceXApi } from './icc-invoice-x-api'\nimport { IccDocumentXApi } from './icc-document-x-api'\nimport { IccHcpartyXApi } from './icc-hcparty-x-api'\nimport { IccFormXApi } from './icc-form-x-api'\nimport { IccHelementXApi } from './icc-helement-x-api'\nimport { IccClassificationXApi } from './icc-classification-x-api'\nimport { IccCalendarItemXApi } from './icc-calendar-item-x-api'\nimport { IccPatientXApi } from './icc-patient-x-api'\nimport { IccMessageXApi } from './icc-message-x-api'\nimport { IccReceiptXApi } from './icc-receipt-x-api'\nimport { IccAccesslogXApi } from './icc-accesslog-x-api'\nimport { IccTimeTableXApi } from './icc-time-table-x-api'\nimport { IccCodeXApi } from './icc-code-x-api'\nimport { IccMaintenanceTaskXApi } from './icc-maintenance-task-x-api'\nimport { IccDataOwnerXApi } from './icc-data-owner-x-api'\nimport { StorageFacade } from './storage/StorageFacade'\nimport { KeyStorageFacade } from './storage/KeyStorageFacade'\nimport { LocalStorageImpl } from './storage/LocalStorageImpl'\nimport { KeyStorageImpl } from './storage/KeyStorageImpl'\nimport {\n AuthenticationProvider,\n BasicAuthenticationProvider,\n EnsembleAuthenticationProvider,\n JwtAuthenticationProvider,\n NoAuthenticationProvider,\n} from './auth/AuthenticationProvider'\nimport { CryptoPrimitives } from './crypto/CryptoPrimitives'\nimport { UserEncryptionKeysManager } from './crypto/UserEncryptionKeysManager'\nimport { IcureStorageFacade } from './storage/IcureStorageFacade'\nimport { DefaultStorageEntryKeysFactory } from './storage/DefaultStorageEntryKeysFactory'\nimport { KeyRecovery } from './crypto/KeyRecovery'\nimport { BaseExchangeKeysManager } from './crypto/BaseExchangeKeysManager'\nimport { StorageEntryKeysFactory } from './storage/StorageEntryKeysFactory'\nimport { CryptoStrategies } from './crypto/CryptoStrategies'\nimport { ExchangeKeysManager } from './crypto/ExchangeKeysManager'\nimport { ShamirKeysManager } from './crypto/ShamirKeysManager'\nimport { TransferKeysManager } from './crypto/TransferKeysManager'\nimport { IccIcureMaintenanceXApi } from './icc-icure-maintenance-x-api'\nimport { ConfidentialEntities } from './crypto/ConfidentialEntities'\nimport { ensureDelegationForSelf } from './crypto/utils'\nimport { SecureDelegationsSecurityMetadataDecryptor } from './crypto/SecureDelegationsSecurityMetadataDecryptor'\nimport { initialiseExchangeDataManagerForCurrentDataOwner } from './crypto/ExchangeDataManager'\nimport { BaseExchangeDataManager } from './crypto/BaseExchangeDataManager'\nimport { IccExchangeDataApi } from '../icc-api/api/internal/IccExchangeDataApi'\nimport { UserSignatureKeysManager } from './crypto/UserSignatureKeysManager'\nimport { AccessControlSecretUtils } from './crypto/AccessControlSecretUtils'\nimport { SecureDelegationsEncryption } from './crypto/SecureDelegationsEncryption'\nimport { LegacyDelegationSecurityMetadataDecryptor } from './crypto/LegacyDelegationSecurityMetadataDecryptor'\nimport { ExtendedApisUtilsImpl } from './crypto/ExtendedApisUtilsImpl'\nimport { SecureDelegationsManager } from './crypto/SecureDelegationsManager'\nimport { AccessControlKeysHeadersProvider } from './crypto/AccessControlKeysHeadersProvider'\nimport { IccExchangeDataMapApi } from '../icc-api/api/internal/IccExchangeDataMapApi'\nimport { ExchangeDataMapManager } from './crypto/ExchangeDataMapManager'\nimport { IccDeviceXApi } from './icc-device-x-api'\nimport { IccBekmehrXApi } from './icc-bekmehr-x-api'\nimport { IccDoctemplateXApi } from './icc-doctemplate-x-api'\nimport { UserGroup } from '../icc-api/model/UserGroup'\nimport { IccTopicXApi } from './icc-topic-x-api'\nimport { IccRoleApi } from '../icc-api/api/IccRoleApi'\nimport { DataOwnerTypeEnum } from '../icc-api/model/DataOwnerTypeEnum'\nimport { DelegationsDeAnonymization } from './crypto/DelegationsDeAnonymization'\nimport { JwtBridgedAuthService } from './auth/JwtBridgedAuthService'\nimport { AuthSecretProvider, SmartAuthProvider } from './auth/SmartAuthProvider'\nimport { KeyPairRecoverer } from './crypto/KeyPairRecoverer'\nimport { IccRecoveryDataApi } from '../icc-api/api/internal/IccRecoveryDataApi'\nimport { RecoveryDataEncryption } from './crypto/RecoveryDataEncryption'\nimport { IccRecoveryXApi } from './icc-recovery-x-api'\n\nexport * from './icc-accesslog-x-api'\nexport * from './icc-bekmehr-x-api'\nexport * from './icc-calendar-item-x-api'\nexport * from './icc-classification-x-api'\nexport * from './icc-code-x-api'\nexport * from './icc-contact-x-api'\nexport * from './icc-crypto-x-api'\nexport * from './icc-doctemplate-x-api'\nexport * from './icc-document-x-api'\nexport * from './icc-form-x-api'\nexport * from './icc-hcparty-x-api'\nexport * from './icc-helement-x-api'\nexport * from './icc-invoice-x-api'\nexport * from './icc-message-x-api'\nexport * from './icc-patient-x-api'\nexport * from './icc-user-x-api'\nexport * from './icc-time-table-x-api'\nexport * from './icc-receipt-x-api'\nexport * from './icc-data-owner-x-api'\nexport * from './icc-icure-maintenance-x-api'\nexport * from './icc-maintenance-task-x-api'\nexport * from './utils'\n\nexport * from './crypto/RSA'\nexport * from './crypto/CryptoPrimitives'\nexport * from './crypto/ShareMetadataBehaviour'\nexport * from './auth/AuthenticationProvider'\n\nexport { KeyStorageFacade } from './storage/KeyStorageFacade'\nexport { LocalStorageImpl } from './storage/LocalStorageImpl'\nexport { StorageFacade } from './storage/StorageFacade'\nexport { KeyStorageImpl } from './storage/KeyStorageImpl'\nexport { CryptoStrategies } from './crypto/CryptoStrategies'\nexport { getShaVersionForKey } from './crypto/utils'\n\nexport interface BasicApis {\n readonly authApi: IccAuthApi\n readonly codeApi: IccCodeXApi\n readonly userApi: IccUserXApi\n readonly permissionApi: IccPermissionApi\n readonly insuranceApi: IccInsuranceApi\n readonly entityReferenceApi: IccEntityrefApi\n readonly agendaApi: IccAgendaApi\n readonly groupApi: IccGroupApi\n readonly healthcarePartyApi: IccHcpartyXApi\n readonly deviceApi: IccDeviceXApi\n}\nexport interface Apis extends BasicApis {\n readonly calendarItemTypeApi: IccCalendarItemTypeApi\n readonly medicalLocationApi: IccMedicallocationApi\n readonly cryptoApi: IccCryptoXApi\n readonly accessLogApi: IccAccesslogXApi\n readonly contactApi: IccContactXApi\n readonly formApi: IccFormXApi\n readonly invoiceApi: IccInvoiceXApi\n readonly documentApi: IccDocumentXApi\n readonly healthcareElementApi: IccHelementXApi\n readonly classificationApi: IccClassificationXApi\n readonly calendarItemApi: IccCalendarItemXApi\n readonly receiptApi: IccReceiptXApi\n readonly timetableApi: IccTimeTableXApi\n readonly patientApi: IccPatientXApi\n readonly messageApi: IccMessageXApi\n readonly maintenanceTaskApi: IccMaintenanceTaskXApi\n readonly dataOwnerApi: IccDataOwnerXApi\n readonly icureMaintenanceTaskApi: IccIcureMaintenanceXApi\n readonly anonymousAccessApi: IccAnonymousAccessApi\n readonly applicationSettingsApi: IccApplicationsettingsApi\n readonly articleApi: IccArticleApi\n readonly bekmehrApi: IccBekmehrXApi\n readonly beefactApi: IccBeefactApi\n readonly beresultexportApi: IccBeresultexportApi\n readonly beresultimportApi: IccBeresultimportApi\n readonly besamv2Api: IccBesamv2Api\n readonly classificationTemplateApi: IccClassificationTemplateApi\n readonly doctemplateApi: IccDoctemplateXApi\n readonly entitytemplateApi: IccEntitytemplateApi\n readonly frontendmigrationApi: IccFrontendmigrationApi\n readonly icureApi: IccIcureApi\n readonly keywordApi: IccKeywordApi\n readonly medexApi: IccMedexApi\n readonly placeApi: IccPlaceApi\n readonly pubsubApi: IccPubsubApi\n readonly replicationApi: IccReplicationApi\n readonly tarificationApi: IccTarificationApi\n readonly tmpApi: IccTmpApi\n readonly topicApi: IccTopicXApi\n readonly roleApi: IccRoleApi\n readonly recoveryApi: IccRecoveryXApi\n}\n\n/**\n * Allows to customise the behaviour of the iCure API by providing various optional parameters.\n */\nexport interface IcureApiOptions {\n /**\n * Specifies how iCure can store string values (e.g. json). In production this should be persistent storage.\n * @default the browser's localStorage.\n */\n readonly storage?: StorageFacade<string>\n /**\n * Specifies how iCure can store cryptographic keys. Preferably this should be some ad-hoc storage key storage.\n * @default stores the json of the jwk representation of the key in {@link storage}.\n */\n readonly keyStorage?: KeyStorageFacade\n /**\n * Specifies where iCure should store his data within the {@link storage} and {@link keyStorage}.\n * @default {@link DefaultStorageEntryKeysFactory}\n */\n readonly entryKeysFactory?: StorageEntryKeysFactory\n /**\n * Specifies if iCure should automatically create maintenance tasks for requesting access back when a new key is generated at initialisation time.\n * Note that the maintenance task will be created only towards HCP data owners: if you want to create a maintenance task also to other types of data\n * owners you should disable this and call {@link IccIcureMaintenanceXApi.createMaintenanceTasksForNewKeypair} yourself.\n * @default true\n */\n readonly createMaintenanceTasksOnNewKey?: boolean\n /**\n * Additional headers to use on each request made by the iCure api.\n * @default no additional headers\n */\n readonly headers?: { [headerName: string]: string }\n /**\n * Specifies which fields should be encrypted for each kind of encryptable entity. You should make sure that every application in your environment\n * specifies the same values for this configuration.\n * @default see documentation for {@link EncryptedFieldsConfig}\n */\n readonly encryptedFieldsConfig?: EncryptedFieldsConfig\n /**\n * Each user may exist in multiple groups, but an instance of {@link IcureApi} is specialised for a single group. This function allows you to decide\n * the group to use for a given user. This functions will be called only if a user exists in at least 2 groups, takes in input the information on\n * the groups the user can access (in no specific order) and must return the id of one of these groups.\n * @default takes the first group provided. The group chosen by this method may vary between different instantiations of the {@link IcureApi} even\n * if for the same user and if the groups available for the user do not change.\n */\n readonly groupSelector?: (availableGroupsInfo: UserGroup[]) => Promise<string>\n /**\n * Temporary value to support EHR Lite and MedTech api implementations.\n *\n * Currently, all hcps are able to access encrypted data shared with any of their parents, and on initialisation the api will verify that there is a\n * key pair available for the current user and for every parent of the user. If this option is set to true, the api will not load keys for the\n * parent users.\n *\n * This \"implicit data-sharing scheme\" (each parent HCP is essentially sharing data with all its children HCPs), however, may not be ideal for all\n * use cases, and it will be changed in future to be configurable in order to make it more general.\n * @default false, equivalent to previous behaviour.\n */\n readonly disableParentKeysInitialisation?: boolean\n}\n\nnamespace IcureApiOptions {\n export namespace Defaults {\n export const entryKeysFactory = new DefaultStorageEntryKeysFactory()\n export const createMaintenanceTasksOnNewKey = true\n export const headers = {}\n }\n\n export class WithDefaults implements IcureApiOptions {\n readonly entryKeysFactory: StorageEntryKeysFactory\n readonly createMaintenanceTasksOnNewKey: boolean\n readonly storage: StorageFacade<string>\n readonly keyStorage: KeyStorageFacade\n readonly headers: { [headerName: string]: string }\n readonly encryptedFieldsConfig: EncryptedFieldsConfig\n readonly groupSelector: (availableGroupsInfo: UserGroup[]) => Promise<string>\n readonly disableParentKeysInitialisation: boolean\n\n constructor(custom: IcureApiOptions) {\n this.entryKeysFactory = custom.entryKeysFactory ?? Defaults.entryKeysFactory\n this.createMaintenanceTasksOnNewKey = custom.createMaintenanceTasksOnNewKey ?? Defaults.createMaintenanceTasksOnNewKey\n this.storage = custom.storage ?? new LocalStorageImpl()\n this.keyStorage = custom.keyStorage ?? new KeyStorageImpl(this.storage)\n this.headers = custom.headers ?? Defaults.headers\n this.encryptedFieldsConfig = custom.encryptedFieldsConfig ?? {}\n this.groupSelector = custom.groupSelector ?? ((groups) => Promise.resolve(groups[0].groupId!))\n this.disableParentKeysInitialisation = custom.disableParentKeysInitialisation ?? false\n }\n }\n}\n\n/**\n * Specifies which fields should be encrypted for each kind of encryptable entity.\n *\n * Note that any value you specify here overrides the default values. For example if you specify `['medicalLocationId']` for `healthElement` the\n * fields `['descr', 'note']` which are usually encrypted by default will no longer be encrypted. If you want to add fields to the default values\n * you can use {@link EncryptedFieldsConfig.Defaults}, for example `[...EncryptedFieldsConfig.Defaults.healthElement, 'medicalLocationId'].\n *\n * # Encrypted fields syntax\n *\n * ## Grammar\n *\n * The grammar for each encrypted field is the following:\n * ```\n * fieldName :=\n * regex([a-zA-Z_][a-zA-Z0-9_]+)\n * encryptedField :=\n * fieldName\n * | fieldName + (\".\" | \".*.\" | \"[].\") + encryptedField\n * ```\n *\n * This grammar allows you to specify the fields to encrypt for the object and recursively for nested objects.\n * - A string containing only a single `fieldName` will encrypt the field with the given name.\n * - A string starting with `fieldName.` allows to specify the encrypted fields of a nested object. The encrypted values of the\n * fields in the nested object will be saved in the nested object.\n * - A string starting with `fieldName.*.` treats `fieldName` as a map/dictionary data structure and allows to specify the encrypted fields of the\n * values of the map. Note that the values of the map must be objects as well. The encrypted content of each map value is stored in that value.\n * - A string starting with `fieldName[].` treats `fieldName` as an array and allows to specify the encrypted fields of the values of the array.\n * Note that the values of the array must be objects as well. The encrypted content of each array element is stored in that element.\n *\n * ## Example\n *\n * Consider the following object and encryption keys:\n * ```javascript\n * const obj = {\n * a: { x: 0, y: 1 },\n * b: \"hello\",\n * c: [ { public: \"a\", secret: \"b\" }, { public: \"c\", secret: \"d\" } ],\n * d: \"ok\",\n * e: {\n * info: \"something\",\n * private: \"secret\",\n * dataMap: {\n * \"en\": {\n * a: 1,\n * b: 2\n * },\n * \"fr\": {\n * a: 3,\n * b: 4\n * }\n * }\n * }\n * }\n * const encryptedFields = [\n * \"a\",\n * \"c[].secret\",\n * \"d\",\n * \"e.private\",\n * \"e.datamap.*.a\"\n * ]\n * ```\n * If you use them with the crypt method you will get the following result:\n * ```json\n * {\n * b: \"hello\",\n * c: [\n * { public: \"a\", encryptedSelf: 'encrypted+encoded { secret: \"b\" }' },\n * { public: \"c\", encryptedSelf: 'encrypted+encoded { secret: \"d\" }' }\n * ],\n * e: {\n * info: \"something\",\n * dataMap: {\n * \"en\": { b: 2, encryptedSelf: 'encrypted+encoded { a: 1 }' },\n * \"fr\": { b: 4, encryptedSelf: 'encrypted+encoded { a: 3 }' }\n * },\n * encryptedSelf: 'encrypted+encoded { private: \"secret\" }'\n * },\n * encryptedSelf: 'encrypted+encoded { a: { x: 0, y: 1 }, d: \"ok\" }'\n * }\n * ```\n *\n * ## Shortened representation\n *\n * You can also group encrypted fields having the same prefix by concatenating to the prefix the JSON representation of an array of all the postfixes.\n * For example the following encrypted fields:\n * ```javascript\n * const encryptedFields = [\"a.b.c.d.e.f1\", \"a.b.c.d.e.f2\", \"a.b.c.d.e.f3\", \"a.b.c.d.e.f4\"]\n * ```\n * can be shortened to\n * ```javascript\n * const encryptedFields = ['a.b.c.d.e.[\"f1\",\"f2\",\"f3\",\"f4\"]'] // Note the use of single quotes to avoid escaping the double quotes\n * ```\n * If you use the shortened representation you may need to escape nested json representations. In that case the use of `JSON.stringify` is\n * recommended.\n */\nexport interface EncryptedFieldsConfig {\n /**\n * Fields to encrypt for entities of type {@link AccessLog}\n * @default ['detail', 'objectId']\n */\n readonly accessLog?: string[]\n /**\n * Fields to encrypt for entities of type {@link CalendarItem}\n * @default ['details', 'title', 'patientId']\n */\n readonly calendarItem?: string[]\n /**\n * Fields to encrypt for entities of type {@link Contact}, excluding `services`. You can specify which fields of `services` should be encrypted\n * using {@link service}.\n * @default ['descr'] // encryption of `services` is managed through {@link service}\n */\n readonly contact?: string[]\n /**\n * Fields to encrypt for entities of type {@link Service}. Note that encryption of the `content` field and recursively contained `Services` through\n * `content.compoundValue` is automatically managed by the sdk, and you are not allowed to modify it.\n *\n * Note: any non-empty values for this field will break bi-directional data compatibility between v7 and previous: Contacts created with\n * v7 will not be read properly by previous versions. If you want\n * @default ['notes[].markdown'] // encryption of `content` is managed in a special way\n */\n readonly service?: string[]\n /**\n * Fields to encrypt for entities of type {@link HealthElement}\n * @default ['descr', 'note', 'notes[].markdown']\n */\n readonly healthElement?: string[]\n /**\n * Fields to encrypt for entities of type {@link MaintenanceTask}\n * @default ['properties']\n */\n readonly maintenanceTask?: string[]\n /**\n * Fields to encrypt for entities of type {@link Patient}\n * @default ['note', 'notes[].markdown']\n */\n readonly patient?: string[]\n\n /**\n * Fields to encrypt for entities of type {@link Message}\n * @default []\n */\n readonly message?: string[]\n\n /**\n * Fields to encrypt for entities of type {@link Topic}\n * @default ['description']\n */\n readonly topic?: string[]\n}\n\nexport namespace EncryptedFieldsConfig {\n export const Defaults = {\n accessLog: ['detail', 'objectId'],\n calendarItem: ['details', 'title', 'patientId'],\n contact: ['descr'],\n service: ['notes[].markdown'],\n healthElement: ['descr', 'note', 'notes[].markdown'],\n maintenanceTask: ['properties'],\n patient: ['note', 'notes[].markdown'],\n message: [],\n topic: ['description', 'linkedServices', 'linkedHealthElements'],\n }\n}\n\n/**\n * Details for the authentication of a user\n */\nexport type AuthenticationDetails =\n | {\n username: string\n password: string\n thirdPartyTokens?: { [thirdParty: string]: string }\n }\n | {\n icureTokens: { token: string; refreshToken: string }\n credentials?: { username: string; password: string }\n }\n | {\n thirdPartyTokens: { [thirdParty: string]: string }\n }\n | SmartAuthenticationDetails\n\n/**\n * Allows to perform authentication through an {@link AuthSecretProvider}.\n *\n * The iCure SDK can authenticate to the backend using different kinds of secrets, such as passwords, long-lived authentication tokens, and\n * short-lived authentication tokens generated through the message gateway. iCure associates to each kind of secret a certain security level, and for\n * some sensitive operations, depending on the configurations of the user and his group, some operations may require a secret of a certain security\n * level. For example, with the default configurations, in order to change his own email the user can't have logged in with a long-lived token, but he\n * needs to provide his current password or a short-lived token.\n *\n * By using this authentication option, the iCure SDK will automatically request and cache the secret from the {@link AuthSecretProvider} only when\n * needed, which should help to minimise the interaction with the user.\n *\n * Another advantage of using this authentication option over others is that in case all the cached tokens and secrets were to expire while performing\n * a request, instead of having the request fail the SDK will ask for a new secret from the {@link SmartAuthProvider} and the request will\n * automatically be retried with the new secret.\n *\n * You must provide the following information:\n * - username: any kind of value that can identify the user (userId, groupId/userId, username, email, ...). More generic identifiers, valid\n * on multiple groups, allow for simpler group switching by using {@link IcureApi.switchGroup}.\n * - secretProvider: the secret provider to use for authentication. Will handle interaction with the gui.\n *\n * You can also provide the following optional information, which may allow to reduce the requests for secrets initially:\n * - initialSecret: an initial secret (password, token, ...) that will be used to get new authentication tokens as needed. If it is expired it will be ignored.\n * - initialAuthToken: an initial authentication token used on each request. If it is expired it will be ignored.\n * - initialRefreshToken: an initial refresh token used to get new authentication tokens as needed. If it is expired it will be ignored.\n */\nexport type SmartAuthenticationDetails = {\n username: string\n secretProvider: AuthSecretProvider\n initialSecret?: { plainSecret: string } | { oauthToken: string; oauthType: OAuthThirdParty }\n initialAuthToken?: string\n initialRefreshToken?: string\n}\n\n/**\n * Main entry point for the iCure API. Provides entity-specific sub-apis and some general methods which are not related to a specific entity.\n */\nexport interface IcureApi extends Apis {\n /**\n * Get the information on groups that the current user can access and the current group that this api instance is working on.\n * Note that the values you will get for `availableGroups` may differ from the values you would get if you call {@link IccUserApi.getMatchingUsers}\n * on {@link Apis.userApi}, since the latter is specialised on the specific instance of the user in `currentGroup`.\n * - `currentGroup`: the group that this api instance is working on, or undefined if the backend environment is not multi-group.\n * - `availableGroups`: the list of groups that the current user can access with the provided secret. Empty if the backend environment is not\n * multi-group.\n */\n getGroupsInfo(): Promise<{ currentGroup: UserGroup | undefined; availableGroups: UserGroup[] }>\n\n /**\n * Switches the api to allow the user to work on a different group.\n * @param newGroupId the id of the group to switch to.\n * @return a new api for the specified group.\n */\n switchGroup(newGroupId: string): Promise<IcureApi>\n}\n\nexport namespace IcureApi {\n /**\n * Initialises a new instance of the iCure API.\n */\n export async function initialise(\n host: string,\n authenticationOptions: AuthenticationDetails | AuthenticationProvider,\n cryptoStrategies: CryptoStrategies,\n crypto: Crypto = typeof window !== 'undefined' ? window.crypto : typeof self !== 'undefined' ? self.crypto : ({} as Crypto),\n fetchImpl: (input: RequestInfo, init?: RequestInit) => Promise<Response> = typeof window !== 'undefined'\n ? window.fetch\n : typeof self !== 'undefined'\n ? self.fetch\n : fetch,\n options: IcureApiOptions = {}\n ): Promise<IcureApi> {\n const params = new IcureApiOptions.WithDefaults(options)\n let grouplessAuthenticationProvider = await getAuthenticationProvider(host, authenticationOptions, params.headers, fetchImpl)\n // TODO if this uses a smart auth provider the groupless auth provider does not share the secret cache with the group specific one.\n const grouplessUserApi = new IccUserApi(host, params.headers, grouplessAuthenticationProvider, fetchImpl)\n const matches = await getMatchesOrEmpty(grouplessUserApi)\n const chosenGroupId = matches.length > 1 && !!options.groupSelector ? await options.groupSelector(matches) : matches[0]?.groupId\n const groupSpecificAuthenticationProviderInfo =\n matches.length > 1 && chosenGroupId\n ? await grouplessAuthenticationProvider.switchGroup(chosenGroupId, matches)\n : { switchedProvider: grouplessAuthenticationProvider, isGroupLocked: false }\n /*TODO\n * On new very new users switching the authentication provider to a specific group may fail and block the user for too many requests. This is\n * probably linked to replication of the user in the fallback database.\n */\n const groupSpecificAuthenticationProvider =\n matches.length > 1 && chosenGroupId\n ? await grouplessAuthenticationProvider.switchGroup(chosenGroupId, matches)\n : grouplessAuthenticationProvider\n const cryptoInitInfo = await initialiseCryptoWithProvider(host, fetchImpl, groupSpecificAuthenticationProvider, params, cryptoStrategies, crypto)\n return new IcureApiImpl(\n cryptoInitInfo,\n host,\n groupSpecificAuthenticationProvider,\n fetch,\n grouplessUserApi,\n matches,\n matches.find((match) => match.groupId === chosenGroupId),\n params,\n cryptoStrategies\n )\n }\n}\n\nasync function getAuthenticationProvider(\n host: string,\n authenticationOptions: AuthenticationDetails | AuthenticationProvider,\n headers: { [headerName: string]: string },\n fetchImpl: (input: RequestInfo, init?: RequestInit) => Promise<Response>\n) {\n let authenticationProvider: AuthenticationProvider\n if ('getIcureTokens' in authenticationOptions && 'switchGroup' in authenticationOptions && 'getAuthService' in authenticationOptions) {\n authenticationProvider = authenticationOptions\n } else if ('icureTokens' in authenticationOptions && !!authenticationOptions.icureTokens) {\n authenticationProvider = new JwtAuthenticationProvider(\n new IccAuthApi(host, headers, new NoAuthenticationProvider(), fetchImpl),\n authenticationOptions?.credentials?.username,\n authenticationOptions?.credentials?.password,\n undefined,\n authenticationOptions.icureTokens\n )\n } else if (\n 'username' in authenticationOptions &&\n 'password' in authenticationOptions &&\n !!authenticationOptions.username &&\n !!authenticationOptions.password\n ) {\n authenticationProvider = new EnsembleAuthenticationProvider(\n new IccAuthApi(host, headers, new NoAuthenticationProvider(), fetchImpl),\n authenticationOptions.username,\n authenticationOptions.password,\n 3600,\n undefined,\n undefined,\n authenticationOptions.thirdPartyTokens\n )\n } else if ('thirdPartyTokens' in authenticationOptions && !!authenticationOptions.thirdPartyTokens) {\n authenticationProvider = new JwtAuthenticationProvider(\n new IccAuthApi(host, headers, new NoAuthenticationProvider(), fetchImpl),\n undefined,\n undefined,\n new JwtBridgedAuthService(\n new IccAuthApi(host, headers, new NoAuthenticationProvider(), fetchImpl),\n undefined,\n undefined,\n authenticationOptions.thirdPartyTokens,\n undefined\n )\n )\n } else if ('username' in authenticationOptions && 'secretProvider' in authenticationOptions) {\n authenticationProvider = SmartAuthProvider.initialise(\n new IccAuthApi(host, headers, new NoAuthenticationProvider(), fetchImpl),\n authenticationOptions.username,\n authenticationOptions.secretProvider,\n {\n initialSecret: authenticationOptions.initialSecret,\n initialAuthToken: authenticationOptions.initialAuthToken,\n initialRefreshToken: authenticationOptions.initialRefreshToken,\n }\n )\n } else {\n throw new Error('Invalid authentication options provided')\n }\n return authenticationProvider\n}\n\n// Apis which are used during crypto api initialisation, to avoid re-instantiating them later\ntype CryptoInitialisationInfo = {\n cryptoApi: IccCryptoXApi\n healthcarePartyApi: IccHcpartyXApi\n deviceApi: IccDeviceXApi\n // no patient api since it is base\n dataOwnerApi: IccDataOwnerXApi\n userApi: IccUserXApi\n icureMaintenanceTaskApi: IccIcureMaintenanceXApi\n maintenanceTaskApi: IccMaintenanceTaskXApi\n headers: { [headerName: string]: string }\n dataOwnerRequiresAnonymousDelegation: boolean\n recoveryApi: IccRecoveryXApi\n}\n\nconst REQUEST_AUTOFIX_ANONYMITY_HEADER = 'Icure-Request-Autofix-Anonymity'\n\nasync function initialiseCryptoWithProvider(\n host: string,\n fetchImpl: (input: RequestInfo, init?: RequestInit) => Promise<Response>,\n groupSpecificAuthenticationProvider: AuthenticationProvider,\n params: IcureApiOptions.WithDefaults,\n cryptoStrategies: CryptoStrategies,\n crypto: Crypto\n): Promise<CryptoInitialisationInfo> {\n const initialDataOwnerStub = await new IccDataOwnerXApi(\n host,\n params.headers,\n groupSpecificAuthenticationProvider,\n fetchImpl\n ).getCurrentDataOwnerStub()\n const dataOwnerRequiresAnonymousDelegation = cryptoStrategies.dataOwnerRequiresAnonymousDelegation(initialDataOwnerStub)\n let updatedHeaders = params.headers\n if (!Object.keys(updatedHeaders).includes(REQUEST_AUTOFIX_ANONYMITY_HEADER)) {\n if (initialDataOwnerStub.type == DataOwnerTypeEnum.Patient || initialDataOwnerStub.type == DataOwnerTypeEnum.Device) {\n if (!dataOwnerRequiresAnonymousDelegation) {\n updatedHeaders = { ...updatedHeaders, [REQUEST_AUTOFIX_ANONYMITY_HEADER]: 'false' }\n }\n } else {\n if (dataOwnerRequiresAnonymousDelegation) {\n updatedHeaders = { ...updatedHeaders, [REQUEST_AUTOFIX_ANONYMITY_HEADER]: 'true' }\n }\n }\n }\n\n const authApi = new IccAuthApi(host, updatedHeaders, groupSpecificAuthenticationProvider, fetchImpl)\n const userApi = new IccUserXApi(host, updatedHeaders, groupSpecificAuthenticationProvider, authApi, fetchImpl)\n const healthcarePartyApi = new IccHcpartyXApi(host, updatedHeaders, groupSpecificAuthenticationProvider, authApi, fetchImpl)\n const deviceApi = new IccDeviceXApi(host, updatedHeaders, groupSpecificAuthenticationProvider, userApi, authApi, fetchImpl)\n const basePatientApi = new IccPatientApi(host, updatedHeaders, groupSpecificAuthenticationProvider, fetchImpl)\n const dataOwnerApi = new IccDataOwnerXApi(host, updatedHeaders, groupSpecificAuthenticationProvider, fetchImpl)\n const exchangeDataApi = new IccExchangeDataApi(host, updatedHeaders, groupSpecificAuthenticationProvider, fetchImpl)\n const baseRecoveryDataApi = new IccRecoveryDataApi(host, updatedHeaders, groupSpecificAuthenticationProvider, fetchImpl)\n // Crypto initialisation\n const icureStorage = new IcureStorageFacade(params.keyStorage, params.storage, params.entryKeysFactory)\n const cryptoPrimitives = new CryptoPrimitives(crypto)\n const baseExchangeKeysManager = new BaseExchangeKeysManager(cryptoPrimitives, dataOwnerApi, healthcarePartyApi, basePatientApi, deviceApi)\n const baseExchangeDataManager = new BaseExchangeDataManager(exchangeDataApi, dataOwnerApi, cryptoPrimitives, dataOwnerRequiresAnonymousDelegation)\n const keyRecovery = new KeyRecovery(cryptoPrimitives, dataOwnerApi, baseExchangeKeysManager, baseExchangeDataManager)\n const recoveryDataEncryption = new RecoveryDataEncryption(cryptoPrimitives, baseRecoveryDataApi)\n const keyPairRecoverer = new KeyPairRecoverer(recoveryDataEncryption)\n const userEncryptionKeysManager = new UserEncryptionKeysManager(\n cryptoPrimitives,\n dataOwnerApi,\n icureStorage,\n keyRecovery,\n cryptoStrategies,\n !params.disableParentKeysInitialisation,\n keyPairRecoverer\n )\n const userSignatureKeysManager = new UserSignatureKeysManager(icureStorage, dataOwnerApi, cryptoPrimitives)\n const newKey = await userEncryptionKeysManager.initialiseKeys()\n await new TransferKeysManager(\n cryptoPrimitives,\n baseExchangeDataManager,\n dataOwnerApi,\n userEncryptionKeysManager,\n userSignatureKeysManager,\n icureStorage\n ).updateTransferKeys(await dataOwnerApi.getCurrentDataOwnerStub())\n // TODO customise cache size?\n const exchangeKeysManager = new ExchangeKeysManager(\n 100,\n 500,\n 600000,\n 60000,\n cryptoStrategies,\n cryptoPrimitives,\n userEncryptionKeysManager,\n baseExchangeKeysManager,\n dataOwnerApi,\n !params.disableParentKeysInitialisation,\n icureStorage\n )\n const accessControlSecretUtils = new AccessControlSecretUtils(cryptoPrimitives)\n const exchangeDataManager = await initialiseExchangeDataManagerForCurrentDataOwner(\n baseExchangeDataManager,\n userEncryptionKeysManager,\n userSignatureKeysManager,\n accessControlSecretUtils,\n cryptoStrategies,\n dataOwnerApi,\n cryptoPrimitives,\n !params.disableParentKeysInitialisation\n )\n const exchangeDataMapManager = new ExchangeDataMapManager(\n new IccExchangeDataMapApi(host, updatedHeaders, groupSpecificAuthenticationProvider, fetchImpl)\n )\n const secureDelegationsEncryption = new SecureDelegationsEncryption(userEncryptionKeysManager, cryptoPrimitives)\n const secureDelegationsSecurityMetadataEncryption = new SecureDelegationsSecurityMetadataDecryptor(\n exchangeDataManager,\n exchangeDataMapManager,\n secureDelegationsEncryption,\n dataOwnerApi\n )\n const xApiUtils = new ExtendedApisUtilsImpl(\n cryptoPrimitives,\n dataOwnerApi,\n new LegacyDelegationSecurityMetadataDecryptor(exchangeKeysManager, cryptoPrimitives),\n secureDelegationsSecurityMetadataEncryption,\n new SecureDelegationsManager(\n exchangeDataManager,\n exchangeDataMapManager,\n secureDelegationsEncryption,\n accessControlSecretUtils,\n userEncryptionKeysManager,\n cryptoPrimitives,\n dataOwnerApi,\n cryptoStrategies,\n dataOwnerRequiresAnonymousDelegation\n ),\n userApi,\n !params.disableParentKeysInitialisation\n )\n const shamirManager = new ShamirKeysManager(cryptoPrimitives, dataOwnerApi, userEncryptionKeysManager, exchangeDataManager)\n const confidentialEntitites = new ConfidentialEntities(xApiUtils, cryptoPrimitives, dataOwnerApi)\n await ensureDelegationForSelf(dataOwnerApi, xApiUtils, basePatientApi, cryptoPrimitives)\n const accessControlKeysHeadersProvider = new AccessControlKeysHeadersProvider(exchangeDataManager)\n const delegationsDeAnonymisation = new DelegationsDeAnonymization(\n dataOwnerApi,\n secureDelegationsSecurityMetadataEncryption,\n xApiUtils,\n cryptoPrimitives,\n accessControlSecretUtils,\n host,\n updatedHeaders,\n groupSpecificAuthenticationProvider,\n fetchImpl,\n accessControlKeysHeadersProvider\n )\n const cryptoApi = new IccCryptoXApi(\n exchangeKeysManager,\n cryptoPrimitives,\n userEncryptionKeysManager,\n dataOwnerApi,\n xApiUtils,\n shamirManager,\n params.storage,\n params.keyStorage,\n confidentialEntitites,\n exchangeDataManager,\n accessControlKeysHeadersProvider,\n delegationsDeAnonymisation\n )\n const maintenanceTaskApi = new IccMaintenanceTaskXApi(\n host,\n updatedHeaders,\n cryptoApi,\n healthcarePartyApi,\n dataOwnerApi,\n userApi,\n authApi,\n !dataOwnerRequiresAnonymousDelegation,\n params.encryptedFieldsConfig.maintenanceTask ?? EncryptedFieldsConfig.Defaults.maintenanceTask,\n groupSpecificAuthenticationProvider,\n fetchImpl\n )\n const icureMaintenanceTaskApi = new IccIcureMaintenanceXApi(cryptoApi, maintenanceTaskApi, dataOwnerApi, exchangeDataApi)\n\n if (newKey && params.createMaintenanceTasksOnNewKey) {\n await icureMaintenanceTaskApi.createMaintenanceTasksForNewKeypair(await userApi.getCurrentUser(), newKey.newKeyPair)\n }\n return {\n cryptoApi,\n userApi,\n healthcarePartyApi,\n deviceApi,\n maintenanceTaskApi,\n dataOwnerApi,\n icureMaintenanceTaskApi,\n headers: updatedHeaders,\n dataOwnerRequiresAnonymousDelegation,\n recoveryApi: new IccRecoveryXApi(\n baseRecoveryDataApi,\n recoveryDataEncryption,\n userEncryptionKeysManager,\n dataOwnerApi,\n cryptoPrimitives,\n exchangeDataManager\n ),\n }\n}\n\nclass IcureApiImpl implements IcureApi {\n private latestGroupsRequest: Promise<UserGroup[]>\n\n constructor(\n private readonly cryptoInitInfos: CryptoInitialisationInfo,\n private readonly host: string,\n private readonly groupSpecificAuthenticationProvider: AuthenticationProvider,\n private readonly fetch: (input: RequestInfo, init?: RequestInit) => Promise<Response>,\n private readonly grouplessUserApi: IccUserApi,\n latestMatches: UserGroup[],\n private readonly currentGroupInfo: UserGroup | undefined,\n private readonly params: IcureApiOptions.WithDefaults,\n private readonly cryptoStrategies: CryptoStrategies\n ) {\n this.latestGroupsRequest = Promise.resolve(latestMatches)\n }\n\n private _authApi: IccAuthApi | undefined\n\n get recoveryApi(): IccRecoveryXApi {\n return this.cryptoInitInfos.recoveryApi\n }\n\n get authApi(): IccAuthApi {\n return (\n this._authApi ?? (this._authApi = new IccAuthApi(this.host, this.cryptoInitInfos.headers, this.groupSpecificAuthenticationProvider, this.fetch))\n )\n }\n\n private _codeApi: IccCodeXApi | undefined\n\n get codeApi(): IccCodeXApi {\n return (\n this._codeApi ??\n (this._codeApi = new IccCodeXApi(this.host, this.cryptoInitInfos.headers, this.groupSpecificAuthenticationProvider, this.fetch))\n )\n }\n\n private _calendarItemTypeApi: IccCalendarItemTypeApi | undefined\n\n get calendarItemTypeApi(): IccCalendarItemTypeApi {\n return (\n this._calendarItemTypeApi ??\n (this._calendarItemTypeApi = new IccCalendarItemTypeApi(\n this.host,\n this.cryptoInitInfos.headers,\n this.groupSpecificAuthenticationProvider,\n this.fetch\n ))\n )\n }\n\n private _medicalLocationApi: IccMedicallocationApi | undefined\n\n get medicalLocationApi(): IccMedicallocationApi {\n return (\n this._medicalLocationApi ??\n (this._medicalLocationApi = new IccMedicallocationApi(\n this.host,\n this.cryptoInitInfos.headers,\n this.groupSpecificAuthenticationProvider,\n this.fetch\n ))\n )\n }\n\n private _roleApi: IccRoleApi | undefined\n\n get roleApi(): IccRoleApi {\n return this._roleApi ?? (this._roleApi = new IccRoleApi(this.host, this.params.headers, this.groupSpecificAuthenticationProvider, this.fetch))\n }\n\n private _entityReferenceApi: IccEntityrefApi | undefined\n\n get entityReferenceApi(): IccEntityrefApi {\n return (\n this._entityReferenceApi ??\n (this._entityReferenceApi = new IccEntityrefApi(this.host, this.cryptoInitInfos.headers, this.groupSpecificAuthenticationProvider, this.fetch))\n )\n }\n\n private _permissionApi: IccPermissionApi | undefined\n\n get permissionApi(): IccPermissionApi {\n return (\n this._permissionApi ??\n (this._permissionApi = new IccPermissionApi(this.host, this.cryptoInitInfos.headers, this.groupSpecificAuthenticationProvider, this.fetch))\n )\n }\n\n private _accessLogApi: IccAccesslogXApi | undefined\n\n get accessLogApi(): IccAccesslogXApi {\n return (\n this._accessLogApi ??\n (this._accessLogApi = new IccAccesslogXApi(\n this.host,\n this.cryptoInitInfos.headers,\n this.cryptoApi,\n this.dataOwnerApi,\n !this.cryptoInitInfos.dataOwnerRequiresAnonymousDelegation,\n this.params.encryptedFieldsConfig.accessLog ?? EncryptedFieldsConfig.Defaults.accessLog,\n this.groupSpecificAuthenticationProvider,\n this.fetch\n ))\n )\n }\n\n private _agendaApi: IccAgendaApi | undefined\n\n get agendaApi(): IccAgendaApi {\n return (\n this._agendaApi ??\n (this._agendaApi = new IccAgendaApi(this.host, this.cryptoInitInfos.headers, this.groupSpecificAuthenticationProvider, this.fetch))\n )\n }\n\n private _contactApi: IccContactXApi | undefined\n\n get contactApi(): IccContactXApi {\n return (\n this._contactApi ??\n (this._contactApi = new IccContactXApi(\n this.host,\n this.cryptoInitInfos.headers,\n this.cryptoApi,\n this.dataOwnerApi,\n this.userApi,\n this.authApi,\n !this.cryptoInitInfos.dataOwnerRequiresAnonymousDelegation,\n this.groupSpecificAuthenticationProvider,\n this.fetch,\n this.params.encryptedFieldsConfig.contact ?? EncryptedFieldsConfig.Defaults.contact,\n this.params.encryptedFieldsConfig.service ?? EncryptedFieldsConfig.Defaults.service\n ))\n )\n }\n\n private _formApi: IccFormXApi | undefined\n\n get formApi(): IccFormXApi {\n return (\n this._formApi ??\n (this._formApi = new IccFormXApi(\n this.host,\n this.cryptoInitInfos.headers,\n this.cryptoApi,\n this.dataOwnerApi,\n !this.cryptoInitInfos.dataOwnerRequiresAnonymousDelegation,\n this.groupSpecificAuthenticationProvider,\n this.fetch\n ))\n )\n }\n\n private _groupApi: IccGroupApi | undefined\n\n get groupApi(): IccGroupApi {\n return (\n this._groupApi ??\n (this._groupApi = new IccGroupApi(this.host, this.cryptoInitInfos.headers, this.groupSpecificAuthenticationProvider, this.fetch))\n )\n }\n\n private _invoiceApi: IccInvoiceXApi | undefined\n\n get invoiceApi(): IccInvoiceXApi {\n return (\n this._invoiceApi ??\n (this._invoiceApi = new IccInvoiceXApi(\n this.host,\n this.cryptoInitInfos.headers,\n this.cryptoApi,\n this.entityReferenceApi,\n this.dataOwnerApi,\n !this.cryptoInitInfos.dataOwnerRequiresAnonymousDelegation,\n this.groupSpecificAuthenticationProvider,\n this.fetch\n ))\n )\n }\n\n private _insuranceApi: IccInsuranceApi | undefined\n\n get insuranceApi(): IccInsuranceApi {\n return (\n this._insuranceApi ??\n (this._insuranceApi = new IccInsuranceApi(this.host, this.cryptoInitInfos.headers, this.groupSpecificAuthenticationProvider, this.fetch))\n )\n }\n\n private _documentApi: IccDocumentXApi | undefined\n\n get documentApi(): IccDocumentXApi {\n return (\n this._documentApi ??\n (this._documentApi = new IccDocumentXApi(\n this.host,\n this.cryptoInitInfos.headers,\n this.cryptoApi,\n this.authApi,\n this.dataOwnerApi,\n !this.cryptoInitInfos.dataOwnerRequiresAnonymousDelegation,\n this.groupSpecificAuthenticationProvider,\n this.fetch\n ))\n )\n }\n\n private _healthcareElementApi: IccHelementXApi | undefined\n\n get healthcareElementApi(): IccHelementXApi {\n return (\n this._healthcareElementApi ??\n (this._healthcareElementApi = new IccHelementXApi(\n this.host,\n this.cryptoInitInfos.headers,\n this.cryptoApi,\n this.dataOwnerApi,\n this.userApi,\n this.authApi,\n !this.cryptoInitInfos.dataOwnerRequiresAnonymousDelegation,\n this.params.encryptedFieldsConfig.healthElement ?? EncryptedFieldsConfig.Defaults.healthElement,\n this.groupSpecificAuthenticationProvider,\n this.fetch\n ))\n )\n }\n\n private _classificationApi: IccClassificationXApi | undefined\n\n get classificationApi(): IccClassificationXApi {\n return (\n this._classificationApi ??\n (this._classificationApi = new IccClassificationXApi(\n this.host,\n this.cryptoInitInfos.headers,\n this.cryptoApi,\n this.dataOwnerApi,\n !this.cryptoInitInfos.dataOwnerRequiresAnonymousDelegation,\n this.groupSpecificAuthenticationProvider,\n this.fetch\n ))\n )\n }\n\n private _calendarItemApi: IccCalendarItemXApi | undefined\n\n get calendarItemApi(): IccCalendarItemXApi {\n return (\n this._calendarItemApi ??\n (this._calendarItemApi = new IccCalendarItemXApi(\n this.host,\n this.cryptoInitInfos.headers,\n this.cryptoApi,\n this.dataOwnerApi,\n !this.cryptoInitInfos.dataOwnerRequiresAnonymousDelegation,\n this.params.encryptedFieldsConfig.calendarItem ?? EncryptedFieldsConfig.Defaults.calendarItem,\n this.groupSpecificAuthenticationProvider,\n this.fetch\n ))\n )\n }\n\n private _receiptApi: IccReceiptXApi | undefined\n\n get receiptApi(): IccReceiptXApi {\n return (\n this._receiptApi ??\n (this._receiptApi = new IccReceiptXApi(\n this.host,\n this.cryptoInitInfos.headers,\n this.cryptoApi,\n this.dataOwnerApi,\n !this.cryptoInitInfos.dataOwnerRequiresAnonymousDelegation,\n this.groupSpecificAuthenticationProvider,\n this.fetch\n ))\n )\n }\n\n private _timetableApi: IccTimeTableXApi | undefined\n\n get timetableApi(): IccTimeTableXApi {\n return (\n this._timetableApi ??\n (this._timetableApi = new IccTimeTableXApi(\n this.host,\n this.cryptoInitInfos.headers,\n this.cryptoApi,\n this.dataOwnerApi,\n !this.cryptoInitInfos.dataOwnerRequiresAnonymousDelegation,\n this.groupSpecificAuthenticationProvider,\n this.fetch\n ))\n )\n }\n\n private _patientApi: IccPatientXApi | undefined\n\n get patientApi(): IccPatientXApi {\n return (\n this._patientApi ??\n (this._patientApi = new IccPatientXApi(\n this.host,\n this.cryptoInitInfos.headers,\n this.cryptoApi,\n this.contactApi,\n this.formApi,\n this.healthcareElementApi,\n this.invoiceApi,\n this.documentApi,\n this.healthcarePartyApi,\n this.classificationApi,\n this.dataOwnerApi,\n this.calendarItemApi,\n this.userApi,\n this.authApi,\n !this.cryptoInitInfos.dataOwnerRequiresAnonymousDelegation,\n this.params.encryptedFieldsConfig.patient ?? EncryptedFieldsConfig.Defaults.patient,\n this.groupSpecificAuthenticationProvider,\n this.fetch\n ))\n )\n }\n\n private _messageApi: IccMessageXApi | undefined\n\n get messageApi(): IccMessageXApi {\n return (\n this._messageApi ??\n (this._messageApi = new IccMessageXApi(\n this.host,\n this.cryptoInitInfos.headers,\n this.cryptoApi,\n this.dataOwnerApi,\n this.authApi,\n !this.cryptoInitInfos.dataOwnerRequiresAnonymousDelegation,\n this.groupSpecificAuthenticationProvider,\n this.params.encryptedFieldsConfig.message ?? EncryptedFieldsConfig.Defaults.message,\n this.fetch\n ))\n )\n }\n\n private _topicApi: IccTopicXApi | undefined\n\n get topicApi(): IccTopicXApi {\n return (\n this._topicApi ??\n (this._topicApi = new IccTopicXApi(\n this.host,\n this.cryptoInitInfos.headers,\n this.cryptoApi,\n this.dataOwnerApi,\n this.authApi,\n !this.cryptoInitInfos.dataOwnerRequiresAnonymousDelegation,\n this.groupSpecificAuthenticationProvider,\n this.params.encryptedFieldsConfig.topic ?? EncryptedFieldsConfig.Defaults.topic,\n this.fetch\n ))\n )\n }\n\n private _anonymousAccessApi: IccAnonymousAccessApi | undefined\n\n get anonymousAccessApi(): IccAnonymousAccessApi {\n return (\n this._anonymousAccessApi ??\n (this._anonymousAccessApi = new IccAnonymousAccessApi(\n this.host,\n this.cryptoInitInfos.headers,\n this.groupSpecificAuthenticationProvider,\n this.fetch\n ))\n )\n }\n\n private _applicationSettingsApi: IccApplicationsettingsApi | undefined\n\n get applicationSettingsApi(): IccApplicationsettingsApi {\n return (\n this._applicationSettingsApi ??\n (this._applicationSettingsApi = new IccApplicationsettingsApi(\n this.host,\n this.cryptoInitInfos.headers,\n this.groupSpecificAuthenticationProvider,\n this.fetch\n ))\n )\n }\n\n private _articleApi: IccArticleApi | undefined\n\n get articleApi(): IccArticleApi {\n return (\n this._articleApi ??\n (this._articleApi = new IccArticleApi(this.host, this.cryptoInitInfos.headers, this.groupSpecificAuthenticationProvider, this.fetch))\n )\n }\n\n private _bekmehrApi: IccBekmehrXApi | undefined\n\n get bekmehrApi(): IccBekmehrXApi {\n return (\n this._bekmehrApi ??\n (this._bekmehrApi = new IccBekmehrXApi(\n this.host,\n this.cryptoInitInfos.headers,\n this.authApi,\n this.contactApi,\n this.healthcareElementApi,\n this.documentApi,\n this.groupSpecificAuthenticationProvider,\n this.fetch\n ))\n )\n }\n\n private _beefactApi: IccBeefactApi | undefined\n\n get beefactApi(): IccBeefactApi {\n return (\n this._beefactApi ??\n (this._beefactApi = new IccBeefactApi(this.host, this.cryptoInitInfos.headers, this.groupSpecificAuthenticationProvider, this.fetch))\n )\n }\n\n private _beresultexportApi: IccBeresultexportApi | undefined\n\n get beresultexportApi(): IccBeresultexportApi {\n return (\n this._beresultexportApi ??\n (this._beresultexportApi = new IccBeresultexportApi(\n this.host,\n this.cryptoInitInfos.headers,\n this.groupSpecificAuthenticationProvider,\n this.fetch\n ))\n )\n }\n\n private _beresultimportApi: IccBeresultimportApi | undefined\n\n get beresultimportApi(): IccBeresultimportApi {\n return (\n this._beresultimportApi ??\n (this._beresultimportApi = new IccBeresultimportApi(\n this.host,\n this.cryptoInitInfos.headers,\n this.groupSpecificAuthenticationProvider,\n this.fetch\n ))\n )\n }\n\n private _besamv2Api: IccBesamv2Api | undefined\n\n get besamv2Api(): IccBesamv2Api {\n return (\n this._besamv2Api ??\n (this._besamv2Api = new IccBesamv2Api(this.host, this.cryptoInitInfos.headers, this.groupSpecificAuthenticationProvider, this.fetch))\n )\n }\n\n private _classificationTemplateApi: IccClassificationTemplateApi | undefined\n\n get classificationTemplateApi(): IccClassificationTemplateApi {\n return (\n this._classificationTemplateApi ??\n (this._classificationTemplateApi = new IccClassificationTemplateApi(\n this.host,\n this.cryptoInitInfos.headers,\n this.groupSpecificAuthenticationProvider,\n this.fetch\n ))\n )\n }\n\n private _doctemplateApi: IccDoctemplateXApi | undefined\n\n get doctemplateApi(): IccDoctemplateXApi {\n return (\n this._doctemplateApi ??\n (this._doctemplateApi = new IccDoctemplateXApi(\n this.host,\n this.cryptoInitInfos.headers,\n this.cryptoApi,\n this.groupSpecificAuthenticationProvider,\n this.fetch\n ))\n )\n }\n\n private _entitytemplateApi: IccEntitytemplateApi | undefined\n\n get entitytemplateApi(): IccEntitytemplateApi {\n return (\n this._entitytemplateApi ??\n (this._entitytemplateApi = new IccEntitytemplateApi(\n this.host,\n this.cryptoInitInfos.headers,\n this.groupSpecificAuthenticationProvider,\n this.fetch\n ))\n )\n }\n\n private _frontendmigrationApi: IccFrontendmigrationApi | undefined\n\n get frontendmigrationApi(): IccFrontendmigrationApi {\n return (\n this._frontendmigrationApi ??\n (this._frontendmigrationApi = new IccFrontendmigrationApi(\n this.host,\n this.cryptoInitInfos.headers,\n this.groupSpecificAuthenticationProvider,\n this.fetch\n ))\n )\n }\n\n private _icureApi: IccIcureApi | undefined\n\n get icureApi(): IccIcureApi {\n return (\n this._icureApi ??\n (this._icureApi = new IccIcureApi(this.host, this.cryptoInitInfos.headers, this.groupSpecificAuthenticationProvider, this.fetch))\n )\n }\n\n private _keywordApi: IccKeywordApi | undefined\n\n get keywordApi(): IccKeywordApi {\n return (\n this._keywordApi ??\n (this._keywordApi = new IccKeywordApi(this.host, this.cryptoInitInfos.headers, this.groupSpecificAuthenticationProvider, this.fetch))\n )\n }\n\n private _medexApi: IccMedexApi | undefined\n\n get medexApi(): IccMedexApi {\n return (\n this._medexApi ??\n (this._medexApi = new IccMedexApi(this.host, this.cryptoInitInfos.headers, this.groupSpecificAuthenticationProvider, this.fetch))\n )\n }\n\n private _placeApi: IccPlaceApi | undefined\n\n get placeApi(): IccPlaceApi {\n return (\n this._placeApi ??\n (this._placeApi = new IccPlaceApi(this.host, this.cryptoInitInfos.headers, this.groupSpecificAuthenticationProvider, this.fetch))\n )\n }\n\n private _pubsubApi: IccPubsubApi | undefined\n\n get pubsubApi(): IccPubsubApi {\n return (\n this._pubsubApi ??\n (this._pubsubApi = new IccPubsubApi(this.host, this.cryptoInitInfos.headers, this.groupSpecificAuthenticationProvider, this.fetch))\n )\n }\n\n private _replicationApi: IccReplicationApi | undefined\n\n get replicationApi(): IccReplicationApi {\n return (\n this._replicationApi ??\n (this._replicationApi = new IccReplicationApi(this.host, this.cryptoInitInfos.headers, this.groupSpecificAuthenticationProvider, this.fetch))\n )\n }\n\n private _tarificationApi: IccTarificationApi | undefined\n\n get tarificationApi(): IccTarificationApi {\n return (\n this._tarificationApi ??\n (this._tarificationApi = new IccTarificationApi(this.host, this.cryptoInitInfos.headers, this.groupSpecificAuthenticationProvider, this.fetch))\n )\n }\n\n private _tmpApi: IccTmpApi | undefined\n\n get tmpApi(): IccTmpApi {\n return (\n this._tmpApi ?? (this._tmpApi = new IccTmpApi(this.host, this.cryptoInitInfos.headers, this.groupSpecificAuthenticationProvider, this.fetch))\n )\n }\n\n get cryptoApi(): IccCryptoXApi {\n return this.cryptoInitInfos.cryptoApi\n }\n\n get dataOwnerApi(): IccDataOwnerXApi {\n return this.cryptoInitInfos.dataOwnerApi\n }\n\n get deviceApi(): IccDeviceXApi {\n return this.cryptoInitInfos.deviceApi\n }\n\n get healthcarePartyApi(): IccHcpartyXApi {\n return this.cryptoInitInfos.healthcarePartyApi\n }\n\n get icureMaintenanceTaskApi(): IccIcureMaintenanceXApi {\n return this.cryptoInitInfos.icureMaintenanceTaskApi\n }\n\n get maintenanceTaskApi(): IccMaintenanceTaskXApi {\n return this.cryptoInitInfos.maintenanceTaskApi\n }\n\n get userApi(): IccUserXApi {\n return this.cryptoInitInfos.userApi\n }\n\n async getGroupsInfo(): Promise<{ currentGroup: UserGroup | undefined; availableGroups: UserGroup[] }> {\n this.latestGroupsRequest = this.grouplessUserApi.getMatchingUsers()\n return { currentGroup: this.currentGroupInfo, availableGroups: await this.latestGroupsRequest }\n }\n\n async switchGroup(newGroupId: string): Promise<IcureApi> {\n const availableGroups = await this.latestGroupsRequest\n const switchedProvider = await this.groupSpecificAuthenticationProvider.switchGroup(newGroupId, availableGroups)\n const cryptoInitInfos = await initialiseCryptoWithProvider(\n this.host,\n this.fetch,\n switchedProvider,\n this.params,\n this.cryptoStrategies,\n this.cryptoApi.primitives.crypto\n )\n return new IcureApiImpl(\n cryptoInitInfos,\n this.host,\n switchedProvider,\n this.fetch,\n this.grouplessUserApi,\n availableGroups,\n availableGroups.find((x) => x.groupId === newGroupId)!,\n this.params,\n this.cryptoStrategies\n )\n }\n}\n\n/**\n /**\n * @experimental This function still needs development and will be changed\n * Build apis which do not need crypto and can be used by non-data-owner users\n */\nexport const BasicApis = async function (\n host: string,\n authenticationOptions: AuthenticationDetails | AuthenticationProvider,\n crypto: Crypto = typeof window !== 'undefined' ? window.crypto : typeof self !== 'undefined' ? self.crypto : ({} as Crypto),\n fetchImpl: (input: RequestInfo, init?: RequestInit) => Promise<Response> = typeof window !== 'undefined'\n ? window.fetch\n : typeof self !== 'undefined'\n ? self.fetch\n : fetch,\n options: { headers?: { [headerName: string]: string } } = {}\n): Promise<BasicApis> {\n const authenticationProvider = await getAuthenticationProvider(host, authenticationOptions, options.headers ?? {}, fetchImpl)\n const authApi = new IccAuthApi(host, options.headers ?? {}, authenticationProvider, fetchImpl)\n\n const codeApi = new IccCodeXApi(host, options.headers ?? {}, authenticationProvider, fetchImpl)\n const entityReferenceApi = new IccEntityrefApi(host, options.headers ?? {}, authenticationProvider, fetchImpl)\n const userApi = new IccUserXApi(host, options.headers ?? {}, authenticationProvider, authApi, fetchImpl)\n const deviceApi = new IccDeviceXApi(host, options.headers ?? {}, authenticationProvider, userApi, authApi, fetchImpl)\n const permissionApi = new IccPermissionApi(host, options.headers ?? {}, authenticationProvider, fetchImpl)\n const agendaApi = new IccAgendaApi(host, options.headers ?? {}, authenticationProvider, fetchImpl)\n const groupApi = new IccGroupApi(host, options.headers ?? {}, authenticationProvider)\n const insuranceApi = new IccInsuranceApi(host, options.headers ?? {}, authenticationProvider, fetchImpl)\n const healthcarePartyApi = new IccHcpartyXApi(host, options.headers ?? {}, authenticationProvider, authApi, fetchImpl)\n\n return {\n authApi,\n deviceApi,\n codeApi,\n userApi,\n permissionApi,\n insuranceApi,\n entityReferenceApi,\n agendaApi,\n groupApi,\n healthcarePartyApi,\n }\n}\n\nasync function getMatchesOrEmpty(userApi: IccUserApi): Promise<UserGroup[]> {\n try {\n return await userApi.getMatchingUsers()\n } catch (err) {\n if (err instanceof Error && 'statusCode' in err && (err as any).statusCode === 404) return Promise.resolve([])\n else return Promise.reject(err)\n }\n}\n"]}
|