@icure/api 8.0.8 → 8.0.10
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/icc-api/model/models.d.ts +1 -0
- package/icc-api/model/models.js +1 -0
- package/icc-api/model/models.js.map +1 -1
- package/icc-x-api/crypto/BaseExchangeDataManager.js +1 -1
- package/icc-x-api/crypto/BaseExchangeDataManager.js.map +1 -1
- package/icc-x-api/crypto/BaseExchangeKeysManager.js +7 -3
- package/icc-x-api/crypto/BaseExchangeKeysManager.js.map +1 -1
- package/icc-x-api/crypto/ExchangeDataManager.js +3 -2
- package/icc-x-api/crypto/ExchangeDataManager.js.map +1 -1
- package/icc-x-api/crypto/KeyRecovery.js +6 -5
- package/icc-x-api/crypto/KeyRecovery.js.map +1 -1
- package/icc-x-api/crypto/RSA.d.ts +4 -1
- package/icc-x-api/crypto/RSA.js +6 -1
- package/icc-x-api/crypto/RSA.js.map +1 -1
- package/icc-x-api/crypto/SecureDelegationsManager.js +2 -1
- package/icc-x-api/crypto/SecureDelegationsManager.js.map +1 -1
- package/icc-x-api/crypto/ShamirKeysManager.js +8 -9
- package/icc-x-api/crypto/ShamirKeysManager.js.map +1 -1
- package/icc-x-api/crypto/TransferKeysManager.js +4 -3
- package/icc-x-api/crypto/TransferKeysManager.js.map +1 -1
- package/icc-x-api/crypto/UserEncryptionKeysManager.js +4 -4
- package/icc-x-api/crypto/UserEncryptionKeysManager.js.map +1 -1
- package/icc-x-api/crypto/UserSignatureKeysManager.js +9 -5
- package/icc-x-api/crypto/UserSignatureKeysManager.js.map +1 -1
- package/icc-x-api/crypto/utils.d.ts +13 -4
- package/icc-x-api/crypto/utils.js +27 -9
- package/icc-x-api/crypto/utils.js.map +1 -1
- package/icc-x-api/icc-accesslog-x-api.js +16 -14
- package/icc-x-api/icc-accesslog-x-api.js.map +1 -1
- package/icc-x-api/icc-calendar-item-x-api.d.ts +2 -2
- package/icc-x-api/icc-calendar-item-x-api.js +17 -17
- package/icc-x-api/icc-calendar-item-x-api.js.map +1 -1
- package/icc-x-api/icc-classification-x-api.js +12 -11
- package/icc-x-api/icc-classification-x-api.js.map +1 -1
- package/icc-x-api/icc-contact-x-api.d.ts +2 -2
- package/icc-x-api/icc-contact-x-api.js +23 -20
- package/icc-x-api/icc-contact-x-api.js.map +1 -1
- package/icc-x-api/icc-data-owner-x-api.js +1 -1
- package/icc-x-api/icc-data-owner-x-api.js.map +1 -1
- package/icc-x-api/icc-document-x-api.js +17 -16
- package/icc-x-api/icc-document-x-api.js.map +1 -1
- package/icc-x-api/icc-form-x-api.js +13 -12
- package/icc-x-api/icc-form-x-api.js.map +1 -1
- package/icc-x-api/icc-helement-x-api.js +18 -16
- package/icc-x-api/icc-helement-x-api.js.map +1 -1
- package/icc-x-api/icc-icure-maintenance-x-api.js +4 -3
- package/icc-x-api/icc-icure-maintenance-x-api.js.map +1 -1
- package/icc-x-api/icc-invoice-x-api.js +12 -11
- package/icc-x-api/icc-invoice-x-api.js.map +1 -1
- package/icc-x-api/icc-maintenance-task-x-api.js +11 -11
- package/icc-x-api/icc-maintenance-task-x-api.js.map +1 -1
- package/icc-x-api/icc-message-x-api.js +14 -14
- package/icc-x-api/icc-message-x-api.js.map +1 -1
- package/icc-x-api/icc-patient-x-api.js +28 -27
- package/icc-x-api/icc-patient-x-api.js.map +1 -1
- package/icc-x-api/icc-receipt-x-api.js +11 -10
- package/icc-x-api/icc-receipt-x-api.js.map +1 -1
- package/icc-x-api/icc-recovery-x-api.js +3 -2
- package/icc-x-api/icc-recovery-x-api.js.map +1 -1
- package/icc-x-api/icc-time-table-x-api.js +9 -8
- package/icc-x-api/icc-time-table-x-api.js.map +1 -1
- package/icc-x-api/icc-topic-x-api.js +13 -13
- package/icc-x-api/icc-topic-x-api.js.map +1 -1
- package/icc-x-api/storage/IcureStorageFacade.js +4 -1
- package/icc-x-api/storage/IcureStorageFacade.js.map +1 -1
- package/icc-x-api/utils/EntityWithDelegationTypeName.d.ts +17 -1
- package/icc-x-api/utils/EntityWithDelegationTypeName.js +33 -15
- package/icc-x-api/utils/EntityWithDelegationTypeName.js.map +1 -1
- package/package.json +1 -1
- package/test/icc-api/api/IccAnonymousAccessApi.d.ts +1 -0
- package/test/icc-api/api/IccAnonymousAccessApi.js +58 -0
- package/test/icc-api/api/IccAnonymousAccessApi.js.map +1 -0
- package/test/icc-api/api/IccDocumentApi.d.ts +1 -0
- package/test/icc-api/api/IccDocumentApi.js +208 -0
- package/test/icc-api/api/IccDocumentApi.js.map +1 -0
- package/test/icc-api/api/IccGroupApi.d.ts +1 -0
- package/test/icc-api/api/IccGroupApi.js +50 -0
- package/test/icc-api/api/IccGroupApi.js.map +1 -0
- package/test/icc-api/api/IccRecoveryDataApi.d.ts +1 -0
- package/test/icc-api/api/IccRecoveryDataApi.js +95 -0
- package/test/icc-api/api/IccRecoveryDataApi.js.map +1 -0
- package/test/icc-api/api/IccRoleApi.d.ts +1 -0
- package/test/icc-api/api/IccRoleApi.js +34 -0
- package/test/icc-api/api/IccRoleApi.js.map +1 -0
- package/test/icc-api/api/IccUserApi.d.ts +1 -0
- package/test/icc-api/api/IccUserApi.js +96 -0
- package/test/icc-api/api/IccUserApi.js.map +1 -0
- package/test/icc-api/e2e/IccCalendarItemApi.d.ts +1 -0
- package/test/icc-api/e2e/IccCalendarItemApi.js +46 -0
- package/test/icc-api/e2e/IccCalendarItemApi.js.map +1 -0
- package/test/icc-api/model/modelHelpersTest.d.ts +1 -0
- package/test/icc-api/model/modelHelpersTest.js +45 -0
- package/test/icc-api/model/modelHelpersTest.js.map +1 -0
- package/test/icc-x-api/auth/group-switch-test.d.ts +1 -0
- package/test/icc-x-api/auth/group-switch-test.js +81 -0
- package/test/icc-x-api/auth/group-switch-test.js.map +1 -0
- package/test/icc-x-api/auth/jwt-concurrency-test.d.ts +2 -0
- package/test/icc-x-api/auth/jwt-concurrency-test.js +113 -0
- package/test/icc-x-api/auth/jwt-concurrency-test.js.map +1 -0
- package/test/icc-x-api/auth/smart-auth-provider-test.d.ts +1 -0
- package/test/icc-x-api/auth/smart-auth-provider-test.js +224 -0
- package/test/icc-x-api/auth/smart-auth-provider-test.js.map +1 -0
- package/test/icc-x-api/autofix-anonymity-test.d.ts +1 -0
- package/test/icc-x-api/autofix-anonymity-test.js +108 -0
- package/test/icc-x-api/autofix-anonymity-test.js.map +1 -0
- package/test/icc-x-api/confidential-entities-test.d.ts +1 -0
- package/test/icc-x-api/confidential-entities-test.js +110 -0
- package/test/icc-x-api/confidential-entities-test.js.map +1 -0
- package/test/icc-x-api/crud/comprehensive-crud-test.d.ts +1 -0
- package/test/icc-x-api/crud/comprehensive-crud-test.js +276 -0
- package/test/icc-x-api/crud/comprehensive-crud-test.js.map +1 -0
- package/test/icc-x-api/crud/entities-crud-test-interface.d.ts +16 -0
- package/test/icc-x-api/crud/entities-crud-test-interface.js +422 -0
- package/test/icc-x-api/crud/entities-crud-test-interface.js.map +1 -0
- package/test/icc-x-api/crypto/anonymous-delegations-test.d.ts +1 -0
- package/test/icc-x-api/crypto/anonymous-delegations-test.js +588 -0
- package/test/icc-x-api/crypto/anonymous-delegations-test.js.map +1 -0
- package/test/icc-x-api/crypto/concurrency.d.ts +1 -0
- package/test/icc-x-api/crypto/concurrency.js +35 -0
- package/test/icc-x-api/crypto/concurrency.js.map +1 -0
- package/test/icc-x-api/crypto/crypto-utils.d.ts +1 -0
- package/test/icc-x-api/crypto/crypto-utils.js +80 -0
- package/test/icc-x-api/crypto/crypto-utils.js.map +1 -0
- package/test/icc-x-api/crypto/cryptoTest.d.ts +2 -0
- package/test/icc-x-api/crypto/cryptoTest.js +302 -0
- package/test/icc-x-api/crypto/cryptoTest.js.map +1 -0
- package/test/icc-x-api/crypto/delegate-ci-to-patient-with-missing-keys-test.d.ts +1 -0
- package/test/icc-x-api/crypto/delegate-ci-to-patient-with-missing-keys-test.js +166 -0
- package/test/icc-x-api/crypto/delegate-ci-to-patient-with-missing-keys-test.js.map +1 -0
- package/test/icc-x-api/crypto/exchange-data-manager-test.d.ts +1 -0
- package/test/icc-x-api/crypto/exchange-data-manager-test.js +690 -0
- package/test/icc-x-api/crypto/exchange-data-manager-test.js.map +1 -0
- package/test/icc-x-api/crypto/full-crypto-test.d.ts +1 -0
- package/test/icc-x-api/crypto/full-crypto-test.js +457 -0
- package/test/icc-x-api/crypto/full-crypto-test.js.map +1 -0
- package/test/icc-x-api/crypto/secure-delegations-manager-test.d.ts +1 -0
- package/test/icc-x-api/crypto/secure-delegations-manager-test.js +266 -0
- package/test/icc-x-api/crypto/secure-delegations-manager-test.js.map +1 -0
- package/test/icc-x-api/crypto/secure-delegations-metadata-decryptor-test.d.ts +1 -0
- package/test/icc-x-api/crypto/secure-delegations-metadata-decryptor-test.js +393 -0
- package/test/icc-x-api/crypto/secure-delegations-metadata-decryptor-test.js.map +1 -0
- package/test/icc-x-api/crypto/security-metadata-decryptor-chain-test.d.ts +1 -0
- package/test/icc-x-api/crypto/security-metadata-decryptor-chain-test.js +213 -0
- package/test/icc-x-api/crypto/security-metadata-decryptor-chain-test.js.map +1 -0
- package/test/icc-x-api/crypto/shamir.d.ts +2 -0
- package/test/icc-x-api/crypto/shamir.js +166 -0
- package/test/icc-x-api/crypto/shamir.js.map +1 -0
- package/test/icc-x-api/crypto/share-to-newly-created-patient-from-hcp.d.ts +1 -0
- package/test/icc-x-api/crypto/share-to-newly-created-patient-from-hcp.js +71 -0
- package/test/icc-x-api/crypto/share-to-newly-created-patient-from-hcp.js.map +1 -0
- package/test/icc-x-api/crypto/signature-keys-manager-test.d.ts +1 -0
- package/test/icc-x-api/crypto/signature-keys-manager-test.js +44 -0
- package/test/icc-x-api/crypto/signature-keys-manager-test.js.map +1 -0
- package/test/icc-x-api/crypto/user-encryption-keys-manager-test.d.ts +1 -0
- package/test/icc-x-api/crypto/user-encryption-keys-manager-test.js +246 -0
- package/test/icc-x-api/crypto/user-encryption-keys-manager-test.js.map +1 -0
- package/test/icc-x-api/entity-with-attachments-api-test.d.ts +1 -0
- package/test/icc-x-api/entity-with-attachments-api-test.js +142 -0
- package/test/icc-x-api/entity-with-attachments-api-test.js.map +1 -0
- package/test/icc-x-api/filters/filters.d.ts +1 -0
- package/test/icc-x-api/filters/filters.js +49 -0
- package/test/icc-x-api/filters/filters.js.map +1 -0
- package/test/icc-x-api/icc-accesslog-x-api.d.ts +1 -0
- package/test/icc-x-api/icc-accesslog-x-api.js +106 -0
- package/test/icc-x-api/icc-accesslog-x-api.js.map +1 -0
- package/test/icc-x-api/icc-auth-api.d.ts +1 -0
- package/test/icc-x-api/icc-auth-api.js +47 -0
- package/test/icc-x-api/icc-auth-api.js.map +1 -0
- package/test/icc-x-api/icc-calendar-item-x-api.d.ts +1 -0
- package/test/icc-x-api/icc-calendar-item-x-api.js +150 -0
- package/test/icc-x-api/icc-calendar-item-x-api.js.map +1 -0
- package/test/icc-x-api/icc-contact-x-api.d.ts +1 -0
- package/test/icc-x-api/icc-contact-x-api.js +279 -0
- package/test/icc-x-api/icc-contact-x-api.js.map +1 -0
- package/test/icc-x-api/icc-form-x-api.d.ts +1 -0
- package/test/icc-x-api/icc-form-x-api.js +98 -0
- package/test/icc-x-api/icc-form-x-api.js.map +1 -0
- package/test/icc-x-api/icc-helement-x-api-test.d.ts +1 -0
- package/test/icc-x-api/icc-helement-x-api-test.js +153 -0
- package/test/icc-x-api/icc-helement-x-api-test.js.map +1 -0
- package/test/icc-x-api/icc-invoice-x-api.d.ts +1 -0
- package/test/icc-x-api/icc-invoice-x-api.js +99 -0
- package/test/icc-x-api/icc-invoice-x-api.js.map +1 -0
- package/test/icc-x-api/icc-maintenance-task-x-api-test.d.ts +1 -0
- package/test/icc-x-api/icc-maintenance-task-x-api-test.js +221 -0
- package/test/icc-x-api/icc-maintenance-task-x-api-test.js.map +1 -0
- package/test/icc-x-api/icc-message-x-api.d.ts +1 -0
- package/test/icc-x-api/icc-message-x-api.js +328 -0
- package/test/icc-x-api/icc-message-x-api.js.map +1 -0
- package/test/icc-x-api/icc-patient-x-api-test.d.ts +1 -0
- package/test/icc-x-api/icc-patient-x-api-test.js +158 -0
- package/test/icc-x-api/icc-patient-x-api-test.js.map +1 -0
- package/test/icc-x-api/icc-recovery-x-api.d.ts +1 -0
- package/test/icc-x-api/icc-recovery-x-api.js +170 -0
- package/test/icc-x-api/icc-recovery-x-api.js.map +1 -0
- package/test/icc-x-api/icc-time-table-x-api.d.ts +1 -0
- package/test/icc-x-api/icc-time-table-x-api.js +100 -0
- package/test/icc-x-api/icc-time-table-x-api.js.map +1 -0
- package/test/icc-x-api/icc-topic-x-api.d.ts +1 -0
- package/test/icc-x-api/icc-topic-x-api.js +269 -0
- package/test/icc-x-api/icc-topic-x-api.js.map +1 -0
- package/test/icc-x-api/icc-user-x-api-test.d.ts +1 -0
- package/test/icc-x-api/icc-user-x-api-test.js +99 -0
- package/test/icc-x-api/icc-user-x-api-test.js.map +1 -0
- package/test/icc-x-api/patient-user.d.ts +2 -0
- package/test/icc-x-api/patient-user.js +104 -0
- package/test/icc-x-api/patient-user.js.map +1 -0
- package/test/icc-x-api/storage/storage.d.ts +1 -0
- package/test/icc-x-api/storage/storage.js +48 -0
- package/test/icc-x-api/storage/storage.js.map +1 -0
- package/test/icc-x-api/test-api-no-parent.d.ts +1 -0
- package/test/icc-x-api/test-api-no-parent.js +79 -0
- package/test/icc-x-api/test-api-no-parent.js.map +1 -0
- package/test/icc-x-api/test-legacy-data-support.d.ts +1 -0
- package/test/icc-x-api/test-legacy-data-support.js +376 -0
- package/test/icc-x-api/test-legacy-data-support.js.map +1 -0
- package/test/icc-x-api/utils/graph-test.d.ts +1 -0
- package/test/icc-x-api/utils/graph-test.js +54 -0
- package/test/icc-x-api/utils/graph-test.js.map +1 -0
- package/test/icc-x-api/utils/lru-temporised-async-cache-test.d.ts +1 -0
- package/test/icc-x-api/utils/lru-temporised-async-cache-test.js +364 -0
- package/test/icc-x-api/utils/lru-temporised-async-cache-test.js.map +1 -0
- package/test/support/CSM-185.d.ts +1 -0
- package/test/support/CSM-185.js +124 -0
- package/test/support/CSM-185.js.map +1 -0
- package/test/support/CSM-243.d.ts +1 -0
- package/test/support/CSM-243.js +120 -0
- package/test/support/CSM-243.js.map +1 -0
- package/test/support/CSM-87.d.ts +0 -0
- package/test/support/CSM-87.js +21 -0
- package/test/support/CSM-87.js.map +1 -0
- package/test/support/CSM-93.d.ts +1 -0
- package/test/support/CSM-93.js +112 -0
- package/test/support/CSM-93.js.map +1 -0
- package/test/utils/FakeDataOwnerApi.d.ts +32 -0
- package/test/utils/FakeDataOwnerApi.js +136 -0
- package/test/utils/FakeDataOwnerApi.js.map +1 -0
- package/test/utils/FakeEncryptionKeysManager.d.ts +35 -0
- package/test/utils/FakeEncryptionKeysManager.js +87 -0
- package/test/utils/FakeEncryptionKeysManager.js.map +1 -0
- package/test/utils/FakeExchangeDataApi.d.ts +30 -0
- package/test/utils/FakeExchangeDataApi.js +74 -0
- package/test/utils/FakeExchangeDataApi.js.map +1 -0
- package/test/utils/FakeExchangeDataManager.d.ts +40 -0
- package/test/utils/FakeExchangeDataManager.js +89 -0
- package/test/utils/FakeExchangeDataManager.js.map +1 -0
- package/test/utils/FakeExchangeDataMapManager.d.ts +12 -0
- package/test/utils/FakeExchangeDataMapManager.js +38 -0
- package/test/utils/FakeExchangeDataMapManager.js.map +1 -0
- package/test/utils/FakeGenericApi.d.ts +16 -0
- package/test/utils/FakeGenericApi.js +65 -0
- package/test/utils/FakeGenericApi.js.map +1 -0
- package/test/utils/FakeSignatureKeysManager.d.ts +16 -0
- package/test/utils/FakeSignatureKeysManager.js +54 -0
- package/test/utils/FakeSignatureKeysManager.js.map +1 -0
- package/test/utils/TestApi.d.ts +3 -0
- package/test/utils/TestApi.js +30 -0
- package/test/utils/TestApi.js.map +1 -0
- package/test/utils/TestCollectionUtils.d.ts +1 -0
- package/test/utils/TestCollectionUtils.js +109 -0
- package/test/utils/TestCollectionUtils.js.map +1 -0
- package/test/utils/TestCryptoStrategies.d.ts +42 -0
- package/test/utils/TestCryptoStrategies.js +80 -0
- package/test/utils/TestCryptoStrategies.js.map +1 -0
- package/test/utils/TestStorage.d.ts +23 -0
- package/test/utils/TestStorage.js +61 -0
- package/test/utils/TestStorage.js.map +1 -0
- package/test/utils/test_utils.d.ts +76 -0
- package/test/utils/test_utils.js +419 -0
- package/test/utils/test_utils.js.map +1 -0
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"SecureDelegationsManager.js","sourceRoot":"","sources":["../../../icc-x-api/crypto/SecureDelegationsManager.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,wFAAoF;AAKpF,oFAA6E;AAC7E,mCAA2F;AAK3F,oCAAyC;AAIzC,2EAAuE;AACvE,sHAAkH;AAClH,IAAO,mBAAmB,GAAG,qEAAiC,CAAC,mBAAmB,CAAA;AAClF,IAAO,eAAe,GAAG,mCAAgB,CAAC,eAAe,CAAA;AACzD,2EAAuE;AAGvE,MAAa,wBAAwB;IACnC,YACmB,mBAAwC,EACxC,sBAA8C,EAC9C,2BAAwD,EACxD,wBAAkD,EAClD,QAAmC,EACnC,UAA4B,EAC5B,YAA8B,EAC9B,gBAAkC,EAClC,6BAAsC;QARtC,wBAAmB,GAAnB,mBAAmB,CAAqB;QACxC,2BAAsB,GAAtB,sBAAsB,CAAwB;QAC9C,gCAA2B,GAA3B,2BAA2B,CAA6B;QACxD,6BAAwB,GAAxB,wBAAwB,CAA0B;QAClD,aAAQ,GAAR,QAAQ,CAA2B;QACnC,eAAU,GAAV,UAAU,CAAkB;QAC5B,iBAAY,GAAZ,YAAY,CAAkB;QAC9B,qBAAgB,GAAhB,gBAAgB,CAAkB;QAClC,kCAA6B,GAA7B,6BAA6B,CAAS;QAGxC,uBAAkB,GAO/B,IAAI,oDAAuB,CAAC,GAAG,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAA;IATvD,CAAC;IAWJ;;;;;;;;;;OAUG;IACG,sCAAsC,CAC1C,MAA2C,EAC3C,UAAwC,EACxC,SAAmB,EACnB,eAAyB,EACzB,cAAwB,EACxB,eAA2E;;YAE3E,MAAM,cAAc,GAA4B,EAAE,MAAM,EAAE,IAAI,EAAE,UAAU,EAAE,CAAA;YAC5E,MAAM,kBAAkB,GAAG,MAAM,IAAI,CAAC,wBAAwB,CAC5D,cAAc,EACd,MAAM,IAAI,CAAC,YAAY,CAAC,qBAAqB,EAAE,EAC/C,SAAS,EACT,cAAc,EACd,eAAe,EACf,eAAe,CAAC,KAAK,EACrB,SAAS,CACV,CAAA;YACD,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,qBAAqB,EAAE,CAAA;YAC9D,MAAM,oBAAoB,GAMpB,EAAE,CAAA;YACR,KAAK,MAAM,CAAC,UAAU,EAAE,WAAW,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,eAAe,CAAC,EAAE;gBACvE,IAAI,UAAU,KAAK,MAAM,EAAE;oBACzB,oBAAoB,CAAC,IAAI,CACvB,MAAM,IAAI,CAAC,wBAAwB,CACjC,cAAc,EACd,UAAU,EACV,SAAS,EACT,cAAc,EACd,eAAe,EACf,WAAW,EACX,kBAAkB,CAAC,sBAAsB,CAC1C,CACF,CAAA;iBACF;aACF;YACD,MAAM,iBAAiB,GAAG,MAAM,CAAC,WAAW,CAC1C,CAAC,kBAAkB,EAAE,GAAG,oBAAoB,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,sBAAsB,EAAE,UAAU,EAAE,EAAE,EAAE,CAAC,CAAC,sBAAsB,EAAE,UAAU,CAAC,CAAC,CACpI,CAAA;YACD,MAAM,gBAAgB,qBACjB,kBAAkB,CAAC,yBAAyB,CAChD,CAAA;YACD,KAAK,MAAM,EAAE,yBAAyB,EAAE,oBAAoB,EAAE,IAAI,oBAAoB,EAAE;gBACtF,MAAM,CAAC,MAAM,CAAC,gBAAgB,EAAE,oBAAoB,CAAC,CAAA;aACtD;YACD,MAAM,mBAAmB,GAAG,MAAM,CAAC,WAAW,CAC5C,oBAAoB;iBACjB,MAAM,CAAC,CAAC,EAAE,uBAAuB,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC,uBAAuB,CAAC;iBAClE,GAAG,CAAC,CAAC,EAAE,yBAAyB,EAAE,uBAAuB,EAAE,EAAE,EAAE,CAAC,CAAC,yBAAyB,EAAE,uBAAwB,CAAC,CAAC,CAC1H,CAAA;YACD,MAAM,IAAI,CAAC,sBAAsB,CAAC,sBAAsB,CAAC,mBAAmB,CAAC,CAAA;YAC7E,uCACK,MAAM,KACT,gBAAgB,EAAE,IAAI,mCAAgB,CAAC,EAAE,iBAAiB,EAAE,gBAAgB,EAAE,CAAC,IAChF;QACH,CAAC;KAAA;IAED;;;;;;;;;;;;;;OAcG;IACG,8BAA8B,CAClC,cAAuC,EACvC,UAAkB,EAClB,cAAwB,EACxB,mBAA6B,EAC7B,oBAA8B,EAC9B,wBAAwE;;;YAExE,MAAM,gBAAgB,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,2BAA2B,CACjF,UAAU,EACV,cAAc,CAAC,IAAI,EACnB,MAAA,cAAc,CAAC,MAAM,CAAC,iBAAiB,mCAAI,EAAE,EAC7C,KAAK,CACN,CAAA;YACD,MAAM,mBAAmB,GAAG,MAAM,IAAI,CAAC,wBAAwB,CAAC,uBAAuB,CACrF,gBAAgB,CAAC,mBAAmB,EACpC,cAAc,CAAC,IAAI,EACnB,MAAA,cAAc,CAAC,MAAM,CAAC,iBAAiB,mCAAI,EAAE,CAC9C,CAAA;YACD,MAAM,wBAAwB,GAAG,IAAI,CAAC,0CAA0C,CAAC,cAAc,CAAC,MAAM,EAAE,mBAAmB,CAAC,CAAA;YAC5H,IAAI,wBAAwB,EAAE;gBAC5B,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,uBAAuB,CACrD,wBAAwB,CAAC,YAAY,EACrC,wBAAwB,CAAC,gBAAgB,EACzC,gBAAgB,EAChB,cAAc,EACd,mBAAmB,EACnB,oBAAoB,CACrB,CAAA;gBACD,OAAO,YAAY,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,YAAY,EAAE,CAAC,CAAC,CAAC,SAAS,CAAA;aAC3D;iBAAM;gBACL,MAAM,iBAAiB,GAAG,CACxB,MAAM,IAAI,CAAC,wBAAwB,CAAC,oBAAoB,CACtD,gBAAgB,CAAC,mBAAmB,EACpC,cAAc,CAAC,IAAI,EACnB,MAAA,cAAc,CAAC,MAAM,CAAC,iBAAiB,mCAAI,EAAE,CAC9C,CACF,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAA,cAAM,EAAC,CAAC,CAAC,CAAC,CAAA;gBACvB,OAAO;oBACL,KAAK,EAAE,MAAM,IAAI,CAAC,sBAAsB,CACtC,gBAAgB,EAChB,iBAAiB,EACjB,UAAU,EACV,cAAc,EACd,mBAAmB,EACnB,oBAAoB,EACpB,wBAAwB,CACzB;iBACF,CAAA;aACF;;KACF;IAEa,uBAAuB,CACnC,YAAoB,EACpB,kBAAoC,EACpC,gBAAqG,EACrG,cAAwB,EACxB,mBAA6B,EAC7B,oBAA8B;;YAE9B,MAAM,iBAAiB,GAAG,IAAI,GAAG,CAAC,MAAM,IAAI,CAAC,2BAA2B,CAAC,gBAAgB,CAAC,kBAAkB,EAAE,gBAAgB,CAAC,WAAW,CAAC,CAAC,CAAA;YAC5I,MAAM,sBAAsB,GAAG,IAAI,GAAG,CACpC,MAAM,IAAI,CAAC,2BAA2B,CAAC,qBAAqB,CAAC,kBAAkB,EAAE,gBAAgB,CAAC,WAAW,CAAC,CAC/G,CAAA;YACD,MAAM,uBAAuB,GAAG,IAAI,GAAG,CACrC,MAAM,IAAI,CAAC,2BAA2B,CAAC,sBAAsB,CAAC,kBAAkB,EAAE,gBAAgB,CAAC,WAAW,CAAC,CAChH,CAAA;YACD,MAAM,YAAY,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,iBAAiB,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAA;YAC9E,MAAM,iBAAiB,GAAG,mBAAmB,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,sBAAsB,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAA;YAC/F,MAAM,kBAAkB,GAAG,oBAAoB,CAAC,MAAM,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,uBAAuB,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAA;YAChG,IAAI,YAAY,CAAC,MAAM,IAAI,iBAAiB,CAAC,MAAM,IAAI,kBAAkB,CAAC,MAAM,EAAE;gBAChF,MAAM,qBAAqB,GAAG,MAAM,IAAI,CAAC,2BAA2B,CAAC,gBAAgB,CAAC,YAAY,EAAE,gBAAgB,CAAC,WAAW,CAAC,CAAA;gBACjI,MAAM,0BAA0B,GAAG,MAAM,IAAI,CAAC,2BAA2B,CAAC,qBAAqB,CAAC,iBAAiB,EAAE,gBAAgB,CAAC,WAAW,CAAC,CAAA;gBAChJ,MAAM,2BAA2B,GAAG,MAAM,IAAI,CAAC,2BAA2B,CAAC,sBAAsB,CAC/F,kBAAkB,EAClB,gBAAgB,CAAC,WAAW,CAC7B,CAAA;gBACD,OAAO,IAAI,qEAAiC,CAAC;oBAC3C,yBAAyB,EAAE,YAAY;oBACvC,SAAS,EAAE,MAAM,CAAC,WAAW,CAAC,qBAAqB,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,EAAE,EAAE,mBAAmB,CAAC,MAAM,CAAC,CAAC,CAAC;oBAClG,cAAc,EAAE,MAAM,CAAC,WAAW,CAAC,0BAA0B,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,GAAG,EAAE,mBAAmB,CAAC,MAAM,CAAC,CAAC,CAAC;oBAC9G,eAAe,EAAE,MAAM,CAAC,WAAW,CAAC,2BAA2B,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,EAAE,EAAE,mBAAmB,CAAC,MAAM,CAAC,CAAC,CAAC;iBAC/G,CAAC,CAAA;aACH;;gBAAM,OAAO,SAAS,CAAA;QACzB,CAAC;KAAA;IAEa,sBAAsB,CAClC,gBAAqG,EACrG,iBAA2B,EAC3B,UAAkB,EAClB,cAAwB,EACxB,mBAA6B,EAC7B,oBAA8B,EAC9B,wBAAwE;;YAExE,OAAO,IAAI,uCAAkB,iCACxB,CAAC,MAAM,IAAI,CAAC,iCAAiC,CAAC,gBAAgB,EAAE,UAAU,EAAE,cAAc,EAAE,mBAAmB,EAAE,oBAAoB,CAAC,CAAC,KAC1I,oBAAoB,EAAE,wBAAwB,EAC9C,iBAAiB,IACjB,CAAA;QACJ,CAAC;KAAA;IAEa,wBAAwB,CACpC,MAA+B,EAC/B,UAAkB,EAClB,cAAwB,EACxB,mBAA6B,EAC7B,oBAA8B,EAC9B,WAA4B,EAC5B,mBAAuC;;;YAQvC,sDAAsD;YACtD,MAAM,gBAAgB,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,2BAA2B,CACjF,UAAU,EACV,MAAM,CAAC,IAAI,EACX,MAAA,MAAM,CAAC,MAAM,CAAC,iBAAiB,mCAAI,EAAE,EACrC,KAAK,CACN,CAAA;YACD,MAAM,mBAAmB,GAAG,MAAM,IAAI,CAAC,wBAAwB,CAAC,uBAAuB,CACrF,gBAAgB,CAAC,mBAAmB,EACpC,MAAM,CAAC,IAAI,EACX,MAAA,MAAM,CAAC,MAAM,CAAC,iBAAiB,mCAAI,EAAE,CACtC,CAAA;YACD,MAAM,iBAAiB,GAAG,CACxB,MAAM,IAAI,CAAC,wBAAwB,CAAC,oBAAoB,CACtD,gBAAgB,CAAC,mBAAmB,EACpC,MAAM,CAAC,IAAI,EACX,MAAA,MAAM,CAAC,MAAM,CAAC,iBAAiB,mCAAI,EAAE,CACtC,CACF,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAA,cAAM,EAAC,CAAC,CAAC,CAAC,CAAA;YACvB,MAAM,yBAAyB,GAAG,iBAAiB;iBAChD,GAAG,CAAC,CAAC,GAAG,EAAE,KAAK,EAAE,EAAE;gBAClB,OAAO,CAAC,GAAG,EAAE,mBAAmB,CAAC,KAAK,CAAC,CAAC,CAAA;YAC1C,CAAC,CAAC;iBACD,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAA;YAE3C,MAAM,YAAY,GAAG,yBAAyB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAA;YACpD,MAAM,eAAe,GAAG,MAAM,CAAC,WAAW,CAAC,yBAAyB,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC,CAAC,CAAA;YACrH,MAAM,uBAAuB,GAAG,MAAM,IAAI,CAAC,iCAAiC,CAC1E,gBAAgB,EAChB,UAAU,EACV,cAAc,EACd,mBAAmB,EACnB,oBAAoB,CACrB,CAAA;YACD,MAAM,UAAU,GAAG,IAAI,mCAAgB,CAAC;gBACtC,SAAS,EAAE,uBAAuB,aAAvB,uBAAuB,uBAAvB,uBAAuB,CAAE,iBAAiB;gBACrD,QAAQ,EAAE,uBAAuB,aAAvB,uBAAuB,uBAAvB,uBAAuB,CAAE,gBAAgB;gBACnD,SAAS,EAAE,uBAAuB,aAAvB,uBAAuB,uBAAvB,uBAAuB,CAAE,SAAS;gBAC7C,cAAc,EAAE,uBAAuB,aAAvB,uBAAuB,uBAAvB,uBAAuB,CAAE,cAAc;gBACvD,eAAe,EAAE,uBAAuB,aAAvB,uBAAuB,uBAAvB,uBAAuB,CAAE,eAAe;gBACzD,iBAAiB,EAAE,mBAAmB,CAAC,CAAC,CAAC,CAAC,mBAAmB,CAAC,CAAC,CAAC,CAAC,SAAS;gBAC1E,cAAc,EAAE,uBAAuB,aAAvB,uBAAuB,uBAAvB,uBAAuB,CAAE,cAAc;gBACvD,uBAAuB,EAAE,uBAAuB,aAAvB,uBAAuB,uBAAvB,uBAAuB,CAAE,uBAAuB;gBACzE,WAAW,EAAE,WAAW;aACzB,CAAC,CAAA;YACF,OAAO;gBACL,sBAAsB,EAAE,YAAY;gBACpC,yBAAyB,EAAE,yBAAyB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;gBAC1D,UAAU;gBACV,uBAAuB,EAAE,uBAAuB,aAAvB,uBAAuB,uBAAvB,uBAAuB,CAAE,uBAAuB;gBACzE,yBAAyB,EAAE,eAAe;aAC3C,CAAA;;KACF;IAEa,iCAAiC,CAC7C,gBAAqG,EACrG,UAAkB,EAClB,cAAwB,EACxB,mBAA6B,EAC7B,oBAA8B;;YAU9B,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,qBAAqB,EAAE,CAAA;YAC9D,MAAM,kBAAkB,GACtB,UAAU,KAAK,MAAM;gBACnB,CAAC,CAAC,IAAI,CAAC,6BAA6B,CAAC,MAAM,EAAE,gBAAgB,CAAC,YAAY,CAAC;gBAC3E,CAAC,CAAC,MAAM,IAAI,CAAC,iCAAiC,CAAC,MAAM,EAAE,UAAU,EAAE,gBAAgB,CAAC,YAAY,CAAC,CAAA;YACrG,MAAM,kBAAkB,GAAG,MAAM,IAAI,CAAC,2BAA2B,CAAC,gBAAgB,CAAC,cAAc,EAAE,gBAAgB,CAAC,WAAW,CAAC,CAAA;YAChI,MAAM,uBAAuB,GAAG,MAAM,IAAI,CAAC,2BAA2B,CAAC,qBAAqB,CAAC,mBAAmB,EAAE,gBAAgB,CAAC,WAAW,CAAC,CAAA;YAC/I,MAAM,wBAAwB,GAAG,MAAM,IAAI,CAAC,2BAA2B,CAAC,sBAAsB,CAAC,oBAAoB,EAAE,gBAAgB,CAAC,WAAW,CAAC,CAAA;YAClJ,uCACK,kBAAkB,KACrB,SAAS,EAAE,kBAAkB,EAC7B,cAAc,EAAE,uBAAuB,EACvC,eAAe,EAAE,wBAAwB,IAC1C;QACH,CAAC;KAAA;IAEa,iCAAiC,CAC7C,MAAc,EACd,UAAkB,EAClB,YAA0B;;YAO1B,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,UAAU,CAAC,CAAA;YAC5D,IAAI,CAAC,YAAY,CAAC,4BAA4B,IAAI,CAAC,IAAI,CAAC,6BAA6B,EAAE;gBACrF,OAAO;oBACL,iBAAiB,EAAE,MAAM;oBACzB,gBAAgB,EAAE,UAAU;oBAC5B,cAAc,EAAE,YAAY,CAAC,EAAE;iBAChC,CAAA;aACF;iBAAM,IAAI,YAAY,CAAC,4BAA4B,IAAI,CAAC,IAAI,CAAC,6BAA6B,EAAE;gBAC3F,OAAO;oBACL,iBAAiB,EAAE,MAAM;oBACzB,uBAAuB,EAAE,MAAM,IAAI,CAAC,2BAA2B,CAAC,qBAAqB,CACnF,YAAY,CAAC,EAAG,EAChB,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,QAAQ,CAAC,mBAAmB,EAAE,CAAC,GAAG,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,WAAW,EAAE,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CACxH;iBACF,CAAA;aACF;iBAAM,IAAI,CAAC,YAAY,CAAC,4BAA4B,IAAI,IAAI,CAAC,6BAA6B,EAAE;gBAC3F;;mBAEG;gBACH,MAAM,kCAAkC,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,WAAW,CAAC,CAAC,CAAA;gBACzF,MAAM,oBAAoB,GAAgC,EAAE,CAAA;gBAC5D,KAAK,MAAM,MAAM,IAAI,CAAC,GAAG,YAAY,CAAC,8BAA8B,EAAE,GAAG,YAAY,CAAC,gCAAgC,CAAC,EAAE;oBACvH,MAAM,MAAM,GAAG,IAAA,qBAAa,EAAC,MAAM,CAAC,CAAA;oBACpC,MAAM,UAAU,GAAG,YAAY,CAAC,8BAA8B,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAA;oBACrG,IAAI,kCAAkC,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE;wBAClD,oBAAoB,CAAC,MAAM,CAAC,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,SAAS,CAAC,MAAM,EAAE,IAAA,cAAM,EAAC,MAAM,CAAC,EAAE,CAAC,SAAS,CAAC,EAAE,UAAU,CAAC,CAAA;qBACpH;iBACF;gBACD,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC,MAAM;oBAC3C,MAAM,IAAI,KAAK,CAAC,wFAAwF,CAAC,CAAA;gBAC3G,OAAO;oBACL,gBAAgB,EAAE,UAAU;oBAC5B,uBAAuB,EAAE,MAAM,IAAI,CAAC,2BAA2B,CAAC,qBAAqB,CAAC,YAAY,CAAC,EAAG,EAAE,oBAAoB,CAAC;iBAC9H,CAAA;aACF;;gBAAM,OAAO,EAAE,CAAA;QAClB,CAAC;KAAA;IAEO,6BAA6B,CACnC,MAAc,EACd,YAA0B;QAO1B,IAAI,IAAI,CAAC,6BAA6B,EAAE;YACtC,OAAO,EAAE,CAAA;SACV;aAAM;YACL,OAAO;gBACL,cAAc,EAAE,YAAY,CAAC,EAAE;gBAC/B,iBAAiB,EAAE,MAAM;gBACzB,gBAAgB,EAAE,MAAM;aACzB,CAAA;SACF;IACH,CAAC;IAEa,gBAAgB,CAAC,WAAmB;;YAChD,OAAO,IAAI,CAAC,kBAAkB,CAAC,GAAG,CAAC,WAAW,EAAE,GAAS,EAAE;gBACzD,MAAM,iBAAiB,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,kBAAkB,CAAC,WAAW,CAAC,CAAA;gBACjF,OAAO;oBACL,IAAI,EAAE;wBACJ,4BAA4B,EAAE,IAAI,CAAC,gBAAgB,CAAC,oCAAoC,CAAC,iBAAiB,CAAC;wBAC3G,8BAA8B,EAAE,KAAK,CAAC,IAAI,CAAC,IAAA,+BAAuB,EAAC,iBAAiB,CAAC,IAAI,CAAC,CAAC;wBAC3F,gCAAgC,EAAE,KAAK,CAAC,IAAI,CAAC,IAAA,iCAAyB,EAAC,iBAAiB,CAAC,IAAI,CAAC,CAAC;qBAChG;iBACF,CAAA;YACH,CAAC,CAAA,CAAC,CAAA;QACJ,CAAC;KAAA;IAEO,0CAA0C,CAChD,MAA6C,EAC7C,MAAgB;;QAEhB,MAAM,gBAAgB,GAAG,MAAA,MAAM,CAAC,gBAAgB,mCAAI,EAAE,CAAA;QACtD,MAAM,uBAAuB,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,GAAG,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,EAAE,eAAC,OAAA,MAAA,MAAA,gBAAgB,CAAC,gBAAgB,0CAAG,IAAI,CAAC,mCAAI,EAAE,CAAA,EAAA,CAAC,CAAC,CAAC,CAAA;QAC9H,MAAM,gBAAgB,GAAG,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,EAAE;;YAC/C,MAAM,iBAAiB,GAAG,MAAA,gBAAgB,CAAC,iBAAiB,0CAAG,IAAI,CAAC,CAAA;YACpE,OAAO,iBAAiB,CAAC,CAAC,CAAC,EAAE,YAAY,EAAE,IAAI,EAAE,gBAAgB,EAAE,iBAAiB,EAAE,CAAC,CAAC,CAAC,EAAE,CAAA;QAC7F,CAAC,CAAC,CAAA;QACF,IACE,gBAAgB,CAAC,MAAM,GAAG,CAAC;YAC3B,uBAAuB,CAAC,MAAM,GAAG,CAAC;YAClC,CAAC,CAAC,CAAC,uBAAuB,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAA,MAAA,gBAAgB,CAAC,CAAC,CAAC,0CAAE,YAAY,CAAA,IAAI,uBAAuB,CAAC,CAAC,CAAC,MAAK,MAAA,gBAAgB,CAAC,CAAC,CAAC,0CAAE,YAAY,CAAA,CAAC;YAEzI,MAAM,IAAI,KAAK,CAAC,kFAAkF,CAAC,CAAA;QACrG,MAAM,yBAAyB,GAAG,uBAAuB,CAAC,CAAC,CAAC,CAAA;QAC5D,MAAM,yBAAyB,GAAG,MAAA,gBAAgB,CAAC,iBAAiB,0CAAG,yBAAyB,CAAC,CAAA;QACjG,OAAO,CACL,MAAA,gBAAgB,CAAC,CAAC,CAAC,mCACnB,CAAC,CAAC,CAAC,yBAAyB,IAAI,CAAC,CAAC,yBAAyB;YACzD,CAAC,CAAC,EAAE,YAAY,EAAE,yBAAyB,EAAE,gBAAgB,EAAE,yBAAyB,EAAE;YAC1F,CAAC,CAAC,SAAS,CAAC,CACf,CAAA;IACH,CAAC;CACF;AAjaD,4DAiaC","sourcesContent":["import { EntityShareRequest } from '../../icc-api/model/requests/EntityShareRequest'\nimport { IccDataOwnerXApi } from '../icc-data-owner-x-api'\nimport { UserEncryptionKeysManager } from './UserEncryptionKeysManager'\nimport { CryptoStrategies } from './CryptoStrategies'\nimport { EncryptedEntityWithType, EntityWithDelegationTypeName } from '../utils/EntityWithDelegationTypeName'\nimport { LruTemporisedAsyncCache } from '../utils/lru-temporised-async-cache'\nimport { fingerprintV2, hexPublicKeysWithSha1Of, hexPublicKeysWithSha256Of } from './utils'\nimport { ExchangeDataManager } from './ExchangeDataManager'\nimport { ExchangeData } from '../../icc-api/model/internal/ExchangeData'\nimport { SecureDelegationsEncryption } from './SecureDelegationsEncryption'\nimport { CryptoPrimitives } from './CryptoPrimitives'\nimport { hex2ua, ua2hex } from '../utils'\nimport { AccessControlSecretUtils } from './AccessControlSecretUtils'\nimport { EntityShareOrMetadataUpdateRequest } from '../../icc-api/model/requests/EntityShareOrMetadataUpdateRequest'\nimport { EncryptedEntity, EncryptedEntityStub } from '../../icc-api/model/models'\nimport { SecureDelegation } from '../../icc-api/model/SecureDelegation'\nimport { EntitySharedMetadataUpdateRequest } from '../../icc-api/model/requests/EntitySharedMetadataUpdateRequest'\nimport EntryUpdateTypeEnum = EntitySharedMetadataUpdateRequest.EntryUpdateTypeEnum\nimport AccessLevelEnum = SecureDelegation.AccessLevelEnum\nimport { SecurityMetadata } from '../../icc-api/model/SecurityMetadata'\nimport { ExchangeDataMapManager } from './ExchangeDataMapManager'\n\nexport class SecureDelegationsManager {\n constructor(\n private readonly exchangeDataManager: ExchangeDataManager,\n private readonly exchangeDataMapManager: ExchangeDataMapManager,\n private readonly secureDelegationsEncryption: SecureDelegationsEncryption,\n private readonly accessControlSecretUtils: AccessControlSecretUtils,\n private readonly userKeys: UserEncryptionKeysManager,\n private readonly primitives: CryptoPrimitives,\n private readonly dataOwnerApi: IccDataOwnerXApi,\n private readonly cryptoStrategies: CryptoStrategies,\n private readonly selfNeedsAnonymousDelegations: boolean\n ) {}\n\n private readonly dataOwnerInfoCache: LruTemporisedAsyncCache<\n string,\n {\n requiresAnonymousDelegations: boolean\n availablePublicKeysHexWithSha1: string[]\n availablePublicKeysHexWithSha256: string[]\n }\n > = new LruTemporisedAsyncCache(100, () => 30 * 60 * 1000)\n\n /**\n * Note: this method does not save the updated entity.\n * @param entity an entity, must already have secret foreign keys initialised.\n * @param entityType the type of the entity\n * @param secretIds the initial secret ids to include and share with the auto-delegations\n * @param owningEntityIds the initial owning entity ids to include and share with the auto-delegations\n * @param encryptionKeys the initial encryption keys to include and share with the auto-delegations\n * @param autoDelegations the data owners which will initially have access to the entity in addition to the current data owner and the access level\n * they will have on the entity.\n * @return the entity with the security metadata initialised for the provided parameters.\n */\n async entityWithInitialisedEncryptedMetadata<T extends EncryptedEntity>(\n entity: T & { secretForeignKeys: string[] },\n entityType: EntityWithDelegationTypeName,\n secretIds: string[],\n owningEntityIds: string[],\n encryptionKeys: string[],\n autoDelegations: { [delegateId: string]: SecureDelegation.AccessLevelEnum }\n ): Promise<T> {\n const entityWithType: EncryptedEntityWithType = { entity, type: entityType }\n const rootDelegationInfo = await this.makeSecureDelegationInfo(\n entityWithType,\n await this.dataOwnerApi.getCurrentDataOwnerId(),\n secretIds,\n encryptionKeys,\n owningEntityIds,\n AccessLevelEnum.WRITE,\n undefined\n )\n const selfId = await this.dataOwnerApi.getCurrentDataOwnerId()\n const otherDelegationsInfo: {\n canonicalDelegationKey: string\n canonicalAccessControlKey: string\n delegation: SecureDelegation\n delegationKeyEquivalences: { [p: string]: string }\n encryptedExchangeDataId: { [fp: string]: string } | undefined\n }[] = []\n for (const [delegateId, permissions] of Object.entries(autoDelegations)) {\n if (delegateId !== selfId) {\n otherDelegationsInfo.push(\n await this.makeSecureDelegationInfo(\n entityWithType,\n delegateId,\n secretIds,\n encryptionKeys,\n owningEntityIds,\n permissions,\n rootDelegationInfo.canonicalDelegationKey\n )\n )\n }\n }\n const secureDelegations = Object.fromEntries(\n [rootDelegationInfo, ...otherDelegationsInfo].map(({ canonicalDelegationKey, delegation }) => [canonicalDelegationKey, delegation])\n )\n const keysEquivalences = {\n ...rootDelegationInfo.delegationKeyEquivalences,\n }\n for (const { delegationKeyEquivalences: otherKeyEquivalences } of otherDelegationsInfo) {\n Object.assign(keysEquivalences, otherKeyEquivalences)\n }\n const newExchangeDataMaps = Object.fromEntries(\n otherDelegationsInfo\n .filter(({ encryptedExchangeDataId }) => !!encryptedExchangeDataId)\n .map(({ canonicalAccessControlKey, encryptedExchangeDataId }) => [canonicalAccessControlKey, encryptedExchangeDataId!])\n )\n await this.exchangeDataMapManager.createExchangeDataMaps(newExchangeDataMaps)\n return {\n ...entity,\n securityMetadata: new SecurityMetadata({ secureDelegations, keysEquivalences }),\n }\n }\n\n /**\n * Make a request for sharing an entity with a delegate or to update existing shared metadata by adding additional secretIds, encryptionKeys or\n * owningEntityIds if there is already some metadata shared between the current data owner and the delegate. In case there is already a delegation\n * for the delegate, and it already contains all the provided metadata, this method returns undefined, since there is no need to make any request to\n * share the provided data.\n * @param entityWithType an entity with type\n * @param delegateId the id of the delegate\n * @param shareSecretIds the secret ids to share\n * @param shareEncryptionKeys the encryption keys to share\n * @param shareOwningEntityIds the owning entity ids to share\n * @param newDelegationPermissions the permissions to grant to the delegate in case a new delegation needs to be created. If this method creates an\n * update request instead of a share request, this parameter is ignored.\n * @return the request to share the entity, or the request to update the shared metadata for the entity, or undefined if there is no need to update\n * the entity to allow the delegate to access the provided data.\n */\n async makeShareOrUpdateRequestParams(\n entityWithType: EncryptedEntityWithType,\n delegateId: string,\n shareSecretIds: string[],\n shareEncryptionKeys: string[],\n shareOwningEntityIds: string[],\n newDelegationPermissions: EntityShareRequest.RequestedPermissionInternal\n ): Promise<EntityShareOrMetadataUpdateRequest | undefined> {\n const exchangeDataInfo = await this.exchangeDataManager.getOrCreateEncryptionDataTo(\n delegateId,\n entityWithType.type,\n entityWithType.entity.secretForeignKeys ?? [],\n false\n )\n const accessControlHashes = await this.accessControlSecretUtils.secureDelegationKeysFor(\n exchangeDataInfo.accessControlSecret,\n entityWithType.type,\n entityWithType.entity.secretForeignKeys ?? []\n )\n const existingSecureDelegation = this.getExistingCanonicalKeyAndSecureDelegation(entityWithType.entity, accessControlHashes)\n if (existingSecureDelegation) {\n const updateParams = await this.makeUpdateRequestParams(\n existingSecureDelegation.canonicalKey,\n existingSecureDelegation.secureDelegation,\n exchangeDataInfo,\n shareSecretIds,\n shareEncryptionKeys,\n shareOwningEntityIds\n )\n return updateParams ? { update: updateParams } : undefined\n } else {\n const accessControlKeys = (\n await this.accessControlSecretUtils.accessControlKeysFor(\n exchangeDataInfo.accessControlSecret,\n entityWithType.type,\n entityWithType.entity.secretForeignKeys ?? []\n )\n ).map((x) => ua2hex(x))\n return {\n share: await this.makeShareRequestParams(\n exchangeDataInfo,\n accessControlKeys,\n delegateId,\n shareSecretIds,\n shareEncryptionKeys,\n shareOwningEntityIds,\n newDelegationPermissions\n ),\n }\n }\n }\n\n private async makeUpdateRequestParams(\n canonicalKey: string,\n existingDelegation: SecureDelegation,\n exchangeDataInfo: { exchangeData: ExchangeData; accessControlSecret: string; exchangeKey: CryptoKey },\n shareSecretIds: string[],\n shareEncryptionKeys: string[],\n shareOwningEntityIds: string[]\n ): Promise<EntitySharedMetadataUpdateRequest | undefined> {\n const existingSecretIds = new Set(await this.secureDelegationsEncryption.decryptSecretIds(existingDelegation, exchangeDataInfo.exchangeKey))\n const existingEncryptionKeys = new Set(\n await this.secureDelegationsEncryption.decryptEncryptionKeys(existingDelegation, exchangeDataInfo.exchangeKey)\n )\n const existingOwningEntityIds = new Set(\n await this.secureDelegationsEncryption.decryptOwningEntityIds(existingDelegation, exchangeDataInfo.exchangeKey)\n )\n const newSecretIds = shareSecretIds.filter((id) => !existingSecretIds.has(id))\n const newEncryptionKeys = shareEncryptionKeys.filter((key) => !existingEncryptionKeys.has(key))\n const newOwningEntityIds = shareOwningEntityIds.filter((id) => !existingOwningEntityIds.has(id))\n if (newSecretIds.length || newEncryptionKeys.length || newOwningEntityIds.length) {\n const encryptedNewSecretIds = await this.secureDelegationsEncryption.encryptSecretIds(newSecretIds, exchangeDataInfo.exchangeKey)\n const encryptedNewEncryptionKeys = await this.secureDelegationsEncryption.encryptEncryptionKeys(newEncryptionKeys, exchangeDataInfo.exchangeKey)\n const encryptedNewOwningEntityIds = await this.secureDelegationsEncryption.encryptOwningEntityIds(\n newOwningEntityIds,\n exchangeDataInfo.exchangeKey\n )\n return new EntitySharedMetadataUpdateRequest({\n metadataAccessControlHash: canonicalKey,\n secretIds: Object.fromEntries(encryptedNewSecretIds.map((id) => [id, EntryUpdateTypeEnum.CREATE])),\n encryptionKeys: Object.fromEntries(encryptedNewEncryptionKeys.map((key) => [key, EntryUpdateTypeEnum.CREATE])),\n owningEntityIds: Object.fromEntries(encryptedNewOwningEntityIds.map((id) => [id, EntryUpdateTypeEnum.CREATE])),\n })\n } else return undefined\n }\n\n private async makeShareRequestParams(\n exchangeDataInfo: { exchangeData: ExchangeData; accessControlSecret: string; exchangeKey: CryptoKey },\n accessControlKeys: string[],\n delegateId: string,\n shareSecretIds: string[],\n shareEncryptionKeys: string[],\n shareOwningEntityIds: string[],\n newDelegationPermissions: EntityShareRequest.RequestedPermissionInternal\n ): Promise<EntityShareRequest> {\n return new EntityShareRequest({\n ...(await this.makeSecureDelegationEncryptedData(exchangeDataInfo, delegateId, shareSecretIds, shareEncryptionKeys, shareOwningEntityIds)),\n requestedPermissions: newDelegationPermissions,\n accessControlKeys,\n })\n }\n\n private async makeSecureDelegationInfo(\n entity: EncryptedEntityWithType,\n delegateId: string,\n shareSecretIds: string[],\n shareEncryptionKeys: string[],\n shareOwningEntityIds: string[],\n permissions: AccessLevelEnum,\n parentDelegationKey: string | undefined\n ): Promise<{\n canonicalDelegationKey: string\n canonicalAccessControlKey: string\n delegation: SecureDelegation\n encryptedExchangeDataId: { [fp: string]: string } | undefined\n delegationKeyEquivalences: { [alias: string]: string }\n }> {\n // Be wary of explicit delegator and explicit delegate\n const exchangeDataInfo = await this.exchangeDataManager.getOrCreateEncryptionDataTo(\n delegateId,\n entity.type,\n entity.entity.secretForeignKeys ?? [],\n false\n )\n const accessControlHashes = await this.accessControlSecretUtils.secureDelegationKeysFor(\n exchangeDataInfo.accessControlSecret,\n entity.type,\n entity.entity.secretForeignKeys ?? []\n )\n const accessControlKeys = (\n await this.accessControlSecretUtils.accessControlKeysFor(\n exchangeDataInfo.accessControlSecret,\n entity.type,\n entity.entity.secretForeignKeys ?? []\n )\n ).map((x) => ua2hex(x))\n const accessControlKeysToHashes = accessControlKeys\n .map((key, index) => {\n return [key, accessControlHashes[index]]\n })\n .sort((a, b) => a[1].localeCompare(b[1]))\n\n const canonicalKey = accessControlKeysToHashes[0][1]\n const keyEquivalences = Object.fromEntries(accessControlKeysToHashes.slice(1).map((hash) => [hash[1], canonicalKey]))\n const encryptedDelegationInfo = await this.makeSecureDelegationEncryptedData(\n exchangeDataInfo,\n delegateId,\n shareSecretIds,\n shareEncryptionKeys,\n shareOwningEntityIds\n )\n const delegation = new SecureDelegation({\n delegator: encryptedDelegationInfo?.explicitDelegator,\n delegate: encryptedDelegationInfo?.explicitDelegate,\n secretIds: encryptedDelegationInfo?.secretIds,\n encryptionKeys: encryptedDelegationInfo?.encryptionKeys,\n owningEntityIds: encryptedDelegationInfo?.owningEntityIds,\n parentDelegations: parentDelegationKey ? [parentDelegationKey] : undefined,\n exchangeDataId: encryptedDelegationInfo?.exchangeDataId,\n encryptedExchangeDataId: encryptedDelegationInfo?.encryptedExchangeDataId,\n permissions: permissions,\n })\n return {\n canonicalDelegationKey: canonicalKey,\n canonicalAccessControlKey: accessControlKeysToHashes[0][0],\n delegation,\n encryptedExchangeDataId: encryptedDelegationInfo?.encryptedExchangeDataId,\n delegationKeyEquivalences: keyEquivalences,\n }\n }\n\n private async makeSecureDelegationEncryptedData(\n exchangeDataInfo: { exchangeData: ExchangeData; accessControlSecret: string; exchangeKey: CryptoKey },\n delegateId: string,\n shareSecretIds: string[],\n shareEncryptionKeys: string[],\n shareOwningEntityIds: string[]\n ): Promise<{\n explicitDelegator?: string\n explicitDelegate?: string\n secretIds?: string[]\n encryptionKeys?: string[]\n owningEntityIds?: string[]\n exchangeDataId?: string\n encryptedExchangeDataId?: { [fp: string]: string } // TODO if secure delegation info, check cache before calculating\n }> {\n const selfId = await this.dataOwnerApi.getCurrentDataOwnerId()\n const exchangeDataIdInfo =\n delegateId === selfId\n ? this.makeExchangeDataIdInfoForSelf(selfId, exchangeDataInfo.exchangeData)\n : await this.makeExchangeDataIdInfoForDelegate(selfId, delegateId, exchangeDataInfo.exchangeData)\n const encryptedSecretIds = await this.secureDelegationsEncryption.encryptSecretIds(shareSecretIds, exchangeDataInfo.exchangeKey)\n const encryptedEncryptionKeys = await this.secureDelegationsEncryption.encryptEncryptionKeys(shareEncryptionKeys, exchangeDataInfo.exchangeKey)\n const encryptedOwningEntityIds = await this.secureDelegationsEncryption.encryptOwningEntityIds(shareOwningEntityIds, exchangeDataInfo.exchangeKey)\n return {\n ...exchangeDataIdInfo,\n secretIds: encryptedSecretIds,\n encryptionKeys: encryptedEncryptionKeys,\n owningEntityIds: encryptedOwningEntityIds,\n }\n }\n\n private async makeExchangeDataIdInfoForDelegate(\n selfId: string,\n delegateId: string,\n exchangeData: ExchangeData\n ): Promise<{\n exchangeDataId?: string\n encryptedExchangeDataId?: { [fp: string]: string }\n explicitDelegator?: string\n explicitDelegate?: string\n }> {\n const delegateInfo = await this.getDataOwnerInfo(delegateId)\n if (!delegateInfo.requiresAnonymousDelegations && !this.selfNeedsAnonymousDelegations) {\n return {\n explicitDelegator: selfId,\n explicitDelegate: delegateId,\n exchangeDataId: exchangeData.id,\n }\n } else if (delegateInfo.requiresAnonymousDelegations && !this.selfNeedsAnonymousDelegations) {\n return {\n explicitDelegator: selfId,\n encryptedExchangeDataId: await this.secureDelegationsEncryption.encryptExchangeDataId(\n exchangeData.id!,\n Object.fromEntries(this.userKeys.getSelfVerifiedKeys().map((keyInfo) => [keyInfo.fingerprint, keyInfo.pair.publicKey]))\n ),\n }\n } else if (!delegateInfo.requiresAnonymousDelegations && this.selfNeedsAnonymousDelegations) {\n /**\n * Important: this requires that the exchange data signature also validates the authenticity of the public keys included in there.\n */\n const fingerprintsOfVerifiedExchangeData = new Set(Object.keys(exchangeData.exchangeKey))\n const delegateVerifiedKeys: { [fp: string]: CryptoKey } = {}\n for (const keyHex of [...delegateInfo.availablePublicKeysHexWithSha1, ...delegateInfo.availablePublicKeysHexWithSha256]) {\n const currFp = fingerprintV2(keyHex)\n const shaVersion = delegateInfo.availablePublicKeysHexWithSha1.includes(keyHex) ? 'sha-1' : 'sha-256'\n if (fingerprintsOfVerifiedExchangeData.has(currFp)) {\n delegateVerifiedKeys[currFp] = await this.primitives.RSA.importKey('spki', hex2ua(keyHex), ['encrypt'], shaVersion)\n }\n }\n if (!Object.keys(delegateVerifiedKeys).length)\n throw new Error('Illegal state: could not find any verified key for delegate in verified exchange data.')\n return {\n explicitDelegate: delegateId,\n encryptedExchangeDataId: await this.secureDelegationsEncryption.encryptExchangeDataId(exchangeData.id!, delegateVerifiedKeys),\n }\n } else return {}\n }\n\n private makeExchangeDataIdInfoForSelf(\n selfId: string,\n exchangeData: ExchangeData\n ): {\n exchangeDataId?: string\n encryptedExchangeDataId?: { [fp: string]: string }\n explicitDelegator?: string\n explicitDelegate?: string\n } {\n if (this.selfNeedsAnonymousDelegations) {\n return {}\n } else {\n return {\n exchangeDataId: exchangeData.id,\n explicitDelegator: selfId,\n explicitDelegate: selfId,\n }\n }\n }\n\n private async getDataOwnerInfo(dataOwnerId: string) {\n return this.dataOwnerInfoCache.get(dataOwnerId, async () => {\n const dataOwnerWithType = await this.dataOwnerApi.getCryptoActorStub(dataOwnerId)\n return {\n item: {\n requiresAnonymousDelegations: this.cryptoStrategies.dataOwnerRequiresAnonymousDelegation(dataOwnerWithType),\n availablePublicKeysHexWithSha1: Array.from(hexPublicKeysWithSha1Of(dataOwnerWithType.stub)),\n availablePublicKeysHexWithSha256: Array.from(hexPublicKeysWithSha256Of(dataOwnerWithType.stub)),\n },\n }\n })\n }\n\n private getExistingCanonicalKeyAndSecureDelegation(\n entity: EncryptedEntityStub | EncryptedEntity,\n hashes: string[]\n ): { canonicalKey: string; secureDelegation: SecureDelegation } | undefined {\n const securityMetadata = entity.securityMetadata ?? {}\n const canonicalByEquivalences = Array.from(new Set(hashes.flatMap((hash) => securityMetadata.keysEquivalences?.[hash] ?? [])))\n const directRetrievals = hashes.flatMap((hash) => {\n const retrievedMetadata = securityMetadata.secureDelegations?.[hash]\n return retrievedMetadata ? { canonicalKey: hash, secureDelegation: retrievedMetadata } : []\n })\n if (\n directRetrievals.length > 1 ||\n canonicalByEquivalences.length > 1 ||\n (!!canonicalByEquivalences[0] && !!directRetrievals[0]?.canonicalKey && canonicalByEquivalences[0] !== directRetrievals[0]?.canonicalKey)\n )\n throw new Error('Illegal state: multiple secure delegations matching equivalent hashes of entity.')\n const canonicalFromEquivalences = canonicalByEquivalences[0]\n const retrievedFromEquivalences = securityMetadata.secureDelegations?.[canonicalFromEquivalences]\n return (\n directRetrievals[0] ??\n (!!canonicalFromEquivalences && !!retrievedFromEquivalences\n ? { canonicalKey: canonicalFromEquivalences, secureDelegation: retrievedFromEquivalences }\n : undefined)\n )\n }\n}\n"]}
|
|
1
|
+
{"version":3,"file":"SecureDelegationsManager.js","sourceRoot":"","sources":["../../../icc-x-api/crypto/SecureDelegationsManager.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,wFAAoF;AAKpF,oFAA6E;AAC7E,mCAA2F;AAK3F,oCAAyC;AAIzC,2EAAuE;AACvE,sHAAkH;AAClH,IAAO,mBAAmB,GAAG,qEAAiC,CAAC,mBAAmB,CAAA;AAClF,IAAO,eAAe,GAAG,mCAAgB,CAAC,eAAe,CAAA;AACzD,2EAAuE;AAEvE,+BAAkC;AAElC,MAAa,wBAAwB;IACnC,YACmB,mBAAwC,EACxC,sBAA8C,EAC9C,2BAAwD,EACxD,wBAAkD,EAClD,QAAmC,EACnC,UAA4B,EAC5B,YAA8B,EAC9B,gBAAkC,EAClC,6BAAsC;QARtC,wBAAmB,GAAnB,mBAAmB,CAAqB;QACxC,2BAAsB,GAAtB,sBAAsB,CAAwB;QAC9C,gCAA2B,GAA3B,2BAA2B,CAA6B;QACxD,6BAAwB,GAAxB,wBAAwB,CAA0B;QAClD,aAAQ,GAAR,QAAQ,CAA2B;QACnC,eAAU,GAAV,UAAU,CAAkB;QAC5B,iBAAY,GAAZ,YAAY,CAAkB;QAC9B,qBAAgB,GAAhB,gBAAgB,CAAkB;QAClC,kCAA6B,GAA7B,6BAA6B,CAAS;QAGxC,uBAAkB,GAO/B,IAAI,oDAAuB,CAAC,GAAG,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAA;IATvD,CAAC;IAWJ;;;;;;;;;;OAUG;IACG,sCAAsC,CAC1C,MAA2C,EAC3C,UAAwC,EACxC,SAAmB,EACnB,eAAyB,EACzB,cAAwB,EACxB,eAA2E;;YAE3E,MAAM,cAAc,GAA4B,EAAE,MAAM,EAAE,IAAI,EAAE,UAAU,EAAE,CAAA;YAC5E,MAAM,kBAAkB,GAAG,MAAM,IAAI,CAAC,wBAAwB,CAC5D,cAAc,EACd,MAAM,IAAI,CAAC,YAAY,CAAC,qBAAqB,EAAE,EAC/C,SAAS,EACT,cAAc,EACd,eAAe,EACf,eAAe,CAAC,KAAK,EACrB,SAAS,CACV,CAAA;YACD,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,qBAAqB,EAAE,CAAA;YAC9D,MAAM,oBAAoB,GAMpB,EAAE,CAAA;YACR,KAAK,MAAM,CAAC,UAAU,EAAE,WAAW,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,eAAe,CAAC,EAAE;gBACvE,IAAI,UAAU,KAAK,MAAM,EAAE;oBACzB,oBAAoB,CAAC,IAAI,CACvB,MAAM,IAAI,CAAC,wBAAwB,CACjC,cAAc,EACd,UAAU,EACV,SAAS,EACT,cAAc,EACd,eAAe,EACf,WAAW,EACX,kBAAkB,CAAC,sBAAsB,CAC1C,CACF,CAAA;iBACF;aACF;YACD,MAAM,iBAAiB,GAAG,MAAM,CAAC,WAAW,CAC1C,CAAC,kBAAkB,EAAE,GAAG,oBAAoB,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,sBAAsB,EAAE,UAAU,EAAE,EAAE,EAAE,CAAC,CAAC,sBAAsB,EAAE,UAAU,CAAC,CAAC,CACpI,CAAA;YACD,MAAM,gBAAgB,qBACjB,kBAAkB,CAAC,yBAAyB,CAChD,CAAA;YACD,KAAK,MAAM,EAAE,yBAAyB,EAAE,oBAAoB,EAAE,IAAI,oBAAoB,EAAE;gBACtF,MAAM,CAAC,MAAM,CAAC,gBAAgB,EAAE,oBAAoB,CAAC,CAAA;aACtD;YACD,MAAM,mBAAmB,GAAG,MAAM,CAAC,WAAW,CAC5C,oBAAoB;iBACjB,MAAM,CAAC,CAAC,EAAE,uBAAuB,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC,uBAAuB,CAAC;iBAClE,GAAG,CAAC,CAAC,EAAE,yBAAyB,EAAE,uBAAuB,EAAE,EAAE,EAAE,CAAC,CAAC,yBAAyB,EAAE,uBAAwB,CAAC,CAAC,CAC1H,CAAA;YACD,MAAM,IAAI,CAAC,sBAAsB,CAAC,sBAAsB,CAAC,mBAAmB,CAAC,CAAA;YAC7E,uCACK,MAAM,KACT,gBAAgB,EAAE,IAAI,mCAAgB,CAAC,EAAE,iBAAiB,EAAE,gBAAgB,EAAE,CAAC,IAChF;QACH,CAAC;KAAA;IAED;;;;;;;;;;;;;;OAcG;IACG,8BAA8B,CAClC,cAAuC,EACvC,UAAkB,EAClB,cAAwB,EACxB,mBAA6B,EAC7B,oBAA8B,EAC9B,wBAAwE;;;YAExE,MAAM,gBAAgB,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,2BAA2B,CACjF,UAAU,EACV,cAAc,CAAC,IAAI,EACnB,MAAA,cAAc,CAAC,MAAM,CAAC,iBAAiB,mCAAI,EAAE,EAC7C,KAAK,CACN,CAAA;YACD,MAAM,mBAAmB,GAAG,MAAM,IAAI,CAAC,wBAAwB,CAAC,uBAAuB,CACrF,gBAAgB,CAAC,mBAAmB,EACpC,cAAc,CAAC,IAAI,EACnB,MAAA,cAAc,CAAC,MAAM,CAAC,iBAAiB,mCAAI,EAAE,CAC9C,CAAA;YACD,MAAM,wBAAwB,GAAG,IAAI,CAAC,0CAA0C,CAAC,cAAc,CAAC,MAAM,EAAE,mBAAmB,CAAC,CAAA;YAC5H,IAAI,wBAAwB,EAAE;gBAC5B,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,uBAAuB,CACrD,wBAAwB,CAAC,YAAY,EACrC,wBAAwB,CAAC,gBAAgB,EACzC,gBAAgB,EAChB,cAAc,EACd,mBAAmB,EACnB,oBAAoB,CACrB,CAAA;gBACD,OAAO,YAAY,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,YAAY,EAAE,CAAC,CAAC,CAAC,SAAS,CAAA;aAC3D;iBAAM;gBACL,MAAM,iBAAiB,GAAG,CACxB,MAAM,IAAI,CAAC,wBAAwB,CAAC,oBAAoB,CACtD,gBAAgB,CAAC,mBAAmB,EACpC,cAAc,CAAC,IAAI,EACnB,MAAA,cAAc,CAAC,MAAM,CAAC,iBAAiB,mCAAI,EAAE,CAC9C,CACF,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAA,cAAM,EAAC,CAAC,CAAC,CAAC,CAAA;gBACvB,OAAO;oBACL,KAAK,EAAE,MAAM,IAAI,CAAC,sBAAsB,CACtC,gBAAgB,EAChB,iBAAiB,EACjB,UAAU,EACV,cAAc,EACd,mBAAmB,EACnB,oBAAoB,EACpB,wBAAwB,CACzB;iBACF,CAAA;aACF;;KACF;IAEa,uBAAuB,CACnC,YAAoB,EACpB,kBAAoC,EACpC,gBAAqG,EACrG,cAAwB,EACxB,mBAA6B,EAC7B,oBAA8B;;YAE9B,MAAM,iBAAiB,GAAG,IAAI,GAAG,CAAC,MAAM,IAAI,CAAC,2BAA2B,CAAC,gBAAgB,CAAC,kBAAkB,EAAE,gBAAgB,CAAC,WAAW,CAAC,CAAC,CAAA;YAC5I,MAAM,sBAAsB,GAAG,IAAI,GAAG,CACpC,MAAM,IAAI,CAAC,2BAA2B,CAAC,qBAAqB,CAAC,kBAAkB,EAAE,gBAAgB,CAAC,WAAW,CAAC,CAC/G,CAAA;YACD,MAAM,uBAAuB,GAAG,IAAI,GAAG,CACrC,MAAM,IAAI,CAAC,2BAA2B,CAAC,sBAAsB,CAAC,kBAAkB,EAAE,gBAAgB,CAAC,WAAW,CAAC,CAChH,CAAA;YACD,MAAM,YAAY,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,iBAAiB,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAA;YAC9E,MAAM,iBAAiB,GAAG,mBAAmB,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,sBAAsB,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAA;YAC/F,MAAM,kBAAkB,GAAG,oBAAoB,CAAC,MAAM,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,uBAAuB,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAA;YAChG,IAAI,YAAY,CAAC,MAAM,IAAI,iBAAiB,CAAC,MAAM,IAAI,kBAAkB,CAAC,MAAM,EAAE;gBAChF,MAAM,qBAAqB,GAAG,MAAM,IAAI,CAAC,2BAA2B,CAAC,gBAAgB,CAAC,YAAY,EAAE,gBAAgB,CAAC,WAAW,CAAC,CAAA;gBACjI,MAAM,0BAA0B,GAAG,MAAM,IAAI,CAAC,2BAA2B,CAAC,qBAAqB,CAAC,iBAAiB,EAAE,gBAAgB,CAAC,WAAW,CAAC,CAAA;gBAChJ,MAAM,2BAA2B,GAAG,MAAM,IAAI,CAAC,2BAA2B,CAAC,sBAAsB,CAC/F,kBAAkB,EAClB,gBAAgB,CAAC,WAAW,CAC7B,CAAA;gBACD,OAAO,IAAI,qEAAiC,CAAC;oBAC3C,yBAAyB,EAAE,YAAY;oBACvC,SAAS,EAAE,MAAM,CAAC,WAAW,CAAC,qBAAqB,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,EAAE,EAAE,mBAAmB,CAAC,MAAM,CAAC,CAAC,CAAC;oBAClG,cAAc,EAAE,MAAM,CAAC,WAAW,CAAC,0BAA0B,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,GAAG,EAAE,mBAAmB,CAAC,MAAM,CAAC,CAAC,CAAC;oBAC9G,eAAe,EAAE,MAAM,CAAC,WAAW,CAAC,2BAA2B,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,EAAE,EAAE,mBAAmB,CAAC,MAAM,CAAC,CAAC,CAAC;iBAC/G,CAAC,CAAA;aACH;;gBAAM,OAAO,SAAS,CAAA;QACzB,CAAC;KAAA;IAEa,sBAAsB,CAClC,gBAAqG,EACrG,iBAA2B,EAC3B,UAAkB,EAClB,cAAwB,EACxB,mBAA6B,EAC7B,oBAA8B,EAC9B,wBAAwE;;YAExE,OAAO,IAAI,uCAAkB,iCACxB,CAAC,MAAM,IAAI,CAAC,iCAAiC,CAAC,gBAAgB,EAAE,UAAU,EAAE,cAAc,EAAE,mBAAmB,EAAE,oBAAoB,CAAC,CAAC,KAC1I,oBAAoB,EAAE,wBAAwB,EAC9C,iBAAiB,IACjB,CAAA;QACJ,CAAC;KAAA;IAEa,wBAAwB,CACpC,MAA+B,EAC/B,UAAkB,EAClB,cAAwB,EACxB,mBAA6B,EAC7B,oBAA8B,EAC9B,WAA4B,EAC5B,mBAAuC;;;YAQvC,sDAAsD;YACtD,MAAM,gBAAgB,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,2BAA2B,CACjF,UAAU,EACV,MAAM,CAAC,IAAI,EACX,MAAA,MAAM,CAAC,MAAM,CAAC,iBAAiB,mCAAI,EAAE,EACrC,KAAK,CACN,CAAA;YACD,MAAM,mBAAmB,GAAG,MAAM,IAAI,CAAC,wBAAwB,CAAC,uBAAuB,CACrF,gBAAgB,CAAC,mBAAmB,EACpC,MAAM,CAAC,IAAI,EACX,MAAA,MAAM,CAAC,MAAM,CAAC,iBAAiB,mCAAI,EAAE,CACtC,CAAA;YACD,MAAM,iBAAiB,GAAG,CACxB,MAAM,IAAI,CAAC,wBAAwB,CAAC,oBAAoB,CACtD,gBAAgB,CAAC,mBAAmB,EACpC,MAAM,CAAC,IAAI,EACX,MAAA,MAAM,CAAC,MAAM,CAAC,iBAAiB,mCAAI,EAAE,CACtC,CACF,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAA,cAAM,EAAC,CAAC,CAAC,CAAC,CAAA;YACvB,MAAM,yBAAyB,GAAG,iBAAiB;iBAChD,GAAG,CAAC,CAAC,GAAG,EAAE,KAAK,EAAE,EAAE;gBAClB,OAAO,CAAC,GAAG,EAAE,mBAAmB,CAAC,KAAK,CAAC,CAAC,CAAA;YAC1C,CAAC,CAAC;iBACD,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAA;YAE3C,MAAM,YAAY,GAAG,yBAAyB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAA;YACpD,MAAM,eAAe,GAAG,MAAM,CAAC,WAAW,CAAC,yBAAyB,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC,CAAC,CAAA;YACrH,MAAM,uBAAuB,GAAG,MAAM,IAAI,CAAC,iCAAiC,CAC1E,gBAAgB,EAChB,UAAU,EACV,cAAc,EACd,mBAAmB,EACnB,oBAAoB,CACrB,CAAA;YACD,MAAM,UAAU,GAAG,IAAI,mCAAgB,CAAC;gBACtC,SAAS,EAAE,uBAAuB,aAAvB,uBAAuB,uBAAvB,uBAAuB,CAAE,iBAAiB;gBACrD,QAAQ,EAAE,uBAAuB,aAAvB,uBAAuB,uBAAvB,uBAAuB,CAAE,gBAAgB;gBACnD,SAAS,EAAE,uBAAuB,aAAvB,uBAAuB,uBAAvB,uBAAuB,CAAE,SAAS;gBAC7C,cAAc,EAAE,uBAAuB,aAAvB,uBAAuB,uBAAvB,uBAAuB,CAAE,cAAc;gBACvD,eAAe,EAAE,uBAAuB,aAAvB,uBAAuB,uBAAvB,uBAAuB,CAAE,eAAe;gBACzD,iBAAiB,EAAE,mBAAmB,CAAC,CAAC,CAAC,CAAC,mBAAmB,CAAC,CAAC,CAAC,CAAC,SAAS;gBAC1E,cAAc,EAAE,uBAAuB,aAAvB,uBAAuB,uBAAvB,uBAAuB,CAAE,cAAc;gBACvD,uBAAuB,EAAE,uBAAuB,aAAvB,uBAAuB,uBAAvB,uBAAuB,CAAE,uBAAuB;gBACzE,WAAW,EAAE,WAAW;aACzB,CAAC,CAAA;YACF,OAAO;gBACL,sBAAsB,EAAE,YAAY;gBACpC,yBAAyB,EAAE,yBAAyB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;gBAC1D,UAAU;gBACV,uBAAuB,EAAE,uBAAuB,aAAvB,uBAAuB,uBAAvB,uBAAuB,CAAE,uBAAuB;gBACzE,yBAAyB,EAAE,eAAe;aAC3C,CAAA;;KACF;IAEa,iCAAiC,CAC7C,gBAAqG,EACrG,UAAkB,EAClB,cAAwB,EACxB,mBAA6B,EAC7B,oBAA8B;;YAU9B,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,qBAAqB,EAAE,CAAA;YAC9D,MAAM,kBAAkB,GACtB,UAAU,KAAK,MAAM;gBACnB,CAAC,CAAC,IAAI,CAAC,6BAA6B,CAAC,MAAM,EAAE,gBAAgB,CAAC,YAAY,CAAC;gBAC3E,CAAC,CAAC,MAAM,IAAI,CAAC,iCAAiC,CAAC,MAAM,EAAE,UAAU,EAAE,gBAAgB,CAAC,YAAY,CAAC,CAAA;YACrG,MAAM,kBAAkB,GAAG,MAAM,IAAI,CAAC,2BAA2B,CAAC,gBAAgB,CAAC,cAAc,EAAE,gBAAgB,CAAC,WAAW,CAAC,CAAA;YAChI,MAAM,uBAAuB,GAAG,MAAM,IAAI,CAAC,2BAA2B,CAAC,qBAAqB,CAAC,mBAAmB,EAAE,gBAAgB,CAAC,WAAW,CAAC,CAAA;YAC/I,MAAM,wBAAwB,GAAG,MAAM,IAAI,CAAC,2BAA2B,CAAC,sBAAsB,CAAC,oBAAoB,EAAE,gBAAgB,CAAC,WAAW,CAAC,CAAA;YAClJ,uCACK,kBAAkB,KACrB,SAAS,EAAE,kBAAkB,EAC7B,cAAc,EAAE,uBAAuB,EACvC,eAAe,EAAE,wBAAwB,IAC1C;QACH,CAAC;KAAA;IAEa,iCAAiC,CAC7C,MAAc,EACd,UAAkB,EAClB,YAA0B;;YAO1B,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,UAAU,CAAC,CAAA;YAC5D,IAAI,CAAC,YAAY,CAAC,4BAA4B,IAAI,CAAC,IAAI,CAAC,6BAA6B,EAAE;gBACrF,OAAO;oBACL,iBAAiB,EAAE,MAAM;oBACzB,gBAAgB,EAAE,UAAU;oBAC5B,cAAc,EAAE,YAAY,CAAC,EAAE;iBAChC,CAAA;aACF;iBAAM,IAAI,YAAY,CAAC,4BAA4B,IAAI,CAAC,IAAI,CAAC,6BAA6B,EAAE;gBAC3F,OAAO;oBACL,iBAAiB,EAAE,MAAM;oBACzB,uBAAuB,EAAE,MAAM,IAAI,CAAC,2BAA2B,CAAC,qBAAqB,CACnF,YAAY,CAAC,EAAG,EAChB,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,QAAQ,CAAC,mBAAmB,EAAE,CAAC,GAAG,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,WAAW,EAAE,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CACxH;iBACF,CAAA;aACF;iBAAM,IAAI,CAAC,YAAY,CAAC,4BAA4B,IAAI,IAAI,CAAC,6BAA6B,EAAE;gBAC3F;;mBAEG;gBACH,MAAM,kCAAkC,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,WAAW,CAAC,CAAC,CAAA;gBACzF,MAAM,oBAAoB,GAAgC,EAAE,CAAA;gBAC5D,KAAK,MAAM,MAAM,IAAI,CAAC,GAAG,YAAY,CAAC,8BAA8B,EAAE,GAAG,YAAY,CAAC,gCAAgC,CAAC,EAAE;oBACvH,MAAM,MAAM,GAAG,IAAA,qBAAa,EAAC,MAAM,CAAC,CAAA;oBACpC,MAAM,UAAU,GAAG,YAAY,CAAC,8BAA8B,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,gBAAU,CAAC,IAAI,CAAC,CAAC,CAAC,gBAAU,CAAC,MAAM,CAAA;oBACrH,IAAI,kCAAkC,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE;wBAClD,oBAAoB,CAAC,MAAM,CAAC,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,SAAS,CAAC,MAAM,EAAE,IAAA,cAAM,EAAC,MAAM,CAAC,EAAE,CAAC,SAAS,CAAC,EAAE,UAAU,CAAC,CAAA;qBACpH;iBACF;gBACD,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC,MAAM;oBAC3C,MAAM,IAAI,KAAK,CAAC,wFAAwF,CAAC,CAAA;gBAC3G,OAAO;oBACL,gBAAgB,EAAE,UAAU;oBAC5B,uBAAuB,EAAE,MAAM,IAAI,CAAC,2BAA2B,CAAC,qBAAqB,CAAC,YAAY,CAAC,EAAG,EAAE,oBAAoB,CAAC;iBAC9H,CAAA;aACF;;gBAAM,OAAO,EAAE,CAAA;QAClB,CAAC;KAAA;IAEO,6BAA6B,CACnC,MAAc,EACd,YAA0B;QAO1B,IAAI,IAAI,CAAC,6BAA6B,EAAE;YACtC,OAAO,EAAE,CAAA;SACV;aAAM;YACL,OAAO;gBACL,cAAc,EAAE,YAAY,CAAC,EAAE;gBAC/B,iBAAiB,EAAE,MAAM;gBACzB,gBAAgB,EAAE,MAAM;aACzB,CAAA;SACF;IACH,CAAC;IAEa,gBAAgB,CAAC,WAAmB;;YAChD,OAAO,IAAI,CAAC,kBAAkB,CAAC,GAAG,CAAC,WAAW,EAAE,GAAS,EAAE;gBACzD,MAAM,iBAAiB,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,kBAAkB,CAAC,WAAW,CAAC,CAAA;gBACjF,OAAO;oBACL,IAAI,EAAE;wBACJ,4BAA4B,EAAE,IAAI,CAAC,gBAAgB,CAAC,oCAAoC,CAAC,iBAAiB,CAAC;wBAC3G,8BAA8B,EAAE,KAAK,CAAC,IAAI,CAAC,IAAA,+BAAuB,EAAC,iBAAiB,CAAC,IAAI,CAAC,CAAC;wBAC3F,gCAAgC,EAAE,KAAK,CAAC,IAAI,CAAC,IAAA,iCAAyB,EAAC,iBAAiB,CAAC,IAAI,CAAC,CAAC;qBAChG;iBACF,CAAA;YACH,CAAC,CAAA,CAAC,CAAA;QACJ,CAAC;KAAA;IAEO,0CAA0C,CAChD,MAA6C,EAC7C,MAAgB;;QAEhB,MAAM,gBAAgB,GAAG,MAAA,MAAM,CAAC,gBAAgB,mCAAI,EAAE,CAAA;QACtD,MAAM,uBAAuB,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,GAAG,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,EAAE,eAAC,OAAA,MAAA,MAAA,gBAAgB,CAAC,gBAAgB,0CAAG,IAAI,CAAC,mCAAI,EAAE,CAAA,EAAA,CAAC,CAAC,CAAC,CAAA;QAC9H,MAAM,gBAAgB,GAAG,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,EAAE;;YAC/C,MAAM,iBAAiB,GAAG,MAAA,gBAAgB,CAAC,iBAAiB,0CAAG,IAAI,CAAC,CAAA;YACpE,OAAO,iBAAiB,CAAC,CAAC,CAAC,EAAE,YAAY,EAAE,IAAI,EAAE,gBAAgB,EAAE,iBAAiB,EAAE,CAAC,CAAC,CAAC,EAAE,CAAA;QAC7F,CAAC,CAAC,CAAA;QACF,IACE,gBAAgB,CAAC,MAAM,GAAG,CAAC;YAC3B,uBAAuB,CAAC,MAAM,GAAG,CAAC;YAClC,CAAC,CAAC,CAAC,uBAAuB,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAA,MAAA,gBAAgB,CAAC,CAAC,CAAC,0CAAE,YAAY,CAAA,IAAI,uBAAuB,CAAC,CAAC,CAAC,MAAK,MAAA,gBAAgB,CAAC,CAAC,CAAC,0CAAE,YAAY,CAAA,CAAC;YAEzI,MAAM,IAAI,KAAK,CAAC,kFAAkF,CAAC,CAAA;QACrG,MAAM,yBAAyB,GAAG,uBAAuB,CAAC,CAAC,CAAC,CAAA;QAC5D,MAAM,yBAAyB,GAAG,MAAA,gBAAgB,CAAC,iBAAiB,0CAAG,yBAAyB,CAAC,CAAA;QACjG,OAAO,CACL,MAAA,gBAAgB,CAAC,CAAC,CAAC,mCACnB,CAAC,CAAC,CAAC,yBAAyB,IAAI,CAAC,CAAC,yBAAyB;YACzD,CAAC,CAAC,EAAE,YAAY,EAAE,yBAAyB,EAAE,gBAAgB,EAAE,yBAAyB,EAAE;YAC1F,CAAC,CAAC,SAAS,CAAC,CACf,CAAA;IACH,CAAC;CACF;AAjaD,4DAiaC","sourcesContent":["import { EntityShareRequest } from '../../icc-api/model/requests/EntityShareRequest'\nimport { IccDataOwnerXApi } from '../icc-data-owner-x-api'\nimport { UserEncryptionKeysManager } from './UserEncryptionKeysManager'\nimport { CryptoStrategies } from './CryptoStrategies'\nimport { EncryptedEntityWithType, EntityWithDelegationTypeName } from '../utils/EntityWithDelegationTypeName'\nimport { LruTemporisedAsyncCache } from '../utils/lru-temporised-async-cache'\nimport { fingerprintV2, hexPublicKeysWithSha1Of, hexPublicKeysWithSha256Of } from './utils'\nimport { ExchangeDataManager } from './ExchangeDataManager'\nimport { ExchangeData } from '../../icc-api/model/internal/ExchangeData'\nimport { SecureDelegationsEncryption } from './SecureDelegationsEncryption'\nimport { CryptoPrimitives } from './CryptoPrimitives'\nimport { hex2ua, ua2hex } from '../utils'\nimport { AccessControlSecretUtils } from './AccessControlSecretUtils'\nimport { EntityShareOrMetadataUpdateRequest } from '../../icc-api/model/requests/EntityShareOrMetadataUpdateRequest'\nimport { EncryptedEntity, EncryptedEntityStub } from '../../icc-api/model/models'\nimport { SecureDelegation } from '../../icc-api/model/SecureDelegation'\nimport { EntitySharedMetadataUpdateRequest } from '../../icc-api/model/requests/EntitySharedMetadataUpdateRequest'\nimport EntryUpdateTypeEnum = EntitySharedMetadataUpdateRequest.EntryUpdateTypeEnum\nimport AccessLevelEnum = SecureDelegation.AccessLevelEnum\nimport { SecurityMetadata } from '../../icc-api/model/SecurityMetadata'\nimport { ExchangeDataMapManager } from './ExchangeDataMapManager'\nimport { ShaVersion } from './RSA'\n\nexport class SecureDelegationsManager {\n constructor(\n private readonly exchangeDataManager: ExchangeDataManager,\n private readonly exchangeDataMapManager: ExchangeDataMapManager,\n private readonly secureDelegationsEncryption: SecureDelegationsEncryption,\n private readonly accessControlSecretUtils: AccessControlSecretUtils,\n private readonly userKeys: UserEncryptionKeysManager,\n private readonly primitives: CryptoPrimitives,\n private readonly dataOwnerApi: IccDataOwnerXApi,\n private readonly cryptoStrategies: CryptoStrategies,\n private readonly selfNeedsAnonymousDelegations: boolean\n ) {}\n\n private readonly dataOwnerInfoCache: LruTemporisedAsyncCache<\n string,\n {\n requiresAnonymousDelegations: boolean\n availablePublicKeysHexWithSha1: string[]\n availablePublicKeysHexWithSha256: string[]\n }\n > = new LruTemporisedAsyncCache(100, () => 30 * 60 * 1000)\n\n /**\n * Note: this method does not save the updated entity.\n * @param entity an entity, must already have secret foreign keys initialised.\n * @param entityType the type of the entity\n * @param secretIds the initial secret ids to include and share with the auto-delegations\n * @param owningEntityIds the initial owning entity ids to include and share with the auto-delegations\n * @param encryptionKeys the initial encryption keys to include and share with the auto-delegations\n * @param autoDelegations the data owners which will initially have access to the entity in addition to the current data owner and the access level\n * they will have on the entity.\n * @return the entity with the security metadata initialised for the provided parameters.\n */\n async entityWithInitialisedEncryptedMetadata<T extends EncryptedEntity>(\n entity: T & { secretForeignKeys: string[] },\n entityType: EntityWithDelegationTypeName,\n secretIds: string[],\n owningEntityIds: string[],\n encryptionKeys: string[],\n autoDelegations: { [delegateId: string]: SecureDelegation.AccessLevelEnum }\n ): Promise<T> {\n const entityWithType: EncryptedEntityWithType = { entity, type: entityType }\n const rootDelegationInfo = await this.makeSecureDelegationInfo(\n entityWithType,\n await this.dataOwnerApi.getCurrentDataOwnerId(),\n secretIds,\n encryptionKeys,\n owningEntityIds,\n AccessLevelEnum.WRITE,\n undefined\n )\n const selfId = await this.dataOwnerApi.getCurrentDataOwnerId()\n const otherDelegationsInfo: {\n canonicalDelegationKey: string\n canonicalAccessControlKey: string\n delegation: SecureDelegation\n delegationKeyEquivalences: { [p: string]: string }\n encryptedExchangeDataId: { [fp: string]: string } | undefined\n }[] = []\n for (const [delegateId, permissions] of Object.entries(autoDelegations)) {\n if (delegateId !== selfId) {\n otherDelegationsInfo.push(\n await this.makeSecureDelegationInfo(\n entityWithType,\n delegateId,\n secretIds,\n encryptionKeys,\n owningEntityIds,\n permissions,\n rootDelegationInfo.canonicalDelegationKey\n )\n )\n }\n }\n const secureDelegations = Object.fromEntries(\n [rootDelegationInfo, ...otherDelegationsInfo].map(({ canonicalDelegationKey, delegation }) => [canonicalDelegationKey, delegation])\n )\n const keysEquivalences = {\n ...rootDelegationInfo.delegationKeyEquivalences,\n }\n for (const { delegationKeyEquivalences: otherKeyEquivalences } of otherDelegationsInfo) {\n Object.assign(keysEquivalences, otherKeyEquivalences)\n }\n const newExchangeDataMaps = Object.fromEntries(\n otherDelegationsInfo\n .filter(({ encryptedExchangeDataId }) => !!encryptedExchangeDataId)\n .map(({ canonicalAccessControlKey, encryptedExchangeDataId }) => [canonicalAccessControlKey, encryptedExchangeDataId!])\n )\n await this.exchangeDataMapManager.createExchangeDataMaps(newExchangeDataMaps)\n return {\n ...entity,\n securityMetadata: new SecurityMetadata({ secureDelegations, keysEquivalences }),\n }\n }\n\n /**\n * Make a request for sharing an entity with a delegate or to update existing shared metadata by adding additional secretIds, encryptionKeys or\n * owningEntityIds if there is already some metadata shared between the current data owner and the delegate. In case there is already a delegation\n * for the delegate, and it already contains all the provided metadata, this method returns undefined, since there is no need to make any request to\n * share the provided data.\n * @param entityWithType an entity with type\n * @param delegateId the id of the delegate\n * @param shareSecretIds the secret ids to share\n * @param shareEncryptionKeys the encryption keys to share\n * @param shareOwningEntityIds the owning entity ids to share\n * @param newDelegationPermissions the permissions to grant to the delegate in case a new delegation needs to be created. If this method creates an\n * update request instead of a share request, this parameter is ignored.\n * @return the request to share the entity, or the request to update the shared metadata for the entity, or undefined if there is no need to update\n * the entity to allow the delegate to access the provided data.\n */\n async makeShareOrUpdateRequestParams(\n entityWithType: EncryptedEntityWithType,\n delegateId: string,\n shareSecretIds: string[],\n shareEncryptionKeys: string[],\n shareOwningEntityIds: string[],\n newDelegationPermissions: EntityShareRequest.RequestedPermissionInternal\n ): Promise<EntityShareOrMetadataUpdateRequest | undefined> {\n const exchangeDataInfo = await this.exchangeDataManager.getOrCreateEncryptionDataTo(\n delegateId,\n entityWithType.type,\n entityWithType.entity.secretForeignKeys ?? [],\n false\n )\n const accessControlHashes = await this.accessControlSecretUtils.secureDelegationKeysFor(\n exchangeDataInfo.accessControlSecret,\n entityWithType.type,\n entityWithType.entity.secretForeignKeys ?? []\n )\n const existingSecureDelegation = this.getExistingCanonicalKeyAndSecureDelegation(entityWithType.entity, accessControlHashes)\n if (existingSecureDelegation) {\n const updateParams = await this.makeUpdateRequestParams(\n existingSecureDelegation.canonicalKey,\n existingSecureDelegation.secureDelegation,\n exchangeDataInfo,\n shareSecretIds,\n shareEncryptionKeys,\n shareOwningEntityIds\n )\n return updateParams ? { update: updateParams } : undefined\n } else {\n const accessControlKeys = (\n await this.accessControlSecretUtils.accessControlKeysFor(\n exchangeDataInfo.accessControlSecret,\n entityWithType.type,\n entityWithType.entity.secretForeignKeys ?? []\n )\n ).map((x) => ua2hex(x))\n return {\n share: await this.makeShareRequestParams(\n exchangeDataInfo,\n accessControlKeys,\n delegateId,\n shareSecretIds,\n shareEncryptionKeys,\n shareOwningEntityIds,\n newDelegationPermissions\n ),\n }\n }\n }\n\n private async makeUpdateRequestParams(\n canonicalKey: string,\n existingDelegation: SecureDelegation,\n exchangeDataInfo: { exchangeData: ExchangeData; accessControlSecret: string; exchangeKey: CryptoKey },\n shareSecretIds: string[],\n shareEncryptionKeys: string[],\n shareOwningEntityIds: string[]\n ): Promise<EntitySharedMetadataUpdateRequest | undefined> {\n const existingSecretIds = new Set(await this.secureDelegationsEncryption.decryptSecretIds(existingDelegation, exchangeDataInfo.exchangeKey))\n const existingEncryptionKeys = new Set(\n await this.secureDelegationsEncryption.decryptEncryptionKeys(existingDelegation, exchangeDataInfo.exchangeKey)\n )\n const existingOwningEntityIds = new Set(\n await this.secureDelegationsEncryption.decryptOwningEntityIds(existingDelegation, exchangeDataInfo.exchangeKey)\n )\n const newSecretIds = shareSecretIds.filter((id) => !existingSecretIds.has(id))\n const newEncryptionKeys = shareEncryptionKeys.filter((key) => !existingEncryptionKeys.has(key))\n const newOwningEntityIds = shareOwningEntityIds.filter((id) => !existingOwningEntityIds.has(id))\n if (newSecretIds.length || newEncryptionKeys.length || newOwningEntityIds.length) {\n const encryptedNewSecretIds = await this.secureDelegationsEncryption.encryptSecretIds(newSecretIds, exchangeDataInfo.exchangeKey)\n const encryptedNewEncryptionKeys = await this.secureDelegationsEncryption.encryptEncryptionKeys(newEncryptionKeys, exchangeDataInfo.exchangeKey)\n const encryptedNewOwningEntityIds = await this.secureDelegationsEncryption.encryptOwningEntityIds(\n newOwningEntityIds,\n exchangeDataInfo.exchangeKey\n )\n return new EntitySharedMetadataUpdateRequest({\n metadataAccessControlHash: canonicalKey,\n secretIds: Object.fromEntries(encryptedNewSecretIds.map((id) => [id, EntryUpdateTypeEnum.CREATE])),\n encryptionKeys: Object.fromEntries(encryptedNewEncryptionKeys.map((key) => [key, EntryUpdateTypeEnum.CREATE])),\n owningEntityIds: Object.fromEntries(encryptedNewOwningEntityIds.map((id) => [id, EntryUpdateTypeEnum.CREATE])),\n })\n } else return undefined\n }\n\n private async makeShareRequestParams(\n exchangeDataInfo: { exchangeData: ExchangeData; accessControlSecret: string; exchangeKey: CryptoKey },\n accessControlKeys: string[],\n delegateId: string,\n shareSecretIds: string[],\n shareEncryptionKeys: string[],\n shareOwningEntityIds: string[],\n newDelegationPermissions: EntityShareRequest.RequestedPermissionInternal\n ): Promise<EntityShareRequest> {\n return new EntityShareRequest({\n ...(await this.makeSecureDelegationEncryptedData(exchangeDataInfo, delegateId, shareSecretIds, shareEncryptionKeys, shareOwningEntityIds)),\n requestedPermissions: newDelegationPermissions,\n accessControlKeys,\n })\n }\n\n private async makeSecureDelegationInfo(\n entity: EncryptedEntityWithType,\n delegateId: string,\n shareSecretIds: string[],\n shareEncryptionKeys: string[],\n shareOwningEntityIds: string[],\n permissions: AccessLevelEnum,\n parentDelegationKey: string | undefined\n ): Promise<{\n canonicalDelegationKey: string\n canonicalAccessControlKey: string\n delegation: SecureDelegation\n encryptedExchangeDataId: { [fp: string]: string } | undefined\n delegationKeyEquivalences: { [alias: string]: string }\n }> {\n // Be wary of explicit delegator and explicit delegate\n const exchangeDataInfo = await this.exchangeDataManager.getOrCreateEncryptionDataTo(\n delegateId,\n entity.type,\n entity.entity.secretForeignKeys ?? [],\n false\n )\n const accessControlHashes = await this.accessControlSecretUtils.secureDelegationKeysFor(\n exchangeDataInfo.accessControlSecret,\n entity.type,\n entity.entity.secretForeignKeys ?? []\n )\n const accessControlKeys = (\n await this.accessControlSecretUtils.accessControlKeysFor(\n exchangeDataInfo.accessControlSecret,\n entity.type,\n entity.entity.secretForeignKeys ?? []\n )\n ).map((x) => ua2hex(x))\n const accessControlKeysToHashes = accessControlKeys\n .map((key, index) => {\n return [key, accessControlHashes[index]]\n })\n .sort((a, b) => a[1].localeCompare(b[1]))\n\n const canonicalKey = accessControlKeysToHashes[0][1]\n const keyEquivalences = Object.fromEntries(accessControlKeysToHashes.slice(1).map((hash) => [hash[1], canonicalKey]))\n const encryptedDelegationInfo = await this.makeSecureDelegationEncryptedData(\n exchangeDataInfo,\n delegateId,\n shareSecretIds,\n shareEncryptionKeys,\n shareOwningEntityIds\n )\n const delegation = new SecureDelegation({\n delegator: encryptedDelegationInfo?.explicitDelegator,\n delegate: encryptedDelegationInfo?.explicitDelegate,\n secretIds: encryptedDelegationInfo?.secretIds,\n encryptionKeys: encryptedDelegationInfo?.encryptionKeys,\n owningEntityIds: encryptedDelegationInfo?.owningEntityIds,\n parentDelegations: parentDelegationKey ? [parentDelegationKey] : undefined,\n exchangeDataId: encryptedDelegationInfo?.exchangeDataId,\n encryptedExchangeDataId: encryptedDelegationInfo?.encryptedExchangeDataId,\n permissions: permissions,\n })\n return {\n canonicalDelegationKey: canonicalKey,\n canonicalAccessControlKey: accessControlKeysToHashes[0][0],\n delegation,\n encryptedExchangeDataId: encryptedDelegationInfo?.encryptedExchangeDataId,\n delegationKeyEquivalences: keyEquivalences,\n }\n }\n\n private async makeSecureDelegationEncryptedData(\n exchangeDataInfo: { exchangeData: ExchangeData; accessControlSecret: string; exchangeKey: CryptoKey },\n delegateId: string,\n shareSecretIds: string[],\n shareEncryptionKeys: string[],\n shareOwningEntityIds: string[]\n ): Promise<{\n explicitDelegator?: string\n explicitDelegate?: string\n secretIds?: string[]\n encryptionKeys?: string[]\n owningEntityIds?: string[]\n exchangeDataId?: string\n encryptedExchangeDataId?: { [fp: string]: string } // TODO if secure delegation info, check cache before calculating\n }> {\n const selfId = await this.dataOwnerApi.getCurrentDataOwnerId()\n const exchangeDataIdInfo =\n delegateId === selfId\n ? this.makeExchangeDataIdInfoForSelf(selfId, exchangeDataInfo.exchangeData)\n : await this.makeExchangeDataIdInfoForDelegate(selfId, delegateId, exchangeDataInfo.exchangeData)\n const encryptedSecretIds = await this.secureDelegationsEncryption.encryptSecretIds(shareSecretIds, exchangeDataInfo.exchangeKey)\n const encryptedEncryptionKeys = await this.secureDelegationsEncryption.encryptEncryptionKeys(shareEncryptionKeys, exchangeDataInfo.exchangeKey)\n const encryptedOwningEntityIds = await this.secureDelegationsEncryption.encryptOwningEntityIds(shareOwningEntityIds, exchangeDataInfo.exchangeKey)\n return {\n ...exchangeDataIdInfo,\n secretIds: encryptedSecretIds,\n encryptionKeys: encryptedEncryptionKeys,\n owningEntityIds: encryptedOwningEntityIds,\n }\n }\n\n private async makeExchangeDataIdInfoForDelegate(\n selfId: string,\n delegateId: string,\n exchangeData: ExchangeData\n ): Promise<{\n exchangeDataId?: string\n encryptedExchangeDataId?: { [fp: string]: string }\n explicitDelegator?: string\n explicitDelegate?: string\n }> {\n const delegateInfo = await this.getDataOwnerInfo(delegateId)\n if (!delegateInfo.requiresAnonymousDelegations && !this.selfNeedsAnonymousDelegations) {\n return {\n explicitDelegator: selfId,\n explicitDelegate: delegateId,\n exchangeDataId: exchangeData.id,\n }\n } else if (delegateInfo.requiresAnonymousDelegations && !this.selfNeedsAnonymousDelegations) {\n return {\n explicitDelegator: selfId,\n encryptedExchangeDataId: await this.secureDelegationsEncryption.encryptExchangeDataId(\n exchangeData.id!,\n Object.fromEntries(this.userKeys.getSelfVerifiedKeys().map((keyInfo) => [keyInfo.fingerprint, keyInfo.pair.publicKey]))\n ),\n }\n } else if (!delegateInfo.requiresAnonymousDelegations && this.selfNeedsAnonymousDelegations) {\n /**\n * Important: this requires that the exchange data signature also validates the authenticity of the public keys included in there.\n */\n const fingerprintsOfVerifiedExchangeData = new Set(Object.keys(exchangeData.exchangeKey))\n const delegateVerifiedKeys: { [fp: string]: CryptoKey } = {}\n for (const keyHex of [...delegateInfo.availablePublicKeysHexWithSha1, ...delegateInfo.availablePublicKeysHexWithSha256]) {\n const currFp = fingerprintV2(keyHex)\n const shaVersion = delegateInfo.availablePublicKeysHexWithSha1.includes(keyHex) ? ShaVersion.Sha1 : ShaVersion.Sha256\n if (fingerprintsOfVerifiedExchangeData.has(currFp)) {\n delegateVerifiedKeys[currFp] = await this.primitives.RSA.importKey('spki', hex2ua(keyHex), ['encrypt'], shaVersion)\n }\n }\n if (!Object.keys(delegateVerifiedKeys).length)\n throw new Error('Illegal state: could not find any verified key for delegate in verified exchange data.')\n return {\n explicitDelegate: delegateId,\n encryptedExchangeDataId: await this.secureDelegationsEncryption.encryptExchangeDataId(exchangeData.id!, delegateVerifiedKeys),\n }\n } else return {}\n }\n\n private makeExchangeDataIdInfoForSelf(\n selfId: string,\n exchangeData: ExchangeData\n ): {\n exchangeDataId?: string\n encryptedExchangeDataId?: { [fp: string]: string }\n explicitDelegator?: string\n explicitDelegate?: string\n } {\n if (this.selfNeedsAnonymousDelegations) {\n return {}\n } else {\n return {\n exchangeDataId: exchangeData.id,\n explicitDelegator: selfId,\n explicitDelegate: selfId,\n }\n }\n }\n\n private async getDataOwnerInfo(dataOwnerId: string) {\n return this.dataOwnerInfoCache.get(dataOwnerId, async () => {\n const dataOwnerWithType = await this.dataOwnerApi.getCryptoActorStub(dataOwnerId)\n return {\n item: {\n requiresAnonymousDelegations: this.cryptoStrategies.dataOwnerRequiresAnonymousDelegation(dataOwnerWithType),\n availablePublicKeysHexWithSha1: Array.from(hexPublicKeysWithSha1Of(dataOwnerWithType.stub)),\n availablePublicKeysHexWithSha256: Array.from(hexPublicKeysWithSha256Of(dataOwnerWithType.stub)),\n },\n }\n })\n }\n\n private getExistingCanonicalKeyAndSecureDelegation(\n entity: EncryptedEntityStub | EncryptedEntity,\n hashes: string[]\n ): { canonicalKey: string; secureDelegation: SecureDelegation } | undefined {\n const securityMetadata = entity.securityMetadata ?? {}\n const canonicalByEquivalences = Array.from(new Set(hashes.flatMap((hash) => securityMetadata.keysEquivalences?.[hash] ?? [])))\n const directRetrievals = hashes.flatMap((hash) => {\n const retrievedMetadata = securityMetadata.secureDelegations?.[hash]\n return retrievedMetadata ? { canonicalKey: hash, secureDelegation: retrievedMetadata } : []\n })\n if (\n directRetrievals.length > 1 ||\n canonicalByEquivalences.length > 1 ||\n (!!canonicalByEquivalences[0] && !!directRetrievals[0]?.canonicalKey && canonicalByEquivalences[0] !== directRetrievals[0]?.canonicalKey)\n )\n throw new Error('Illegal state: multiple secure delegations matching equivalent hashes of entity.')\n const canonicalFromEquivalences = canonicalByEquivalences[0]\n const retrievedFromEquivalences = securityMetadata.secureDelegations?.[canonicalFromEquivalences]\n return (\n directRetrievals[0] ??\n (!!canonicalFromEquivalences && !!retrievedFromEquivalences\n ? { canonicalKey: canonicalFromEquivalences, secureDelegation: retrievedFromEquivalences }\n : undefined)\n )\n }\n}\n"]}
|
|
@@ -12,6 +12,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
|
|
|
12
12
|
exports.ShamirKeysManager = void 0;
|
|
13
13
|
const utils_1 = require("../utils");
|
|
14
14
|
const CryptoActorStub_1 = require("../../icc-api/model/CryptoActorStub");
|
|
15
|
+
const utils_2 = require("./utils");
|
|
15
16
|
/**
|
|
16
17
|
* Allows to create or update shamir split keys.
|
|
17
18
|
*/
|
|
@@ -29,10 +30,10 @@ class ShamirKeysManager {
|
|
|
29
30
|
* @return the existing splits for the current data owner as a publicKeyFingerprint -> notariesIds object
|
|
30
31
|
*/
|
|
31
32
|
getExistingSplitsInfo(dataOwner) {
|
|
32
|
-
var _a
|
|
33
|
+
var _a;
|
|
33
34
|
const legacyPartitionDelegates = Object.keys((_a = dataOwner.privateKeyShamirPartitions) !== null && _a !== void 0 ? _a : {});
|
|
34
35
|
if (legacyPartitionDelegates.length > 0) {
|
|
35
|
-
const fp =
|
|
36
|
+
const fp = dataOwner.publicKey && (0, utils_2.fingerprintV1)(dataOwner.publicKey);
|
|
36
37
|
if (!fp) {
|
|
37
38
|
console.error('Invalid data owner: the owner has legacy key partitions but no legacy key.');
|
|
38
39
|
}
|
|
@@ -53,8 +54,8 @@ class ShamirKeysManager {
|
|
|
53
54
|
updateSelfSplits(keySplitsToUpdate, keySplitsToDelete) {
|
|
54
55
|
return __awaiter(this, void 0, void 0, function* () {
|
|
55
56
|
const self = CryptoActorStub_1.CryptoActorStubWithType.fromDataOwner(yield this.dataOwnerApi.getCurrentDataOwner());
|
|
56
|
-
const toUpdateSet = new Set(Object.keys(keySplitsToUpdate).map((x) =>
|
|
57
|
-
const toDeleteSet = new Set(keySplitsToDelete.
|
|
57
|
+
const toUpdateSet = new Set(Object.keys(keySplitsToUpdate).map((x) => (0, utils_2.fingerprintV1)(x)));
|
|
58
|
+
const toDeleteSet = new Set(Object.keys(keySplitsToDelete).map((x) => (0, utils_2.fingerprintV1)(x)));
|
|
58
59
|
const intersection = Array.from(toDeleteSet).filter((x) => toUpdateSet.has(x));
|
|
59
60
|
const existingSplits = new Set(Object.keys(this.getExistingSplitsInfo(self.stub)));
|
|
60
61
|
const allKeys = this.encryptionKeysManager.getDecryptionKeys();
|
|
@@ -74,7 +75,7 @@ class ShamirKeysManager {
|
|
|
74
75
|
delegatesKeys[delegateId] = res.exchangeKey;
|
|
75
76
|
}
|
|
76
77
|
for (const [key, params] of Object.entries(keySplitsToUpdate)) {
|
|
77
|
-
updatedSelf = yield this.updateKeySplit(updatedSelf,
|
|
78
|
+
updatedSelf = yield this.updateKeySplit(updatedSelf, (0, utils_2.fingerprintV1)(key), params.notariesIds, params.minShares, delegatesKeys, allKeys);
|
|
78
79
|
}
|
|
79
80
|
for (const keyFp of toDeleteSet) {
|
|
80
81
|
updatedSelf = this.deleteKeySplit(updatedSelf, keyFp);
|
|
@@ -95,8 +96,7 @@ class ShamirKeysManager {
|
|
|
95
96
|
throw new Error(`Invalid parameters for key ${key}: must have at least one delegate. ${params}`);
|
|
96
97
|
}
|
|
97
98
|
deleteKeySplit(dataOwner, keyFp) {
|
|
98
|
-
|
|
99
|
-
if (keyFp !== ((_a = dataOwner.stub.publicKey) === null || _a === void 0 ? void 0 : _a.slice(-32))) {
|
|
99
|
+
if (!dataOwner.stub.publicKey || keyFp !== (0, utils_2.fingerprintV1)(dataOwner.stub.publicKey)) {
|
|
100
100
|
throw new Error('Currently it is possible to use shamir splits only for the legacy public key');
|
|
101
101
|
}
|
|
102
102
|
return {
|
|
@@ -105,9 +105,8 @@ class ShamirKeysManager {
|
|
|
105
105
|
};
|
|
106
106
|
}
|
|
107
107
|
updateKeySplit(dataOwner, keyFp, delegateIds, minShares, delegatesKeys, allKeys) {
|
|
108
|
-
var _a;
|
|
109
108
|
return __awaiter(this, void 0, void 0, function* () {
|
|
110
|
-
if (
|
|
109
|
+
if (!dataOwner.stub.publicKey || keyFp !== (0, utils_2.fingerprintV1)(dataOwner.stub.publicKey)) {
|
|
111
110
|
throw new Error('Currently it is possible to use shamir splits only for the legacy public key');
|
|
112
111
|
}
|
|
113
112
|
return {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"ShamirKeysManager.js","sourceRoot":"","sources":["../../../icc-x-api/crypto/ShamirKeysManager.ts"],"names":[],"mappings":";;;;;;;;;;;;AAIA,oCAAyC;AAEzC,yEAA6E;AAE7E;;GAEG;AACH,MAAa,iBAAiB;IAC5B,YACmB,UAA4B,EAC5B,YAA8B,EAC9B,qBAAgD,EAChD,mBAAwC;QAHxC,eAAU,GAAV,UAAU,CAAkB;QAC5B,iBAAY,GAAZ,YAAY,CAAkB;QAC9B,0BAAqB,GAArB,qBAAqB,CAA2B;QAChD,wBAAmB,GAAnB,mBAAmB,CAAqB;IACxD,CAAC;IAEJ;;;;;OAKG;IACH,qBAAqB,CAAC,SAA0B;;QAC9C,MAAM,wBAAwB,GAAG,MAAM,CAAC,IAAI,CAAC,MAAA,SAAS,CAAC,0BAA0B,mCAAI,EAAE,CAAC,CAAA;QACxF,IAAI,wBAAwB,CAAC,MAAM,GAAG,CAAC,EAAE;YACvC,MAAM,EAAE,GAAG,MAAA,SAAS,CAAC,SAAS,0CAAE,KAAK,CAAC,CAAC,EAAE,CAAC,CAAA;YAC1C,IAAI,CAAC,EAAE,EAAE;gBACP,OAAO,CAAC,KAAK,CAAC,4EAA4E,CAAC,CAAA;aAC5F;;gBAAM,OAAO,EAAE,CAAC,EAAE,CAAC,EAAE,wBAAwB,EAAE,CAAA;SACjD;QACD,OAAO,EAAE,CAAA;IACX,CAAC;IAED;;;;;;;;OAQG;IACG,gBAAgB,CACpB,iBAA+F,EAC/F,iBAA2B;;YAE3B,MAAM,IAAI,GAAG,yCAAuB,CAAC,aAAa,CAAC,MAAM,IAAI,CAAC,YAAY,CAAC,mBAAmB,EAAE,CAAC,CAAA;YACjG,MAAM,WAAW,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAA;YACpF,MAAM,WAAW,GAAG,IAAI,GAAG,CAAC,iBAAiB,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAA;YACzD,MAAM,YAAY,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAA;YAC9E,MAAM,cAAc,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,qBAAqB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;YAClF,MAAM,OAAO,GAAG,IAAI,CAAC,qBAAqB,CAAC,iBAAiB,EAAE,CAAA;YAC9D,IAAI,WAAW,CAAC,IAAI,KAAK,iBAAiB,CAAC,MAAM,IAAI,WAAW,CAAC,IAAI,KAAK,MAAM,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC,MAAM,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC;gBACxI,MAAM,IAAI,KAAK,CAAC,gDAAgD,iBAAiB,wBAAwB,iBAAiB,EAAE,CAAC,CAAA;YAC/H,MAAM,CAAC,OAAO,CAAC,iBAAiB,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,EAAE,MAAM,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,oBAAoB,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC,CAAA;YACpG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE;gBACnE,MAAM,IAAI,KAAK,CAAC,4DAA4D,KAAK,CAAC,IAAI,CAAC,cAAc,CAAC,cAAc,KAAK,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC,CAAA;aAC/I;YACD,IAAI,KAAK,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,EAAE;gBACpD,MAAM,IAAI,KAAK,CAAC,6EAA6E,iBAAiB,EAAE,CAAC,CAAA;aAClH;YACD,MAAM,aAAa,GAAwC,EAAE,CAAA;YAC7D,IAAI,WAAW,GAAG,IAAI,CAAA;YACtB,KAAK,MAAM,UAAU,IAAI,IAAI,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,iBAAiB,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,EAAE;gBAChG,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,2BAA2B,CAAC,UAAU,EAAE,SAAS,EAAE,SAAS,EAAE,KAAK,CAAC,CAAA;gBAC/G,aAAa,CAAC,UAAU,CAAC,GAAG,GAAG,CAAC,WAAW,CAAA;aAC5C;YACD,KAAK,MAAM,CAAC,GAAG,EAAE,MAAM,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,iBAAiB,CAAC,EAAE;gBAC7D,WAAW,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,WAAW,EAAE,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,EAAE,MAAM,CAAC,WAAW,EAAE,MAAM,CAAC,SAAS,EAAE,aAAa,EAAE,OAAO,CAAC,CAAA;aACnI;YACD,KAAK,MAAM,KAAK,IAAI,WAAW,EAAE;gBAC/B,WAAW,GAAG,IAAI,CAAC,cAAc,CAAC,WAAW,EAAE,KAAK,CAAC,CAAA;aACtD;YACD,OAAO,MAAM,IAAI,CAAC,YAAY,CAAC,qBAAqB,CAAC,WAAW,CAAC,CAAA;QACnE,CAAC;KAAA;IAED;;OAEG;IAEK,oBAAoB,CAAC,GAAW,EAAE,MAAoD;QAC5F,IAAI,MAAM,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE;YACjC,IAAI,MAAM,CAAC,SAAS,GAAG,MAAM,CAAC,WAAW,CAAC,MAAM,EAAE;gBAChD,MAAM,IAAI,KAAK,CAAC,8BAA8B,GAAG,+DAA+D,MAAM,EAAE,CAAC,CAAA;aAC1H;SACF;;YAAM,MAAM,IAAI,KAAK,CAAC,8BAA8B,GAAG,sCAAsC,MAAM,EAAE,CAAC,CAAA;IACzG,CAAC;IAEO,cAAc,CAAC,SAAkC,EAAE,KAAa;;QACtE,IAAI,KAAK,MAAK,MAAA,SAAS,CAAC,IAAI,CAAC,SAAS,0CAAE,KAAK,CAAC,CAAC,EAAE,CAAC,CAAA,EAAE;YAClD,MAAM,IAAI,KAAK,CAAC,8EAA8E,CAAC,CAAA;SAChG;QACD,OAAO;YACL,IAAI,EAAE,SAAS,CAAC,IAAI;YACpB,IAAI,kCACC,SAAS,CAAC,IAAI,KACjB,0BAA0B,EAAE,EAAE,GAC/B;SACF,CAAA;IACH,CAAC;IAEa,cAAc,CAC1B,SAAkC,EAClC,KAAa,EACb,WAAqB,EACrB,SAAiB,EACjB,aAAyC,EACzC,OAA4C;;;YAE5C,IAAI,KAAK,MAAK,MAAA,SAAS,CAAC,IAAI,CAAC,SAAS,0CAAE,KAAK,CAAC,CAAC,EAAE,CAAC,CAAA,EAAE;gBAClD,MAAM,IAAI,KAAK,CAAC,8EAA8E,CAAC,CAAA;aAChG;YACD,OAAO;gBACL,IAAI,EAAE,SAAS,CAAC,IAAI;gBACpB,IAAI,kCACC,SAAS,CAAC,IAAI,KACjB,0BAA0B,EAAE,MAAM,IAAI,CAAC,mBAAmB,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,WAAW,EAAE,SAAS,EAAE,aAAa,CAAC,GAClH;aACF,CAAA;;KACF;IAEa,mBAAmB,CAC/B,OAA2B,EAC3B,WAAqB,EACrB,SAAiB,EACjB,aAAyC;;YAEzC,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,SAAS,CAAC,OAAO,CAAC,UAAU,EAAE,OAAO,CAAC,CAAA;YACpF,IAAI,WAAW,CAAC,MAAM,IAAI,CAAC,EAAE;gBAC3B,OAAO,MAAM,IAAI,CAAC,aAAa,CAAC,CAAC,WAAW,CAAC,EAAE,WAAW,EAAE,aAAa,CAAC,CAAA;aAC3E;iBAAM;gBACL,MAAM,eAAe,GAAG,IAAA,cAAM,EAAC,WAAW,CAAC,CAAA;gBAC3C,MAAM,YAAY,GAAG,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,KAAK,CAAC,eAAe,EAAE,WAAW,CAAC,MAAM,EAAE,SAAS,CAAC,CAAA;gBACjG,MAAM,kBAAkB,GAAG,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA,CAAC,mEAAmE;gBAC/H,KAAK,MAAM,KAAK,IAAI,kBAAkB,EAAE;oBACtC,IAAI,CAAC,0BAA0B,CAAC,IAAI,CAAC,KAAK,CAAC;wBAAE,MAAM,IAAI,KAAK,CAAC,8EAA8E,CAAC,CAAA;oBAC5I,IAAI,KAAK,KAAK,IAAA,cAAM,EAAC,IAAA,cAAM,EAAC,KAAK,CAAC,CAAC;wBAAE,MAAM,IAAI,KAAK,CAAC,gDAAgD,CAAC,CAAA;iBACvG;gBACD,OAAO,MAAM,IAAI,CAAC,aAAa,CAC7B,kBAAkB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAA,cAAM,EAAC,CAAC,CAAC,CAAC,EACxC,WAAW,EACX,aAAa,CACd,CAAA;aACF;QACH,CAAC;KAAA;IAEa,aAAa,CACzB,MAAqB,EACrB,WAAqB,EACrB,aAAyC;;YAEzC,OAAO,WAAW,CAAC,MAAM,CACvB,CAAO,GAAG,EAAE,UAAU,EAAE,KAAK,EAAE,EAAE;gBAAC,OAAA,iCAC7B,CAAC,MAAM,GAAG,CAAC,KACd,CAAC,UAAU,CAAC,EAAE,IAAA,cAAM,EAAC,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,aAAa,CAAC,UAAU,CAAC,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,IACjG,CAAA;cAAA,EACF,OAAO,CAAC,OAAO,CAAC,EAAsC,CAAC,CACxD,CAAA;QACH,CAAC;KAAA;CACF;AAvJD,8CAuJC","sourcesContent":["import { DataOwnerOrStub, IccDataOwnerXApi } from '../icc-data-owner-x-api'\nimport { UserEncryptionKeysManager } from './UserEncryptionKeysManager'\nimport { CryptoPrimitives } from './CryptoPrimitives'\nimport { KeyPair } from './RSA'\nimport { hex2ua, ua2hex } from '../utils'\nimport { ExchangeDataManager } from './ExchangeDataManager'\nimport { CryptoActorStubWithType } from '../../icc-api/model/CryptoActorStub'\n\n/**\n * Allows to create or update shamir split keys.\n */\nexport class ShamirKeysManager {\n constructor(\n private readonly primitives: CryptoPrimitives,\n private readonly dataOwnerApi: IccDataOwnerXApi,\n private readonly encryptionKeysManager: UserEncryptionKeysManager,\n private readonly exchangeDataManager: ExchangeDataManager\n ) {}\n\n /**\n * Get information on existing private keys splits for the provided data owner. For each private key of the provided data owner which has been\n * split using the Shamir sharing algorithm gives the list of the notaries (other data owners) which hold a copy of the key part.\n * @param dataOwner a data owner\n * @return the existing splits for the current data owner as a publicKeyFingerprint -> notariesIds object\n */\n getExistingSplitsInfo(dataOwner: DataOwnerOrStub): { [keyPairFingerprint: string]: string[] } {\n const legacyPartitionDelegates = Object.keys(dataOwner.privateKeyShamirPartitions ?? {})\n if (legacyPartitionDelegates.length > 0) {\n const fp = dataOwner.publicKey?.slice(-32)\n if (!fp) {\n console.error('Invalid data owner: the owner has legacy key partitions but no legacy key.')\n } else return { [fp]: legacyPartitionDelegates }\n }\n return {}\n }\n\n /**\n * Creates, updates or deletes shamir splits for keys of the current data owner. Any request to update the splits for a specific key will completely\n * replace any existing data on that split (all previous notaries will be ignored).\n * Note: currently you can only split the legacy key pair.\n * @param keySplitsToUpdate the fingerprints of key pairs which will have updated/new splits and the details on how to create the updated splits.\n * @param keySplitsToDelete the fingerprints or hex-encoded spki public keys which will not be shared anymore.\n * @throws if the parameters refer to non-existing or unavailable keys, have split creation details, or if they request to delete a non-existing\n * split.\n */\n async updateSelfSplits(\n keySplitsToUpdate: { [publicKeyHexOrFp: string]: { notariesIds: string[]; minShares: number } },\n keySplitsToDelete: string[]\n ): Promise<CryptoActorStubWithType> {\n const self = CryptoActorStubWithType.fromDataOwner(await this.dataOwnerApi.getCurrentDataOwner())\n const toUpdateSet = new Set(Object.keys(keySplitsToUpdate).map((x) => x.slice(-32)))\n const toDeleteSet = new Set(keySplitsToDelete.slice(-32))\n const intersection = Array.from(toDeleteSet).filter((x) => toUpdateSet.has(x))\n const existingSplits = new Set(Object.keys(this.getExistingSplitsInfo(self.stub)))\n const allKeys = this.encryptionKeysManager.getDecryptionKeys()\n if (toDeleteSet.size !== keySplitsToDelete.length || toUpdateSet.size !== Object.keys(keySplitsToUpdate).length || intersection.length > 0)\n throw new Error(`Duplicate keys in input:\\nkeySplitsToUpdate: ${keySplitsToUpdate}\\nkeySplitsToDelete: ${keySplitsToDelete}`)\n Object.entries(keySplitsToUpdate).forEach(([key, params]) => this.validateShamirParams(key, params))\n if (!Array.from(existingSplits).every((x) => existingSplits.has(x))) {\n throw new Error(`Requested to delete non-existing split.\\nexistingSplits: ${Array.from(existingSplits)}\\ntoDelete:${Array.from(toDeleteSet)}`)\n }\n if (Array.from(toUpdateSet).some((x) => !allKeys[x])) {\n throw new Error(`Private key is not available for some of the requested key split updates. ${keySplitsToUpdate}`)\n }\n const delegatesKeys: { [delegateId: string]: CryptoKey } = {}\n let updatedSelf = self\n for (const delegateId of new Set(Object.values(keySplitsToUpdate).flatMap((x) => x.notariesIds))) {\n const res = await this.exchangeDataManager.getOrCreateEncryptionDataTo(delegateId, undefined, undefined, false)\n delegatesKeys[delegateId] = res.exchangeKey\n }\n for (const [key, params] of Object.entries(keySplitsToUpdate)) {\n updatedSelf = await this.updateKeySplit(updatedSelf, key.slice(-32), params.notariesIds, params.minShares, delegatesKeys, allKeys)\n }\n for (const keyFp of toDeleteSet) {\n updatedSelf = this.deleteKeySplit(updatedSelf, keyFp)\n }\n return await this.dataOwnerApi.modifyCryptoActorStub(updatedSelf)\n }\n\n /*TODO\n * Get suggested recovery keys: analyse transfer keys and shamir to get keys which should be shared with shamir for optimal recovery.\n */\n\n private validateShamirParams(key: string, params: { notariesIds: string[]; minShares: number }) {\n if (params.notariesIds.length > 0) {\n if (params.minShares > params.notariesIds.length) {\n throw new Error(`Invalid parameters for key ${key}: min shares can't be greater than the number of delegates. ${params}`)\n }\n } else throw new Error(`Invalid parameters for key ${key}: must have at least one delegate. ${params}`)\n }\n\n private deleteKeySplit(dataOwner: CryptoActorStubWithType, keyFp: string): CryptoActorStubWithType {\n if (keyFp !== dataOwner.stub.publicKey?.slice(-32)) {\n throw new Error('Currently it is possible to use shamir splits only for the legacy public key')\n }\n return {\n type: dataOwner.type,\n stub: {\n ...dataOwner.stub,\n privateKeyShamirPartitions: {},\n },\n }\n }\n\n private async updateKeySplit(\n dataOwner: CryptoActorStubWithType,\n keyFp: string,\n delegateIds: string[],\n minShares: number,\n delegatesKeys: { [p: string]: CryptoKey },\n allKeys: { [p: string]: KeyPair<CryptoKey> }\n ): Promise<CryptoActorStubWithType> {\n if (keyFp !== dataOwner.stub.publicKey?.slice(-32)) {\n throw new Error('Currently it is possible to use shamir splits only for the legacy public key')\n }\n return {\n type: dataOwner.type,\n stub: {\n ...dataOwner.stub,\n privateKeyShamirPartitions: await this.createPartitionsFor(allKeys[keyFp], delegateIds, minShares, delegatesKeys),\n },\n }\n }\n\n private async createPartitionsFor(\n keyPair: KeyPair<CryptoKey>,\n delegateIds: string[],\n minShares: number,\n delegatesKeys: { [p: string]: CryptoKey }\n ): Promise<{ [delegateId: string]: string }> {\n const exportedKey = await this.primitives.RSA.exportKey(keyPair.privateKey, 'pkcs8')\n if (delegateIds.length == 1) {\n return await this.encryptShares([exportedKey], delegateIds, delegatesKeys)\n } else {\n const exportedKeysHex = ua2hex(exportedKey)\n const stringShares = this.primitives.shamir.share(exportedKeysHex, delegateIds.length, minShares)\n const paddedStringShares = stringShares.map((x) => `f${x}`) // Shares are uneven length, apart from that they are perfect hexes\n for (const share of paddedStringShares) {\n if (!/^(?:[0-9a-f][0-9a-f])+$/g.test(share)) throw new Error('Unexpected result of shamir split: padded shares should be a valid hex value')\n if (share !== ua2hex(hex2ua(share))) throw new Error('Unexpected result with encoding-decoding share')\n }\n return await this.encryptShares(\n paddedStringShares.map((x) => hex2ua(x)),\n delegateIds,\n delegatesKeys\n )\n }\n }\n\n private async encryptShares(\n shares: ArrayBuffer[],\n delegateIds: string[],\n delegatesKeys: { [p: string]: CryptoKey }\n ): Promise<{ [delegateId: string]: string }> {\n return delegateIds.reduce(\n async (acc, delegateId, index) => ({\n ...(await acc),\n [delegateId]: ua2hex(await this.primitives.AES.encrypt(delegatesKeys[delegateId], shares[index])),\n }),\n Promise.resolve({} as { [delegateId: string]: string })\n )\n }\n}\n"]}
|
|
1
|
+
{"version":3,"file":"ShamirKeysManager.js","sourceRoot":"","sources":["../../../icc-x-api/crypto/ShamirKeysManager.ts"],"names":[],"mappings":";;;;;;;;;;;;AAIA,oCAAyC;AAEzC,yEAA6E;AAC7E,mCAAuC;AAEvC;;GAEG;AACH,MAAa,iBAAiB;IAC5B,YACmB,UAA4B,EAC5B,YAA8B,EAC9B,qBAAgD,EAChD,mBAAwC;QAHxC,eAAU,GAAV,UAAU,CAAkB;QAC5B,iBAAY,GAAZ,YAAY,CAAkB;QAC9B,0BAAqB,GAArB,qBAAqB,CAA2B;QAChD,wBAAmB,GAAnB,mBAAmB,CAAqB;IACxD,CAAC;IAEJ;;;;;OAKG;IACH,qBAAqB,CAAC,SAA0B;;QAC9C,MAAM,wBAAwB,GAAG,MAAM,CAAC,IAAI,CAAC,MAAA,SAAS,CAAC,0BAA0B,mCAAI,EAAE,CAAC,CAAA;QACxF,IAAI,wBAAwB,CAAC,MAAM,GAAG,CAAC,EAAE;YACvC,MAAM,EAAE,GAAG,SAAS,CAAC,SAAS,IAAI,IAAA,qBAAa,EAAC,SAAS,CAAC,SAAS,CAAC,CAAA;YACpE,IAAI,CAAC,EAAE,EAAE;gBACP,OAAO,CAAC,KAAK,CAAC,4EAA4E,CAAC,CAAA;aAC5F;;gBAAM,OAAO,EAAE,CAAC,EAAE,CAAC,EAAE,wBAAwB,EAAE,CAAA;SACjD;QACD,OAAO,EAAE,CAAA;IACX,CAAC;IAED;;;;;;;;OAQG;IACG,gBAAgB,CACpB,iBAA+F,EAC/F,iBAA2B;;YAE3B,MAAM,IAAI,GAAG,yCAAuB,CAAC,aAAa,CAAC,MAAM,IAAI,CAAC,YAAY,CAAC,mBAAmB,EAAE,CAAC,CAAA;YACjG,MAAM,WAAW,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAA,qBAAa,EAAC,CAAC,CAAC,CAAC,CAAC,CAAA;YACxF,MAAM,WAAW,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAA,qBAAa,EAAC,CAAC,CAAC,CAAC,CAAC,CAAA;YACxF,MAAM,YAAY,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAA;YAC9E,MAAM,cAAc,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,qBAAqB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;YAClF,MAAM,OAAO,GAAG,IAAI,CAAC,qBAAqB,CAAC,iBAAiB,EAAE,CAAA;YAC9D,IAAI,WAAW,CAAC,IAAI,KAAK,iBAAiB,CAAC,MAAM,IAAI,WAAW,CAAC,IAAI,KAAK,MAAM,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC,MAAM,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC;gBACxI,MAAM,IAAI,KAAK,CAAC,gDAAgD,iBAAiB,wBAAwB,iBAAiB,EAAE,CAAC,CAAA;YAC/H,MAAM,CAAC,OAAO,CAAC,iBAAiB,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,EAAE,MAAM,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,oBAAoB,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC,CAAA;YACpG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE;gBACnE,MAAM,IAAI,KAAK,CAAC,4DAA4D,KAAK,CAAC,IAAI,CAAC,cAAc,CAAC,cAAc,KAAK,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC,CAAA;aAC/I;YACD,IAAI,KAAK,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,EAAE;gBACpD,MAAM,IAAI,KAAK,CAAC,6EAA6E,iBAAiB,EAAE,CAAC,CAAA;aAClH;YACD,MAAM,aAAa,GAAwC,EAAE,CAAA;YAC7D,IAAI,WAAW,GAAG,IAAI,CAAA;YACtB,KAAK,MAAM,UAAU,IAAI,IAAI,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,iBAAiB,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,EAAE;gBAChG,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,2BAA2B,CAAC,UAAU,EAAE,SAAS,EAAE,SAAS,EAAE,KAAK,CAAC,CAAA;gBAC/G,aAAa,CAAC,UAAU,CAAC,GAAG,GAAG,CAAC,WAAW,CAAA;aAC5C;YACD,KAAK,MAAM,CAAC,GAAG,EAAE,MAAM,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,iBAAiB,CAAC,EAAE;gBAC7D,WAAW,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,WAAW,EAAE,IAAA,qBAAa,EAAC,GAAG,CAAC,EAAE,MAAM,CAAC,WAAW,EAAE,MAAM,CAAC,SAAS,EAAE,aAAa,EAAE,OAAO,CAAC,CAAA;aACvI;YACD,KAAK,MAAM,KAAK,IAAI,WAAW,EAAE;gBAC/B,WAAW,GAAG,IAAI,CAAC,cAAc,CAAC,WAAW,EAAE,KAAK,CAAC,CAAA;aACtD;YACD,OAAO,MAAM,IAAI,CAAC,YAAY,CAAC,qBAAqB,CAAC,WAAW,CAAC,CAAA;QACnE,CAAC;KAAA;IAED;;OAEG;IAEK,oBAAoB,CAAC,GAAW,EAAE,MAAoD;QAC5F,IAAI,MAAM,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE;YACjC,IAAI,MAAM,CAAC,SAAS,GAAG,MAAM,CAAC,WAAW,CAAC,MAAM,EAAE;gBAChD,MAAM,IAAI,KAAK,CAAC,8BAA8B,GAAG,+DAA+D,MAAM,EAAE,CAAC,CAAA;aAC1H;SACF;;YAAM,MAAM,IAAI,KAAK,CAAC,8BAA8B,GAAG,sCAAsC,MAAM,EAAE,CAAC,CAAA;IACzG,CAAC;IAEO,cAAc,CAAC,SAAkC,EAAE,KAAa;QACtE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,SAAS,IAAI,KAAK,KAAK,IAAA,qBAAa,EAAC,SAAS,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE;YAClF,MAAM,IAAI,KAAK,CAAC,8EAA8E,CAAC,CAAA;SAChG;QACD,OAAO;YACL,IAAI,EAAE,SAAS,CAAC,IAAI;YACpB,IAAI,kCACC,SAAS,CAAC,IAAI,KACjB,0BAA0B,EAAE,EAAE,GAC/B;SACF,CAAA;IACH,CAAC;IAEa,cAAc,CAC1B,SAAkC,EAClC,KAAa,EACb,WAAqB,EACrB,SAAiB,EACjB,aAAyC,EACzC,OAA4C;;YAE5C,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,SAAS,IAAI,KAAK,KAAK,IAAA,qBAAa,EAAC,SAAS,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE;gBAClF,MAAM,IAAI,KAAK,CAAC,8EAA8E,CAAC,CAAA;aAChG;YACD,OAAO;gBACL,IAAI,EAAE,SAAS,CAAC,IAAI;gBACpB,IAAI,kCACC,SAAS,CAAC,IAAI,KACjB,0BAA0B,EAAE,MAAM,IAAI,CAAC,mBAAmB,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,WAAW,EAAE,SAAS,EAAE,aAAa,CAAC,GAClH;aACF,CAAA;QACH,CAAC;KAAA;IAEa,mBAAmB,CAC/B,OAA2B,EAC3B,WAAqB,EACrB,SAAiB,EACjB,aAAyC;;YAEzC,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,SAAS,CAAC,OAAO,CAAC,UAAU,EAAE,OAAO,CAAC,CAAA;YACpF,IAAI,WAAW,CAAC,MAAM,IAAI,CAAC,EAAE;gBAC3B,OAAO,MAAM,IAAI,CAAC,aAAa,CAAC,CAAC,WAAW,CAAC,EAAE,WAAW,EAAE,aAAa,CAAC,CAAA;aAC3E;iBAAM;gBACL,MAAM,eAAe,GAAG,IAAA,cAAM,EAAC,WAAW,CAAC,CAAA;gBAC3C,MAAM,YAAY,GAAG,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,KAAK,CAAC,eAAe,EAAE,WAAW,CAAC,MAAM,EAAE,SAAS,CAAC,CAAA;gBACjG,MAAM,kBAAkB,GAAG,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA,CAAC,mEAAmE;gBAC/H,KAAK,MAAM,KAAK,IAAI,kBAAkB,EAAE;oBACtC,IAAI,CAAC,0BAA0B,CAAC,IAAI,CAAC,KAAK,CAAC;wBAAE,MAAM,IAAI,KAAK,CAAC,8EAA8E,CAAC,CAAA;oBAC5I,IAAI,KAAK,KAAK,IAAA,cAAM,EAAC,IAAA,cAAM,EAAC,KAAK,CAAC,CAAC;wBAAE,MAAM,IAAI,KAAK,CAAC,gDAAgD,CAAC,CAAA;iBACvG;gBACD,OAAO,MAAM,IAAI,CAAC,aAAa,CAC7B,kBAAkB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAA,cAAM,EAAC,CAAC,CAAC,CAAC,EACxC,WAAW,EACX,aAAa,CACd,CAAA;aACF;QACH,CAAC;KAAA;IAEa,aAAa,CACzB,MAAqB,EACrB,WAAqB,EACrB,aAAyC;;YAEzC,OAAO,WAAW,CAAC,MAAM,CACvB,CAAO,GAAG,EAAE,UAAU,EAAE,KAAK,EAAE,EAAE;gBAAC,OAAA,iCAC7B,CAAC,MAAM,GAAG,CAAC,KACd,CAAC,UAAU,CAAC,EAAE,IAAA,cAAM,EAAC,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,aAAa,CAAC,UAAU,CAAC,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,IACjG,CAAA;cAAA,EACF,OAAO,CAAC,OAAO,CAAC,EAAsC,CAAC,CACxD,CAAA;QACH,CAAC;KAAA;CACF;AAvJD,8CAuJC","sourcesContent":["import { DataOwnerOrStub, IccDataOwnerXApi } from '../icc-data-owner-x-api'\nimport { UserEncryptionKeysManager } from './UserEncryptionKeysManager'\nimport { CryptoPrimitives } from './CryptoPrimitives'\nimport { KeyPair } from './RSA'\nimport { hex2ua, ua2hex } from '../utils'\nimport { ExchangeDataManager } from './ExchangeDataManager'\nimport { CryptoActorStubWithType } from '../../icc-api/model/CryptoActorStub'\nimport { fingerprintV1 } from './utils'\n\n/**\n * Allows to create or update shamir split keys.\n */\nexport class ShamirKeysManager {\n constructor(\n private readonly primitives: CryptoPrimitives,\n private readonly dataOwnerApi: IccDataOwnerXApi,\n private readonly encryptionKeysManager: UserEncryptionKeysManager,\n private readonly exchangeDataManager: ExchangeDataManager\n ) {}\n\n /**\n * Get information on existing private keys splits for the provided data owner. For each private key of the provided data owner which has been\n * split using the Shamir sharing algorithm gives the list of the notaries (other data owners) which hold a copy of the key part.\n * @param dataOwner a data owner\n * @return the existing splits for the current data owner as a publicKeyFingerprint -> notariesIds object\n */\n getExistingSplitsInfo(dataOwner: DataOwnerOrStub): { [keyPairFingerprint: string]: string[] } {\n const legacyPartitionDelegates = Object.keys(dataOwner.privateKeyShamirPartitions ?? {})\n if (legacyPartitionDelegates.length > 0) {\n const fp = dataOwner.publicKey && fingerprintV1(dataOwner.publicKey)\n if (!fp) {\n console.error('Invalid data owner: the owner has legacy key partitions but no legacy key.')\n } else return { [fp]: legacyPartitionDelegates }\n }\n return {}\n }\n\n /**\n * Creates, updates or deletes shamir splits for keys of the current data owner. Any request to update the splits for a specific key will completely\n * replace any existing data on that split (all previous notaries will be ignored).\n * Note: currently you can only split the legacy key pair.\n * @param keySplitsToUpdate the fingerprints of key pairs which will have updated/new splits and the details on how to create the updated splits.\n * @param keySplitsToDelete the fingerprints or hex-encoded spki public keys which will not be shared anymore.\n * @throws if the parameters refer to non-existing or unavailable keys, have split creation details, or if they request to delete a non-existing\n * split.\n */\n async updateSelfSplits(\n keySplitsToUpdate: { [publicKeyHexOrFp: string]: { notariesIds: string[]; minShares: number } },\n keySplitsToDelete: string[]\n ): Promise<CryptoActorStubWithType> {\n const self = CryptoActorStubWithType.fromDataOwner(await this.dataOwnerApi.getCurrentDataOwner())\n const toUpdateSet = new Set(Object.keys(keySplitsToUpdate).map((x) => fingerprintV1(x)))\n const toDeleteSet = new Set(Object.keys(keySplitsToDelete).map((x) => fingerprintV1(x)))\n const intersection = Array.from(toDeleteSet).filter((x) => toUpdateSet.has(x))\n const existingSplits = new Set(Object.keys(this.getExistingSplitsInfo(self.stub)))\n const allKeys = this.encryptionKeysManager.getDecryptionKeys()\n if (toDeleteSet.size !== keySplitsToDelete.length || toUpdateSet.size !== Object.keys(keySplitsToUpdate).length || intersection.length > 0)\n throw new Error(`Duplicate keys in input:\\nkeySplitsToUpdate: ${keySplitsToUpdate}\\nkeySplitsToDelete: ${keySplitsToDelete}`)\n Object.entries(keySplitsToUpdate).forEach(([key, params]) => this.validateShamirParams(key, params))\n if (!Array.from(existingSplits).every((x) => existingSplits.has(x))) {\n throw new Error(`Requested to delete non-existing split.\\nexistingSplits: ${Array.from(existingSplits)}\\ntoDelete:${Array.from(toDeleteSet)}`)\n }\n if (Array.from(toUpdateSet).some((x) => !allKeys[x])) {\n throw new Error(`Private key is not available for some of the requested key split updates. ${keySplitsToUpdate}`)\n }\n const delegatesKeys: { [delegateId: string]: CryptoKey } = {}\n let updatedSelf = self\n for (const delegateId of new Set(Object.values(keySplitsToUpdate).flatMap((x) => x.notariesIds))) {\n const res = await this.exchangeDataManager.getOrCreateEncryptionDataTo(delegateId, undefined, undefined, false)\n delegatesKeys[delegateId] = res.exchangeKey\n }\n for (const [key, params] of Object.entries(keySplitsToUpdate)) {\n updatedSelf = await this.updateKeySplit(updatedSelf, fingerprintV1(key), params.notariesIds, params.minShares, delegatesKeys, allKeys)\n }\n for (const keyFp of toDeleteSet) {\n updatedSelf = this.deleteKeySplit(updatedSelf, keyFp)\n }\n return await this.dataOwnerApi.modifyCryptoActorStub(updatedSelf)\n }\n\n /*TODO\n * Get suggested recovery keys: analyse transfer keys and shamir to get keys which should be shared with shamir for optimal recovery.\n */\n\n private validateShamirParams(key: string, params: { notariesIds: string[]; minShares: number }) {\n if (params.notariesIds.length > 0) {\n if (params.minShares > params.notariesIds.length) {\n throw new Error(`Invalid parameters for key ${key}: min shares can't be greater than the number of delegates. ${params}`)\n }\n } else throw new Error(`Invalid parameters for key ${key}: must have at least one delegate. ${params}`)\n }\n\n private deleteKeySplit(dataOwner: CryptoActorStubWithType, keyFp: string): CryptoActorStubWithType {\n if (!dataOwner.stub.publicKey || keyFp !== fingerprintV1(dataOwner.stub.publicKey)) {\n throw new Error('Currently it is possible to use shamir splits only for the legacy public key')\n }\n return {\n type: dataOwner.type,\n stub: {\n ...dataOwner.stub,\n privateKeyShamirPartitions: {},\n },\n }\n }\n\n private async updateKeySplit(\n dataOwner: CryptoActorStubWithType,\n keyFp: string,\n delegateIds: string[],\n minShares: number,\n delegatesKeys: { [p: string]: CryptoKey },\n allKeys: { [p: string]: KeyPair<CryptoKey> }\n ): Promise<CryptoActorStubWithType> {\n if (!dataOwner.stub.publicKey || keyFp !== fingerprintV1(dataOwner.stub.publicKey)) {\n throw new Error('Currently it is possible to use shamir splits only for the legacy public key')\n }\n return {\n type: dataOwner.type,\n stub: {\n ...dataOwner.stub,\n privateKeyShamirPartitions: await this.createPartitionsFor(allKeys[keyFp], delegateIds, minShares, delegatesKeys),\n },\n }\n }\n\n private async createPartitionsFor(\n keyPair: KeyPair<CryptoKey>,\n delegateIds: string[],\n minShares: number,\n delegatesKeys: { [p: string]: CryptoKey }\n ): Promise<{ [delegateId: string]: string }> {\n const exportedKey = await this.primitives.RSA.exportKey(keyPair.privateKey, 'pkcs8')\n if (delegateIds.length == 1) {\n return await this.encryptShares([exportedKey], delegateIds, delegatesKeys)\n } else {\n const exportedKeysHex = ua2hex(exportedKey)\n const stringShares = this.primitives.shamir.share(exportedKeysHex, delegateIds.length, minShares)\n const paddedStringShares = stringShares.map((x) => `f${x}`) // Shares are uneven length, apart from that they are perfect hexes\n for (const share of paddedStringShares) {\n if (!/^(?:[0-9a-f][0-9a-f])+$/g.test(share)) throw new Error('Unexpected result of shamir split: padded shares should be a valid hex value')\n if (share !== ua2hex(hex2ua(share))) throw new Error('Unexpected result with encoding-decoding share')\n }\n return await this.encryptShares(\n paddedStringShares.map((x) => hex2ua(x)),\n delegateIds,\n delegatesKeys\n )\n }\n }\n\n private async encryptShares(\n shares: ArrayBuffer[],\n delegateIds: string[],\n delegatesKeys: { [p: string]: CryptoKey }\n ): Promise<{ [delegateId: string]: string }> {\n return delegateIds.reduce(\n async (acc, delegateId, index) => ({\n ...(await acc),\n [delegateId]: ua2hex(await this.primitives.AES.encrypt(delegatesKeys[delegateId], shares[index])),\n }),\n Promise.resolve({} as { [delegateId: string]: string })\n )\n }\n}\n"]}
|
|
@@ -10,6 +10,7 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
|
|
|
10
10
|
};
|
|
11
11
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
12
12
|
exports.TransferKeysManager = void 0;
|
|
13
|
+
const RSA_1 = require("./RSA");
|
|
13
14
|
const utils_1 = require("../utils");
|
|
14
15
|
const graph_utils_1 = require("../utils/graph-utils");
|
|
15
16
|
const utils_2 = require("./utils");
|
|
@@ -40,8 +41,8 @@ class TransferKeysManager {
|
|
|
40
41
|
if (!newEdgesByTarget.length)
|
|
41
42
|
return;
|
|
42
43
|
const selfId = self.stub.id;
|
|
43
|
-
const fpToPublicKey = (0, utils_2.fingerprintToPublicKeysMapOf)(self.stub,
|
|
44
|
-
const fpToPublicKeyWithSha256 = (0, utils_2.fingerprintToPublicKeysMapOf)(self.stub,
|
|
44
|
+
const fpToPublicKey = (0, utils_2.fingerprintToPublicKeysMapOf)(self.stub, RSA_1.ShaVersion.Sha1);
|
|
45
|
+
const fpToPublicKeyWithSha256 = (0, utils_2.fingerprintToPublicKeysMapOf)(self.stub, RSA_1.ShaVersion.Sha256);
|
|
45
46
|
const signatureKeyPair = yield this.userSignatureKeysManager.getOrCreateSignatureKeyPair();
|
|
46
47
|
const verifiedFps = new Set(this.encryptionKeysManager.getSelfVerifiedKeys().map((x) => x.fingerprint));
|
|
47
48
|
const allVerifiedSourcesAndTarget = Array.from(new Set(newEdgesByTarget.flatMap((x) =>
|
|
@@ -49,7 +50,7 @@ class TransferKeysManager {
|
|
|
49
50
|
verifiedFps.has(x.targetFp) ? [x.targetFp, ...x.sources] : x.sources)));
|
|
50
51
|
const newExchangeKeyPublicKeys = allVerifiedSourcesAndTarget.map((fp) => fpToPublicKey[fp]).filter((key) => !!key);
|
|
51
52
|
const newExchangeKeyPublicKeysWithSha256 = allVerifiedSourcesAndTarget.map((fp) => fpToPublicKeyWithSha256[fp]).filter((key) => !!key);
|
|
52
|
-
const createdExchangeData = yield this.baseExchangeDataManager.createExchangeData(selfId, { [signatureKeyPair.fingerprint]: signatureKeyPair.keyPair.privateKey }, Object.assign(Object.assign({}, (yield (0, utils_2.loadPublicKeys)(this.primitives.RSA, newExchangeKeyPublicKeys,
|
|
53
|
+
const createdExchangeData = yield this.baseExchangeDataManager.createExchangeData(selfId, { [signatureKeyPair.fingerprint]: signatureKeyPair.keyPair.privateKey }, Object.assign(Object.assign({}, (yield (0, utils_2.loadPublicKeys)(this.primitives.RSA, newExchangeKeyPublicKeys, RSA_1.ShaVersion.Sha1))), (yield (0, utils_2.loadPublicKeys)(this.primitives.RSA, newExchangeKeyPublicKeysWithSha256, RSA_1.ShaVersion.Sha256))));
|
|
53
54
|
let updatedTransferKeys = (_a = self.stub.transferKeys) !== null && _a !== void 0 ? _a : {};
|
|
54
55
|
for (const newEdges of newEdgesByTarget) {
|
|
55
56
|
const encryptedTransferKey = yield this.encryptTransferKey(newEdges.target, createdExchangeData.exchangeKey);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"TransferKeysManager.js","sourceRoot":"","sources":["../../../icc-x-api/crypto/TransferKeysManager.ts"],"names":[],"mappings":";;;;;;;;;;;;AAEA,oCAAiC;AAEjC,sDAA+E;AAC/E,mCAAgJ;AAOhJ;;;GAGG;AACH,MAAa,mBAAmB;IAC9B,YACmB,UAA4B,EAC5B,uBAAgD,EAChD,YAA8B,EAC9B,qBAAgD,EAChD,wBAAkD,EAClD,YAAgC;QALhC,eAAU,GAAV,UAAU,CAAkB;QAC5B,4BAAuB,GAAvB,uBAAuB,CAAyB;QAChD,iBAAY,GAAZ,YAAY,CAAkB;QAC9B,0BAAqB,GAArB,qBAAqB,CAA2B;QAChD,6BAAwB,GAAxB,wBAAwB,CAA0B;QAClD,iBAAY,GAAZ,YAAY,CAAoB;IAChD,CAAC;IAEJ;;;;;;OAMG;IACG,kBAAkB,CAAC,IAA6B;;;YACpD,MAAM,gBAAgB,GAAG,MAAM,IAAI,CAAC,+BAA+B,CAAC,IAAI,CAAC,CAAA;YACzE,IAAI,CAAC,gBAAgB,CAAC,MAAM;gBAAE,OAAM;YACpC,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,EAAG,CAAA;YAC5B,MAAM,aAAa,GAAG,IAAA,oCAA4B,EAAC,IAAI,CAAC,IAAI,EAAE,OAAO,CAAC,CAAA;YACtE,MAAM,uBAAuB,GAAG,IAAA,oCAA4B,EAAC,IAAI,CAAC,IAAI,EAAE,SAAS,CAAC,CAAA;YAClF,MAAM,gBAAgB,GAAG,MAAM,IAAI,CAAC,wBAAwB,CAAC,2BAA2B,EAAE,CAAA;YAC1F,MAAM,WAAW,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,qBAAqB,CAAC,mBAAmB,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAA;YACvG,MAAM,2BAA2B,GAAG,KAAK,CAAC,IAAI,CAC5C,IAAI,GAAG,CACL,gBAAgB,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE;YAC7B,+DAA+D;YAC/D,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CACrE,CACF,CACF,CAAA;YACD,MAAM,wBAAwB,GAAG,2BAA2B,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,aAAa,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAA;YAClH,MAAM,kCAAkC,GAAG,2BAA2B,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,uBAAuB,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAA;YACtI,MAAM,mBAAmB,GAAG,MAAM,IAAI,CAAC,uBAAuB,CAAC,kBAAkB,CAC/E,MAAM,EACN,EAAE,CAAC,gBAAgB,CAAC,WAAW,CAAC,EAAE,gBAAgB,CAAC,OAAO,CAAC,UAAU,EAAE,kCAElE,CAAC,MAAM,IAAA,sBAAc,EAAC,IAAI,CAAC,UAAU,CAAC,GAAG,EAAE,wBAAwB,EAAE,OAAO,CAAC,CAAC,GAC9E,CAAC,MAAM,IAAA,sBAAc,EAAC,IAAI,CAAC,UAAU,CAAC,GAAG,EAAE,kCAAkC,EAAE,SAAS,CAAC,CAAC,EAEhG,CAAA;YACD,IAAI,mBAAmB,GAAG,MAAA,IAAI,CAAC,IAAI,CAAC,YAAY,mCAAI,EAAE,CAAA;YACtD,KAAK,MAAM,QAAQ,IAAI,gBAAgB,EAAE;gBACvC,MAAM,oBAAoB,GAAG,MAAM,IAAI,CAAC,kBAAkB,CAAC,QAAQ,CAAC,MAAM,EAAE,mBAAmB,CAAC,WAAW,CAAC,CAAA;gBAC5G,mBAAmB,GAAG,QAAQ,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,WAAW,EAAE,EAAE;;oBACjE,MAAM,YAAY,qBAAQ,CAAC,MAAA,GAAG,CAAC,WAAW,CAAC,mCAAI,EAAE,CAAC,CAAE,CAAA;oBACpD,YAAY,CAAC,QAAQ,CAAC,QAAQ,CAAC,GAAG,oBAAoB,CAAA;oBACtD,GAAG,CAAC,WAAW,CAAC,GAAG,YAAY,CAAA;oBAC/B,OAAO,GAAG,CAAA;gBACZ,CAAC,EAAE,mBAAmB,CAAC,CAAA;aACxB;YACD,MAAM,IAAI,CAAC,YAAY,CAAC,qBAAqB,CAAC;gBAC5C,IAAI,kCACC,IAAI,CAAC,IAAI,KACZ,YAAY,EAAE,mBAAmB,GAClC;gBACD,IAAI,EAAE,IAAI,CAAC,IAAI;aAChB,CAAC,CAAA;;KACH;IAED,gGAAgG;IAClF,kBAAkB,CAAC,WAA+B,EAAE,WAAsB;;YACtF,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,SAAS,CAAC,WAAW,CAAC,UAAU,EAAE,OAAO,CAAC,CAAA;YACxF,OAAO,IAAA,cAAM,EAAC,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC,CAAA;QAC5E,CAAC;KAAA;IAED,iFAAiF;IACjF,6DAA6D;IACrD,wBAAwB,CAAC,OAAe,EAAE,KAA6B;QAC7E,OAAO,MAAM,CAAC,OAAO,CAAC,IAAA,8BAAgB,EAAC,KAAK,CAAC,YAAY,CAAC,CAAC;aACxD,MAAM,CAAC,CAAC,CAAC,IAAI,EAAE,SAAS,CAAC,EAAE,EAAE,CAAC,IAAI,IAAI,OAAO,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;aACzE,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAA;IACrB,CAAC;IAEa,kBAAkB,CAC9B,UAAqC,EACrC,KAA6B;;YAE7B,MAAM,eAAe,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,iBAAiB,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,WAAC,OAAA,MAAA,KAAK,CAAC,2BAA2B,CAAC,CAAC,CAAC,mCAAI,CAAC,CAAA,EAAA,CAAC,CAAC,CAAA;YAClI,MAAM,4BAA4B,GAAG,IAAI,GAAG,CAC1C,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,EAAE,UAAU,CAAC,EAAE,EAAE,CAAC,CAAC,eAAe,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAClI,CAAA;YACD,MAAM,gBAAgB,GAAG,KAAK,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,4BAA4B,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAA;YACxG,MAAM,WAAW,GAAG,IAAI,GAAG,CAAC,UAAU,CAAC,mBAAmB,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAA;YACvF,OAAO,gBAAgB,CAAC,GAAG,CAAC,CAAC,WAAW,EAAE,EAAE;;gBAC1C,MAAM,cAAc,GAAG,MAAA,KAAK,CAAC,mBAAmB,CAAC,WAAW,CAAC,mCAAI,CAAC,WAAW,CAAC,CAAA,CAAC,6CAA6C;gBAC5H,MAAM,oBAAoB,GAAG,MAAA,cAAc,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,mCAAI,WAAW,CAAA;gBAC1F,OAAO,EAAE,WAAW,EAAE,oBAAoB,EAAE,IAAI,EAAE,UAAU,CAAC,wBAAwB,CAAC,oBAAoB,CAAE,CAAC,IAAI,EAAE,CAAA;YACrH,CAAC,CAAC,CAAA;QACJ,CAAC;KAAA;IAED,+DAA+D;IACjD,+BAA+B,CAAC,IAA6B;;YAOzE,MAAM,iBAAiB,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,qBAAqB,CAAC,mBAAmB,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAA;YAC7G,MAAM,CAAC,OAAO,CAAC,MAAM,IAAI,CAAC,YAAY,CAAC,oBAAoB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAG,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,EAAE,QAAQ,CAAC,EAAE,EAAE;gBACtG,IAAI,QAAQ;oBAAE,iBAAiB,CAAC,GAAG,CAAC,IAAA,qBAAa,EAAC,GAAG,CAAC,CAAC,CAAA;YACzD,CAAC,CAAC,CAAA;YACF,IAAI,iBAAiB,CAAC,IAAI,IAAI,CAAC;gBAAE,OAAO,EAAE,CAAA;YAC1C,MAAM,KAAK,GAAG,IAAA,6BAAqB,EAAC,IAAI,CAAC,IAAI,CAAC,CAAA;YAC9C,iGAAiG;YACjG,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,kBAAkB,CAAC,IAAI,CAAC,qBAAqB,EAAE,KAAK,CAAC,CAAA;YACnF,MAAM,GAAG,GAAG,EAAE,CAAA;YACd,KAAK,MAAM,EAAE,WAAW,EAAE,WAAW,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,UAAU,EAAE;gBACtE,4DAA4D;gBAC5D,MAAM,YAAY,GAAG,IAAI,CAAC,wBAAwB,CAAC,WAAW,EAAE,KAAK,CAAC,CAAA;gBACtE,kEAAkE;gBAClE,MAAM,uBAAuB,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC,SAAS,EAAE,EAAE,CAChE,KAAK,CAAC,mBAAmB,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,CAAC,oBAAoB,EAAE,EAAE,CAAC,iBAAiB,CAAC,GAAG,CAAC,oBAAoB,CAAC,CAAC,CACjH,CAAA;gBACD,MAAM,qBAAqB,GAAG,IAAI,GAAG,CAAC,uBAAuB,CAAC,CAAA;gBAC9D,IAAI,qBAAqB,CAAC,IAAI,IAAI,CAAC;oBAAE,SAAQ;gBAC7C,qIAAqI;gBACrI,MAAM,SAAS,GAAG,IAAA,8BAAgB,EAAC,KAAK,CAAC,YAAY,CAAC,CAAA;gBACtD,MAAM,mBAAmB,GAAG,uBAAuB,CAAC,MAAM,CAAC,CAAC,SAAS,EAAE,EAAE,CACvE,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC,qBAAqB,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC,CACrG,CAAA;gBACD,IAAI,mBAAmB,CAAC,MAAM,IAAI,CAAC;oBAAE,MAAM,IAAI,KAAK,CAAC,kEAAkE,CAAC,CAAA;gBACxH,kJAAkJ;gBAClJ,OAAO;gBACP,MAAM,2BAA2B,GAAG,mBAAmB,CAAC,GAAG,CAAC,CAAC,SAAS,EAAE,EAAE;oBACxE,MAAM,GAAG,GAAG,KAAK,CAAC,mBAAmB,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,CAAC,aAAa,EAAE,EAAE,CAAC,iBAAiB,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC,CAAA;oBAC9G,IAAI,CAAC,GAAG;wBAAE,MAAM,IAAI,KAAK,CAAC,kFAAkF,CAAC,CAAA;oBAC7G,OAAO,GAAG,CAAA;gBACZ,CAAC,CAAC,CAAA;gBACF,GAAG,CAAC,IAAI,CAAC;oBACP,OAAO,EAAE,2BAA2B;oBACpC,MAAM,EAAE,SAAS;oBACjB,QAAQ,EAAE,WAAW;iBACtB,CAAC,CAAA;aACH;YACD,OAAO,GAAG,CAAA;QACZ,CAAC;KAAA;CACF;AA5ID,kDA4IC","sourcesContent":["import { KeyPair } from './RSA'\nimport { IccDataOwnerXApi } from '../icc-data-owner-x-api'\nimport { ua2hex } from '../utils'\nimport { UserEncryptionKeysManager } from './UserEncryptionKeysManager'\nimport { reachSetsAcyclic, StronglyConnectedGraph } from '../utils/graph-utils'\nimport { fingerprintToPublicKeysMapOf, fingerprintV1, loadPublicKeys, transferKeysFpGraphOf, fingerprintIsV1, fingerprintV1toV2 } from './utils'\nimport { CryptoPrimitives } from './CryptoPrimitives'\nimport { IcureStorageFacade } from '../storage/IcureStorageFacade'\nimport { BaseExchangeDataManager } from './BaseExchangeDataManager'\nimport { UserSignatureKeysManager } from './UserSignatureKeysManager'\nimport { CryptoActorStubWithType } from '../../icc-api/model/CryptoActorStub'\n\n/**\n * @internal this class is intended only for internal use and may be changed without notice.\n * Allows to create new transfer keys.\n */\nexport class TransferKeysManager {\n constructor(\n private readonly primitives: CryptoPrimitives,\n private readonly baseExchangeDataManager: BaseExchangeDataManager,\n private readonly dataOwnerApi: IccDataOwnerXApi,\n private readonly encryptionKeysManager: UserEncryptionKeysManager,\n private readonly userSignatureKeysManager: UserSignatureKeysManager,\n private readonly icureStorage: IcureStorageFacade\n ) {}\n\n /**\n * Analyses the transfer keys graph and creates new transfer keys which allow to improve data accessibility from other devices.\n * For security reasons transfer keys will only be created between keys verified by the user, but this will be done ignoring any existing edges from\n * unverified keys to verified keys.\n * @param self the current data owner.\n * @return the updated data owner.\n */\n async updateTransferKeys(self: CryptoActorStubWithType): Promise<void> {\n const newEdgesByTarget = await this.getNewVerifiedTransferKeysEdges(self)\n if (!newEdgesByTarget.length) return\n const selfId = self.stub.id!\n const fpToPublicKey = fingerprintToPublicKeysMapOf(self.stub, 'sha-1')\n const fpToPublicKeyWithSha256 = fingerprintToPublicKeysMapOf(self.stub, 'sha-256')\n const signatureKeyPair = await this.userSignatureKeysManager.getOrCreateSignatureKeyPair()\n const verifiedFps = new Set(this.encryptionKeysManager.getSelfVerifiedKeys().map((x) => x.fingerprint))\n const allVerifiedSourcesAndTarget = Array.from(\n new Set(\n newEdgesByTarget.flatMap((x) =>\n // Sources are guaranteed to be verified, but target may not be\n verifiedFps.has(x.targetFp) ? [x.targetFp, ...x.sources] : x.sources\n )\n )\n )\n const newExchangeKeyPublicKeys = allVerifiedSourcesAndTarget.map((fp) => fpToPublicKey[fp]).filter((key) => !!key)\n const newExchangeKeyPublicKeysWithSha256 = allVerifiedSourcesAndTarget.map((fp) => fpToPublicKeyWithSha256[fp]).filter((key) => !!key)\n const createdExchangeData = await this.baseExchangeDataManager.createExchangeData(\n selfId,\n { [signatureKeyPair.fingerprint]: signatureKeyPair.keyPair.privateKey },\n {\n ...(await loadPublicKeys(this.primitives.RSA, newExchangeKeyPublicKeys, 'sha-1')),\n ...(await loadPublicKeys(this.primitives.RSA, newExchangeKeyPublicKeysWithSha256, 'sha-256')),\n }\n )\n let updatedTransferKeys = self.stub.transferKeys ?? {}\n for (const newEdges of newEdgesByTarget) {\n const encryptedTransferKey = await this.encryptTransferKey(newEdges.target, createdExchangeData.exchangeKey)\n updatedTransferKeys = newEdges.sources.reduce((acc, candidateFp) => {\n const existingKeys = { ...(acc[candidateFp] ?? {}) }\n existingKeys[newEdges.targetFp] = encryptedTransferKey\n acc[candidateFp] = existingKeys\n return acc\n }, updatedTransferKeys)\n }\n await this.dataOwnerApi.modifyCryptoActorStub({\n stub: {\n ...self.stub,\n transferKeys: updatedTransferKeys,\n },\n type: self.type,\n })\n }\n\n // encrypts a transfer key in pkcs8 format using an exchange key, returns the hex representation\n private async encryptTransferKey(transferKey: KeyPair<CryptoKey>, exchangeKey: CryptoKey): Promise<string> {\n const exportedKey = await this.primitives.RSA.exportKey(transferKey.privateKey, 'pkcs8')\n return ua2hex(await this.primitives.AES.encrypt(exchangeKey, exportedKey))\n }\n\n // all public keys would go to the stored keys -> no need for specifying the key.\n // Result only includes the acyclic label, not the full group\n private transferKeysCandidatesFp(keyToFp: string, graph: StronglyConnectedGraph): string[] {\n return Object.entries(reachSetsAcyclic(graph.acyclicGraph))\n .filter(([from, reachable]) => from != keyToFp && !reachable.has(keyToFp))\n .map((x) => x[0])\n }\n\n private async transferTargetKeys(\n keyManager: UserEncryptionKeysManager,\n graph: StronglyConnectedGraph\n ): Promise<{ fingerprint: string; pair: KeyPair<CryptoKey> }[]> {\n const availableGroups = new Set(Object.keys(keyManager.getDecryptionKeys()).map((x) => graph.originalLabelToAcyclicLabel[x] ?? x))\n const groupsReachableFromAvailable = new Set(\n Object.entries(graph.acyclicGraph).flatMap(([source, reachables]) => (availableGroups.has(source) ? Array.from(reachables) : []))\n )\n const targetCandidates = Array.from(availableGroups).filter((x) => !groupsReachableFromAvailable.has(x))\n const verifiedFps = new Set(keyManager.getSelfVerifiedKeys().map((x) => x.fingerprint))\n return targetCandidates.map((candidateFp) => {\n const candidateGroup = graph.acyclicLabelToGroup[candidateFp] ?? [candidateFp] // May not be part of transfer keys graph yet\n const bestCandidateOfGroup = candidateGroup.find((x) => verifiedFps.has(x)) ?? candidateFp\n return { fingerprint: bestCandidateOfGroup, pair: keyManager.getKeyPairForFingerprint(bestCandidateOfGroup)!.pair }\n })\n }\n\n // Decides the best edges considering the verified public keys.\n private async getNewVerifiedTransferKeysEdges(self: CryptoActorStubWithType): Promise<\n {\n sources: string[]\n target: KeyPair<CryptoKey>\n targetFp: string\n }[]\n > {\n const verifiedKeysFpSet = new Set(this.encryptionKeysManager.getSelfVerifiedKeys().map((x) => x.fingerprint))\n Object.entries(await this.icureStorage.loadSelfVerifiedKeys(self.stub.id!)).forEach(([key, verified]) => {\n if (verified) verifiedKeysFpSet.add(fingerprintV1(key))\n })\n if (verifiedKeysFpSet.size == 0) return []\n const graph = transferKeysFpGraphOf(self.stub)\n // 1. Choose keys available in this device which should be reachable from all other verified keys\n const targetKeys = await this.transferTargetKeys(this.encryptionKeysManager, graph)\n const res = []\n for (const { fingerprint: targetKeyFp, pair: targetKey } of targetKeys) {\n // 2. Find groups which can't reach the existing target keys\n const candidatesFp = this.transferKeysCandidatesFp(targetKeyFp, graph)\n // 3. Keep only groups which contain at least a verified candidate\n const verifiedGroupCandidates = candidatesFp.filter((candidate) =>\n graph.acyclicLabelToGroup[candidate].some((candidateGroupMember) => verifiedKeysFpSet.has(candidateGroupMember))\n )\n const verifiedCandidatesSet = new Set(verifiedGroupCandidates)\n if (verifiedCandidatesSet.size == 0) continue\n // 4. Drop all candidates which can already reach another candidate group: it is sufficient to create a transfer key from that group.\n const reachSets = reachSetsAcyclic(graph.acyclicGraph)\n const optimizedCandidates = verifiedGroupCandidates.filter((candidate) =>\n Array.from(reachSets[candidate]).every((reachableNode) => !verifiedCandidatesSet.has(reachableNode))\n )\n if (optimizedCandidates.length == 0) throw new Error('Check failed: at least one candidate should survive optimization')\n // 5. Transfer keys could also be faked: to make sure we are not giving access to unauthorised people we remap the candidates to a verified public\n // keys\n const verifiedOptimizedCandidates = optimizedCandidates.map((candidate) => {\n const res = graph.acyclicLabelToGroup[candidate].find((groupMemberFp) => verifiedKeysFpSet.has(groupMemberFp))\n if (!res) throw new Error('Check failed: optimized candidates groups should have at least a verified member')\n return res\n })\n res.push({\n sources: verifiedOptimizedCandidates,\n target: targetKey,\n targetFp: targetKeyFp,\n })\n }\n return res\n }\n}\n"]}
|
|
1
|
+
{"version":3,"file":"TransferKeysManager.js","sourceRoot":"","sources":["../../../icc-x-api/crypto/TransferKeysManager.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,+BAA2C;AAE3C,oCAAiC;AAEjC,sDAA+E;AAC/E,mCAAgJ;AAOhJ;;;GAGG;AACH,MAAa,mBAAmB;IAC9B,YACmB,UAA4B,EAC5B,uBAAgD,EAChD,YAA8B,EAC9B,qBAAgD,EAChD,wBAAkD,EAClD,YAAgC;QALhC,eAAU,GAAV,UAAU,CAAkB;QAC5B,4BAAuB,GAAvB,uBAAuB,CAAyB;QAChD,iBAAY,GAAZ,YAAY,CAAkB;QAC9B,0BAAqB,GAArB,qBAAqB,CAA2B;QAChD,6BAAwB,GAAxB,wBAAwB,CAA0B;QAClD,iBAAY,GAAZ,YAAY,CAAoB;IAChD,CAAC;IAEJ;;;;;;OAMG;IACG,kBAAkB,CAAC,IAA6B;;;YACpD,MAAM,gBAAgB,GAAG,MAAM,IAAI,CAAC,+BAA+B,CAAC,IAAI,CAAC,CAAA;YACzE,IAAI,CAAC,gBAAgB,CAAC,MAAM;gBAAE,OAAM;YACpC,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,EAAG,CAAA;YAC5B,MAAM,aAAa,GAAG,IAAA,oCAA4B,EAAC,IAAI,CAAC,IAAI,EAAE,gBAAU,CAAC,IAAI,CAAC,CAAA;YAC9E,MAAM,uBAAuB,GAAG,IAAA,oCAA4B,EAAC,IAAI,CAAC,IAAI,EAAE,gBAAU,CAAC,MAAM,CAAC,CAAA;YAC1F,MAAM,gBAAgB,GAAG,MAAM,IAAI,CAAC,wBAAwB,CAAC,2BAA2B,EAAE,CAAA;YAC1F,MAAM,WAAW,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,qBAAqB,CAAC,mBAAmB,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAA;YACvG,MAAM,2BAA2B,GAAG,KAAK,CAAC,IAAI,CAC5C,IAAI,GAAG,CACL,gBAAgB,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE;YAC7B,+DAA+D;YAC/D,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CACrE,CACF,CACF,CAAA;YACD,MAAM,wBAAwB,GAAG,2BAA2B,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,aAAa,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAA;YAClH,MAAM,kCAAkC,GAAG,2BAA2B,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,uBAAuB,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAA;YACtI,MAAM,mBAAmB,GAAG,MAAM,IAAI,CAAC,uBAAuB,CAAC,kBAAkB,CAC/E,MAAM,EACN,EAAE,CAAC,gBAAgB,CAAC,WAAW,CAAC,EAAE,gBAAgB,CAAC,OAAO,CAAC,UAAU,EAAE,kCAElE,CAAC,MAAM,IAAA,sBAAc,EAAC,IAAI,CAAC,UAAU,CAAC,GAAG,EAAE,wBAAwB,EAAE,gBAAU,CAAC,IAAI,CAAC,CAAC,GACtF,CAAC,MAAM,IAAA,sBAAc,EAAC,IAAI,CAAC,UAAU,CAAC,GAAG,EAAE,kCAAkC,EAAE,gBAAU,CAAC,MAAM,CAAC,CAAC,EAExG,CAAA;YACD,IAAI,mBAAmB,GAAG,MAAA,IAAI,CAAC,IAAI,CAAC,YAAY,mCAAI,EAAE,CAAA;YACtD,KAAK,MAAM,QAAQ,IAAI,gBAAgB,EAAE;gBACvC,MAAM,oBAAoB,GAAG,MAAM,IAAI,CAAC,kBAAkB,CAAC,QAAQ,CAAC,MAAM,EAAE,mBAAmB,CAAC,WAAW,CAAC,CAAA;gBAC5G,mBAAmB,GAAG,QAAQ,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,WAAW,EAAE,EAAE;;oBACjE,MAAM,YAAY,qBAAQ,CAAC,MAAA,GAAG,CAAC,WAAW,CAAC,mCAAI,EAAE,CAAC,CAAE,CAAA;oBACpD,YAAY,CAAC,QAAQ,CAAC,QAAQ,CAAC,GAAG,oBAAoB,CAAA;oBACtD,GAAG,CAAC,WAAW,CAAC,GAAG,YAAY,CAAA;oBAC/B,OAAO,GAAG,CAAA;gBACZ,CAAC,EAAE,mBAAmB,CAAC,CAAA;aACxB;YACD,MAAM,IAAI,CAAC,YAAY,CAAC,qBAAqB,CAAC;gBAC5C,IAAI,kCACC,IAAI,CAAC,IAAI,KACZ,YAAY,EAAE,mBAAmB,GAClC;gBACD,IAAI,EAAE,IAAI,CAAC,IAAI;aAChB,CAAC,CAAA;;KACH;IAED,gGAAgG;IAClF,kBAAkB,CAAC,WAA+B,EAAE,WAAsB;;YACtF,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,SAAS,CAAC,WAAW,CAAC,UAAU,EAAE,OAAO,CAAC,CAAA;YACxF,OAAO,IAAA,cAAM,EAAC,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC,CAAA;QAC5E,CAAC;KAAA;IAED,iFAAiF;IACjF,6DAA6D;IACrD,wBAAwB,CAAC,OAAe,EAAE,KAA6B;QAC7E,OAAO,MAAM,CAAC,OAAO,CAAC,IAAA,8BAAgB,EAAC,KAAK,CAAC,YAAY,CAAC,CAAC;aACxD,MAAM,CAAC,CAAC,CAAC,IAAI,EAAE,SAAS,CAAC,EAAE,EAAE,CAAC,IAAI,IAAI,OAAO,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;aACzE,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAA;IACrB,CAAC;IAEa,kBAAkB,CAC9B,UAAqC,EACrC,KAA6B;;YAE7B,MAAM,eAAe,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,iBAAiB,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,WAAC,OAAA,MAAA,KAAK,CAAC,2BAA2B,CAAC,CAAC,CAAC,mCAAI,CAAC,CAAA,EAAA,CAAC,CAAC,CAAA;YAClI,MAAM,4BAA4B,GAAG,IAAI,GAAG,CAC1C,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,EAAE,UAAU,CAAC,EAAE,EAAE,CAAC,CAAC,eAAe,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAClI,CAAA;YACD,MAAM,gBAAgB,GAAG,KAAK,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,4BAA4B,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAA;YACxG,MAAM,WAAW,GAAG,IAAI,GAAG,CAAC,UAAU,CAAC,mBAAmB,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAA;YACvF,OAAO,gBAAgB,CAAC,GAAG,CAAC,CAAC,WAAW,EAAE,EAAE;;gBAC1C,MAAM,cAAc,GAAG,MAAA,KAAK,CAAC,mBAAmB,CAAC,WAAW,CAAC,mCAAI,CAAC,WAAW,CAAC,CAAA,CAAC,6CAA6C;gBAC5H,MAAM,oBAAoB,GAAG,MAAA,cAAc,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,mCAAI,WAAW,CAAA;gBAC1F,OAAO,EAAE,WAAW,EAAE,oBAAoB,EAAE,IAAI,EAAE,UAAU,CAAC,wBAAwB,CAAC,oBAAoB,CAAE,CAAC,IAAI,EAAE,CAAA;YACrH,CAAC,CAAC,CAAA;QACJ,CAAC;KAAA;IAED,+DAA+D;IACjD,+BAA+B,CAAC,IAA6B;;YAOzE,MAAM,iBAAiB,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,qBAAqB,CAAC,mBAAmB,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAA;YAC7G,MAAM,CAAC,OAAO,CAAC,MAAM,IAAI,CAAC,YAAY,CAAC,oBAAoB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAG,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,EAAE,QAAQ,CAAC,EAAE,EAAE;gBACtG,IAAI,QAAQ;oBAAE,iBAAiB,CAAC,GAAG,CAAC,IAAA,qBAAa,EAAC,GAAG,CAAC,CAAC,CAAA;YACzD,CAAC,CAAC,CAAA;YACF,IAAI,iBAAiB,CAAC,IAAI,IAAI,CAAC;gBAAE,OAAO,EAAE,CAAA;YAC1C,MAAM,KAAK,GAAG,IAAA,6BAAqB,EAAC,IAAI,CAAC,IAAI,CAAC,CAAA;YAC9C,iGAAiG;YACjG,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,kBAAkB,CAAC,IAAI,CAAC,qBAAqB,EAAE,KAAK,CAAC,CAAA;YACnF,MAAM,GAAG,GAAG,EAAE,CAAA;YACd,KAAK,MAAM,EAAE,WAAW,EAAE,WAAW,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,UAAU,EAAE;gBACtE,4DAA4D;gBAC5D,MAAM,YAAY,GAAG,IAAI,CAAC,wBAAwB,CAAC,WAAW,EAAE,KAAK,CAAC,CAAA;gBACtE,kEAAkE;gBAClE,MAAM,uBAAuB,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC,SAAS,EAAE,EAAE,CAChE,KAAK,CAAC,mBAAmB,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,CAAC,oBAAoB,EAAE,EAAE,CAAC,iBAAiB,CAAC,GAAG,CAAC,oBAAoB,CAAC,CAAC,CACjH,CAAA;gBACD,MAAM,qBAAqB,GAAG,IAAI,GAAG,CAAC,uBAAuB,CAAC,CAAA;gBAC9D,IAAI,qBAAqB,CAAC,IAAI,IAAI,CAAC;oBAAE,SAAQ;gBAC7C,qIAAqI;gBACrI,MAAM,SAAS,GAAG,IAAA,8BAAgB,EAAC,KAAK,CAAC,YAAY,CAAC,CAAA;gBACtD,MAAM,mBAAmB,GAAG,uBAAuB,CAAC,MAAM,CAAC,CAAC,SAAS,EAAE,EAAE,CACvE,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC,qBAAqB,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC,CACrG,CAAA;gBACD,IAAI,mBAAmB,CAAC,MAAM,IAAI,CAAC;oBAAE,MAAM,IAAI,KAAK,CAAC,kEAAkE,CAAC,CAAA;gBACxH,kJAAkJ;gBAClJ,OAAO;gBACP,MAAM,2BAA2B,GAAG,mBAAmB,CAAC,GAAG,CAAC,CAAC,SAAS,EAAE,EAAE;oBACxE,MAAM,GAAG,GAAG,KAAK,CAAC,mBAAmB,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,CAAC,aAAa,EAAE,EAAE,CAAC,iBAAiB,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC,CAAA;oBAC9G,IAAI,CAAC,GAAG;wBAAE,MAAM,IAAI,KAAK,CAAC,kFAAkF,CAAC,CAAA;oBAC7G,OAAO,GAAG,CAAA;gBACZ,CAAC,CAAC,CAAA;gBACF,GAAG,CAAC,IAAI,CAAC;oBACP,OAAO,EAAE,2BAA2B;oBACpC,MAAM,EAAE,SAAS;oBACjB,QAAQ,EAAE,WAAW;iBACtB,CAAC,CAAA;aACH;YACD,OAAO,GAAG,CAAA;QACZ,CAAC;KAAA;CACF;AA5ID,kDA4IC","sourcesContent":["import { KeyPair, ShaVersion } from './RSA'\nimport { IccDataOwnerXApi } from '../icc-data-owner-x-api'\nimport { ua2hex } from '../utils'\nimport { UserEncryptionKeysManager } from './UserEncryptionKeysManager'\nimport { reachSetsAcyclic, StronglyConnectedGraph } from '../utils/graph-utils'\nimport { fingerprintToPublicKeysMapOf, fingerprintV1, loadPublicKeys, transferKeysFpGraphOf, fingerprintIsV1, fingerprintV1toV2 } from './utils'\nimport { CryptoPrimitives } from './CryptoPrimitives'\nimport { IcureStorageFacade } from '../storage/IcureStorageFacade'\nimport { BaseExchangeDataManager } from './BaseExchangeDataManager'\nimport { UserSignatureKeysManager } from './UserSignatureKeysManager'\nimport { CryptoActorStubWithType } from '../../icc-api/model/CryptoActorStub'\n\n/**\n * @internal this class is intended only for internal use and may be changed without notice.\n * Allows to create new transfer keys.\n */\nexport class TransferKeysManager {\n constructor(\n private readonly primitives: CryptoPrimitives,\n private readonly baseExchangeDataManager: BaseExchangeDataManager,\n private readonly dataOwnerApi: IccDataOwnerXApi,\n private readonly encryptionKeysManager: UserEncryptionKeysManager,\n private readonly userSignatureKeysManager: UserSignatureKeysManager,\n private readonly icureStorage: IcureStorageFacade\n ) {}\n\n /**\n * Analyses the transfer keys graph and creates new transfer keys which allow to improve data accessibility from other devices.\n * For security reasons transfer keys will only be created between keys verified by the user, but this will be done ignoring any existing edges from\n * unverified keys to verified keys.\n * @param self the current data owner.\n * @return the updated data owner.\n */\n async updateTransferKeys(self: CryptoActorStubWithType): Promise<void> {\n const newEdgesByTarget = await this.getNewVerifiedTransferKeysEdges(self)\n if (!newEdgesByTarget.length) return\n const selfId = self.stub.id!\n const fpToPublicKey = fingerprintToPublicKeysMapOf(self.stub, ShaVersion.Sha1)\n const fpToPublicKeyWithSha256 = fingerprintToPublicKeysMapOf(self.stub, ShaVersion.Sha256)\n const signatureKeyPair = await this.userSignatureKeysManager.getOrCreateSignatureKeyPair()\n const verifiedFps = new Set(this.encryptionKeysManager.getSelfVerifiedKeys().map((x) => x.fingerprint))\n const allVerifiedSourcesAndTarget = Array.from(\n new Set(\n newEdgesByTarget.flatMap((x) =>\n // Sources are guaranteed to be verified, but target may not be\n verifiedFps.has(x.targetFp) ? [x.targetFp, ...x.sources] : x.sources\n )\n )\n )\n const newExchangeKeyPublicKeys = allVerifiedSourcesAndTarget.map((fp) => fpToPublicKey[fp]).filter((key) => !!key)\n const newExchangeKeyPublicKeysWithSha256 = allVerifiedSourcesAndTarget.map((fp) => fpToPublicKeyWithSha256[fp]).filter((key) => !!key)\n const createdExchangeData = await this.baseExchangeDataManager.createExchangeData(\n selfId,\n { [signatureKeyPair.fingerprint]: signatureKeyPair.keyPair.privateKey },\n {\n ...(await loadPublicKeys(this.primitives.RSA, newExchangeKeyPublicKeys, ShaVersion.Sha1)),\n ...(await loadPublicKeys(this.primitives.RSA, newExchangeKeyPublicKeysWithSha256, ShaVersion.Sha256)),\n }\n )\n let updatedTransferKeys = self.stub.transferKeys ?? {}\n for (const newEdges of newEdgesByTarget) {\n const encryptedTransferKey = await this.encryptTransferKey(newEdges.target, createdExchangeData.exchangeKey)\n updatedTransferKeys = newEdges.sources.reduce((acc, candidateFp) => {\n const existingKeys = { ...(acc[candidateFp] ?? {}) }\n existingKeys[newEdges.targetFp] = encryptedTransferKey\n acc[candidateFp] = existingKeys\n return acc\n }, updatedTransferKeys)\n }\n await this.dataOwnerApi.modifyCryptoActorStub({\n stub: {\n ...self.stub,\n transferKeys: updatedTransferKeys,\n },\n type: self.type,\n })\n }\n\n // encrypts a transfer key in pkcs8 format using an exchange key, returns the hex representation\n private async encryptTransferKey(transferKey: KeyPair<CryptoKey>, exchangeKey: CryptoKey): Promise<string> {\n const exportedKey = await this.primitives.RSA.exportKey(transferKey.privateKey, 'pkcs8')\n return ua2hex(await this.primitives.AES.encrypt(exchangeKey, exportedKey))\n }\n\n // all public keys would go to the stored keys -> no need for specifying the key.\n // Result only includes the acyclic label, not the full group\n private transferKeysCandidatesFp(keyToFp: string, graph: StronglyConnectedGraph): string[] {\n return Object.entries(reachSetsAcyclic(graph.acyclicGraph))\n .filter(([from, reachable]) => from != keyToFp && !reachable.has(keyToFp))\n .map((x) => x[0])\n }\n\n private async transferTargetKeys(\n keyManager: UserEncryptionKeysManager,\n graph: StronglyConnectedGraph\n ): Promise<{ fingerprint: string; pair: KeyPair<CryptoKey> }[]> {\n const availableGroups = new Set(Object.keys(keyManager.getDecryptionKeys()).map((x) => graph.originalLabelToAcyclicLabel[x] ?? x))\n const groupsReachableFromAvailable = new Set(\n Object.entries(graph.acyclicGraph).flatMap(([source, reachables]) => (availableGroups.has(source) ? Array.from(reachables) : []))\n )\n const targetCandidates = Array.from(availableGroups).filter((x) => !groupsReachableFromAvailable.has(x))\n const verifiedFps = new Set(keyManager.getSelfVerifiedKeys().map((x) => x.fingerprint))\n return targetCandidates.map((candidateFp) => {\n const candidateGroup = graph.acyclicLabelToGroup[candidateFp] ?? [candidateFp] // May not be part of transfer keys graph yet\n const bestCandidateOfGroup = candidateGroup.find((x) => verifiedFps.has(x)) ?? candidateFp\n return { fingerprint: bestCandidateOfGroup, pair: keyManager.getKeyPairForFingerprint(bestCandidateOfGroup)!.pair }\n })\n }\n\n // Decides the best edges considering the verified public keys.\n private async getNewVerifiedTransferKeysEdges(self: CryptoActorStubWithType): Promise<\n {\n sources: string[]\n target: KeyPair<CryptoKey>\n targetFp: string\n }[]\n > {\n const verifiedKeysFpSet = new Set(this.encryptionKeysManager.getSelfVerifiedKeys().map((x) => x.fingerprint))\n Object.entries(await this.icureStorage.loadSelfVerifiedKeys(self.stub.id!)).forEach(([key, verified]) => {\n if (verified) verifiedKeysFpSet.add(fingerprintV1(key))\n })\n if (verifiedKeysFpSet.size == 0) return []\n const graph = transferKeysFpGraphOf(self.stub)\n // 1. Choose keys available in this device which should be reachable from all other verified keys\n const targetKeys = await this.transferTargetKeys(this.encryptionKeysManager, graph)\n const res = []\n for (const { fingerprint: targetKeyFp, pair: targetKey } of targetKeys) {\n // 2. Find groups which can't reach the existing target keys\n const candidatesFp = this.transferKeysCandidatesFp(targetKeyFp, graph)\n // 3. Keep only groups which contain at least a verified candidate\n const verifiedGroupCandidates = candidatesFp.filter((candidate) =>\n graph.acyclicLabelToGroup[candidate].some((candidateGroupMember) => verifiedKeysFpSet.has(candidateGroupMember))\n )\n const verifiedCandidatesSet = new Set(verifiedGroupCandidates)\n if (verifiedCandidatesSet.size == 0) continue\n // 4. Drop all candidates which can already reach another candidate group: it is sufficient to create a transfer key from that group.\n const reachSets = reachSetsAcyclic(graph.acyclicGraph)\n const optimizedCandidates = verifiedGroupCandidates.filter((candidate) =>\n Array.from(reachSets[candidate]).every((reachableNode) => !verifiedCandidatesSet.has(reachableNode))\n )\n if (optimizedCandidates.length == 0) throw new Error('Check failed: at least one candidate should survive optimization')\n // 5. Transfer keys could also be faked: to make sure we are not giving access to unauthorised people we remap the candidates to a verified public\n // keys\n const verifiedOptimizedCandidates = optimizedCandidates.map((candidate) => {\n const res = graph.acyclicLabelToGroup[candidate].find((groupMemberFp) => verifiedKeysFpSet.has(groupMemberFp))\n if (!res) throw new Error('Check failed: optimized candidates groups should have at least a verified member')\n return res\n })\n res.push({\n sources: verifiedOptimizedCandidates,\n target: targetKey,\n targetFp: targetKeyFp,\n })\n }\n return res\n }\n}\n"]}
|
|
@@ -10,6 +10,7 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
|
|
|
10
10
|
};
|
|
11
11
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
12
12
|
exports.UserEncryptionKeysManager = void 0;
|
|
13
|
+
const RSA_1 = require("./RSA");
|
|
13
14
|
const utils_1 = require("../utils");
|
|
14
15
|
const utils_2 = require("./utils");
|
|
15
16
|
const CryptoActorStub_1 = require("../../icc-api/model/CryptoActorStub");
|
|
@@ -137,11 +138,10 @@ class UserEncryptionKeysManager {
|
|
|
137
138
|
* @return all verified keys, in order.
|
|
138
139
|
*/
|
|
139
140
|
getSelfVerifiedKeys() {
|
|
140
|
-
var _a;
|
|
141
141
|
this.ensureInitialised();
|
|
142
142
|
const selfKeys = this.keysCache[this.selfId];
|
|
143
143
|
const allKeysEntries = Object.entries(selfKeys);
|
|
144
|
-
const legacyKeyFp =
|
|
144
|
+
const legacyKeyFp = this.selfLegacyPublicKey && (0, utils_2.fingerprintV1)(this.selfLegacyPublicKey);
|
|
145
145
|
const legacyKeyData = legacyKeyFp ? selfKeys[legacyKeyFp] : undefined;
|
|
146
146
|
const legacyEntry = (legacyKeyData === null || legacyKeyData === void 0 ? void 0 : legacyKeyData.isVerified) && legacyKeyFp ? [{ fingerprint: legacyKeyFp, pair: legacyKeyData.pair }] : [];
|
|
147
147
|
function filteredEntries(filterFunction) {
|
|
@@ -215,7 +215,7 @@ class UserEncryptionKeysManager {
|
|
|
215
215
|
...this.dataOwnerApi.getHexPublicKeysWithSha256Of(dowt.dataOwner),
|
|
216
216
|
]);
|
|
217
217
|
const unavailableKeys = Array.from(allPublicKeys).flatMap((key) => {
|
|
218
|
-
return availableKeysFpSet.has(
|
|
218
|
+
return availableKeysFpSet.has((0, utils_2.fingerprintV1)(key)) ? [] : [key];
|
|
219
219
|
});
|
|
220
220
|
const unknownKeys = Array.from(allPublicKeys).filter((x) => { var _a; return !((0, utils_2.fingerprintV1)(x) in verifiedKeysMap) && !(((_a = availableKeys === null || availableKeys === void 0 ? void 0 : availableKeys[(0, utils_2.fingerprintV1)(x)]) === null || _a === void 0 ? void 0 : _a.isDevice) === true); });
|
|
221
221
|
keysData.push({ dowt, availableKeys, unavailableKeys, unknownKeys });
|
|
@@ -264,7 +264,7 @@ class UserEncryptionKeysManager {
|
|
|
264
264
|
createAndSaveNewKeyPair(importedKeyPair, selfDataOwner) {
|
|
265
265
|
var _a;
|
|
266
266
|
return __awaiter(this, void 0, void 0, function* () {
|
|
267
|
-
const keyPair = importedKeyPair !== null && importedKeyPair !== void 0 ? importedKeyPair : (yield this.primitives.RSA.generateKeyPair(
|
|
267
|
+
const keyPair = importedKeyPair !== null && importedKeyPair !== void 0 ? importedKeyPair : (yield this.primitives.RSA.generateKeyPair(RSA_1.ShaVersion.Sha256));
|
|
268
268
|
const publicKeyHex = (0, utils_1.ua2hex)(yield this.primitives.RSA.exportKey(keyPair.publicKey, 'spki'));
|
|
269
269
|
const jwKey = yield this.primitives.RSA.exportKey(keyPair.publicKey, 'jwk');
|
|
270
270
|
if (jwKey.alg !== 'RSA-OAEP-256') {
|