@icure/api 8.1.4 → 8.1.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -26,7 +26,7 @@ class ExchangeKeysManager {
26
26
  this.keyManager = keyManager;
27
27
  this.baseExchangeKeysManager = baseExchangeKeysManager;
28
28
  this.dataOwnerApi = dataOwnerApi;
29
- this.cache = {};
29
+ this.cache = Promise.reject(new Error('Cache not initialized'));
30
30
  }
31
31
  /**
32
32
  * Get all keys currently available for a delegator-delegate pair. At least one of the two data owners must be part of the hierarchy for the current
@@ -39,14 +39,15 @@ class ExchangeKeysManager {
39
39
  getDecryptionExchangeKeysFor(delegatorId, delegateId) {
40
40
  var _a;
41
41
  return __awaiter(this, void 0, void 0, function* () {
42
- const entry = (_a = this.cache[delegatorId]) === null || _a === void 0 ? void 0 : _a[delegateId];
42
+ const cache = yield this.cache;
43
+ const entry = (_a = cache[delegatorId]) === null || _a === void 0 ? void 0 : _a[delegateId];
43
44
  if (entry != undefined) {
44
45
  if ('decrypted' in entry) {
45
46
  return yield entry.decrypted;
46
47
  }
47
48
  else {
48
49
  const decryptedPromise = this.decryptChunk(entry.encrypted);
49
- this.cache[delegatorId][delegateId] = { decrypted: decryptedPromise };
50
+ cache[delegatorId][delegateId] = { decrypted: decryptedPromise };
50
51
  return yield decryptedPromise;
51
52
  }
52
53
  }
@@ -65,6 +66,11 @@ class ExchangeKeysManager {
65
66
  * Reloads all exchange keys for the cache.
66
67
  */
67
68
  reloadCache() {
69
+ return __awaiter(this, void 0, void 0, function* () {
70
+ this.cache = this.doGetCache();
71
+ });
72
+ }
73
+ doGetCache() {
68
74
  return __awaiter(this, void 0, void 0, function* () {
69
75
  const hierarchy = yield this.dataOwnerApi.getCurrentDataOwnerHierarchyIds();
70
76
  const encryptedKeysDataByHierarchyMember = Object.fromEntries(yield Promise.all(hierarchy.map((doId) => this.base.getAllExchangeKeysWith(doId, null).then((res) => [doId, res]))));
@@ -94,7 +100,7 @@ class ExchangeKeysManager {
94
100
  }
95
101
  }
96
102
  }
97
- this.cache = encryptedKeys;
103
+ return encryptedKeys;
98
104
  });
99
105
  }
100
106
  }
@@ -1 +1 @@
1
- {"version":3,"file":"ExchangeKeysManager.js","sourceRoot":"","sources":["../../../icc-x-api/crypto/ExchangeKeysManager.ts"],"names":[],"mappings":";;;;;;;;;;;;AAgBA;;;;;;;GAOG;AACH,MAAa,mBAAmB;IAG9B,IAAI,IAAI;QACN,OAAO,IAAI,CAAC,uBAAuB,CAAA;IACrC,CAAC;IAED,YACmB,UAAqC,EACrC,uBAAgD,EAChD,YAA8B;QAF9B,eAAU,GAAV,UAAU,CAA2B;QACrC,4BAAuB,GAAvB,uBAAuB,CAAyB;QAChD,iBAAY,GAAZ,YAAY,CAAkB;QATzC,UAAK,GAAgE,EAAE,CAAA;IAU5E,CAAC;IAEJ;;;;;;;OAOG;IACG,4BAA4B,CAAC,WAAmB,EAAE,UAAkB;;;YACxE,MAAM,KAAK,GAAG,MAAA,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,0CAAG,UAAU,CAAC,CAAA;YACnD,IAAI,KAAK,IAAI,SAAS,EAAE;gBACtB,IAAI,WAAW,IAAI,KAAK,EAAE;oBACxB,OAAO,MAAM,KAAK,CAAC,SAAS,CAAA;iBAC7B;qBAAM;oBACL,MAAM,gBAAgB,GAAG,IAAI,CAAC,YAAY,CAAC,KAAK,CAAC,SAAS,CAAC,CAAA;oBAC3D,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC,UAAU,CAAC,GAAG,EAAE,SAAS,EAAE,gBAAgB,EAAE,CAAA;oBACrE,OAAO,MAAM,gBAAgB,CAAA;iBAC9B;aACF;iBAAM;gBACL,OAAO,EAAE,CAAA;aACV;;KACF;IAEa,YAAY,CAAC,aAAyC;;YAClE,MAAM,cAAc,GAAG,IAAI,CAAC,UAAU,CAAC,iBAAiB,EAAE,CAAA;YAC1D,OAAO,CAAC,MAAM,IAAI,CAAC,IAAI,CAAC,sBAAsB,CAAC,aAAa,EAAE,cAAc,CAAC,CAAC,CAAC,qBAAqB,CAAA;QACtG,CAAC;KAAA;IAED;;OAEG;IACG,WAAW;;YACf,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,+BAA+B,EAAE,CAAA;YAC3E,MAAM,kCAAkC,GAAG,MAAM,CAAC,WAAW,CAC3D,MAAM,OAAO,CAAC,GAAG,CACf,SAAS,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CACrB,IAAI,CAAC,IAAI,CAAC,sBAAsB,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC,IAAI,CAC/C,CACE,GAAG,EAOH,EAAE,CAAC,CAAC,IAAI,EAAE,GAAG,CAAC,CACjB,CACF,CACF,CACF,CAAA;YACD,MAAM,aAAa,GAAkG,EAAE,CAAA;YACvH,KAAK,MAAM,CAAC,SAAS,EAAE,IAAI,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,kCAAkC,CAAC,EAAE;gBAClF,KAAK,MAAM,CAAC,SAAS,EAAE,sBAAsB,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE;oBAClF,IAAI,CAAC,aAAa,CAAC,SAAS,CAAC,EAAE;wBAC7B,aAAa,CAAC,SAAS,CAAC,GAAG,EAAE,CAAA;qBAC9B;oBACD,IAAI,CAAC,aAAa,CAAC,SAAS,CAAC,CAAC,SAAS,CAAC,EAAE;wBACxC,aAAa,CAAC,SAAS,CAAC,CAAC,SAAS,CAAC,GAAG,EAAE,SAAS,EAAE,EAAE,EAAE,CAAA;qBACxD;oBACD,MAAM,wBAAwB,GAAG,aAAa,CAAC,SAAS,CAAC,CAAC,SAAS,CAAC,CAAA;oBACpE,KAAK,MAAM,gBAAgB,IAAI,MAAM,CAAC,MAAM,CAAC,sBAAsB,CAAC,EAAE;wBACpE,wBAAwB,CAAC,SAAS,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAA;qBAC1D;iBACF;gBACD,KAAK,MAAM,qBAAqB,IAAI,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,EAAE;oBACrE,KAAK,MAAM,CAAC,QAAQ,EAAE,gBAAgB,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,qBAAqB,CAAC,EAAE;wBAChF,IAAI,CAAC,aAAa,CAAC,SAAS,CAAC,EAAE;4BAC7B,aAAa,CAAC,SAAS,CAAC,GAAG,EAAE,CAAA;yBAC9B;wBACD,IAAI,CAAC,aAAa,CAAC,SAAS,CAAC,CAAC,QAAQ,CAAC,EAAE;4BACvC,aAAa,CAAC,SAAS,CAAC,CAAC,QAAQ,CAAC,GAAG,EAAE,SAAS,EAAE,EAAE,EAAE,CAAA;yBACvD;wBACD,aAAa,CAAC,SAAS,CAAC,CAAC,QAAQ,CAAC,CAAC,SAAS,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAA;qBACpE;iBACF;aACF;YACD,IAAI,CAAC,KAAK,GAAG,aAAa,CAAA;QAC5B,CAAC;KAAA;CACF;AA3FD,kDA2FC","sourcesContent":["import { UserEncryptionKeysManager } from './UserEncryptionKeysManager'\nimport { BaseExchangeKeysManager } from './BaseExchangeKeysManager'\nimport { IccDataOwnerXApi } from '../icc-data-owner-x-api'\nimport { CryptoPrimitives } from './CryptoPrimitives'\nimport { CryptoStrategies } from './CryptoStrategies'\nimport { IcureStorageFacade } from '../storage/IcureStorageFacade'\nimport { DataOwnerTypeEnum } from '../../icc-api/model/DataOwnerTypeEnum'\n\ntype CacheValue =\n | {\n encrypted: { [fp: string]: string }[]\n }\n | {\n decrypted: Promise<CryptoKey[]>\n }\n\n/**\n * @internal This class is meant only for internal use and may be changed without notice.\n * More powerful version of {@link BaseExchangeKeysManager} with a simplified interface. Has the following functionalities:\n * - Caches results\n * - Automatically creates new exchange keys if none is available\n * - Automatically choose the public keys to use during the creation of new exchange keys\n * - Automatically retrieves the private keys to use during decryption.\n */\nexport class ExchangeKeysManager {\n private cache: { [delegator: string]: { [delegate: string]: CacheValue } } = {}\n\n get base(): BaseExchangeKeysManager {\n return this.baseExchangeKeysManager\n }\n\n constructor(\n private readonly keyManager: UserEncryptionKeysManager,\n private readonly baseExchangeKeysManager: BaseExchangeKeysManager,\n private readonly dataOwnerApi: IccDataOwnerXApi\n ) {}\n\n /**\n * Get all keys currently available for a delegator-delegate pair. At least one of the two data owners must be part of the hierarchy for the current\n * data owner.\n * @param delegatorId id of a delegator\n * @param delegateId id of a delegate\n * @throws if neither the delegator nor the delegate is part of the hierarchy of the current data owner.\n * @return all available exchange keys from the delegator-delegate pair.\n */\n async getDecryptionExchangeKeysFor(delegatorId: string, delegateId: string): Promise<CryptoKey[]> {\n const entry = this.cache[delegatorId]?.[delegateId]\n if (entry != undefined) {\n if ('decrypted' in entry) {\n return await entry.decrypted\n } else {\n const decryptedPromise = this.decryptChunk(entry.encrypted)\n this.cache[delegatorId][delegateId] = { decrypted: decryptedPromise }\n return await decryptedPromise\n }\n } else {\n return []\n }\n }\n\n private async decryptChunk(encryptedKeys: { [fp: string]: string }[]): Promise<CryptoKey[]> {\n const decryptionKeys = this.keyManager.getDecryptionKeys()\n return (await this.base.tryDecryptExchangeKeys(encryptedKeys, decryptionKeys)).successfulDecryptions\n }\n\n /**\n * Reloads all exchange keys for the cache.\n */\n async reloadCache(): Promise<void> {\n const hierarchy = await this.dataOwnerApi.getCurrentDataOwnerHierarchyIds()\n const encryptedKeysDataByHierarchyMember = Object.fromEntries(\n await Promise.all(\n hierarchy.map((doId) =>\n this.base.getAllExchangeKeysWith(doId, null).then(\n (\n res\n ): [\n string,\n {\n keysToOwner: { [p: string]: { [p: string]: { [p: string]: string } } }\n keysFromOwner: { [p: string]: { [p: string]: { [p: string]: string } } }\n }\n ] => [doId, res]\n )\n )\n )\n )\n const encryptedKeys: { [delegator: string]: { [delegate: string]: { encrypted: { [pubFp: string]: string }[] } } } = {}\n for (const [dataOwner, info] of Object.entries(encryptedKeysDataByHierarchyMember)) {\n for (const [delegator, encryptedByDelegatorFp] of Object.entries(info.keysToOwner)) {\n if (!encryptedKeys[delegator]) {\n encryptedKeys[delegator] = {}\n }\n if (!encryptedKeys[delegator][dataOwner]) {\n encryptedKeys[delegator][dataOwner] = { encrypted: [] }\n }\n const keysForDelegatorDelegate = encryptedKeys[delegator][dataOwner]\n for (const encryptedEntries of Object.values(encryptedByDelegatorFp)) {\n keysForDelegatorDelegate.encrypted.push(encryptedEntries)\n }\n }\n for (const encryptedByDelegateId of Object.values(info.keysFromOwner)) {\n for (const [delegate, encryptedEntries] of Object.entries(encryptedByDelegateId)) {\n if (!encryptedKeys[dataOwner]) {\n encryptedKeys[dataOwner] = {}\n }\n if (!encryptedKeys[dataOwner][delegate]) {\n encryptedKeys[dataOwner][delegate] = { encrypted: [] }\n }\n encryptedKeys[dataOwner][delegate].encrypted.push(encryptedEntries)\n }\n }\n }\n this.cache = encryptedKeys\n }\n}\n"]}
1
+ {"version":3,"file":"ExchangeKeysManager.js","sourceRoot":"","sources":["../../../icc-x-api/crypto/ExchangeKeysManager.ts"],"names":[],"mappings":";;;;;;;;;;;;AAgBA;;;;;;;GAOG;AACH,MAAa,mBAAmB;IAG9B,IAAI,IAAI;QACN,OAAO,IAAI,CAAC,uBAAuB,CAAA;IACrC,CAAC;IAED,YACmB,UAAqC,EACrC,uBAAgD,EAChD,YAA8B;QAF9B,eAAU,GAAV,UAAU,CAA2B;QACrC,4BAAuB,GAAvB,uBAAuB,CAAyB;QAChD,iBAAY,GAAZ,YAAY,CAAkB;QATzC,UAAK,GAAyE,OAAO,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAC,CAAA;IAUrI,CAAC;IAEJ;;;;;;;OAOG;IACG,4BAA4B,CAAC,WAAmB,EAAE,UAAkB;;;YACxE,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,KAAK,CAAA;YAC9B,MAAM,KAAK,GAAG,MAAA,KAAK,CAAC,WAAW,CAAC,0CAAG,UAAU,CAAC,CAAA;YAC9C,IAAI,KAAK,IAAI,SAAS,EAAE;gBACtB,IAAI,WAAW,IAAI,KAAK,EAAE;oBACxB,OAAO,MAAM,KAAK,CAAC,SAAS,CAAA;iBAC7B;qBAAM;oBACL,MAAM,gBAAgB,GAAG,IAAI,CAAC,YAAY,CAAC,KAAK,CAAC,SAAS,CAAC,CAAA;oBAC3D,KAAK,CAAC,WAAW,CAAC,CAAC,UAAU,CAAC,GAAG,EAAE,SAAS,EAAE,gBAAgB,EAAE,CAAA;oBAChE,OAAO,MAAM,gBAAgB,CAAA;iBAC9B;aACF;iBAAM;gBACL,OAAO,EAAE,CAAA;aACV;;KACF;IAEa,YAAY,CAAC,aAAyC;;YAClE,MAAM,cAAc,GAAG,IAAI,CAAC,UAAU,CAAC,iBAAiB,EAAE,CAAA;YAC1D,OAAO,CAAC,MAAM,IAAI,CAAC,IAAI,CAAC,sBAAsB,CAAC,aAAa,EAAE,cAAc,CAAC,CAAC,CAAC,qBAAqB,CAAA;QACtG,CAAC;KAAA;IAED;;OAEG;IACG,WAAW;;YACf,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,UAAU,EAAE,CAAA;QAChC,CAAC;KAAA;IAEa,UAAU;;YACtB,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,+BAA+B,EAAE,CAAA;YAC3E,MAAM,kCAAkC,GAAG,MAAM,CAAC,WAAW,CAC3D,MAAM,OAAO,CAAC,GAAG,CACf,SAAS,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CACrB,IAAI,CAAC,IAAI,CAAC,sBAAsB,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC,IAAI,CAC/C,CACE,GAAG,EAOH,EAAE,CAAC,CAAC,IAAI,EAAE,GAAG,CAAC,CACjB,CACF,CACF,CACF,CAAA;YACD,MAAM,aAAa,GAAkG,EAAE,CAAA;YACvH,KAAK,MAAM,CAAC,SAAS,EAAE,IAAI,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,kCAAkC,CAAC,EAAE;gBAClF,KAAK,MAAM,CAAC,SAAS,EAAE,sBAAsB,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE;oBAClF,IAAI,CAAC,aAAa,CAAC,SAAS,CAAC,EAAE;wBAC7B,aAAa,CAAC,SAAS,CAAC,GAAG,EAAE,CAAA;qBAC9B;oBACD,IAAI,CAAC,aAAa,CAAC,SAAS,CAAC,CAAC,SAAS,CAAC,EAAE;wBACxC,aAAa,CAAC,SAAS,CAAC,CAAC,SAAS,CAAC,GAAG,EAAE,SAAS,EAAE,EAAE,EAAE,CAAA;qBACxD;oBACD,MAAM,wBAAwB,GAAG,aAAa,CAAC,SAAS,CAAC,CAAC,SAAS,CAAC,CAAA;oBACpE,KAAK,MAAM,gBAAgB,IAAI,MAAM,CAAC,MAAM,CAAC,sBAAsB,CAAC,EAAE;wBACpE,wBAAwB,CAAC,SAAS,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAA;qBAC1D;iBACF;gBACD,KAAK,MAAM,qBAAqB,IAAI,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,EAAE;oBACrE,KAAK,MAAM,CAAC,QAAQ,EAAE,gBAAgB,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,qBAAqB,CAAC,EAAE;wBAChF,IAAI,CAAC,aAAa,CAAC,SAAS,CAAC,EAAE;4BAC7B,aAAa,CAAC,SAAS,CAAC,GAAG,EAAE,CAAA;yBAC9B;wBACD,IAAI,CAAC,aAAa,CAAC,SAAS,CAAC,CAAC,QAAQ,CAAC,EAAE;4BACvC,aAAa,CAAC,SAAS,CAAC,CAAC,QAAQ,CAAC,GAAG,EAAE,SAAS,EAAE,EAAE,EAAE,CAAA;yBACvD;wBACD,aAAa,CAAC,SAAS,CAAC,CAAC,QAAQ,CAAC,CAAC,SAAS,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAA;qBACpE;iBACF;aACF;YACD,OAAO,aAAa,CAAA;QACtB,CAAC;KAAA;CACF;AAhGD,kDAgGC","sourcesContent":["import { UserEncryptionKeysManager } from './UserEncryptionKeysManager'\nimport { BaseExchangeKeysManager } from './BaseExchangeKeysManager'\nimport { IccDataOwnerXApi } from '../icc-data-owner-x-api'\nimport { CryptoPrimitives } from './CryptoPrimitives'\nimport { CryptoStrategies } from './CryptoStrategies'\nimport { IcureStorageFacade } from '../storage/IcureStorageFacade'\nimport { DataOwnerTypeEnum } from '../../icc-api/model/DataOwnerTypeEnum'\n\ntype CacheValue =\n | {\n encrypted: { [fp: string]: string }[]\n }\n | {\n decrypted: Promise<CryptoKey[]>\n }\n\n/**\n * @internal This class is meant only for internal use and may be changed without notice.\n * More powerful version of {@link BaseExchangeKeysManager} with a simplified interface. Has the following functionalities:\n * - Caches results\n * - Automatically creates new exchange keys if none is available\n * - Automatically choose the public keys to use during the creation of new exchange keys\n * - Automatically retrieves the private keys to use during decryption.\n */\nexport class ExchangeKeysManager {\n private cache: Promise<{ [delegator: string]: { [delegate: string]: CacheValue } }> = Promise.reject(new Error('Cache not initialized'))\n\n get base(): BaseExchangeKeysManager {\n return this.baseExchangeKeysManager\n }\n\n constructor(\n private readonly keyManager: UserEncryptionKeysManager,\n private readonly baseExchangeKeysManager: BaseExchangeKeysManager,\n private readonly dataOwnerApi: IccDataOwnerXApi\n ) {}\n\n /**\n * Get all keys currently available for a delegator-delegate pair. At least one of the two data owners must be part of the hierarchy for the current\n * data owner.\n * @param delegatorId id of a delegator\n * @param delegateId id of a delegate\n * @throws if neither the delegator nor the delegate is part of the hierarchy of the current data owner.\n * @return all available exchange keys from the delegator-delegate pair.\n */\n async getDecryptionExchangeKeysFor(delegatorId: string, delegateId: string): Promise<CryptoKey[]> {\n const cache = await this.cache\n const entry = cache[delegatorId]?.[delegateId]\n if (entry != undefined) {\n if ('decrypted' in entry) {\n return await entry.decrypted\n } else {\n const decryptedPromise = this.decryptChunk(entry.encrypted)\n cache[delegatorId][delegateId] = { decrypted: decryptedPromise }\n return await decryptedPromise\n }\n } else {\n return []\n }\n }\n\n private async decryptChunk(encryptedKeys: { [fp: string]: string }[]): Promise<CryptoKey[]> {\n const decryptionKeys = this.keyManager.getDecryptionKeys()\n return (await this.base.tryDecryptExchangeKeys(encryptedKeys, decryptionKeys)).successfulDecryptions\n }\n\n /**\n * Reloads all exchange keys for the cache.\n */\n async reloadCache(): Promise<void> {\n this.cache = this.doGetCache()\n }\n\n private async doGetCache() {\n const hierarchy = await this.dataOwnerApi.getCurrentDataOwnerHierarchyIds()\n const encryptedKeysDataByHierarchyMember = Object.fromEntries(\n await Promise.all(\n hierarchy.map((doId) =>\n this.base.getAllExchangeKeysWith(doId, null).then(\n (\n res\n ): [\n string,\n {\n keysToOwner: { [p: string]: { [p: string]: { [p: string]: string } } }\n keysFromOwner: { [p: string]: { [p: string]: { [p: string]: string } } }\n }\n ] => [doId, res]\n )\n )\n )\n )\n const encryptedKeys: { [delegator: string]: { [delegate: string]: { encrypted: { [pubFp: string]: string }[] } } } = {}\n for (const [dataOwner, info] of Object.entries(encryptedKeysDataByHierarchyMember)) {\n for (const [delegator, encryptedByDelegatorFp] of Object.entries(info.keysToOwner)) {\n if (!encryptedKeys[delegator]) {\n encryptedKeys[delegator] = {}\n }\n if (!encryptedKeys[delegator][dataOwner]) {\n encryptedKeys[delegator][dataOwner] = { encrypted: [] }\n }\n const keysForDelegatorDelegate = encryptedKeys[delegator][dataOwner]\n for (const encryptedEntries of Object.values(encryptedByDelegatorFp)) {\n keysForDelegatorDelegate.encrypted.push(encryptedEntries)\n }\n }\n for (const encryptedByDelegateId of Object.values(info.keysFromOwner)) {\n for (const [delegate, encryptedEntries] of Object.entries(encryptedByDelegateId)) {\n if (!encryptedKeys[dataOwner]) {\n encryptedKeys[dataOwner] = {}\n }\n if (!encryptedKeys[dataOwner][delegate]) {\n encryptedKeys[dataOwner][delegate] = { encrypted: [] }\n }\n encryptedKeys[dataOwner][delegate].encrypted.push(encryptedEntries)\n }\n }\n }\n return encryptedKeys\n }\n}\n"]}
@@ -1 +1 @@
1
- {"version":3,"file":"TransferKeysManager.js","sourceRoot":"","sources":["../../../icc-x-api/crypto/TransferKeysManager.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,+BAA2C;AAE3C,oCAAiC;AAEjC,sDAA+E;AAC/E,mCAAgJ;AAMhJ;;;GAGG;AACH,MAAa,mBAAmB;IAC9B,YACmB,UAA4B,EAC5B,uBAAgD,EAChD,YAA8B,EAC9B,qBAAgD,EAChD,YAAgC;QAJhC,eAAU,GAAV,UAAU,CAAkB;QAC5B,4BAAuB,GAAvB,uBAAuB,CAAyB;QAChD,iBAAY,GAAZ,YAAY,CAAkB;QAC9B,0BAAqB,GAArB,qBAAqB,CAA2B;QAChD,iBAAY,GAAZ,YAAY,CAAoB;IAChD,CAAC;IAEJ;;;;;;OAMG;IACG,kBAAkB,CAAC,IAA6B;;;YACpD,MAAM,gBAAgB,GAAG,MAAM,IAAI,CAAC,+BAA+B,CAAC,IAAI,CAAC,CAAA;YACzE,IAAI,CAAC,gBAAgB,CAAC,MAAM;gBAAE,OAAM;YACpC,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,EAAG,CAAA;YAC5B,MAAM,aAAa,GAAG,IAAA,oCAA4B,EAAC,IAAI,CAAC,IAAI,EAAE,gBAAU,CAAC,IAAI,CAAC,CAAA;YAC9E,MAAM,uBAAuB,GAAG,IAAA,oCAA4B,EAAC,IAAI,CAAC,IAAI,EAAE,gBAAU,CAAC,MAAM,CAAC,CAAA;YAC1F,MAAM,WAAW,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,qBAAqB,CAAC,mBAAmB,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAA;YACvG,MAAM,2BAA2B,GAAG,KAAK,CAAC,IAAI,CAC5C,IAAI,GAAG,CACL,gBAAgB,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE;YAC7B,+DAA+D;YAC/D,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CACrE,CACF,CACF,CAAA;YACD,MAAM,wBAAwB,GAAG,2BAA2B,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,aAAa,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAA;YAClH,MAAM,kCAAkC,GAAG,2BAA2B,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,uBAAuB,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAA;YACtI,MAAM,mBAAmB,GAAG,MAAM,IAAI,CAAC,uBAAuB,CAAC,kBAAkB,CAC/E,MAAM,EACN,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,qBAAqB,CAAC,mBAAmB,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,EAAuB,EAAE,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,kCAEnI,CAAC,MAAM,IAAA,sBAAc,EAAC,IAAI,CAAC,UAAU,CAAC,GAAG,EAAE,wBAAwB,EAAE,gBAAU,CAAC,IAAI,CAAC,CAAC,GACtF,CAAC,MAAM,IAAA,sBAAc,EAAC,IAAI,CAAC,UAAU,CAAC,GAAG,EAAE,kCAAkC,EAAE,gBAAU,CAAC,MAAM,CAAC,CAAC,EAExG,CAAA;YACD,IAAI,mBAAmB,GAAG,MAAA,IAAI,CAAC,IAAI,CAAC,YAAY,mCAAI,EAAE,CAAA;YACtD,KAAK,MAAM,QAAQ,IAAI,gBAAgB,EAAE;gBACvC,MAAM,oBAAoB,GAAG,MAAM,IAAI,CAAC,kBAAkB,CAAC,QAAQ,CAAC,MAAM,EAAE,mBAAmB,CAAC,WAAW,CAAC,CAAA;gBAC5G,mBAAmB,GAAG,QAAQ,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,WAAW,EAAE,EAAE;;oBACjE,MAAM,YAAY,qBAAQ,CAAC,MAAA,GAAG,CAAC,WAAW,CAAC,mCAAI,EAAE,CAAC,CAAE,CAAA;oBACpD,YAAY,CAAC,QAAQ,CAAC,QAAQ,CAAC,GAAG,oBAAoB,CAAA;oBACtD,GAAG,CAAC,WAAW,CAAC,GAAG,YAAY,CAAA;oBAC/B,OAAO,GAAG,CAAA;gBACZ,CAAC,EAAE,mBAAmB,CAAC,CAAA;aACxB;YACD,MAAM,IAAI,CAAC,YAAY,CAAC,qBAAqB,CAAC;gBAC5C,IAAI,kCACC,IAAI,CAAC,IAAI,KACZ,YAAY,EAAE,mBAAmB,GAClC;gBACD,IAAI,EAAE,IAAI,CAAC,IAAI;aAChB,CAAC,CAAA;;KACH;IAED,gGAAgG;IAClF,kBAAkB,CAAC,WAA+B,EAAE,WAAsB;;YACtF,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,SAAS,CAAC,WAAW,CAAC,UAAU,EAAE,OAAO,CAAC,CAAA;YACxF,OAAO,IAAA,cAAM,EAAC,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC,CAAA;QAC5E,CAAC;KAAA;IAED,iFAAiF;IACjF,6DAA6D;IACrD,wBAAwB,CAAC,OAAe,EAAE,KAA6B;QAC7E,OAAO,MAAM,CAAC,OAAO,CAAC,IAAA,8BAAgB,EAAC,KAAK,CAAC,YAAY,CAAC,CAAC;aACxD,MAAM,CAAC,CAAC,CAAC,IAAI,EAAE,SAAS,CAAC,EAAE,EAAE;;YAC5B,MAAM,SAAS,GAAG,MAAA,KAAK,CAAC,mBAAmB,CAAC,IAAI,CAAC,mCAAI,CAAC,IAAI,CAAC,CAAA;YAC3D,MAAM,iBAAiB,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,WAAC,OAAA,MAAA,KAAK,CAAC,mBAAmB,CAAC,CAAC,CAAC,mCAAI,CAAC,CAAC,CAAC,CAAA,EAAA,CAAC,CAAC,CAAA;YAC5G,OAAO,CAAC,SAAS,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,CAAC,iBAAiB,CAAC,GAAG,CAAC,OAAO,CAAC,CAAA;QACxE,CAAC,CAAC;aACD,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAA;IACrB,CAAC;IAEa,kBAAkB,CAC9B,UAAqC,EACrC,KAA6B;;YAE7B,MAAM,eAAe,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,iBAAiB,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,WAAC,OAAA,MAAA,KAAK,CAAC,2BAA2B,CAAC,CAAC,CAAC,mCAAI,CAAC,CAAA,EAAA,CAAC,CAAC,CAAA;YAClI,MAAM,4BAA4B,GAAG,IAAI,GAAG,CAC1C,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,EAAE,UAAU,CAAC,EAAE,EAAE,CAAC,CAAC,eAAe,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAClI,CAAA;YACD,MAAM,gBAAgB,GAAG,KAAK,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,4BAA4B,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAA;YACxG,MAAM,WAAW,GAAG,IAAI,GAAG,CAAC,UAAU,CAAC,mBAAmB,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAA;YACvF,OAAO,gBAAgB,CAAC,GAAG,CAAC,CAAC,WAAW,EAAE,EAAE;;gBAC1C,MAAM,cAAc,GAAG,MAAA,KAAK,CAAC,mBAAmB,CAAC,WAAW,CAAC,mCAAI,CAAC,WAAW,CAAC,CAAA,CAAC,6CAA6C;gBAC5H,MAAM,oBAAoB,GAAG,MAAA,cAAc,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,mCAAI,WAAW,CAAA;gBAC1F,OAAO,EAAE,WAAW,EAAE,oBAAoB,EAAE,IAAI,EAAE,UAAU,CAAC,wBAAwB,CAAC,oBAAoB,CAAE,CAAC,IAAI,EAAE,CAAA;YACrH,CAAC,CAAC,CAAA;QACJ,CAAC;KAAA;IAED,+DAA+D;IACjD,+BAA+B,CAAC,IAA6B;;YAOzE,MAAM,iBAAiB,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,qBAAqB,CAAC,mBAAmB,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAA;YAC7G,MAAM,CAAC,OAAO,CAAC,MAAM,IAAI,CAAC,YAAY,CAAC,oBAAoB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAG,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,EAAE,QAAQ,CAAC,EAAE,EAAE;gBACtG,IAAI,QAAQ;oBAAE,iBAAiB,CAAC,GAAG,CAAC,IAAA,qBAAa,EAAC,GAAG,CAAC,CAAC,CAAA;YACzD,CAAC,CAAC,CAAA;YACF,IAAI,iBAAiB,CAAC,IAAI,IAAI,CAAC;gBAAE,OAAO,EAAE,CAAA;YAC1C,MAAM,KAAK,GAAG,IAAA,6BAAqB,EAAC,IAAI,CAAC,IAAI,CAAC,CAAA;YAC9C,iGAAiG;YACjG,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,kBAAkB,CAAC,IAAI,CAAC,qBAAqB,EAAE,KAAK,CAAC,CAAA;YACnF,MAAM,GAAG,GAAG,EAAE,CAAA;YACd,KAAK,MAAM,EAAE,WAAW,EAAE,WAAW,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,UAAU,EAAE;gBACtE,4DAA4D;gBAC5D,MAAM,YAAY,GAAG,IAAI,CAAC,wBAAwB,CAAC,WAAW,EAAE,KAAK,CAAC,CAAA;gBACtE,kEAAkE;gBAClE,MAAM,uBAAuB,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC,SAAS,EAAE,EAAE,CAChE,KAAK,CAAC,mBAAmB,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,CAAC,oBAAoB,EAAE,EAAE,CAAC,iBAAiB,CAAC,GAAG,CAAC,oBAAoB,CAAC,CAAC,CACjH,CAAA;gBACD,MAAM,qBAAqB,GAAG,IAAI,GAAG,CAAC,uBAAuB,CAAC,CAAA;gBAC9D,IAAI,qBAAqB,CAAC,IAAI,IAAI,CAAC;oBAAE,SAAQ;gBAC7C,qIAAqI;gBACrI,MAAM,SAAS,GAAG,IAAA,8BAAgB,EAAC,KAAK,CAAC,YAAY,CAAC,CAAA;gBACtD,MAAM,mBAAmB,GAAG,uBAAuB,CAAC,MAAM,CAAC,CAAC,SAAS,EAAE,EAAE,CACvE,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC,qBAAqB,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC,CACrG,CAAA;gBACD,IAAI,mBAAmB,CAAC,MAAM,IAAI,CAAC;oBAAE,MAAM,IAAI,KAAK,CAAC,kEAAkE,CAAC,CAAA;gBACxH,kJAAkJ;gBAClJ,OAAO;gBACP,MAAM,2BAA2B,GAAG,mBAAmB,CAAC,GAAG,CAAC,CAAC,SAAS,EAAE,EAAE;oBACxE,MAAM,GAAG,GAAG,KAAK,CAAC,mBAAmB,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,CAAC,aAAa,EAAE,EAAE,CAAC,iBAAiB,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC,CAAA;oBAC9G,IAAI,CAAC,GAAG;wBAAE,MAAM,IAAI,KAAK,CAAC,kFAAkF,CAAC,CAAA;oBAC7G,OAAO,GAAG,CAAA;gBACZ,CAAC,CAAC,CAAA;gBACF,GAAG,CAAC,IAAI,CAAC;oBACP,OAAO,EAAE,2BAA2B;oBACpC,MAAM,EAAE,SAAS;oBACjB,QAAQ,EAAE,WAAW;iBACtB,CAAC,CAAA;aACH;YACD,OAAO,GAAG,CAAA;QACZ,CAAC;KAAA;CACF;AA9ID,kDA8IC","sourcesContent":["import { KeyPair, ShaVersion } from './RSA'\nimport { IccDataOwnerXApi } from '../icc-data-owner-x-api'\nimport { ua2hex } from '../utils'\nimport { UserEncryptionKeysManager } from './UserEncryptionKeysManager'\nimport { reachSetsAcyclic, StronglyConnectedGraph } from '../utils/graph-utils'\nimport { fingerprintToPublicKeysMapOf, fingerprintV1, loadPublicKeys, transferKeysFpGraphOf, fingerprintIsV1, fingerprintV1toV2 } from './utils'\nimport { CryptoPrimitives } from './CryptoPrimitives'\nimport { IcureStorageFacade } from '../storage/IcureStorageFacade'\nimport { BaseExchangeDataManager } from './BaseExchangeDataManager'\nimport { CryptoActorStubWithType } from '../../icc-api/model/CryptoActorStub'\n\n/**\n * @internal this class is intended only for internal use and may be changed without notice.\n * Allows to create new transfer keys.\n */\nexport class TransferKeysManager {\n constructor(\n private readonly primitives: CryptoPrimitives,\n private readonly baseExchangeDataManager: BaseExchangeDataManager,\n private readonly dataOwnerApi: IccDataOwnerXApi,\n private readonly encryptionKeysManager: UserEncryptionKeysManager,\n private readonly icureStorage: IcureStorageFacade\n ) {}\n\n /**\n * Analyses the transfer keys graph and creates new transfer keys which allow to improve data accessibility from other devices.\n * For security reasons transfer keys will only be created between keys verified by the user, but this will be done ignoring any existing edges from\n * unverified keys to verified keys.\n * @param self the current data owner.\n * @return the updated data owner.\n */\n async updateTransferKeys(self: CryptoActorStubWithType): Promise<void> {\n const newEdgesByTarget = await this.getNewVerifiedTransferKeysEdges(self)\n if (!newEdgesByTarget.length) return\n const selfId = self.stub.id!\n const fpToPublicKey = fingerprintToPublicKeysMapOf(self.stub, ShaVersion.Sha1)\n const fpToPublicKeyWithSha256 = fingerprintToPublicKeysMapOf(self.stub, ShaVersion.Sha256)\n const verifiedFps = new Set(this.encryptionKeysManager.getSelfVerifiedKeys().map((x) => x.fingerprint))\n const allVerifiedSourcesAndTarget = Array.from(\n new Set(\n newEdgesByTarget.flatMap((x) =>\n // Sources are guaranteed to be verified, but target may not be\n verifiedFps.has(x.targetFp) ? [x.targetFp, ...x.sources] : x.sources\n )\n )\n )\n const newExchangeKeyPublicKeys = allVerifiedSourcesAndTarget.map((fp) => fpToPublicKey[fp]).filter((key) => !!key)\n const newExchangeKeyPublicKeysWithSha256 = allVerifiedSourcesAndTarget.map((fp) => fpToPublicKeyWithSha256[fp]).filter((key) => !!key)\n const createdExchangeData = await this.baseExchangeDataManager.createExchangeData(\n selfId,\n Object.fromEntries(this.encryptionKeysManager.getSelfVerifiedKeys().map((x): [string, CryptoKey] => [x.fingerprint, x.pair.privateKey])),\n {\n ...(await loadPublicKeys(this.primitives.RSA, newExchangeKeyPublicKeys, ShaVersion.Sha1)),\n ...(await loadPublicKeys(this.primitives.RSA, newExchangeKeyPublicKeysWithSha256, ShaVersion.Sha256)),\n }\n )\n let updatedTransferKeys = self.stub.transferKeys ?? {}\n for (const newEdges of newEdgesByTarget) {\n const encryptedTransferKey = await this.encryptTransferKey(newEdges.target, createdExchangeData.exchangeKey)\n updatedTransferKeys = newEdges.sources.reduce((acc, candidateFp) => {\n const existingKeys = { ...(acc[candidateFp] ?? {}) }\n existingKeys[newEdges.targetFp] = encryptedTransferKey\n acc[candidateFp] = existingKeys\n return acc\n }, updatedTransferKeys)\n }\n await this.dataOwnerApi.modifyCryptoActorStub({\n stub: {\n ...self.stub,\n transferKeys: updatedTransferKeys,\n },\n type: self.type,\n })\n }\n\n // encrypts a transfer key in pkcs8 format using an exchange key, returns the hex representation\n private async encryptTransferKey(transferKey: KeyPair<CryptoKey>, exchangeKey: CryptoKey): Promise<string> {\n const exportedKey = await this.primitives.RSA.exportKey(transferKey.privateKey, 'pkcs8')\n return ua2hex(await this.primitives.AES.encrypt(exchangeKey, exportedKey))\n }\n\n // all public keys would go to the stored keys -> no need for specifying the key.\n // Result only includes the acyclic label, not the full group\n private transferKeysCandidatesFp(keyToFp: string, graph: StronglyConnectedGraph): string[] {\n return Object.entries(reachSetsAcyclic(graph.acyclicGraph))\n .filter(([from, reachable]) => {\n const currGroup = graph.acyclicLabelToGroup[from] ?? [from]\n const reachableOriginal = new Set(Array.from(reachable).flatMap((x) => graph.acyclicLabelToGroup[x] ?? [x]))\n return !currGroup.includes(keyToFp) && !reachableOriginal.has(keyToFp)\n })\n .map((x) => x[0])\n }\n\n private async transferTargetKeys(\n keyManager: UserEncryptionKeysManager,\n graph: StronglyConnectedGraph\n ): Promise<{ fingerprint: string; pair: KeyPair<CryptoKey> }[]> {\n const availableGroups = new Set(Object.keys(keyManager.getDecryptionKeys()).map((x) => graph.originalLabelToAcyclicLabel[x] ?? x))\n const groupsReachableFromAvailable = new Set(\n Object.entries(graph.acyclicGraph).flatMap(([source, reachables]) => (availableGroups.has(source) ? Array.from(reachables) : []))\n )\n const targetCandidates = Array.from(availableGroups).filter((x) => !groupsReachableFromAvailable.has(x))\n const verifiedFps = new Set(keyManager.getSelfVerifiedKeys().map((x) => x.fingerprint))\n return targetCandidates.map((candidateFp) => {\n const candidateGroup = graph.acyclicLabelToGroup[candidateFp] ?? [candidateFp] // May not be part of transfer keys graph yet\n const bestCandidateOfGroup = candidateGroup.find((x) => verifiedFps.has(x)) ?? candidateFp\n return { fingerprint: bestCandidateOfGroup, pair: keyManager.getKeyPairForFingerprint(bestCandidateOfGroup)!.pair }\n })\n }\n\n // Decides the best edges considering the verified public keys.\n private async getNewVerifiedTransferKeysEdges(self: CryptoActorStubWithType): Promise<\n {\n sources: string[]\n target: KeyPair<CryptoKey>\n targetFp: string\n }[]\n > {\n const verifiedKeysFpSet = new Set(this.encryptionKeysManager.getSelfVerifiedKeys().map((x) => x.fingerprint))\n Object.entries(await this.icureStorage.loadSelfVerifiedKeys(self.stub.id!)).forEach(([key, verified]) => {\n if (verified) verifiedKeysFpSet.add(fingerprintV1(key))\n })\n if (verifiedKeysFpSet.size == 0) return []\n const graph = transferKeysFpGraphOf(self.stub)\n // 1. Choose keys available in this device which should be reachable from all other verified keys\n const targetKeys = await this.transferTargetKeys(this.encryptionKeysManager, graph)\n const res = []\n for (const { fingerprint: targetKeyFp, pair: targetKey } of targetKeys) {\n // 2. Find groups which can't reach the existing target keys\n const candidatesFp = this.transferKeysCandidatesFp(targetKeyFp, graph)\n // 3. Keep only groups which contain at least a verified candidate\n const verifiedGroupCandidates = candidatesFp.filter((candidate) =>\n graph.acyclicLabelToGroup[candidate].some((candidateGroupMember) => verifiedKeysFpSet.has(candidateGroupMember))\n )\n const verifiedCandidatesSet = new Set(verifiedGroupCandidates)\n if (verifiedCandidatesSet.size == 0) continue\n // 4. Drop all candidates which can already reach another candidate group: it is sufficient to create a transfer key from that group.\n const reachSets = reachSetsAcyclic(graph.acyclicGraph)\n const optimizedCandidates = verifiedGroupCandidates.filter((candidate) =>\n Array.from(reachSets[candidate]).every((reachableNode) => !verifiedCandidatesSet.has(reachableNode))\n )\n if (optimizedCandidates.length == 0) throw new Error('Check failed: at least one candidate should survive optimization')\n // 5. Transfer keys could also be faked: to make sure we are not giving access to unauthorised people we remap the candidates to a verified public\n // keys\n const verifiedOptimizedCandidates = optimizedCandidates.map((candidate) => {\n const res = graph.acyclicLabelToGroup[candidate].find((groupMemberFp) => verifiedKeysFpSet.has(groupMemberFp))\n if (!res) throw new Error('Check failed: optimized candidates groups should have at least a verified member')\n return res\n })\n res.push({\n sources: verifiedOptimizedCandidates,\n target: targetKey,\n targetFp: targetKeyFp,\n })\n }\n return res\n }\n}\n"]}
1
+ {"version":3,"file":"TransferKeysManager.js","sourceRoot":"","sources":["../../../icc-x-api/crypto/TransferKeysManager.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,+BAA2C;AAE3C,oCAAiC;AAEjC,sDAA+E;AAC/E,mCAAgJ;AAMhJ;;;GAGG;AACH,MAAa,mBAAmB;IAC9B,YACmB,UAA4B,EAC5B,uBAAgD,EAChD,YAA8B,EAC9B,qBAAgD,EAChD,YAAgC;QAJhC,eAAU,GAAV,UAAU,CAAkB;QAC5B,4BAAuB,GAAvB,uBAAuB,CAAyB;QAChD,iBAAY,GAAZ,YAAY,CAAkB;QAC9B,0BAAqB,GAArB,qBAAqB,CAA2B;QAChD,iBAAY,GAAZ,YAAY,CAAoB;IAChD,CAAC;IAEJ;;;;;;OAMG;IACG,kBAAkB,CAAC,IAA6B;;;YACpD,MAAM,gBAAgB,GAAG,MAAM,IAAI,CAAC,+BAA+B,CAAC,IAAI,CAAC,CAAA;YACzE,IAAI,CAAC,gBAAgB,CAAC,MAAM;gBAAE,OAAM;YACpC,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,EAAG,CAAA;YAC5B,MAAM,aAAa,GAAG,IAAA,oCAA4B,EAAC,IAAI,CAAC,IAAI,EAAE,gBAAU,CAAC,IAAI,CAAC,CAAA;YAC9E,MAAM,uBAAuB,GAAG,IAAA,oCAA4B,EAAC,IAAI,CAAC,IAAI,EAAE,gBAAU,CAAC,MAAM,CAAC,CAAA;YAC1F,MAAM,WAAW,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,qBAAqB,CAAC,mBAAmB,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAA;YACvG,MAAM,2BAA2B,GAAG,KAAK,CAAC,IAAI,CAC5C,IAAI,GAAG,CACL,gBAAgB,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE;YAC7B,+DAA+D;YAC/D,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CACrE,CACF,CACF,CAAA;YACD,MAAM,wBAAwB,GAAG,2BAA2B,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,aAAa,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAA;YAClH,MAAM,kCAAkC,GAAG,2BAA2B,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,uBAAuB,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAA;YACtI,MAAM,mBAAmB,GAAG,MAAM,IAAI,CAAC,uBAAuB,CAAC,kBAAkB,CAC/E,MAAM,EACN,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,qBAAqB,CAAC,mBAAmB,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,EAAuB,EAAE,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,kCAEnI,CAAC,MAAM,IAAA,sBAAc,EAAC,IAAI,CAAC,UAAU,CAAC,GAAG,EAAE,wBAAwB,EAAE,gBAAU,CAAC,IAAI,CAAC,CAAC,GACtF,CAAC,MAAM,IAAA,sBAAc,EAAC,IAAI,CAAC,UAAU,CAAC,GAAG,EAAE,kCAAkC,EAAE,gBAAU,CAAC,MAAM,CAAC,CAAC,EAExG,CAAA;YACD,IAAI,mBAAmB,GAAG,MAAA,IAAI,CAAC,IAAI,CAAC,YAAY,mCAAI,EAAE,CAAA;YACtD,KAAK,MAAM,QAAQ,IAAI,gBAAgB,EAAE;gBACvC,MAAM,oBAAoB,GAAG,MAAM,IAAI,CAAC,kBAAkB,CAAC,QAAQ,CAAC,MAAM,EAAE,mBAAmB,CAAC,WAAW,CAAC,CAAA;gBAC5G,mBAAmB,GAAG,QAAQ,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,WAAW,EAAE,EAAE;;oBACjE,MAAM,YAAY,qBAAQ,CAAC,MAAA,GAAG,CAAC,WAAW,CAAC,mCAAI,EAAE,CAAC,CAAE,CAAA;oBACpD,YAAY,CAAC,QAAQ,CAAC,QAAQ,CAAC,GAAG,oBAAoB,CAAA;oBACtD,GAAG,CAAC,WAAW,CAAC,GAAG,YAAY,CAAA;oBAC/B,OAAO,GAAG,CAAA;gBACZ,CAAC,EAAE,mBAAmB,CAAC,CAAA;aACxB;YACD,MAAM,IAAI,CAAC,YAAY,CAAC,qBAAqB,CAAC;gBAC5C,IAAI,kCACC,IAAI,CAAC,IAAI,KACZ,YAAY,EAAE,mBAAmB,GAClC;gBACD,IAAI,EAAE,IAAI,CAAC,IAAI;aAChB,CAAC,CAAA;;KACH;IAED,gGAAgG;IAClF,kBAAkB,CAAC,WAA+B,EAAE,WAAsB;;YACtF,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,SAAS,CAAC,WAAW,CAAC,UAAU,EAAE,OAAO,CAAC,CAAA;YACxF,OAAO,IAAA,cAAM,EAAC,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC,CAAA;QAC5E,CAAC;KAAA;IAED,iFAAiF;IACjF,6DAA6D;IACrD,wBAAwB,CAAC,OAAe,EAAE,KAA6B;QAC7E,OAAO,MAAM,CAAC,OAAO,CAAC,IAAA,8BAAgB,EAAC,KAAK,CAAC,YAAY,CAAC,CAAC;aACxD,MAAM,CAAC,CAAC,CAAC,IAAI,EAAE,SAAS,CAAC,EAAE,EAAE;;YAC5B,MAAM,SAAS,GAAa,MAAA,KAAK,CAAC,mBAAmB,CAAC,IAAI,CAAC,mCAAI,CAAC,IAAI,CAAC,CAAA;YACrE,MAAM,iBAAiB,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,WAAC,OAAA,MAAA,KAAK,CAAC,mBAAmB,CAAC,CAAC,CAAC,mCAAI,CAAC,CAAC,CAAC,CAAA,EAAA,CAAC,CAAC,CAAA;YAC5G,OAAO,CAAC,SAAS,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,CAAC,iBAAiB,CAAC,GAAG,CAAC,OAAO,CAAC,CAAA;QACxE,CAAC,CAAC;aACD,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAA;IACrB,CAAC;IAEa,kBAAkB,CAC9B,UAAqC,EACrC,KAA6B;;YAE7B,MAAM,eAAe,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,iBAAiB,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,WAAC,OAAA,MAAA,KAAK,CAAC,2BAA2B,CAAC,CAAC,CAAC,mCAAI,CAAC,CAAA,EAAA,CAAC,CAAC,CAAA;YAClI,MAAM,4BAA4B,GAAG,IAAI,GAAG,CAC1C,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,EAAE,UAAU,CAAC,EAAE,EAAE,CAAC,CAAC,eAAe,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAClI,CAAA;YACD,MAAM,gBAAgB,GAAG,KAAK,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,4BAA4B,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAA;YACxG,MAAM,WAAW,GAAG,IAAI,GAAG,CAAC,UAAU,CAAC,mBAAmB,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAA;YACvF,OAAO,gBAAgB,CAAC,GAAG,CAAC,CAAC,WAAW,EAAE,EAAE;;gBAC1C,MAAM,cAAc,GAAG,MAAA,KAAK,CAAC,mBAAmB,CAAC,WAAW,CAAC,mCAAI,CAAC,WAAW,CAAC,CAAA,CAAC,6CAA6C;gBAC5H,MAAM,oBAAoB,GAAG,MAAA,cAAc,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,mCAAI,WAAW,CAAA;gBAC1F,OAAO,EAAE,WAAW,EAAE,oBAAoB,EAAE,IAAI,EAAE,UAAU,CAAC,wBAAwB,CAAC,oBAAoB,CAAE,CAAC,IAAI,EAAE,CAAA;YACrH,CAAC,CAAC,CAAA;QACJ,CAAC;KAAA;IAED,+DAA+D;IACjD,+BAA+B,CAAC,IAA6B;;YAOzE,MAAM,iBAAiB,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,qBAAqB,CAAC,mBAAmB,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAA;YAC7G,MAAM,CAAC,OAAO,CAAC,MAAM,IAAI,CAAC,YAAY,CAAC,oBAAoB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAG,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,EAAE,QAAQ,CAAC,EAAE,EAAE;gBACtG,IAAI,QAAQ;oBAAE,iBAAiB,CAAC,GAAG,CAAC,IAAA,qBAAa,EAAC,GAAG,CAAC,CAAC,CAAA;YACzD,CAAC,CAAC,CAAA;YACF,IAAI,iBAAiB,CAAC,IAAI,IAAI,CAAC;gBAAE,OAAO,EAAE,CAAA;YAC1C,MAAM,KAAK,GAAG,IAAA,6BAAqB,EAAC,IAAI,CAAC,IAAI,CAAC,CAAA;YAC9C,iGAAiG;YACjG,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,kBAAkB,CAAC,IAAI,CAAC,qBAAqB,EAAE,KAAK,CAAC,CAAA;YACnF,MAAM,GAAG,GAAG,EAAE,CAAA;YACd,KAAK,MAAM,EAAE,WAAW,EAAE,WAAW,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,UAAU,EAAE;gBACtE,4DAA4D;gBAC5D,MAAM,YAAY,GAAG,IAAI,CAAC,wBAAwB,CAAC,WAAW,EAAE,KAAK,CAAC,CAAA;gBACtE,kEAAkE;gBAClE,MAAM,uBAAuB,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC,SAAS,EAAE,EAAE,CAChE,KAAK,CAAC,mBAAmB,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,CAAC,oBAAoB,EAAE,EAAE,CAAC,iBAAiB,CAAC,GAAG,CAAC,oBAAoB,CAAC,CAAC,CACjH,CAAA;gBACD,MAAM,qBAAqB,GAAG,IAAI,GAAG,CAAC,uBAAuB,CAAC,CAAA;gBAC9D,IAAI,qBAAqB,CAAC,IAAI,IAAI,CAAC;oBAAE,SAAQ;gBAC7C,qIAAqI;gBACrI,MAAM,SAAS,GAAG,IAAA,8BAAgB,EAAC,KAAK,CAAC,YAAY,CAAC,CAAA;gBACtD,MAAM,mBAAmB,GAAG,uBAAuB,CAAC,MAAM,CAAC,CAAC,SAAS,EAAE,EAAE,CACvE,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC,qBAAqB,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC,CACrG,CAAA;gBACD,IAAI,mBAAmB,CAAC,MAAM,IAAI,CAAC;oBAAE,MAAM,IAAI,KAAK,CAAC,kEAAkE,CAAC,CAAA;gBACxH,kJAAkJ;gBAClJ,OAAO;gBACP,MAAM,2BAA2B,GAAG,mBAAmB,CAAC,GAAG,CAAC,CAAC,SAAS,EAAE,EAAE;oBACxE,MAAM,GAAG,GAAG,KAAK,CAAC,mBAAmB,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,CAAC,aAAa,EAAE,EAAE,CAAC,iBAAiB,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC,CAAA;oBAC9G,IAAI,CAAC,GAAG;wBAAE,MAAM,IAAI,KAAK,CAAC,kFAAkF,CAAC,CAAA;oBAC7G,OAAO,GAAG,CAAA;gBACZ,CAAC,CAAC,CAAA;gBACF,GAAG,CAAC,IAAI,CAAC;oBACP,OAAO,EAAE,2BAA2B;oBACpC,MAAM,EAAE,SAAS;oBACjB,QAAQ,EAAE,WAAW;iBACtB,CAAC,CAAA;aACH;YACD,OAAO,GAAG,CAAA;QACZ,CAAC;KAAA;CACF;AA9ID,kDA8IC","sourcesContent":["import { KeyPair, ShaVersion } from './RSA'\nimport { IccDataOwnerXApi } from '../icc-data-owner-x-api'\nimport { ua2hex } from '../utils'\nimport { UserEncryptionKeysManager } from './UserEncryptionKeysManager'\nimport { reachSetsAcyclic, StronglyConnectedGraph } from '../utils/graph-utils'\nimport { fingerprintToPublicKeysMapOf, fingerprintV1, loadPublicKeys, transferKeysFpGraphOf, fingerprintIsV1, fingerprintV1toV2 } from './utils'\nimport { CryptoPrimitives } from './CryptoPrimitives'\nimport { IcureStorageFacade } from '../storage/IcureStorageFacade'\nimport { BaseExchangeDataManager } from './BaseExchangeDataManager'\nimport { CryptoActorStubWithType } from '../../icc-api/model/CryptoActorStub'\n\n/**\n * @internal this class is intended only for internal use and may be changed without notice.\n * Allows to create new transfer keys.\n */\nexport class TransferKeysManager {\n constructor(\n private readonly primitives: CryptoPrimitives,\n private readonly baseExchangeDataManager: BaseExchangeDataManager,\n private readonly dataOwnerApi: IccDataOwnerXApi,\n private readonly encryptionKeysManager: UserEncryptionKeysManager,\n private readonly icureStorage: IcureStorageFacade\n ) {}\n\n /**\n * Analyses the transfer keys graph and creates new transfer keys which allow to improve data accessibility from other devices.\n * For security reasons transfer keys will only be created between keys verified by the user, but this will be done ignoring any existing edges from\n * unverified keys to verified keys.\n * @param self the current data owner.\n * @return the updated data owner.\n */\n async updateTransferKeys(self: CryptoActorStubWithType): Promise<void> {\n const newEdgesByTarget = await this.getNewVerifiedTransferKeysEdges(self)\n if (!newEdgesByTarget.length) return\n const selfId = self.stub.id!\n const fpToPublicKey = fingerprintToPublicKeysMapOf(self.stub, ShaVersion.Sha1)\n const fpToPublicKeyWithSha256 = fingerprintToPublicKeysMapOf(self.stub, ShaVersion.Sha256)\n const verifiedFps = new Set(this.encryptionKeysManager.getSelfVerifiedKeys().map((x) => x.fingerprint))\n const allVerifiedSourcesAndTarget = Array.from(\n new Set(\n newEdgesByTarget.flatMap((x) =>\n // Sources are guaranteed to be verified, but target may not be\n verifiedFps.has(x.targetFp) ? [x.targetFp, ...x.sources] : x.sources\n )\n )\n )\n const newExchangeKeyPublicKeys = allVerifiedSourcesAndTarget.map((fp) => fpToPublicKey[fp]).filter((key) => !!key)\n const newExchangeKeyPublicKeysWithSha256 = allVerifiedSourcesAndTarget.map((fp) => fpToPublicKeyWithSha256[fp]).filter((key) => !!key)\n const createdExchangeData = await this.baseExchangeDataManager.createExchangeData(\n selfId,\n Object.fromEntries(this.encryptionKeysManager.getSelfVerifiedKeys().map((x): [string, CryptoKey] => [x.fingerprint, x.pair.privateKey])),\n {\n ...(await loadPublicKeys(this.primitives.RSA, newExchangeKeyPublicKeys, ShaVersion.Sha1)),\n ...(await loadPublicKeys(this.primitives.RSA, newExchangeKeyPublicKeysWithSha256, ShaVersion.Sha256)),\n }\n )\n let updatedTransferKeys = self.stub.transferKeys ?? {}\n for (const newEdges of newEdgesByTarget) {\n const encryptedTransferKey = await this.encryptTransferKey(newEdges.target, createdExchangeData.exchangeKey)\n updatedTransferKeys = newEdges.sources.reduce((acc, candidateFp) => {\n const existingKeys = { ...(acc[candidateFp] ?? {}) }\n existingKeys[newEdges.targetFp] = encryptedTransferKey\n acc[candidateFp] = existingKeys\n return acc\n }, updatedTransferKeys)\n }\n await this.dataOwnerApi.modifyCryptoActorStub({\n stub: {\n ...self.stub,\n transferKeys: updatedTransferKeys,\n },\n type: self.type,\n })\n }\n\n // encrypts a transfer key in pkcs8 format using an exchange key, returns the hex representation\n private async encryptTransferKey(transferKey: KeyPair<CryptoKey>, exchangeKey: CryptoKey): Promise<string> {\n const exportedKey = await this.primitives.RSA.exportKey(transferKey.privateKey, 'pkcs8')\n return ua2hex(await this.primitives.AES.encrypt(exchangeKey, exportedKey))\n }\n\n // all public keys would go to the stored keys -> no need for specifying the key.\n // Result only includes the acyclic label, not the full group\n private transferKeysCandidatesFp(keyToFp: string, graph: StronglyConnectedGraph): string[] {\n return Object.entries(reachSetsAcyclic(graph.acyclicGraph))\n .filter(([from, reachable]) => {\n const currGroup: string[] = graph.acyclicLabelToGroup[from] ?? [from]\n const reachableOriginal = new Set(Array.from(reachable).flatMap((x) => graph.acyclicLabelToGroup[x] ?? [x]))\n return !currGroup.includes(keyToFp) && !reachableOriginal.has(keyToFp)\n })\n .map((x) => x[0])\n }\n\n private async transferTargetKeys(\n keyManager: UserEncryptionKeysManager,\n graph: StronglyConnectedGraph\n ): Promise<{ fingerprint: string; pair: KeyPair<CryptoKey> }[]> {\n const availableGroups = new Set(Object.keys(keyManager.getDecryptionKeys()).map((x) => graph.originalLabelToAcyclicLabel[x] ?? x))\n const groupsReachableFromAvailable = new Set(\n Object.entries(graph.acyclicGraph).flatMap(([source, reachables]) => (availableGroups.has(source) ? Array.from(reachables) : []))\n )\n const targetCandidates = Array.from(availableGroups).filter((x) => !groupsReachableFromAvailable.has(x))\n const verifiedFps = new Set(keyManager.getSelfVerifiedKeys().map((x) => x.fingerprint))\n return targetCandidates.map((candidateFp) => {\n const candidateGroup = graph.acyclicLabelToGroup[candidateFp] ?? [candidateFp] // May not be part of transfer keys graph yet\n const bestCandidateOfGroup = candidateGroup.find((x) => verifiedFps.has(x)) ?? candidateFp\n return { fingerprint: bestCandidateOfGroup, pair: keyManager.getKeyPairForFingerprint(bestCandidateOfGroup)!.pair }\n })\n }\n\n // Decides the best edges considering the verified public keys.\n private async getNewVerifiedTransferKeysEdges(self: CryptoActorStubWithType): Promise<\n {\n sources: string[]\n target: KeyPair<CryptoKey>\n targetFp: string\n }[]\n > {\n const verifiedKeysFpSet = new Set(this.encryptionKeysManager.getSelfVerifiedKeys().map((x) => x.fingerprint))\n Object.entries(await this.icureStorage.loadSelfVerifiedKeys(self.stub.id!)).forEach(([key, verified]) => {\n if (verified) verifiedKeysFpSet.add(fingerprintV1(key))\n })\n if (verifiedKeysFpSet.size == 0) return []\n const graph = transferKeysFpGraphOf(self.stub)\n // 1. Choose keys available in this device which should be reachable from all other verified keys\n const targetKeys = await this.transferTargetKeys(this.encryptionKeysManager, graph)\n const res = []\n for (const { fingerprint: targetKeyFp, pair: targetKey } of targetKeys) {\n // 2. Find groups which can't reach the existing target keys\n const candidatesFp = this.transferKeysCandidatesFp(targetKeyFp, graph)\n // 3. Keep only groups which contain at least a verified candidate\n const verifiedGroupCandidates = candidatesFp.filter((candidate) =>\n graph.acyclicLabelToGroup[candidate].some((candidateGroupMember) => verifiedKeysFpSet.has(candidateGroupMember))\n )\n const verifiedCandidatesSet = new Set(verifiedGroupCandidates)\n if (verifiedCandidatesSet.size == 0) continue\n // 4. Drop all candidates which can already reach another candidate group: it is sufficient to create a transfer key from that group.\n const reachSets = reachSetsAcyclic(graph.acyclicGraph)\n const optimizedCandidates = verifiedGroupCandidates.filter((candidate) =>\n Array.from(reachSets[candidate]).every((reachableNode) => !verifiedCandidatesSet.has(reachableNode))\n )\n if (optimizedCandidates.length == 0) throw new Error('Check failed: at least one candidate should survive optimization')\n // 5. Transfer keys could also be faked: to make sure we are not giving access to unauthorised people we remap the candidates to a verified public\n // keys\n const verifiedOptimizedCandidates = optimizedCandidates.map((candidate) => {\n const res = graph.acyclicLabelToGroup[candidate].find((groupMemberFp) => verifiedKeysFpSet.has(groupMemberFp))\n if (!res) throw new Error('Check failed: optimized candidates groups should have at least a verified member')\n return res\n })\n res.push({\n sources: verifiedOptimizedCandidates,\n target: targetKey,\n targetFp: targetKeyFp,\n })\n }\n return res\n }\n}\n"]}
@@ -79,6 +79,10 @@ export declare class IccContactXApi extends IccContactApi implements EncryptedEn
79
79
  * startDate and endDate in ascending or descending order by that field. (default: ascending).
80
80
  */
81
81
  findIdsBy(hcpartyId: string, patient: models.Patient, startDate?: number, endDate?: number, descending?: boolean): Promise<string[]>;
82
+ /**
83
+ * @deprecated Unused method, bugged: won't work if `hcpartyId` is not the parent hcp and doesn't decrypt contacts.
84
+ * Will be permanently removed in version 8.2.0
85
+ */
82
86
  findByPatientSFKs(hcpartyId: string, patients: Array<models.Patient>): Promise<Array<models.Contact>>;
83
87
  filterBy(startKey?: string, startDocumentId?: string, limit?: number, body?: models.FilterChainContact): never;
84
88
  listContactsByOpeningDate(startDate: number, endDate: number, hcpartyid: string, startKey?: string, startDocumentId?: string, limit?: number): never;
@@ -146,6 +146,10 @@ class IccContactXApi extends icc_api_1.IccContactApi {
146
146
  : Promise.resolve([]));
147
147
  });
148
148
  }
149
+ /**
150
+ * @deprecated Unused method, bugged: won't work if `hcpartyId` is not the parent hcp and doesn't decrypt contacts.
151
+ * Will be permanently removed in version 8.2.0
152
+ */
149
153
  findByPatientSFKs(hcpartyId, patients) {
150
154
  return __awaiter(this, void 0, void 0, function* () {
151
155
  const perHcpId = {};