@icure/api 8.0.9 → 8.0.10
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/icc-x-api/crypto/BaseExchangeDataManager.js +1 -1
- package/icc-x-api/crypto/BaseExchangeDataManager.js.map +1 -1
- package/icc-x-api/crypto/BaseExchangeKeysManager.js +7 -3
- package/icc-x-api/crypto/BaseExchangeKeysManager.js.map +1 -1
- package/icc-x-api/crypto/KeyRecovery.js +1 -1
- package/icc-x-api/crypto/KeyRecovery.js.map +1 -1
- package/icc-x-api/crypto/ShamirKeysManager.js +8 -9
- package/icc-x-api/crypto/ShamirKeysManager.js.map +1 -1
- package/icc-x-api/crypto/UserEncryptionKeysManager.js +2 -3
- package/icc-x-api/crypto/UserEncryptionKeysManager.js.map +1 -1
- package/icc-x-api/crypto/UserSignatureKeysManager.js +9 -5
- package/icc-x-api/crypto/UserSignatureKeysManager.js.map +1 -1
- package/icc-x-api/crypto/utils.d.ts +12 -0
- package/icc-x-api/crypto/utils.js +21 -1
- package/icc-x-api/crypto/utils.js.map +1 -1
- package/icc-x-api/icc-data-owner-x-api.js +1 -1
- package/icc-x-api/icc-data-owner-x-api.js.map +1 -1
- package/icc-x-api/icc-icure-maintenance-x-api.js +4 -3
- package/icc-x-api/icc-icure-maintenance-x-api.js.map +1 -1
- package/icc-x-api/storage/IcureStorageFacade.js +4 -1
- package/icc-x-api/storage/IcureStorageFacade.js.map +1 -1
- package/package.json +1 -1
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"icc-icure-maintenance-x-api.js","sourceRoot":"","sources":["../../icc-x-api/icc-icure-maintenance-x-api.ts"],"names":[],"mappings":";;;;;;;;;;;;AAEA,sEAAkE;AAClE,mCAAgC;AAChC,gEAA4D;AAC5D,wEAAoE;AACpE,wEAAoE;AAEpE,6EAAyE;AAGzE,wEAAoE;AAEpE,0EAAsE;AACtE,IAAO,eAAe,GAAG,mCAAgB,CAAC,eAAe,CAAA;AAIzD;;GAEG;AACH,MAAa,uBAAuB;IAClC,YACmB,MAAqB,EACrB,QAAgC,EAChC,YAA8B,EAC9B,eAAmC;QAHnC,WAAM,GAAN,MAAM,CAAe;QACrB,aAAQ,GAAR,QAAQ,CAAwB;QAChC,iBAAY,GAAZ,YAAY,CAAkB;QAC9B,oBAAe,GAAf,eAAe,CAAoB;IACnD,CAAC;IAEJ,iEAAiE;IAEjE;;;;;OAKG;IACG,kBAAkB,CAAC,MAA4B;;YACnD,MAAM,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,IAAI,CAAC,gBAAgB,CAClD,MAAM,CAAC,oBAAoB,EAC3B,MAAM,CAAC,YAAY,EACnB,IAAI,CAAC,MAAM,CAAC,eAAe,CAAC,iBAAiB,EAAE,CAChD,CAAA;YACD,MAAM,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,gBAAgB,CAAC,MAAM,CAAC,oBAAoB,EAAE,MAAM,CAAC,YAAY,CAAC,CAAA;QACnG,CAAC;KAAA;IAED;;;;;;;OAOG;IACG,mCAAmC,CAAC,IAAU,EAAE,OAA2B,EAAE,mBAAyC;;YAC1H,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,uBAAuB,EAAE,CAAA;YACzE,IAAI,CAAC,mBAAmB,EAAE;gBACxB,IAAI,eAAe,KAAK,QAAQ,EAAE;oBAChC,OAAO,CAAC,IAAI,CAAC,sGAAsG,CAAC,CAAA;oBACpH,OAAM;iBACP;qBAAM;oBACL,mBAAmB;wBACjB,eAAe,KAAK,qCAAiB,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,qCAAiB,CAAC,OAAO,EAAE,qCAAiB,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,qCAAiB,CAAC,GAAG,CAAC,CAAA;iBAC/H;aACF;YACD,MAAM,YAAY,GAAG,IAAA,cAAM,EAAC,MAAM,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,GAAG,CAAC,SAAS,CAAC,OAAO,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC,CAAA;YAClG,MAAM,cAAc,GAAG,YAAY,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAA;YAC9C,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,qBAAqB,EAAE,CAAA;YAC9D,MAAM,gCAAgC,GAAG,CAAC,MAAM,IAAI,CAAC,sBAAsB,CAAC,MAAM,EAAE,mBAAmB,CAAC,CAAC;iBACtG,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;iBACxD,OAAO,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC;iBAClD,MAAM,CAAC,CAAC,SAAS,EAAE,EAAE,CAAC,SAAS,KAAK,MAAM,CAAC,CAAA;YAC9C,MAAM,gCAAgC,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,sCAAsC,CACxG,MAAM,EACN,CAAC,GAAG,IAAI,GAAG,CAAC,mBAAmB,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAC5C,CAAA;YACD,MAAM,iBAAiB,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC,CAAC,GAAG,gCAAgC,EAAE,GAAG,gCAAgC,CAAC,CAAC,CAAC,CAAA;YAClH,IAAI,iBAAiB,CAAC,MAAM,GAAG,CAAC,EAAE;gBAChC,MAAM,aAAa,GAAG,iBAAiB,CAAC,GAAG,CAAC,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC;oBAC1D,QAAQ,EAAE,SAAS;oBACnB,IAAI,EAAE,IAAI,CAAC,qBAAqB,CAAC,MAAM,EAAE,YAAY,CAAC;iBACvD,CAAC,CAAC,CAAA;gBACH,KAAK,MAAM,YAAY,IAAI,aAAa,EAAE;oBACxC,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,EAAE,YAAY,CAAC,IAAI,EAAE;wBACxE,mBAAmB,EAAE,EAAE,CAAC,YAAY,CAAC,QAAQ,CAAC,EAAE,eAAe,CAAC,KAAK,EAAE;qBACxE,CAAC,CAAA;oBACF,IAAI,QAAQ,EAAE;wBACZ,sBAAsB;wBACtB,MAAM,IAAI,CAAC,QAAQ,CAAC,6BAA6B,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAA;qBAClE;iBACF;aACF;QACH,CAAC;KAAA;IAEa,sBAAsB,CAAC,WAAmB,EAAE,eAAoC;;YAC5F,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,IAAI,CAAC,sBAAsB,CAAC,WAAW,EAAE,eAAe,CAAC,CAAA;YAChH,MAAM,MAAM,GAAG,MAAM,CAAC,OAAO,CAAC,eAAe,CAAC,WAAW,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,WAAW,EAAE,iBAAiB,CAAC,EAAE,EAAE,CACtG,MAAM,CAAC,MAAM,CAAC,iBAAiB,CAAC,CAAC,GAAG,CAAC,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC;gBACvD,SAAS,EAAE,WAAW;gBACtB,QAAQ,EAAE,WAAW;gBACrB,YAAY,EAAE,IAAI,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;aAC3E,CAAC,CAAC,CACJ,CAAA;YACD,MAAM,QAAQ,GAAG,MAAM,CAAC,MAAM,CAAC,eAAe,CAAC,aAAa,CAAC,CAAC,OAAO,CAAC,CAAC,gBAAgB,EAAE,EAAE,CACzF,MAAM,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,UAAU,EAAE,aAAa,CAAC,EAAE,EAAE,CAAC,CAAC;gBACrE,SAAS,EAAE,WAAW;gBACtB,QAAQ,EAAE,UAAU;gBACpB,YAAY,EAAE,IAAI,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;aAC3E,CAAC,CAAC,CACJ,CAAA;YACD,OAAO,CAAC,GAAG,QAAQ,EAAE,GAAG,MAAM,CAAC,CAAA;QACjC,CAAC;KAAA;IAEO,qBAAqB,CAAC,OAAe,EAAE,eAAuB;QACpE,OAAO,IAAI,iCAAe,CAAC;YACzB,EAAE,EAAE,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,UAAU,EAAE;YACvC,QAAQ,EAAE,2CAAoB,CAAC,SAAS;YACxC,MAAM,EAAE,iCAAe,CAAC,UAAU,CAAC,OAAO;YAC1C,UAAU,EAAE;gBACV,IAAI,2BAAY,CAAC;oBACf,EAAE,EAAE,2CAAoB,CAAC,gBAAgB;oBACzC,IAAI,EAAE,IAAI,mCAAgB,CAAC,EAAE,IAAI,EAAE,mCAAgB,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC;oBACtE,UAAU,EAAE,IAAI,mCAAgB,CAAC;wBAC/B,IAAI,EAAE,mCAAgB,CAAC,QAAQ,CAAC,MAAM;wBACtC,WAAW,EAAE,OAAO;qBACrB,CAAC;iBACH,CAAC;gBACF,IAAI,2BAAY,CAAC;oBACf,EAAE,EAAE,2CAAoB,CAAC,iBAAiB;oBAC1C,IAAI,EAAE,IAAI,mCAAgB,CAAC,EAAE,IAAI,EAAE,mCAAgB,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC;oBACtE,UAAU,EAAE,IAAI,mCAAgB,CAAC;wBAC/B,IAAI,EAAE,mCAAgB,CAAC,QAAQ,CAAC,MAAM;wBACtC,WAAW,EAAE,eAAe;qBAC7B,CAAC;iBACH,CAAC;aACH;SACF,CAAC,CAAA;IACJ,CAAC;CACF;AArHD,0DAqHC","sourcesContent":["import { KeyPair } from './crypto/RSA'\nimport { IccMaintenanceTaskXApi } from './icc-maintenance-task-x-api'\nimport { MaintenanceTask } from '../icc-api/model/MaintenanceTask'\nimport { ua2hex } from './utils'\nimport { PropertyStub } from '../icc-api/model/PropertyStub'\nimport { PropertyTypeStub } from '../icc-api/model/PropertyTypeStub'\nimport { TypedValueObject } from '../icc-api/model/TypedValueObject'\nimport { IccCryptoXApi } from './icc-crypto-x-api'\nimport { KeyPairUpdateRequest } from './maintenance/KeyPairUpdateRequest'\nimport { IccDataOwnerXApi } from './icc-data-owner-x-api'\nimport { User } from '../icc-api/model/User'\nimport { SecureDelegation } from '../icc-api/model/SecureDelegation'\nimport { IccExchangeDataApi } from '../icc-api/api/internal/IccExchangeDataApi'\nimport { DataOwnerTypeEnum } from '../icc-api/model/DataOwnerTypeEnum'\nimport AccessLevelEnum = SecureDelegation.AccessLevelEnum\n\ntype ExchangeKeyInfo = { delegator: string; delegate: string; fingerprints: Set<string> }\n\n/**\n * Api for interpreting maintenance tasks and applying required client-side actions.\n */\nexport class IccIcureMaintenanceXApi {\n constructor(\n private readonly crypto: IccCryptoXApi,\n private readonly tasksApi: IccMaintenanceTaskXApi,\n private readonly dataOwnerApi: IccDataOwnerXApi,\n private readonly exchangeDataApi: IccExchangeDataApi\n ) {}\n\n // TODO api to get all tasks for current owner from owner with id\n\n /**\n * Applies a key pair update request between another data owner and the current data owner to allow the other data owner to access existing exchange\n * keys shared with the current data owner. IMPORTANT: it is your responsibility to verify the authenticity of the public key / update request\n * before calling this method: this method assumes the new public key for the concerned data owner is authentic.\n * @param update a keypair update request to the current data owner.\n */\n async applyKeyPairUpdate(update: KeyPairUpdateRequest) {\n await this.crypto.exchangeKeys.base.giveAccessBackTo(\n update.concernedDataOwnerId,\n update.newPublicKey,\n this.crypto.userKeysManager.getDecryptionKeys()\n )\n await this.crypto.exchangeData.giveAccessBackTo(update.concernedDataOwnerId, update.newPublicKey)\n }\n\n /**\n * @internal This method is intended only for internal use and may be changed without notice.\n * Creates the necessary maintenance tasks to request access to existing exchange keys with the new key pair for the current user.\n * @param user the user which owns the new key pair.\n * @param keypair a new key pair for the current user.\n * @param requestToOwnerTypes specifies the types of data owner that have shared data with the current data owner or which were given access to data\n * from the current data owner will receive a 'give access back' request. If not specified, the value be inferred from the current data owner type.\n */\n async createMaintenanceTasksForNewKeypair(user: User, keypair: KeyPair<CryptoKey>, requestToOwnerTypes?: DataOwnerTypeEnum[]): Promise<void> {\n const currentUserType = await this.dataOwnerApi.getCurrentDataOwnerType()\n if (!requestToOwnerTypes) {\n if (currentUserType === 'device') {\n console.warn('Current data owner is a device and there is no need to create maintenance tasks for updated keypair.')\n return\n } else {\n requestToOwnerTypes =\n currentUserType === DataOwnerTypeEnum.Patient ? [DataOwnerTypeEnum.Patient, DataOwnerTypeEnum.Hcp] : [DataOwnerTypeEnum.Hcp]\n }\n }\n const hexNewPubKey = ua2hex(await this.crypto.primitives.RSA.exportKey(keypair.publicKey, 'spki'))\n const hexNewPubKeyFp = hexNewPubKey.slice(-32)\n const selfId = await this.dataOwnerApi.getCurrentDataOwnerId()\n const requestDataOwnersForExchangeKeys = (await this.getExchangeKeysInfosOf(selfId, requestToOwnerTypes))\n .filter((info) => !info.fingerprints.has(hexNewPubKeyFp))\n .flatMap((info) => [info.delegate, info.delegator])\n .filter((dataOwner) => dataOwner !== selfId)\n const requestDataOwnersForExchangeData = await this.exchangeDataApi.getExchangeDataParticipantCounterparts(\n selfId,\n [...new Set(requestToOwnerTypes)].join(',')\n )\n const requestDataOwners = [...new Set([...requestDataOwnersForExchangeKeys, ...requestDataOwnersForExchangeData])]\n if (requestDataOwners.length > 0) {\n const tasksToCreate = requestDataOwners.map((dataOwner) => ({\n delegate: dataOwner,\n task: this.createMaintenanceTask(selfId, hexNewPubKey),\n }))\n for (const taskToCreate of tasksToCreate) {\n const instance = await this.tasksApi.newInstance(user, taskToCreate.task, {\n additionalDelegates: { [taskToCreate.delegate]: AccessLevelEnum.WRITE },\n })\n if (instance) {\n // TODO create in bulk\n await this.tasksApi.createMaintenanceTaskWithUser(user, instance)\n }\n }\n }\n }\n\n private async getExchangeKeysInfosOf(dataOwnerId: string, otherOwnerTypes: DataOwnerTypeEnum[]): Promise<ExchangeKeyInfo[]> {\n const allExchangeKeys = await this.crypto.exchangeKeys.base.getAllExchangeKeysWith(dataOwnerId, otherOwnerTypes)\n const infoTo = Object.entries(allExchangeKeys.keysToOwner).flatMap(([delegatorId, delegatorFpToKeys]) =>\n Object.values(delegatorFpToKeys).map((encryptedKeys) => ({\n delegator: delegatorId,\n delegate: dataOwnerId,\n fingerprints: new Set(Object.keys(encryptedKeys).map((x) => x.slice(-32))),\n }))\n )\n const infoFrom = Object.values(allExchangeKeys.keysFromOwner).flatMap((delegateIdToKeys) =>\n Object.entries(delegateIdToKeys).map(([delegateId, encryptedKeys]) => ({\n delegator: dataOwnerId,\n delegate: delegateId,\n fingerprints: new Set(Object.keys(encryptedKeys).map((x) => x.slice(-32))),\n }))\n )\n return [...infoFrom, ...infoTo]\n }\n\n private createMaintenanceTask(ownerId: string, concernedPubKey: string) {\n return new MaintenanceTask({\n id: this.crypto.primitives.randomUuid(),\n taskType: KeyPairUpdateRequest.TASK_TYPE,\n status: MaintenanceTask.StatusEnum.Pending,\n properties: [\n new PropertyStub({\n id: KeyPairUpdateRequest.OWNER_ID_PROP_ID,\n type: new PropertyTypeStub({ type: PropertyTypeStub.TypeEnum.STRING }),\n typedValue: new TypedValueObject({\n type: TypedValueObject.TypeEnum.STRING,\n stringValue: ownerId,\n }),\n }),\n new PropertyStub({\n id: KeyPairUpdateRequest.OWNER_PUB_PROP_ID,\n type: new PropertyTypeStub({ type: PropertyTypeStub.TypeEnum.STRING }),\n typedValue: new TypedValueObject({\n type: TypedValueObject.TypeEnum.STRING,\n stringValue: concernedPubKey,\n }),\n }),\n ],\n })\n }\n}\n"]}
|
|
1
|
+
{"version":3,"file":"icc-icure-maintenance-x-api.js","sourceRoot":"","sources":["../../icc-x-api/icc-icure-maintenance-x-api.ts"],"names":[],"mappings":";;;;;;;;;;;;AAEA,sEAAkE;AAClE,mCAAgC;AAChC,gEAA4D;AAC5D,wEAAoE;AACpE,wEAAoE;AAEpE,6EAAyE;AAGzE,wEAAoE;AAEpE,0EAAsE;AACtE,IAAO,eAAe,GAAG,mCAAgB,CAAC,eAAe,CAAA;AACzD,0CAA8C;AAI9C;;GAEG;AACH,MAAa,uBAAuB;IAClC,YACmB,MAAqB,EACrB,QAAgC,EAChC,YAA8B,EAC9B,eAAmC;QAHnC,WAAM,GAAN,MAAM,CAAe;QACrB,aAAQ,GAAR,QAAQ,CAAwB;QAChC,iBAAY,GAAZ,YAAY,CAAkB;QAC9B,oBAAe,GAAf,eAAe,CAAoB;IACnD,CAAC;IAEJ,iEAAiE;IAEjE;;;;;OAKG;IACG,kBAAkB,CAAC,MAA4B;;YACnD,MAAM,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,IAAI,CAAC,gBAAgB,CAClD,MAAM,CAAC,oBAAoB,EAC3B,MAAM,CAAC,YAAY,EACnB,IAAI,CAAC,MAAM,CAAC,eAAe,CAAC,iBAAiB,EAAE,CAChD,CAAA;YACD,MAAM,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,gBAAgB,CAAC,MAAM,CAAC,oBAAoB,EAAE,MAAM,CAAC,YAAY,CAAC,CAAA;QACnG,CAAC;KAAA;IAED;;;;;;;OAOG;IACG,mCAAmC,CAAC,IAAU,EAAE,OAA2B,EAAE,mBAAyC;;YAC1H,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,uBAAuB,EAAE,CAAA;YACzE,IAAI,CAAC,mBAAmB,EAAE;gBACxB,IAAI,eAAe,KAAK,QAAQ,EAAE;oBAChC,OAAO,CAAC,IAAI,CAAC,sGAAsG,CAAC,CAAA;oBACpH,OAAM;iBACP;qBAAM;oBACL,mBAAmB;wBACjB,eAAe,KAAK,qCAAiB,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,qCAAiB,CAAC,OAAO,EAAE,qCAAiB,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,qCAAiB,CAAC,GAAG,CAAC,CAAA;iBAC/H;aACF;YACD,MAAM,YAAY,GAAG,IAAA,cAAM,EAAC,MAAM,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,GAAG,CAAC,SAAS,CAAC,OAAO,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC,CAAA;YAClG,MAAM,cAAc,GAAG,IAAA,qBAAa,EAAC,YAAY,CAAC,CAAA;YAClD,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,qBAAqB,EAAE,CAAA;YAC9D,MAAM,gCAAgC,GAAG,CAAC,MAAM,IAAI,CAAC,sBAAsB,CAAC,MAAM,EAAE,mBAAmB,CAAC,CAAC;iBACtG,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;iBACxD,OAAO,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC;iBAClD,MAAM,CAAC,CAAC,SAAS,EAAE,EAAE,CAAC,SAAS,KAAK,MAAM,CAAC,CAAA;YAC9C,MAAM,gCAAgC,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,sCAAsC,CACxG,MAAM,EACN,CAAC,GAAG,IAAI,GAAG,CAAC,mBAAmB,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAC5C,CAAA;YACD,MAAM,iBAAiB,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC,CAAC,GAAG,gCAAgC,EAAE,GAAG,gCAAgC,CAAC,CAAC,CAAC,CAAA;YAClH,IAAI,iBAAiB,CAAC,MAAM,GAAG,CAAC,EAAE;gBAChC,MAAM,aAAa,GAAG,iBAAiB,CAAC,GAAG,CAAC,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC;oBAC1D,QAAQ,EAAE,SAAS;oBACnB,IAAI,EAAE,IAAI,CAAC,qBAAqB,CAAC,MAAM,EAAE,YAAY,CAAC;iBACvD,CAAC,CAAC,CAAA;gBACH,KAAK,MAAM,YAAY,IAAI,aAAa,EAAE;oBACxC,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,EAAE,YAAY,CAAC,IAAI,EAAE;wBACxE,mBAAmB,EAAE,EAAE,CAAC,YAAY,CAAC,QAAQ,CAAC,EAAE,eAAe,CAAC,KAAK,EAAE;qBACxE,CAAC,CAAA;oBACF,IAAI,QAAQ,EAAE;wBACZ,sBAAsB;wBACtB,MAAM,IAAI,CAAC,QAAQ,CAAC,6BAA6B,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAA;qBAClE;iBACF;aACF;QACH,CAAC;KAAA;IAEa,sBAAsB,CAAC,WAAmB,EAAE,eAAoC;;YAC5F,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,IAAI,CAAC,sBAAsB,CAAC,WAAW,EAAE,eAAe,CAAC,CAAA;YAChH,MAAM,MAAM,GAAG,MAAM,CAAC,OAAO,CAAC,eAAe,CAAC,WAAW,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,WAAW,EAAE,iBAAiB,CAAC,EAAE,EAAE,CACtG,MAAM,CAAC,MAAM,CAAC,iBAAiB,CAAC,CAAC,GAAG,CAAC,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC;gBACvD,SAAS,EAAE,WAAW;gBACtB,QAAQ,EAAE,WAAW;gBACrB,YAAY,EAAE,IAAI,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAA,qBAAa,EAAC,CAAC,CAAC,CAAC,CAAC;aAC/E,CAAC,CAAC,CACJ,CAAA;YACD,MAAM,QAAQ,GAAG,MAAM,CAAC,MAAM,CAAC,eAAe,CAAC,aAAa,CAAC,CAAC,OAAO,CAAC,CAAC,gBAAgB,EAAE,EAAE,CACzF,MAAM,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,UAAU,EAAE,aAAa,CAAC,EAAE,EAAE,CAAC,CAAC;gBACrE,SAAS,EAAE,WAAW;gBACtB,QAAQ,EAAE,UAAU;gBACpB,YAAY,EAAE,IAAI,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAA,qBAAa,EAAC,CAAC,CAAC,CAAC,CAAC;aAC/E,CAAC,CAAC,CACJ,CAAA;YACD,OAAO,CAAC,GAAG,QAAQ,EAAE,GAAG,MAAM,CAAC,CAAA;QACjC,CAAC;KAAA;IAEO,qBAAqB,CAAC,OAAe,EAAE,eAAuB;QACpE,OAAO,IAAI,iCAAe,CAAC;YACzB,EAAE,EAAE,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,UAAU,EAAE;YACvC,QAAQ,EAAE,2CAAoB,CAAC,SAAS;YACxC,MAAM,EAAE,iCAAe,CAAC,UAAU,CAAC,OAAO;YAC1C,UAAU,EAAE;gBACV,IAAI,2BAAY,CAAC;oBACf,EAAE,EAAE,2CAAoB,CAAC,gBAAgB;oBACzC,IAAI,EAAE,IAAI,mCAAgB,CAAC,EAAE,IAAI,EAAE,mCAAgB,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC;oBACtE,UAAU,EAAE,IAAI,mCAAgB,CAAC;wBAC/B,IAAI,EAAE,mCAAgB,CAAC,QAAQ,CAAC,MAAM;wBACtC,WAAW,EAAE,OAAO;qBACrB,CAAC;iBACH,CAAC;gBACF,IAAI,2BAAY,CAAC;oBACf,EAAE,EAAE,2CAAoB,CAAC,iBAAiB;oBAC1C,IAAI,EAAE,IAAI,mCAAgB,CAAC,EAAE,IAAI,EAAE,mCAAgB,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC;oBACtE,UAAU,EAAE,IAAI,mCAAgB,CAAC;wBAC/B,IAAI,EAAE,mCAAgB,CAAC,QAAQ,CAAC,MAAM;wBACtC,WAAW,EAAE,eAAe;qBAC7B,CAAC;iBACH,CAAC;aACH;SACF,CAAC,CAAA;IACJ,CAAC;CACF;AArHD,0DAqHC","sourcesContent":["import { KeyPair } from './crypto/RSA'\nimport { IccMaintenanceTaskXApi } from './icc-maintenance-task-x-api'\nimport { MaintenanceTask } from '../icc-api/model/MaintenanceTask'\nimport { ua2hex } from './utils'\nimport { PropertyStub } from '../icc-api/model/PropertyStub'\nimport { PropertyTypeStub } from '../icc-api/model/PropertyTypeStub'\nimport { TypedValueObject } from '../icc-api/model/TypedValueObject'\nimport { IccCryptoXApi } from './icc-crypto-x-api'\nimport { KeyPairUpdateRequest } from './maintenance/KeyPairUpdateRequest'\nimport { IccDataOwnerXApi } from './icc-data-owner-x-api'\nimport { User } from '../icc-api/model/User'\nimport { SecureDelegation } from '../icc-api/model/SecureDelegation'\nimport { IccExchangeDataApi } from '../icc-api/api/internal/IccExchangeDataApi'\nimport { DataOwnerTypeEnum } from '../icc-api/model/DataOwnerTypeEnum'\nimport AccessLevelEnum = SecureDelegation.AccessLevelEnum\nimport { fingerprintV1 } from './crypto/utils'\n\ntype ExchangeKeyInfo = { delegator: string; delegate: string; fingerprints: Set<string> }\n\n/**\n * Api for interpreting maintenance tasks and applying required client-side actions.\n */\nexport class IccIcureMaintenanceXApi {\n constructor(\n private readonly crypto: IccCryptoXApi,\n private readonly tasksApi: IccMaintenanceTaskXApi,\n private readonly dataOwnerApi: IccDataOwnerXApi,\n private readonly exchangeDataApi: IccExchangeDataApi\n ) {}\n\n // TODO api to get all tasks for current owner from owner with id\n\n /**\n * Applies a key pair update request between another data owner and the current data owner to allow the other data owner to access existing exchange\n * keys shared with the current data owner. IMPORTANT: it is your responsibility to verify the authenticity of the public key / update request\n * before calling this method: this method assumes the new public key for the concerned data owner is authentic.\n * @param update a keypair update request to the current data owner.\n */\n async applyKeyPairUpdate(update: KeyPairUpdateRequest) {\n await this.crypto.exchangeKeys.base.giveAccessBackTo(\n update.concernedDataOwnerId,\n update.newPublicKey,\n this.crypto.userKeysManager.getDecryptionKeys()\n )\n await this.crypto.exchangeData.giveAccessBackTo(update.concernedDataOwnerId, update.newPublicKey)\n }\n\n /**\n * @internal This method is intended only for internal use and may be changed without notice.\n * Creates the necessary maintenance tasks to request access to existing exchange keys with the new key pair for the current user.\n * @param user the user which owns the new key pair.\n * @param keypair a new key pair for the current user.\n * @param requestToOwnerTypes specifies the types of data owner that have shared data with the current data owner or which were given access to data\n * from the current data owner will receive a 'give access back' request. If not specified, the value be inferred from the current data owner type.\n */\n async createMaintenanceTasksForNewKeypair(user: User, keypair: KeyPair<CryptoKey>, requestToOwnerTypes?: DataOwnerTypeEnum[]): Promise<void> {\n const currentUserType = await this.dataOwnerApi.getCurrentDataOwnerType()\n if (!requestToOwnerTypes) {\n if (currentUserType === 'device') {\n console.warn('Current data owner is a device and there is no need to create maintenance tasks for updated keypair.')\n return\n } else {\n requestToOwnerTypes =\n currentUserType === DataOwnerTypeEnum.Patient ? [DataOwnerTypeEnum.Patient, DataOwnerTypeEnum.Hcp] : [DataOwnerTypeEnum.Hcp]\n }\n }\n const hexNewPubKey = ua2hex(await this.crypto.primitives.RSA.exportKey(keypair.publicKey, 'spki'))\n const hexNewPubKeyFp = fingerprintV1(hexNewPubKey)\n const selfId = await this.dataOwnerApi.getCurrentDataOwnerId()\n const requestDataOwnersForExchangeKeys = (await this.getExchangeKeysInfosOf(selfId, requestToOwnerTypes))\n .filter((info) => !info.fingerprints.has(hexNewPubKeyFp))\n .flatMap((info) => [info.delegate, info.delegator])\n .filter((dataOwner) => dataOwner !== selfId)\n const requestDataOwnersForExchangeData = await this.exchangeDataApi.getExchangeDataParticipantCounterparts(\n selfId,\n [...new Set(requestToOwnerTypes)].join(',')\n )\n const requestDataOwners = [...new Set([...requestDataOwnersForExchangeKeys, ...requestDataOwnersForExchangeData])]\n if (requestDataOwners.length > 0) {\n const tasksToCreate = requestDataOwners.map((dataOwner) => ({\n delegate: dataOwner,\n task: this.createMaintenanceTask(selfId, hexNewPubKey),\n }))\n for (const taskToCreate of tasksToCreate) {\n const instance = await this.tasksApi.newInstance(user, taskToCreate.task, {\n additionalDelegates: { [taskToCreate.delegate]: AccessLevelEnum.WRITE },\n })\n if (instance) {\n // TODO create in bulk\n await this.tasksApi.createMaintenanceTaskWithUser(user, instance)\n }\n }\n }\n }\n\n private async getExchangeKeysInfosOf(dataOwnerId: string, otherOwnerTypes: DataOwnerTypeEnum[]): Promise<ExchangeKeyInfo[]> {\n const allExchangeKeys = await this.crypto.exchangeKeys.base.getAllExchangeKeysWith(dataOwnerId, otherOwnerTypes)\n const infoTo = Object.entries(allExchangeKeys.keysToOwner).flatMap(([delegatorId, delegatorFpToKeys]) =>\n Object.values(delegatorFpToKeys).map((encryptedKeys) => ({\n delegator: delegatorId,\n delegate: dataOwnerId,\n fingerprints: new Set(Object.keys(encryptedKeys).map((x) => fingerprintV1(x))),\n }))\n )\n const infoFrom = Object.values(allExchangeKeys.keysFromOwner).flatMap((delegateIdToKeys) =>\n Object.entries(delegateIdToKeys).map(([delegateId, encryptedKeys]) => ({\n delegator: dataOwnerId,\n delegate: delegateId,\n fingerprints: new Set(Object.keys(encryptedKeys).map((x) => fingerprintV1(x))),\n }))\n )\n return [...infoFrom, ...infoTo]\n }\n\n private createMaintenanceTask(ownerId: string, concernedPubKey: string) {\n return new MaintenanceTask({\n id: this.crypto.primitives.randomUuid(),\n taskType: KeyPairUpdateRequest.TASK_TYPE,\n status: MaintenanceTask.StatusEnum.Pending,\n properties: [\n new PropertyStub({\n id: KeyPairUpdateRequest.OWNER_ID_PROP_ID,\n type: new PropertyTypeStub({ type: PropertyTypeStub.TypeEnum.STRING }),\n typedValue: new TypedValueObject({\n type: TypedValueObject.TypeEnum.STRING,\n stringValue: ownerId,\n }),\n }),\n new PropertyStub({\n id: KeyPairUpdateRequest.OWNER_PUB_PROP_ID,\n type: new PropertyTypeStub({ type: PropertyTypeStub.TypeEnum.STRING }),\n typedValue: new TypedValueObject({\n type: TypedValueObject.TypeEnum.STRING,\n stringValue: concernedPubKey,\n }),\n }),\n ],\n })\n }\n}\n"]}
|
|
@@ -10,6 +10,7 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
|
|
|
10
10
|
};
|
|
11
11
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
12
12
|
exports.IcureStorageFacade = void 0;
|
|
13
|
+
const utils_1 = require("../crypto/utils");
|
|
13
14
|
/**
|
|
14
15
|
* @internal This class is meant for internal use only and may be changed without notice.
|
|
15
16
|
* Simplifies access to the storage facades for iCure-specific data storage.
|
|
@@ -46,7 +47,9 @@ class IcureStorageFacade {
|
|
|
46
47
|
loadKey(dataOwnerId, publicKeyFingerprint, legacyPublicKey) {
|
|
47
48
|
var _a, _b;
|
|
48
49
|
return __awaiter(this, void 0, void 0, function* () {
|
|
49
|
-
const deviceKey = (_b = (_a = (yield this.keys.getKeypair(this.entryFor.deviceKeypairOfDataOwner(dataOwnerId, publicKeyFingerprint)))) !== null && _a !== void 0 ? _a : (yield this.keys.getKeypair(`org.taktik.icure.rsa.${dataOwnerId}.${publicKeyFingerprint}`))) !== null && _b !== void 0 ? _b : (
|
|
50
|
+
const deviceKey = (_b = (_a = (yield this.keys.getKeypair(this.entryFor.deviceKeypairOfDataOwner(dataOwnerId, publicKeyFingerprint)))) !== null && _a !== void 0 ? _a : (yield this.keys.getKeypair(`org.taktik.icure.rsa.${dataOwnerId}.${publicKeyFingerprint}`))) !== null && _b !== void 0 ? _b : (!!legacyPublicKey && (0, utils_1.fingerprintV1)(legacyPublicKey) === publicKeyFingerprint
|
|
51
|
+
? yield this.keys.getKeypair(`org.taktik.icure.rsa.${dataOwnerId}`)
|
|
52
|
+
: undefined);
|
|
50
53
|
if (deviceKey)
|
|
51
54
|
return { pair: deviceKey, isDevice: true };
|
|
52
55
|
const cachedKey = yield this.keys.getKeypair(this.entryFor.cachedRecoveredKeypairOfDataOwner(dataOwnerId, publicKeyFingerprint));
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"IcureStorageFacade.js","sourceRoot":"","sources":["../../../icc-x-api/storage/IcureStorageFacade.ts"],"names":[],"mappings":";;;;;;;;;;;;
|
|
1
|
+
{"version":3,"file":"IcureStorageFacade.js","sourceRoot":"","sources":["../../../icc-x-api/storage/IcureStorageFacade.ts"],"names":[],"mappings":";;;;;;;;;;;;AAIA,2CAA+C;AAE/C;;;GAGG;AACH,MAAa,kBAAkB;IAK7B,YAAY,UAA4B,EAAE,OAA8B,EAAE,gBAAyC;QACjH,IAAI,CAAC,IAAI,GAAG,UAAU,CAAA;QACtB,IAAI,CAAC,IAAI,GAAG,OAAO,CAAA;QACnB,IAAI,CAAC,QAAQ,GAAG,gBAAgB,CAAA;IAClC,CAAC;IAED;;;;;;OAMG;IACG,OAAO,CAAC,WAAmB,EAAE,oBAA4B,EAAE,OAA4B,EAAE,QAAiB;;YAC9G,MAAM,GAAG,GAAG,QAAQ;gBAClB,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,wBAAwB,CAAC,WAAW,EAAE,oBAAoB,CAAC;gBAC3E,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,iCAAiC,CAAC,WAAW,EAAE,oBAAoB,CAAC,CAAA;YACtF,MAAM,IAAI,CAAC,IAAI,CAAC,YAAY,CAAC,GAAG,EAAE,OAAO,CAAC,CAAA;QAC5C,CAAC;KAAA;IAED;;;;;;;OAOG;IACG,OAAO,CACX,WAAmB,EACnB,oBAA4B,EAC5B,eAAmC;;;YAEnC,MAAM,SAAS,GACb,MAAA,MAAA,CAAC,MAAM,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,QAAQ,CAAC,wBAAwB,CAAC,WAAW,EAAE,oBAAoB,CAAC,CAAC,CAAC,mCACvG,CAAC,MAAM,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,wBAAwB,WAAW,IAAI,oBAAoB,EAAE,CAAC,CAAC,mCAC3F,CAAC,CAAC,CAAC,eAAe,IAAI,IAAA,qBAAa,EAAC,eAAe,CAAC,KAAK,oBAAoB;gBAC3E,CAAC,CAAC,MAAM,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,wBAAwB,WAAW,EAAE,CAAC;gBACnE,CAAC,CAAC,SAAS,CAAC,CAAA;YAChB,IAAI,SAAS;gBAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAA;YACzD,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,QAAQ,CAAC,iCAAiC,CAAC,WAAW,EAAE,oBAAoB,CAAC,CAAC,CAAA;YAChI,IAAI,SAAS;gBAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAA;YAC1D,OAAO,SAAS,CAAA;;KACjB;IAED;;;;;;OAMG;IACG,oBAAoB,CACxB,WAAmB,EACnB,mBAA0D;;YAE1D,MAAM,OAAO,mCACR,CAAC,MAAM,IAAI,CAAC,oBAAoB,CAAC,WAAW,CAAC,CAAC,GAC9C,mBAAmB,CACvB,CAAA;YACD,MAAM,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,2CAA2C,CAAC,WAAW,CAAC,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,CAAA;YACxH,OAAO,OAAO,CAAA;QAChB,CAAC;KAAA;IAED;;;;;;OAMG;IACG,oBAAoB,CAAC,WAAmB;;YAC5C,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,2CAA2C,CAAC,WAAW,CAAC,CAAC,CAAA;YAClH,IAAI,UAAU,EAAE;gBACd,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,CAAA;gBACrC,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE;oBACxC,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC,KAAK,KAAK;wBAAE,MAAM,IAAI,KAAK,CAAC,oBAAoB,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;gBAC9E,CAAC,CAAC,CAAA;gBACF,OAAO,MAAM,CAAA;aACd;;gBAAM,OAAO,EAAE,CAAA;QAClB,CAAC;KAAA;IAED;;;;;OAKG;IACG,oBAAoB,CAAC,WAAmB,EAAE,oBAA4B,EAAE,OAA4B;;YACxG,MAAM,IAAI,CAAC,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,QAAQ,CAAC,wBAAwB,CAAC,WAAW,CAAC,EAAE,OAAO,CAAC,CAAA;YAC1F,MAAM,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,QAAQ,CAAC,oCAAoC,CAAC,WAAW,EAAE,oBAAoB,CAAC,EAAE,OAAO,CAAC,SAAS,CAAC,CAAA;QAC1I,CAAC;KAAA;IAED;;;;OAIG;IACG,gBAAgB,CAAC,WAAmB;;YACxC,OAAO,MAAM,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,QAAQ,CAAC,wBAAwB,CAAC,WAAW,CAAC,CAAC,CAAA;QACxF,CAAC;KAAA;IAED;;;;;OAKG;IACG,4BAA4B,CAAC,WAAmB,EAAE,oBAA4B;;YAClF,OAAO,MAAM,IAAI,CAAC,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,QAAQ,CAAC,oCAAoC,CAAC,WAAW,EAAE,oBAAoB,CAAC,CAAC,CAAA;QAC5H,CAAC;KAAA;CACF;AApHD,gDAoHC","sourcesContent":["import { KeyStorageFacade } from './KeyStorageFacade'\nimport { StorageFacade } from './StorageFacade'\nimport { StorageEntryKeysFactory } from './StorageEntryKeysFactory'\nimport { KeyPair } from '../crypto/RSA'\nimport { fingerprintV1 } from '../crypto/utils'\n\n/**\n * @internal This class is meant for internal use only and may be changed without notice.\n * Simplifies access to the storage facades for iCure-specific data storage.\n */\nexport class IcureStorageFacade {\n private readonly keys: KeyStorageFacade\n private readonly data: StorageFacade<string>\n private readonly entryFor: StorageEntryKeysFactory\n\n constructor(keyStorage: KeyStorageFacade, storage: StorageFacade<string>, entryKeysFactory: StorageEntryKeysFactory) {\n this.keys = keyStorage\n this.data = storage\n this.entryFor = entryKeysFactory\n }\n\n /**\n * Saves a key pair for the data owner.\n * @param dataOwnerId id of the data owner with the key.\n * @param publicKeyFingerprint fingerprint of the public key of the pair.\n * @param keyPair a key pair of the data owner.\n * @param isDevice true if the key was generated on this device.\n */\n async saveKey(dataOwnerId: string, publicKeyFingerprint: string, keyPair: KeyPair<JsonWebKey>, isDevice: boolean): Promise<void> {\n const key = isDevice\n ? this.entryFor.deviceKeypairOfDataOwner(dataOwnerId, publicKeyFingerprint)\n : this.entryFor.cachedRecoveredKeypairOfDataOwner(dataOwnerId, publicKeyFingerprint)\n await this.keys.storeKeyPair(key, keyPair)\n }\n\n /**\n * Get an existing key pair for the data owner.\n * @param dataOwnerId id of the data owner with the key.\n * @param publicKeyFingerprint fingerprint of a public key of the data owner.\n * @param legacyPublicKey the legacy public key of the data owner, if present (only used to know if we should search for the key in 'legacy' storage\n * locations.\n * @return the keypair and if the key was generated on this device or undefined if the key pair could not be found.\n */\n async loadKey(\n dataOwnerId: string,\n publicKeyFingerprint: string,\n legacyPublicKey: string | undefined\n ): Promise<{ pair: KeyPair<JsonWebKey>; isDevice: boolean } | undefined> {\n const deviceKey =\n (await this.keys.getKeypair(this.entryFor.deviceKeypairOfDataOwner(dataOwnerId, publicKeyFingerprint))) ??\n (await this.keys.getKeypair(`org.taktik.icure.rsa.${dataOwnerId}.${publicKeyFingerprint}`)) ??\n (!!legacyPublicKey && fingerprintV1(legacyPublicKey) === publicKeyFingerprint\n ? await this.keys.getKeypair(`org.taktik.icure.rsa.${dataOwnerId}`)\n : undefined)\n if (deviceKey) return { pair: deviceKey, isDevice: true }\n const cachedKey = await this.keys.getKeypair(this.entryFor.cachedRecoveredKeypairOfDataOwner(dataOwnerId, publicKeyFingerprint))\n if (cachedKey) return { pair: cachedKey, isDevice: false }\n return undefined\n }\n\n /**\n * Save the results of public key verification. If there were already results stored the entries will be merged. In case of conflicts the new\n * {@link verificationDetails} take priority over the stored data.\n * @param dataOwnerId id of a data owner.\n * @param verificationDetails results of verification, associates key fingerprints to true if they were verified by the user or false otherwise.\n * @return the updated keys\n */\n async saveSelfVerifiedKeys(\n dataOwnerId: string,\n verificationDetails: { [keyFingerprint: string]: boolean }\n ): Promise<{ [keyFingerprint: string]: boolean }> {\n const updated = {\n ...(await this.loadSelfVerifiedKeys(dataOwnerId)),\n ...verificationDetails,\n }\n await this.data.setItem(this.entryFor.selfPublicKeysVerificationCacheForDataOwner(dataOwnerId), JSON.stringify(updated))\n return updated\n }\n\n /**\n * Get the last saved results of public key verification.\n * @param dataOwnerId id of a data owner.\n * @return saved results of verification, associates key fingerprints to true if they were verified by the user or false otherwise. If no results\n * were saved returns an empty object instead.\n * @throws if the stored results are not in a valid format.\n */\n async loadSelfVerifiedKeys(dataOwnerId: string): Promise<{ [keyFingerprint: string]: boolean }> {\n const dataString = await this.data.getItem(this.entryFor.selfPublicKeysVerificationCacheForDataOwner(dataOwnerId))\n if (dataString) {\n const parsed = JSON.parse(dataString)\n Object.entries(parsed).forEach(([k, v]) => {\n if (v !== true && v !== false) throw new Error(`Unexpected entry ${k}:${v}`)\n })\n return parsed\n } else return {}\n }\n\n /**\n * Saves a signature and verification key pair. Overrides previously saved signature keys (but keeps signature verification keys).\n * @param dataOwnerId id of the data owner with the key.\n * @param publicKeyFingerprint fingerprint of the public key of the pair.\n * @param keyPair the key pair to save.\n */\n async saveSignatureKeyPair(dataOwnerId: string, publicKeyFingerprint: string, keyPair: KeyPair<JsonWebKey>): Promise<void> {\n await this.keys.storeKeyPair(this.entryFor.signatureKeyForDataOwner(dataOwnerId), keyPair)\n await this.keys.storePublicKey(this.entryFor.signatureVerificationKeyForDataOwner(dataOwnerId, publicKeyFingerprint), keyPair.publicKey)\n }\n\n /**\n * Loads the signature key for the data owner.\n * @param dataOwnerId id of the data owner with the key.\n * @return the signature key for the data owner or undefined if there is no signature key stored.\n */\n async loadSignatureKey(dataOwnerId: string): Promise<KeyPair<JsonWebKey> | undefined> {\n return await this.keys.getKeypair(this.entryFor.signatureKeyForDataOwner(dataOwnerId))\n }\n\n /**\n * Loads the signature verification key for a data owner with the provided fingerprint.\n * @param dataOwnerId id of the data owner with the key.\n * @param publicKeyFingerprint fingerprint of the verification key.\n * @return the requested signature verification key or undefined if the key could not be found.\n */\n async loadSignatureVerificationKey(dataOwnerId: string, publicKeyFingerprint: string): Promise<JsonWebKey | undefined> {\n return await this.keys.getPublicKey(this.entryFor.signatureVerificationKeyForDataOwner(dataOwnerId, publicKeyFingerprint))\n }\n}\n"]}
|