@icure/api 8.0.8 → 8.0.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (270) hide show
  1. package/icc-api/model/models.d.ts +1 -0
  2. package/icc-api/model/models.js +1 -0
  3. package/icc-api/model/models.js.map +1 -1
  4. package/icc-x-api/crypto/BaseExchangeDataManager.js +1 -1
  5. package/icc-x-api/crypto/BaseExchangeDataManager.js.map +1 -1
  6. package/icc-x-api/crypto/BaseExchangeKeysManager.js +7 -3
  7. package/icc-x-api/crypto/BaseExchangeKeysManager.js.map +1 -1
  8. package/icc-x-api/crypto/ExchangeDataManager.js +3 -2
  9. package/icc-x-api/crypto/ExchangeDataManager.js.map +1 -1
  10. package/icc-x-api/crypto/KeyRecovery.js +6 -5
  11. package/icc-x-api/crypto/KeyRecovery.js.map +1 -1
  12. package/icc-x-api/crypto/RSA.d.ts +4 -1
  13. package/icc-x-api/crypto/RSA.js +6 -1
  14. package/icc-x-api/crypto/RSA.js.map +1 -1
  15. package/icc-x-api/crypto/SecureDelegationsManager.js +2 -1
  16. package/icc-x-api/crypto/SecureDelegationsManager.js.map +1 -1
  17. package/icc-x-api/crypto/ShamirKeysManager.js +8 -9
  18. package/icc-x-api/crypto/ShamirKeysManager.js.map +1 -1
  19. package/icc-x-api/crypto/TransferKeysManager.js +4 -3
  20. package/icc-x-api/crypto/TransferKeysManager.js.map +1 -1
  21. package/icc-x-api/crypto/UserEncryptionKeysManager.js +4 -4
  22. package/icc-x-api/crypto/UserEncryptionKeysManager.js.map +1 -1
  23. package/icc-x-api/crypto/UserSignatureKeysManager.js +9 -5
  24. package/icc-x-api/crypto/UserSignatureKeysManager.js.map +1 -1
  25. package/icc-x-api/crypto/utils.d.ts +13 -4
  26. package/icc-x-api/crypto/utils.js +27 -9
  27. package/icc-x-api/crypto/utils.js.map +1 -1
  28. package/icc-x-api/icc-accesslog-x-api.js +16 -14
  29. package/icc-x-api/icc-accesslog-x-api.js.map +1 -1
  30. package/icc-x-api/icc-calendar-item-x-api.d.ts +2 -2
  31. package/icc-x-api/icc-calendar-item-x-api.js +17 -17
  32. package/icc-x-api/icc-calendar-item-x-api.js.map +1 -1
  33. package/icc-x-api/icc-classification-x-api.js +12 -11
  34. package/icc-x-api/icc-classification-x-api.js.map +1 -1
  35. package/icc-x-api/icc-contact-x-api.d.ts +2 -2
  36. package/icc-x-api/icc-contact-x-api.js +23 -20
  37. package/icc-x-api/icc-contact-x-api.js.map +1 -1
  38. package/icc-x-api/icc-data-owner-x-api.js +1 -1
  39. package/icc-x-api/icc-data-owner-x-api.js.map +1 -1
  40. package/icc-x-api/icc-document-x-api.js +17 -16
  41. package/icc-x-api/icc-document-x-api.js.map +1 -1
  42. package/icc-x-api/icc-form-x-api.js +13 -12
  43. package/icc-x-api/icc-form-x-api.js.map +1 -1
  44. package/icc-x-api/icc-helement-x-api.js +18 -16
  45. package/icc-x-api/icc-helement-x-api.js.map +1 -1
  46. package/icc-x-api/icc-icure-maintenance-x-api.js +4 -3
  47. package/icc-x-api/icc-icure-maintenance-x-api.js.map +1 -1
  48. package/icc-x-api/icc-invoice-x-api.js +12 -11
  49. package/icc-x-api/icc-invoice-x-api.js.map +1 -1
  50. package/icc-x-api/icc-maintenance-task-x-api.js +11 -11
  51. package/icc-x-api/icc-maintenance-task-x-api.js.map +1 -1
  52. package/icc-x-api/icc-message-x-api.js +14 -14
  53. package/icc-x-api/icc-message-x-api.js.map +1 -1
  54. package/icc-x-api/icc-patient-x-api.js +28 -27
  55. package/icc-x-api/icc-patient-x-api.js.map +1 -1
  56. package/icc-x-api/icc-receipt-x-api.js +11 -10
  57. package/icc-x-api/icc-receipt-x-api.js.map +1 -1
  58. package/icc-x-api/icc-recovery-x-api.js +3 -2
  59. package/icc-x-api/icc-recovery-x-api.js.map +1 -1
  60. package/icc-x-api/icc-time-table-x-api.js +9 -8
  61. package/icc-x-api/icc-time-table-x-api.js.map +1 -1
  62. package/icc-x-api/icc-topic-x-api.js +13 -13
  63. package/icc-x-api/icc-topic-x-api.js.map +1 -1
  64. package/icc-x-api/storage/IcureStorageFacade.js +4 -1
  65. package/icc-x-api/storage/IcureStorageFacade.js.map +1 -1
  66. package/icc-x-api/utils/EntityWithDelegationTypeName.d.ts +17 -1
  67. package/icc-x-api/utils/EntityWithDelegationTypeName.js +33 -15
  68. package/icc-x-api/utils/EntityWithDelegationTypeName.js.map +1 -1
  69. package/package.json +1 -1
  70. package/test/icc-api/api/IccAnonymousAccessApi.d.ts +1 -0
  71. package/test/icc-api/api/IccAnonymousAccessApi.js +58 -0
  72. package/test/icc-api/api/IccAnonymousAccessApi.js.map +1 -0
  73. package/test/icc-api/api/IccDocumentApi.d.ts +1 -0
  74. package/test/icc-api/api/IccDocumentApi.js +208 -0
  75. package/test/icc-api/api/IccDocumentApi.js.map +1 -0
  76. package/test/icc-api/api/IccGroupApi.d.ts +1 -0
  77. package/test/icc-api/api/IccGroupApi.js +50 -0
  78. package/test/icc-api/api/IccGroupApi.js.map +1 -0
  79. package/test/icc-api/api/IccRecoveryDataApi.d.ts +1 -0
  80. package/test/icc-api/api/IccRecoveryDataApi.js +95 -0
  81. package/test/icc-api/api/IccRecoveryDataApi.js.map +1 -0
  82. package/test/icc-api/api/IccRoleApi.d.ts +1 -0
  83. package/test/icc-api/api/IccRoleApi.js +34 -0
  84. package/test/icc-api/api/IccRoleApi.js.map +1 -0
  85. package/test/icc-api/api/IccUserApi.d.ts +1 -0
  86. package/test/icc-api/api/IccUserApi.js +96 -0
  87. package/test/icc-api/api/IccUserApi.js.map +1 -0
  88. package/test/icc-api/e2e/IccCalendarItemApi.d.ts +1 -0
  89. package/test/icc-api/e2e/IccCalendarItemApi.js +46 -0
  90. package/test/icc-api/e2e/IccCalendarItemApi.js.map +1 -0
  91. package/test/icc-api/model/modelHelpersTest.d.ts +1 -0
  92. package/test/icc-api/model/modelHelpersTest.js +45 -0
  93. package/test/icc-api/model/modelHelpersTest.js.map +1 -0
  94. package/test/icc-x-api/auth/group-switch-test.d.ts +1 -0
  95. package/test/icc-x-api/auth/group-switch-test.js +81 -0
  96. package/test/icc-x-api/auth/group-switch-test.js.map +1 -0
  97. package/test/icc-x-api/auth/jwt-concurrency-test.d.ts +2 -0
  98. package/test/icc-x-api/auth/jwt-concurrency-test.js +113 -0
  99. package/test/icc-x-api/auth/jwt-concurrency-test.js.map +1 -0
  100. package/test/icc-x-api/auth/smart-auth-provider-test.d.ts +1 -0
  101. package/test/icc-x-api/auth/smart-auth-provider-test.js +224 -0
  102. package/test/icc-x-api/auth/smart-auth-provider-test.js.map +1 -0
  103. package/test/icc-x-api/autofix-anonymity-test.d.ts +1 -0
  104. package/test/icc-x-api/autofix-anonymity-test.js +108 -0
  105. package/test/icc-x-api/autofix-anonymity-test.js.map +1 -0
  106. package/test/icc-x-api/confidential-entities-test.d.ts +1 -0
  107. package/test/icc-x-api/confidential-entities-test.js +110 -0
  108. package/test/icc-x-api/confidential-entities-test.js.map +1 -0
  109. package/test/icc-x-api/crud/comprehensive-crud-test.d.ts +1 -0
  110. package/test/icc-x-api/crud/comprehensive-crud-test.js +276 -0
  111. package/test/icc-x-api/crud/comprehensive-crud-test.js.map +1 -0
  112. package/test/icc-x-api/crud/entities-crud-test-interface.d.ts +16 -0
  113. package/test/icc-x-api/crud/entities-crud-test-interface.js +422 -0
  114. package/test/icc-x-api/crud/entities-crud-test-interface.js.map +1 -0
  115. package/test/icc-x-api/crypto/anonymous-delegations-test.d.ts +1 -0
  116. package/test/icc-x-api/crypto/anonymous-delegations-test.js +588 -0
  117. package/test/icc-x-api/crypto/anonymous-delegations-test.js.map +1 -0
  118. package/test/icc-x-api/crypto/concurrency.d.ts +1 -0
  119. package/test/icc-x-api/crypto/concurrency.js +35 -0
  120. package/test/icc-x-api/crypto/concurrency.js.map +1 -0
  121. package/test/icc-x-api/crypto/crypto-utils.d.ts +1 -0
  122. package/test/icc-x-api/crypto/crypto-utils.js +80 -0
  123. package/test/icc-x-api/crypto/crypto-utils.js.map +1 -0
  124. package/test/icc-x-api/crypto/cryptoTest.d.ts +2 -0
  125. package/test/icc-x-api/crypto/cryptoTest.js +302 -0
  126. package/test/icc-x-api/crypto/cryptoTest.js.map +1 -0
  127. package/test/icc-x-api/crypto/delegate-ci-to-patient-with-missing-keys-test.d.ts +1 -0
  128. package/test/icc-x-api/crypto/delegate-ci-to-patient-with-missing-keys-test.js +166 -0
  129. package/test/icc-x-api/crypto/delegate-ci-to-patient-with-missing-keys-test.js.map +1 -0
  130. package/test/icc-x-api/crypto/exchange-data-manager-test.d.ts +1 -0
  131. package/test/icc-x-api/crypto/exchange-data-manager-test.js +690 -0
  132. package/test/icc-x-api/crypto/exchange-data-manager-test.js.map +1 -0
  133. package/test/icc-x-api/crypto/full-crypto-test.d.ts +1 -0
  134. package/test/icc-x-api/crypto/full-crypto-test.js +457 -0
  135. package/test/icc-x-api/crypto/full-crypto-test.js.map +1 -0
  136. package/test/icc-x-api/crypto/secure-delegations-manager-test.d.ts +1 -0
  137. package/test/icc-x-api/crypto/secure-delegations-manager-test.js +266 -0
  138. package/test/icc-x-api/crypto/secure-delegations-manager-test.js.map +1 -0
  139. package/test/icc-x-api/crypto/secure-delegations-metadata-decryptor-test.d.ts +1 -0
  140. package/test/icc-x-api/crypto/secure-delegations-metadata-decryptor-test.js +393 -0
  141. package/test/icc-x-api/crypto/secure-delegations-metadata-decryptor-test.js.map +1 -0
  142. package/test/icc-x-api/crypto/security-metadata-decryptor-chain-test.d.ts +1 -0
  143. package/test/icc-x-api/crypto/security-metadata-decryptor-chain-test.js +213 -0
  144. package/test/icc-x-api/crypto/security-metadata-decryptor-chain-test.js.map +1 -0
  145. package/test/icc-x-api/crypto/shamir.d.ts +2 -0
  146. package/test/icc-x-api/crypto/shamir.js +166 -0
  147. package/test/icc-x-api/crypto/shamir.js.map +1 -0
  148. package/test/icc-x-api/crypto/share-to-newly-created-patient-from-hcp.d.ts +1 -0
  149. package/test/icc-x-api/crypto/share-to-newly-created-patient-from-hcp.js +71 -0
  150. package/test/icc-x-api/crypto/share-to-newly-created-patient-from-hcp.js.map +1 -0
  151. package/test/icc-x-api/crypto/signature-keys-manager-test.d.ts +1 -0
  152. package/test/icc-x-api/crypto/signature-keys-manager-test.js +44 -0
  153. package/test/icc-x-api/crypto/signature-keys-manager-test.js.map +1 -0
  154. package/test/icc-x-api/crypto/user-encryption-keys-manager-test.d.ts +1 -0
  155. package/test/icc-x-api/crypto/user-encryption-keys-manager-test.js +246 -0
  156. package/test/icc-x-api/crypto/user-encryption-keys-manager-test.js.map +1 -0
  157. package/test/icc-x-api/entity-with-attachments-api-test.d.ts +1 -0
  158. package/test/icc-x-api/entity-with-attachments-api-test.js +142 -0
  159. package/test/icc-x-api/entity-with-attachments-api-test.js.map +1 -0
  160. package/test/icc-x-api/filters/filters.d.ts +1 -0
  161. package/test/icc-x-api/filters/filters.js +49 -0
  162. package/test/icc-x-api/filters/filters.js.map +1 -0
  163. package/test/icc-x-api/icc-accesslog-x-api.d.ts +1 -0
  164. package/test/icc-x-api/icc-accesslog-x-api.js +106 -0
  165. package/test/icc-x-api/icc-accesslog-x-api.js.map +1 -0
  166. package/test/icc-x-api/icc-auth-api.d.ts +1 -0
  167. package/test/icc-x-api/icc-auth-api.js +47 -0
  168. package/test/icc-x-api/icc-auth-api.js.map +1 -0
  169. package/test/icc-x-api/icc-calendar-item-x-api.d.ts +1 -0
  170. package/test/icc-x-api/icc-calendar-item-x-api.js +150 -0
  171. package/test/icc-x-api/icc-calendar-item-x-api.js.map +1 -0
  172. package/test/icc-x-api/icc-contact-x-api.d.ts +1 -0
  173. package/test/icc-x-api/icc-contact-x-api.js +279 -0
  174. package/test/icc-x-api/icc-contact-x-api.js.map +1 -0
  175. package/test/icc-x-api/icc-form-x-api.d.ts +1 -0
  176. package/test/icc-x-api/icc-form-x-api.js +98 -0
  177. package/test/icc-x-api/icc-form-x-api.js.map +1 -0
  178. package/test/icc-x-api/icc-helement-x-api-test.d.ts +1 -0
  179. package/test/icc-x-api/icc-helement-x-api-test.js +153 -0
  180. package/test/icc-x-api/icc-helement-x-api-test.js.map +1 -0
  181. package/test/icc-x-api/icc-invoice-x-api.d.ts +1 -0
  182. package/test/icc-x-api/icc-invoice-x-api.js +99 -0
  183. package/test/icc-x-api/icc-invoice-x-api.js.map +1 -0
  184. package/test/icc-x-api/icc-maintenance-task-x-api-test.d.ts +1 -0
  185. package/test/icc-x-api/icc-maintenance-task-x-api-test.js +221 -0
  186. package/test/icc-x-api/icc-maintenance-task-x-api-test.js.map +1 -0
  187. package/test/icc-x-api/icc-message-x-api.d.ts +1 -0
  188. package/test/icc-x-api/icc-message-x-api.js +328 -0
  189. package/test/icc-x-api/icc-message-x-api.js.map +1 -0
  190. package/test/icc-x-api/icc-patient-x-api-test.d.ts +1 -0
  191. package/test/icc-x-api/icc-patient-x-api-test.js +158 -0
  192. package/test/icc-x-api/icc-patient-x-api-test.js.map +1 -0
  193. package/test/icc-x-api/icc-recovery-x-api.d.ts +1 -0
  194. package/test/icc-x-api/icc-recovery-x-api.js +170 -0
  195. package/test/icc-x-api/icc-recovery-x-api.js.map +1 -0
  196. package/test/icc-x-api/icc-time-table-x-api.d.ts +1 -0
  197. package/test/icc-x-api/icc-time-table-x-api.js +100 -0
  198. package/test/icc-x-api/icc-time-table-x-api.js.map +1 -0
  199. package/test/icc-x-api/icc-topic-x-api.d.ts +1 -0
  200. package/test/icc-x-api/icc-topic-x-api.js +269 -0
  201. package/test/icc-x-api/icc-topic-x-api.js.map +1 -0
  202. package/test/icc-x-api/icc-user-x-api-test.d.ts +1 -0
  203. package/test/icc-x-api/icc-user-x-api-test.js +99 -0
  204. package/test/icc-x-api/icc-user-x-api-test.js.map +1 -0
  205. package/test/icc-x-api/patient-user.d.ts +2 -0
  206. package/test/icc-x-api/patient-user.js +104 -0
  207. package/test/icc-x-api/patient-user.js.map +1 -0
  208. package/test/icc-x-api/storage/storage.d.ts +1 -0
  209. package/test/icc-x-api/storage/storage.js +48 -0
  210. package/test/icc-x-api/storage/storage.js.map +1 -0
  211. package/test/icc-x-api/test-api-no-parent.d.ts +1 -0
  212. package/test/icc-x-api/test-api-no-parent.js +79 -0
  213. package/test/icc-x-api/test-api-no-parent.js.map +1 -0
  214. package/test/icc-x-api/test-legacy-data-support.d.ts +1 -0
  215. package/test/icc-x-api/test-legacy-data-support.js +376 -0
  216. package/test/icc-x-api/test-legacy-data-support.js.map +1 -0
  217. package/test/icc-x-api/utils/graph-test.d.ts +1 -0
  218. package/test/icc-x-api/utils/graph-test.js +54 -0
  219. package/test/icc-x-api/utils/graph-test.js.map +1 -0
  220. package/test/icc-x-api/utils/lru-temporised-async-cache-test.d.ts +1 -0
  221. package/test/icc-x-api/utils/lru-temporised-async-cache-test.js +364 -0
  222. package/test/icc-x-api/utils/lru-temporised-async-cache-test.js.map +1 -0
  223. package/test/support/CSM-185.d.ts +1 -0
  224. package/test/support/CSM-185.js +124 -0
  225. package/test/support/CSM-185.js.map +1 -0
  226. package/test/support/CSM-243.d.ts +1 -0
  227. package/test/support/CSM-243.js +120 -0
  228. package/test/support/CSM-243.js.map +1 -0
  229. package/test/support/CSM-87.d.ts +0 -0
  230. package/test/support/CSM-87.js +21 -0
  231. package/test/support/CSM-87.js.map +1 -0
  232. package/test/support/CSM-93.d.ts +1 -0
  233. package/test/support/CSM-93.js +112 -0
  234. package/test/support/CSM-93.js.map +1 -0
  235. package/test/utils/FakeDataOwnerApi.d.ts +32 -0
  236. package/test/utils/FakeDataOwnerApi.js +136 -0
  237. package/test/utils/FakeDataOwnerApi.js.map +1 -0
  238. package/test/utils/FakeEncryptionKeysManager.d.ts +35 -0
  239. package/test/utils/FakeEncryptionKeysManager.js +87 -0
  240. package/test/utils/FakeEncryptionKeysManager.js.map +1 -0
  241. package/test/utils/FakeExchangeDataApi.d.ts +30 -0
  242. package/test/utils/FakeExchangeDataApi.js +74 -0
  243. package/test/utils/FakeExchangeDataApi.js.map +1 -0
  244. package/test/utils/FakeExchangeDataManager.d.ts +40 -0
  245. package/test/utils/FakeExchangeDataManager.js +89 -0
  246. package/test/utils/FakeExchangeDataManager.js.map +1 -0
  247. package/test/utils/FakeExchangeDataMapManager.d.ts +12 -0
  248. package/test/utils/FakeExchangeDataMapManager.js +38 -0
  249. package/test/utils/FakeExchangeDataMapManager.js.map +1 -0
  250. package/test/utils/FakeGenericApi.d.ts +16 -0
  251. package/test/utils/FakeGenericApi.js +65 -0
  252. package/test/utils/FakeGenericApi.js.map +1 -0
  253. package/test/utils/FakeSignatureKeysManager.d.ts +16 -0
  254. package/test/utils/FakeSignatureKeysManager.js +54 -0
  255. package/test/utils/FakeSignatureKeysManager.js.map +1 -0
  256. package/test/utils/TestApi.d.ts +3 -0
  257. package/test/utils/TestApi.js +30 -0
  258. package/test/utils/TestApi.js.map +1 -0
  259. package/test/utils/TestCollectionUtils.d.ts +1 -0
  260. package/test/utils/TestCollectionUtils.js +109 -0
  261. package/test/utils/TestCollectionUtils.js.map +1 -0
  262. package/test/utils/TestCryptoStrategies.d.ts +42 -0
  263. package/test/utils/TestCryptoStrategies.js +80 -0
  264. package/test/utils/TestCryptoStrategies.js.map +1 -0
  265. package/test/utils/TestStorage.d.ts +23 -0
  266. package/test/utils/TestStorage.js +61 -0
  267. package/test/utils/TestStorage.js.map +1 -0
  268. package/test/utils/test_utils.d.ts +76 -0
  269. package/test/utils/test_utils.js +419 -0
  270. package/test/utils/test_utils.js.map +1 -0
@@ -1 +1 @@
1
- {"version":3,"file":"UserEncryptionKeysManager.js","sourceRoot":"","sources":["../../../icc-x-api/crypto/UserEncryptionKeysManager.ts"],"names":[],"mappings":";;;;;;;;;;;;AAEA,oCAAiC;AAEjC,mCAAqE;AAKrE,yEAA8F;AAiB9F,MAAM,8BAA8B,GAA4B,CAAC,CAAC,EAAE,EAAE,CACpE,OAAO,CAAC,OAAO,CACb,CAAC,CAAC,MAAM,CACN,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,EAAE,EAAE,CAAC,iCAAM,GAAG,KAAE,CAAC,SAAS,CAAC,SAAS,CAAC,EAAG,CAAC,EAAE,EAAE,aAAa,EAAE,EAAE,EAAE,eAAe,EAAE,EAAE,EAAE,IAAG,EAC3G,EAKC,CACF,CACF,CAAA;AAGH;;GAEG;AACH,MAAa,yBAAyB;IAKpC,YACmB,UAA4B,EAC5B,YAA8B,EAC9B,YAAgC,EAChC,WAAwB,EACxB,UAA4B,EAC5B,oBAA6B,EAC7B,gBAAkC;QANlC,eAAU,GAAV,UAAU,CAAkB;QAC5B,iBAAY,GAAZ,YAAY,CAAkB;QAC9B,iBAAY,GAAZ,YAAY,CAAoB;QAChC,gBAAW,GAAX,WAAW,CAAa;QACxB,eAAU,GAAV,UAAU,CAAkB;QAC5B,yBAAoB,GAApB,oBAAoB,CAAS;QAC7B,qBAAgB,GAAhB,gBAAgB,CAAkB;QAT7C,cAAS,GAA2F,SAAS,CAAA;IAUlH,CAAC;IAEJ;;;;;;;OAOG;IACG,wCAAwC;;YAU5C,IAAI,CAAC,iBAAiB,EAAE,CAAA;YACxB,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,+BAA+B,EAAE,CAAA;YAC3E,MAAM,MAAM,GAAG,SAAS,CAAC,SAAS,CAAC,MAAM,GAAG,CAAC,CAAC,CAAA;YAC9C,MAAM,QAAQ,GAAG,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,SAAU,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,EAAE,UAAU,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,UAAU,IAAI,QAAQ,EAAE,CAAC,CAAC,CAAA;YAC7I,MAAM,kBAAkB,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,SAAS,CAAC,MAAM,GAAG,CAAC,CAAC,CAAA;YACnE,OAAO;gBACL,IAAI,EAAE;oBACJ,WAAW,EAAE,MAAM;oBACnB,IAAI,EAAE,QAAQ;iBACf;gBACD,OAAO,EAAE,kBAAkB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;oBACtC,WAAW,EAAE,CAAC;oBACd,IAAI,EAAE,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,SAAU,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,EAAE,UAAU,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,UAAU,IAAI,QAAQ,EAAE,CAAC,CAAC;iBAC9H,CAAC,CAAC;aACJ,CAAA;QACH,CAAC;KAAA;IAED;;;;;;;OAOG;IACG,oCAAoC,CAAC,YAAqB;;YAC9D,IAAI,CAAC,iBAAiB,EAAE,CAAA;YACxB,IAAI,YAAY,GAAG,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,SAAU,CAAC,IAAI,CAAC,MAAO,CAAC,CAAC,CAAA;YAC/D,IAAI,YAAY,EAAE;gBAChB,YAAY,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,UAAU,IAAI,IAAI,CAAC,QAAQ,CAAC,CAAA;aAC/E;YACD,OAAO,MAAM,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,CAAO,OAAO,EAAE,EAAE,gDAAC,OAAA,IAAA,cAAM,EAAC,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,SAAS,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC,CAAA,GAAA,CAAC,CAAC,CAAA;QAC5I,CAAC;KAAA;IAED;;;;;OAKG;IACG,6CAA6C;;YACjD,OAAO,MAAM,OAAO,CAAC,GAAG,CACtB,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,SAAU,CAAC;iBAC3B,OAAO,CAAC,CAAC,cAAc,EAAE,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC;iBAC1D,GAAG,CAAC,CAAO,WAAW,EAAE,EAAE,gDAAC,OAAA,IAAA,cAAM,EAAC,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,SAAS,CAAC,WAAW,CAAC,IAAI,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC,CAAA,GAAA,CAAC,CAC/G,CAAA;QACH,CAAC;KAAA;IAED;;;;OAIG;IACH,wBAAwB,CAAC,WAAmB;QAC1C,MAAM,aAAa,GAAG,IAAI,CAAC,mBAAmB,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,KAAK,WAAW,CAAC,CAAA;QAC3F,IAAI,aAAa;YAAE,OAAO,EAAE,IAAI,EAAE,aAAa,CAAC,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAA;QACtE,MAAM,UAAU,GAAG,IAAI,CAAC,iBAAiB,EAAE,CAAC,WAAW,CAAC,CAAA;QACxD,IAAI,UAAU;YAAE,OAAO,EAAE,IAAI,EAAE,UAAU,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAA;QAC5D,OAAO,SAAS,CAAA;IAClB,CAAC;IAED;;;;;;OAMG;IACG,cAAc;;YAClB,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,UAAU,CAClC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,iCAAiC,CAAC,CAAC,EAAE,IAAI,CAAC,UAAU,EAAE,IAAI,CAAC,gBAAgB,CAAC,EACnG,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,0BAA0B,CAAC,CAAC,EAAE,IAAI,CAAC,UAAU,CAAC,CACtE,CAAA;YACD,OAAO,MAAM,CAAC,CAAC,CAAC,EAAE,UAAU,EAAE,MAAM,CAAC,IAAI,EAAE,iBAAiB,EAAE,MAAM,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,SAAS,CAAA;QAChG,CAAC;KAAA;IAED;;;;;OAKG;IACG,UAAU;;YACd,MAAM,IAAI,CAAC,UAAU,CAAC,8BAA8B,EAAE,CAAC,CAAC,EAAE,EAAE;gBAC1D,MAAM,IAAI,KAAK,CAAC,6FAA6F,CAAC,CAAA;YAChH,CAAC,CAAC,CAAA;QACJ,CAAC;KAAA;IAED;;;;;;;;;OASG;IACH,mBAAmB;;QACjB,IAAI,CAAC,iBAAiB,EAAE,CAAA;QACxB,MAAM,QAAQ,GAAG,IAAI,CAAC,SAAU,CAAC,IAAI,CAAC,MAAO,CAAC,CAAA;QAC9C,MAAM,cAAc,GAAG,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAA;QAE/C,MAAM,WAAW,GAAG,MAAA,IAAI,CAAC,mBAAmB,0CAAE,KAAK,CAAC,CAAC,EAAE,CAAC,CAAA;QACxD,MAAM,aAAa,GAAG,WAAW,CAAC,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,SAAS,CAAA;QACrE,MAAM,WAAW,GAAG,CAAA,aAAa,aAAb,aAAa,uBAAb,aAAa,CAAE,UAAU,KAAI,WAAW,CAAC,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,WAAW,EAAE,IAAI,EAAE,aAAa,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,CAAA;QAE5H,SAAS,eAAe,CAAC,cAA0D;YACjF,OAAO,cAAc;iBAClB,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,IAAI,CAAC,EAAE,EAAE,CAAC,cAAc,CAAC,EAAE,EAAE,IAAI,CAAC,IAAI,EAAE,KAAK,WAAW,CAAC;iBACtE,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE;gBACjB,oHAAoH;gBACpH,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAA;YACpC,CAAC,CAAC;iBACD,GAAG,CAAC,CAAC,CAAC,WAAW,EAAE,EAAE,IAAI,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC,CAAC,CAAA;QAC9D,CAAC;QACD,OAAO,CAAC,GAAG,WAAW,EAAE,GAAG,eAAe,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,GAAG,eAAe,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,EAAE,CAAC,CAAC,IAAI,CAAC,QAAQ,IAAI,IAAI,CAAC,UAAU,CAAC,CAAC,CAAA;IAC7I,CAAC;IAED;;;;OAIG;IACG,wBAAwB,CAAC,SAA0B;;YACvD,IAAI,CAAC,iBAAiB,EAAE,CAAA;YACxB,MAAM,aAAa,GAAG,IAAI,CAAC,SAAU,CAAC,SAAS,CAAC,EAAG,CAAC,CAAA;YACpD,IAAI,CAAC,aAAa;gBAAE,MAAM,IAAI,KAAK,CAAC,cAAc,SAAS,CAAC,EAAE,2DAA2D,IAAI,CAAC,MAAM,EAAE,CAAC,CAAA;YACvI,MAAM,uBAAuB,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,IAAI,CAAC,EAAE,EAAE,CAAC,CAAC,IAAI,CAAC,UAAU,IAAI,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAA;YAC9I,MAAM,eAAe,GAAG,IAAI,GAAG,CAC7B,MAAM,CAAC,OAAO,CAAC,MAAM,IAAI,CAAC,YAAY,CAAC,oBAAoB,CAAC,SAAS,CAAC,EAAG,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,QAAQ,CAAC,EAAE,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAChI,CAAA;YACD,OAAO,KAAK,CAAC,IAAI,CAAC;gBAChB,GAAG,IAAI,CAAC,YAAY,CAAC,0BAA0B,CAAC,SAAS,CAAC;gBAC1D,GAAG,IAAI,CAAC,YAAY,CAAC,4BAA4B,CAAC,SAAS,CAAC;aAC7D,CAAC,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,EAAE;gBAChB,MAAM,EAAE,GAAG,IAAA,qBAAa,EAAC,GAAG,CAAC,CAAA;gBAC7B,OAAO,uBAAuB,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,eAAe,CAAC,GAAG,CAAC,EAAE,CAAC,CAAA;YACnE,CAAC,CAAC,CAAA;QACJ,CAAC;KAAA;IAED;;;;OAIG;IACH,iBAAiB;QACf,IAAI,CAAC,iBAAiB,EAAE,CAAA;QACxB,OAAO,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,SAAU,CAAC,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE;YACzD,uCACK,GAAG,GACH,IAAI,CAAC,sBAAsB,CAAC,IAAI,CAAC,EACrC;QACH,CAAC,EAAE,EAA0C,CAAC,CAAA;IAChD,CAAC;IAEa,UAAU,CACtB,uBAAgD,EAChD,wBAAkD;;YAElD,wCAAwC;YACxC,MAAM,SAAS,GAAG,CAAC,MAAM,IAAI,CAAC,YAAY,CAAC,4BAA4B,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,SAAS,EAAE,IAAI,EAAE,EAAE,EAAE;;gBACrG,IAAI,SAAS,CAAC,SAAS,IAAI,EAAE,EAAE;oBAC7B,IAAI,MAAM,CAAC,OAAO,CAAC,MAAA,SAAS,CAAC,WAAW,mCAAI,EAAE,CAAC,CAAC,MAAM,GAAG,CAAC;wBACxD,MAAM,IAAI,KAAK,CAAC,cAAc,SAAS,CAAC,EAAE,qDAAqD,CAAC,CAAA;oBAClG,OAAO,SAAS,CAAC,SAAS,CAAA;iBAC3B;gBACD,OAAO;oBACL,SAAS;oBACT,IAAI;iBACgB,CAAA;YACxB,CAAC,CAAC,CAAA;YACF,MAAM,IAAI,GAAG,SAAS,CAAC,SAAS,CAAC,MAAM,GAAG,CAAC,CAAC,CAAA;YAC5C,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC,SAAS,CAAC,EAAG,CAAA;YAChC,MAAM,QAAQ,GAAG,EAAE,CAAA;YACnB,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,oBAAoB,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE;gBACjE,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,qBAAqB,CAAC,IAAI,CAAC,CAAA;gBAC5D,MAAM,kBAAkB,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAA;gBAC9D,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,oBAAoB,CAAC,IAAI,CAAC,SAAS,CAAC,EAAG,CAAC,CAAA;gBACxF,MAAM,aAAa,GAAG,IAAI,GAAG,CAAC;oBAC5B,GAAG,IAAI,CAAC,YAAY,CAAC,0BAA0B,CAAC,IAAI,CAAC,SAAS,CAAC;oBAC/D,GAAG,IAAI,CAAC,YAAY,CAAC,4BAA4B,CAAC,IAAI,CAAC,SAAS,CAAC;iBAClE,CAAC,CAAA;gBACF,MAAM,eAAe,GAAG,KAAK,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,OAAO,CAAC,CAAC,GAAG,EAAE,EAAE;oBAChE,OAAO,kBAAkB,CAAC,GAAG,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAA;gBAC5D,CAAC,CAAC,CAAA;gBACF,MAAM,WAAW,GAAG,KAAK,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,MAAM,CAClD,CAAC,CAAC,EAAE,EAAE,WAAC,OAAA,CAAC,CAAC,IAAA,qBAAa,EAAC,CAAC,CAAC,IAAI,eAAe,CAAC,IAAI,CAAC,CAAC,CAAA,MAAA,aAAa,aAAb,aAAa,uBAAb,aAAa,CAAG,IAAA,qBAAa,EAAC,CAAC,CAAC,CAAC,0CAAE,QAAQ,MAAK,IAAI,CAAC,CAAA,EAAA,CACzG,CAAA;gBACD,QAAQ,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,aAAa,EAAE,eAAe,EAAE,WAAW,EAAE,CAAC,CAAA;aACrE;YACD,MAAM,YAAY,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,EAAE,eAAe,EAAE,WAAW,EAAE,EAAE,EAAE,CAAC,CAAC,EAAE,SAAS,EAAE,IAAI,EAAE,eAAe,EAAE,WAAW,EAAE,CAAC,CAAC,CAAA;YAClI,MAAM,6BAA6B,GAAG,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,eAAe,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC,CAAC;gBACtH,CAAC,CAAC,MAAM,uBAAuB,CAAC,YAAY,CAAC;gBAC7C,CAAC,CAAC,MAAM,8BAA8B,CAAC,YAAY,CAAC,CAAA;YACtD,MAAM,SAAS,GAA6D,EAAE,CAAA;YAC9E,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE;gBAC9B,MAAM,gBAAgB,GAAG,IAAI,CAAC,qBAAqB,CAAC,6BAA6B,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,EAAG,CAAC,CAAC,eAAe,CAAC,CAAA;gBAC9H,MAAM,uBAAuB,GAAG,IAAI,CAAC,qBAAqB,CAAC,6BAA6B,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,EAAG,CAAC,CAAC,aAAa,CAAC,CAAA;gBACnI,KAAK,MAAM,CAAC,EAAE,EAAE,OAAO,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,uBAAuB,CAAC,EAAE;oBACnE,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,UAAU,CAAC,OAAO,EAAE,KAAK,EAAE,KAAK,CAAC,CAAA;oBAC3E,MAAM,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,EAAG,EAAE,EAAE,EAAE,OAAO,EAAE,IAAI,CAAC,CAAA;iBAC/E;gBACD,MAAM,kBAAkB,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,oBAAoB,CACrE,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,EAAG,EAC1B,CAAC,GAAG,MAAM,CAAC,IAAI,CAAC,gBAAgB,CAAC,EAAE,GAAG,MAAM,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC,CAAC,MAAM,CAChF,CAAC,GAAG,EAAE,MAAM,EAAE,EAAE,CAAC,iCACZ,GAAG,KACN,CAAC,MAAM,CAAC,EAAE,MAAM,IAAI,uBAAuB,IAAI,gBAAgB,CAAC,MAAM,CAAC,IACvE,EACF,EAAE,CACH,CACF,CAAA;gBACD,MAAM,2BAA2B,mCAC5B,OAAO,CAAC,aAAa,GACrB,MAAM,CAAC,WAAW,CAAC,MAAM,CAAC,OAAO,CAAC,uBAAuB,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,IAAI,EAAE,CAAC,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC,CAClH,CAAA;gBACD,MAAM,qBAAqB,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,OAAO,CAAC,IAAI,EAAE,IAAI,CAAC,sBAAsB,CAAC,2BAA2B,CAAC,CAAC,CAAA;gBACpI,MAAM,IAAI,mCACL,2BAA2B,GAC3B,MAAM,CAAC,WAAW,CAAC,MAAM,CAAC,OAAO,CAAC,qBAAqB,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,IAAI,EAAE,CAAC,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC,CAChH,CAAA;gBACD,SAAS,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,EAAG,CAAC,GAAG,IAAI,CAAC,UAAU,CAAC,IAAI,EAAE,kBAAkB,CAAC,CAAA;aAClF;YACD,IAAI,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,OAAO,EAAE,IAAI,CAAC,EAAE,EAAE,CAAC,OAAO,KAAK,IAAI,CAAC,SAAS,CAAC,EAAE,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC,EAAE;gBACpH,MAAM,IAAI,KAAK,CAAC,gGAAgG,CAAC,CAAA;aAClH;iBAAM,IAAI,IAAI,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,SAAS,CAAC,EAAG,CAAC,CAAC,EAAE;gBAC7D,IAAI,CAAC,SAAS,GAAG,SAAS,CAAA;gBAC1B,IAAI,CAAC,mBAAmB,GAAG,IAAI,CAAC,SAAS,CAAC,SAAS,CAAA;gBACnD,OAAO,SAAS,CAAA;aACjB;iBAAM;gBACL,MAAM,QAAQ,GAAG,MAAM,wBAAwB,CAAC,IAAI,CAAC,CAAA;gBACrD,IAAI,QAAQ,KAAK,KAAK,EAAE;oBACtB,MAAM,IAAI,KAAK,CAAC,6BAA6B,IAAI,CAAC,SAAS,CAAC,EAAE,mDAAmD,CAAC,CAAA;iBACnH;qBAAM;oBACL,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,uBAAuB,CAAC,QAAQ,KAAK,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAA;oBACrG,2BAA2B;oBAC3B,IAAI,CAAC,mBAAmB,GAAG,UAAU,CAAC,WAAW,CAAC,IAAI,CAAC,SAAS,CAAA;oBAChE,IAAI,CAAC,SAAS,mCACT,SAAS,KACZ,CAAC,IAAI,CAAC,SAAS,CAAC,EAAG,CAAC,kCACf,SAAS,CAAC,IAAI,CAAC,SAAS,CAAC,EAAG,CAAC,KAChC,CAAC,UAAU,CAAC,oBAAoB,CAAC,EAAE,EAAE,IAAI,EAAE,UAAU,CAAC,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,UAAU,EAAE,IAAI,EAAE,MAEpG,CAAA;oBACD,OAAO,EAAE,IAAI,EAAE,UAAU,CAAC,OAAO,EAAE,WAAW,EAAE,UAAU,CAAC,oBAAoB,EAAE,CAAA;iBAClF;aACF;QACH,CAAC;KAAA;IAEa,uBAAuB,CACnC,eAA+C,EAC/C,aAAgC;;;YAEhC,MAAM,OAAO,GAAG,eAAe,aAAf,eAAe,cAAf,eAAe,GAAI,CAAC,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,eAAe,CAAC,SAAS,CAAC,CAAC,CAAA;YACzF,MAAM,YAAY,GAAG,IAAA,cAAM,EAAC,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,SAAS,CAAC,OAAO,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC,CAAA;YAC3F,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,SAAS,CAAC,OAAO,CAAC,SAAS,EAAE,KAAK,CAAC,CAAA;YAC3E,IAAI,KAAK,CAAC,GAAG,KAAK,cAAc,EAAE;gBAChC,MAAM,IAAI,KAAK,CAAC,0DAA0D,CAAC,CAAA;aAC5E;YACD,MAAM,oBAAoB,GAAG,IAAA,qBAAa,EAAC,YAAY,CAAC,CAAA;YACxD,MAAM,IAAI,CAAC,YAAY,CAAC,OAAO,CAC7B,aAAa,CAAC,SAAS,CAAC,EAAG,EAC3B,oBAAoB,EACpB,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,UAAU,CAAC,OAAO,EAAE,KAAK,EAAE,KAAK,CAAC,EAC3D,IAAI,CACL,CAAA;YACD,MAAM,IAAI,CAAC,YAAY,CAAC,oBAAoB,CAAC,aAAa,CAAC,SAAS,CAAC,EAAG,EAAE,EAAE,CAAC,oBAAoB,CAAC,EAAE,IAAI,EAAE,CAAC,CAAA;YAC3G,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,qBAAqB,CAAC;gBAChE,IAAI,kCACC,iCAAe,CAAC,aAAa,CAAC,aAAa,CAAC,SAAS,CAAC,KACzD,2BAA2B,EAAE,CAAC,GAAG,CAAC,MAAA,aAAa,CAAC,SAAS,CAAC,2BAA2B,mCAAI,EAAE,CAAC,EAAE,YAAY,CAAC,GAC5G;gBACD,IAAI,EAAE,aAAa,CAAC,IAAI;aACzB,CAAC,CAAA;YACF,OAAO,EAAE,oBAAoB,EAAE,OAAO,EAAE,OAAO,EAAE,WAAW,EAAE,CAAA;;KAC/D;IAEa,cAAc,CAC1B,SAA4B,EAC5B,mBAAgD;;YAEhD,MAAM,8BAA8B,GAAG,MAAM,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,UAAU,EAAE,GAAG,CAAC,EAAE,EAAE;gBACvG,OAAO,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,UAAU,EAAE,EAAE,CAAyB,CAAC,CAAA;YAClE,CAAC,CAAC,CAAA;YACF,OAAO,MAAM,8BAA8B,CAAC,MAAM,CAAC,CAAO,GAAG,EAAE,CAAC,UAAU,EAAE,kBAAkB,CAAC,EAAE,EAAE;gBACjG,MAAM,UAAU,GAAG,MAAM,GAAG,CAAA;gBAC5B,IAAI,UAAU,GAAgE,SAAS,CAAA;gBACvF,IAAI;oBACF,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC,SAAS,CAAC,SAAS,CAAC,EAAG,EAAE,kBAAkB,EAAE,SAAS,CAAC,SAAS,CAAC,SAAS,CAAC,CAAA;oBACjI,IAAI,CAAC,CAAC,aAAa,EAAE;wBACnB,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,aAAa,CACzD,KAAK,EACL,aAAa,CAAC,IAAI,CAAC,UAAU,EAC7B,KAAK,EACL,aAAa,CAAC,IAAI,CAAC,SAAS,EAC5B,UAAU,CACX,CAAA;wBACD,UAAU,GAAG,EAAE,IAAI,EAAE,WAAW,EAAE,QAAQ,EAAE,aAAa,CAAC,QAAQ,EAAE,CAAA;qBACrE;iBACF;gBAAC,OAAO,CAAC,EAAE;oBACV,OAAO,CAAC,IAAI,CAAC,6BAA6B,EAAE,kBAAkB,EAAE,CAAC,CAAC,CAAA;iBACnE;gBACD,OAAO,UAAU;oBACf,CAAC,iCACM,UAAU,KACb,CAAC,kBAAkB,CAAC,EAAE,UAAU,IAEpC,CAAC,CAAC,UAAU,CAAA;YAChB,CAAC,CAAA,EAAE,OAAO,CAAC,OAAO,CAAC,EAAsF,CAAC,CAAC,CAAA;QAC7G,CAAC;KAAA;IAEO,UAAU,CAChB,IAAsF,EACtF,eAAyD;QAEzD,OAAO,MAAM,CAAC,WAAW,CACvB,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,GAAG,CACtB,CAAC,CAAC,EAAE,EAAE,OAAO,CAAC,EAAE,EAAE,CAAC,CAAC,EAAE,kCAAO,OAAO,KAAE,UAAU,EAAE,OAAO,CAAC,QAAQ,IAAI,CAAA,eAAe,aAAf,eAAe,uBAAf,eAAe,CAAG,EAAE,CAAC,MAAK,IAAI,IAA4B,CACjI,CACF,CAAA;IACH,CAAC;IAEO,sBAAsB,CAAC,QAAuE;QAGpG,OAAO,MAAM,CAAC,WAAW,CAAC,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,OAAO,CAAC,EAAE,EAAE,CAAC,CAAC,EAAE,EAAE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;IAChG,CAAC;IAEO,iBAAiB;QACvB,IAAI,CAAC,IAAI,CAAC,SAAS;YAAE,MAAM,IAAI,KAAK,CAAC,0CAA0C,CAAC,CAAA;IAClF,CAAC;IAEa,mBAAmB,CAC/B,SAA4B,EAC5B,aAAkE;;YAElE,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,WAAW,CAAC,SAAS,EAAE,aAAa,CAAC,CAAA;YAClF,KAAK,MAAM,CAAC,EAAE,EAAE,IAAI,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,aAAa,CAAC,EAAE;gBACtD,MAAM,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC,SAAS,CAAC,SAAS,CAAC,EAAG,EAAE,EAAE,EAAE,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,EAAE,KAAK,EAAE,KAAK,CAAC,EAAE,KAAK,CAAC,CAAA;aAC9H;YACD,OAAO,aAAa,CAAA;QACtB,CAAC;KAAA;IAEa,qBAAqB,CAAC,SAA4B;;YAC9D,MAAM,mBAAmB,GAAG;gBAC1B,OAAO,EAAE,CAAC,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,YAAY,CAAC,0BAA0B,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAA,qBAAa,EAAC,CAAC,CAAC,CAAC;gBACrH,SAAS,EAAE,CAAC,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,YAAY,CAAC,4BAA4B,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAA,qBAAa,EAAC,CAAC,CAAC,CAAC;aAC1H,CAAA;YACD,MAAM,UAAU,GACd,mBAAmB,CAAC,OAAO,CAAC,CAAC,MAAM,GAAG,mBAAmB,CAAC,SAAS,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,IAAI,CAAC,cAAc,CAAC,SAAS,EAAE,mBAAmB,CAAC,CAAC,CAAC,CAAC,EAAE,CAAA;YAClJ,MAAM,sBAAsB,GAAG,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,CAAA;YACtD,IACE,sBAAsB,CAAC,MAAM,KAAK,mBAAmB,CAAC,OAAO,CAAC,CAAC,MAAM,GAAG,mBAAmB,CAAC,SAAS,CAAC,CAAC,MAAM;gBAC7G,sBAAsB,CAAC,MAAM,GAAG,CAAC,EACjC;gBACA,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,SAAS,EAAE,IAAI,CAAC,sBAAsB,CAAC,UAAU,CAAC,CAAC,CAAA;gBACxG,KAAK,MAAM,CAAC,EAAE,EAAE,IAAI,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,aAAa,CAAC,EAAE;oBACtD,UAAU,CAAC,EAAE,CAAC,GAAG,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAA;iBAC3C;aACF;YACD,OAAO,UAAU,CAAA;QACnB,CAAC;KAAA;IAEO,qBAAqB,CAAI,GAAyC;QACxE,OAAO,MAAM,CAAC,WAAW,CAAC,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,IAAA,qBAAa,EAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAA;IACvF,CAAC;IAEO,cAAc,CAAC,QAAuC;QAC5D,OAAO,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,IAAI,CAAC,CAAC,QAAQ,CAAC,CAAA;IACxE,CAAC;CACF;AApZD,8DAoZC","sourcesContent":["import { DataOwner, DataOwnerOrStub, IccDataOwnerXApi } from '../icc-data-owner-x-api'\nimport { KeyPair, ShaVersion } from './RSA'\nimport { ua2hex } from '../utils'\nimport { IcureStorageFacade } from '../storage/IcureStorageFacade'\nimport { fingerprintToPublicKeysMapOf, fingerprintV1 } from './utils'\nimport { CryptoPrimitives } from './CryptoPrimitives'\nimport { KeyRecovery } from './KeyRecovery'\nimport { CryptoStrategies } from './CryptoStrategies'\nimport { DataOwnerWithType } from '../../icc-api/model/DataOwnerWithType'\nimport { CryptoActorStub, CryptoActorStubWithType } from '../../icc-api/model/CryptoActorStub'\nimport { BaseExchangeKeysManager } from './BaseExchangeKeysManager'\nimport { KeyPairRecoverer } from './KeyPairRecoverer'\n\ntype KeyPairData = { pair: KeyPair<CryptoKey>; isVerified: boolean; isDevice: boolean }\ntype KeyRecovererAndVerifier = (\n keysData: {\n dataOwner: DataOwnerWithType\n unknownKeys: string[]\n unavailableKeys: string[]\n }[]\n) => Promise<{\n [dataOwnerId: string]: {\n recoveredKeys: { [keyPairFingerprint: string]: KeyPair<CryptoKey> }\n keyAuthenticity: { [keyPairFingerprint: string]: boolean }\n }\n}>\nconst nothingKeyRecovererAndVerifier: KeyRecovererAndVerifier = (x) =>\n Promise.resolve(\n x.reduce(\n (acc, { dataOwner }) => ({ ...acc, [dataOwner.dataOwner.id!]: { recoveredKeys: {}, keyAuthenticity: {} } }),\n {} as {\n [dataOwnerId: string]: {\n recoveredKeys: { [keyPairFingerprint: string]: KeyPair<CryptoKey> }\n keyAuthenticity: { [keyPairFingerprint: string]: boolean }\n }\n }\n )\n )\ntype CurrentOwnerKeyGenerator = (self: DataOwnerWithType) => Promise<KeyPair<CryptoKey> | boolean>\n\n/**\n * Allows to manage public and private keys for the current user and his parent hierarchy.\n */\nexport class UserEncryptionKeysManager {\n private selfId: string | undefined\n private selfLegacyPublicKey: string | undefined\n private keysCache: { [selfOrParentId: string]: { [pubKeyFingerprint: string]: KeyPairData } } | undefined = undefined\n\n constructor(\n private readonly primitives: CryptoPrimitives,\n private readonly dataOwnerApi: IccDataOwnerXApi,\n private readonly icureStorage: IcureStorageFacade,\n private readonly keyRecovery: KeyRecovery,\n private readonly strategies: CryptoStrategies,\n private readonly initialiseParentKeys: boolean,\n private readonly keypairRecoverer: KeyPairRecoverer\n ) {}\n\n /**\n * @internal\n * Get all key pairs available for the current data owner and his parents.\n * @return an object with:\n * - `self` an object containing the current data owner id and the list of key pairs available for the current data owner with verification details.\n * - `parents` the list of parents to the current data owner with the list of key pairs available for each parent. The list is ordered from the\n * topmost ancestor (at index 0) to the direct parent of the current data owner (at the last index, may be 0).\n */\n async getCurrentUserHierarchyAvailableKeypairs(): Promise<{\n self: {\n dataOwnerId: string\n keys: { pair: KeyPair<CryptoKey>; verified: boolean }[]\n }\n parents: {\n dataOwnerId: string\n keys: { pair: KeyPair<CryptoKey>; verified: boolean }[]\n }[]\n }> {\n this.ensureInitialised()\n const hierarchy = await this.dataOwnerApi.getCurrentDataOwnerHierarchyIds()\n const selfId = hierarchy[hierarchy.length - 1]\n const selfKeys = Object.values(this.keysCache![selfId]).map(({ pair, isVerified, isDevice }) => ({ pair, verified: isVerified || isDevice }))\n const remainingHierarchy = hierarchy.slice(0, hierarchy.length - 1)\n return {\n self: {\n dataOwnerId: selfId,\n keys: selfKeys,\n },\n parents: remainingHierarchy.map((x) => ({\n dataOwnerId: x,\n keys: Object.values(this.keysCache![x]).map(({ pair, isVerified, isDevice }) => ({ pair, verified: isVerified || isDevice })),\n })),\n }\n }\n\n /**\n * Get the public keys of available key pairs for the current user in hex-encoded spki representation (uses cached keys: no request is done to the\n * server).\n * By setting {@link verifiedOnly} to true only the public keys for verified key pairs will be returned: these will include only key pairs created\n * on this device or which have been verified using {@link CryptoStrategies} on this device.\n * @param verifiedOnly if true only the verified public keys will be returned.\n * @return the spki representation of public keys of available keypairs for the current user.\n */\n async getCurrentUserAvailablePublicKeysHex(verifiedOnly: boolean): Promise<string[]> {\n this.ensureInitialised()\n let selectedData = Object.values(this.keysCache![this.selfId!])\n if (verifiedOnly) {\n selectedData = selectedData.filter((data) => data.isVerified || data.isDevice)\n }\n return await Promise.all(selectedData.map(async (keyData) => ua2hex(await this.primitives.RSA.exportKey(keyData.pair.publicKey, 'spki'))))\n }\n\n /**\n * Get the public keys of available key pairs for the current user and his parents in hex-encoded spki representation (uses cached keys: no request\n * is done to the server).\n * Note that this will also include unverified keys.\n * @return the spki representation of public keys of available keypairs for the current user.\n */\n async getCurrentUserHierarchyAvailablePublicKeysHex(): Promise<string[]> {\n return await Promise.all(\n Object.values(this.keysCache!)\n .flatMap((pairsForParent) => Object.values(pairsForParent))\n .map(async (keyPairData) => ua2hex(await this.primitives.RSA.exportKey(keyPairData.pair.publicKey, 'spki')))\n )\n }\n\n /**\n * Get a key pair with the provided fingerprint if present.\n * @param fingerprint a key-pair/public-key fingerprint\n * @return the pair associated to the fingerprint and a boolean indicating if the pair is verified, if present, else undefined\n */\n getKeyPairForFingerprint(fingerprint: string): { pair: KeyPair<CryptoKey>; verified: boolean } | undefined {\n const foundVerified = this.getSelfVerifiedKeys().find((x) => x.fingerprint === fingerprint)\n if (foundVerified) return { pair: foundVerified.pair, verified: true }\n const foundOther = this.getDecryptionKeys()[fingerprint]\n if (foundOther) return { pair: foundOther, verified: false }\n return undefined\n }\n\n /**\n * @internal This method is intended for internal use only and may be changed without notice.\n * Initializes all keys for the current data owner. This method needs to be called before any other method of this class can be used.\n * @throws if the current user is not a data owner, or if there is no key and no new key could be created according to this manager crypt\n * strategies.\n * @return if a new key was created during initialisation the newly created key, else undefined.\n */\n async initialiseKeys(): Promise<{ newKeyPair: KeyPair<CryptoKey>; newKeyFingerprint: string } | undefined> {\n const newKey = await this.doLoadKeys(\n (x) => this.strategies.recoverAndVerifySelfHierarchyKeys(x, this.primitives, this.keypairRecoverer),\n (x) => this.strategies.generateNewKeyForDataOwner(x, this.primitives)\n )\n return newKey ? { newKeyPair: newKey.pair, newKeyFingerprint: newKey.fingerprint } : undefined\n }\n\n /**\n * @internal This method is intended for internal use only and may be changed without notice.\n * Forces to reload keys for the current data owner. This could be useful if the data owner has logged in from another device in order to update the\n * transfer keys.\n * This method will complete only after keys have been reloaded successfully.\n */\n async reloadKeys(): Promise<void> {\n await this.doLoadKeys(nothingKeyRecovererAndVerifier, (x) => {\n throw new Error(\"Can't create new keys at reload time: it should have already been created on initialisation\")\n })\n }\n\n /**\n * @internal This method is intended for internal use only and may be changed without notice.\n * Get all verified key pairs for the current data owner which can safely be used for encryption. This includes all key pairs created on the current\n * device and all recovered key pairs which have been verified.\n * The keys returned by this method will be in the following order:\n * 1. Legacy key pair if it is verified\n * 2. All device key pais, in alphabetical order according to the fingerprint\n * 3. Other verified key pairs, in alphabetical order according to the fingerprint\n * @return all verified keys, in order.\n */\n getSelfVerifiedKeys(): { fingerprint: string; pair: KeyPair<CryptoKey> }[] {\n this.ensureInitialised()\n const selfKeys = this.keysCache![this.selfId!]\n const allKeysEntries = Object.entries(selfKeys)\n\n const legacyKeyFp = this.selfLegacyPublicKey?.slice(-32)\n const legacyKeyData = legacyKeyFp ? selfKeys[legacyKeyFp] : undefined\n const legacyEntry = legacyKeyData?.isVerified && legacyKeyFp ? [{ fingerprint: legacyKeyFp, pair: legacyKeyData.pair }] : []\n\n function filteredEntries(filterFunction: (fp: string, data: KeyPairData) => boolean) {\n return allKeysEntries\n .filter(([fp, data]) => filterFunction(fp, data) && fp !== legacyKeyFp)\n .sort(([a], [b]) => {\n // need to make sure that the comparison is independent of the locale, but the actual ordering is not that important\n return a == b ? 0 : a > b ? 1 : -1\n })\n .map(([fingerprint, { pair }]) => ({ fingerprint, pair }))\n }\n return [...legacyEntry, ...filteredEntries((_, data) => data.isDevice), ...filteredEntries((_, data) => !data.isDevice && data.isVerified)]\n }\n\n /**\n * Get all verified keys for a member of the current data owner hierarchy in no particular order.\n * @param dataOwner the current data owner or a member of his hierarchy.\n * @throws if the provided data owner is not part of the current data owner hierarchy\n */\n async getVerifiedPublicKeysFor(dataOwner: DataOwnerOrStub): Promise<string[]> {\n this.ensureInitialised()\n const availableKeys = this.keysCache![dataOwner.id!]\n if (!availableKeys) throw new Error(`Data owner ${dataOwner.id} is not part of the hierarchy of the current data owner ${this.selfId}`)\n const availableVerifiedKeysFp = new Set(Object.entries(availableKeys).flatMap(([fp, info]) => (info.isVerified || info.isDevice ? [fp] : [])))\n const otherVerifiedFp = new Set(\n Object.entries(await this.icureStorage.loadSelfVerifiedKeys(dataOwner.id!)).flatMap(([fp, verified]) => (verified ? [fp] : []))\n )\n return Array.from([\n ...this.dataOwnerApi.getHexPublicKeysWithSha1Of(dataOwner),\n ...this.dataOwnerApi.getHexPublicKeysWithSha256Of(dataOwner),\n ]).filter((key) => {\n const fp = fingerprintV1(key)\n return availableVerifiedKeysFp.has(fp) || otherVerifiedFp.has(fp)\n })\n }\n\n /**\n * @internal This method is intended for internal use only and may be changed without notice.\n * Get all key pairs for the current data owner and his parents. These keys should be used only for decryption as they may have not been verified.\n * @return all key pairs available for decryption.\n */\n getDecryptionKeys(): { [fingerprint: string]: KeyPair<CryptoKey> } {\n this.ensureInitialised()\n return Object.values(this.keysCache!).reduce((acc, curr) => {\n return {\n ...acc,\n ...this.plainKeysByFingerprint(curr),\n }\n }, {} as { [fp: string]: KeyPair<CryptoKey> })\n }\n\n private async doLoadKeys(\n keyRecovererAndVerifier: KeyRecovererAndVerifier,\n currentOwnerKeyGenerator: CurrentOwnerKeyGenerator\n ): Promise<{ pair: KeyPair<CryptoKey>; fingerprint: string } | undefined> {\n // Load all keys for self from key store\n const hierarchy = (await this.dataOwnerApi.getCurrentDataOwnerHierarchy()).map(({ dataOwner, type }) => {\n if (dataOwner.publicKey == '') {\n if (Object.entries(dataOwner.hcPartyKeys ?? {}).length > 0)\n throw new Error(`Data owner ${dataOwner.id} has \"\" as public key but has non-empty hcPartyKeys`)\n delete dataOwner.publicKey\n }\n return {\n dataOwner,\n type,\n } as DataOwnerWithType\n })\n const self = hierarchy[hierarchy.length - 1]\n this.selfId = self.dataOwner.id!\n const keysData = []\n for (const dowt of this.initialiseParentKeys ? hierarchy : [self]) {\n const availableKeys = await this.loadAndRecoverKeysFor(dowt)\n const availableKeysFpSet = new Set(Object.keys(availableKeys))\n const verifiedKeysMap = await this.icureStorage.loadSelfVerifiedKeys(dowt.dataOwner.id!)\n const allPublicKeys = new Set([\n ...this.dataOwnerApi.getHexPublicKeysWithSha1Of(dowt.dataOwner),\n ...this.dataOwnerApi.getHexPublicKeysWithSha256Of(dowt.dataOwner),\n ])\n const unavailableKeys = Array.from(allPublicKeys).flatMap((key) => {\n return availableKeysFpSet.has(key.slice(-32)) ? [] : [key]\n })\n const unknownKeys = Array.from(allPublicKeys).filter(\n (x) => !(fingerprintV1(x) in verifiedKeysMap) && !(availableKeys?.[fingerprintV1(x)]?.isDevice === true)\n )\n keysData.push({ dowt, availableKeys, unavailableKeys, unknownKeys })\n }\n const recoveryInfo = keysData.map(({ dowt, unavailableKeys, unknownKeys }) => ({ dataOwner: dowt, unavailableKeys, unknownKeys }))\n const recoveryAndVerificationResult = recoveryInfo.some((x) => x.unavailableKeys.length > 0 || x.unknownKeys.length > 0)\n ? await keyRecovererAndVerifier(recoveryInfo)\n : await nothingKeyRecovererAndVerifier(recoveryInfo)\n const keysCache: { [dataOwnerId: string]: { [fp: string]: KeyPairData } } = {}\n for (const keyData of keysData) {\n const currAuthenticity = this.ensureFingerprintKeys(recoveryAndVerificationResult[keyData.dowt.dataOwner.id!].keyAuthenticity)\n const currExternallyRecovered = this.ensureFingerprintKeys(recoveryAndVerificationResult[keyData.dowt.dataOwner.id!].recoveredKeys)\n for (const [fp, keyPair] of Object.entries(currExternallyRecovered)) {\n const jwkPair = await this.primitives.RSA.exportKeys(keyPair, 'jwk', 'jwk')\n await this.icureStorage.saveKey(keyData.dowt.dataOwner.id!, fp, jwkPair, true)\n }\n const updatedVerifiedMap = await this.icureStorage.saveSelfVerifiedKeys(\n keyData.dowt.dataOwner.id!,\n [...Object.keys(currAuthenticity), ...Object.keys(currExternallyRecovered)].reduce(\n (acc, currFp) => ({\n ...acc,\n [currFp]: currFp in currExternallyRecovered || currAuthenticity[currFp],\n }),\n {}\n )\n )\n const keysWithExternallyRecovered = {\n ...keyData.availableKeys,\n ...Object.fromEntries(Object.entries(currExternallyRecovered).map(([k, v]) => [k, { pair: v, isDevice: false }])),\n }\n const additionallyRecovered = await this.recoverAndCacheKeys(keyData.dowt, this.plainKeysByFingerprint(keysWithExternallyRecovered))\n const keys = {\n ...keysWithExternallyRecovered,\n ...Object.fromEntries(Object.entries(additionallyRecovered).map(([k, v]) => [k, { pair: v, isDevice: false }])),\n }\n keysCache[keyData.dowt.dataOwner.id!] = this.verifyKeys(keys, updatedVerifiedMap)\n }\n if (Object.entries(keysCache).some(([ownerId, data]) => ownerId !== self.dataOwner.id && !this.hasVerifiedKey(data))) {\n throw new Error('Some parent hcps have no verified keys: impossible to generate locally a new key for a parent.')\n } else if (this.hasVerifiedKey(keysCache[self.dataOwner.id!])) {\n this.keysCache = keysCache\n this.selfLegacyPublicKey = self.dataOwner.publicKey\n return undefined\n } else {\n const whatToDo = await currentOwnerKeyGenerator(self)\n if (whatToDo === false) {\n throw new Error(`No verified key found for ${self.dataOwner.id} and settings do not allow creation of a new key.`)\n } else {\n const updateInfo = await this.createAndSaveNewKeyPair(whatToDo === true ? undefined : whatToDo, self)\n // self may be outdated now\n this.selfLegacyPublicKey = updateInfo.updatedSelf.stub.publicKey\n this.keysCache = {\n ...keysCache,\n [self.dataOwner.id!]: {\n ...keysCache[self.dataOwner.id!],\n [updateInfo.publicKeyFingerprint]: { pair: updateInfo.keyPair, isDevice: true, isVerified: true },\n },\n }\n return { pair: updateInfo.keyPair, fingerprint: updateInfo.publicKeyFingerprint }\n }\n }\n }\n\n private async createAndSaveNewKeyPair(\n importedKeyPair: undefined | KeyPair<CryptoKey>,\n selfDataOwner: DataOwnerWithType\n ): Promise<{ publicKeyFingerprint: string; keyPair: KeyPair<CryptoKey>; updatedSelf: CryptoActorStubWithType }> {\n const keyPair = importedKeyPair ?? (await this.primitives.RSA.generateKeyPair('sha-256'))\n const publicKeyHex = ua2hex(await this.primitives.RSA.exportKey(keyPair.publicKey, 'spki'))\n const jwKey = await this.primitives.RSA.exportKey(keyPair.publicKey, 'jwk')\n if (jwKey.alg !== 'RSA-OAEP-256') {\n throw new Error('Only keys generated with SHA-256 are currently supported')\n }\n const publicKeyFingerprint = fingerprintV1(publicKeyHex)\n await this.icureStorage.saveKey(\n selfDataOwner.dataOwner.id!,\n publicKeyFingerprint,\n await this.primitives.RSA.exportKeys(keyPair, 'jwk', 'jwk'),\n true\n )\n await this.icureStorage.saveSelfVerifiedKeys(selfDataOwner.dataOwner.id!, { [publicKeyFingerprint]: true })\n const updatedSelf = await this.dataOwnerApi.modifyCryptoActorStub({\n stub: {\n ...CryptoActorStub.fromDataOwner(selfDataOwner.dataOwner),\n publicKeysForOaepWithSha256: [...(selfDataOwner.dataOwner.publicKeysForOaepWithSha256 ?? []), publicKeyHex],\n },\n type: selfDataOwner.type,\n })\n return { publicKeyFingerprint, keyPair: keyPair, updatedSelf }\n }\n\n private async loadStoredKeys(\n dataOwner: DataOwnerWithType,\n pubKeysFingerprints: { [key: string]: string[] }\n ): Promise<{ [pubKeyFingerprint: string]: { pair: KeyPair<CryptoKey>; isDevice: boolean } }> {\n const pubKeysFingerprintsWithVersion = Object.entries(pubKeysFingerprints).flatMap(([shaVersion, fps]) => {\n return fps.map((fp) => [shaVersion, fp] as [ShaVersion, string])\n })\n return await pubKeysFingerprintsWithVersion.reduce(async (acc, [shaVersion, currentFingerprint]) => {\n const awaitedAcc = await acc\n let loadedPair: { pair: KeyPair<CryptoKey>; isDevice: boolean } | undefined = undefined\n try {\n const storedKeypair = await this.icureStorage.loadKey(dataOwner.dataOwner.id!, currentFingerprint, dataOwner.dataOwner.publicKey)\n if (!!storedKeypair) {\n const importedKey = await this.primitives.RSA.importKeyPair(\n 'jwk',\n storedKeypair.pair.privateKey,\n 'jwk',\n storedKeypair.pair.publicKey,\n shaVersion\n )\n loadedPair = { pair: importedKey, isDevice: storedKeypair.isDevice }\n }\n } catch (e) {\n console.warn('Error while loading keypair', currentFingerprint, e)\n }\n return loadedPair\n ? {\n ...awaitedAcc,\n [currentFingerprint]: loadedPair,\n }\n : awaitedAcc\n }, Promise.resolve({} as { [pubKeyFingerprint: string]: { pair: KeyPair<CryptoKey>; isDevice: boolean } }))\n }\n\n private verifyKeys(\n keys: { [pubKeyFingerprint: string]: { pair: KeyPair<CryptoKey>; isDevice: boolean } },\n verifiedKeysMap: { [pubKeyFingerprint: string]: boolean }\n ): { [pubKeyFingerprint: string]: KeyPairData } {\n return Object.fromEntries(\n Object.entries(keys).map(\n ([fp, keyData]) => [fp, { ...keyData, isVerified: keyData.isDevice || verifiedKeysMap?.[fp] === true }] as [string, KeyPairData]\n )\n )\n }\n\n private plainKeysByFingerprint(richKeys: { [pubKeyFingerprint: string]: { pair: KeyPair<CryptoKey> } }): {\n [pubKeyFingerprint: string]: KeyPair<CryptoKey>\n } {\n return Object.fromEntries(Object.entries(richKeys).map(([fp, keyData]) => [fp, keyData.pair]))\n }\n\n private ensureInitialised() {\n if (!this.keysCache) throw new Error('Key manager was not properly initialised')\n }\n\n private async recoverAndCacheKeys(\n dataOwner: DataOwnerWithType,\n availableKeys: { [pubKeyFingerprint: string]: KeyPair<CryptoKey> }\n ): Promise<{ [p: string]: KeyPair<CryptoKey> }> {\n const recoveredKeys = await this.keyRecovery.recoverKeys(dataOwner, availableKeys)\n for (const [fp, pair] of Object.entries(recoveredKeys)) {\n await this.icureStorage.saveKey(dataOwner.dataOwner.id!, fp, await this.primitives.RSA.exportKeys(pair, 'jwk', 'jwk'), false)\n }\n return recoveredKeys\n }\n\n private async loadAndRecoverKeysFor(dataOwner: DataOwnerWithType): Promise<{ [keyFp: string]: { pair: KeyPair<CryptoKey>; isDevice: boolean } }> {\n const pubKeysFingerprints = {\n 'sha-1': [...new Set(this.dataOwnerApi.getHexPublicKeysWithSha1Of(dataOwner.dataOwner))].map((x) => fingerprintV1(x)),\n 'sha-256': [...new Set(this.dataOwnerApi.getHexPublicKeysWithSha256Of(dataOwner.dataOwner))].map((x) => fingerprintV1(x)),\n }\n const loadedKeys =\n pubKeysFingerprints['sha-1'].length + pubKeysFingerprints['sha-256'].length > 0 ? await this.loadStoredKeys(dataOwner, pubKeysFingerprints) : {}\n const loadedKeysFingerprints = Object.keys(loadedKeys)\n if (\n loadedKeysFingerprints.length !== pubKeysFingerprints['sha-1'].length + pubKeysFingerprints['sha-256'].length &&\n loadedKeysFingerprints.length > 0\n ) {\n const recoveredKeys = await this.recoverAndCacheKeys(dataOwner, this.plainKeysByFingerprint(loadedKeys))\n for (const [fp, pair] of Object.entries(recoveredKeys)) {\n loadedKeys[fp] = { pair, isDevice: false }\n }\n }\n return loadedKeys\n }\n\n private ensureFingerprintKeys<T>(obj: { [shouldBeFingerprint: string]: T }): { [definitelyFingerprint: string]: T } {\n return Object.fromEntries(Object.entries(obj).map(([k, v]) => [fingerprintV1(k), v]))\n }\n\n private hasVerifiedKey(keysData: { [fp: string]: KeyPairData }) {\n return Object.values(keysData).some((x) => x.isVerified || x.isDevice)\n }\n}\n"]}
1
+ {"version":3,"file":"UserEncryptionKeysManager.js","sourceRoot":"","sources":["../../../icc-x-api/crypto/UserEncryptionKeysManager.ts"],"names":[],"mappings":";;;;;;;;;;;;AACA,+BAA2C;AAC3C,oCAAiC;AAEjC,mCAAuC;AAKvC,yEAA8F;AAgB9F,MAAM,8BAA8B,GAA4B,CAAC,CAAC,EAAE,EAAE,CACpE,OAAO,CAAC,OAAO,CACb,CAAC,CAAC,MAAM,CACN,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,EAAE,EAAE,CAAC,iCAAM,GAAG,KAAE,CAAC,SAAS,CAAC,SAAS,CAAC,EAAG,CAAC,EAAE,EAAE,aAAa,EAAE,EAAE,EAAE,eAAe,EAAE,EAAE,EAAE,IAAG,EAC3G,EAKC,CACF,CACF,CAAA;AAGH;;GAEG;AACH,MAAa,yBAAyB;IAKpC,YACmB,UAA4B,EAC5B,YAA8B,EAC9B,YAAgC,EAChC,WAAwB,EACxB,UAA4B,EAC5B,oBAA6B,EAC7B,gBAAkC;QANlC,eAAU,GAAV,UAAU,CAAkB;QAC5B,iBAAY,GAAZ,YAAY,CAAkB;QAC9B,iBAAY,GAAZ,YAAY,CAAoB;QAChC,gBAAW,GAAX,WAAW,CAAa;QACxB,eAAU,GAAV,UAAU,CAAkB;QAC5B,yBAAoB,GAApB,oBAAoB,CAAS;QAC7B,qBAAgB,GAAhB,gBAAgB,CAAkB;QAT7C,cAAS,GAA2F,SAAS,CAAA;IAUlH,CAAC;IAEJ;;;;;;;OAOG;IACG,wCAAwC;;YAU5C,IAAI,CAAC,iBAAiB,EAAE,CAAA;YACxB,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,+BAA+B,EAAE,CAAA;YAC3E,MAAM,MAAM,GAAG,SAAS,CAAC,SAAS,CAAC,MAAM,GAAG,CAAC,CAAC,CAAA;YAC9C,MAAM,QAAQ,GAAG,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,SAAU,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,EAAE,UAAU,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,UAAU,IAAI,QAAQ,EAAE,CAAC,CAAC,CAAA;YAC7I,MAAM,kBAAkB,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,SAAS,CAAC,MAAM,GAAG,CAAC,CAAC,CAAA;YACnE,OAAO;gBACL,IAAI,EAAE;oBACJ,WAAW,EAAE,MAAM;oBACnB,IAAI,EAAE,QAAQ;iBACf;gBACD,OAAO,EAAE,kBAAkB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;oBACtC,WAAW,EAAE,CAAC;oBACd,IAAI,EAAE,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,SAAU,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,EAAE,UAAU,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,UAAU,IAAI,QAAQ,EAAE,CAAC,CAAC;iBAC9H,CAAC,CAAC;aACJ,CAAA;QACH,CAAC;KAAA;IAED;;;;;;;OAOG;IACG,oCAAoC,CAAC,YAAqB;;YAC9D,IAAI,CAAC,iBAAiB,EAAE,CAAA;YACxB,IAAI,YAAY,GAAG,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,SAAU,CAAC,IAAI,CAAC,MAAO,CAAC,CAAC,CAAA;YAC/D,IAAI,YAAY,EAAE;gBAChB,YAAY,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,UAAU,IAAI,IAAI,CAAC,QAAQ,CAAC,CAAA;aAC/E;YACD,OAAO,MAAM,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,CAAO,OAAO,EAAE,EAAE,gDAAC,OAAA,IAAA,cAAM,EAAC,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,SAAS,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC,CAAA,GAAA,CAAC,CAAC,CAAA;QAC5I,CAAC;KAAA;IAED;;;;;OAKG;IACG,6CAA6C;;YACjD,OAAO,MAAM,OAAO,CAAC,GAAG,CACtB,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,SAAU,CAAC;iBAC3B,OAAO,CAAC,CAAC,cAAc,EAAE,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC;iBAC1D,GAAG,CAAC,CAAO,WAAW,EAAE,EAAE,gDAAC,OAAA,IAAA,cAAM,EAAC,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,SAAS,CAAC,WAAW,CAAC,IAAI,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC,CAAA,GAAA,CAAC,CAC/G,CAAA;QACH,CAAC;KAAA;IAED;;;;OAIG;IACH,wBAAwB,CAAC,WAAmB;QAC1C,MAAM,aAAa,GAAG,IAAI,CAAC,mBAAmB,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,KAAK,WAAW,CAAC,CAAA;QAC3F,IAAI,aAAa;YAAE,OAAO,EAAE,IAAI,EAAE,aAAa,CAAC,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAA;QACtE,MAAM,UAAU,GAAG,IAAI,CAAC,iBAAiB,EAAE,CAAC,WAAW,CAAC,CAAA;QACxD,IAAI,UAAU;YAAE,OAAO,EAAE,IAAI,EAAE,UAAU,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAA;QAC5D,OAAO,SAAS,CAAA;IAClB,CAAC;IAED;;;;;;OAMG;IACG,cAAc;;YAClB,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,UAAU,CAClC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,iCAAiC,CAAC,CAAC,EAAE,IAAI,CAAC,UAAU,EAAE,IAAI,CAAC,gBAAgB,CAAC,EACnG,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,0BAA0B,CAAC,CAAC,EAAE,IAAI,CAAC,UAAU,CAAC,CACtE,CAAA;YACD,OAAO,MAAM,CAAC,CAAC,CAAC,EAAE,UAAU,EAAE,MAAM,CAAC,IAAI,EAAE,iBAAiB,EAAE,MAAM,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,SAAS,CAAA;QAChG,CAAC;KAAA;IAED;;;;;OAKG;IACG,UAAU;;YACd,MAAM,IAAI,CAAC,UAAU,CAAC,8BAA8B,EAAE,CAAC,CAAC,EAAE,EAAE;gBAC1D,MAAM,IAAI,KAAK,CAAC,6FAA6F,CAAC,CAAA;YAChH,CAAC,CAAC,CAAA;QACJ,CAAC;KAAA;IAED;;;;;;;;;OASG;IACH,mBAAmB;QACjB,IAAI,CAAC,iBAAiB,EAAE,CAAA;QACxB,MAAM,QAAQ,GAAG,IAAI,CAAC,SAAU,CAAC,IAAI,CAAC,MAAO,CAAC,CAAA;QAC9C,MAAM,cAAc,GAAG,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAA;QAE/C,MAAM,WAAW,GAAG,IAAI,CAAC,mBAAmB,IAAI,IAAA,qBAAa,EAAC,IAAI,CAAC,mBAAmB,CAAC,CAAA;QACvF,MAAM,aAAa,GAAG,WAAW,CAAC,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,SAAS,CAAA;QACrE,MAAM,WAAW,GAAG,CAAA,aAAa,aAAb,aAAa,uBAAb,aAAa,CAAE,UAAU,KAAI,WAAW,CAAC,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,WAAW,EAAE,IAAI,EAAE,aAAa,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,CAAA;QAE5H,SAAS,eAAe,CAAC,cAA0D;YACjF,OAAO,cAAc;iBAClB,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,IAAI,CAAC,EAAE,EAAE,CAAC,cAAc,CAAC,EAAE,EAAE,IAAI,CAAC,IAAI,EAAE,KAAK,WAAW,CAAC;iBACtE,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE;gBACjB,oHAAoH;gBACpH,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAA;YACpC,CAAC,CAAC;iBACD,GAAG,CAAC,CAAC,CAAC,WAAW,EAAE,EAAE,IAAI,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC,CAAC,CAAA;QAC9D,CAAC;QACD,OAAO,CAAC,GAAG,WAAW,EAAE,GAAG,eAAe,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,GAAG,eAAe,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,EAAE,CAAC,CAAC,IAAI,CAAC,QAAQ,IAAI,IAAI,CAAC,UAAU,CAAC,CAAC,CAAA;IAC7I,CAAC;IAED;;;;OAIG;IACG,wBAAwB,CAAC,SAA0B;;YACvD,IAAI,CAAC,iBAAiB,EAAE,CAAA;YACxB,MAAM,aAAa,GAAG,IAAI,CAAC,SAAU,CAAC,SAAS,CAAC,EAAG,CAAC,CAAA;YACpD,IAAI,CAAC,aAAa;gBAAE,MAAM,IAAI,KAAK,CAAC,cAAc,SAAS,CAAC,EAAE,2DAA2D,IAAI,CAAC,MAAM,EAAE,CAAC,CAAA;YACvI,MAAM,uBAAuB,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,IAAI,CAAC,EAAE,EAAE,CAAC,CAAC,IAAI,CAAC,UAAU,IAAI,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAA;YAC9I,MAAM,eAAe,GAAG,IAAI,GAAG,CAC7B,MAAM,CAAC,OAAO,CAAC,MAAM,IAAI,CAAC,YAAY,CAAC,oBAAoB,CAAC,SAAS,CAAC,EAAG,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,QAAQ,CAAC,EAAE,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAChI,CAAA;YACD,OAAO,KAAK,CAAC,IAAI,CAAC;gBAChB,GAAG,IAAI,CAAC,YAAY,CAAC,0BAA0B,CAAC,SAAS,CAAC;gBAC1D,GAAG,IAAI,CAAC,YAAY,CAAC,4BAA4B,CAAC,SAAS,CAAC;aAC7D,CAAC,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,EAAE;gBAChB,MAAM,EAAE,GAAG,IAAA,qBAAa,EAAC,GAAG,CAAC,CAAA;gBAC7B,OAAO,uBAAuB,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,eAAe,CAAC,GAAG,CAAC,EAAE,CAAC,CAAA;YACnE,CAAC,CAAC,CAAA;QACJ,CAAC;KAAA;IAED;;;;OAIG;IACH,iBAAiB;QACf,IAAI,CAAC,iBAAiB,EAAE,CAAA;QACxB,OAAO,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,SAAU,CAAC,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE;YACzD,uCACK,GAAG,GACH,IAAI,CAAC,sBAAsB,CAAC,IAAI,CAAC,EACrC;QACH,CAAC,EAAE,EAA0C,CAAC,CAAA;IAChD,CAAC;IAEa,UAAU,CACtB,uBAAgD,EAChD,wBAAkD;;YAElD,wCAAwC;YACxC,MAAM,SAAS,GAAG,CAAC,MAAM,IAAI,CAAC,YAAY,CAAC,4BAA4B,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,SAAS,EAAE,IAAI,EAAE,EAAE,EAAE;;gBACrG,IAAI,SAAS,CAAC,SAAS,IAAI,EAAE,EAAE;oBAC7B,IAAI,MAAM,CAAC,OAAO,CAAC,MAAA,SAAS,CAAC,WAAW,mCAAI,EAAE,CAAC,CAAC,MAAM,GAAG,CAAC;wBACxD,MAAM,IAAI,KAAK,CAAC,cAAc,SAAS,CAAC,EAAE,qDAAqD,CAAC,CAAA;oBAClG,OAAO,SAAS,CAAC,SAAS,CAAA;iBAC3B;gBACD,OAAO;oBACL,SAAS;oBACT,IAAI;iBACgB,CAAA;YACxB,CAAC,CAAC,CAAA;YACF,MAAM,IAAI,GAAG,SAAS,CAAC,SAAS,CAAC,MAAM,GAAG,CAAC,CAAC,CAAA;YAC5C,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC,SAAS,CAAC,EAAG,CAAA;YAChC,MAAM,QAAQ,GAAG,EAAE,CAAA;YACnB,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,oBAAoB,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE;gBACjE,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,qBAAqB,CAAC,IAAI,CAAC,CAAA;gBAC5D,MAAM,kBAAkB,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAA;gBAC9D,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,oBAAoB,CAAC,IAAI,CAAC,SAAS,CAAC,EAAG,CAAC,CAAA;gBACxF,MAAM,aAAa,GAAG,IAAI,GAAG,CAAC;oBAC5B,GAAG,IAAI,CAAC,YAAY,CAAC,0BAA0B,CAAC,IAAI,CAAC,SAAS,CAAC;oBAC/D,GAAG,IAAI,CAAC,YAAY,CAAC,4BAA4B,CAAC,IAAI,CAAC,SAAS,CAAC;iBAClE,CAAC,CAAA;gBACF,MAAM,eAAe,GAAG,KAAK,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,OAAO,CAAC,CAAC,GAAG,EAAE,EAAE;oBAChE,OAAO,kBAAkB,CAAC,GAAG,CAAC,IAAA,qBAAa,EAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAA;gBAChE,CAAC,CAAC,CAAA;gBACF,MAAM,WAAW,GAAG,KAAK,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,MAAM,CAClD,CAAC,CAAC,EAAE,EAAE,WAAC,OAAA,CAAC,CAAC,IAAA,qBAAa,EAAC,CAAC,CAAC,IAAI,eAAe,CAAC,IAAI,CAAC,CAAC,CAAA,MAAA,aAAa,aAAb,aAAa,uBAAb,aAAa,CAAG,IAAA,qBAAa,EAAC,CAAC,CAAC,CAAC,0CAAE,QAAQ,MAAK,IAAI,CAAC,CAAA,EAAA,CACzG,CAAA;gBACD,QAAQ,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,aAAa,EAAE,eAAe,EAAE,WAAW,EAAE,CAAC,CAAA;aACrE;YACD,MAAM,YAAY,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,EAAE,eAAe,EAAE,WAAW,EAAE,EAAE,EAAE,CAAC,CAAC,EAAE,SAAS,EAAE,IAAI,EAAE,eAAe,EAAE,WAAW,EAAE,CAAC,CAAC,CAAA;YAClI,MAAM,6BAA6B,GAAG,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,eAAe,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC,CAAC;gBACtH,CAAC,CAAC,MAAM,uBAAuB,CAAC,YAAY,CAAC;gBAC7C,CAAC,CAAC,MAAM,8BAA8B,CAAC,YAAY,CAAC,CAAA;YACtD,MAAM,SAAS,GAA6D,EAAE,CAAA;YAC9E,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE;gBAC9B,MAAM,gBAAgB,GAAG,IAAI,CAAC,qBAAqB,CAAC,6BAA6B,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,EAAG,CAAC,CAAC,eAAe,CAAC,CAAA;gBAC9H,MAAM,uBAAuB,GAAG,IAAI,CAAC,qBAAqB,CAAC,6BAA6B,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,EAAG,CAAC,CAAC,aAAa,CAAC,CAAA;gBACnI,KAAK,MAAM,CAAC,EAAE,EAAE,OAAO,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,uBAAuB,CAAC,EAAE;oBACnE,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,UAAU,CAAC,OAAO,EAAE,KAAK,EAAE,KAAK,CAAC,CAAA;oBAC3E,MAAM,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,EAAG,EAAE,EAAE,EAAE,OAAO,EAAE,IAAI,CAAC,CAAA;iBAC/E;gBACD,MAAM,kBAAkB,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,oBAAoB,CACrE,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,EAAG,EAC1B,CAAC,GAAG,MAAM,CAAC,IAAI,CAAC,gBAAgB,CAAC,EAAE,GAAG,MAAM,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC,CAAC,MAAM,CAChF,CAAC,GAAG,EAAE,MAAM,EAAE,EAAE,CAAC,iCACZ,GAAG,KACN,CAAC,MAAM,CAAC,EAAE,MAAM,IAAI,uBAAuB,IAAI,gBAAgB,CAAC,MAAM,CAAC,IACvE,EACF,EAAE,CACH,CACF,CAAA;gBACD,MAAM,2BAA2B,mCAC5B,OAAO,CAAC,aAAa,GACrB,MAAM,CAAC,WAAW,CAAC,MAAM,CAAC,OAAO,CAAC,uBAAuB,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,IAAI,EAAE,CAAC,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC,CAClH,CAAA;gBACD,MAAM,qBAAqB,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,OAAO,CAAC,IAAI,EAAE,IAAI,CAAC,sBAAsB,CAAC,2BAA2B,CAAC,CAAC,CAAA;gBACpI,MAAM,IAAI,mCACL,2BAA2B,GAC3B,MAAM,CAAC,WAAW,CAAC,MAAM,CAAC,OAAO,CAAC,qBAAqB,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,IAAI,EAAE,CAAC,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC,CAChH,CAAA;gBACD,SAAS,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,EAAG,CAAC,GAAG,IAAI,CAAC,UAAU,CAAC,IAAI,EAAE,kBAAkB,CAAC,CAAA;aAClF;YACD,IAAI,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,OAAO,EAAE,IAAI,CAAC,EAAE,EAAE,CAAC,OAAO,KAAK,IAAI,CAAC,SAAS,CAAC,EAAE,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC,EAAE;gBACpH,MAAM,IAAI,KAAK,CAAC,gGAAgG,CAAC,CAAA;aAClH;iBAAM,IAAI,IAAI,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,SAAS,CAAC,EAAG,CAAC,CAAC,EAAE;gBAC7D,IAAI,CAAC,SAAS,GAAG,SAAS,CAAA;gBAC1B,IAAI,CAAC,mBAAmB,GAAG,IAAI,CAAC,SAAS,CAAC,SAAS,CAAA;gBACnD,OAAO,SAAS,CAAA;aACjB;iBAAM;gBACL,MAAM,QAAQ,GAAG,MAAM,wBAAwB,CAAC,IAAI,CAAC,CAAA;gBACrD,IAAI,QAAQ,KAAK,KAAK,EAAE;oBACtB,MAAM,IAAI,KAAK,CAAC,6BAA6B,IAAI,CAAC,SAAS,CAAC,EAAE,mDAAmD,CAAC,CAAA;iBACnH;qBAAM;oBACL,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,uBAAuB,CAAC,QAAQ,KAAK,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAA;oBACrG,2BAA2B;oBAC3B,IAAI,CAAC,mBAAmB,GAAG,UAAU,CAAC,WAAW,CAAC,IAAI,CAAC,SAAS,CAAA;oBAChE,IAAI,CAAC,SAAS,mCACT,SAAS,KACZ,CAAC,IAAI,CAAC,SAAS,CAAC,EAAG,CAAC,kCACf,SAAS,CAAC,IAAI,CAAC,SAAS,CAAC,EAAG,CAAC,KAChC,CAAC,UAAU,CAAC,oBAAoB,CAAC,EAAE,EAAE,IAAI,EAAE,UAAU,CAAC,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,UAAU,EAAE,IAAI,EAAE,MAEpG,CAAA;oBACD,OAAO,EAAE,IAAI,EAAE,UAAU,CAAC,OAAO,EAAE,WAAW,EAAE,UAAU,CAAC,oBAAoB,EAAE,CAAA;iBAClF;aACF;QACH,CAAC;KAAA;IAEa,uBAAuB,CACnC,eAA+C,EAC/C,aAAgC;;;YAEhC,MAAM,OAAO,GAAG,eAAe,aAAf,eAAe,cAAf,eAAe,GAAI,CAAC,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,eAAe,CAAC,gBAAU,CAAC,MAAM,CAAC,CAAC,CAAA;YACjG,MAAM,YAAY,GAAG,IAAA,cAAM,EAAC,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,SAAS,CAAC,OAAO,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC,CAAA;YAC3F,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,SAAS,CAAC,OAAO,CAAC,SAAS,EAAE,KAAK,CAAC,CAAA;YAC3E,IAAI,KAAK,CAAC,GAAG,KAAK,cAAc,EAAE;gBAChC,MAAM,IAAI,KAAK,CAAC,0DAA0D,CAAC,CAAA;aAC5E;YACD,MAAM,oBAAoB,GAAG,IAAA,qBAAa,EAAC,YAAY,CAAC,CAAA;YACxD,MAAM,IAAI,CAAC,YAAY,CAAC,OAAO,CAC7B,aAAa,CAAC,SAAS,CAAC,EAAG,EAC3B,oBAAoB,EACpB,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,UAAU,CAAC,OAAO,EAAE,KAAK,EAAE,KAAK,CAAC,EAC3D,IAAI,CACL,CAAA;YACD,MAAM,IAAI,CAAC,YAAY,CAAC,oBAAoB,CAAC,aAAa,CAAC,SAAS,CAAC,EAAG,EAAE,EAAE,CAAC,oBAAoB,CAAC,EAAE,IAAI,EAAE,CAAC,CAAA;YAC3G,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,qBAAqB,CAAC;gBAChE,IAAI,kCACC,iCAAe,CAAC,aAAa,CAAC,aAAa,CAAC,SAAS,CAAC,KACzD,2BAA2B,EAAE,CAAC,GAAG,CAAC,MAAA,aAAa,CAAC,SAAS,CAAC,2BAA2B,mCAAI,EAAE,CAAC,EAAE,YAAY,CAAC,GAC5G;gBACD,IAAI,EAAE,aAAa,CAAC,IAAI;aACzB,CAAC,CAAA;YACF,OAAO,EAAE,oBAAoB,EAAE,OAAO,EAAE,OAAO,EAAE,WAAW,EAAE,CAAA;;KAC/D;IAEa,cAAc,CAC1B,SAA4B,EAC5B,mBAAgD;;YAEhD,MAAM,8BAA8B,GAAG,MAAM,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,UAAU,EAAE,GAAG,CAAC,EAAE,EAAE;gBACvG,OAAO,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,UAAU,EAAE,EAAE,CAAyB,CAAC,CAAA;YAClE,CAAC,CAAC,CAAA;YACF,OAAO,MAAM,8BAA8B,CAAC,MAAM,CAAC,CAAO,GAAG,EAAE,CAAC,UAAU,EAAE,kBAAkB,CAAC,EAAE,EAAE;gBACjG,MAAM,UAAU,GAAG,MAAM,GAAG,CAAA;gBAC5B,IAAI,UAAU,GAAgE,SAAS,CAAA;gBACvF,IAAI;oBACF,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC,SAAS,CAAC,SAAS,CAAC,EAAG,EAAE,kBAAkB,EAAE,SAAS,CAAC,SAAS,CAAC,SAAS,CAAC,CAAA;oBACjI,IAAI,CAAC,CAAC,aAAa,EAAE;wBACnB,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,aAAa,CACzD,KAAK,EACL,aAAa,CAAC,IAAI,CAAC,UAAU,EAC7B,KAAK,EACL,aAAa,CAAC,IAAI,CAAC,SAAS,EAC5B,UAAU,CACX,CAAA;wBACD,UAAU,GAAG,EAAE,IAAI,EAAE,WAAW,EAAE,QAAQ,EAAE,aAAa,CAAC,QAAQ,EAAE,CAAA;qBACrE;iBACF;gBAAC,OAAO,CAAC,EAAE;oBACV,OAAO,CAAC,IAAI,CAAC,6BAA6B,EAAE,kBAAkB,EAAE,CAAC,CAAC,CAAA;iBACnE;gBACD,OAAO,UAAU;oBACf,CAAC,iCACM,UAAU,KACb,CAAC,kBAAkB,CAAC,EAAE,UAAU,IAEpC,CAAC,CAAC,UAAU,CAAA;YAChB,CAAC,CAAA,EAAE,OAAO,CAAC,OAAO,CAAC,EAAsF,CAAC,CAAC,CAAA;QAC7G,CAAC;KAAA;IAEO,UAAU,CAChB,IAAsF,EACtF,eAAyD;QAEzD,OAAO,MAAM,CAAC,WAAW,CACvB,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,GAAG,CACtB,CAAC,CAAC,EAAE,EAAE,OAAO,CAAC,EAAE,EAAE,CAAC,CAAC,EAAE,kCAAO,OAAO,KAAE,UAAU,EAAE,OAAO,CAAC,QAAQ,IAAI,CAAA,eAAe,aAAf,eAAe,uBAAf,eAAe,CAAG,EAAE,CAAC,MAAK,IAAI,IAA4B,CACjI,CACF,CAAA;IACH,CAAC;IAEO,sBAAsB,CAAC,QAAuE;QAGpG,OAAO,MAAM,CAAC,WAAW,CAAC,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,OAAO,CAAC,EAAE,EAAE,CAAC,CAAC,EAAE,EAAE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;IAChG,CAAC;IAEO,iBAAiB;QACvB,IAAI,CAAC,IAAI,CAAC,SAAS;YAAE,MAAM,IAAI,KAAK,CAAC,0CAA0C,CAAC,CAAA;IAClF,CAAC;IAEa,mBAAmB,CAC/B,SAA4B,EAC5B,aAAkE;;YAElE,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,WAAW,CAAC,SAAS,EAAE,aAAa,CAAC,CAAA;YAClF,KAAK,MAAM,CAAC,EAAE,EAAE,IAAI,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,aAAa,CAAC,EAAE;gBACtD,MAAM,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC,SAAS,CAAC,SAAS,CAAC,EAAG,EAAE,EAAE,EAAE,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,EAAE,KAAK,EAAE,KAAK,CAAC,EAAE,KAAK,CAAC,CAAA;aAC9H;YACD,OAAO,aAAa,CAAA;QACtB,CAAC;KAAA;IAEa,qBAAqB,CAAC,SAA4B;;YAC9D,MAAM,mBAAmB,GAAG;gBAC1B,OAAO,EAAE,CAAC,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,YAAY,CAAC,0BAA0B,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAA,qBAAa,EAAC,CAAC,CAAC,CAAC;gBACrH,SAAS,EAAE,CAAC,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,YAAY,CAAC,4BAA4B,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAA,qBAAa,EAAC,CAAC,CAAC,CAAC;aAC1H,CAAA;YACD,MAAM,UAAU,GACd,mBAAmB,CAAC,OAAO,CAAC,CAAC,MAAM,GAAG,mBAAmB,CAAC,SAAS,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,IAAI,CAAC,cAAc,CAAC,SAAS,EAAE,mBAAmB,CAAC,CAAC,CAAC,CAAC,EAAE,CAAA;YAClJ,MAAM,sBAAsB,GAAG,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,CAAA;YACtD,IACE,sBAAsB,CAAC,MAAM,KAAK,mBAAmB,CAAC,OAAO,CAAC,CAAC,MAAM,GAAG,mBAAmB,CAAC,SAAS,CAAC,CAAC,MAAM;gBAC7G,sBAAsB,CAAC,MAAM,GAAG,CAAC,EACjC;gBACA,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,SAAS,EAAE,IAAI,CAAC,sBAAsB,CAAC,UAAU,CAAC,CAAC,CAAA;gBACxG,KAAK,MAAM,CAAC,EAAE,EAAE,IAAI,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,aAAa,CAAC,EAAE;oBACtD,UAAU,CAAC,EAAE,CAAC,GAAG,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAA;iBAC3C;aACF;YACD,OAAO,UAAU,CAAA;QACnB,CAAC;KAAA;IAEO,qBAAqB,CAAI,GAAyC;QACxE,OAAO,MAAM,CAAC,WAAW,CAAC,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,IAAA,qBAAa,EAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAA;IACvF,CAAC;IAEO,cAAc,CAAC,QAAuC;QAC5D,OAAO,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,IAAI,CAAC,CAAC,QAAQ,CAAC,CAAA;IACxE,CAAC;CACF;AApZD,8DAoZC","sourcesContent":["import { DataOwnerOrStub, IccDataOwnerXApi } from '../icc-data-owner-x-api'\nimport { KeyPair, ShaVersion } from './RSA'\nimport { ua2hex } from '../utils'\nimport { IcureStorageFacade } from '../storage/IcureStorageFacade'\nimport { fingerprintV1 } from './utils'\nimport { CryptoPrimitives } from './CryptoPrimitives'\nimport { KeyRecovery } from './KeyRecovery'\nimport { CryptoStrategies } from './CryptoStrategies'\nimport { DataOwnerWithType } from '../../icc-api/model/DataOwnerWithType'\nimport { CryptoActorStub, CryptoActorStubWithType } from '../../icc-api/model/CryptoActorStub'\nimport { KeyPairRecoverer } from './KeyPairRecoverer'\n\ntype KeyPairData = { pair: KeyPair<CryptoKey>; isVerified: boolean; isDevice: boolean }\ntype KeyRecovererAndVerifier = (\n keysData: {\n dataOwner: DataOwnerWithType\n unknownKeys: string[]\n unavailableKeys: string[]\n }[]\n) => Promise<{\n [dataOwnerId: string]: {\n recoveredKeys: { [keyPairFingerprint: string]: KeyPair<CryptoKey> }\n keyAuthenticity: { [keyPairFingerprint: string]: boolean }\n }\n}>\nconst nothingKeyRecovererAndVerifier: KeyRecovererAndVerifier = (x) =>\n Promise.resolve(\n x.reduce(\n (acc, { dataOwner }) => ({ ...acc, [dataOwner.dataOwner.id!]: { recoveredKeys: {}, keyAuthenticity: {} } }),\n {} as {\n [dataOwnerId: string]: {\n recoveredKeys: { [keyPairFingerprint: string]: KeyPair<CryptoKey> }\n keyAuthenticity: { [keyPairFingerprint: string]: boolean }\n }\n }\n )\n )\ntype CurrentOwnerKeyGenerator = (self: DataOwnerWithType) => Promise<KeyPair<CryptoKey> | boolean>\n\n/**\n * Allows to manage public and private keys for the current user and his parent hierarchy.\n */\nexport class UserEncryptionKeysManager {\n private selfId: string | undefined\n private selfLegacyPublicKey: string | undefined\n private keysCache: { [selfOrParentId: string]: { [pubKeyFingerprint: string]: KeyPairData } } | undefined = undefined\n\n constructor(\n private readonly primitives: CryptoPrimitives,\n private readonly dataOwnerApi: IccDataOwnerXApi,\n private readonly icureStorage: IcureStorageFacade,\n private readonly keyRecovery: KeyRecovery,\n private readonly strategies: CryptoStrategies,\n private readonly initialiseParentKeys: boolean,\n private readonly keypairRecoverer: KeyPairRecoverer\n ) {}\n\n /**\n * @internal\n * Get all key pairs available for the current data owner and his parents.\n * @return an object with:\n * - `self` an object containing the current data owner id and the list of key pairs available for the current data owner with verification details.\n * - `parents` the list of parents to the current data owner with the list of key pairs available for each parent. The list is ordered from the\n * topmost ancestor (at index 0) to the direct parent of the current data owner (at the last index, may be 0).\n */\n async getCurrentUserHierarchyAvailableKeypairs(): Promise<{\n self: {\n dataOwnerId: string\n keys: { pair: KeyPair<CryptoKey>; verified: boolean }[]\n }\n parents: {\n dataOwnerId: string\n keys: { pair: KeyPair<CryptoKey>; verified: boolean }[]\n }[]\n }> {\n this.ensureInitialised()\n const hierarchy = await this.dataOwnerApi.getCurrentDataOwnerHierarchyIds()\n const selfId = hierarchy[hierarchy.length - 1]\n const selfKeys = Object.values(this.keysCache![selfId]).map(({ pair, isVerified, isDevice }) => ({ pair, verified: isVerified || isDevice }))\n const remainingHierarchy = hierarchy.slice(0, hierarchy.length - 1)\n return {\n self: {\n dataOwnerId: selfId,\n keys: selfKeys,\n },\n parents: remainingHierarchy.map((x) => ({\n dataOwnerId: x,\n keys: Object.values(this.keysCache![x]).map(({ pair, isVerified, isDevice }) => ({ pair, verified: isVerified || isDevice })),\n })),\n }\n }\n\n /**\n * Get the public keys of available key pairs for the current user in hex-encoded spki representation (uses cached keys: no request is done to the\n * server).\n * By setting {@link verifiedOnly} to true only the public keys for verified key pairs will be returned: these will include only key pairs created\n * on this device or which have been verified using {@link CryptoStrategies} on this device.\n * @param verifiedOnly if true only the verified public keys will be returned.\n * @return the spki representation of public keys of available keypairs for the current user.\n */\n async getCurrentUserAvailablePublicKeysHex(verifiedOnly: boolean): Promise<string[]> {\n this.ensureInitialised()\n let selectedData = Object.values(this.keysCache![this.selfId!])\n if (verifiedOnly) {\n selectedData = selectedData.filter((data) => data.isVerified || data.isDevice)\n }\n return await Promise.all(selectedData.map(async (keyData) => ua2hex(await this.primitives.RSA.exportKey(keyData.pair.publicKey, 'spki'))))\n }\n\n /**\n * Get the public keys of available key pairs for the current user and his parents in hex-encoded spki representation (uses cached keys: no request\n * is done to the server).\n * Note that this will also include unverified keys.\n * @return the spki representation of public keys of available keypairs for the current user.\n */\n async getCurrentUserHierarchyAvailablePublicKeysHex(): Promise<string[]> {\n return await Promise.all(\n Object.values(this.keysCache!)\n .flatMap((pairsForParent) => Object.values(pairsForParent))\n .map(async (keyPairData) => ua2hex(await this.primitives.RSA.exportKey(keyPairData.pair.publicKey, 'spki')))\n )\n }\n\n /**\n * Get a key pair with the provided fingerprint if present.\n * @param fingerprint a key-pair/public-key fingerprint\n * @return the pair associated to the fingerprint and a boolean indicating if the pair is verified, if present, else undefined\n */\n getKeyPairForFingerprint(fingerprint: string): { pair: KeyPair<CryptoKey>; verified: boolean } | undefined {\n const foundVerified = this.getSelfVerifiedKeys().find((x) => x.fingerprint === fingerprint)\n if (foundVerified) return { pair: foundVerified.pair, verified: true }\n const foundOther = this.getDecryptionKeys()[fingerprint]\n if (foundOther) return { pair: foundOther, verified: false }\n return undefined\n }\n\n /**\n * @internal This method is intended for internal use only and may be changed without notice.\n * Initializes all keys for the current data owner. This method needs to be called before any other method of this class can be used.\n * @throws if the current user is not a data owner, or if there is no key and no new key could be created according to this manager crypt\n * strategies.\n * @return if a new key was created during initialisation the newly created key, else undefined.\n */\n async initialiseKeys(): Promise<{ newKeyPair: KeyPair<CryptoKey>; newKeyFingerprint: string } | undefined> {\n const newKey = await this.doLoadKeys(\n (x) => this.strategies.recoverAndVerifySelfHierarchyKeys(x, this.primitives, this.keypairRecoverer),\n (x) => this.strategies.generateNewKeyForDataOwner(x, this.primitives)\n )\n return newKey ? { newKeyPair: newKey.pair, newKeyFingerprint: newKey.fingerprint } : undefined\n }\n\n /**\n * @internal This method is intended for internal use only and may be changed without notice.\n * Forces to reload keys for the current data owner. This could be useful if the data owner has logged in from another device in order to update the\n * transfer keys.\n * This method will complete only after keys have been reloaded successfully.\n */\n async reloadKeys(): Promise<void> {\n await this.doLoadKeys(nothingKeyRecovererAndVerifier, (x) => {\n throw new Error(\"Can't create new keys at reload time: it should have already been created on initialisation\")\n })\n }\n\n /**\n * @internal This method is intended for internal use only and may be changed without notice.\n * Get all verified key pairs for the current data owner which can safely be used for encryption. This includes all key pairs created on the current\n * device and all recovered key pairs which have been verified.\n * The keys returned by this method will be in the following order:\n * 1. Legacy key pair if it is verified\n * 2. All device key pais, in alphabetical order according to the fingerprint\n * 3. Other verified key pairs, in alphabetical order according to the fingerprint\n * @return all verified keys, in order.\n */\n getSelfVerifiedKeys(): { fingerprint: string; pair: KeyPair<CryptoKey> }[] {\n this.ensureInitialised()\n const selfKeys = this.keysCache![this.selfId!]\n const allKeysEntries = Object.entries(selfKeys)\n\n const legacyKeyFp = this.selfLegacyPublicKey && fingerprintV1(this.selfLegacyPublicKey)\n const legacyKeyData = legacyKeyFp ? selfKeys[legacyKeyFp] : undefined\n const legacyEntry = legacyKeyData?.isVerified && legacyKeyFp ? [{ fingerprint: legacyKeyFp, pair: legacyKeyData.pair }] : []\n\n function filteredEntries(filterFunction: (fp: string, data: KeyPairData) => boolean) {\n return allKeysEntries\n .filter(([fp, data]) => filterFunction(fp, data) && fp !== legacyKeyFp)\n .sort(([a], [b]) => {\n // need to make sure that the comparison is independent of the locale, but the actual ordering is not that important\n return a == b ? 0 : a > b ? 1 : -1\n })\n .map(([fingerprint, { pair }]) => ({ fingerprint, pair }))\n }\n return [...legacyEntry, ...filteredEntries((_, data) => data.isDevice), ...filteredEntries((_, data) => !data.isDevice && data.isVerified)]\n }\n\n /**\n * Get all verified keys for a member of the current data owner hierarchy in no particular order.\n * @param dataOwner the current data owner or a member of his hierarchy.\n * @throws if the provided data owner is not part of the current data owner hierarchy\n */\n async getVerifiedPublicKeysFor(dataOwner: DataOwnerOrStub): Promise<string[]> {\n this.ensureInitialised()\n const availableKeys = this.keysCache![dataOwner.id!]\n if (!availableKeys) throw new Error(`Data owner ${dataOwner.id} is not part of the hierarchy of the current data owner ${this.selfId}`)\n const availableVerifiedKeysFp = new Set(Object.entries(availableKeys).flatMap(([fp, info]) => (info.isVerified || info.isDevice ? [fp] : [])))\n const otherVerifiedFp = new Set(\n Object.entries(await this.icureStorage.loadSelfVerifiedKeys(dataOwner.id!)).flatMap(([fp, verified]) => (verified ? [fp] : []))\n )\n return Array.from([\n ...this.dataOwnerApi.getHexPublicKeysWithSha1Of(dataOwner),\n ...this.dataOwnerApi.getHexPublicKeysWithSha256Of(dataOwner),\n ]).filter((key) => {\n const fp = fingerprintV1(key)\n return availableVerifiedKeysFp.has(fp) || otherVerifiedFp.has(fp)\n })\n }\n\n /**\n * @internal This method is intended for internal use only and may be changed without notice.\n * Get all key pairs for the current data owner and his parents. These keys should be used only for decryption as they may have not been verified.\n * @return all key pairs available for decryption.\n */\n getDecryptionKeys(): { [fingerprint: string]: KeyPair<CryptoKey> } {\n this.ensureInitialised()\n return Object.values(this.keysCache!).reduce((acc, curr) => {\n return {\n ...acc,\n ...this.plainKeysByFingerprint(curr),\n }\n }, {} as { [fp: string]: KeyPair<CryptoKey> })\n }\n\n private async doLoadKeys(\n keyRecovererAndVerifier: KeyRecovererAndVerifier,\n currentOwnerKeyGenerator: CurrentOwnerKeyGenerator\n ): Promise<{ pair: KeyPair<CryptoKey>; fingerprint: string } | undefined> {\n // Load all keys for self from key store\n const hierarchy = (await this.dataOwnerApi.getCurrentDataOwnerHierarchy()).map(({ dataOwner, type }) => {\n if (dataOwner.publicKey == '') {\n if (Object.entries(dataOwner.hcPartyKeys ?? {}).length > 0)\n throw new Error(`Data owner ${dataOwner.id} has \"\" as public key but has non-empty hcPartyKeys`)\n delete dataOwner.publicKey\n }\n return {\n dataOwner,\n type,\n } as DataOwnerWithType\n })\n const self = hierarchy[hierarchy.length - 1]\n this.selfId = self.dataOwner.id!\n const keysData = []\n for (const dowt of this.initialiseParentKeys ? hierarchy : [self]) {\n const availableKeys = await this.loadAndRecoverKeysFor(dowt)\n const availableKeysFpSet = new Set(Object.keys(availableKeys))\n const verifiedKeysMap = await this.icureStorage.loadSelfVerifiedKeys(dowt.dataOwner.id!)\n const allPublicKeys = new Set([\n ...this.dataOwnerApi.getHexPublicKeysWithSha1Of(dowt.dataOwner),\n ...this.dataOwnerApi.getHexPublicKeysWithSha256Of(dowt.dataOwner),\n ])\n const unavailableKeys = Array.from(allPublicKeys).flatMap((key) => {\n return availableKeysFpSet.has(fingerprintV1(key)) ? [] : [key]\n })\n const unknownKeys = Array.from(allPublicKeys).filter(\n (x) => !(fingerprintV1(x) in verifiedKeysMap) && !(availableKeys?.[fingerprintV1(x)]?.isDevice === true)\n )\n keysData.push({ dowt, availableKeys, unavailableKeys, unknownKeys })\n }\n const recoveryInfo = keysData.map(({ dowt, unavailableKeys, unknownKeys }) => ({ dataOwner: dowt, unavailableKeys, unknownKeys }))\n const recoveryAndVerificationResult = recoveryInfo.some((x) => x.unavailableKeys.length > 0 || x.unknownKeys.length > 0)\n ? await keyRecovererAndVerifier(recoveryInfo)\n : await nothingKeyRecovererAndVerifier(recoveryInfo)\n const keysCache: { [dataOwnerId: string]: { [fp: string]: KeyPairData } } = {}\n for (const keyData of keysData) {\n const currAuthenticity = this.ensureFingerprintKeys(recoveryAndVerificationResult[keyData.dowt.dataOwner.id!].keyAuthenticity)\n const currExternallyRecovered = this.ensureFingerprintKeys(recoveryAndVerificationResult[keyData.dowt.dataOwner.id!].recoveredKeys)\n for (const [fp, keyPair] of Object.entries(currExternallyRecovered)) {\n const jwkPair = await this.primitives.RSA.exportKeys(keyPair, 'jwk', 'jwk')\n await this.icureStorage.saveKey(keyData.dowt.dataOwner.id!, fp, jwkPair, true)\n }\n const updatedVerifiedMap = await this.icureStorage.saveSelfVerifiedKeys(\n keyData.dowt.dataOwner.id!,\n [...Object.keys(currAuthenticity), ...Object.keys(currExternallyRecovered)].reduce(\n (acc, currFp) => ({\n ...acc,\n [currFp]: currFp in currExternallyRecovered || currAuthenticity[currFp],\n }),\n {}\n )\n )\n const keysWithExternallyRecovered = {\n ...keyData.availableKeys,\n ...Object.fromEntries(Object.entries(currExternallyRecovered).map(([k, v]) => [k, { pair: v, isDevice: false }])),\n }\n const additionallyRecovered = await this.recoverAndCacheKeys(keyData.dowt, this.plainKeysByFingerprint(keysWithExternallyRecovered))\n const keys = {\n ...keysWithExternallyRecovered,\n ...Object.fromEntries(Object.entries(additionallyRecovered).map(([k, v]) => [k, { pair: v, isDevice: false }])),\n }\n keysCache[keyData.dowt.dataOwner.id!] = this.verifyKeys(keys, updatedVerifiedMap)\n }\n if (Object.entries(keysCache).some(([ownerId, data]) => ownerId !== self.dataOwner.id && !this.hasVerifiedKey(data))) {\n throw new Error('Some parent hcps have no verified keys: impossible to generate locally a new key for a parent.')\n } else if (this.hasVerifiedKey(keysCache[self.dataOwner.id!])) {\n this.keysCache = keysCache\n this.selfLegacyPublicKey = self.dataOwner.publicKey\n return undefined\n } else {\n const whatToDo = await currentOwnerKeyGenerator(self)\n if (whatToDo === false) {\n throw new Error(`No verified key found for ${self.dataOwner.id} and settings do not allow creation of a new key.`)\n } else {\n const updateInfo = await this.createAndSaveNewKeyPair(whatToDo === true ? undefined : whatToDo, self)\n // self may be outdated now\n this.selfLegacyPublicKey = updateInfo.updatedSelf.stub.publicKey\n this.keysCache = {\n ...keysCache,\n [self.dataOwner.id!]: {\n ...keysCache[self.dataOwner.id!],\n [updateInfo.publicKeyFingerprint]: { pair: updateInfo.keyPair, isDevice: true, isVerified: true },\n },\n }\n return { pair: updateInfo.keyPair, fingerprint: updateInfo.publicKeyFingerprint }\n }\n }\n }\n\n private async createAndSaveNewKeyPair(\n importedKeyPair: undefined | KeyPair<CryptoKey>,\n selfDataOwner: DataOwnerWithType\n ): Promise<{ publicKeyFingerprint: string; keyPair: KeyPair<CryptoKey>; updatedSelf: CryptoActorStubWithType }> {\n const keyPair = importedKeyPair ?? (await this.primitives.RSA.generateKeyPair(ShaVersion.Sha256))\n const publicKeyHex = ua2hex(await this.primitives.RSA.exportKey(keyPair.publicKey, 'spki'))\n const jwKey = await this.primitives.RSA.exportKey(keyPair.publicKey, 'jwk')\n if (jwKey.alg !== 'RSA-OAEP-256') {\n throw new Error('Only keys generated with SHA-256 are currently supported')\n }\n const publicKeyFingerprint = fingerprintV1(publicKeyHex)\n await this.icureStorage.saveKey(\n selfDataOwner.dataOwner.id!,\n publicKeyFingerprint,\n await this.primitives.RSA.exportKeys(keyPair, 'jwk', 'jwk'),\n true\n )\n await this.icureStorage.saveSelfVerifiedKeys(selfDataOwner.dataOwner.id!, { [publicKeyFingerprint]: true })\n const updatedSelf = await this.dataOwnerApi.modifyCryptoActorStub({\n stub: {\n ...CryptoActorStub.fromDataOwner(selfDataOwner.dataOwner),\n publicKeysForOaepWithSha256: [...(selfDataOwner.dataOwner.publicKeysForOaepWithSha256 ?? []), publicKeyHex],\n },\n type: selfDataOwner.type,\n })\n return { publicKeyFingerprint, keyPair: keyPair, updatedSelf }\n }\n\n private async loadStoredKeys(\n dataOwner: DataOwnerWithType,\n pubKeysFingerprints: { [key: string]: string[] }\n ): Promise<{ [pubKeyFingerprint: string]: { pair: KeyPair<CryptoKey>; isDevice: boolean } }> {\n const pubKeysFingerprintsWithVersion = Object.entries(pubKeysFingerprints).flatMap(([shaVersion, fps]) => {\n return fps.map((fp) => [shaVersion, fp] as [ShaVersion, string])\n })\n return await pubKeysFingerprintsWithVersion.reduce(async (acc, [shaVersion, currentFingerprint]) => {\n const awaitedAcc = await acc\n let loadedPair: { pair: KeyPair<CryptoKey>; isDevice: boolean } | undefined = undefined\n try {\n const storedKeypair = await this.icureStorage.loadKey(dataOwner.dataOwner.id!, currentFingerprint, dataOwner.dataOwner.publicKey)\n if (!!storedKeypair) {\n const importedKey = await this.primitives.RSA.importKeyPair(\n 'jwk',\n storedKeypair.pair.privateKey,\n 'jwk',\n storedKeypair.pair.publicKey,\n shaVersion\n )\n loadedPair = { pair: importedKey, isDevice: storedKeypair.isDevice }\n }\n } catch (e) {\n console.warn('Error while loading keypair', currentFingerprint, e)\n }\n return loadedPair\n ? {\n ...awaitedAcc,\n [currentFingerprint]: loadedPair,\n }\n : awaitedAcc\n }, Promise.resolve({} as { [pubKeyFingerprint: string]: { pair: KeyPair<CryptoKey>; isDevice: boolean } }))\n }\n\n private verifyKeys(\n keys: { [pubKeyFingerprint: string]: { pair: KeyPair<CryptoKey>; isDevice: boolean } },\n verifiedKeysMap: { [pubKeyFingerprint: string]: boolean }\n ): { [pubKeyFingerprint: string]: KeyPairData } {\n return Object.fromEntries(\n Object.entries(keys).map(\n ([fp, keyData]) => [fp, { ...keyData, isVerified: keyData.isDevice || verifiedKeysMap?.[fp] === true }] as [string, KeyPairData]\n )\n )\n }\n\n private plainKeysByFingerprint(richKeys: { [pubKeyFingerprint: string]: { pair: KeyPair<CryptoKey> } }): {\n [pubKeyFingerprint: string]: KeyPair<CryptoKey>\n } {\n return Object.fromEntries(Object.entries(richKeys).map(([fp, keyData]) => [fp, keyData.pair]))\n }\n\n private ensureInitialised() {\n if (!this.keysCache) throw new Error('Key manager was not properly initialised')\n }\n\n private async recoverAndCacheKeys(\n dataOwner: DataOwnerWithType,\n availableKeys: { [pubKeyFingerprint: string]: KeyPair<CryptoKey> }\n ): Promise<{ [p: string]: KeyPair<CryptoKey> }> {\n const recoveredKeys = await this.keyRecovery.recoverKeys(dataOwner, availableKeys)\n for (const [fp, pair] of Object.entries(recoveredKeys)) {\n await this.icureStorage.saveKey(dataOwner.dataOwner.id!, fp, await this.primitives.RSA.exportKeys(pair, 'jwk', 'jwk'), false)\n }\n return recoveredKeys\n }\n\n private async loadAndRecoverKeysFor(dataOwner: DataOwnerWithType): Promise<{ [keyFp: string]: { pair: KeyPair<CryptoKey>; isDevice: boolean } }> {\n const pubKeysFingerprints = {\n 'sha-1': [...new Set(this.dataOwnerApi.getHexPublicKeysWithSha1Of(dataOwner.dataOwner))].map((x) => fingerprintV1(x)),\n 'sha-256': [...new Set(this.dataOwnerApi.getHexPublicKeysWithSha256Of(dataOwner.dataOwner))].map((x) => fingerprintV1(x)),\n }\n const loadedKeys =\n pubKeysFingerprints['sha-1'].length + pubKeysFingerprints['sha-256'].length > 0 ? await this.loadStoredKeys(dataOwner, pubKeysFingerprints) : {}\n const loadedKeysFingerprints = Object.keys(loadedKeys)\n if (\n loadedKeysFingerprints.length !== pubKeysFingerprints['sha-1'].length + pubKeysFingerprints['sha-256'].length &&\n loadedKeysFingerprints.length > 0\n ) {\n const recoveredKeys = await this.recoverAndCacheKeys(dataOwner, this.plainKeysByFingerprint(loadedKeys))\n for (const [fp, pair] of Object.entries(recoveredKeys)) {\n loadedKeys[fp] = { pair, isDevice: false }\n }\n }\n return loadedKeys\n }\n\n private ensureFingerprintKeys<T>(obj: { [shouldBeFingerprint: string]: T }): { [definitelyFingerprint: string]: T } {\n return Object.fromEntries(Object.entries(obj).map(([k, v]) => [fingerprintV1(k), v]))\n }\n\n private hasVerifiedKey(keysData: { [fp: string]: KeyPairData }) {\n return Object.values(keysData).some((x) => x.isVerified || x.isDevice)\n }\n}\n"]}
@@ -42,10 +42,13 @@ class UserSignatureKeysManager {
42
42
  }
43
43
  else {
44
44
  const generatedPair = yield this.primitives.RSA.generateSignatureKeyPair();
45
- const fingerprint = (0, utils_1.ua2hex)(yield this.primitives.RSA.exportKey(generatedPair.publicKey, 'spki')).slice(-32);
46
- yield this.iCureStorage.saveSignatureKeyPair(dataOwnerId, fingerprint, yield this.primitives.RSA.exportKeys(generatedPair, 'jwk', 'jwk'));
47
- this.verificationKeysCache.set(fingerprint, generatedPair.publicKey);
48
- this.signatureKeysCache = { fingerprint, keyPair: generatedPair };
45
+ const exportedPub = (0, utils_1.ua2hex)(yield this.primitives.RSA.exportKey(generatedPair.publicKey, 'spki'));
46
+ (0, utils_2.checkStandardPublicKeyTail)(exportedPub);
47
+ const fpV2 = (0, utils_2.fingerprintV2)(exportedPub);
48
+ // For consistency with encryption keys we use fpv1 when saving
49
+ yield this.iCureStorage.saveSignatureKeyPair(dataOwnerId, (0, utils_2.fingerprintV1)(exportedPub), yield this.primitives.RSA.exportKeys(generatedPair, 'jwk', 'jwk'));
50
+ this.verificationKeysCache.set(fpV2, generatedPair.publicKey);
51
+ this.signatureKeysCache = { fingerprint: fpV2, keyPair: generatedPair };
49
52
  return this.signatureKeysCache;
50
53
  }
51
54
  });
@@ -61,7 +64,8 @@ class UserSignatureKeysManager {
61
64
  const cached = this.verificationKeysCache.get(fingerprint);
62
65
  if (cached)
63
66
  return cached;
64
- const loaded = yield this.iCureStorage.loadSignatureVerificationKey(yield this.dataOwnerApi.getCurrentDataOwnerId(), fingerprint);
67
+ // For consistency with encryption keys we use fpv1 when saving
68
+ const loaded = yield this.iCureStorage.loadSignatureVerificationKey(yield this.dataOwnerApi.getCurrentDataOwnerId(), (0, utils_2.fingerprintV2ToStandardV1)(fingerprint));
65
69
  if (loaded) {
66
70
  const imported = yield this.primitives.RSA.importVerificationKey('jwk', loaded);
67
71
  this.verificationKeysCache.set(fingerprint, imported);
@@ -1 +1 @@
1
- {"version":3,"file":"UserSignatureKeysManager.js","sourceRoot":"","sources":["../../../icc-x-api/crypto/UserSignatureKeysManager.ts"],"names":[],"mappings":";;;;;;;;;;;;AAGA,oCAAmD;AAEnD,mCAAuC;AAEvC,MAAa,wBAAwB;IACnC,YACmB,YAAgC,EAChC,YAA8B,EAC9B,UAA4B;QAF5B,iBAAY,GAAZ,YAAY,CAAoB;QAChC,iBAAY,GAAZ,YAAY,CAAkB;QAC9B,eAAU,GAAV,UAAU,CAAkB;QAGvC,uBAAkB,GAKV,SAAS,CAAA;QACjB,0BAAqB,GAAG,IAAI,GAAG,EAAqB,CAAA;IARzD,CAAC;IAUJ;;OAEG;IACG,2BAA2B;;YAI/B,IAAI,IAAI,CAAC,kBAAkB;gBAAE,OAAO,IAAI,CAAC,kBAAkB,CAAA;YAC3D,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,qBAAqB,EAAE,CAAA;YACnE,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,gBAAgB,CAAC,WAAW,CAAC,CAAA;YACtE,IAAI,QAAQ,EAAE;gBACZ,MAAM,WAAW,GAAG,IAAA,qBAAa,EAAC,IAAA,gBAAQ,EAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,CAAA;gBAC/D,IAAI,CAAC,kBAAkB,GAAG;oBACxB,WAAW;oBACX,OAAO,EAAE;wBACP,UAAU,EAAE,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,kBAAkB,CAAC,KAAK,EAAE,QAAQ,CAAC,UAAU,CAAC;wBACpF,SAAS,EAAE,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,qBAAqB,CAAC,KAAK,EAAE,QAAQ,CAAC,SAAS,CAAC;qBACtF;iBACF,CAAA;gBACD,OAAO,IAAI,CAAC,kBAAkB,CAAA;aAC/B;iBAAM;gBACL,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,wBAAwB,EAAE,CAAA;gBAC1E,MAAM,WAAW,GAAG,IAAA,cAAM,EAAC,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,SAAS,CAAC,aAAa,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAA;gBAC3G,MAAM,IAAI,CAAC,YAAY,CAAC,oBAAoB,CAAC,WAAW,EAAE,WAAW,EAAE,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,UAAU,CAAC,aAAa,EAAE,KAAK,EAAE,KAAK,CAAC,CAAC,CAAA;gBACzI,IAAI,CAAC,qBAAqB,CAAC,GAAG,CAAC,WAAW,EAAE,aAAa,CAAC,SAAS,CAAC,CAAA;gBACpE,IAAI,CAAC,kBAAkB,GAAG,EAAE,WAAW,EAAE,OAAO,EAAE,aAAa,EAAE,CAAA;gBACjE,OAAO,IAAI,CAAC,kBAAkB,CAAA;aAC/B;QACH,CAAC;KAAA;IAED;;;;;OAKG;IACG,2BAA2B,CAAC,WAAmB;;YACnD,MAAM,MAAM,GAAG,IAAI,CAAC,qBAAqB,CAAC,GAAG,CAAC,WAAW,CAAC,CAAA;YAC1D,IAAI,MAAM;gBAAE,OAAO,MAAM,CAAA;YACzB,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,4BAA4B,CAAC,MAAM,IAAI,CAAC,YAAY,CAAC,qBAAqB,EAAE,EAAE,WAAW,CAAC,CAAA;YACjI,IAAI,MAAM,EAAE;gBACV,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,qBAAqB,CAAC,KAAK,EAAE,MAAM,CAAC,CAAA;gBAC/E,IAAI,CAAC,qBAAqB,CAAC,GAAG,CAAC,WAAW,EAAE,QAAQ,CAAC,CAAA;gBACrD,OAAO,QAAQ,CAAA;aAChB;QACH,CAAC;KAAA;CACF;AA7DD,4DA6DC","sourcesContent":["import { IcureStorageFacade } from '../storage/IcureStorageFacade'\nimport { IccDataOwnerXApi } from '../icc-data-owner-x-api'\nimport { CryptoPrimitives } from './CryptoPrimitives'\nimport { hex2ua, jwk2spki, ua2hex } from '../utils'\nimport { KeyPair } from './RSA'\nimport { fingerprintV1 } from './utils'\n\nexport class UserSignatureKeysManager {\n constructor(\n private readonly iCureStorage: IcureStorageFacade,\n private readonly dataOwnerApi: IccDataOwnerXApi,\n private readonly primitives: CryptoPrimitives\n ) {}\n\n private signatureKeysCache:\n | {\n fingerprint: string\n keyPair: KeyPair<CryptoKey>\n }\n | undefined = undefined\n private verificationKeysCache = new Map<string, CryptoKey>()\n\n /**\n * Get a key which can be used to sign data in order to allow verification of the data authenticity in the future.\n */\n async getOrCreateSignatureKeyPair(): Promise<{\n fingerprint: string\n keyPair: KeyPair<CryptoKey>\n }> {\n if (this.signatureKeysCache) return this.signatureKeysCache\n const dataOwnerId = await this.dataOwnerApi.getCurrentDataOwnerId()\n const existing = await this.iCureStorage.loadSignatureKey(dataOwnerId)\n if (existing) {\n const fingerprint = fingerprintV1(jwk2spki(existing.publicKey))\n this.signatureKeysCache = {\n fingerprint,\n keyPair: {\n privateKey: await this.primitives.RSA.importSignatureKey('jwk', existing.privateKey),\n publicKey: await this.primitives.RSA.importVerificationKey('jwk', existing.publicKey),\n },\n }\n return this.signatureKeysCache\n } else {\n const generatedPair = await this.primitives.RSA.generateSignatureKeyPair()\n const fingerprint = ua2hex(await this.primitives.RSA.exportKey(generatedPair.publicKey, 'spki')).slice(-32)\n await this.iCureStorage.saveSignatureKeyPair(dataOwnerId, fingerprint, await this.primitives.RSA.exportKeys(generatedPair, 'jwk', 'jwk'))\n this.verificationKeysCache.set(fingerprint, generatedPair.publicKey)\n this.signatureKeysCache = { fingerprint, keyPair: generatedPair }\n return this.signatureKeysCache\n }\n }\n\n /**\n * Get all available keys which can be used to verify the authenticity of a signature which should have been created\n * by the current data owner.\n * @param fingerprint v1 fingerprint of the key to retrieve.\n * @return all available verification keys by fingerprint.\n */\n async getSignatureVerificationKey(fingerprint: string): Promise<CryptoKey | undefined> {\n const cached = this.verificationKeysCache.get(fingerprint)\n if (cached) return cached\n const loaded = await this.iCureStorage.loadSignatureVerificationKey(await this.dataOwnerApi.getCurrentDataOwnerId(), fingerprint)\n if (loaded) {\n const imported = await this.primitives.RSA.importVerificationKey('jwk', loaded)\n this.verificationKeysCache.set(fingerprint, imported)\n return imported\n }\n }\n}\n"]}
1
+ {"version":3,"file":"UserSignatureKeysManager.js","sourceRoot":"","sources":["../../../icc-x-api/crypto/UserSignatureKeysManager.ts"],"names":[],"mappings":";;;;;;;;;;;;AAGA,oCAAmD;AAEnD,mCAA6G;AAE7G,MAAa,wBAAwB;IACnC,YACmB,YAAgC,EAChC,YAA8B,EAC9B,UAA4B;QAF5B,iBAAY,GAAZ,YAAY,CAAoB;QAChC,iBAAY,GAAZ,YAAY,CAAkB;QAC9B,eAAU,GAAV,UAAU,CAAkB;QAGvC,uBAAkB,GAKV,SAAS,CAAA;QACjB,0BAAqB,GAAG,IAAI,GAAG,EAAqB,CAAA;IARzD,CAAC;IAUJ;;OAEG;IACG,2BAA2B;;YAI/B,IAAI,IAAI,CAAC,kBAAkB;gBAAE,OAAO,IAAI,CAAC,kBAAkB,CAAA;YAC3D,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,qBAAqB,EAAE,CAAA;YACnE,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,gBAAgB,CAAC,WAAW,CAAC,CAAA;YACtE,IAAI,QAAQ,EAAE;gBACZ,MAAM,WAAW,GAAG,IAAA,qBAAa,EAAC,IAAA,gBAAQ,EAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,CAAA;gBAC/D,IAAI,CAAC,kBAAkB,GAAG;oBACxB,WAAW;oBACX,OAAO,EAAE;wBACP,UAAU,EAAE,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,kBAAkB,CAAC,KAAK,EAAE,QAAQ,CAAC,UAAU,CAAC;wBACpF,SAAS,EAAE,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,qBAAqB,CAAC,KAAK,EAAE,QAAQ,CAAC,SAAS,CAAC;qBACtF;iBACF,CAAA;gBACD,OAAO,IAAI,CAAC,kBAAkB,CAAA;aAC/B;iBAAM;gBACL,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,wBAAwB,EAAE,CAAA;gBAC1E,MAAM,WAAW,GAAG,IAAA,cAAM,EAAC,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,SAAS,CAAC,aAAa,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC,CAAA;gBAChG,IAAA,kCAA0B,EAAC,WAAW,CAAC,CAAA;gBACvC,MAAM,IAAI,GAAG,IAAA,qBAAa,EAAC,WAAW,CAAC,CAAA;gBACvC,+DAA+D;gBAC/D,MAAM,IAAI,CAAC,YAAY,CAAC,oBAAoB,CAC1C,WAAW,EACX,IAAA,qBAAa,EAAC,WAAW,CAAC,EAC1B,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,UAAU,CAAC,aAAa,EAAE,KAAK,EAAE,KAAK,CAAC,CAClE,CAAA;gBACD,IAAI,CAAC,qBAAqB,CAAC,GAAG,CAAC,IAAI,EAAE,aAAa,CAAC,SAAS,CAAC,CAAA;gBAC7D,IAAI,CAAC,kBAAkB,GAAG,EAAE,WAAW,EAAE,IAAI,EAAE,OAAO,EAAE,aAAa,EAAE,CAAA;gBACvE,OAAO,IAAI,CAAC,kBAAkB,CAAA;aAC/B;QACH,CAAC;KAAA;IAED;;;;;OAKG;IACG,2BAA2B,CAAC,WAAmB;;YACnD,MAAM,MAAM,GAAG,IAAI,CAAC,qBAAqB,CAAC,GAAG,CAAC,WAAW,CAAC,CAAA;YAC1D,IAAI,MAAM;gBAAE,OAAO,MAAM,CAAA;YACzB,+DAA+D;YAC/D,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,4BAA4B,CACjE,MAAM,IAAI,CAAC,YAAY,CAAC,qBAAqB,EAAE,EAC/C,IAAA,iCAAyB,EAAC,WAAW,CAAC,CACvC,CAAA;YACD,IAAI,MAAM,EAAE;gBACV,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,qBAAqB,CAAC,KAAK,EAAE,MAAM,CAAC,CAAA;gBAC/E,IAAI,CAAC,qBAAqB,CAAC,GAAG,CAAC,WAAW,EAAE,QAAQ,CAAC,CAAA;gBACrD,OAAO,QAAQ,CAAA;aAChB;QACH,CAAC;KAAA;CACF;AAxED,4DAwEC","sourcesContent":["import { IcureStorageFacade } from '../storage/IcureStorageFacade'\nimport { IccDataOwnerXApi } from '../icc-data-owner-x-api'\nimport { CryptoPrimitives } from './CryptoPrimitives'\nimport { hex2ua, jwk2spki, ua2hex } from '../utils'\nimport { KeyPair } from './RSA'\nimport { checkStandardPublicKeyTail, fingerprintV1, fingerprintV2, fingerprintV2ToStandardV1 } from './utils'\n\nexport class UserSignatureKeysManager {\n constructor(\n private readonly iCureStorage: IcureStorageFacade,\n private readonly dataOwnerApi: IccDataOwnerXApi,\n private readonly primitives: CryptoPrimitives\n ) {}\n\n private signatureKeysCache:\n | {\n fingerprint: string\n keyPair: KeyPair<CryptoKey>\n }\n | undefined = undefined\n private verificationKeysCache = new Map<string, CryptoKey>()\n\n /**\n * Get a key which can be used to sign data in order to allow verification of the data authenticity in the future.\n */\n async getOrCreateSignatureKeyPair(): Promise<{\n fingerprint: string\n keyPair: KeyPair<CryptoKey>\n }> {\n if (this.signatureKeysCache) return this.signatureKeysCache\n const dataOwnerId = await this.dataOwnerApi.getCurrentDataOwnerId()\n const existing = await this.iCureStorage.loadSignatureKey(dataOwnerId)\n if (existing) {\n const fingerprint = fingerprintV1(jwk2spki(existing.publicKey))\n this.signatureKeysCache = {\n fingerprint,\n keyPair: {\n privateKey: await this.primitives.RSA.importSignatureKey('jwk', existing.privateKey),\n publicKey: await this.primitives.RSA.importVerificationKey('jwk', existing.publicKey),\n },\n }\n return this.signatureKeysCache\n } else {\n const generatedPair = await this.primitives.RSA.generateSignatureKeyPair()\n const exportedPub = ua2hex(await this.primitives.RSA.exportKey(generatedPair.publicKey, 'spki'))\n checkStandardPublicKeyTail(exportedPub)\n const fpV2 = fingerprintV2(exportedPub)\n // For consistency with encryption keys we use fpv1 when saving\n await this.iCureStorage.saveSignatureKeyPair(\n dataOwnerId,\n fingerprintV1(exportedPub),\n await this.primitives.RSA.exportKeys(generatedPair, 'jwk', 'jwk')\n )\n this.verificationKeysCache.set(fpV2, generatedPair.publicKey)\n this.signatureKeysCache = { fingerprint: fpV2, keyPair: generatedPair }\n return this.signatureKeysCache\n }\n }\n\n /**\n * Get all available keys which can be used to verify the authenticity of a signature which should have been created\n * by the current data owner.\n * @param fingerprint v1 fingerprint of the key to retrieve.\n * @return all available verification keys by fingerprint.\n */\n async getSignatureVerificationKey(fingerprint: string): Promise<CryptoKey | undefined> {\n const cached = this.verificationKeysCache.get(fingerprint)\n if (cached) return cached\n // For consistency with encryption keys we use fpv1 when saving\n const loaded = await this.iCureStorage.loadSignatureVerificationKey(\n await this.dataOwnerApi.getCurrentDataOwnerId(),\n fingerprintV2ToStandardV1(fingerprint)\n )\n if (loaded) {\n const imported = await this.primitives.RSA.importVerificationKey('jwk', loaded)\n this.verificationKeysCache.set(fingerprint, imported)\n return imported\n }\n }\n}\n"]}
@@ -6,13 +6,11 @@ import { CryptoPrimitives } from './CryptoPrimitives';
6
6
  import { IccPatientApi } from '../../icc-api';
7
7
  import { DataOwnerWithType } from '../../icc-api/model/DataOwnerWithType';
8
8
  /**
9
- * @internal this function is meant only for internal use and may be changed without notice.
10
9
  * Get the public keys of a data owner which should be used for RSA-OAEP with sha256.
11
10
  * @param dataOwner
12
11
  */
13
12
  export declare function hexPublicKeysWithSha256Of(dataOwner: DataOwner): Set<string>;
14
13
  /**
15
- * @internal this function is meant only for internal use and may be changed without notice.
16
14
  * Get the public keys of a data owner which should be used for RSA-OAEP with sha1.
17
15
  * @param dataOwner
18
16
  */
@@ -53,13 +51,12 @@ export declare function loadPublicKeys(rsa: RSAUtils, publicKeysSpkiHex: string[
53
51
  */
54
52
  export declare function ensureDelegationForSelf(dataOwnerApi: IccDataOwnerXApi, xapi: ExtendedApisUtils, patientApi: IccPatientApi, cryptoPrimitives: CryptoPrimitives): Promise<DataOwnerWithType>;
55
53
  /**
56
- * @internal This method is intended only for internal use and may be changed without notice.
57
54
  * Search a public key in the data owner and returns the corresponding SHA version used to generate it or undefined if not found.
58
55
  * @param dataOwner the data owner.
59
56
  * @param publicKey the public key.
60
57
  * @return 'sha-1', 'sha-256', undefined
61
58
  */
62
- export declare function getShaVersionForKey(dataOwner: DataOwnerOrStub, publicKey: string): "sha-1" | "sha-256" | undefined;
59
+ export declare function getShaVersionForKey(dataOwner: DataOwnerOrStub, publicKey: string): ShaVersion | undefined;
63
60
  /**
64
61
  * @internal this function is meant only for internal use and may be changed without notice.
65
62
  * Calculates the fingerprint from the hexadecimal representation of a SPKI key. The fingerprint is calculated as the last 16 bytes (32 characters)
@@ -95,3 +92,15 @@ export declare function fingerprintIsV1(fp: string): boolean;
95
92
  * @return true if the fingerprint is in V2 format, false otherwise.
96
93
  */
97
94
  export declare function fingerprintIsV2(fp: string): boolean;
95
+ /**
96
+ * @internal this function is meant only for internal use and may be changed without notice.
97
+ * @param fp the fingerprint v2.
98
+ * @return the fingerprint v1 using the standard tail.
99
+ */
100
+ export declare function fingerprintV2ToStandardV1(fp: string): string;
101
+ /**
102
+ * @internal this function is meant only for internal use and may be changed without notice.
103
+ * @param publicKeyOrFpv1 a public key in spki format or a public key fp v1
104
+ * @throws if the input does not terminate with 0203010001
105
+ */
106
+ export declare function checkStandardPublicKeyTail(publicKeyOrFpv1: string): void;
@@ -9,9 +9,10 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
9
9
  });
10
10
  };
11
11
  Object.defineProperty(exports, "__esModule", { value: true });
12
- exports.fingerprintIsV2 = exports.fingerprintIsV1 = exports.fingerprintV1toV2 = exports.fingerprintV2 = exports.fingerprintV1 = exports.getShaVersionForKey = exports.ensureDelegationForSelf = exports.loadPublicKeys = exports.fingerprintToPublicKeysMapOf = exports.transferKeysFpGraphOf = exports.hexPublicKeysWithSha1Of = exports.hexPublicKeysWithSha256Of = void 0;
12
+ exports.checkStandardPublicKeyTail = exports.fingerprintV2ToStandardV1 = exports.fingerprintIsV2 = exports.fingerprintIsV1 = exports.fingerprintV1toV2 = exports.fingerprintV2 = exports.fingerprintV1 = exports.getShaVersionForKey = exports.ensureDelegationForSelf = exports.loadPublicKeys = exports.fingerprintToPublicKeysMapOf = exports.transferKeysFpGraphOf = exports.hexPublicKeysWithSha1Of = exports.hexPublicKeysWithSha256Of = void 0;
13
13
  // Uses fp as node names
14
14
  const graph_utils_1 = require("../utils/graph-utils");
15
+ const RSA_1 = require("./RSA");
15
16
  const utils_1 = require("../utils");
16
17
  const Patient_1 = require("../../icc-api/model/Patient");
17
18
  const ShareMetadataBehaviour_1 = require("./ShareMetadataBehaviour");
@@ -19,7 +20,6 @@ const EntityShareRequest_1 = require("../../icc-api/model/requests/EntityShareRe
19
20
  const DataOwnerTypeEnum_1 = require("../../icc-api/model/DataOwnerTypeEnum");
20
21
  var RequestedPermissionEnum = EntityShareRequest_1.EntityShareRequest.RequestedPermissionEnum;
21
22
  /**
22
- * @internal this function is meant only for internal use and may be changed without notice.
23
23
  * Get the public keys of a data owner which should be used for RSA-OAEP with sha256.
24
24
  * @param dataOwner
25
25
  */
@@ -29,7 +29,6 @@ function hexPublicKeysWithSha256Of(dataOwner) {
29
29
  }
30
30
  exports.hexPublicKeysWithSha256Of = hexPublicKeysWithSha256Of;
31
31
  /**
32
- * @internal this function is meant only for internal use and may be changed without notice.
33
32
  * Get the public keys of a data owner which should be used for RSA-OAEP with sha1.
34
33
  * @param dataOwner
35
34
  */
@@ -97,7 +96,7 @@ function ensureDelegationForSelf(dataOwnerApi, xapi, patientApi, cryptoPrimitive
97
96
  const self = yield dataOwnerApi.getCurrentDataOwner();
98
97
  if (self.type === 'patient') {
99
98
  const patient = new Patient_1.Patient(self.dataOwner);
100
- const patientWithType = { entity: patient, type: 'Patient' };
99
+ const patientWithType = { entity: patient, type: utils_1.EntityWithDelegationTypeName.Patient };
101
100
  const availableSecretIds = yield xapi.secretIdsOf(patientWithType, undefined);
102
101
  if (availableSecretIds.length) {
103
102
  return self;
@@ -105,11 +104,11 @@ function ensureDelegationForSelf(dataOwnerApi, xapi, patientApi, cryptoPrimitive
105
104
  else {
106
105
  if (xapi.hasEmptyEncryptionMetadata(patient)) {
107
106
  // This should not really happen, usually some user will have already initialised the patient and its encryption metadata.
108
- const updatedPatient = yield xapi.entityWithInitialisedEncryptedMetadata(patient, 'Patient', undefined, undefined, true, true, {});
107
+ const updatedPatient = yield xapi.entityWithInitialisedEncryptedMetadata(patient, utils_1.EntityWithDelegationTypeName.Patient, undefined, undefined, true, true, {});
109
108
  return { dataOwner: yield patientApi.modifyPatient(updatedPatient.updatedEntity), type: DataOwnerTypeEnum_1.DataOwnerTypeEnum.Patient };
110
109
  }
111
110
  else {
112
- const updatedPatient = yield xapi.simpleShareOrUpdateEncryptedEntityMetadata({ entity: patient, type: 'Patient' }, false, {
111
+ const updatedPatient = yield xapi.simpleShareOrUpdateEncryptedEntityMetadata({ entity: patient, type: utils_1.EntityWithDelegationTypeName.Patient }, false, {
113
112
  [patient.id]: {
114
113
  shareEncryptionKeys: ShareMetadataBehaviour_1.ShareMetadataBehaviour.IF_AVAILABLE,
115
114
  shareOwningEntityIds: ShareMetadataBehaviour_1.ShareMetadataBehaviour.NEVER,
@@ -128,7 +127,6 @@ function ensureDelegationForSelf(dataOwnerApi, xapi, patientApi, cryptoPrimitive
128
127
  }
129
128
  exports.ensureDelegationForSelf = ensureDelegationForSelf;
130
129
  /**
131
- * @internal This method is intended only for internal use and may be changed without notice.
132
130
  * Search a public key in the data owner and returns the corresponding SHA version used to generate it or undefined if not found.
133
131
  * @param dataOwner the data owner.
134
132
  * @param publicKey the public key.
@@ -137,9 +135,9 @@ exports.ensureDelegationForSelf = ensureDelegationForSelf;
137
135
  function getShaVersionForKey(dataOwner, publicKey) {
138
136
  var _a, _b;
139
137
  return dataOwner.publicKey === publicKey || Object.keys((_a = dataOwner.aesExchangeKeys) !== null && _a !== void 0 ? _a : {}).includes(publicKey)
140
- ? 'sha-1'
138
+ ? RSA_1.ShaVersion.Sha1
141
139
  : !!((_b = dataOwner.publicKeysForOaepWithSha256) === null || _b === void 0 ? void 0 : _b.includes(publicKey))
142
- ? 'sha-256'
140
+ ? RSA_1.ShaVersion.Sha256
143
141
  : undefined;
144
142
  }
145
143
  exports.getShaVersionForKey = getShaVersionForKey;
@@ -193,4 +191,24 @@ function fingerprintIsV2(fp) {
193
191
  return fp.length === 22;
194
192
  }
195
193
  exports.fingerprintIsV2 = fingerprintIsV2;
194
+ /**
195
+ * @internal this function is meant only for internal use and may be changed without notice.
196
+ * @param fp the fingerprint v2.
197
+ * @return the fingerprint v1 using the standard tail.
198
+ */
199
+ function fingerprintV2ToStandardV1(fp) {
200
+ return fp + '0203010001';
201
+ }
202
+ exports.fingerprintV2ToStandardV1 = fingerprintV2ToStandardV1;
203
+ /**
204
+ * @internal this function is meant only for internal use and may be changed without notice.
205
+ * @param publicKeyOrFpv1 a public key in spki format or a public key fp v1
206
+ * @throws if the input does not terminate with 0203010001
207
+ */
208
+ function checkStandardPublicKeyTail(publicKeyOrFpv1) {
209
+ if (publicKeyOrFpv1.slice(-10) != '0203010001') {
210
+ throw new Error('Illegal state: generated public key should end with 0203010001');
211
+ }
212
+ }
213
+ exports.checkStandardPublicKeyTail = checkStandardPublicKeyTail;
196
214
  //# sourceMappingURL=utils.js.map
@@ -1 +1 @@
1
- {"version":3,"file":"utils.js","sourceRoot":"","sources":["../../../icc-x-api/crypto/utils.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,wBAAwB;AACxB,sDAAsF;AAGtF,oCAAiC;AACjC,yDAAqD;AAKrD,qEAAiE;AACjE,wFAAoF;AAEpF,6EAAyE;AACzE,IAAO,uBAAuB,GAAG,uCAAkB,CAAC,uBAAuB,CAAA;AAE3E;;;;GAIG;AACH,SAAgB,yBAAyB,CAAC,SAAoB;;IAC5D,OAAO,IAAI,GAAG,CAAC,CAAC,GAAG,CAAC,MAAA,SAAS,CAAC,2BAA2B,mCAAI,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,CAAa,CAAC,CAAA;AAC7G,CAAC;AAFD,8DAEC;AAED;;;;GAIG;AACH,SAAgB,uBAAuB,CAAC,SAAoB;;IAC1D,OAAO,IAAI,GAAG,CAAC,CAAC,SAAS,CAAC,SAAS,EAAE,GAAG,MAAM,CAAC,IAAI,CAAC,MAAA,SAAS,CAAC,eAAe,mCAAI,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,CAAa,CAAC,CAAA;AACjI,CAAC;AAFD,0DAEC;AAED;;;;;;GAMG;AACH,SAAgB,qBAAqB,CAAC,SAAoB;;IACxD,MAAM,UAAU,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,GAAG,uBAAuB,CAAC,SAAS,CAAC,EAAE,GAAG,yBAAyB,CAAC,SAAS,CAAC,CAAC,CAAC,CAAA;IAC/G,MAAM,KAAK,GAAuB,EAAE,CAAA;IACpC,MAAM,CAAC,OAAO,CAAC,MAAA,SAAS,CAAC,YAAY,mCAAI,EAAE,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,EAAE,GAAG,CAAC,EAAE,EAAE;QACnE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,CAAC,EAAE,EAAE,EAAE;YAC9B,KAAK,CAAC,IAAI,CAAC,CAAC,aAAa,CAAC,IAAI,CAAC,EAAE,aAAa,CAAC,EAAE,CAAC,CAAC,CAAC,CAAA;QACtD,CAAC,CAAC,CAAA;IACJ,CAAC,CAAC,CAAA;IACF,OAAO,IAAA,qBAAO,EACZ,IAAA,4BAAc,EACZ,KAAK,EACL,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,CACxC,CACF,CAAA;AACH,CAAC;AAdD,sDAcC;AAED;;;;;;GAMG;AACH,SAAgB,4BAA4B,CAAC,SAAoB,EAAE,UAAsB;IACvF,MAAM,UAAU,GAAG,UAAU,KAAK,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,uBAAuB,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,yBAAyB,CAAC,SAAS,CAAC,CAAC,CAAA;IAC7I,MAAM,GAAG,GAA6B,EAAE,CAAA;IACxC,UAAU,CAAC,OAAO,CAAC,CAAC,EAAE,EAAE,EAAE;QACxB,GAAG,CAAC,aAAa,CAAC,EAAE,CAAC,CAAC,GAAG,EAAE,CAAA;IAC7B,CAAC,CAAC,CAAA;IACF,OAAO,GAAG,CAAA;AACZ,CAAC;AAPD,oEAOC;AAED;;;;;;;GAOG;AACH,SAAsB,cAAc,CAClC,GAAa,EACb,iBAA2B,EAC3B,UAAsB;;QAEtB,OAAO,MAAM,CAAC,WAAW,CACvB,MAAM,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,GAAG,CAAC,CAAO,CAAC,EAAE,EAAE,gDAAC,OAAA,CAAC,aAAa,CAAC,CAAC,CAAC,EAAE,MAAM,GAAG,CAAC,SAAS,CAAC,MAAM,EAAE,IAAA,cAAM,EAAC,CAAC,CAAC,EAAE,CAAC,SAAS,CAAC,EAAE,UAAU,CAAC,CAAC,CAAA,GAAA,CAAC,CAAC,CAC3I,CAAA;IACH,CAAC;CAAA;AARD,wCAQC;AAED;;;;GAIG;AACH,SAAsB,uBAAuB,CAC3C,YAA8B,EAC9B,IAAuB,EACvB,UAAyB,EACzB,gBAAkC;;QAElC,MAAM,IAAI,GAAG,MAAM,YAAY,CAAC,mBAAmB,EAAE,CAAA;QACrD,IAAI,IAAI,CAAC,IAAI,KAAK,SAAS,EAAE;YAC3B,MAAM,OAAO,GAAG,IAAI,iBAAO,CAAC,IAAI,CAAC,SAAS,CAAC,CAAA;YAC3C,MAAM,eAAe,GAA4B,EAAE,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,CAAA;YACrF,MAAM,kBAAkB,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,eAAe,EAAE,SAAS,CAAC,CAAA;YAC7E,IAAI,kBAAkB,CAAC,MAAM,EAAE;gBAC7B,OAAO,IAAI,CAAA;aACZ;iBAAM;gBACL,IAAI,IAAI,CAAC,0BAA0B,CAAC,OAAO,CAAC,EAAE;oBAC5C,0HAA0H;oBAC1H,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,sCAAsC,CAAC,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE,CAAC,CAAA;oBAClI,OAAO,EAAE,SAAS,EAAE,MAAM,UAAU,CAAC,aAAa,CAAC,cAAc,CAAC,aAAa,CAAC,EAAE,IAAI,EAAE,qCAAiB,CAAC,OAAO,EAAE,CAAA;iBACpH;qBAAM;oBACL,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,0CAA0C,CAC1E,EAAE,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,EACpC,KAAK,EACL;wBACE,CAAC,OAAO,CAAC,EAAG,CAAC,EAAE;4BACb,mBAAmB,EAAE,+CAAsB,CAAC,YAAY;4BACxD,oBAAoB,EAAE,+CAAsB,CAAC,KAAK;4BAClD,cAAc,EAAE,CAAC,gBAAgB,CAAC,UAAU,EAAE,CAAC;4BAC/C,oBAAoB,EAAE,uBAAuB,CAAC,UAAU;yBACzD;qBACF,EACD,CAAC,CAAC,EAAE,EAAE,CAAC,UAAU,CAAC,iBAAiB,CAAC,CAAC,CAAC,CACvC,CAAA;oBACD,OAAO,EAAE,SAAS,EAAE,cAAc,CAAC,oBAAoB,EAAE,IAAI,EAAE,qCAAiB,CAAC,OAAO,EAAE,CAAA;iBAC3F;aACF;SACF;aAAM;YACL,OAAO,IAAI,CAAA;SACZ;IACH,CAAC;CAAA;AAtCD,0DAsCC;AAED;;;;;;GAMG;AACH,SAAgB,mBAAmB,CAAC,SAA0B,EAAE,SAAiB;;IAC/E,OAAO,SAAS,CAAC,SAAS,KAAK,SAAS,IAAI,MAAM,CAAC,IAAI,CAAC,MAAA,SAAS,CAAC,eAAe,mCAAI,EAAE,CAAC,CAAC,QAAQ,CAAC,SAAS,CAAC;QAC1G,CAAC,CAAC,OAAO;QACT,CAAC,CAAC,CAAC,CAAC,CAAA,MAAA,SAAS,CAAC,2BAA2B,0CAAE,QAAQ,CAAC,SAAS,CAAC,CAAA;YAC9D,CAAC,CAAC,SAAS;YACX,CAAC,CAAC,SAAS,CAAA;AACf,CAAC;AAND,kDAMC;AAED;;;;;;GAMG;AACH,SAAgB,aAAa,CAAC,GAAW;IACvC,OAAO,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAA;AACvB,CAAC;AAFD,sCAEC;AAED;;;;;;GAMG;AACH,SAAgB,aAAa,CAAC,GAAW;IACvC,OAAO,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC,CAAA;AAC5B,CAAC;AAFD,sCAEC;AAED;;;;;GAKG;AACH,SAAgB,iBAAiB,CAAC,EAAU;IAC1C,OAAO,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,CAAA;AACzB,CAAC;AAFD,8CAEC;AAED;;;;GAIG;AACH,SAAgB,eAAe,CAAC,EAAU;IACxC,OAAO,EAAE,CAAC,MAAM,KAAK,EAAE,CAAA;AACzB,CAAC;AAFD,0CAEC;AAED;;;;GAIG;AACH,SAAgB,eAAe,CAAC,EAAU;IACxC,OAAO,EAAE,CAAC,MAAM,KAAK,EAAE,CAAA;AACzB,CAAC;AAFD,0CAEC","sourcesContent":["// Uses fp as node names\nimport { acyclic, graphFromEdges, StronglyConnectedGraph } from '../utils/graph-utils'\nimport { DataOwner, DataOwnerOrStub, IccDataOwnerXApi } from '../icc-data-owner-x-api'\nimport { RSAUtils, ShaVersion } from './RSA'\nimport { hex2ua } from '../utils'\nimport { Patient } from '../../icc-api/model/Patient'\nimport { ExtendedApisUtils } from './ExtendedApisUtils'\nimport { CryptoPrimitives } from './CryptoPrimitives'\nimport { EncryptedEntityWithType } from '../utils/EntityWithDelegationTypeName'\nimport { IccPatientApi } from '../../icc-api'\nimport { ShareMetadataBehaviour } from './ShareMetadataBehaviour'\nimport { EntityShareRequest } from '../../icc-api/model/requests/EntityShareRequest'\nimport { DataOwnerWithType } from '../../icc-api/model/DataOwnerWithType'\nimport { DataOwnerTypeEnum } from '../../icc-api/model/DataOwnerTypeEnum'\nimport RequestedPermissionEnum = EntityShareRequest.RequestedPermissionEnum\n\n/**\n * @internal this function is meant only for internal use and may be changed without notice.\n * Get the public keys of a data owner which should be used for RSA-OAEP with sha256.\n * @param dataOwner\n */\nexport function hexPublicKeysWithSha256Of(dataOwner: DataOwner) {\n return new Set([...(dataOwner.publicKeysForOaepWithSha256 ?? [])].filter((pubKey) => !!pubKey) as string[])\n}\n\n/**\n * @internal this function is meant only for internal use and may be changed without notice.\n * Get the public keys of a data owner which should be used for RSA-OAEP with sha1.\n * @param dataOwner\n */\nexport function hexPublicKeysWithSha1Of(dataOwner: DataOwner) {\n return new Set([dataOwner.publicKey, ...Object.keys(dataOwner.aesExchangeKeys ?? {})].filter((pubKey) => !!pubKey) as string[])\n}\n\n/**\n * @internal this function is meant only for internal use and may be changed without notice.\n * Get the transfer key graph for a data owner. Node names are the public key fingerprints of the data owner's keys, and an edge represents a key\n * which can be retrieved from another key using the transfer keys.\n * @param dataOwner a data owner.\n * @return a graph representing the possible key recovery paths using transfer keys for hte provided data owner.\n */\nexport function transferKeysFpGraphOf(dataOwner: DataOwner): StronglyConnectedGraph {\n const publicKeys = Array.from([...hexPublicKeysWithSha1Of(dataOwner), ...hexPublicKeysWithSha256Of(dataOwner)])\n const edges: [string, string][] = []\n Object.entries(dataOwner.transferKeys ?? {}).forEach(([from, tos]) => {\n Object.keys(tos).forEach((to) => {\n edges.push([fingerprintV1(from), fingerprintV1(to)])\n })\n })\n return acyclic(\n graphFromEdges(\n edges,\n publicKeys.map((x) => fingerprintV1(x))\n )\n )\n}\n\n/**\n * @internal this function is meant only for internal use and may be changed without notice.\n * Get a map for converting public keys fingerprint to full public keys for the provided data owner.\n * @param dataOwner a data owner.\n * @param shaVersion gets only the keys that are generated with this SHA version (default: 'sha-1').\n * @return a map to convert fingerprints of the data owner into full public keys.\n */\nexport function fingerprintToPublicKeysMapOf(dataOwner: DataOwner, shaVersion: ShaVersion): { [fp: string]: string } {\n const publicKeys = shaVersion === 'sha-1' ? Array.from(hexPublicKeysWithSha1Of(dataOwner)) : Array.from(hexPublicKeysWithSha256Of(dataOwner))\n const res: { [fp: string]: string } = {}\n publicKeys.forEach((pk) => {\n res[fingerprintV1(pk)] = pk\n })\n return res\n}\n\n/**\n * @internal this function is meant only for internal use and may be changed without notice.\n * Load many public keys in spki format.\n * @param rsa the rsa service\n * @param publicKeysSpkiHex public keys in spki format, hex encoded.\n * @param shaVersion the version of the Sha algorithm used in the keys generations. ()\n * @return public keys as crypto keys by their fingerprint.\n */\nexport async function loadPublicKeys(\n rsa: RSAUtils,\n publicKeysSpkiHex: string[],\n shaVersion: ShaVersion\n): Promise<{ [publicKeyFingerprint: string]: CryptoKey }> {\n return Object.fromEntries(\n await Promise.all(publicKeysSpkiHex.map(async (x) => [fingerprintV1(x), await rsa.importKey('spki', hex2ua(x), ['encrypt'], shaVersion)]))\n )\n}\n\n/**\n * @internal This method is intended only for internal use and may be changed without notice.\n * Creates a delegation for the current data owner if the data owner is an encrypted entity and there is no delegation to himself.\n * @return the updated self.\n */\nexport async function ensureDelegationForSelf(\n dataOwnerApi: IccDataOwnerXApi,\n xapi: ExtendedApisUtils,\n patientApi: IccPatientApi,\n cryptoPrimitives: CryptoPrimitives\n): Promise<DataOwnerWithType> {\n const self = await dataOwnerApi.getCurrentDataOwner()\n if (self.type === 'patient') {\n const patient = new Patient(self.dataOwner)\n const patientWithType: EncryptedEntityWithType = { entity: patient, type: 'Patient' }\n const availableSecretIds = await xapi.secretIdsOf(patientWithType, undefined)\n if (availableSecretIds.length) {\n return self\n } else {\n if (xapi.hasEmptyEncryptionMetadata(patient)) {\n // This should not really happen, usually some user will have already initialised the patient and its encryption metadata.\n const updatedPatient = await xapi.entityWithInitialisedEncryptedMetadata(patient, 'Patient', undefined, undefined, true, true, {})\n return { dataOwner: await patientApi.modifyPatient(updatedPatient.updatedEntity), type: DataOwnerTypeEnum.Patient }\n } else {\n const updatedPatient = await xapi.simpleShareOrUpdateEncryptedEntityMetadata(\n { entity: patient, type: 'Patient' },\n false,\n {\n [patient.id!]: {\n shareEncryptionKeys: ShareMetadataBehaviour.IF_AVAILABLE,\n shareOwningEntityIds: ShareMetadataBehaviour.NEVER,\n shareSecretIds: [cryptoPrimitives.randomUuid()],\n requestedPermissions: RequestedPermissionEnum.FULL_WRITE,\n },\n },\n (x) => patientApi.bulkSharePatients(x)\n )\n return { dataOwner: updatedPatient.updatedEntityOrThrow, type: DataOwnerTypeEnum.Patient }\n }\n }\n } else {\n return self\n }\n}\n\n/**\n * @internal This method is intended only for internal use and may be changed without notice.\n * Search a public key in the data owner and returns the corresponding SHA version used to generate it or undefined if not found.\n * @param dataOwner the data owner.\n * @param publicKey the public key.\n * @return 'sha-1', 'sha-256', undefined\n */\nexport function getShaVersionForKey(dataOwner: DataOwnerOrStub, publicKey: string) {\n return dataOwner.publicKey === publicKey || Object.keys(dataOwner.aesExchangeKeys ?? {}).includes(publicKey)\n ? 'sha-1'\n : !!dataOwner.publicKeysForOaepWithSha256?.includes(publicKey)\n ? 'sha-256'\n : undefined\n}\n\n/**\n * @internal this function is meant only for internal use and may be changed without notice.\n * Calculates the fingerprint from the hexadecimal representation of a SPKI key. The fingerprint is calculated as the last 16 bytes (32 characters)\n * of the SPKI key.\n * @param key the hexadecimal representation of the SPKI key.\n * @return the fingerprint.\n */\nexport function fingerprintV1(key: string): string {\n return key.slice(-32)\n}\n\n/**\n * @internal this function is meant only for internal use and may be changed without notice.\n * Calculates the fingerprint from the hexadecimal representation of a SPKI key. The fingerprint is calculated as the last 16 bytes (32 characters) from which the\n * last 5 (10 characters) are removed because they are a constant of the SPKI format.\n * @param key the hexadecimal representation of the SPKI key.\n * @return the fingerprint.\n */\nexport function fingerprintV2(key: string): string {\n return key.slice(-32, -10)\n}\n\n/**\n * @internal this function is meant only for internal use and may be changed without notice.\n * Converts the fingerprint of a key from a V1 format to a V2 format.\n * @param fp the fingerprint of the key in the V1 format.\n * @return the fingerprint of the key in the v2 format.\n */\nexport function fingerprintV1toV2(fp: string): string {\n return fp.slice(0, -10)\n}\n\n/**\n * @internal this function is meant only for internal use and may be changed without notice.\n * @param fp the fingerprint.\n * @return true if the fingerprint is in V1 format, false otherwise.\n */\nexport function fingerprintIsV1(fp: string): boolean {\n return fp.length === 32\n}\n\n/**\n * @internal this function is meant only for internal use and may be changed without notice.\n * @param fp the fingerprint.\n * @return true if the fingerprint is in V2 format, false otherwise.\n */\nexport function fingerprintIsV2(fp: string): boolean {\n return fp.length === 22\n}\n"]}
1
+ {"version":3,"file":"utils.js","sourceRoot":"","sources":["../../../icc-x-api/crypto/utils.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,wBAAwB;AACxB,sDAAsF;AAEtF,+BAA4C;AAC5C,oCAA+D;AAC/D,yDAAqD;AAKrD,qEAAiE;AACjE,wFAAoF;AAEpF,6EAAyE;AACzE,IAAO,uBAAuB,GAAG,uCAAkB,CAAC,uBAAuB,CAAA;AAE3E;;;GAGG;AACH,SAAgB,yBAAyB,CAAC,SAAoB;;IAC5D,OAAO,IAAI,GAAG,CAAC,CAAC,GAAG,CAAC,MAAA,SAAS,CAAC,2BAA2B,mCAAI,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,CAAa,CAAC,CAAA;AAC7G,CAAC;AAFD,8DAEC;AAED;;;GAGG;AACH,SAAgB,uBAAuB,CAAC,SAAoB;;IAC1D,OAAO,IAAI,GAAG,CAAC,CAAC,SAAS,CAAC,SAAS,EAAE,GAAG,MAAM,CAAC,IAAI,CAAC,MAAA,SAAS,CAAC,eAAe,mCAAI,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,CAAa,CAAC,CAAA;AACjI,CAAC;AAFD,0DAEC;AAED;;;;;;GAMG;AACH,SAAgB,qBAAqB,CAAC,SAAoB;;IACxD,MAAM,UAAU,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,GAAG,uBAAuB,CAAC,SAAS,CAAC,EAAE,GAAG,yBAAyB,CAAC,SAAS,CAAC,CAAC,CAAC,CAAA;IAC/G,MAAM,KAAK,GAAuB,EAAE,CAAA;IACpC,MAAM,CAAC,OAAO,CAAC,MAAA,SAAS,CAAC,YAAY,mCAAI,EAAE,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,EAAE,GAAG,CAAC,EAAE,EAAE;QACnE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,CAAC,EAAE,EAAE,EAAE;YAC9B,KAAK,CAAC,IAAI,CAAC,CAAC,aAAa,CAAC,IAAI,CAAC,EAAE,aAAa,CAAC,EAAE,CAAC,CAAC,CAAC,CAAA;QACtD,CAAC,CAAC,CAAA;IACJ,CAAC,CAAC,CAAA;IACF,OAAO,IAAA,qBAAO,EACZ,IAAA,4BAAc,EACZ,KAAK,EACL,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,CACxC,CACF,CAAA;AACH,CAAC;AAdD,sDAcC;AAED;;;;;;GAMG;AACH,SAAgB,4BAA4B,CAAC,SAAoB,EAAE,UAAsB;IACvF,MAAM,UAAU,GAAG,UAAU,KAAK,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,uBAAuB,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,yBAAyB,CAAC,SAAS,CAAC,CAAC,CAAA;IAC7I,MAAM,GAAG,GAA6B,EAAE,CAAA;IACxC,UAAU,CAAC,OAAO,CAAC,CAAC,EAAE,EAAE,EAAE;QACxB,GAAG,CAAC,aAAa,CAAC,EAAE,CAAC,CAAC,GAAG,EAAE,CAAA;IAC7B,CAAC,CAAC,CAAA;IACF,OAAO,GAAG,CAAA;AACZ,CAAC;AAPD,oEAOC;AAED;;;;;;;GAOG;AACH,SAAsB,cAAc,CAClC,GAAa,EACb,iBAA2B,EAC3B,UAAsB;;QAEtB,OAAO,MAAM,CAAC,WAAW,CACvB,MAAM,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,GAAG,CAAC,CAAO,CAAC,EAAE,EAAE,gDAAC,OAAA,CAAC,aAAa,CAAC,CAAC,CAAC,EAAE,MAAM,GAAG,CAAC,SAAS,CAAC,MAAM,EAAE,IAAA,cAAM,EAAC,CAAC,CAAC,EAAE,CAAC,SAAS,CAAC,EAAE,UAAU,CAAC,CAAC,CAAA,GAAA,CAAC,CAAC,CAC3I,CAAA;IACH,CAAC;CAAA;AARD,wCAQC;AAED;;;;GAIG;AACH,SAAsB,uBAAuB,CAC3C,YAA8B,EAC9B,IAAuB,EACvB,UAAyB,EACzB,gBAAkC;;QAElC,MAAM,IAAI,GAAG,MAAM,YAAY,CAAC,mBAAmB,EAAE,CAAA;QACrD,IAAI,IAAI,CAAC,IAAI,KAAK,SAAS,EAAE;YAC3B,MAAM,OAAO,GAAG,IAAI,iBAAO,CAAC,IAAI,CAAC,SAAS,CAAC,CAAA;YAC3C,MAAM,eAAe,GAA4B,EAAE,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,oCAA4B,CAAC,OAAO,EAAE,CAAA;YAChH,MAAM,kBAAkB,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,eAAe,EAAE,SAAS,CAAC,CAAA;YAC7E,IAAI,kBAAkB,CAAC,MAAM,EAAE;gBAC7B,OAAO,IAAI,CAAA;aACZ;iBAAM;gBACL,IAAI,IAAI,CAAC,0BAA0B,CAAC,OAAO,CAAC,EAAE;oBAC5C,0HAA0H;oBAC1H,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,sCAAsC,CACtE,OAAO,EACP,oCAA4B,CAAC,OAAO,EACpC,SAAS,EACT,SAAS,EACT,IAAI,EACJ,IAAI,EACJ,EAAE,CACH,CAAA;oBACD,OAAO,EAAE,SAAS,EAAE,MAAM,UAAU,CAAC,aAAa,CAAC,cAAc,CAAC,aAAa,CAAC,EAAE,IAAI,EAAE,qCAAiB,CAAC,OAAO,EAAE,CAAA;iBACpH;qBAAM;oBACL,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,0CAA0C,CAC1E,EAAE,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,oCAA4B,CAAC,OAAO,EAAE,EAC/D,KAAK,EACL;wBACE,CAAC,OAAO,CAAC,EAAG,CAAC,EAAE;4BACb,mBAAmB,EAAE,+CAAsB,CAAC,YAAY;4BACxD,oBAAoB,EAAE,+CAAsB,CAAC,KAAK;4BAClD,cAAc,EAAE,CAAC,gBAAgB,CAAC,UAAU,EAAE,CAAC;4BAC/C,oBAAoB,EAAE,uBAAuB,CAAC,UAAU;yBACzD;qBACF,EACD,CAAC,CAAC,EAAE,EAAE,CAAC,UAAU,CAAC,iBAAiB,CAAC,CAAC,CAAC,CACvC,CAAA;oBACD,OAAO,EAAE,SAAS,EAAE,cAAc,CAAC,oBAAoB,EAAE,IAAI,EAAE,qCAAiB,CAAC,OAAO,EAAE,CAAA;iBAC3F;aACF;SACF;aAAM;YACL,OAAO,IAAI,CAAA;SACZ;IACH,CAAC;CAAA;AA9CD,0DA8CC;AAED;;;;;GAKG;AACH,SAAgB,mBAAmB,CAAC,SAA0B,EAAE,SAAiB;;IAC/E,OAAO,SAAS,CAAC,SAAS,KAAK,SAAS,IAAI,MAAM,CAAC,IAAI,CAAC,MAAA,SAAS,CAAC,eAAe,mCAAI,EAAE,CAAC,CAAC,QAAQ,CAAC,SAAS,CAAC;QAC1G,CAAC,CAAC,gBAAU,CAAC,IAAI;QACjB,CAAC,CAAC,CAAC,CAAC,CAAA,MAAA,SAAS,CAAC,2BAA2B,0CAAE,QAAQ,CAAC,SAAS,CAAC,CAAA;YAC9D,CAAC,CAAC,gBAAU,CAAC,MAAM;YACnB,CAAC,CAAC,SAAS,CAAA;AACf,CAAC;AAND,kDAMC;AAED;;;;;;GAMG;AACH,SAAgB,aAAa,CAAC,GAAW;IACvC,OAAO,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAA;AACvB,CAAC;AAFD,sCAEC;AAED;;;;;;GAMG;AACH,SAAgB,aAAa,CAAC,GAAW;IACvC,OAAO,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC,CAAA;AAC5B,CAAC;AAFD,sCAEC;AAED;;;;;GAKG;AACH,SAAgB,iBAAiB,CAAC,EAAU;IAC1C,OAAO,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,CAAA;AACzB,CAAC;AAFD,8CAEC;AAED;;;;GAIG;AACH,SAAgB,eAAe,CAAC,EAAU;IACxC,OAAO,EAAE,CAAC,MAAM,KAAK,EAAE,CAAA;AACzB,CAAC;AAFD,0CAEC;AAED;;;;GAIG;AACH,SAAgB,eAAe,CAAC,EAAU;IACxC,OAAO,EAAE,CAAC,MAAM,KAAK,EAAE,CAAA;AACzB,CAAC;AAFD,0CAEC;AAED;;;;GAIG;AACH,SAAgB,yBAAyB,CAAC,EAAU;IAClD,OAAO,EAAE,GAAG,YAAY,CAAA;AAC1B,CAAC;AAFD,8DAEC;AAED;;;;GAIG;AACH,SAAgB,0BAA0B,CAAC,eAAuB;IAChE,IAAI,eAAe,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,IAAI,YAAY,EAAE;QAC9C,MAAM,IAAI,KAAK,CAAC,gEAAgE,CAAC,CAAA;KAClF;AACH,CAAC;AAJD,gEAIC","sourcesContent":["// Uses fp as node names\nimport { acyclic, graphFromEdges, StronglyConnectedGraph } from '../utils/graph-utils'\nimport { DataOwner, DataOwnerOrStub, IccDataOwnerXApi } from '../icc-data-owner-x-api'\nimport { RSAUtils, ShaVersion } from './RSA'\nimport { EntityWithDelegationTypeName, hex2ua } from '../utils'\nimport { Patient } from '../../icc-api/model/Patient'\nimport { ExtendedApisUtils } from './ExtendedApisUtils'\nimport { CryptoPrimitives } from './CryptoPrimitives'\nimport { EncryptedEntityWithType } from '../utils/EntityWithDelegationTypeName'\nimport { IccPatientApi } from '../../icc-api'\nimport { ShareMetadataBehaviour } from './ShareMetadataBehaviour'\nimport { EntityShareRequest } from '../../icc-api/model/requests/EntityShareRequest'\nimport { DataOwnerWithType } from '../../icc-api/model/DataOwnerWithType'\nimport { DataOwnerTypeEnum } from '../../icc-api/model/DataOwnerTypeEnum'\nimport RequestedPermissionEnum = EntityShareRequest.RequestedPermissionEnum\n\n/**\n * Get the public keys of a data owner which should be used for RSA-OAEP with sha256.\n * @param dataOwner\n */\nexport function hexPublicKeysWithSha256Of(dataOwner: DataOwner) {\n return new Set([...(dataOwner.publicKeysForOaepWithSha256 ?? [])].filter((pubKey) => !!pubKey) as string[])\n}\n\n/**\n * Get the public keys of a data owner which should be used for RSA-OAEP with sha1.\n * @param dataOwner\n */\nexport function hexPublicKeysWithSha1Of(dataOwner: DataOwner) {\n return new Set([dataOwner.publicKey, ...Object.keys(dataOwner.aesExchangeKeys ?? {})].filter((pubKey) => !!pubKey) as string[])\n}\n\n/**\n * @internal this function is meant only for internal use and may be changed without notice.\n * Get the transfer key graph for a data owner. Node names are the public key fingerprints of the data owner's keys, and an edge represents a key\n * which can be retrieved from another key using the transfer keys.\n * @param dataOwner a data owner.\n * @return a graph representing the possible key recovery paths using transfer keys for hte provided data owner.\n */\nexport function transferKeysFpGraphOf(dataOwner: DataOwner): StronglyConnectedGraph {\n const publicKeys = Array.from([...hexPublicKeysWithSha1Of(dataOwner), ...hexPublicKeysWithSha256Of(dataOwner)])\n const edges: [string, string][] = []\n Object.entries(dataOwner.transferKeys ?? {}).forEach(([from, tos]) => {\n Object.keys(tos).forEach((to) => {\n edges.push([fingerprintV1(from), fingerprintV1(to)])\n })\n })\n return acyclic(\n graphFromEdges(\n edges,\n publicKeys.map((x) => fingerprintV1(x))\n )\n )\n}\n\n/**\n * @internal this function is meant only for internal use and may be changed without notice.\n * Get a map for converting public keys fingerprint to full public keys for the provided data owner.\n * @param dataOwner a data owner.\n * @param shaVersion gets only the keys that are generated with this SHA version (default: 'sha-1').\n * @return a map to convert fingerprints of the data owner into full public keys.\n */\nexport function fingerprintToPublicKeysMapOf(dataOwner: DataOwner, shaVersion: ShaVersion): { [fp: string]: string } {\n const publicKeys = shaVersion === 'sha-1' ? Array.from(hexPublicKeysWithSha1Of(dataOwner)) : Array.from(hexPublicKeysWithSha256Of(dataOwner))\n const res: { [fp: string]: string } = {}\n publicKeys.forEach((pk) => {\n res[fingerprintV1(pk)] = pk\n })\n return res\n}\n\n/**\n * @internal this function is meant only for internal use and may be changed without notice.\n * Load many public keys in spki format.\n * @param rsa the rsa service\n * @param publicKeysSpkiHex public keys in spki format, hex encoded.\n * @param shaVersion the version of the Sha algorithm used in the keys generations. ()\n * @return public keys as crypto keys by their fingerprint.\n */\nexport async function loadPublicKeys(\n rsa: RSAUtils,\n publicKeysSpkiHex: string[],\n shaVersion: ShaVersion\n): Promise<{ [publicKeyFingerprint: string]: CryptoKey }> {\n return Object.fromEntries(\n await Promise.all(publicKeysSpkiHex.map(async (x) => [fingerprintV1(x), await rsa.importKey('spki', hex2ua(x), ['encrypt'], shaVersion)]))\n )\n}\n\n/**\n * @internal This method is intended only for internal use and may be changed without notice.\n * Creates a delegation for the current data owner if the data owner is an encrypted entity and there is no delegation to himself.\n * @return the updated self.\n */\nexport async function ensureDelegationForSelf(\n dataOwnerApi: IccDataOwnerXApi,\n xapi: ExtendedApisUtils,\n patientApi: IccPatientApi,\n cryptoPrimitives: CryptoPrimitives\n): Promise<DataOwnerWithType> {\n const self = await dataOwnerApi.getCurrentDataOwner()\n if (self.type === 'patient') {\n const patient = new Patient(self.dataOwner)\n const patientWithType: EncryptedEntityWithType = { entity: patient, type: EntityWithDelegationTypeName.Patient }\n const availableSecretIds = await xapi.secretIdsOf(patientWithType, undefined)\n if (availableSecretIds.length) {\n return self\n } else {\n if (xapi.hasEmptyEncryptionMetadata(patient)) {\n // This should not really happen, usually some user will have already initialised the patient and its encryption metadata.\n const updatedPatient = await xapi.entityWithInitialisedEncryptedMetadata(\n patient,\n EntityWithDelegationTypeName.Patient,\n undefined,\n undefined,\n true,\n true,\n {}\n )\n return { dataOwner: await patientApi.modifyPatient(updatedPatient.updatedEntity), type: DataOwnerTypeEnum.Patient }\n } else {\n const updatedPatient = await xapi.simpleShareOrUpdateEncryptedEntityMetadata(\n { entity: patient, type: EntityWithDelegationTypeName.Patient },\n false,\n {\n [patient.id!]: {\n shareEncryptionKeys: ShareMetadataBehaviour.IF_AVAILABLE,\n shareOwningEntityIds: ShareMetadataBehaviour.NEVER,\n shareSecretIds: [cryptoPrimitives.randomUuid()],\n requestedPermissions: RequestedPermissionEnum.FULL_WRITE,\n },\n },\n (x) => patientApi.bulkSharePatients(x)\n )\n return { dataOwner: updatedPatient.updatedEntityOrThrow, type: DataOwnerTypeEnum.Patient }\n }\n }\n } else {\n return self\n }\n}\n\n/**\n * Search a public key in the data owner and returns the corresponding SHA version used to generate it or undefined if not found.\n * @param dataOwner the data owner.\n * @param publicKey the public key.\n * @return 'sha-1', 'sha-256', undefined\n */\nexport function getShaVersionForKey(dataOwner: DataOwnerOrStub, publicKey: string): ShaVersion | undefined {\n return dataOwner.publicKey === publicKey || Object.keys(dataOwner.aesExchangeKeys ?? {}).includes(publicKey)\n ? ShaVersion.Sha1\n : !!dataOwner.publicKeysForOaepWithSha256?.includes(publicKey)\n ? ShaVersion.Sha256\n : undefined\n}\n\n/**\n * @internal this function is meant only for internal use and may be changed without notice.\n * Calculates the fingerprint from the hexadecimal representation of a SPKI key. The fingerprint is calculated as the last 16 bytes (32 characters)\n * of the SPKI key.\n * @param key the hexadecimal representation of the SPKI key.\n * @return the fingerprint.\n */\nexport function fingerprintV1(key: string): string {\n return key.slice(-32)\n}\n\n/**\n * @internal this function is meant only for internal use and may be changed without notice.\n * Calculates the fingerprint from the hexadecimal representation of a SPKI key. The fingerprint is calculated as the last 16 bytes (32 characters) from which the\n * last 5 (10 characters) are removed because they are a constant of the SPKI format.\n * @param key the hexadecimal representation of the SPKI key.\n * @return the fingerprint.\n */\nexport function fingerprintV2(key: string): string {\n return key.slice(-32, -10)\n}\n\n/**\n * @internal this function is meant only for internal use and may be changed without notice.\n * Converts the fingerprint of a key from a V1 format to a V2 format.\n * @param fp the fingerprint of the key in the V1 format.\n * @return the fingerprint of the key in the v2 format.\n */\nexport function fingerprintV1toV2(fp: string): string {\n return fp.slice(0, -10)\n}\n\n/**\n * @internal this function is meant only for internal use and may be changed without notice.\n * @param fp the fingerprint.\n * @return true if the fingerprint is in V1 format, false otherwise.\n */\nexport function fingerprintIsV1(fp: string): boolean {\n return fp.length === 32\n}\n\n/**\n * @internal this function is meant only for internal use and may be changed without notice.\n * @param fp the fingerprint.\n * @return true if the fingerprint is in V2 format, false otherwise.\n */\nexport function fingerprintIsV2(fp: string): boolean {\n return fp.length === 22\n}\n\n/**\n * @internal this function is meant only for internal use and may be changed without notice.\n * @param fp the fingerprint v2.\n * @return the fingerprint v1 using the standard tail.\n */\nexport function fingerprintV2ToStandardV1(fp: string): string {\n return fp + '0203010001'\n}\n\n/**\n * @internal this function is meant only for internal use and may be changed without notice.\n * @param publicKeyOrFpv1 a public key in spki format or a public key fp v1\n * @throws if the input does not terminate with 0203010001\n */\nexport function checkStandardPublicKeyTail(publicKeyOrFpv1: string) {\n if (publicKeyOrFpv1.slice(-10) != '0203010001') {\n throw new Error('Illegal state: generated public key should end with 0203010001')\n }\n}\n"]}
@@ -19,7 +19,7 @@ var AccessLevelEnum = SecureDelegation_1.SecureDelegation.AccessLevelEnum;
19
19
  const utils_1 = require("./utils");
20
20
  class IccAccesslogXApi extends icc_api_1.IccAccesslogApi {
21
21
  get headers() {
22
- return super.headers.then((h) => this.crypto.accessControlKeysHeaders.addAccessControlKeysHeaders(h, 'AccessLog'));
22
+ return super.headers.then((h) => this.crypto.accessControlKeysHeaders.addAccessControlKeysHeaders(h, utils_1.EntityWithDelegationTypeName.AccessLog));
23
23
  }
24
24
  constructor(host, headers, crypto, dataOwnerApi, autofillAuthor, cryptedKeys = ['detail', 'objectId'], authenticationProvider = new AuthenticationProvider_1.NoAuthenticationProvider(), fetchImpl = typeof window !== 'undefined'
25
25
  ? window.fetch
@@ -54,12 +54,12 @@ class IccAccesslogXApi extends icc_api_1.IccAccesslogApi {
54
54
  const ownerId = this.dataOwnerApi.getDataOwnerIdOf(user);
55
55
  if (ownerId !== (yield this.dataOwnerApi.getCurrentDataOwnerId()))
56
56
  throw new Error('Can only initialise entities as current data owner.');
57
- const sfk = (_m = options.preferredSfk) !== null && _m !== void 0 ? _m : (yield this.crypto.confidential.getAnySecretIdSharedWithParents({ entity: patient, type: 'Patient' }));
57
+ const sfk = (_m = options.preferredSfk) !== null && _m !== void 0 ? _m : (yield this.crypto.confidential.getAnySecretIdSharedWithParents({ entity: patient, type: utils_1.EntityWithDelegationTypeName.Patient }));
58
58
  if (!sfk)
59
59
  throw new Error(`Couldn't find any sfk of parent patient ${patient.id}`);
60
60
  const extraDelegations = Object.assign(Object.assign({}, Object.fromEntries([...((_p = (_o = user.autoDelegations) === null || _o === void 0 ? void 0 : _o.all) !== null && _p !== void 0 ? _p : []), ...((_r = (_q = user.autoDelegations) === null || _q === void 0 ? void 0 : _q.administrativeData) !== null && _r !== void 0 ? _r : [])].map((x) => [x, AccessLevelEnum.WRITE]))), ((_s = options.additionalDelegates) !== null && _s !== void 0 ? _s : {}));
61
61
  return new models_1.AccessLog(yield this.crypto.xapi
62
- .entityWithInitialisedEncryptedMetadata(accessLog, 'AccessLog', patient.id, sfk, true, false, extraDelegations)
62
+ .entityWithInitialisedEncryptedMetadata(accessLog, utils_1.EntityWithDelegationTypeName.AccessLog, patient.id, sfk, true, false, extraDelegations)
63
63
  .then((x) => x.updatedEntity));
64
64
  });
65
65
  }
@@ -83,7 +83,7 @@ class IccAccesslogXApi extends icc_api_1.IccAccesslogApi {
83
83
  */
84
84
  findBy(hcpartyId, patient, usingPost = false) {
85
85
  return __awaiter(this, void 0, void 0, function* () {
86
- const extractedKeys = yield this.crypto.xapi.secretIdsOf({ entity: patient, type: 'Patient' }, hcpartyId);
86
+ const extractedKeys = yield this.crypto.xapi.secretIdsOf({ entity: patient, type: utils_1.EntityWithDelegationTypeName.Patient }, hcpartyId);
87
87
  const topmostParentId = (yield this.dataOwnerApi.getCurrentDataOwnerHierarchyIds())[0];
88
88
  return extractedKeys && extractedKeys.length > 0
89
89
  ? usingPost
@@ -105,14 +105,14 @@ class IccAccesslogXApi extends icc_api_1.IccAccesslogApi {
105
105
  return super.findAccessLogsByHCPartyPatientForeignKeysUsingPost(hcPartyId, secretFKeys).then((accesslogs) => this.decrypt(hcPartyId, accesslogs));
106
106
  }
107
107
  decrypt(hcpId, accessLogs) {
108
- return Promise.all(accessLogs.map((x) => this.crypto.xapi.decryptEntity(x, 'AccessLog', (json) => new models_1.AccessLog(json)).then(({ entity }) => entity)));
108
+ return Promise.all(accessLogs.map((x) => this.crypto.xapi.decryptEntity(x, utils_1.EntityWithDelegationTypeName.AccessLog, (json) => new models_1.AccessLog(json)).then(({ entity }) => entity)));
109
109
  }
110
110
  encrypt(user, accessLogs) {
111
111
  const owner = this.dataOwnerApi.getDataOwnerIdOf(user);
112
112
  return this.encryptAs(owner, accessLogs);
113
113
  }
114
114
  encryptAs(dataOwner, accessLogs) {
115
- return Promise.all(accessLogs.map((x) => this.crypto.xapi.tryEncryptEntity(x, 'AccessLog', this.encryptedFields, false, false, (json) => new models_1.AccessLog(json))));
115
+ return Promise.all(accessLogs.map((x) => this.crypto.xapi.tryEncryptEntity(x, utils_1.EntityWithDelegationTypeName.AccessLog, this.encryptedFields, false, false, (json) => new models_1.AccessLog(json))));
116
116
  }
117
117
  createAccessLog(body) {
118
118
  throw new Error('Cannot call a method that returns access logs without providing a user for de/encryption');
@@ -181,7 +181,9 @@ class IccAccesslogXApi extends icc_api_1.IccAccesslogApi {
181
181
  const currentLimit = limit - foundAccessLogs.length;
182
182
  const { rows: logs, nextKeyPair: newNextKeyPair } = (yield _super.findByUserAfterDate.call(this, userId, 'USER_ACCESS', startDate, nextKeyPair && JSON.stringify(nextKeyPair.startKey), nextKeyPair && nextKeyPair.startKeyDocId, numberRequestedAccessLogs, true));
183
183
  const logsWithPatientId = yield this.decrypt(this.dataOwnerApi.getDataOwnerIdOf(user), logs).then((decryptedLogs) => Promise.all(_.map(decryptedLogs, (decryptedLog) => {
184
- return this.crypto.xapi.owningEntityIdsOf({ entity: decryptedLog, type: 'AccessLog' }, user.healthcarePartyId).then((keys) => (Object.assign(Object.assign({}, decryptedLog), { patientId: _.head(keys) })));
184
+ return this.crypto.xapi
185
+ .owningEntityIdsOf({ entity: decryptedLog, type: utils_1.EntityWithDelegationTypeName.AccessLog }, user.healthcarePartyId)
186
+ .then((keys) => (Object.assign(Object.assign({}, decryptedLog), { patientId: _.head(keys) })));
185
187
  })));
186
188
  const uniqueLogs = _.chain(logsWithPatientId)
187
189
  .reject((log) => _.some(foundAccessLogs, ({ patientId }) => patientId === log.patientId))
@@ -209,7 +211,7 @@ class IccAccesslogXApi extends icc_api_1.IccAccesslogApi {
209
211
  */
210
212
  decryptPatientIdOf(accessLog) {
211
213
  return __awaiter(this, void 0, void 0, function* () {
212
- return this.crypto.xapi.owningEntityIdsOf({ entity: accessLog, type: 'AccessLog' }, undefined);
214
+ return this.crypto.xapi.owningEntityIdsOf({ entity: accessLog, type: utils_1.EntityWithDelegationTypeName.AccessLog }, undefined);
213
215
  });
214
216
  }
215
217
  /**
@@ -217,7 +219,7 @@ class IccAccesslogXApi extends icc_api_1.IccAccesslogApi {
217
219
  */
218
220
  hasWriteAccess(accessLog) {
219
221
  return __awaiter(this, void 0, void 0, function* () {
220
- return this.crypto.xapi.hasWriteAccess({ entity: accessLog, type: 'AccessLog' });
222
+ return this.crypto.xapi.hasWriteAccess({ entity: accessLog, type: utils_1.EntityWithDelegationTypeName.AccessLog });
221
223
  });
222
224
  }
223
225
  /**
@@ -275,10 +277,10 @@ class IccAccesslogXApi extends icc_api_1.IccAccesslogApi {
275
277
  return __awaiter(this, void 0, void 0, function* () {
276
278
  const self = yield this.dataOwnerApi.getCurrentDataOwnerId();
277
279
  // All entities should have an encryption key.
278
- const entityWithEncryptionKey = yield this.crypto.xapi.ensureEncryptionKeysInitialised(accessLog, 'AccessLog');
280
+ const entityWithEncryptionKey = yield this.crypto.xapi.ensureEncryptionKeysInitialised(accessLog, utils_1.EntityWithDelegationTypeName.AccessLog);
279
281
  const updatedEntity = entityWithEncryptionKey ? yield this.modifyAs(self, entityWithEncryptionKey) : accessLog;
280
282
  return this.crypto.xapi
281
- .simpleShareOrUpdateEncryptedEntityMetadata({ entity: updatedEntity, type: 'AccessLog' }, true, Object.fromEntries(Object.entries(delegates).map(([delegateId, options]) => [
283
+ .simpleShareOrUpdateEncryptedEntityMetadata({ entity: updatedEntity, type: utils_1.EntityWithDelegationTypeName.AccessLog }, true, Object.fromEntries(Object.entries(delegates).map(([delegateId, options]) => [
282
284
  delegateId,
283
285
  {
284
286
  requestedPermissions: options.requestedPermissions,
@@ -291,13 +293,13 @@ class IccAccesslogXApi extends icc_api_1.IccAccesslogApi {
291
293
  });
292
294
  }
293
295
  getDataOwnersWithAccessTo(entity) {
294
- return this.crypto.delegationsDeAnonymization.getDataOwnersWithAccessTo({ entity, type: 'AccessLog' });
296
+ return this.crypto.delegationsDeAnonymization.getDataOwnersWithAccessTo({ entity, type: utils_1.EntityWithDelegationTypeName.AccessLog });
295
297
  }
296
298
  getEncryptionKeysOf(entity) {
297
- return this.crypto.xapi.encryptionKeysOf({ entity, type: 'AccessLog' }, undefined);
299
+ return this.crypto.xapi.encryptionKeysOf({ entity, type: utils_1.EntityWithDelegationTypeName.AccessLog }, undefined);
298
300
  }
299
301
  createDelegationDeAnonymizationMetadata(entity, delegates) {
300
- return this.crypto.delegationsDeAnonymization.createOrUpdateDeAnonymizationInfo({ entity, type: 'AccessLog' }, delegates);
302
+ return this.crypto.delegationsDeAnonymization.createOrUpdateDeAnonymizationInfo({ entity, type: utils_1.EntityWithDelegationTypeName.AccessLog }, delegates);
301
303
  }
302
304
  }
303
305
  exports.IccAccesslogXApi = IccAccesslogXApi;