@icure/api 8.1.9 → 8.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (98) hide show
  1. package/icc-x-api/crypto/BaseExchangeDataManager.d.ts +19 -9
  2. package/icc-x-api/crypto/BaseExchangeDataManager.js +25 -5
  3. package/icc-x-api/crypto/BaseExchangeDataManager.js.map +1 -1
  4. package/icc-x-api/crypto/CryptoStrategies.d.ts +2 -1
  5. package/icc-x-api/crypto/CryptoStrategies.js.map +1 -1
  6. package/icc-x-api/crypto/DelegationsDeAnonymization.js +1 -1
  7. package/icc-x-api/crypto/DelegationsDeAnonymization.js.map +1 -1
  8. package/icc-x-api/crypto/ExchangeDataManager.d.ts +25 -2
  9. package/icc-x-api/crypto/ExchangeDataManager.js +98 -5
  10. package/icc-x-api/crypto/ExchangeDataManager.js.map +1 -1
  11. package/icc-x-api/crypto/ExtendedApisUtils.d.ts +3 -1
  12. package/icc-x-api/crypto/ExtendedApisUtils.js.map +1 -1
  13. package/icc-x-api/crypto/ExtendedApisUtilsImpl.d.ts +1 -1
  14. package/icc-x-api/crypto/ExtendedApisUtilsImpl.js +3 -3
  15. package/icc-x-api/crypto/ExtendedApisUtilsImpl.js.map +1 -1
  16. package/icc-x-api/crypto/SecureDelegationsManager.d.ts +3 -1
  17. package/icc-x-api/crypto/SecureDelegationsManager.js +10 -6
  18. package/icc-x-api/crypto/SecureDelegationsManager.js.map +1 -1
  19. package/icc-x-api/crypto/ShamirKeysManager.js +1 -1
  20. package/icc-x-api/crypto/ShamirKeysManager.js.map +1 -1
  21. package/icc-x-api/crypto/UserEncryptionKeysManager.d.ts +2 -1
  22. package/icc-x-api/crypto/UserEncryptionKeysManager.js +18 -1
  23. package/icc-x-api/crypto/UserEncryptionKeysManager.js.map +1 -1
  24. package/icc-x-api/crypto/utils.js +1 -1
  25. package/icc-x-api/crypto/utils.js.map +1 -1
  26. package/icc-x-api/icc-accesslog-x-api.d.ts +6 -0
  27. package/icc-x-api/icc-accesslog-x-api.js +6 -2
  28. package/icc-x-api/icc-accesslog-x-api.js.map +1 -1
  29. package/icc-x-api/icc-calendar-item-x-api.d.ts +4 -0
  30. package/icc-x-api/icc-calendar-item-x-api.js +3 -1
  31. package/icc-x-api/icc-calendar-item-x-api.js.map +1 -1
  32. package/icc-x-api/icc-classification-x-api.d.ts +3 -0
  33. package/icc-x-api/icc-classification-x-api.js +3 -1
  34. package/icc-x-api/icc-classification-x-api.js.map +1 -1
  35. package/icc-x-api/icc-contact-x-api.d.ts +3 -0
  36. package/icc-x-api/icc-contact-x-api.js +3 -1
  37. package/icc-x-api/icc-contact-x-api.js.map +1 -1
  38. package/icc-x-api/icc-crypto-x-api.d.ts +29 -0
  39. package/icc-x-api/icc-crypto-x-api.js +36 -0
  40. package/icc-x-api/icc-crypto-x-api.js.map +1 -1
  41. package/icc-x-api/icc-document-x-api.d.ts +3 -0
  42. package/icc-x-api/icc-document-x-api.js +3 -1
  43. package/icc-x-api/icc-document-x-api.js.map +1 -1
  44. package/icc-x-api/icc-form-x-api.d.ts +3 -0
  45. package/icc-x-api/icc-form-x-api.js +3 -1
  46. package/icc-x-api/icc-form-x-api.js.map +1 -1
  47. package/icc-x-api/icc-helement-x-api.d.ts +3 -0
  48. package/icc-x-api/icc-helement-x-api.js +3 -1
  49. package/icc-x-api/icc-helement-x-api.js.map +1 -1
  50. package/icc-x-api/icc-invoice-x-api.d.ts +3 -0
  51. package/icc-x-api/icc-invoice-x-api.js +3 -1
  52. package/icc-x-api/icc-invoice-x-api.js.map +1 -1
  53. package/icc-x-api/icc-maintenance-task-x-api.d.ts +3 -0
  54. package/icc-x-api/icc-maintenance-task-x-api.js +3 -1
  55. package/icc-x-api/icc-maintenance-task-x-api.js.map +1 -1
  56. package/icc-x-api/icc-message-x-api.d.ts +3 -0
  57. package/icc-x-api/icc-message-x-api.js +3 -1
  58. package/icc-x-api/icc-message-x-api.js.map +1 -1
  59. package/icc-x-api/icc-patient-x-api.d.ts +3 -0
  60. package/icc-x-api/icc-patient-x-api.js +6 -2
  61. package/icc-x-api/icc-patient-x-api.js.map +1 -1
  62. package/icc-x-api/icc-receipt-x-api.d.ts +3 -0
  63. package/icc-x-api/icc-receipt-x-api.js +3 -1
  64. package/icc-x-api/icc-receipt-x-api.js.map +1 -1
  65. package/icc-x-api/icc-recovery-x-api.js +8 -1
  66. package/icc-x-api/icc-recovery-x-api.js.map +1 -1
  67. package/icc-x-api/icc-time-table-x-api.d.ts +3 -0
  68. package/icc-x-api/icc-time-table-x-api.js +3 -1
  69. package/icc-x-api/icc-time-table-x-api.js.map +1 -1
  70. package/icc-x-api/icc-topic-x-api.d.ts +3 -0
  71. package/icc-x-api/icc-topic-x-api.js +3 -1
  72. package/icc-x-api/icc-topic-x-api.js.map +1 -1
  73. package/icc-x-api/index.d.ts +16 -0
  74. package/icc-x-api/index.js +8 -2
  75. package/icc-x-api/index.js.map +1 -1
  76. package/package.json +1 -1
  77. package/test/icc-x-api/autofix-anonymity-test.js +18 -4
  78. package/test/icc-x-api/autofix-anonymity-test.js.map +1 -1
  79. package/test/icc-x-api/crypto/exchange-data-manager-test.js +30 -30
  80. package/test/icc-x-api/crypto/exchange-data-manager-test.js.map +1 -1
  81. package/test/icc-x-api/crypto/secure-delegations-manager-test.js +2 -2
  82. package/test/icc-x-api/crypto/secure-delegations-manager-test.js.map +1 -1
  83. package/test/icc-x-api/icc-hcparty-x-api-test.js +2 -14
  84. package/test/icc-x-api/icc-hcparty-x-api-test.js.map +1 -1
  85. package/test/icc-x-api/keyless-api.d.ts +1 -0
  86. package/test/icc-x-api/keyless-api.js +125 -0
  87. package/test/icc-x-api/keyless-api.js.map +1 -0
  88. package/test/utils/FakeEncryptionKeysManager.js +1 -1
  89. package/test/utils/FakeEncryptionKeysManager.js.map +1 -1
  90. package/test/utils/FakeExchangeDataManager.d.ts +8 -0
  91. package/test/utils/FakeExchangeDataManager.js +3 -0
  92. package/test/utils/FakeExchangeDataManager.js.map +1 -1
  93. package/test/utils/KeylessCryptoStrategies.d.ts +23 -0
  94. package/test/utils/KeylessCryptoStrategies.js +26 -0
  95. package/test/utils/KeylessCryptoStrategies.js.map +1 -0
  96. package/test/utils/test_utils.d.ts +7 -0
  97. package/test/utils/test_utils.js +30 -1
  98. package/test/utils/test_utils.js.map +1 -1
@@ -121,4 +121,33 @@ export declare class IccCryptoXApi {
121
121
  * @return the spki representation of public keys of available keypairs for the current user.
122
122
  */
123
123
  getCurrentUserAvailablePublicKeysHex(verifiedOnly: boolean): Promise<string[]>;
124
+ /**
125
+ * The only way of creating exchange data to a delegate when the SDK runs in keyless mode.
126
+ * @param delegate a delegate, can't be the current data owner
127
+ * @return the created exchange data details. They can be used to inject the data in a separate instance of the SDK,
128
+ * allowing the data created by this instance to be retrieved.
129
+ */
130
+ keylessCreateExchangeDataTo(delegate: string): Promise<{
131
+ exchangeDataId: string;
132
+ accessControlSecret: ArrayBuffer;
133
+ exchangeKey: ArrayBuffer;
134
+ sharedSignatureKey: ArrayBuffer;
135
+ }>;
136
+ /**
137
+ * Allows injecting exchange data that would not be readable or decryptable by the SDK otherwise.
138
+ * IMPORTANT: the SDK will not check that the provided exchange data details are valid for the provided exchange data
139
+ * id. Providing invalid details could cause permanent corruption of data.
140
+ * @param details the details of the exchange data to inject. Set verified to true to allow this data to be used for
141
+ * encryption of new entity.
142
+ * @param reEncryptWithOwnKeys can only be true if the api wasn't initialized in keyless mode. If true the injected
143
+ * data will be re-encrypted with also the current data owner key, allowing to access it in future instances without
144
+ * having to re-inject it (as long as the instance has access to the current private key).
145
+ */
146
+ injectExchangeData(details: {
147
+ exchangeDataId: string;
148
+ accessControlSecret: ArrayBuffer;
149
+ exchangeKey: ArrayBuffer;
150
+ sharedSignatureKey: ArrayBuffer;
151
+ verified: boolean;
152
+ }[], reEncryptWithOwnKeys: boolean): Promise<void>;
124
153
  }
@@ -143,6 +143,42 @@ class IccCryptoXApi {
143
143
  return this._keyManager.getCurrentUserAvailablePublicKeysHex(verifiedOnly);
144
144
  });
145
145
  }
146
+ /**
147
+ * The only way of creating exchange data to a delegate when the SDK runs in keyless mode.
148
+ * @param delegate a delegate, can't be the current data owner
149
+ * @return the created exchange data details. They can be used to inject the data in a separate instance of the SDK,
150
+ * allowing the data created by this instance to be retrieved.
151
+ */
152
+ keylessCreateExchangeDataTo(delegate) {
153
+ return __awaiter(this, void 0, void 0, function* () {
154
+ if (delegate == (yield this._dataOwnerApi.getCurrentDataOwnerId()))
155
+ throw new Error("Can't create exchange data to yourself in keyless mode.");
156
+ if (this.userKeysManager.getSelfVerifiedKeys().length > 0)
157
+ throw new Error('This method can only be used in keyless mode.');
158
+ const created = yield this.exchangeData.getOrCreateEncryptionDataTo(delegate, { allowCreationWithoutDelegatorKey: true });
159
+ return {
160
+ exchangeDataId: created.exchangeData.id,
161
+ accessControlSecret: yield this.exchangeData.base.exportAccessControlSecret(created.accessControlSecret),
162
+ exchangeKey: yield this.exchangeData.base.exportExchangeKey(created.exchangeKey),
163
+ sharedSignatureKey: yield this.exchangeData.base.exportSharedSignatureKey(created.sharedSignatureKey),
164
+ };
165
+ });
166
+ }
167
+ /**
168
+ * Allows injecting exchange data that would not be readable or decryptable by the SDK otherwise.
169
+ * IMPORTANT: the SDK will not check that the provided exchange data details are valid for the provided exchange data
170
+ * id. Providing invalid details could cause permanent corruption of data.
171
+ * @param details the details of the exchange data to inject. Set verified to true to allow this data to be used for
172
+ * encryption of new entity.
173
+ * @param reEncryptWithOwnKeys can only be true if the api wasn't initialized in keyless mode. If true the injected
174
+ * data will be re-encrypted with also the current data owner key, allowing to access it in future instances without
175
+ * having to re-inject it (as long as the instance has access to the current private key).
176
+ */
177
+ injectExchangeData(details, reEncryptWithOwnKeys) {
178
+ return __awaiter(this, void 0, void 0, function* () {
179
+ yield this.exchangeData.injectDecryptedExchangeData(details, reEncryptWithOwnKeys);
180
+ });
181
+ }
146
182
  }
147
183
  exports.IccCryptoXApi = IccCryptoXApi;
148
184
  //# sourceMappingURL=icc-crypto-x-api.js.map
@@ -1 +1 @@
1
- {"version":3,"file":"icc-crypto-x-api.js","sourceRoot":"","sources":["../../icc-x-api/icc-crypto-x-api.ts"],"names":[],"mappings":";;;;;;;;;;;;AAaA,MAAa,aAAa;IACxB;;OAEG;IACH,IAAI,UAAU;QACZ,OAAO,IAAI,CAAC,iBAAiB,CAAA;IAC/B,CAAC;IAED;;OAEG;IACH,IAAI,YAAY;QACd,OAAO,IAAI,CAAC,oBAAoB,CAAA;IAClC,CAAC;IAED;;OAEG;IACH,IAAI,UAAU;QACZ,OAAO,IAAI,CAAC,WAAW,CAAA;IACzB,CAAC;IAED;;OAEG;IACH,IAAI,OAAO;QACT,OAAO,IAAI,CAAC,QAAQ,CAAA;IACtB,CAAC;IAED;;OAEG;IACH,IAAI,IAAI;QACN,OAAO,IAAI,CAAC,SAAS,CAAA;IACvB,CAAC;IAED;;OAEG;IACH,IAAI,YAAY;QACd,OAAO,IAAI,CAAC,oBAAoB,CAAA;IAClC,CAAC;IAED;;OAEG;IACH,IAAI,wBAAwB;QAC1B,OAAO,IAAI,CAAC,yBAAyB,CAAA;IACvC,CAAC;IAED;;OAEG;IACH,IAAI,eAAe;QACjB,OAAO,IAAI,CAAC,WAAW,CAAA;IACzB,CAAC;IAED;;OAEG;IACH,IAAI,iBAAiB;QACnB,OAAO,IAAI,CAAC,cAAc,CAAA;IAC5B,CAAC;IAED;;OAEG;IACH,IAAI,0BAA0B;QAC5B,OAAO,IAAI,CAAC,2BAA2B,CAAA;IACzC,CAAC;IAED;;OAEG;IACH,YACmB,oBAAyC,EACzC,iBAAmC,EACnC,WAAsC,EACtC,aAA+B,EAC/B,SAA4B,EAC5B,cAAiC,EACjC,QAA+B,EAC/B,WAA6B,EAC7B,oBAAyC,EACzC,yBAA2D,EAC3D,2BAAuD;QAVvD,yBAAoB,GAApB,oBAAoB,CAAqB;QACzC,sBAAiB,GAAjB,iBAAiB,CAAkB;QACnC,gBAAW,GAAX,WAAW,CAA2B;QACtC,kBAAa,GAAb,aAAa,CAAkB;QAC/B,cAAS,GAAT,SAAS,CAAmB;QAC5B,mBAAc,GAAd,cAAc,CAAmB;QACjC,aAAQ,GAAR,QAAQ,CAAuB;QAC/B,gBAAW,GAAX,WAAW,CAAkB;QAC7B,yBAAoB,GAApB,oBAAoB,CAAqB;QACzC,8BAAyB,GAAzB,yBAAyB,CAAkC;QAC3D,gCAA2B,GAA3B,2BAA2B,CAA4B;IACvE,CAAC;IAEJ;;;;OAIG;IACG,WAAW;;YACf,MAAM,IAAI,CAAC,oBAAoB,CAAC,WAAW,EAAE,CAAA;YAC7C,IAAI,CAAC,aAAa,CAAC,6BAA6B,EAAE,CAAA;YAClD,MAAM,IAAI,CAAC,WAAW,CAAC,UAAU,EAAE,CAAA;YACnC,MAAM,IAAI,CAAC,oBAAoB,CAAC,sBAAsB,EAAE,CAAA;QAC1D,CAAC;KAAA;IAED;;;;;;;OAOG;IACH,oDAAoD;QAUlD,OAAO,IAAI,CAAC,WAAW,CAAC,wCAAwC,EAAE,CAAA;IACpE,CAAC;IAED;;;;OAIG;IACH,wBAAwB,CAAC,WAAmB;QAC1C,OAAO,IAAI,CAAC,WAAW,CAAC,wBAAwB,CAAC,WAAW,CAAC,CAAA;IAC/D,CAAC;IAED;;;;;OAKG;IACG,6CAA6C;;YACjD,OAAO,IAAI,CAAC,WAAW,CAAC,6CAA6C,EAAE,CAAA;QACzE,CAAC;KAAA;IAED;;;;;;;OAOG;IACG,oCAAoC,CAAC,YAAqB;;YAC9D,OAAO,IAAI,CAAC,WAAW,CAAC,oCAAoC,CAAC,YAAY,CAAC,CAAA;QAC5E,CAAC;KAAA;CACF;AAvJD,sCAuJC","sourcesContent":["import { StorageFacade } from './storage/StorageFacade'\nimport { KeyStorageFacade } from './storage/KeyStorageFacade'\nimport { ExchangeKeysManager } from './crypto/ExchangeKeysManager'\nimport { CryptoPrimitives } from './crypto/CryptoPrimitives'\nimport { UserEncryptionKeysManager } from './crypto/UserEncryptionKeysManager'\nimport { IccDataOwnerXApi } from './icc-data-owner-x-api'\nimport { ExtendedApisUtils } from './crypto/ExtendedApisUtils'\nimport { ShamirKeysManager } from './crypto/ShamirKeysManager'\nimport { ExchangeDataManager } from './crypto/ExchangeDataManager'\nimport { AccessControlKeysHeadersProvider } from './crypto/AccessControlKeysHeadersProvider'\nimport { KeyPair } from './crypto/RSA'\nimport { DelegationsDeAnonymization } from './crypto/DelegationsDeAnonymization'\n\nexport class IccCryptoXApi {\n /**\n * The instance of {@link CryptoPrimitives} used by this instance of the iCure SDK.\n */\n get primitives(): CryptoPrimitives {\n return this._cryptoPrimitives\n }\n\n /**\n * @internal this method is for internal use only and may be changed without notice.\n */\n get exchangeKeys(): ExchangeKeysManager {\n return this._exchangeKeysManager\n }\n\n /**\n * @internal this is for internal use only and may be changed without notice.\n */\n get keyStorage(): KeyStorageFacade {\n return this._keyStorage\n }\n\n /**\n * @internal this is for internal use only and may be changed without notice.\n */\n get storage(): StorageFacade<string> {\n return this._storage\n }\n\n /**\n * @internal this is for internal use only and may be changed without notice.\n */\n get xapi(): ExtendedApisUtils {\n return this.xapiUtils\n }\n\n /**\n * @internal this is for internal use only and may be changed without notice.\n */\n get exchangeData(): ExchangeDataManager {\n return this._exchangeDataManager\n }\n\n /**\n * @internal this is for internal use only and may be changed without notice.\n */\n get accessControlKeysHeaders(): AccessControlKeysHeadersProvider {\n return this._accessControlKeysHeaders\n }\n\n /**\n * @internal this is for internal use only and may be changed without notice.\n */\n get userKeysManager(): UserEncryptionKeysManager {\n return this._keyManager\n }\n\n /**\n * @internal this is for internal use only and may be changed without notice.\n */\n get shamirKeysManager(): ShamirKeysManager {\n return this._shamirManager\n }\n\n /**\n * @internal this is for internal use only and may be changed without notice.\n */\n get delegationsDeAnonymization(): DelegationsDeAnonymization {\n return this._delegationsDeAnonymisation\n }\n\n /**\n * @internal\n */\n constructor(\n private readonly _exchangeKeysManager: ExchangeKeysManager,\n private readonly _cryptoPrimitives: CryptoPrimitives,\n private readonly _keyManager: UserEncryptionKeysManager,\n private readonly _dataOwnerApi: IccDataOwnerXApi,\n private readonly xapiUtils: ExtendedApisUtils,\n private readonly _shamirManager: ShamirKeysManager,\n private readonly _storage: StorageFacade<string>,\n private readonly _keyStorage: KeyStorageFacade,\n private readonly _exchangeDataManager: ExchangeDataManager,\n private readonly _accessControlKeysHeaders: AccessControlKeysHeadersProvider,\n private readonly _delegationsDeAnonymisation: DelegationsDeAnonymization\n ) {}\n\n /**\n * Deletes values cached by the crypto api, to allow to detect changes in stored key pairs, exchange keys and/or current data owner details.\n * This method may be useful in cases where a user is logged in from multiple devices or in cases where other users have just shared some data with\n * the current user for the first time.\n */\n async forceReload() {\n await this._exchangeKeysManager.reloadCache()\n this._dataOwnerApi.clearCurrentDataOwnerIdsCache()\n await this._keyManager.reloadKeys()\n await this._exchangeDataManager.clearOrRepopulateCache()\n }\n\n /**\n * Get all key pairs available for the decrpytion and encryption of data to the current data owner. These include the key pairs from the data owner\n * and his parents.\n * @return an object with:\n * - `self` an object containing the current data owner id and the list of key pairs available for the current data owner with verification details.\n * - `parents` the list of parents to the current data owner with the list of key pairs available for each parent. The list is ordered from the\n * topmost ancestor (at index 0) to the direct parent of the current data owner (at the last index, may be 0).\n */\n getEncryptionDecryptionKeypairsForDataOwnerHierarchy(): Promise<{\n self: {\n dataOwnerId: string\n keys: { pair: KeyPair<CryptoKey>; verified: boolean }[]\n }\n parents: {\n dataOwnerId: string\n keys: { pair: KeyPair<CryptoKey>; verified: boolean }[]\n }[]\n }> {\n return this._keyManager.getCurrentUserHierarchyAvailableKeypairs()\n }\n\n /**\n * Get a key pair with the provided fingerprint if present.\n * @param fingerprint a key-pair/public-key fingerprint\n * @return the pair associated to the fingerprint and a boolean indicating if the pair is verified, if present, else undefined\n */\n getKeyPairForFingerprint(fingerprint: string): { pair: KeyPair<CryptoKey>; verified: boolean } | undefined {\n return this._keyManager.getKeyPairForFingerprint(fingerprint)\n }\n\n /**\n * Get the public keys of available key pairs for the current user and his parents in hex-encoded spki representation (uses cached keys: no request\n * is done to the server).\n * Note that this will also include unverified keys.\n * @return the spki representation of public keys of available keypairs for the current user.\n */\n async getCurrentUserHierarchyAvailablePublicKeysHex(): Promise<string[]> {\n return this._keyManager.getCurrentUserHierarchyAvailablePublicKeysHex()\n }\n\n /**\n * Get the public keys of available key pairs for the current user in hex-encoded spki representation (uses cached keys: no request is done to the\n * server).\n * By setting {@link verifiedOnly} to true only the public keys for verified key pairs will be returned: these will include only key pairs created\n * on this device or which have been verified using {@link CryptoStrategies} on this device.\n * @param verifiedOnly if true only the verified public keys will be returned.\n * @return the spki representation of public keys of available keypairs for the current user.\n */\n async getCurrentUserAvailablePublicKeysHex(verifiedOnly: boolean): Promise<string[]> {\n return this._keyManager.getCurrentUserAvailablePublicKeysHex(verifiedOnly)\n }\n}\n"]}
1
+ {"version":3,"file":"icc-crypto-x-api.js","sourceRoot":"","sources":["../../icc-x-api/icc-crypto-x-api.ts"],"names":[],"mappings":";;;;;;;;;;;;AAaA,MAAa,aAAa;IACxB;;OAEG;IACH,IAAI,UAAU;QACZ,OAAO,IAAI,CAAC,iBAAiB,CAAA;IAC/B,CAAC;IAED;;OAEG;IACH,IAAI,YAAY;QACd,OAAO,IAAI,CAAC,oBAAoB,CAAA;IAClC,CAAC;IAED;;OAEG;IACH,IAAI,UAAU;QACZ,OAAO,IAAI,CAAC,WAAW,CAAA;IACzB,CAAC;IAED;;OAEG;IACH,IAAI,OAAO;QACT,OAAO,IAAI,CAAC,QAAQ,CAAA;IACtB,CAAC;IAED;;OAEG;IACH,IAAI,IAAI;QACN,OAAO,IAAI,CAAC,SAAS,CAAA;IACvB,CAAC;IAED;;OAEG;IACH,IAAI,YAAY;QACd,OAAO,IAAI,CAAC,oBAAoB,CAAA;IAClC,CAAC;IAED;;OAEG;IACH,IAAI,wBAAwB;QAC1B,OAAO,IAAI,CAAC,yBAAyB,CAAA;IACvC,CAAC;IAED;;OAEG;IACH,IAAI,eAAe;QACjB,OAAO,IAAI,CAAC,WAAW,CAAA;IACzB,CAAC;IAED;;OAEG;IACH,IAAI,iBAAiB;QACnB,OAAO,IAAI,CAAC,cAAc,CAAA;IAC5B,CAAC;IAED;;OAEG;IACH,IAAI,0BAA0B;QAC5B,OAAO,IAAI,CAAC,2BAA2B,CAAA;IACzC,CAAC;IAED;;OAEG;IACH,YACmB,oBAAyC,EACzC,iBAAmC,EACnC,WAAsC,EACtC,aAA+B,EAC/B,SAA4B,EAC5B,cAAiC,EACjC,QAA+B,EAC/B,WAA6B,EAC7B,oBAAyC,EACzC,yBAA2D,EAC3D,2BAAuD;QAVvD,yBAAoB,GAApB,oBAAoB,CAAqB;QACzC,sBAAiB,GAAjB,iBAAiB,CAAkB;QACnC,gBAAW,GAAX,WAAW,CAA2B;QACtC,kBAAa,GAAb,aAAa,CAAkB;QAC/B,cAAS,GAAT,SAAS,CAAmB;QAC5B,mBAAc,GAAd,cAAc,CAAmB;QACjC,aAAQ,GAAR,QAAQ,CAAuB;QAC/B,gBAAW,GAAX,WAAW,CAAkB;QAC7B,yBAAoB,GAApB,oBAAoB,CAAqB;QACzC,8BAAyB,GAAzB,yBAAyB,CAAkC;QAC3D,gCAA2B,GAA3B,2BAA2B,CAA4B;IACvE,CAAC;IAEJ;;;;OAIG;IACG,WAAW;;YACf,MAAM,IAAI,CAAC,oBAAoB,CAAC,WAAW,EAAE,CAAA;YAC7C,IAAI,CAAC,aAAa,CAAC,6BAA6B,EAAE,CAAA;YAClD,MAAM,IAAI,CAAC,WAAW,CAAC,UAAU,EAAE,CAAA;YACnC,MAAM,IAAI,CAAC,oBAAoB,CAAC,sBAAsB,EAAE,CAAA;QAC1D,CAAC;KAAA;IAED;;;;;;;OAOG;IACH,oDAAoD;QAUlD,OAAO,IAAI,CAAC,WAAW,CAAC,wCAAwC,EAAE,CAAA;IACpE,CAAC;IAED;;;;OAIG;IACH,wBAAwB,CAAC,WAAmB;QAC1C,OAAO,IAAI,CAAC,WAAW,CAAC,wBAAwB,CAAC,WAAW,CAAC,CAAA;IAC/D,CAAC;IAED;;;;;OAKG;IACG,6CAA6C;;YACjD,OAAO,IAAI,CAAC,WAAW,CAAC,6CAA6C,EAAE,CAAA;QACzE,CAAC;KAAA;IAED;;;;;;;OAOG;IACG,oCAAoC,CAAC,YAAqB;;YAC9D,OAAO,IAAI,CAAC,WAAW,CAAC,oCAAoC,CAAC,YAAY,CAAC,CAAA;QAC5E,CAAC;KAAA;IAED;;;;;OAKG;IACG,2BAA2B,CAAC,QAAgB;;YAMhD,IAAI,QAAQ,IAAI,CAAC,MAAM,IAAI,CAAC,aAAa,CAAC,qBAAqB,EAAE,CAAC;gBAAE,MAAM,IAAI,KAAK,CAAC,yDAAyD,CAAC,CAAA;YAC9I,IAAI,IAAI,CAAC,eAAe,CAAC,mBAAmB,EAAE,CAAC,MAAM,GAAG,CAAC;gBAAE,MAAM,IAAI,KAAK,CAAC,+CAA+C,CAAC,CAAA;YAC3H,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,2BAA2B,CAAC,QAAQ,EAAE,EAAE,gCAAgC,EAAE,IAAI,EAAE,CAAC,CAAA;YACzH,OAAO;gBACL,cAAc,EAAE,OAAO,CAAC,YAAY,CAAC,EAAG;gBACxC,mBAAmB,EAAE,MAAM,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,yBAAyB,CAAC,OAAO,CAAC,mBAAmB,CAAC;gBACxG,WAAW,EAAE,MAAM,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,iBAAiB,CAAC,OAAO,CAAC,WAAW,CAAC;gBAChF,kBAAkB,EAAE,MAAM,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,wBAAwB,CAAC,OAAO,CAAC,kBAAkB,CAAC;aACtG,CAAA;QACH,CAAC;KAAA;IAED;;;;;;;;;OASG;IACG,kBAAkB,CACtB,OAMG,EACH,oBAA6B;;YAE7B,MAAM,IAAI,CAAC,YAAY,CAAC,2BAA2B,CAAC,OAAO,EAAE,oBAAoB,CAAC,CAAA;QACpF,CAAC;KAAA;CACF;AArMD,sCAqMC","sourcesContent":["import { StorageFacade } from './storage/StorageFacade'\nimport { KeyStorageFacade } from './storage/KeyStorageFacade'\nimport { ExchangeKeysManager } from './crypto/ExchangeKeysManager'\nimport { CryptoPrimitives } from './crypto/CryptoPrimitives'\nimport { UserEncryptionKeysManager } from './crypto/UserEncryptionKeysManager'\nimport { IccDataOwnerXApi } from './icc-data-owner-x-api'\nimport { ExtendedApisUtils } from './crypto/ExtendedApisUtils'\nimport { ShamirKeysManager } from './crypto/ShamirKeysManager'\nimport { ExchangeDataManager } from './crypto/ExchangeDataManager'\nimport { AccessControlKeysHeadersProvider } from './crypto/AccessControlKeysHeadersProvider'\nimport { KeyPair } from './crypto/RSA'\nimport { DelegationsDeAnonymization } from './crypto/DelegationsDeAnonymization'\n\nexport class IccCryptoXApi {\n /**\n * The instance of {@link CryptoPrimitives} used by this instance of the iCure SDK.\n */\n get primitives(): CryptoPrimitives {\n return this._cryptoPrimitives\n }\n\n /**\n * @internal this method is for internal use only and may be changed without notice.\n */\n get exchangeKeys(): ExchangeKeysManager {\n return this._exchangeKeysManager\n }\n\n /**\n * @internal this is for internal use only and may be changed without notice.\n */\n get keyStorage(): KeyStorageFacade {\n return this._keyStorage\n }\n\n /**\n * @internal this is for internal use only and may be changed without notice.\n */\n get storage(): StorageFacade<string> {\n return this._storage\n }\n\n /**\n * @internal this is for internal use only and may be changed without notice.\n */\n get xapi(): ExtendedApisUtils {\n return this.xapiUtils\n }\n\n /**\n * @internal this is for internal use only and may be changed without notice.\n */\n get exchangeData(): ExchangeDataManager {\n return this._exchangeDataManager\n }\n\n /**\n * @internal this is for internal use only and may be changed without notice.\n */\n get accessControlKeysHeaders(): AccessControlKeysHeadersProvider {\n return this._accessControlKeysHeaders\n }\n\n /**\n * @internal this is for internal use only and may be changed without notice.\n */\n get userKeysManager(): UserEncryptionKeysManager {\n return this._keyManager\n }\n\n /**\n * @internal this is for internal use only and may be changed without notice.\n */\n get shamirKeysManager(): ShamirKeysManager {\n return this._shamirManager\n }\n\n /**\n * @internal this is for internal use only and may be changed without notice.\n */\n get delegationsDeAnonymization(): DelegationsDeAnonymization {\n return this._delegationsDeAnonymisation\n }\n\n /**\n * @internal\n */\n constructor(\n private readonly _exchangeKeysManager: ExchangeKeysManager,\n private readonly _cryptoPrimitives: CryptoPrimitives,\n private readonly _keyManager: UserEncryptionKeysManager,\n private readonly _dataOwnerApi: IccDataOwnerXApi,\n private readonly xapiUtils: ExtendedApisUtils,\n private readonly _shamirManager: ShamirKeysManager,\n private readonly _storage: StorageFacade<string>,\n private readonly _keyStorage: KeyStorageFacade,\n private readonly _exchangeDataManager: ExchangeDataManager,\n private readonly _accessControlKeysHeaders: AccessControlKeysHeadersProvider,\n private readonly _delegationsDeAnonymisation: DelegationsDeAnonymization\n ) {}\n\n /**\n * Deletes values cached by the crypto api, to allow to detect changes in stored key pairs, exchange keys and/or current data owner details.\n * This method may be useful in cases where a user is logged in from multiple devices or in cases where other users have just shared some data with\n * the current user for the first time.\n */\n async forceReload() {\n await this._exchangeKeysManager.reloadCache()\n this._dataOwnerApi.clearCurrentDataOwnerIdsCache()\n await this._keyManager.reloadKeys()\n await this._exchangeDataManager.clearOrRepopulateCache()\n }\n\n /**\n * Get all key pairs available for the decrpytion and encryption of data to the current data owner. These include the key pairs from the data owner\n * and his parents.\n * @return an object with:\n * - `self` an object containing the current data owner id and the list of key pairs available for the current data owner with verification details.\n * - `parents` the list of parents to the current data owner with the list of key pairs available for each parent. The list is ordered from the\n * topmost ancestor (at index 0) to the direct parent of the current data owner (at the last index, may be 0).\n */\n getEncryptionDecryptionKeypairsForDataOwnerHierarchy(): Promise<{\n self: {\n dataOwnerId: string\n keys: { pair: KeyPair<CryptoKey>; verified: boolean }[]\n }\n parents: {\n dataOwnerId: string\n keys: { pair: KeyPair<CryptoKey>; verified: boolean }[]\n }[]\n }> {\n return this._keyManager.getCurrentUserHierarchyAvailableKeypairs()\n }\n\n /**\n * Get a key pair with the provided fingerprint if present.\n * @param fingerprint a key-pair/public-key fingerprint\n * @return the pair associated to the fingerprint and a boolean indicating if the pair is verified, if present, else undefined\n */\n getKeyPairForFingerprint(fingerprint: string): { pair: KeyPair<CryptoKey>; verified: boolean } | undefined {\n return this._keyManager.getKeyPairForFingerprint(fingerprint)\n }\n\n /**\n * Get the public keys of available key pairs for the current user and his parents in hex-encoded spki representation (uses cached keys: no request\n * is done to the server).\n * Note that this will also include unverified keys.\n * @return the spki representation of public keys of available keypairs for the current user.\n */\n async getCurrentUserHierarchyAvailablePublicKeysHex(): Promise<string[]> {\n return this._keyManager.getCurrentUserHierarchyAvailablePublicKeysHex()\n }\n\n /**\n * Get the public keys of available key pairs for the current user in hex-encoded spki representation (uses cached keys: no request is done to the\n * server).\n * By setting {@link verifiedOnly} to true only the public keys for verified key pairs will be returned: these will include only key pairs created\n * on this device or which have been verified using {@link CryptoStrategies} on this device.\n * @param verifiedOnly if true only the verified public keys will be returned.\n * @return the spki representation of public keys of available keypairs for the current user.\n */\n async getCurrentUserAvailablePublicKeysHex(verifiedOnly: boolean): Promise<string[]> {\n return this._keyManager.getCurrentUserAvailablePublicKeysHex(verifiedOnly)\n }\n\n /**\n * The only way of creating exchange data to a delegate when the SDK runs in keyless mode.\n * @param delegate a delegate, can't be the current data owner\n * @return the created exchange data details. They can be used to inject the data in a separate instance of the SDK,\n * allowing the data created by this instance to be retrieved.\n */\n async keylessCreateExchangeDataTo(delegate: string): Promise<{\n exchangeDataId: string\n accessControlSecret: ArrayBuffer\n exchangeKey: ArrayBuffer\n sharedSignatureKey: ArrayBuffer\n }> {\n if (delegate == (await this._dataOwnerApi.getCurrentDataOwnerId())) throw new Error(\"Can't create exchange data to yourself in keyless mode.\")\n if (this.userKeysManager.getSelfVerifiedKeys().length > 0) throw new Error('This method can only be used in keyless mode.')\n const created = await this.exchangeData.getOrCreateEncryptionDataTo(delegate, { allowCreationWithoutDelegatorKey: true })\n return {\n exchangeDataId: created.exchangeData.id!,\n accessControlSecret: await this.exchangeData.base.exportAccessControlSecret(created.accessControlSecret),\n exchangeKey: await this.exchangeData.base.exportExchangeKey(created.exchangeKey),\n sharedSignatureKey: await this.exchangeData.base.exportSharedSignatureKey(created.sharedSignatureKey),\n }\n }\n\n /**\n * Allows injecting exchange data that would not be readable or decryptable by the SDK otherwise.\n * IMPORTANT: the SDK will not check that the provided exchange data details are valid for the provided exchange data\n * id. Providing invalid details could cause permanent corruption of data.\n * @param details the details of the exchange data to inject. Set verified to true to allow this data to be used for\n * encryption of new entity.\n * @param reEncryptWithOwnKeys can only be true if the api wasn't initialized in keyless mode. If true the injected\n * data will be re-encrypted with also the current data owner key, allowing to access it in future instances without\n * having to re-inject it (as long as the instance has access to the current private key).\n */\n async injectExchangeData(\n details: {\n exchangeDataId: string\n accessControlSecret: ArrayBuffer\n exchangeKey: ArrayBuffer\n sharedSignatureKey: ArrayBuffer\n verified: boolean\n }[],\n reEncryptWithOwnKeys: boolean\n ) {\n await this.exchangeData.injectDecryptedExchangeData(details, reEncryptWithOwnKeys)\n }\n}\n"]}
@@ -48,6 +48,8 @@ export declare class IccDocumentXApi extends IccDocumentApi implements Encrypted
48
48
  * auto-delegations, in such case the access level specified here will be used.
49
49
  * - preferredSfk: secret id of the message to use as the secret foreign key to use for the document. The default value will be a
50
50
  * secret id of the message known by the topmost parent in the current data owner hierarchy.
51
+ * - alternateRootDelegation: by default a new entity is created with a root delegation from self to self. In keyless mode this is not possible,
52
+ * and instead the root delegation will be from self to another. You have to specify which delegate will be part of the root delegation.
51
53
  * @return a new instance of document.
52
54
  */
53
55
  newInstance(user: models.User, message?: models.Message, c?: any, options?: {
@@ -55,6 +57,7 @@ export declare class IccDocumentXApi extends IccDocumentApi implements Encrypted
55
57
  [dataOwnerId: string]: AccessLevelEnum;
56
58
  };
57
59
  sfkOption?: SecretIdUseOption;
60
+ alternateRootDelegation?: string;
58
61
  }): Promise<models.Document>;
59
62
  /**
60
63
  * @deprecated use {@link findIdsByMessage} instead.
@@ -439,6 +439,8 @@ class IccDocumentXApi extends icc_api_1.IccDocumentApi {
439
439
  * auto-delegations, in such case the access level specified here will be used.
440
440
  * - preferredSfk: secret id of the message to use as the secret foreign key to use for the document. The default value will be a
441
441
  * secret id of the message known by the topmost parent in the current data owner hierarchy.
442
+ * - alternateRootDelegation: by default a new entity is created with a root delegation from self to self. In keyless mode this is not possible,
443
+ * and instead the root delegation will be from self to another. You have to specify which delegate will be part of the root delegation.
442
444
  * @return a new instance of document.
443
445
  */
444
446
  newInstance(user, message, c = {}, options = {}) {
@@ -453,7 +455,7 @@ class IccDocumentXApi extends icc_api_1.IccDocumentApi {
453
455
  : [];
454
456
  const extraDelegations = Object.assign(Object.assign({}, Object.fromEntries([...((_k = (_j = user.autoDelegations) === null || _j === void 0 ? void 0 : _j.all) !== null && _k !== void 0 ? _k : []), ...((_m = (_l = user.autoDelegations) === null || _l === void 0 ? void 0 : _l.medicalInformation) !== null && _m !== void 0 ? _m : [])].map((d) => [d, AccessLevelEnum.WRITE]))), ((_o = options === null || options === void 0 ? void 0 : options.additionalDelegates) !== null && _o !== void 0 ? _o : {}));
455
457
  return new models.Document(yield this.crypto.xapi
456
- .entityWithInitialisedEncryptedMetadata(document, utils_1.EntityWithDelegationTypeName.Document, message === null || message === void 0 ? void 0 : message.id, sfk, true, extraDelegations)
458
+ .entityWithInitialisedEncryptedMetadata(document, utils_1.EntityWithDelegationTypeName.Document, message === null || message === void 0 ? void 0 : message.id, sfk, true, extraDelegations, options.alternateRootDelegation)
457
459
  .then((x) => x.updatedEntity));
458
460
  });
459
461
  }