@icure/api 8.1.9 → 8.2.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/icc-x-api/crypto/BaseExchangeDataManager.d.ts +19 -9
- package/icc-x-api/crypto/BaseExchangeDataManager.js +25 -5
- package/icc-x-api/crypto/BaseExchangeDataManager.js.map +1 -1
- package/icc-x-api/crypto/CryptoStrategies.d.ts +2 -1
- package/icc-x-api/crypto/CryptoStrategies.js.map +1 -1
- package/icc-x-api/crypto/DelegationsDeAnonymization.js +1 -1
- package/icc-x-api/crypto/DelegationsDeAnonymization.js.map +1 -1
- package/icc-x-api/crypto/ExchangeDataManager.d.ts +25 -2
- package/icc-x-api/crypto/ExchangeDataManager.js +98 -5
- package/icc-x-api/crypto/ExchangeDataManager.js.map +1 -1
- package/icc-x-api/crypto/ExtendedApisUtils.d.ts +3 -1
- package/icc-x-api/crypto/ExtendedApisUtils.js.map +1 -1
- package/icc-x-api/crypto/ExtendedApisUtilsImpl.d.ts +1 -1
- package/icc-x-api/crypto/ExtendedApisUtilsImpl.js +3 -3
- package/icc-x-api/crypto/ExtendedApisUtilsImpl.js.map +1 -1
- package/icc-x-api/crypto/SecureDelegationsManager.d.ts +3 -1
- package/icc-x-api/crypto/SecureDelegationsManager.js +10 -6
- package/icc-x-api/crypto/SecureDelegationsManager.js.map +1 -1
- package/icc-x-api/crypto/ShamirKeysManager.js +1 -1
- package/icc-x-api/crypto/ShamirKeysManager.js.map +1 -1
- package/icc-x-api/crypto/UserEncryptionKeysManager.d.ts +2 -1
- package/icc-x-api/crypto/UserEncryptionKeysManager.js +18 -1
- package/icc-x-api/crypto/UserEncryptionKeysManager.js.map +1 -1
- package/icc-x-api/crypto/utils.js +1 -1
- package/icc-x-api/crypto/utils.js.map +1 -1
- package/icc-x-api/icc-accesslog-x-api.d.ts +6 -0
- package/icc-x-api/icc-accesslog-x-api.js +6 -2
- package/icc-x-api/icc-accesslog-x-api.js.map +1 -1
- package/icc-x-api/icc-calendar-item-x-api.d.ts +4 -0
- package/icc-x-api/icc-calendar-item-x-api.js +3 -1
- package/icc-x-api/icc-calendar-item-x-api.js.map +1 -1
- package/icc-x-api/icc-classification-x-api.d.ts +3 -0
- package/icc-x-api/icc-classification-x-api.js +3 -1
- package/icc-x-api/icc-classification-x-api.js.map +1 -1
- package/icc-x-api/icc-contact-x-api.d.ts +3 -0
- package/icc-x-api/icc-contact-x-api.js +3 -1
- package/icc-x-api/icc-contact-x-api.js.map +1 -1
- package/icc-x-api/icc-crypto-x-api.d.ts +29 -0
- package/icc-x-api/icc-crypto-x-api.js +36 -0
- package/icc-x-api/icc-crypto-x-api.js.map +1 -1
- package/icc-x-api/icc-document-x-api.d.ts +3 -0
- package/icc-x-api/icc-document-x-api.js +3 -1
- package/icc-x-api/icc-document-x-api.js.map +1 -1
- package/icc-x-api/icc-form-x-api.d.ts +3 -0
- package/icc-x-api/icc-form-x-api.js +3 -1
- package/icc-x-api/icc-form-x-api.js.map +1 -1
- package/icc-x-api/icc-helement-x-api.d.ts +3 -0
- package/icc-x-api/icc-helement-x-api.js +3 -1
- package/icc-x-api/icc-helement-x-api.js.map +1 -1
- package/icc-x-api/icc-invoice-x-api.d.ts +3 -0
- package/icc-x-api/icc-invoice-x-api.js +3 -1
- package/icc-x-api/icc-invoice-x-api.js.map +1 -1
- package/icc-x-api/icc-maintenance-task-x-api.d.ts +3 -0
- package/icc-x-api/icc-maintenance-task-x-api.js +3 -1
- package/icc-x-api/icc-maintenance-task-x-api.js.map +1 -1
- package/icc-x-api/icc-message-x-api.d.ts +3 -0
- package/icc-x-api/icc-message-x-api.js +3 -1
- package/icc-x-api/icc-message-x-api.js.map +1 -1
- package/icc-x-api/icc-patient-x-api.d.ts +3 -0
- package/icc-x-api/icc-patient-x-api.js +6 -2
- package/icc-x-api/icc-patient-x-api.js.map +1 -1
- package/icc-x-api/icc-receipt-x-api.d.ts +3 -0
- package/icc-x-api/icc-receipt-x-api.js +3 -1
- package/icc-x-api/icc-receipt-x-api.js.map +1 -1
- package/icc-x-api/icc-recovery-x-api.js +8 -1
- package/icc-x-api/icc-recovery-x-api.js.map +1 -1
- package/icc-x-api/icc-time-table-x-api.d.ts +3 -0
- package/icc-x-api/icc-time-table-x-api.js +3 -1
- package/icc-x-api/icc-time-table-x-api.js.map +1 -1
- package/icc-x-api/icc-topic-x-api.d.ts +3 -0
- package/icc-x-api/icc-topic-x-api.js +3 -1
- package/icc-x-api/icc-topic-x-api.js.map +1 -1
- package/icc-x-api/index.d.ts +16 -0
- package/icc-x-api/index.js +8 -2
- package/icc-x-api/index.js.map +1 -1
- package/package.json +1 -1
- package/test/icc-x-api/autofix-anonymity-test.js +18 -4
- package/test/icc-x-api/autofix-anonymity-test.js.map +1 -1
- package/test/icc-x-api/crypto/exchange-data-manager-test.js +30 -30
- package/test/icc-x-api/crypto/exchange-data-manager-test.js.map +1 -1
- package/test/icc-x-api/crypto/secure-delegations-manager-test.js +2 -2
- package/test/icc-x-api/crypto/secure-delegations-manager-test.js.map +1 -1
- package/test/icc-x-api/icc-hcparty-x-api-test.js +2 -14
- package/test/icc-x-api/icc-hcparty-x-api-test.js.map +1 -1
- package/test/icc-x-api/keyless-api.d.ts +1 -0
- package/test/icc-x-api/keyless-api.js +125 -0
- package/test/icc-x-api/keyless-api.js.map +1 -0
- package/test/utils/FakeEncryptionKeysManager.js +1 -1
- package/test/utils/FakeEncryptionKeysManager.js.map +1 -1
- package/test/utils/FakeExchangeDataManager.d.ts +8 -0
- package/test/utils/FakeExchangeDataManager.js +3 -0
- package/test/utils/FakeExchangeDataManager.js.map +1 -1
- package/test/utils/KeylessCryptoStrategies.d.ts +23 -0
- package/test/utils/KeylessCryptoStrategies.js +26 -0
- package/test/utils/KeylessCryptoStrategies.js.map +1 -0
- package/test/utils/test_utils.d.ts +7 -0
- package/test/utils/test_utils.js +30 -1
- package/test/utils/test_utils.js.map +1 -1
|
@@ -121,4 +121,33 @@ export declare class IccCryptoXApi {
|
|
|
121
121
|
* @return the spki representation of public keys of available keypairs for the current user.
|
|
122
122
|
*/
|
|
123
123
|
getCurrentUserAvailablePublicKeysHex(verifiedOnly: boolean): Promise<string[]>;
|
|
124
|
+
/**
|
|
125
|
+
* The only way of creating exchange data to a delegate when the SDK runs in keyless mode.
|
|
126
|
+
* @param delegate a delegate, can't be the current data owner
|
|
127
|
+
* @return the created exchange data details. They can be used to inject the data in a separate instance of the SDK,
|
|
128
|
+
* allowing the data created by this instance to be retrieved.
|
|
129
|
+
*/
|
|
130
|
+
keylessCreateExchangeDataTo(delegate: string): Promise<{
|
|
131
|
+
exchangeDataId: string;
|
|
132
|
+
accessControlSecret: ArrayBuffer;
|
|
133
|
+
exchangeKey: ArrayBuffer;
|
|
134
|
+
sharedSignatureKey: ArrayBuffer;
|
|
135
|
+
}>;
|
|
136
|
+
/**
|
|
137
|
+
* Allows injecting exchange data that would not be readable or decryptable by the SDK otherwise.
|
|
138
|
+
* IMPORTANT: the SDK will not check that the provided exchange data details are valid for the provided exchange data
|
|
139
|
+
* id. Providing invalid details could cause permanent corruption of data.
|
|
140
|
+
* @param details the details of the exchange data to inject. Set verified to true to allow this data to be used for
|
|
141
|
+
* encryption of new entity.
|
|
142
|
+
* @param reEncryptWithOwnKeys can only be true if the api wasn't initialized in keyless mode. If true the injected
|
|
143
|
+
* data will be re-encrypted with also the current data owner key, allowing to access it in future instances without
|
|
144
|
+
* having to re-inject it (as long as the instance has access to the current private key).
|
|
145
|
+
*/
|
|
146
|
+
injectExchangeData(details: {
|
|
147
|
+
exchangeDataId: string;
|
|
148
|
+
accessControlSecret: ArrayBuffer;
|
|
149
|
+
exchangeKey: ArrayBuffer;
|
|
150
|
+
sharedSignatureKey: ArrayBuffer;
|
|
151
|
+
verified: boolean;
|
|
152
|
+
}[], reEncryptWithOwnKeys: boolean): Promise<void>;
|
|
124
153
|
}
|
|
@@ -143,6 +143,42 @@ class IccCryptoXApi {
|
|
|
143
143
|
return this._keyManager.getCurrentUserAvailablePublicKeysHex(verifiedOnly);
|
|
144
144
|
});
|
|
145
145
|
}
|
|
146
|
+
/**
|
|
147
|
+
* The only way of creating exchange data to a delegate when the SDK runs in keyless mode.
|
|
148
|
+
* @param delegate a delegate, can't be the current data owner
|
|
149
|
+
* @return the created exchange data details. They can be used to inject the data in a separate instance of the SDK,
|
|
150
|
+
* allowing the data created by this instance to be retrieved.
|
|
151
|
+
*/
|
|
152
|
+
keylessCreateExchangeDataTo(delegate) {
|
|
153
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
154
|
+
if (delegate == (yield this._dataOwnerApi.getCurrentDataOwnerId()))
|
|
155
|
+
throw new Error("Can't create exchange data to yourself in keyless mode.");
|
|
156
|
+
if (this.userKeysManager.getSelfVerifiedKeys().length > 0)
|
|
157
|
+
throw new Error('This method can only be used in keyless mode.');
|
|
158
|
+
const created = yield this.exchangeData.getOrCreateEncryptionDataTo(delegate, { allowCreationWithoutDelegatorKey: true });
|
|
159
|
+
return {
|
|
160
|
+
exchangeDataId: created.exchangeData.id,
|
|
161
|
+
accessControlSecret: yield this.exchangeData.base.exportAccessControlSecret(created.accessControlSecret),
|
|
162
|
+
exchangeKey: yield this.exchangeData.base.exportExchangeKey(created.exchangeKey),
|
|
163
|
+
sharedSignatureKey: yield this.exchangeData.base.exportSharedSignatureKey(created.sharedSignatureKey),
|
|
164
|
+
};
|
|
165
|
+
});
|
|
166
|
+
}
|
|
167
|
+
/**
|
|
168
|
+
* Allows injecting exchange data that would not be readable or decryptable by the SDK otherwise.
|
|
169
|
+
* IMPORTANT: the SDK will not check that the provided exchange data details are valid for the provided exchange data
|
|
170
|
+
* id. Providing invalid details could cause permanent corruption of data.
|
|
171
|
+
* @param details the details of the exchange data to inject. Set verified to true to allow this data to be used for
|
|
172
|
+
* encryption of new entity.
|
|
173
|
+
* @param reEncryptWithOwnKeys can only be true if the api wasn't initialized in keyless mode. If true the injected
|
|
174
|
+
* data will be re-encrypted with also the current data owner key, allowing to access it in future instances without
|
|
175
|
+
* having to re-inject it (as long as the instance has access to the current private key).
|
|
176
|
+
*/
|
|
177
|
+
injectExchangeData(details, reEncryptWithOwnKeys) {
|
|
178
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
179
|
+
yield this.exchangeData.injectDecryptedExchangeData(details, reEncryptWithOwnKeys);
|
|
180
|
+
});
|
|
181
|
+
}
|
|
146
182
|
}
|
|
147
183
|
exports.IccCryptoXApi = IccCryptoXApi;
|
|
148
184
|
//# sourceMappingURL=icc-crypto-x-api.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"icc-crypto-x-api.js","sourceRoot":"","sources":["../../icc-x-api/icc-crypto-x-api.ts"],"names":[],"mappings":";;;;;;;;;;;;AAaA,MAAa,aAAa;IACxB;;OAEG;IACH,IAAI,UAAU;QACZ,OAAO,IAAI,CAAC,iBAAiB,CAAA;IAC/B,CAAC;IAED;;OAEG;IACH,IAAI,YAAY;QACd,OAAO,IAAI,CAAC,oBAAoB,CAAA;IAClC,CAAC;IAED;;OAEG;IACH,IAAI,UAAU;QACZ,OAAO,IAAI,CAAC,WAAW,CAAA;IACzB,CAAC;IAED;;OAEG;IACH,IAAI,OAAO;QACT,OAAO,IAAI,CAAC,QAAQ,CAAA;IACtB,CAAC;IAED;;OAEG;IACH,IAAI,IAAI;QACN,OAAO,IAAI,CAAC,SAAS,CAAA;IACvB,CAAC;IAED;;OAEG;IACH,IAAI,YAAY;QACd,OAAO,IAAI,CAAC,oBAAoB,CAAA;IAClC,CAAC;IAED;;OAEG;IACH,IAAI,wBAAwB;QAC1B,OAAO,IAAI,CAAC,yBAAyB,CAAA;IACvC,CAAC;IAED;;OAEG;IACH,IAAI,eAAe;QACjB,OAAO,IAAI,CAAC,WAAW,CAAA;IACzB,CAAC;IAED;;OAEG;IACH,IAAI,iBAAiB;QACnB,OAAO,IAAI,CAAC,cAAc,CAAA;IAC5B,CAAC;IAED;;OAEG;IACH,IAAI,0BAA0B;QAC5B,OAAO,IAAI,CAAC,2BAA2B,CAAA;IACzC,CAAC;IAED;;OAEG;IACH,YACmB,oBAAyC,EACzC,iBAAmC,EACnC,WAAsC,EACtC,aAA+B,EAC/B,SAA4B,EAC5B,cAAiC,EACjC,QAA+B,EAC/B,WAA6B,EAC7B,oBAAyC,EACzC,yBAA2D,EAC3D,2BAAuD;QAVvD,yBAAoB,GAApB,oBAAoB,CAAqB;QACzC,sBAAiB,GAAjB,iBAAiB,CAAkB;QACnC,gBAAW,GAAX,WAAW,CAA2B;QACtC,kBAAa,GAAb,aAAa,CAAkB;QAC/B,cAAS,GAAT,SAAS,CAAmB;QAC5B,mBAAc,GAAd,cAAc,CAAmB;QACjC,aAAQ,GAAR,QAAQ,CAAuB;QAC/B,gBAAW,GAAX,WAAW,CAAkB;QAC7B,yBAAoB,GAApB,oBAAoB,CAAqB;QACzC,8BAAyB,GAAzB,yBAAyB,CAAkC;QAC3D,gCAA2B,GAA3B,2BAA2B,CAA4B;IACvE,CAAC;IAEJ;;;;OAIG;IACG,WAAW;;YACf,MAAM,IAAI,CAAC,oBAAoB,CAAC,WAAW,EAAE,CAAA;YAC7C,IAAI,CAAC,aAAa,CAAC,6BAA6B,EAAE,CAAA;YAClD,MAAM,IAAI,CAAC,WAAW,CAAC,UAAU,EAAE,CAAA;YACnC,MAAM,IAAI,CAAC,oBAAoB,CAAC,sBAAsB,EAAE,CAAA;QAC1D,CAAC;KAAA;IAED;;;;;;;OAOG;IACH,oDAAoD;QAUlD,OAAO,IAAI,CAAC,WAAW,CAAC,wCAAwC,EAAE,CAAA;IACpE,CAAC;IAED;;;;OAIG;IACH,wBAAwB,CAAC,WAAmB;QAC1C,OAAO,IAAI,CAAC,WAAW,CAAC,wBAAwB,CAAC,WAAW,CAAC,CAAA;IAC/D,CAAC;IAED;;;;;OAKG;IACG,6CAA6C;;YACjD,OAAO,IAAI,CAAC,WAAW,CAAC,6CAA6C,EAAE,CAAA;QACzE,CAAC;KAAA;IAED;;;;;;;OAOG;IACG,oCAAoC,CAAC,YAAqB;;YAC9D,OAAO,IAAI,CAAC,WAAW,CAAC,oCAAoC,CAAC,YAAY,CAAC,CAAA;QAC5E,CAAC;KAAA;CACF;AAvJD,sCAuJC","sourcesContent":["import { StorageFacade } from './storage/StorageFacade'\nimport { KeyStorageFacade } from './storage/KeyStorageFacade'\nimport { ExchangeKeysManager } from './crypto/ExchangeKeysManager'\nimport { CryptoPrimitives } from './crypto/CryptoPrimitives'\nimport { UserEncryptionKeysManager } from './crypto/UserEncryptionKeysManager'\nimport { IccDataOwnerXApi } from './icc-data-owner-x-api'\nimport { ExtendedApisUtils } from './crypto/ExtendedApisUtils'\nimport { ShamirKeysManager } from './crypto/ShamirKeysManager'\nimport { ExchangeDataManager } from './crypto/ExchangeDataManager'\nimport { AccessControlKeysHeadersProvider } from './crypto/AccessControlKeysHeadersProvider'\nimport { KeyPair } from './crypto/RSA'\nimport { DelegationsDeAnonymization } from './crypto/DelegationsDeAnonymization'\n\nexport class IccCryptoXApi {\n /**\n * The instance of {@link CryptoPrimitives} used by this instance of the iCure SDK.\n */\n get primitives(): CryptoPrimitives {\n return this._cryptoPrimitives\n }\n\n /**\n * @internal this method is for internal use only and may be changed without notice.\n */\n get exchangeKeys(): ExchangeKeysManager {\n return this._exchangeKeysManager\n }\n\n /**\n * @internal this is for internal use only and may be changed without notice.\n */\n get keyStorage(): KeyStorageFacade {\n return this._keyStorage\n }\n\n /**\n * @internal this is for internal use only and may be changed without notice.\n */\n get storage(): StorageFacade<string> {\n return this._storage\n }\n\n /**\n * @internal this is for internal use only and may be changed without notice.\n */\n get xapi(): ExtendedApisUtils {\n return this.xapiUtils\n }\n\n /**\n * @internal this is for internal use only and may be changed without notice.\n */\n get exchangeData(): ExchangeDataManager {\n return this._exchangeDataManager\n }\n\n /**\n * @internal this is for internal use only and may be changed without notice.\n */\n get accessControlKeysHeaders(): AccessControlKeysHeadersProvider {\n return this._accessControlKeysHeaders\n }\n\n /**\n * @internal this is for internal use only and may be changed without notice.\n */\n get userKeysManager(): UserEncryptionKeysManager {\n return this._keyManager\n }\n\n /**\n * @internal this is for internal use only and may be changed without notice.\n */\n get shamirKeysManager(): ShamirKeysManager {\n return this._shamirManager\n }\n\n /**\n * @internal this is for internal use only and may be changed without notice.\n */\n get delegationsDeAnonymization(): DelegationsDeAnonymization {\n return this._delegationsDeAnonymisation\n }\n\n /**\n * @internal\n */\n constructor(\n private readonly _exchangeKeysManager: ExchangeKeysManager,\n private readonly _cryptoPrimitives: CryptoPrimitives,\n private readonly _keyManager: UserEncryptionKeysManager,\n private readonly _dataOwnerApi: IccDataOwnerXApi,\n private readonly xapiUtils: ExtendedApisUtils,\n private readonly _shamirManager: ShamirKeysManager,\n private readonly _storage: StorageFacade<string>,\n private readonly _keyStorage: KeyStorageFacade,\n private readonly _exchangeDataManager: ExchangeDataManager,\n private readonly _accessControlKeysHeaders: AccessControlKeysHeadersProvider,\n private readonly _delegationsDeAnonymisation: DelegationsDeAnonymization\n ) {}\n\n /**\n * Deletes values cached by the crypto api, to allow to detect changes in stored key pairs, exchange keys and/or current data owner details.\n * This method may be useful in cases where a user is logged in from multiple devices or in cases where other users have just shared some data with\n * the current user for the first time.\n */\n async forceReload() {\n await this._exchangeKeysManager.reloadCache()\n this._dataOwnerApi.clearCurrentDataOwnerIdsCache()\n await this._keyManager.reloadKeys()\n await this._exchangeDataManager.clearOrRepopulateCache()\n }\n\n /**\n * Get all key pairs available for the decrpytion and encryption of data to the current data owner. These include the key pairs from the data owner\n * and his parents.\n * @return an object with:\n * - `self` an object containing the current data owner id and the list of key pairs available for the current data owner with verification details.\n * - `parents` the list of parents to the current data owner with the list of key pairs available for each parent. The list is ordered from the\n * topmost ancestor (at index 0) to the direct parent of the current data owner (at the last index, may be 0).\n */\n getEncryptionDecryptionKeypairsForDataOwnerHierarchy(): Promise<{\n self: {\n dataOwnerId: string\n keys: { pair: KeyPair<CryptoKey>; verified: boolean }[]\n }\n parents: {\n dataOwnerId: string\n keys: { pair: KeyPair<CryptoKey>; verified: boolean }[]\n }[]\n }> {\n return this._keyManager.getCurrentUserHierarchyAvailableKeypairs()\n }\n\n /**\n * Get a key pair with the provided fingerprint if present.\n * @param fingerprint a key-pair/public-key fingerprint\n * @return the pair associated to the fingerprint and a boolean indicating if the pair is verified, if present, else undefined\n */\n getKeyPairForFingerprint(fingerprint: string): { pair: KeyPair<CryptoKey>; verified: boolean } | undefined {\n return this._keyManager.getKeyPairForFingerprint(fingerprint)\n }\n\n /**\n * Get the public keys of available key pairs for the current user and his parents in hex-encoded spki representation (uses cached keys: no request\n * is done to the server).\n * Note that this will also include unverified keys.\n * @return the spki representation of public keys of available keypairs for the current user.\n */\n async getCurrentUserHierarchyAvailablePublicKeysHex(): Promise<string[]> {\n return this._keyManager.getCurrentUserHierarchyAvailablePublicKeysHex()\n }\n\n /**\n * Get the public keys of available key pairs for the current user in hex-encoded spki representation (uses cached keys: no request is done to the\n * server).\n * By setting {@link verifiedOnly} to true only the public keys for verified key pairs will be returned: these will include only key pairs created\n * on this device or which have been verified using {@link CryptoStrategies} on this device.\n * @param verifiedOnly if true only the verified public keys will be returned.\n * @return the spki representation of public keys of available keypairs for the current user.\n */\n async getCurrentUserAvailablePublicKeysHex(verifiedOnly: boolean): Promise<string[]> {\n return this._keyManager.getCurrentUserAvailablePublicKeysHex(verifiedOnly)\n }\n}\n"]}
|
|
1
|
+
{"version":3,"file":"icc-crypto-x-api.js","sourceRoot":"","sources":["../../icc-x-api/icc-crypto-x-api.ts"],"names":[],"mappings":";;;;;;;;;;;;AAaA,MAAa,aAAa;IACxB;;OAEG;IACH,IAAI,UAAU;QACZ,OAAO,IAAI,CAAC,iBAAiB,CAAA;IAC/B,CAAC;IAED;;OAEG;IACH,IAAI,YAAY;QACd,OAAO,IAAI,CAAC,oBAAoB,CAAA;IAClC,CAAC;IAED;;OAEG;IACH,IAAI,UAAU;QACZ,OAAO,IAAI,CAAC,WAAW,CAAA;IACzB,CAAC;IAED;;OAEG;IACH,IAAI,OAAO;QACT,OAAO,IAAI,CAAC,QAAQ,CAAA;IACtB,CAAC;IAED;;OAEG;IACH,IAAI,IAAI;QACN,OAAO,IAAI,CAAC,SAAS,CAAA;IACvB,CAAC;IAED;;OAEG;IACH,IAAI,YAAY;QACd,OAAO,IAAI,CAAC,oBAAoB,CAAA;IAClC,CAAC;IAED;;OAEG;IACH,IAAI,wBAAwB;QAC1B,OAAO,IAAI,CAAC,yBAAyB,CAAA;IACvC,CAAC;IAED;;OAEG;IACH,IAAI,eAAe;QACjB,OAAO,IAAI,CAAC,WAAW,CAAA;IACzB,CAAC;IAED;;OAEG;IACH,IAAI,iBAAiB;QACnB,OAAO,IAAI,CAAC,cAAc,CAAA;IAC5B,CAAC;IAED;;OAEG;IACH,IAAI,0BAA0B;QAC5B,OAAO,IAAI,CAAC,2BAA2B,CAAA;IACzC,CAAC;IAED;;OAEG;IACH,YACmB,oBAAyC,EACzC,iBAAmC,EACnC,WAAsC,EACtC,aAA+B,EAC/B,SAA4B,EAC5B,cAAiC,EACjC,QAA+B,EAC/B,WAA6B,EAC7B,oBAAyC,EACzC,yBAA2D,EAC3D,2BAAuD;QAVvD,yBAAoB,GAApB,oBAAoB,CAAqB;QACzC,sBAAiB,GAAjB,iBAAiB,CAAkB;QACnC,gBAAW,GAAX,WAAW,CAA2B;QACtC,kBAAa,GAAb,aAAa,CAAkB;QAC/B,cAAS,GAAT,SAAS,CAAmB;QAC5B,mBAAc,GAAd,cAAc,CAAmB;QACjC,aAAQ,GAAR,QAAQ,CAAuB;QAC/B,gBAAW,GAAX,WAAW,CAAkB;QAC7B,yBAAoB,GAApB,oBAAoB,CAAqB;QACzC,8BAAyB,GAAzB,yBAAyB,CAAkC;QAC3D,gCAA2B,GAA3B,2BAA2B,CAA4B;IACvE,CAAC;IAEJ;;;;OAIG;IACG,WAAW;;YACf,MAAM,IAAI,CAAC,oBAAoB,CAAC,WAAW,EAAE,CAAA;YAC7C,IAAI,CAAC,aAAa,CAAC,6BAA6B,EAAE,CAAA;YAClD,MAAM,IAAI,CAAC,WAAW,CAAC,UAAU,EAAE,CAAA;YACnC,MAAM,IAAI,CAAC,oBAAoB,CAAC,sBAAsB,EAAE,CAAA;QAC1D,CAAC;KAAA;IAED;;;;;;;OAOG;IACH,oDAAoD;QAUlD,OAAO,IAAI,CAAC,WAAW,CAAC,wCAAwC,EAAE,CAAA;IACpE,CAAC;IAED;;;;OAIG;IACH,wBAAwB,CAAC,WAAmB;QAC1C,OAAO,IAAI,CAAC,WAAW,CAAC,wBAAwB,CAAC,WAAW,CAAC,CAAA;IAC/D,CAAC;IAED;;;;;OAKG;IACG,6CAA6C;;YACjD,OAAO,IAAI,CAAC,WAAW,CAAC,6CAA6C,EAAE,CAAA;QACzE,CAAC;KAAA;IAED;;;;;;;OAOG;IACG,oCAAoC,CAAC,YAAqB;;YAC9D,OAAO,IAAI,CAAC,WAAW,CAAC,oCAAoC,CAAC,YAAY,CAAC,CAAA;QAC5E,CAAC;KAAA;IAED;;;;;OAKG;IACG,2BAA2B,CAAC,QAAgB;;YAMhD,IAAI,QAAQ,IAAI,CAAC,MAAM,IAAI,CAAC,aAAa,CAAC,qBAAqB,EAAE,CAAC;gBAAE,MAAM,IAAI,KAAK,CAAC,yDAAyD,CAAC,CAAA;YAC9I,IAAI,IAAI,CAAC,eAAe,CAAC,mBAAmB,EAAE,CAAC,MAAM,GAAG,CAAC;gBAAE,MAAM,IAAI,KAAK,CAAC,+CAA+C,CAAC,CAAA;YAC3H,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,2BAA2B,CAAC,QAAQ,EAAE,EAAE,gCAAgC,EAAE,IAAI,EAAE,CAAC,CAAA;YACzH,OAAO;gBACL,cAAc,EAAE,OAAO,CAAC,YAAY,CAAC,EAAG;gBACxC,mBAAmB,EAAE,MAAM,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,yBAAyB,CAAC,OAAO,CAAC,mBAAmB,CAAC;gBACxG,WAAW,EAAE,MAAM,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,iBAAiB,CAAC,OAAO,CAAC,WAAW,CAAC;gBAChF,kBAAkB,EAAE,MAAM,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,wBAAwB,CAAC,OAAO,CAAC,kBAAkB,CAAC;aACtG,CAAA;QACH,CAAC;KAAA;IAED;;;;;;;;;OASG;IACG,kBAAkB,CACtB,OAMG,EACH,oBAA6B;;YAE7B,MAAM,IAAI,CAAC,YAAY,CAAC,2BAA2B,CAAC,OAAO,EAAE,oBAAoB,CAAC,CAAA;QACpF,CAAC;KAAA;CACF;AArMD,sCAqMC","sourcesContent":["import { StorageFacade } from './storage/StorageFacade'\nimport { KeyStorageFacade } from './storage/KeyStorageFacade'\nimport { ExchangeKeysManager } from './crypto/ExchangeKeysManager'\nimport { CryptoPrimitives } from './crypto/CryptoPrimitives'\nimport { UserEncryptionKeysManager } from './crypto/UserEncryptionKeysManager'\nimport { IccDataOwnerXApi } from './icc-data-owner-x-api'\nimport { ExtendedApisUtils } from './crypto/ExtendedApisUtils'\nimport { ShamirKeysManager } from './crypto/ShamirKeysManager'\nimport { ExchangeDataManager } from './crypto/ExchangeDataManager'\nimport { AccessControlKeysHeadersProvider } from './crypto/AccessControlKeysHeadersProvider'\nimport { KeyPair } from './crypto/RSA'\nimport { DelegationsDeAnonymization } from './crypto/DelegationsDeAnonymization'\n\nexport class IccCryptoXApi {\n /**\n * The instance of {@link CryptoPrimitives} used by this instance of the iCure SDK.\n */\n get primitives(): CryptoPrimitives {\n return this._cryptoPrimitives\n }\n\n /**\n * @internal this method is for internal use only and may be changed without notice.\n */\n get exchangeKeys(): ExchangeKeysManager {\n return this._exchangeKeysManager\n }\n\n /**\n * @internal this is for internal use only and may be changed without notice.\n */\n get keyStorage(): KeyStorageFacade {\n return this._keyStorage\n }\n\n /**\n * @internal this is for internal use only and may be changed without notice.\n */\n get storage(): StorageFacade<string> {\n return this._storage\n }\n\n /**\n * @internal this is for internal use only and may be changed without notice.\n */\n get xapi(): ExtendedApisUtils {\n return this.xapiUtils\n }\n\n /**\n * @internal this is for internal use only and may be changed without notice.\n */\n get exchangeData(): ExchangeDataManager {\n return this._exchangeDataManager\n }\n\n /**\n * @internal this is for internal use only and may be changed without notice.\n */\n get accessControlKeysHeaders(): AccessControlKeysHeadersProvider {\n return this._accessControlKeysHeaders\n }\n\n /**\n * @internal this is for internal use only and may be changed without notice.\n */\n get userKeysManager(): UserEncryptionKeysManager {\n return this._keyManager\n }\n\n /**\n * @internal this is for internal use only and may be changed without notice.\n */\n get shamirKeysManager(): ShamirKeysManager {\n return this._shamirManager\n }\n\n /**\n * @internal this is for internal use only and may be changed without notice.\n */\n get delegationsDeAnonymization(): DelegationsDeAnonymization {\n return this._delegationsDeAnonymisation\n }\n\n /**\n * @internal\n */\n constructor(\n private readonly _exchangeKeysManager: ExchangeKeysManager,\n private readonly _cryptoPrimitives: CryptoPrimitives,\n private readonly _keyManager: UserEncryptionKeysManager,\n private readonly _dataOwnerApi: IccDataOwnerXApi,\n private readonly xapiUtils: ExtendedApisUtils,\n private readonly _shamirManager: ShamirKeysManager,\n private readonly _storage: StorageFacade<string>,\n private readonly _keyStorage: KeyStorageFacade,\n private readonly _exchangeDataManager: ExchangeDataManager,\n private readonly _accessControlKeysHeaders: AccessControlKeysHeadersProvider,\n private readonly _delegationsDeAnonymisation: DelegationsDeAnonymization\n ) {}\n\n /**\n * Deletes values cached by the crypto api, to allow to detect changes in stored key pairs, exchange keys and/or current data owner details.\n * This method may be useful in cases where a user is logged in from multiple devices or in cases where other users have just shared some data with\n * the current user for the first time.\n */\n async forceReload() {\n await this._exchangeKeysManager.reloadCache()\n this._dataOwnerApi.clearCurrentDataOwnerIdsCache()\n await this._keyManager.reloadKeys()\n await this._exchangeDataManager.clearOrRepopulateCache()\n }\n\n /**\n * Get all key pairs available for the decrpytion and encryption of data to the current data owner. These include the key pairs from the data owner\n * and his parents.\n * @return an object with:\n * - `self` an object containing the current data owner id and the list of key pairs available for the current data owner with verification details.\n * - `parents` the list of parents to the current data owner with the list of key pairs available for each parent. The list is ordered from the\n * topmost ancestor (at index 0) to the direct parent of the current data owner (at the last index, may be 0).\n */\n getEncryptionDecryptionKeypairsForDataOwnerHierarchy(): Promise<{\n self: {\n dataOwnerId: string\n keys: { pair: KeyPair<CryptoKey>; verified: boolean }[]\n }\n parents: {\n dataOwnerId: string\n keys: { pair: KeyPair<CryptoKey>; verified: boolean }[]\n }[]\n }> {\n return this._keyManager.getCurrentUserHierarchyAvailableKeypairs()\n }\n\n /**\n * Get a key pair with the provided fingerprint if present.\n * @param fingerprint a key-pair/public-key fingerprint\n * @return the pair associated to the fingerprint and a boolean indicating if the pair is verified, if present, else undefined\n */\n getKeyPairForFingerprint(fingerprint: string): { pair: KeyPair<CryptoKey>; verified: boolean } | undefined {\n return this._keyManager.getKeyPairForFingerprint(fingerprint)\n }\n\n /**\n * Get the public keys of available key pairs for the current user and his parents in hex-encoded spki representation (uses cached keys: no request\n * is done to the server).\n * Note that this will also include unverified keys.\n * @return the spki representation of public keys of available keypairs for the current user.\n */\n async getCurrentUserHierarchyAvailablePublicKeysHex(): Promise<string[]> {\n return this._keyManager.getCurrentUserHierarchyAvailablePublicKeysHex()\n }\n\n /**\n * Get the public keys of available key pairs for the current user in hex-encoded spki representation (uses cached keys: no request is done to the\n * server).\n * By setting {@link verifiedOnly} to true only the public keys for verified key pairs will be returned: these will include only key pairs created\n * on this device or which have been verified using {@link CryptoStrategies} on this device.\n * @param verifiedOnly if true only the verified public keys will be returned.\n * @return the spki representation of public keys of available keypairs for the current user.\n */\n async getCurrentUserAvailablePublicKeysHex(verifiedOnly: boolean): Promise<string[]> {\n return this._keyManager.getCurrentUserAvailablePublicKeysHex(verifiedOnly)\n }\n\n /**\n * The only way of creating exchange data to a delegate when the SDK runs in keyless mode.\n * @param delegate a delegate, can't be the current data owner\n * @return the created exchange data details. They can be used to inject the data in a separate instance of the SDK,\n * allowing the data created by this instance to be retrieved.\n */\n async keylessCreateExchangeDataTo(delegate: string): Promise<{\n exchangeDataId: string\n accessControlSecret: ArrayBuffer\n exchangeKey: ArrayBuffer\n sharedSignatureKey: ArrayBuffer\n }> {\n if (delegate == (await this._dataOwnerApi.getCurrentDataOwnerId())) throw new Error(\"Can't create exchange data to yourself in keyless mode.\")\n if (this.userKeysManager.getSelfVerifiedKeys().length > 0) throw new Error('This method can only be used in keyless mode.')\n const created = await this.exchangeData.getOrCreateEncryptionDataTo(delegate, { allowCreationWithoutDelegatorKey: true })\n return {\n exchangeDataId: created.exchangeData.id!,\n accessControlSecret: await this.exchangeData.base.exportAccessControlSecret(created.accessControlSecret),\n exchangeKey: await this.exchangeData.base.exportExchangeKey(created.exchangeKey),\n sharedSignatureKey: await this.exchangeData.base.exportSharedSignatureKey(created.sharedSignatureKey),\n }\n }\n\n /**\n * Allows injecting exchange data that would not be readable or decryptable by the SDK otherwise.\n * IMPORTANT: the SDK will not check that the provided exchange data details are valid for the provided exchange data\n * id. Providing invalid details could cause permanent corruption of data.\n * @param details the details of the exchange data to inject. Set verified to true to allow this data to be used for\n * encryption of new entity.\n * @param reEncryptWithOwnKeys can only be true if the api wasn't initialized in keyless mode. If true the injected\n * data will be re-encrypted with also the current data owner key, allowing to access it in future instances without\n * having to re-inject it (as long as the instance has access to the current private key).\n */\n async injectExchangeData(\n details: {\n exchangeDataId: string\n accessControlSecret: ArrayBuffer\n exchangeKey: ArrayBuffer\n sharedSignatureKey: ArrayBuffer\n verified: boolean\n }[],\n reEncryptWithOwnKeys: boolean\n ) {\n await this.exchangeData.injectDecryptedExchangeData(details, reEncryptWithOwnKeys)\n }\n}\n"]}
|
|
@@ -48,6 +48,8 @@ export declare class IccDocumentXApi extends IccDocumentApi implements Encrypted
|
|
|
48
48
|
* auto-delegations, in such case the access level specified here will be used.
|
|
49
49
|
* - preferredSfk: secret id of the message to use as the secret foreign key to use for the document. The default value will be a
|
|
50
50
|
* secret id of the message known by the topmost parent in the current data owner hierarchy.
|
|
51
|
+
* - alternateRootDelegation: by default a new entity is created with a root delegation from self to self. In keyless mode this is not possible,
|
|
52
|
+
* and instead the root delegation will be from self to another. You have to specify which delegate will be part of the root delegation.
|
|
51
53
|
* @return a new instance of document.
|
|
52
54
|
*/
|
|
53
55
|
newInstance(user: models.User, message?: models.Message, c?: any, options?: {
|
|
@@ -55,6 +57,7 @@ export declare class IccDocumentXApi extends IccDocumentApi implements Encrypted
|
|
|
55
57
|
[dataOwnerId: string]: AccessLevelEnum;
|
|
56
58
|
};
|
|
57
59
|
sfkOption?: SecretIdUseOption;
|
|
60
|
+
alternateRootDelegation?: string;
|
|
58
61
|
}): Promise<models.Document>;
|
|
59
62
|
/**
|
|
60
63
|
* @deprecated use {@link findIdsByMessage} instead.
|
|
@@ -439,6 +439,8 @@ class IccDocumentXApi extends icc_api_1.IccDocumentApi {
|
|
|
439
439
|
* auto-delegations, in such case the access level specified here will be used.
|
|
440
440
|
* - preferredSfk: secret id of the message to use as the secret foreign key to use for the document. The default value will be a
|
|
441
441
|
* secret id of the message known by the topmost parent in the current data owner hierarchy.
|
|
442
|
+
* - alternateRootDelegation: by default a new entity is created with a root delegation from self to self. In keyless mode this is not possible,
|
|
443
|
+
* and instead the root delegation will be from self to another. You have to specify which delegate will be part of the root delegation.
|
|
442
444
|
* @return a new instance of document.
|
|
443
445
|
*/
|
|
444
446
|
newInstance(user, message, c = {}, options = {}) {
|
|
@@ -453,7 +455,7 @@ class IccDocumentXApi extends icc_api_1.IccDocumentApi {
|
|
|
453
455
|
: [];
|
|
454
456
|
const extraDelegations = Object.assign(Object.assign({}, Object.fromEntries([...((_k = (_j = user.autoDelegations) === null || _j === void 0 ? void 0 : _j.all) !== null && _k !== void 0 ? _k : []), ...((_m = (_l = user.autoDelegations) === null || _l === void 0 ? void 0 : _l.medicalInformation) !== null && _m !== void 0 ? _m : [])].map((d) => [d, AccessLevelEnum.WRITE]))), ((_o = options === null || options === void 0 ? void 0 : options.additionalDelegates) !== null && _o !== void 0 ? _o : {}));
|
|
455
457
|
return new models.Document(yield this.crypto.xapi
|
|
456
|
-
.entityWithInitialisedEncryptedMetadata(document, utils_1.EntityWithDelegationTypeName.Document, message === null || message === void 0 ? void 0 : message.id, sfk, true, extraDelegations)
|
|
458
|
+
.entityWithInitialisedEncryptedMetadata(document, utils_1.EntityWithDelegationTypeName.Document, message === null || message === void 0 ? void 0 : message.id, sfk, true, extraDelegations, options.alternateRootDelegation)
|
|
457
459
|
.then((x) => x.updatedEntity));
|
|
458
460
|
});
|
|
459
461
|
}
|