@icure/api 8.0.7 → 8.0.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (259) hide show
  1. package/icc-api/model/models.d.ts +1 -0
  2. package/icc-api/model/models.js +1 -0
  3. package/icc-api/model/models.js.map +1 -1
  4. package/icc-x-api/crypto/ExchangeDataManager.js +3 -2
  5. package/icc-x-api/crypto/ExchangeDataManager.js.map +1 -1
  6. package/icc-x-api/crypto/KeyRecovery.js +5 -4
  7. package/icc-x-api/crypto/KeyRecovery.js.map +1 -1
  8. package/icc-x-api/crypto/RSA.d.ts +4 -1
  9. package/icc-x-api/crypto/RSA.js +6 -1
  10. package/icc-x-api/crypto/RSA.js.map +1 -1
  11. package/icc-x-api/crypto/SecureDelegationsManager.js +2 -1
  12. package/icc-x-api/crypto/SecureDelegationsManager.js.map +1 -1
  13. package/icc-x-api/crypto/TransferKeysManager.js +4 -3
  14. package/icc-x-api/crypto/TransferKeysManager.js.map +1 -1
  15. package/icc-x-api/crypto/UserEncryptionKeysManager.js +2 -1
  16. package/icc-x-api/crypto/UserEncryptionKeysManager.js.map +1 -1
  17. package/icc-x-api/crypto/utils.d.ts +1 -4
  18. package/icc-x-api/crypto/utils.js +6 -8
  19. package/icc-x-api/crypto/utils.js.map +1 -1
  20. package/icc-x-api/icc-accesslog-x-api.js +16 -14
  21. package/icc-x-api/icc-accesslog-x-api.js.map +1 -1
  22. package/icc-x-api/icc-calendar-item-x-api.d.ts +2 -2
  23. package/icc-x-api/icc-calendar-item-x-api.js +17 -17
  24. package/icc-x-api/icc-calendar-item-x-api.js.map +1 -1
  25. package/icc-x-api/icc-classification-x-api.js +12 -11
  26. package/icc-x-api/icc-classification-x-api.js.map +1 -1
  27. package/icc-x-api/icc-contact-x-api.d.ts +2 -2
  28. package/icc-x-api/icc-contact-x-api.js +23 -20
  29. package/icc-x-api/icc-contact-x-api.js.map +1 -1
  30. package/icc-x-api/icc-document-x-api.js +17 -16
  31. package/icc-x-api/icc-document-x-api.js.map +1 -1
  32. package/icc-x-api/icc-form-x-api.js +13 -12
  33. package/icc-x-api/icc-form-x-api.js.map +1 -1
  34. package/icc-x-api/icc-helement-x-api.js +18 -16
  35. package/icc-x-api/icc-helement-x-api.js.map +1 -1
  36. package/icc-x-api/icc-invoice-x-api.js +12 -11
  37. package/icc-x-api/icc-invoice-x-api.js.map +1 -1
  38. package/icc-x-api/icc-maintenance-task-x-api.js +11 -11
  39. package/icc-x-api/icc-maintenance-task-x-api.js.map +1 -1
  40. package/icc-x-api/icc-message-x-api.js +14 -14
  41. package/icc-x-api/icc-message-x-api.js.map +1 -1
  42. package/icc-x-api/icc-patient-x-api.js +28 -27
  43. package/icc-x-api/icc-patient-x-api.js.map +1 -1
  44. package/icc-x-api/icc-receipt-x-api.js +11 -10
  45. package/icc-x-api/icc-receipt-x-api.js.map +1 -1
  46. package/icc-x-api/icc-recovery-x-api.js +3 -2
  47. package/icc-x-api/icc-recovery-x-api.js.map +1 -1
  48. package/icc-x-api/icc-time-table-x-api.js +9 -8
  49. package/icc-x-api/icc-time-table-x-api.js.map +1 -1
  50. package/icc-x-api/icc-topic-x-api.js +13 -13
  51. package/icc-x-api/icc-topic-x-api.js.map +1 -1
  52. package/icc-x-api/utils/EntityWithDelegationTypeName.d.ts +17 -1
  53. package/icc-x-api/utils/EntityWithDelegationTypeName.js +33 -15
  54. package/icc-x-api/utils/EntityWithDelegationTypeName.js.map +1 -1
  55. package/icc-x-api/utils/index.d.ts +1 -0
  56. package/icc-x-api/utils/index.js +1 -0
  57. package/icc-x-api/utils/index.js.map +1 -1
  58. package/package.json +1 -1
  59. package/test/icc-api/api/IccAnonymousAccessApi.d.ts +1 -0
  60. package/test/icc-api/api/IccAnonymousAccessApi.js +58 -0
  61. package/test/icc-api/api/IccAnonymousAccessApi.js.map +1 -0
  62. package/test/icc-api/api/IccDocumentApi.d.ts +1 -0
  63. package/test/icc-api/api/IccDocumentApi.js +208 -0
  64. package/test/icc-api/api/IccDocumentApi.js.map +1 -0
  65. package/test/icc-api/api/IccGroupApi.d.ts +1 -0
  66. package/test/icc-api/api/IccGroupApi.js +50 -0
  67. package/test/icc-api/api/IccGroupApi.js.map +1 -0
  68. package/test/icc-api/api/IccRecoveryDataApi.d.ts +1 -0
  69. package/test/icc-api/api/IccRecoveryDataApi.js +95 -0
  70. package/test/icc-api/api/IccRecoveryDataApi.js.map +1 -0
  71. package/test/icc-api/api/IccRoleApi.d.ts +1 -0
  72. package/test/icc-api/api/IccRoleApi.js +34 -0
  73. package/test/icc-api/api/IccRoleApi.js.map +1 -0
  74. package/test/icc-api/api/IccUserApi.d.ts +1 -0
  75. package/test/icc-api/api/IccUserApi.js +96 -0
  76. package/test/icc-api/api/IccUserApi.js.map +1 -0
  77. package/test/icc-api/e2e/IccCalendarItemApi.d.ts +1 -0
  78. package/test/icc-api/e2e/IccCalendarItemApi.js +46 -0
  79. package/test/icc-api/e2e/IccCalendarItemApi.js.map +1 -0
  80. package/test/icc-api/model/modelHelpersTest.d.ts +1 -0
  81. package/test/icc-api/model/modelHelpersTest.js +45 -0
  82. package/test/icc-api/model/modelHelpersTest.js.map +1 -0
  83. package/test/icc-x-api/auth/group-switch-test.d.ts +1 -0
  84. package/test/icc-x-api/auth/group-switch-test.js +81 -0
  85. package/test/icc-x-api/auth/group-switch-test.js.map +1 -0
  86. package/test/icc-x-api/auth/jwt-concurrency-test.d.ts +2 -0
  87. package/test/icc-x-api/auth/jwt-concurrency-test.js +113 -0
  88. package/test/icc-x-api/auth/jwt-concurrency-test.js.map +1 -0
  89. package/test/icc-x-api/auth/smart-auth-provider-test.d.ts +1 -0
  90. package/test/icc-x-api/auth/smart-auth-provider-test.js +224 -0
  91. package/test/icc-x-api/auth/smart-auth-provider-test.js.map +1 -0
  92. package/test/icc-x-api/autofix-anonymity-test.d.ts +1 -0
  93. package/test/icc-x-api/autofix-anonymity-test.js +108 -0
  94. package/test/icc-x-api/autofix-anonymity-test.js.map +1 -0
  95. package/test/icc-x-api/confidential-entities-test.d.ts +1 -0
  96. package/test/icc-x-api/confidential-entities-test.js +110 -0
  97. package/test/icc-x-api/confidential-entities-test.js.map +1 -0
  98. package/test/icc-x-api/crud/comprehensive-crud-test.d.ts +1 -0
  99. package/test/icc-x-api/crud/comprehensive-crud-test.js +276 -0
  100. package/test/icc-x-api/crud/comprehensive-crud-test.js.map +1 -0
  101. package/test/icc-x-api/crud/entities-crud-test-interface.d.ts +16 -0
  102. package/test/icc-x-api/crud/entities-crud-test-interface.js +422 -0
  103. package/test/icc-x-api/crud/entities-crud-test-interface.js.map +1 -0
  104. package/test/icc-x-api/crypto/anonymous-delegations-test.d.ts +1 -0
  105. package/test/icc-x-api/crypto/anonymous-delegations-test.js +588 -0
  106. package/test/icc-x-api/crypto/anonymous-delegations-test.js.map +1 -0
  107. package/test/icc-x-api/crypto/concurrency.d.ts +1 -0
  108. package/test/icc-x-api/crypto/concurrency.js +35 -0
  109. package/test/icc-x-api/crypto/concurrency.js.map +1 -0
  110. package/test/icc-x-api/crypto/crypto-utils.d.ts +1 -0
  111. package/test/icc-x-api/crypto/crypto-utils.js +80 -0
  112. package/test/icc-x-api/crypto/crypto-utils.js.map +1 -0
  113. package/test/icc-x-api/crypto/cryptoTest.d.ts +2 -0
  114. package/test/icc-x-api/crypto/cryptoTest.js +302 -0
  115. package/test/icc-x-api/crypto/cryptoTest.js.map +1 -0
  116. package/test/icc-x-api/crypto/delegate-ci-to-patient-with-missing-keys-test.d.ts +1 -0
  117. package/test/icc-x-api/crypto/delegate-ci-to-patient-with-missing-keys-test.js +166 -0
  118. package/test/icc-x-api/crypto/delegate-ci-to-patient-with-missing-keys-test.js.map +1 -0
  119. package/test/icc-x-api/crypto/exchange-data-manager-test.d.ts +1 -0
  120. package/test/icc-x-api/crypto/exchange-data-manager-test.js +690 -0
  121. package/test/icc-x-api/crypto/exchange-data-manager-test.js.map +1 -0
  122. package/test/icc-x-api/crypto/full-crypto-test.d.ts +1 -0
  123. package/test/icc-x-api/crypto/full-crypto-test.js +457 -0
  124. package/test/icc-x-api/crypto/full-crypto-test.js.map +1 -0
  125. package/test/icc-x-api/crypto/secure-delegations-manager-test.d.ts +1 -0
  126. package/test/icc-x-api/crypto/secure-delegations-manager-test.js +266 -0
  127. package/test/icc-x-api/crypto/secure-delegations-manager-test.js.map +1 -0
  128. package/test/icc-x-api/crypto/secure-delegations-metadata-decryptor-test.d.ts +1 -0
  129. package/test/icc-x-api/crypto/secure-delegations-metadata-decryptor-test.js +393 -0
  130. package/test/icc-x-api/crypto/secure-delegations-metadata-decryptor-test.js.map +1 -0
  131. package/test/icc-x-api/crypto/security-metadata-decryptor-chain-test.d.ts +1 -0
  132. package/test/icc-x-api/crypto/security-metadata-decryptor-chain-test.js +213 -0
  133. package/test/icc-x-api/crypto/security-metadata-decryptor-chain-test.js.map +1 -0
  134. package/test/icc-x-api/crypto/shamir.d.ts +2 -0
  135. package/test/icc-x-api/crypto/shamir.js +166 -0
  136. package/test/icc-x-api/crypto/shamir.js.map +1 -0
  137. package/test/icc-x-api/crypto/share-to-newly-created-patient-from-hcp.d.ts +1 -0
  138. package/test/icc-x-api/crypto/share-to-newly-created-patient-from-hcp.js +71 -0
  139. package/test/icc-x-api/crypto/share-to-newly-created-patient-from-hcp.js.map +1 -0
  140. package/test/icc-x-api/crypto/signature-keys-manager-test.d.ts +1 -0
  141. package/test/icc-x-api/crypto/signature-keys-manager-test.js +44 -0
  142. package/test/icc-x-api/crypto/signature-keys-manager-test.js.map +1 -0
  143. package/test/icc-x-api/crypto/user-encryption-keys-manager-test.d.ts +1 -0
  144. package/test/icc-x-api/crypto/user-encryption-keys-manager-test.js +246 -0
  145. package/test/icc-x-api/crypto/user-encryption-keys-manager-test.js.map +1 -0
  146. package/test/icc-x-api/entity-with-attachments-api-test.d.ts +1 -0
  147. package/test/icc-x-api/entity-with-attachments-api-test.js +142 -0
  148. package/test/icc-x-api/entity-with-attachments-api-test.js.map +1 -0
  149. package/test/icc-x-api/filters/filters.d.ts +1 -0
  150. package/test/icc-x-api/filters/filters.js +49 -0
  151. package/test/icc-x-api/filters/filters.js.map +1 -0
  152. package/test/icc-x-api/icc-accesslog-x-api.d.ts +1 -0
  153. package/test/icc-x-api/icc-accesslog-x-api.js +106 -0
  154. package/test/icc-x-api/icc-accesslog-x-api.js.map +1 -0
  155. package/test/icc-x-api/icc-auth-api.d.ts +1 -0
  156. package/test/icc-x-api/icc-auth-api.js +47 -0
  157. package/test/icc-x-api/icc-auth-api.js.map +1 -0
  158. package/test/icc-x-api/icc-calendar-item-x-api.d.ts +1 -0
  159. package/test/icc-x-api/icc-calendar-item-x-api.js +150 -0
  160. package/test/icc-x-api/icc-calendar-item-x-api.js.map +1 -0
  161. package/test/icc-x-api/icc-contact-x-api.d.ts +1 -0
  162. package/test/icc-x-api/icc-contact-x-api.js +279 -0
  163. package/test/icc-x-api/icc-contact-x-api.js.map +1 -0
  164. package/test/icc-x-api/icc-form-x-api.d.ts +1 -0
  165. package/test/icc-x-api/icc-form-x-api.js +98 -0
  166. package/test/icc-x-api/icc-form-x-api.js.map +1 -0
  167. package/test/icc-x-api/icc-helement-x-api-test.d.ts +1 -0
  168. package/test/icc-x-api/icc-helement-x-api-test.js +153 -0
  169. package/test/icc-x-api/icc-helement-x-api-test.js.map +1 -0
  170. package/test/icc-x-api/icc-invoice-x-api.d.ts +1 -0
  171. package/test/icc-x-api/icc-invoice-x-api.js +99 -0
  172. package/test/icc-x-api/icc-invoice-x-api.js.map +1 -0
  173. package/test/icc-x-api/icc-maintenance-task-x-api-test.d.ts +1 -0
  174. package/test/icc-x-api/icc-maintenance-task-x-api-test.js +221 -0
  175. package/test/icc-x-api/icc-maintenance-task-x-api-test.js.map +1 -0
  176. package/test/icc-x-api/icc-message-x-api.d.ts +1 -0
  177. package/test/icc-x-api/icc-message-x-api.js +328 -0
  178. package/test/icc-x-api/icc-message-x-api.js.map +1 -0
  179. package/test/icc-x-api/icc-patient-x-api-test.d.ts +1 -0
  180. package/test/icc-x-api/icc-patient-x-api-test.js +158 -0
  181. package/test/icc-x-api/icc-patient-x-api-test.js.map +1 -0
  182. package/test/icc-x-api/icc-recovery-x-api.d.ts +1 -0
  183. package/test/icc-x-api/icc-recovery-x-api.js +170 -0
  184. package/test/icc-x-api/icc-recovery-x-api.js.map +1 -0
  185. package/test/icc-x-api/icc-time-table-x-api.d.ts +1 -0
  186. package/test/icc-x-api/icc-time-table-x-api.js +100 -0
  187. package/test/icc-x-api/icc-time-table-x-api.js.map +1 -0
  188. package/test/icc-x-api/icc-topic-x-api.d.ts +1 -0
  189. package/test/icc-x-api/icc-topic-x-api.js +269 -0
  190. package/test/icc-x-api/icc-topic-x-api.js.map +1 -0
  191. package/test/icc-x-api/icc-user-x-api-test.d.ts +1 -0
  192. package/test/icc-x-api/icc-user-x-api-test.js +99 -0
  193. package/test/icc-x-api/icc-user-x-api-test.js.map +1 -0
  194. package/test/icc-x-api/patient-user.d.ts +2 -0
  195. package/test/icc-x-api/patient-user.js +104 -0
  196. package/test/icc-x-api/patient-user.js.map +1 -0
  197. package/test/icc-x-api/storage/storage.d.ts +1 -0
  198. package/test/icc-x-api/storage/storage.js +48 -0
  199. package/test/icc-x-api/storage/storage.js.map +1 -0
  200. package/test/icc-x-api/test-api-no-parent.d.ts +1 -0
  201. package/test/icc-x-api/test-api-no-parent.js +79 -0
  202. package/test/icc-x-api/test-api-no-parent.js.map +1 -0
  203. package/test/icc-x-api/test-legacy-data-support.d.ts +1 -0
  204. package/test/icc-x-api/test-legacy-data-support.js +376 -0
  205. package/test/icc-x-api/test-legacy-data-support.js.map +1 -0
  206. package/test/icc-x-api/utils/graph-test.d.ts +1 -0
  207. package/test/icc-x-api/utils/graph-test.js +54 -0
  208. package/test/icc-x-api/utils/graph-test.js.map +1 -0
  209. package/test/icc-x-api/utils/lru-temporised-async-cache-test.d.ts +1 -0
  210. package/test/icc-x-api/utils/lru-temporised-async-cache-test.js +364 -0
  211. package/test/icc-x-api/utils/lru-temporised-async-cache-test.js.map +1 -0
  212. package/test/support/CSM-185.d.ts +1 -0
  213. package/test/support/CSM-185.js +124 -0
  214. package/test/support/CSM-185.js.map +1 -0
  215. package/test/support/CSM-243.d.ts +1 -0
  216. package/test/support/CSM-243.js +120 -0
  217. package/test/support/CSM-243.js.map +1 -0
  218. package/test/support/CSM-87.d.ts +0 -0
  219. package/test/support/CSM-87.js +21 -0
  220. package/test/support/CSM-87.js.map +1 -0
  221. package/test/support/CSM-93.d.ts +1 -0
  222. package/test/support/CSM-93.js +112 -0
  223. package/test/support/CSM-93.js.map +1 -0
  224. package/test/utils/FakeDataOwnerApi.d.ts +32 -0
  225. package/test/utils/FakeDataOwnerApi.js +136 -0
  226. package/test/utils/FakeDataOwnerApi.js.map +1 -0
  227. package/test/utils/FakeEncryptionKeysManager.d.ts +35 -0
  228. package/test/utils/FakeEncryptionKeysManager.js +87 -0
  229. package/test/utils/FakeEncryptionKeysManager.js.map +1 -0
  230. package/test/utils/FakeExchangeDataApi.d.ts +30 -0
  231. package/test/utils/FakeExchangeDataApi.js +74 -0
  232. package/test/utils/FakeExchangeDataApi.js.map +1 -0
  233. package/test/utils/FakeExchangeDataManager.d.ts +40 -0
  234. package/test/utils/FakeExchangeDataManager.js +89 -0
  235. package/test/utils/FakeExchangeDataManager.js.map +1 -0
  236. package/test/utils/FakeExchangeDataMapManager.d.ts +12 -0
  237. package/test/utils/FakeExchangeDataMapManager.js +38 -0
  238. package/test/utils/FakeExchangeDataMapManager.js.map +1 -0
  239. package/test/utils/FakeGenericApi.d.ts +16 -0
  240. package/test/utils/FakeGenericApi.js +65 -0
  241. package/test/utils/FakeGenericApi.js.map +1 -0
  242. package/test/utils/FakeSignatureKeysManager.d.ts +16 -0
  243. package/test/utils/FakeSignatureKeysManager.js +54 -0
  244. package/test/utils/FakeSignatureKeysManager.js.map +1 -0
  245. package/test/utils/TestApi.d.ts +3 -0
  246. package/test/utils/TestApi.js +30 -0
  247. package/test/utils/TestApi.js.map +1 -0
  248. package/test/utils/TestCollectionUtils.d.ts +1 -0
  249. package/test/utils/TestCollectionUtils.js +109 -0
  250. package/test/utils/TestCollectionUtils.js.map +1 -0
  251. package/test/utils/TestCryptoStrategies.d.ts +42 -0
  252. package/test/utils/TestCryptoStrategies.js +80 -0
  253. package/test/utils/TestCryptoStrategies.js.map +1 -0
  254. package/test/utils/TestStorage.d.ts +23 -0
  255. package/test/utils/TestStorage.js +61 -0
  256. package/test/utils/TestStorage.js.map +1 -0
  257. package/test/utils/test_utils.d.ts +76 -0
  258. package/test/utils/test_utils.js +419 -0
  259. package/test/utils/test_utils.js.map +1 -0
@@ -63,6 +63,7 @@ export * from './Company';
63
63
  export * from './Contact';
64
64
  export * from './Content';
65
65
  export * from './Copayment';
66
+ export * from './CryptoActorStub';
66
67
  export * from './Data';
67
68
  export * from './DataAttachment';
68
69
  export * from './DataOwnerRegistrationSuccess';
@@ -62,6 +62,7 @@ __exportStar(require("./Company"), exports);
62
62
  __exportStar(require("./Contact"), exports);
63
63
  __exportStar(require("./Content"), exports);
64
64
  __exportStar(require("./Copayment"), exports);
65
+ __exportStar(require("./CryptoActorStub"), exports);
65
66
  __exportStar(require("./Data"), exports);
66
67
  __exportStar(require("./DataAttachment"), exports);
67
68
  __exportStar(require("./DataOwnerRegistrationSuccess"), exports);
@@ -1 +1 @@
1
- {"version":3,"file":"models.js","sourceRoot":"","sources":["../../../icc-api/model/models.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAkBA,uDAAoC;AACpC,0DAAuC;AACvC,yDAAsC;AACtC,gEAA6C;AAC7C,kEAA+C;AAC/C,0DAAuC;AACvC,kEAA+C;AAC/C,0DAAuC;AACvC,0DAAuC;AACvC,uDAAoC;AACpC,8CAA2B;AAC3B,kDAA+B;AAC/B,4CAAyB;AACzB,2DAAwC;AACxC,2CAAwB;AACxB,sDAAmC;AACnC,wCAAqB;AACrB,iDAA8B;AAC9B,yCAAsB;AACtB,kDAA+B;AAC/B,+CAA4B;AAC5B,wDAAqC;AACrC,4DAAyC;AACzC,4CAAyB;AACzB,wCAAqB;AACrB,uDAAoC;AACpC,2DAAwC;AACxC,wDAAqC;AACrC,0CAAuB;AACvB,yCAAsB;AACtB,gEAA6C;AAC7C,iDAA8B;AAC9B,oDAAiC;AACjC,qDAAkC;AAClC,mDAAgC;AAChC,uDAAoC;AACpC,0DAAuC;AACvC,mDAAgC;AAChC,2DAAwC;AACxC,yCAAsB;AACtB,6CAA0B;AAC1B,6CAA0B;AAC1B,4DAAyC;AACzC,sDAAmC;AACnC,4CAAyB;AACzB,4CAAyB;AACzB,4CAAyB;AACzB,8CAA2B;AAC3B,yCAAsB;AACtB,mDAAgC;AAChC,iEAA8C;AAC9C,sDAAmC;AACnC,iDAA8B;AAC9B,2DAAwC;AACxC,4DAAyC;AACzC,+CAA4B;AAC5B,sDAAmC;AACnC,2CAAwB;AACxB,+CAA4B;AAC5B,wDAAqC;AACrC,yCAAsB;AACtB,kDAA+B;AAC/B,6CAA0B;AAC1B,kDAA+B;AAC/B,qDAAkC;AAClC,6CAA0B;AAC1B,4CAAyB;AACzB,2CAAwB;AACxB,iDAA8B;AAC9B,6CAA0B;AAC1B,mDAAgC;AAChC,oDAAiC;AACjC,mDAAgC;AAChC,4CAAyB;AACzB,oDAAiC;AACjC,uDAAoC;AACpC,sDAAmC;AACnC,6DAA0C;AAC1C,+DAA4C;AAC5C,uDAAoC;AACpC,+DAA4C;AAC5C,uDAAoC;AACpC,uDAAoC;AACpC,oDAAiC;AACjC,oEAAiD;AACjD,yDAAsC;AACtC,6CAA0B;AAC1B,yCAAsB;AACtB,+CAA4B;AAC5B,mDAAgC;AAChC,+CAA4B;AAC5B,mDAAgC;AAChC,iDAA8B;AAC9B,gDAA6B;AAC7B,iDAA8B;AAC9B,uDAAoC;AACpC,4CAAyB;AACzB,sDAAmC;AACnC,0CAAuB;AACvB,uDAAoC;AACpC,4CAAyB;AACzB,gDAA6B;AAC7B,wDAAqC;AACrC,kDAA+B;AAC/B,oDAAiC;AACjC,iEAA8C;AAC9C,8CAA2B;AAC3B,8CAA2B;AAC3B,+CAA4B;AAC5B,2DAAwC;AACxC,kDAA+B;AAC/B,iDAA8B;AAC9B,yDAAsC;AACtC,iDAA8B;AAC9B,+CAA4B;AAC5B,iDAA8B;AAC9B,8CAA2B;AAC3B,4CAAyB;AACzB,gDAA6B;AAC7B,kDAA+B;AAC/B,kDAA+B;AAC/B,kDAA+B;AAC/B,4CAAyB;AACzB,mDAAgC;AAChC,sDAAmC;AACnC,gDAA6B;AAC7B,8CAA2B;AAC3B,qDAAkC;AAClC,qDAAkC;AAClC,oDAAiC;AACjC,6CAA0B;AAC1B,4CAAyB;AACzB,8CAA2B;AAC3B,yDAAsC;AACtC,oDAAiC;AACjC,+CAA4B;AAC5B,+DAA4C;AAC5C,qDAAkC;AAClC,4CAAyB;AACzB,sDAAmC;AACnC,sDAAmC;AACnC,qDAAkC;AAClC,6DAA0C;AAC1C,mDAAgC;AAChC,wCAAqB;AACrB,gEAA6C;AAC7C,mDAAgC;AAChC,mDAAgC;AAChC,kDAA+B;AAC/B,qEAAkD;AAClD,2DAAwC;AACxC,qDAAkC;AAClC,gEAA6C;AAC7C,wEAAqD;AACrD,sDAAmC;AACnC,yDAAsC;AACtC,wDAAqC;AACrC,0DAAuC;AACvC,gEAA6C;AAC7C,sDAAmC;AACnC,uDAAoC;AACpC,+DAA4C;AAC5C,iEAA8C;AAC9C,yDAAsC;AACtC,iEAA8C;AAC9C,yDAAsC;AACtC,qDAAkC;AAClC,yDAAsC;AACtC,yDAAsC;AACtC,wDAAqC;AACrC,8DAA2C;AAC3C,uDAAoC;AACpC,sDAAmC;AACnC,qDAAkC;AAClC,0DAAuC;AACvC,8CAA2B;AAC3B,uDAAoC;AACpC,yCAAsB;AACtB,gDAA6B;AAC7B,4CAAyB;AACzB,2DAAwC;AACxC,4CAAyB;AACzB,gDAA6B;AAC7B,+CAA4B;AAC5B,mDAAgC;AAChC,+CAA4B;AAC5B,uDAAoC;AACpC,2DAAwC;AACxC,0CAAuB;AACvB,iDAA8B;AAC9B,8CAA2B;AAC3B,4CAAyB;AACzB,iDAA8B;AAC9B,qDAAkC;AAClC,8CAA2B;AAC3B,6CAA0B;AAC1B,0CAAuB;AACvB,4CAAyB;AACzB,mDAAgC;AAChC,mDAAgC;AAChC,gDAA6B;AAC7B,4DAAyC;AACzC,wDAAqC;AACrC,kDAA+B;AAC/B,2DAAwC;AACxC,2CAAwB;AACxB,yDAAsC;AACtC,4CAAyB;AACzB,gDAA6B;AAC7B,qDAAkC;AAClC,oDAAiC;AACjC,qDAAkC;AAClC,uDAAoC;AACpC,uDAAoC;AACpC,+CAA4B;AAC5B,0CAAuB;AACvB,yCAAsB;AACtB,sDAAmC;AACnC,mDAAgC;AAChC,0DAAuC;AACvC,4CAAyB;AACzB,+CAA4B;AAC5B,kDAA+B;AAC/B,4CAAyB;AACzB,4CAAyB;AACzB,gDAA6B;AAC7B,8DAA2C;AAC3C,sDAAmC;AACnC,kDAA+B;AAC/B,qDAAkC;AAClC,+CAA4B;AAC5B,8CAA2B;AAC3B,kDAA+B;AAC/B,qDAAkC;AAClC,4CAAyB;AACzB,kDAA+B;AAC/B,qDAAkC;AAClC,mDAAgC;AAChC,kDAA+B;AAC/B,+CAA4B;AAC5B,wCAAqB;AACrB,iDAA8B;AAC9B,4CAAyB;AACzB,+CAA4B;AAC5B,8CAA2B;AAC3B,kDAA+B;AAC/B,kDAA+B;AAC/B,mDAAgC;AAChC,qDAAkC;AAClC,yCAAsB;AACtB,yCAAsB;AACtB,2DAAwC;AACxC,8CAA2B;AAC3B,iDAA8B;AAC9B,iDAA8B;AAC9B,0CAAuB;AACvB,gDAA6B;AAC7B,sDAAmC;AACnC,wCAAqB;AACrB,iDAA8B;AAC9B,6CAA0B;AAC1B,iDAA8B;AAC9B,4CAAyB;AACzB,wCAAqB;AACrB,yCAAsB;AACtB,4CAAyB;AACzB,qDAAkC;AAClC,qDAAkC;AAClC,0CAAuB;AACvB,+CAA4B;AAC5B,6CAA0B","sourcesContent":["import { AccessLog } from './AccessLog'\nimport { Article } from './Article'\nimport { Classification } from './Classification'\nimport { Document } from './Document'\nimport { HealthElement } from './HealthElement'\nimport { Invoice } from './Invoice'\nimport { Form } from './Form'\nimport { Contact } from './Contact'\nimport { CalendarItem } from './CalendarItem'\nimport { MaintenanceTask } from './MaintenanceTask'\nimport { Message } from './Message'\nimport { Receipt } from './Receipt'\nimport { Patient } from './Patient'\nimport { Delegation } from './Delegation'\nimport { SecurityMetadata } from './SecurityMetadata'\nimport { IcureStub } from './IcureStub'\nimport { Topic } from './Topic'\n\nexport * from './AbstractFilterCode'\nexport * from './AbstractFilterContact'\nexport * from './AbstractFilterDevice'\nexport * from './AbstractFilterHealthElement'\nexport * from './AbstractFilterHealthcareParty'\nexport * from './AbstractFilterInvoice'\nexport * from './AbstractFilterMaintenanceTask'\nexport * from './AbstractFilterPatient'\nexport * from './AbstractFilterService'\nexport * from './AbstractFilterUser'\nexport * from './AccessLog'\nexport * from './AddedDocument'\nexport * from './Address'\nexport * from './AdministrationQuantity'\nexport * from './Agenda'\nexport * from './AgreementAppendix'\nexport * from './Amp'\nexport * from './AmpComponent'\nexport * from './Ampp'\nexport * from './AmppComponent'\nexport * from './Annotation'\nexport * from './ApplicationSettings'\nexport * from './AppointmentTypeAndPlace'\nexport * from './Article'\nexport * from './Atc'\nexport * from './AttachmentMetadata'\nexport * from './AuthenticationResponse'\nexport * from './AuthenticationToken'\nexport * from './Basic'\nexport * from './Body'\nexport * from './BulkAttachmentUpdateOptions'\nexport * from './CalendarItem'\nexport * from './CalendarItemTag'\nexport * from './CalendarItemType'\nexport * from './CareTeamMember'\nexport * from './CareTeamMembership'\nexport * from './CheckSMFPatientResult'\nexport * from './Classification'\nexport * from './ClassificationTemplate'\nexport * from './Code'\nexport * from './CodeStub'\nexport * from './CodeType'\nexport * from './CommentedClassification'\nexport * from './Commercialization'\nexport * from './Company'\nexport * from './Contact'\nexport * from './Content'\nexport * from './Copayment'\nexport * from './Data'\nexport * from './DataAttachment'\nexport * from './DataOwnerRegistrationSuccess'\nexport * from './DataOwnerWithType'\nexport * from './DatabaseInfo'\nexport * from './DatabaseInitialisation'\nexport * from './DatabaseSynchronization'\nexport * from './Delegation'\nexport * from './DeletedAttachment'\nexport * from './Device'\nexport * from './DeviceType'\nexport * from './DiaryNoteExportInfo'\nexport * from './Dmpp'\nexport * from './DocIdentifier'\nexport * from './Document'\nexport * from './DocumentGroup'\nexport * from './DocumentTemplate'\nexport * from './Duration'\nexport * from './EIDItem'\nexport * from './Editor'\nexport * from './EfactInvoice'\nexport * from './Employer'\nexport * from './EmploymentInfo'\nexport * from './EntityReference'\nexport * from './EntityTemplate'\nexport * from './Episode'\nexport * from './FilterChainCode'\nexport * from './FilterChainContact'\nexport * from './FilterChainDevice'\nexport * from './FilterChainHealthElement'\nexport * from './FilterChainHealthcareParty'\nexport * from './FilterChainInvoice'\nexport * from './FilterChainMaintenanceTask'\nexport * from './FilterChainPatient'\nexport * from './FilterChainService'\nexport * from './FilterChainUser'\nexport * from './FinancialInstitutionInformation'\nexport * from './FlatRateTarification'\nexport * from './FlowItem'\nexport * from './Form'\nexport * from './FormColumn'\nexport * from './FormDataOption'\nexport * from './FormLayout'\nexport * from './FormLayoutData'\nexport * from './FormPlanning'\nexport * from './FormSection'\nexport * from './FormTemplate'\nexport * from './FormTemplateLayout'\nexport * from './Formula'\nexport * from './FrontEndMigration'\nexport * from './Group'\nexport * from './GroupDatabasesInfo'\nexport * from './GuiCode'\nexport * from './GuiCodeType'\nexport * from './GroupDeletionReport'\nexport * from './HealthElement'\nexport * from './HealthcareParty'\nexport * from './HealthcarePartyHistoryStatus'\nexport * from './IcureStub'\nexport * from './IdWithRev'\nexport * from './Identifier'\nexport * from './IdentityDocumentReader'\nexport * from './ImportMapping'\nexport * from './ImportResult'\nexport * from './IncapacityExportInfo'\nexport * from './IndexingInfo'\nexport * from './Ingredient'\nexport * from './Insurability'\nexport * from './Insurance'\nexport * from './Invoice'\nexport * from './InvoiceItem'\nexport * from './InvoiceSender'\nexport * from './InvoicesBatch'\nexport * from './InvoicingCode'\nexport * from './Keyword'\nexport * from './KeywordSubword'\nexport * from './LabelledOccurence'\nexport * from './LetterValue'\nexport * from './ListOfIds'\nexport * from './ListOfProperties'\nexport * from './LoginCredentials'\nexport * from './MaintenanceTask'\nexport * from './MapOfIds'\nexport * from './Measure'\nexport * from './MedexInfo'\nexport * from './MedicalHouseContract'\nexport * from './MedicalLocation'\nexport * from './Medication'\nexport * from './MedicationSchemeExportInfo'\nexport * from './Medicinalproduct'\nexport * from './Message'\nexport * from './MessageAttachment'\nexport * from './MessageReadStatus'\nexport * from './MessageWithBatch'\nexport * from './MessagesReadStatusUpdate'\nexport * from './MimeAttachment'\nexport * from './Nmp'\nexport * from './NoGenericPrescriptionReason'\nexport * from './NoSwitchReason'\nexport * from './NumeratorRange'\nexport * from './PackagingType'\nexport * from './PaginatedDocumentKeyIdPairObject'\nexport * from './PaginatedListAccessLog'\nexport * from './PaginatedListAmp'\nexport * from './PaginatedListClassification'\nexport * from './PaginatedListClassificationTemplate'\nexport * from './PaginatedListCode'\nexport * from './PaginatedListContact'\nexport * from './PaginatedListDevice'\nexport * from './PaginatedListDocument'\nexport * from './PaginatedListEntityTemplate'\nexport * from './PaginatedListForm'\nexport * from './PaginatedListGroup'\nexport * from './PaginatedListHealthElement'\nexport * from './PaginatedListHealthcareParty'\nexport * from './PaginatedListInvoice'\nexport * from './PaginatedListMaintenanceTask'\nexport * from './PaginatedListMessage'\nexport * from './PaginatedListNmp'\nexport * from './PaginatedListPatient'\nexport * from './PaginatedListService'\nexport * from './PaginatedListString'\nexport * from './PaginatedListTarification'\nexport * from './PaginatedListTopic'\nexport * from './PaginatedListUser'\nexport * from './PaginatedListVmp'\nexport * from './PaginatedListVmpGroup'\nexport * from './Paragraph'\nexport * from './ParagraphAgreement'\nexport * from './Part'\nexport * from './Partnership'\nexport * from './Patient'\nexport * from './PatientHealthCareParty'\nexport * from './Payment'\nexport * from './Periodicity'\nexport * from './Permission'\nexport * from './PermissionItem'\nexport * from './PersonName'\nexport * from './PharmaceuticalForm'\nexport * from './PharmaceuticalFormStub'\nexport * from './Place'\nexport * from './PlanOfAction'\nexport * from './Predicate'\nexport * from './Pricing'\nexport * from './PropertyStub'\nexport * from './PropertyTypeStub'\nexport * from './PublicKey'\nexport * from './Quantity'\nexport * from './Range'\nexport * from './Receipt'\nexport * from './ReferenceRange'\nexport * from './ReferralPeriod'\nexport * from './RegimenItem'\nexport * from './RegistrationInformation'\nexport * from './RegistrationSuccess'\nexport * from './Reimbursement'\nexport * from './ReimbursementCriterion'\nexport * from './Remote'\nexport * from './RemoteAuthentication'\nexport * from './Renewal'\nexport * from './Replication'\nexport * from './ReplicateCommand'\nexport * from './ReplicationInfo'\nexport * from './ReplicationStats'\nexport * from './ReplicatorDocument'\nexport * from './ReplicatorResponse'\nexport * from './ResultInfo'\nexport * from './Right'\nexport * from './Role'\nexport * from './RoleConfiguration'\nexport * from './RoleSourceEnum'\nexport * from './RouteOfAdministration'\nexport * from './SamText'\nexport * from './SamVersion'\nexport * from './SchoolingInfo'\nexport * from './Section'\nexport * from './Service'\nexport * from './ServiceLink'\nexport * from './SoftwareMedicalFileExport'\nexport * from './StandardSubstance'\nexport * from './StrengthRange'\nexport * from './StructureElement'\nexport * from './SubContact'\nexport * from './Substance'\nexport * from './SubstanceStub'\nexport * from './Substanceproduct'\nexport * from './Suggest'\nexport * from './SumehrContent'\nexport * from './SumehrExportInfo'\nexport * from './SumehrValidity'\nexport * from './SupplyProblem'\nexport * from './Suspension'\nexport * from './Tag'\nexport * from './Tarification'\nexport * from './Telecom'\nexport * from './TimeSeries'\nexport * from './TimeTable'\nexport * from './TimeTableHour'\nexport * from './TimeTableItem'\nexport * from './TokenWithGroup'\nexport * from './TypedValueObject'\nexport * from './Unit'\nexport * from './User'\nexport * from './UserAndHealthcareParty'\nexport * from './UserGroup'\nexport * from './UserTypeEnum'\nexport * from './Valorisation'\nexport * from './Verse'\nexport * from './VirtualForm'\nexport * from './VirtualIngredient'\nexport * from './Vmp'\nexport * from './VmpComponent'\nexport * from './VmpGroup'\nexport * from './VmpGroupStub'\nexport * from './VmpStub'\nexport * from './Vtm'\nexport * from './Wada'\nexport * from './Weekday'\nexport * from './SecurityMetadata'\nexport * from './SecureDelegation'\nexport * from './Topic'\nexport * from './Connection'\nexport * from './ISO639_1'\n\nexport type EncryptedEntity =\n | AccessLog\n | Article\n | CalendarItem\n | Classification\n | Contact\n | Document\n | Form\n | HealthElement\n | Invoice\n | MaintenanceTask\n | Message\n | Patient\n | Receipt\n | Topic\n\nexport type EncryptedEntityStub =\n | {\n // When changing remember to also update icc-x-api/crypto/utils/encryptedStubEquals\n id?: string\n secretForeignKeys?: Array<string>\n cryptedForeignKeys?: { [key: string]: Delegation[] }\n delegations?: { [key: string]: Delegation[] }\n encryptionKeys?: { [key: string]: Delegation[] }\n encryptedSelf?: string\n securityMetadata?: SecurityMetadata\n }\n | IcureStub\n\nexport type EncryptedParentEntity = Message | Patient\n"]}
1
+ {"version":3,"file":"models.js","sourceRoot":"","sources":["../../../icc-api/model/models.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAkBA,uDAAoC;AACpC,0DAAuC;AACvC,yDAAsC;AACtC,gEAA6C;AAC7C,kEAA+C;AAC/C,0DAAuC;AACvC,kEAA+C;AAC/C,0DAAuC;AACvC,0DAAuC;AACvC,uDAAoC;AACpC,8CAA2B;AAC3B,kDAA+B;AAC/B,4CAAyB;AACzB,2DAAwC;AACxC,2CAAwB;AACxB,sDAAmC;AACnC,wCAAqB;AACrB,iDAA8B;AAC9B,yCAAsB;AACtB,kDAA+B;AAC/B,+CAA4B;AAC5B,wDAAqC;AACrC,4DAAyC;AACzC,4CAAyB;AACzB,wCAAqB;AACrB,uDAAoC;AACpC,2DAAwC;AACxC,wDAAqC;AACrC,0CAAuB;AACvB,yCAAsB;AACtB,gEAA6C;AAC7C,iDAA8B;AAC9B,oDAAiC;AACjC,qDAAkC;AAClC,mDAAgC;AAChC,uDAAoC;AACpC,0DAAuC;AACvC,mDAAgC;AAChC,2DAAwC;AACxC,yCAAsB;AACtB,6CAA0B;AAC1B,6CAA0B;AAC1B,4DAAyC;AACzC,sDAAmC;AACnC,4CAAyB;AACzB,4CAAyB;AACzB,4CAAyB;AACzB,8CAA2B;AAC3B,oDAAiC;AACjC,yCAAsB;AACtB,mDAAgC;AAChC,iEAA8C;AAC9C,sDAAmC;AACnC,iDAA8B;AAC9B,2DAAwC;AACxC,4DAAyC;AACzC,+CAA4B;AAC5B,sDAAmC;AACnC,2CAAwB;AACxB,+CAA4B;AAC5B,wDAAqC;AACrC,yCAAsB;AACtB,kDAA+B;AAC/B,6CAA0B;AAC1B,kDAA+B;AAC/B,qDAAkC;AAClC,6CAA0B;AAC1B,4CAAyB;AACzB,2CAAwB;AACxB,iDAA8B;AAC9B,6CAA0B;AAC1B,mDAAgC;AAChC,oDAAiC;AACjC,mDAAgC;AAChC,4CAAyB;AACzB,oDAAiC;AACjC,uDAAoC;AACpC,sDAAmC;AACnC,6DAA0C;AAC1C,+DAA4C;AAC5C,uDAAoC;AACpC,+DAA4C;AAC5C,uDAAoC;AACpC,uDAAoC;AACpC,oDAAiC;AACjC,oEAAiD;AACjD,yDAAsC;AACtC,6CAA0B;AAC1B,yCAAsB;AACtB,+CAA4B;AAC5B,mDAAgC;AAChC,+CAA4B;AAC5B,mDAAgC;AAChC,iDAA8B;AAC9B,gDAA6B;AAC7B,iDAA8B;AAC9B,uDAAoC;AACpC,4CAAyB;AACzB,sDAAmC;AACnC,0CAAuB;AACvB,uDAAoC;AACpC,4CAAyB;AACzB,gDAA6B;AAC7B,wDAAqC;AACrC,kDAA+B;AAC/B,oDAAiC;AACjC,iEAA8C;AAC9C,8CAA2B;AAC3B,8CAA2B;AAC3B,+CAA4B;AAC5B,2DAAwC;AACxC,kDAA+B;AAC/B,iDAA8B;AAC9B,yDAAsC;AACtC,iDAA8B;AAC9B,+CAA4B;AAC5B,iDAA8B;AAC9B,8CAA2B;AAC3B,4CAAyB;AACzB,gDAA6B;AAC7B,kDAA+B;AAC/B,kDAA+B;AAC/B,kDAA+B;AAC/B,4CAAyB;AACzB,mDAAgC;AAChC,sDAAmC;AACnC,gDAA6B;AAC7B,8CAA2B;AAC3B,qDAAkC;AAClC,qDAAkC;AAClC,oDAAiC;AACjC,6CAA0B;AAC1B,4CAAyB;AACzB,8CAA2B;AAC3B,yDAAsC;AACtC,oDAAiC;AACjC,+CAA4B;AAC5B,+DAA4C;AAC5C,qDAAkC;AAClC,4CAAyB;AACzB,sDAAmC;AACnC,sDAAmC;AACnC,qDAAkC;AAClC,6DAA0C;AAC1C,mDAAgC;AAChC,wCAAqB;AACrB,gEAA6C;AAC7C,mDAAgC;AAChC,mDAAgC;AAChC,kDAA+B;AAC/B,qEAAkD;AAClD,2DAAwC;AACxC,qDAAkC;AAClC,gEAA6C;AAC7C,wEAAqD;AACrD,sDAAmC;AACnC,yDAAsC;AACtC,wDAAqC;AACrC,0DAAuC;AACvC,gEAA6C;AAC7C,sDAAmC;AACnC,uDAAoC;AACpC,+DAA4C;AAC5C,iEAA8C;AAC9C,yDAAsC;AACtC,iEAA8C;AAC9C,yDAAsC;AACtC,qDAAkC;AAClC,yDAAsC;AACtC,yDAAsC;AACtC,wDAAqC;AACrC,8DAA2C;AAC3C,uDAAoC;AACpC,sDAAmC;AACnC,qDAAkC;AAClC,0DAAuC;AACvC,8CAA2B;AAC3B,uDAAoC;AACpC,yCAAsB;AACtB,gDAA6B;AAC7B,4CAAyB;AACzB,2DAAwC;AACxC,4CAAyB;AACzB,gDAA6B;AAC7B,+CAA4B;AAC5B,mDAAgC;AAChC,+CAA4B;AAC5B,uDAAoC;AACpC,2DAAwC;AACxC,0CAAuB;AACvB,iDAA8B;AAC9B,8CAA2B;AAC3B,4CAAyB;AACzB,iDAA8B;AAC9B,qDAAkC;AAClC,8CAA2B;AAC3B,6CAA0B;AAC1B,0CAAuB;AACvB,4CAAyB;AACzB,mDAAgC;AAChC,mDAAgC;AAChC,gDAA6B;AAC7B,4DAAyC;AACzC,wDAAqC;AACrC,kDAA+B;AAC/B,2DAAwC;AACxC,2CAAwB;AACxB,yDAAsC;AACtC,4CAAyB;AACzB,gDAA6B;AAC7B,qDAAkC;AAClC,oDAAiC;AACjC,qDAAkC;AAClC,uDAAoC;AACpC,uDAAoC;AACpC,+CAA4B;AAC5B,0CAAuB;AACvB,yCAAsB;AACtB,sDAAmC;AACnC,mDAAgC;AAChC,0DAAuC;AACvC,4CAAyB;AACzB,+CAA4B;AAC5B,kDAA+B;AAC/B,4CAAyB;AACzB,4CAAyB;AACzB,gDAA6B;AAC7B,8DAA2C;AAC3C,sDAAmC;AACnC,kDAA+B;AAC/B,qDAAkC;AAClC,+CAA4B;AAC5B,8CAA2B;AAC3B,kDAA+B;AAC/B,qDAAkC;AAClC,4CAAyB;AACzB,kDAA+B;AAC/B,qDAAkC;AAClC,mDAAgC;AAChC,kDAA+B;AAC/B,+CAA4B;AAC5B,wCAAqB;AACrB,iDAA8B;AAC9B,4CAAyB;AACzB,+CAA4B;AAC5B,8CAA2B;AAC3B,kDAA+B;AAC/B,kDAA+B;AAC/B,mDAAgC;AAChC,qDAAkC;AAClC,yCAAsB;AACtB,yCAAsB;AACtB,2DAAwC;AACxC,8CAA2B;AAC3B,iDAA8B;AAC9B,iDAA8B;AAC9B,0CAAuB;AACvB,gDAA6B;AAC7B,sDAAmC;AACnC,wCAAqB;AACrB,iDAA8B;AAC9B,6CAA0B;AAC1B,iDAA8B;AAC9B,4CAAyB;AACzB,wCAAqB;AACrB,yCAAsB;AACtB,4CAAyB;AACzB,qDAAkC;AAClC,qDAAkC;AAClC,0CAAuB;AACvB,+CAA4B;AAC5B,6CAA0B","sourcesContent":["import { AccessLog } from './AccessLog'\nimport { Article } from './Article'\nimport { Classification } from './Classification'\nimport { Document } from './Document'\nimport { HealthElement } from './HealthElement'\nimport { Invoice } from './Invoice'\nimport { Form } from './Form'\nimport { Contact } from './Contact'\nimport { CalendarItem } from './CalendarItem'\nimport { MaintenanceTask } from './MaintenanceTask'\nimport { Message } from './Message'\nimport { Receipt } from './Receipt'\nimport { Patient } from './Patient'\nimport { Delegation } from './Delegation'\nimport { SecurityMetadata } from './SecurityMetadata'\nimport { IcureStub } from './IcureStub'\nimport { Topic } from './Topic'\n\nexport * from './AbstractFilterCode'\nexport * from './AbstractFilterContact'\nexport * from './AbstractFilterDevice'\nexport * from './AbstractFilterHealthElement'\nexport * from './AbstractFilterHealthcareParty'\nexport * from './AbstractFilterInvoice'\nexport * from './AbstractFilterMaintenanceTask'\nexport * from './AbstractFilterPatient'\nexport * from './AbstractFilterService'\nexport * from './AbstractFilterUser'\nexport * from './AccessLog'\nexport * from './AddedDocument'\nexport * from './Address'\nexport * from './AdministrationQuantity'\nexport * from './Agenda'\nexport * from './AgreementAppendix'\nexport * from './Amp'\nexport * from './AmpComponent'\nexport * from './Ampp'\nexport * from './AmppComponent'\nexport * from './Annotation'\nexport * from './ApplicationSettings'\nexport * from './AppointmentTypeAndPlace'\nexport * from './Article'\nexport * from './Atc'\nexport * from './AttachmentMetadata'\nexport * from './AuthenticationResponse'\nexport * from './AuthenticationToken'\nexport * from './Basic'\nexport * from './Body'\nexport * from './BulkAttachmentUpdateOptions'\nexport * from './CalendarItem'\nexport * from './CalendarItemTag'\nexport * from './CalendarItemType'\nexport * from './CareTeamMember'\nexport * from './CareTeamMembership'\nexport * from './CheckSMFPatientResult'\nexport * from './Classification'\nexport * from './ClassificationTemplate'\nexport * from './Code'\nexport * from './CodeStub'\nexport * from './CodeType'\nexport * from './CommentedClassification'\nexport * from './Commercialization'\nexport * from './Company'\nexport * from './Contact'\nexport * from './Content'\nexport * from './Copayment'\nexport * from './CryptoActorStub'\nexport * from './Data'\nexport * from './DataAttachment'\nexport * from './DataOwnerRegistrationSuccess'\nexport * from './DataOwnerWithType'\nexport * from './DatabaseInfo'\nexport * from './DatabaseInitialisation'\nexport * from './DatabaseSynchronization'\nexport * from './Delegation'\nexport * from './DeletedAttachment'\nexport * from './Device'\nexport * from './DeviceType'\nexport * from './DiaryNoteExportInfo'\nexport * from './Dmpp'\nexport * from './DocIdentifier'\nexport * from './Document'\nexport * from './DocumentGroup'\nexport * from './DocumentTemplate'\nexport * from './Duration'\nexport * from './EIDItem'\nexport * from './Editor'\nexport * from './EfactInvoice'\nexport * from './Employer'\nexport * from './EmploymentInfo'\nexport * from './EntityReference'\nexport * from './EntityTemplate'\nexport * from './Episode'\nexport * from './FilterChainCode'\nexport * from './FilterChainContact'\nexport * from './FilterChainDevice'\nexport * from './FilterChainHealthElement'\nexport * from './FilterChainHealthcareParty'\nexport * from './FilterChainInvoice'\nexport * from './FilterChainMaintenanceTask'\nexport * from './FilterChainPatient'\nexport * from './FilterChainService'\nexport * from './FilterChainUser'\nexport * from './FinancialInstitutionInformation'\nexport * from './FlatRateTarification'\nexport * from './FlowItem'\nexport * from './Form'\nexport * from './FormColumn'\nexport * from './FormDataOption'\nexport * from './FormLayout'\nexport * from './FormLayoutData'\nexport * from './FormPlanning'\nexport * from './FormSection'\nexport * from './FormTemplate'\nexport * from './FormTemplateLayout'\nexport * from './Formula'\nexport * from './FrontEndMigration'\nexport * from './Group'\nexport * from './GroupDatabasesInfo'\nexport * from './GuiCode'\nexport * from './GuiCodeType'\nexport * from './GroupDeletionReport'\nexport * from './HealthElement'\nexport * from './HealthcareParty'\nexport * from './HealthcarePartyHistoryStatus'\nexport * from './IcureStub'\nexport * from './IdWithRev'\nexport * from './Identifier'\nexport * from './IdentityDocumentReader'\nexport * from './ImportMapping'\nexport * from './ImportResult'\nexport * from './IncapacityExportInfo'\nexport * from './IndexingInfo'\nexport * from './Ingredient'\nexport * from './Insurability'\nexport * from './Insurance'\nexport * from './Invoice'\nexport * from './InvoiceItem'\nexport * from './InvoiceSender'\nexport * from './InvoicesBatch'\nexport * from './InvoicingCode'\nexport * from './Keyword'\nexport * from './KeywordSubword'\nexport * from './LabelledOccurence'\nexport * from './LetterValue'\nexport * from './ListOfIds'\nexport * from './ListOfProperties'\nexport * from './LoginCredentials'\nexport * from './MaintenanceTask'\nexport * from './MapOfIds'\nexport * from './Measure'\nexport * from './MedexInfo'\nexport * from './MedicalHouseContract'\nexport * from './MedicalLocation'\nexport * from './Medication'\nexport * from './MedicationSchemeExportInfo'\nexport * from './Medicinalproduct'\nexport * from './Message'\nexport * from './MessageAttachment'\nexport * from './MessageReadStatus'\nexport * from './MessageWithBatch'\nexport * from './MessagesReadStatusUpdate'\nexport * from './MimeAttachment'\nexport * from './Nmp'\nexport * from './NoGenericPrescriptionReason'\nexport * from './NoSwitchReason'\nexport * from './NumeratorRange'\nexport * from './PackagingType'\nexport * from './PaginatedDocumentKeyIdPairObject'\nexport * from './PaginatedListAccessLog'\nexport * from './PaginatedListAmp'\nexport * from './PaginatedListClassification'\nexport * from './PaginatedListClassificationTemplate'\nexport * from './PaginatedListCode'\nexport * from './PaginatedListContact'\nexport * from './PaginatedListDevice'\nexport * from './PaginatedListDocument'\nexport * from './PaginatedListEntityTemplate'\nexport * from './PaginatedListForm'\nexport * from './PaginatedListGroup'\nexport * from './PaginatedListHealthElement'\nexport * from './PaginatedListHealthcareParty'\nexport * from './PaginatedListInvoice'\nexport * from './PaginatedListMaintenanceTask'\nexport * from './PaginatedListMessage'\nexport * from './PaginatedListNmp'\nexport * from './PaginatedListPatient'\nexport * from './PaginatedListService'\nexport * from './PaginatedListString'\nexport * from './PaginatedListTarification'\nexport * from './PaginatedListTopic'\nexport * from './PaginatedListUser'\nexport * from './PaginatedListVmp'\nexport * from './PaginatedListVmpGroup'\nexport * from './Paragraph'\nexport * from './ParagraphAgreement'\nexport * from './Part'\nexport * from './Partnership'\nexport * from './Patient'\nexport * from './PatientHealthCareParty'\nexport * from './Payment'\nexport * from './Periodicity'\nexport * from './Permission'\nexport * from './PermissionItem'\nexport * from './PersonName'\nexport * from './PharmaceuticalForm'\nexport * from './PharmaceuticalFormStub'\nexport * from './Place'\nexport * from './PlanOfAction'\nexport * from './Predicate'\nexport * from './Pricing'\nexport * from './PropertyStub'\nexport * from './PropertyTypeStub'\nexport * from './PublicKey'\nexport * from './Quantity'\nexport * from './Range'\nexport * from './Receipt'\nexport * from './ReferenceRange'\nexport * from './ReferralPeriod'\nexport * from './RegimenItem'\nexport * from './RegistrationInformation'\nexport * from './RegistrationSuccess'\nexport * from './Reimbursement'\nexport * from './ReimbursementCriterion'\nexport * from './Remote'\nexport * from './RemoteAuthentication'\nexport * from './Renewal'\nexport * from './Replication'\nexport * from './ReplicateCommand'\nexport * from './ReplicationInfo'\nexport * from './ReplicationStats'\nexport * from './ReplicatorDocument'\nexport * from './ReplicatorResponse'\nexport * from './ResultInfo'\nexport * from './Right'\nexport * from './Role'\nexport * from './RoleConfiguration'\nexport * from './RoleSourceEnum'\nexport * from './RouteOfAdministration'\nexport * from './SamText'\nexport * from './SamVersion'\nexport * from './SchoolingInfo'\nexport * from './Section'\nexport * from './Service'\nexport * from './ServiceLink'\nexport * from './SoftwareMedicalFileExport'\nexport * from './StandardSubstance'\nexport * from './StrengthRange'\nexport * from './StructureElement'\nexport * from './SubContact'\nexport * from './Substance'\nexport * from './SubstanceStub'\nexport * from './Substanceproduct'\nexport * from './Suggest'\nexport * from './SumehrContent'\nexport * from './SumehrExportInfo'\nexport * from './SumehrValidity'\nexport * from './SupplyProblem'\nexport * from './Suspension'\nexport * from './Tag'\nexport * from './Tarification'\nexport * from './Telecom'\nexport * from './TimeSeries'\nexport * from './TimeTable'\nexport * from './TimeTableHour'\nexport * from './TimeTableItem'\nexport * from './TokenWithGroup'\nexport * from './TypedValueObject'\nexport * from './Unit'\nexport * from './User'\nexport * from './UserAndHealthcareParty'\nexport * from './UserGroup'\nexport * from './UserTypeEnum'\nexport * from './Valorisation'\nexport * from './Verse'\nexport * from './VirtualForm'\nexport * from './VirtualIngredient'\nexport * from './Vmp'\nexport * from './VmpComponent'\nexport * from './VmpGroup'\nexport * from './VmpGroupStub'\nexport * from './VmpStub'\nexport * from './Vtm'\nexport * from './Wada'\nexport * from './Weekday'\nexport * from './SecurityMetadata'\nexport * from './SecureDelegation'\nexport * from './Topic'\nexport * from './Connection'\nexport * from './ISO639_1'\n\nexport type EncryptedEntity =\n | AccessLog\n | Article\n | CalendarItem\n | Classification\n | Contact\n | Document\n | Form\n | HealthElement\n | Invoice\n | MaintenanceTask\n | Message\n | Patient\n | Receipt\n | Topic\n\nexport type EncryptedEntityStub =\n | {\n // When changing remember to also update icc-x-api/crypto/utils/encryptedStubEquals\n id?: string\n secretForeignKeys?: Array<string>\n cryptedForeignKeys?: { [key: string]: Delegation[] }\n delegations?: { [key: string]: Delegation[] }\n encryptionKeys?: { [key: string]: Delegation[] }\n encryptedSelf?: string\n securityMetadata?: SecurityMetadata\n }\n | IcureStub\n\nexport type EncryptedParentEntity = Message | Patient\n"]}
@@ -15,6 +15,7 @@ const utils_2 = require("../utils");
15
15
  const lru_temporised_async_cache_1 = require("../utils/lru-temporised-async-cache");
16
16
  const EntityWithDelegationTypeName_1 = require("../utils/EntityWithDelegationTypeName");
17
17
  const CryptoActorStub_1 = require("../../icc-api/model/CryptoActorStub");
18
+ const RSA_1 = require("./RSA");
18
19
  /**
19
20
  * @internal this function is for internal use only and may be changed without notice.
20
21
  * Initialises and returns the exchange data manager which is most appropriate for the current data owner.
@@ -94,10 +95,10 @@ class AbstractExchangeDataManager {
94
95
  throw new Error(`Could not create exchange data to ${delegateId} as no public key for the delegate could be verified.`);
95
96
  for (const delegateKey of allVerifiedDelegateKeys) {
96
97
  if (sha1KeysOfDelegate.has(delegateKey)) {
97
- encryptionKeys[(0, utils_1.fingerprintV1)(delegateKey)] = yield this.primitives.RSA.importKey('spki', (0, utils_2.hex2ua)(delegateKey), ['encrypt'], 'sha-1');
98
+ encryptionKeys[(0, utils_1.fingerprintV1)(delegateKey)] = yield this.primitives.RSA.importKey('spki', (0, utils_2.hex2ua)(delegateKey), ['encrypt'], RSA_1.ShaVersion.Sha1);
98
99
  }
99
100
  else if (sha256KeysOfDelegate.has(delegateKey)) {
100
- encryptionKeys[(0, utils_1.fingerprintV1)(delegateKey)] = yield this.primitives.RSA.importKey('spki', (0, utils_2.hex2ua)(delegateKey), ['encrypt'], 'sha-256');
101
+ encryptionKeys[(0, utils_1.fingerprintV1)(delegateKey)] = yield this.primitives.RSA.importKey('spki', (0, utils_2.hex2ua)(delegateKey), ['encrypt'], RSA_1.ShaVersion.Sha256);
101
102
  }
102
103
  else
103
104
  throw new Error('Illegal state: verified keys should contain only keys for OAPE-SHA1 or OAPE-SHA256.');
@@ -1 +1 @@
1
- {"version":3,"file":"ExchangeDataManager.js","sourceRoot":"","sources":["../../../icc-x-api/crypto/ExchangeDataManager.ts"],"names":[],"mappings":";;;;;;;;;;;;AAOA,mCAAgH;AAEhH,oCAAyC;AACzC,oFAA6E;AAC7E,wFAAmH;AACnH,yEAA6E;AAO7E;;;GAGG;AACH,SAAsB,gDAAgD,CACpE,IAA6B,EAC7B,cAAyC,EACzC,aAAuC,EACvC,mBAA6C,EAC7C,gBAAkC,EAClC,YAA8B,EAC9B,UAA4B,EAC5B,aAAsB,EACtB,qBAA4D,EAAE;;QAE9D,MAAM,YAAY,GAAG,yCAAuB,CAAC,aAAa,CAAC,MAAM,YAAY,CAAC,mBAAmB,EAAE,CAAC,CAAA;QACpG,IAAI,gBAAgB,CAAC,oCAAoC,CAAC,YAAY,CAAC,EAAE;YACvE,MAAM,GAAG,GAAG,IAAI,8BAA8B,CAC5C,IAAI,EACJ,cAAc,EACd,aAAa,EACb,mBAAmB,EACnB,gBAAgB,EAChB,YAAY,EACZ,UAAU,EACV,aAAa,CACd,CAAA;YACD,MAAM,GAAG,CAAC,sBAAsB,EAAE,CAAA;YAClC,OAAO,GAAG,CAAA;SACX;aAAM;YACL,OAAO,IAAI,kCAAkC,CAC3C,IAAI,EACJ,cAAc,EACd,aAAa,EACb,mBAAmB,EACnB,gBAAgB,EAChB,YAAY,EACZ,UAAU,EACV,aAAa,EACb,kBAAkB,CACnB,CAAA;SACF;IACH,CAAC;CAAA;AAtCD,4GAsCC;AAqGD,MAAe,2BAA2B;IACxC,YACW,IAA6B,EACnB,cAAyC,EACzC,aAAuC,EACvC,mBAA6C,EAC7C,gBAAkC,EAClC,YAA8B,EAC9B,UAA4B,EAC9B,aAAsB;QAP9B,SAAI,GAAJ,IAAI,CAAyB;QACnB,mBAAc,GAAd,cAAc,CAA2B;QACzC,kBAAa,GAAb,aAAa,CAA0B;QACvC,wBAAmB,GAAnB,mBAAmB,CAA0B;QAC7C,qBAAgB,GAAhB,gBAAgB,CAAkB;QAClC,iBAAY,GAAZ,YAAY,CAAkB;QAC9B,eAAU,GAAV,UAAU,CAAkB;QAC9B,kBAAa,GAAb,aAAa,CAAS;IACtC,CAAC;IAEY,WAAW,CAAC,IAAkB;;YAQ5C,MAAM,cAAc,GAAG,IAAI,CAAC,cAAc,CAAC,iBAAiB,EAAE,CAAA;YAC9D,MAAM,oBAAoB,GAAG,CAAC,MAAM,IAAI,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC,IAAI,CAAC,EAAE,cAAc,CAAC,CAAC,CAAC,qBAAqB,CAAC,CAAC,CAAC,CAAA;YACtH,IAAI,CAAC,oBAAoB;gBAAE,OAAO,SAAS,CAAA;YAC3C,MAAM,4BAA4B,GAAG,CAAC,MAAM,IAAI,CAAC,IAAI,CAAC,6BAA6B,CAAC,CAAC,IAAI,CAAC,EAAE,cAAc,CAAC,CAAC,CAAC,qBAAqB,CAAC,CAAC,CAAC,CAAA;YACrI,IAAI,CAAC,4BAA4B;gBAC/B,MAAM,IAAI,KAAK,CAAC,kFAAkF,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;YAC3H,MAAM,2BAA2B,GAAG,CAAC,MAAM,IAAI,CAAC,IAAI,CAAC,6BAA6B,CAAC,CAAC,IAAI,CAAC,EAAE,cAAc,CAAC,CAAC,CAAC,qBAAqB,CAAC,CAAC,CAAC,CAAA;YACpI,IAAI,CAAC,2BAA2B;gBAC9B,MAAM,IAAI,KAAK,CAAC,iFAAiF,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;YAC1H,OAAO;gBACL,mBAAmB,EAAE,4BAA4B;gBACjD,WAAW,EAAE,oBAAoB;gBACjC,QAAQ,EAAE,MAAM,IAAI,CAAC,IAAI,CAAC,kBAAkB,CAC1C;oBACE,YAAY,EAAE,IAAI;oBAClB,4BAA4B;oBAC5B,oBAAoB;oBACpB,2BAA2B;iBAC5B,EACD,CAAC,EAAE,EAAE,EAAE,CAAC,IAAI,CAAC,aAAa,CAAC,2BAA2B,CAAC,EAAE,CAAC,EAC1D,IAAI,CACL;aACF,CAAA;QACH,CAAC;KAAA;IAEe,qBAAqB,CACnC,UAAkB,EAClB,OAGC;;YAED,MAAM,cAAc,GAAgC,EAAE,CAAA;YACtD,IAAI,CAAC,cAAc,CAAC,mBAAmB,EAAE,CAAC,OAAO,CAAC,CAAC,EAAE,WAAW,EAAE,IAAI,EAAE,EAAE,EAAE;gBAC1E,cAAc,CAAC,WAAW,CAAC,GAAG,IAAI,CAAC,SAAS,CAAA;YAC9C,CAAC,CAAC,CAAA;YACF,IAAI,UAAU,IAAI,CAAC,MAAM,IAAI,CAAC,YAAY,CAAC,qBAAqB,EAAE,CAAC,EAAE;gBACnE,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,kBAAkB,CAAC,UAAU,CAAC,CAAA;gBACvE,MAAM,oBAAoB,GAAG,IAAA,iCAAyB,EAAC,QAAQ,CAAC,IAAI,CAAC,CAAA;gBACrE,MAAM,kBAAkB,GAAG,IAAA,+BAAuB,EAAC,QAAQ,CAAC,IAAI,CAAC,CAAA;gBACjE,IAAI,uBAAiC,CAAA;gBACrC,IAAI,CAAC,oBAAoB,CAAC,IAAI,IAAI,CAAC,kBAAkB,CAAC,IAAI,EAAE;oBAC1D,IAAI,CAAC,OAAO,CAAC,mBAAmB;wBAC9B,MAAM,IAAI,KAAK,CAAC,qCAAqC,UAAU,+CAA+C,CAAC,CAAA;oBACjH,uBAAuB,GAAG,EAAE,CAAA;iBAC7B;qBAAM,IAAI,IAAI,CAAC,aAAa,IAAI,CAAC,MAAM,IAAI,CAAC,YAAY,CAAC,+BAA+B,EAAE,CAAC,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE;oBACjH,uBAAuB,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,wBAAwB,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAA;iBAC5F;qBAAM;oBACL,uBAAuB,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,wBAAwB,CAC5E,QAAQ,EACR,CAAC,GAAG,KAAK,CAAC,IAAI,CAAC,oBAAoB,CAAC,EAAE,GAAG,KAAK,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC,EACxE,IAAI,CAAC,UAAU,CAChB,CAAA;iBACF;gBACD,IAAI,CAAC,uBAAuB,CAAC,MAAM,IAAI,CAAC,OAAO,CAAC,mBAAmB;oBACjE,MAAM,IAAI,KAAK,CAAC,qCAAqC,UAAU,uDAAuD,CAAC,CAAA;gBACzH,KAAK,MAAM,WAAW,IAAI,uBAAuB,EAAE;oBACjD,IAAI,kBAAkB,CAAC,GAAG,CAAC,WAAW,CAAC,EAAE;wBACvC,cAAc,CAAC,IAAA,qBAAa,EAAC,WAAW,CAAC,CAAC,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,SAAS,CAAC,MAAM,EAAE,IAAA,cAAM,EAAC,WAAW,CAAC,EAAE,CAAC,SAAS,CAAC,EAAE,OAAO,CAAC,CAAA;qBACpI;yBAAM,IAAI,oBAAoB,CAAC,GAAG,CAAC,WAAW,CAAC,EAAE;wBAChD,cAAc,CAAC,IAAA,qBAAa,EAAC,WAAW,CAAC,CAAC,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,SAAS,CAAC,MAAM,EAAE,IAAA,cAAM,EAAC,WAAW,CAAC,EAAE,CAAC,SAAS,CAAC,EAAE,SAAS,CAAC,CAAA;qBACtI;;wBAAM,MAAM,IAAI,KAAK,CAAC,qFAAqF,CAAC,CAAA;iBAC9G;aACF;YACD,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,2BAA2B,EAAE,CAAA;YAC3E,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,kBAAkB,CAChD,UAAU,EACV,EAAE,CAAC,YAAY,CAAC,WAAW,CAAC,EAAE,YAAY,CAAC,OAAO,CAAC,UAAU,EAAE,EAC/D,cAAc,EACd,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,EAAE,EAAE,OAAO,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC,EAAE,CACnD,CAAA;YACD,OAAO;gBACL,YAAY,EAAE,OAAO,CAAC,YAAY;gBAClC,mBAAmB,EAAE,OAAO,CAAC,mBAAmB;gBAChD,WAAW,EAAE,OAAO,CAAC,WAAW;aACjC,CAAA;QACH,CAAC;KAAA;IAEK,gBAAgB,CAAC,cAAsB,EAAE,qBAA6B;;YAC1E,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,qBAAqB,EAAE,CAAA;YAC5D,MAAM,QAAQ,GAAG,IAAA,qBAAa,EAAC,qBAAqB,CAAC,CAAA;YACrD,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,kBAAkB,CAAC,cAAc,CAAC,CAAA;YACxE,MAAM,iBAAiB,GAAG,IAAA,2BAAmB,EAAC,KAAK,CAAC,IAAI,EAAE,qBAAqB,CAAC,CAAA;YAChF,IAAI,CAAC,iBAAiB;gBAAE,MAAM,IAAI,KAAK,CAAC,uCAAuC,cAAc,EAAE,CAAC,CAAA;YAChG,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,SAAS,CAAC,MAAM,EAAE,IAAA,cAAM,EAAC,qBAAqB,CAAC,EAAE,CAAC,SAAS,CAAC,EAAE,iBAAiB,CAAC,CAAA;YACjI,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,2BAA2B,EAAE,CAAA;YAC3E,MAAM,cAAc,GAAG,IAAI,CAAC,cAAc,CAAC,iBAAiB,EAAE,CAAA;YAC9D,MAAM,uBAAuB,GAC3B,IAAI,IAAI,cAAc;gBACpB,CAAC,CAAC,MAAM,IAAI,CAAC,IAAI,CAAC,sCAAsC,CAAC,IAAI,EAAE,IAAI,CAAC;gBACpE,CAAC,CAAC;oBACE,GAAG,CAAC,MAAM,IAAI,CAAC,IAAI,CAAC,sCAAsC,CAAC,IAAI,EAAE,cAAc,CAAC,CAAC;oBACjF,GAAG,CAAC,MAAM,IAAI,CAAC,IAAI,CAAC,sCAAsC,CAAC,cAAc,EAAE,IAAI,CAAC,CAAC;iBAClF,CAAA;YACP,KAAK,MAAM,YAAY,IAAI,uBAAuB,EAAE;gBAClD,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,WAAW,CAAC,CAAC,IAAI,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,IAAI,QAAQ,CAAC,EAAE;oBACvE,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,qBAAqB,CAAC,YAAY,EAAE,cAAc,EAAE,EAAE,CAAC,QAAQ,CAAC,EAAE,cAAc,EAAE,CAAC,CAAA;oBACnH,IAAI,CAAC,OAAO,EAAE;wBACZ,OAAO,CAAC,IAAI,CAAC,gDAAgD,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC,EAAE,CAAC,CAAA;qBAC7F;iBACF;aACF;QACH,CAAC;KAAA;IAED,sBAAsB;QACpB,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAA;IAClD,CAAC;IAED,2BAA2B,CACzB,UAAkB,EAClB,UAAoD,EACpD,uBAA6C,EAC7C,+BAAwC;QAExC,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAA;IAClD,CAAC;IAED,6CAA6C,CAC3C,MAAgB,EAChB,UAAwC,EACxC,uBAAiC;QAEjC,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAA;IAClD,CAAC;IAED,wBAAwB,CACtB,EAAU,EACV,UAAoD,EACpD,uBAA6C,EAC7C,mBAA4B;QAE5B,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAA;IAClD,CAAC;IAED,yBAAyB,CAAC,UAAwC;QAChE,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAA;IAClD,CAAC;IAED,oBAAoB,CAAC,UAAwC;QAC3D,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAA;IAClD,CAAC;CACF;AAED,MAAM,8BAA+B,SAAQ,2BAA2B;IAAxE;;QACU,WAAM,GAKT,OAAO,CAAC,OAAO,CAAC,EAAE,QAAQ,EAAE,EAAE,EAAE,QAAQ,EAAE,IAAI,GAAG,EAAE,EAAE,kCAAkC,EAAE,EAAE,EAAE,kCAAkC,EAAE,EAAE,EAAE,CAAC,CAAA;IA8K7I,CAAC;IA5KO,sBAAsB;;YAC1B,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC,iBAAiB,EAAE,CAAA;YACtC,MAAM,IAAI,CAAC,MAAM,CAAA;QACnB,CAAC;KAAA;IAEK,6CAA6C,CACjD,MAAgB,EAChB,UAAwC,EACxC,uBAAiC;;YAEjC,SAAS,0BAA0B,CAAC,MAInC;gBACC,OAAO,MAAM,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE;oBACjC,MAAM,EAAE,GAAG,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,CAAA;oBACpC,IAAI,EAAE,EAAE;wBACN,MAAM,MAAM,GAAG,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAA;wBAClC,IAAI,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,SAAS,EAAE;4BACrB,GAAG,CAAC,IAAI,CAAC,GAAG;gCACV,YAAY,EAAE,MAAM,CAAC,YAAY;gCACjC,WAAW,EAAE,MAAM,CAAC,SAAS,CAAC,WAAW;gCACzC,mBAAmB,EAAE,MAAM,CAAC,SAAS,CAAC,mBAAmB;6BAC1D,CAAA;yBACF;qBACF;oBACD,OAAO,GAAG,CAAA;gBACZ,CAAC,EAAE,EAA6G,CAAC,CAAA;YACnH,CAAC;YAED,MAAM,wBAAwB,GAAG,0BAA0B,CAAC,MAAM,IAAI,CAAC,MAAM,CAAC,CAAA;YAC9E,IAAI,MAAM,CAAC,IAAI,CAAC,wBAAwB,CAAC,CAAC,MAAM,EAAE;gBAChD,OAAO,wBAAwB,CAAA;aAChC;iBAAM;gBACL,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAO,MAAM,EAAE,EAAE;oBAC9C,KAAK,MAAM,QAAQ,IAAI,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,EAAE;wBACrD,IAAI,QAAQ,CAAC,SAAS,EAAE;4BACtB,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,uBAAuB,CAC3E,QAAQ,CAAC,SAAS,CAAC,mBAAmB,EACtC,UAAU,EACV,uBAAuB,CACxB,CAAA;4BACD,cAAc,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,EAAE,QAAQ,CAAC,YAAY,CAAC,EAAG,CAAC,CAAC,CAAA;yBACvF;qBACF;oBACD,OAAO,MAAM,CAAA;gBACf,CAAC,CAAA,CAAC,CAAA;gBACF,OAAO,0BAA0B,CAAC,MAAM,IAAI,CAAC,MAAM,CAAC,CAAA;aACrD;QACH,CAAC;KAAA;IAEK,2BAA2B,CAC/B,UAAkB,EAClB,UAAoD,EACpD,uBAA6C,EAC7C,+BAAwC;;YAExC,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAA;YAChC,MAAM,MAAM,GAAG,MAAM,CAAC,kCAAkC,CAAC,UAAU,CAAC,CAAA;YACpE,MAAM,MAAM,GAAG,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,SAAS,CAAA;YAC3D,IAAI,MAAM,KAAI,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,SAAS,CAAA,EAAE;gBAC/B,OAAO;oBACL,YAAY,EAAE,MAAM,CAAC,YAAY;oBACjC,mBAAmB,EAAE,MAAM,CAAC,SAAS,CAAC,mBAAmB;oBACzD,WAAW,EAAE,MAAM,CAAC,SAAS,CAAC,WAAW;iBAC1C,CAAA;aACF;YACD,wFAAwF;YACxF,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,qBAAqB,CAAC,UAAU,EAAE,EAAE,mBAAmB,EAAE,+BAA+B,EAAE,CAAC,CAAA;YACtH,IAAI,CAAC,SAAS,CACZ,OAAO,CAAC,YAAY,EACpB,IAAI,EACJ,EAAE,mBAAmB,EAAE,OAAO,CAAC,mBAAmB,EAAE,WAAW,EAAE,OAAO,CAAC,WAAW,EAAE,QAAQ,EAAE,IAAI,EAAE,EACtG,UAAU,EACV,uBAAuB,CACxB,CAAA;YACD,OAAO,OAAO,CAAA;QAChB,CAAC;KAAA;IAEK,wBAAwB,CAC5B,EAAU,EACV,UAAoD,EACpD,uBAA6C,EAC7C,mBAA4B;;;YAE5B,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAA;YAChC,MAAM,UAAU,GAAG,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAA;YACtC,IAAI,UAAU,EAAE;gBACd,OAAO;oBACL,YAAY,EAAE,UAAU,CAAC,YAAY;oBACrC,WAAW,EAAE,MAAA,UAAU,CAAC,SAAS,0CAAE,WAAW;oBAC9C,mBAAmB,EAAE,MAAA,UAAU,CAAC,SAAS,0CAAE,mBAAmB;iBAC/D,CAAA;aACF;iBAAM,IAAI,mBAAmB,EAAE;gBAC9B,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,mBAAmB,CAAC,EAAE,CAAC,CAAA;gBACpD,IAAI,CAAC,IAAI;oBAAE,MAAM,IAAI,KAAK,CAAC,wCAAwC,EAAE,EAAE,CAAC,CAAA;gBACxE,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,CAAA;gBAC9C,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,KAAK,EAAE,SAAS,EAAE,UAAU,EAAE,uBAAuB,CAAC,CAAA;gBAC3E,OAAO,EAAE,YAAY,EAAE,IAAI,EAAE,WAAW,EAAE,SAAS,aAAT,SAAS,uBAAT,SAAS,CAAE,WAAW,EAAE,mBAAmB,EAAE,SAAS,aAAT,SAAS,uBAAT,SAAS,CAAE,mBAAmB,EAAE,CAAA;aACxH;;gBAAM,OAAO,SAAS,CAAA;;KACxB;IAEO,SAAS,CACf,YAA0B,EAC1B,SAAkB,EAClB,SAAiG,EACjG,UAAyC,EACzC,uBAAkC;QAElC,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAO,MAAM,EAAE,EAAE;YAC9C,MAAM,CAAC,QAAQ,CAAC,YAAY,CAAC,EAAG,CAAC,GAAG,EAAE,YAAY,EAAE,SAAS,EAAE,CAAA;YAC/D,IAAI,SAAS,EAAE;gBACb,sIAAsI;gBACtI,2DAA2D;gBAC3D,IAAI,UAAU,IAAI,uBAAuB,EAAE;oBACzC,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,uBAAuB,CAAC,SAAS,CAAC,mBAAmB,EAAE,UAAU,EAAE,uBAAuB,CAAC,CAAA;oBACzI,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,EAAE;wBACtB,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,EAAE,YAAY,CAAC,EAAG,CAAC,CAAA;oBAC7C,CAAC,CAAC,CAAA;iBACH;gBACD,IAAI,SAAS,CAAC,QAAQ,EAAE;oBACtB,MAAM,CAAC,kCAAkC,CAAC,YAAY,CAAC,QAAQ,CAAC,GAAG,YAAY,CAAC,EAAG,CAAA;iBACpF;aACF;YACD,IAAI,SAAS;gBAAE,MAAM,CAAC,kCAAkC,GAAG,EAAE,CAAA;YAC7D,OAAO,MAAM,CAAA;QACf,CAAC,CAAA,CAAC,CAAA;IACJ,CAAC;IAEa,iBAAiB;;YAM7B,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,8CAA8C,EAAE,CAAA;YAChF,IAAI,CAAC,OAAO;gBAAE,MAAM,IAAI,KAAK,CAAC,8EAA8E,CAAC,CAAA;YAC7G,MAAM,QAAQ,GAAyC,EAAE,CAAA;YACzD,MAAM,QAAQ,GAAG,IAAI,GAAG,EAAkB,CAAA;YAC1C,MAAM,kCAAkC,GAAmC,EAAE,CAAA;YAC7E,KAAK,MAAM,QAAQ,IAAI,OAAO,EAAE;gBAC9B,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAA;gBACtD,QAAQ,CAAC,QAAQ,CAAC,EAAG,CAAC,GAAG,EAAE,YAAY,EAAE,QAAQ,EAAE,SAAS,EAAE,aAAa,EAAE,CAAA;gBAC7E,IAAI,aAAa,aAAb,aAAa,uBAAb,aAAa,CAAE,QAAQ,EAAE;oBAC3B,kCAAkC,CAAC,QAAQ,CAAC,QAAQ,CAAC,GAAG,QAAQ,CAAC,EAAG,CAAA;iBACrE;aACF;YACD,MAAM,kCAAkC,GAA8D,EAAE,CAAA;YACxG,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,kCAAkC,EAAE,kCAAkC,EAAE,CAAA;QACvG,CAAC;KAAA;IAEK,yBAAyB,CAAC,UAAwC;;YACtE,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAA;YAChC,MAAM,MAAM,GAAG,MAAM,CAAC,kCAAkC,CAAC,UAAU,CAAC,CAAA;YACpE,IAAI,MAAM;gBAAE,OAAO,MAAM,CAAA;YACzB,MAAM,oBAAoB,GAAG,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,mBAAmB,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAA;YAClI,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,2BAA2B,CAAC,oBAAoB,EAAE,UAAU,CAAC,CAAA;YAC7G,MAAM,CAAC,kCAAkC,CAAC,UAAU,CAAC,GAAG,QAAQ,CAAA;YAChE,OAAO,QAAQ,CAAA;QACjB,CAAC;KAAA;IAEK,oBAAoB,CAAC,UAAwC;;YACjE,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAA;YAChC,MAAM,oBAAoB,GAAG,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,mBAAmB,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAA;YAClI,MAAM,GAAG,GAAa,EAAE,CAAA;YACxB,KAAK,MAAM,mBAAmB,IAAI,oBAAoB,EAAE;gBACtD,sIAAsI;gBACtI,GAAG,CAAC,IAAI,CAAC,MAAM,IAAI,CAAC,mBAAmB,CAAC,sBAAsB,CAAC,mBAAmB,EAAE,UAAU,EAAE,SAAS,CAAC,CAAC,CAAA;aAC5G;YACD,OAAO,GAAG,CAAA;QACZ,CAAC;KAAA;CACF;AAED,MAAM,kCAAmC,SAAQ,2BAA2B;IAK1E,YACE,IAA6B,EAC7B,cAAyC,EACzC,aAAuC,EACvC,mBAA6C,EAC7C,gBAAkC,EAClC,YAA8B,EAC9B,UAA4B,EAC5B,aAAsB,EACtB,kBAEC;;QAED,KAAK,CAAC,IAAI,EAAE,cAAc,EAAE,aAAa,EAAE,mBAAmB,EAAE,gBAAgB,EAAE,YAAY,EAAE,UAAU,EAAE,aAAa,CAAC,CAAA;QAhB3G,aAAQ,GAAwB,IAAI,GAAG,EAAE,CAAA;QACzC,uCAAkC,GAAwB,IAAI,GAAG,EAAE,CAAA;QAgBlF,IAAI,CAAC,aAAa,GAAG,IAAI,oDAAuB,CAAC,MAAA,kBAAkB,CAAC,YAAY,mCAAI,IAAI,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC,CAAA;IACrG,CAAC;IAEK,sBAAsB;;YAC1B,IAAI,CAAC,aAAa,CAAC,KAAK,CAAC,KAAK,CAAC,CAAA;YAC/B,IAAI,CAAC,QAAQ,CAAC,KAAK,EAAE,CAAA;YACrB,IAAI,CAAC,kCAAkC,CAAC,KAAK,EAAE,CAAA;QACjD,CAAC;KAAA;IAEK,6CAA6C,CACjD,MAAgB,EAChB,UAAwC,EACxC,uBAAiC;;YAEjC,MAAM,GAAG,GAAyG,EAAE,CAAA;YACpH,KAAK,MAAM,IAAI,IAAI,MAAM,EAAE;gBACzB,MAAM,MAAM,GAAG,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,CAAA;gBACtC,IAAI,MAAM,EAAE;oBACV,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,MAAM,EAAE,GAAG,EAAE;wBAC1D,MAAM,IAAI,KAAK,CAAC,gBAAgB,MAAM,mCAAmC,CAAC,CAAA;oBAC5E,CAAC,CAAC,CAAA;oBACF,IAAI,SAAS,CAAC,SAAS,EAAE;wBACvB,GAAG,CAAC,IAAI,CAAC,GAAG;4BACV,YAAY,EAAE,SAAS,CAAC,YAAY;4BACpC,WAAW,EAAE,SAAS,CAAC,SAAS,CAAC,WAAW;4BAC5C,mBAAmB,EAAE,SAAS,CAAC,SAAS,CAAC,mBAAmB;yBAC7D,CAAA;qBACF;iBACF;aACF;YACD,OAAO,GAAG,CAAA;QACZ,CAAC;KAAA;IAEa,iEAAiE,CAC7E,mBAA2B,EAC3B,UAAoD,EACpD,uBAA6C;;YAE7C,MAAM,mBAAmB,GAAG,MAAM,OAAO,CAAC,GAAG,CAC3C,CAAC,GAAG,4DAA6B,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,mBAAmB,CAAC,sBAAsB,CAAC,mBAAmB,EAAE,CAAC,EAAE,SAAS,CAAC,CAAC,CAClI,CAAA;YACD,IAAI,UAAU,KAAI,uBAAuB,aAAvB,uBAAuB,uBAAvB,uBAAuB,CAAE,MAAM,CAAA,EAAE;gBACjD,sIAAsI;gBACtI,2DAA2D;gBAC3D,OAAO;oBACL,GAAG,mBAAmB;oBACtB,GAAG,CAAC,MAAM,IAAI,CAAC,mBAAmB,CAAC,uBAAuB,CAAC,mBAAmB,EAAE,UAAU,EAAE,uBAAuB,CAAC,CAAC;iBACtH,CAAA;aACF;iBAAM;gBACL,OAAO,mBAAmB,CAAA;aAC3B;QACH,CAAC;KAAA;IAEK,wBAAwB,CAC5B,EAAU,EACV,UAAoD,EACpD,uBAA6C,EAC7C,mBAA4B;;;YAE5B,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,cAAc,CAAC,EAAE,CAAC,CAAA;YAC1D,IAAI,MAAM,EAAE;gBACV,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,GAAG,CAC1C,EAAE,EACF,CAAO,QAAQ,EAAE,EAAE;oBACjB,MAAM,QAAQ,GAAG,QAAQ,aAAR,QAAQ,cAAR,QAAQ,GAAI,MAAM,CAAC,IAAI,CAAA;oBACxC,IAAI,QAAQ,CAAC,SAAS,EAAE;wBACtB,uIAAuI;wBACvI,2DAA2D;wBAC3D,IAAI,UAAU,IAAI,uBAAuB,EAAE;4BACzC,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,uBAAuB,CACnE,QAAQ,CAAC,SAAS,CAAC,mBAAmB,EACtC,UAAU,EACV,uBAAuB,CACxB,CAAA;4BACD,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,EAAE;gCACtB,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,EAAE,QAAQ,CAAC,YAAY,CAAC,EAAG,CAAC,CAAA;4BACpD,CAAC,CAAC,CAAA;4BACF,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,MAAM,CAAC,CAAA;yBAChC;qBACF;oBACD,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,UAAU,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,EAAE,QAAQ,CAAC,EAAE,CAAA;gBACjF,CAAC,CAAA,EACD,GAAG,EAAE,CAAC,IAAI,CACX,CAAA;gBACD,OAAO;oBACL,YAAY,EAAE,OAAO,CAAC,YAAY;oBAClC,WAAW,EAAE,MAAA,OAAO,CAAC,SAAS,0CAAE,WAAW;oBAC3C,mBAAmB,EAAE,MAAA,OAAO,CAAC,SAAS,0CAAE,mBAAmB;iBAC5D,CAAA;aACF;iBAAM,IAAI,mBAAmB,EAAE;gBAC9B,OAAO,MAAM,IAAI,CAAC,aAAa;qBAC5B,GAAG,CAAC,EAAE,EAAE,GAAS,EAAE;oBAClB,OAAA,IAAI,CAAC,QAAQ,CAAC,GAAS,EAAE;wBACvB,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,mBAAmB,CAAC,EAAE,CAAC,CAAA;wBACpD,IAAI,CAAC,IAAI;4BAAE,MAAM,IAAI,KAAK,CAAC,wCAAwC,EAAE,EAAE,CAAC,CAAA;wBACxE,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,CAAA;wBAC9C,IAAI,SAAS,EAAE;4BACb,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,iEAAiE,CACzF,SAAS,CAAC,mBAAmB,EAC7B,UAAU,EACV,uBAAuB,CACxB,CAAA;4BACD,OAAO,EAAE,YAAY,EAAE,IAAI,EAAE,MAAM,EAAE,SAAS,EAAE,QAAQ,EAAE,SAAS,CAAC,QAAQ,EAAE,CAAA;yBAC/E;6BAAM;4BACL,OAAO,EAAE,YAAY,EAAE,IAAI,EAAE,MAAM,EAAE,EAAE,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAA;yBAC3D;oBACH,CAAC,CAAA,CAAC,CAAA;kBAAA,CACH;qBACA,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,eAAC,OAAA,CAAC,EAAE,YAAY,EAAE,CAAC,CAAC,YAAY,EAAE,WAAW,EAAE,MAAA,CAAC,CAAC,SAAS,0CAAE,WAAW,EAAE,mBAAmB,EAAE,MAAA,CAAC,CAAC,SAAS,0CAAE,mBAAmB,EAAE,CAAC,CAAA,EAAA,CAAC,CAAA;aACjJ;;gBAAM,OAAO,SAAS,CAAA;;KACxB;IAEK,2BAA2B,CAC/B,UAAkB,EAClB,UAAoD,EACpD,uBAA6C,EAC7C,+BAAwC;;YAExC,IAAI,UAAU,GAAG,IAAI,CAAC,kCAAkC,CAAC,GAAG,CAAC,UAAU,CAAC,CAAA;YACxE,IAAI,CAAC,UAAU,EAAE;gBACf,MAAM,IAAI,CAAC,uBAAuB,CAAC,UAAU,EAAE,UAAU,EAAE,uBAAuB,CAAC,CAAA;gBACnF,UAAU,GAAG,IAAI,CAAC,kCAAkC,CAAC,GAAG,CAAC,UAAU,CAAC,CAAA;aACrE;YACD,IAAI,UAAU,EAAE;gBACd,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,cAAc,CAAC,UAAU,CAAC,CAAA;gBAClE,IAAI,CAAC,MAAM;oBAAE,MAAM,IAAI,KAAK,CAAC,+BAA+B,UAAU,4BAA4B,CAAC,CAAA;gBACnG,IAAI,MAAM,CAAC,IAAI,CAAC,SAAS,EAAE;oBACzB,OAAO;wBACL,YAAY,EAAE,MAAM,CAAC,IAAI,CAAC,YAAY;wBACtC,WAAW,EAAE,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,WAAW;wBAC9C,mBAAmB,EAAE,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,mBAAmB;qBAC/D,CAAA;iBACF;;oBAAM,MAAM,IAAI,KAAK,CAAC,0DAA0D,CAAC,CAAA;aACnF;iBAAM;gBACL,MAAM,SAAS,GAAG,IAAI,CAAC,UAAU,CAAC,UAAU,EAAE,CAAA;gBAC9C,IAAI,CAAC,kCAAkC,CAAC,GAAG,CAAC,UAAU,EAAE,SAAS,CAAC,CAAA;gBAClE,MAAM,oBAAoB,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,SAAS,EAAE,GAAG,EAAE,CACxE,IAAI,CAAC,QAAQ,CAAC,GAAS,EAAE;oBACvB,IAAI;wBACF,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,qBAAqB,CAAC,UAAU,EAAE,EAAE,SAAS,EAAE,mBAAmB,EAAE,+BAA+B,EAAE,CAAC,CAAA;wBACjI,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,iEAAiE,CACzF,OAAO,CAAC,mBAAmB,EAC3B,UAAU,EACV,uBAAuB,CACxB,CAAA;wBACD,OAAO;4BACL,YAAY,EAAE,OAAO,CAAC,YAAY;4BAClC,SAAS,EAAE;gCACT,mBAAmB,EAAE,OAAO,CAAC,mBAAmB;gCAChD,WAAW,EAAE,OAAO,CAAC,WAAW;gCAChC,QAAQ,EAAE,IAAI;6BACf;4BACD,MAAM;yBACP,CAAA;qBACF;oBAAC,OAAO,CAAC,EAAE;wBACV,IAAI,CAAC,kCAAkC,CAAC,MAAM,CAAC,UAAU,CAAC,CAAA;wBAC1D,MAAM,CAAC,CAAA;qBACR;gBACH,CAAC,CAAA,CAAC,CACH,CAAA;gBACD,IAAI,CAAC,oBAAoB;oBAAE,MAAM,IAAI,KAAK,CAAC,4CAA4C,CAAC,CAAA;gBACxF,OAAO;oBACL,YAAY,EAAE,oBAAoB,CAAC,YAAY;oBAC/C,WAAW,EAAE,oBAAoB,CAAC,SAAU,CAAC,WAAW;oBACxD,mBAAmB,EAAE,oBAAoB,CAAC,SAAU,CAAC,mBAAmB;iBACzE,CAAA;aACF;QACH,CAAC;KAAA;IAED,iJAAiJ;IACjJ,uEAAuE;IACzD,uBAAuB,CACnC,UAAkB,EAClB,UAAoD,EACpD,uBAA6C;;YAE7C,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,sCAAsC,CAAC,MAAM,IAAI,CAAC,YAAY,CAAC,qBAAqB,EAAE,EAAE,UAAU,CAAC,CAAA;YAC1I,MAAM,OAAO,CAAC,GAAG,CACf,cAAc,CAAC,GAAG,CAAC,CAAO,IAAI,EAAE,EAAE;gBAChC,MAAM,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,IAAI,CAAC,EAAG,EAAE,GAAG,EAAE,CAC1C,IAAI,CAAC,QAAQ,CAAC,GAAS,EAAE;oBACvB,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,CAAA;oBAC9C,IAAI,SAAS,EAAE;wBACb,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,iEAAiE,CACzF,SAAS,CAAC,mBAAmB,EAC7B,UAAU,EACV,uBAAuB,CACxB,CAAA;wBACD,OAAO,EAAE,YAAY,EAAE,IAAI,EAAE,MAAM,EAAE,SAAS,EAAE,CAAA;qBACjD;yBAAM;wBACL,OAAO,EAAE,YAAY,EAAE,IAAI,EAAE,MAAM,EAAE,EAAE,EAAE,CAAA;qBAC1C;gBACH,CAAC,CAAA,CAAC,CACH,CAAA;YACH,CAAC,CAAA,CAAC,CACH,CAAA;QACH,CAAC;KAAA;IAEa,QAAQ,CACpB,yBAAmF;;;YAEnF,MAAM,IAAI,GAAG,MAAM,yBAAyB,EAAE,CAAA;YAC9C,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,EAAE,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,YAAY,CAAC,EAAG,CAAC,CAAC,CAAA;YAC9E,IAAI,MAAA,IAAI,CAAC,SAAS,0CAAE,QAAQ;gBAAE,IAAI,CAAC,kCAAkC,CAAC,GAAG,CAAC,IAAI,CAAC,YAAY,CAAC,QAAQ,EAAE,IAAI,CAAC,YAAY,CAAC,EAAG,CAAC,CAAA;YAC5H,MAAM,IAAI,GAAG;gBACX,YAAY,EAAE,IAAI,CAAC,YAAY;gBAC/B,MAAM,EAAE,IAAI,CAAC,MAAM;gBACnB,SAAS,EAAE,IAAI,CAAC,SAAS;aAC1B,CAAA;YACD,OAAO;gBACL,IAAI;gBACJ,UAAU,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,EAAE,IAAI,CAAC;aACjD,CAAA;;KACF;IAEa,eAAe,CAAC,aAAsB,EAAE,IAA+C;;YACnG,IAAI,CAAC,aAAa,EAAE;gBAClB,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAA;gBACzD,IAAI,IAAI,CAAC,kCAAkC,CAAC,GAAG,CAAC,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,KAAK,IAAI,CAAC,YAAY,CAAC,EAAE,EAAE;oBACpG,IAAI,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAA;iBAC3E;aACF;QACH,CAAC;KAAA;IAED,yBAAyB,CAAC,UAAwC;QAChE,OAAO,OAAO,CAAC,OAAO,CAAC,SAAS,CAAC,CAAA;IACnC,CAAC;IAED,oBAAoB,CAAC,UAAwC;QAC3D,OAAO,OAAO,CAAC,OAAO,CAAC,SAAS,CAAC,CAAA;IACnC,CAAC;CACF","sourcesContent":["import { ExchangeData } from '../../icc-api/model/internal/ExchangeData'\nimport { IccDataOwnerXApi } from '../icc-data-owner-x-api'\nimport { BaseExchangeDataManager } from './BaseExchangeDataManager'\nimport { UserEncryptionKeysManager } from './UserEncryptionKeysManager'\nimport { UserSignatureKeysManager } from './UserSignatureKeysManager'\nimport { AccessControlSecretUtils } from './AccessControlSecretUtils'\nimport { CryptoStrategies } from './CryptoStrategies'\nimport { fingerprintV1, getShaVersionForKey, hexPublicKeysWithSha1Of, hexPublicKeysWithSha256Of } from './utils'\nimport { CryptoPrimitives } from './CryptoPrimitives'\nimport { hex2ua, ua2b64 } from '../utils'\nimport { LruTemporisedAsyncCache } from '../utils/lru-temporised-async-cache'\nimport { EntityWithDelegationTypeName, entityWithDelegationTypeNames } from '../utils/EntityWithDelegationTypeName'\nimport { CryptoActorStubWithType } from '../../icc-api/model/CryptoActorStub'\n\nexport type ExchangeDataManagerOptionalParameters = {\n // Only for not fully cached implementation (data owner can't request all his exchange data), amount of exchange data which can be cached\n lruCacheSize?: number // default = 2000\n}\n\n/**\n * @internal this function is for internal use only and may be changed without notice.\n * Initialises and returns the exchange data manager which is most appropriate for the current data owner.\n */\nexport async function initialiseExchangeDataManagerForCurrentDataOwner(\n base: BaseExchangeDataManager,\n encryptionKeys: UserEncryptionKeysManager,\n signatureKeys: UserSignatureKeysManager,\n accessControlSecret: AccessControlSecretUtils,\n cryptoStrategies: CryptoStrategies,\n dataOwnerApi: IccDataOwnerXApi,\n primitives: CryptoPrimitives,\n useParentKeys: boolean,\n optionalParameters: ExchangeDataManagerOptionalParameters = {}\n): Promise<ExchangeDataManager> {\n const currentOwner = CryptoActorStubWithType.fromDataOwner(await dataOwnerApi.getCurrentDataOwner())\n if (cryptoStrategies.dataOwnerRequiresAnonymousDelegation(currentOwner)) {\n const res = new FullyCachedExchangeDataManager(\n base,\n encryptionKeys,\n signatureKeys,\n accessControlSecret,\n cryptoStrategies,\n dataOwnerApi,\n primitives,\n useParentKeys\n )\n await res.clearOrRepopulateCache()\n return res\n } else {\n return new LimitedLruCacheExchangeDataManager(\n base,\n encryptionKeys,\n signatureKeys,\n accessControlSecret,\n cryptoStrategies,\n dataOwnerApi,\n primitives,\n useParentKeys,\n optionalParameters\n )\n }\n}\n\ntype CachedExchangeData = {\n exchangeData: ExchangeData\n decrypted?: {\n accessControlSecret: string\n exchangeKey: CryptoKey\n verified: boolean\n }\n}\n\n/**\n * @internal this class is intended for internal use only and may be changed without notice.\n * Exchange data manager which automatically handles decryption and cache\n */\nexport interface ExchangeDataManager {\n readonly base: BaseExchangeDataManager\n\n /**\n * Updates all exchange data between the current data owner and another data owner to allow the other data owner to access existing exchange data\n * using a new public key. Note that this will make existing exchange keys from the other data owner to the current data owner unverified, therefore\n * invalid for encryption.\n * @param otherDataOwner the other data owner.\n * @param newDataOwnerPublicKey a new public key of the other data owner.\n */\n giveAccessBackTo(otherDataOwner: string, newDataOwnerPublicKey: string): Promise<void>\n\n /**\n * Gets any existing and verified exchange data from the current data owner to the provided delegate or creates new data if no verified data is\n * available, then caches it. The {@link entityType} and {@link entitySecretForeignKeys} will be used for the secure-delegation-hash-based cache\n * of the exchange data and not for actually creating the exchange data.\n * @param delegateId the id of the delegate.\n * @param entityType type of the entity for which you want to create new metadata.\n * @param entitySecretForeignKeys the secret foreign keys of the entity which you want to create new metadata.\n * @param allowCreationWithoutDelegateKey if true, when creating new exchange data, even if no verified key is available for the delegate the method\n * will create the new exchange data anyway (will not be usable by the delegate without additional steps).\n * @return the access control secret and key of the data to use for encryption.\n */\n getOrCreateEncryptionDataTo(\n delegateId: string,\n entityType: EntityWithDelegationTypeName | undefined,\n entitySecretForeignKeys: string[] | undefined,\n allowCreationWithoutDelegateKey: boolean\n ): Promise<{ exchangeData: ExchangeData; accessControlSecret: string; exchangeKey: CryptoKey }>\n\n /**\n * Retrieve the cached decrypted exchange data key associated with any of the provided hashes/entry keys of secure delegations. Depending on the\n * implementation the {@link entityType} and {@link entitySecretForeignKeys} may be used to improve the secure-delegation-hash-based cache of\n * exchange data from the other available exchange data caches.\n * @param hashes hashes of access control secrets for a specific entity, as they appear in the key of secure delegation entries\n * @param entityType type of the entity containing the metadata for which you are retrieving the encryption key.\n * @param entitySecretForeignKeys the secret foreign keys of the entity containing the metadata for which you are retrieving the encryption key.\n * @return the exchange data and decrypted key associated to that hash if cached\n */\n getCachedDecryptionDataKeyByAccessControlHash(\n hashes: string[],\n entityType: EntityWithDelegationTypeName,\n entitySecretForeignKeys: string[]\n ): Promise<{ [hash: string]: { exchangeData: ExchangeData; accessControlSecret: string; exchangeKey: CryptoKey } }>\n\n /**\n * Retrieves the exchange data with the provided id (from the cache if available or from the server otherwise if allowed by\n * {@link retrieveIfNotCached}) and attempts to decrypt it, then caches the result. The {@link entityType} and {@link entitySecretForeignKeys} will\n * be used for the secure-delegation-hash-based cache of the exchange data.\n * @param id id of the exchange data\n * @param entityType type of the entity containing the metadata for which you are retrieving the encryption key.\n * @param entitySecretForeignKeys the secret foreign keys of the entity containing the metadata for which you are retrieving the encryption key.\n * @param retrieveIfNotCached if false and there is no cached exchange data with the provided id the method returns undefined, else the method will\n * attempt to load the exchange data from the server.\n * @return undefined if the exchange data is not cached and {@link retrieveIfNotCached} is false. Else an object containing:\n * - exchangeData: the exchange data with the provided id\n * - exchangeKey: the exchange key corresponding to the provided exchange data if it could be decrypted, else undefined\n * @throws if no exchange data with the given id is cached and {@link retrieveIfNotCached} is true and the data could not be found in the server\n * either.\n */\n getDecryptionDataKeyById(\n id: string,\n entityType: EntityWithDelegationTypeName | undefined,\n entitySecretForeignKeys: string[] | undefined,\n retrieveIfNotCached: boolean\n ): Promise<{ exchangeKey: CryptoKey | undefined; accessControlSecret: string | undefined; exchangeData: ExchangeData } | undefined>\n\n /**\n * Clears the cache or fully repopulates the cache if the current data owner can retrieve all of his exchange data according to the crypto\n * strategies.\n */\n clearOrRepopulateCache(): Promise<void>\n\n /**\n * If the current data owner requires anonymous delegations this returns the base64 representation of the concatenation of all available access\n * control keys for the current data owner.\n */\n getAccessControlKeysValue(entityType: EntityWithDelegationTypeName): Promise<string | undefined>\n\n /**\n * If the current data owner requires anonymous delegations this returns the access control keys which may be used in secure delegations for the\n * data owner, which can be used to search for data.\n */\n getAllDelegationKeys(entityType: EntityWithDelegationTypeName): Promise<string[] | undefined>\n}\n\nabstract class AbstractExchangeDataManager implements ExchangeDataManager {\n constructor(\n readonly base: BaseExchangeDataManager,\n protected readonly encryptionKeys: UserEncryptionKeysManager,\n protected readonly signatureKeys: UserSignatureKeysManager,\n protected readonly accessControlSecret: AccessControlSecretUtils,\n protected readonly cryptoStrategies: CryptoStrategies,\n protected readonly dataOwnerApi: IccDataOwnerXApi,\n protected readonly primitives: CryptoPrimitives,\n private readonly useParentKeys: boolean\n ) {}\n\n protected async decryptData(data: ExchangeData): Promise<\n | {\n accessControlSecret: string\n exchangeKey: CryptoKey\n verified: boolean\n }\n | undefined\n > {\n const decryptionKeys = this.encryptionKeys.getDecryptionKeys()\n const decryptedExchangeKey = (await this.base.tryDecryptExchangeKeys([data], decryptionKeys)).successfulDecryptions[0]\n if (!decryptedExchangeKey) return undefined\n const decryptedAccessControlSecret = (await this.base.tryDecryptAccessControlSecret([data], decryptionKeys)).successfulDecryptions[0]\n if (!decryptedAccessControlSecret)\n throw new Error(`Decryption key could be decrypted but access control secret could not for data ${JSON.stringify(data)}`)\n const decryptedSharedSignatureKey = (await this.base.tryDecryptSharedSignatureKeys([data], decryptionKeys)).successfulDecryptions[0]\n if (!decryptedSharedSignatureKey)\n throw new Error(`Decryption key could be decrypted but shared signature key could not for data ${JSON.stringify(data)}`)\n return {\n accessControlSecret: decryptedAccessControlSecret,\n exchangeKey: decryptedExchangeKey,\n verified: await this.base.verifyExchangeData(\n {\n exchangeData: data,\n decryptedAccessControlSecret,\n decryptedExchangeKey,\n decryptedSharedSignatureKey,\n },\n (fp) => this.signatureKeys.getSignatureVerificationKey(fp),\n true\n ),\n }\n }\n\n protected async createNewExchangeData(\n delegateId: string,\n options: {\n newDataId?: string\n allowNoDelegateKeys?: boolean\n }\n ): Promise<{ exchangeData: ExchangeData; accessControlSecret: string; exchangeKey: CryptoKey }> {\n const encryptionKeys: { [fp: string]: CryptoKey } = {}\n this.encryptionKeys.getSelfVerifiedKeys().forEach(({ fingerprint, pair }) => {\n encryptionKeys[fingerprint] = pair.publicKey\n })\n if (delegateId != (await this.dataOwnerApi.getCurrentDataOwnerId())) {\n const delegate = await this.dataOwnerApi.getCryptoActorStub(delegateId)\n const sha256KeysOfDelegate = hexPublicKeysWithSha256Of(delegate.stub)\n const sha1KeysOfDelegate = hexPublicKeysWithSha1Of(delegate.stub)\n let allVerifiedDelegateKeys: string[]\n if (!sha256KeysOfDelegate.size && !sha1KeysOfDelegate.size) {\n if (!options.allowNoDelegateKeys)\n throw new Error(`Could not create exchange data to ${delegateId} as no public key for the delegate was found.`)\n allVerifiedDelegateKeys = []\n } else if (this.useParentKeys && (await this.dataOwnerApi.getCurrentDataOwnerHierarchyIds()).includes(delegateId)) {\n allVerifiedDelegateKeys = await this.encryptionKeys.getVerifiedPublicKeysFor(delegate.stub)\n } else {\n allVerifiedDelegateKeys = await this.cryptoStrategies.verifyDelegatePublicKeys(\n delegate,\n [...Array.from(sha256KeysOfDelegate), ...Array.from(sha1KeysOfDelegate)],\n this.primitives\n )\n }\n if (!allVerifiedDelegateKeys.length && !options.allowNoDelegateKeys)\n throw new Error(`Could not create exchange data to ${delegateId} as no public key for the delegate could be verified.`)\n for (const delegateKey of allVerifiedDelegateKeys) {\n if (sha1KeysOfDelegate.has(delegateKey)) {\n encryptionKeys[fingerprintV1(delegateKey)] = await this.primitives.RSA.importKey('spki', hex2ua(delegateKey), ['encrypt'], 'sha-1')\n } else if (sha256KeysOfDelegate.has(delegateKey)) {\n encryptionKeys[fingerprintV1(delegateKey)] = await this.primitives.RSA.importKey('spki', hex2ua(delegateKey), ['encrypt'], 'sha-256')\n } else throw new Error('Illegal state: verified keys should contain only keys for OAPE-SHA1 or OAPE-SHA256.')\n }\n }\n const signatureKey = await this.signatureKeys.getOrCreateSignatureKeyPair()\n const newData = await this.base.createExchangeData(\n delegateId,\n { [signatureKey.fingerprint]: signatureKey.keyPair.privateKey },\n encryptionKeys,\n options.newDataId ? { id: options.newDataId } : {}\n )\n return {\n exchangeData: newData.exchangeData,\n accessControlSecret: newData.accessControlSecret,\n exchangeKey: newData.exchangeKey,\n }\n }\n\n async giveAccessBackTo(otherDataOwner: string, newDataOwnerPublicKey: string) {\n const self = await this.dataOwnerApi.getCurrentDataOwnerId()\n const newKeyFp = fingerprintV1(newDataOwnerPublicKey)\n const other = await this.dataOwnerApi.getCryptoActorStub(otherDataOwner)\n const newKeyHashVersion = getShaVersionForKey(other.stub, newDataOwnerPublicKey)\n if (!newKeyHashVersion) throw new Error(`Public key not found for data owner ${otherDataOwner}`)\n const importedNewKey = await this.primitives.RSA.importKey('spki', hex2ua(newDataOwnerPublicKey), ['encrypt'], newKeyHashVersion)\n const signatureKey = await this.signatureKeys.getOrCreateSignatureKeyPair()\n const decryptionKeys = this.encryptionKeys.getDecryptionKeys()\n const allExchangeDataToUpdate =\n self == otherDataOwner\n ? await this.base.getExchangeDataByDelegatorDelegatePair(self, self)\n : [\n ...(await this.base.getExchangeDataByDelegatorDelegatePair(self, otherDataOwner)),\n ...(await this.base.getExchangeDataByDelegatorDelegatePair(otherDataOwner, self)),\n ]\n for (const dataToUpdate of allExchangeDataToUpdate) {\n if (!Object.keys(dataToUpdate.exchangeKey).find((fp) => fp == newKeyFp)) {\n const updated = await this.base.tryUpdateExchangeData(dataToUpdate, decryptionKeys, { [newKeyFp]: importedNewKey })\n if (!updated) {\n console.warn(`Failed to give access back to exchanged data ${JSON.stringify(dataToUpdate)}`)\n }\n }\n }\n }\n\n clearOrRepopulateCache(): Promise<void> {\n throw new Error('Implemented by concrete class')\n }\n\n getOrCreateEncryptionDataTo(\n delegateId: string,\n entityType: EntityWithDelegationTypeName | undefined,\n entitySecretForeignKeys: string[] | undefined,\n allowCreationWithoutDelegateKey: boolean\n ): Promise<{ exchangeData: ExchangeData; accessControlSecret: string; exchangeKey: CryptoKey }> {\n throw new Error('Implemented by concrete class')\n }\n\n getCachedDecryptionDataKeyByAccessControlHash(\n hashes: string[],\n entityType: EntityWithDelegationTypeName,\n entitySecretForeignKeys: string[]\n ): Promise<{ [p: string]: { exchangeData: ExchangeData; exchangeKey: CryptoKey; accessControlSecret: string } }> {\n throw new Error('Implemented by concrete class')\n }\n\n getDecryptionDataKeyById(\n id: string,\n entityType: EntityWithDelegationTypeName | undefined,\n entitySecretForeignKeys: string[] | undefined,\n retrieveIfNotCached: boolean\n ): Promise<{ exchangeData: ExchangeData; exchangeKey: CryptoKey | undefined; accessControlSecret: string | undefined } | undefined> {\n throw new Error('Implemented by concrete class')\n }\n\n getAccessControlKeysValue(entityType: EntityWithDelegationTypeName): Promise<string | undefined> {\n throw new Error('Implemented by concrete class')\n }\n\n getAllDelegationKeys(entityType: EntityWithDelegationTypeName): Promise<string[] | undefined> {\n throw new Error('Implemented by concrete class')\n }\n}\n\nclass FullyCachedExchangeDataManager extends AbstractExchangeDataManager {\n private caches: Promise<{\n dataById: { [id: string]: CachedExchangeData }\n hashToId: Map<string, string>\n delegateToVerifiedEncryptionDataId: { [delegate: string]: string }\n entityTypeToAccessControlKeysValue: { [entityType in EntityWithDelegationTypeName]?: string }\n }> = Promise.resolve({ dataById: {}, hashToId: new Map(), delegateToVerifiedEncryptionDataId: {}, entityTypeToAccessControlKeysValue: {} })\n\n async clearOrRepopulateCache(): Promise<void> {\n this.caches = this.doRepopulateCache()\n await this.caches\n }\n\n async getCachedDecryptionDataKeyByAccessControlHash(\n hashes: string[],\n entityType: EntityWithDelegationTypeName,\n entitySecretForeignKeys: string[]\n ): Promise<{ [hash: string]: { exchangeData: ExchangeData; exchangeKey: CryptoKey; accessControlSecret: string } }> {\n function retrieveByHashesFromCaches(caches: {\n dataById: { [id: string]: CachedExchangeData }\n hashToId: Map<string, string>\n delegateToVerifiedEncryptionDataId: { [delegate: string]: string }\n }): { [hash: string]: { exchangeData: ExchangeData; exchangeKey: CryptoKey; accessControlSecret: string } } {\n return hashes.reduce((res, hash) => {\n const id = caches.hashToId.get(hash)\n if (id) {\n const cached = caches.dataById[id]\n if (cached?.decrypted) {\n res[hash] = {\n exchangeData: cached.exchangeData,\n exchangeKey: cached.decrypted.exchangeKey,\n accessControlSecret: cached.decrypted.accessControlSecret,\n }\n }\n }\n return res\n }, {} as { [hash: string]: { exchangeData: ExchangeData; exchangeKey: CryptoKey; accessControlSecret: string } })\n }\n\n const retrievedFromHashesCache = retrieveByHashesFromCaches(await this.caches)\n if (Object.keys(retrievedFromHashesCache).length) {\n return retrievedFromHashesCache\n } else {\n this.caches = this.caches.then(async (caches) => {\n for (const currData of Object.values(caches.dataById)) {\n if (currData.decrypted) {\n const currDataHashes = await this.accessControlSecret.secureDelegationKeysFor(\n currData.decrypted.accessControlSecret,\n entityType,\n entitySecretForeignKeys\n )\n currDataHashes.forEach((hash) => caches.hashToId.set(hash, currData.exchangeData.id!))\n }\n }\n return caches\n })\n return retrieveByHashesFromCaches(await this.caches)\n }\n }\n\n async getOrCreateEncryptionDataTo(\n delegateId: string,\n entityType: EntityWithDelegationTypeName | undefined,\n entitySecretForeignKeys: string[] | undefined,\n allowCreationWithoutDelegateKey: boolean\n ): Promise<{ exchangeData: ExchangeData; accessControlSecret: string; exchangeKey: CryptoKey }> {\n const caches = await this.caches\n const dataId = caches.delegateToVerifiedEncryptionDataId[delegateId]\n const cached = dataId ? caches.dataById[dataId] : undefined\n if (cached && cached?.decrypted) {\n return {\n exchangeData: cached.exchangeData,\n accessControlSecret: cached.decrypted.accessControlSecret,\n exchangeKey: cached.decrypted.exchangeKey,\n }\n }\n // TODO this could technically allow for 2 concurrent exchange data creations, needs fix\n const created = await this.createNewExchangeData(delegateId, { allowNoDelegateKeys: allowCreationWithoutDelegateKey })\n this.cacheData(\n created.exchangeData,\n true,\n { accessControlSecret: created.accessControlSecret, exchangeKey: created.exchangeKey, verified: true },\n entityType,\n entitySecretForeignKeys\n )\n return created\n }\n\n async getDecryptionDataKeyById(\n id: string,\n entityType: EntityWithDelegationTypeName | undefined,\n entitySecretForeignKeys: string[] | undefined,\n retrieveIfNotCached: boolean\n ): Promise<{ exchangeData: ExchangeData; exchangeKey: CryptoKey | undefined; accessControlSecret: string | undefined } | undefined> {\n const caches = await this.caches\n const cachedData = caches.dataById[id]\n if (cachedData) {\n return {\n exchangeData: cachedData.exchangeData,\n exchangeKey: cachedData.decrypted?.exchangeKey,\n accessControlSecret: cachedData.decrypted?.accessControlSecret,\n }\n } else if (retrieveIfNotCached) {\n const data = await this.base.getExchangeDataById(id)\n if (!data) throw new Error(`Could not find exchange data with id ${id}`)\n const decrypted = await this.decryptData(data)\n this.cacheData(data, false, decrypted, entityType, entitySecretForeignKeys)\n return { exchangeData: data, exchangeKey: decrypted?.exchangeKey, accessControlSecret: decrypted?.accessControlSecret }\n } else return undefined\n }\n\n private cacheData(\n exchangeData: ExchangeData,\n isNewData: boolean,\n decrypted: { accessControlSecret: string; exchangeKey: CryptoKey; verified: boolean } | undefined,\n entityType?: EntityWithDelegationTypeName,\n entitySecretForeignKeys?: string[]\n ): void {\n this.caches = this.caches.then(async (caches) => {\n caches.dataById[exchangeData.id!] = { exchangeData, decrypted }\n if (decrypted) {\n // Usage of sfks in secure delegation key should be configurable: it is not necessary for all users and it has some performance impact\n // `secureDelegationKeysFor` is currently ignoring the sfks\n if (entityType && entitySecretForeignKeys) {\n const hashes = await this.accessControlSecret.secureDelegationKeysFor(decrypted.accessControlSecret, entityType, entitySecretForeignKeys)\n hashes.forEach((hash) => {\n caches.hashToId.set(hash, exchangeData.id!)\n })\n }\n if (decrypted.verified) {\n caches.delegateToVerifiedEncryptionDataId[exchangeData.delegate] = exchangeData.id!\n }\n }\n if (isNewData) caches.entityTypeToAccessControlKeysValue = {}\n return caches\n })\n }\n\n private async doRepopulateCache(): Promise<{\n dataById: { [id: string]: CachedExchangeData }\n hashToId: Map<string, string>\n delegateToVerifiedEncryptionDataId: { [delegate: string]: string }\n entityTypeToAccessControlKeysValue: { [entityType in EntityWithDelegationTypeName]?: string }\n }> {\n const allData = await this.base.getAllExchangeDataForCurrentDataOwnerIfAllowed()\n if (!allData) throw new Error('Impossible to use fully cached exchange data manager for current data owner.')\n const dataById: { [id: string]: CachedExchangeData } = {}\n const hashToId = new Map<string, string>()\n const delegateToVerifiedEncryptionDataId: { [delegate: string]: string } = {}\n for (const currData of allData) {\n const currDecrypted = await this.decryptData(currData)\n dataById[currData.id!] = { exchangeData: currData, decrypted: currDecrypted }\n if (currDecrypted?.verified) {\n delegateToVerifiedEncryptionDataId[currData.delegate] = currData.id!\n }\n }\n const entityTypeToAccessControlKeysValue: { [entityType in EntityWithDelegationTypeName]?: string } = {}\n return { dataById, hashToId, delegateToVerifiedEncryptionDataId, entityTypeToAccessControlKeysValue }\n }\n\n async getAccessControlKeysValue(entityType: EntityWithDelegationTypeName): Promise<string | undefined> {\n const caches = await this.caches\n const cached = caches.entityTypeToAccessControlKeysValue[entityType]\n if (cached) return cached\n const accessControlSecrets = Object.values(caches.dataById).flatMap((x) => (x.decrypted ? [x.decrypted.accessControlSecret] : []))\n const fullData = await this.accessControlSecret.getEncodedAccessControlKeys(accessControlSecrets, entityType)\n caches.entityTypeToAccessControlKeysValue[entityType] = fullData\n return fullData\n }\n\n async getAllDelegationKeys(entityType: EntityWithDelegationTypeName): Promise<string[] | undefined> {\n const caches = await this.caches\n const accessControlSecrets = Object.values(caches.dataById).flatMap((x) => (x.decrypted ? [x.decrypted.accessControlSecret] : []))\n const res: string[] = []\n for (const accessControlSecret of accessControlSecrets) {\n // Usage of sfks in secure delegation key should be configurable: it is not necessary for all users and it has some performance impact\n res.push(await this.accessControlSecret.secureDelegationKeyFor(accessControlSecret, entityType, undefined))\n }\n return res\n }\n}\n\nclass LimitedLruCacheExchangeDataManager extends AbstractExchangeDataManager {\n private readonly idToDataCache: LruTemporisedAsyncCache<string, CachedExchangeData & { hashes: string[] }>\n private readonly hashToId: Map<string, string> = new Map()\n private readonly delegateToVerifiedEncryptionDataId: Map<string, string> = new Map()\n\n constructor(\n base: BaseExchangeDataManager,\n encryptionKeys: UserEncryptionKeysManager,\n signatureKeys: UserSignatureKeysManager,\n accessControlSecret: AccessControlSecretUtils,\n cryptoStrategies: CryptoStrategies,\n dataOwnerApi: IccDataOwnerXApi,\n primitives: CryptoPrimitives,\n useParentKeys: boolean,\n optionalParameters: {\n lruCacheSize?: number\n }\n ) {\n super(base, encryptionKeys, signatureKeys, accessControlSecret, cryptoStrategies, dataOwnerApi, primitives, useParentKeys)\n this.idToDataCache = new LruTemporisedAsyncCache(optionalParameters.lruCacheSize ?? 2000, () => -1)\n }\n\n async clearOrRepopulateCache(): Promise<void> {\n this.idToDataCache.clear(false)\n this.hashToId.clear()\n this.delegateToVerifiedEncryptionDataId.clear()\n }\n\n async getCachedDecryptionDataKeyByAccessControlHash(\n hashes: string[],\n entityType: EntityWithDelegationTypeName,\n entitySecretForeignKeys: string[]\n ): Promise<{ [p: string]: { exchangeData: ExchangeData; exchangeKey: CryptoKey; accessControlSecret: string } }> {\n const res: { [p: string]: { exchangeData: ExchangeData; exchangeKey: CryptoKey; accessControlSecret: string } } = {}\n for (const hash of hashes) {\n const dataId = this.hashToId.get(hash)\n if (dataId) {\n const retrieved = await this.idToDataCache.get(dataId, () => {\n throw new Error(`Data with id ${dataId} should have been already cached.`)\n })\n if (retrieved.decrypted) {\n res[hash] = {\n exchangeData: retrieved.exchangeData,\n exchangeKey: retrieved.decrypted.exchangeKey,\n accessControlSecret: retrieved.decrypted.accessControlSecret,\n }\n }\n }\n }\n return res\n }\n\n private async secureDelegationKeysForAllEntitiesNoSfkAndSpecificEntitySfksPairs(\n accessControlSecret: string,\n entityType: EntityWithDelegationTypeName | undefined,\n entitySecretForeignKeys: string[] | undefined\n ): Promise<string[]> {\n const noSfkDelegationKeys = await Promise.all(\n [...entityWithDelegationTypeNames].map((t) => this.accessControlSecret.secureDelegationKeyFor(accessControlSecret, t, undefined))\n )\n if (entityType && entitySecretForeignKeys?.length) {\n // Usage of sfks in secure delegation key should be configurable: it is not necessary for all users and it has some performance impact\n // `secureDelegationKeysFor` is currently ignoring the sfks\n return [\n ...noSfkDelegationKeys,\n ...(await this.accessControlSecret.secureDelegationKeysFor(accessControlSecret, entityType, entitySecretForeignKeys)),\n ]\n } else {\n return noSfkDelegationKeys\n }\n }\n\n async getDecryptionDataKeyById(\n id: string,\n entityType: EntityWithDelegationTypeName | undefined,\n entitySecretForeignKeys: string[] | undefined,\n retrieveIfNotCached: boolean\n ): Promise<{ exchangeData: ExchangeData; exchangeKey: CryptoKey | undefined; accessControlSecret: string | undefined } | undefined> {\n const cached = await this.idToDataCache.getIfCachedJob(id)\n if (cached) {\n const updated = await this.idToDataCache.get(\n id,\n async (prevData) => {\n const toUpdate = prevData ?? cached.item\n if (toUpdate.decrypted) {\n // Usage of sfks in secure delegation key should be configurable: it is not necessary for all users, and it has some performance impact\n // `secureDelegationKeysFor` is currently ignoring the sfks\n if (entityType && entitySecretForeignKeys) {\n const hashes = await this.accessControlSecret.secureDelegationKeysFor(\n toUpdate.decrypted.accessControlSecret,\n entityType,\n entitySecretForeignKeys\n )\n hashes.forEach((hash) => {\n this.hashToId.set(hash, toUpdate.exchangeData.id!)\n })\n toUpdate.hashes.push(...hashes)\n }\n }\n return { item: toUpdate, onEviction: (b) => this.doOnEvictionJob(b, toUpdate) }\n },\n () => true\n )\n return {\n exchangeData: updated.exchangeData,\n exchangeKey: updated.decrypted?.exchangeKey,\n accessControlSecret: updated.decrypted?.accessControlSecret,\n }\n } else if (retrieveIfNotCached) {\n return await this.idToDataCache\n .get(id, async () =>\n this.cacheJob(async () => {\n const data = await this.base.getExchangeDataById(id)\n if (!data) throw new Error(`Could not find exchange data with id ${id}`)\n const decrypted = await this.decryptData(data)\n if (decrypted) {\n const hashes = await this.secureDelegationKeysForAllEntitiesNoSfkAndSpecificEntitySfksPairs(\n decrypted.accessControlSecret,\n entityType,\n entitySecretForeignKeys\n )\n return { exchangeData: data, hashes, decrypted, verified: decrypted.verified }\n } else {\n return { exchangeData: data, hashes: [], verified: false }\n }\n })\n )\n .then((x) => ({ exchangeData: x.exchangeData, exchangeKey: x.decrypted?.exchangeKey, accessControlSecret: x.decrypted?.accessControlSecret }))\n } else return undefined\n }\n\n async getOrCreateEncryptionDataTo(\n delegateId: string,\n entityType: EntityWithDelegationTypeName | undefined,\n entitySecretForeignKeys: string[] | undefined,\n allowCreationWithoutDelegateKey: boolean\n ): Promise<{ exchangeData: ExchangeData; accessControlSecret: string; exchangeKey: CryptoKey }> {\n let existingId = this.delegateToVerifiedEncryptionDataId.get(delegateId)\n if (!existingId) {\n await this.populateCacheToDelegate(delegateId, entityType, entitySecretForeignKeys)\n existingId = this.delegateToVerifiedEncryptionDataId.get(delegateId)\n }\n if (existingId) {\n const cached = await this.idToDataCache.getIfCachedJob(existingId)\n if (!cached) throw new Error(`Illegal state: data with id ${existingId} should have been in cache`)\n if (cached.item.decrypted) {\n return {\n exchangeData: cached.item.exchangeData,\n exchangeKey: cached.item.decrypted.exchangeKey,\n accessControlSecret: cached.item.decrypted.accessControlSecret,\n }\n } else throw new Error(`Illegal state: cached verified data should be decrypted.`)\n } else {\n const newDataId = this.primitives.randomUuid()\n this.delegateToVerifiedEncryptionDataId.set(delegateId, newDataId)\n const createdAndCachedData = await this.idToDataCache.get(newDataId, () =>\n this.cacheJob(async () => {\n try {\n const created = await this.createNewExchangeData(delegateId, { newDataId, allowNoDelegateKeys: allowCreationWithoutDelegateKey })\n const hashes = await this.secureDelegationKeysForAllEntitiesNoSfkAndSpecificEntitySfksPairs(\n created.accessControlSecret,\n entityType,\n entitySecretForeignKeys\n )\n return {\n exchangeData: created.exchangeData,\n decrypted: {\n accessControlSecret: created.accessControlSecret,\n exchangeKey: created.exchangeKey,\n verified: true,\n },\n hashes,\n }\n } catch (e) {\n this.delegateToVerifiedEncryptionDataId.delete(delegateId)\n throw e\n }\n })\n )\n if (!createdAndCachedData) throw new Error('Data should have been successfully created')\n return {\n exchangeData: createdAndCachedData.exchangeData,\n exchangeKey: createdAndCachedData.decrypted!.exchangeKey,\n accessControlSecret: createdAndCachedData.decrypted!.accessControlSecret,\n }\n }\n }\n\n // Loads and adds to the cache all exchange data from the current data owner to the given delegate. Allows to check if there is already data from\n // the current data owner to the delegate which is good for encryption.\n private async populateCacheToDelegate(\n delegateId: string,\n entityType: EntityWithDelegationTypeName | undefined,\n entitySecretForeignKeys: string[] | undefined\n ): Promise<void> {\n const dataToDelegate = await this.base.getExchangeDataByDelegatorDelegatePair(await this.dataOwnerApi.getCurrentDataOwnerId(), delegateId)\n await Promise.all(\n dataToDelegate.map(async (data) => {\n await this.idToDataCache.get(data.id!, () =>\n this.cacheJob(async () => {\n const decrypted = await this.decryptData(data)\n if (decrypted) {\n const hashes = await this.secureDelegationKeysForAllEntitiesNoSfkAndSpecificEntitySfksPairs(\n decrypted.accessControlSecret,\n entityType,\n entitySecretForeignKeys\n )\n return { exchangeData: data, hashes, decrypted }\n } else {\n return { exchangeData: data, hashes: [] }\n }\n })\n )\n })\n )\n }\n\n private async cacheJob(\n retrieveDecryptedDataInfo: () => Promise<CachedExchangeData & { hashes: string[] }>\n ): Promise<{ item: CachedExchangeData & { hashes: string[] }; onEviction: (isReplacement: boolean) => void }> {\n const info = await retrieveDecryptedDataInfo()\n info.hashes.forEach((hash) => this.hashToId.set(hash, info?.exchangeData.id!))\n if (info.decrypted?.verified) this.delegateToVerifiedEncryptionDataId.set(info.exchangeData.delegate, info.exchangeData.id!)\n const item = {\n exchangeData: info.exchangeData,\n hashes: info.hashes,\n decrypted: info.decrypted,\n }\n return {\n item,\n onEviction: (b) => this.doOnEvictionJob(b, item),\n }\n }\n\n private async doOnEvictionJob(isReplacement: boolean, item: CachedExchangeData & { hashes: string[] }) {\n if (!isReplacement) {\n item.hashes.forEach((hash) => this.hashToId.delete(hash))\n if (this.delegateToVerifiedEncryptionDataId.get(item.exchangeData.delegate) === item.exchangeData.id) {\n this.delegateToVerifiedEncryptionDataId.delete(item.exchangeData.delegate)\n }\n }\n }\n\n getAccessControlKeysValue(entityType: EntityWithDelegationTypeName): Promise<string | undefined> {\n return Promise.resolve(undefined)\n }\n\n getAllDelegationKeys(entityType: EntityWithDelegationTypeName): Promise<string[] | undefined> {\n return Promise.resolve(undefined)\n }\n}\n"]}
1
+ {"version":3,"file":"ExchangeDataManager.js","sourceRoot":"","sources":["../../../icc-x-api/crypto/ExchangeDataManager.ts"],"names":[],"mappings":";;;;;;;;;;;;AAOA,mCAAgH;AAEhH,oCAAiC;AACjC,oFAA6E;AAC7E,wFAAmH;AACnH,yEAA6E;AAC7E,+BAAkC;AAOlC;;;GAGG;AACH,SAAsB,gDAAgD,CACpE,IAA6B,EAC7B,cAAyC,EACzC,aAAuC,EACvC,mBAA6C,EAC7C,gBAAkC,EAClC,YAA8B,EAC9B,UAA4B,EAC5B,aAAsB,EACtB,qBAA4D,EAAE;;QAE9D,MAAM,YAAY,GAAG,yCAAuB,CAAC,aAAa,CAAC,MAAM,YAAY,CAAC,mBAAmB,EAAE,CAAC,CAAA;QACpG,IAAI,gBAAgB,CAAC,oCAAoC,CAAC,YAAY,CAAC,EAAE;YACvE,MAAM,GAAG,GAAG,IAAI,8BAA8B,CAC5C,IAAI,EACJ,cAAc,EACd,aAAa,EACb,mBAAmB,EACnB,gBAAgB,EAChB,YAAY,EACZ,UAAU,EACV,aAAa,CACd,CAAA;YACD,MAAM,GAAG,CAAC,sBAAsB,EAAE,CAAA;YAClC,OAAO,GAAG,CAAA;SACX;aAAM;YACL,OAAO,IAAI,kCAAkC,CAC3C,IAAI,EACJ,cAAc,EACd,aAAa,EACb,mBAAmB,EACnB,gBAAgB,EAChB,YAAY,EACZ,UAAU,EACV,aAAa,EACb,kBAAkB,CACnB,CAAA;SACF;IACH,CAAC;CAAA;AAtCD,4GAsCC;AAqGD,MAAe,2BAA2B;IACxC,YACW,IAA6B,EACnB,cAAyC,EACzC,aAAuC,EACvC,mBAA6C,EAC7C,gBAAkC,EAClC,YAA8B,EAC9B,UAA4B,EAC9B,aAAsB;QAP9B,SAAI,GAAJ,IAAI,CAAyB;QACnB,mBAAc,GAAd,cAAc,CAA2B;QACzC,kBAAa,GAAb,aAAa,CAA0B;QACvC,wBAAmB,GAAnB,mBAAmB,CAA0B;QAC7C,qBAAgB,GAAhB,gBAAgB,CAAkB;QAClC,iBAAY,GAAZ,YAAY,CAAkB;QAC9B,eAAU,GAAV,UAAU,CAAkB;QAC9B,kBAAa,GAAb,aAAa,CAAS;IACtC,CAAC;IAEY,WAAW,CAAC,IAAkB;;YAQ5C,MAAM,cAAc,GAAG,IAAI,CAAC,cAAc,CAAC,iBAAiB,EAAE,CAAA;YAC9D,MAAM,oBAAoB,GAAG,CAAC,MAAM,IAAI,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC,IAAI,CAAC,EAAE,cAAc,CAAC,CAAC,CAAC,qBAAqB,CAAC,CAAC,CAAC,CAAA;YACtH,IAAI,CAAC,oBAAoB;gBAAE,OAAO,SAAS,CAAA;YAC3C,MAAM,4BAA4B,GAAG,CAAC,MAAM,IAAI,CAAC,IAAI,CAAC,6BAA6B,CAAC,CAAC,IAAI,CAAC,EAAE,cAAc,CAAC,CAAC,CAAC,qBAAqB,CAAC,CAAC,CAAC,CAAA;YACrI,IAAI,CAAC,4BAA4B;gBAC/B,MAAM,IAAI,KAAK,CAAC,kFAAkF,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;YAC3H,MAAM,2BAA2B,GAAG,CAAC,MAAM,IAAI,CAAC,IAAI,CAAC,6BAA6B,CAAC,CAAC,IAAI,CAAC,EAAE,cAAc,CAAC,CAAC,CAAC,qBAAqB,CAAC,CAAC,CAAC,CAAA;YACpI,IAAI,CAAC,2BAA2B;gBAC9B,MAAM,IAAI,KAAK,CAAC,iFAAiF,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;YAC1H,OAAO;gBACL,mBAAmB,EAAE,4BAA4B;gBACjD,WAAW,EAAE,oBAAoB;gBACjC,QAAQ,EAAE,MAAM,IAAI,CAAC,IAAI,CAAC,kBAAkB,CAC1C;oBACE,YAAY,EAAE,IAAI;oBAClB,4BAA4B;oBAC5B,oBAAoB;oBACpB,2BAA2B;iBAC5B,EACD,CAAC,EAAE,EAAE,EAAE,CAAC,IAAI,CAAC,aAAa,CAAC,2BAA2B,CAAC,EAAE,CAAC,EAC1D,IAAI,CACL;aACF,CAAA;QACH,CAAC;KAAA;IAEe,qBAAqB,CACnC,UAAkB,EAClB,OAGC;;YAED,MAAM,cAAc,GAAgC,EAAE,CAAA;YACtD,IAAI,CAAC,cAAc,CAAC,mBAAmB,EAAE,CAAC,OAAO,CAAC,CAAC,EAAE,WAAW,EAAE,IAAI,EAAE,EAAE,EAAE;gBAC1E,cAAc,CAAC,WAAW,CAAC,GAAG,IAAI,CAAC,SAAS,CAAA;YAC9C,CAAC,CAAC,CAAA;YACF,IAAI,UAAU,IAAI,CAAC,MAAM,IAAI,CAAC,YAAY,CAAC,qBAAqB,EAAE,CAAC,EAAE;gBACnE,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,kBAAkB,CAAC,UAAU,CAAC,CAAA;gBACvE,MAAM,oBAAoB,GAAG,IAAA,iCAAyB,EAAC,QAAQ,CAAC,IAAI,CAAC,CAAA;gBACrE,MAAM,kBAAkB,GAAG,IAAA,+BAAuB,EAAC,QAAQ,CAAC,IAAI,CAAC,CAAA;gBACjE,IAAI,uBAAiC,CAAA;gBACrC,IAAI,CAAC,oBAAoB,CAAC,IAAI,IAAI,CAAC,kBAAkB,CAAC,IAAI,EAAE;oBAC1D,IAAI,CAAC,OAAO,CAAC,mBAAmB;wBAC9B,MAAM,IAAI,KAAK,CAAC,qCAAqC,UAAU,+CAA+C,CAAC,CAAA;oBACjH,uBAAuB,GAAG,EAAE,CAAA;iBAC7B;qBAAM,IAAI,IAAI,CAAC,aAAa,IAAI,CAAC,MAAM,IAAI,CAAC,YAAY,CAAC,+BAA+B,EAAE,CAAC,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE;oBACjH,uBAAuB,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,wBAAwB,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAA;iBAC5F;qBAAM;oBACL,uBAAuB,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,wBAAwB,CAC5E,QAAQ,EACR,CAAC,GAAG,KAAK,CAAC,IAAI,CAAC,oBAAoB,CAAC,EAAE,GAAG,KAAK,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC,EACxE,IAAI,CAAC,UAAU,CAChB,CAAA;iBACF;gBACD,IAAI,CAAC,uBAAuB,CAAC,MAAM,IAAI,CAAC,OAAO,CAAC,mBAAmB;oBACjE,MAAM,IAAI,KAAK,CAAC,qCAAqC,UAAU,uDAAuD,CAAC,CAAA;gBACzH,KAAK,MAAM,WAAW,IAAI,uBAAuB,EAAE;oBACjD,IAAI,kBAAkB,CAAC,GAAG,CAAC,WAAW,CAAC,EAAE;wBACvC,cAAc,CAAC,IAAA,qBAAa,EAAC,WAAW,CAAC,CAAC,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,SAAS,CAAC,MAAM,EAAE,IAAA,cAAM,EAAC,WAAW,CAAC,EAAE,CAAC,SAAS,CAAC,EAAE,gBAAU,CAAC,IAAI,CAAC,CAAA;qBAC5I;yBAAM,IAAI,oBAAoB,CAAC,GAAG,CAAC,WAAW,CAAC,EAAE;wBAChD,cAAc,CAAC,IAAA,qBAAa,EAAC,WAAW,CAAC,CAAC,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,SAAS,CAC9E,MAAM,EACN,IAAA,cAAM,EAAC,WAAW,CAAC,EACnB,CAAC,SAAS,CAAC,EACX,gBAAU,CAAC,MAAM,CAClB,CAAA;qBACF;;wBAAM,MAAM,IAAI,KAAK,CAAC,qFAAqF,CAAC,CAAA;iBAC9G;aACF;YACD,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,2BAA2B,EAAE,CAAA;YAC3E,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,kBAAkB,CAChD,UAAU,EACV,EAAE,CAAC,YAAY,CAAC,WAAW,CAAC,EAAE,YAAY,CAAC,OAAO,CAAC,UAAU,EAAE,EAC/D,cAAc,EACd,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,EAAE,EAAE,OAAO,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC,EAAE,CACnD,CAAA;YACD,OAAO;gBACL,YAAY,EAAE,OAAO,CAAC,YAAY;gBAClC,mBAAmB,EAAE,OAAO,CAAC,mBAAmB;gBAChD,WAAW,EAAE,OAAO,CAAC,WAAW;aACjC,CAAA;QACH,CAAC;KAAA;IAEK,gBAAgB,CAAC,cAAsB,EAAE,qBAA6B;;YAC1E,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,qBAAqB,EAAE,CAAA;YAC5D,MAAM,QAAQ,GAAG,IAAA,qBAAa,EAAC,qBAAqB,CAAC,CAAA;YACrD,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,kBAAkB,CAAC,cAAc,CAAC,CAAA;YACxE,MAAM,iBAAiB,GAAG,IAAA,2BAAmB,EAAC,KAAK,CAAC,IAAI,EAAE,qBAAqB,CAAC,CAAA;YAChF,IAAI,CAAC,iBAAiB;gBAAE,MAAM,IAAI,KAAK,CAAC,uCAAuC,cAAc,EAAE,CAAC,CAAA;YAChG,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,SAAS,CAAC,MAAM,EAAE,IAAA,cAAM,EAAC,qBAAqB,CAAC,EAAE,CAAC,SAAS,CAAC,EAAE,iBAAiB,CAAC,CAAA;YACjI,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,2BAA2B,EAAE,CAAA;YAC3E,MAAM,cAAc,GAAG,IAAI,CAAC,cAAc,CAAC,iBAAiB,EAAE,CAAA;YAC9D,MAAM,uBAAuB,GAC3B,IAAI,IAAI,cAAc;gBACpB,CAAC,CAAC,MAAM,IAAI,CAAC,IAAI,CAAC,sCAAsC,CAAC,IAAI,EAAE,IAAI,CAAC;gBACpE,CAAC,CAAC;oBACE,GAAG,CAAC,MAAM,IAAI,CAAC,IAAI,CAAC,sCAAsC,CAAC,IAAI,EAAE,cAAc,CAAC,CAAC;oBACjF,GAAG,CAAC,MAAM,IAAI,CAAC,IAAI,CAAC,sCAAsC,CAAC,cAAc,EAAE,IAAI,CAAC,CAAC;iBAClF,CAAA;YACP,KAAK,MAAM,YAAY,IAAI,uBAAuB,EAAE;gBAClD,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,WAAW,CAAC,CAAC,IAAI,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,IAAI,QAAQ,CAAC,EAAE;oBACvE,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,qBAAqB,CAAC,YAAY,EAAE,cAAc,EAAE,EAAE,CAAC,QAAQ,CAAC,EAAE,cAAc,EAAE,CAAC,CAAA;oBACnH,IAAI,CAAC,OAAO,EAAE;wBACZ,OAAO,CAAC,IAAI,CAAC,gDAAgD,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC,EAAE,CAAC,CAAA;qBAC7F;iBACF;aACF;QACH,CAAC;KAAA;IAED,sBAAsB;QACpB,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAA;IAClD,CAAC;IAED,2BAA2B,CACzB,UAAkB,EAClB,UAAoD,EACpD,uBAA6C,EAC7C,+BAAwC;QAExC,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAA;IAClD,CAAC;IAED,6CAA6C,CAC3C,MAAgB,EAChB,UAAwC,EACxC,uBAAiC;QAEjC,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAA;IAClD,CAAC;IAED,wBAAwB,CACtB,EAAU,EACV,UAAoD,EACpD,uBAA6C,EAC7C,mBAA4B;QAE5B,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAA;IAClD,CAAC;IAED,yBAAyB,CAAC,UAAwC;QAChE,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAA;IAClD,CAAC;IAED,oBAAoB,CAAC,UAAwC;QAC3D,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAA;IAClD,CAAC;CACF;AAED,MAAM,8BAA+B,SAAQ,2BAA2B;IAAxE;;QACU,WAAM,GAKT,OAAO,CAAC,OAAO,CAAC,EAAE,QAAQ,EAAE,EAAE,EAAE,QAAQ,EAAE,IAAI,GAAG,EAAE,EAAE,kCAAkC,EAAE,EAAE,EAAE,kCAAkC,EAAE,EAAE,EAAE,CAAC,CAAA;IA8K7I,CAAC;IA5KO,sBAAsB;;YAC1B,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC,iBAAiB,EAAE,CAAA;YACtC,MAAM,IAAI,CAAC,MAAM,CAAA;QACnB,CAAC;KAAA;IAEK,6CAA6C,CACjD,MAAgB,EAChB,UAAwC,EACxC,uBAAiC;;YAEjC,SAAS,0BAA0B,CAAC,MAInC;gBACC,OAAO,MAAM,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE;oBACjC,MAAM,EAAE,GAAG,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,CAAA;oBACpC,IAAI,EAAE,EAAE;wBACN,MAAM,MAAM,GAAG,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAA;wBAClC,IAAI,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,SAAS,EAAE;4BACrB,GAAG,CAAC,IAAI,CAAC,GAAG;gCACV,YAAY,EAAE,MAAM,CAAC,YAAY;gCACjC,WAAW,EAAE,MAAM,CAAC,SAAS,CAAC,WAAW;gCACzC,mBAAmB,EAAE,MAAM,CAAC,SAAS,CAAC,mBAAmB;6BAC1D,CAAA;yBACF;qBACF;oBACD,OAAO,GAAG,CAAA;gBACZ,CAAC,EAAE,EAA6G,CAAC,CAAA;YACnH,CAAC;YAED,MAAM,wBAAwB,GAAG,0BAA0B,CAAC,MAAM,IAAI,CAAC,MAAM,CAAC,CAAA;YAC9E,IAAI,MAAM,CAAC,IAAI,CAAC,wBAAwB,CAAC,CAAC,MAAM,EAAE;gBAChD,OAAO,wBAAwB,CAAA;aAChC;iBAAM;gBACL,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAO,MAAM,EAAE,EAAE;oBAC9C,KAAK,MAAM,QAAQ,IAAI,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,EAAE;wBACrD,IAAI,QAAQ,CAAC,SAAS,EAAE;4BACtB,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,uBAAuB,CAC3E,QAAQ,CAAC,SAAS,CAAC,mBAAmB,EACtC,UAAU,EACV,uBAAuB,CACxB,CAAA;4BACD,cAAc,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,EAAE,QAAQ,CAAC,YAAY,CAAC,EAAG,CAAC,CAAC,CAAA;yBACvF;qBACF;oBACD,OAAO,MAAM,CAAA;gBACf,CAAC,CAAA,CAAC,CAAA;gBACF,OAAO,0BAA0B,CAAC,MAAM,IAAI,CAAC,MAAM,CAAC,CAAA;aACrD;QACH,CAAC;KAAA;IAEK,2BAA2B,CAC/B,UAAkB,EAClB,UAAoD,EACpD,uBAA6C,EAC7C,+BAAwC;;YAExC,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAA;YAChC,MAAM,MAAM,GAAG,MAAM,CAAC,kCAAkC,CAAC,UAAU,CAAC,CAAA;YACpE,MAAM,MAAM,GAAG,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,SAAS,CAAA;YAC3D,IAAI,MAAM,KAAI,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,SAAS,CAAA,EAAE;gBAC/B,OAAO;oBACL,YAAY,EAAE,MAAM,CAAC,YAAY;oBACjC,mBAAmB,EAAE,MAAM,CAAC,SAAS,CAAC,mBAAmB;oBACzD,WAAW,EAAE,MAAM,CAAC,SAAS,CAAC,WAAW;iBAC1C,CAAA;aACF;YACD,wFAAwF;YACxF,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,qBAAqB,CAAC,UAAU,EAAE,EAAE,mBAAmB,EAAE,+BAA+B,EAAE,CAAC,CAAA;YACtH,IAAI,CAAC,SAAS,CACZ,OAAO,CAAC,YAAY,EACpB,IAAI,EACJ,EAAE,mBAAmB,EAAE,OAAO,CAAC,mBAAmB,EAAE,WAAW,EAAE,OAAO,CAAC,WAAW,EAAE,QAAQ,EAAE,IAAI,EAAE,EACtG,UAAU,EACV,uBAAuB,CACxB,CAAA;YACD,OAAO,OAAO,CAAA;QAChB,CAAC;KAAA;IAEK,wBAAwB,CAC5B,EAAU,EACV,UAAoD,EACpD,uBAA6C,EAC7C,mBAA4B;;;YAE5B,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAA;YAChC,MAAM,UAAU,GAAG,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAA;YACtC,IAAI,UAAU,EAAE;gBACd,OAAO;oBACL,YAAY,EAAE,UAAU,CAAC,YAAY;oBACrC,WAAW,EAAE,MAAA,UAAU,CAAC,SAAS,0CAAE,WAAW;oBAC9C,mBAAmB,EAAE,MAAA,UAAU,CAAC,SAAS,0CAAE,mBAAmB;iBAC/D,CAAA;aACF;iBAAM,IAAI,mBAAmB,EAAE;gBAC9B,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,mBAAmB,CAAC,EAAE,CAAC,CAAA;gBACpD,IAAI,CAAC,IAAI;oBAAE,MAAM,IAAI,KAAK,CAAC,wCAAwC,EAAE,EAAE,CAAC,CAAA;gBACxE,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,CAAA;gBAC9C,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,KAAK,EAAE,SAAS,EAAE,UAAU,EAAE,uBAAuB,CAAC,CAAA;gBAC3E,OAAO,EAAE,YAAY,EAAE,IAAI,EAAE,WAAW,EAAE,SAAS,aAAT,SAAS,uBAAT,SAAS,CAAE,WAAW,EAAE,mBAAmB,EAAE,SAAS,aAAT,SAAS,uBAAT,SAAS,CAAE,mBAAmB,EAAE,CAAA;aACxH;;gBAAM,OAAO,SAAS,CAAA;;KACxB;IAEO,SAAS,CACf,YAA0B,EAC1B,SAAkB,EAClB,SAAiG,EACjG,UAAyC,EACzC,uBAAkC;QAElC,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAO,MAAM,EAAE,EAAE;YAC9C,MAAM,CAAC,QAAQ,CAAC,YAAY,CAAC,EAAG,CAAC,GAAG,EAAE,YAAY,EAAE,SAAS,EAAE,CAAA;YAC/D,IAAI,SAAS,EAAE;gBACb,sIAAsI;gBACtI,2DAA2D;gBAC3D,IAAI,UAAU,IAAI,uBAAuB,EAAE;oBACzC,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,uBAAuB,CAAC,SAAS,CAAC,mBAAmB,EAAE,UAAU,EAAE,uBAAuB,CAAC,CAAA;oBACzI,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,EAAE;wBACtB,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,EAAE,YAAY,CAAC,EAAG,CAAC,CAAA;oBAC7C,CAAC,CAAC,CAAA;iBACH;gBACD,IAAI,SAAS,CAAC,QAAQ,EAAE;oBACtB,MAAM,CAAC,kCAAkC,CAAC,YAAY,CAAC,QAAQ,CAAC,GAAG,YAAY,CAAC,EAAG,CAAA;iBACpF;aACF;YACD,IAAI,SAAS;gBAAE,MAAM,CAAC,kCAAkC,GAAG,EAAE,CAAA;YAC7D,OAAO,MAAM,CAAA;QACf,CAAC,CAAA,CAAC,CAAA;IACJ,CAAC;IAEa,iBAAiB;;YAM7B,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,8CAA8C,EAAE,CAAA;YAChF,IAAI,CAAC,OAAO;gBAAE,MAAM,IAAI,KAAK,CAAC,8EAA8E,CAAC,CAAA;YAC7G,MAAM,QAAQ,GAAyC,EAAE,CAAA;YACzD,MAAM,QAAQ,GAAG,IAAI,GAAG,EAAkB,CAAA;YAC1C,MAAM,kCAAkC,GAAmC,EAAE,CAAA;YAC7E,KAAK,MAAM,QAAQ,IAAI,OAAO,EAAE;gBAC9B,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAA;gBACtD,QAAQ,CAAC,QAAQ,CAAC,EAAG,CAAC,GAAG,EAAE,YAAY,EAAE,QAAQ,EAAE,SAAS,EAAE,aAAa,EAAE,CAAA;gBAC7E,IAAI,aAAa,aAAb,aAAa,uBAAb,aAAa,CAAE,QAAQ,EAAE;oBAC3B,kCAAkC,CAAC,QAAQ,CAAC,QAAQ,CAAC,GAAG,QAAQ,CAAC,EAAG,CAAA;iBACrE;aACF;YACD,MAAM,kCAAkC,GAA8D,EAAE,CAAA;YACxG,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,kCAAkC,EAAE,kCAAkC,EAAE,CAAA;QACvG,CAAC;KAAA;IAEK,yBAAyB,CAAC,UAAwC;;YACtE,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAA;YAChC,MAAM,MAAM,GAAG,MAAM,CAAC,kCAAkC,CAAC,UAAU,CAAC,CAAA;YACpE,IAAI,MAAM;gBAAE,OAAO,MAAM,CAAA;YACzB,MAAM,oBAAoB,GAAG,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,mBAAmB,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAA;YAClI,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,2BAA2B,CAAC,oBAAoB,EAAE,UAAU,CAAC,CAAA;YAC7G,MAAM,CAAC,kCAAkC,CAAC,UAAU,CAAC,GAAG,QAAQ,CAAA;YAChE,OAAO,QAAQ,CAAA;QACjB,CAAC;KAAA;IAEK,oBAAoB,CAAC,UAAwC;;YACjE,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAA;YAChC,MAAM,oBAAoB,GAAG,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,mBAAmB,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAA;YAClI,MAAM,GAAG,GAAa,EAAE,CAAA;YACxB,KAAK,MAAM,mBAAmB,IAAI,oBAAoB,EAAE;gBACtD,sIAAsI;gBACtI,GAAG,CAAC,IAAI,CAAC,MAAM,IAAI,CAAC,mBAAmB,CAAC,sBAAsB,CAAC,mBAAmB,EAAE,UAAU,EAAE,SAAS,CAAC,CAAC,CAAA;aAC5G;YACD,OAAO,GAAG,CAAA;QACZ,CAAC;KAAA;CACF;AAED,MAAM,kCAAmC,SAAQ,2BAA2B;IAK1E,YACE,IAA6B,EAC7B,cAAyC,EACzC,aAAuC,EACvC,mBAA6C,EAC7C,gBAAkC,EAClC,YAA8B,EAC9B,UAA4B,EAC5B,aAAsB,EACtB,kBAEC;;QAED,KAAK,CAAC,IAAI,EAAE,cAAc,EAAE,aAAa,EAAE,mBAAmB,EAAE,gBAAgB,EAAE,YAAY,EAAE,UAAU,EAAE,aAAa,CAAC,CAAA;QAhB3G,aAAQ,GAAwB,IAAI,GAAG,EAAE,CAAA;QACzC,uCAAkC,GAAwB,IAAI,GAAG,EAAE,CAAA;QAgBlF,IAAI,CAAC,aAAa,GAAG,IAAI,oDAAuB,CAAC,MAAA,kBAAkB,CAAC,YAAY,mCAAI,IAAI,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC,CAAA;IACrG,CAAC;IAEK,sBAAsB;;YAC1B,IAAI,CAAC,aAAa,CAAC,KAAK,CAAC,KAAK,CAAC,CAAA;YAC/B,IAAI,CAAC,QAAQ,CAAC,KAAK,EAAE,CAAA;YACrB,IAAI,CAAC,kCAAkC,CAAC,KAAK,EAAE,CAAA;QACjD,CAAC;KAAA;IAEK,6CAA6C,CACjD,MAAgB,EAChB,UAAwC,EACxC,uBAAiC;;YAEjC,MAAM,GAAG,GAAyG,EAAE,CAAA;YACpH,KAAK,MAAM,IAAI,IAAI,MAAM,EAAE;gBACzB,MAAM,MAAM,GAAG,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,CAAA;gBACtC,IAAI,MAAM,EAAE;oBACV,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,MAAM,EAAE,GAAG,EAAE;wBAC1D,MAAM,IAAI,KAAK,CAAC,gBAAgB,MAAM,mCAAmC,CAAC,CAAA;oBAC5E,CAAC,CAAC,CAAA;oBACF,IAAI,SAAS,CAAC,SAAS,EAAE;wBACvB,GAAG,CAAC,IAAI,CAAC,GAAG;4BACV,YAAY,EAAE,SAAS,CAAC,YAAY;4BACpC,WAAW,EAAE,SAAS,CAAC,SAAS,CAAC,WAAW;4BAC5C,mBAAmB,EAAE,SAAS,CAAC,SAAS,CAAC,mBAAmB;yBAC7D,CAAA;qBACF;iBACF;aACF;YACD,OAAO,GAAG,CAAA;QACZ,CAAC;KAAA;IAEa,iEAAiE,CAC7E,mBAA2B,EAC3B,UAAoD,EACpD,uBAA6C;;YAE7C,MAAM,mBAAmB,GAAG,MAAM,OAAO,CAAC,GAAG,CAC3C,CAAC,GAAG,4DAA6B,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,mBAAmB,CAAC,sBAAsB,CAAC,mBAAmB,EAAE,CAAC,EAAE,SAAS,CAAC,CAAC,CAClI,CAAA;YACD,IAAI,UAAU,KAAI,uBAAuB,aAAvB,uBAAuB,uBAAvB,uBAAuB,CAAE,MAAM,CAAA,EAAE;gBACjD,sIAAsI;gBACtI,2DAA2D;gBAC3D,OAAO;oBACL,GAAG,mBAAmB;oBACtB,GAAG,CAAC,MAAM,IAAI,CAAC,mBAAmB,CAAC,uBAAuB,CAAC,mBAAmB,EAAE,UAAU,EAAE,uBAAuB,CAAC,CAAC;iBACtH,CAAA;aACF;iBAAM;gBACL,OAAO,mBAAmB,CAAA;aAC3B;QACH,CAAC;KAAA;IAEK,wBAAwB,CAC5B,EAAU,EACV,UAAoD,EACpD,uBAA6C,EAC7C,mBAA4B;;;YAE5B,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,cAAc,CAAC,EAAE,CAAC,CAAA;YAC1D,IAAI,MAAM,EAAE;gBACV,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,GAAG,CAC1C,EAAE,EACF,CAAO,QAAQ,EAAE,EAAE;oBACjB,MAAM,QAAQ,GAAG,QAAQ,aAAR,QAAQ,cAAR,QAAQ,GAAI,MAAM,CAAC,IAAI,CAAA;oBACxC,IAAI,QAAQ,CAAC,SAAS,EAAE;wBACtB,uIAAuI;wBACvI,2DAA2D;wBAC3D,IAAI,UAAU,IAAI,uBAAuB,EAAE;4BACzC,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,uBAAuB,CACnE,QAAQ,CAAC,SAAS,CAAC,mBAAmB,EACtC,UAAU,EACV,uBAAuB,CACxB,CAAA;4BACD,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,EAAE;gCACtB,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,EAAE,QAAQ,CAAC,YAAY,CAAC,EAAG,CAAC,CAAA;4BACpD,CAAC,CAAC,CAAA;4BACF,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,MAAM,CAAC,CAAA;yBAChC;qBACF;oBACD,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,UAAU,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,EAAE,QAAQ,CAAC,EAAE,CAAA;gBACjF,CAAC,CAAA,EACD,GAAG,EAAE,CAAC,IAAI,CACX,CAAA;gBACD,OAAO;oBACL,YAAY,EAAE,OAAO,CAAC,YAAY;oBAClC,WAAW,EAAE,MAAA,OAAO,CAAC,SAAS,0CAAE,WAAW;oBAC3C,mBAAmB,EAAE,MAAA,OAAO,CAAC,SAAS,0CAAE,mBAAmB;iBAC5D,CAAA;aACF;iBAAM,IAAI,mBAAmB,EAAE;gBAC9B,OAAO,MAAM,IAAI,CAAC,aAAa;qBAC5B,GAAG,CAAC,EAAE,EAAE,GAAS,EAAE;oBAClB,OAAA,IAAI,CAAC,QAAQ,CAAC,GAAS,EAAE;wBACvB,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,mBAAmB,CAAC,EAAE,CAAC,CAAA;wBACpD,IAAI,CAAC,IAAI;4BAAE,MAAM,IAAI,KAAK,CAAC,wCAAwC,EAAE,EAAE,CAAC,CAAA;wBACxE,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,CAAA;wBAC9C,IAAI,SAAS,EAAE;4BACb,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,iEAAiE,CACzF,SAAS,CAAC,mBAAmB,EAC7B,UAAU,EACV,uBAAuB,CACxB,CAAA;4BACD,OAAO,EAAE,YAAY,EAAE,IAAI,EAAE,MAAM,EAAE,SAAS,EAAE,QAAQ,EAAE,SAAS,CAAC,QAAQ,EAAE,CAAA;yBAC/E;6BAAM;4BACL,OAAO,EAAE,YAAY,EAAE,IAAI,EAAE,MAAM,EAAE,EAAE,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAA;yBAC3D;oBACH,CAAC,CAAA,CAAC,CAAA;kBAAA,CACH;qBACA,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,eAAC,OAAA,CAAC,EAAE,YAAY,EAAE,CAAC,CAAC,YAAY,EAAE,WAAW,EAAE,MAAA,CAAC,CAAC,SAAS,0CAAE,WAAW,EAAE,mBAAmB,EAAE,MAAA,CAAC,CAAC,SAAS,0CAAE,mBAAmB,EAAE,CAAC,CAAA,EAAA,CAAC,CAAA;aACjJ;;gBAAM,OAAO,SAAS,CAAA;;KACxB;IAEK,2BAA2B,CAC/B,UAAkB,EAClB,UAAoD,EACpD,uBAA6C,EAC7C,+BAAwC;;YAExC,IAAI,UAAU,GAAG,IAAI,CAAC,kCAAkC,CAAC,GAAG,CAAC,UAAU,CAAC,CAAA;YACxE,IAAI,CAAC,UAAU,EAAE;gBACf,MAAM,IAAI,CAAC,uBAAuB,CAAC,UAAU,EAAE,UAAU,EAAE,uBAAuB,CAAC,CAAA;gBACnF,UAAU,GAAG,IAAI,CAAC,kCAAkC,CAAC,GAAG,CAAC,UAAU,CAAC,CAAA;aACrE;YACD,IAAI,UAAU,EAAE;gBACd,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,cAAc,CAAC,UAAU,CAAC,CAAA;gBAClE,IAAI,CAAC,MAAM;oBAAE,MAAM,IAAI,KAAK,CAAC,+BAA+B,UAAU,4BAA4B,CAAC,CAAA;gBACnG,IAAI,MAAM,CAAC,IAAI,CAAC,SAAS,EAAE;oBACzB,OAAO;wBACL,YAAY,EAAE,MAAM,CAAC,IAAI,CAAC,YAAY;wBACtC,WAAW,EAAE,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,WAAW;wBAC9C,mBAAmB,EAAE,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,mBAAmB;qBAC/D,CAAA;iBACF;;oBAAM,MAAM,IAAI,KAAK,CAAC,0DAA0D,CAAC,CAAA;aACnF;iBAAM;gBACL,MAAM,SAAS,GAAG,IAAI,CAAC,UAAU,CAAC,UAAU,EAAE,CAAA;gBAC9C,IAAI,CAAC,kCAAkC,CAAC,GAAG,CAAC,UAAU,EAAE,SAAS,CAAC,CAAA;gBAClE,MAAM,oBAAoB,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,SAAS,EAAE,GAAG,EAAE,CACxE,IAAI,CAAC,QAAQ,CAAC,GAAS,EAAE;oBACvB,IAAI;wBACF,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,qBAAqB,CAAC,UAAU,EAAE,EAAE,SAAS,EAAE,mBAAmB,EAAE,+BAA+B,EAAE,CAAC,CAAA;wBACjI,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,iEAAiE,CACzF,OAAO,CAAC,mBAAmB,EAC3B,UAAU,EACV,uBAAuB,CACxB,CAAA;wBACD,OAAO;4BACL,YAAY,EAAE,OAAO,CAAC,YAAY;4BAClC,SAAS,EAAE;gCACT,mBAAmB,EAAE,OAAO,CAAC,mBAAmB;gCAChD,WAAW,EAAE,OAAO,CAAC,WAAW;gCAChC,QAAQ,EAAE,IAAI;6BACf;4BACD,MAAM;yBACP,CAAA;qBACF;oBAAC,OAAO,CAAC,EAAE;wBACV,IAAI,CAAC,kCAAkC,CAAC,MAAM,CAAC,UAAU,CAAC,CAAA;wBAC1D,MAAM,CAAC,CAAA;qBACR;gBACH,CAAC,CAAA,CAAC,CACH,CAAA;gBACD,IAAI,CAAC,oBAAoB;oBAAE,MAAM,IAAI,KAAK,CAAC,4CAA4C,CAAC,CAAA;gBACxF,OAAO;oBACL,YAAY,EAAE,oBAAoB,CAAC,YAAY;oBAC/C,WAAW,EAAE,oBAAoB,CAAC,SAAU,CAAC,WAAW;oBACxD,mBAAmB,EAAE,oBAAoB,CAAC,SAAU,CAAC,mBAAmB;iBACzE,CAAA;aACF;QACH,CAAC;KAAA;IAED,iJAAiJ;IACjJ,uEAAuE;IACzD,uBAAuB,CACnC,UAAkB,EAClB,UAAoD,EACpD,uBAA6C;;YAE7C,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,sCAAsC,CAAC,MAAM,IAAI,CAAC,YAAY,CAAC,qBAAqB,EAAE,EAAE,UAAU,CAAC,CAAA;YAC1I,MAAM,OAAO,CAAC,GAAG,CACf,cAAc,CAAC,GAAG,CAAC,CAAO,IAAI,EAAE,EAAE;gBAChC,MAAM,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,IAAI,CAAC,EAAG,EAAE,GAAG,EAAE,CAC1C,IAAI,CAAC,QAAQ,CAAC,GAAS,EAAE;oBACvB,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,CAAA;oBAC9C,IAAI,SAAS,EAAE;wBACb,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,iEAAiE,CACzF,SAAS,CAAC,mBAAmB,EAC7B,UAAU,EACV,uBAAuB,CACxB,CAAA;wBACD,OAAO,EAAE,YAAY,EAAE,IAAI,EAAE,MAAM,EAAE,SAAS,EAAE,CAAA;qBACjD;yBAAM;wBACL,OAAO,EAAE,YAAY,EAAE,IAAI,EAAE,MAAM,EAAE,EAAE,EAAE,CAAA;qBAC1C;gBACH,CAAC,CAAA,CAAC,CACH,CAAA;YACH,CAAC,CAAA,CAAC,CACH,CAAA;QACH,CAAC;KAAA;IAEa,QAAQ,CACpB,yBAAmF;;;YAEnF,MAAM,IAAI,GAAG,MAAM,yBAAyB,EAAE,CAAA;YAC9C,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,EAAE,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,YAAY,CAAC,EAAG,CAAC,CAAC,CAAA;YAC9E,IAAI,MAAA,IAAI,CAAC,SAAS,0CAAE,QAAQ;gBAAE,IAAI,CAAC,kCAAkC,CAAC,GAAG,CAAC,IAAI,CAAC,YAAY,CAAC,QAAQ,EAAE,IAAI,CAAC,YAAY,CAAC,EAAG,CAAC,CAAA;YAC5H,MAAM,IAAI,GAAG;gBACX,YAAY,EAAE,IAAI,CAAC,YAAY;gBAC/B,MAAM,EAAE,IAAI,CAAC,MAAM;gBACnB,SAAS,EAAE,IAAI,CAAC,SAAS;aAC1B,CAAA;YACD,OAAO;gBACL,IAAI;gBACJ,UAAU,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,EAAE,IAAI,CAAC;aACjD,CAAA;;KACF;IAEa,eAAe,CAAC,aAAsB,EAAE,IAA+C;;YACnG,IAAI,CAAC,aAAa,EAAE;gBAClB,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAA;gBACzD,IAAI,IAAI,CAAC,kCAAkC,CAAC,GAAG,CAAC,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,KAAK,IAAI,CAAC,YAAY,CAAC,EAAE,EAAE;oBACpG,IAAI,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAA;iBAC3E;aACF;QACH,CAAC;KAAA;IAED,yBAAyB,CAAC,UAAwC;QAChE,OAAO,OAAO,CAAC,OAAO,CAAC,SAAS,CAAC,CAAA;IACnC,CAAC;IAED,oBAAoB,CAAC,UAAwC;QAC3D,OAAO,OAAO,CAAC,OAAO,CAAC,SAAS,CAAC,CAAA;IACnC,CAAC;CACF","sourcesContent":["import { ExchangeData } from '../../icc-api/model/internal/ExchangeData'\nimport { IccDataOwnerXApi } from '../icc-data-owner-x-api'\nimport { BaseExchangeDataManager } from './BaseExchangeDataManager'\nimport { UserEncryptionKeysManager } from './UserEncryptionKeysManager'\nimport { UserSignatureKeysManager } from './UserSignatureKeysManager'\nimport { AccessControlSecretUtils } from './AccessControlSecretUtils'\nimport { CryptoStrategies } from './CryptoStrategies'\nimport { fingerprintV1, getShaVersionForKey, hexPublicKeysWithSha1Of, hexPublicKeysWithSha256Of } from './utils'\nimport { CryptoPrimitives } from './CryptoPrimitives'\nimport { hex2ua } from '../utils'\nimport { LruTemporisedAsyncCache } from '../utils/lru-temporised-async-cache'\nimport { EntityWithDelegationTypeName, entityWithDelegationTypeNames } from '../utils/EntityWithDelegationTypeName'\nimport { CryptoActorStubWithType } from '../../icc-api/model/CryptoActorStub'\nimport { ShaVersion } from './RSA'\n\nexport type ExchangeDataManagerOptionalParameters = {\n // Only for not fully cached implementation (data owner can't request all his exchange data), amount of exchange data which can be cached\n lruCacheSize?: number // default = 2000\n}\n\n/**\n * @internal this function is for internal use only and may be changed without notice.\n * Initialises and returns the exchange data manager which is most appropriate for the current data owner.\n */\nexport async function initialiseExchangeDataManagerForCurrentDataOwner(\n base: BaseExchangeDataManager,\n encryptionKeys: UserEncryptionKeysManager,\n signatureKeys: UserSignatureKeysManager,\n accessControlSecret: AccessControlSecretUtils,\n cryptoStrategies: CryptoStrategies,\n dataOwnerApi: IccDataOwnerXApi,\n primitives: CryptoPrimitives,\n useParentKeys: boolean,\n optionalParameters: ExchangeDataManagerOptionalParameters = {}\n): Promise<ExchangeDataManager> {\n const currentOwner = CryptoActorStubWithType.fromDataOwner(await dataOwnerApi.getCurrentDataOwner())\n if (cryptoStrategies.dataOwnerRequiresAnonymousDelegation(currentOwner)) {\n const res = new FullyCachedExchangeDataManager(\n base,\n encryptionKeys,\n signatureKeys,\n accessControlSecret,\n cryptoStrategies,\n dataOwnerApi,\n primitives,\n useParentKeys\n )\n await res.clearOrRepopulateCache()\n return res\n } else {\n return new LimitedLruCacheExchangeDataManager(\n base,\n encryptionKeys,\n signatureKeys,\n accessControlSecret,\n cryptoStrategies,\n dataOwnerApi,\n primitives,\n useParentKeys,\n optionalParameters\n )\n }\n}\n\ntype CachedExchangeData = {\n exchangeData: ExchangeData\n decrypted?: {\n accessControlSecret: string\n exchangeKey: CryptoKey\n verified: boolean\n }\n}\n\n/**\n * @internal this class is intended for internal use only and may be changed without notice.\n * Exchange data manager which automatically handles decryption and cache\n */\nexport interface ExchangeDataManager {\n readonly base: BaseExchangeDataManager\n\n /**\n * Updates all exchange data between the current data owner and another data owner to allow the other data owner to access existing exchange data\n * using a new public key. Note that this will make existing exchange keys from the other data owner to the current data owner unverified, therefore\n * invalid for encryption.\n * @param otherDataOwner the other data owner.\n * @param newDataOwnerPublicKey a new public key of the other data owner.\n */\n giveAccessBackTo(otherDataOwner: string, newDataOwnerPublicKey: string): Promise<void>\n\n /**\n * Gets any existing and verified exchange data from the current data owner to the provided delegate or creates new data if no verified data is\n * available, then caches it. The {@link entityType} and {@link entitySecretForeignKeys} will be used for the secure-delegation-hash-based cache\n * of the exchange data and not for actually creating the exchange data.\n * @param delegateId the id of the delegate.\n * @param entityType type of the entity for which you want to create new metadata.\n * @param entitySecretForeignKeys the secret foreign keys of the entity which you want to create new metadata.\n * @param allowCreationWithoutDelegateKey if true, when creating new exchange data, even if no verified key is available for the delegate the method\n * will create the new exchange data anyway (will not be usable by the delegate without additional steps).\n * @return the access control secret and key of the data to use for encryption.\n */\n getOrCreateEncryptionDataTo(\n delegateId: string,\n entityType: EntityWithDelegationTypeName | undefined,\n entitySecretForeignKeys: string[] | undefined,\n allowCreationWithoutDelegateKey: boolean\n ): Promise<{ exchangeData: ExchangeData; accessControlSecret: string; exchangeKey: CryptoKey }>\n\n /**\n * Retrieve the cached decrypted exchange data key associated with any of the provided hashes/entry keys of secure delegations. Depending on the\n * implementation the {@link entityType} and {@link entitySecretForeignKeys} may be used to improve the secure-delegation-hash-based cache of\n * exchange data from the other available exchange data caches.\n * @param hashes hashes of access control secrets for a specific entity, as they appear in the key of secure delegation entries\n * @param entityType type of the entity containing the metadata for which you are retrieving the encryption key.\n * @param entitySecretForeignKeys the secret foreign keys of the entity containing the metadata for which you are retrieving the encryption key.\n * @return the exchange data and decrypted key associated to that hash if cached\n */\n getCachedDecryptionDataKeyByAccessControlHash(\n hashes: string[],\n entityType: EntityWithDelegationTypeName,\n entitySecretForeignKeys: string[]\n ): Promise<{ [hash: string]: { exchangeData: ExchangeData; accessControlSecret: string; exchangeKey: CryptoKey } }>\n\n /**\n * Retrieves the exchange data with the provided id (from the cache if available or from the server otherwise if allowed by\n * {@link retrieveIfNotCached}) and attempts to decrypt it, then caches the result. The {@link entityType} and {@link entitySecretForeignKeys} will\n * be used for the secure-delegation-hash-based cache of the exchange data.\n * @param id id of the exchange data\n * @param entityType type of the entity containing the metadata for which you are retrieving the encryption key.\n * @param entitySecretForeignKeys the secret foreign keys of the entity containing the metadata for which you are retrieving the encryption key.\n * @param retrieveIfNotCached if false and there is no cached exchange data with the provided id the method returns undefined, else the method will\n * attempt to load the exchange data from the server.\n * @return undefined if the exchange data is not cached and {@link retrieveIfNotCached} is false. Else an object containing:\n * - exchangeData: the exchange data with the provided id\n * - exchangeKey: the exchange key corresponding to the provided exchange data if it could be decrypted, else undefined\n * @throws if no exchange data with the given id is cached and {@link retrieveIfNotCached} is true and the data could not be found in the server\n * either.\n */\n getDecryptionDataKeyById(\n id: string,\n entityType: EntityWithDelegationTypeName | undefined,\n entitySecretForeignKeys: string[] | undefined,\n retrieveIfNotCached: boolean\n ): Promise<{ exchangeKey: CryptoKey | undefined; accessControlSecret: string | undefined; exchangeData: ExchangeData } | undefined>\n\n /**\n * Clears the cache or fully repopulates the cache if the current data owner can retrieve all of his exchange data according to the crypto\n * strategies.\n */\n clearOrRepopulateCache(): Promise<void>\n\n /**\n * If the current data owner requires anonymous delegations this returns the base64 representation of the concatenation of all available access\n * control keys for the current data owner.\n */\n getAccessControlKeysValue(entityType: EntityWithDelegationTypeName): Promise<string | undefined>\n\n /**\n * If the current data owner requires anonymous delegations this returns the access control keys which may be used in secure delegations for the\n * data owner, which can be used to search for data.\n */\n getAllDelegationKeys(entityType: EntityWithDelegationTypeName): Promise<string[] | undefined>\n}\n\nabstract class AbstractExchangeDataManager implements ExchangeDataManager {\n constructor(\n readonly base: BaseExchangeDataManager,\n protected readonly encryptionKeys: UserEncryptionKeysManager,\n protected readonly signatureKeys: UserSignatureKeysManager,\n protected readonly accessControlSecret: AccessControlSecretUtils,\n protected readonly cryptoStrategies: CryptoStrategies,\n protected readonly dataOwnerApi: IccDataOwnerXApi,\n protected readonly primitives: CryptoPrimitives,\n private readonly useParentKeys: boolean\n ) {}\n\n protected async decryptData(data: ExchangeData): Promise<\n | {\n accessControlSecret: string\n exchangeKey: CryptoKey\n verified: boolean\n }\n | undefined\n > {\n const decryptionKeys = this.encryptionKeys.getDecryptionKeys()\n const decryptedExchangeKey = (await this.base.tryDecryptExchangeKeys([data], decryptionKeys)).successfulDecryptions[0]\n if (!decryptedExchangeKey) return undefined\n const decryptedAccessControlSecret = (await this.base.tryDecryptAccessControlSecret([data], decryptionKeys)).successfulDecryptions[0]\n if (!decryptedAccessControlSecret)\n throw new Error(`Decryption key could be decrypted but access control secret could not for data ${JSON.stringify(data)}`)\n const decryptedSharedSignatureKey = (await this.base.tryDecryptSharedSignatureKeys([data], decryptionKeys)).successfulDecryptions[0]\n if (!decryptedSharedSignatureKey)\n throw new Error(`Decryption key could be decrypted but shared signature key could not for data ${JSON.stringify(data)}`)\n return {\n accessControlSecret: decryptedAccessControlSecret,\n exchangeKey: decryptedExchangeKey,\n verified: await this.base.verifyExchangeData(\n {\n exchangeData: data,\n decryptedAccessControlSecret,\n decryptedExchangeKey,\n decryptedSharedSignatureKey,\n },\n (fp) => this.signatureKeys.getSignatureVerificationKey(fp),\n true\n ),\n }\n }\n\n protected async createNewExchangeData(\n delegateId: string,\n options: {\n newDataId?: string\n allowNoDelegateKeys?: boolean\n }\n ): Promise<{ exchangeData: ExchangeData; accessControlSecret: string; exchangeKey: CryptoKey }> {\n const encryptionKeys: { [fp: string]: CryptoKey } = {}\n this.encryptionKeys.getSelfVerifiedKeys().forEach(({ fingerprint, pair }) => {\n encryptionKeys[fingerprint] = pair.publicKey\n })\n if (delegateId != (await this.dataOwnerApi.getCurrentDataOwnerId())) {\n const delegate = await this.dataOwnerApi.getCryptoActorStub(delegateId)\n const sha256KeysOfDelegate = hexPublicKeysWithSha256Of(delegate.stub)\n const sha1KeysOfDelegate = hexPublicKeysWithSha1Of(delegate.stub)\n let allVerifiedDelegateKeys: string[]\n if (!sha256KeysOfDelegate.size && !sha1KeysOfDelegate.size) {\n if (!options.allowNoDelegateKeys)\n throw new Error(`Could not create exchange data to ${delegateId} as no public key for the delegate was found.`)\n allVerifiedDelegateKeys = []\n } else if (this.useParentKeys && (await this.dataOwnerApi.getCurrentDataOwnerHierarchyIds()).includes(delegateId)) {\n allVerifiedDelegateKeys = await this.encryptionKeys.getVerifiedPublicKeysFor(delegate.stub)\n } else {\n allVerifiedDelegateKeys = await this.cryptoStrategies.verifyDelegatePublicKeys(\n delegate,\n [...Array.from(sha256KeysOfDelegate), ...Array.from(sha1KeysOfDelegate)],\n this.primitives\n )\n }\n if (!allVerifiedDelegateKeys.length && !options.allowNoDelegateKeys)\n throw new Error(`Could not create exchange data to ${delegateId} as no public key for the delegate could be verified.`)\n for (const delegateKey of allVerifiedDelegateKeys) {\n if (sha1KeysOfDelegate.has(delegateKey)) {\n encryptionKeys[fingerprintV1(delegateKey)] = await this.primitives.RSA.importKey('spki', hex2ua(delegateKey), ['encrypt'], ShaVersion.Sha1)\n } else if (sha256KeysOfDelegate.has(delegateKey)) {\n encryptionKeys[fingerprintV1(delegateKey)] = await this.primitives.RSA.importKey(\n 'spki',\n hex2ua(delegateKey),\n ['encrypt'],\n ShaVersion.Sha256\n )\n } else throw new Error('Illegal state: verified keys should contain only keys for OAPE-SHA1 or OAPE-SHA256.')\n }\n }\n const signatureKey = await this.signatureKeys.getOrCreateSignatureKeyPair()\n const newData = await this.base.createExchangeData(\n delegateId,\n { [signatureKey.fingerprint]: signatureKey.keyPair.privateKey },\n encryptionKeys,\n options.newDataId ? { id: options.newDataId } : {}\n )\n return {\n exchangeData: newData.exchangeData,\n accessControlSecret: newData.accessControlSecret,\n exchangeKey: newData.exchangeKey,\n }\n }\n\n async giveAccessBackTo(otherDataOwner: string, newDataOwnerPublicKey: string) {\n const self = await this.dataOwnerApi.getCurrentDataOwnerId()\n const newKeyFp = fingerprintV1(newDataOwnerPublicKey)\n const other = await this.dataOwnerApi.getCryptoActorStub(otherDataOwner)\n const newKeyHashVersion = getShaVersionForKey(other.stub, newDataOwnerPublicKey)\n if (!newKeyHashVersion) throw new Error(`Public key not found for data owner ${otherDataOwner}`)\n const importedNewKey = await this.primitives.RSA.importKey('spki', hex2ua(newDataOwnerPublicKey), ['encrypt'], newKeyHashVersion)\n const signatureKey = await this.signatureKeys.getOrCreateSignatureKeyPair()\n const decryptionKeys = this.encryptionKeys.getDecryptionKeys()\n const allExchangeDataToUpdate =\n self == otherDataOwner\n ? await this.base.getExchangeDataByDelegatorDelegatePair(self, self)\n : [\n ...(await this.base.getExchangeDataByDelegatorDelegatePair(self, otherDataOwner)),\n ...(await this.base.getExchangeDataByDelegatorDelegatePair(otherDataOwner, self)),\n ]\n for (const dataToUpdate of allExchangeDataToUpdate) {\n if (!Object.keys(dataToUpdate.exchangeKey).find((fp) => fp == newKeyFp)) {\n const updated = await this.base.tryUpdateExchangeData(dataToUpdate, decryptionKeys, { [newKeyFp]: importedNewKey })\n if (!updated) {\n console.warn(`Failed to give access back to exchanged data ${JSON.stringify(dataToUpdate)}`)\n }\n }\n }\n }\n\n clearOrRepopulateCache(): Promise<void> {\n throw new Error('Implemented by concrete class')\n }\n\n getOrCreateEncryptionDataTo(\n delegateId: string,\n entityType: EntityWithDelegationTypeName | undefined,\n entitySecretForeignKeys: string[] | undefined,\n allowCreationWithoutDelegateKey: boolean\n ): Promise<{ exchangeData: ExchangeData; accessControlSecret: string; exchangeKey: CryptoKey }> {\n throw new Error('Implemented by concrete class')\n }\n\n getCachedDecryptionDataKeyByAccessControlHash(\n hashes: string[],\n entityType: EntityWithDelegationTypeName,\n entitySecretForeignKeys: string[]\n ): Promise<{ [p: string]: { exchangeData: ExchangeData; exchangeKey: CryptoKey; accessControlSecret: string } }> {\n throw new Error('Implemented by concrete class')\n }\n\n getDecryptionDataKeyById(\n id: string,\n entityType: EntityWithDelegationTypeName | undefined,\n entitySecretForeignKeys: string[] | undefined,\n retrieveIfNotCached: boolean\n ): Promise<{ exchangeData: ExchangeData; exchangeKey: CryptoKey | undefined; accessControlSecret: string | undefined } | undefined> {\n throw new Error('Implemented by concrete class')\n }\n\n getAccessControlKeysValue(entityType: EntityWithDelegationTypeName): Promise<string | undefined> {\n throw new Error('Implemented by concrete class')\n }\n\n getAllDelegationKeys(entityType: EntityWithDelegationTypeName): Promise<string[] | undefined> {\n throw new Error('Implemented by concrete class')\n }\n}\n\nclass FullyCachedExchangeDataManager extends AbstractExchangeDataManager {\n private caches: Promise<{\n dataById: { [id: string]: CachedExchangeData }\n hashToId: Map<string, string>\n delegateToVerifiedEncryptionDataId: { [delegate: string]: string }\n entityTypeToAccessControlKeysValue: { [entityType in EntityWithDelegationTypeName]?: string }\n }> = Promise.resolve({ dataById: {}, hashToId: new Map(), delegateToVerifiedEncryptionDataId: {}, entityTypeToAccessControlKeysValue: {} })\n\n async clearOrRepopulateCache(): Promise<void> {\n this.caches = this.doRepopulateCache()\n await this.caches\n }\n\n async getCachedDecryptionDataKeyByAccessControlHash(\n hashes: string[],\n entityType: EntityWithDelegationTypeName,\n entitySecretForeignKeys: string[]\n ): Promise<{ [hash: string]: { exchangeData: ExchangeData; exchangeKey: CryptoKey; accessControlSecret: string } }> {\n function retrieveByHashesFromCaches(caches: {\n dataById: { [id: string]: CachedExchangeData }\n hashToId: Map<string, string>\n delegateToVerifiedEncryptionDataId: { [delegate: string]: string }\n }): { [hash: string]: { exchangeData: ExchangeData; exchangeKey: CryptoKey; accessControlSecret: string } } {\n return hashes.reduce((res, hash) => {\n const id = caches.hashToId.get(hash)\n if (id) {\n const cached = caches.dataById[id]\n if (cached?.decrypted) {\n res[hash] = {\n exchangeData: cached.exchangeData,\n exchangeKey: cached.decrypted.exchangeKey,\n accessControlSecret: cached.decrypted.accessControlSecret,\n }\n }\n }\n return res\n }, {} as { [hash: string]: { exchangeData: ExchangeData; exchangeKey: CryptoKey; accessControlSecret: string } })\n }\n\n const retrievedFromHashesCache = retrieveByHashesFromCaches(await this.caches)\n if (Object.keys(retrievedFromHashesCache).length) {\n return retrievedFromHashesCache\n } else {\n this.caches = this.caches.then(async (caches) => {\n for (const currData of Object.values(caches.dataById)) {\n if (currData.decrypted) {\n const currDataHashes = await this.accessControlSecret.secureDelegationKeysFor(\n currData.decrypted.accessControlSecret,\n entityType,\n entitySecretForeignKeys\n )\n currDataHashes.forEach((hash) => caches.hashToId.set(hash, currData.exchangeData.id!))\n }\n }\n return caches\n })\n return retrieveByHashesFromCaches(await this.caches)\n }\n }\n\n async getOrCreateEncryptionDataTo(\n delegateId: string,\n entityType: EntityWithDelegationTypeName | undefined,\n entitySecretForeignKeys: string[] | undefined,\n allowCreationWithoutDelegateKey: boolean\n ): Promise<{ exchangeData: ExchangeData; accessControlSecret: string; exchangeKey: CryptoKey }> {\n const caches = await this.caches\n const dataId = caches.delegateToVerifiedEncryptionDataId[delegateId]\n const cached = dataId ? caches.dataById[dataId] : undefined\n if (cached && cached?.decrypted) {\n return {\n exchangeData: cached.exchangeData,\n accessControlSecret: cached.decrypted.accessControlSecret,\n exchangeKey: cached.decrypted.exchangeKey,\n }\n }\n // TODO this could technically allow for 2 concurrent exchange data creations, needs fix\n const created = await this.createNewExchangeData(delegateId, { allowNoDelegateKeys: allowCreationWithoutDelegateKey })\n this.cacheData(\n created.exchangeData,\n true,\n { accessControlSecret: created.accessControlSecret, exchangeKey: created.exchangeKey, verified: true },\n entityType,\n entitySecretForeignKeys\n )\n return created\n }\n\n async getDecryptionDataKeyById(\n id: string,\n entityType: EntityWithDelegationTypeName | undefined,\n entitySecretForeignKeys: string[] | undefined,\n retrieveIfNotCached: boolean\n ): Promise<{ exchangeData: ExchangeData; exchangeKey: CryptoKey | undefined; accessControlSecret: string | undefined } | undefined> {\n const caches = await this.caches\n const cachedData = caches.dataById[id]\n if (cachedData) {\n return {\n exchangeData: cachedData.exchangeData,\n exchangeKey: cachedData.decrypted?.exchangeKey,\n accessControlSecret: cachedData.decrypted?.accessControlSecret,\n }\n } else if (retrieveIfNotCached) {\n const data = await this.base.getExchangeDataById(id)\n if (!data) throw new Error(`Could not find exchange data with id ${id}`)\n const decrypted = await this.decryptData(data)\n this.cacheData(data, false, decrypted, entityType, entitySecretForeignKeys)\n return { exchangeData: data, exchangeKey: decrypted?.exchangeKey, accessControlSecret: decrypted?.accessControlSecret }\n } else return undefined\n }\n\n private cacheData(\n exchangeData: ExchangeData,\n isNewData: boolean,\n decrypted: { accessControlSecret: string; exchangeKey: CryptoKey; verified: boolean } | undefined,\n entityType?: EntityWithDelegationTypeName,\n entitySecretForeignKeys?: string[]\n ): void {\n this.caches = this.caches.then(async (caches) => {\n caches.dataById[exchangeData.id!] = { exchangeData, decrypted }\n if (decrypted) {\n // Usage of sfks in secure delegation key should be configurable: it is not necessary for all users and it has some performance impact\n // `secureDelegationKeysFor` is currently ignoring the sfks\n if (entityType && entitySecretForeignKeys) {\n const hashes = await this.accessControlSecret.secureDelegationKeysFor(decrypted.accessControlSecret, entityType, entitySecretForeignKeys)\n hashes.forEach((hash) => {\n caches.hashToId.set(hash, exchangeData.id!)\n })\n }\n if (decrypted.verified) {\n caches.delegateToVerifiedEncryptionDataId[exchangeData.delegate] = exchangeData.id!\n }\n }\n if (isNewData) caches.entityTypeToAccessControlKeysValue = {}\n return caches\n })\n }\n\n private async doRepopulateCache(): Promise<{\n dataById: { [id: string]: CachedExchangeData }\n hashToId: Map<string, string>\n delegateToVerifiedEncryptionDataId: { [delegate: string]: string }\n entityTypeToAccessControlKeysValue: { [entityType in EntityWithDelegationTypeName]?: string }\n }> {\n const allData = await this.base.getAllExchangeDataForCurrentDataOwnerIfAllowed()\n if (!allData) throw new Error('Impossible to use fully cached exchange data manager for current data owner.')\n const dataById: { [id: string]: CachedExchangeData } = {}\n const hashToId = new Map<string, string>()\n const delegateToVerifiedEncryptionDataId: { [delegate: string]: string } = {}\n for (const currData of allData) {\n const currDecrypted = await this.decryptData(currData)\n dataById[currData.id!] = { exchangeData: currData, decrypted: currDecrypted }\n if (currDecrypted?.verified) {\n delegateToVerifiedEncryptionDataId[currData.delegate] = currData.id!\n }\n }\n const entityTypeToAccessControlKeysValue: { [entityType in EntityWithDelegationTypeName]?: string } = {}\n return { dataById, hashToId, delegateToVerifiedEncryptionDataId, entityTypeToAccessControlKeysValue }\n }\n\n async getAccessControlKeysValue(entityType: EntityWithDelegationTypeName): Promise<string | undefined> {\n const caches = await this.caches\n const cached = caches.entityTypeToAccessControlKeysValue[entityType]\n if (cached) return cached\n const accessControlSecrets = Object.values(caches.dataById).flatMap((x) => (x.decrypted ? [x.decrypted.accessControlSecret] : []))\n const fullData = await this.accessControlSecret.getEncodedAccessControlKeys(accessControlSecrets, entityType)\n caches.entityTypeToAccessControlKeysValue[entityType] = fullData\n return fullData\n }\n\n async getAllDelegationKeys(entityType: EntityWithDelegationTypeName): Promise<string[] | undefined> {\n const caches = await this.caches\n const accessControlSecrets = Object.values(caches.dataById).flatMap((x) => (x.decrypted ? [x.decrypted.accessControlSecret] : []))\n const res: string[] = []\n for (const accessControlSecret of accessControlSecrets) {\n // Usage of sfks in secure delegation key should be configurable: it is not necessary for all users and it has some performance impact\n res.push(await this.accessControlSecret.secureDelegationKeyFor(accessControlSecret, entityType, undefined))\n }\n return res\n }\n}\n\nclass LimitedLruCacheExchangeDataManager extends AbstractExchangeDataManager {\n private readonly idToDataCache: LruTemporisedAsyncCache<string, CachedExchangeData & { hashes: string[] }>\n private readonly hashToId: Map<string, string> = new Map()\n private readonly delegateToVerifiedEncryptionDataId: Map<string, string> = new Map()\n\n constructor(\n base: BaseExchangeDataManager,\n encryptionKeys: UserEncryptionKeysManager,\n signatureKeys: UserSignatureKeysManager,\n accessControlSecret: AccessControlSecretUtils,\n cryptoStrategies: CryptoStrategies,\n dataOwnerApi: IccDataOwnerXApi,\n primitives: CryptoPrimitives,\n useParentKeys: boolean,\n optionalParameters: {\n lruCacheSize?: number\n }\n ) {\n super(base, encryptionKeys, signatureKeys, accessControlSecret, cryptoStrategies, dataOwnerApi, primitives, useParentKeys)\n this.idToDataCache = new LruTemporisedAsyncCache(optionalParameters.lruCacheSize ?? 2000, () => -1)\n }\n\n async clearOrRepopulateCache(): Promise<void> {\n this.idToDataCache.clear(false)\n this.hashToId.clear()\n this.delegateToVerifiedEncryptionDataId.clear()\n }\n\n async getCachedDecryptionDataKeyByAccessControlHash(\n hashes: string[],\n entityType: EntityWithDelegationTypeName,\n entitySecretForeignKeys: string[]\n ): Promise<{ [p: string]: { exchangeData: ExchangeData; exchangeKey: CryptoKey; accessControlSecret: string } }> {\n const res: { [p: string]: { exchangeData: ExchangeData; exchangeKey: CryptoKey; accessControlSecret: string } } = {}\n for (const hash of hashes) {\n const dataId = this.hashToId.get(hash)\n if (dataId) {\n const retrieved = await this.idToDataCache.get(dataId, () => {\n throw new Error(`Data with id ${dataId} should have been already cached.`)\n })\n if (retrieved.decrypted) {\n res[hash] = {\n exchangeData: retrieved.exchangeData,\n exchangeKey: retrieved.decrypted.exchangeKey,\n accessControlSecret: retrieved.decrypted.accessControlSecret,\n }\n }\n }\n }\n return res\n }\n\n private async secureDelegationKeysForAllEntitiesNoSfkAndSpecificEntitySfksPairs(\n accessControlSecret: string,\n entityType: EntityWithDelegationTypeName | undefined,\n entitySecretForeignKeys: string[] | undefined\n ): Promise<string[]> {\n const noSfkDelegationKeys = await Promise.all(\n [...entityWithDelegationTypeNames].map((t) => this.accessControlSecret.secureDelegationKeyFor(accessControlSecret, t, undefined))\n )\n if (entityType && entitySecretForeignKeys?.length) {\n // Usage of sfks in secure delegation key should be configurable: it is not necessary for all users and it has some performance impact\n // `secureDelegationKeysFor` is currently ignoring the sfks\n return [\n ...noSfkDelegationKeys,\n ...(await this.accessControlSecret.secureDelegationKeysFor(accessControlSecret, entityType, entitySecretForeignKeys)),\n ]\n } else {\n return noSfkDelegationKeys\n }\n }\n\n async getDecryptionDataKeyById(\n id: string,\n entityType: EntityWithDelegationTypeName | undefined,\n entitySecretForeignKeys: string[] | undefined,\n retrieveIfNotCached: boolean\n ): Promise<{ exchangeData: ExchangeData; exchangeKey: CryptoKey | undefined; accessControlSecret: string | undefined } | undefined> {\n const cached = await this.idToDataCache.getIfCachedJob(id)\n if (cached) {\n const updated = await this.idToDataCache.get(\n id,\n async (prevData) => {\n const toUpdate = prevData ?? cached.item\n if (toUpdate.decrypted) {\n // Usage of sfks in secure delegation key should be configurable: it is not necessary for all users, and it has some performance impact\n // `secureDelegationKeysFor` is currently ignoring the sfks\n if (entityType && entitySecretForeignKeys) {\n const hashes = await this.accessControlSecret.secureDelegationKeysFor(\n toUpdate.decrypted.accessControlSecret,\n entityType,\n entitySecretForeignKeys\n )\n hashes.forEach((hash) => {\n this.hashToId.set(hash, toUpdate.exchangeData.id!)\n })\n toUpdate.hashes.push(...hashes)\n }\n }\n return { item: toUpdate, onEviction: (b) => this.doOnEvictionJob(b, toUpdate) }\n },\n () => true\n )\n return {\n exchangeData: updated.exchangeData,\n exchangeKey: updated.decrypted?.exchangeKey,\n accessControlSecret: updated.decrypted?.accessControlSecret,\n }\n } else if (retrieveIfNotCached) {\n return await this.idToDataCache\n .get(id, async () =>\n this.cacheJob(async () => {\n const data = await this.base.getExchangeDataById(id)\n if (!data) throw new Error(`Could not find exchange data with id ${id}`)\n const decrypted = await this.decryptData(data)\n if (decrypted) {\n const hashes = await this.secureDelegationKeysForAllEntitiesNoSfkAndSpecificEntitySfksPairs(\n decrypted.accessControlSecret,\n entityType,\n entitySecretForeignKeys\n )\n return { exchangeData: data, hashes, decrypted, verified: decrypted.verified }\n } else {\n return { exchangeData: data, hashes: [], verified: false }\n }\n })\n )\n .then((x) => ({ exchangeData: x.exchangeData, exchangeKey: x.decrypted?.exchangeKey, accessControlSecret: x.decrypted?.accessControlSecret }))\n } else return undefined\n }\n\n async getOrCreateEncryptionDataTo(\n delegateId: string,\n entityType: EntityWithDelegationTypeName | undefined,\n entitySecretForeignKeys: string[] | undefined,\n allowCreationWithoutDelegateKey: boolean\n ): Promise<{ exchangeData: ExchangeData; accessControlSecret: string; exchangeKey: CryptoKey }> {\n let existingId = this.delegateToVerifiedEncryptionDataId.get(delegateId)\n if (!existingId) {\n await this.populateCacheToDelegate(delegateId, entityType, entitySecretForeignKeys)\n existingId = this.delegateToVerifiedEncryptionDataId.get(delegateId)\n }\n if (existingId) {\n const cached = await this.idToDataCache.getIfCachedJob(existingId)\n if (!cached) throw new Error(`Illegal state: data with id ${existingId} should have been in cache`)\n if (cached.item.decrypted) {\n return {\n exchangeData: cached.item.exchangeData,\n exchangeKey: cached.item.decrypted.exchangeKey,\n accessControlSecret: cached.item.decrypted.accessControlSecret,\n }\n } else throw new Error(`Illegal state: cached verified data should be decrypted.`)\n } else {\n const newDataId = this.primitives.randomUuid()\n this.delegateToVerifiedEncryptionDataId.set(delegateId, newDataId)\n const createdAndCachedData = await this.idToDataCache.get(newDataId, () =>\n this.cacheJob(async () => {\n try {\n const created = await this.createNewExchangeData(delegateId, { newDataId, allowNoDelegateKeys: allowCreationWithoutDelegateKey })\n const hashes = await this.secureDelegationKeysForAllEntitiesNoSfkAndSpecificEntitySfksPairs(\n created.accessControlSecret,\n entityType,\n entitySecretForeignKeys\n )\n return {\n exchangeData: created.exchangeData,\n decrypted: {\n accessControlSecret: created.accessControlSecret,\n exchangeKey: created.exchangeKey,\n verified: true,\n },\n hashes,\n }\n } catch (e) {\n this.delegateToVerifiedEncryptionDataId.delete(delegateId)\n throw e\n }\n })\n )\n if (!createdAndCachedData) throw new Error('Data should have been successfully created')\n return {\n exchangeData: createdAndCachedData.exchangeData,\n exchangeKey: createdAndCachedData.decrypted!.exchangeKey,\n accessControlSecret: createdAndCachedData.decrypted!.accessControlSecret,\n }\n }\n }\n\n // Loads and adds to the cache all exchange data from the current data owner to the given delegate. Allows to check if there is already data from\n // the current data owner to the delegate which is good for encryption.\n private async populateCacheToDelegate(\n delegateId: string,\n entityType: EntityWithDelegationTypeName | undefined,\n entitySecretForeignKeys: string[] | undefined\n ): Promise<void> {\n const dataToDelegate = await this.base.getExchangeDataByDelegatorDelegatePair(await this.dataOwnerApi.getCurrentDataOwnerId(), delegateId)\n await Promise.all(\n dataToDelegate.map(async (data) => {\n await this.idToDataCache.get(data.id!, () =>\n this.cacheJob(async () => {\n const decrypted = await this.decryptData(data)\n if (decrypted) {\n const hashes = await this.secureDelegationKeysForAllEntitiesNoSfkAndSpecificEntitySfksPairs(\n decrypted.accessControlSecret,\n entityType,\n entitySecretForeignKeys\n )\n return { exchangeData: data, hashes, decrypted }\n } else {\n return { exchangeData: data, hashes: [] }\n }\n })\n )\n })\n )\n }\n\n private async cacheJob(\n retrieveDecryptedDataInfo: () => Promise<CachedExchangeData & { hashes: string[] }>\n ): Promise<{ item: CachedExchangeData & { hashes: string[] }; onEviction: (isReplacement: boolean) => void }> {\n const info = await retrieveDecryptedDataInfo()\n info.hashes.forEach((hash) => this.hashToId.set(hash, info?.exchangeData.id!))\n if (info.decrypted?.verified) this.delegateToVerifiedEncryptionDataId.set(info.exchangeData.delegate, info.exchangeData.id!)\n const item = {\n exchangeData: info.exchangeData,\n hashes: info.hashes,\n decrypted: info.decrypted,\n }\n return {\n item,\n onEviction: (b) => this.doOnEvictionJob(b, item),\n }\n }\n\n private async doOnEvictionJob(isReplacement: boolean, item: CachedExchangeData & { hashes: string[] }) {\n if (!isReplacement) {\n item.hashes.forEach((hash) => this.hashToId.delete(hash))\n if (this.delegateToVerifiedEncryptionDataId.get(item.exchangeData.delegate) === item.exchangeData.id) {\n this.delegateToVerifiedEncryptionDataId.delete(item.exchangeData.delegate)\n }\n }\n }\n\n getAccessControlKeysValue(entityType: EntityWithDelegationTypeName): Promise<string | undefined> {\n return Promise.resolve(undefined)\n }\n\n getAllDelegationKeys(entityType: EntityWithDelegationTypeName): Promise<string[] | undefined> {\n return Promise.resolve(undefined)\n }\n}\n"]}
@@ -10,6 +10,7 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
10
10
  };
11
11
  Object.defineProperty(exports, "__esModule", { value: true });
12
12
  exports.KeyRecovery = void 0;
13
+ const RSA_1 = require("./RSA");
13
14
  const utils_1 = require("../utils");
14
15
  const utils_2 = require("./utils");
15
16
  /**
@@ -101,11 +102,11 @@ class KeyRecovery {
101
102
  var _a;
102
103
  return __awaiter(this, void 0, void 0, function* () {
103
104
  const res = {};
104
- const keysByFp = (0, utils_2.fingerprintToPublicKeysMapOf)(dataOwner.dataOwner, 'sha-1');
105
- const keysByFpWithSha256 = (0, utils_2.fingerprintToPublicKeysMapOf)(dataOwner.dataOwner, 'sha-256');
105
+ const keysByFp = (0, utils_2.fingerprintToPublicKeysMapOf)(dataOwner.dataOwner, RSA_1.ShaVersion.Sha1);
106
+ const keysByFpWithSha256 = (0, utils_2.fingerprintToPublicKeysMapOf)(dataOwner.dataOwner, RSA_1.ShaVersion.Sha256);
106
107
  for (const [fp, split] of Object.entries(splits)) {
107
108
  const pub = (_a = keysByFp[fp]) !== null && _a !== void 0 ? _a : keysByFpWithSha256[fp];
108
- const shaVersion = !!pub && !!keysByFp[fp] ? 'sha-1' : !!pub && !!keysByFpWithSha256[fp] ? 'sha-256' : undefined;
109
+ const shaVersion = !!pub && !!keysByFp[fp] ? RSA_1.ShaVersion.Sha1 : !!pub && !!keysByFpWithSha256[fp] ? RSA_1.ShaVersion.Sha256 : undefined;
109
110
  if (!!pub && !!shaVersion) {
110
111
  const recovered = yield this.tryRecoverSplitPrivate(split, exchangeKeys, shaVersion);
111
112
  if (recovered) {
@@ -196,7 +197,7 @@ class KeyRecovery {
196
197
  recoverFromTransferKeys(dataOwner, allKeys, missingKeysFp) {
197
198
  var _a;
198
199
  return __awaiter(this, void 0, void 0, function* () {
199
- const publicKeyFingerprintToPublicKey = Object.assign(Object.assign({}, (0, utils_2.fingerprintToPublicKeysMapOf)(dataOwner.dataOwner, 'sha-1')), (0, utils_2.fingerprintToPublicKeysMapOf)(dataOwner.dataOwner, 'sha-256'));
200
+ const publicKeyFingerprintToPublicKey = Object.assign(Object.assign({}, (0, utils_2.fingerprintToPublicKeysMapOf)(dataOwner.dataOwner, RSA_1.ShaVersion.Sha1)), (0, utils_2.fingerprintToPublicKeysMapOf)(dataOwner.dataOwner, RSA_1.ShaVersion.Sha256));
200
201
  const missingKeysTransferData = {};
201
202
  Object.values((_a = dataOwner.dataOwner.transferKeys) !== null && _a !== void 0 ? _a : {}).forEach((transferKeysByEncryptor) => {
202
203
  Object.entries(transferKeysByEncryptor).forEach(([transferToPublicKey, transferPrivateKeyEncrypted]) => {
@@ -1 +1 @@
1
- {"version":3,"file":"KeyRecovery.js","sourceRoot":"","sources":["../../../icc-x-api/crypto/KeyRecovery.ts"],"names":[],"mappings":";;;;;;;;;;;;AAIA,oCAAyC;AACzC,mCAA0F;AAI1F;;;GAGG;AACH,MAAa,WAAW;IACtB,YACmB,UAA4B,EAC5B,YAA8B,EAC9B,uBAAgD,EAChD,uBAAgD;QAHhD,eAAU,GAAV,UAAU,CAAkB;QAC5B,iBAAY,GAAZ,YAAY,CAAkB;QAC9B,4BAAuB,GAAvB,uBAAuB,CAAyB;QAChD,4BAAuB,GAAvB,uBAAuB,CAAyB;IAChE,CAAC;IAEJ;;;;;;;;;OASG;IAEH;;;;;;OAMG;IACG,WAAW,CACf,SAA4B,EAC5B,SAAqD;;YAErD,MAAM,cAAc,GAAG,KAAK,CAAC,IAAI,CAAC;gBAChC,GAAG,IAAI,CAAC,YAAY,CAAC,0BAA0B,CAAC,SAAS,CAAC,SAAS,CAAC;gBACpE,GAAG,IAAI,CAAC,YAAY,CAAC,4BAA4B,CAAC,SAAS,CAAC,SAAS,CAAC;aACvE,CAAC,CAAA;YACF,MAAM,cAAc,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAA;YACtD,MAAM,gBAAgB,GAAG,IAAI,GAAG,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAA,qBAAa,EAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAA;YAEnH,MAAM,iBAAiB,GAAG,CAAC,IAAI,CAAC,uBAAuB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,IAAI,CAAC,0BAA0B,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAA;YAC/G,IAAI,cAAc,qBAA6D,SAAS,CAAE,CAAA;YAC1F,IAAI,mBAAmB,GAAG,IAAI,CAAA;YAE9B,OAAO,gBAAgB,CAAC,IAAI,GAAG,CAAC,IAAI,mBAAmB,EAAE;gBACvD,qEAAqE;gBACrE,mBAAmB,GAAG,KAAK,CAAA;gBAC3B,KAAK,MAAM,OAAO,IAAI,iBAAiB,EAAE;oBACvC,MAAM,SAAS,GAAG,MAAM,OAAO,CAAC,SAAS,EAAE,cAAc,EAAE,gBAAgB,CAAC,CAAA;oBAC5E,MAAM,kBAAkB,GAAyC,EAAE,CAAA;oBACnE,KAAK,MAAM,CAAC,EAAE,EAAE,OAAO,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE;wBACrD,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,oBAAoB,CAAC,OAAO,CAAC,CAAA;wBACrE,IAAI,KAAK,EAAE;4BACT,kBAAkB,CAAC,EAAE,CAAC,GAAG,OAAO,CAAA;yBACjC;qBACF;oBACD,IAAI,MAAM,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE;wBAC9C,mBAAmB,GAAG,IAAI,CAAA;wBAC1B,MAAM,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC,OAAO,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,gBAAgB,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAA;wBAC5E,cAAc,mCAAQ,cAAc,GAAK,kBAAkB,CAAE,CAAA;qBAC9D;iBACF;aACF;YAED,OAAO,MAAM,CAAC,WAAW,CAAC,MAAM,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,EAAE,EAAE,CAAC,CAAC,cAAc,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAA;QAC3G,CAAC;KAAA;IAED;;;OAGG;IAEW,0BAA0B,CACtC,SAA4B,EAC5B,OAA4D,EAC5D,aAA0B;;YAE1B,IACE,SAAS,CAAC,SAAS,CAAC,SAAS;gBAC7B,SAAS,CAAC,SAAS,CAAC,0BAA0B;gBAC9C,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,0BAA0B,CAAC,CAAC,MAAM,GAAG,CAAC,EACtE;gBACA,MAAM,MAAM,GAAG,SAAS,CAAC,SAAS,CAAC,EAAG,CAAA;gBACtC,MAAM,YAAY,GAA8D;oBAC9E,CAAC,SAAS,CAAC,SAAS,CAAC,SAAU,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,SAAS,CAAC,SAAS,CAAC,0BAA2B;iBAC7F,CAAA;gBACD,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAClC,IAAI,GAAG,CACL,MAAM,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,UAAU,EAAE,YAAY,CAAC,EAAE,EAAE,CAAC,CAAC,aAAa,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CACvI,CACF,CAAA;gBACD,MAAM,YAAY,GAA0C,EAAE,CAAA;gBAC9D,KAAK,MAAM,QAAQ,IAAI,iBAAiB,EAAE;oBACxC,YAAY,CAAC,QAAQ,CAAC,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,MAAM,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAA;iBAC/E;gBACD,OAAO,MAAM,IAAI,CAAC,iBAAiB,CAAC,SAAS,EAAE,YAAY,EAAE,YAAY,CAAC,CAAA;aAC3E;;gBAAM,OAAO,EAAE,CAAA;QAClB,CAAC;KAAA;IAEa,iBAAiB,CAC7B,SAA4B,EAC5B,MAAiE,EACjE,YAAmD;;;YAEnD,MAAM,GAAG,GAAwD,EAAE,CAAA;YACnE,MAAM,QAAQ,GAAG,IAAA,oCAA4B,EAAC,SAAS,CAAC,SAAS,EAAE,OAAO,CAAC,CAAA;YAC3E,MAAM,kBAAkB,GAAG,IAAA,oCAA4B,EAAC,SAAS,CAAC,SAAS,EAAE,SAAS,CAAC,CAAA;YACvF,KAAK,MAAM,CAAC,EAAE,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE;gBAChD,MAAM,GAAG,GAAG,MAAA,QAAQ,CAAC,EAAE,CAAC,mCAAI,kBAAkB,CAAC,EAAE,CAAC,CAAA;gBAClD,MAAM,UAAU,GAAG,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC,kBAAkB,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAA;gBAChH,IAAI,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC,UAAU,EAAE;oBACzB,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,sBAAsB,CAAC,KAAK,EAAE,YAAY,EAAE,UAAU,CAAC,CAAA;oBACpF,IAAI,SAAS,EAAE;wBACb,MAAM,GAAG,GAAG,QAAQ,CAAC,EAAE,CAAC,CAAA;wBACxB,IAAI;4BACF,GAAG,CAAC,EAAE,CAAC,GAAG;gCACR,UAAU,EAAE,SAAS;gCACrB,SAAS,EAAE,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,SAAS,CAAC,MAAM,EAAE,IAAA,cAAM,EAAC,GAAG,CAAC,EAAE,CAAC,SAAS,CAAC,EAAE,UAAU,CAAC;6BAC7F,CAAA;yBACF;wBAAC,OAAO,CAAC,EAAE;4BACV,OAAO,CAAC,IAAI,CAAC,+BAA+B,GAAG,EAAE,EAAE,CAAC,CAAC,CAAA;yBACtD;qBACF;iBACF;qBAAM;oBACL,OAAO,CAAC,IAAI,CAAC,sCAAsC,EAAE,2BAA2B,CAAC,CAAA;iBAClF;aACF;YACD,OAAO,GAAG,CAAA;;KACX;IAEa,sBAAsB,CAClC,KAAuC,EACvC,YAAmD,EACnD,UAAsB;;;YAEtB,MAAM,WAAW,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,MAAM,CAAA;YAC7C,IAAI,WAAW,KAAK,CAAC,EAAE;gBACrB,sDAAsD;gBACtD,MAAM,CAAC,QAAQ,EAAE,YAAY,CAAC,GAAG,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAA;gBACzD,KAAK,MAAM,WAAW,IAAI,MAAA,YAAY,CAAC,QAAQ,CAAC,mCAAI,EAAE,EAAE;oBACtD,IAAI;wBACF,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,WAAW,EAAE,IAAA,cAAM,EAAC,YAAY,CAAC,CAAC,CAAA;wBACtF,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,SAAS,CAAC,OAAO,EAAE,SAAS,EAAE,CAAC,SAAS,CAAC,EAAE,UAAU,CAAC,CAAA;wBACpG,IAAI,WAAW;4BAAE,OAAO,WAAW,CAAA;qBACpC;oBAAC,OAAO,CAAC,EAAE,GAAE;iBACf;gBACD,OAAO,SAAS,CAAA;aACjB;iBAAM;gBACL,MAAM,eAAe,GAAa,EAAE,CAAA;gBACpC,KAAK,MAAM,yBAAyB,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE;oBAC7D,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,oBAAoB,CAAC,yBAAyB,EAAE,YAAY,EAAE,WAAW,CAAC,CAAA;oBACvG,IAAI,SAAS;wBAAE,eAAe,CAAC,IAAI,CAAC,IAAA,cAAM,EAAC,SAAS,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAA,CAAC,eAAe;iBAChF;gBACD,IAAI;oBACF,MAAM,WAAW,GAAG,IAAA,cAAM,EAAC,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC,CAAA;oBAC3E,OAAO,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,SAAS,CAAC,OAAO,EAAE,WAAW,EAAE,CAAC,SAAS,CAAC,EAAE,UAAU,CAAC,CAAA;iBAC1F;gBAAC,OAAO,CAAC,EAAE;oBACV,uCAAuC;oBACvC,OAAO,SAAS,CAAA;iBACjB;aACF;;KACF;IAEa,oBAAoB,CAChC,yBAA2C,EAC3C,YAAmD,EACnD,WAAmB;;;YAEnB,MAAM,CAAC,QAAQ,EAAE,cAAc,CAAC,GAAG,yBAAyB,CAAA;YAC5D,KAAK,MAAM,WAAW,IAAI,MAAA,YAAY,CAAC,QAAQ,CAAC,mCAAI,EAAE,EAAE;gBACtD,IAAI;oBACF,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,WAAW,EAAE,IAAA,cAAM,EAAC,cAAc,CAAC,CAAC,CAAA;oBACxF,IAAI,IAAI,CAAC,sBAAsB,CAAC,SAAS,EAAE,WAAW,CAAC;wBAAE,OAAO,SAAS,CAAA;iBAC1E;gBAAC,OAAO,CAAC,EAAE,GAAE;aACf;YACD,OAAO,SAAS,CAAA;;KACjB;IAEO,sBAAsB,CAAC,cAA2B,EAAE,WAAmB;QAC7E,yFAAyF;QACzF,qDAAqD;QACrD,MAAM,YAAY,GAAG,IAAA,cAAM,EAAC,cAAc,CAAC,CAAA;QAC3C,IAAI,YAAY,CAAC,CAAC,CAAC,KAAK,GAAG,IAAI,YAAY,CAAC,CAAC,CAAC,KAAK,GAAG;YAAE,OAAO,KAAK,CAAA;QACpE,IAAI;YACF,MAAM,UAAU,GAAG,QAAQ,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAA;YACzD,OAAO,UAAU,GAAG,CAAC,IAAI,UAAU,IAAI,WAAW,CAAA;SACnD;QAAC,OAAO,CAAC,EAAE;YACV,OAAO,KAAK,CAAA;SACb;IACH,CAAC;IAEa,uBAAuB,CACnC,SAA4B,EAC5B,OAA4D,EAC5D,aAA0B;;;YAE1B,MAAM,+BAA+B,mCAChC,IAAA,oCAA4B,EAAC,SAAS,CAAC,SAAS,EAAE,OAAO,CAAC,GAC1D,IAAA,oCAA4B,EAAC,SAAS,CAAC,SAAS,EAAE,SAAS,CAAC,CAChE,CAAA;YACD,MAAM,uBAAuB,GAA+F,EAAE,CAAA;YAC9H,MAAM,CAAC,MAAM,CAAC,MAAA,SAAS,CAAC,SAAS,CAAC,YAAY,mCAAI,EAAE,CAAC,CAAC,OAAO,CAAC,CAAC,uBAAuB,EAAE,EAAE;gBACxF,MAAM,CAAC,OAAO,CAAC,uBAAuB,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,mBAAmB,EAAE,2BAA2B,CAAC,EAAE,EAAE;oBACrG,MAAM,qBAAqB,GAAG,IAAA,qBAAa,EAAC,mBAAmB,CAAC,CAAA,CAAC,6DAA6D;oBAC9H,IAAI,aAAa,CAAC,GAAG,CAAC,qBAAqB,CAAC,EAAE;wBAC5C,MAAM,kBAAkB,GAAG,uBAAuB,CAAC,qBAAqB,CAAC,CAAA;wBACzE,IAAI,kBAAkB,EAAE;4BACtB,kBAAkB,CAAC,mBAAmB,CAAC,GAAG,CAAC,2BAA2B,CAAC,CAAA;yBACxE;6BAAM;4BACL,MAAM,aAAa,GAAG,+BAA+B,CAAC,qBAAqB,CAAC,CAAA;4BAC5E,IAAI,aAAa,EAAE;gCACjB,uBAAuB,CAAC,qBAAqB,CAAC,GAAG;oCAC/C,SAAS,EAAE,aAAa;oCACxB,mBAAmB,EAAE,IAAI,GAAG,CAAC,CAAC,2BAA2B,CAAC,CAAC;iCAC5D,CAAA;6BACF;iCAAM;gCACL,OAAO,CAAC,IAAI,CAAC,uEAAuE,CAAC,CAAA;6BACtF;yBACF;qBACF;gBACH,CAAC,CAAC,CAAA;YACJ,CAAC,CAAC,CAAA;YACF,MAAM,qBAAqB,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,SAAS,CAAC,SAAS,CAAC,EAAG,EAAE,SAAS,CAAC,SAAS,CAAC,EAAG,EAAE,OAAO,CAAC,CAAA;YAEnH,OAAO,MAAM,CAAC,OAAO,CAAC,uBAAuB,CAAC,CAAC,MAAM,CAAC,CAAO,GAAG,EAAE,CAAC,mBAAmB,EAAE,YAAY,CAAC,EAAE,EAAE;gBACvG,MAAM,UAAU,GAAG,MAAM,GAAG,CAAA;gBAC5B,MAAM,UAAU,GAAG,IAAA,2BAAmB,EAAC,SAAS,CAAC,SAAS,EAAE,YAAY,CAAC,SAAS,CAAC,CAAA;gBACnF,IAAI,CAAC,CAAC,UAAU,EAAE;oBAChB,MAAM,qBAAqB,GAAG,MAAM,IAAI,CAAC,sBAAsB,CAAC,YAAY,EAAE,qBAAqB,EAAE,UAAU,CAAC,CAAA;oBAChH,IAAI,qBAAqB,IAAI,SAAS,EAAE;wBACtC,uCAAY,UAAU,KAAE,CAAC,mBAAmB,CAAC,EAAE,qBAAqB,IAAE;qBACvE;;wBAAM,OAAO,UAAU,CAAA;iBACzB;;oBAAM,OAAO,UAAU,CAAA;YAC1B,CAAC,CAAA,EAAE,OAAO,CAAC,OAAO,CAAC,EAAyD,CAAC,CAAC,CAAA;;KAC/E;IAEa,sBAAsB,CAClC,YAAqE,EACrE,qBAAkC,EAClC,UAAsB;;YAEtB,KAAK,MAAM,oBAAoB,IAAI,YAAY,CAAC,mBAAmB,EAAE;gBACnE,MAAM,oBAAoB,GAAG,MAAM,IAAI,CAAC,qBAAqB,CAAC,oBAAoB,EAAE,qBAAqB,EAAE,UAAU,CAAC,CAAA;gBACtH,IAAI,oBAAoB,IAAI,SAAS;oBACnC,OAAO;wBACL,UAAU,EAAE,oBAAoB;wBAChC,SAAS,EAAE,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,SAAS,CAAC,MAAM,EAAE,IAAA,cAAM,EAAC,YAAY,CAAC,SAAS,CAAC,EAAE,CAAC,SAAS,CAAC,EAAE,UAAU,CAAC;qBAChH,CAAA;aACJ;YACD,OAAO,SAAS,CAAA;QAClB,CAAC;KAAA;IAED,qFAAqF;IACvE,qBAAqB,CACjC,oBAA4B,EAAE,gBAAgB;IAC9C,YAAyB,EACzB,UAAsB;;YAEtB,MAAM,iBAAiB,GAAG,IAAA,cAAM,EAAC,oBAAoB,CAAC,CAAA;YACtD,KAAK,MAAM,WAAW,IAAI,YAAY,EAAE;gBACtC,IAAI;oBACF,MAAM,gBAAgB,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,WAAW,EAAE,iBAAiB,CAAC,CAAA;oBAC1F,MAAM,kBAAkB,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,gBAAgB,CAAC,OAAO,EAAE,gBAAgB,EAAE,UAAU,CAAC,CAAA;oBAC5G,IAAI,kBAAkB,IAAI,SAAS;wBAAE,OAAO,kBAAkB,CAAA;iBAC/D;gBAAC,OAAO,CAAC,EAAE;oBACV,0EAA0E;iBAC3E;aACF;YACD,OAAO,SAAS,CAAA;QAClB,CAAC;KAAA;IAED,6EAA6E;IAC/D,eAAe,CAC3B,IAAY,EACZ,EAAU,EACV,uBAA4E;;YAE5E,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,uBAAuB,CAAC,sBAAsB,CAC/E,MAAM,IAAI,CAAC,uBAAuB,CAAC,2BAA2B,CAAC,IAAI,EAAE,EAAE,CAAC,EACxE,uBAAuB,CACxB,CAAA;YACD,MAAM,yBAAyB,GAAG,MAAM,IAAI,CAAC,uBAAuB,CAAC,sBAAsB,CACzF,MAAM,IAAI,CAAC,uBAAuB,CAAC,sCAAsC,CAAC,IAAI,EAAE,EAAE,CAAC,EACnF,uBAAuB,CACxB,CAAA;YACD,OAAO,CAAC,GAAG,eAAe,CAAC,qBAAqB,EAAE,GAAG,yBAAyB,CAAC,qBAAqB,CAAC,CAAA;QACvG,CAAC;KAAA;CACF;AA5RD,kCA4RC","sourcesContent":["import { IccDataOwnerXApi } from '../icc-data-owner-x-api'\nimport { KeyPair, ShaVersion } from './RSA'\nimport { CryptoPrimitives } from './CryptoPrimitives'\nimport { BaseExchangeKeysManager } from './BaseExchangeKeysManager'\nimport { hex2ua, ua2hex } from '../utils'\nimport { fingerprintToPublicKeysMapOf, fingerprintV1, getShaVersionForKey } from './utils'\nimport { BaseExchangeDataManager } from './BaseExchangeDataManager'\nimport { DataOwnerWithType } from '../../icc-api/model/DataOwnerWithType'\n\n/**\n * @internal this class is intended only for internal use and may be changed without notice.\n *\n */\nexport class KeyRecovery {\n constructor(\n private readonly primitives: CryptoPrimitives,\n private readonly dataOwnerApi: IccDataOwnerXApi,\n private readonly baseExchangeKeysManager: BaseExchangeKeysManager,\n private readonly baseExchangeDataManager: BaseExchangeDataManager\n ) {}\n\n /*TODO\n * Currently there is no support for the recovery of signature keys. When implementing a recovery solution we should consider:\n * - unlike decryption keys signature keys are completely useless if not verified.\n * - we are fine losing the signature private key, but if we could recover and verify the public key it would reduce the inconveniences on user and\n * limit the creation of new exchange data\n * - We can't guarantee that encrypted data in iCure was put there by us... unless we put a piece of the private key as well: we can save an\n * hash of (any verification public key + any encryption private key) in the data owner: only the owner of the private key can create this hash,\n * so if the data owner can recreate the hash with one of his recovered and verified encryption private keys then the signature public key will\n * for sure be safe as well.\n */\n\n /**\n * Attempt to recover private keys of a data owner using all available key recovery methods and all available private keys. The method will\n * automatically try to use newly recovered key pairs to recover additional key pairs.\n * @param dataOwner a data owner.\n * @param knownKeys keys available for the data owner.\n * @return new key pairs (exclude already known pairs) which could be recovered using the known keys.\n */\n async recoverKeys(\n dataOwner: DataOwnerWithType,\n knownKeys: { [pubKeyFp: string]: KeyPair<CryptoKey> }\n ): Promise<{ [pubKeyFp: string]: KeyPair<CryptoKey> }> {\n const selfPublicKeys = Array.from([\n ...this.dataOwnerApi.getHexPublicKeysWithSha1Of(dataOwner.dataOwner),\n ...this.dataOwnerApi.getHexPublicKeysWithSha256Of(dataOwner.dataOwner),\n ])\n const knownKeysFpSet = new Set(Object.keys(knownKeys))\n const missingKeysFpSet = new Set(selfPublicKeys.map((x) => fingerprintV1(x)).filter((x) => !knownKeysFpSet.has(x)))\n\n const recoveryFunctions = [this.recoverFromTransferKeys.bind(this), this.recoverFromShamirSplitKeys.bind(this)]\n let allPrivateKeys: { [pubKeyFingerprint: string]: KeyPair<CryptoKey> } = { ...knownKeys }\n let foundNewPrivateKeys = true\n\n while (missingKeysFpSet.size > 0 && foundNewPrivateKeys) {\n // TODO for each recovered verify correct association with public key\n foundNewPrivateKeys = false\n for (const recover of recoveryFunctions) {\n const recovered = await recover(dataOwner, allPrivateKeys, missingKeysFpSet)\n const validatedRecovered: { [fp: string]: KeyPair<CryptoKey> } = {}\n for (const [fp, keyPair] of Object.entries(recovered)) {\n const valid = await this.primitives.RSA.checkKeyPairValidity(keyPair)\n if (valid) {\n validatedRecovered[fp] = keyPair\n }\n }\n if (Object.keys(validatedRecovered).length > 0) {\n foundNewPrivateKeys = true\n Object.keys(validatedRecovered).forEach((fp) => missingKeysFpSet.delete(fp))\n allPrivateKeys = { ...allPrivateKeys, ...validatedRecovered }\n }\n }\n }\n\n return Object.fromEntries(Object.entries(allPrivateKeys).filter(([keyFp]) => !knownKeysFpSet.has(keyFp)))\n }\n\n /*TODO?\n * Ask access back suggestion: if by getting access back to an exchange key with another data owner I may recover additional keys we could suggest\n * to ask for access back to that data owner.\n */\n\n private async recoverFromShamirSplitKeys(\n dataOwner: DataOwnerWithType,\n allKeys: { [pubKeyFingerprint: string]: KeyPair<CryptoKey> },\n missingKeysFp: Set<string>\n ): Promise<{ [pubKeyFingerprint: string]: KeyPair<CryptoKey> }> {\n if (\n dataOwner.dataOwner.publicKey &&\n dataOwner.dataOwner.privateKeyShamirPartitions &&\n Object.keys(dataOwner.dataOwner.privateKeyShamirPartitions).length > 0\n ) {\n const selfId = dataOwner.dataOwner.id!\n const shamirSplits: { [keyPairFp: string]: { [delegateId: string]: string } } = {\n [dataOwner.dataOwner.publicKey!.slice(-32)]: dataOwner.dataOwner.privateKeyShamirPartitions!,\n }\n const delegatesOfSplits = Array.from(\n new Set(\n Object.entries(shamirSplits).flatMap(([splitKeyFp, splitKeyData]) => (missingKeysFp.has(splitKeyFp) ? Object.keys(splitKeyData) : []))\n )\n )\n const exchangeKeys: { [delegateId: string]: CryptoKey[] } = {}\n for (const delegate of delegatesOfSplits) {\n exchangeKeys[delegate] = await this.getExchangeKeys(selfId, delegate, allKeys)\n }\n return await this.recoverWithSplits(dataOwner, shamirSplits, exchangeKeys)\n } else return {}\n }\n\n private async recoverWithSplits(\n dataOwner: DataOwnerWithType,\n splits: { [keyPairFp: string]: { [delegateId: string]: string } },\n exchangeKeys: { [delegateId: string]: CryptoKey[] }\n ): Promise<{ [pubKeyFingerprint: string]: KeyPair<CryptoKey> }> {\n const res: { [pubKeyFingerprint: string]: KeyPair<CryptoKey> } = {}\n const keysByFp = fingerprintToPublicKeysMapOf(dataOwner.dataOwner, 'sha-1')\n const keysByFpWithSha256 = fingerprintToPublicKeysMapOf(dataOwner.dataOwner, 'sha-256')\n for (const [fp, split] of Object.entries(splits)) {\n const pub = keysByFp[fp] ?? keysByFpWithSha256[fp]\n const shaVersion = !!pub && !!keysByFp[fp] ? 'sha-1' : !!pub && !!keysByFpWithSha256[fp] ? 'sha-256' : undefined\n if (!!pub && !!shaVersion) {\n const recovered = await this.tryRecoverSplitPrivate(split, exchangeKeys, shaVersion)\n if (recovered) {\n const pub = keysByFp[fp]\n try {\n res[fp] = {\n privateKey: recovered,\n publicKey: await this.primitives.RSA.importKey('spki', hex2ua(pub), ['encrypt'], shaVersion),\n }\n } catch (e) {\n console.warn(`Failed to import public key ${pub}`, e)\n }\n }\n } else {\n console.warn(`Missing public key for fingerprint ${fp} of recovered shamir key.`)\n }\n }\n return res\n }\n\n private async tryRecoverSplitPrivate(\n split: { [delegateId: string]: string },\n exchangeKeys: { [delegateId: string]: CryptoKey[] },\n shaVersion: ShaVersion\n ): Promise<CryptoKey | undefined> {\n const splitsCount = Object.keys(split).length\n if (splitsCount === 1) {\n // Not sure about the key nor if the key is accessible\n const [delegate, encryptedKey] = Object.entries(split)[0]\n for (const exchangeKey of exchangeKeys[delegate] ?? []) {\n try {\n const decrypted = await this.primitives.AES.decrypt(exchangeKey, hex2ua(encryptedKey))\n const importedKey = await this.primitives.RSA.importKey('pkcs8', decrypted, ['decrypt'], shaVersion)\n if (importedKey) return importedKey\n } catch (e) {}\n }\n return undefined\n } else {\n const decryptedSplits: string[] = []\n for (const delegateAndEncryptedSplit of Object.entries(split)) {\n const decrypted = await this.tryDecryptSplitPiece(delegateAndEncryptedSplit, exchangeKeys, splitsCount)\n if (decrypted) decryptedSplits.push(ua2hex(decrypted).slice(1)) // Drop padding\n }\n try {\n const combinedKey = hex2ua(this.primitives.shamir.combine(decryptedSplits))\n return await this.primitives.RSA.importKey('pkcs8', combinedKey, ['decrypt'], shaVersion)\n } catch (e) {\n // Could be not enough splits decrypted\n return undefined\n }\n }\n }\n\n private async tryDecryptSplitPiece(\n delegateAndEncryptedSplit: [string, string],\n exchangeKeys: { [delegateId: string]: CryptoKey[] },\n splitsCount: number\n ): Promise<ArrayBuffer | undefined> {\n const [delegate, encryptedPiece] = delegateAndEncryptedSplit\n for (const exchangeKey of exchangeKeys[delegate] ?? []) {\n try {\n const decrypted = await this.primitives.AES.decrypt(exchangeKey, hex2ua(encryptedPiece))\n if (this.validateDecryptedSplit(decrypted, splitsCount)) return decrypted\n } catch (e) {}\n }\n return undefined\n }\n\n private validateDecryptedSplit(decryptedSplit: ArrayBuffer, splitsCount: number): boolean {\n // Normally shamir split starts with 8 followed by the index of the split in hexadecimal.\n // However, we pad with an extra 'f' at the beginning\n const decryptedHex = ua2hex(decryptedSplit)\n if (decryptedHex[0] !== 'f' || decryptedHex[1] !== '8') return false\n try {\n const splitIndex = parseInt(decryptedHex.slice(2, 4), 16)\n return splitIndex > 0 && splitIndex <= splitsCount\n } catch (e) {\n return false\n }\n }\n\n private async recoverFromTransferKeys(\n dataOwner: DataOwnerWithType,\n allKeys: { [pubKeyFingerprint: string]: KeyPair<CryptoKey> },\n missingKeysFp: Set<string>\n ): Promise<{ [pubKeyFingerprint: string]: KeyPair<CryptoKey> }> {\n const publicKeyFingerprintToPublicKey = {\n ...fingerprintToPublicKeysMapOf(dataOwner.dataOwner, 'sha-1'),\n ...fingerprintToPublicKeysMapOf(dataOwner.dataOwner, 'sha-256'),\n }\n const missingKeysTransferData: { [recoverableKeyPubFp: string]: { publicKey: string; encryptedPrivateKey: Set<string> } } = {}\n Object.values(dataOwner.dataOwner.transferKeys ?? {}).forEach((transferKeysByEncryptor) => {\n Object.entries(transferKeysByEncryptor).forEach(([transferToPublicKey, transferPrivateKeyEncrypted]) => {\n const transferToPublicKeyFp = fingerprintV1(transferToPublicKey) // We are not sure if transfer public key will be a fp or not\n if (missingKeysFp.has(transferToPublicKeyFp)) {\n const existingEntryValue = missingKeysTransferData[transferToPublicKeyFp]\n if (existingEntryValue) {\n existingEntryValue.encryptedPrivateKey.add(transferPrivateKeyEncrypted)\n } else {\n const fullPublicKey = publicKeyFingerprintToPublicKey[transferToPublicKeyFp]\n if (fullPublicKey) {\n missingKeysTransferData[transferToPublicKeyFp] = {\n publicKey: fullPublicKey,\n encryptedPrivateKey: new Set([transferPrivateKeyEncrypted]),\n }\n } else {\n console.warn('Invalid data owner: there is a transfer key for an unknown public key')\n }\n }\n }\n })\n })\n const availableExchangeKeys = await this.getExchangeKeys(dataOwner.dataOwner.id!, dataOwner.dataOwner.id!, allKeys)\n\n return Object.entries(missingKeysTransferData).reduce(async (acc, [recoverableKeyPubFp, transferData]) => {\n const awaitedAcc = await acc\n const shaVersion = getShaVersionForKey(dataOwner.dataOwner, transferData.publicKey)\n if (!!shaVersion) {\n const decryptedTransferData = await this.tryDecryptTransferData(transferData, availableExchangeKeys, shaVersion)\n if (decryptedTransferData != undefined) {\n return { ...awaitedAcc, [recoverableKeyPubFp]: decryptedTransferData }\n } else return awaitedAcc\n } else return awaitedAcc\n }, Promise.resolve({} as { [pubKeyFingerprint: string]: KeyPair<CryptoKey> }))\n }\n\n private async tryDecryptTransferData(\n transferData: { publicKey: string; encryptedPrivateKey: Set<string> },\n availableExchangeKeys: CryptoKey[],\n shaVersion: ShaVersion\n ): Promise<KeyPair<CryptoKey> | undefined> {\n for (const encryptedTransferKey of transferData.encryptedPrivateKey) {\n const decryptedTransferKey = await this.tryDecryptTransferKey(encryptedTransferKey, availableExchangeKeys, shaVersion)\n if (decryptedTransferKey != undefined)\n return {\n privateKey: decryptedTransferKey,\n publicKey: await this.primitives.RSA.importKey('spki', hex2ua(transferData.publicKey), ['encrypt'], shaVersion),\n }\n }\n return undefined\n }\n\n // attempt to decrypt a transfer key in pkcs8 using any of the provided exchange keys\n private async tryDecryptTransferKey(\n encryptedTransferKey: string, // in hex format\n exchangeKeys: CryptoKey[],\n shaVersion: ShaVersion\n ): Promise<CryptoKey | undefined> {\n const encryptedKeyBytes = hex2ua(encryptedTransferKey)\n for (const exchangeKey of exchangeKeys) {\n try {\n const decryptedKeyData = await this.primitives.AES.decrypt(exchangeKey, encryptedKeyBytes)\n const importedPrivateKey = await this.primitives.RSA.importPrivateKey('pkcs8', decryptedKeyData, shaVersion)\n if (importedPrivateKey != undefined) return importedPrivateKey\n } catch (e) {\n /* failure is a valid possibility: we don't know the correct key to use */\n }\n }\n return undefined\n }\n\n // Get exchange keys from aes exchange keys / hc party keys and exchange data\n private async getExchangeKeys(\n from: string,\n to: string,\n availableDecryptionKeys: { [pubKeyFingerprint: string]: KeyPair<CryptoKey> }\n ): Promise<CryptoKey[]> {\n const aesExchangeKeys = await this.baseExchangeKeysManager.tryDecryptExchangeKeys(\n await this.baseExchangeKeysManager.getEncryptedExchangeKeysFor(from, to),\n availableDecryptionKeys\n )\n const decryptedExchangeDataKeys = await this.baseExchangeDataManager.tryDecryptExchangeKeys(\n await this.baseExchangeDataManager.getExchangeDataByDelegatorDelegatePair(from, to),\n availableDecryptionKeys\n )\n return [...aesExchangeKeys.successfulDecryptions, ...decryptedExchangeDataKeys.successfulDecryptions]\n }\n}\n"]}
1
+ {"version":3,"file":"KeyRecovery.js","sourceRoot":"","sources":["../../../icc-x-api/crypto/KeyRecovery.ts"],"names":[],"mappings":";;;;;;;;;;;;AACA,+BAA2C;AAG3C,oCAAyC;AACzC,mCAA0F;AAI1F;;;GAGG;AACH,MAAa,WAAW;IACtB,YACmB,UAA4B,EAC5B,YAA8B,EAC9B,uBAAgD,EAChD,uBAAgD;QAHhD,eAAU,GAAV,UAAU,CAAkB;QAC5B,iBAAY,GAAZ,YAAY,CAAkB;QAC9B,4BAAuB,GAAvB,uBAAuB,CAAyB;QAChD,4BAAuB,GAAvB,uBAAuB,CAAyB;IAChE,CAAC;IAEJ;;;;;;;;;OASG;IAEH;;;;;;OAMG;IACG,WAAW,CACf,SAA4B,EAC5B,SAAqD;;YAErD,MAAM,cAAc,GAAG,KAAK,CAAC,IAAI,CAAC;gBAChC,GAAG,IAAI,CAAC,YAAY,CAAC,0BAA0B,CAAC,SAAS,CAAC,SAAS,CAAC;gBACpE,GAAG,IAAI,CAAC,YAAY,CAAC,4BAA4B,CAAC,SAAS,CAAC,SAAS,CAAC;aACvE,CAAC,CAAA;YACF,MAAM,cAAc,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAA;YACtD,MAAM,gBAAgB,GAAG,IAAI,GAAG,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAA,qBAAa,EAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAA;YAEnH,MAAM,iBAAiB,GAAG,CAAC,IAAI,CAAC,uBAAuB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,IAAI,CAAC,0BAA0B,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAA;YAC/G,IAAI,cAAc,qBAA6D,SAAS,CAAE,CAAA;YAC1F,IAAI,mBAAmB,GAAG,IAAI,CAAA;YAE9B,OAAO,gBAAgB,CAAC,IAAI,GAAG,CAAC,IAAI,mBAAmB,EAAE;gBACvD,qEAAqE;gBACrE,mBAAmB,GAAG,KAAK,CAAA;gBAC3B,KAAK,MAAM,OAAO,IAAI,iBAAiB,EAAE;oBACvC,MAAM,SAAS,GAAG,MAAM,OAAO,CAAC,SAAS,EAAE,cAAc,EAAE,gBAAgB,CAAC,CAAA;oBAC5E,MAAM,kBAAkB,GAAyC,EAAE,CAAA;oBACnE,KAAK,MAAM,CAAC,EAAE,EAAE,OAAO,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE;wBACrD,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,oBAAoB,CAAC,OAAO,CAAC,CAAA;wBACrE,IAAI,KAAK,EAAE;4BACT,kBAAkB,CAAC,EAAE,CAAC,GAAG,OAAO,CAAA;yBACjC;qBACF;oBACD,IAAI,MAAM,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE;wBAC9C,mBAAmB,GAAG,IAAI,CAAA;wBAC1B,MAAM,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC,OAAO,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,gBAAgB,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAA;wBAC5E,cAAc,mCAAQ,cAAc,GAAK,kBAAkB,CAAE,CAAA;qBAC9D;iBACF;aACF;YAED,OAAO,MAAM,CAAC,WAAW,CAAC,MAAM,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,EAAE,EAAE,CAAC,CAAC,cAAc,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAA;QAC3G,CAAC;KAAA;IAED;;;OAGG;IAEW,0BAA0B,CACtC,SAA4B,EAC5B,OAA4D,EAC5D,aAA0B;;YAE1B,IACE,SAAS,CAAC,SAAS,CAAC,SAAS;gBAC7B,SAAS,CAAC,SAAS,CAAC,0BAA0B;gBAC9C,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,0BAA0B,CAAC,CAAC,MAAM,GAAG,CAAC,EACtE;gBACA,MAAM,MAAM,GAAG,SAAS,CAAC,SAAS,CAAC,EAAG,CAAA;gBACtC,MAAM,YAAY,GAA8D;oBAC9E,CAAC,SAAS,CAAC,SAAS,CAAC,SAAU,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,SAAS,CAAC,SAAS,CAAC,0BAA2B;iBAC7F,CAAA;gBACD,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAClC,IAAI,GAAG,CACL,MAAM,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,UAAU,EAAE,YAAY,CAAC,EAAE,EAAE,CAAC,CAAC,aAAa,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CACvI,CACF,CAAA;gBACD,MAAM,YAAY,GAA0C,EAAE,CAAA;gBAC9D,KAAK,MAAM,QAAQ,IAAI,iBAAiB,EAAE;oBACxC,YAAY,CAAC,QAAQ,CAAC,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,MAAM,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAA;iBAC/E;gBACD,OAAO,MAAM,IAAI,CAAC,iBAAiB,CAAC,SAAS,EAAE,YAAY,EAAE,YAAY,CAAC,CAAA;aAC3E;;gBAAM,OAAO,EAAE,CAAA;QAClB,CAAC;KAAA;IAEa,iBAAiB,CAC7B,SAA4B,EAC5B,MAAiE,EACjE,YAAmD;;;YAEnD,MAAM,GAAG,GAAwD,EAAE,CAAA;YACnE,MAAM,QAAQ,GAAG,IAAA,oCAA4B,EAAC,SAAS,CAAC,SAAS,EAAE,gBAAU,CAAC,IAAI,CAAC,CAAA;YACnF,MAAM,kBAAkB,GAAG,IAAA,oCAA4B,EAAC,SAAS,CAAC,SAAS,EAAE,gBAAU,CAAC,MAAM,CAAC,CAAA;YAC/F,KAAK,MAAM,CAAC,EAAE,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE;gBAChD,MAAM,GAAG,GAAG,MAAA,QAAQ,CAAC,EAAE,CAAC,mCAAI,kBAAkB,CAAC,EAAE,CAAC,CAAA;gBAClD,MAAM,UAAU,GAAG,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,gBAAU,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC,kBAAkB,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,gBAAU,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAA;gBAChI,IAAI,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC,UAAU,EAAE;oBACzB,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,sBAAsB,CAAC,KAAK,EAAE,YAAY,EAAE,UAAU,CAAC,CAAA;oBACpF,IAAI,SAAS,EAAE;wBACb,MAAM,GAAG,GAAG,QAAQ,CAAC,EAAE,CAAC,CAAA;wBACxB,IAAI;4BACF,GAAG,CAAC,EAAE,CAAC,GAAG;gCACR,UAAU,EAAE,SAAS;gCACrB,SAAS,EAAE,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,SAAS,CAAC,MAAM,EAAE,IAAA,cAAM,EAAC,GAAG,CAAC,EAAE,CAAC,SAAS,CAAC,EAAE,UAAU,CAAC;6BAC7F,CAAA;yBACF;wBAAC,OAAO,CAAC,EAAE;4BACV,OAAO,CAAC,IAAI,CAAC,+BAA+B,GAAG,EAAE,EAAE,CAAC,CAAC,CAAA;yBACtD;qBACF;iBACF;qBAAM;oBACL,OAAO,CAAC,IAAI,CAAC,sCAAsC,EAAE,2BAA2B,CAAC,CAAA;iBAClF;aACF;YACD,OAAO,GAAG,CAAA;;KACX;IAEa,sBAAsB,CAClC,KAAuC,EACvC,YAAmD,EACnD,UAAsB;;;YAEtB,MAAM,WAAW,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,MAAM,CAAA;YAC7C,IAAI,WAAW,KAAK,CAAC,EAAE;gBACrB,sDAAsD;gBACtD,MAAM,CAAC,QAAQ,EAAE,YAAY,CAAC,GAAG,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAA;gBACzD,KAAK,MAAM,WAAW,IAAI,MAAA,YAAY,CAAC,QAAQ,CAAC,mCAAI,EAAE,EAAE;oBACtD,IAAI;wBACF,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,WAAW,EAAE,IAAA,cAAM,EAAC,YAAY,CAAC,CAAC,CAAA;wBACtF,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,SAAS,CAAC,OAAO,EAAE,SAAS,EAAE,CAAC,SAAS,CAAC,EAAE,UAAU,CAAC,CAAA;wBACpG,IAAI,WAAW;4BAAE,OAAO,WAAW,CAAA;qBACpC;oBAAC,OAAO,CAAC,EAAE,GAAE;iBACf;gBACD,OAAO,SAAS,CAAA;aACjB;iBAAM;gBACL,MAAM,eAAe,GAAa,EAAE,CAAA;gBACpC,KAAK,MAAM,yBAAyB,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE;oBAC7D,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,oBAAoB,CAAC,yBAAyB,EAAE,YAAY,EAAE,WAAW,CAAC,CAAA;oBACvG,IAAI,SAAS;wBAAE,eAAe,CAAC,IAAI,CAAC,IAAA,cAAM,EAAC,SAAS,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAA,CAAC,eAAe;iBAChF;gBACD,IAAI;oBACF,MAAM,WAAW,GAAG,IAAA,cAAM,EAAC,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC,CAAA;oBAC3E,OAAO,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,SAAS,CAAC,OAAO,EAAE,WAAW,EAAE,CAAC,SAAS,CAAC,EAAE,UAAU,CAAC,CAAA;iBAC1F;gBAAC,OAAO,CAAC,EAAE;oBACV,uCAAuC;oBACvC,OAAO,SAAS,CAAA;iBACjB;aACF;;KACF;IAEa,oBAAoB,CAChC,yBAA2C,EAC3C,YAAmD,EACnD,WAAmB;;;YAEnB,MAAM,CAAC,QAAQ,EAAE,cAAc,CAAC,GAAG,yBAAyB,CAAA;YAC5D,KAAK,MAAM,WAAW,IAAI,MAAA,YAAY,CAAC,QAAQ,CAAC,mCAAI,EAAE,EAAE;gBACtD,IAAI;oBACF,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,WAAW,EAAE,IAAA,cAAM,EAAC,cAAc,CAAC,CAAC,CAAA;oBACxF,IAAI,IAAI,CAAC,sBAAsB,CAAC,SAAS,EAAE,WAAW,CAAC;wBAAE,OAAO,SAAS,CAAA;iBAC1E;gBAAC,OAAO,CAAC,EAAE,GAAE;aACf;YACD,OAAO,SAAS,CAAA;;KACjB;IAEO,sBAAsB,CAAC,cAA2B,EAAE,WAAmB;QAC7E,yFAAyF;QACzF,qDAAqD;QACrD,MAAM,YAAY,GAAG,IAAA,cAAM,EAAC,cAAc,CAAC,CAAA;QAC3C,IAAI,YAAY,CAAC,CAAC,CAAC,KAAK,GAAG,IAAI,YAAY,CAAC,CAAC,CAAC,KAAK,GAAG;YAAE,OAAO,KAAK,CAAA;QACpE,IAAI;YACF,MAAM,UAAU,GAAG,QAAQ,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAA;YACzD,OAAO,UAAU,GAAG,CAAC,IAAI,UAAU,IAAI,WAAW,CAAA;SACnD;QAAC,OAAO,CAAC,EAAE;YACV,OAAO,KAAK,CAAA;SACb;IACH,CAAC;IAEa,uBAAuB,CACnC,SAA4B,EAC5B,OAA4D,EAC5D,aAA0B;;;YAE1B,MAAM,+BAA+B,mCAChC,IAAA,oCAA4B,EAAC,SAAS,CAAC,SAAS,EAAE,gBAAU,CAAC,IAAI,CAAC,GAClE,IAAA,oCAA4B,EAAC,SAAS,CAAC,SAAS,EAAE,gBAAU,CAAC,MAAM,CAAC,CACxE,CAAA;YACD,MAAM,uBAAuB,GAA+F,EAAE,CAAA;YAC9H,MAAM,CAAC,MAAM,CAAC,MAAA,SAAS,CAAC,SAAS,CAAC,YAAY,mCAAI,EAAE,CAAC,CAAC,OAAO,CAAC,CAAC,uBAAuB,EAAE,EAAE;gBACxF,MAAM,CAAC,OAAO,CAAC,uBAAuB,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,mBAAmB,EAAE,2BAA2B,CAAC,EAAE,EAAE;oBACrG,MAAM,qBAAqB,GAAG,IAAA,qBAAa,EAAC,mBAAmB,CAAC,CAAA,CAAC,6DAA6D;oBAC9H,IAAI,aAAa,CAAC,GAAG,CAAC,qBAAqB,CAAC,EAAE;wBAC5C,MAAM,kBAAkB,GAAG,uBAAuB,CAAC,qBAAqB,CAAC,CAAA;wBACzE,IAAI,kBAAkB,EAAE;4BACtB,kBAAkB,CAAC,mBAAmB,CAAC,GAAG,CAAC,2BAA2B,CAAC,CAAA;yBACxE;6BAAM;4BACL,MAAM,aAAa,GAAG,+BAA+B,CAAC,qBAAqB,CAAC,CAAA;4BAC5E,IAAI,aAAa,EAAE;gCACjB,uBAAuB,CAAC,qBAAqB,CAAC,GAAG;oCAC/C,SAAS,EAAE,aAAa;oCACxB,mBAAmB,EAAE,IAAI,GAAG,CAAC,CAAC,2BAA2B,CAAC,CAAC;iCAC5D,CAAA;6BACF;iCAAM;gCACL,OAAO,CAAC,IAAI,CAAC,uEAAuE,CAAC,CAAA;6BACtF;yBACF;qBACF;gBACH,CAAC,CAAC,CAAA;YACJ,CAAC,CAAC,CAAA;YACF,MAAM,qBAAqB,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,SAAS,CAAC,SAAS,CAAC,EAAG,EAAE,SAAS,CAAC,SAAS,CAAC,EAAG,EAAE,OAAO,CAAC,CAAA;YAEnH,OAAO,MAAM,CAAC,OAAO,CAAC,uBAAuB,CAAC,CAAC,MAAM,CAAC,CAAO,GAAG,EAAE,CAAC,mBAAmB,EAAE,YAAY,CAAC,EAAE,EAAE;gBACvG,MAAM,UAAU,GAAG,MAAM,GAAG,CAAA;gBAC5B,MAAM,UAAU,GAAG,IAAA,2BAAmB,EAAC,SAAS,CAAC,SAAS,EAAE,YAAY,CAAC,SAAS,CAAC,CAAA;gBACnF,IAAI,CAAC,CAAC,UAAU,EAAE;oBAChB,MAAM,qBAAqB,GAAG,MAAM,IAAI,CAAC,sBAAsB,CAAC,YAAY,EAAE,qBAAqB,EAAE,UAAU,CAAC,CAAA;oBAChH,IAAI,qBAAqB,IAAI,SAAS,EAAE;wBACtC,uCAAY,UAAU,KAAE,CAAC,mBAAmB,CAAC,EAAE,qBAAqB,IAAE;qBACvE;;wBAAM,OAAO,UAAU,CAAA;iBACzB;;oBAAM,OAAO,UAAU,CAAA;YAC1B,CAAC,CAAA,EAAE,OAAO,CAAC,OAAO,CAAC,EAAyD,CAAC,CAAC,CAAA;;KAC/E;IAEa,sBAAsB,CAClC,YAAqE,EACrE,qBAAkC,EAClC,UAAsB;;YAEtB,KAAK,MAAM,oBAAoB,IAAI,YAAY,CAAC,mBAAmB,EAAE;gBACnE,MAAM,oBAAoB,GAAG,MAAM,IAAI,CAAC,qBAAqB,CAAC,oBAAoB,EAAE,qBAAqB,EAAE,UAAU,CAAC,CAAA;gBACtH,IAAI,oBAAoB,IAAI,SAAS;oBACnC,OAAO;wBACL,UAAU,EAAE,oBAAoB;wBAChC,SAAS,EAAE,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,SAAS,CAAC,MAAM,EAAE,IAAA,cAAM,EAAC,YAAY,CAAC,SAAS,CAAC,EAAE,CAAC,SAAS,CAAC,EAAE,UAAU,CAAC;qBAChH,CAAA;aACJ;YACD,OAAO,SAAS,CAAA;QAClB,CAAC;KAAA;IAED,qFAAqF;IACvE,qBAAqB,CACjC,oBAA4B,EAAE,gBAAgB;IAC9C,YAAyB,EACzB,UAAsB;;YAEtB,MAAM,iBAAiB,GAAG,IAAA,cAAM,EAAC,oBAAoB,CAAC,CAAA;YACtD,KAAK,MAAM,WAAW,IAAI,YAAY,EAAE;gBACtC,IAAI;oBACF,MAAM,gBAAgB,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,WAAW,EAAE,iBAAiB,CAAC,CAAA;oBAC1F,MAAM,kBAAkB,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,gBAAgB,CAAC,OAAO,EAAE,gBAAgB,EAAE,UAAU,CAAC,CAAA;oBAC5G,IAAI,kBAAkB,IAAI,SAAS;wBAAE,OAAO,kBAAkB,CAAA;iBAC/D;gBAAC,OAAO,CAAC,EAAE;oBACV,0EAA0E;iBAC3E;aACF;YACD,OAAO,SAAS,CAAA;QAClB,CAAC;KAAA;IAED,6EAA6E;IAC/D,eAAe,CAC3B,IAAY,EACZ,EAAU,EACV,uBAA4E;;YAE5E,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,uBAAuB,CAAC,sBAAsB,CAC/E,MAAM,IAAI,CAAC,uBAAuB,CAAC,2BAA2B,CAAC,IAAI,EAAE,EAAE,CAAC,EACxE,uBAAuB,CACxB,CAAA;YACD,MAAM,yBAAyB,GAAG,MAAM,IAAI,CAAC,uBAAuB,CAAC,sBAAsB,CACzF,MAAM,IAAI,CAAC,uBAAuB,CAAC,sCAAsC,CAAC,IAAI,EAAE,EAAE,CAAC,EACnF,uBAAuB,CACxB,CAAA;YACD,OAAO,CAAC,GAAG,eAAe,CAAC,qBAAqB,EAAE,GAAG,yBAAyB,CAAC,qBAAqB,CAAC,CAAA;QACvG,CAAC;KAAA;CACF;AA5RD,kCA4RC","sourcesContent":["import { IccDataOwnerXApi } from '../icc-data-owner-x-api'\nimport { KeyPair, ShaVersion } from './RSA'\nimport { CryptoPrimitives } from './CryptoPrimitives'\nimport { BaseExchangeKeysManager } from './BaseExchangeKeysManager'\nimport { hex2ua, ua2hex } from '../utils'\nimport { fingerprintToPublicKeysMapOf, fingerprintV1, getShaVersionForKey } from './utils'\nimport { BaseExchangeDataManager } from './BaseExchangeDataManager'\nimport { DataOwnerWithType } from '../../icc-api/model/DataOwnerWithType'\n\n/**\n * @internal this class is intended only for internal use and may be changed without notice.\n *\n */\nexport class KeyRecovery {\n constructor(\n private readonly primitives: CryptoPrimitives,\n private readonly dataOwnerApi: IccDataOwnerXApi,\n private readonly baseExchangeKeysManager: BaseExchangeKeysManager,\n private readonly baseExchangeDataManager: BaseExchangeDataManager\n ) {}\n\n /*TODO\n * Currently there is no support for the recovery of signature keys. When implementing a recovery solution we should consider:\n * - unlike decryption keys signature keys are completely useless if not verified.\n * - we are fine losing the signature private key, but if we could recover and verify the public key it would reduce the inconveniences on user and\n * limit the creation of new exchange data\n * - We can't guarantee that encrypted data in iCure was put there by us... unless we put a piece of the private key as well: we can save an\n * hash of (any verification public key + any encryption private key) in the data owner: only the owner of the private key can create this hash,\n * so if the data owner can recreate the hash with one of his recovered and verified encryption private keys then the signature public key will\n * for sure be safe as well.\n */\n\n /**\n * Attempt to recover private keys of a data owner using all available key recovery methods and all available private keys. The method will\n * automatically try to use newly recovered key pairs to recover additional key pairs.\n * @param dataOwner a data owner.\n * @param knownKeys keys available for the data owner.\n * @return new key pairs (exclude already known pairs) which could be recovered using the known keys.\n */\n async recoverKeys(\n dataOwner: DataOwnerWithType,\n knownKeys: { [pubKeyFp: string]: KeyPair<CryptoKey> }\n ): Promise<{ [pubKeyFp: string]: KeyPair<CryptoKey> }> {\n const selfPublicKeys = Array.from([\n ...this.dataOwnerApi.getHexPublicKeysWithSha1Of(dataOwner.dataOwner),\n ...this.dataOwnerApi.getHexPublicKeysWithSha256Of(dataOwner.dataOwner),\n ])\n const knownKeysFpSet = new Set(Object.keys(knownKeys))\n const missingKeysFpSet = new Set(selfPublicKeys.map((x) => fingerprintV1(x)).filter((x) => !knownKeysFpSet.has(x)))\n\n const recoveryFunctions = [this.recoverFromTransferKeys.bind(this), this.recoverFromShamirSplitKeys.bind(this)]\n let allPrivateKeys: { [pubKeyFingerprint: string]: KeyPair<CryptoKey> } = { ...knownKeys }\n let foundNewPrivateKeys = true\n\n while (missingKeysFpSet.size > 0 && foundNewPrivateKeys) {\n // TODO for each recovered verify correct association with public key\n foundNewPrivateKeys = false\n for (const recover of recoveryFunctions) {\n const recovered = await recover(dataOwner, allPrivateKeys, missingKeysFpSet)\n const validatedRecovered: { [fp: string]: KeyPair<CryptoKey> } = {}\n for (const [fp, keyPair] of Object.entries(recovered)) {\n const valid = await this.primitives.RSA.checkKeyPairValidity(keyPair)\n if (valid) {\n validatedRecovered[fp] = keyPair\n }\n }\n if (Object.keys(validatedRecovered).length > 0) {\n foundNewPrivateKeys = true\n Object.keys(validatedRecovered).forEach((fp) => missingKeysFpSet.delete(fp))\n allPrivateKeys = { ...allPrivateKeys, ...validatedRecovered }\n }\n }\n }\n\n return Object.fromEntries(Object.entries(allPrivateKeys).filter(([keyFp]) => !knownKeysFpSet.has(keyFp)))\n }\n\n /*TODO?\n * Ask access back suggestion: if by getting access back to an exchange key with another data owner I may recover additional keys we could suggest\n * to ask for access back to that data owner.\n */\n\n private async recoverFromShamirSplitKeys(\n dataOwner: DataOwnerWithType,\n allKeys: { [pubKeyFingerprint: string]: KeyPair<CryptoKey> },\n missingKeysFp: Set<string>\n ): Promise<{ [pubKeyFingerprint: string]: KeyPair<CryptoKey> }> {\n if (\n dataOwner.dataOwner.publicKey &&\n dataOwner.dataOwner.privateKeyShamirPartitions &&\n Object.keys(dataOwner.dataOwner.privateKeyShamirPartitions).length > 0\n ) {\n const selfId = dataOwner.dataOwner.id!\n const shamirSplits: { [keyPairFp: string]: { [delegateId: string]: string } } = {\n [dataOwner.dataOwner.publicKey!.slice(-32)]: dataOwner.dataOwner.privateKeyShamirPartitions!,\n }\n const delegatesOfSplits = Array.from(\n new Set(\n Object.entries(shamirSplits).flatMap(([splitKeyFp, splitKeyData]) => (missingKeysFp.has(splitKeyFp) ? Object.keys(splitKeyData) : []))\n )\n )\n const exchangeKeys: { [delegateId: string]: CryptoKey[] } = {}\n for (const delegate of delegatesOfSplits) {\n exchangeKeys[delegate] = await this.getExchangeKeys(selfId, delegate, allKeys)\n }\n return await this.recoverWithSplits(dataOwner, shamirSplits, exchangeKeys)\n } else return {}\n }\n\n private async recoverWithSplits(\n dataOwner: DataOwnerWithType,\n splits: { [keyPairFp: string]: { [delegateId: string]: string } },\n exchangeKeys: { [delegateId: string]: CryptoKey[] }\n ): Promise<{ [pubKeyFingerprint: string]: KeyPair<CryptoKey> }> {\n const res: { [pubKeyFingerprint: string]: KeyPair<CryptoKey> } = {}\n const keysByFp = fingerprintToPublicKeysMapOf(dataOwner.dataOwner, ShaVersion.Sha1)\n const keysByFpWithSha256 = fingerprintToPublicKeysMapOf(dataOwner.dataOwner, ShaVersion.Sha256)\n for (const [fp, split] of Object.entries(splits)) {\n const pub = keysByFp[fp] ?? keysByFpWithSha256[fp]\n const shaVersion = !!pub && !!keysByFp[fp] ? ShaVersion.Sha1 : !!pub && !!keysByFpWithSha256[fp] ? ShaVersion.Sha256 : undefined\n if (!!pub && !!shaVersion) {\n const recovered = await this.tryRecoverSplitPrivate(split, exchangeKeys, shaVersion)\n if (recovered) {\n const pub = keysByFp[fp]\n try {\n res[fp] = {\n privateKey: recovered,\n publicKey: await this.primitives.RSA.importKey('spki', hex2ua(pub), ['encrypt'], shaVersion),\n }\n } catch (e) {\n console.warn(`Failed to import public key ${pub}`, e)\n }\n }\n } else {\n console.warn(`Missing public key for fingerprint ${fp} of recovered shamir key.`)\n }\n }\n return res\n }\n\n private async tryRecoverSplitPrivate(\n split: { [delegateId: string]: string },\n exchangeKeys: { [delegateId: string]: CryptoKey[] },\n shaVersion: ShaVersion\n ): Promise<CryptoKey | undefined> {\n const splitsCount = Object.keys(split).length\n if (splitsCount === 1) {\n // Not sure about the key nor if the key is accessible\n const [delegate, encryptedKey] = Object.entries(split)[0]\n for (const exchangeKey of exchangeKeys[delegate] ?? []) {\n try {\n const decrypted = await this.primitives.AES.decrypt(exchangeKey, hex2ua(encryptedKey))\n const importedKey = await this.primitives.RSA.importKey('pkcs8', decrypted, ['decrypt'], shaVersion)\n if (importedKey) return importedKey\n } catch (e) {}\n }\n return undefined\n } else {\n const decryptedSplits: string[] = []\n for (const delegateAndEncryptedSplit of Object.entries(split)) {\n const decrypted = await this.tryDecryptSplitPiece(delegateAndEncryptedSplit, exchangeKeys, splitsCount)\n if (decrypted) decryptedSplits.push(ua2hex(decrypted).slice(1)) // Drop padding\n }\n try {\n const combinedKey = hex2ua(this.primitives.shamir.combine(decryptedSplits))\n return await this.primitives.RSA.importKey('pkcs8', combinedKey, ['decrypt'], shaVersion)\n } catch (e) {\n // Could be not enough splits decrypted\n return undefined\n }\n }\n }\n\n private async tryDecryptSplitPiece(\n delegateAndEncryptedSplit: [string, string],\n exchangeKeys: { [delegateId: string]: CryptoKey[] },\n splitsCount: number\n ): Promise<ArrayBuffer | undefined> {\n const [delegate, encryptedPiece] = delegateAndEncryptedSplit\n for (const exchangeKey of exchangeKeys[delegate] ?? []) {\n try {\n const decrypted = await this.primitives.AES.decrypt(exchangeKey, hex2ua(encryptedPiece))\n if (this.validateDecryptedSplit(decrypted, splitsCount)) return decrypted\n } catch (e) {}\n }\n return undefined\n }\n\n private validateDecryptedSplit(decryptedSplit: ArrayBuffer, splitsCount: number): boolean {\n // Normally shamir split starts with 8 followed by the index of the split in hexadecimal.\n // However, we pad with an extra 'f' at the beginning\n const decryptedHex = ua2hex(decryptedSplit)\n if (decryptedHex[0] !== 'f' || decryptedHex[1] !== '8') return false\n try {\n const splitIndex = parseInt(decryptedHex.slice(2, 4), 16)\n return splitIndex > 0 && splitIndex <= splitsCount\n } catch (e) {\n return false\n }\n }\n\n private async recoverFromTransferKeys(\n dataOwner: DataOwnerWithType,\n allKeys: { [pubKeyFingerprint: string]: KeyPair<CryptoKey> },\n missingKeysFp: Set<string>\n ): Promise<{ [pubKeyFingerprint: string]: KeyPair<CryptoKey> }> {\n const publicKeyFingerprintToPublicKey = {\n ...fingerprintToPublicKeysMapOf(dataOwner.dataOwner, ShaVersion.Sha1),\n ...fingerprintToPublicKeysMapOf(dataOwner.dataOwner, ShaVersion.Sha256),\n }\n const missingKeysTransferData: { [recoverableKeyPubFp: string]: { publicKey: string; encryptedPrivateKey: Set<string> } } = {}\n Object.values(dataOwner.dataOwner.transferKeys ?? {}).forEach((transferKeysByEncryptor) => {\n Object.entries(transferKeysByEncryptor).forEach(([transferToPublicKey, transferPrivateKeyEncrypted]) => {\n const transferToPublicKeyFp = fingerprintV1(transferToPublicKey) // We are not sure if transfer public key will be a fp or not\n if (missingKeysFp.has(transferToPublicKeyFp)) {\n const existingEntryValue = missingKeysTransferData[transferToPublicKeyFp]\n if (existingEntryValue) {\n existingEntryValue.encryptedPrivateKey.add(transferPrivateKeyEncrypted)\n } else {\n const fullPublicKey = publicKeyFingerprintToPublicKey[transferToPublicKeyFp]\n if (fullPublicKey) {\n missingKeysTransferData[transferToPublicKeyFp] = {\n publicKey: fullPublicKey,\n encryptedPrivateKey: new Set([transferPrivateKeyEncrypted]),\n }\n } else {\n console.warn('Invalid data owner: there is a transfer key for an unknown public key')\n }\n }\n }\n })\n })\n const availableExchangeKeys = await this.getExchangeKeys(dataOwner.dataOwner.id!, dataOwner.dataOwner.id!, allKeys)\n\n return Object.entries(missingKeysTransferData).reduce(async (acc, [recoverableKeyPubFp, transferData]) => {\n const awaitedAcc = await acc\n const shaVersion = getShaVersionForKey(dataOwner.dataOwner, transferData.publicKey)\n if (!!shaVersion) {\n const decryptedTransferData = await this.tryDecryptTransferData(transferData, availableExchangeKeys, shaVersion)\n if (decryptedTransferData != undefined) {\n return { ...awaitedAcc, [recoverableKeyPubFp]: decryptedTransferData }\n } else return awaitedAcc\n } else return awaitedAcc\n }, Promise.resolve({} as { [pubKeyFingerprint: string]: KeyPair<CryptoKey> }))\n }\n\n private async tryDecryptTransferData(\n transferData: { publicKey: string; encryptedPrivateKey: Set<string> },\n availableExchangeKeys: CryptoKey[],\n shaVersion: ShaVersion\n ): Promise<KeyPair<CryptoKey> | undefined> {\n for (const encryptedTransferKey of transferData.encryptedPrivateKey) {\n const decryptedTransferKey = await this.tryDecryptTransferKey(encryptedTransferKey, availableExchangeKeys, shaVersion)\n if (decryptedTransferKey != undefined)\n return {\n privateKey: decryptedTransferKey,\n publicKey: await this.primitives.RSA.importKey('spki', hex2ua(transferData.publicKey), ['encrypt'], shaVersion),\n }\n }\n return undefined\n }\n\n // attempt to decrypt a transfer key in pkcs8 using any of the provided exchange keys\n private async tryDecryptTransferKey(\n encryptedTransferKey: string, // in hex format\n exchangeKeys: CryptoKey[],\n shaVersion: ShaVersion\n ): Promise<CryptoKey | undefined> {\n const encryptedKeyBytes = hex2ua(encryptedTransferKey)\n for (const exchangeKey of exchangeKeys) {\n try {\n const decryptedKeyData = await this.primitives.AES.decrypt(exchangeKey, encryptedKeyBytes)\n const importedPrivateKey = await this.primitives.RSA.importPrivateKey('pkcs8', decryptedKeyData, shaVersion)\n if (importedPrivateKey != undefined) return importedPrivateKey\n } catch (e) {\n /* failure is a valid possibility: we don't know the correct key to use */\n }\n }\n return undefined\n }\n\n // Get exchange keys from aes exchange keys / hc party keys and exchange data\n private async getExchangeKeys(\n from: string,\n to: string,\n availableDecryptionKeys: { [pubKeyFingerprint: string]: KeyPair<CryptoKey> }\n ): Promise<CryptoKey[]> {\n const aesExchangeKeys = await this.baseExchangeKeysManager.tryDecryptExchangeKeys(\n await this.baseExchangeKeysManager.getEncryptedExchangeKeysFor(from, to),\n availableDecryptionKeys\n )\n const decryptedExchangeDataKeys = await this.baseExchangeDataManager.tryDecryptExchangeKeys(\n await this.baseExchangeDataManager.getExchangeDataByDelegatorDelegatePair(from, to),\n availableDecryptionKeys\n )\n return [...aesExchangeKeys.successfulDecryptions, ...decryptedExchangeDataKeys.successfulDecryptions]\n }\n}\n"]}
@@ -5,7 +5,10 @@ export type KeyPair<T> = {
5
5
  publicKey: T;
6
6
  privateKey: T;
7
7
  };
8
- export type ShaVersion = 'sha-1' | 'sha-256';
8
+ export declare enum ShaVersion {
9
+ Sha1 = "sha-1",
10
+ Sha256 = "sha-256"
11
+ }
9
12
  export declare class RSAUtils {
10
13
  /********* RSA Config **********/
11
14
  rsaParams: any;
@@ -9,8 +9,13 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
9
9
  });
10
10
  };
11
11
  Object.defineProperty(exports, "__esModule", { value: true });
12
- exports.RSA = exports.RSAUtils = void 0;
12
+ exports.RSA = exports.RSAUtils = exports.ShaVersion = void 0;
13
13
  const utils_1 = require("../utils");
14
+ var ShaVersion;
15
+ (function (ShaVersion) {
16
+ ShaVersion["Sha1"] = "sha-1";
17
+ ShaVersion["Sha256"] = "sha-256";
18
+ })(ShaVersion = exports.ShaVersion || (exports.ShaVersion = {}));
14
19
  class RSAUtils {
15
20
  constructor(crypto = typeof window !== 'undefined' ? window.crypto : typeof self !== 'undefined' ? self.crypto : {}) {
16
21
  /********* RSA Config **********/