@icure/api 8.0.69 → 8.0.70
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/icc-x-api/crypto/BaseExchangeKeysManager.js +19 -13
- package/icc-x-api/crypto/BaseExchangeKeysManager.js.map +1 -1
- package/package.json +1 -1
- package/test/icc-x-api/crypto/soft-deleted-data-owners.d.ts +2 -0
- package/test/icc-x-api/crypto/soft-deleted-data-owners.js +113 -0
- package/test/icc-x-api/crypto/soft-deleted-data-owners.js.map +1 -0
|
@@ -93,7 +93,7 @@ class BaseExchangeKeysManager {
|
|
|
93
93
|
: Promise.resolve({}),
|
|
94
94
|
]).then(([a, b, c]) => (Object.assign(Object.assign(Object.assign({}, a), b), c)));
|
|
95
95
|
const dataOwner = yield this.dataOwnerApi.getCryptoActorStub(dataOwnerId);
|
|
96
|
-
const allOwnerKeys = yield this.combineLegacyHcpKeysWithAesExchangeKeys(dataOwner.stub, undefined);
|
|
96
|
+
const allOwnerKeys = yield this.combineLegacyHcpKeysWithAesExchangeKeys(dataOwner.stub, undefined, false);
|
|
97
97
|
const filteredDelegates = new Set(yield Array.from(new Set(Object.values(allOwnerKeys).flatMap((x) => Object.keys(x)))).reduce((acc, ownerId) => __awaiter(this, void 0, void 0, function* () {
|
|
98
98
|
const awaitedAcc = yield acc;
|
|
99
99
|
if (ownerId === dataOwnerId || otherOwnerTypes == null) {
|
|
@@ -151,7 +151,7 @@ class BaseExchangeKeysManager {
|
|
|
151
151
|
const delegator = yield this.dataOwnerApi.getCryptoActorStub(delegatorId);
|
|
152
152
|
const delegate = yield this.dataOwnerApi.getCryptoActorStub(delegateId);
|
|
153
153
|
let didUpdateSomeKey = false;
|
|
154
|
-
const combinedKeys = yield this.combineLegacyHcpKeysWithAesExchangeKeys(delegator.stub, delegate.stub);
|
|
154
|
+
const combinedKeys = yield this.combineLegacyHcpKeysWithAesExchangeKeys(delegator.stub, delegate.stub, true);
|
|
155
155
|
const updatedExchangeKeys = {};
|
|
156
156
|
const newEncryptionKeys = { [newPublicKeyFp]: newPublicKey };
|
|
157
157
|
for (const [currDelegatorKey, currDelegatesToKeys] of Object.entries(combinedKeys)) {
|
|
@@ -255,25 +255,31 @@ class BaseExchangeKeysManager {
|
|
|
255
255
|
});
|
|
256
256
|
}
|
|
257
257
|
// Copy all legacy hcp exchange keys into the new aes exchange keys
|
|
258
|
-
combineLegacyHcpKeysWithAesExchangeKeys(owner, delegate) {
|
|
258
|
+
combineLegacyHcpKeysWithAesExchangeKeys(owner, delegate, fillDelegateLegacyKey) {
|
|
259
259
|
var _a, _b, _c, _d, _e;
|
|
260
260
|
return __awaiter(this, void 0, void 0, function* () {
|
|
261
261
|
const ownerLegacyPublicKey = owner.publicKey;
|
|
262
|
-
if (ownerLegacyPublicKey && !((_a = owner.aesExchangeKeys) !== null && _a !== void 0 ? _a : {})[ownerLegacyPublicKey]) {
|
|
262
|
+
if (ownerLegacyPublicKey != undefined && !((_a = owner.aesExchangeKeys) !== null && _a !== void 0 ? _a : {})[ownerLegacyPublicKey]) {
|
|
263
263
|
/*
|
|
264
264
|
* This condition would technically prevent new updates to the hcPartyKeys to be migrated to the aes exchange keys, but since I can only update
|
|
265
265
|
* data for self data owner and parent entities this is not an issue, because I will always be using the new api from now on and I won't have
|
|
266
266
|
* a situation where the legacy keys are updated but the aes exchange keys are not.
|
|
267
267
|
*/
|
|
268
|
-
const
|
|
269
|
-
|
|
270
|
-
owner
|
|
271
|
-
|
|
272
|
-
|
|
273
|
-
|
|
274
|
-
|
|
275
|
-
|
|
276
|
-
|
|
268
|
+
const counterPartsById = {};
|
|
269
|
+
if (fillDelegateLegacyKey) {
|
|
270
|
+
counterPartsById[owner.id] = owner;
|
|
271
|
+
if (delegate) {
|
|
272
|
+
counterPartsById[delegate.id] = delegate;
|
|
273
|
+
}
|
|
274
|
+
for (const other of Object.keys((_b = owner.hcPartyKeys) !== null && _b !== void 0 ? _b : {}).filter((x) => x !== owner.id && x !== (delegate === null || delegate === void 0 ? void 0 : delegate.id))) {
|
|
275
|
+
try {
|
|
276
|
+
counterPartsById[other] = (yield this.dataOwnerApi.getCryptoActorStub(other)).stub;
|
|
277
|
+
}
|
|
278
|
+
catch (_f) {
|
|
279
|
+
// ignore
|
|
280
|
+
}
|
|
281
|
+
}
|
|
282
|
+
}
|
|
277
283
|
return Object.assign({ [ownerLegacyPublicKey]: Object.entries((_c = owner.hcPartyKeys) !== null && _c !== void 0 ? _c : {}).reduce((acc, [hcpId, keys]) => {
|
|
278
284
|
var _a, _b;
|
|
279
285
|
const counterpartKey = (_a = counterPartsById[hcpId]) === null || _a === void 0 ? void 0 : _a.publicKey;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"BaseExchangeKeysManager.js","sourceRoot":"","sources":["../../../icc-x-api/crypto/BaseExchangeKeysManager.ts"],"names":[],"mappings":";;;;;;;;;;;;AACA,oCAAwD;AAIxD,mCAA4D;AAI5D;;;;GAIG;AACH,MAAa,uBAAuB;IAQlC,YACE,UAA4B,EAC5B,YAA8B,EAC9B,cAA6B,EAC7B,cAA6B,EAC7B,aAA2B;QAZZ,8BAAyB,GAAwC,EAAE,CAAA;QAclF,IAAI,CAAC,UAAU,GAAG,UAAU,CAAA;QAC5B,IAAI,CAAC,YAAY,GAAG,YAAY,CAAA;QAChC,IAAI,CAAC,cAAc,GAAG,cAAc,CAAA;QACpC,IAAI,CAAC,cAAc,GAAG,cAAc,CAAA;QACpC,IAAI,CAAC,aAAa,GAAG,aAAa,CAAA;IACpC,CAAC;IAED;;;;;;;OAOG;IACG,gBAAgB,CACpB,cAAsB,EACtB,qBAA6B,EAC7B,qBAA6E;;YAE7E,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,qBAAqB,EAAE,CAAA;YAC9D,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,kBAAkB,CAAC,cAAc,CAAC,CAAA;YACxE,MAAM,iBAAiB,GAAG,IAAA,2BAAmB,EAAC,KAAK,CAAC,IAAI,EAAE,qBAAqB,CAAC,CAAA;YAChF,IAAI,CAAC,iBAAiB;gBAAE,MAAM,IAAI,KAAK,CAAC,uCAAuC,cAAc,EAAE,CAAC,CAAA;YAChG,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,SAAS,CAAC,MAAM,EAAE,IAAA,cAAM,EAAC,qBAAqB,CAAC,EAAE,CAAC,SAAS,CAAC,EAAE,iBAAiB,CAAC,CAAA;YAC/H,MAAM,IAAI,CAAC,yBAAyB,CAAC,MAAM,EAAE,cAAc,EAAE,IAAA,qBAAa,EAAC,qBAAqB,CAAC,EAAE,YAAY,EAAE,qBAAqB,CAAC,CAAA;YACvI,MAAM,IAAI,CAAC,yBAAyB,CAAC,cAAc,EAAE,MAAM,EAAE,IAAA,qBAAa,EAAC,qBAAqB,CAAC,EAAE,YAAY,EAAE,qBAAqB,CAAC,CAAA;QACzI,CAAC;KAAA;IAED;;;;;OAKG;IACG,2BAA2B,CAAC,WAAmB,EAAE,UAAkB;;;YACvE,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,kBAAkB,CAAC,WAAW,CAAC,CAAA;YACzE,MAAM,GAAG,GAAiD,MAAM,CAAC,MAAM,CAAC,MAAA,SAAS,CAAC,IAAI,CAAC,eAAe,mCAAI,EAAE,CAAC,CAAC,OAAO,CAAC,CAAC,aAAa,EAAE,EAAE;gBACtI,MAAM,uBAAuB,GAAG,aAAa,CAAC,UAAU,CAAC,CAAA;gBACzD,IAAI,uBAAuB,EAAE;oBAC3B,OAAO,CAAC,uBAAuB,CAAC,CAAA;iBACjC;qBAAM;oBACL,OAAO,EAAE,CAAA;iBACV;YACH,CAAC,CAAC,CAAA;YACF,MAAM,gBAAgB,GAAG,MAAA,MAAA,SAAS,CAAC,IAAI,CAAC,WAAW,0CAAG,UAAU,CAAC,0CAAG,CAAC,CAAC,CAAA;YACtE,IAAI,gBAAgB;gBAAE,GAAG,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,gBAAgB,EAAE,CAAC,CAAA;YACxD,OAAO,GAAG,CAAA;;KACX;IAED;;;;;OAKG;IACG,sBAAsB,CAC1B,WAAmB,EACnB,eAA2C;;YAK3C,IAAI,eAAe,IAAI,IAAI,IAAI,eAAe,CAAC,MAAM,KAAK,CAAC;gBAAE,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAA;YAClH,MAAM,WAAW,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC;gBACpC,eAAe,IAAI,IAAI,IAAI,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,KAAK,CAAC;oBACjE,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,6BAA6B,CAAC,WAAW,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC;oBAChF,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;gBACvB,eAAe,IAAI,IAAI,IAAI,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,SAAS,CAAC;oBACrE,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,oCAAoC,CAAC,WAAW,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC;oBACvF,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;gBACvB,eAAe,IAAI,IAAI,IAAI,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,QAAQ,CAAC;oBACpE,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,mCAAmC,CAAC,WAAW,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC;oBACrF,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;aACxB,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,8CAAK,CAAC,GAAK,CAAC,GAAK,CAAC,CAA0F,CAAA,CAAC,CAAA;YACrI,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,kBAAkB,CAAC,WAAW,CAAC,CAAA;YACzE,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,uCAAuC,CAAC,SAAS,CAAC,IAAI,EAAE,SAAS,CAAC,CAAA;YAClG,MAAM,iBAAiB,GAAG,IAAI,GAAG,CAC/B,MAAM,KAAK,CAAC,IAAI,CAAC,IAAI,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAO,GAAG,EAAE,OAAO,EAAE,EAAE;gBAClH,MAAM,UAAU,GAAG,MAAM,GAAG,CAAA;gBAC5B,IAAI,OAAO,KAAK,WAAW,IAAI,eAAe,IAAI,IAAI,EAAE;oBACtD,OAAO,CAAC,GAAG,UAAU,EAAE,OAAO,CAAC,CAAA;iBAChC;qBAAM;oBACL,IAAI;wBACF,MAAM,aAAa,GAAsB,CAAC,MAAM,IAAI,CAAC,YAAY,CAAC,kBAAkB,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAA;wBACnG,IAAI,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,aAAa,CAAC,EAAE;4BACpD,OAAO,CAAC,GAAG,UAAU,EAAE,OAAO,CAAC,CAAA;yBAChC;;4BAAM,OAAO,UAAU,CAAA;qBACzB;oBAAC,OAAO,CAAC,EAAE;wBACV,OAAO,UAAU,CAAA;qBAClB;iBACF;YACH,CAAC,CAAA,EAAE,OAAO,CAAC,OAAO,CAAC,EAAc,CAAC,CAAC,CACpC,CAAA;YACD,MAAM,aAAa,GAAG,MAAM,CAAC,WAAW,CACtC,MAAM,CAAC,OAAO,CAAC,YAAY,CAAC;iBACzB,GAAG,CAAC,CAAC,CAAC,eAAe,EAAE,cAAc,CAAC,EAAE,EAAE,CAAC;gBAC1C,eAAe;gBACf,MAAM,CAAC,WAAW,CAChB,MAAM,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,UAAU,CAAC,EAAE,EAAE,CAAC,iBAAiB,CAAC,GAAG,CAAC,UAAU,CAAC,CAAwC,CAClI;aACF,CAAC;iBACD,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAyD,CACxG,CAAA;YACD,OAAO,EAAE,WAAW,EAAE,aAAa,EAAE,CAAA;QACvC,CAAC;KAAA;IAED;;;;;OAKG;IACG,sBAAsB,CAC1B,qBAAmE,EACnE,qBAA6E;;YAK7E,MAAM,IAAI,GAAG,IAAI,GAAG,EAAU,CAAA;YAC9B,MAAM,GAAG,GAGL,EAAE,qBAAqB,EAAE,EAAE,EAAE,iBAAiB,EAAE,EAAE,EAAE,CAAA;YACxD,KAAK,MAAM,oBAAoB,IAAI,qBAAqB,EAAE;gBACxD,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,qBAAqB,CAAC,oBAAoB,EAAE,qBAAqB,CAAC,CAAA;gBAC/F,IAAI,SAAS,KAAK,SAAS,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,EAAE;oBACvD,IAAI,CAAC,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAA;oBACvB,GAAG,CAAC,qBAAqB,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAA;iBAC9C;qBAAM;oBACL,GAAG,CAAC,iBAAiB,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAA;iBACjD;aACF;YACD,OAAO,GAAG,CAAA;QACZ,CAAC;KAAA;IAEa,yBAAyB,CACrC,WAAmB,EACnB,UAAkB,EAClB,cAAsB,EACtB,YAAuB,EACvB,+BAAuF;;YAEvF,MAAM,IAAA,qBAAa,EAAC,IAAI,CAAC,yBAAyB,EAAE,WAAW,EAAE,GAAS,EAAE;gBAC1E,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,kBAAkB,CAAC,WAAW,CAAC,CAAA;gBACzE,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,kBAAkB,CAAC,UAAU,CAAC,CAAA;gBACvE,IAAI,gBAAgB,GAAG,KAAK,CAAA;gBAC5B,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,uCAAuC,CAAC,SAAS,CAAC,IAAI,EAAE,QAAQ,CAAC,IAAI,CAAC,CAAA;gBACtG,MAAM,mBAAmB,GAAsF,EAAE,CAAA;gBACjH,MAAM,iBAAiB,GAAG,EAAE,CAAC,cAAc,CAAC,EAAE,YAAY,EAAE,CAAA;gBAC5D,KAAK,MAAM,CAAC,gBAAgB,EAAE,mBAAmB,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,YAAY,CAAC,EAAE;oBAClF,MAAM,sBAAsB,GAA0D,EAAE,CAAA;oBACxF,KAAK,MAAM,CAAC,cAAc,EAAE,gBAAgB,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,mBAAmB,CAAC,EAAE;wBACpF,IAAI,UAAU,KAAK,cAAc,IAAI,cAAc,IAAI,gBAAgB,EAAE;4BACvE,sBAAsB,CAAC,cAAc,CAAC,GAAG,gBAAgB,CAAA;yBAC1D;6BAAM;4BACL,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,qBAAqB,CAAC,gBAAgB,EAAE,+BAA+B,CAAC,CAAA;4BACrG,IAAI,SAAS,EAAE;gCACb,gBAAgB,GAAG,IAAI,CAAA;gCACvB,sBAAsB,CAAC,cAAc,CAAC,mCACjC,gBAAgB,GAChB,CAAC,MAAM,IAAI,CAAC,kBAAkB,CAAC,SAAS,EAAE,iBAAiB,CAAC,CAAC,CAAC,oBAAoB,CACtF,CAAA;6BACF;iCAAM;gCACL,sBAAsB,CAAC,cAAc,CAAC,GAAG,gBAAgB,CAAA;6BAC1D;yBACF;qBACF;oBACD,mBAAmB,CAAC,gBAAgB,CAAC,GAAG,sBAAsB,CAAA;iBAC/D;gBACD,IAAI,gBAAgB,EAAE;oBACpB,MAAM,IAAI,CAAC,YAAY,CAAC,qBAAqB,CAAC;wBAC5C,IAAI,EAAE,SAAS,CAAC,IAAI;wBACpB,IAAI,kCACC,SAAS,CAAC,IAAI,KACjB,eAAe,EAAE,mBAAmB,GACrC;qBACF,CAAC,CAAA;iBACH;YACH,CAAC,CAAA,CAAC,CAAA;QACJ,CAAC;KAAA;IAED;;;;;;OAMG;IACW,qBAAqB,CACjC,oBAAgE,EAChE,qBAA6E;;YAE7E,KAAK,MAAM,CAAC,QAAQ,EAAE,SAAS,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,oBAAoB,CAAC,EAAE;gBACxE,kHAAkH;gBAClH,MAAM,EAAE,GAAG,IAAA,qBAAa,EAAC,QAAQ,CAAC,CAAA;gBAClC,MAAM,OAAO,GAAG,qBAAqB,CAAC,EAAE,CAAC,CAAA;gBACzC,IAAI,OAAO,KAAK,SAAS,EAAE;oBACzB,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,yBAAyB,CAAC,SAAS,EAAE,OAAO,EAAE,EAAE,CAAC,CAAA;oBACxE,IAAI,GAAG,KAAK,SAAS;wBAAE,OAAO,GAAG,CAAA;iBAClC;aACF;YACD,MAAM,mBAAmB,GAAG,oBAAoB,CAAC,EAAE,CAAC,CAAA;YACpD,IAAI,mBAAmB,KAAK,SAAS,EAAE;gBACrC,KAAK,MAAM,OAAO,IAAI,MAAM,CAAC,MAAM,CAAC,qBAAqB,CAAC,EAAE;oBAC1D,oEAAoE;oBACpE,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,yBAAyB,CAAC,mBAAmB,EAAE,OAAO,EAAE,SAAS,CAAC,CAAA;oBACzF,IAAI,GAAG,KAAK,SAAS;wBAAE,OAAO,GAAG,CAAA;iBAClC;aACF;YACD,OAAO,SAAS,CAAA;QAClB,CAAC;KAAA;IAED;;;;;OAKG;IACW,kBAAkB,CAC9B,WAAwD,EACxD,UAAmD;;;YAKnD,MAAM,iBAAiB,GAAG,MAAA,WAAW,aAAX,WAAW,uBAAX,WAAW,CAAE,GAAG,mCAAI,CAAC,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,iBAAiB,CAAC,KAAK,CAAC,CAAC,CAAA;YAClG,MAAM,gBAAgB,GAAG,WAAW,KAAK,SAAS,CAAC,CAAC,CAAC,IAAA,cAAM,EAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,SAAS,CAAC,iBAAiB,EAAE,KAAK,CAAC,CAAA;YAC5I,MAAM,oBAAoB,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,MAAM,CAClE,CAAO,GAAG,EAAE,CAAC,SAAS,EAAE,OAAO,CAAC,EAAE,EAAE;gBAAC,OAAA,iCAChC,CAAC,MAAM,GAAG,CAAC,KACd,CAAC,SAAS,CAAC,EAAE,IAAA,cAAM,EAAC,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,OAAO,EAAE,IAAI,UAAU,CAAC,gBAAgB,CAAC,CAAC,CAAC,IACjG,CAAA;cAAA,EACF,OAAO,CAAC,OAAO,CAAC,EAAoC,CAAC,CACtD,CAAA;YACD,OAAO,EAAE,WAAW,EAAE,iBAAiB,EAAE,oBAAoB,EAAE,CAAA;;KAChE;IAED;;;;;;;;;OASG;IACW,yBAAyB,CACrC,iBAAyB,EACzB,OAA2B,EAC3B,SAA6B,CAAC,iGAAiG;;;YAE/H,IAAI;gBACF,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,OAAO,CAAC,UAAU,EAAE,IAAA,cAAM,EAAC,iBAAiB,CAAC,CAAC,CAAA;gBAClG,OAAO,EAAE,GAAG,EAAE,IAAA,cAAM,EAAC,SAAS,CAAC,EAAE,GAAG,EAAE,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,SAAS,CAAC,KAAK,EAAE,SAAS,CAAC,EAAE,CAAA;aAC9F;YAAC,OAAO,CAAC,EAAE;gBACV,IAAI,SAAS,EAAE;oBACb,OAAO,CAAC,KAAK,CAAC,4CAA4C,iBAAiB,+BAA+B,SAAS,GAAG,EAAE,CAAC,CAAC,CAAA;iBAC3H;aACF;QACH,CAAC;KAAA;IACD,mEAAmE;IACrD,uCAAuC,CACnD,KAAsB,EACtB,QAAqC;;;YAErC,MAAM,oBAAoB,GAAG,KAAK,CAAC,SAAS,CAAA;YAC5C,IAAI,oBAAoB,IAAI,CAAC,CAAC,MAAA,KAAK,CAAC,eAAe,mCAAI,EAAE,CAAC,CAAC,oBAAoB,CAAC,EAAE;gBAChF;;;;mBAIG;gBACH,MAAM,8BAA8B,GAAG,MAAM,CAAC,IAAI,CAAC,MAAA,KAAK,CAAC,WAAW,mCAAI,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,KAAK,CAAC,EAAE,IAAI,CAAC,MAAK,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,EAAE,CAAA,CAAC,CAAA;gBAC/H,MAAM,gBAAgB,GAAG;oBACvB,KAAK;oBACL,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;oBAC/B,GAAG,CAAC,MAAM,OAAO,CAAC,GAAG,CAAC,8BAA8B,CAAC,GAAG,CAAC,CAAO,IAAI,EAAE,EAAE,gDAAC,OAAA,CAAC,MAAM,IAAI,CAAC,YAAY,CAAC,kBAAkB,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAA,GAAA,CAAC,CAAC,CAAC;iBACpI,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,SAAS,EAAE,EAAE;oBAC1B,GAAG,CAAC,SAAS,CAAC,EAAG,CAAC,GAAG,SAAS,CAAA;oBAC9B,OAAO,GAAG,CAAA;gBACZ,CAAC,EAAE,EAAuC,CAAC,CAAA;gBAC3C,uBACE,CAAC,oBAAoB,CAAC,EAAE,MAAM,CAAC,OAAO,CAAC,MAAA,KAAK,CAAC,WAAW,mCAAI,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,CAAC,KAAK,EAAE,IAAI,CAAC,EAAE,EAAE;;wBAC5F,MAAM,cAAc,GAAG,MAAA,gBAAgB,CAAC,KAAK,CAAC,0CAAE,SAAS,CAAA;wBACzD,GAAG,CAAC,KAAK,CAAC,GAAG;4BACX,CAAC,IAAA,qBAAa,EAAC,oBAAoB,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC;4BAC9C,CAAC,MAAA,CAAC,cAAc,IAAI,IAAA,qBAAa,EAAC,cAAc,CAAC,CAAC,mCAAI,EAAE,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC;yBACnE,CAAA;wBACD,OAAO,GAAG,CAAA;oBACZ,CAAC,EAAE,EAAiE,CAAC,IAClE,CAAC,MAAA,KAAK,CAAC,eAAe,mCAAI,EAAE,CAAC,EACjC;aACF;;gBAAM,OAAO,MAAA,KAAK,CAAC,eAAe,mCAAI,EAAE,CAAA;;KAC1C;CACF;AAxTD,0DAwTC","sourcesContent":["import { KeyPair } from './RSA'\nimport { hex2ua, notConcurrent, ua2hex } from '../utils'\nimport { DataOwner, IccDataOwnerXApi } from '../icc-data-owner-x-api'\nimport { CryptoPrimitives } from './CryptoPrimitives'\nimport { IccDeviceApi, IccHcpartyApi, IccPatientApi } from '../../icc-api'\nimport { fingerprintV1, getShaVersionForKey } from './utils'\nimport { CryptoActorStub, CryptoActorStubWithType } from '../../icc-api/model/CryptoActorStub'\nimport { DataOwnerTypeEnum } from '../../icc-api/model/DataOwnerTypeEnum'\n\n/**\n * @internal This class is meant only for internal use and may be changed without notice.\n * Functions to create and get exchange keys.\n * The methods of this api require to pass the appropriate keys for encryption/decryption manually.\n */\nexport class BaseExchangeKeysManager {\n private readonly generateKeyConcurrencyMap: { [key: string]: PromiseLike<any> } = {}\n private readonly primitives: CryptoPrimitives\n private readonly dataOwnerApi: IccDataOwnerXApi\n private readonly hcpartyBaseApi: IccHcpartyApi\n private readonly patientBaseApi: IccPatientApi\n private readonly deviceBaseApi: IccDeviceApi\n\n constructor(\n primitives: CryptoPrimitives,\n dataOwnerApi: IccDataOwnerXApi,\n hcpartyBaseApi: IccHcpartyApi,\n patientBaseApi: IccPatientApi,\n deviceBaseApi: IccDeviceApi\n ) {\n this.primitives = primitives\n this.dataOwnerApi = dataOwnerApi\n this.hcpartyBaseApi = hcpartyBaseApi\n this.patientBaseApi = patientBaseApi\n this.deviceBaseApi = deviceBaseApi\n }\n\n /**\n * Updates the aes exchange keys between the current data owner and another data owner to allow the other data owner to access the exchange key\n * using his new public key. Note that this will make existing exchange keys from the other data owner to the current data owner invalid for\n * encryption.\n * @param otherDataOwner the other data owner.\n * @param newDataOwnerPublicKey a new public key of the other data owner.\n * @param keyPairsByFingerprint all available key pairs to use for the decryption of existing aes exchange keys.\n */\n async giveAccessBackTo(\n otherDataOwner: string,\n newDataOwnerPublicKey: string,\n keyPairsByFingerprint: { [publicKeyFingerprint: string]: KeyPair<CryptoKey> }\n ) {\n const selfId = await this.dataOwnerApi.getCurrentDataOwnerId()\n const other = await this.dataOwnerApi.getCryptoActorStub(otherDataOwner)\n const newKeyHashVersion = getShaVersionForKey(other.stub, newDataOwnerPublicKey)\n if (!newKeyHashVersion) throw new Error(`Public key not found for data owner ${otherDataOwner}`)\n const newPublicKey = await this.primitives.RSA.importKey('spki', hex2ua(newDataOwnerPublicKey), ['encrypt'], newKeyHashVersion)\n await this.extendForGiveAccessBackTo(selfId, otherDataOwner, fingerprintV1(newDataOwnerPublicKey), newPublicKey, keyPairsByFingerprint)\n await this.extendForGiveAccessBackTo(otherDataOwner, selfId, fingerprintV1(newDataOwnerPublicKey), newPublicKey, keyPairsByFingerprint)\n }\n\n /**\n * Get the encrypted exchange keys for a delegator-delegate pair.\n * @param delegatorId id of the delegator data owner.\n * @param delegateId id of the delegate data owner.\n * @return an array of exchange keys from the delegator to delegate where each key is encrypted with one or more public keys.\n */\n async getEncryptedExchangeKeysFor(delegatorId: string, delegateId: string): Promise<{ [publicKeyFingerprint: string]: string }[]> {\n const delegator = await this.dataOwnerApi.getCryptoActorStub(delegatorId)\n const res: { [publicKeyFingerprint: string]: string }[] = Object.values(delegator.stub.aesExchangeKeys ?? {}).flatMap((delegateToKey) => {\n const encryptedKeyForDelegate = delegateToKey[delegateId]\n if (encryptedKeyForDelegate) {\n return [encryptedKeyForDelegate]\n } else {\n return []\n }\n })\n const legacyDelegation = delegator.stub.hcPartyKeys?.[delegateId]?.[1]\n if (legacyDelegation) res.push({ '': legacyDelegation })\n return res\n }\n\n /**\n * Get all exchange keys where the provided data owner is involved either as the delegator or as the delegate.\n * @param dataOwnerId id of a data owner.\n * @param otherOwnerTypes only exchange keys between the current data owner and data owners of this type will be included in the result. If null considers all delegates\n * @return all exchange keys involving the provided data owner. Note that there may be an overlap between some keys to and from the data owner.\n */\n async getAllExchangeKeysWith(\n dataOwnerId: string,\n otherOwnerTypes: DataOwnerTypeEnum[] | null\n ): Promise<{\n keysToOwner: { [delegatorId: string]: { [delegatorFp: string]: { [entryFp: string]: string } } }\n keysFromOwner: { [delegatorFp: string]: { [delegateId: string]: { [entryFp: string]: string } } }\n }> {\n if (otherOwnerTypes != null && otherOwnerTypes.length === 0) throw new Error('otherOwnerTypes must not be empty!')\n const keysToOwner = await Promise.all([\n otherOwnerTypes == null || otherOwnerTypes.find((x) => x === 'hcp')\n ? this.hcpartyBaseApi.getAesExchangeKeysForDelegate(dataOwnerId).catch(() => {})\n : Promise.resolve({}),\n otherOwnerTypes == null || otherOwnerTypes.find((x) => x === 'patient')\n ? this.patientBaseApi.getPatientAesExchangeKeysForDelegate(dataOwnerId).catch(() => {})\n : Promise.resolve({}),\n otherOwnerTypes == null || otherOwnerTypes.find((x) => x === 'device')\n ? this.deviceBaseApi.getDeviceAesExchangeKeysForDelegate(dataOwnerId).catch(() => {})\n : Promise.resolve({}),\n ]).then(([a, b, c]) => ({ ...a, ...b, ...c } as { [delegatorId: string]: { [delegatorFp: string]: { [entryFp: string]: string } } }))\n const dataOwner = await this.dataOwnerApi.getCryptoActorStub(dataOwnerId)\n const allOwnerKeys = await this.combineLegacyHcpKeysWithAesExchangeKeys(dataOwner.stub, undefined)\n const filteredDelegates = new Set(\n await Array.from(new Set(Object.values(allOwnerKeys).flatMap((x) => Object.keys(x)))).reduce(async (acc, ownerId) => {\n const awaitedAcc = await acc\n if (ownerId === dataOwnerId || otherOwnerTypes == null) {\n return [...awaitedAcc, ownerId]\n } else {\n try {\n const dataOwnerType: DataOwnerTypeEnum = (await this.dataOwnerApi.getCryptoActorStub(ownerId)).type\n if (otherOwnerTypes.some((x) => x === dataOwnerType)) {\n return [...awaitedAcc, ownerId]\n } else return awaitedAcc\n } catch (_) {\n return awaitedAcc\n }\n }\n }, Promise.resolve([] as string[]))\n )\n const keysFromOwner = Object.fromEntries(\n Object.entries(allOwnerKeys)\n .map(([delegatorPubKey, delegateToKeys]) => [\n delegatorPubKey,\n Object.fromEntries(\n Object.entries(delegateToKeys).filter(([delegateId]) => filteredDelegates.has(delegateId)) as [string, { [k: string]: string }][]\n ),\n ])\n .filter(([, x]) => Object.keys(x).length > 0) as [string, { [k: string]: { [k: string]: string } }][]\n )\n return { keysToOwner, keysFromOwner }\n }\n\n /**\n * Attempts to decrypt many exchange keys using any of the provided key pairs.\n * @param encryptedExchangeKeys an array of exchange keys where each key is encrypted with one or more public keys.\n * @param keyPairsByFingerprint rsa key pairs to use for decryption.\n * @return an array all successfully decrypted exchange keys and an array containing all exchange keys which could not be decrypted.\n */\n async tryDecryptExchangeKeys(\n encryptedExchangeKeys: { [publicKeyFingerprint: string]: string }[],\n keyPairsByFingerprint: { [publicKeyFingerprint: string]: KeyPair<CryptoKey> }\n ): Promise<{\n successfulDecryptions: CryptoKey[]\n failedDecryptions: { [publicKeyFingerprint: string]: string }[]\n }> {\n const raws = new Set<string>()\n const res: {\n successfulDecryptions: CryptoKey[]\n failedDecryptions: { [publicKeyFingerprint: string]: string }[]\n } = { successfulDecryptions: [], failedDecryptions: [] }\n for (const encryptedExchangeKey of encryptedExchangeKeys) {\n const decrypted = await this.tryDecryptExchangeKey(encryptedExchangeKey, keyPairsByFingerprint)\n if (decrypted !== undefined && !raws.has(decrypted.raw)) {\n raws.add(decrypted.raw)\n res.successfulDecryptions.push(decrypted.key)\n } else {\n res.failedDecryptions.push(encryptedExchangeKey)\n }\n }\n return res\n }\n\n private async extendForGiveAccessBackTo(\n delegatorId: string,\n delegateId: string,\n newPublicKeyFp: string,\n newPublicKey: CryptoKey,\n decryptionKeyPairsByFingerprint: { [publicKeyFingerprint: string]: KeyPair<CryptoKey> }\n ) {\n await notConcurrent(this.generateKeyConcurrencyMap, delegatorId, async () => {\n const delegator = await this.dataOwnerApi.getCryptoActorStub(delegatorId)\n const delegate = await this.dataOwnerApi.getCryptoActorStub(delegateId)\n let didUpdateSomeKey = false\n const combinedKeys = await this.combineLegacyHcpKeysWithAesExchangeKeys(delegator.stub, delegate.stub)\n const updatedExchangeKeys: { [delegatorKey: string]: { [delegateId: string]: { [keyFp: string]: string } } } = {}\n const newEncryptionKeys = { [newPublicKeyFp]: newPublicKey }\n for (const [currDelegatorKey, currDelegatesToKeys] of Object.entries(combinedKeys)) {\n const updatedDelegatesToKeys: { [delegateId: string]: { [keyFp: string]: string } } = {}\n for (const [currDelegateId, currEncryptedKey] of Object.entries(currDelegatesToKeys)) {\n if (delegateId !== currDelegateId || newPublicKeyFp in currEncryptedKey) {\n updatedDelegatesToKeys[currDelegateId] = currEncryptedKey\n } else {\n const decrypted = await this.tryDecryptExchangeKey(currEncryptedKey, decryptionKeyPairsByFingerprint)\n if (decrypted) {\n didUpdateSomeKey = true\n updatedDelegatesToKeys[currDelegateId] = {\n ...currEncryptedKey,\n ...(await this.encryptExchangeKey(decrypted, newEncryptionKeys)).encryptedExchangeKey,\n }\n } else {\n updatedDelegatesToKeys[currDelegateId] = currEncryptedKey\n }\n }\n }\n updatedExchangeKeys[currDelegatorKey] = updatedDelegatesToKeys\n }\n if (didUpdateSomeKey) {\n await this.dataOwnerApi.modifyCryptoActorStub({\n type: delegator.type,\n stub: {\n ...delegator.stub,\n aesExchangeKeys: updatedExchangeKeys,\n },\n })\n }\n })\n }\n\n /**\n * Attempts to decrypt an exchange key using any of the provided key pairs.\n * @param encryptedExchangeKey an encrypted exchange key, in the form publicKeyXyzFingerprint -> hex(exchangeKeyEncryptedByPrivateKeyXyz).\n * @param keyPairsByFingerprint rsa key pairs to use for decryption.\n * @return the decrypted exchange key, in raw and key format (to allow deduplication), or undefined if the key could not be decrypted using the\n * provided keys.\n */\n private async tryDecryptExchangeKey(\n encryptedExchangeKey: { [publicKeyFingerprint: string]: string },\n keyPairsByFingerprint: { [publicKeyFingerprint: string]: KeyPair<CryptoKey> }\n ): Promise<{ raw: string; key: CryptoKey } | undefined> {\n for (const [entryKey, encrypted] of Object.entries(encryptedExchangeKey)) {\n // Due to bugs in past version the entry may actually contain the full public key instead of just the fingerprint.\n const fp = fingerprintV1(entryKey)\n const keyPair = keyPairsByFingerprint[fp]\n if (keyPair !== undefined) {\n const res = await this.tryDecryptExchangeKeyWith(encrypted, keyPair, fp)\n if (res !== undefined) return res\n }\n }\n const defaultEncryptedKey = encryptedExchangeKey['']\n if (defaultEncryptedKey !== undefined) {\n for (const keyPair of Object.values(keyPairsByFingerprint)) {\n // disable error logging, we are not sure keyPair is the correct key\n const res = await this.tryDecryptExchangeKeyWith(defaultEncryptedKey, keyPair, undefined)\n if (res !== undefined) return res\n }\n }\n return undefined\n }\n\n /**\n * Creates an encrypted exchange key for the provided public keys.\n * @param exchangeKey the exchange key in raw and imported format. If undefined a new key will be automatically created.\n * @param publicKeys additional public keys that will have access to the exchange key in spki format, hex-encoded.\n * @return the exchangeKey and an object with the exchange key encrypted with each of the provided public keys, hex-encoded, by fingerprint.\n */\n private async encryptExchangeKey(\n exchangeKey: { raw: string; key: CryptoKey } | undefined,\n publicKeys: { [keyFingerprint: string]: CryptoKey }\n ): Promise<{\n exchangeKey: CryptoKey\n encryptedExchangeKey: { [pubKeyFp: string]: string }\n }> {\n const exchangeKeyCrypto = exchangeKey?.key ?? (await this.primitives.AES.generateCryptoKey(false))\n const exchangeKeyBytes = exchangeKey !== undefined ? hex2ua(exchangeKey.raw) : await this.primitives.AES.exportKey(exchangeKeyCrypto, 'raw')\n const encryptedExchangeKey = await Object.entries(publicKeys).reduce(\n async (acc, [currKeyFp, currKey]) => ({\n ...(await acc),\n [currKeyFp]: ua2hex(await this.primitives.RSA.encrypt(currKey, new Uint8Array(exchangeKeyBytes))),\n }),\n Promise.resolve({} as { [pubKeyFp: string]: string })\n )\n return { exchangeKey: exchangeKeyCrypto, encryptedExchangeKey }\n }\n\n /**\n * Attempts to decrypt an exchange key using the provided key pairs.\n * If you are confident that the provided {@link keyPair} was used to encrypt {@link encryptedByOneKey} you should also provide {@link keyPairFp},\n * so that if the decryption fail an error will be logged to console before returning undefined.\n * @param encryptedByOneKey an exchange key which may be encrypted with {@link keyPair}.\n * @param keyPair an rsa key pair.\n * @param keyPairFp the fingerprint of the provided key pair or undefined to disable logging of error if the decryption failed.\n * @return the decrypted exchange key, in raw and key format (to allow deduplication), or undefined if the key could not be decrypted using the\n * provided key.\n */\n private async tryDecryptExchangeKeyWith(\n encryptedByOneKey: string,\n keyPair: KeyPair<CryptoKey>,\n keyPairFp: string | undefined // if undefined will not log errors, when we are not sure the key to be used is the provided key.\n ): Promise<{ raw: string; key: CryptoKey } | undefined> {\n try {\n const decrypted = await this.primitives.RSA.decrypt(keyPair.privateKey, hex2ua(encryptedByOneKey))\n return { raw: ua2hex(decrypted), key: await this.primitives.AES.importKey('raw', decrypted) }\n } catch (e) {\n if (keyPairFp) {\n console.error(`Failed to decrypt or import exchange key ${encryptedByOneKey} using key with fingerprint ${keyPairFp}.`, e)\n }\n }\n }\n // Copy all legacy hcp exchange keys into the new aes exchange keys\n private async combineLegacyHcpKeysWithAesExchangeKeys(\n owner: CryptoActorStub,\n delegate: CryptoActorStub | undefined\n ): Promise<{ [ownerPublicKey: string]: { [delegateId: string]: { [fingerprint: string]: string } } }> {\n const ownerLegacyPublicKey = owner.publicKey\n if (ownerLegacyPublicKey && !(owner.aesExchangeKeys ?? {})[ownerLegacyPublicKey]) {\n /*\n * This condition would technically prevent new updates to the hcPartyKeys to be migrated to the aes exchange keys, but since I can only update\n * data for self data owner and parent entities this is not an issue, because I will always be using the new api from now on and I won't have\n * a situation where the legacy keys are updated but the aes exchange keys are not.\n */\n const unknownDataOwnerCounterPartIds = Object.keys(owner.hcPartyKeys ?? {}).filter((x) => x !== owner.id && x !== delegate?.id)\n const counterPartsById = [\n owner,\n ...(delegate ? [delegate] : []),\n ...(await Promise.all(unknownDataOwnerCounterPartIds.map(async (cpid) => (await this.dataOwnerApi.getCryptoActorStub(cpid)).stub))),\n ].reduce((acc, dataOwner) => {\n acc[dataOwner.id!] = dataOwner\n return acc\n }, {} as { [id: string]: CryptoActorStub })\n return {\n [ownerLegacyPublicKey]: Object.entries(owner.hcPartyKeys ?? {}).reduce((acc, [hcpId, keys]) => {\n const counterpartKey = counterPartsById[hcpId]?.publicKey\n acc[hcpId] = {\n [fingerprintV1(ownerLegacyPublicKey)]: keys[0],\n [(counterpartKey && fingerprintV1(counterpartKey)) ?? '']: keys[1],\n }\n return acc\n }, {} as { [delegateId: string]: { [fingerprint: string]: string } }),\n ...(owner.aesExchangeKeys ?? {}),\n }\n } else return owner.aesExchangeKeys ?? {}\n }\n}\n"]}
|
|
1
|
+
{"version":3,"file":"BaseExchangeKeysManager.js","sourceRoot":"","sources":["../../../icc-x-api/crypto/BaseExchangeKeysManager.ts"],"names":[],"mappings":";;;;;;;;;;;;AACA,oCAAwD;AAIxD,mCAA4D;AAI5D;;;;GAIG;AACH,MAAa,uBAAuB;IAQlC,YACE,UAA4B,EAC5B,YAA8B,EAC9B,cAA6B,EAC7B,cAA6B,EAC7B,aAA2B;QAZZ,8BAAyB,GAAwC,EAAE,CAAA;QAclF,IAAI,CAAC,UAAU,GAAG,UAAU,CAAA;QAC5B,IAAI,CAAC,YAAY,GAAG,YAAY,CAAA;QAChC,IAAI,CAAC,cAAc,GAAG,cAAc,CAAA;QACpC,IAAI,CAAC,cAAc,GAAG,cAAc,CAAA;QACpC,IAAI,CAAC,aAAa,GAAG,aAAa,CAAA;IACpC,CAAC;IAED;;;;;;;OAOG;IACG,gBAAgB,CACpB,cAAsB,EACtB,qBAA6B,EAC7B,qBAA6E;;YAE7E,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,qBAAqB,EAAE,CAAA;YAC9D,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,kBAAkB,CAAC,cAAc,CAAC,CAAA;YACxE,MAAM,iBAAiB,GAAG,IAAA,2BAAmB,EAAC,KAAK,CAAC,IAAI,EAAE,qBAAqB,CAAC,CAAA;YAChF,IAAI,CAAC,iBAAiB;gBAAE,MAAM,IAAI,KAAK,CAAC,uCAAuC,cAAc,EAAE,CAAC,CAAA;YAChG,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,SAAS,CAAC,MAAM,EAAE,IAAA,cAAM,EAAC,qBAAqB,CAAC,EAAE,CAAC,SAAS,CAAC,EAAE,iBAAiB,CAAC,CAAA;YAC/H,MAAM,IAAI,CAAC,yBAAyB,CAAC,MAAM,EAAE,cAAc,EAAE,IAAA,qBAAa,EAAC,qBAAqB,CAAC,EAAE,YAAY,EAAE,qBAAqB,CAAC,CAAA;YACvI,MAAM,IAAI,CAAC,yBAAyB,CAAC,cAAc,EAAE,MAAM,EAAE,IAAA,qBAAa,EAAC,qBAAqB,CAAC,EAAE,YAAY,EAAE,qBAAqB,CAAC,CAAA;QACzI,CAAC;KAAA;IAED;;;;;OAKG;IACG,2BAA2B,CAAC,WAAmB,EAAE,UAAkB;;;YACvE,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,kBAAkB,CAAC,WAAW,CAAC,CAAA;YACzE,MAAM,GAAG,GAAiD,MAAM,CAAC,MAAM,CAAC,MAAA,SAAS,CAAC,IAAI,CAAC,eAAe,mCAAI,EAAE,CAAC,CAAC,OAAO,CAAC,CAAC,aAAa,EAAE,EAAE;gBACtI,MAAM,uBAAuB,GAAG,aAAa,CAAC,UAAU,CAAC,CAAA;gBACzD,IAAI,uBAAuB,EAAE;oBAC3B,OAAO,CAAC,uBAAuB,CAAC,CAAA;iBACjC;qBAAM;oBACL,OAAO,EAAE,CAAA;iBACV;YACH,CAAC,CAAC,CAAA;YACF,MAAM,gBAAgB,GAAG,MAAA,MAAA,SAAS,CAAC,IAAI,CAAC,WAAW,0CAAG,UAAU,CAAC,0CAAG,CAAC,CAAC,CAAA;YACtE,IAAI,gBAAgB;gBAAE,GAAG,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,gBAAgB,EAAE,CAAC,CAAA;YACxD,OAAO,GAAG,CAAA;;KACX;IAED;;;;;OAKG;IACG,sBAAsB,CAC1B,WAAmB,EACnB,eAA2C;;YAK3C,IAAI,eAAe,IAAI,IAAI,IAAI,eAAe,CAAC,MAAM,KAAK,CAAC;gBAAE,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAA;YAClH,MAAM,WAAW,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC;gBACpC,eAAe,IAAI,IAAI,IAAI,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,KAAK,CAAC;oBACjE,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,6BAA6B,CAAC,WAAW,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC;oBAChF,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;gBACvB,eAAe,IAAI,IAAI,IAAI,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,SAAS,CAAC;oBACrE,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,oCAAoC,CAAC,WAAW,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC;oBACvF,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;gBACvB,eAAe,IAAI,IAAI,IAAI,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,QAAQ,CAAC;oBACpE,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,mCAAmC,CAAC,WAAW,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC;oBACrF,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;aACxB,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,8CAAK,CAAC,GAAK,CAAC,GAAK,CAAC,CAA0F,CAAA,CAAC,CAAA;YACrI,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,kBAAkB,CAAC,WAAW,CAAC,CAAA;YACzE,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,uCAAuC,CAAC,SAAS,CAAC,IAAI,EAAE,SAAS,EAAE,KAAK,CAAC,CAAA;YACzG,MAAM,iBAAiB,GAAG,IAAI,GAAG,CAC/B,MAAM,KAAK,CAAC,IAAI,CAAC,IAAI,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAO,GAAG,EAAE,OAAO,EAAE,EAAE;gBAClH,MAAM,UAAU,GAAG,MAAM,GAAG,CAAA;gBAC5B,IAAI,OAAO,KAAK,WAAW,IAAI,eAAe,IAAI,IAAI,EAAE;oBACtD,OAAO,CAAC,GAAG,UAAU,EAAE,OAAO,CAAC,CAAA;iBAChC;qBAAM;oBACL,IAAI;wBACF,MAAM,aAAa,GAAsB,CAAC,MAAM,IAAI,CAAC,YAAY,CAAC,kBAAkB,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAA;wBACnG,IAAI,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,aAAa,CAAC,EAAE;4BACpD,OAAO,CAAC,GAAG,UAAU,EAAE,OAAO,CAAC,CAAA;yBAChC;;4BAAM,OAAO,UAAU,CAAA;qBACzB;oBAAC,OAAO,CAAC,EAAE;wBACV,OAAO,UAAU,CAAA;qBAClB;iBACF;YACH,CAAC,CAAA,EAAE,OAAO,CAAC,OAAO,CAAC,EAAc,CAAC,CAAC,CACpC,CAAA;YACD,MAAM,aAAa,GAAG,MAAM,CAAC,WAAW,CACtC,MAAM,CAAC,OAAO,CAAC,YAAY,CAAC;iBACzB,GAAG,CAAC,CAAC,CAAC,eAAe,EAAE,cAAc,CAAC,EAAE,EAAE,CAAC;gBAC1C,eAAe;gBACf,MAAM,CAAC,WAAW,CAChB,MAAM,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,UAAU,CAAC,EAAE,EAAE,CAAC,iBAAiB,CAAC,GAAG,CAAC,UAAU,CAAC,CAAwC,CAClI;aACF,CAAC;iBACD,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAyD,CACxG,CAAA;YACD,OAAO,EAAE,WAAW,EAAE,aAAa,EAAE,CAAA;QACvC,CAAC;KAAA;IAED;;;;;OAKG;IACG,sBAAsB,CAC1B,qBAAmE,EACnE,qBAA6E;;YAK7E,MAAM,IAAI,GAAG,IAAI,GAAG,EAAU,CAAA;YAC9B,MAAM,GAAG,GAGL,EAAE,qBAAqB,EAAE,EAAE,EAAE,iBAAiB,EAAE,EAAE,EAAE,CAAA;YACxD,KAAK,MAAM,oBAAoB,IAAI,qBAAqB,EAAE;gBACxD,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,qBAAqB,CAAC,oBAAoB,EAAE,qBAAqB,CAAC,CAAA;gBAC/F,IAAI,SAAS,KAAK,SAAS,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,EAAE;oBACvD,IAAI,CAAC,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAA;oBACvB,GAAG,CAAC,qBAAqB,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAA;iBAC9C;qBAAM;oBACL,GAAG,CAAC,iBAAiB,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAA;iBACjD;aACF;YACD,OAAO,GAAG,CAAA;QACZ,CAAC;KAAA;IAEa,yBAAyB,CACrC,WAAmB,EACnB,UAAkB,EAClB,cAAsB,EACtB,YAAuB,EACvB,+BAAuF;;YAEvF,MAAM,IAAA,qBAAa,EAAC,IAAI,CAAC,yBAAyB,EAAE,WAAW,EAAE,GAAS,EAAE;gBAC1E,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,kBAAkB,CAAC,WAAW,CAAC,CAAA;gBACzE,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,kBAAkB,CAAC,UAAU,CAAC,CAAA;gBACvE,IAAI,gBAAgB,GAAG,KAAK,CAAA;gBAC5B,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,uCAAuC,CAAC,SAAS,CAAC,IAAI,EAAE,QAAQ,CAAC,IAAI,EAAE,IAAI,CAAC,CAAA;gBAC5G,MAAM,mBAAmB,GAAsF,EAAE,CAAA;gBACjH,MAAM,iBAAiB,GAAG,EAAE,CAAC,cAAc,CAAC,EAAE,YAAY,EAAE,CAAA;gBAC5D,KAAK,MAAM,CAAC,gBAAgB,EAAE,mBAAmB,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,YAAY,CAAC,EAAE;oBAClF,MAAM,sBAAsB,GAA0D,EAAE,CAAA;oBACxF,KAAK,MAAM,CAAC,cAAc,EAAE,gBAAgB,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,mBAAmB,CAAC,EAAE;wBACpF,IAAI,UAAU,KAAK,cAAc,IAAI,cAAc,IAAI,gBAAgB,EAAE;4BACvE,sBAAsB,CAAC,cAAc,CAAC,GAAG,gBAAgB,CAAA;yBAC1D;6BAAM;4BACL,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,qBAAqB,CAAC,gBAAgB,EAAE,+BAA+B,CAAC,CAAA;4BACrG,IAAI,SAAS,EAAE;gCACb,gBAAgB,GAAG,IAAI,CAAA;gCACvB,sBAAsB,CAAC,cAAc,CAAC,mCACjC,gBAAgB,GAChB,CAAC,MAAM,IAAI,CAAC,kBAAkB,CAAC,SAAS,EAAE,iBAAiB,CAAC,CAAC,CAAC,oBAAoB,CACtF,CAAA;6BACF;iCAAM;gCACL,sBAAsB,CAAC,cAAc,CAAC,GAAG,gBAAgB,CAAA;6BAC1D;yBACF;qBACF;oBACD,mBAAmB,CAAC,gBAAgB,CAAC,GAAG,sBAAsB,CAAA;iBAC/D;gBACD,IAAI,gBAAgB,EAAE;oBACpB,MAAM,IAAI,CAAC,YAAY,CAAC,qBAAqB,CAAC;wBAC5C,IAAI,EAAE,SAAS,CAAC,IAAI;wBACpB,IAAI,kCACC,SAAS,CAAC,IAAI,KACjB,eAAe,EAAE,mBAAmB,GACrC;qBACF,CAAC,CAAA;iBACH;YACH,CAAC,CAAA,CAAC,CAAA;QACJ,CAAC;KAAA;IAED;;;;;;OAMG;IACW,qBAAqB,CACjC,oBAAgE,EAChE,qBAA6E;;YAE7E,KAAK,MAAM,CAAC,QAAQ,EAAE,SAAS,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,oBAAoB,CAAC,EAAE;gBACxE,kHAAkH;gBAClH,MAAM,EAAE,GAAG,IAAA,qBAAa,EAAC,QAAQ,CAAC,CAAA;gBAClC,MAAM,OAAO,GAAG,qBAAqB,CAAC,EAAE,CAAC,CAAA;gBACzC,IAAI,OAAO,KAAK,SAAS,EAAE;oBACzB,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,yBAAyB,CAAC,SAAS,EAAE,OAAO,EAAE,EAAE,CAAC,CAAA;oBACxE,IAAI,GAAG,KAAK,SAAS;wBAAE,OAAO,GAAG,CAAA;iBAClC;aACF;YACD,MAAM,mBAAmB,GAAG,oBAAoB,CAAC,EAAE,CAAC,CAAA;YACpD,IAAI,mBAAmB,KAAK,SAAS,EAAE;gBACrC,KAAK,MAAM,OAAO,IAAI,MAAM,CAAC,MAAM,CAAC,qBAAqB,CAAC,EAAE;oBAC1D,oEAAoE;oBACpE,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,yBAAyB,CAAC,mBAAmB,EAAE,OAAO,EAAE,SAAS,CAAC,CAAA;oBACzF,IAAI,GAAG,KAAK,SAAS;wBAAE,OAAO,GAAG,CAAA;iBAClC;aACF;YACD,OAAO,SAAS,CAAA;QAClB,CAAC;KAAA;IAED;;;;;OAKG;IACW,kBAAkB,CAC9B,WAAwD,EACxD,UAAmD;;;YAKnD,MAAM,iBAAiB,GAAG,MAAA,WAAW,aAAX,WAAW,uBAAX,WAAW,CAAE,GAAG,mCAAI,CAAC,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,iBAAiB,CAAC,KAAK,CAAC,CAAC,CAAA;YAClG,MAAM,gBAAgB,GAAG,WAAW,KAAK,SAAS,CAAC,CAAC,CAAC,IAAA,cAAM,EAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,SAAS,CAAC,iBAAiB,EAAE,KAAK,CAAC,CAAA;YAC5I,MAAM,oBAAoB,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,MAAM,CAClE,CAAO,GAAG,EAAE,CAAC,SAAS,EAAE,OAAO,CAAC,EAAE,EAAE;gBAAC,OAAA,iCAChC,CAAC,MAAM,GAAG,CAAC,KACd,CAAC,SAAS,CAAC,EAAE,IAAA,cAAM,EAAC,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,OAAO,EAAE,IAAI,UAAU,CAAC,gBAAgB,CAAC,CAAC,CAAC,IACjG,CAAA;cAAA,EACF,OAAO,CAAC,OAAO,CAAC,EAAoC,CAAC,CACtD,CAAA;YACD,OAAO,EAAE,WAAW,EAAE,iBAAiB,EAAE,oBAAoB,EAAE,CAAA;;KAChE;IAED;;;;;;;;;OASG;IACW,yBAAyB,CACrC,iBAAyB,EACzB,OAA2B,EAC3B,SAA6B,CAAC,iGAAiG;;;YAE/H,IAAI;gBACF,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,OAAO,CAAC,UAAU,EAAE,IAAA,cAAM,EAAC,iBAAiB,CAAC,CAAC,CAAA;gBAClG,OAAO,EAAE,GAAG,EAAE,IAAA,cAAM,EAAC,SAAS,CAAC,EAAE,GAAG,EAAE,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,SAAS,CAAC,KAAK,EAAE,SAAS,CAAC,EAAE,CAAA;aAC9F;YAAC,OAAO,CAAC,EAAE;gBACV,IAAI,SAAS,EAAE;oBACb,OAAO,CAAC,KAAK,CAAC,4CAA4C,iBAAiB,+BAA+B,SAAS,GAAG,EAAE,CAAC,CAAC,CAAA;iBAC3H;aACF;QACH,CAAC;KAAA;IACD,mEAAmE;IACrD,uCAAuC,CACnD,KAAsB,EACtB,QAAqC,EACrC,qBAA8B;;;YAE9B,MAAM,oBAAoB,GAAG,KAAK,CAAC,SAAS,CAAA;YAC5C,IAAI,oBAAoB,IAAI,SAAS,IAAI,CAAC,CAAC,MAAA,KAAK,CAAC,eAAe,mCAAI,EAAE,CAAC,CAAC,oBAAoB,CAAC,EAAE;gBAC7F;;;;mBAIG;gBACH,MAAM,gBAAgB,GAAsC,EAAE,CAAA;gBAC9D,IAAI,qBAAqB,EAAE;oBACzB,gBAAgB,CAAC,KAAK,CAAC,EAAG,CAAC,GAAG,KAAK,CAAA;oBACnC,IAAI,QAAQ,EAAE;wBACZ,gBAAgB,CAAC,QAAQ,CAAC,EAAG,CAAC,GAAG,QAAQ,CAAA;qBAC1C;oBACD,KAAK,MAAM,KAAK,IAAI,MAAM,CAAC,IAAI,CAAC,MAAA,KAAK,CAAC,WAAW,mCAAI,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,KAAK,CAAC,EAAE,IAAI,CAAC,MAAK,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,EAAE,CAAA,CAAC,EAAE;wBAC5G,IAAI;4BACF,gBAAgB,CAAC,KAAK,CAAC,GAAG,CAAC,MAAM,IAAI,CAAC,YAAY,CAAC,kBAAkB,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAA;yBACnF;wBAAC,WAAM;4BACN,SAAS;yBACV;qBACF;iBACF;gBACD,uBACE,CAAC,oBAAoB,CAAC,EAAE,MAAM,CAAC,OAAO,CAAC,MAAA,KAAK,CAAC,WAAW,mCAAI,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,CAAC,KAAK,EAAE,IAAI,CAAC,EAAE,EAAE;;wBAC5F,MAAM,cAAc,GAAG,MAAA,gBAAgB,CAAC,KAAK,CAAC,0CAAE,SAAS,CAAA;wBACzD,GAAG,CAAC,KAAK,CAAC,GAAG;4BACX,CAAC,IAAA,qBAAa,EAAC,oBAAoB,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC;4BAC9C,CAAC,MAAA,CAAC,cAAc,IAAI,IAAA,qBAAa,EAAC,cAAc,CAAC,CAAC,mCAAI,EAAE,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC;yBACnE,CAAA;wBACD,OAAO,GAAG,CAAA;oBACZ,CAAC,EAAE,EAAiE,CAAC,IAClE,CAAC,MAAA,KAAK,CAAC,eAAe,mCAAI,EAAE,CAAC,EACjC;aACF;;gBAAM,OAAO,MAAA,KAAK,CAAC,eAAe,mCAAI,EAAE,CAAA;;KAC1C;CACF;AA9TD,0DA8TC","sourcesContent":["import { KeyPair } from './RSA'\nimport { hex2ua, notConcurrent, ua2hex } from '../utils'\nimport { DataOwner, IccDataOwnerXApi } from '../icc-data-owner-x-api'\nimport { CryptoPrimitives } from './CryptoPrimitives'\nimport { IccDeviceApi, IccHcpartyApi, IccPatientApi } from '../../icc-api'\nimport { fingerprintV1, getShaVersionForKey } from './utils'\nimport { CryptoActorStub, CryptoActorStubWithType } from '../../icc-api/model/CryptoActorStub'\nimport { DataOwnerTypeEnum } from '../../icc-api/model/DataOwnerTypeEnum'\n\n/**\n * @internal This class is meant only for internal use and may be changed without notice.\n * Functions to create and get exchange keys.\n * The methods of this api require to pass the appropriate keys for encryption/decryption manually.\n */\nexport class BaseExchangeKeysManager {\n private readonly generateKeyConcurrencyMap: { [key: string]: PromiseLike<any> } = {}\n private readonly primitives: CryptoPrimitives\n private readonly dataOwnerApi: IccDataOwnerXApi\n private readonly hcpartyBaseApi: IccHcpartyApi\n private readonly patientBaseApi: IccPatientApi\n private readonly deviceBaseApi: IccDeviceApi\n\n constructor(\n primitives: CryptoPrimitives,\n dataOwnerApi: IccDataOwnerXApi,\n hcpartyBaseApi: IccHcpartyApi,\n patientBaseApi: IccPatientApi,\n deviceBaseApi: IccDeviceApi\n ) {\n this.primitives = primitives\n this.dataOwnerApi = dataOwnerApi\n this.hcpartyBaseApi = hcpartyBaseApi\n this.patientBaseApi = patientBaseApi\n this.deviceBaseApi = deviceBaseApi\n }\n\n /**\n * Updates the aes exchange keys between the current data owner and another data owner to allow the other data owner to access the exchange key\n * using his new public key. Note that this will make existing exchange keys from the other data owner to the current data owner invalid for\n * encryption.\n * @param otherDataOwner the other data owner.\n * @param newDataOwnerPublicKey a new public key of the other data owner.\n * @param keyPairsByFingerprint all available key pairs to use for the decryption of existing aes exchange keys.\n */\n async giveAccessBackTo(\n otherDataOwner: string,\n newDataOwnerPublicKey: string,\n keyPairsByFingerprint: { [publicKeyFingerprint: string]: KeyPair<CryptoKey> }\n ) {\n const selfId = await this.dataOwnerApi.getCurrentDataOwnerId()\n const other = await this.dataOwnerApi.getCryptoActorStub(otherDataOwner)\n const newKeyHashVersion = getShaVersionForKey(other.stub, newDataOwnerPublicKey)\n if (!newKeyHashVersion) throw new Error(`Public key not found for data owner ${otherDataOwner}`)\n const newPublicKey = await this.primitives.RSA.importKey('spki', hex2ua(newDataOwnerPublicKey), ['encrypt'], newKeyHashVersion)\n await this.extendForGiveAccessBackTo(selfId, otherDataOwner, fingerprintV1(newDataOwnerPublicKey), newPublicKey, keyPairsByFingerprint)\n await this.extendForGiveAccessBackTo(otherDataOwner, selfId, fingerprintV1(newDataOwnerPublicKey), newPublicKey, keyPairsByFingerprint)\n }\n\n /**\n * Get the encrypted exchange keys for a delegator-delegate pair.\n * @param delegatorId id of the delegator data owner.\n * @param delegateId id of the delegate data owner.\n * @return an array of exchange keys from the delegator to delegate where each key is encrypted with one or more public keys.\n */\n async getEncryptedExchangeKeysFor(delegatorId: string, delegateId: string): Promise<{ [publicKeyFingerprint: string]: string }[]> {\n const delegator = await this.dataOwnerApi.getCryptoActorStub(delegatorId)\n const res: { [publicKeyFingerprint: string]: string }[] = Object.values(delegator.stub.aesExchangeKeys ?? {}).flatMap((delegateToKey) => {\n const encryptedKeyForDelegate = delegateToKey[delegateId]\n if (encryptedKeyForDelegate) {\n return [encryptedKeyForDelegate]\n } else {\n return []\n }\n })\n const legacyDelegation = delegator.stub.hcPartyKeys?.[delegateId]?.[1]\n if (legacyDelegation) res.push({ '': legacyDelegation })\n return res\n }\n\n /**\n * Get all exchange keys where the provided data owner is involved either as the delegator or as the delegate.\n * @param dataOwnerId id of a data owner.\n * @param otherOwnerTypes only exchange keys between the current data owner and data owners of this type will be included in the result. If null considers all delegates\n * @return all exchange keys involving the provided data owner. Note that there may be an overlap between some keys to and from the data owner.\n */\n async getAllExchangeKeysWith(\n dataOwnerId: string,\n otherOwnerTypes: DataOwnerTypeEnum[] | null\n ): Promise<{\n keysToOwner: { [delegatorId: string]: { [delegatorFp: string]: { [entryFp: string]: string } } }\n keysFromOwner: { [delegatorFp: string]: { [delegateId: string]: { [entryFp: string]: string } } }\n }> {\n if (otherOwnerTypes != null && otherOwnerTypes.length === 0) throw new Error('otherOwnerTypes must not be empty!')\n const keysToOwner = await Promise.all([\n otherOwnerTypes == null || otherOwnerTypes.find((x) => x === 'hcp')\n ? this.hcpartyBaseApi.getAesExchangeKeysForDelegate(dataOwnerId).catch(() => {})\n : Promise.resolve({}),\n otherOwnerTypes == null || otherOwnerTypes.find((x) => x === 'patient')\n ? this.patientBaseApi.getPatientAesExchangeKeysForDelegate(dataOwnerId).catch(() => {})\n : Promise.resolve({}),\n otherOwnerTypes == null || otherOwnerTypes.find((x) => x === 'device')\n ? this.deviceBaseApi.getDeviceAesExchangeKeysForDelegate(dataOwnerId).catch(() => {})\n : Promise.resolve({}),\n ]).then(([a, b, c]) => ({ ...a, ...b, ...c } as { [delegatorId: string]: { [delegatorFp: string]: { [entryFp: string]: string } } }))\n const dataOwner = await this.dataOwnerApi.getCryptoActorStub(dataOwnerId)\n const allOwnerKeys = await this.combineLegacyHcpKeysWithAesExchangeKeys(dataOwner.stub, undefined, false)\n const filteredDelegates = new Set(\n await Array.from(new Set(Object.values(allOwnerKeys).flatMap((x) => Object.keys(x)))).reduce(async (acc, ownerId) => {\n const awaitedAcc = await acc\n if (ownerId === dataOwnerId || otherOwnerTypes == null) {\n return [...awaitedAcc, ownerId]\n } else {\n try {\n const dataOwnerType: DataOwnerTypeEnum = (await this.dataOwnerApi.getCryptoActorStub(ownerId)).type\n if (otherOwnerTypes.some((x) => x === dataOwnerType)) {\n return [...awaitedAcc, ownerId]\n } else return awaitedAcc\n } catch (_) {\n return awaitedAcc\n }\n }\n }, Promise.resolve([] as string[]))\n )\n const keysFromOwner = Object.fromEntries(\n Object.entries(allOwnerKeys)\n .map(([delegatorPubKey, delegateToKeys]) => [\n delegatorPubKey,\n Object.fromEntries(\n Object.entries(delegateToKeys).filter(([delegateId]) => filteredDelegates.has(delegateId)) as [string, { [k: string]: string }][]\n ),\n ])\n .filter(([, x]) => Object.keys(x).length > 0) as [string, { [k: string]: { [k: string]: string } }][]\n )\n return { keysToOwner, keysFromOwner }\n }\n\n /**\n * Attempts to decrypt many exchange keys using any of the provided key pairs.\n * @param encryptedExchangeKeys an array of exchange keys where each key is encrypted with one or more public keys.\n * @param keyPairsByFingerprint rsa key pairs to use for decryption.\n * @return an array all successfully decrypted exchange keys and an array containing all exchange keys which could not be decrypted.\n */\n async tryDecryptExchangeKeys(\n encryptedExchangeKeys: { [publicKeyFingerprint: string]: string }[],\n keyPairsByFingerprint: { [publicKeyFingerprint: string]: KeyPair<CryptoKey> }\n ): Promise<{\n successfulDecryptions: CryptoKey[]\n failedDecryptions: { [publicKeyFingerprint: string]: string }[]\n }> {\n const raws = new Set<string>()\n const res: {\n successfulDecryptions: CryptoKey[]\n failedDecryptions: { [publicKeyFingerprint: string]: string }[]\n } = { successfulDecryptions: [], failedDecryptions: [] }\n for (const encryptedExchangeKey of encryptedExchangeKeys) {\n const decrypted = await this.tryDecryptExchangeKey(encryptedExchangeKey, keyPairsByFingerprint)\n if (decrypted !== undefined && !raws.has(decrypted.raw)) {\n raws.add(decrypted.raw)\n res.successfulDecryptions.push(decrypted.key)\n } else {\n res.failedDecryptions.push(encryptedExchangeKey)\n }\n }\n return res\n }\n\n private async extendForGiveAccessBackTo(\n delegatorId: string,\n delegateId: string,\n newPublicKeyFp: string,\n newPublicKey: CryptoKey,\n decryptionKeyPairsByFingerprint: { [publicKeyFingerprint: string]: KeyPair<CryptoKey> }\n ) {\n await notConcurrent(this.generateKeyConcurrencyMap, delegatorId, async () => {\n const delegator = await this.dataOwnerApi.getCryptoActorStub(delegatorId)\n const delegate = await this.dataOwnerApi.getCryptoActorStub(delegateId)\n let didUpdateSomeKey = false\n const combinedKeys = await this.combineLegacyHcpKeysWithAesExchangeKeys(delegator.stub, delegate.stub, true)\n const updatedExchangeKeys: { [delegatorKey: string]: { [delegateId: string]: { [keyFp: string]: string } } } = {}\n const newEncryptionKeys = { [newPublicKeyFp]: newPublicKey }\n for (const [currDelegatorKey, currDelegatesToKeys] of Object.entries(combinedKeys)) {\n const updatedDelegatesToKeys: { [delegateId: string]: { [keyFp: string]: string } } = {}\n for (const [currDelegateId, currEncryptedKey] of Object.entries(currDelegatesToKeys)) {\n if (delegateId !== currDelegateId || newPublicKeyFp in currEncryptedKey) {\n updatedDelegatesToKeys[currDelegateId] = currEncryptedKey\n } else {\n const decrypted = await this.tryDecryptExchangeKey(currEncryptedKey, decryptionKeyPairsByFingerprint)\n if (decrypted) {\n didUpdateSomeKey = true\n updatedDelegatesToKeys[currDelegateId] = {\n ...currEncryptedKey,\n ...(await this.encryptExchangeKey(decrypted, newEncryptionKeys)).encryptedExchangeKey,\n }\n } else {\n updatedDelegatesToKeys[currDelegateId] = currEncryptedKey\n }\n }\n }\n updatedExchangeKeys[currDelegatorKey] = updatedDelegatesToKeys\n }\n if (didUpdateSomeKey) {\n await this.dataOwnerApi.modifyCryptoActorStub({\n type: delegator.type,\n stub: {\n ...delegator.stub,\n aesExchangeKeys: updatedExchangeKeys,\n },\n })\n }\n })\n }\n\n /**\n * Attempts to decrypt an exchange key using any of the provided key pairs.\n * @param encryptedExchangeKey an encrypted exchange key, in the form publicKeyXyzFingerprint -> hex(exchangeKeyEncryptedByPrivateKeyXyz).\n * @param keyPairsByFingerprint rsa key pairs to use for decryption.\n * @return the decrypted exchange key, in raw and key format (to allow deduplication), or undefined if the key could not be decrypted using the\n * provided keys.\n */\n private async tryDecryptExchangeKey(\n encryptedExchangeKey: { [publicKeyFingerprint: string]: string },\n keyPairsByFingerprint: { [publicKeyFingerprint: string]: KeyPair<CryptoKey> }\n ): Promise<{ raw: string; key: CryptoKey } | undefined> {\n for (const [entryKey, encrypted] of Object.entries(encryptedExchangeKey)) {\n // Due to bugs in past version the entry may actually contain the full public key instead of just the fingerprint.\n const fp = fingerprintV1(entryKey)\n const keyPair = keyPairsByFingerprint[fp]\n if (keyPair !== undefined) {\n const res = await this.tryDecryptExchangeKeyWith(encrypted, keyPair, fp)\n if (res !== undefined) return res\n }\n }\n const defaultEncryptedKey = encryptedExchangeKey['']\n if (defaultEncryptedKey !== undefined) {\n for (const keyPair of Object.values(keyPairsByFingerprint)) {\n // disable error logging, we are not sure keyPair is the correct key\n const res = await this.tryDecryptExchangeKeyWith(defaultEncryptedKey, keyPair, undefined)\n if (res !== undefined) return res\n }\n }\n return undefined\n }\n\n /**\n * Creates an encrypted exchange key for the provided public keys.\n * @param exchangeKey the exchange key in raw and imported format. If undefined a new key will be automatically created.\n * @param publicKeys additional public keys that will have access to the exchange key in spki format, hex-encoded.\n * @return the exchangeKey and an object with the exchange key encrypted with each of the provided public keys, hex-encoded, by fingerprint.\n */\n private async encryptExchangeKey(\n exchangeKey: { raw: string; key: CryptoKey } | undefined,\n publicKeys: { [keyFingerprint: string]: CryptoKey }\n ): Promise<{\n exchangeKey: CryptoKey\n encryptedExchangeKey: { [pubKeyFp: string]: string }\n }> {\n const exchangeKeyCrypto = exchangeKey?.key ?? (await this.primitives.AES.generateCryptoKey(false))\n const exchangeKeyBytes = exchangeKey !== undefined ? hex2ua(exchangeKey.raw) : await this.primitives.AES.exportKey(exchangeKeyCrypto, 'raw')\n const encryptedExchangeKey = await Object.entries(publicKeys).reduce(\n async (acc, [currKeyFp, currKey]) => ({\n ...(await acc),\n [currKeyFp]: ua2hex(await this.primitives.RSA.encrypt(currKey, new Uint8Array(exchangeKeyBytes))),\n }),\n Promise.resolve({} as { [pubKeyFp: string]: string })\n )\n return { exchangeKey: exchangeKeyCrypto, encryptedExchangeKey }\n }\n\n /**\n * Attempts to decrypt an exchange key using the provided key pairs.\n * If you are confident that the provided {@link keyPair} was used to encrypt {@link encryptedByOneKey} you should also provide {@link keyPairFp},\n * so that if the decryption fail an error will be logged to console before returning undefined.\n * @param encryptedByOneKey an exchange key which may be encrypted with {@link keyPair}.\n * @param keyPair an rsa key pair.\n * @param keyPairFp the fingerprint of the provided key pair or undefined to disable logging of error if the decryption failed.\n * @return the decrypted exchange key, in raw and key format (to allow deduplication), or undefined if the key could not be decrypted using the\n * provided key.\n */\n private async tryDecryptExchangeKeyWith(\n encryptedByOneKey: string,\n keyPair: KeyPair<CryptoKey>,\n keyPairFp: string | undefined // if undefined will not log errors, when we are not sure the key to be used is the provided key.\n ): Promise<{ raw: string; key: CryptoKey } | undefined> {\n try {\n const decrypted = await this.primitives.RSA.decrypt(keyPair.privateKey, hex2ua(encryptedByOneKey))\n return { raw: ua2hex(decrypted), key: await this.primitives.AES.importKey('raw', decrypted) }\n } catch (e) {\n if (keyPairFp) {\n console.error(`Failed to decrypt or import exchange key ${encryptedByOneKey} using key with fingerprint ${keyPairFp}.`, e)\n }\n }\n }\n // Copy all legacy hcp exchange keys into the new aes exchange keys\n private async combineLegacyHcpKeysWithAesExchangeKeys(\n owner: CryptoActorStub,\n delegate: CryptoActorStub | undefined,\n fillDelegateLegacyKey: boolean\n ): Promise<{ [ownerPublicKey: string]: { [delegateId: string]: { [fingerprint: string]: string } } }> {\n const ownerLegacyPublicKey = owner.publicKey\n if (ownerLegacyPublicKey != undefined && !(owner.aesExchangeKeys ?? {})[ownerLegacyPublicKey]) {\n /*\n * This condition would technically prevent new updates to the hcPartyKeys to be migrated to the aes exchange keys, but since I can only update\n * data for self data owner and parent entities this is not an issue, because I will always be using the new api from now on and I won't have\n * a situation where the legacy keys are updated but the aes exchange keys are not.\n */\n const counterPartsById: { [id: string]: CryptoActorStub } = {}\n if (fillDelegateLegacyKey) {\n counterPartsById[owner.id!] = owner\n if (delegate) {\n counterPartsById[delegate.id!] = delegate\n }\n for (const other of Object.keys(owner.hcPartyKeys ?? {}).filter((x) => x !== owner.id && x !== delegate?.id)) {\n try {\n counterPartsById[other] = (await this.dataOwnerApi.getCryptoActorStub(other)).stub\n } catch {\n // ignore\n }\n }\n }\n return {\n [ownerLegacyPublicKey]: Object.entries(owner.hcPartyKeys ?? {}).reduce((acc, [hcpId, keys]) => {\n const counterpartKey = counterPartsById[hcpId]?.publicKey\n acc[hcpId] = {\n [fingerprintV1(ownerLegacyPublicKey)]: keys[0],\n [(counterpartKey && fingerprintV1(counterpartKey)) ?? '']: keys[1],\n }\n return acc\n }, {} as { [delegateId: string]: { [fingerprint: string]: string } }),\n ...(owner.aesExchangeKeys ?? {}),\n }\n } else return owner.aesExchangeKeys ?? {}\n }\n}\n"]}
|
package/package.json
CHANGED
|
@@ -0,0 +1,113 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
|
|
3
|
+
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
|
|
4
|
+
return new (P || (P = Promise))(function (resolve, reject) {
|
|
5
|
+
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
|
|
6
|
+
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
|
|
7
|
+
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
|
|
8
|
+
step((generator = generator.apply(thisArg, _arguments || [])).next());
|
|
9
|
+
});
|
|
10
|
+
};
|
|
11
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
12
|
+
require("isomorphic-fetch");
|
|
13
|
+
require("mocha");
|
|
14
|
+
const test_utils_1 = require("../../utils/test_utils");
|
|
15
|
+
const mocha_1 = require("mocha");
|
|
16
|
+
const types_1 = require("@icure/test-setup/types");
|
|
17
|
+
const icc_x_api_1 = require("../../../icc-x-api");
|
|
18
|
+
const crypto_1 = require("crypto");
|
|
19
|
+
const HealthcareParty_1 = require("../../../icc-api/model/HealthcareParty");
|
|
20
|
+
const TestApi_1 = require("../../utils/TestApi");
|
|
21
|
+
const chai_1 = require("chai");
|
|
22
|
+
(0, test_utils_1.setLocalStorage)(fetch);
|
|
23
|
+
describe('SDL in an environment with soft-deleted data owners', function () {
|
|
24
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
25
|
+
this.timeout(600000);
|
|
26
|
+
let env;
|
|
27
|
+
let masterApi;
|
|
28
|
+
let primitives;
|
|
29
|
+
// Test values, not real data
|
|
30
|
+
const pubKeyHex = '30820122300d06092a864886f70d01010105000382010f003082010a0282010100a53f247f466c8f4e39d04ac72e260949f66d0e6f0aa2875d670f3d7f6c7f45ecbfe8ce31a26abbca8008d75d135339a739ca3e0ee058b9595722db46701cd0dfbb9ef4f96d1ac337cf78fe4449a26be244020464d44ff0d3bf0b7bcb53666750fa76298e832386eb6e5a6e15d2e366e5c8e53acf0a6ecf20a43fd752f708797e58aaa60ceec23cf3ddc5eacca6630a068ef0e7ea52bfdec756456124610b5bcce6025e2cd4a03eb54a7bc2076531348136671102a89ea3a275147b273bfb17f11b759f20c2068c5ba4fa081cc7087b582300d8acb7c6bcc2b8485290d7c165f855180176662fa08af735e64091086d6d5d1f6a2fb1ccc08799369fcd6d68d8250203010001'; // pragma: allowlist secret
|
|
31
|
+
const privKeyHex = '308204bd020100300d06092a864886f70d0101010500048204a7308204a30201000282010100a53f247f466c8f4e39d04ac72e260949f66d0e6f0aa2875d670f3d7f6c7f45ecbfe8ce31a26abbca8008d75d135339a739ca3e0ee058b9595722db46701cd0dfbb9ef4f96d1ac337cf78fe4449a26be244020464d44ff0d3bf0b7bcb53666750fa76298e832386eb6e5a6e15d2e366e5c8e53acf0a6ecf20a43fd752f708797e58aaa60ceec23cf3ddc5eacca6630a068ef0e7ea52bfdec756456124610b5bcce6025e2cd4a03eb54a7bc2076531348136671102a89ea3a275147b273bfb17f11b759f20c2068c5ba4fa081cc7087b582300d8acb7c6bcc2b8485290d7c165f855180176662fa08af735e64091086d6d5d1f6a2fb1ccc08799369fcd6d68d8250203010001028201000189beeb385a9652e212e03f4e5ca84579f7b5e4aeb2a893e3fbae54db4babf8f2285692fbb206a171e3a32d889a83b4dcc2d725084d8b1c1bc58548f88e2c1b890187c23293c73163cafa82e43490d080558c78ebc8fab2ddda5b829efa1b0813ecb9a24bf22eb54e47a532aacdd70d587b59bac79c146d7759e8c52aeb774603f4b282e699aca98793aa0086233a8aafc8fad58b62df011f33c1dcc6efdfc9aa51f4f11ea450ba5e02f9b69de33c756f3504ff086d2e58c25db871e3c021ee3720837466bb41d886bd4300eeac41742206110158578315d29a527b520e11ec6f7e98558931bdde63a4402635473244fa9764bb3527ff33473ff08f63b3a94102818100c8032014c593f8aecc15287d3dfd6143c75e8fb27faf7944fa030016b26fa5133d8e0d13a5244bcd6155ba29258a498e44fef239dc75dee9db4756c9a2b2be93cf2c67049ff2b2f5cbf949960e44e3fc56c90a66485ec22079a0eb864100404e0d7ea96f21ced9793633d87c49056be4c507768d51c310f69605befec087bbcd02818100d380b7a8cbc5a87c5d91e1497949acfe3c61671b31bc4c54f2f8e8cd8e709a617b49d1e7d6c0333fbb42af119db8660d1a58165e716b976bebdb12104c0dba951719f8c6711e84b704bcdd80248a767609680e4ff125126a23bbee5362f88d881c5c24c5ff0400edde1dd7044fd0d5d06a9cda33a1004daad7df8aa2eb63a5b90281801d0ab721ccfe8b617628ac546327e373a0034f0230201e8fb16db61995973874eebf2d8ee8afb881fddc20c7d0b79fae94be2015deb90ec10e21f1ac1d7faec46f9496f0c8f8c89b801e965cbf7da94cfe9cfa7197988abf8469a5493d2ef8275d36430bebf0c90b1c9fb2937956dc2fbf9c31ce9b4ca3adea62b334f267c3110281806453facb275e6bbe12e4d0697a0f68f070d40384f2e2cf92bc6f367fcbc1be79df71f51074de577133f33df8ad487ba05b8ecd8d9f5fda44676d53f4471f7c129d12c4dfdd690cab84a3d2aea6a6c7ead62b761e95d57016c93caca101a1c6017af27abf316944c79145b66965333b39d258f568e846ac910e360c1d9c6b788102818100879751ba5fe91d86410037ca9df05b2bb689734af710ab50a75b1aa1083dd596f295d710ba630c9fbfe6dcdedd8f0fca22595f8723376e72721c01275572692ebd2d5b39d5715ea052ed0968a9dabb76f7eef7c4c894a5031ae237772c21b62a43322e324c793fccf8b3abe340ca029e54255ed735549918352f3abaaf0850b7'; // pragma: allowlist secret
|
|
32
|
+
const deletedOtherId = 'dc88f05e-6f9f-4203-bc8d-59b1737322f4'; // pragma: allowlist secret
|
|
33
|
+
const exchangeKeySelf = '6aac0c669a4423d5fed7c8d5a434ddf70e8f9ab34db8104cf88d810a535f2701'; // pragma: allowlist secret
|
|
34
|
+
const exchangeKeyOther = '24a58ab4837d2a7dbed477abf03c87816dfbae113604a1e3d93093194291907e'; // pragma: allowlist secret
|
|
35
|
+
function makeTestHcp(props) {
|
|
36
|
+
const hcpId = primitives.randomUuid();
|
|
37
|
+
return new HealthcareParty_1.HealthcareParty({
|
|
38
|
+
id: hcpId,
|
|
39
|
+
name: `Test-${primitives.randomUuid()}`,
|
|
40
|
+
hcPartyKeys: props.includeHcPartyKeys
|
|
41
|
+
? {
|
|
42
|
+
[hcpId]: [
|
|
43
|
+
'785fd227c9a4bb185adea3070fdc571696df3f5e513ba7fe3e5f50b0cf5a449def0cbc7e806a626945c441adcd09feaf6c6bf3da6460347efc620be3b81bdbf3804cabdfdeac3f4d5417db0191a3a1032e57670be7db630256c862db0ed87a67454c8660cb30e7bd8bf3d3ec218dae2107616933e3882200add851ae49cb2ec731f0425f1cea7d69a530d6debff6c60e1663733c946e48ac800a70044ecc32bb5cbe184484e4bb6ac3ad42435e80d6c3d2b8684d1cfff9fe77bdb3fdaae71482f018945d878175a12407af3b9ef245cc6128ea956292f8e7f5e2d74368de42445675326b7e1dbd7990502cb098b1abef8e33f3d353a332912221d0039f787c69',
|
|
44
|
+
'785fd227c9a4bb185adea3070fdc571696df3f5e513ba7fe3e5f50b0cf5a449def0cbc7e806a626945c441adcd09feaf6c6bf3da6460347efc620be3b81bdbf3804cabdfdeac3f4d5417db0191a3a1032e57670be7db630256c862db0ed87a67454c8660cb30e7bd8bf3d3ec218dae2107616933e3882200add851ae49cb2ec731f0425f1cea7d69a530d6debff6c60e1663733c946e48ac800a70044ecc32bb5cbe184484e4bb6ac3ad42435e80d6c3d2b8684d1cfff9fe77bdb3fdaae71482f018945d878175a12407af3b9ef245cc6128ea956292f8e7f5e2d74368de42445675326b7e1dbd7990502cb098b1abef8e33f3d353a332912221d0039f787c69', // pragma: allowlist secret
|
|
45
|
+
],
|
|
46
|
+
'dc88f05e-6f9f-4203-bc8d-59b1737322f4': [
|
|
47
|
+
// pragma: allowlist secret
|
|
48
|
+
'9e8ce2e76f0716a5ff537ea56c6ec7725ed067afc3a8c1eb8ef63f5a6c6de1a901c651c433f558224be3ea6e09748c2dfa535b0d9114a5058126db7803a21ba99dc9877b372e6fbbdacf6d8e3410ee93c985959ab4f0267acf562619fee7723f050542ecfc1642dcf6f5d678994d58d8c83d8be65b5f399af19205777216d9eb28ecbb00c5ce57f253973403845f98b94d86361cccaeb33772aa491b9c1dc1fc95c0a9f74b2d26e895a4ff80d9b32fd318ea42088e6249f027a2b6afe98bd9dece83dc24e454a8a62e78b88952f38a87cdb580dda47c87496e44a5fde0e9886289aeded4a404411a1e28d28fc09fd305f4f43e0bce0c3605eb419b2795be70e7',
|
|
49
|
+
'27511848a060104b0b92447df4a6e1a11de92d65892b6d07104eab6add3ce57f664a1fd2431e509818a232e0601f0621ecf35df4492c53b18ceb21747a51cd863852c586fa9f3a0dd4e19b1038540ecc63724115cbb6909793a1ffceea4498dc7ae5e9fd4120912c13b276639036a6d859a2cc836b267aaeb33a876c8d40caa5ae4c5fde2122b1d3107f074ad28c38be6a96b5c899d5fda2e66c8bef4a541c41f177e868d8e521b35be07b96def15a6b15cd5a8d1e6fc2df3ce6fbd280d315082160054d904f71cd8b4d3822a2812a1a5224390ec4591319c0bad98429ccadba3f04f9b602d92a9e95f367bdd03fe5c943d4bc9ea595be27f53797b3d7c00f03', // pragma: allowlist secret
|
|
50
|
+
],
|
|
51
|
+
}
|
|
52
|
+
: {},
|
|
53
|
+
aesExchangeKeys: props.includeAesExchangeKeys
|
|
54
|
+
? {
|
|
55
|
+
// pragma: allowlist nextline secret
|
|
56
|
+
'30820122300d06092a864886f70d01010105000382010f003082010a0282010100a53f247f466c8f4e39d04ac72e260949f66d0e6f0aa2875d670f3d7f6c7f45ecbfe8ce31a26abbca8008d75d135339a739ca3e0ee058b9595722db46701cd0dfbb9ef4f96d1ac337cf78fe4449a26be244020464d44ff0d3bf0b7bcb53666750fa76298e832386eb6e5a6e15d2e366e5c8e53acf0a6ecf20a43fd752f708797e58aaa60ceec23cf3ddc5eacca6630a068ef0e7ea52bfdec756456124610b5bcce6025e2cd4a03eb54a7bc2076531348136671102a89ea3a275147b273bfb17f11b759f20c2068c5ba4fa081cc7087b582300d8acb7c6bcc2b8485290d7c165f855180176662fa08af735e64091086d6d5d1f6a2fb1ccc08799369fcd6d68d8250203010001': {
|
|
57
|
+
[hcpId]: {
|
|
58
|
+
// pragma: allowlist secret
|
|
59
|
+
ccc08799369fcd6d68d8250203010001: '785fd227c9a4bb185adea3070fdc571696df3f5e513ba7fe3e5f50b0cf5a449def0cbc7e806a626945c441adcd09feaf6c6bf3da6460347efc620be3b81bdbf3804cabdfdeac3f4d5417db0191a3a1032e57670be7db630256c862db0ed87a67454c8660cb30e7bd8bf3d3ec218dae2107616933e3882200add851ae49cb2ec731f0425f1cea7d69a530d6debff6c60e1663733c946e48ac800a70044ecc32bb5cbe184484e4bb6ac3ad42435e80d6c3d2b8684d1cfff9fe77bdb3fdaae71482f018945d878175a12407af3b9ef245cc6128ea956292f8e7f5e2d74368de42445675326b7e1dbd7990502cb098b1abef8e33f3d353a332912221d0039f787c69', // pragma: allowlist secret
|
|
60
|
+
},
|
|
61
|
+
'dc88f05e-6f9f-4203-bc8d-59b1737322f4': {
|
|
62
|
+
// pragma: allowlist secret
|
|
63
|
+
// pragma: allowlist secret
|
|
64
|
+
ccc08799369fcd6d68d8250203010001: '9e8ce2e76f0716a5ff537ea56c6ec7725ed067afc3a8c1eb8ef63f5a6c6de1a901c651c433f558224be3ea6e09748c2dfa535b0d9114a5058126db7803a21ba99dc9877b372e6fbbdacf6d8e3410ee93c985959ab4f0267acf562619fee7723f050542ecfc1642dcf6f5d678994d58d8c83d8be65b5f399af19205777216d9eb28ecbb00c5ce57f253973403845f98b94d86361cccaeb33772aa491b9c1dc1fc95c0a9f74b2d26e895a4ff80d9b32fd318ea42088e6249f027a2b6afe98bd9dece83dc24e454a8a62e78b88952f38a87cdb580dda47c87496e44a5fde0e9886289aeded4a404411a1e28d28fc09fd305f4f43e0bce0c3605eb419b2795be70e7',
|
|
65
|
+
// pragma: allowlist nextline secret
|
|
66
|
+
'0c8b6fa8a116ecfee683b10203010001': '27511848a060104b0b92447df4a6e1a11de92d65892b6d07104eab6add3ce57f664a1fd2431e509818a232e0601f0621ecf35df4492c53b18ceb21747a51cd863852c586fa9f3a0dd4e19b1038540ecc63724115cbb6909793a1ffceea4498dc7ae5e9fd4120912c13b276639036a6d859a2cc836b267aaeb33a876c8d40caa5ae4c5fde2122b1d3107f074ad28c38be6a96b5c899d5fda2e66c8bef4a541c41f177e868d8e521b35be07b96def15a6b15cd5a8d1e6fc2df3ce6fbd280d315082160054d904f71cd8b4d3822a2812a1a5224390ec4591319c0bad98429ccadba3f04f9b602d92a9e95f367bdd03fe5c943d4bc9ea595be27f53797b3d7c00f03', // pragma: allowlist secret
|
|
67
|
+
},
|
|
68
|
+
},
|
|
69
|
+
}
|
|
70
|
+
: {},
|
|
71
|
+
publicKey: pubKeyHex,
|
|
72
|
+
});
|
|
73
|
+
}
|
|
74
|
+
(0, mocha_1.before)(function () {
|
|
75
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
76
|
+
const initializer = yield (0, test_utils_1.getEnvironmentInitializer)();
|
|
77
|
+
env = yield initializer.execute((0, types_1.getEnvVariables)());
|
|
78
|
+
masterApi = yield test_utils_1.TestUtils.initMasterApi(env);
|
|
79
|
+
primitives = masterApi.cryptoApi.primitives;
|
|
80
|
+
});
|
|
81
|
+
});
|
|
82
|
+
function doLegacyKeysTestWithDeletedDataOwner(hcp) {
|
|
83
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
84
|
+
const userPw = primitives.randomUuid();
|
|
85
|
+
const user = yield masterApi.userApi.createUser({
|
|
86
|
+
id: primitives.randomUuid(),
|
|
87
|
+
email: `${primitives.randomUuid()}@test.icure.com`,
|
|
88
|
+
passwordHash: userPw,
|
|
89
|
+
healthcarePartyId: hcp.id,
|
|
90
|
+
});
|
|
91
|
+
const hcpKeypair = yield primitives.RSA.importKeyPair('pkcs8', (0, icc_x_api_1.hex2ua)(privKeyHex), 'spki', (0, icc_x_api_1.hex2ua)(pubKeyHex), icc_x_api_1.ShaVersion.Sha1);
|
|
92
|
+
const testApi = yield (0, TestApi_1.TestApi)(env.iCureUrl, user.email, userPw, crypto_1.webcrypto, hcpKeypair);
|
|
93
|
+
const selfKeys = yield testApi.cryptoApi.exchangeKeys.getDecryptionExchangeKeysFor(hcp.id, hcp.id);
|
|
94
|
+
(0, chai_1.expect)(selfKeys.length).to.eq(1);
|
|
95
|
+
const selfKeyHex = (0, icc_x_api_1.ua2hex)(yield primitives.AES.exportKey(selfKeys[0], 'raw'));
|
|
96
|
+
(0, chai_1.expect)(selfKeyHex).to.eq(exchangeKeySelf);
|
|
97
|
+
const delegateKeys = yield testApi.cryptoApi.exchangeKeys.getDecryptionExchangeKeysFor(hcp.id, deletedOtherId);
|
|
98
|
+
(0, chai_1.expect)(delegateKeys.length).to.eq(1);
|
|
99
|
+
const delegateKeysHex = (0, icc_x_api_1.ua2hex)(yield primitives.AES.exportKey(delegateKeys[0], 'raw'));
|
|
100
|
+
(0, chai_1.expect)(delegateKeysHex).to.eq(exchangeKeyOther);
|
|
101
|
+
});
|
|
102
|
+
}
|
|
103
|
+
it('hcp with hcPartyKeys to soft-deleted user', () => __awaiter(this, void 0, void 0, function* () {
|
|
104
|
+
const hcp = yield masterApi.healthcarePartyApi.createHealthcareParty(makeTestHcp({ includeHcPartyKeys: true }));
|
|
105
|
+
yield doLegacyKeysTestWithDeletedDataOwner(hcp);
|
|
106
|
+
}));
|
|
107
|
+
it('hcp with aesExchangeKeys to soft-deleted user', () => __awaiter(this, void 0, void 0, function* () {
|
|
108
|
+
const hcp = yield masterApi.healthcarePartyApi.createHealthcareParty(makeTestHcp({ includeAesExchangeKeys: true }));
|
|
109
|
+
yield doLegacyKeysTestWithDeletedDataOwner(hcp);
|
|
110
|
+
}));
|
|
111
|
+
});
|
|
112
|
+
});
|
|
113
|
+
//# sourceMappingURL=soft-deleted-data-owners.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"soft-deleted-data-owners.js","sourceRoot":"","sources":["../../../../test/icc-x-api/crypto/soft-deleted-data-owners.ts"],"names":[],"mappings":";;;;;;;;;;;AAAA,4BAAyB;AACzB,iBAAc;AACd,uDAA+G;AAC/G,iCAA8B;AAC9B,mDAAmE;AACnE,kDAA2F;AAC3F,mCAA8C;AAC9C,4EAAwE;AACxE,iDAA6C;AAE7C,+BAA6B;AAE7B,IAAA,4BAAe,EAAC,KAAK,CAAC,CAAA;AAEtB,QAAQ,CAAC,qDAAqD,EAAE;;QAC9D,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAA;QACpB,IAAI,GAAa,CAAA;QACjB,IAAI,SAAmB,CAAA;QACvB,IAAI,UAA4B,CAAA;QAEhC,6BAA6B;QAC7B,MAAM,SAAS,GACb,8kBAA8kB,CAAA,CAAC,2BAA2B;QAC5mB,MAAM,UAAU,GACd,o4EAAo4E,CAAA,CAAC,2BAA2B;QACl6E,MAAM,cAAc,GAAG,sCAAsC,CAAA,CAAC,2BAA2B;QACzF,MAAM,eAAe,GAAG,kEAAkE,CAAA,CAAC,2BAA2B;QACtH,MAAM,gBAAgB,GAAG,kEAAkE,CAAA,CAAC,2BAA2B;QACvH,SAAS,WAAW,CAAC,KAAyE;YAC5F,MAAM,KAAK,GAAG,UAAU,CAAC,UAAU,EAAE,CAAA;YACrC,OAAO,IAAI,iCAAe,CAAC;gBACzB,EAAE,EAAE,KAAK;gBACT,IAAI,EAAE,QAAQ,UAAU,CAAC,UAAU,EAAE,EAAE;gBACvC,WAAW,EAAE,KAAK,CAAC,kBAAkB;oBACnC,CAAC,CAAC;wBACE,CAAC,KAAK,CAAC,EAAE;4BACP,kgBAAkgB;4BAClgB,kgBAAkgB,EAAE,2BAA2B;yBAChiB;wBACD,sCAAsC,EAAE;4BACtC,2BAA2B;4BAC3B,kgBAAkgB;4BAClgB,kgBAAkgB,EAAE,2BAA2B;yBAChiB;qBACF;oBACH,CAAC,CAAC,EAAE;gBACN,eAAe,EAAE,KAAK,CAAC,sBAAsB;oBAC3C,CAAC,CAAC;wBACE,oCAAoC;wBACpC,8kBAA8kB,EAC5kB;4BACE,CAAC,KAAK,CAAC,EAAE;gCACP,2BAA2B;gCAC3B,gCAAgC,EAC9B,kgBAAkgB,EAAE,2BAA2B;6BACliB;4BACD,sCAAsC,EAAE;gCACtC,2BAA2B;gCAC3B,2BAA2B;gCAC3B,gCAAgC,EAC9B,kgBAAkgB;gCACpgB,oCAAoC;gCACpC,kCAAkC,EAChC,kgBAAkgB,EAAE,2BAA2B;6BACliB;yBACF;qBACJ;oBACH,CAAC,CAAC,EAAE;gBACN,SAAS,EAAE,SAAS;aACrB,CAAC,CAAA;QACJ,CAAC;QAED,IAAA,cAAM,EAAC;;gBACL,MAAM,WAAW,GAAG,MAAM,IAAA,sCAAyB,GAAE,CAAA;gBACrD,GAAG,GAAG,MAAM,WAAW,CAAC,OAAO,CAAC,IAAA,uBAAe,GAAE,CAAC,CAAA;gBAClD,SAAS,GAAG,MAAM,sBAAS,CAAC,aAAa,CAAC,GAAG,CAAC,CAAA;gBAC9C,UAAU,GAAG,SAAS,CAAC,SAAS,CAAC,UAAU,CAAA;YAC7C,CAAC;SAAA,CAAC,CAAA;QAEF,SAAe,oCAAoC,CAAC,GAAoB;;gBACtE,MAAM,MAAM,GAAG,UAAU,CAAC,UAAU,EAAE,CAAA;gBACtC,MAAM,IAAI,GAAG,MAAM,SAAS,CAAC,OAAO,CAAC,UAAU,CAAC;oBAC9C,EAAE,EAAE,UAAU,CAAC,UAAU,EAAE;oBAC3B,KAAK,EAAE,GAAG,UAAU,CAAC,UAAU,EAAE,iBAAiB;oBAClD,YAAY,EAAE,MAAM;oBACpB,iBAAiB,EAAE,GAAG,CAAC,EAAG;iBAC3B,CAAC,CAAA;gBACF,MAAM,UAAU,GAAG,MAAM,UAAU,CAAC,GAAG,CAAC,aAAa,CAAC,OAAO,EAAE,IAAA,kBAAM,EAAC,UAAU,CAAC,EAAE,MAAM,EAAE,IAAA,kBAAM,EAAC,SAAS,CAAC,EAAE,sBAAU,CAAC,IAAI,CAAC,CAAA;gBAC9H,MAAM,OAAO,GAAG,MAAM,IAAA,iBAAO,EAAC,GAAG,CAAC,QAAQ,EAAE,IAAI,CAAC,KAAM,EAAE,MAAM,EAAE,kBAAgB,EAAE,UAAU,CAAC,CAAA;gBAC9F,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,SAAS,CAAC,YAAY,CAAC,4BAA4B,CAAC,GAAG,CAAC,EAAG,EAAE,GAAG,CAAC,EAAG,CAAC,CAAA;gBACpG,IAAA,aAAM,EAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC,CAAA;gBAChC,MAAM,UAAU,GAAG,IAAA,kBAAM,EAAC,MAAM,UAAU,CAAC,GAAG,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC,CAAA;gBAC7E,IAAA,aAAM,EAAC,UAAU,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,eAAe,CAAC,CAAA;gBACzC,MAAM,YAAY,GAAG,MAAM,OAAO,CAAC,SAAS,CAAC,YAAY,CAAC,4BAA4B,CAAC,GAAG,CAAC,EAAG,EAAE,cAAc,CAAC,CAAA;gBAC/G,IAAA,aAAM,EAAC,YAAY,CAAC,MAAM,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC,CAAA;gBACpC,MAAM,eAAe,GAAG,IAAA,kBAAM,EAAC,MAAM,UAAU,CAAC,GAAG,CAAC,SAAS,CAAC,YAAY,CAAC,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC,CAAA;gBACtF,IAAA,aAAM,EAAC,eAAe,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,gBAAgB,CAAC,CAAA;YACjD,CAAC;SAAA;QAED,EAAE,CAAC,2CAA2C,EAAE,GAAS,EAAE;YACzD,MAAM,GAAG,GAAG,MAAM,SAAS,CAAC,kBAAkB,CAAC,qBAAqB,CAAC,WAAW,CAAC,EAAE,kBAAkB,EAAE,IAAI,EAAE,CAAC,CAAC,CAAA;YAC/G,MAAM,oCAAoC,CAAC,GAAG,CAAC,CAAA;QACjD,CAAC,CAAA,CAAC,CAAA;QAEF,EAAE,CAAC,+CAA+C,EAAE,GAAS,EAAE;YAC7D,MAAM,GAAG,GAAG,MAAM,SAAS,CAAC,kBAAkB,CAAC,qBAAqB,CAAC,WAAW,CAAC,EAAE,sBAAsB,EAAE,IAAI,EAAE,CAAC,CAAC,CAAA;YACnH,MAAM,oCAAoC,CAAC,GAAG,CAAC,CAAA;QACjD,CAAC,CAAA,CAAC,CAAA;IACJ,CAAC;CAAA,CAAC,CAAA","sourcesContent":["import 'isomorphic-fetch'\nimport 'mocha'\nimport { createNewHcpApi, getEnvironmentInitializer, setLocalStorage, TestUtils } from '../../utils/test_utils'\nimport { before } from 'mocha'\nimport { getEnvVariables, TestVars } from '@icure/test-setup/types'\nimport { CryptoPrimitives, hex2ua, IcureApi, ShaVersion, ua2hex } from '../../../icc-x-api'\nimport { randomUUID, webcrypto } from 'crypto'\nimport { HealthcareParty } from '../../../icc-api/model/HealthcareParty'\nimport { TestApi } from '../../utils/TestApi'\nimport { he } from 'date-fns/locale'\nimport { expect } from 'chai'\n\nsetLocalStorage(fetch)\n\ndescribe('SDL in an environment with soft-deleted data owners', async function () {\n this.timeout(600000)\n let env: TestVars\n let masterApi: IcureApi\n let primitives: CryptoPrimitives\n\n // Test values, not real data\n const pubKeyHex =\n '30820122300d06092a864886f70d01010105000382010f003082010a0282010100a53f247f466c8f4e39d04ac72e260949f66d0e6f0aa2875d670f3d7f6c7f45ecbfe8ce31a26abbca8008d75d135339a739ca3e0ee058b9595722db46701cd0dfbb9ef4f96d1ac337cf78fe4449a26be244020464d44ff0d3bf0b7bcb53666750fa76298e832386eb6e5a6e15d2e366e5c8e53acf0a6ecf20a43fd752f708797e58aaa60ceec23cf3ddc5eacca6630a068ef0e7ea52bfdec756456124610b5bcce6025e2cd4a03eb54a7bc2076531348136671102a89ea3a275147b273bfb17f11b759f20c2068c5ba4fa081cc7087b582300d8acb7c6bcc2b8485290d7c165f855180176662fa08af735e64091086d6d5d1f6a2fb1ccc08799369fcd6d68d8250203010001' // pragma: allowlist secret\n const privKeyHex =\n '308204bd020100300d06092a864886f70d0101010500048204a7308204a30201000282010100a53f247f466c8f4e39d04ac72e260949f66d0e6f0aa2875d670f3d7f6c7f45ecbfe8ce31a26abbca8008d75d135339a739ca3e0ee058b9595722db46701cd0dfbb9ef4f96d1ac337cf78fe4449a26be244020464d44ff0d3bf0b7bcb53666750fa76298e832386eb6e5a6e15d2e366e5c8e53acf0a6ecf20a43fd752f708797e58aaa60ceec23cf3ddc5eacca6630a068ef0e7ea52bfdec756456124610b5bcce6025e2cd4a03eb54a7bc2076531348136671102a89ea3a275147b273bfb17f11b759f20c2068c5ba4fa081cc7087b582300d8acb7c6bcc2b8485290d7c165f855180176662fa08af735e64091086d6d5d1f6a2fb1ccc08799369fcd6d68d8250203010001028201000189beeb385a9652e212e03f4e5ca84579f7b5e4aeb2a893e3fbae54db4babf8f2285692fbb206a171e3a32d889a83b4dcc2d725084d8b1c1bc58548f88e2c1b890187c23293c73163cafa82e43490d080558c78ebc8fab2ddda5b829efa1b0813ecb9a24bf22eb54e47a532aacdd70d587b59bac79c146d7759e8c52aeb774603f4b282e699aca98793aa0086233a8aafc8fad58b62df011f33c1dcc6efdfc9aa51f4f11ea450ba5e02f9b69de33c756f3504ff086d2e58c25db871e3c021ee3720837466bb41d886bd4300eeac41742206110158578315d29a527b520e11ec6f7e98558931bdde63a4402635473244fa9764bb3527ff33473ff08f63b3a94102818100c8032014c593f8aecc15287d3dfd6143c75e8fb27faf7944fa030016b26fa5133d8e0d13a5244bcd6155ba29258a498e44fef239dc75dee9db4756c9a2b2be93cf2c67049ff2b2f5cbf949960e44e3fc56c90a66485ec22079a0eb864100404e0d7ea96f21ced9793633d87c49056be4c507768d51c310f69605befec087bbcd02818100d380b7a8cbc5a87c5d91e1497949acfe3c61671b31bc4c54f2f8e8cd8e709a617b49d1e7d6c0333fbb42af119db8660d1a58165e716b976bebdb12104c0dba951719f8c6711e84b704bcdd80248a767609680e4ff125126a23bbee5362f88d881c5c24c5ff0400edde1dd7044fd0d5d06a9cda33a1004daad7df8aa2eb63a5b90281801d0ab721ccfe8b617628ac546327e373a0034f0230201e8fb16db61995973874eebf2d8ee8afb881fddc20c7d0b79fae94be2015deb90ec10e21f1ac1d7faec46f9496f0c8f8c89b801e965cbf7da94cfe9cfa7197988abf8469a5493d2ef8275d36430bebf0c90b1c9fb2937956dc2fbf9c31ce9b4ca3adea62b334f267c3110281806453facb275e6bbe12e4d0697a0f68f070d40384f2e2cf92bc6f367fcbc1be79df71f51074de577133f33df8ad487ba05b8ecd8d9f5fda44676d53f4471f7c129d12c4dfdd690cab84a3d2aea6a6c7ead62b761e95d57016c93caca101a1c6017af27abf316944c79145b66965333b39d258f568e846ac910e360c1d9c6b788102818100879751ba5fe91d86410037ca9df05b2bb689734af710ab50a75b1aa1083dd596f295d710ba630c9fbfe6dcdedd8f0fca22595f8723376e72721c01275572692ebd2d5b39d5715ea052ed0968a9dabb76f7eef7c4c894a5031ae237772c21b62a43322e324c793fccf8b3abe340ca029e54255ed735549918352f3abaaf0850b7' // pragma: allowlist secret\n const deletedOtherId = 'dc88f05e-6f9f-4203-bc8d-59b1737322f4' // pragma: allowlist secret\n const exchangeKeySelf = '6aac0c669a4423d5fed7c8d5a434ddf70e8f9ab34db8104cf88d810a535f2701' // pragma: allowlist secret\n const exchangeKeyOther = '24a58ab4837d2a7dbed477abf03c87816dfbae113604a1e3d93093194291907e' // pragma: allowlist secret\n function makeTestHcp(props: { includeHcPartyKeys?: boolean; includeAesExchangeKeys?: boolean }): HealthcareParty {\n const hcpId = primitives.randomUuid()\n return new HealthcareParty({\n id: hcpId,\n name: `Test-${primitives.randomUuid()}`,\n hcPartyKeys: props.includeHcPartyKeys\n ? {\n [hcpId]: [\n '785fd227c9a4bb185adea3070fdc571696df3f5e513ba7fe3e5f50b0cf5a449def0cbc7e806a626945c441adcd09feaf6c6bf3da6460347efc620be3b81bdbf3804cabdfdeac3f4d5417db0191a3a1032e57670be7db630256c862db0ed87a67454c8660cb30e7bd8bf3d3ec218dae2107616933e3882200add851ae49cb2ec731f0425f1cea7d69a530d6debff6c60e1663733c946e48ac800a70044ecc32bb5cbe184484e4bb6ac3ad42435e80d6c3d2b8684d1cfff9fe77bdb3fdaae71482f018945d878175a12407af3b9ef245cc6128ea956292f8e7f5e2d74368de42445675326b7e1dbd7990502cb098b1abef8e33f3d353a332912221d0039f787c69', // pragma: allowlist secret\n '785fd227c9a4bb185adea3070fdc571696df3f5e513ba7fe3e5f50b0cf5a449def0cbc7e806a626945c441adcd09feaf6c6bf3da6460347efc620be3b81bdbf3804cabdfdeac3f4d5417db0191a3a1032e57670be7db630256c862db0ed87a67454c8660cb30e7bd8bf3d3ec218dae2107616933e3882200add851ae49cb2ec731f0425f1cea7d69a530d6debff6c60e1663733c946e48ac800a70044ecc32bb5cbe184484e4bb6ac3ad42435e80d6c3d2b8684d1cfff9fe77bdb3fdaae71482f018945d878175a12407af3b9ef245cc6128ea956292f8e7f5e2d74368de42445675326b7e1dbd7990502cb098b1abef8e33f3d353a332912221d0039f787c69', // pragma: allowlist secret\n ],\n 'dc88f05e-6f9f-4203-bc8d-59b1737322f4': [\n // pragma: allowlist secret\n '9e8ce2e76f0716a5ff537ea56c6ec7725ed067afc3a8c1eb8ef63f5a6c6de1a901c651c433f558224be3ea6e09748c2dfa535b0d9114a5058126db7803a21ba99dc9877b372e6fbbdacf6d8e3410ee93c985959ab4f0267acf562619fee7723f050542ecfc1642dcf6f5d678994d58d8c83d8be65b5f399af19205777216d9eb28ecbb00c5ce57f253973403845f98b94d86361cccaeb33772aa491b9c1dc1fc95c0a9f74b2d26e895a4ff80d9b32fd318ea42088e6249f027a2b6afe98bd9dece83dc24e454a8a62e78b88952f38a87cdb580dda47c87496e44a5fde0e9886289aeded4a404411a1e28d28fc09fd305f4f43e0bce0c3605eb419b2795be70e7', // pragma: allowlist secret\n '27511848a060104b0b92447df4a6e1a11de92d65892b6d07104eab6add3ce57f664a1fd2431e509818a232e0601f0621ecf35df4492c53b18ceb21747a51cd863852c586fa9f3a0dd4e19b1038540ecc63724115cbb6909793a1ffceea4498dc7ae5e9fd4120912c13b276639036a6d859a2cc836b267aaeb33a876c8d40caa5ae4c5fde2122b1d3107f074ad28c38be6a96b5c899d5fda2e66c8bef4a541c41f177e868d8e521b35be07b96def15a6b15cd5a8d1e6fc2df3ce6fbd280d315082160054d904f71cd8b4d3822a2812a1a5224390ec4591319c0bad98429ccadba3f04f9b602d92a9e95f367bdd03fe5c943d4bc9ea595be27f53797b3d7c00f03', // pragma: allowlist secret\n ],\n }\n : {},\n aesExchangeKeys: props.includeAesExchangeKeys\n ? {\n // pragma: allowlist nextline secret\n '30820122300d06092a864886f70d01010105000382010f003082010a0282010100a53f247f466c8f4e39d04ac72e260949f66d0e6f0aa2875d670f3d7f6c7f45ecbfe8ce31a26abbca8008d75d135339a739ca3e0ee058b9595722db46701cd0dfbb9ef4f96d1ac337cf78fe4449a26be244020464d44ff0d3bf0b7bcb53666750fa76298e832386eb6e5a6e15d2e366e5c8e53acf0a6ecf20a43fd752f708797e58aaa60ceec23cf3ddc5eacca6630a068ef0e7ea52bfdec756456124610b5bcce6025e2cd4a03eb54a7bc2076531348136671102a89ea3a275147b273bfb17f11b759f20c2068c5ba4fa081cc7087b582300d8acb7c6bcc2b8485290d7c165f855180176662fa08af735e64091086d6d5d1f6a2fb1ccc08799369fcd6d68d8250203010001':\n {\n [hcpId]: {\n // pragma: allowlist secret\n ccc08799369fcd6d68d8250203010001:\n '785fd227c9a4bb185adea3070fdc571696df3f5e513ba7fe3e5f50b0cf5a449def0cbc7e806a626945c441adcd09feaf6c6bf3da6460347efc620be3b81bdbf3804cabdfdeac3f4d5417db0191a3a1032e57670be7db630256c862db0ed87a67454c8660cb30e7bd8bf3d3ec218dae2107616933e3882200add851ae49cb2ec731f0425f1cea7d69a530d6debff6c60e1663733c946e48ac800a70044ecc32bb5cbe184484e4bb6ac3ad42435e80d6c3d2b8684d1cfff9fe77bdb3fdaae71482f018945d878175a12407af3b9ef245cc6128ea956292f8e7f5e2d74368de42445675326b7e1dbd7990502cb098b1abef8e33f3d353a332912221d0039f787c69', // pragma: allowlist secret\n },\n 'dc88f05e-6f9f-4203-bc8d-59b1737322f4': {\n // pragma: allowlist secret\n // pragma: allowlist secret\n ccc08799369fcd6d68d8250203010001:\n '9e8ce2e76f0716a5ff537ea56c6ec7725ed067afc3a8c1eb8ef63f5a6c6de1a901c651c433f558224be3ea6e09748c2dfa535b0d9114a5058126db7803a21ba99dc9877b372e6fbbdacf6d8e3410ee93c985959ab4f0267acf562619fee7723f050542ecfc1642dcf6f5d678994d58d8c83d8be65b5f399af19205777216d9eb28ecbb00c5ce57f253973403845f98b94d86361cccaeb33772aa491b9c1dc1fc95c0a9f74b2d26e895a4ff80d9b32fd318ea42088e6249f027a2b6afe98bd9dece83dc24e454a8a62e78b88952f38a87cdb580dda47c87496e44a5fde0e9886289aeded4a404411a1e28d28fc09fd305f4f43e0bce0c3605eb419b2795be70e7', // pragma: allowlist secret\n // pragma: allowlist nextline secret\n '0c8b6fa8a116ecfee683b10203010001':\n '27511848a060104b0b92447df4a6e1a11de92d65892b6d07104eab6add3ce57f664a1fd2431e509818a232e0601f0621ecf35df4492c53b18ceb21747a51cd863852c586fa9f3a0dd4e19b1038540ecc63724115cbb6909793a1ffceea4498dc7ae5e9fd4120912c13b276639036a6d859a2cc836b267aaeb33a876c8d40caa5ae4c5fde2122b1d3107f074ad28c38be6a96b5c899d5fda2e66c8bef4a541c41f177e868d8e521b35be07b96def15a6b15cd5a8d1e6fc2df3ce6fbd280d315082160054d904f71cd8b4d3822a2812a1a5224390ec4591319c0bad98429ccadba3f04f9b602d92a9e95f367bdd03fe5c943d4bc9ea595be27f53797b3d7c00f03', // pragma: allowlist secret\n },\n },\n }\n : {},\n publicKey: pubKeyHex,\n })\n }\n\n before(async function () {\n const initializer = await getEnvironmentInitializer()\n env = await initializer.execute(getEnvVariables())\n masterApi = await TestUtils.initMasterApi(env)\n primitives = masterApi.cryptoApi.primitives\n })\n\n async function doLegacyKeysTestWithDeletedDataOwner(hcp: HealthcareParty) {\n const userPw = primitives.randomUuid()\n const user = await masterApi.userApi.createUser({\n id: primitives.randomUuid(),\n email: `${primitives.randomUuid()}@test.icure.com`,\n passwordHash: userPw,\n healthcarePartyId: hcp.id!,\n })\n const hcpKeypair = await primitives.RSA.importKeyPair('pkcs8', hex2ua(privKeyHex), 'spki', hex2ua(pubKeyHex), ShaVersion.Sha1)\n const testApi = await TestApi(env.iCureUrl, user.email!, userPw, webcrypto as any, hcpKeypair)\n const selfKeys = await testApi.cryptoApi.exchangeKeys.getDecryptionExchangeKeysFor(hcp.id!, hcp.id!)\n expect(selfKeys.length).to.eq(1)\n const selfKeyHex = ua2hex(await primitives.AES.exportKey(selfKeys[0], 'raw'))\n expect(selfKeyHex).to.eq(exchangeKeySelf)\n const delegateKeys = await testApi.cryptoApi.exchangeKeys.getDecryptionExchangeKeysFor(hcp.id!, deletedOtherId)\n expect(delegateKeys.length).to.eq(1)\n const delegateKeysHex = ua2hex(await primitives.AES.exportKey(delegateKeys[0], 'raw'))\n expect(delegateKeysHex).to.eq(exchangeKeyOther)\n }\n\n it('hcp with hcPartyKeys to soft-deleted user', async () => {\n const hcp = await masterApi.healthcarePartyApi.createHealthcareParty(makeTestHcp({ includeHcPartyKeys: true }))\n await doLegacyKeysTestWithDeletedDataOwner(hcp)\n })\n\n it('hcp with aesExchangeKeys to soft-deleted user', async () => {\n const hcp = await masterApi.healthcarePartyApi.createHealthcareParty(makeTestHcp({ includeAesExchangeKeys: true }))\n await doLegacyKeysTestWithDeletedDataOwner(hcp)\n })\n})\n"]}
|