@icure/api 8.0.78 → 8.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (69) hide show
  1. package/icc-x-api/crypto/ExchangeKeysManager.d.ts +1 -0
  2. package/icc-x-api/crypto/ExchangeKeysManager.js +26 -16
  3. package/icc-x-api/crypto/ExchangeKeysManager.js.map +1 -1
  4. package/icc-x-api/crypto/ExtendedApisUtils.d.ts +47 -2
  5. package/icc-x-api/crypto/ExtendedApisUtils.js.map +1 -1
  6. package/icc-x-api/crypto/ExtendedApisUtilsImpl.d.ts +8 -1
  7. package/icc-x-api/crypto/ExtendedApisUtilsImpl.js +81 -2
  8. package/icc-x-api/crypto/ExtendedApisUtilsImpl.js.map +1 -1
  9. package/icc-x-api/crypto/SecretIdUseOption.d.ts +60 -0
  10. package/icc-x-api/crypto/SecretIdUseOption.js +60 -0
  11. package/icc-x-api/crypto/SecretIdUseOption.js.map +1 -0
  12. package/icc-x-api/icc-accesslog-x-api.d.ts +2 -1
  13. package/icc-x-api/icc-accesslog-x-api.js +2 -3
  14. package/icc-x-api/icc-accesslog-x-api.js.map +1 -1
  15. package/icc-x-api/icc-calendar-item-x-api.d.ts +26 -3
  16. package/icc-x-api/icc-calendar-item-x-api.js +51 -16
  17. package/icc-x-api/icc-calendar-item-x-api.js.map +1 -1
  18. package/icc-x-api/icc-classification-x-api.d.ts +2 -1
  19. package/icc-x-api/icc-classification-x-api.js +2 -3
  20. package/icc-x-api/icc-classification-x-api.js.map +1 -1
  21. package/icc-x-api/icc-contact-x-api.d.ts +3 -2
  22. package/icc-x-api/icc-contact-x-api.js +5 -8
  23. package/icc-x-api/icc-contact-x-api.js.map +1 -1
  24. package/icc-x-api/icc-crypto-x-api.d.ts +1 -7
  25. package/icc-x-api/icc-crypto-x-api.js +1 -8
  26. package/icc-x-api/icc-crypto-x-api.js.map +1 -1
  27. package/icc-x-api/icc-document-x-api.d.ts +2 -1
  28. package/icc-x-api/icc-document-x-api.js +3 -6
  29. package/icc-x-api/icc-document-x-api.js.map +1 -1
  30. package/icc-x-api/icc-form-x-api.d.ts +2 -1
  31. package/icc-x-api/icc-form-x-api.js +2 -3
  32. package/icc-x-api/icc-form-x-api.js.map +1 -1
  33. package/icc-x-api/icc-helement-x-api.d.ts +3 -2
  34. package/icc-x-api/icc-helement-x-api.js +5 -8
  35. package/icc-x-api/icc-helement-x-api.js.map +1 -1
  36. package/icc-x-api/icc-invoice-x-api.d.ts +2 -1
  37. package/icc-x-api/icc-invoice-x-api.js +2 -3
  38. package/icc-x-api/icc-invoice-x-api.js.map +1 -1
  39. package/icc-x-api/icc-message-x-api.d.ts +2 -1
  40. package/icc-x-api/icc-message-x-api.js +2 -3
  41. package/icc-x-api/icc-message-x-api.js.map +1 -1
  42. package/icc-x-api/icc-patient-x-api.js +4 -6
  43. package/icc-x-api/icc-patient-x-api.js.map +1 -1
  44. package/icc-x-api/icc-topic-x-api.d.ts +2 -1
  45. package/icc-x-api/icc-topic-x-api.js +3 -2
  46. package/icc-x-api/icc-topic-x-api.js.map +1 -1
  47. package/icc-x-api/index.js +1 -3
  48. package/icc-x-api/index.js.map +1 -1
  49. package/package.json +1 -1
  50. package/test/icc-x-api/confidential-entities-test.js +49 -6
  51. package/test/icc-x-api/confidential-entities-test.js.map +1 -1
  52. package/test/icc-x-api/crypto/cryptoTest.js +5 -3
  53. package/test/icc-x-api/crypto/cryptoTest.js.map +1 -1
  54. package/test/icc-x-api/crypto/full-crypto-test.js +0 -2
  55. package/test/icc-x-api/crypto/full-crypto-test.js.map +1 -1
  56. package/test/icc-x-api/crypto/shamir.js +3 -1
  57. package/test/icc-x-api/crypto/shamir.js.map +1 -1
  58. package/test/icc-x-api/diocancaro.d.ts +1 -0
  59. package/test/icc-x-api/diocancaro.js +75 -0
  60. package/test/icc-x-api/diocancaro.js.map +1 -0
  61. package/test/icc-x-api/icc-calendar-item-x-api.js +1 -1
  62. package/test/icc-x-api/icc-calendar-item-x-api.js.map +1 -1
  63. package/test/icc-x-api/icc-contact-x-api.js +4 -2
  64. package/test/icc-x-api/icc-contact-x-api.js.map +1 -1
  65. package/test/icc-x-api/icc-helement-x-api-test.js +3 -1
  66. package/test/icc-x-api/icc-helement-x-api-test.js.map +1 -1
  67. package/icc-x-api/crypto/ConfidentialEntities.d.ts +0 -64
  68. package/icc-x-api/crypto/ConfidentialEntities.js +0 -112
  69. package/icc-x-api/crypto/ConfidentialEntities.js.map +0 -1
@@ -1,64 +0,0 @@
1
- import { EncryptedEntity } from '../../icc-api/model/models';
2
- import { ExtendedApisUtils } from './ExtendedApisUtils';
3
- import { CryptoPrimitives } from './CryptoPrimitives';
4
- import { IccDataOwnerXApi } from '../icc-data-owner-x-api';
5
- import { EncryptedEntityWithType, EntityWithDelegationTypeName } from '../utils/EntityWithDelegationTypeName';
6
- import { EntityBulkShareResult } from '../../icc-api/model/requests/EntityBulkShareResult';
7
- import { BulkShareOrUpdateMetadataParams } from '../../icc-api/model/requests/BulkShareOrUpdateMetadataParams';
8
- /**
9
- * @internal this class is intended for internal use only and may be changed without notice.
10
- * This class helps to create confidential medical data in systems where multiple hcps share data with each other using parent hcps: while normally
11
- * the hcps would share all data with other hcps part of the same "family" (e.g. an hospital) there are situations where the medical data is
12
- * confidential and should only be known by the doctor which created the data. In these situations it is also important that the secret foreign key
13
- * used in the confidential data is not known by other members of the hcp family, otherwise they may be able to draw some links between the medical
14
- * data and the patient.
15
- */
16
- export declare class ConfidentialEntities {
17
- private readonly entitiesEncryption;
18
- private readonly primitives;
19
- private readonly dataOwnerApi;
20
- constructor(entitiesEncryption: ExtendedApisUtils, primitives: CryptoPrimitives, dataOwnerApi: IccDataOwnerXApi);
21
- /**
22
- * Ensures that the current data owner has access to a confidential secret id for the provided entity: this is an id that is known to the data owner
23
- * but is not known by any of his parents. If there is currently no confidential secret id for this entity the method returns a copy of the entity
24
- * with a new confidential secret id for the current data owner (the entity in the database won't be updated), else this method returns undefined.
25
- * New confidential secret ids will have an appropriate tag, but existing confidential secret ids may not necessarily have it.
26
- * @param entity an entity which needs to have a confidential secret id for the current data owner
27
- * @param entityType the type of the entity
28
- * @param doRequestBulkShareOrUpdate perform the request to share or update an entity encrypted metadata on the cloud API (and save to DB).
29
- * @return undefined if the entity already had a confidential secret id for the current user, or the updated AND SAVED entity with the new
30
- * confidential secret id.
31
- */
32
- initialiseConfidentialSecretId<T extends EncryptedEntity>(entity: T, entityType: EntityWithDelegationTypeName, doRequestBulkShareOrUpdate: (request: BulkShareOrUpdateMetadataParams) => Promise<EntityBulkShareResult<T>[]>): Promise<T | undefined>;
33
- /**
34
- * Get an existing confidential secret id of the provided entity for the provided data owner (current data owner by default). A confidential secret
35
- * id is a secret id known by the data owner but not known by any of his parents: note however that children will know confidential secret ids.
36
- * @param entity an entity for which you want to retrieve the confidential secret id.
37
- * @param dataOwnerId (current data owner by default) a data owner for which you want to get a confidential secret id.
38
- * @return the confidential secret id or undefined if there is no confidential secret id for the provided data owner.
39
- */
40
- getConfidentialSecretId(entity: EncryptedEntityWithType, dataOwnerId?: string): Promise<string | undefined>;
41
- /**
42
- * Get all existing confidential secret ids of the provided entity for the provided data owner (current data owner by default). A confidential secret
43
- * id is a secret id known by the data owner but not known by any of his parents: note however that children will know confidential secret ids.
44
- * @param entity an entity for which you want to retrieve the confidential secret id.
45
- * @param dataOwnerId (current data owner by default) a data owner for which you want to get a confidential secret id.
46
- * @return the confidential secret ids for the data owner (may be empty).
47
- */
48
- getConfidentialSecretIds(entity: EncryptedEntityWithType, dataOwnerId?: string): Promise<string[]>;
49
- /**
50
- * Gets a secret id known by the topmost parent of the current data owner hierarchy. If there is multiple secret ids shared with the topmost parent
51
- * there is no guarantee on which one will be chosen.
52
- * @param entity an entity.
53
- * @return a secret id known by the topmost parent of the current data owner hierarchy, or undefined if there is no secret id currently available
54
- * for the topmost parent.
55
- */
56
- getAnySecretIdSharedWithParents(entity: EncryptedEntityWithType): Promise<string | undefined>;
57
- /**
58
- * Gets all secret ids known by the topmost parent of the current data owner hierarchy (or all secret ids known by the current data owner if he is
59
- * not part of any data owner hierarchy).
60
- * @param entity an entity.
61
- * @return all secret ids known by the topmost parent of the current data owner hierarchy, may be empty.
62
- */
63
- getSecretIdsSharedWithParents(entity: EncryptedEntityWithType): Promise<string[]>;
64
- }
@@ -1,112 +0,0 @@
1
- "use strict";
2
- var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
3
- function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
4
- return new (P || (P = Promise))(function (resolve, reject) {
5
- function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
6
- function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
7
- function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
8
- step((generator = generator.apply(thisArg, _arguments || [])).next());
9
- });
10
- };
11
- Object.defineProperty(exports, "__esModule", { value: true });
12
- exports.ConfidentialEntities = void 0;
13
- const ShareMetadataBehaviour_1 = require("./ShareMetadataBehaviour");
14
- const EntityShareRequest_1 = require("../../icc-api/model/requests/EntityShareRequest");
15
- var RequestedPermissionEnum = EntityShareRequest_1.EntityShareRequest.RequestedPermissionEnum;
16
- /**
17
- * @internal this class is intended for internal use only and may be changed without notice.
18
- * This class helps to create confidential medical data in systems where multiple hcps share data with each other using parent hcps: while normally
19
- * the hcps would share all data with other hcps part of the same "family" (e.g. an hospital) there are situations where the medical data is
20
- * confidential and should only be known by the doctor which created the data. In these situations it is also important that the secret foreign key
21
- * used in the confidential data is not known by other members of the hcp family, otherwise they may be able to draw some links between the medical
22
- * data and the patient.
23
- */
24
- class ConfidentialEntities {
25
- constructor(entitiesEncryption, primitives, dataOwnerApi) {
26
- this.entitiesEncryption = entitiesEncryption;
27
- this.primitives = primitives;
28
- this.dataOwnerApi = dataOwnerApi;
29
- }
30
- /**
31
- * Ensures that the current data owner has access to a confidential secret id for the provided entity: this is an id that is known to the data owner
32
- * but is not known by any of his parents. If there is currently no confidential secret id for this entity the method returns a copy of the entity
33
- * with a new confidential secret id for the current data owner (the entity in the database won't be updated), else this method returns undefined.
34
- * New confidential secret ids will have an appropriate tag, but existing confidential secret ids may not necessarily have it.
35
- * @param entity an entity which needs to have a confidential secret id for the current data owner
36
- * @param entityType the type of the entity
37
- * @param doRequestBulkShareOrUpdate perform the request to share or update an entity encrypted metadata on the cloud API (and save to DB).
38
- * @return undefined if the entity already had a confidential secret id for the current user, or the updated AND SAVED entity with the new
39
- * confidential secret id.
40
- */
41
- initialiseConfidentialSecretId(entity, entityType, doRequestBulkShareOrUpdate) {
42
- return __awaiter(this, void 0, void 0, function* () {
43
- if (yield this.getConfidentialSecretId({ entity, type: entityType }))
44
- return undefined;
45
- const confidentialSecretId = this.primitives.randomUuid();
46
- return (yield this.entitiesEncryption.simpleShareOrUpdateEncryptedEntityMetadata({ entity, type: entityType }, {
47
- [yield this.dataOwnerApi.getCurrentDataOwnerId()]: {
48
- shareEncryptionKeys: ShareMetadataBehaviour_1.ShareMetadataBehaviour.NEVER,
49
- shareOwningEntityIds: ShareMetadataBehaviour_1.ShareMetadataBehaviour.NEVER,
50
- shareSecretIds: [confidentialSecretId],
51
- requestedPermissions: RequestedPermissionEnum.MAX_WRITE,
52
- },
53
- }, (request) => doRequestBulkShareOrUpdate(request))).updatedEntityOrThrow;
54
- });
55
- }
56
- /**
57
- * Get an existing confidential secret id of the provided entity for the provided data owner (current data owner by default). A confidential secret
58
- * id is a secret id known by the data owner but not known by any of his parents: note however that children will know confidential secret ids.
59
- * @param entity an entity for which you want to retrieve the confidential secret id.
60
- * @param dataOwnerId (current data owner by default) a data owner for which you want to get a confidential secret id.
61
- * @return the confidential secret id or undefined if there is no confidential secret id for the provided data owner.
62
- */
63
- getConfidentialSecretId(entity, dataOwnerId) {
64
- return __awaiter(this, void 0, void 0, function* () {
65
- return this.getConfidentialSecretIds(entity, dataOwnerId).then((x) => x[0]);
66
- });
67
- }
68
- /**
69
- * Get all existing confidential secret ids of the provided entity for the provided data owner (current data owner by default). A confidential secret
70
- * id is a secret id known by the data owner but not known by any of his parents: note however that children will know confidential secret ids.
71
- * @param entity an entity for which you want to retrieve the confidential secret id.
72
- * @param dataOwnerId (current data owner by default) a data owner for which you want to get a confidential secret id.
73
- * @return the confidential secret ids for the data owner (may be empty).
74
- */
75
- getConfidentialSecretIds(entity, dataOwnerId) {
76
- return __awaiter(this, void 0, void 0, function* () {
77
- // TODO throw exception if any parent key is not available? if we are missing even only one single parent key we can't be sure it is confidential
78
- const chosenDataOwnerId = dataOwnerId !== null && dataOwnerId !== void 0 ? dataOwnerId : (yield this.dataOwnerApi.getCurrentDataOwnerId());
79
- const dataOwnerHierarchy = yield this.dataOwnerApi.getCurrentDataOwnerHierarchyIdsFrom(chosenDataOwnerId);
80
- const hierarchySecretIds = (yield this.entitiesEncryption.secretIdsForHcpHierarchyOf(entity)).filter((x) => dataOwnerHierarchy.includes(x.ownerId));
81
- const keysForDataOwner = hierarchySecretIds.find((x) => x.ownerId === chosenDataOwnerId);
82
- if (!keysForDataOwner)
83
- return [];
84
- return keysForDataOwner.extracted.filter((k) => !hierarchySecretIds.some((x) => x.ownerId !== chosenDataOwnerId && x.extracted.includes(k)));
85
- });
86
- }
87
- /**
88
- * Gets a secret id known by the topmost parent of the current data owner hierarchy. If there is multiple secret ids shared with the topmost parent
89
- * there is no guarantee on which one will be chosen.
90
- * @param entity an entity.
91
- * @return a secret id known by the topmost parent of the current data owner hierarchy, or undefined if there is no secret id currently available
92
- * for the topmost parent.
93
- */
94
- getAnySecretIdSharedWithParents(entity) {
95
- return __awaiter(this, void 0, void 0, function* () {
96
- return (yield this.getSecretIdsSharedWithParents(entity))[0];
97
- });
98
- }
99
- /**
100
- * Gets all secret ids known by the topmost parent of the current data owner hierarchy (or all secret ids known by the current data owner if he is
101
- * not part of any data owner hierarchy).
102
- * @param entity an entity.
103
- * @return all secret ids known by the topmost parent of the current data owner hierarchy, may be empty.
104
- */
105
- getSecretIdsSharedWithParents(entity) {
106
- return __awaiter(this, void 0, void 0, function* () {
107
- return (yield this.entitiesEncryption.secretIdsForHcpHierarchyOf(entity))[0].extracted;
108
- });
109
- }
110
- }
111
- exports.ConfidentialEntities = ConfidentialEntities;
112
- //# sourceMappingURL=ConfidentialEntities.js.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"ConfidentialEntities.js","sourceRoot":"","sources":["../../../icc-x-api/crypto/ConfidentialEntities.ts"],"names":[],"mappings":";;;;;;;;;;;;AAKA,qEAAiE;AACjE,wFAAoF;AACpF,IAAO,uBAAuB,GAAG,uCAAkB,CAAC,uBAAuB,CAAA;AAK3E;;;;;;;GAOG;AACH,MAAa,oBAAoB;IAC/B,YACmB,kBAAqC,EACrC,UAA4B,EAC5B,YAA8B;QAF9B,uBAAkB,GAAlB,kBAAkB,CAAmB;QACrC,eAAU,GAAV,UAAU,CAAkB;QAC5B,iBAAY,GAAZ,YAAY,CAAkB;IAC9C,CAAC;IAEJ;;;;;;;;;;OAUG;IACG,8BAA8B,CAClC,MAAS,EACT,UAAwC,EACxC,0BAA6G;;YAE7G,IAAI,MAAM,IAAI,CAAC,uBAAuB,CAAC,EAAE,MAAM,EAAE,IAAI,EAAE,UAAU,EAAE,CAAC;gBAAE,OAAO,SAAS,CAAA;YACtF,MAAM,oBAAoB,GAAG,IAAI,CAAC,UAAU,CAAC,UAAU,EAAE,CAAA;YACzD,OAAO,CACL,MAAM,IAAI,CAAC,kBAAkB,CAAC,0CAA0C,CACtE,EAAE,MAAM,EAAE,IAAI,EAAE,UAAU,EAAE,EAC5B;gBACE,CAAC,MAAM,IAAI,CAAC,YAAY,CAAC,qBAAqB,EAAE,CAAC,EAAE;oBACjD,mBAAmB,EAAE,+CAAsB,CAAC,KAAK;oBACjD,oBAAoB,EAAE,+CAAsB,CAAC,KAAK;oBAClD,cAAc,EAAE,CAAC,oBAAoB,CAAC;oBACtC,oBAAoB,EAAE,uBAAuB,CAAC,SAAS;iBACxD;aACF,EACD,CAAC,OAAO,EAAE,EAAE,CAAC,0BAA0B,CAAC,OAAO,CAAC,CACjD,CACF,CAAC,oBAAoB,CAAA;QACxB,CAAC;KAAA;IAED;;;;;;OAMG;IACG,uBAAuB,CAAC,MAA+B,EAAE,WAAoB;;YACjF,OAAO,IAAI,CAAC,wBAAwB,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAA;QAC7E,CAAC;KAAA;IAED;;;;;;OAMG;IACG,wBAAwB,CAAC,MAA+B,EAAE,WAAoB;;YAClF,iJAAiJ;YACjJ,MAAM,iBAAiB,GAAG,WAAW,aAAX,WAAW,cAAX,WAAW,GAAI,CAAC,MAAM,IAAI,CAAC,YAAY,CAAC,qBAAqB,EAAE,CAAC,CAAA;YAC1F,MAAM,kBAAkB,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,mCAAmC,CAAC,iBAAiB,CAAC,CAAA;YACzG,MAAM,kBAAkB,GAAG,CAAC,MAAM,IAAI,CAAC,kBAAkB,CAAC,0BAA0B,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CACzG,kBAAkB,CAAC,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,CACvC,CAAA;YACD,MAAM,gBAAgB,GAAG,kBAAkB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,KAAK,iBAAiB,CAAC,CAAA;YAExF,IAAI,CAAC,gBAAgB;gBAAE,OAAO,EAAE,CAAA;YAChC,OAAO,gBAAgB,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,kBAAkB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,KAAK,iBAAiB,IAAI,CAAC,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAA;QAC9I,CAAC;KAAA;IAED;;;;;;OAMG;IACG,+BAA+B,CAAC,MAA+B;;YACnE,OAAO,CAAC,MAAM,IAAI,CAAC,6BAA6B,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAA;QAC9D,CAAC;KAAA;IAED;;;;;OAKG;IACG,6BAA6B,CAAC,MAA+B;;YACjE,OAAO,CAAC,MAAM,IAAI,CAAC,kBAAkB,CAAC,0BAA0B,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAA;QACxF,CAAC;KAAA;CACF;AA5FD,oDA4FC","sourcesContent":["import { EncryptedEntity } from '../../icc-api/model/models'\nimport { ExtendedApisUtils } from './ExtendedApisUtils'\nimport { CryptoPrimitives } from './CryptoPrimitives'\nimport { IccDataOwnerXApi } from '../icc-data-owner-x-api'\nimport { EncryptedEntityWithType, EntityWithDelegationTypeName } from '../utils/EntityWithDelegationTypeName'\nimport { ShareMetadataBehaviour } from './ShareMetadataBehaviour'\nimport { EntityShareRequest } from '../../icc-api/model/requests/EntityShareRequest'\nimport RequestedPermissionEnum = EntityShareRequest.RequestedPermissionEnum\nimport { EntityShareOrMetadataUpdateRequest } from '../../icc-api/model/requests/EntityShareOrMetadataUpdateRequest'\nimport { EntityBulkShareResult } from '../../icc-api/model/requests/EntityBulkShareResult'\nimport { BulkShareOrUpdateMetadataParams } from '../../icc-api/model/requests/BulkShareOrUpdateMetadataParams'\n\n/**\n * @internal this class is intended for internal use only and may be changed without notice.\n * This class helps to create confidential medical data in systems where multiple hcps share data with each other using parent hcps: while normally\n * the hcps would share all data with other hcps part of the same \"family\" (e.g. an hospital) there are situations where the medical data is\n * confidential and should only be known by the doctor which created the data. In these situations it is also important that the secret foreign key\n * used in the confidential data is not known by other members of the hcp family, otherwise they may be able to draw some links between the medical\n * data and the patient.\n */\nexport class ConfidentialEntities {\n constructor(\n private readonly entitiesEncryption: ExtendedApisUtils,\n private readonly primitives: CryptoPrimitives,\n private readonly dataOwnerApi: IccDataOwnerXApi\n ) {}\n\n /**\n * Ensures that the current data owner has access to a confidential secret id for the provided entity: this is an id that is known to the data owner\n * but is not known by any of his parents. If there is currently no confidential secret id for this entity the method returns a copy of the entity\n * with a new confidential secret id for the current data owner (the entity in the database won't be updated), else this method returns undefined.\n * New confidential secret ids will have an appropriate tag, but existing confidential secret ids may not necessarily have it.\n * @param entity an entity which needs to have a confidential secret id for the current data owner\n * @param entityType the type of the entity\n * @param doRequestBulkShareOrUpdate perform the request to share or update an entity encrypted metadata on the cloud API (and save to DB).\n * @return undefined if the entity already had a confidential secret id for the current user, or the updated AND SAVED entity with the new\n * confidential secret id.\n */\n async initialiseConfidentialSecretId<T extends EncryptedEntity>(\n entity: T,\n entityType: EntityWithDelegationTypeName,\n doRequestBulkShareOrUpdate: (request: BulkShareOrUpdateMetadataParams) => Promise<EntityBulkShareResult<T>[]>\n ): Promise<T | undefined> {\n if (await this.getConfidentialSecretId({ entity, type: entityType })) return undefined\n const confidentialSecretId = this.primitives.randomUuid()\n return (\n await this.entitiesEncryption.simpleShareOrUpdateEncryptedEntityMetadata(\n { entity, type: entityType },\n {\n [await this.dataOwnerApi.getCurrentDataOwnerId()]: {\n shareEncryptionKeys: ShareMetadataBehaviour.NEVER,\n shareOwningEntityIds: ShareMetadataBehaviour.NEVER,\n shareSecretIds: [confidentialSecretId],\n requestedPermissions: RequestedPermissionEnum.MAX_WRITE,\n },\n },\n (request) => doRequestBulkShareOrUpdate(request)\n )\n ).updatedEntityOrThrow\n }\n\n /**\n * Get an existing confidential secret id of the provided entity for the provided data owner (current data owner by default). A confidential secret\n * id is a secret id known by the data owner but not known by any of his parents: note however that children will know confidential secret ids.\n * @param entity an entity for which you want to retrieve the confidential secret id.\n * @param dataOwnerId (current data owner by default) a data owner for which you want to get a confidential secret id.\n * @return the confidential secret id or undefined if there is no confidential secret id for the provided data owner.\n */\n async getConfidentialSecretId(entity: EncryptedEntityWithType, dataOwnerId?: string): Promise<string | undefined> {\n return this.getConfidentialSecretIds(entity, dataOwnerId).then((x) => x[0])\n }\n\n /**\n * Get all existing confidential secret ids of the provided entity for the provided data owner (current data owner by default). A confidential secret\n * id is a secret id known by the data owner but not known by any of his parents: note however that children will know confidential secret ids.\n * @param entity an entity for which you want to retrieve the confidential secret id.\n * @param dataOwnerId (current data owner by default) a data owner for which you want to get a confidential secret id.\n * @return the confidential secret ids for the data owner (may be empty).\n */\n async getConfidentialSecretIds(entity: EncryptedEntityWithType, dataOwnerId?: string): Promise<string[]> {\n // TODO throw exception if any parent key is not available? if we are missing even only one single parent key we can't be sure it is confidential\n const chosenDataOwnerId = dataOwnerId ?? (await this.dataOwnerApi.getCurrentDataOwnerId())\n const dataOwnerHierarchy = await this.dataOwnerApi.getCurrentDataOwnerHierarchyIdsFrom(chosenDataOwnerId)\n const hierarchySecretIds = (await this.entitiesEncryption.secretIdsForHcpHierarchyOf(entity)).filter((x) =>\n dataOwnerHierarchy.includes(x.ownerId)\n )\n const keysForDataOwner = hierarchySecretIds.find((x) => x.ownerId === chosenDataOwnerId)\n\n if (!keysForDataOwner) return []\n return keysForDataOwner.extracted.filter((k) => !hierarchySecretIds.some((x) => x.ownerId !== chosenDataOwnerId && x.extracted.includes(k)))\n }\n\n /**\n * Gets a secret id known by the topmost parent of the current data owner hierarchy. If there is multiple secret ids shared with the topmost parent\n * there is no guarantee on which one will be chosen.\n * @param entity an entity.\n * @return a secret id known by the topmost parent of the current data owner hierarchy, or undefined if there is no secret id currently available\n * for the topmost parent.\n */\n async getAnySecretIdSharedWithParents(entity: EncryptedEntityWithType): Promise<string | undefined> {\n return (await this.getSecretIdsSharedWithParents(entity))[0]\n }\n\n /**\n * Gets all secret ids known by the topmost parent of the current data owner hierarchy (or all secret ids known by the current data owner if he is\n * not part of any data owner hierarchy).\n * @param entity an entity.\n * @return all secret ids known by the topmost parent of the current data owner hierarchy, may be empty.\n */\n async getSecretIdsSharedWithParents(entity: EncryptedEntityWithType): Promise<string[]> {\n return (await this.entitiesEncryption.secretIdsForHcpHierarchyOf(entity))[0].extracted\n }\n}\n"]}