@icure/api 8.1.8 → 8.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/icc-api/model/RouteOfAdministration.d.ts +0 -1
- package/icc-api/model/RouteOfAdministration.js.map +1 -1
- package/icc-api/model/Vmp.d.ts +0 -2
- package/icc-api/model/Vmp.js.map +1 -1
- package/icc-api/model/VmpGroup.d.ts +0 -2
- package/icc-api/model/VmpGroup.js.map +1 -1
- package/icc-api/model/internal/ExchangeData.d.ts +1 -1
- package/icc-api/model/internal/ExchangeData.js +1 -7
- package/icc-api/model/internal/ExchangeData.js.map +1 -1
- package/icc-x-api/crypto/BaseExchangeDataManager.d.ts +19 -9
- package/icc-x-api/crypto/BaseExchangeDataManager.js +27 -6
- package/icc-x-api/crypto/BaseExchangeDataManager.js.map +1 -1
- package/icc-x-api/crypto/CryptoStrategies.d.ts +2 -1
- package/icc-x-api/crypto/CryptoStrategies.js.map +1 -1
- package/icc-x-api/crypto/DelegationsDeAnonymization.js +1 -1
- package/icc-x-api/crypto/DelegationsDeAnonymization.js.map +1 -1
- package/icc-x-api/crypto/ExchangeDataManager.d.ts +25 -2
- package/icc-x-api/crypto/ExchangeDataManager.js +98 -5
- package/icc-x-api/crypto/ExchangeDataManager.js.map +1 -1
- package/icc-x-api/crypto/ExtendedApisUtils.d.ts +3 -1
- package/icc-x-api/crypto/ExtendedApisUtils.js.map +1 -1
- package/icc-x-api/crypto/ExtendedApisUtilsImpl.d.ts +1 -1
- package/icc-x-api/crypto/ExtendedApisUtilsImpl.js +3 -3
- package/icc-x-api/crypto/ExtendedApisUtilsImpl.js.map +1 -1
- package/icc-x-api/crypto/SecureDelegationsManager.d.ts +3 -1
- package/icc-x-api/crypto/SecureDelegationsManager.js +10 -6
- package/icc-x-api/crypto/SecureDelegationsManager.js.map +1 -1
- package/icc-x-api/crypto/ShamirKeysManager.js +1 -1
- package/icc-x-api/crypto/ShamirKeysManager.js.map +1 -1
- package/icc-x-api/crypto/UserEncryptionKeysManager.js +4 -0
- package/icc-x-api/crypto/UserEncryptionKeysManager.js.map +1 -1
- package/icc-x-api/crypto/utils.js +1 -1
- package/icc-x-api/crypto/utils.js.map +1 -1
- package/icc-x-api/icc-accesslog-x-api.d.ts +6 -0
- package/icc-x-api/icc-accesslog-x-api.js +6 -2
- package/icc-x-api/icc-accesslog-x-api.js.map +1 -1
- package/icc-x-api/icc-bekmehr-x-api.js +1 -1
- package/icc-x-api/icc-bekmehr-x-api.js.map +1 -1
- package/icc-x-api/icc-calendar-item-x-api.d.ts +4 -0
- package/icc-x-api/icc-calendar-item-x-api.js +3 -1
- package/icc-x-api/icc-calendar-item-x-api.js.map +1 -1
- package/icc-x-api/icc-classification-x-api.d.ts +3 -0
- package/icc-x-api/icc-classification-x-api.js +3 -1
- package/icc-x-api/icc-classification-x-api.js.map +1 -1
- package/icc-x-api/icc-contact-x-api.d.ts +3 -0
- package/icc-x-api/icc-contact-x-api.js +3 -1
- package/icc-x-api/icc-contact-x-api.js.map +1 -1
- package/icc-x-api/icc-crypto-x-api.d.ts +29 -0
- package/icc-x-api/icc-crypto-x-api.js +36 -0
- package/icc-x-api/icc-crypto-x-api.js.map +1 -1
- package/icc-x-api/icc-document-x-api.d.ts +3 -0
- package/icc-x-api/icc-document-x-api.js +3 -1
- package/icc-x-api/icc-document-x-api.js.map +1 -1
- package/icc-x-api/icc-form-x-api.d.ts +3 -0
- package/icc-x-api/icc-form-x-api.js +3 -1
- package/icc-x-api/icc-form-x-api.js.map +1 -1
- package/icc-x-api/icc-helement-x-api.d.ts +3 -0
- package/icc-x-api/icc-helement-x-api.js +3 -1
- package/icc-x-api/icc-helement-x-api.js.map +1 -1
- package/icc-x-api/icc-invoice-x-api.d.ts +3 -0
- package/icc-x-api/icc-invoice-x-api.js +3 -1
- package/icc-x-api/icc-invoice-x-api.js.map +1 -1
- package/icc-x-api/icc-maintenance-task-x-api.d.ts +3 -0
- package/icc-x-api/icc-maintenance-task-x-api.js +3 -1
- package/icc-x-api/icc-maintenance-task-x-api.js.map +1 -1
- package/icc-x-api/icc-message-x-api.d.ts +3 -0
- package/icc-x-api/icc-message-x-api.js +3 -1
- package/icc-x-api/icc-message-x-api.js.map +1 -1
- package/icc-x-api/icc-patient-x-api.d.ts +3 -0
- package/icc-x-api/icc-patient-x-api.js +6 -2
- package/icc-x-api/icc-patient-x-api.js.map +1 -1
- package/icc-x-api/icc-receipt-x-api.d.ts +3 -0
- package/icc-x-api/icc-receipt-x-api.js +3 -1
- package/icc-x-api/icc-receipt-x-api.js.map +1 -1
- package/icc-x-api/icc-recovery-x-api.js +8 -1
- package/icc-x-api/icc-recovery-x-api.js.map +1 -1
- package/icc-x-api/icc-time-table-x-api.d.ts +3 -0
- package/icc-x-api/icc-time-table-x-api.js +3 -1
- package/icc-x-api/icc-time-table-x-api.js.map +1 -1
- package/icc-x-api/icc-topic-x-api.d.ts +3 -0
- package/icc-x-api/icc-topic-x-api.js +3 -1
- package/icc-x-api/icc-topic-x-api.js.map +1 -1
- package/icc-x-api/index.d.ts +16 -0
- package/icc-x-api/index.js +7 -1
- package/icc-x-api/index.js.map +1 -1
- package/icc-x-api/utils/websocket.d.ts +1 -0
- package/package.json +1 -1
- package/test/icc-x-api/autofix-anonymity-test.js +18 -4
- package/test/icc-x-api/autofix-anonymity-test.js.map +1 -1
- package/test/icc-x-api/crypto/exchange-data-manager-test.js +34 -32
- package/test/icc-x-api/crypto/exchange-data-manager-test.js.map +1 -1
- package/test/icc-x-api/crypto/secure-delegations-manager-test.js +2 -2
- package/test/icc-x-api/crypto/secure-delegations-manager-test.js.map +1 -1
- package/test/icc-x-api/icc-hcparty-x-api-test.js +2 -14
- package/test/icc-x-api/icc-hcparty-x-api-test.js.map +1 -1
- package/test/icc-x-api/keyless-api.d.ts +1 -0
- package/test/icc-x-api/keyless-api.js +125 -0
- package/test/icc-x-api/keyless-api.js.map +1 -0
- package/test/utils/FakeExchangeDataManager.d.ts +8 -0
- package/test/utils/FakeExchangeDataManager.js +3 -0
- package/test/utils/FakeExchangeDataManager.js.map +1 -1
- package/test/utils/KeylessCryptoStrategies.d.ts +23 -0
- package/test/utils/KeylessCryptoStrategies.js +26 -0
- package/test/utils/KeylessCryptoStrategies.js.map +1 -0
- package/test/utils/test_utils.d.ts +7 -0
- package/test/utils/test_utils.js +30 -1
- package/test/utils/test_utils.js.map +1 -1
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"DelegationsDeAnonymization.js","sourceRoot":"","sources":["../../../icc-x-api/crypto/DelegationsDeAnonymization.ts"],"names":[],"mappings":";;;;;;;;;;;;AACA,2EAAuE;AACvE,IAAO,eAAe,GAAG,mCAAgB,CAAC,eAAe,CAAA;AACzD,gGAA4F;AAE5F,qEAAiE;AACjE,wFAAoF;AACpF,IAAO,uBAAuB,GAAG,uCAAkB,CAAC,uBAAuB,CAAA;AAE3E,oCAAwE;AACxE,0GAAsG;AACtG,+CAA2C;AAC3C,2EAAiG;AACjG,yFAAiH;AAKjH,6CAA6C;AAC7C,MAAa,0BAA0B;IAIrC,YACmB,YAA8B,EAC9B,yBAAoD,EACpD,KAAwB,EACxB,gBAAkC,EAClC,wBAAkD,EACnE,IAAY,EACZ,OAAkC,EAClC,yBAAiD,IAAI,iDAAwB,EAAE,EAC/E,YAA2E,OAAO,MAAM,KAAK,WAAW;QACtG,CAAC,CAAC,MAAM,CAAC,KAAK;QACd,CAAC,CAAC,OAAO,IAAI,KAAK,WAAW;YAC7B,CAAC,CAAC,IAAI,CAAC,KAAK;YACZ,CAAC,CAAC,KAAK,EACQ,gCAAkE;QAblE,iBAAY,GAAZ,YAAY,CAAkB;QAC9B,8BAAyB,GAAzB,yBAAyB,CAA2B;QACpD,UAAK,GAAL,KAAK,CAAmB;QACxB,qBAAgB,GAAhB,gBAAgB,CAAkB;QAClC,6BAAwB,GAAxB,wBAAwB,CAA0B;QASlD,qCAAgC,GAAhC,gCAAgC,CAAkC;QAEnF,IAAI,CAAC,+BAA+B,GAAG,IAAA,4BAAoB,EAAC,CAAC,UAAU,EAAE,WAAW,CAAC,EAAE,wBAAwB,CAAC,CAAA;QAChH,IAAI,CAAC,mBAAmB,GAAG,IAAI,2DAA4B,CAAC,IAAI,EAAE,OAAO,EAAE,sBAAsB,EAAE,SAAS,CAAC,CAAA;IAC/G,CAAC;IAED;;;;OAIG;IACG,iCAAiC,CAAC,cAAuC,EAAE,mBAA6B;;YAC5G,MAAM,kBAAkB,GAAG,MAAM,CAAC,OAAO,CAAC,MAAM,IAAI,CAAC,yBAAyB,CAAC,0BAA0B,CAAC,cAAc,CAAC,CAAC,CAAC,OAAO,CAChI,CAAC,CAAC,YAAY,EAAE,UAAU,CAAC,EAAE,EAAE;;gBAC7B,MAAM,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC,MAAA,MAAA,cAAc,CAAC,MAAM,CAAC,gBAAgB,0CAAE,gBAAgB,mCAAI,EAAE,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,KAAK,EAAE,KAAK,CAAC,EAAE,EAAE;oBACxH,IAAI,KAAK,IAAI,YAAY,EAAE;wBACzB,OAAO,CAAC,KAAK,CAAC,CAAA;qBACf;yBAAM;wBACL,OAAO,EAAE,CAAA;qBACV;gBACH,CAAC,CAAC,CAAA;gBACF,OAAO,CAAC,CAAC,YAAY,EAAE,UAAU,CAAC,EAAE,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,KAAK,EAAE,UAAU,CAAC,CAAC,CAAyC,CAAA;YAC7H,CAAC,CACF,CAAA;YACD,MAAM,+BAA+B,GAAG,kBAAkB,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,EAAE,EAAE;gBACxF,kEAAkE;gBAClE,OAAO,CAAC,cAAc,CAAC,aAAa,CAAA;YACtC,CAAC,CAAC,CAAA;YACF,4IAA4I;YAC5I,MAAM,mCAAmC,GAAG,+BAA+B,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,EAAE,EAAE;gBACzG,+FAA+F;gBAC/F,OAAO,CAAC,CAAC,cAAc,CAAC,QAAQ,IAAI,CAAC,CAAC,cAAc,CAAC,SAAS,IAAI,CAAC,CAAC,cAAc,CAAC,mBAAmB,CAAA;YACxG,CAAC,CAAC,CAAA;YACF,MAAM,sBAAsB,GAAG,MAAM,IAAI,CAAC,mCAAmC,CAC3E,+BAA+B,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAChD,cAAc,CAAC,IAAI,CACpB,CAAA;YACD,KAAK,MAAM,aAAa,IAAI,sBAAsB,EAAE;gBAClD,MAAM,IAAI,CAAC,gCAAgC,CAAC,cAAc,CAAC,IAAI,EAAE,aAAa,EAAE,mBAAmB,CAAC,CAAA;aACrG;YACD,MAAM,0BAA0B,GAAG,IAAI,GAAG,CAAC,sBAAsB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAA;YAC9F,MAAM,mBAAmB,GAAG,mCAAmC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,0BAA0B,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAA;YACtH,KAAK,MAAM,CAAC,MAAM,EAAE,cAAc,CAAC,IAAI,mBAAmB,EAAE;gBAC1D,MAAM,IAAI,CAAC,4BAA4B,CAAC,cAAc,CAAC,IAAI,EAAE,MAAM,EAAE,cAAc,EAAE,mBAAmB,CAAC,CAAA;aAC1G;QACH,CAAC;KAAA;IAED;;;OAGG;IACG,yBAAyB,CAAC,cAAuC;;;YAIrE,OAAO,IAAI,CAAC,gBAAgB,CAAC;gBAC3B,MAAM,IAAI,CAAC,0CAA0C,CAAC,cAAc,CAAC;gBACrE;oBACE,wBAAwB,EAAE,MAAM,CAAC,WAAW,CAAC,MAAM,CAAC,IAAI,CAAC,MAAA,cAAc,CAAC,MAAM,CAAC,WAAW,mCAAI,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,eAAe,CAAC,KAAK,CAAC,CAAC,CAAC;oBACzI,6BAA6B,EAAE,KAAK;iBACrC;aACF,CAAC,CAAA;;KACH;IAEa,0CAA0C,CAAC,cAAuC;;YAI9F,MAAM,uBAAuB,GAAG,MAAM,IAAI,CAAC,yBAAyB,CAAC,0BAA0B,CAAC,cAAc,CAAC,CAAA;YAC/G,MAAM,kCAAkC,GAAG,MAAM,CAAC,OAAO,CAAC,uBAAuB,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,YAAY,EAAE,UAAU,CAAC,EAAE,EAAE;;gBACxH,IAAI,CAAC,UAAU,CAAC,QAAQ,IAAI,CAAC,UAAU,CAAC,SAAS,EAAE;oBACjD,MAAM,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC,MAAA,MAAA,cAAc,CAAC,MAAM,CAAC,gBAAgB,0CAAE,gBAAgB,mCAAI,EAAE,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,KAAK,EAAE,KAAK,CAAC,EAAE,EAAE;wBACxH,IAAI,KAAK,IAAI,YAAY,EAAE;4BACzB,OAAO,CAAC,KAAK,CAAC,CAAA;yBACf;6BAAM;4BACL,OAAO,EAAE,CAAA;yBACV;oBACH,CAAC,CAAC,CAAA;oBACF,OAAO,CAAC,EAAE,IAAI,EAAE,CAAC,YAAY,EAAE,GAAG,OAAO,CAAC,EAAE,UAAU,EAAE,CAAC,CAAA;iBAC1D;qBAAM;oBACL,OAAO,EAAE,CAAA;iBACV;YACH,CAAC,CAAC,CAAA;YACF,MAAM,sCAAsC,GAAG,MAAM,CAAC,WAAW,CAC/D,CACE,MAAM,IAAI,CAAC,mCAAmC,CAC5C,kCAAkC,CAAC,OAAO,CAAC,CAAC,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC,IAAI,CAAC,EAC9D,cAAc,CAAC,IAAI,CACpB,CACF,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,aAAa,EAAE,CAAC,CAAC,CAAC,CACnC,CAAA;YACD,MAAM,wBAAwB,GAA+C,EAAE,CAAA;YAC/E,IAAI,6BAA6B,GAAG,KAAK,CAAA;YACzC,SAAS,SAAS,CAAC,WAAmB,EAAE,KAAsB;gBAC5D,IAAI,wBAAwB,CAAC,WAAW,CAAC,KAAK,eAAe,CAAC,KAAK,EAAE;oBACnE,wBAAwB,CAAC,WAAW,CAAC,GAAG,KAAK,CAAA;iBAC9C;YACH,CAAC;YACD,KAAK,MAAM,UAAU,IAAI,MAAM,CAAC,MAAM,CAAC,uBAAuB,CAAC,EAAE;gBAC/D,IAAI,UAAU,CAAC,QAAQ;oBAAE,SAAS,CAAC,UAAU,CAAC,QAAQ,EAAE,UAAU,CAAC,WAAW,CAAC,CAAA;gBAC/E,IAAI,UAAU,CAAC,SAAS;oBAAE,SAAS,CAAC,UAAU,CAAC,SAAS,EAAE,UAAU,CAAC,WAAW,CAAC,CAAA;aAClF;YACD,KAAK,MAAM,EAAE,IAAI,EAAE,UAAU,EAAE,IAAI,kCAAkC,EAAE;gBACrE,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE;oBAC9B,MAAM,OAAO,GAAG,sCAAsC,CAAC,CAAC,CAAC,CAAA;oBACzD,OAAO,OAAO,IAAI,CAAC,CAAC,OAAO,CAAC,SAAS,IAAI,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAA;gBAC7D,CAAC,CAAC,CAAA;gBACF,IAAI,OAAO,EAAE;oBACX,MAAM,MAAM,GAAG,sCAAsC,CAAC,OAAO,CAAC,CAAA;oBAC9D,SAAS,CAAC,MAAM,CAAC,QAAS,EAAE,UAAU,CAAC,WAAW,CAAC,CAAA;oBACnD,SAAS,CAAC,MAAM,CAAC,SAAU,EAAE,UAAU,CAAC,WAAW,CAAC,CAAA;iBACrD;qBAAM;oBACL,6BAA6B,GAAG,IAAI,CAAA;iBACrC;aACF;YACD,OAAO,EAAE,wBAAwB,EAAE,6BAA6B,EAAE,CAAA;QACpE,CAAC;KAAA;IAEa,gBAAgB,CAC5B,MAGG;;YAKH,MAAM,sBAAsB,GAA+C,EAAE,CAAA;YAC7E,IAAI,6BAA6B,GAAG,KAAK,CAAA;YACzC,KAAK,MAAM,CAAC,IAAI,MAAM,EAAE;gBACtB,6BAA6B,GAAG,6BAA6B,IAAI,CAAC,CAAC,6BAA6B,CAAA;gBAChG,KAAK,MAAM,CAAC,WAAW,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,wBAAwB,CAAC,EAAE;oBAC7E,IAAI,sBAAsB,CAAC,WAAW,CAAC,KAAK,eAAe,CAAC,KAAK,EAAE;wBACjE,sBAAsB,CAAC,WAAW,CAAC,GAAG,KAAK,CAAA;qBAC5C;iBACF;aACF;YACD,OAAO;gBACL,wBAAwB,EAAE,sBAAsB;gBAChD,6BAA6B;aAC9B,CAAA;QACH,CAAC;KAAA;IAEa,mCAAmC,CAC/C,aAAuB,EACvB,UAAwC;;YAExC,IAAI,aAAa,CAAC,MAAM,EAAE;gBACxB,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,mBAAmB,CACtE,EAAE,GAAG,EAAE,aAAa,EAAE,EACtB,MAAM,IAAI,CAAC,gCAAgC,CAAC,2BAA2B,CAAC,UAAU,CAAC,CACpF,CAAA;gBACD,MAAM,GAAG,GAA6B,EAAE,CAAA;gBACxC,KAAK,MAAM,YAAY,IAAI,aAAa,EAAE;oBACxC,+BAA+B;oBAC/B,MAAM,gBAAgB,GAAG,CAAC,MAAM,IAAI,CAAC,KAAK,CAAC,kBAAkB,CAAC,CAAC,YAAY,CAAC,EAAE,UAAU,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,+CAAsB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAA;oBACnI,IAAI,gBAAgB,CAAC,SAAS,EAAE;wBAC9B,GAAG,CAAC,IAAI,CAAC,gBAAgB,CAAC,MAAM,CAAC,CAAA;qBAClC;iBACF;gBACD,OAAO,GAAG,CAAA;aACX;;gBAAM,OAAO,EAAE,CAAA;QAClB,CAAC;KAAA;IAED,gJAAgJ;IAChJ,iFAAiF;IACnE,gCAAgC,CAAC,UAAwC,EAAE,MAA8B,EAAE,SAAmB;;YAC1I,IAAI,CAAC,MAAM,CAAC,SAAS,IAAI,CAAC,MAAM,CAAC,QAAQ;gBAAE,MAAM,IAAI,KAAK,CAAC,+DAA+D,CAAC,CAAA;YAC3H,MAAM,0CAA0C,GAAG,MAAM,CAAC,MAAM,CAC9D,MAAM,IAAI,CAAC,yBAAyB,CAAC,0BAA0B,CAAC;gBAC9D,IAAI,EAAE,UAAU;gBAChB,MAAM,EAAE,MAAM;aACf,CAAC,CACH;iBACE,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAC,SAAS,CAAC,CAAC;iBACzC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAa,CAAA;YACjC,8GAA8G;YAC9G,MAAM,yBAAyB,GAAG,IAAI,GAAG,CAAC,CAAC,MAAM,CAAC,QAAQ,EAAE,MAAM,CAAC,SAAS,EAAE,GAAG,0CAA0C,CAAC,CAAC,CAAA;YAC7H,MAAM,sBAAsB,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,yBAAyB,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAA;YACzF,IAAI,sBAAsB,CAAC,MAAM,EAAE;gBACjC,CAAC;gBAAA,CACC,MAAM,IAAI,CAAC,KAAK,CAAC,0CAA0C,CACzD;oBACE,MAAM,EAAE,MAAM;oBACd,IAAI,EAAE,UAAU;iBACjB,EACD,MAAM,CAAC,WAAW,CAChB,sBAAsB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC;oBAChC,CAAC;oBACD;wBACE,cAAc,EAAE,EAAE;wBAClB,mBAAmB,EAAE,+CAAsB,CAAC,QAAQ;wBACpD,oBAAoB,EAAE,+CAAsB,CAAC,KAAK;wBAClD,oBAAoB,EAAE,uBAAuB,CAAC,SAAS;qBACxD;iBACF,CAAC,CACH,EACD,CAAO,OAAO,EAAE,EAAE;oBAChB,OAAA,IAAI,CAAC,mBAAmB,CAAC,+BAA+B,CACtD,OAAO,EACP,MAAM,IAAI,CAAC,gCAAgC,CAAC,2BAA2B,CAAC,UAAU,CAAC,CACpF,CAAA;kBAAA,CACJ,CACF,CAAC,oBAAoB,CAAA;aACvB;QACH,CAAC;KAAA;IAED,gJAAgJ;IAChJ,iFAAiF;IACnE,4BAA4B,CACxC,UAAwC,EACxC,aAAqB,EACrB,wBAAkD,EAClD,SAAmB;;YAEnB,IAAI,CAAC,wBAAwB,CAAC,QAAQ,IAAI,CAAC,wBAAwB,CAAC,SAAS,IAAI,CAAC,wBAAwB,CAAC,mBAAmB;gBAC5H,MAAM,IAAI,KAAK,CAAC,0GAA0G,CAAC,CAAA;YAC7H,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,qBAAqB,EAAE,CAAA;YAChE,2IAA2I;YAC3I,4IAA4I;YAC5I,MAAM,gBAAgB,GAAG,CAAC,wBAAwB,CAAC,QAAQ,EAAE,wBAAwB,CAAC,SAAS,EAAE,GAAG,SAAS,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,IAAI,QAAQ,CAAC,CAAA;YAC3I,MAAM,iBAAiB,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,sCAAsC,CAC/E;gBACE,EAAE,EAAE,IAAI,CAAC,gBAAgB,CAAC,UAAU,EAAE;gBACtC,QAAQ,EAAE,wBAAwB,CAAC,QAAQ;gBAC3C,SAAS,EAAE,wBAAwB,CAAC,SAAS;gBAC7C,aAAa,EAAE,aAAa;aAC7B,EACD,UAAU,EACV,SAAS,EACT,SAAS,EACT,IAAI,EACJ,MAAM,CAAC,WAAW,CAAC,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,CAC3E,CAAA;YACD,MAAM,eAAe,GAAG,CACtB,MAAM,IAAI,CAAC,KAAK,CAAC,kBAAkB,CACjC,CAAC,iBAAiB,CAAC,aAAa,CAAC,EACjC,UAAU,EACV,IAAI,CAAC,+BAA+B,EACpC,KAAK,EACL,IAAI,EACJ,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,+CAAsB,CAAC,CAAC,CAAC,CACrC,CACF,CAAC,CAAC,CAAC,CAAA;YACJ,MAAM,IAAI,CAAC,mBAAmB,CAAC,MAAM,CACnC,eAAe,EACf,IAAI,SAAG,CAAC,MAAM,CACZ,6DAA0B,EAC1B,MAAM,IAAI,CAAC,wBAAwB,CAAC,2BAA2B,CAAC,CAAC,wBAAwB,CAAC,mBAAmB,CAAC,EAAE,UAAU,CAAC,CAC5H,CACF,CAAA;QACH,CAAC;KAAA;CACF;AA9QD,gEA8QC","sourcesContent":["import { EncryptedEntityWithType, EntityWithDelegationTypeName } from '../utils/EntityWithDelegationTypeName'\nimport { SecureDelegation } from '../../icc-api/model/SecureDelegation'\nimport AccessLevelEnum = SecureDelegation.AccessLevelEnum\nimport { SecureDelegationKeyMap } from '../../icc-api/model/internal/SecureDelegationKeyMap'\nimport { ExtendedApisUtils } from './ExtendedApisUtils'\nimport { ShareMetadataBehaviour } from './ShareMetadataBehaviour'\nimport { EntityShareRequest } from '../../icc-api/model/requests/EntityShareRequest'\nimport RequestedPermissionEnum = EntityShareRequest.RequestedPermissionEnum\nimport { CryptoPrimitives } from './CryptoPrimitives'\nimport { EncryptedFieldsManifest, parseEncryptedFields } from '../utils'\nimport { IccSecureDelegationKeyMapApi } from '../../icc-api/api/internal/IccSecureDelegationKeyMapApi'\nimport { XHR } from '../../icc-api/api/XHR'\nimport { AuthenticationProvider, NoAuthenticationProvider } from '../auth/AuthenticationProvider'\nimport { ACCESS_CONTROL_KEYS_HEADER, AccessControlKeysHeadersProvider } from './AccessControlKeysHeadersProvider'\nimport { AccessControlSecretUtils } from './AccessControlSecretUtils'\nimport { IccDataOwnerXApi } from '../icc-data-owner-x-api'\nimport { DelegationMembersDetails, SecurityMetadataDecryptor } from './SecurityMetadataDecryptor'\n\n// TODO could be optimised using bulk methods\nexport class DelegationsDeAnonymization {\n private readonly delegationKeyMapFieldsToEncrypt: EncryptedFieldsManifest\n private readonly delegationKeyMapApi: IccSecureDelegationKeyMapApi\n\n constructor(\n private readonly dataOwnerApi: IccDataOwnerXApi,\n private readonly securityMetadataDecryptor: SecurityMetadataDecryptor,\n private readonly xapis: ExtendedApisUtils,\n private readonly cryptoPrimitives: CryptoPrimitives,\n private readonly accessControlSecretUtils: AccessControlSecretUtils,\n host: string,\n headers: { [key: string]: string },\n authenticationProvider: AuthenticationProvider = new NoAuthenticationProvider(),\n fetchImpl: (input: RequestInfo, init?: RequestInit) => Promise<Response> = typeof window !== 'undefined'\n ? window.fetch\n : typeof self !== 'undefined'\n ? self.fetch\n : fetch,\n private readonly accessControlKeysHeadersProvider: AccessControlKeysHeadersProvider\n ) {\n this.delegationKeyMapFieldsToEncrypt = parseEncryptedFields(['delegate', 'delegator'], 'SecureDelegationKeyMap')\n this.delegationKeyMapApi = new IccSecureDelegationKeyMapApi(host, headers, authenticationProvider, fetchImpl)\n }\n\n /**\n * Creates / updates information to allow the data owners in {@link shareWithDataOwners} to de-anonymize the delegations contained within\n * {@link entity}.\n * Note that the delegation de-anonymization information may be used also with other entities of the same type.\n */\n async createOrUpdateDeAnonymizationInfo(entityWithType: EncryptedEntityWithType, shareWithDataOwners: string[]) {\n const delegationsDetails = Object.entries(await this.securityMetadataDecryptor.getDelegationMemberDetails(entityWithType)).flatMap(\n ([canonicalKey, delegation]) => {\n const aliases = Object.entries(entityWithType.entity.securityMetadata?.keysEquivalences ?? {}).flatMap(([alias, canon]) => {\n if (canon == canonicalKey) {\n return [alias]\n } else {\n return []\n }\n })\n return [[canonicalKey, delegation], ...aliases.map((alias) => [alias, delegation])] as [string, DelegationMembersDetails][]\n }\n )\n const delegationsForDeanonInfoSharing = delegationsDetails.filter(([_, delegationInfo]) => {\n // Drop fully explicit ones: they don't need de-anonymization info\n return !delegationInfo.fullyExplicit\n })\n // A subset of delegations for which deanon info is relevant AND for which we can also create new info instead of sharing only existing one.\n const delegationsForNewDeanonInfoCreation = delegationsForDeanonInfoSharing.filter(([_, delegationInfo]) => {\n // Drop those for which we don't have the full information needed for the creation of new data.\n return !!delegationInfo.delegate && !!delegationInfo.delegator && !!delegationInfo.accessControlSecret\n })\n const existingDelegationsMap = await this.getDecryptedSecureDelegationKeyMaps(\n delegationsForDeanonInfoSharing.map((x) => x[0]),\n entityWithType.type\n )\n for (const delMapToShare of existingDelegationsMap) {\n await this.ensureDelegationKeyMapSharedWith(entityWithType.type, delMapToShare, shareWithDataOwners)\n }\n const existingDelegationsMapKeys = new Set(existingDelegationsMap.map((x) => x.delegationKey))\n const delegationsToCreate = delegationsForNewDeanonInfoCreation.filter(([k, _]) => !existingDelegationsMapKeys.has(k))\n for (const [delKey, membersDetails] of delegationsToCreate) {\n await this.createSecureDelegationKeyMap(entityWithType.type, delKey, membersDetails, shareWithDataOwners)\n }\n }\n\n /**\n * Get the data owners which can access the entity. See {@link EncryptedEntityXApi.getDataOwnersWithAccessTo} for more details.\n * @param entityWithType an entity.\n */\n async getDataOwnersWithAccessTo(entityWithType: EncryptedEntityWithType): Promise<{\n permissionsByDataOwnerId: { [dataOwnerId: string]: AccessLevelEnum }\n hasUnknownAnonymousDataOwners: boolean\n }> {\n return this.mergePermissions([\n await this.getDataOwnersWithAccessToSecureDelegations(entityWithType),\n {\n permissionsByDataOwnerId: Object.fromEntries(Object.keys(entityWithType.entity.delegations ?? {}).map((k) => [k, AccessLevelEnum.WRITE])),\n hasUnknownAnonymousDataOwners: false,\n },\n ])\n }\n\n private async getDataOwnersWithAccessToSecureDelegations(entityWithType: EncryptedEntityWithType): Promise<{\n permissionsByDataOwnerId: { [dataOwnerId: string]: AccessLevelEnum }\n hasUnknownAnonymousDataOwners: boolean\n }> {\n const secureDelegationDetails = await this.securityMetadataDecryptor.getDelegationMemberDetails(entityWithType)\n const secureDelegationWithUnknownMembers = Object.entries(secureDelegationDetails).flatMap(([canonicalKey, delegation]) => {\n if (!delegation.delegate || !delegation.delegator) {\n const aliases = Object.entries(entityWithType.entity.securityMetadata?.keysEquivalences ?? {}).flatMap(([alias, canon]) => {\n if (canon == canonicalKey) {\n return [alias]\n } else {\n return []\n }\n })\n return [{ keys: [canonicalKey, ...aliases], delegation }]\n } else {\n return []\n }\n })\n const secureDelegationKeyMapsByDelegationKey = Object.fromEntries(\n (\n await this.getDecryptedSecureDelegationKeyMaps(\n secureDelegationWithUnknownMembers.flatMap(({ keys }) => keys),\n entityWithType.type\n )\n ).map((x) => [x.delegationKey, x])\n )\n const permissionsByDataOwnerId: { [dataOwnerId: string]: AccessLevelEnum } = {}\n let hasUnknownAnonymousDataOwners = false\n function addAccess(dataOwnerId: string, level: AccessLevelEnum) {\n if (permissionsByDataOwnerId[dataOwnerId] !== AccessLevelEnum.WRITE) {\n permissionsByDataOwnerId[dataOwnerId] = level\n }\n }\n for (const delegation of Object.values(secureDelegationDetails)) {\n if (delegation.delegate) addAccess(delegation.delegate, delegation.accessLevel)\n if (delegation.delegator) addAccess(delegation.delegator, delegation.accessLevel)\n }\n for (const { keys, delegation } of secureDelegationWithUnknownMembers) {\n const bestKey = keys.find((k) => {\n const currMap = secureDelegationKeyMapsByDelegationKey[k]\n return currMap && !!currMap.delegator && !!currMap.delegate\n })\n if (bestKey) {\n const keyMap = secureDelegationKeyMapsByDelegationKey[bestKey]\n addAccess(keyMap.delegate!, delegation.accessLevel)\n addAccess(keyMap.delegator!, delegation.accessLevel)\n } else {\n hasUnknownAnonymousDataOwners = true\n }\n }\n return { permissionsByDataOwnerId, hasUnknownAnonymousDataOwners }\n }\n\n private async mergePermissions(\n values: {\n permissionsByDataOwnerId: { [dataOwnerId: string]: AccessLevelEnum }\n hasUnknownAnonymousDataOwners: boolean\n }[]\n ): Promise<{\n permissionsByDataOwnerId: { [dataOwnerId: string]: AccessLevelEnum }\n hasUnknownAnonymousDataOwners: boolean\n }> {\n const accumulatedPermissions: { [dataOwnerId: string]: AccessLevelEnum } = {}\n let hasUnknownAnonymousDataOwners = false\n for (const v of values) {\n hasUnknownAnonymousDataOwners = hasUnknownAnonymousDataOwners || v.hasUnknownAnonymousDataOwners\n for (const [dataOwnerId, level] of Object.entries(v.permissionsByDataOwnerId)) {\n if (accumulatedPermissions[dataOwnerId] !== AccessLevelEnum.WRITE) {\n accumulatedPermissions[dataOwnerId] = level\n }\n }\n }\n return {\n permissionsByDataOwnerId: accumulatedPermissions,\n hasUnknownAnonymousDataOwners,\n }\n }\n\n private async getDecryptedSecureDelegationKeyMaps(\n delegationIds: string[],\n entityType: EntityWithDelegationTypeName\n ): Promise<SecureDelegationKeyMap[]> {\n if (delegationIds.length) {\n const encryptedMaps = await this.delegationKeyMapApi.getByDelegationKeys(\n { ids: delegationIds },\n await this.accessControlKeysHeadersProvider.getAccessControlKeysHeaders(entityType)\n )\n const res: SecureDelegationKeyMap[] = []\n for (const encryptedMap of encryptedMaps) {\n // Use the original entity type\n const decryptionResult = (await this.xapis.tryDecryptEntities([encryptedMap], entityType, (x) => new SecureDelegationKeyMap(x)))[0]\n if (decryptionResult.decrypted) {\n res.push(decryptionResult.entity)\n }\n }\n return res\n } else return []\n }\n\n // Important: to avoid potentially leaking links between entities of different types the key map calculates the secure delegation keys using the\n // same entity type as the delegation key for which they are mapping information.\n private async ensureDelegationKeyMapSharedWith(entityType: EntityWithDelegationTypeName, keyMap: SecureDelegationKeyMap, delegates: string[]) {\n if (!keyMap.delegator || !keyMap.delegate) throw new Error('Illegal state: key map is missing delegator or delegate info.')\n const dataOwnersWithAccessToMapThroughDelegation = Object.values(\n await this.securityMetadataDecryptor.getDelegationMemberDetails({\n type: entityType,\n entity: keyMap,\n })\n )\n .flatMap((x) => [x.delegate, x.delegator])\n .filter((x) => !!x) as string[]\n // Delegator and delegate got access to the entity when it was first created: no need to share with them ever.\n const dataOwnersWithAccessToMap = new Set([keyMap.delegate, keyMap.delegator, ...dataOwnersWithAccessToMapThroughDelegation])\n const dataOwnersNeedingShare = delegates.filter((x) => !dataOwnersWithAccessToMap.has(x))\n if (dataOwnersNeedingShare.length) {\n ;(\n await this.xapis.simpleShareOrUpdateEncryptedEntityMetadata(\n {\n entity: keyMap,\n type: entityType,\n },\n Object.fromEntries(\n dataOwnersNeedingShare.map((x) => [\n x,\n {\n shareSecretIds: [],\n shareEncryptionKeys: ShareMetadataBehaviour.REQUIRED,\n shareOwningEntityIds: ShareMetadataBehaviour.NEVER,\n requestedPermissions: RequestedPermissionEnum.FULL_READ,\n },\n ])\n ),\n async (request) =>\n this.delegationKeyMapApi.bulkShareSecureDelegationKeyMap(\n request,\n await this.accessControlKeysHeadersProvider.getAccessControlKeysHeaders(entityType)\n )\n )\n ).updatedEntityOrThrow\n }\n }\n\n // Important: to avoid potentially leaking links between entities of different types the key map calculates the secure delegation keys using the\n // same entity type as the delegation key for which they are mapping information.\n private async createSecureDelegationKeyMap(\n entityType: EntityWithDelegationTypeName,\n delegationKey: string,\n delegationMembersDetails: DelegationMembersDetails,\n delegates: string[]\n ) {\n if (!delegationMembersDetails.delegate || !delegationMembersDetails.delegator || !delegationMembersDetails.accessControlSecret)\n throw new Error('Illegal state: delegation members details are missing delegate, delegator or access control secret info.')\n const selfDoId = await this.dataOwnerApi.getCurrentDataOwnerId()\n // Ensure that both the delegator and delegate of the delegation this map refers tho can share it later on, even if they did not create it.\n // Usually either the delegator or delegate are the current data owner, but sometimes also the child of the delegator or delegate can do it.\n const initialDelegates = [delegationMembersDetails.delegate, delegationMembersDetails.delegator, ...delegates].filter((x) => x != selfDoId)\n const initalisedMapInfo = await this.xapis.entityWithInitialisedEncryptedMetadata<SecureDelegationKeyMap>(\n {\n id: this.cryptoPrimitives.randomUuid(),\n delegate: delegationMembersDetails.delegate,\n delegator: delegationMembersDetails.delegator,\n delegationKey: delegationKey,\n },\n entityType,\n undefined,\n undefined,\n true,\n Object.fromEntries(initialDelegates.map((x) => [x, AccessLevelEnum.READ]))\n )\n const encryptedKeyMap = (\n await this.xapis.tryEncryptEntities(\n [initalisedMapInfo.updatedEntity],\n entityType,\n this.delegationKeyMapFieldsToEncrypt,\n false,\n true,\n (x) => new SecureDelegationKeyMap(x)\n )\n )[0]\n await this.delegationKeyMapApi.create(\n encryptedKeyMap,\n new XHR.Header(\n ACCESS_CONTROL_KEYS_HEADER,\n await this.accessControlSecretUtils.getEncodedAccessControlKeys([delegationMembersDetails.accessControlSecret], entityType)\n )\n )\n }\n}\n"]}
|
|
1
|
+
{"version":3,"file":"DelegationsDeAnonymization.js","sourceRoot":"","sources":["../../../icc-x-api/crypto/DelegationsDeAnonymization.ts"],"names":[],"mappings":";;;;;;;;;;;;AACA,2EAAuE;AACvE,IAAO,eAAe,GAAG,mCAAgB,CAAC,eAAe,CAAA;AACzD,gGAA4F;AAE5F,qEAAiE;AACjE,wFAAoF;AACpF,IAAO,uBAAuB,GAAG,uCAAkB,CAAC,uBAAuB,CAAA;AAE3E,oCAAwE;AACxE,0GAAsG;AACtG,+CAA2C;AAC3C,2EAAiG;AACjG,yFAAiH;AAKjH,6CAA6C;AAC7C,MAAa,0BAA0B;IAIrC,YACmB,YAA8B,EAC9B,yBAAoD,EACpD,KAAwB,EACxB,gBAAkC,EAClC,wBAAkD,EACnE,IAAY,EACZ,OAAkC,EAClC,yBAAiD,IAAI,iDAAwB,EAAE,EAC/E,YAA2E,OAAO,MAAM,KAAK,WAAW;QACtG,CAAC,CAAC,MAAM,CAAC,KAAK;QACd,CAAC,CAAC,OAAO,IAAI,KAAK,WAAW;YAC7B,CAAC,CAAC,IAAI,CAAC,KAAK;YACZ,CAAC,CAAC,KAAK,EACQ,gCAAkE;QAblE,iBAAY,GAAZ,YAAY,CAAkB;QAC9B,8BAAyB,GAAzB,yBAAyB,CAA2B;QACpD,UAAK,GAAL,KAAK,CAAmB;QACxB,qBAAgB,GAAhB,gBAAgB,CAAkB;QAClC,6BAAwB,GAAxB,wBAAwB,CAA0B;QASlD,qCAAgC,GAAhC,gCAAgC,CAAkC;QAEnF,IAAI,CAAC,+BAA+B,GAAG,IAAA,4BAAoB,EAAC,CAAC,UAAU,EAAE,WAAW,CAAC,EAAE,wBAAwB,CAAC,CAAA;QAChH,IAAI,CAAC,mBAAmB,GAAG,IAAI,2DAA4B,CAAC,IAAI,EAAE,OAAO,EAAE,sBAAsB,EAAE,SAAS,CAAC,CAAA;IAC/G,CAAC;IAED;;;;OAIG;IACG,iCAAiC,CAAC,cAAuC,EAAE,mBAA6B;;YAC5G,MAAM,kBAAkB,GAAG,MAAM,CAAC,OAAO,CAAC,MAAM,IAAI,CAAC,yBAAyB,CAAC,0BAA0B,CAAC,cAAc,CAAC,CAAC,CAAC,OAAO,CAChI,CAAC,CAAC,YAAY,EAAE,UAAU,CAAC,EAAE,EAAE;;gBAC7B,MAAM,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC,MAAA,MAAA,cAAc,CAAC,MAAM,CAAC,gBAAgB,0CAAE,gBAAgB,mCAAI,EAAE,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,KAAK,EAAE,KAAK,CAAC,EAAE,EAAE;oBACxH,IAAI,KAAK,IAAI,YAAY,EAAE;wBACzB,OAAO,CAAC,KAAK,CAAC,CAAA;qBACf;yBAAM;wBACL,OAAO,EAAE,CAAA;qBACV;gBACH,CAAC,CAAC,CAAA;gBACF,OAAO,CAAC,CAAC,YAAY,EAAE,UAAU,CAAC,EAAE,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,KAAK,EAAE,UAAU,CAAC,CAAC,CAAyC,CAAA;YAC7H,CAAC,CACF,CAAA;YACD,MAAM,+BAA+B,GAAG,kBAAkB,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,EAAE,EAAE;gBACxF,kEAAkE;gBAClE,OAAO,CAAC,cAAc,CAAC,aAAa,CAAA;YACtC,CAAC,CAAC,CAAA;YACF,4IAA4I;YAC5I,MAAM,mCAAmC,GAAG,+BAA+B,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,EAAE,EAAE;gBACzG,+FAA+F;gBAC/F,OAAO,CAAC,CAAC,cAAc,CAAC,QAAQ,IAAI,CAAC,CAAC,cAAc,CAAC,SAAS,IAAI,CAAC,CAAC,cAAc,CAAC,mBAAmB,CAAA;YACxG,CAAC,CAAC,CAAA;YACF,MAAM,sBAAsB,GAAG,MAAM,IAAI,CAAC,mCAAmC,CAC3E,+BAA+B,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAChD,cAAc,CAAC,IAAI,CACpB,CAAA;YACD,KAAK,MAAM,aAAa,IAAI,sBAAsB,EAAE;gBAClD,MAAM,IAAI,CAAC,gCAAgC,CAAC,cAAc,CAAC,IAAI,EAAE,aAAa,EAAE,mBAAmB,CAAC,CAAA;aACrG;YACD,MAAM,0BAA0B,GAAG,IAAI,GAAG,CAAC,sBAAsB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAA;YAC9F,MAAM,mBAAmB,GAAG,mCAAmC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,0BAA0B,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAA;YACtH,KAAK,MAAM,CAAC,MAAM,EAAE,cAAc,CAAC,IAAI,mBAAmB,EAAE;gBAC1D,MAAM,IAAI,CAAC,4BAA4B,CAAC,cAAc,CAAC,IAAI,EAAE,MAAM,EAAE,cAAc,EAAE,mBAAmB,CAAC,CAAA;aAC1G;QACH,CAAC;KAAA;IAED;;;OAGG;IACG,yBAAyB,CAAC,cAAuC;;;YAIrE,OAAO,IAAI,CAAC,gBAAgB,CAAC;gBAC3B,MAAM,IAAI,CAAC,0CAA0C,CAAC,cAAc,CAAC;gBACrE;oBACE,wBAAwB,EAAE,MAAM,CAAC,WAAW,CAAC,MAAM,CAAC,IAAI,CAAC,MAAA,cAAc,CAAC,MAAM,CAAC,WAAW,mCAAI,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,eAAe,CAAC,KAAK,CAAC,CAAC,CAAC;oBACzI,6BAA6B,EAAE,KAAK;iBACrC;aACF,CAAC,CAAA;;KACH;IAEa,0CAA0C,CAAC,cAAuC;;YAI9F,MAAM,uBAAuB,GAAG,MAAM,IAAI,CAAC,yBAAyB,CAAC,0BAA0B,CAAC,cAAc,CAAC,CAAA;YAC/G,MAAM,kCAAkC,GAAG,MAAM,CAAC,OAAO,CAAC,uBAAuB,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,YAAY,EAAE,UAAU,CAAC,EAAE,EAAE;;gBACxH,IAAI,CAAC,UAAU,CAAC,QAAQ,IAAI,CAAC,UAAU,CAAC,SAAS,EAAE;oBACjD,MAAM,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC,MAAA,MAAA,cAAc,CAAC,MAAM,CAAC,gBAAgB,0CAAE,gBAAgB,mCAAI,EAAE,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,KAAK,EAAE,KAAK,CAAC,EAAE,EAAE;wBACxH,IAAI,KAAK,IAAI,YAAY,EAAE;4BACzB,OAAO,CAAC,KAAK,CAAC,CAAA;yBACf;6BAAM;4BACL,OAAO,EAAE,CAAA;yBACV;oBACH,CAAC,CAAC,CAAA;oBACF,OAAO,CAAC,EAAE,IAAI,EAAE,CAAC,YAAY,EAAE,GAAG,OAAO,CAAC,EAAE,UAAU,EAAE,CAAC,CAAA;iBAC1D;qBAAM;oBACL,OAAO,EAAE,CAAA;iBACV;YACH,CAAC,CAAC,CAAA;YACF,MAAM,sCAAsC,GAAG,MAAM,CAAC,WAAW,CAC/D,CACE,MAAM,IAAI,CAAC,mCAAmC,CAC5C,kCAAkC,CAAC,OAAO,CAAC,CAAC,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC,IAAI,CAAC,EAC9D,cAAc,CAAC,IAAI,CACpB,CACF,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,aAAa,EAAE,CAAC,CAAC,CAAC,CACnC,CAAA;YACD,MAAM,wBAAwB,GAA+C,EAAE,CAAA;YAC/E,IAAI,6BAA6B,GAAG,KAAK,CAAA;YACzC,SAAS,SAAS,CAAC,WAAmB,EAAE,KAAsB;gBAC5D,IAAI,wBAAwB,CAAC,WAAW,CAAC,KAAK,eAAe,CAAC,KAAK,EAAE;oBACnE,wBAAwB,CAAC,WAAW,CAAC,GAAG,KAAK,CAAA;iBAC9C;YACH,CAAC;YACD,KAAK,MAAM,UAAU,IAAI,MAAM,CAAC,MAAM,CAAC,uBAAuB,CAAC,EAAE;gBAC/D,IAAI,UAAU,CAAC,QAAQ;oBAAE,SAAS,CAAC,UAAU,CAAC,QAAQ,EAAE,UAAU,CAAC,WAAW,CAAC,CAAA;gBAC/E,IAAI,UAAU,CAAC,SAAS;oBAAE,SAAS,CAAC,UAAU,CAAC,SAAS,EAAE,UAAU,CAAC,WAAW,CAAC,CAAA;aAClF;YACD,KAAK,MAAM,EAAE,IAAI,EAAE,UAAU,EAAE,IAAI,kCAAkC,EAAE;gBACrE,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE;oBAC9B,MAAM,OAAO,GAAG,sCAAsC,CAAC,CAAC,CAAC,CAAA;oBACzD,OAAO,OAAO,IAAI,CAAC,CAAC,OAAO,CAAC,SAAS,IAAI,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAA;gBAC7D,CAAC,CAAC,CAAA;gBACF,IAAI,OAAO,EAAE;oBACX,MAAM,MAAM,GAAG,sCAAsC,CAAC,OAAO,CAAC,CAAA;oBAC9D,SAAS,CAAC,MAAM,CAAC,QAAS,EAAE,UAAU,CAAC,WAAW,CAAC,CAAA;oBACnD,SAAS,CAAC,MAAM,CAAC,SAAU,EAAE,UAAU,CAAC,WAAW,CAAC,CAAA;iBACrD;qBAAM;oBACL,6BAA6B,GAAG,IAAI,CAAA;iBACrC;aACF;YACD,OAAO,EAAE,wBAAwB,EAAE,6BAA6B,EAAE,CAAA;QACpE,CAAC;KAAA;IAEa,gBAAgB,CAC5B,MAGG;;YAKH,MAAM,sBAAsB,GAA+C,EAAE,CAAA;YAC7E,IAAI,6BAA6B,GAAG,KAAK,CAAA;YACzC,KAAK,MAAM,CAAC,IAAI,MAAM,EAAE;gBACtB,6BAA6B,GAAG,6BAA6B,IAAI,CAAC,CAAC,6BAA6B,CAAA;gBAChG,KAAK,MAAM,CAAC,WAAW,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,wBAAwB,CAAC,EAAE;oBAC7E,IAAI,sBAAsB,CAAC,WAAW,CAAC,KAAK,eAAe,CAAC,KAAK,EAAE;wBACjE,sBAAsB,CAAC,WAAW,CAAC,GAAG,KAAK,CAAA;qBAC5C;iBACF;aACF;YACD,OAAO;gBACL,wBAAwB,EAAE,sBAAsB;gBAChD,6BAA6B;aAC9B,CAAA;QACH,CAAC;KAAA;IAEa,mCAAmC,CAC/C,aAAuB,EACvB,UAAwC;;YAExC,IAAI,aAAa,CAAC,MAAM,EAAE;gBACxB,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,mBAAmB,CACtE,EAAE,GAAG,EAAE,aAAa,EAAE,EACtB,MAAM,IAAI,CAAC,gCAAgC,CAAC,2BAA2B,CAAC,UAAU,CAAC,CACpF,CAAA;gBACD,MAAM,GAAG,GAA6B,EAAE,CAAA;gBACxC,KAAK,MAAM,YAAY,IAAI,aAAa,EAAE;oBACxC,+BAA+B;oBAC/B,MAAM,gBAAgB,GAAG,CAAC,MAAM,IAAI,CAAC,KAAK,CAAC,kBAAkB,CAAC,CAAC,YAAY,CAAC,EAAE,UAAU,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,+CAAsB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAA;oBACnI,IAAI,gBAAgB,CAAC,SAAS,EAAE;wBAC9B,GAAG,CAAC,IAAI,CAAC,gBAAgB,CAAC,MAAM,CAAC,CAAA;qBAClC;iBACF;gBACD,OAAO,GAAG,CAAA;aACX;;gBAAM,OAAO,EAAE,CAAA;QAClB,CAAC;KAAA;IAED,gJAAgJ;IAChJ,iFAAiF;IACnE,gCAAgC,CAAC,UAAwC,EAAE,MAA8B,EAAE,SAAmB;;YAC1I,IAAI,CAAC,MAAM,CAAC,SAAS,IAAI,CAAC,MAAM,CAAC,QAAQ;gBAAE,MAAM,IAAI,KAAK,CAAC,+DAA+D,CAAC,CAAA;YAC3H,MAAM,0CAA0C,GAAG,MAAM,CAAC,MAAM,CAC9D,MAAM,IAAI,CAAC,yBAAyB,CAAC,0BAA0B,CAAC;gBAC9D,IAAI,EAAE,UAAU;gBAChB,MAAM,EAAE,MAAM;aACf,CAAC,CACH;iBACE,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAC,SAAS,CAAC,CAAC;iBACzC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAa,CAAA;YACjC,8GAA8G;YAC9G,MAAM,yBAAyB,GAAG,IAAI,GAAG,CAAC,CAAC,MAAM,CAAC,QAAQ,EAAE,MAAM,CAAC,SAAS,EAAE,GAAG,0CAA0C,CAAC,CAAC,CAAA;YAC7H,MAAM,sBAAsB,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,yBAAyB,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAA;YACzF,IAAI,sBAAsB,CAAC,MAAM,EAAE;gBACjC,CAAC;gBAAA,CACC,MAAM,IAAI,CAAC,KAAK,CAAC,0CAA0C,CACzD;oBACE,MAAM,EAAE,MAAM;oBACd,IAAI,EAAE,UAAU;iBACjB,EACD,MAAM,CAAC,WAAW,CAChB,sBAAsB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC;oBAChC,CAAC;oBACD;wBACE,cAAc,EAAE,EAAE;wBAClB,mBAAmB,EAAE,+CAAsB,CAAC,QAAQ;wBACpD,oBAAoB,EAAE,+CAAsB,CAAC,KAAK;wBAClD,oBAAoB,EAAE,uBAAuB,CAAC,SAAS;qBACxD;iBACF,CAAC,CACH,EACD,CAAO,OAAO,EAAE,EAAE;oBAChB,OAAA,IAAI,CAAC,mBAAmB,CAAC,+BAA+B,CACtD,OAAO,EACP,MAAM,IAAI,CAAC,gCAAgC,CAAC,2BAA2B,CAAC,UAAU,CAAC,CACpF,CAAA;kBAAA,CACJ,CACF,CAAC,oBAAoB,CAAA;aACvB;QACH,CAAC;KAAA;IAED,gJAAgJ;IAChJ,iFAAiF;IACnE,4BAA4B,CACxC,UAAwC,EACxC,aAAqB,EACrB,wBAAkD,EAClD,SAAmB;;YAEnB,IAAI,CAAC,wBAAwB,CAAC,QAAQ,IAAI,CAAC,wBAAwB,CAAC,SAAS,IAAI,CAAC,wBAAwB,CAAC,mBAAmB;gBAC5H,MAAM,IAAI,KAAK,CAAC,0GAA0G,CAAC,CAAA;YAC7H,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,qBAAqB,EAAE,CAAA;YAChE,2IAA2I;YAC3I,4IAA4I;YAC5I,MAAM,gBAAgB,GAAG,CAAC,wBAAwB,CAAC,QAAQ,EAAE,wBAAwB,CAAC,SAAS,EAAE,GAAG,SAAS,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,IAAI,QAAQ,CAAC,CAAA;YAC3I,MAAM,iBAAiB,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,sCAAsC,CAC/E;gBACE,EAAE,EAAE,IAAI,CAAC,gBAAgB,CAAC,UAAU,EAAE;gBACtC,QAAQ,EAAE,wBAAwB,CAAC,QAAQ;gBAC3C,SAAS,EAAE,wBAAwB,CAAC,SAAS;gBAC7C,aAAa,EAAE,aAAa;aAC7B,EACD,UAAU,EACV,SAAS,EACT,SAAS,EACT,IAAI,EACJ,MAAM,CAAC,WAAW,CAAC,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAC1E,SAAS,CACV,CAAA;YACD,MAAM,eAAe,GAAG,CACtB,MAAM,IAAI,CAAC,KAAK,CAAC,kBAAkB,CACjC,CAAC,iBAAiB,CAAC,aAAa,CAAC,EACjC,UAAU,EACV,IAAI,CAAC,+BAA+B,EACpC,KAAK,EACL,IAAI,EACJ,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,+CAAsB,CAAC,CAAC,CAAC,CACrC,CACF,CAAC,CAAC,CAAC,CAAA;YACJ,MAAM,IAAI,CAAC,mBAAmB,CAAC,MAAM,CACnC,eAAe,EACf,IAAI,SAAG,CAAC,MAAM,CACZ,6DAA0B,EAC1B,MAAM,IAAI,CAAC,wBAAwB,CAAC,2BAA2B,CAAC,CAAC,wBAAwB,CAAC,mBAAmB,CAAC,EAAE,UAAU,CAAC,CAC5H,CACF,CAAA;QACH,CAAC;KAAA;CACF;AA/QD,gEA+QC","sourcesContent":["import { EncryptedEntityWithType, EntityWithDelegationTypeName } from '../utils/EntityWithDelegationTypeName'\nimport { SecureDelegation } from '../../icc-api/model/SecureDelegation'\nimport AccessLevelEnum = SecureDelegation.AccessLevelEnum\nimport { SecureDelegationKeyMap } from '../../icc-api/model/internal/SecureDelegationKeyMap'\nimport { ExtendedApisUtils } from './ExtendedApisUtils'\nimport { ShareMetadataBehaviour } from './ShareMetadataBehaviour'\nimport { EntityShareRequest } from '../../icc-api/model/requests/EntityShareRequest'\nimport RequestedPermissionEnum = EntityShareRequest.RequestedPermissionEnum\nimport { CryptoPrimitives } from './CryptoPrimitives'\nimport { EncryptedFieldsManifest, parseEncryptedFields } from '../utils'\nimport { IccSecureDelegationKeyMapApi } from '../../icc-api/api/internal/IccSecureDelegationKeyMapApi'\nimport { XHR } from '../../icc-api/api/XHR'\nimport { AuthenticationProvider, NoAuthenticationProvider } from '../auth/AuthenticationProvider'\nimport { ACCESS_CONTROL_KEYS_HEADER, AccessControlKeysHeadersProvider } from './AccessControlKeysHeadersProvider'\nimport { AccessControlSecretUtils } from './AccessControlSecretUtils'\nimport { IccDataOwnerXApi } from '../icc-data-owner-x-api'\nimport { DelegationMembersDetails, SecurityMetadataDecryptor } from './SecurityMetadataDecryptor'\n\n// TODO could be optimised using bulk methods\nexport class DelegationsDeAnonymization {\n private readonly delegationKeyMapFieldsToEncrypt: EncryptedFieldsManifest\n private readonly delegationKeyMapApi: IccSecureDelegationKeyMapApi\n\n constructor(\n private readonly dataOwnerApi: IccDataOwnerXApi,\n private readonly securityMetadataDecryptor: SecurityMetadataDecryptor,\n private readonly xapis: ExtendedApisUtils,\n private readonly cryptoPrimitives: CryptoPrimitives,\n private readonly accessControlSecretUtils: AccessControlSecretUtils,\n host: string,\n headers: { [key: string]: string },\n authenticationProvider: AuthenticationProvider = new NoAuthenticationProvider(),\n fetchImpl: (input: RequestInfo, init?: RequestInit) => Promise<Response> = typeof window !== 'undefined'\n ? window.fetch\n : typeof self !== 'undefined'\n ? self.fetch\n : fetch,\n private readonly accessControlKeysHeadersProvider: AccessControlKeysHeadersProvider\n ) {\n this.delegationKeyMapFieldsToEncrypt = parseEncryptedFields(['delegate', 'delegator'], 'SecureDelegationKeyMap')\n this.delegationKeyMapApi = new IccSecureDelegationKeyMapApi(host, headers, authenticationProvider, fetchImpl)\n }\n\n /**\n * Creates / updates information to allow the data owners in {@link shareWithDataOwners} to de-anonymize the delegations contained within\n * {@link entity}.\n * Note that the delegation de-anonymization information may be used also with other entities of the same type.\n */\n async createOrUpdateDeAnonymizationInfo(entityWithType: EncryptedEntityWithType, shareWithDataOwners: string[]) {\n const delegationsDetails = Object.entries(await this.securityMetadataDecryptor.getDelegationMemberDetails(entityWithType)).flatMap(\n ([canonicalKey, delegation]) => {\n const aliases = Object.entries(entityWithType.entity.securityMetadata?.keysEquivalences ?? {}).flatMap(([alias, canon]) => {\n if (canon == canonicalKey) {\n return [alias]\n } else {\n return []\n }\n })\n return [[canonicalKey, delegation], ...aliases.map((alias) => [alias, delegation])] as [string, DelegationMembersDetails][]\n }\n )\n const delegationsForDeanonInfoSharing = delegationsDetails.filter(([_, delegationInfo]) => {\n // Drop fully explicit ones: they don't need de-anonymization info\n return !delegationInfo.fullyExplicit\n })\n // A subset of delegations for which deanon info is relevant AND for which we can also create new info instead of sharing only existing one.\n const delegationsForNewDeanonInfoCreation = delegationsForDeanonInfoSharing.filter(([_, delegationInfo]) => {\n // Drop those for which we don't have the full information needed for the creation of new data.\n return !!delegationInfo.delegate && !!delegationInfo.delegator && !!delegationInfo.accessControlSecret\n })\n const existingDelegationsMap = await this.getDecryptedSecureDelegationKeyMaps(\n delegationsForDeanonInfoSharing.map((x) => x[0]),\n entityWithType.type\n )\n for (const delMapToShare of existingDelegationsMap) {\n await this.ensureDelegationKeyMapSharedWith(entityWithType.type, delMapToShare, shareWithDataOwners)\n }\n const existingDelegationsMapKeys = new Set(existingDelegationsMap.map((x) => x.delegationKey))\n const delegationsToCreate = delegationsForNewDeanonInfoCreation.filter(([k, _]) => !existingDelegationsMapKeys.has(k))\n for (const [delKey, membersDetails] of delegationsToCreate) {\n await this.createSecureDelegationKeyMap(entityWithType.type, delKey, membersDetails, shareWithDataOwners)\n }\n }\n\n /**\n * Get the data owners which can access the entity. See {@link EncryptedEntityXApi.getDataOwnersWithAccessTo} for more details.\n * @param entityWithType an entity.\n */\n async getDataOwnersWithAccessTo(entityWithType: EncryptedEntityWithType): Promise<{\n permissionsByDataOwnerId: { [dataOwnerId: string]: AccessLevelEnum }\n hasUnknownAnonymousDataOwners: boolean\n }> {\n return this.mergePermissions([\n await this.getDataOwnersWithAccessToSecureDelegations(entityWithType),\n {\n permissionsByDataOwnerId: Object.fromEntries(Object.keys(entityWithType.entity.delegations ?? {}).map((k) => [k, AccessLevelEnum.WRITE])),\n hasUnknownAnonymousDataOwners: false,\n },\n ])\n }\n\n private async getDataOwnersWithAccessToSecureDelegations(entityWithType: EncryptedEntityWithType): Promise<{\n permissionsByDataOwnerId: { [dataOwnerId: string]: AccessLevelEnum }\n hasUnknownAnonymousDataOwners: boolean\n }> {\n const secureDelegationDetails = await this.securityMetadataDecryptor.getDelegationMemberDetails(entityWithType)\n const secureDelegationWithUnknownMembers = Object.entries(secureDelegationDetails).flatMap(([canonicalKey, delegation]) => {\n if (!delegation.delegate || !delegation.delegator) {\n const aliases = Object.entries(entityWithType.entity.securityMetadata?.keysEquivalences ?? {}).flatMap(([alias, canon]) => {\n if (canon == canonicalKey) {\n return [alias]\n } else {\n return []\n }\n })\n return [{ keys: [canonicalKey, ...aliases], delegation }]\n } else {\n return []\n }\n })\n const secureDelegationKeyMapsByDelegationKey = Object.fromEntries(\n (\n await this.getDecryptedSecureDelegationKeyMaps(\n secureDelegationWithUnknownMembers.flatMap(({ keys }) => keys),\n entityWithType.type\n )\n ).map((x) => [x.delegationKey, x])\n )\n const permissionsByDataOwnerId: { [dataOwnerId: string]: AccessLevelEnum } = {}\n let hasUnknownAnonymousDataOwners = false\n function addAccess(dataOwnerId: string, level: AccessLevelEnum) {\n if (permissionsByDataOwnerId[dataOwnerId] !== AccessLevelEnum.WRITE) {\n permissionsByDataOwnerId[dataOwnerId] = level\n }\n }\n for (const delegation of Object.values(secureDelegationDetails)) {\n if (delegation.delegate) addAccess(delegation.delegate, delegation.accessLevel)\n if (delegation.delegator) addAccess(delegation.delegator, delegation.accessLevel)\n }\n for (const { keys, delegation } of secureDelegationWithUnknownMembers) {\n const bestKey = keys.find((k) => {\n const currMap = secureDelegationKeyMapsByDelegationKey[k]\n return currMap && !!currMap.delegator && !!currMap.delegate\n })\n if (bestKey) {\n const keyMap = secureDelegationKeyMapsByDelegationKey[bestKey]\n addAccess(keyMap.delegate!, delegation.accessLevel)\n addAccess(keyMap.delegator!, delegation.accessLevel)\n } else {\n hasUnknownAnonymousDataOwners = true\n }\n }\n return { permissionsByDataOwnerId, hasUnknownAnonymousDataOwners }\n }\n\n private async mergePermissions(\n values: {\n permissionsByDataOwnerId: { [dataOwnerId: string]: AccessLevelEnum }\n hasUnknownAnonymousDataOwners: boolean\n }[]\n ): Promise<{\n permissionsByDataOwnerId: { [dataOwnerId: string]: AccessLevelEnum }\n hasUnknownAnonymousDataOwners: boolean\n }> {\n const accumulatedPermissions: { [dataOwnerId: string]: AccessLevelEnum } = {}\n let hasUnknownAnonymousDataOwners = false\n for (const v of values) {\n hasUnknownAnonymousDataOwners = hasUnknownAnonymousDataOwners || v.hasUnknownAnonymousDataOwners\n for (const [dataOwnerId, level] of Object.entries(v.permissionsByDataOwnerId)) {\n if (accumulatedPermissions[dataOwnerId] !== AccessLevelEnum.WRITE) {\n accumulatedPermissions[dataOwnerId] = level\n }\n }\n }\n return {\n permissionsByDataOwnerId: accumulatedPermissions,\n hasUnknownAnonymousDataOwners,\n }\n }\n\n private async getDecryptedSecureDelegationKeyMaps(\n delegationIds: string[],\n entityType: EntityWithDelegationTypeName\n ): Promise<SecureDelegationKeyMap[]> {\n if (delegationIds.length) {\n const encryptedMaps = await this.delegationKeyMapApi.getByDelegationKeys(\n { ids: delegationIds },\n await this.accessControlKeysHeadersProvider.getAccessControlKeysHeaders(entityType)\n )\n const res: SecureDelegationKeyMap[] = []\n for (const encryptedMap of encryptedMaps) {\n // Use the original entity type\n const decryptionResult = (await this.xapis.tryDecryptEntities([encryptedMap], entityType, (x) => new SecureDelegationKeyMap(x)))[0]\n if (decryptionResult.decrypted) {\n res.push(decryptionResult.entity)\n }\n }\n return res\n } else return []\n }\n\n // Important: to avoid potentially leaking links between entities of different types the key map calculates the secure delegation keys using the\n // same entity type as the delegation key for which they are mapping information.\n private async ensureDelegationKeyMapSharedWith(entityType: EntityWithDelegationTypeName, keyMap: SecureDelegationKeyMap, delegates: string[]) {\n if (!keyMap.delegator || !keyMap.delegate) throw new Error('Illegal state: key map is missing delegator or delegate info.')\n const dataOwnersWithAccessToMapThroughDelegation = Object.values(\n await this.securityMetadataDecryptor.getDelegationMemberDetails({\n type: entityType,\n entity: keyMap,\n })\n )\n .flatMap((x) => [x.delegate, x.delegator])\n .filter((x) => !!x) as string[]\n // Delegator and delegate got access to the entity when it was first created: no need to share with them ever.\n const dataOwnersWithAccessToMap = new Set([keyMap.delegate, keyMap.delegator, ...dataOwnersWithAccessToMapThroughDelegation])\n const dataOwnersNeedingShare = delegates.filter((x) => !dataOwnersWithAccessToMap.has(x))\n if (dataOwnersNeedingShare.length) {\n ;(\n await this.xapis.simpleShareOrUpdateEncryptedEntityMetadata(\n {\n entity: keyMap,\n type: entityType,\n },\n Object.fromEntries(\n dataOwnersNeedingShare.map((x) => [\n x,\n {\n shareSecretIds: [],\n shareEncryptionKeys: ShareMetadataBehaviour.REQUIRED,\n shareOwningEntityIds: ShareMetadataBehaviour.NEVER,\n requestedPermissions: RequestedPermissionEnum.FULL_READ,\n },\n ])\n ),\n async (request) =>\n this.delegationKeyMapApi.bulkShareSecureDelegationKeyMap(\n request,\n await this.accessControlKeysHeadersProvider.getAccessControlKeysHeaders(entityType)\n )\n )\n ).updatedEntityOrThrow\n }\n }\n\n // Important: to avoid potentially leaking links between entities of different types the key map calculates the secure delegation keys using the\n // same entity type as the delegation key for which they are mapping information.\n private async createSecureDelegationKeyMap(\n entityType: EntityWithDelegationTypeName,\n delegationKey: string,\n delegationMembersDetails: DelegationMembersDetails,\n delegates: string[]\n ) {\n if (!delegationMembersDetails.delegate || !delegationMembersDetails.delegator || !delegationMembersDetails.accessControlSecret)\n throw new Error('Illegal state: delegation members details are missing delegate, delegator or access control secret info.')\n const selfDoId = await this.dataOwnerApi.getCurrentDataOwnerId()\n // Ensure that both the delegator and delegate of the delegation this map refers tho can share it later on, even if they did not create it.\n // Usually either the delegator or delegate are the current data owner, but sometimes also the child of the delegator or delegate can do it.\n const initialDelegates = [delegationMembersDetails.delegate, delegationMembersDetails.delegator, ...delegates].filter((x) => x != selfDoId)\n const initalisedMapInfo = await this.xapis.entityWithInitialisedEncryptedMetadata<SecureDelegationKeyMap>(\n {\n id: this.cryptoPrimitives.randomUuid(),\n delegate: delegationMembersDetails.delegate,\n delegator: delegationMembersDetails.delegator,\n delegationKey: delegationKey,\n },\n entityType,\n undefined,\n undefined,\n true,\n Object.fromEntries(initialDelegates.map((x) => [x, AccessLevelEnum.READ])),\n undefined\n )\n const encryptedKeyMap = (\n await this.xapis.tryEncryptEntities(\n [initalisedMapInfo.updatedEntity],\n entityType,\n this.delegationKeyMapFieldsToEncrypt,\n false,\n true,\n (x) => new SecureDelegationKeyMap(x)\n )\n )[0]\n await this.delegationKeyMapApi.create(\n encryptedKeyMap,\n new XHR.Header(\n ACCESS_CONTROL_KEYS_HEADER,\n await this.accessControlSecretUtils.getEncodedAccessControlKeys([delegationMembersDetails.accessControlSecret], entityType)\n )\n )\n }\n}\n"]}
|
|
@@ -32,14 +32,21 @@ export interface ExchangeDataManager {
|
|
|
32
32
|
* Gets any existing and verified exchange data from the current data owner to the provided delegate or creates new data if no verified data is
|
|
33
33
|
* available, then caches it.
|
|
34
34
|
* @param delegateId the id of the delegate.
|
|
35
|
-
* @param
|
|
35
|
+
* @param options
|
|
36
|
+
* - allowCreationWithoutDelegatorKey if true, when creating new exchange data, even if no verified key is available for the delegator the method
|
|
37
|
+
* will create the new exchange data anyway (will not be usable by the delegate without additional steps).
|
|
38
|
+
* - allowCreationWithoutDelegateKey if true, when creating new exchange data, even if no verified key is available for the delegate the method
|
|
36
39
|
* will create the new exchange data anyway (will not be usable by the delegate without additional steps).
|
|
37
40
|
* @return the access control secret and key of the data to use for encryption.
|
|
38
41
|
*/
|
|
39
|
-
getOrCreateEncryptionDataTo(delegateId: string,
|
|
42
|
+
getOrCreateEncryptionDataTo(delegateId: string, options?: {
|
|
43
|
+
allowCreationWithoutDelegatorKey?: boolean;
|
|
44
|
+
allowCreationWithoutDelegateKey?: boolean;
|
|
45
|
+
}): Promise<{
|
|
40
46
|
exchangeData: ExchangeData;
|
|
41
47
|
accessControlSecret: string;
|
|
42
48
|
exchangeKey: CryptoKey;
|
|
49
|
+
sharedSignatureKey: CryptoKey;
|
|
43
50
|
}>;
|
|
44
51
|
/**
|
|
45
52
|
* Retrieve the cached decrypted exchange data key associated with any of the provided hashes/entry keys of secure delegations.
|
|
@@ -86,4 +93,20 @@ export interface ExchangeDataManager {
|
|
|
86
93
|
* data owner, which can be used to search for data.
|
|
87
94
|
*/
|
|
88
95
|
getAllDelegationKeys(entityType: EntityWithDelegationTypeName): Promise<string[] | undefined>;
|
|
96
|
+
/**
|
|
97
|
+
* Injects already decrypted exchange data, allowing it to be used by the sdk.
|
|
98
|
+
* @param exchangeDataDetails the exchange data to inject, with the decrypted content and verified status.
|
|
99
|
+
* Note that the SDK won't verify that the provided decrypted content actually matches what is stored in the exchange
|
|
100
|
+
* data.
|
|
101
|
+
* @param reEncryptWithOwnKeys if true all the provided exchange data that is not encrypted with any of the self
|
|
102
|
+
* verified keys of the user will be re-encrypted with them. In case the user is also the delegator and the data is
|
|
103
|
+
* verified the delegator signature will be updated.
|
|
104
|
+
*/
|
|
105
|
+
injectDecryptedExchangeData(exchangeDataDetails: {
|
|
106
|
+
exchangeDataId: string;
|
|
107
|
+
accessControlSecret: ArrayBuffer;
|
|
108
|
+
exchangeKey: ArrayBuffer;
|
|
109
|
+
sharedSignatureKey: ArrayBuffer;
|
|
110
|
+
verified: boolean;
|
|
111
|
+
}[], reEncryptWithOwnKeys: boolean): Promise<void>;
|
|
89
112
|
}
|
|
@@ -16,6 +16,7 @@ const CryptoActorStub_1 = require("../../icc-api/model/CryptoActorStub");
|
|
|
16
16
|
const RSA_1 = require("./RSA");
|
|
17
17
|
const async_mutex_1 = require("async-mutex");
|
|
18
18
|
const simple_lru_cache_1 = require("../utils/simple-lru-cache");
|
|
19
|
+
const console = require("node:console");
|
|
19
20
|
/**
|
|
20
21
|
* @internal this function is for internal use only and may be changed without notice.
|
|
21
22
|
* Initialises and returns the exchange data manager which is most appropriate for the current data owner.
|
|
@@ -60,6 +61,7 @@ class AbstractExchangeDataManager {
|
|
|
60
61
|
return {
|
|
61
62
|
accessControlSecret: decryptedAccessControlSecret,
|
|
62
63
|
exchangeKey: decryptedExchangeKey,
|
|
64
|
+
sharedSignatureKey: decryptedSharedSignatureKey,
|
|
63
65
|
verified: yield this.base.verifyExchangeData({
|
|
64
66
|
exchangeData: data,
|
|
65
67
|
decryptedAccessControlSecret,
|
|
@@ -71,8 +73,12 @@ class AbstractExchangeDataManager {
|
|
|
71
73
|
}
|
|
72
74
|
createNewExchangeData(delegateId, options) {
|
|
73
75
|
return __awaiter(this, void 0, void 0, function* () {
|
|
76
|
+
if (options.allowNoDelegateKeys && options.allowNoDelegatorKeys)
|
|
77
|
+
throw new Error('Illegal arguments: allow no delegator and no delegate keys should never both be true');
|
|
74
78
|
const encryptionKeys = {};
|
|
75
79
|
const selfVerifiedKeys = this.encryptionKeys.getSelfVerifiedKeys();
|
|
80
|
+
if (selfVerifiedKeys.length <= 0 && !options.allowNoDelegatorKeys)
|
|
81
|
+
throw new Error('If the sdk is initialized in keyless mode you must create exchange data explicitly');
|
|
76
82
|
selfVerifiedKeys.forEach(({ fingerprint, pair }) => {
|
|
77
83
|
encryptionKeys[fingerprint] = pair.publicKey;
|
|
78
84
|
});
|
|
@@ -110,6 +116,7 @@ class AbstractExchangeDataManager {
|
|
|
110
116
|
exchangeData: newData.exchangeData,
|
|
111
117
|
accessControlSecret: newData.accessControlSecret,
|
|
112
118
|
exchangeKey: newData.exchangeKey,
|
|
119
|
+
sharedSignatureKey: newData.sharedSignatureKey,
|
|
113
120
|
};
|
|
114
121
|
});
|
|
115
122
|
}
|
|
@@ -142,7 +149,7 @@ class AbstractExchangeDataManager {
|
|
|
142
149
|
clearOrRepopulateCache() {
|
|
143
150
|
throw new Error('Implemented by concrete class');
|
|
144
151
|
}
|
|
145
|
-
getOrCreateEncryptionDataTo(delegateId,
|
|
152
|
+
getOrCreateEncryptionDataTo(delegateId, options) {
|
|
146
153
|
throw new Error('Implemented by concrete class');
|
|
147
154
|
}
|
|
148
155
|
getCachedDecryptionDataKeyByAccessControlHash(hashes) {
|
|
@@ -157,6 +164,51 @@ class AbstractExchangeDataManager {
|
|
|
157
164
|
getAllDelegationKeys(entityType) {
|
|
158
165
|
throw new Error('Implemented by concrete class');
|
|
159
166
|
}
|
|
167
|
+
injectDecryptedExchangeData(exchangeDataDetails, reEncryptWithOwnKeys) {
|
|
168
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
169
|
+
const self = yield this.dataOwnerApi.getCurrentDataOwnerId();
|
|
170
|
+
const retrievedExchangeData = yield this.base.getExchangeDataByIds(exchangeDataDetails.map((x) => x.exchangeDataId));
|
|
171
|
+
if (retrievedExchangeData.some((x) => x.delegator != self && x.delegate != self))
|
|
172
|
+
throw new Error('Should only inject exchange date from/to the current user');
|
|
173
|
+
const exchangeDataById = {};
|
|
174
|
+
retrievedExchangeData.forEach((x) => (exchangeDataById[x.id] = x));
|
|
175
|
+
if (reEncryptWithOwnKeys) {
|
|
176
|
+
const selfVerifiedKeys = this.encryptionKeys.getSelfVerifiedKeys();
|
|
177
|
+
if (selfVerifiedKeys.length <= 0)
|
|
178
|
+
throw new Error("Can't re-encrypt injected exchange data with own keys if in keyless mode");
|
|
179
|
+
const encryptionKeys = {};
|
|
180
|
+
selfVerifiedKeys.forEach(({ fingerprint, pair }) => {
|
|
181
|
+
encryptionKeys[fingerprint] = pair.publicKey;
|
|
182
|
+
});
|
|
183
|
+
const signatureKeys = Object.fromEntries(selfVerifiedKeys.map((x) => [x.fingerprint, x.pair.privateKey]));
|
|
184
|
+
for (const details of exchangeDataDetails) {
|
|
185
|
+
const exchangeData = exchangeDataById[details.exchangeDataId];
|
|
186
|
+
if (exchangeData != null)
|
|
187
|
+
yield this.base.updateExchangeDataWithRawDecryptedContent({
|
|
188
|
+
exchangeData,
|
|
189
|
+
newEncryptionKeys: encryptionKeys,
|
|
190
|
+
newDelegatorSignatureKeys: exchangeData.delegator == self && details.verified ? signatureKeys : {},
|
|
191
|
+
rawExchangeKey: details.exchangeKey,
|
|
192
|
+
rawAccessControlSecret: details.accessControlSecret,
|
|
193
|
+
rawSharedSignatureKey: details.sharedSignatureKey,
|
|
194
|
+
});
|
|
195
|
+
}
|
|
196
|
+
}
|
|
197
|
+
const importedDetails = [];
|
|
198
|
+
for (const details of exchangeDataDetails) {
|
|
199
|
+
const exchangeData = exchangeDataById[details.exchangeDataId];
|
|
200
|
+
if (exchangeData != undefined)
|
|
201
|
+
importedDetails.push({
|
|
202
|
+
exchangeData: exchangeData,
|
|
203
|
+
accessControlSecret: yield this.base.importAccessControlSecret(details.accessControlSecret),
|
|
204
|
+
exchangeKey: yield this.base.importExchangeKey(details.exchangeKey),
|
|
205
|
+
sharedSignatureKey: yield this.base.importSharedSignatureKey(details.sharedSignatureKey),
|
|
206
|
+
verified: details.verified,
|
|
207
|
+
});
|
|
208
|
+
}
|
|
209
|
+
yield this.cacheInjectedExchangeData(importedDetails);
|
|
210
|
+
});
|
|
211
|
+
}
|
|
160
212
|
}
|
|
161
213
|
class FullyCachedExchangeDataManager extends AbstractExchangeDataManager {
|
|
162
214
|
constructor() {
|
|
@@ -201,6 +253,7 @@ class FullyCachedExchangeDataManager extends AbstractExchangeDataManager {
|
|
|
201
253
|
exchangeData: cached.exchangeData,
|
|
202
254
|
accessControlSecret: cached.decrypted.accessControlSecret,
|
|
203
255
|
exchangeKey: cached.decrypted.exchangeKey,
|
|
256
|
+
sharedSignatureKey: cached.decrypted.sharedSignatureKey,
|
|
204
257
|
};
|
|
205
258
|
}
|
|
206
259
|
else {
|
|
@@ -208,7 +261,8 @@ class FullyCachedExchangeDataManager extends AbstractExchangeDataManager {
|
|
|
208
261
|
}
|
|
209
262
|
});
|
|
210
263
|
}
|
|
211
|
-
getOrCreateEncryptionDataTo(delegateId,
|
|
264
|
+
getOrCreateEncryptionDataTo(delegateId, options) {
|
|
265
|
+
var _a, _b;
|
|
212
266
|
return __awaiter(this, void 0, void 0, function* () {
|
|
213
267
|
const initialCached = yield this.getCachedEncryptionDataTo(delegateId);
|
|
214
268
|
if (initialCached)
|
|
@@ -218,10 +272,14 @@ class FullyCachedExchangeDataManager extends AbstractExchangeDataManager {
|
|
|
218
272
|
const cachedAfterMutex = yield this.getCachedEncryptionDataTo(delegateId);
|
|
219
273
|
if (cachedAfterMutex)
|
|
220
274
|
return cachedAfterMutex;
|
|
221
|
-
const created = yield this.createNewExchangeData(delegateId, {
|
|
275
|
+
const created = yield this.createNewExchangeData(delegateId, {
|
|
276
|
+
allowNoDelegateKeys: (_a = options === null || options === void 0 ? void 0 : options.allowCreationWithoutDelegateKey) !== null && _a !== void 0 ? _a : false,
|
|
277
|
+
allowNoDelegatorKeys: (_b = options === null || options === void 0 ? void 0 : options.allowCreationWithoutDelegatorKey) !== null && _b !== void 0 ? _b : false,
|
|
278
|
+
});
|
|
222
279
|
this.cacheData(created.exchangeData, true, {
|
|
223
280
|
accessControlSecret: created.accessControlSecret,
|
|
224
281
|
exchangeKey: created.exchangeKey,
|
|
282
|
+
sharedSignatureKey: created.sharedSignatureKey,
|
|
225
283
|
verified: true,
|
|
226
284
|
});
|
|
227
285
|
return created;
|
|
@@ -314,6 +372,18 @@ class FullyCachedExchangeDataManager extends AbstractExchangeDataManager {
|
|
|
314
372
|
return res;
|
|
315
373
|
});
|
|
316
374
|
}
|
|
375
|
+
cacheInjectedExchangeData(exchangeDataDetails) {
|
|
376
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
377
|
+
for (const details of exchangeDataDetails) {
|
|
378
|
+
this.cacheData(details.exchangeData, true, {
|
|
379
|
+
accessControlSecret: details.accessControlSecret,
|
|
380
|
+
exchangeKey: details.exchangeKey,
|
|
381
|
+
sharedSignatureKey: details.sharedSignatureKey,
|
|
382
|
+
verified: details.verified,
|
|
383
|
+
});
|
|
384
|
+
}
|
|
385
|
+
});
|
|
386
|
+
}
|
|
317
387
|
}
|
|
318
388
|
class LimitedLruCacheExchangeDataManager extends AbstractExchangeDataManager {
|
|
319
389
|
constructor(base, encryptionKeys, accessControlSecret, cryptoStrategies, dataOwnerApi, primitives, useParentKeys, optionalParameters) {
|
|
@@ -404,7 +474,8 @@ class LimitedLruCacheExchangeDataManager extends AbstractExchangeDataManager {
|
|
|
404
474
|
}
|
|
405
475
|
});
|
|
406
476
|
}
|
|
407
|
-
getOrCreateEncryptionDataTo(delegateId,
|
|
477
|
+
getOrCreateEncryptionDataTo(delegateId, options) {
|
|
478
|
+
var _a, _b;
|
|
408
479
|
return __awaiter(this, void 0, void 0, function* () {
|
|
409
480
|
const release = yield this.cacheMutex.acquire();
|
|
410
481
|
try {
|
|
@@ -422,6 +493,7 @@ class LimitedLruCacheExchangeDataManager extends AbstractExchangeDataManager {
|
|
|
422
493
|
exchangeData: cached.exchangeData,
|
|
423
494
|
exchangeKey: cached.decrypted.exchangeKey,
|
|
424
495
|
accessControlSecret: cached.decrypted.accessControlSecret,
|
|
496
|
+
sharedSignatureKey: cached.decrypted.sharedSignatureKey,
|
|
425
497
|
};
|
|
426
498
|
}
|
|
427
499
|
else
|
|
@@ -429,7 +501,8 @@ class LimitedLruCacheExchangeDataManager extends AbstractExchangeDataManager {
|
|
|
429
501
|
}
|
|
430
502
|
else {
|
|
431
503
|
const created = yield this.createNewExchangeData(delegateId, {
|
|
432
|
-
allowNoDelegateKeys: allowCreationWithoutDelegateKey,
|
|
504
|
+
allowNoDelegateKeys: (_a = options === null || options === void 0 ? void 0 : options.allowCreationWithoutDelegateKey) !== null && _a !== void 0 ? _a : false,
|
|
505
|
+
allowNoDelegatorKeys: (_b = options === null || options === void 0 ? void 0 : options.allowCreationWithoutDelegatorKey) !== null && _b !== void 0 ? _b : false,
|
|
433
506
|
});
|
|
434
507
|
const hashes = yield this.accessControlSecret.allSecureDelegationKeysFor(created.accessControlSecret);
|
|
435
508
|
const data = {
|
|
@@ -437,6 +510,7 @@ class LimitedLruCacheExchangeDataManager extends AbstractExchangeDataManager {
|
|
|
437
510
|
decrypted: {
|
|
438
511
|
accessControlSecret: created.accessControlSecret,
|
|
439
512
|
exchangeKey: created.exchangeKey,
|
|
513
|
+
sharedSignatureKey: created.sharedSignatureKey,
|
|
440
514
|
verified: true,
|
|
441
515
|
},
|
|
442
516
|
hashes,
|
|
@@ -446,6 +520,7 @@ class LimitedLruCacheExchangeDataManager extends AbstractExchangeDataManager {
|
|
|
446
520
|
exchangeData: data.exchangeData,
|
|
447
521
|
exchangeKey: data.decrypted.exchangeKey,
|
|
448
522
|
accessControlSecret: data.decrypted.accessControlSecret,
|
|
523
|
+
sharedSignatureKey: data.decrypted.sharedSignatureKey,
|
|
449
524
|
};
|
|
450
525
|
}
|
|
451
526
|
}
|
|
@@ -495,5 +570,23 @@ class LimitedLruCacheExchangeDataManager extends AbstractExchangeDataManager {
|
|
|
495
570
|
getAllDelegationKeys() {
|
|
496
571
|
return Promise.resolve(undefined);
|
|
497
572
|
}
|
|
573
|
+
cacheInjectedExchangeData(exchangeDataDetails) {
|
|
574
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
575
|
+
for (const details of exchangeDataDetails) {
|
|
576
|
+
const hashes = yield this.accessControlSecret.allSecureDelegationKeysFor(details.accessControlSecret);
|
|
577
|
+
const data = {
|
|
578
|
+
exchangeData: details.exchangeData,
|
|
579
|
+
decrypted: {
|
|
580
|
+
accessControlSecret: details.accessControlSecret,
|
|
581
|
+
exchangeKey: details.exchangeKey,
|
|
582
|
+
sharedSignatureKey: details.sharedSignatureKey,
|
|
583
|
+
verified: details.verified,
|
|
584
|
+
},
|
|
585
|
+
hashes,
|
|
586
|
+
};
|
|
587
|
+
this.addToCache(data);
|
|
588
|
+
}
|
|
589
|
+
});
|
|
590
|
+
}
|
|
498
591
|
}
|
|
499
592
|
//# sourceMappingURL=ExchangeDataManager.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"ExchangeDataManager.js","sourceRoot":"","sources":["../../../icc-x-api/crypto/ExchangeDataManager.ts"],"names":[],"mappings":";;;;;;;;;;;;AAMA,mCAAgH;AAEhH,oCAA+D;AAC/D,yEAA6E;AAC7E,+BAAkC;AAClC,6CAAmC;AACnC,gEAA0D;AAO1D;;;GAGG;AACH,SAAsB,gDAAgD,CACpE,IAA6B,EAC7B,cAAyC,EACzC,mBAA6C,EAC7C,gBAAkC,EAClC,YAA8B,EAC9B,UAA4B,EAC5B,aAAsB,EACtB,qBAA4D,EAAE;;QAE9D,MAAM,YAAY,GAAG,yCAAuB,CAAC,aAAa,CAAC,MAAM,YAAY,CAAC,mBAAmB,EAAE,CAAC,CAAA;QACpG,IAAI,gBAAgB,CAAC,oCAAoC,CAAC,YAAY,CAAC,EAAE;YACvE,MAAM,GAAG,GAAG,IAAI,8BAA8B,CAC5C,IAAI,EACJ,cAAc,EACd,mBAAmB,EACnB,gBAAgB,EAChB,YAAY,EACZ,UAAU,EACV,aAAa,CACd,CAAA;YACD,MAAM,GAAG,CAAC,sBAAsB,EAAE,CAAA;YAClC,OAAO,GAAG,CAAA;SACX;aAAM;YACL,OAAO,IAAI,kCAAkC,CAC3C,IAAI,EACJ,cAAc,EACd,mBAAmB,EACnB,gBAAgB,EAChB,YAAY,EACZ,UAAU,EACV,aAAa,EACb,kBAAkB,CACnB,CAAA;SACF;IACH,CAAC;CAAA;AAnCD,4GAmCC;AAoFD,MAAe,2BAA2B;IACxC,YACW,IAA6B,EACnB,cAAyC,EACzC,mBAA6C,EAC7C,gBAAkC,EAClC,YAA8B,EAC9B,UAA4B,EAC9B,aAAsB;QAN9B,SAAI,GAAJ,IAAI,CAAyB;QACnB,mBAAc,GAAd,cAAc,CAA2B;QACzC,wBAAmB,GAAnB,mBAAmB,CAA0B;QAC7C,qBAAgB,GAAhB,gBAAgB,CAAkB;QAClC,iBAAY,GAAZ,YAAY,CAAkB;QAC9B,eAAU,GAAV,UAAU,CAAkB;QAC9B,kBAAa,GAAb,aAAa,CAAS;IACtC,CAAC;IAEY,WAAW,CAAC,IAAkB;;YAQ5C,MAAM,cAAc,GAAG,IAAI,CAAC,cAAc,CAAC,iBAAiB,EAAE,CAAA;YAC9D,MAAM,cAAc,GAAG,MAAM,CAAC,WAAW,CACvC,IAAI,CAAC,cAAc,CAAC,mBAAmB,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,EAAuB,EAAE,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAC9G,CAAA;YACD,MAAM,oBAAoB,GAAG,CAAC,MAAM,IAAI,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC,IAAI,CAAC,EAAE,cAAc,CAAC,CAAC,CAAC,qBAAqB,CAAC,CAAC,CAAC,CAAA;YACtH,IAAI,CAAC,oBAAoB;gBAAE,OAAO,SAAS,CAAA;YAC3C,MAAM,4BAA4B,GAAG,CAAC,MAAM,IAAI,CAAC,IAAI,CAAC,6BAA6B,CAAC,CAAC,IAAI,CAAC,EAAE,cAAc,CAAC,CAAC,CAAC,qBAAqB,CAAC,CAAC,CAAC,CAAA;YACrI,IAAI,CAAC,4BAA4B;gBAC/B,MAAM,IAAI,KAAK,CAAC,kFAAkF,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;YAC3H,MAAM,2BAA2B,GAAG,CAAC,MAAM,IAAI,CAAC,IAAI,CAAC,6BAA6B,CAAC,CAAC,IAAI,CAAC,EAAE,cAAc,CAAC,CAAC,CAAC,qBAAqB,CAAC,CAAC,CAAC,CAAA;YACpI,IAAI,CAAC,2BAA2B;gBAC9B,MAAM,IAAI,KAAK,CAAC,iFAAiF,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;YAC1H,OAAO;gBACL,mBAAmB,EAAE,4BAA4B;gBACjD,WAAW,EAAE,oBAAoB;gBACjC,QAAQ,EAAE,MAAM,IAAI,CAAC,IAAI,CAAC,kBAAkB,CAC1C;oBACE,YAAY,EAAE,IAAI;oBAClB,4BAA4B;oBAC5B,oBAAoB;oBACpB,2BAA2B;iBAC5B,EACD,cAAc,EACd,IAAI,CACL;aACF,CAAA;QACH,CAAC;KAAA;IAEe,qBAAqB,CACnC,UAAkB,EAClB,OAGC;;YAED,MAAM,cAAc,GAAgC,EAAE,CAAA;YACtD,MAAM,gBAAgB,GAAG,IAAI,CAAC,cAAc,CAAC,mBAAmB,EAAE,CAAA;YAClE,gBAAgB,CAAC,OAAO,CAAC,CAAC,EAAE,WAAW,EAAE,IAAI,EAAE,EAAE,EAAE;gBACjD,cAAc,CAAC,WAAW,CAAC,GAAG,IAAI,CAAC,SAAS,CAAA;YAC9C,CAAC,CAAC,CAAA;YACF,IAAI,UAAU,IAAI,CAAC,MAAM,IAAI,CAAC,YAAY,CAAC,qBAAqB,EAAE,CAAC,EAAE;gBACnE,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,kBAAkB,CAAC,UAAU,CAAC,CAAA;gBACvE,MAAM,oBAAoB,GAAG,IAAA,iCAAyB,EAAC,QAAQ,CAAC,IAAI,CAAC,CAAA;gBACrE,MAAM,kBAAkB,GAAG,IAAA,+BAAuB,EAAC,QAAQ,CAAC,IAAI,CAAC,CAAA;gBACjE,IAAI,uBAAiC,CAAA;gBACrC,IAAI,CAAC,oBAAoB,CAAC,IAAI,IAAI,CAAC,kBAAkB,CAAC,IAAI,EAAE;oBAC1D,IAAI,CAAC,OAAO,CAAC,mBAAmB;wBAC9B,MAAM,IAAI,KAAK,CAAC,qCAAqC,UAAU,+CAA+C,CAAC,CAAA;oBACjH,uBAAuB,GAAG,EAAE,CAAA;iBAC7B;qBAAM,IAAI,IAAI,CAAC,aAAa,IAAI,CAAC,MAAM,IAAI,CAAC,YAAY,CAAC,+BAA+B,EAAE,CAAC,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE;oBACjH,uBAAuB,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,wBAAwB,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAA;iBAC5F;qBAAM;oBACL,uBAAuB,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,wBAAwB,CAC5E,QAAQ,EACR,CAAC,GAAG,KAAK,CAAC,IAAI,CAAC,oBAAoB,CAAC,EAAE,GAAG,KAAK,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC,EACxE,IAAI,CAAC,UAAU,CAChB,CAAA;iBACF;gBACD,IAAI,CAAC,uBAAuB,CAAC,MAAM,IAAI,CAAC,OAAO,CAAC,mBAAmB;oBACjE,MAAM,IAAI,KAAK,CAAC,qCAAqC,UAAU,uDAAuD,CAAC,CAAA;gBACzH,KAAK,MAAM,WAAW,IAAI,uBAAuB,EAAE;oBACjD,IAAI,kBAAkB,CAAC,GAAG,CAAC,WAAW,CAAC,EAAE;wBACvC,cAAc,CAAC,IAAA,qBAAa,EAAC,WAAW,CAAC,CAAC,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,SAAS,CAAC,MAAM,EAAE,IAAA,cAAM,EAAC,WAAW,CAAC,EAAE,CAAC,SAAS,CAAC,EAAE,gBAAU,CAAC,IAAI,CAAC,CAAA;qBAC5I;yBAAM,IAAI,oBAAoB,CAAC,GAAG,CAAC,WAAW,CAAC,EAAE;wBAChD,cAAc,CAAC,IAAA,qBAAa,EAAC,WAAW,CAAC,CAAC,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,SAAS,CAC9E,MAAM,EACN,IAAA,cAAM,EAAC,WAAW,CAAC,EACnB,CAAC,SAAS,CAAC,EACX,gBAAU,CAAC,MAAM,CAClB,CAAA;qBACF;;wBAAM,MAAM,IAAI,KAAK,CAAC,qFAAqF,CAAC,CAAA;iBAC9G;aACF;YACD,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,kBAAkB,CAChD,UAAU,EACV,MAAM,CAAC,WAAW,CAAC,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAuB,EAAE,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,EACxG,cAAc,EACd,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,EAAE,EAAE,OAAO,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC,EAAE,CACnD,CAAA;YACD,OAAO;gBACL,YAAY,EAAE,OAAO,CAAC,YAAY;gBAClC,mBAAmB,EAAE,OAAO,CAAC,mBAAmB;gBAChD,WAAW,EAAE,OAAO,CAAC,WAAW;aACjC,CAAA;QACH,CAAC;KAAA;IAEK,gBAAgB,CAAC,cAAsB,EAAE,qBAA6B;;YAC1E,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,qBAAqB,EAAE,CAAA;YAC5D,MAAM,QAAQ,GAAG,IAAA,qBAAa,EAAC,qBAAqB,CAAC,CAAA;YACrD,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,kBAAkB,CAAC,cAAc,CAAC,CAAA;YACxE,MAAM,iBAAiB,GAAG,IAAA,2BAAmB,EAAC,KAAK,CAAC,IAAI,EAAE,qBAAqB,CAAC,CAAA;YAChF,IAAI,CAAC,iBAAiB;gBAAE,MAAM,IAAI,KAAK,CAAC,uCAAuC,cAAc,EAAE,CAAC,CAAA;YAChG,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,SAAS,CAAC,MAAM,EAAE,IAAA,cAAM,EAAC,qBAAqB,CAAC,EAAE,CAAC,SAAS,CAAC,EAAE,iBAAiB,CAAC,CAAA;YACjI,MAAM,cAAc,GAAG,IAAI,CAAC,cAAc,CAAC,iBAAiB,EAAE,CAAA;YAC9D,MAAM,uBAAuB,GAC3B,IAAI,IAAI,cAAc;gBACpB,CAAC,CAAC,MAAM,IAAI,CAAC,IAAI,CAAC,sCAAsC,CAAC,IAAI,EAAE,IAAI,CAAC;gBACpE,CAAC,CAAC;oBACE,GAAG,CAAC,MAAM,IAAI,CAAC,IAAI,CAAC,sCAAsC,CAAC,IAAI,EAAE,cAAc,CAAC,CAAC;oBACjF,GAAG,CAAC,MAAM,IAAI,CAAC,IAAI,CAAC,sCAAsC,CAAC,cAAc,EAAE,IAAI,CAAC,CAAC;iBAClF,CAAA;YACP,KAAK,MAAM,YAAY,IAAI,uBAAuB,EAAE;gBAClD,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,WAAW,CAAC,CAAC,IAAI,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,IAAI,QAAQ,CAAC,EAAE;oBACvE,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,qBAAqB,CAAC,YAAY,EAAE,cAAc,EAAE,EAAE,CAAC,QAAQ,CAAC,EAAE,cAAc,EAAE,CAAC,CAAA;oBACnH,IAAI,CAAC,OAAO,EAAE;wBACZ,OAAO,CAAC,IAAI,CAAC,gDAAgD,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC,EAAE,CAAC,CAAA;qBAC7F;iBACF;aACF;QACH,CAAC;KAAA;IAED,sBAAsB;QACpB,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAA;IAClD,CAAC;IAED,2BAA2B,CACzB,UAAkB,EAClB,+BAAwC;QAExC,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAA;IAClD,CAAC;IAED,6CAA6C,CAC3C,MAAgB;QAEhB,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAA;IAClD,CAAC;IAED,yBAAyB,CACvB,GAAa,EACb,mBAA4B;QAQ5B,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAA;IAClD,CAAC;IAED,yBAAyB,CAAC,UAAwC;QAChE,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAA;IAClD,CAAC;IAED,oBAAoB,CAAC,UAAwC;QAC3D,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAA;IAClD,CAAC;CACF;AAED,MAAM,8BAA+B,SAAQ,2BAA2B;IAAxE;;QACU,WAAM,GAKT,OAAO,CAAC,OAAO,CAAC,EAAE,QAAQ,EAAE,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,kCAAkC,EAAE,EAAE,EAAE,kCAAkC,EAAE,EAAE,EAAE,CAAC,CAAA;QAC5H,4BAAuB,GAAG,IAAI,mBAAK,EAAE,CAAA;IA4K/C,CAAC;IA1KO,sBAAsB;;YAC1B,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC,iBAAiB,EAAE,CAAA;YACtC,MAAM,IAAI,CAAC,MAAM,CAAA;QACnB,CAAC;KAAA;IAEK,6CAA6C,CACjD,MAAgB;;YAEhB,SAAS,0BAA0B,CAAC,MAInC;gBACC,OAAO,MAAM,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE;oBACjC,MAAM,EAAE,GAAG,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAA;oBAChC,IAAI,EAAE,EAAE;wBACN,MAAM,MAAM,GAAG,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAA;wBAClC,IAAI,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,SAAS,EAAE;4BACrB,GAAG,CAAC,IAAI,CAAC,GAAG;gCACV,YAAY,EAAE,MAAM,CAAC,YAAY;gCACjC,WAAW,EAAE,MAAM,CAAC,SAAS,CAAC,WAAW;gCACzC,mBAAmB,EAAE,MAAM,CAAC,SAAS,CAAC,mBAAmB;6BAC1D,CAAA;yBACF;qBACF;oBACD,OAAO,GAAG,CAAA;gBACZ,CAAC,EAAE,EAA6G,CAAC,CAAA;YACnH,CAAC;YAED,OAAO,0BAA0B,CAAC,MAAM,IAAI,CAAC,MAAM,CAAC,CAAA;QACtD,CAAC;KAAA;IAEa,yBAAyB,CACrC,UAAkB;;YAElB,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAA;YAChC,MAAM,MAAM,GAAG,MAAM,CAAC,kCAAkC,CAAC,UAAU,CAAC,CAAA;YACpE,MAAM,MAAM,GAAG,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,SAAS,CAAA;YAC3D,IAAI,MAAM,KAAI,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,SAAS,CAAA,EAAE;gBAC/B,OAAO;oBACL,YAAY,EAAE,MAAM,CAAC,YAAY;oBACjC,mBAAmB,EAAE,MAAM,CAAC,SAAS,CAAC,mBAAmB;oBACzD,WAAW,EAAE,MAAM,CAAC,SAAS,CAAC,WAAW;iBAC1C,CAAA;aACF;iBAAM;gBACL,OAAO,SAAS,CAAA;aACjB;QACH,CAAC;KAAA;IAEK,2BAA2B,CAC/B,UAAkB,EAClB,+BAAwC;;YAExC,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,yBAAyB,CAAC,UAAU,CAAC,CAAA;YACtE,IAAI,aAAa;gBAAE,OAAO,aAAa,CAAA;YACvC,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,uBAAuB,CAAC,OAAO,EAAE,CAAA;YAC5D,IAAI;gBACF,MAAM,gBAAgB,GAAG,MAAM,IAAI,CAAC,yBAAyB,CAAC,UAAU,CAAC,CAAA;gBACzE,IAAI,gBAAgB;oBAAE,OAAO,gBAAgB,CAAA;gBAC7C,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,qBAAqB,CAAC,UAAU,EAAE,EAAE,mBAAmB,EAAE,+BAA+B,EAAE,CAAC,CAAA;gBACtH,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,YAAY,EAAE,IAAI,EAAE;oBACzC,mBAAmB,EAAE,OAAO,CAAC,mBAAmB;oBAChD,WAAW,EAAE,OAAO,CAAC,WAAW;oBAChC,QAAQ,EAAE,IAAI;iBACf,CAAC,CAAA;gBACF,OAAO,OAAO,CAAA;aACf;oBAAS;gBACR,OAAO,EAAE,CAAA;aACV;QACH,CAAC;KAAA;IAEK,yBAAyB,CAC7B,GAAa,EACb,mBAA4B;;;YAQ5B,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAA;YAChC,MAAM,GAAG,GAML,EAAE,CAAA;YACN,KAAK,MAAM,EAAE,IAAI,GAAG,EAAE;gBACpB,MAAM,IAAI,GAAG,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAA;gBAChC,IAAI,IAAI,EAAE;oBACR,GAAG,CAAC,EAAE,CAAC,GAAG;wBACR,YAAY,EAAE,IAAI,CAAC,YAAY;wBAC/B,WAAW,EAAE,MAAA,IAAI,CAAC,SAAS,0CAAE,WAAW;wBACxC,mBAAmB,EAAE,MAAA,IAAI,CAAC,SAAS,0CAAE,mBAAmB;qBACzD,CAAA;iBACF;aACF;YACD,OAAO,GAAG,CAAA;;KACX;IAEO,SAAS,CACf,YAA0B,EAC1B,SAAkB,EAClB,SAAiG;QAEjG,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAO,MAAM,EAAE,EAAE;YAC9C,MAAM,CAAC,QAAQ,CAAC,YAAY,CAAC,EAAG,CAAC,GAAG,EAAE,YAAY,EAAE,SAAS,EAAE,CAAA;YAC/D,IAAI,SAAS,EAAE;gBACb,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,0BAA0B,CAAC,SAAS,CAAC,mBAAmB,CAAC,CAAA;gBACvG,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,EAAE;oBACtB,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,YAAY,CAAC,EAAG,CAAA;gBAC1C,CAAC,CAAC,CAAA;gBACF,IAAI,SAAS,CAAC,QAAQ,EAAE;oBACtB,MAAM,CAAC,kCAAkC,CAAC,YAAY,CAAC,QAAQ,CAAC,GAAG,YAAY,CAAC,EAAG,CAAA;iBACpF;aACF;YACD,IAAI,SAAS;gBAAE,MAAM,CAAC,kCAAkC,GAAG,EAAE,CAAA;YAC7D,OAAO,MAAM,CAAA;QACf,CAAC,CAAA,CAAC,CAAA;IACJ,CAAC;IAEa,iBAAiB;;YAM7B,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,8CAA8C,EAAE,CAAA;YAChF,IAAI,CAAC,OAAO;gBAAE,MAAM,IAAI,KAAK,CAAC,8EAA8E,CAAC,CAAA;YAC7G,MAAM,QAAQ,GAAyC,EAAE,CAAA;YACzD,MAAM,QAAQ,GAA+B,EAAE,CAAA;YAC/C,MAAM,kCAAkC,GAAmC,EAAE,CAAA;YAC7E,KAAK,MAAM,QAAQ,IAAI,OAAO,EAAE;gBAC9B,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAA;gBACtD,QAAQ,CAAC,QAAQ,CAAC,EAAG,CAAC,GAAG,EAAE,YAAY,EAAE,QAAQ,EAAE,SAAS,EAAE,aAAa,EAAE,CAAA;gBAC7E,IAAI,aAAa,aAAb,aAAa,uBAAb,aAAa,CAAE,QAAQ,EAAE;oBAC3B,kCAAkC,CAAC,QAAQ,CAAC,QAAQ,CAAC,GAAG,QAAQ,CAAC,EAAG,CAAA;iBACrE;gBACD,IAAI,aAAa,aAAb,aAAa,uBAAb,aAAa,CAAE,mBAAmB,EAAE;oBACtC,KAAK,MAAM,CAAC,IAAI,MAAM,IAAI,CAAC,mBAAmB,CAAC,0BAA0B,CAAC,aAAc,CAAC,mBAAmB,CAAC,EAAE;wBAC7G,QAAQ,CAAC,CAAC,CAAC,GAAG,QAAQ,CAAC,EAAG,CAAA;qBAC3B;iBACF;aACF;YACD,MAAM,kCAAkC,GAA8D,EAAE,CAAA;YACxG,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,kCAAkC,EAAE,kCAAkC,EAAE,CAAA;QACvG,CAAC;KAAA;IAEK,yBAAyB,CAAC,UAAwC;;YACtE,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAA;YAChC,MAAM,MAAM,GAAG,MAAM,CAAC,kCAAkC,CAAC,UAAU,CAAC,CAAA;YACpE,IAAI,MAAM;gBAAE,OAAO,MAAM,CAAA;YACzB,MAAM,oBAAoB,GAAG,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,mBAAmB,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAA;YAClI,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,2BAA2B,CAAC,oBAAoB,EAAE,UAAU,CAAC,CAAA;YAC7G,MAAM,CAAC,kCAAkC,CAAC,UAAU,CAAC,GAAG,QAAQ,CAAA;YAChE,OAAO,QAAQ,CAAA;QACjB,CAAC;KAAA;IAEK,oBAAoB,CAAC,UAAwC;;YACjE,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAA;YAChC,MAAM,oBAAoB,GAAG,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,mBAAmB,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAA;YAClI,MAAM,GAAG,GAAa,EAAE,CAAA;YACxB,KAAK,MAAM,mBAAmB,IAAI,oBAAoB,EAAE;gBACtD,sIAAsI;gBACtI,GAAG,CAAC,IAAI,CAAC,MAAM,IAAI,CAAC,mBAAmB,CAAC,sBAAsB,CAAC,mBAAmB,EAAE,UAAU,CAAC,CAAC,CAAA;aACjG;YACD,OAAO,GAAG,CAAA;QACZ,CAAC;KAAA;CACF;AAED,MAAM,kCAAmC,SAAQ,2BAA2B;IAO1E,YACE,IAA6B,EAC7B,cAAyC,EACzC,mBAA6C,EAC7C,gBAAkC,EAClC,YAA8B,EAC9B,UAA4B,EAC5B,aAAsB,EACtB,kBAEC;;QAED,KAAK,CAAC,IAAI,EAAE,cAAc,EAAE,mBAAmB,EAAE,gBAAgB,EAAE,YAAY,EAAE,UAAU,EAAE,aAAa,CAAC,CAAA;QAlB5F,aAAQ,GAAsE,IAAI,iCAAc,EAAE,CAAA;QAClG,aAAQ,GAAwB,IAAI,GAAG,EAAE,CAAA;QACzC,uCAAkC,GAAwB,IAAI,GAAG,EAAE,CAAA;QAEnE,eAAU,GAAG,IAAI,mBAAK,EAAE,CAAA;QAevC,IAAI,CAAC,qBAAqB,GAAG,MAAA,kBAAkB,CAAC,YAAY,mCAAI,IAAI,CAAA;IACtE,CAAC;IAEK,sBAAsB;;YAC1B,IAAI,CAAC,QAAQ,CAAC,KAAK,EAAE,CAAA;YACrB,IAAI,CAAC,QAAQ,CAAC,KAAK,EAAE,CAAA;YACrB,IAAI,CAAC,kCAAkC,CAAC,KAAK,EAAE,CAAA;QACjD,CAAC;KAAA;IAEK,6CAA6C,CACjD,MAAgB;;YAEhB,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,OAAO,EAAE,CAAA;YAC/C,IAAI;gBACF,MAAM,GAAG,GAEL,EAAE,CAAA;gBACN,KAAK,MAAM,IAAI,IAAI,MAAM,EAAE;oBACzB,MAAM,MAAM,GAAG,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,CAAA;oBACtC,IAAI,MAAM,EAAE;wBACV,MAAM,SAAS,GAAG,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,MAAM,CAAC,CAAA;wBACjD,IAAI,CAAC,SAAS;4BAAE,MAAM,IAAI,KAAK,CAAC,gBAAgB,MAAM,mCAAmC,CAAC,CAAA;wBAC1F,IAAI,SAAS,CAAC,SAAS,EAAE;4BACvB,GAAG,CAAC,IAAI,CAAC,GAAG;gCACV,YAAY,EAAE,SAAS,CAAC,YAAY;gCACpC,WAAW,EAAE,SAAS,CAAC,SAAS,CAAC,WAAW;gCAC5C,mBAAmB,EAAE,SAAS,CAAC,SAAS,CAAC,mBAAmB;6BAC7D,CAAA;yBACF;qBACF;iBACF;gBACD,OAAO,GAAG,CAAA;aACX;oBAAS;gBACR,OAAO,EAAE,CAAA;aACV;QACH,CAAC;KAAA;IAEK,yBAAyB,CAC7B,GAAa,EACb,mBAA4B;;;YAQ5B,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,OAAO,EAAE,CAAA;YAC/C,IAAI;gBACF,MAAM,GAAG,GAML,EAAE,CAAA;gBACN,MAAM,QAAQ,GAAa,EAAE,CAAA;gBAC7B,KAAK,MAAM,EAAE,IAAI,GAAG,EAAE;oBACpB,MAAM,MAAM,GAAuD,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC,CAAA;oBAC9F,IAAI,MAAM,EAAE;wBACV,GAAG,CAAC,EAAE,CAAC,GAAG;4BACR,WAAW,EAAE,MAAA,MAAM,CAAC,SAAS,0CAAE,WAAW;4BAC1C,mBAAmB,EAAE,MAAA,MAAM,CAAC,SAAS,0CAAE,mBAAmB;4BAC1D,YAAY,EAAE,MAAM,CAAC,YAAY;yBAClC,CAAA;qBACF;yBAAM,IAAI,mBAAmB,EAAE;wBAC9B,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;qBAClB;iBACF;gBACD,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE;oBACvB,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,oBAAoB,CAAC,QAAQ,CAAC,CAAA;oBAChE,KAAK,MAAM,IAAI,IAAI,SAAS,EAAE;wBAC5B,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,CAAA;wBAC9C,IAAI,SAAS,EAAE;4BACb,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,0BAA0B,CAAC,SAAS,CAAC,mBAAmB,CAAC,CAAA;4BACvG,IAAI,CAAC,UAAU,CAAC,EAAE,YAAY,EAAE,IAAI,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC,CAAA;yBAC3D;6BAAM;4BACL,IAAI,CAAC,UAAU,CAAC,EAAE,YAAY,EAAE,IAAI,EAAE,MAAM,EAAE,EAAE,EAAE,CAAC,CAAA;yBACpD;wBACD,GAAG,CAAC,IAAI,CAAC,EAAG,CAAC,GAAG;4BACd,WAAW,EAAE,SAAS,aAAT,SAAS,uBAAT,SAAS,CAAE,WAAW;4BACnC,mBAAmB,EAAE,SAAS,aAAT,SAAS,uBAAT,SAAS,CAAE,mBAAmB;4BACnD,YAAY,EAAE,IAAI;yBACnB,CAAA;qBACF;iBACF;gBACD,OAAO,GAAG,CAAA;aACX;oBAAS;gBACR,OAAO,EAAE,CAAA;aACV;;KACF;IAEK,2BAA2B,CAC/B,UAAkB,EAClB,+BAAwC;;YAExC,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,OAAO,EAAE,CAAA;YAC/C,IAAI;gBACF,IAAI,UAAU,GAAG,IAAI,CAAC,kCAAkC,CAAC,GAAG,CAAC,UAAU,CAAC,CAAA;gBACxE,IAAI,CAAC,UAAU,EAAE;oBACf,MAAM,IAAI,CAAC,uBAAuB,CAAC,UAAU,CAAC,CAAA;oBAC9C,UAAU,GAAG,IAAI,CAAC,kCAAkC,CAAC,GAAG,CAAC,UAAU,CAAC,CAAA;iBACrE;gBACD,IAAI,UAAU,EAAE;oBACd,MAAM,MAAM,GAAG,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,UAAU,CAAC,CAAA;oBAClD,IAAI,CAAC,MAAM;wBAAE,MAAM,IAAI,KAAK,CAAC,+BAA+B,UAAU,4BAA4B,CAAC,CAAA;oBACnG,IAAI,MAAM,CAAC,SAAS,EAAE;wBACpB,OAAO;4BACL,YAAY,EAAE,MAAM,CAAC,YAAY;4BACjC,WAAW,EAAE,MAAM,CAAC,SAAS,CAAC,WAAW;4BACzC,mBAAmB,EAAE,MAAM,CAAC,SAAS,CAAC,mBAAmB;yBAC1D,CAAA;qBACF;;wBAAM,MAAM,IAAI,KAAK,CAAC,0DAA0D,CAAC,CAAA;iBACnF;qBAAM;oBACL,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,qBAAqB,CAAC,UAAU,EAAE;wBAC3D,mBAAmB,EAAE,+BAA+B;qBACrD,CAAC,CAAA;oBACF,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,0BAA0B,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAA;oBACrG,MAAM,IAAI,GAAG;wBACX,YAAY,EAAE,OAAO,CAAC,YAAY;wBAClC,SAAS,EAAE;4BACT,mBAAmB,EAAE,OAAO,CAAC,mBAAmB;4BAChD,WAAW,EAAE,OAAO,CAAC,WAAW;4BAChC,QAAQ,EAAE,IAAI;yBACf;wBACD,MAAM;qBACP,CAAA;oBACD,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,CAAA;oBACrB,OAAO;wBACL,YAAY,EAAE,IAAI,CAAC,YAAY;wBAC/B,WAAW,EAAE,IAAI,CAAC,SAAU,CAAC,WAAW;wBACxC,mBAAmB,EAAE,IAAI,CAAC,SAAU,CAAC,mBAAmB;qBACzD,CAAA;iBACF;aACF;oBAAS;gBACR,OAAO,EAAE,CAAA;aACV;QACH,CAAC;KAAA;IAED,iJAAiJ;IACjJ,uEAAuE;IACzD,uBAAuB,CAAC,UAAkB;;YACtD,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,sCAAsC,CAAC,MAAM,IAAI,CAAC,YAAY,CAAC,qBAAqB,EAAE,EAAE,UAAU,CAAC,CAAA;YAC1I,KAAK,MAAM,IAAI,IAAI,cAAc,EAAE;gBACjC,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,CAAA;gBAC9C,IAAI,SAAS,EAAE;oBACb,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,0BAA0B,CAAC,SAAS,CAAC,mBAAmB,CAAC,CAAA;oBACvG,IAAI,CAAC,UAAU,CAAC,EAAE,YAAY,EAAE,IAAI,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC,CAAA;iBAC3D;qBAAM;oBACL,IAAI,CAAC,UAAU,CAAC,EAAE,YAAY,EAAE,IAAI,EAAE,MAAM,EAAE,EAAE,EAAE,CAAC,CAAA;iBACpD;aACF;QACH,CAAC;KAAA;IAEO,UAAU,CAAC,IAA+C;;QAChE,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,IAAI,IAAI,CAAC,qBAAqB,EAAE;YACpD,IAAI,CAAC,aAAa,EAAE,CAAA;SACrB;QACD,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,EAAE,IAAI,CAAC,YAAY,CAAC,EAAG,CAAC,CAAC,CAAA;QAC7E,IAAI,CAAA,MAAA,IAAI,CAAC,SAAS,0CAAE,QAAQ,KAAI,CAAC,IAAI,CAAC,kCAAkC,CAAC,GAAG,CAAC,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,EAAE;YACxG,IAAI,CAAC,kCAAkC,CAAC,GAAG,CAAC,IAAI,CAAC,YAAY,CAAC,QAAQ,EAAE,IAAI,CAAC,YAAY,CAAC,EAAG,CAAC,CAAA;SAC/F;QACD,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,YAAY,CAAC,EAAG,EAAE,IAAI,CAAC,CAAA;IAChD,CAAC;IAEO,aAAa;QACnB,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,CAAC,sBAAsB,EAAE,CAAA;QACtD,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAA;QAC5D,IAAI,IAAI,CAAC,kCAAkC,CAAC,GAAG,CAAC,OAAO,CAAC,YAAY,CAAC,QAAQ,CAAC,KAAK,OAAO,CAAC,YAAY,CAAC,EAAE,EAAE;YAC1G,IAAI,CAAC,kCAAkC,CAAC,MAAM,CAAC,OAAO,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAA;SAC9E;IACH,CAAC;IAED,yBAAyB;QACvB,OAAO,OAAO,CAAC,OAAO,CAAC,SAAS,CAAC,CAAA;IACnC,CAAC;IAED,oBAAoB;QAClB,OAAO,OAAO,CAAC,OAAO,CAAC,SAAS,CAAC,CAAA;IACnC,CAAC;CACF","sourcesContent":["import { ExchangeData } from '../../icc-api/model/internal/ExchangeData'\nimport { IccDataOwnerXApi } from '../icc-data-owner-x-api'\nimport { BaseExchangeDataManager } from './BaseExchangeDataManager'\nimport { UserEncryptionKeysManager } from './UserEncryptionKeysManager'\nimport { AccessControlSecretUtils } from './AccessControlSecretUtils'\nimport { CryptoStrategies } from './CryptoStrategies'\nimport { fingerprintV1, getShaVersionForKey, hexPublicKeysWithSha1Of, hexPublicKeysWithSha256Of } from './utils'\nimport { CryptoPrimitives } from './CryptoPrimitives'\nimport { EntityWithDelegationTypeName, hex2ua } from '../utils'\nimport { CryptoActorStubWithType } from '../../icc-api/model/CryptoActorStub'\nimport { ShaVersion } from './RSA'\nimport { Mutex } from 'async-mutex'\nimport { SimpleLruCache } from '../utils/simple-lru-cache'\n\nexport type ExchangeDataManagerOptionalParameters = {\n // Only for not fully cached implementation (data owner can't request all his exchange data), amount of exchange data which can be cached\n lruCacheSize?: number // default = 2000\n}\n\n/**\n * @internal this function is for internal use only and may be changed without notice.\n * Initialises and returns the exchange data manager which is most appropriate for the current data owner.\n */\nexport async function initialiseExchangeDataManagerForCurrentDataOwner(\n base: BaseExchangeDataManager,\n encryptionKeys: UserEncryptionKeysManager,\n accessControlSecret: AccessControlSecretUtils,\n cryptoStrategies: CryptoStrategies,\n dataOwnerApi: IccDataOwnerXApi,\n primitives: CryptoPrimitives,\n useParentKeys: boolean,\n optionalParameters: ExchangeDataManagerOptionalParameters = {}\n): Promise<ExchangeDataManager> {\n const currentOwner = CryptoActorStubWithType.fromDataOwner(await dataOwnerApi.getCurrentDataOwner())\n if (cryptoStrategies.dataOwnerRequiresAnonymousDelegation(currentOwner)) {\n const res = new FullyCachedExchangeDataManager(\n base,\n encryptionKeys,\n accessControlSecret,\n cryptoStrategies,\n dataOwnerApi,\n primitives,\n useParentKeys\n )\n await res.clearOrRepopulateCache()\n return res\n } else {\n return new LimitedLruCacheExchangeDataManager(\n base,\n encryptionKeys,\n accessControlSecret,\n cryptoStrategies,\n dataOwnerApi,\n primitives,\n useParentKeys,\n optionalParameters\n )\n }\n}\n\ntype CachedExchangeData = {\n exchangeData: ExchangeData\n decrypted?: {\n accessControlSecret: string\n exchangeKey: CryptoKey\n verified: boolean\n }\n}\n\n/**\n * @internal this class is intended for internal use only and may be changed without notice.\n * Exchange data manager which automatically handles decryption and cache\n */\nexport interface ExchangeDataManager {\n readonly base: BaseExchangeDataManager\n\n /**\n * Updates all exchange data between the current data owner and another data owner to allow the other data owner to access existing exchange data\n * using a new public key. Note that this will make existing exchange keys from the other data owner to the current data owner unverified, therefore\n * invalid for encryption.\n * @param otherDataOwner the other data owner.\n * @param newDataOwnerPublicKey a new public key of the other data owner.\n */\n giveAccessBackTo(otherDataOwner: string, newDataOwnerPublicKey: string): Promise<void>\n\n /**\n * Gets any existing and verified exchange data from the current data owner to the provided delegate or creates new data if no verified data is\n * available, then caches it.\n * @param delegateId the id of the delegate.\n * @param allowCreationWithoutDelegateKey if true, when creating new exchange data, even if no verified key is available for the delegate the method\n * will create the new exchange data anyway (will not be usable by the delegate without additional steps).\n * @return the access control secret and key of the data to use for encryption.\n */\n getOrCreateEncryptionDataTo(\n delegateId: string,\n allowCreationWithoutDelegateKey: boolean\n ): Promise<{ exchangeData: ExchangeData; accessControlSecret: string; exchangeKey: CryptoKey }>\n\n /**\n * Retrieve the cached decrypted exchange data key associated with any of the provided hashes/entry keys of secure delegations.\n * @param hashes hashes of access control secrets for a specific entity, as they appear in the key of secure delegation entries\n * @return the exchange data and decrypted key associated to that hash if cached\n */\n getCachedDecryptionDataKeyByAccessControlHash(\n hashes: string[]\n ): Promise<{ [hash: string]: { exchangeData: ExchangeData; accessControlSecret: string; exchangeKey: CryptoKey } }>\n\n /**\n * Retrieves the exchange data with the provided id (from the cache if available or from the server otherwise if allowed by\n * and attempts to decrypt it, then caches the result.\n * @param ids ids of the exchange datas to retrieve\n * @param retrieveIfNotCached if false only cached data will be returned, and the access control hases options will be\n * ignored\n * @return a map containing the exchange data id associated with:\n * - exchangeData: the exchange data with the provided id\n * - exchangeKey: the exchange key corresponding to the provided exchange data if it could be decrypted, else undefined\n * - accessControlSecret: the access control secret corresponding to the provided exchange data if it could be decrypted, else undefined\n */\n getDecryptionDataKeyByIds(\n ids: string[],\n retrieveIfNotCached: boolean\n ): Promise<{ [id: string]: { exchangeKey: CryptoKey | undefined; accessControlSecret: string | undefined; exchangeData: ExchangeData } }>\n\n /**\n * Clears the cache or fully repopulates the cache if the current data owner can retrieve all of his exchange data according to the crypto\n * strategies.\n */\n clearOrRepopulateCache(): Promise<void>\n\n /**\n * If the current data owner requires anonymous delegations this returns the base64 representation of the concatenation of all available access\n * control keys for the current data owner.\n */\n getAccessControlKeysValue(entityType: EntityWithDelegationTypeName): Promise<string | undefined>\n\n /**\n * If the current data owner requires anonymous delegations this returns the access control keys which may be used in secure delegations for the\n * data owner, which can be used to search for data.\n */\n getAllDelegationKeys(entityType: EntityWithDelegationTypeName): Promise<string[] | undefined>\n}\n\nabstract class AbstractExchangeDataManager implements ExchangeDataManager {\n constructor(\n readonly base: BaseExchangeDataManager,\n protected readonly encryptionKeys: UserEncryptionKeysManager,\n protected readonly accessControlSecret: AccessControlSecretUtils,\n protected readonly cryptoStrategies: CryptoStrategies,\n protected readonly dataOwnerApi: IccDataOwnerXApi,\n protected readonly primitives: CryptoPrimitives,\n private readonly useParentKeys: boolean\n ) {}\n\n protected async decryptData(data: ExchangeData): Promise<\n | {\n accessControlSecret: string\n exchangeKey: CryptoKey\n verified: boolean\n }\n | undefined\n > {\n const decryptionKeys = this.encryptionKeys.getDecryptionKeys()\n const encryptionKeys = Object.fromEntries(\n this.encryptionKeys.getSelfVerifiedKeys().map((x): [string, CryptoKey] => [x.fingerprint, x.pair.privateKey])\n )\n const decryptedExchangeKey = (await this.base.tryDecryptExchangeKeys([data], decryptionKeys)).successfulDecryptions[0]\n if (!decryptedExchangeKey) return undefined\n const decryptedAccessControlSecret = (await this.base.tryDecryptAccessControlSecret([data], decryptionKeys)).successfulDecryptions[0]\n if (!decryptedAccessControlSecret)\n throw new Error(`Decryption key could be decrypted but access control secret could not for data ${JSON.stringify(data)}`)\n const decryptedSharedSignatureKey = (await this.base.tryDecryptSharedSignatureKeys([data], decryptionKeys)).successfulDecryptions[0]\n if (!decryptedSharedSignatureKey)\n throw new Error(`Decryption key could be decrypted but shared signature key could not for data ${JSON.stringify(data)}`)\n return {\n accessControlSecret: decryptedAccessControlSecret,\n exchangeKey: decryptedExchangeKey,\n verified: await this.base.verifyExchangeData(\n {\n exchangeData: data,\n decryptedAccessControlSecret,\n decryptedExchangeKey,\n decryptedSharedSignatureKey,\n },\n encryptionKeys,\n true\n ),\n }\n }\n\n protected async createNewExchangeData(\n delegateId: string,\n options: {\n newDataId?: string\n allowNoDelegateKeys?: boolean\n }\n ): Promise<{ exchangeData: ExchangeData; accessControlSecret: string; exchangeKey: CryptoKey }> {\n const encryptionKeys: { [fp: string]: CryptoKey } = {}\n const selfVerifiedKeys = this.encryptionKeys.getSelfVerifiedKeys()\n selfVerifiedKeys.forEach(({ fingerprint, pair }) => {\n encryptionKeys[fingerprint] = pair.publicKey\n })\n if (delegateId != (await this.dataOwnerApi.getCurrentDataOwnerId())) {\n const delegate = await this.dataOwnerApi.getCryptoActorStub(delegateId)\n const sha256KeysOfDelegate = hexPublicKeysWithSha256Of(delegate.stub)\n const sha1KeysOfDelegate = hexPublicKeysWithSha1Of(delegate.stub)\n let allVerifiedDelegateKeys: string[]\n if (!sha256KeysOfDelegate.size && !sha1KeysOfDelegate.size) {\n if (!options.allowNoDelegateKeys)\n throw new Error(`Could not create exchange data to ${delegateId} as no public key for the delegate was found.`)\n allVerifiedDelegateKeys = []\n } else if (this.useParentKeys && (await this.dataOwnerApi.getCurrentDataOwnerHierarchyIds()).includes(delegateId)) {\n allVerifiedDelegateKeys = await this.encryptionKeys.getVerifiedPublicKeysFor(delegate.stub)\n } else {\n allVerifiedDelegateKeys = await this.cryptoStrategies.verifyDelegatePublicKeys(\n delegate,\n [...Array.from(sha256KeysOfDelegate), ...Array.from(sha1KeysOfDelegate)],\n this.primitives\n )\n }\n if (!allVerifiedDelegateKeys.length && !options.allowNoDelegateKeys)\n throw new Error(`Could not create exchange data to ${delegateId} as no public key for the delegate could be verified.`)\n for (const delegateKey of allVerifiedDelegateKeys) {\n if (sha1KeysOfDelegate.has(delegateKey)) {\n encryptionKeys[fingerprintV1(delegateKey)] = await this.primitives.RSA.importKey('spki', hex2ua(delegateKey), ['encrypt'], ShaVersion.Sha1)\n } else if (sha256KeysOfDelegate.has(delegateKey)) {\n encryptionKeys[fingerprintV1(delegateKey)] = await this.primitives.RSA.importKey(\n 'spki',\n hex2ua(delegateKey),\n ['encrypt'],\n ShaVersion.Sha256\n )\n } else throw new Error('Illegal state: verified keys should contain only keys for OAPE-SHA1 or OAPE-SHA256.')\n }\n }\n const newData = await this.base.createExchangeData(\n delegateId,\n Object.fromEntries(selfVerifiedKeys.map((x): [string, CryptoKey] => [x.fingerprint, x.pair.privateKey])),\n encryptionKeys,\n options.newDataId ? { id: options.newDataId } : {}\n )\n return {\n exchangeData: newData.exchangeData,\n accessControlSecret: newData.accessControlSecret,\n exchangeKey: newData.exchangeKey,\n }\n }\n\n async giveAccessBackTo(otherDataOwner: string, newDataOwnerPublicKey: string) {\n const self = await this.dataOwnerApi.getCurrentDataOwnerId()\n const newKeyFp = fingerprintV1(newDataOwnerPublicKey)\n const other = await this.dataOwnerApi.getCryptoActorStub(otherDataOwner)\n const newKeyHashVersion = getShaVersionForKey(other.stub, newDataOwnerPublicKey)\n if (!newKeyHashVersion) throw new Error(`Public key not found for data owner ${otherDataOwner}`)\n const importedNewKey = await this.primitives.RSA.importKey('spki', hex2ua(newDataOwnerPublicKey), ['encrypt'], newKeyHashVersion)\n const decryptionKeys = this.encryptionKeys.getDecryptionKeys()\n const allExchangeDataToUpdate =\n self == otherDataOwner\n ? await this.base.getExchangeDataByDelegatorDelegatePair(self, self)\n : [\n ...(await this.base.getExchangeDataByDelegatorDelegatePair(self, otherDataOwner)),\n ...(await this.base.getExchangeDataByDelegatorDelegatePair(otherDataOwner, self)),\n ]\n for (const dataToUpdate of allExchangeDataToUpdate) {\n if (!Object.keys(dataToUpdate.exchangeKey).find((fp) => fp == newKeyFp)) {\n const updated = await this.base.tryUpdateExchangeData(dataToUpdate, decryptionKeys, { [newKeyFp]: importedNewKey })\n if (!updated) {\n console.warn(`Failed to give access back to exchanged data ${JSON.stringify(dataToUpdate)}`)\n }\n }\n }\n }\n\n clearOrRepopulateCache(): Promise<void> {\n throw new Error('Implemented by concrete class')\n }\n\n getOrCreateEncryptionDataTo(\n delegateId: string,\n allowCreationWithoutDelegateKey: boolean\n ): Promise<{ exchangeData: ExchangeData; accessControlSecret: string; exchangeKey: CryptoKey }> {\n throw new Error('Implemented by concrete class')\n }\n\n getCachedDecryptionDataKeyByAccessControlHash(\n hashes: string[]\n ): Promise<{ [p: string]: { exchangeData: ExchangeData; exchangeKey: CryptoKey; accessControlSecret: string } }> {\n throw new Error('Implemented by concrete class')\n }\n\n getDecryptionDataKeyByIds(\n ids: string[],\n retrieveIfNotCached: boolean\n ): Promise<{\n [p: string]: {\n exchangeKey: CryptoKey | undefined\n accessControlSecret: string | undefined\n exchangeData: ExchangeData\n }\n }> {\n throw new Error('Implemented by concrete class')\n }\n\n getAccessControlKeysValue(entityType: EntityWithDelegationTypeName): Promise<string | undefined> {\n throw new Error('Implemented by concrete class')\n }\n\n getAllDelegationKeys(entityType: EntityWithDelegationTypeName): Promise<string[] | undefined> {\n throw new Error('Implemented by concrete class')\n }\n}\n\nclass FullyCachedExchangeDataManager extends AbstractExchangeDataManager {\n private caches: Promise<{\n dataById: { [id: string]: CachedExchangeData }\n hashToId: { [hash: string]: string }\n delegateToVerifiedEncryptionDataId: { [delegate: string]: string }\n entityTypeToAccessControlKeysValue: { [entityType in EntityWithDelegationTypeName]?: string }\n }> = Promise.resolve({ dataById: {}, hashToId: {}, delegateToVerifiedEncryptionDataId: {}, entityTypeToAccessControlKeysValue: {} })\n private createExchangeDataMutex = new Mutex()\n\n async clearOrRepopulateCache(): Promise<void> {\n this.caches = this.doRepopulateCache()\n await this.caches\n }\n\n async getCachedDecryptionDataKeyByAccessControlHash(\n hashes: string[]\n ): Promise<{ [hash: string]: { exchangeData: ExchangeData; exchangeKey: CryptoKey; accessControlSecret: string } }> {\n function retrieveByHashesFromCaches(caches: {\n dataById: { [id: string]: CachedExchangeData }\n hashToId: { [hash: string]: string }\n delegateToVerifiedEncryptionDataId: { [delegate: string]: string }\n }): { [hash: string]: { exchangeData: ExchangeData; exchangeKey: CryptoKey; accessControlSecret: string } } {\n return hashes.reduce((res, hash) => {\n const id = caches.hashToId[hash]\n if (id) {\n const cached = caches.dataById[id]\n if (cached?.decrypted) {\n res[hash] = {\n exchangeData: cached.exchangeData,\n exchangeKey: cached.decrypted.exchangeKey,\n accessControlSecret: cached.decrypted.accessControlSecret,\n }\n }\n }\n return res\n }, {} as { [hash: string]: { exchangeData: ExchangeData; exchangeKey: CryptoKey; accessControlSecret: string } })\n }\n\n return retrieveByHashesFromCaches(await this.caches)\n }\n\n private async getCachedEncryptionDataTo(\n delegateId: string\n ): Promise<{ exchangeKey: CryptoKey; accessControlSecret: string; exchangeData: ExchangeData } | undefined> {\n const caches = await this.caches\n const dataId = caches.delegateToVerifiedEncryptionDataId[delegateId]\n const cached = dataId ? caches.dataById[dataId] : undefined\n if (cached && cached?.decrypted) {\n return {\n exchangeData: cached.exchangeData,\n accessControlSecret: cached.decrypted.accessControlSecret,\n exchangeKey: cached.decrypted.exchangeKey,\n }\n } else {\n return undefined\n }\n }\n\n async getOrCreateEncryptionDataTo(\n delegateId: string,\n allowCreationWithoutDelegateKey: boolean\n ): Promise<{ exchangeData: ExchangeData; accessControlSecret: string; exchangeKey: CryptoKey }> {\n const initialCached = await this.getCachedEncryptionDataTo(delegateId)\n if (initialCached) return initialCached\n const release = await this.createExchangeDataMutex.acquire()\n try {\n const cachedAfterMutex = await this.getCachedEncryptionDataTo(delegateId)\n if (cachedAfterMutex) return cachedAfterMutex\n const created = await this.createNewExchangeData(delegateId, { allowNoDelegateKeys: allowCreationWithoutDelegateKey })\n this.cacheData(created.exchangeData, true, {\n accessControlSecret: created.accessControlSecret,\n exchangeKey: created.exchangeKey,\n verified: true,\n })\n return created\n } finally {\n release()\n }\n }\n\n async getDecryptionDataKeyByIds(\n ids: string[],\n retrieveIfNotCached: boolean\n ): Promise<{\n [p: string]: {\n exchangeKey: CryptoKey | undefined\n accessControlSecret: string | undefined\n exchangeData: ExchangeData\n }\n }> {\n const caches = await this.caches\n const res: {\n [p: string]: {\n exchangeKey: CryptoKey | undefined\n accessControlSecret: string | undefined\n exchangeData: ExchangeData\n }\n } = {}\n for (const id of ids) {\n const data = caches.dataById[id]\n if (data) {\n res[id] = {\n exchangeData: data.exchangeData,\n exchangeKey: data.decrypted?.exchangeKey,\n accessControlSecret: data.decrypted?.accessControlSecret,\n }\n }\n }\n return res\n }\n\n private cacheData(\n exchangeData: ExchangeData,\n isNewData: boolean,\n decrypted: { accessControlSecret: string; exchangeKey: CryptoKey; verified: boolean } | undefined\n ): void {\n this.caches = this.caches.then(async (caches) => {\n caches.dataById[exchangeData.id!] = { exchangeData, decrypted }\n if (decrypted) {\n const hashes = await this.accessControlSecret.allSecureDelegationKeysFor(decrypted.accessControlSecret)\n hashes.forEach((hash) => {\n caches.hashToId[hash] = exchangeData.id!\n })\n if (decrypted.verified) {\n caches.delegateToVerifiedEncryptionDataId[exchangeData.delegate] = exchangeData.id!\n }\n }\n if (isNewData) caches.entityTypeToAccessControlKeysValue = {}\n return caches\n })\n }\n\n private async doRepopulateCache(): Promise<{\n dataById: { [id: string]: CachedExchangeData }\n hashToId: { [hash: string]: string }\n delegateToVerifiedEncryptionDataId: { [delegate: string]: string }\n entityTypeToAccessControlKeysValue: { [entityType in EntityWithDelegationTypeName]?: string }\n }> {\n const allData = await this.base.getAllExchangeDataForCurrentDataOwnerIfAllowed()\n if (!allData) throw new Error('Impossible to use fully cached exchange data manager for current data owner.')\n const dataById: { [id: string]: CachedExchangeData } = {}\n const hashToId: { [hash: string]: string } = {}\n const delegateToVerifiedEncryptionDataId: { [delegate: string]: string } = {}\n for (const currData of allData) {\n const currDecrypted = await this.decryptData(currData)\n dataById[currData.id!] = { exchangeData: currData, decrypted: currDecrypted }\n if (currDecrypted?.verified) {\n delegateToVerifiedEncryptionDataId[currData.delegate] = currData.id!\n }\n if (currDecrypted?.accessControlSecret) {\n for (const h of await this.accessControlSecret.allSecureDelegationKeysFor(currDecrypted!.accessControlSecret)) {\n hashToId[h] = currData.id!\n }\n }\n }\n const entityTypeToAccessControlKeysValue: { [entityType in EntityWithDelegationTypeName]?: string } = {}\n return { dataById, hashToId, delegateToVerifiedEncryptionDataId, entityTypeToAccessControlKeysValue }\n }\n\n async getAccessControlKeysValue(entityType: EntityWithDelegationTypeName): Promise<string | undefined> {\n const caches = await this.caches\n const cached = caches.entityTypeToAccessControlKeysValue[entityType]\n if (cached) return cached\n const accessControlSecrets = Object.values(caches.dataById).flatMap((x) => (x.decrypted ? [x.decrypted.accessControlSecret] : []))\n const fullData = await this.accessControlSecret.getEncodedAccessControlKeys(accessControlSecrets, entityType)\n caches.entityTypeToAccessControlKeysValue[entityType] = fullData\n return fullData\n }\n\n async getAllDelegationKeys(entityType: EntityWithDelegationTypeName): Promise<string[] | undefined> {\n const caches = await this.caches\n const accessControlSecrets = Object.values(caches.dataById).flatMap((x) => (x.decrypted ? [x.decrypted.accessControlSecret] : []))\n const res: string[] = []\n for (const accessControlSecret of accessControlSecrets) {\n // Usage of sfks in secure delegation key should be configurable: it is not necessary for all users and it has some performance impact\n res.push(await this.accessControlSecret.secureDelegationKeyFor(accessControlSecret, entityType))\n }\n return res\n }\n}\n\nclass LimitedLruCacheExchangeDataManager extends AbstractExchangeDataManager {\n private readonly idToData: SimpleLruCache<string, CachedExchangeData & { hashes: string[] }> = new SimpleLruCache()\n private readonly hashToId: Map<string, string> = new Map()\n private readonly delegateToVerifiedEncryptionDataId: Map<string, string> = new Map()\n private readonly maxCachedExchangeData: number\n private readonly cacheMutex = new Mutex()\n\n constructor(\n base: BaseExchangeDataManager,\n encryptionKeys: UserEncryptionKeysManager,\n accessControlSecret: AccessControlSecretUtils,\n cryptoStrategies: CryptoStrategies,\n dataOwnerApi: IccDataOwnerXApi,\n primitives: CryptoPrimitives,\n useParentKeys: boolean,\n optionalParameters: {\n lruCacheSize?: number\n }\n ) {\n super(base, encryptionKeys, accessControlSecret, cryptoStrategies, dataOwnerApi, primitives, useParentKeys)\n this.maxCachedExchangeData = optionalParameters.lruCacheSize ?? 2000\n }\n\n async clearOrRepopulateCache(): Promise<void> {\n this.idToData.clear()\n this.hashToId.clear()\n this.delegateToVerifiedEncryptionDataId.clear()\n }\n\n async getCachedDecryptionDataKeyByAccessControlHash(\n hashes: string[]\n ): Promise<{ [p: string]: { exchangeData: ExchangeData; exchangeKey: CryptoKey; accessControlSecret: string } }> {\n const release = await this.cacheMutex.acquire()\n try {\n const res: {\n [p: string]: { exchangeData: ExchangeData; exchangeKey: CryptoKey; accessControlSecret: string }\n } = {}\n for (const hash of hashes) {\n const dataId = this.hashToId.get(hash)\n if (dataId) {\n const retrieved = this.idToData.getCached(dataId)\n if (!retrieved) throw new Error(`Data with id ${dataId} should have been already cached.`)\n if (retrieved.decrypted) {\n res[hash] = {\n exchangeData: retrieved.exchangeData,\n exchangeKey: retrieved.decrypted.exchangeKey,\n accessControlSecret: retrieved.decrypted.accessControlSecret,\n }\n }\n }\n }\n return res\n } finally {\n release()\n }\n }\n\n async getDecryptionDataKeyByIds(\n ids: string[],\n retrieveIfNotCached: boolean\n ): Promise<{\n [p: string]: {\n exchangeKey: CryptoKey | undefined\n accessControlSecret: string | undefined\n exchangeData: ExchangeData\n }\n }> {\n const release = await this.cacheMutex.acquire()\n try {\n const res: {\n [p: string]: {\n exchangeKey: CryptoKey | undefined\n accessControlSecret: string | undefined\n exchangeData: ExchangeData\n }\n } = {}\n const uncached: string[] = []\n for (const id of ids) {\n const cached: (CachedExchangeData & { hashes: string[] }) | null = this.idToData.getCached(id)\n if (cached) {\n res[id] = {\n exchangeKey: cached.decrypted?.exchangeKey,\n accessControlSecret: cached.decrypted?.accessControlSecret,\n exchangeData: cached.exchangeData,\n }\n } else if (retrieveIfNotCached) {\n uncached.push(id)\n }\n }\n if (uncached.length > 0) {\n const retrieved = await this.base.getExchangeDataByIds(uncached)\n for (const data of retrieved) {\n const decrypted = await this.decryptData(data)\n if (decrypted) {\n const hashes = await this.accessControlSecret.allSecureDelegationKeysFor(decrypted.accessControlSecret)\n this.addToCache({ exchangeData: data, hashes, decrypted })\n } else {\n this.addToCache({ exchangeData: data, hashes: [] })\n }\n res[data.id!] = {\n exchangeKey: decrypted?.exchangeKey,\n accessControlSecret: decrypted?.accessControlSecret,\n exchangeData: data,\n }\n }\n }\n return res\n } finally {\n release()\n }\n }\n\n async getOrCreateEncryptionDataTo(\n delegateId: string,\n allowCreationWithoutDelegateKey: boolean\n ): Promise<{ exchangeData: ExchangeData; accessControlSecret: string; exchangeKey: CryptoKey }> {\n const release = await this.cacheMutex.acquire()\n try {\n let existingId = this.delegateToVerifiedEncryptionDataId.get(delegateId)\n if (!existingId) {\n await this.populateCacheToDelegate(delegateId)\n existingId = this.delegateToVerifiedEncryptionDataId.get(delegateId)\n }\n if (existingId) {\n const cached = this.idToData.getCached(existingId)\n if (!cached) throw new Error(`Illegal state: data with id ${existingId} should have been in cache`)\n if (cached.decrypted) {\n return {\n exchangeData: cached.exchangeData,\n exchangeKey: cached.decrypted.exchangeKey,\n accessControlSecret: cached.decrypted.accessControlSecret,\n }\n } else throw new Error(`Illegal state: cached verified data should be decrypted.`)\n } else {\n const created = await this.createNewExchangeData(delegateId, {\n allowNoDelegateKeys: allowCreationWithoutDelegateKey,\n })\n const hashes = await this.accessControlSecret.allSecureDelegationKeysFor(created.accessControlSecret)\n const data = {\n exchangeData: created.exchangeData,\n decrypted: {\n accessControlSecret: created.accessControlSecret,\n exchangeKey: created.exchangeKey,\n verified: true,\n },\n hashes,\n }\n this.addToCache(data)\n return {\n exchangeData: data.exchangeData,\n exchangeKey: data.decrypted!.exchangeKey,\n accessControlSecret: data.decrypted!.accessControlSecret,\n }\n }\n } finally {\n release()\n }\n }\n\n // Loads and adds to the cache all exchange data from the current data owner to the given delegate. Allows to check if there is already data from\n // the current data owner to the delegate which is good for encryption.\n private async populateCacheToDelegate(delegateId: string): Promise<void> {\n const dataToDelegate = await this.base.getExchangeDataByDelegatorDelegatePair(await this.dataOwnerApi.getCurrentDataOwnerId(), delegateId)\n for (const data of dataToDelegate) {\n const decrypted = await this.decryptData(data)\n if (decrypted) {\n const hashes = await this.accessControlSecret.allSecureDelegationKeysFor(decrypted.accessControlSecret)\n this.addToCache({ exchangeData: data, hashes, decrypted })\n } else {\n this.addToCache({ exchangeData: data, hashes: [] })\n }\n }\n }\n\n private addToCache(data: CachedExchangeData & { hashes: string[] }) {\n if (this.idToData.size >= this.maxCachedExchangeData) {\n this.evictOneEntry()\n }\n data.hashes.forEach((hash) => this.hashToId.set(hash, data.exchangeData.id!))\n if (data.decrypted?.verified && !this.delegateToVerifiedEncryptionDataId.has(data.exchangeData.delegate)) {\n this.delegateToVerifiedEncryptionDataId.set(data.exchangeData.delegate, data.exchangeData.id!)\n }\n this.idToData.set(data.exchangeData.id!, data)\n }\n\n private evictOneEntry() {\n const evicted = this.idToData.evictLeastRecentlyUsed()\n evicted.hashes.forEach((hash) => this.hashToId.delete(hash))\n if (this.delegateToVerifiedEncryptionDataId.get(evicted.exchangeData.delegate) === evicted.exchangeData.id) {\n this.delegateToVerifiedEncryptionDataId.delete(evicted.exchangeData.delegate)\n }\n }\n\n getAccessControlKeysValue(): Promise<string | undefined> {\n return Promise.resolve(undefined)\n }\n\n getAllDelegationKeys(): Promise<string[] | undefined> {\n return Promise.resolve(undefined)\n }\n}\n"]}
|
|
1
|
+
{"version":3,"file":"ExchangeDataManager.js","sourceRoot":"","sources":["../../../icc-x-api/crypto/ExchangeDataManager.ts"],"names":[],"mappings":";;;;;;;;;;;;AAMA,mCAAgH;AAEhH,oCAA+D;AAC/D,yEAA6E;AAC7E,+BAAkC;AAClC,6CAAmC;AACnC,gEAA0D;AAC1D,wCAAuC;AAOvC;;;GAGG;AACH,SAAsB,gDAAgD,CACpE,IAA6B,EAC7B,cAAyC,EACzC,mBAA6C,EAC7C,gBAAkC,EAClC,YAA8B,EAC9B,UAA4B,EAC5B,aAAsB,EACtB,qBAA4D,EAAE;;QAE9D,MAAM,YAAY,GAAG,yCAAuB,CAAC,aAAa,CAAC,MAAM,YAAY,CAAC,mBAAmB,EAAE,CAAC,CAAA;QACpG,IAAI,gBAAgB,CAAC,oCAAoC,CAAC,YAAY,CAAC,EAAE;YACvE,MAAM,GAAG,GAAG,IAAI,8BAA8B,CAC5C,IAAI,EACJ,cAAc,EACd,mBAAmB,EACnB,gBAAgB,EAChB,YAAY,EACZ,UAAU,EACV,aAAa,CACd,CAAA;YACD,MAAM,GAAG,CAAC,sBAAsB,EAAE,CAAA;YAClC,OAAO,GAAG,CAAA;SACX;aAAM;YACL,OAAO,IAAI,kCAAkC,CAC3C,IAAI,EACJ,cAAc,EACd,mBAAmB,EACnB,gBAAgB,EAChB,YAAY,EACZ,UAAU,EACV,aAAa,EACb,kBAAkB,CACnB,CAAA;SACF;IACH,CAAC;CAAA;AAnCD,4GAmCC;AA+GD,MAAe,2BAA2B;IACxC,YACW,IAA6B,EACnB,cAAyC,EACzC,mBAA6C,EAC7C,gBAAkC,EAClC,YAA8B,EAC9B,UAA4B,EAC9B,aAAsB;QAN9B,SAAI,GAAJ,IAAI,CAAyB;QACnB,mBAAc,GAAd,cAAc,CAA2B;QACzC,wBAAmB,GAAnB,mBAAmB,CAA0B;QAC7C,qBAAgB,GAAhB,gBAAgB,CAAkB;QAClC,iBAAY,GAAZ,YAAY,CAAkB;QAC9B,eAAU,GAAV,UAAU,CAAkB;QAC9B,kBAAa,GAAb,aAAa,CAAS;IACtC,CAAC;IAEY,WAAW,CAAC,IAAkB;;YAS5C,MAAM,cAAc,GAAG,IAAI,CAAC,cAAc,CAAC,iBAAiB,EAAE,CAAA;YAC9D,MAAM,cAAc,GAAG,MAAM,CAAC,WAAW,CACvC,IAAI,CAAC,cAAc,CAAC,mBAAmB,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,EAAuB,EAAE,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAC9G,CAAA;YACD,MAAM,oBAAoB,GAAG,CAAC,MAAM,IAAI,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC,IAAI,CAAC,EAAE,cAAc,CAAC,CAAC,CAAC,qBAAqB,CAAC,CAAC,CAAC,CAAA;YACtH,IAAI,CAAC,oBAAoB;gBAAE,OAAO,SAAS,CAAA;YAC3C,MAAM,4BAA4B,GAAG,CAAC,MAAM,IAAI,CAAC,IAAI,CAAC,6BAA6B,CAAC,CAAC,IAAI,CAAC,EAAE,cAAc,CAAC,CAAC,CAAC,qBAAqB,CAAC,CAAC,CAAC,CAAA;YACrI,IAAI,CAAC,4BAA4B;gBAC/B,MAAM,IAAI,KAAK,CAAC,kFAAkF,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;YAC3H,MAAM,2BAA2B,GAAG,CAAC,MAAM,IAAI,CAAC,IAAI,CAAC,6BAA6B,CAAC,CAAC,IAAI,CAAC,EAAE,cAAc,CAAC,CAAC,CAAC,qBAAqB,CAAC,CAAC,CAAC,CAAA;YACpI,IAAI,CAAC,2BAA2B;gBAC9B,MAAM,IAAI,KAAK,CAAC,iFAAiF,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;YAC1H,OAAO;gBACL,mBAAmB,EAAE,4BAA4B;gBACjD,WAAW,EAAE,oBAAoB;gBACjC,kBAAkB,EAAE,2BAA2B;gBAC/C,QAAQ,EAAE,MAAM,IAAI,CAAC,IAAI,CAAC,kBAAkB,CAC1C;oBACE,YAAY,EAAE,IAAI;oBAClB,4BAA4B;oBAC5B,oBAAoB;oBACpB,2BAA2B;iBAC5B,EACD,cAAc,EACd,IAAI,CACL;aACF,CAAA;QACH,CAAC;KAAA;IAEe,qBAAqB,CACnC,UAAkB,EAClB,OAIC;;YAED,IAAI,OAAO,CAAC,mBAAmB,IAAI,OAAO,CAAC,oBAAoB;gBAC7D,MAAM,IAAI,KAAK,CAAC,sFAAsF,CAAC,CAAA;YACzG,MAAM,cAAc,GAAgC,EAAE,CAAA;YACtD,MAAM,gBAAgB,GAAG,IAAI,CAAC,cAAc,CAAC,mBAAmB,EAAE,CAAA;YAClE,IAAI,gBAAgB,CAAC,MAAM,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,oBAAoB;gBAC/D,MAAM,IAAI,KAAK,CAAC,oFAAoF,CAAC,CAAA;YACvG,gBAAgB,CAAC,OAAO,CAAC,CAAC,EAAE,WAAW,EAAE,IAAI,EAAE,EAAE,EAAE;gBACjD,cAAc,CAAC,WAAW,CAAC,GAAG,IAAI,CAAC,SAAS,CAAA;YAC9C,CAAC,CAAC,CAAA;YACF,IAAI,UAAU,IAAI,CAAC,MAAM,IAAI,CAAC,YAAY,CAAC,qBAAqB,EAAE,CAAC,EAAE;gBACnE,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,kBAAkB,CAAC,UAAU,CAAC,CAAA;gBACvE,MAAM,oBAAoB,GAAG,IAAA,iCAAyB,EAAC,QAAQ,CAAC,IAAI,CAAC,CAAA;gBACrE,MAAM,kBAAkB,GAAG,IAAA,+BAAuB,EAAC,QAAQ,CAAC,IAAI,CAAC,CAAA;gBACjE,IAAI,uBAAiC,CAAA;gBACrC,IAAI,CAAC,oBAAoB,CAAC,IAAI,IAAI,CAAC,kBAAkB,CAAC,IAAI,EAAE;oBAC1D,IAAI,CAAC,OAAO,CAAC,mBAAmB;wBAC9B,MAAM,IAAI,KAAK,CAAC,qCAAqC,UAAU,+CAA+C,CAAC,CAAA;oBACjH,uBAAuB,GAAG,EAAE,CAAA;iBAC7B;qBAAM,IAAI,IAAI,CAAC,aAAa,IAAI,CAAC,MAAM,IAAI,CAAC,YAAY,CAAC,+BAA+B,EAAE,CAAC,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE;oBACjH,uBAAuB,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,wBAAwB,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAA;iBAC5F;qBAAM;oBACL,uBAAuB,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,wBAAwB,CAC5E,QAAQ,EACR,CAAC,GAAG,KAAK,CAAC,IAAI,CAAC,oBAAoB,CAAC,EAAE,GAAG,KAAK,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC,EACxE,IAAI,CAAC,UAAU,CAChB,CAAA;iBACF;gBACD,IAAI,CAAC,uBAAuB,CAAC,MAAM,IAAI,CAAC,OAAO,CAAC,mBAAmB;oBACjE,MAAM,IAAI,KAAK,CAAC,qCAAqC,UAAU,uDAAuD,CAAC,CAAA;gBACzH,KAAK,MAAM,WAAW,IAAI,uBAAuB,EAAE;oBACjD,IAAI,kBAAkB,CAAC,GAAG,CAAC,WAAW,CAAC,EAAE;wBACvC,cAAc,CAAC,IAAA,qBAAa,EAAC,WAAW,CAAC,CAAC,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,SAAS,CAAC,MAAM,EAAE,IAAA,cAAM,EAAC,WAAW,CAAC,EAAE,CAAC,SAAS,CAAC,EAAE,gBAAU,CAAC,IAAI,CAAC,CAAA;qBAC5I;yBAAM,IAAI,oBAAoB,CAAC,GAAG,CAAC,WAAW,CAAC,EAAE;wBAChD,cAAc,CAAC,IAAA,qBAAa,EAAC,WAAW,CAAC,CAAC,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,SAAS,CAC9E,MAAM,EACN,IAAA,cAAM,EAAC,WAAW,CAAC,EACnB,CAAC,SAAS,CAAC,EACX,gBAAU,CAAC,MAAM,CAClB,CAAA;qBACF;;wBAAM,MAAM,IAAI,KAAK,CAAC,qFAAqF,CAAC,CAAA;iBAC9G;aACF;YACD,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,kBAAkB,CAChD,UAAU,EACV,MAAM,CAAC,WAAW,CAAC,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAuB,EAAE,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,EACxG,cAAc,EACd,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,EAAE,EAAE,OAAO,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC,EAAE,CACnD,CAAA;YACD,OAAO;gBACL,YAAY,EAAE,OAAO,CAAC,YAAY;gBAClC,mBAAmB,EAAE,OAAO,CAAC,mBAAmB;gBAChD,WAAW,EAAE,OAAO,CAAC,WAAW;gBAChC,kBAAkB,EAAE,OAAO,CAAC,kBAAkB;aAC/C,CAAA;QACH,CAAC;KAAA;IAEK,gBAAgB,CAAC,cAAsB,EAAE,qBAA6B;;YAC1E,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,qBAAqB,EAAE,CAAA;YAC5D,MAAM,QAAQ,GAAG,IAAA,qBAAa,EAAC,qBAAqB,CAAC,CAAA;YACrD,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,kBAAkB,CAAC,cAAc,CAAC,CAAA;YACxE,MAAM,iBAAiB,GAAG,IAAA,2BAAmB,EAAC,KAAK,CAAC,IAAI,EAAE,qBAAqB,CAAC,CAAA;YAChF,IAAI,CAAC,iBAAiB;gBAAE,MAAM,IAAI,KAAK,CAAC,uCAAuC,cAAc,EAAE,CAAC,CAAA;YAChG,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,SAAS,CAAC,MAAM,EAAE,IAAA,cAAM,EAAC,qBAAqB,CAAC,EAAE,CAAC,SAAS,CAAC,EAAE,iBAAiB,CAAC,CAAA;YACjI,MAAM,cAAc,GAAG,IAAI,CAAC,cAAc,CAAC,iBAAiB,EAAE,CAAA;YAC9D,MAAM,uBAAuB,GAC3B,IAAI,IAAI,cAAc;gBACpB,CAAC,CAAC,MAAM,IAAI,CAAC,IAAI,CAAC,sCAAsC,CAAC,IAAI,EAAE,IAAI,CAAC;gBACpE,CAAC,CAAC;oBACE,GAAG,CAAC,MAAM,IAAI,CAAC,IAAI,CAAC,sCAAsC,CAAC,IAAI,EAAE,cAAc,CAAC,CAAC;oBACjF,GAAG,CAAC,MAAM,IAAI,CAAC,IAAI,CAAC,sCAAsC,CAAC,cAAc,EAAE,IAAI,CAAC,CAAC;iBAClF,CAAA;YACP,KAAK,MAAM,YAAY,IAAI,uBAAuB,EAAE;gBAClD,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,WAAW,CAAC,CAAC,IAAI,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,IAAI,QAAQ,CAAC,EAAE;oBACvE,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,qBAAqB,CAAC,YAAY,EAAE,cAAc,EAAE,EAAE,CAAC,QAAQ,CAAC,EAAE,cAAc,EAAE,CAAC,CAAA;oBACnH,IAAI,CAAC,OAAO,EAAE;wBACZ,OAAO,CAAC,IAAI,CAAC,gDAAgD,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC,EAAE,CAAC,CAAA;qBAC7F;iBACF;aACF;QACH,CAAC;KAAA;IAED,sBAAsB;QACpB,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAA;IAClD,CAAC;IAED,2BAA2B,CACzB,UAAkB,EAClB,OAGC;QAED,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAA;IAClD,CAAC;IAED,6CAA6C,CAC3C,MAAgB;QAEhB,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAA;IAClD,CAAC;IAED,yBAAyB,CACvB,GAAa,EACb,mBAA4B;QAQ5B,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAA;IAClD,CAAC;IAED,yBAAyB,CAAC,UAAwC;QAChE,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAA;IAClD,CAAC;IAED,oBAAoB,CAAC,UAAwC;QAC3D,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAA;IAClD,CAAC;IAEK,2BAA2B,CAC/B,mBAMG,EACH,oBAA6B;;YAE7B,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,qBAAqB,EAAE,CAAA;YAC5D,MAAM,qBAAqB,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,oBAAoB,CAAC,mBAAmB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAA;YACpH,IAAI,qBAAqB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,IAAI,IAAI,IAAI,CAAC,CAAC,QAAQ,IAAI,IAAI,CAAC;gBAC9E,MAAM,IAAI,KAAK,CAAC,2DAA2D,CAAC,CAAA;YAC9E,MAAM,gBAAgB,GAAmC,EAAE,CAAA;YAC3D,qBAAqB,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,gBAAgB,CAAC,CAAC,CAAC,EAAG,CAAC,GAAG,CAAC,CAAC,CAAC,CAAA;YACnE,IAAI,oBAAoB,EAAE;gBACxB,MAAM,gBAAgB,GAAG,IAAI,CAAC,cAAc,CAAC,mBAAmB,EAAE,CAAA;gBAClE,IAAI,gBAAgB,CAAC,MAAM,IAAI,CAAC;oBAAE,MAAM,IAAI,KAAK,CAAC,0EAA0E,CAAC,CAAA;gBAC7H,MAAM,cAAc,GAAgC,EAAE,CAAA;gBACtD,gBAAgB,CAAC,OAAO,CAAC,CAAC,EAAE,WAAW,EAAE,IAAI,EAAE,EAAE,EAAE;oBACjD,cAAc,CAAC,WAAW,CAAC,GAAG,IAAI,CAAC,SAAS,CAAA;gBAC9C,CAAC,CAAC,CAAA;gBACF,MAAM,aAAa,GAAG,MAAM,CAAC,WAAW,CAAC,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAuB,EAAE,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,CAAA;gBAC9H,KAAK,MAAM,OAAO,IAAI,mBAAmB,EAAE;oBACzC,MAAM,YAAY,GAAG,gBAAgB,CAAC,OAAO,CAAC,cAAc,CAAC,CAAA;oBAC7D,IAAI,YAAY,IAAI,IAAI;wBACtB,MAAM,IAAI,CAAC,IAAI,CAAC,yCAAyC,CAAC;4BACxD,YAAY;4BACZ,iBAAiB,EAAE,cAAc;4BACjC,yBAAyB,EAAE,YAAY,CAAC,SAAS,IAAI,IAAI,IAAI,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,EAAE;4BAClG,cAAc,EAAE,OAAO,CAAC,WAAW;4BACnC,sBAAsB,EAAE,OAAO,CAAC,mBAAmB;4BACnD,qBAAqB,EAAE,OAAO,CAAC,kBAAkB;yBAClD,CAAC,CAAA;iBACL;aACF;YACD,MAAM,eAAe,GAMf,EAAE,CAAA;YACR,KAAK,MAAM,OAAO,IAAI,mBAAmB,EAAE;gBACzC,MAAM,YAAY,GAAG,gBAAgB,CAAC,OAAO,CAAC,cAAc,CAAC,CAAA;gBAC7D,IAAI,YAAY,IAAI,SAAS;oBAC3B,eAAe,CAAC,IAAI,CAAC;wBACnB,YAAY,EAAE,YAAY;wBAC1B,mBAAmB,EAAE,MAAM,IAAI,CAAC,IAAI,CAAC,yBAAyB,CAAC,OAAO,CAAC,mBAAmB,CAAC;wBAC3F,WAAW,EAAE,MAAM,IAAI,CAAC,IAAI,CAAC,iBAAiB,CAAC,OAAO,CAAC,WAAW,CAAC;wBACnE,kBAAkB,EAAE,MAAM,IAAI,CAAC,IAAI,CAAC,wBAAwB,CAAC,OAAO,CAAC,kBAAkB,CAAC;wBACxF,QAAQ,EAAE,OAAO,CAAC,QAAQ;qBAC3B,CAAC,CAAA;aACL;YACD,MAAM,IAAI,CAAC,yBAAyB,CAAC,eAAe,CAAC,CAAA;QACvD,CAAC;KAAA;CAWF;AAED,MAAM,8BAA+B,SAAQ,2BAA2B;IAAxE;;QACU,WAAM,GAKT,OAAO,CAAC,OAAO,CAAC,EAAE,QAAQ,EAAE,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,kCAAkC,EAAE,EAAE,EAAE,kCAAkC,EAAE,EAAE,EAAE,CAAC,CAAA;QAC5H,4BAAuB,GAAG,IAAI,mBAAK,EAAE,CAAA;IAuM/C,CAAC;IArMO,sBAAsB;;YAC1B,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC,iBAAiB,EAAE,CAAA;YACtC,MAAM,IAAI,CAAC,MAAM,CAAA;QACnB,CAAC;KAAA;IAEK,6CAA6C,CACjD,MAAgB;;YAEhB,SAAS,0BAA0B,CAAC,MAInC;gBACC,OAAO,MAAM,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE;oBACjC,MAAM,EAAE,GAAG,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAA;oBAChC,IAAI,EAAE,EAAE;wBACN,MAAM,MAAM,GAAG,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAA;wBAClC,IAAI,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,SAAS,EAAE;4BACrB,GAAG,CAAC,IAAI,CAAC,GAAG;gCACV,YAAY,EAAE,MAAM,CAAC,YAAY;gCACjC,WAAW,EAAE,MAAM,CAAC,SAAS,CAAC,WAAW;gCACzC,mBAAmB,EAAE,MAAM,CAAC,SAAS,CAAC,mBAAmB;6BAC1D,CAAA;yBACF;qBACF;oBACD,OAAO,GAAG,CAAA;gBACZ,CAAC,EAAE,EAA6G,CAAC,CAAA;YACnH,CAAC;YAED,OAAO,0BAA0B,CAAC,MAAM,IAAI,CAAC,MAAM,CAAC,CAAA;QACtD,CAAC;KAAA;IAEa,yBAAyB,CACrC,UAAkB;;YAElB,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAA;YAChC,MAAM,MAAM,GAAG,MAAM,CAAC,kCAAkC,CAAC,UAAU,CAAC,CAAA;YACpE,MAAM,MAAM,GAAG,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,SAAS,CAAA;YAC3D,IAAI,MAAM,KAAI,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,SAAS,CAAA,EAAE;gBAC/B,OAAO;oBACL,YAAY,EAAE,MAAM,CAAC,YAAY;oBACjC,mBAAmB,EAAE,MAAM,CAAC,SAAS,CAAC,mBAAmB;oBACzD,WAAW,EAAE,MAAM,CAAC,SAAS,CAAC,WAAW;oBACzC,kBAAkB,EAAE,MAAM,CAAC,SAAS,CAAC,kBAAkB;iBACxD,CAAA;aACF;iBAAM;gBACL,OAAO,SAAS,CAAA;aACjB;QACH,CAAC;KAAA;IAEK,2BAA2B,CAC/B,UAAkB,EAClB,OAGC;;;YAED,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,yBAAyB,CAAC,UAAU,CAAC,CAAA;YACtE,IAAI,aAAa;gBAAE,OAAO,aAAa,CAAA;YACvC,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,uBAAuB,CAAC,OAAO,EAAE,CAAA;YAC5D,IAAI;gBACF,MAAM,gBAAgB,GAAG,MAAM,IAAI,CAAC,yBAAyB,CAAC,UAAU,CAAC,CAAA;gBACzE,IAAI,gBAAgB;oBAAE,OAAO,gBAAgB,CAAA;gBAC7C,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,qBAAqB,CAAC,UAAU,EAAE;oBAC3D,mBAAmB,EAAE,MAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,+BAA+B,mCAAI,KAAK;oBACtE,oBAAoB,EAAE,MAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,gCAAgC,mCAAI,KAAK;iBACzE,CAAC,CAAA;gBACF,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,YAAY,EAAE,IAAI,EAAE;oBACzC,mBAAmB,EAAE,OAAO,CAAC,mBAAmB;oBAChD,WAAW,EAAE,OAAO,CAAC,WAAW;oBAChC,kBAAkB,EAAE,OAAO,CAAC,kBAAkB;oBAC9C,QAAQ,EAAE,IAAI;iBACf,CAAC,CAAA;gBACF,OAAO,OAAO,CAAA;aACf;oBAAS;gBACR,OAAO,EAAE,CAAA;aACV;;KACF;IAEK,yBAAyB,CAC7B,GAAa,EACb,mBAA4B;;;YAQ5B,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAA;YAChC,MAAM,GAAG,GAML,EAAE,CAAA;YACN,KAAK,MAAM,EAAE,IAAI,GAAG,EAAE;gBACpB,MAAM,IAAI,GAAG,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAA;gBAChC,IAAI,IAAI,EAAE;oBACR,GAAG,CAAC,EAAE,CAAC,GAAG;wBACR,YAAY,EAAE,IAAI,CAAC,YAAY;wBAC/B,WAAW,EAAE,MAAA,IAAI,CAAC,SAAS,0CAAE,WAAW;wBACxC,mBAAmB,EAAE,MAAA,IAAI,CAAC,SAAS,0CAAE,mBAAmB;qBACzD,CAAA;iBACF;aACF;YACD,OAAO,GAAG,CAAA;;KACX;IAEO,SAAS,CACf,YAA0B,EAC1B,SAAkB,EAClB,SAAgI;QAEhI,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAO,MAAM,EAAE,EAAE;YAC9C,MAAM,CAAC,QAAQ,CAAC,YAAY,CAAC,EAAG,CAAC,GAAG,EAAE,YAAY,EAAE,SAAS,EAAE,CAAA;YAC/D,IAAI,SAAS,EAAE;gBACb,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,0BAA0B,CAAC,SAAS,CAAC,mBAAmB,CAAC,CAAA;gBACvG,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,EAAE;oBACtB,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,YAAY,CAAC,EAAG,CAAA;gBAC1C,CAAC,CAAC,CAAA;gBACF,IAAI,SAAS,CAAC,QAAQ,EAAE;oBACtB,MAAM,CAAC,kCAAkC,CAAC,YAAY,CAAC,QAAQ,CAAC,GAAG,YAAY,CAAC,EAAG,CAAA;iBACpF;aACF;YACD,IAAI,SAAS;gBAAE,MAAM,CAAC,kCAAkC,GAAG,EAAE,CAAA;YAC7D,OAAO,MAAM,CAAA;QACf,CAAC,CAAA,CAAC,CAAA;IACJ,CAAC;IAEa,iBAAiB;;YAM7B,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,8CAA8C,EAAE,CAAA;YAChF,IAAI,CAAC,OAAO;gBAAE,MAAM,IAAI,KAAK,CAAC,8EAA8E,CAAC,CAAA;YAC7G,MAAM,QAAQ,GAAyC,EAAE,CAAA;YACzD,MAAM,QAAQ,GAA+B,EAAE,CAAA;YAC/C,MAAM,kCAAkC,GAAmC,EAAE,CAAA;YAC7E,KAAK,MAAM,QAAQ,IAAI,OAAO,EAAE;gBAC9B,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAA;gBACtD,QAAQ,CAAC,QAAQ,CAAC,EAAG,CAAC,GAAG,EAAE,YAAY,EAAE,QAAQ,EAAE,SAAS,EAAE,aAAa,EAAE,CAAA;gBAC7E,IAAI,aAAa,aAAb,aAAa,uBAAb,aAAa,CAAE,QAAQ,EAAE;oBAC3B,kCAAkC,CAAC,QAAQ,CAAC,QAAQ,CAAC,GAAG,QAAQ,CAAC,EAAG,CAAA;iBACrE;gBACD,IAAI,aAAa,aAAb,aAAa,uBAAb,aAAa,CAAE,mBAAmB,EAAE;oBACtC,KAAK,MAAM,CAAC,IAAI,MAAM,IAAI,CAAC,mBAAmB,CAAC,0BAA0B,CAAC,aAAc,CAAC,mBAAmB,CAAC,EAAE;wBAC7G,QAAQ,CAAC,CAAC,CAAC,GAAG,QAAQ,CAAC,EAAG,CAAA;qBAC3B;iBACF;aACF;YACD,MAAM,kCAAkC,GAA8D,EAAE,CAAA;YACxG,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,kCAAkC,EAAE,kCAAkC,EAAE,CAAA;QACvG,CAAC;KAAA;IAEK,yBAAyB,CAAC,UAAwC;;YACtE,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAA;YAChC,MAAM,MAAM,GAAG,MAAM,CAAC,kCAAkC,CAAC,UAAU,CAAC,CAAA;YACpE,IAAI,MAAM;gBAAE,OAAO,MAAM,CAAA;YACzB,MAAM,oBAAoB,GAAG,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,mBAAmB,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAA;YAClI,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,2BAA2B,CAAC,oBAAoB,EAAE,UAAU,CAAC,CAAA;YAC7G,MAAM,CAAC,kCAAkC,CAAC,UAAU,CAAC,GAAG,QAAQ,CAAA;YAChE,OAAO,QAAQ,CAAA;QACjB,CAAC;KAAA;IAEK,oBAAoB,CAAC,UAAwC;;YACjE,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAA;YAChC,MAAM,oBAAoB,GAAG,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,mBAAmB,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAA;YAClI,MAAM,GAAG,GAAa,EAAE,CAAA;YACxB,KAAK,MAAM,mBAAmB,IAAI,oBAAoB,EAAE;gBACtD,sIAAsI;gBACtI,GAAG,CAAC,IAAI,CAAC,MAAM,IAAI,CAAC,mBAAmB,CAAC,sBAAsB,CAAC,mBAAmB,EAAE,UAAU,CAAC,CAAC,CAAA;aACjG;YACD,OAAO,GAAG,CAAA;QACZ,CAAC;KAAA;IAEe,yBAAyB,CACvC,mBAMG;;YAEH,KAAK,MAAM,OAAO,IAAI,mBAAmB,EAAE;gBACzC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,YAAY,EAAE,IAAI,EAAE;oBACzC,mBAAmB,EAAE,OAAO,CAAC,mBAAmB;oBAChD,WAAW,EAAE,OAAO,CAAC,WAAW;oBAChC,kBAAkB,EAAE,OAAO,CAAC,kBAAkB;oBAC9C,QAAQ,EAAE,OAAO,CAAC,QAAQ;iBAC3B,CAAC,CAAA;aACH;QACH,CAAC;KAAA;CACF;AAED,MAAM,kCAAmC,SAAQ,2BAA2B;IAO1E,YACE,IAA6B,EAC7B,cAAyC,EACzC,mBAA6C,EAC7C,gBAAkC,EAClC,YAA8B,EAC9B,UAA4B,EAC5B,aAAsB,EACtB,kBAEC;;QAED,KAAK,CAAC,IAAI,EAAE,cAAc,EAAE,mBAAmB,EAAE,gBAAgB,EAAE,YAAY,EAAE,UAAU,EAAE,aAAa,CAAC,CAAA;QAlB5F,aAAQ,GAAsE,IAAI,iCAAc,EAAE,CAAA;QAClG,aAAQ,GAAwB,IAAI,GAAG,EAAE,CAAA;QACzC,uCAAkC,GAAwB,IAAI,GAAG,EAAE,CAAA;QAEnE,eAAU,GAAG,IAAI,mBAAK,EAAE,CAAA;QAevC,IAAI,CAAC,qBAAqB,GAAG,MAAA,kBAAkB,CAAC,YAAY,mCAAI,IAAI,CAAA;IACtE,CAAC;IAEK,sBAAsB;;YAC1B,IAAI,CAAC,QAAQ,CAAC,KAAK,EAAE,CAAA;YACrB,IAAI,CAAC,QAAQ,CAAC,KAAK,EAAE,CAAA;YACrB,IAAI,CAAC,kCAAkC,CAAC,KAAK,EAAE,CAAA;QACjD,CAAC;KAAA;IAEK,6CAA6C,CACjD,MAAgB;;YAEhB,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,OAAO,EAAE,CAAA;YAC/C,IAAI;gBACF,MAAM,GAAG,GAEL,EAAE,CAAA;gBACN,KAAK,MAAM,IAAI,IAAI,MAAM,EAAE;oBACzB,MAAM,MAAM,GAAG,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,CAAA;oBACtC,IAAI,MAAM,EAAE;wBACV,MAAM,SAAS,GAAG,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,MAAM,CAAC,CAAA;wBACjD,IAAI,CAAC,SAAS;4BAAE,MAAM,IAAI,KAAK,CAAC,gBAAgB,MAAM,mCAAmC,CAAC,CAAA;wBAC1F,IAAI,SAAS,CAAC,SAAS,EAAE;4BACvB,GAAG,CAAC,IAAI,CAAC,GAAG;gCACV,YAAY,EAAE,SAAS,CAAC,YAAY;gCACpC,WAAW,EAAE,SAAS,CAAC,SAAS,CAAC,WAAW;gCAC5C,mBAAmB,EAAE,SAAS,CAAC,SAAS,CAAC,mBAAmB;6BAC7D,CAAA;yBACF;qBACF;iBACF;gBACD,OAAO,GAAG,CAAA;aACX;oBAAS;gBACR,OAAO,EAAE,CAAA;aACV;QACH,CAAC;KAAA;IAEK,yBAAyB,CAC7B,GAAa,EACb,mBAA4B;;;YAQ5B,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,OAAO,EAAE,CAAA;YAC/C,IAAI;gBACF,MAAM,GAAG,GAML,EAAE,CAAA;gBACN,MAAM,QAAQ,GAAa,EAAE,CAAA;gBAC7B,KAAK,MAAM,EAAE,IAAI,GAAG,EAAE;oBACpB,MAAM,MAAM,GAAuD,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC,CAAA;oBAC9F,IAAI,MAAM,EAAE;wBACV,GAAG,CAAC,EAAE,CAAC,GAAG;4BACR,WAAW,EAAE,MAAA,MAAM,CAAC,SAAS,0CAAE,WAAW;4BAC1C,mBAAmB,EAAE,MAAA,MAAM,CAAC,SAAS,0CAAE,mBAAmB;4BAC1D,YAAY,EAAE,MAAM,CAAC,YAAY;yBAClC,CAAA;qBACF;yBAAM,IAAI,mBAAmB,EAAE;wBAC9B,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;qBAClB;iBACF;gBACD,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE;oBACvB,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,oBAAoB,CAAC,QAAQ,CAAC,CAAA;oBAChE,KAAK,MAAM,IAAI,IAAI,SAAS,EAAE;wBAC5B,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,CAAA;wBAC9C,IAAI,SAAS,EAAE;4BACb,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,0BAA0B,CAAC,SAAS,CAAC,mBAAmB,CAAC,CAAA;4BACvG,IAAI,CAAC,UAAU,CAAC,EAAE,YAAY,EAAE,IAAI,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC,CAAA;yBAC3D;6BAAM;4BACL,IAAI,CAAC,UAAU,CAAC,EAAE,YAAY,EAAE,IAAI,EAAE,MAAM,EAAE,EAAE,EAAE,CAAC,CAAA;yBACpD;wBACD,GAAG,CAAC,IAAI,CAAC,EAAG,CAAC,GAAG;4BACd,WAAW,EAAE,SAAS,aAAT,SAAS,uBAAT,SAAS,CAAE,WAAW;4BACnC,mBAAmB,EAAE,SAAS,aAAT,SAAS,uBAAT,SAAS,CAAE,mBAAmB;4BACnD,YAAY,EAAE,IAAI;yBACnB,CAAA;qBACF;iBACF;gBACD,OAAO,GAAG,CAAA;aACX;oBAAS;gBACR,OAAO,EAAE,CAAA;aACV;;KACF;IAEK,2BAA2B,CAC/B,UAAkB,EAClB,OAGC;;;YAED,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,OAAO,EAAE,CAAA;YAC/C,IAAI;gBACF,IAAI,UAAU,GAAG,IAAI,CAAC,kCAAkC,CAAC,GAAG,CAAC,UAAU,CAAC,CAAA;gBACxE,IAAI,CAAC,UAAU,EAAE;oBACf,MAAM,IAAI,CAAC,uBAAuB,CAAC,UAAU,CAAC,CAAA;oBAC9C,UAAU,GAAG,IAAI,CAAC,kCAAkC,CAAC,GAAG,CAAC,UAAU,CAAC,CAAA;iBACrE;gBACD,IAAI,UAAU,EAAE;oBACd,MAAM,MAAM,GAAG,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,UAAU,CAAC,CAAA;oBAClD,IAAI,CAAC,MAAM;wBAAE,MAAM,IAAI,KAAK,CAAC,+BAA+B,UAAU,4BAA4B,CAAC,CAAA;oBACnG,IAAI,MAAM,CAAC,SAAS,EAAE;wBACpB,OAAO;4BACL,YAAY,EAAE,MAAM,CAAC,YAAY;4BACjC,WAAW,EAAE,MAAM,CAAC,SAAS,CAAC,WAAW;4BACzC,mBAAmB,EAAE,MAAM,CAAC,SAAS,CAAC,mBAAmB;4BACzD,kBAAkB,EAAE,MAAM,CAAC,SAAS,CAAC,kBAAkB;yBACxD,CAAA;qBACF;;wBAAM,MAAM,IAAI,KAAK,CAAC,0DAA0D,CAAC,CAAA;iBACnF;qBAAM;oBACL,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,qBAAqB,CAAC,UAAU,EAAE;wBAC3D,mBAAmB,EAAE,MAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,+BAA+B,mCAAI,KAAK;wBACtE,oBAAoB,EAAE,MAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,gCAAgC,mCAAI,KAAK;qBACzE,CAAC,CAAA;oBACF,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,0BAA0B,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAA;oBACrG,MAAM,IAAI,GAAG;wBACX,YAAY,EAAE,OAAO,CAAC,YAAY;wBAClC,SAAS,EAAE;4BACT,mBAAmB,EAAE,OAAO,CAAC,mBAAmB;4BAChD,WAAW,EAAE,OAAO,CAAC,WAAW;4BAChC,kBAAkB,EAAE,OAAO,CAAC,kBAAkB;4BAC9C,QAAQ,EAAE,IAAI;yBACf;wBACD,MAAM;qBACP,CAAA;oBACD,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,CAAA;oBACrB,OAAO;wBACL,YAAY,EAAE,IAAI,CAAC,YAAY;wBAC/B,WAAW,EAAE,IAAI,CAAC,SAAS,CAAC,WAAW;wBACvC,mBAAmB,EAAE,IAAI,CAAC,SAAS,CAAC,mBAAmB;wBACvD,kBAAkB,EAAE,IAAI,CAAC,SAAS,CAAC,kBAAkB;qBACtD,CAAA;iBACF;aACF;oBAAS;gBACR,OAAO,EAAE,CAAA;aACV;;KACF;IAED,iJAAiJ;IACjJ,uEAAuE;IACzD,uBAAuB,CAAC,UAAkB;;YACtD,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,sCAAsC,CAAC,MAAM,IAAI,CAAC,YAAY,CAAC,qBAAqB,EAAE,EAAE,UAAU,CAAC,CAAA;YAC1I,KAAK,MAAM,IAAI,IAAI,cAAc,EAAE;gBACjC,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,CAAA;gBAC9C,IAAI,SAAS,EAAE;oBACb,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,0BAA0B,CAAC,SAAS,CAAC,mBAAmB,CAAC,CAAA;oBACvG,IAAI,CAAC,UAAU,CAAC,EAAE,YAAY,EAAE,IAAI,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC,CAAA;iBAC3D;qBAAM;oBACL,IAAI,CAAC,UAAU,CAAC,EAAE,YAAY,EAAE,IAAI,EAAE,MAAM,EAAE,EAAE,EAAE,CAAC,CAAA;iBACpD;aACF;QACH,CAAC;KAAA;IAEO,UAAU,CAAC,IAA+C;;QAChE,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,IAAI,IAAI,CAAC,qBAAqB,EAAE;YACpD,IAAI,CAAC,aAAa,EAAE,CAAA;SACrB;QACD,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,EAAE,IAAI,CAAC,YAAY,CAAC,EAAG,CAAC,CAAC,CAAA;QAC7E,IAAI,CAAA,MAAA,IAAI,CAAC,SAAS,0CAAE,QAAQ,KAAI,CAAC,IAAI,CAAC,kCAAkC,CAAC,GAAG,CAAC,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,EAAE;YACxG,IAAI,CAAC,kCAAkC,CAAC,GAAG,CAAC,IAAI,CAAC,YAAY,CAAC,QAAQ,EAAE,IAAI,CAAC,YAAY,CAAC,EAAG,CAAC,CAAA;SAC/F;QACD,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,YAAY,CAAC,EAAG,EAAE,IAAI,CAAC,CAAA;IAChD,CAAC;IAEO,aAAa;QACnB,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,CAAC,sBAAsB,EAAE,CAAA;QACtD,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAA;QAC5D,IAAI,IAAI,CAAC,kCAAkC,CAAC,GAAG,CAAC,OAAO,CAAC,YAAY,CAAC,QAAQ,CAAC,KAAK,OAAO,CAAC,YAAY,CAAC,EAAE,EAAE;YAC1G,IAAI,CAAC,kCAAkC,CAAC,MAAM,CAAC,OAAO,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAA;SAC9E;IACH,CAAC;IAED,yBAAyB;QACvB,OAAO,OAAO,CAAC,OAAO,CAAC,SAAS,CAAC,CAAA;IACnC,CAAC;IAED,oBAAoB;QAClB,OAAO,OAAO,CAAC,OAAO,CAAC,SAAS,CAAC,CAAA;IACnC,CAAC;IAEe,yBAAyB,CACvC,mBAMG;;YAEH,KAAK,MAAM,OAAO,IAAI,mBAAmB,EAAE;gBACzC,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,0BAA0B,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAA;gBACrG,MAAM,IAAI,GAAG;oBACX,YAAY,EAAE,OAAO,CAAC,YAAY;oBAClC,SAAS,EAAE;wBACT,mBAAmB,EAAE,OAAO,CAAC,mBAAmB;wBAChD,WAAW,EAAE,OAAO,CAAC,WAAW;wBAChC,kBAAkB,EAAE,OAAO,CAAC,kBAAkB;wBAC9C,QAAQ,EAAE,OAAO,CAAC,QAAQ;qBAC3B;oBACD,MAAM;iBACP,CAAA;gBACD,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,CAAA;aACtB;QACH,CAAC;KAAA;CACF","sourcesContent":["import { ExchangeData } from '../../icc-api/model/internal/ExchangeData'\nimport { IccDataOwnerXApi } from '../icc-data-owner-x-api'\nimport { BaseExchangeDataManager } from './BaseExchangeDataManager'\nimport { UserEncryptionKeysManager } from './UserEncryptionKeysManager'\nimport { AccessControlSecretUtils } from './AccessControlSecretUtils'\nimport { CryptoStrategies } from './CryptoStrategies'\nimport { fingerprintV1, getShaVersionForKey, hexPublicKeysWithSha1Of, hexPublicKeysWithSha256Of } from './utils'\nimport { CryptoPrimitives } from './CryptoPrimitives'\nimport { EntityWithDelegationTypeName, hex2ua } from '../utils'\nimport { CryptoActorStubWithType } from '../../icc-api/model/CryptoActorStub'\nimport { ShaVersion } from './RSA'\nimport { Mutex } from 'async-mutex'\nimport { SimpleLruCache } from '../utils/simple-lru-cache'\nimport * as console from 'node:console'\n\nexport type ExchangeDataManagerOptionalParameters = {\n // Only for not fully cached implementation (data owner can't request all his exchange data), amount of exchange data which can be cached\n lruCacheSize?: number // default = 2000\n}\n\n/**\n * @internal this function is for internal use only and may be changed without notice.\n * Initialises and returns the exchange data manager which is most appropriate for the current data owner.\n */\nexport async function initialiseExchangeDataManagerForCurrentDataOwner(\n base: BaseExchangeDataManager,\n encryptionKeys: UserEncryptionKeysManager,\n accessControlSecret: AccessControlSecretUtils,\n cryptoStrategies: CryptoStrategies,\n dataOwnerApi: IccDataOwnerXApi,\n primitives: CryptoPrimitives,\n useParentKeys: boolean,\n optionalParameters: ExchangeDataManagerOptionalParameters = {}\n): Promise<ExchangeDataManager> {\n const currentOwner = CryptoActorStubWithType.fromDataOwner(await dataOwnerApi.getCurrentDataOwner())\n if (cryptoStrategies.dataOwnerRequiresAnonymousDelegation(currentOwner)) {\n const res = new FullyCachedExchangeDataManager(\n base,\n encryptionKeys,\n accessControlSecret,\n cryptoStrategies,\n dataOwnerApi,\n primitives,\n useParentKeys\n )\n await res.clearOrRepopulateCache()\n return res\n } else {\n return new LimitedLruCacheExchangeDataManager(\n base,\n encryptionKeys,\n accessControlSecret,\n cryptoStrategies,\n dataOwnerApi,\n primitives,\n useParentKeys,\n optionalParameters\n )\n }\n}\n\ntype CachedExchangeData = {\n exchangeData: ExchangeData\n decrypted?: {\n accessControlSecret: string\n exchangeKey: CryptoKey\n verified: boolean\n sharedSignatureKey: CryptoKey\n }\n}\n\n/**\n * @internal this class is intended for internal use only and may be changed without notice.\n * Exchange data manager which automatically handles decryption and cache\n */\nexport interface ExchangeDataManager {\n readonly base: BaseExchangeDataManager\n\n /**\n * Updates all exchange data between the current data owner and another data owner to allow the other data owner to access existing exchange data\n * using a new public key. Note that this will make existing exchange keys from the other data owner to the current data owner unverified, therefore\n * invalid for encryption.\n * @param otherDataOwner the other data owner.\n * @param newDataOwnerPublicKey a new public key of the other data owner.\n */\n giveAccessBackTo(otherDataOwner: string, newDataOwnerPublicKey: string): Promise<void>\n\n /**\n * Gets any existing and verified exchange data from the current data owner to the provided delegate or creates new data if no verified data is\n * available, then caches it.\n * @param delegateId the id of the delegate.\n * @param options\n * - allowCreationWithoutDelegatorKey if true, when creating new exchange data, even if no verified key is available for the delegator the method\n * will create the new exchange data anyway (will not be usable by the delegate without additional steps).\n * - allowCreationWithoutDelegateKey if true, when creating new exchange data, even if no verified key is available for the delegate the method\n * will create the new exchange data anyway (will not be usable by the delegate without additional steps).\n * @return the access control secret and key of the data to use for encryption.\n */\n getOrCreateEncryptionDataTo(\n delegateId: string,\n options?: {\n allowCreationWithoutDelegatorKey?: boolean\n allowCreationWithoutDelegateKey?: boolean\n }\n ): Promise<{ exchangeData: ExchangeData; accessControlSecret: string; exchangeKey: CryptoKey; sharedSignatureKey: CryptoKey }>\n\n /**\n * Retrieve the cached decrypted exchange data key associated with any of the provided hashes/entry keys of secure delegations.\n * @param hashes hashes of access control secrets for a specific entity, as they appear in the key of secure delegation entries\n * @return the exchange data and decrypted key associated to that hash if cached\n */\n getCachedDecryptionDataKeyByAccessControlHash(\n hashes: string[]\n ): Promise<{ [hash: string]: { exchangeData: ExchangeData; accessControlSecret: string; exchangeKey: CryptoKey } }>\n\n /**\n * Retrieves the exchange data with the provided id (from the cache if available or from the server otherwise if allowed by\n * and attempts to decrypt it, then caches the result.\n * @param ids ids of the exchange datas to retrieve\n * @param retrieveIfNotCached if false only cached data will be returned, and the access control hases options will be\n * ignored\n * @return a map containing the exchange data id associated with:\n * - exchangeData: the exchange data with the provided id\n * - exchangeKey: the exchange key corresponding to the provided exchange data if it could be decrypted, else undefined\n * - accessControlSecret: the access control secret corresponding to the provided exchange data if it could be decrypted, else undefined\n */\n getDecryptionDataKeyByIds(\n ids: string[],\n retrieveIfNotCached: boolean\n ): Promise<{ [id: string]: { exchangeKey: CryptoKey | undefined; accessControlSecret: string | undefined; exchangeData: ExchangeData } }>\n\n /**\n * Clears the cache or fully repopulates the cache if the current data owner can retrieve all of his exchange data according to the crypto\n * strategies.\n */\n clearOrRepopulateCache(): Promise<void>\n\n /**\n * If the current data owner requires anonymous delegations this returns the base64 representation of the concatenation of all available access\n * control keys for the current data owner.\n */\n getAccessControlKeysValue(entityType: EntityWithDelegationTypeName): Promise<string | undefined>\n\n /**\n * If the current data owner requires anonymous delegations this returns the access control keys which may be used in secure delegations for the\n * data owner, which can be used to search for data.\n */\n getAllDelegationKeys(entityType: EntityWithDelegationTypeName): Promise<string[] | undefined>\n\n /**\n * Injects already decrypted exchange data, allowing it to be used by the sdk.\n * @param exchangeDataDetails the exchange data to inject, with the decrypted content and verified status.\n * Note that the SDK won't verify that the provided decrypted content actually matches what is stored in the exchange\n * data.\n * @param reEncryptWithOwnKeys if true all the provided exchange data that is not encrypted with any of the self\n * verified keys of the user will be re-encrypted with them. In case the user is also the delegator and the data is\n * verified the delegator signature will be updated.\n */\n injectDecryptedExchangeData(\n exchangeDataDetails: {\n exchangeDataId: string\n accessControlSecret: ArrayBuffer\n exchangeKey: ArrayBuffer\n sharedSignatureKey: ArrayBuffer\n verified: boolean\n }[],\n reEncryptWithOwnKeys: boolean\n ): Promise<void>\n}\n\nabstract class AbstractExchangeDataManager implements ExchangeDataManager {\n constructor(\n readonly base: BaseExchangeDataManager,\n protected readonly encryptionKeys: UserEncryptionKeysManager,\n protected readonly accessControlSecret: AccessControlSecretUtils,\n protected readonly cryptoStrategies: CryptoStrategies,\n protected readonly dataOwnerApi: IccDataOwnerXApi,\n protected readonly primitives: CryptoPrimitives,\n private readonly useParentKeys: boolean\n ) {}\n\n protected async decryptData(data: ExchangeData): Promise<\n | {\n accessControlSecret: string\n exchangeKey: CryptoKey\n verified: boolean\n sharedSignatureKey: CryptoKey\n }\n | undefined\n > {\n const decryptionKeys = this.encryptionKeys.getDecryptionKeys()\n const encryptionKeys = Object.fromEntries(\n this.encryptionKeys.getSelfVerifiedKeys().map((x): [string, CryptoKey] => [x.fingerprint, x.pair.privateKey])\n )\n const decryptedExchangeKey = (await this.base.tryDecryptExchangeKeys([data], decryptionKeys)).successfulDecryptions[0]\n if (!decryptedExchangeKey) return undefined\n const decryptedAccessControlSecret = (await this.base.tryDecryptAccessControlSecret([data], decryptionKeys)).successfulDecryptions[0]\n if (!decryptedAccessControlSecret)\n throw new Error(`Decryption key could be decrypted but access control secret could not for data ${JSON.stringify(data)}`)\n const decryptedSharedSignatureKey = (await this.base.tryDecryptSharedSignatureKeys([data], decryptionKeys)).successfulDecryptions[0]\n if (!decryptedSharedSignatureKey)\n throw new Error(`Decryption key could be decrypted but shared signature key could not for data ${JSON.stringify(data)}`)\n return {\n accessControlSecret: decryptedAccessControlSecret,\n exchangeKey: decryptedExchangeKey,\n sharedSignatureKey: decryptedSharedSignatureKey,\n verified: await this.base.verifyExchangeData(\n {\n exchangeData: data,\n decryptedAccessControlSecret,\n decryptedExchangeKey,\n decryptedSharedSignatureKey,\n },\n encryptionKeys,\n true\n ),\n }\n }\n\n protected async createNewExchangeData(\n delegateId: string,\n options: {\n newDataId?: string\n allowNoDelegatorKeys?: boolean\n allowNoDelegateKeys?: boolean\n }\n ): Promise<{ exchangeData: ExchangeData; accessControlSecret: string; exchangeKey: CryptoKey; sharedSignatureKey: CryptoKey }> {\n if (options.allowNoDelegateKeys && options.allowNoDelegatorKeys)\n throw new Error('Illegal arguments: allow no delegator and no delegate keys should never both be true')\n const encryptionKeys: { [fp: string]: CryptoKey } = {}\n const selfVerifiedKeys = this.encryptionKeys.getSelfVerifiedKeys()\n if (selfVerifiedKeys.length <= 0 && !options.allowNoDelegatorKeys)\n throw new Error('If the sdk is initialized in keyless mode you must create exchange data explicitly')\n selfVerifiedKeys.forEach(({ fingerprint, pair }) => {\n encryptionKeys[fingerprint] = pair.publicKey\n })\n if (delegateId != (await this.dataOwnerApi.getCurrentDataOwnerId())) {\n const delegate = await this.dataOwnerApi.getCryptoActorStub(delegateId)\n const sha256KeysOfDelegate = hexPublicKeysWithSha256Of(delegate.stub)\n const sha1KeysOfDelegate = hexPublicKeysWithSha1Of(delegate.stub)\n let allVerifiedDelegateKeys: string[]\n if (!sha256KeysOfDelegate.size && !sha1KeysOfDelegate.size) {\n if (!options.allowNoDelegateKeys)\n throw new Error(`Could not create exchange data to ${delegateId} as no public key for the delegate was found.`)\n allVerifiedDelegateKeys = []\n } else if (this.useParentKeys && (await this.dataOwnerApi.getCurrentDataOwnerHierarchyIds()).includes(delegateId)) {\n allVerifiedDelegateKeys = await this.encryptionKeys.getVerifiedPublicKeysFor(delegate.stub)\n } else {\n allVerifiedDelegateKeys = await this.cryptoStrategies.verifyDelegatePublicKeys(\n delegate,\n [...Array.from(sha256KeysOfDelegate), ...Array.from(sha1KeysOfDelegate)],\n this.primitives\n )\n }\n if (!allVerifiedDelegateKeys.length && !options.allowNoDelegateKeys)\n throw new Error(`Could not create exchange data to ${delegateId} as no public key for the delegate could be verified.`)\n for (const delegateKey of allVerifiedDelegateKeys) {\n if (sha1KeysOfDelegate.has(delegateKey)) {\n encryptionKeys[fingerprintV1(delegateKey)] = await this.primitives.RSA.importKey('spki', hex2ua(delegateKey), ['encrypt'], ShaVersion.Sha1)\n } else if (sha256KeysOfDelegate.has(delegateKey)) {\n encryptionKeys[fingerprintV1(delegateKey)] = await this.primitives.RSA.importKey(\n 'spki',\n hex2ua(delegateKey),\n ['encrypt'],\n ShaVersion.Sha256\n )\n } else throw new Error('Illegal state: verified keys should contain only keys for OAPE-SHA1 or OAPE-SHA256.')\n }\n }\n const newData = await this.base.createExchangeData(\n delegateId,\n Object.fromEntries(selfVerifiedKeys.map((x): [string, CryptoKey] => [x.fingerprint, x.pair.privateKey])),\n encryptionKeys,\n options.newDataId ? { id: options.newDataId } : {}\n )\n return {\n exchangeData: newData.exchangeData,\n accessControlSecret: newData.accessControlSecret,\n exchangeKey: newData.exchangeKey,\n sharedSignatureKey: newData.sharedSignatureKey,\n }\n }\n\n async giveAccessBackTo(otherDataOwner: string, newDataOwnerPublicKey: string) {\n const self = await this.dataOwnerApi.getCurrentDataOwnerId()\n const newKeyFp = fingerprintV1(newDataOwnerPublicKey)\n const other = await this.dataOwnerApi.getCryptoActorStub(otherDataOwner)\n const newKeyHashVersion = getShaVersionForKey(other.stub, newDataOwnerPublicKey)\n if (!newKeyHashVersion) throw new Error(`Public key not found for data owner ${otherDataOwner}`)\n const importedNewKey = await this.primitives.RSA.importKey('spki', hex2ua(newDataOwnerPublicKey), ['encrypt'], newKeyHashVersion)\n const decryptionKeys = this.encryptionKeys.getDecryptionKeys()\n const allExchangeDataToUpdate =\n self == otherDataOwner\n ? await this.base.getExchangeDataByDelegatorDelegatePair(self, self)\n : [\n ...(await this.base.getExchangeDataByDelegatorDelegatePair(self, otherDataOwner)),\n ...(await this.base.getExchangeDataByDelegatorDelegatePair(otherDataOwner, self)),\n ]\n for (const dataToUpdate of allExchangeDataToUpdate) {\n if (!Object.keys(dataToUpdate.exchangeKey).find((fp) => fp == newKeyFp)) {\n const updated = await this.base.tryUpdateExchangeData(dataToUpdate, decryptionKeys, { [newKeyFp]: importedNewKey })\n if (!updated) {\n console.warn(`Failed to give access back to exchanged data ${JSON.stringify(dataToUpdate)}`)\n }\n }\n }\n }\n\n clearOrRepopulateCache(): Promise<void> {\n throw new Error('Implemented by concrete class')\n }\n\n getOrCreateEncryptionDataTo(\n delegateId: string,\n options?: {\n allowCreationWithoutDelegatorKey?: boolean\n allowCreationWithoutDelegateKey?: boolean\n }\n ): Promise<{ exchangeData: ExchangeData; accessControlSecret: string; exchangeKey: CryptoKey; sharedSignatureKey: CryptoKey }> {\n throw new Error('Implemented by concrete class')\n }\n\n getCachedDecryptionDataKeyByAccessControlHash(\n hashes: string[]\n ): Promise<{ [p: string]: { exchangeData: ExchangeData; exchangeKey: CryptoKey; accessControlSecret: string } }> {\n throw new Error('Implemented by concrete class')\n }\n\n getDecryptionDataKeyByIds(\n ids: string[],\n retrieveIfNotCached: boolean\n ): Promise<{\n [p: string]: {\n exchangeKey: CryptoKey | undefined\n accessControlSecret: string | undefined\n exchangeData: ExchangeData\n }\n }> {\n throw new Error('Implemented by concrete class')\n }\n\n getAccessControlKeysValue(entityType: EntityWithDelegationTypeName): Promise<string | undefined> {\n throw new Error('Implemented by concrete class')\n }\n\n getAllDelegationKeys(entityType: EntityWithDelegationTypeName): Promise<string[] | undefined> {\n throw new Error('Implemented by concrete class')\n }\n\n async injectDecryptedExchangeData(\n exchangeDataDetails: {\n exchangeDataId: string\n accessControlSecret: ArrayBuffer\n exchangeKey: ArrayBuffer\n sharedSignatureKey: ArrayBuffer\n verified: boolean\n }[],\n reEncryptWithOwnKeys: boolean\n ): Promise<void> {\n const self = await this.dataOwnerApi.getCurrentDataOwnerId()\n const retrievedExchangeData = await this.base.getExchangeDataByIds(exchangeDataDetails.map((x) => x.exchangeDataId))\n if (retrievedExchangeData.some((x) => x.delegator != self && x.delegate != self))\n throw new Error('Should only inject exchange date from/to the current user')\n const exchangeDataById: { [id: string]: ExchangeData } = {}\n retrievedExchangeData.forEach((x) => (exchangeDataById[x.id!] = x))\n if (reEncryptWithOwnKeys) {\n const selfVerifiedKeys = this.encryptionKeys.getSelfVerifiedKeys()\n if (selfVerifiedKeys.length <= 0) throw new Error(\"Can't re-encrypt injected exchange data with own keys if in keyless mode\")\n const encryptionKeys: { [fp: string]: CryptoKey } = {}\n selfVerifiedKeys.forEach(({ fingerprint, pair }) => {\n encryptionKeys[fingerprint] = pair.publicKey\n })\n const signatureKeys = Object.fromEntries(selfVerifiedKeys.map((x): [string, CryptoKey] => [x.fingerprint, x.pair.privateKey]))\n for (const details of exchangeDataDetails) {\n const exchangeData = exchangeDataById[details.exchangeDataId]\n if (exchangeData != null)\n await this.base.updateExchangeDataWithRawDecryptedContent({\n exchangeData,\n newEncryptionKeys: encryptionKeys,\n newDelegatorSignatureKeys: exchangeData.delegator == self && details.verified ? signatureKeys : {},\n rawExchangeKey: details.exchangeKey,\n rawAccessControlSecret: details.accessControlSecret,\n rawSharedSignatureKey: details.sharedSignatureKey,\n })\n }\n }\n const importedDetails: {\n exchangeData: ExchangeData\n accessControlSecret: string\n exchangeKey: CryptoKey\n sharedSignatureKey: CryptoKey\n verified: boolean\n }[] = []\n for (const details of exchangeDataDetails) {\n const exchangeData = exchangeDataById[details.exchangeDataId]\n if (exchangeData != undefined)\n importedDetails.push({\n exchangeData: exchangeData,\n accessControlSecret: await this.base.importAccessControlSecret(details.accessControlSecret),\n exchangeKey: await this.base.importExchangeKey(details.exchangeKey),\n sharedSignatureKey: await this.base.importSharedSignatureKey(details.sharedSignatureKey),\n verified: details.verified,\n })\n }\n await this.cacheInjectedExchangeData(importedDetails)\n }\n\n protected abstract cacheInjectedExchangeData(\n exchangeDataDetails: {\n exchangeData: ExchangeData\n accessControlSecret: string\n exchangeKey: CryptoKey\n sharedSignatureKey: CryptoKey\n verified: boolean\n }[]\n ): Promise<void>\n}\n\nclass FullyCachedExchangeDataManager extends AbstractExchangeDataManager {\n private caches: Promise<{\n dataById: { [id: string]: CachedExchangeData }\n hashToId: { [hash: string]: string }\n delegateToVerifiedEncryptionDataId: { [delegate: string]: string }\n entityTypeToAccessControlKeysValue: { [entityType in EntityWithDelegationTypeName]?: string }\n }> = Promise.resolve({ dataById: {}, hashToId: {}, delegateToVerifiedEncryptionDataId: {}, entityTypeToAccessControlKeysValue: {} })\n private createExchangeDataMutex = new Mutex()\n\n async clearOrRepopulateCache(): Promise<void> {\n this.caches = this.doRepopulateCache()\n await this.caches\n }\n\n async getCachedDecryptionDataKeyByAccessControlHash(\n hashes: string[]\n ): Promise<{ [hash: string]: { exchangeData: ExchangeData; exchangeKey: CryptoKey; accessControlSecret: string } }> {\n function retrieveByHashesFromCaches(caches: {\n dataById: { [id: string]: CachedExchangeData }\n hashToId: { [hash: string]: string }\n delegateToVerifiedEncryptionDataId: { [delegate: string]: string }\n }): { [hash: string]: { exchangeData: ExchangeData; exchangeKey: CryptoKey; accessControlSecret: string } } {\n return hashes.reduce((res, hash) => {\n const id = caches.hashToId[hash]\n if (id) {\n const cached = caches.dataById[id]\n if (cached?.decrypted) {\n res[hash] = {\n exchangeData: cached.exchangeData,\n exchangeKey: cached.decrypted.exchangeKey,\n accessControlSecret: cached.decrypted.accessControlSecret,\n }\n }\n }\n return res\n }, {} as { [hash: string]: { exchangeData: ExchangeData; exchangeKey: CryptoKey; accessControlSecret: string } })\n }\n\n return retrieveByHashesFromCaches(await this.caches)\n }\n\n private async getCachedEncryptionDataTo(\n delegateId: string\n ): Promise<{ exchangeKey: CryptoKey; accessControlSecret: string; exchangeData: ExchangeData; sharedSignatureKey: CryptoKey } | undefined> {\n const caches = await this.caches\n const dataId = caches.delegateToVerifiedEncryptionDataId[delegateId]\n const cached = dataId ? caches.dataById[dataId] : undefined\n if (cached && cached?.decrypted) {\n return {\n exchangeData: cached.exchangeData,\n accessControlSecret: cached.decrypted.accessControlSecret,\n exchangeKey: cached.decrypted.exchangeKey,\n sharedSignatureKey: cached.decrypted.sharedSignatureKey,\n }\n } else {\n return undefined\n }\n }\n\n async getOrCreateEncryptionDataTo(\n delegateId: string,\n options?: {\n allowCreationWithoutDelegatorKey?: boolean\n allowCreationWithoutDelegateKey?: boolean\n }\n ): Promise<{ exchangeData: ExchangeData; accessControlSecret: string; exchangeKey: CryptoKey; sharedSignatureKey: CryptoKey }> {\n const initialCached = await this.getCachedEncryptionDataTo(delegateId)\n if (initialCached) return initialCached\n const release = await this.createExchangeDataMutex.acquire()\n try {\n const cachedAfterMutex = await this.getCachedEncryptionDataTo(delegateId)\n if (cachedAfterMutex) return cachedAfterMutex\n const created = await this.createNewExchangeData(delegateId, {\n allowNoDelegateKeys: options?.allowCreationWithoutDelegateKey ?? false,\n allowNoDelegatorKeys: options?.allowCreationWithoutDelegatorKey ?? false,\n })\n this.cacheData(created.exchangeData, true, {\n accessControlSecret: created.accessControlSecret,\n exchangeKey: created.exchangeKey,\n sharedSignatureKey: created.sharedSignatureKey,\n verified: true,\n })\n return created\n } finally {\n release()\n }\n }\n\n async getDecryptionDataKeyByIds(\n ids: string[],\n retrieveIfNotCached: boolean\n ): Promise<{\n [p: string]: {\n exchangeKey: CryptoKey | undefined\n accessControlSecret: string | undefined\n exchangeData: ExchangeData\n }\n }> {\n const caches = await this.caches\n const res: {\n [p: string]: {\n exchangeKey: CryptoKey | undefined\n accessControlSecret: string | undefined\n exchangeData: ExchangeData\n }\n } = {}\n for (const id of ids) {\n const data = caches.dataById[id]\n if (data) {\n res[id] = {\n exchangeData: data.exchangeData,\n exchangeKey: data.decrypted?.exchangeKey,\n accessControlSecret: data.decrypted?.accessControlSecret,\n }\n }\n }\n return res\n }\n\n private cacheData(\n exchangeData: ExchangeData,\n isNewData: boolean,\n decrypted: { accessControlSecret: string; exchangeKey: CryptoKey; verified: boolean; sharedSignatureKey: CryptoKey } | undefined\n ): void {\n this.caches = this.caches.then(async (caches) => {\n caches.dataById[exchangeData.id!] = { exchangeData, decrypted }\n if (decrypted) {\n const hashes = await this.accessControlSecret.allSecureDelegationKeysFor(decrypted.accessControlSecret)\n hashes.forEach((hash) => {\n caches.hashToId[hash] = exchangeData.id!\n })\n if (decrypted.verified) {\n caches.delegateToVerifiedEncryptionDataId[exchangeData.delegate] = exchangeData.id!\n }\n }\n if (isNewData) caches.entityTypeToAccessControlKeysValue = {}\n return caches\n })\n }\n\n private async doRepopulateCache(): Promise<{\n dataById: { [id: string]: CachedExchangeData }\n hashToId: { [hash: string]: string }\n delegateToVerifiedEncryptionDataId: { [delegate: string]: string }\n entityTypeToAccessControlKeysValue: { [entityType in EntityWithDelegationTypeName]?: string }\n }> {\n const allData = await this.base.getAllExchangeDataForCurrentDataOwnerIfAllowed()\n if (!allData) throw new Error('Impossible to use fully cached exchange data manager for current data owner.')\n const dataById: { [id: string]: CachedExchangeData } = {}\n const hashToId: { [hash: string]: string } = {}\n const delegateToVerifiedEncryptionDataId: { [delegate: string]: string } = {}\n for (const currData of allData) {\n const currDecrypted = await this.decryptData(currData)\n dataById[currData.id!] = { exchangeData: currData, decrypted: currDecrypted }\n if (currDecrypted?.verified) {\n delegateToVerifiedEncryptionDataId[currData.delegate] = currData.id!\n }\n if (currDecrypted?.accessControlSecret) {\n for (const h of await this.accessControlSecret.allSecureDelegationKeysFor(currDecrypted!.accessControlSecret)) {\n hashToId[h] = currData.id!\n }\n }\n }\n const entityTypeToAccessControlKeysValue: { [entityType in EntityWithDelegationTypeName]?: string } = {}\n return { dataById, hashToId, delegateToVerifiedEncryptionDataId, entityTypeToAccessControlKeysValue }\n }\n\n async getAccessControlKeysValue(entityType: EntityWithDelegationTypeName): Promise<string | undefined> {\n const caches = await this.caches\n const cached = caches.entityTypeToAccessControlKeysValue[entityType]\n if (cached) return cached\n const accessControlSecrets = Object.values(caches.dataById).flatMap((x) => (x.decrypted ? [x.decrypted.accessControlSecret] : []))\n const fullData = await this.accessControlSecret.getEncodedAccessControlKeys(accessControlSecrets, entityType)\n caches.entityTypeToAccessControlKeysValue[entityType] = fullData\n return fullData\n }\n\n async getAllDelegationKeys(entityType: EntityWithDelegationTypeName): Promise<string[] | undefined> {\n const caches = await this.caches\n const accessControlSecrets = Object.values(caches.dataById).flatMap((x) => (x.decrypted ? [x.decrypted.accessControlSecret] : []))\n const res: string[] = []\n for (const accessControlSecret of accessControlSecrets) {\n // Usage of sfks in secure delegation key should be configurable: it is not necessary for all users and it has some performance impact\n res.push(await this.accessControlSecret.secureDelegationKeyFor(accessControlSecret, entityType))\n }\n return res\n }\n\n protected async cacheInjectedExchangeData(\n exchangeDataDetails: {\n exchangeData: ExchangeData\n accessControlSecret: string\n exchangeKey: CryptoKey\n sharedSignatureKey: CryptoKey\n verified: boolean\n }[]\n ): Promise<void> {\n for (const details of exchangeDataDetails) {\n this.cacheData(details.exchangeData, true, {\n accessControlSecret: details.accessControlSecret,\n exchangeKey: details.exchangeKey,\n sharedSignatureKey: details.sharedSignatureKey,\n verified: details.verified,\n })\n }\n }\n}\n\nclass LimitedLruCacheExchangeDataManager extends AbstractExchangeDataManager {\n private readonly idToData: SimpleLruCache<string, CachedExchangeData & { hashes: string[] }> = new SimpleLruCache()\n private readonly hashToId: Map<string, string> = new Map()\n private readonly delegateToVerifiedEncryptionDataId: Map<string, string> = new Map()\n private readonly maxCachedExchangeData: number\n private readonly cacheMutex = new Mutex()\n\n constructor(\n base: BaseExchangeDataManager,\n encryptionKeys: UserEncryptionKeysManager,\n accessControlSecret: AccessControlSecretUtils,\n cryptoStrategies: CryptoStrategies,\n dataOwnerApi: IccDataOwnerXApi,\n primitives: CryptoPrimitives,\n useParentKeys: boolean,\n optionalParameters: {\n lruCacheSize?: number\n }\n ) {\n super(base, encryptionKeys, accessControlSecret, cryptoStrategies, dataOwnerApi, primitives, useParentKeys)\n this.maxCachedExchangeData = optionalParameters.lruCacheSize ?? 2000\n }\n\n async clearOrRepopulateCache(): Promise<void> {\n this.idToData.clear()\n this.hashToId.clear()\n this.delegateToVerifiedEncryptionDataId.clear()\n }\n\n async getCachedDecryptionDataKeyByAccessControlHash(\n hashes: string[]\n ): Promise<{ [p: string]: { exchangeData: ExchangeData; exchangeKey: CryptoKey; accessControlSecret: string } }> {\n const release = await this.cacheMutex.acquire()\n try {\n const res: {\n [p: string]: { exchangeData: ExchangeData; exchangeKey: CryptoKey; accessControlSecret: string }\n } = {}\n for (const hash of hashes) {\n const dataId = this.hashToId.get(hash)\n if (dataId) {\n const retrieved = this.idToData.getCached(dataId)\n if (!retrieved) throw new Error(`Data with id ${dataId} should have been already cached.`)\n if (retrieved.decrypted) {\n res[hash] = {\n exchangeData: retrieved.exchangeData,\n exchangeKey: retrieved.decrypted.exchangeKey,\n accessControlSecret: retrieved.decrypted.accessControlSecret,\n }\n }\n }\n }\n return res\n } finally {\n release()\n }\n }\n\n async getDecryptionDataKeyByIds(\n ids: string[],\n retrieveIfNotCached: boolean\n ): Promise<{\n [p: string]: {\n exchangeKey: CryptoKey | undefined\n accessControlSecret: string | undefined\n exchangeData: ExchangeData\n }\n }> {\n const release = await this.cacheMutex.acquire()\n try {\n const res: {\n [p: string]: {\n exchangeKey: CryptoKey | undefined\n accessControlSecret: string | undefined\n exchangeData: ExchangeData\n }\n } = {}\n const uncached: string[] = []\n for (const id of ids) {\n const cached: (CachedExchangeData & { hashes: string[] }) | null = this.idToData.getCached(id)\n if (cached) {\n res[id] = {\n exchangeKey: cached.decrypted?.exchangeKey,\n accessControlSecret: cached.decrypted?.accessControlSecret,\n exchangeData: cached.exchangeData,\n }\n } else if (retrieveIfNotCached) {\n uncached.push(id)\n }\n }\n if (uncached.length > 0) {\n const retrieved = await this.base.getExchangeDataByIds(uncached)\n for (const data of retrieved) {\n const decrypted = await this.decryptData(data)\n if (decrypted) {\n const hashes = await this.accessControlSecret.allSecureDelegationKeysFor(decrypted.accessControlSecret)\n this.addToCache({ exchangeData: data, hashes, decrypted })\n } else {\n this.addToCache({ exchangeData: data, hashes: [] })\n }\n res[data.id!] = {\n exchangeKey: decrypted?.exchangeKey,\n accessControlSecret: decrypted?.accessControlSecret,\n exchangeData: data,\n }\n }\n }\n return res\n } finally {\n release()\n }\n }\n\n async getOrCreateEncryptionDataTo(\n delegateId: string,\n options?: {\n allowCreationWithoutDelegatorKey?: boolean\n allowCreationWithoutDelegateKey?: boolean\n }\n ): Promise<{ exchangeData: ExchangeData; accessControlSecret: string; exchangeKey: CryptoKey; sharedSignatureKey: CryptoKey }> {\n const release = await this.cacheMutex.acquire()\n try {\n let existingId = this.delegateToVerifiedEncryptionDataId.get(delegateId)\n if (!existingId) {\n await this.populateCacheToDelegate(delegateId)\n existingId = this.delegateToVerifiedEncryptionDataId.get(delegateId)\n }\n if (existingId) {\n const cached = this.idToData.getCached(existingId)\n if (!cached) throw new Error(`Illegal state: data with id ${existingId} should have been in cache`)\n if (cached.decrypted) {\n return {\n exchangeData: cached.exchangeData,\n exchangeKey: cached.decrypted.exchangeKey,\n accessControlSecret: cached.decrypted.accessControlSecret,\n sharedSignatureKey: cached.decrypted.sharedSignatureKey,\n }\n } else throw new Error(`Illegal state: cached verified data should be decrypted.`)\n } else {\n const created = await this.createNewExchangeData(delegateId, {\n allowNoDelegateKeys: options?.allowCreationWithoutDelegateKey ?? false,\n allowNoDelegatorKeys: options?.allowCreationWithoutDelegatorKey ?? false,\n })\n const hashes = await this.accessControlSecret.allSecureDelegationKeysFor(created.accessControlSecret)\n const data = {\n exchangeData: created.exchangeData,\n decrypted: {\n accessControlSecret: created.accessControlSecret,\n exchangeKey: created.exchangeKey,\n sharedSignatureKey: created.sharedSignatureKey,\n verified: true,\n },\n hashes,\n }\n this.addToCache(data)\n return {\n exchangeData: data.exchangeData,\n exchangeKey: data.decrypted.exchangeKey,\n accessControlSecret: data.decrypted.accessControlSecret,\n sharedSignatureKey: data.decrypted.sharedSignatureKey,\n }\n }\n } finally {\n release()\n }\n }\n\n // Loads and adds to the cache all exchange data from the current data owner to the given delegate. Allows to check if there is already data from\n // the current data owner to the delegate which is good for encryption.\n private async populateCacheToDelegate(delegateId: string): Promise<void> {\n const dataToDelegate = await this.base.getExchangeDataByDelegatorDelegatePair(await this.dataOwnerApi.getCurrentDataOwnerId(), delegateId)\n for (const data of dataToDelegate) {\n const decrypted = await this.decryptData(data)\n if (decrypted) {\n const hashes = await this.accessControlSecret.allSecureDelegationKeysFor(decrypted.accessControlSecret)\n this.addToCache({ exchangeData: data, hashes, decrypted })\n } else {\n this.addToCache({ exchangeData: data, hashes: [] })\n }\n }\n }\n\n private addToCache(data: CachedExchangeData & { hashes: string[] }) {\n if (this.idToData.size >= this.maxCachedExchangeData) {\n this.evictOneEntry()\n }\n data.hashes.forEach((hash) => this.hashToId.set(hash, data.exchangeData.id!))\n if (data.decrypted?.verified && !this.delegateToVerifiedEncryptionDataId.has(data.exchangeData.delegate)) {\n this.delegateToVerifiedEncryptionDataId.set(data.exchangeData.delegate, data.exchangeData.id!)\n }\n this.idToData.set(data.exchangeData.id!, data)\n }\n\n private evictOneEntry() {\n const evicted = this.idToData.evictLeastRecentlyUsed()\n evicted.hashes.forEach((hash) => this.hashToId.delete(hash))\n if (this.delegateToVerifiedEncryptionDataId.get(evicted.exchangeData.delegate) === evicted.exchangeData.id) {\n this.delegateToVerifiedEncryptionDataId.delete(evicted.exchangeData.delegate)\n }\n }\n\n getAccessControlKeysValue(): Promise<string | undefined> {\n return Promise.resolve(undefined)\n }\n\n getAllDelegationKeys(): Promise<string[] | undefined> {\n return Promise.resolve(undefined)\n }\n\n protected async cacheInjectedExchangeData(\n exchangeDataDetails: {\n exchangeData: ExchangeData\n accessControlSecret: string\n exchangeKey: CryptoKey\n sharedSignatureKey: CryptoKey\n verified: boolean\n }[]\n ): Promise<void> {\n for (const details of exchangeDataDetails) {\n const hashes = await this.accessControlSecret.allSecureDelegationKeysFor(details.accessControlSecret)\n const data = {\n exchangeData: details.exchangeData,\n decrypted: {\n accessControlSecret: details.accessControlSecret,\n exchangeKey: details.exchangeKey,\n sharedSignatureKey: details.sharedSignatureKey,\n verified: details.verified,\n },\n hashes,\n }\n this.addToCache(data)\n }\n }\n}\n"]}
|