@icure/api 8.6.19 → 8.7.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/icc-api/api/IccDocumentApi.d.ts +10 -2
- package/icc-api/api/IccDocumentApi.js +22 -4
- package/icc-api/api/IccDocumentApi.js.map +1 -1
- package/icc-api/api/IccReceiptApi.d.ts +17 -0
- package/icc-api/api/IccReceiptApi.js +52 -0
- package/icc-api/api/IccReceiptApi.js.map +1 -1
- package/icc-api/model/DataAttachment.d.ts +22 -0
- package/icc-api/model/DataAttachment.js.map +1 -1
- package/icc-api/model/Document.d.ts +6 -0
- package/icc-api/model/Document.js.map +1 -1
- package/icc-api/model/Receipt.d.ts +6 -0
- package/icc-api/model/Receipt.js.map +1 -1
- package/icc-x-api/crypto/BaseExchangeDataManager.js +2 -2
- package/icc-x-api/crypto/BaseExchangeDataManager.js.map +1 -1
- package/icc-x-api/crypto/ExchangeDataManager.js +3 -3
- package/icc-x-api/crypto/ExchangeDataManager.js.map +1 -1
- package/icc-x-api/crypto/ExtendedApisUtils.d.ts +1 -1
- package/icc-x-api/crypto/ExtendedApisUtils.js.map +1 -1
- package/icc-x-api/crypto/ExtendedApisUtilsImpl.d.ts +1 -1
- package/icc-x-api/crypto/ExtendedApisUtilsImpl.js +8 -2
- package/icc-x-api/crypto/ExtendedApisUtilsImpl.js.map +1 -1
- package/icc-x-api/crypto/RecoveryDataEncryption.js.map +1 -1
- package/icc-x-api/icc-accesslog-x-api.js +7 -7
- package/icc-x-api/icc-accesslog-x-api.js.map +1 -1
- package/icc-x-api/icc-calendar-item-x-api.js +7 -7
- package/icc-x-api/icc-calendar-item-x-api.js.map +1 -1
- package/icc-x-api/icc-classification-x-api.js +4 -5
- package/icc-x-api/icc-classification-x-api.js.map +1 -1
- package/icc-x-api/icc-code-x-api.d.ts +2 -2
- package/icc-x-api/icc-code-x-api.js +3 -33
- package/icc-x-api/icc-code-x-api.js.map +1 -1
- package/icc-x-api/icc-contact-x-api.js +20 -33
- package/icc-x-api/icc-contact-x-api.js.map +1 -1
- package/icc-x-api/icc-doctemplate-x-api.js.map +1 -1
- package/icc-x-api/icc-document-x-api.d.ts +8 -7
- package/icc-x-api/icc-document-x-api.js +64 -22
- package/icc-x-api/icc-document-x-api.js.map +1 -1
- package/icc-x-api/icc-form-x-api.js +3 -4
- package/icc-x-api/icc-form-x-api.js.map +1 -1
- package/icc-x-api/icc-helement-x-api.js +11 -11
- package/icc-x-api/icc-helement-x-api.js.map +1 -1
- package/icc-x-api/icc-invoice-x-api.js +3 -4
- package/icc-x-api/icc-invoice-x-api.js.map +1 -1
- package/icc-x-api/icc-maintenance-task-x-api.js +3 -3
- package/icc-x-api/icc-maintenance-task-x-api.js.map +1 -1
- package/icc-x-api/icc-patient-x-api.js +29 -29
- package/icc-x-api/icc-patient-x-api.js.map +1 -1
- package/icc-x-api/icc-receipt-x-api.d.ts +40 -0
- package/icc-x-api/icc-receipt-x-api.js +79 -1
- package/icc-x-api/icc-receipt-x-api.js.map +1 -1
- package/icc-x-api/icc-topic-x-api.js.map +1 -1
- package/icc-x-api/utils/code-util.d.ts +23 -0
- package/icc-x-api/utils/code-util.js +39 -2
- package/icc-x-api/utils/code-util.js.map +1 -1
- package/icc-x-api/utils/collection-utils.d.ts +13 -0
- package/icc-x-api/utils/collection-utils.js +79 -0
- package/icc-x-api/utils/collection-utils.js.map +1 -1
- package/icc-x-api/utils/compression-utils.d.ts +28 -0
- package/icc-x-api/utils/compression-utils.js +106 -0
- package/icc-x-api/utils/compression-utils.js.map +1 -0
- package/icc-x-api/utils/crypto-utils.js +7 -7
- package/icc-x-api/utils/crypto-utils.js.map +1 -1
- package/icc-x-api/utils/formatting-util.d.ts +3 -3
- package/icc-x-api/utils/formatting-util.js +22 -23
- package/icc-x-api/utils/formatting-util.js.map +1 -1
- package/icc-x-api/utils/hcp-util.js +2 -3
- package/icc-x-api/utils/hcp-util.js.map +1 -1
- package/icc-x-api/utils/insurability-util.js +10 -8
- package/icc-x-api/utils/insurability-util.js.map +1 -1
- package/icc-x-api/utils/lzma-wasm.d.ts +6 -0
- package/icc-x-api/utils/lzma-wasm.js +81 -0
- package/icc-x-api/utils/lzma-wasm.js.map +1 -0
- package/icc-x-api/utils/mutex.d.ts +12 -0
- package/icc-x-api/utils/mutex.js +26 -0
- package/icc-x-api/utils/mutex.js.map +1 -0
- package/icc-x-api/utils/websocket.js +7 -7
- package/icc-x-api/utils/websocket.js.map +1 -1
- package/icc-x-api/wasm/lzma/lzma.js +2 -0
- package/icc-x-api/wasm/lzma/lzma.wasm +0 -0
- package/package.json +2 -11
- package/icc-x-api/utils/uuid-encoder.d.ts +0 -44
- package/icc-x-api/utils/uuid-encoder.js +0 -114
- package/icc-x-api/utils/uuid-encoder.js.map +0 -1
- package/test/icc-api/api/IccAgendaApi.d.ts +0 -1
- package/test/icc-api/api/IccAgendaApi.js +0 -64
- package/test/icc-api/api/IccAgendaApi.js.map +0 -1
- package/test/icc-api/api/IccAnonymousAccessApi.d.ts +0 -1
- package/test/icc-api/api/IccAnonymousAccessApi.js +0 -58
- package/test/icc-api/api/IccAnonymousAccessApi.js.map +0 -1
- package/test/icc-api/api/IccCalendarItemApi.d.ts +0 -1
- package/test/icc-api/api/IccCalendarItemApi.js +0 -67
- package/test/icc-api/api/IccCalendarItemApi.js.map +0 -1
- package/test/icc-api/api/IccCalendarItemTypeApi.d.ts +0 -1
- package/test/icc-api/api/IccCalendarItemTypeApi.js +0 -96
- package/test/icc-api/api/IccCalendarItemTypeApi.js.map +0 -1
- package/test/icc-api/api/IccCodeApi.d.ts +0 -1
- package/test/icc-api/api/IccCodeApi.js +0 -38
- package/test/icc-api/api/IccCodeApi.js.map +0 -1
- package/test/icc-api/api/IccDocumentApi.d.ts +0 -1
- package/test/icc-api/api/IccDocumentApi.js +0 -199
- package/test/icc-api/api/IccDocumentApi.js.map +0 -1
- package/test/icc-api/api/IccGroupApi.d.ts +0 -1
- package/test/icc-api/api/IccGroupApi.js +0 -50
- package/test/icc-api/api/IccGroupApi.js.map +0 -1
- package/test/icc-api/api/IccKeywordApi.d.ts +0 -1
- package/test/icc-api/api/IccKeywordApi.js +0 -64
- package/test/icc-api/api/IccKeywordApi.js.map +0 -1
- package/test/icc-api/api/IccMedicalLocationApi.d.ts +0 -1
- package/test/icc-api/api/IccMedicalLocationApi.js +0 -64
- package/test/icc-api/api/IccMedicalLocationApi.js.map +0 -1
- package/test/icc-api/api/IccPlaceApi.d.ts +0 -1
- package/test/icc-api/api/IccPlaceApi.js +0 -64
- package/test/icc-api/api/IccPlaceApi.js.map +0 -1
- package/test/icc-api/api/IccRecoveryDataApi.d.ts +0 -1
- package/test/icc-api/api/IccRecoveryDataApi.js +0 -95
- package/test/icc-api/api/IccRecoveryDataApi.js.map +0 -1
- package/test/icc-api/api/IccRoleApi.d.ts +0 -1
- package/test/icc-api/api/IccRoleApi.js +0 -34
- package/test/icc-api/api/IccRoleApi.js.map +0 -1
- package/test/icc-api/api/IccUserApi.d.ts +0 -1
- package/test/icc-api/api/IccUserApi.js +0 -96
- package/test/icc-api/api/IccUserApi.js.map +0 -1
- package/test/icc-api/e2e/IccCalendarItemApi.d.ts +0 -1
- package/test/icc-api/e2e/IccCalendarItemApi.js +0 -46
- package/test/icc-api/e2e/IccCalendarItemApi.js.map +0 -1
- package/test/icc-api/model/modelHelpersTest.d.ts +0 -1
- package/test/icc-api/model/modelHelpersTest.js +0 -45
- package/test/icc-api/model/modelHelpersTest.js.map +0 -1
- package/test/icc-x-api/auth/group-switch-test.d.ts +0 -1
- package/test/icc-x-api/auth/group-switch-test.js +0 -81
- package/test/icc-x-api/auth/group-switch-test.js.map +0 -1
- package/test/icc-x-api/auth/jwt-concurrency-test.d.ts +0 -2
- package/test/icc-x-api/auth/jwt-concurrency-test.js +0 -112
- package/test/icc-x-api/auth/jwt-concurrency-test.js.map +0 -1
- package/test/icc-x-api/auth/jwt-provider-test.d.ts +0 -1
- package/test/icc-x-api/auth/jwt-provider-test.js +0 -197
- package/test/icc-x-api/auth/jwt-provider-test.js.map +0 -1
- package/test/icc-x-api/auth/smart-auth-provider-test.d.ts +0 -1
- package/test/icc-x-api/auth/smart-auth-provider-test.js +0 -224
- package/test/icc-x-api/auth/smart-auth-provider-test.js.map +0 -1
- package/test/icc-x-api/autofix-anonymity-test.d.ts +0 -1
- package/test/icc-x-api/autofix-anonymity-test.js +0 -122
- package/test/icc-x-api/autofix-anonymity-test.js.map +0 -1
- package/test/icc-x-api/confidential-entities-test.d.ts +0 -1
- package/test/icc-x-api/confidential-entities-test.js +0 -168
- package/test/icc-x-api/confidential-entities-test.js.map +0 -1
- package/test/icc-x-api/crud/comprehensive-crud-test.d.ts +0 -1
- package/test/icc-x-api/crud/comprehensive-crud-test.js +0 -276
- package/test/icc-x-api/crud/comprehensive-crud-test.js.map +0 -1
- package/test/icc-x-api/crud/entities-crud-test-interface.d.ts +0 -16
- package/test/icc-x-api/crud/entities-crud-test-interface.js +0 -408
- package/test/icc-x-api/crud/entities-crud-test-interface.js.map +0 -1
- package/test/icc-x-api/crypto/anonymous-delegations-test.d.ts +0 -1
- package/test/icc-x-api/crypto/anonymous-delegations-test.js +0 -587
- package/test/icc-x-api/crypto/anonymous-delegations-test.js.map +0 -1
- package/test/icc-x-api/crypto/concurrency.d.ts +0 -1
- package/test/icc-x-api/crypto/concurrency.js +0 -35
- package/test/icc-x-api/crypto/concurrency.js.map +0 -1
- package/test/icc-x-api/crypto/crypto-utils.d.ts +0 -1
- package/test/icc-x-api/crypto/crypto-utils.js +0 -79
- package/test/icc-x-api/crypto/crypto-utils.js.map +0 -1
- package/test/icc-x-api/crypto/cryptoTest.d.ts +0 -2
- package/test/icc-x-api/crypto/cryptoTest.js +0 -402
- package/test/icc-x-api/crypto/cryptoTest.js.map +0 -1
- package/test/icc-x-api/crypto/delegate-ci-to-patient-with-missing-keys-test.d.ts +0 -1
- package/test/icc-x-api/crypto/delegate-ci-to-patient-with-missing-keys-test.js +0 -166
- package/test/icc-x-api/crypto/delegate-ci-to-patient-with-missing-keys-test.js.map +0 -1
- package/test/icc-x-api/crypto/exchange-data-manager-test.d.ts +0 -1
- package/test/icc-x-api/crypto/exchange-data-manager-test.js +0 -674
- package/test/icc-x-api/crypto/exchange-data-manager-test.js.map +0 -1
- package/test/icc-x-api/crypto/full-crypto-test.d.ts +0 -1
- package/test/icc-x-api/crypto/full-crypto-test.js +0 -454
- package/test/icc-x-api/crypto/full-crypto-test.js.map +0 -1
- package/test/icc-x-api/crypto/legacy-metadata-migration-test.d.ts +0 -1
- package/test/icc-x-api/crypto/legacy-metadata-migration-test.js +0 -379
- package/test/icc-x-api/crypto/legacy-metadata-migration-test.js.map +0 -1
- package/test/icc-x-api/crypto/secure-delegations-manager-test.d.ts +0 -1
- package/test/icc-x-api/crypto/secure-delegations-manager-test.js +0 -278
- package/test/icc-x-api/crypto/secure-delegations-manager-test.js.map +0 -1
- package/test/icc-x-api/crypto/shamir.d.ts +0 -2
- package/test/icc-x-api/crypto/shamir.js +0 -167
- package/test/icc-x-api/crypto/shamir.js.map +0 -1
- package/test/icc-x-api/crypto/share-to-newly-created-patient-from-hcp.d.ts +0 -1
- package/test/icc-x-api/crypto/share-to-newly-created-patient-from-hcp.js +0 -71
- package/test/icc-x-api/crypto/share-to-newly-created-patient-from-hcp.js.map +0 -1
- package/test/icc-x-api/crypto/soft-deleted-data-owners.d.ts +0 -2
- package/test/icc-x-api/crypto/soft-deleted-data-owners.js +0 -113
- package/test/icc-x-api/crypto/soft-deleted-data-owners.js.map +0 -1
- package/test/icc-x-api/crypto/user-encryption-keys-manager-test.d.ts +0 -1
- package/test/icc-x-api/crypto/user-encryption-keys-manager-test.js +0 -246
- package/test/icc-x-api/crypto/user-encryption-keys-manager-test.js.map +0 -1
- package/test/icc-x-api/entity-with-attachments-api-test.d.ts +0 -1
- package/test/icc-x-api/entity-with-attachments-api-test.js +0 -142
- package/test/icc-x-api/entity-with-attachments-api-test.js.map +0 -1
- package/test/icc-x-api/filters/filters.d.ts +0 -1
- package/test/icc-x-api/filters/filters.js +0 -49
- package/test/icc-x-api/filters/filters.js.map +0 -1
- package/test/icc-x-api/filters/healthelement.d.ts +0 -1
- package/test/icc-x-api/filters/healthelement.js +0 -333
- package/test/icc-x-api/filters/healthelement.js.map +0 -1
- package/test/icc-x-api/icc-accesslog-x-api.d.ts +0 -1
- package/test/icc-x-api/icc-accesslog-x-api.js +0 -106
- package/test/icc-x-api/icc-accesslog-x-api.js.map +0 -1
- package/test/icc-x-api/icc-application-settings-x-api.d.ts +0 -1
- package/test/icc-x-api/icc-application-settings-x-api.js +0 -91
- package/test/icc-x-api/icc-application-settings-x-api.js.map +0 -1
- package/test/icc-x-api/icc-auth-api.d.ts +0 -1
- package/test/icc-x-api/icc-auth-api.js +0 -47
- package/test/icc-x-api/icc-auth-api.js.map +0 -1
- package/test/icc-x-api/icc-calendar-item-x-api.d.ts +0 -1
- package/test/icc-x-api/icc-calendar-item-x-api.js +0 -150
- package/test/icc-x-api/icc-calendar-item-x-api.js.map +0 -1
- package/test/icc-x-api/icc-contact-x-api.d.ts +0 -1
- package/test/icc-x-api/icc-contact-x-api.js +0 -355
- package/test/icc-x-api/icc-contact-x-api.js.map +0 -1
- package/test/icc-x-api/icc-document-x-api.d.ts +0 -1
- package/test/icc-x-api/icc-document-x-api.js +0 -76
- package/test/icc-x-api/icc-document-x-api.js.map +0 -1
- package/test/icc-x-api/icc-form-x-api.d.ts +0 -1
- package/test/icc-x-api/icc-form-x-api.js +0 -413
- package/test/icc-x-api/icc-form-x-api.js.map +0 -1
- package/test/icc-x-api/icc-hcparty-x-api-test.d.ts +0 -1
- package/test/icc-x-api/icc-hcparty-x-api-test.js +0 -43
- package/test/icc-x-api/icc-hcparty-x-api-test.js.map +0 -1
- package/test/icc-x-api/icc-helement-x-api-test.d.ts +0 -1
- package/test/icc-x-api/icc-helement-x-api-test.js +0 -155
- package/test/icc-x-api/icc-helement-x-api-test.js.map +0 -1
- package/test/icc-x-api/icc-invoice-x-api.d.ts +0 -1
- package/test/icc-x-api/icc-invoice-x-api.js +0 -99
- package/test/icc-x-api/icc-invoice-x-api.js.map +0 -1
- package/test/icc-x-api/icc-maintenance-task-x-api-test.d.ts +0 -1
- package/test/icc-x-api/icc-maintenance-task-x-api-test.js +0 -222
- package/test/icc-x-api/icc-maintenance-task-x-api-test.js.map +0 -1
- package/test/icc-x-api/icc-message-x-api.d.ts +0 -1
- package/test/icc-x-api/icc-message-x-api.js +0 -54
- package/test/icc-x-api/icc-message-x-api.js.map +0 -1
- package/test/icc-x-api/icc-patient-x-api-test.d.ts +0 -1
- package/test/icc-x-api/icc-patient-x-api-test.js +0 -165
- package/test/icc-x-api/icc-patient-x-api-test.js.map +0 -1
- package/test/icc-x-api/icc-recovery-x-api.d.ts +0 -1
- package/test/icc-x-api/icc-recovery-x-api.js +0 -175
- package/test/icc-x-api/icc-recovery-x-api.js.map +0 -1
- package/test/icc-x-api/icc-topic-x-api.d.ts +0 -1
- package/test/icc-x-api/icc-topic-x-api.js +0 -269
- package/test/icc-x-api/icc-topic-x-api.js.map +0 -1
- package/test/icc-x-api/icc-user-x-api-test.d.ts +0 -1
- package/test/icc-x-api/icc-user-x-api-test.js +0 -99
- package/test/icc-x-api/icc-user-x-api-test.js.map +0 -1
- package/test/icc-x-api/keyless-api.d.ts +0 -1
- package/test/icc-x-api/keyless-api.js +0 -125
- package/test/icc-x-api/keyless-api.js.map +0 -1
- package/test/icc-x-api/patient-user.d.ts +0 -2
- package/test/icc-x-api/patient-user.js +0 -103
- package/test/icc-x-api/patient-user.js.map +0 -1
- package/test/icc-x-api/storage/storage.d.ts +0 -1
- package/test/icc-x-api/storage/storage.js +0 -48
- package/test/icc-x-api/storage/storage.js.map +0 -1
- package/test/icc-x-api/test-api-no-parent.d.ts +0 -1
- package/test/icc-x-api/test-api-no-parent.js +0 -79
- package/test/icc-x-api/test-api-no-parent.js.map +0 -1
- package/test/icc-x-api/test-legacy-data-support.d.ts +0 -1
- package/test/icc-x-api/test-legacy-data-support.js +0 -375
- package/test/icc-x-api/test-legacy-data-support.js.map +0 -1
- package/test/icc-x-api/utils/graph-test.d.ts +0 -1
- package/test/icc-x-api/utils/graph-test.js +0 -54
- package/test/icc-x-api/utils/graph-test.js.map +0 -1
- package/test/icc-x-api/utils/lru-temporised-async-cache-test.d.ts +0 -1
- package/test/icc-x-api/utils/lru-temporised-async-cache-test.js +0 -364
- package/test/icc-x-api/utils/lru-temporised-async-cache-test.js.map +0 -1
- package/test/support/CSM-185.d.ts +0 -1
- package/test/support/CSM-185.js +0 -124
- package/test/support/CSM-185.js.map +0 -1
- package/test/support/CSM-243.d.ts +0 -1
- package/test/support/CSM-243.js +0 -120
- package/test/support/CSM-243.js.map +0 -1
- package/test/support/CSM-543.d.ts +0 -1
- package/test/support/CSM-543.js +0 -164
- package/test/support/CSM-543.js.map +0 -1
- package/test/support/CSM-729.d.ts +0 -1
- package/test/support/CSM-729.js +0 -225
- package/test/support/CSM-729.js.map +0 -1
- package/test/support/CSM-87.d.ts +0 -0
- package/test/support/CSM-87.js +0 -21
- package/test/support/CSM-87.js.map +0 -1
- package/test/support/CSM-93.d.ts +0 -1
- package/test/support/CSM-93.js +0 -112
- package/test/support/CSM-93.js.map +0 -1
- package/test/utils/FakeDataOwnerApi.d.ts +0 -32
- package/test/utils/FakeDataOwnerApi.js +0 -136
- package/test/utils/FakeDataOwnerApi.js.map +0 -1
- package/test/utils/FakeEncryptionKeysManager.d.ts +0 -36
- package/test/utils/FakeEncryptionKeysManager.js +0 -98
- package/test/utils/FakeEncryptionKeysManager.js.map +0 -1
- package/test/utils/FakeExchangeDataApi.d.ts +0 -32
- package/test/utils/FakeExchangeDataApi.js +0 -92
- package/test/utils/FakeExchangeDataApi.js.map +0 -1
- package/test/utils/FakeExchangeDataManager.d.ts +0 -48
- package/test/utils/FakeExchangeDataManager.js +0 -82
- package/test/utils/FakeExchangeDataManager.js.map +0 -1
- package/test/utils/FakeExchangeDataMapManager.d.ts +0 -12
- package/test/utils/FakeExchangeDataMapManager.js +0 -38
- package/test/utils/FakeExchangeDataMapManager.js.map +0 -1
- package/test/utils/FakeGenericApi.d.ts +0 -16
- package/test/utils/FakeGenericApi.js +0 -65
- package/test/utils/FakeGenericApi.js.map +0 -1
- package/test/utils/KeylessCryptoStrategies.d.ts +0 -23
- package/test/utils/KeylessCryptoStrategies.js +0 -26
- package/test/utils/KeylessCryptoStrategies.js.map +0 -1
- package/test/utils/TestApi.d.ts +0 -3
- package/test/utils/TestApi.js +0 -30
- package/test/utils/TestApi.js.map +0 -1
- package/test/utils/TestCollectionUtils.d.ts +0 -1
- package/test/utils/TestCollectionUtils.js +0 -109
- package/test/utils/TestCollectionUtils.js.map +0 -1
- package/test/utils/TestCryptoStrategies.d.ts +0 -42
- package/test/utils/TestCryptoStrategies.js +0 -80
- package/test/utils/TestCryptoStrategies.js.map +0 -1
- package/test/utils/TestStorage.d.ts +0 -23
- package/test/utils/TestStorage.js +0 -61
- package/test/utils/TestStorage.js.map +0 -1
- package/test/utils/roles.d.ts +0 -14
- package/test/utils/roles.js +0 -345
- package/test/utils/roles.js.map +0 -1
- package/test/utils/test_utils.d.ts +0 -87
- package/test/utils/test_utils.js +0 -452
- package/test/utils/test_utils.js.map +0 -1
|
@@ -1,674 +0,0 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
|
|
3
|
-
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
|
|
4
|
-
return new (P || (P = Promise))(function (resolve, reject) {
|
|
5
|
-
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
|
|
6
|
-
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
|
|
7
|
-
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
|
|
8
|
-
step((generator = generator.apply(thisArg, _arguments || [])).next());
|
|
9
|
-
});
|
|
10
|
-
};
|
|
11
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
12
|
-
const mocha_1 = require("mocha");
|
|
13
|
-
const ExchangeDataManager_1 = require("../../../icc-x-api/crypto/ExchangeDataManager");
|
|
14
|
-
const CryptoPrimitives_1 = require("../../../icc-x-api/crypto/CryptoPrimitives");
|
|
15
|
-
const crypto_1 = require("crypto");
|
|
16
|
-
const BaseExchangeDataManager_1 = require("../../../icc-x-api/crypto/BaseExchangeDataManager");
|
|
17
|
-
const FakeExchangeDataApi_1 = require("../../utils/FakeExchangeDataApi");
|
|
18
|
-
const FakeDataOwnerApi_1 = require("../../utils/FakeDataOwnerApi");
|
|
19
|
-
const TestCryptoStrategies_1 = require("../../utils/TestCryptoStrategies");
|
|
20
|
-
const icc_x_api_1 = require("../../../icc-x-api");
|
|
21
|
-
const FakeEncryptionKeysManager_1 = require("../../utils/FakeEncryptionKeysManager");
|
|
22
|
-
const AccessControlSecretUtils_1 = require("../../../icc-x-api/crypto/AccessControlSecretUtils");
|
|
23
|
-
const ExchangeData_1 = require("../../../icc-api/model/internal/ExchangeData");
|
|
24
|
-
const chai_1 = require("chai");
|
|
25
|
-
const collection_utils_1 = require("../../../icc-x-api/utils/collection-utils");
|
|
26
|
-
const _ = require("lodash");
|
|
27
|
-
const utils_1 = require("../../../icc-x-api/crypto/utils");
|
|
28
|
-
const DataOwnerTypeEnum_1 = require("../../../icc-api/model/DataOwnerTypeEnum");
|
|
29
|
-
const types_1 = require("@icure/test-setup/types");
|
|
30
|
-
const test_utils_1 = require("../../utils/test_utils");
|
|
31
|
-
require("isomorphic-fetch");
|
|
32
|
-
const IccExchangeDataApi_1 = require("../../../icc-api/api/internal/IccExchangeDataApi");
|
|
33
|
-
(0, test_utils_1.setLocalStorage)(fetch);
|
|
34
|
-
(0, mocha_1.describe)('Exchange data manager - unit', function () {
|
|
35
|
-
return __awaiter(this, void 0, void 0, function* () {
|
|
36
|
-
const primitives = new CryptoPrimitives_1.WebCryptoPrimitives(crypto_1.webcrypto);
|
|
37
|
-
const accessControlSecretUtils = new AccessControlSecretUtils_1.AccessControlSecretUtils(primitives);
|
|
38
|
-
let selfId;
|
|
39
|
-
let selfKeyFpV1;
|
|
40
|
-
let selfKeyFpV2;
|
|
41
|
-
let selfKeypair;
|
|
42
|
-
let delegateId;
|
|
43
|
-
let delegateKeyFp;
|
|
44
|
-
let delegateKeypair;
|
|
45
|
-
let delegate2Id;
|
|
46
|
-
let delegate2KeyFp;
|
|
47
|
-
let delegate2Keypair;
|
|
48
|
-
let dataOwnerApi;
|
|
49
|
-
let exchangeDataApi;
|
|
50
|
-
let baseExchangeData;
|
|
51
|
-
let exchangeData;
|
|
52
|
-
let encryptionKeysManager;
|
|
53
|
-
function initialiseComponents(allowFullExchangeDataLoad_1) {
|
|
54
|
-
return __awaiter(this, arguments, void 0, function* (allowFullExchangeDataLoad, optionalParameters = {}) {
|
|
55
|
-
const dataOwnerType = allowFullExchangeDataLoad ? DataOwnerTypeEnum_1.DataOwnerTypeEnum.Patient : DataOwnerTypeEnum_1.DataOwnerTypeEnum.Hcp;
|
|
56
|
-
selfId = primitives.randomUuid();
|
|
57
|
-
selfKeypair = yield primitives.RSA.generateKeyPair(icc_x_api_1.ShaVersion.Sha256);
|
|
58
|
-
selfKeyFpV1 = (0, utils_1.fingerprintV1)((0, icc_x_api_1.ua2hex)(yield primitives.RSA.exportKey(selfKeypair.publicKey, 'spki')));
|
|
59
|
-
selfKeyFpV2 = (0, utils_1.fingerprintV1toV2)(selfKeyFpV1);
|
|
60
|
-
delegateId = primitives.randomUuid();
|
|
61
|
-
delegateKeypair = yield primitives.RSA.generateKeyPair(icc_x_api_1.ShaVersion.Sha256);
|
|
62
|
-
delegateKeyFp = (0, utils_1.fingerprintV1)((0, icc_x_api_1.ua2hex)(yield primitives.RSA.exportKey(delegateKeypair.publicKey, 'spki')));
|
|
63
|
-
delegate2Id = primitives.randomUuid();
|
|
64
|
-
delegate2Keypair = yield primitives.RSA.generateKeyPair(icc_x_api_1.ShaVersion.Sha256);
|
|
65
|
-
delegate2KeyFp = (0, utils_1.fingerprintV1)((0, icc_x_api_1.ua2hex)(yield primitives.RSA.exportKey(delegate2Keypair.publicKey, 'spki')));
|
|
66
|
-
dataOwnerApi = new FakeDataOwnerApi_1.FakeDataOwnerApi({
|
|
67
|
-
id: selfId,
|
|
68
|
-
type: dataOwnerType,
|
|
69
|
-
publicKeysForOaepWithSha256: [(0, icc_x_api_1.ua2hex)(yield primitives.RSA.exportKey(selfKeypair.publicKey, 'spki'))],
|
|
70
|
-
}, [
|
|
71
|
-
{
|
|
72
|
-
id: delegateId,
|
|
73
|
-
type: dataOwnerType,
|
|
74
|
-
publicKeysForOaepWithSha256: [(0, icc_x_api_1.ua2hex)(yield primitives.RSA.exportKey(delegateKeypair.publicKey, 'spki'))],
|
|
75
|
-
},
|
|
76
|
-
{
|
|
77
|
-
id: delegate2Id,
|
|
78
|
-
type: dataOwnerType,
|
|
79
|
-
publicKeysForOaepWithSha256: [(0, icc_x_api_1.ua2hex)(yield primitives.RSA.exportKey(delegate2Keypair.publicKey, 'spki'))],
|
|
80
|
-
},
|
|
81
|
-
]);
|
|
82
|
-
const cryptoStrategies = new TestCryptoStrategies_1.TestCryptoStrategies(undefined, undefined, optionalParameters.verifiedDelegateKeys);
|
|
83
|
-
exchangeDataApi = new FakeExchangeDataApi_1.FakeExchangeDataApi();
|
|
84
|
-
baseExchangeData = new BaseExchangeDataManager_1.BaseExchangeDataManager(exchangeDataApi, dataOwnerApi, primitives, allowFullExchangeDataLoad, false);
|
|
85
|
-
encryptionKeysManager = yield FakeEncryptionKeysManager_1.FakeEncryptionKeysManager.create(primitives, [selfKeypair]);
|
|
86
|
-
exchangeData = yield (0, ExchangeDataManager_1.initialiseExchangeDataManagerForCurrentDataOwner)(baseExchangeData, encryptionKeysManager, accessControlSecretUtils, cryptoStrategies, dataOwnerApi, primitives, true, optionalParameters);
|
|
87
|
-
});
|
|
88
|
-
}
|
|
89
|
-
function checkDataEqual(actual, expected) {
|
|
90
|
-
return __awaiter(this, void 0, void 0, function* () {
|
|
91
|
-
(0, chai_1.expect)(actual).to.not.be.undefined;
|
|
92
|
-
(0, chai_1.expect)(_.isEqual(_.omit(expected.exchangeData, ['rev']), _.omit(actual.exchangeData, ['rev']))).to.equal(true, `Data should be equivalent\nExpected: ${JSON.stringify(expected.exchangeData, undefined, 2)}\nActual: ${JSON.stringify(actual.exchangeData, undefined, 2)}\n`);
|
|
93
|
-
(0, chai_1.expect)(expected.accessControlSecret).to.equal(actual.accessControlSecret);
|
|
94
|
-
yield checkAesKeysEquality(actual.exchangeKey, expected.exchangeKey);
|
|
95
|
-
});
|
|
96
|
-
}
|
|
97
|
-
function checkAesKeysEquality(actual, expected) {
|
|
98
|
-
return __awaiter(this, void 0, void 0, function* () {
|
|
99
|
-
if (!actual && !expected)
|
|
100
|
-
return;
|
|
101
|
-
(0, chai_1.expect)(!actual).to.equal(!expected, !expected ? 'Key should not have been decrypted' : 'Key should have been decrypted');
|
|
102
|
-
(0, chai_1.expect)((0, icc_x_api_1.ua2hex)(yield primitives.AES.exportKey(expected, 'raw'))).to.equal((0, icc_x_api_1.ua2hex)(yield primitives.AES.exportKey(actual, 'raw')));
|
|
103
|
-
});
|
|
104
|
-
}
|
|
105
|
-
function createDataFromRandomToSelf() {
|
|
106
|
-
return __awaiter(this, void 0, void 0, function* () {
|
|
107
|
-
const encryptionKey = yield primitives.RSA.generateKeyPair(icc_x_api_1.ShaVersion.Sha256);
|
|
108
|
-
const encryptionFp = (0, icc_x_api_1.ua2hex)(yield primitives.RSA.exportKey(encryptionKey.publicKey, 'spki')).slice(-32);
|
|
109
|
-
const signatureKey = yield primitives.RSA.generateKeyPair(icc_x_api_1.ShaVersion.Sha1);
|
|
110
|
-
const signatureFp = (0, icc_x_api_1.ua2hex)(yield primitives.RSA.exportKey(signatureKey.publicKey, 'spki')).slice(-32);
|
|
111
|
-
const created = yield baseExchangeData.createExchangeData(selfId, { [signatureFp]: signatureKey.privateKey }, { [encryptionFp]: encryptionKey.publicKey, [selfKeyFpV1]: selfKeypair.publicKey });
|
|
112
|
-
const modified = yield exchangeDataApi.modifyExchangeData(new ExchangeData_1.ExchangeData(Object.assign(Object.assign({}, created.exchangeData), { delegator: primitives.randomUuid() })));
|
|
113
|
-
return { exchangeData: modified, exchangeKey: created.exchangeKey, accessControlSecret: created.accessControlSecret };
|
|
114
|
-
});
|
|
115
|
-
}
|
|
116
|
-
function generateEncryptionKeys(n) {
|
|
117
|
-
return __awaiter(this, void 0, void 0, function* () {
|
|
118
|
-
return yield Promise.all(Array(n)
|
|
119
|
-
.fill(null)
|
|
120
|
-
.map(() => __awaiter(this, void 0, void 0, function* () {
|
|
121
|
-
const pair = yield primitives.RSA.generateKeyPair(icc_x_api_1.ShaVersion.Sha256);
|
|
122
|
-
const hexPub = (0, icc_x_api_1.ua2hex)(yield primitives.RSA.exportKey(pair.publicKey, 'spki'));
|
|
123
|
-
const fingerprint = (0, utils_1.fingerprintV2)(hexPub);
|
|
124
|
-
return { pair, fingerprintV2: fingerprint, hexPub };
|
|
125
|
-
})));
|
|
126
|
-
});
|
|
127
|
-
}
|
|
128
|
-
it('base should be able to retrieve all exchange data for the current data owner if allowed by the crypto strategies', function () {
|
|
129
|
-
return __awaiter(this, void 0, void 0, function* () {
|
|
130
|
-
function doTest(allowFullExchangeDataLoad) {
|
|
131
|
-
return __awaiter(this, void 0, void 0, function* () {
|
|
132
|
-
yield initialiseComponents(allowFullExchangeDataLoad);
|
|
133
|
-
const expectedData = yield Promise.all(Array.from(Array(3500), (_, i) => __awaiter(this, void 0, void 0, function* () {
|
|
134
|
-
const data = new ExchangeData_1.ExchangeData({
|
|
135
|
-
id: primitives.randomUuid(),
|
|
136
|
-
delegate: i % 2 === 0 ? selfId : primitives.randomUuid(),
|
|
137
|
-
delegator: i % 2 === 0 ? primitives.randomUuid() : selfId,
|
|
138
|
-
exchangeKey: { not: 'important' },
|
|
139
|
-
accessControlSecret: { not: 'important' },
|
|
140
|
-
sharedSignatureKey: { not: 'important' },
|
|
141
|
-
delegatorSignature: { not: 'important' },
|
|
142
|
-
sharedSignature: 'not important',
|
|
143
|
-
});
|
|
144
|
-
yield exchangeDataApi.createExchangeData(data);
|
|
145
|
-
return data;
|
|
146
|
-
})));
|
|
147
|
-
yield Promise.all(Array.from(Array(500), () => __awaiter(this, void 0, void 0, function* () {
|
|
148
|
-
// Should not be in result
|
|
149
|
-
const data = new ExchangeData_1.ExchangeData({
|
|
150
|
-
id: primitives.randomUuid(),
|
|
151
|
-
delegate: primitives.randomUuid(),
|
|
152
|
-
delegator: primitives.randomUuid(),
|
|
153
|
-
exchangeKey: { not: 'important' },
|
|
154
|
-
accessControlSecret: { not: 'important' },
|
|
155
|
-
sharedSignatureKey: { not: 'important' },
|
|
156
|
-
delegatorSignature: { not: 'important' },
|
|
157
|
-
sharedSignature: 'not important',
|
|
158
|
-
});
|
|
159
|
-
yield exchangeDataApi.createExchangeData(data);
|
|
160
|
-
})));
|
|
161
|
-
const retrieved = yield baseExchangeData.getAllExchangeDataForCurrentDataOwnerIfAllowed();
|
|
162
|
-
if (allowFullExchangeDataLoad) {
|
|
163
|
-
(0, chai_1.expect)(retrieved).to.not.be.undefined;
|
|
164
|
-
(0, chai_1.expect)(retrieved).to.have.length(expectedData.length);
|
|
165
|
-
(0, chai_1.expect)((0, collection_utils_1.setEquals)(new Set(expectedData.map((x) => x.id)), new Set(retrieved.map((x) => x.id))), 'Retrieved and expected ids').to.be.true;
|
|
166
|
-
}
|
|
167
|
-
else {
|
|
168
|
-
(0, chai_1.expect)(retrieved).to.be.undefined;
|
|
169
|
-
}
|
|
170
|
-
});
|
|
171
|
-
}
|
|
172
|
-
yield doTest(true);
|
|
173
|
-
yield doTest(false);
|
|
174
|
-
});
|
|
175
|
-
});
|
|
176
|
-
it('should create new encryption keys when none is available', function () {
|
|
177
|
-
return __awaiter(this, void 0, void 0, function* () {
|
|
178
|
-
function doTest(allowFullExchangeDataLoad) {
|
|
179
|
-
return __awaiter(this, void 0, void 0, function* () {
|
|
180
|
-
var _a;
|
|
181
|
-
yield initialiseComponents(allowFullExchangeDataLoad);
|
|
182
|
-
const sfk = primitives.randomUuid();
|
|
183
|
-
const initialisedCount = exchangeDataApi.callCount;
|
|
184
|
-
const createdData = yield exchangeData.getOrCreateEncryptionDataTo(delegateId);
|
|
185
|
-
const retrievedCachedData = yield exchangeData.getOrCreateEncryptionDataTo(delegateId);
|
|
186
|
-
exchangeDataApi.compareCallCountFromBaseline(initialisedCount, {
|
|
187
|
-
createExchangeData: 1,
|
|
188
|
-
// If we could fully preload we already know whether the exchange key already exists or not, otherwise we have to request from the api
|
|
189
|
-
getExchangeDataByDelegatorDelegate: allowFullExchangeDataLoad ? 0 : 1,
|
|
190
|
-
modifyExchangeData: 0,
|
|
191
|
-
getExchangeDataByIds: 0,
|
|
192
|
-
getExchangeDataByParticipant: 0,
|
|
193
|
-
});
|
|
194
|
-
yield checkDataEqual(retrievedCachedData, createdData);
|
|
195
|
-
const decryptedKeyByDelegate = yield baseExchangeData.tryDecryptExchangeKeys([createdData.exchangeData], { [delegateKeyFp]: delegateKeypair });
|
|
196
|
-
const decryptedAccessControlSecretByDelegate = yield baseExchangeData.tryDecryptAccessControlSecret([createdData.exchangeData], {
|
|
197
|
-
[delegateKeyFp]: delegateKeypair,
|
|
198
|
-
});
|
|
199
|
-
yield checkAesKeysEquality(decryptedKeyByDelegate.successfulDecryptions[0], createdData.exchangeKey);
|
|
200
|
-
(0, chai_1.expect)(decryptedAccessControlSecretByDelegate.successfulDecryptions[0]).to.equal(createdData.accessControlSecret);
|
|
201
|
-
(0, chai_1.expect)(retrievedCachedData.exchangeData.delegator).to.equal(selfId);
|
|
202
|
-
(0, chai_1.expect)(retrievedCachedData.exchangeData.delegate).to.equal(delegateId);
|
|
203
|
-
(0, chai_1.expect)(Object.keys((_a = retrievedCachedData.exchangeData.delegatorSignature) !== null && _a !== void 0 ? _a : {})).to.have.length(1);
|
|
204
|
-
(0, chai_1.expect)(Object.keys(retrievedCachedData.exchangeData.exchangeKey)).to.have.length(2);
|
|
205
|
-
(0, chai_1.expect)(Object.keys(retrievedCachedData.exchangeData.accessControlSecret)).to.have.length(2);
|
|
206
|
-
(0, chai_1.expect)(Object.keys(retrievedCachedData.exchangeData.sharedSignatureKey)).to.have.length(2);
|
|
207
|
-
});
|
|
208
|
-
}
|
|
209
|
-
yield doTest(true);
|
|
210
|
-
yield doTest(false);
|
|
211
|
-
});
|
|
212
|
-
});
|
|
213
|
-
it('should create encryption keys to self when none is available', function () {
|
|
214
|
-
return __awaiter(this, void 0, void 0, function* () {
|
|
215
|
-
function doTest(allowFullExchangeDataLoad) {
|
|
216
|
-
return __awaiter(this, void 0, void 0, function* () {
|
|
217
|
-
var _a;
|
|
218
|
-
yield initialiseComponents(allowFullExchangeDataLoad);
|
|
219
|
-
const createdData = yield exchangeData.getOrCreateEncryptionDataTo(selfId);
|
|
220
|
-
(0, chai_1.expect)(createdData.exchangeData.delegator).to.equal(selfId);
|
|
221
|
-
(0, chai_1.expect)(createdData.exchangeData.delegate).to.equal(selfId);
|
|
222
|
-
(0, chai_1.expect)(Object.keys((_a = createdData.exchangeData.delegatorSignature) !== null && _a !== void 0 ? _a : {})).to.have.length(1);
|
|
223
|
-
(0, chai_1.expect)(Object.keys(createdData.exchangeData.sharedSignatureKey)).to.have.length(1);
|
|
224
|
-
(0, chai_1.expect)(Object.keys(createdData.exchangeData.exchangeKey)).to.have.length(1);
|
|
225
|
-
(0, chai_1.expect)(Object.keys(createdData.exchangeData.accessControlSecret)).to.have.length(1);
|
|
226
|
-
});
|
|
227
|
-
}
|
|
228
|
-
yield doTest(true);
|
|
229
|
-
yield doTest(false);
|
|
230
|
-
});
|
|
231
|
-
});
|
|
232
|
-
it('should ignore unverified keys when creating new exchange data', function () {
|
|
233
|
-
return __awaiter(this, void 0, void 0, function* () {
|
|
234
|
-
function doTest(allowFullExchangeDataLoad) {
|
|
235
|
-
return __awaiter(this, void 0, void 0, function* () {
|
|
236
|
-
const delegateVerifiedKeys = yield generateEncryptionKeys(5);
|
|
237
|
-
const extraDelegateUnverifiedKeys = yield generateEncryptionKeys(5);
|
|
238
|
-
const extraDelegatorVerifiedKeys = yield generateEncryptionKeys(5);
|
|
239
|
-
const delegatorUnverifiedKeys = yield generateEncryptionKeys(5);
|
|
240
|
-
yield initialiseComponents(allowFullExchangeDataLoad, { verifiedDelegateKeys: new Set(delegateVerifiedKeys.map((x) => x.hexPub)) });
|
|
241
|
-
for (const keyData of [...delegateVerifiedKeys, ...extraDelegateUnverifiedKeys]) {
|
|
242
|
-
yield dataOwnerApi.addPublicKeyForOwner(delegateId, keyData.pair);
|
|
243
|
-
}
|
|
244
|
-
for (const keyData of extraDelegatorVerifiedKeys) {
|
|
245
|
-
yield dataOwnerApi.addPublicKeyForOwner(selfId, keyData.pair);
|
|
246
|
-
yield encryptionKeysManager.addOrUpdateKey(primitives, keyData.pair, true);
|
|
247
|
-
}
|
|
248
|
-
for (const keyData of delegatorUnverifiedKeys) {
|
|
249
|
-
yield dataOwnerApi.addPublicKeyForOwner(selfId, keyData.pair);
|
|
250
|
-
yield encryptionKeysManager.addOrUpdateKey(primitives, keyData.pair, false);
|
|
251
|
-
}
|
|
252
|
-
const created = yield exchangeData.getOrCreateEncryptionDataTo(delegateId);
|
|
253
|
-
(0, chai_1.expect)((0, collection_utils_1.setEquals)(new Set(Object.keys(created.exchangeData.exchangeKey)), new Set(Object.keys(created.exchangeData.accessControlSecret))), 'Keys used for encryption of exchange key and access control secret must be the same.').to.be.true;
|
|
254
|
-
(0, chai_1.expect)((0, collection_utils_1.setEquals)(new Set(Object.keys(created.exchangeData.exchangeKey)), new Set([...delegateVerifiedKeys.map((x) => x.fingerprintV2), ...extraDelegatorVerifiedKeys.map((x) => x.fingerprintV2), selfKeyFpV2])), 'Only verified keys of delegate and delegator should be used for encryption of exchange key and access control secret.').to.be.true;
|
|
255
|
-
for (const keyData of [{ pair: selfKeypair, fingerprintV2: selfKeyFpV1 }, ...extraDelegatorVerifiedKeys, ...delegateVerifiedKeys]) {
|
|
256
|
-
yield checkAesKeysEquality((yield baseExchangeData.tryDecryptExchangeKeys([created.exchangeData], { [keyData.fingerprintV2]: keyData.pair })).successfulDecryptions[0], created.exchangeKey);
|
|
257
|
-
(0, chai_1.expect)((yield baseExchangeData.tryDecryptAccessControlSecret([created.exchangeData], { [keyData.fingerprintV2]: keyData.pair }))
|
|
258
|
-
.successfulDecryptions[0]).to.equal(created.accessControlSecret);
|
|
259
|
-
}
|
|
260
|
-
});
|
|
261
|
-
}
|
|
262
|
-
yield doTest(true);
|
|
263
|
-
yield doTest(false);
|
|
264
|
-
});
|
|
265
|
-
});
|
|
266
|
-
it('should reuse existing exchange data for encryption when it can be verified', function () {
|
|
267
|
-
return __awaiter(this, void 0, void 0, function* () {
|
|
268
|
-
function doTest(allowFullExchangeDataLoad) {
|
|
269
|
-
return __awaiter(this, void 0, void 0, function* () {
|
|
270
|
-
yield initialiseComponents(allowFullExchangeDataLoad);
|
|
271
|
-
const createdData = yield exchangeData.getOrCreateEncryptionDataTo(delegateId);
|
|
272
|
-
yield exchangeData.clearOrRepopulateCache();
|
|
273
|
-
const countAfterCacheClear = exchangeDataApi.callCount;
|
|
274
|
-
const reloadedData = yield exchangeData.getOrCreateEncryptionDataTo(delegateId);
|
|
275
|
-
exchangeDataApi.compareCallCountFromBaseline(countAfterCacheClear, {
|
|
276
|
-
createExchangeData: 0,
|
|
277
|
-
getExchangeDataByDelegatorDelegate: allowFullExchangeDataLoad ? 0 : 1,
|
|
278
|
-
modifyExchangeData: 0,
|
|
279
|
-
getExchangeDataByIds: 0,
|
|
280
|
-
getExchangeDataByParticipant: 0,
|
|
281
|
-
});
|
|
282
|
-
yield checkDataEqual(reloadedData, createdData);
|
|
283
|
-
});
|
|
284
|
-
}
|
|
285
|
-
yield doTest(true);
|
|
286
|
-
yield doTest(false);
|
|
287
|
-
});
|
|
288
|
-
});
|
|
289
|
-
it('should create new exchange data for encryption when the existing data can not be verified due to unavailable verification key', function () {
|
|
290
|
-
return __awaiter(this, void 0, void 0, function* () {
|
|
291
|
-
function doTest(allowFullExchangeDataLoad) {
|
|
292
|
-
return __awaiter(this, void 0, void 0, function* () {
|
|
293
|
-
yield initialiseComponents(allowFullExchangeDataLoad);
|
|
294
|
-
const createdData = yield exchangeData.getOrCreateEncryptionDataTo(delegateId);
|
|
295
|
-
yield encryptionKeysManager.unverifyExistingKeysAndCreateNewVerified(primitives);
|
|
296
|
-
yield exchangeData.clearOrRepopulateCache();
|
|
297
|
-
const countAfterCacheClear = exchangeDataApi.callCount;
|
|
298
|
-
const newData = yield exchangeData.getOrCreateEncryptionDataTo(delegateId);
|
|
299
|
-
exchangeDataApi.compareCallCountFromBaseline(countAfterCacheClear, {
|
|
300
|
-
createExchangeData: 1,
|
|
301
|
-
getExchangeDataByDelegatorDelegate: allowFullExchangeDataLoad ? 0 : 1,
|
|
302
|
-
modifyExchangeData: 0,
|
|
303
|
-
getExchangeDataByIds: 0,
|
|
304
|
-
getExchangeDataByParticipant: 0,
|
|
305
|
-
});
|
|
306
|
-
(0, chai_1.expect)(_.isEqual(_.omit(createdData.exchangeData, ['rev']), _.omit(newData.exchangeData, ['rev']))).to.equal(false, 'Exchange data manager should have created new exchange data for encryption');
|
|
307
|
-
(0, chai_1.expect)((0, icc_x_api_1.ua2hex)(yield primitives.AES.exportKey(createdData.exchangeKey, 'raw'))).to.not.equal((0, icc_x_api_1.ua2hex)(yield primitives.AES.exportKey(newData.exchangeKey, 'raw')));
|
|
308
|
-
(0, chai_1.expect)(createdData.accessControlSecret).to.not.equal(newData.accessControlSecret);
|
|
309
|
-
});
|
|
310
|
-
}
|
|
311
|
-
yield doTest(true);
|
|
312
|
-
yield doTest(false);
|
|
313
|
-
});
|
|
314
|
-
});
|
|
315
|
-
it('should create new exchange data for encryption when the existing data can not be verified due to tampering of the encrypted access control secret and/or encrypted exchange key', function () {
|
|
316
|
-
return __awaiter(this, void 0, void 0, function* () {
|
|
317
|
-
function doTest(allowFullExchangeDataLoad, tamper) {
|
|
318
|
-
return __awaiter(this, void 0, void 0, function* () {
|
|
319
|
-
yield initialiseComponents(allowFullExchangeDataLoad);
|
|
320
|
-
const sfk = primitives.randomUuid();
|
|
321
|
-
const createdData = yield exchangeData.getOrCreateEncryptionDataTo(delegateId);
|
|
322
|
-
// Tamper with exchange data
|
|
323
|
-
yield exchangeDataApi.modifyExchangeData(yield tamper(createdData.exchangeData, selfKeypair, selfKeyFpV2));
|
|
324
|
-
yield exchangeData.clearOrRepopulateCache();
|
|
325
|
-
const countAfterCacheClear = exchangeDataApi.callCount;
|
|
326
|
-
const newData = yield exchangeData.getOrCreateEncryptionDataTo(delegateId);
|
|
327
|
-
exchangeDataApi.compareCallCountFromBaseline(countAfterCacheClear, {
|
|
328
|
-
createExchangeData: 1,
|
|
329
|
-
getExchangeDataByDelegatorDelegate: allowFullExchangeDataLoad ? 0 : 1,
|
|
330
|
-
modifyExchangeData: 0,
|
|
331
|
-
getExchangeDataByIds: 0,
|
|
332
|
-
getExchangeDataByParticipant: 0,
|
|
333
|
-
});
|
|
334
|
-
(0, chai_1.expect)(createdData.exchangeData.id).not.to.equal(newData.exchangeData.id, 'Exchange data manager should have created new exchange data for encryption');
|
|
335
|
-
(0, chai_1.expect)((0, icc_x_api_1.ua2hex)(yield primitives.AES.exportKey(createdData.exchangeKey, 'raw'))).to.not.equal((0, icc_x_api_1.ua2hex)(yield primitives.AES.exportKey(newData.exchangeKey, 'raw')));
|
|
336
|
-
(0, chai_1.expect)(createdData.accessControlSecret).to.not.equal(newData.accessControlSecret);
|
|
337
|
-
const updatedUnverifiedOldData = (yield exchangeData.getDecryptionDataKeyByIds([createdData.exchangeData.id], true))[createdData.exchangeData.id];
|
|
338
|
-
(0, chai_1.expect)(updatedUnverifiedOldData).to.not.be.undefined;
|
|
339
|
-
});
|
|
340
|
-
}
|
|
341
|
-
const extraKeyPair = yield primitives.RSA.generateKeyPair(icc_x_api_1.ShaVersion.Sha256);
|
|
342
|
-
const extraKeyPairFp = (0, utils_1.fingerprintV2)((0, icc_x_api_1.ua2hex)(yield primitives.RSA.exportKey(extraKeyPair.publicKey, 'spki')));
|
|
343
|
-
const fakeKey = primitives.randomBytes(16);
|
|
344
|
-
const tamperByChangingEncryptionKey = (exchangeData, selfKeyPair, selfKeyFp) => __awaiter(this, void 0, void 0, function* () {
|
|
345
|
-
return new ExchangeData_1.ExchangeData(Object.assign(Object.assign({}, exchangeData), { exchangeKey: Object.assign(Object.assign({}, exchangeData.exchangeKey), { [selfKeyFp]: (0, icc_x_api_1.ua2b64)(yield primitives.RSA.encrypt(selfKeyPair.publicKey, fakeKey)) }) }));
|
|
346
|
-
});
|
|
347
|
-
const tamperByChangingAccessControlSecret = (exchangeData, selfKeyPair, selfKeyFp) => __awaiter(this, void 0, void 0, function* () {
|
|
348
|
-
return new ExchangeData_1.ExchangeData(Object.assign(Object.assign({}, exchangeData), { accessControlSecret: Object.assign(Object.assign({}, exchangeData.accessControlSecret), { [selfKeyFp]: (0, icc_x_api_1.ua2b64)(yield primitives.RSA.encrypt(selfKeyPair.publicKey, fakeKey)) }) }));
|
|
349
|
-
});
|
|
350
|
-
const tamperByChangingBoth = (exchangeData, selfKeyPair, selfKeyFp) => __awaiter(this, void 0, void 0, function* () { return tamperByChangingEncryptionKey(yield tamperByChangingAccessControlSecret(exchangeData, selfKeyPair, selfKeyFp), selfKeyPair, selfKeyFp); });
|
|
351
|
-
const tamperByAddingEncryptionKey = (exchangeData) => __awaiter(this, void 0, void 0, function* () {
|
|
352
|
-
return new ExchangeData_1.ExchangeData(Object.assign(Object.assign({}, exchangeData), { exchangeKey: Object.assign(Object.assign({}, exchangeData.exchangeKey), { [extraKeyPairFp]: (0, icc_x_api_1.ua2b64)(yield primitives.RSA.encrypt(extraKeyPair.publicKey, fakeKey)) }) }));
|
|
353
|
-
});
|
|
354
|
-
yield doTest(true, tamperByChangingEncryptionKey);
|
|
355
|
-
yield doTest(false, tamperByChangingEncryptionKey);
|
|
356
|
-
yield doTest(true, tamperByChangingAccessControlSecret);
|
|
357
|
-
yield doTest(false, tamperByChangingAccessControlSecret);
|
|
358
|
-
yield doTest(true, tamperByChangingBoth);
|
|
359
|
-
yield doTest(false, tamperByChangingBoth);
|
|
360
|
-
yield doTest(true, tamperByAddingEncryptionKey);
|
|
361
|
-
yield doTest(false, tamperByAddingEncryptionKey);
|
|
362
|
-
});
|
|
363
|
-
});
|
|
364
|
-
it('should create new exchange data for encryption when the existing data can not be verified due to tampering of the delegate id', function () {
|
|
365
|
-
return __awaiter(this, void 0, void 0, function* () {
|
|
366
|
-
function doTest(allowFullExchangeDataLoad) {
|
|
367
|
-
return __awaiter(this, void 0, void 0, function* () {
|
|
368
|
-
yield initialiseComponents(allowFullExchangeDataLoad);
|
|
369
|
-
const createdData = yield exchangeData.getOrCreateEncryptionDataTo(delegateId);
|
|
370
|
-
// Tamper with exchange data
|
|
371
|
-
yield exchangeDataApi.modifyExchangeData(Object.assign(Object.assign({}, createdData.exchangeData), { delegate: delegate2Id }));
|
|
372
|
-
yield exchangeData.clearOrRepopulateCache();
|
|
373
|
-
const countAfterCacheClear = exchangeDataApi.callCount;
|
|
374
|
-
const newDataToDelegate = yield exchangeData.getOrCreateEncryptionDataTo(delegateId);
|
|
375
|
-
const newDataToDelegate2 = yield exchangeData.getOrCreateEncryptionDataTo(delegate2Id);
|
|
376
|
-
exchangeDataApi.compareCallCountFromBaseline(countAfterCacheClear, {
|
|
377
|
-
createExchangeData: 2,
|
|
378
|
-
getExchangeDataByDelegatorDelegate: allowFullExchangeDataLoad ? 0 : 2,
|
|
379
|
-
modifyExchangeData: 0,
|
|
380
|
-
getExchangeDataByIds: 0,
|
|
381
|
-
getExchangeDataByParticipant: 0,
|
|
382
|
-
});
|
|
383
|
-
(0, chai_1.expect)(createdData.exchangeData.id).to.not.equal(newDataToDelegate.exchangeData.id, 'Exchange data manager should have created new exchange data for encryption to delegate');
|
|
384
|
-
(0, chai_1.expect)(createdData.exchangeData.id).to.not.equal(newDataToDelegate2.exchangeData.id, 'Exchange data manager should have created new exchange data for encryption to delegate 2');
|
|
385
|
-
(0, chai_1.expect)((0, icc_x_api_1.ua2hex)(yield primitives.AES.exportKey(createdData.exchangeKey, 'raw'))).to.not.equal((0, icc_x_api_1.ua2hex)(yield primitives.AES.exportKey(newDataToDelegate.exchangeKey, 'raw')));
|
|
386
|
-
(0, chai_1.expect)((0, icc_x_api_1.ua2hex)(yield primitives.AES.exportKey(createdData.exchangeKey, 'raw'))).to.not.equal((0, icc_x_api_1.ua2hex)(yield primitives.AES.exportKey(newDataToDelegate2.exchangeKey, 'raw')));
|
|
387
|
-
(0, chai_1.expect)(createdData.accessControlSecret).to.not.equal(newDataToDelegate.accessControlSecret);
|
|
388
|
-
(0, chai_1.expect)(createdData.accessControlSecret).to.not.equal(newDataToDelegate2.accessControlSecret);
|
|
389
|
-
const updatedUnverifiedOldData = (yield exchangeData.getDecryptionDataKeyByIds([createdData.exchangeData.id], true))[createdData.exchangeData.id];
|
|
390
|
-
(0, chai_1.expect)(updatedUnverifiedOldData).to.not.be.undefined;
|
|
391
|
-
(0, chai_1.expect)((0, icc_x_api_1.ua2hex)(yield primitives.AES.exportKey(updatedUnverifiedOldData.exchangeKey, 'raw'))).to.equal((0, icc_x_api_1.ua2hex)(yield primitives.AES.exportKey(createdData.exchangeKey, 'raw')));
|
|
392
|
-
(0, chai_1.expect)(updatedUnverifiedOldData.accessControlSecret).to.equal(createdData.accessControlSecret);
|
|
393
|
-
});
|
|
394
|
-
}
|
|
395
|
-
yield doTest(true);
|
|
396
|
-
yield doTest(false);
|
|
397
|
-
});
|
|
398
|
-
});
|
|
399
|
-
it('should return existing exchange data keys for decryption even if the data authenticity could not be verified', function () {
|
|
400
|
-
return __awaiter(this, void 0, void 0, function* () {
|
|
401
|
-
function doTest(allowFullExchangeDataLoad) {
|
|
402
|
-
return __awaiter(this, void 0, void 0, function* () {
|
|
403
|
-
yield initialiseComponents(allowFullExchangeDataLoad);
|
|
404
|
-
const createdData1 = yield exchangeData.getOrCreateEncryptionDataTo(delegateId);
|
|
405
|
-
const createdData2 = yield createDataFromRandomToSelf();
|
|
406
|
-
yield encryptionKeysManager.unverifyExistingKeysAndCreateNewVerified(primitives);
|
|
407
|
-
yield exchangeData.clearOrRepopulateCache();
|
|
408
|
-
yield checkDataEqual((yield exchangeData.getDecryptionDataKeyByIds([createdData1.exchangeData.id], true))[createdData1.exchangeData.id], createdData1);
|
|
409
|
-
yield checkDataEqual((yield exchangeData.getDecryptionDataKeyByIds([createdData2.exchangeData.id], true))[createdData2.exchangeData.id], createdData2);
|
|
410
|
-
});
|
|
411
|
-
}
|
|
412
|
-
yield doTest(true);
|
|
413
|
-
yield doTest(false);
|
|
414
|
-
});
|
|
415
|
-
});
|
|
416
|
-
it('newly created data or data retrieved by id should be cached and retrievable by hash', function () {
|
|
417
|
-
return __awaiter(this, void 0, void 0, function* () {
|
|
418
|
-
function doTest(allowFullExchangeDataLoad) {
|
|
419
|
-
return __awaiter(this, void 0, void 0, function* () {
|
|
420
|
-
yield initialiseComponents(allowFullExchangeDataLoad);
|
|
421
|
-
const createdData1 = yield exchangeData.getOrCreateEncryptionDataTo(delegateId);
|
|
422
|
-
const hashes1 = yield accessControlSecretUtils.allSecureDelegationKeysFor(createdData1.accessControlSecret);
|
|
423
|
-
const retrievedKeys1 = yield exchangeData.getCachedDecryptionDataKeyByAccessControlHash(hashes1);
|
|
424
|
-
for (const hash of hashes1) {
|
|
425
|
-
yield checkDataEqual(retrievedKeys1[hash], createdData1);
|
|
426
|
-
}
|
|
427
|
-
if (!allowFullExchangeDataLoad) {
|
|
428
|
-
const createdData2 = yield createDataFromRandomToSelf();
|
|
429
|
-
const hashes2 = yield accessControlSecretUtils.allSecureDelegationKeysFor(createdData2.accessControlSecret);
|
|
430
|
-
yield checkDataEqual((yield exchangeData.getDecryptionDataKeyByIds([createdData2.exchangeData.id], true))[createdData2.exchangeData.id], createdData2);
|
|
431
|
-
const retrievedKeys2 = yield exchangeData.getCachedDecryptionDataKeyByAccessControlHash([...hashes1, ...hashes2]);
|
|
432
|
-
for (const hash of hashes2) {
|
|
433
|
-
yield checkDataEqual(retrievedKeys2[hash], createdData2);
|
|
434
|
-
}
|
|
435
|
-
}
|
|
436
|
-
});
|
|
437
|
-
}
|
|
438
|
-
yield doTest(true);
|
|
439
|
-
yield doTest(false);
|
|
440
|
-
});
|
|
441
|
-
});
|
|
442
|
-
it('if data can not be decrypted the retrieval method should return undefined', function () {
|
|
443
|
-
return __awaiter(this, void 0, void 0, function* () {
|
|
444
|
-
function doTest(allowFullExchangeDataLoad) {
|
|
445
|
-
return __awaiter(this, void 0, void 0, function* () {
|
|
446
|
-
yield initialiseComponents(allowFullExchangeDataLoad);
|
|
447
|
-
const createdBySelf = yield exchangeData.getOrCreateEncryptionDataTo(selfId);
|
|
448
|
-
const createdByOther = yield createDataFromRandomToSelf();
|
|
449
|
-
const newKey = yield primitives.RSA.generateKeyPair(icc_x_api_1.ShaVersion.Sha256);
|
|
450
|
-
yield dataOwnerApi.addPublicKeyForOwner(selfId, newKey);
|
|
451
|
-
// Simulate loss of key
|
|
452
|
-
encryptionKeysManager.deleteKey(selfKeyFpV1);
|
|
453
|
-
yield encryptionKeysManager.addOrUpdateKey(primitives, newKey, true);
|
|
454
|
-
yield exchangeData.clearOrRepopulateCache();
|
|
455
|
-
yield checkDataEqual((yield exchangeData.getDecryptionDataKeyByIds([createdBySelf.exchangeData.id], true))[createdBySelf.exchangeData.id], {
|
|
456
|
-
exchangeData: createdBySelf.exchangeData,
|
|
457
|
-
exchangeKey: undefined,
|
|
458
|
-
});
|
|
459
|
-
yield checkDataEqual((yield exchangeData.getDecryptionDataKeyByIds([createdByOther.exchangeData.id], true))[createdByOther.exchangeData.id], {
|
|
460
|
-
exchangeData: createdByOther.exchangeData,
|
|
461
|
-
exchangeKey: undefined,
|
|
462
|
-
});
|
|
463
|
-
});
|
|
464
|
-
}
|
|
465
|
-
yield doTest(true);
|
|
466
|
-
yield doTest(false);
|
|
467
|
-
});
|
|
468
|
-
});
|
|
469
|
-
it('unverified keys should still be usable for decryption of data', function () {
|
|
470
|
-
return __awaiter(this, void 0, void 0, function* () {
|
|
471
|
-
function doTest(allowFullExchangeDataLoad) {
|
|
472
|
-
return __awaiter(this, void 0, void 0, function* () {
|
|
473
|
-
yield initialiseComponents(allowFullExchangeDataLoad);
|
|
474
|
-
const createdBySelf = yield exchangeData.getOrCreateEncryptionDataTo(selfId);
|
|
475
|
-
const createdByOther = yield createDataFromRandomToSelf();
|
|
476
|
-
yield encryptionKeysManager.addOrUpdateKey(primitives, selfKeypair, false);
|
|
477
|
-
yield exchangeData.clearOrRepopulateCache();
|
|
478
|
-
yield checkDataEqual((yield exchangeData.getDecryptionDataKeyByIds([createdBySelf.exchangeData.id], true))[createdBySelf.exchangeData.id], createdBySelf);
|
|
479
|
-
yield checkDataEqual((yield exchangeData.getDecryptionDataKeyByIds([createdByOther.exchangeData.id], true))[createdByOther.exchangeData.id], createdByOther);
|
|
480
|
-
});
|
|
481
|
-
}
|
|
482
|
-
yield doTest(true);
|
|
483
|
-
yield doTest(false);
|
|
484
|
-
});
|
|
485
|
-
});
|
|
486
|
-
it('implementation with limited cache should trigger eviction of delegate and hash cache on eviction of data by id cache', function () {
|
|
487
|
-
return __awaiter(this, void 0, void 0, function* () {
|
|
488
|
-
yield initialiseComponents(false, { lruCacheSize: 3 });
|
|
489
|
-
const entityType = icc_x_api_1.EntityWithDelegationTypeName.Contact;
|
|
490
|
-
const sfks = [primitives.randomUuid(), primitives.randomUuid(), primitives.randomUuid()];
|
|
491
|
-
function verifyCached(data) {
|
|
492
|
-
return __awaiter(this, void 0, void 0, function* () {
|
|
493
|
-
const apiCallsBaseline = exchangeDataApi.callCount;
|
|
494
|
-
const hashes = yield accessControlSecretUtils.allSecureDelegationKeysFor(data.accessControlSecret);
|
|
495
|
-
for (const hash of hashes) {
|
|
496
|
-
yield checkDataEqual((yield exchangeData.getCachedDecryptionDataKeyByAccessControlHash([hash]))[hash], data);
|
|
497
|
-
}
|
|
498
|
-
if (data.exchangeData.delegator === selfId) {
|
|
499
|
-
yield checkDataEqual(yield exchangeData.getOrCreateEncryptionDataTo(data.exchangeData.delegate), data);
|
|
500
|
-
}
|
|
501
|
-
yield checkDataEqual((yield exchangeData.getDecryptionDataKeyByIds([data.exchangeData.id], true))[data.exchangeData.id], data);
|
|
502
|
-
exchangeDataApi.compareCallCountFromBaseline(apiCallsBaseline, {
|
|
503
|
-
getExchangeDataByIds: 0,
|
|
504
|
-
createExchangeData: 0,
|
|
505
|
-
modifyExchangeData: 0,
|
|
506
|
-
getExchangeDataByParticipant: 0,
|
|
507
|
-
getExchangeDataByDelegatorDelegate: 0,
|
|
508
|
-
});
|
|
509
|
-
});
|
|
510
|
-
}
|
|
511
|
-
function verifyNotCachedThenCache(data) {
|
|
512
|
-
return __awaiter(this, void 0, void 0, function* () {
|
|
513
|
-
const apiCallsBaseline = exchangeDataApi.callCount;
|
|
514
|
-
const hashes = [yield accessControlSecretUtils.secureDelegationKeyFor(data.accessControlSecret, entityType)];
|
|
515
|
-
for (const hash of hashes) {
|
|
516
|
-
(0, chai_1.expect)(Object.keys(yield exchangeData.getCachedDecryptionDataKeyByAccessControlHash([hash]))).to.have.length(0);
|
|
517
|
-
}
|
|
518
|
-
if (data.exchangeData.delegator === selfId) {
|
|
519
|
-
yield checkDataEqual(yield exchangeData.getOrCreateEncryptionDataTo(data.exchangeData.delegate), data);
|
|
520
|
-
exchangeDataApi.compareCallCountFromBaseline(apiCallsBaseline, {
|
|
521
|
-
getExchangeDataByIds: 0,
|
|
522
|
-
createExchangeData: 0,
|
|
523
|
-
modifyExchangeData: 0,
|
|
524
|
-
getExchangeDataByParticipant: 0,
|
|
525
|
-
getExchangeDataByDelegatorDelegate: 1,
|
|
526
|
-
});
|
|
527
|
-
}
|
|
528
|
-
else {
|
|
529
|
-
yield checkDataEqual((yield exchangeData.getDecryptionDataKeyByIds([data.exchangeData.id], true))[data.exchangeData.id], data);
|
|
530
|
-
exchangeDataApi.compareCallCountFromBaseline(apiCallsBaseline, {
|
|
531
|
-
getExchangeDataByIds: 1,
|
|
532
|
-
createExchangeData: 0,
|
|
533
|
-
modifyExchangeData: 0,
|
|
534
|
-
getExchangeDataByParticipant: 0,
|
|
535
|
-
getExchangeDataByDelegatorDelegate: 0,
|
|
536
|
-
});
|
|
537
|
-
}
|
|
538
|
-
});
|
|
539
|
-
}
|
|
540
|
-
const createdBySelf1 = yield exchangeData.getOrCreateEncryptionDataTo(selfId);
|
|
541
|
-
const createdBySelf2 = yield exchangeData.getOrCreateEncryptionDataTo(delegateId);
|
|
542
|
-
const createdByOther1 = yield createDataFromRandomToSelf(); // Not automatically cached: created by someone else
|
|
543
|
-
const createdByOther2 = yield createDataFromRandomToSelf(); // Not automatically cached: created by someone else
|
|
544
|
-
// noinspection DuplicatedCode
|
|
545
|
-
yield verifyCached(createdBySelf1);
|
|
546
|
-
yield verifyCached(createdBySelf2);
|
|
547
|
-
yield verifyNotCachedThenCache(createdByOther1);
|
|
548
|
-
yield verifyCached(createdBySelf1);
|
|
549
|
-
yield verifyCached(createdBySelf2);
|
|
550
|
-
yield verifyCached(createdByOther1);
|
|
551
|
-
yield verifyNotCachedThenCache(createdByOther2);
|
|
552
|
-
yield verifyCached(createdBySelf2);
|
|
553
|
-
yield verifyCached(createdByOther1);
|
|
554
|
-
yield verifyCached(createdByOther2);
|
|
555
|
-
yield verifyNotCachedThenCache(createdBySelf1);
|
|
556
|
-
yield verifyCached(createdByOther1);
|
|
557
|
-
yield verifyCached(createdByOther2);
|
|
558
|
-
yield verifyCached(createdBySelf1);
|
|
559
|
-
yield verifyNotCachedThenCache(createdBySelf2);
|
|
560
|
-
yield verifyCached(createdByOther2);
|
|
561
|
-
// noinspection DuplicatedCode
|
|
562
|
-
yield verifyCached(createdBySelf1);
|
|
563
|
-
yield verifyCached(createdBySelf2);
|
|
564
|
-
yield verifyNotCachedThenCache(createdByOther1);
|
|
565
|
-
yield verifyCached(createdBySelf1);
|
|
566
|
-
yield verifyCached(createdBySelf2);
|
|
567
|
-
yield verifyCached(createdByOther1);
|
|
568
|
-
yield verifyNotCachedThenCache(createdByOther2);
|
|
569
|
-
yield verifyCached(createdBySelf2);
|
|
570
|
-
yield verifyCached(createdByOther1);
|
|
571
|
-
yield verifyCached(createdByOther2);
|
|
572
|
-
});
|
|
573
|
-
});
|
|
574
|
-
it('implementation with unlimited cache should preload all existing exchange data on creation', function () {
|
|
575
|
-
return __awaiter(this, void 0, void 0, function* () {
|
|
576
|
-
yield initialiseComponents(true);
|
|
577
|
-
const createdBySelf = yield exchangeData.getOrCreateEncryptionDataTo(selfId);
|
|
578
|
-
const createdByOther = yield createDataFromRandomToSelf();
|
|
579
|
-
const recreatedExchangeData = yield (0, ExchangeDataManager_1.initialiseExchangeDataManagerForCurrentDataOwner)(baseExchangeData, encryptionKeysManager, accessControlSecretUtils, new TestCryptoStrategies_1.TestCryptoStrategies(), dataOwnerApi, primitives, true);
|
|
580
|
-
const apiCallsAfterCreation = exchangeDataApi.callCount;
|
|
581
|
-
yield checkDataEqual((yield recreatedExchangeData.getDecryptionDataKeyByIds([createdBySelf.exchangeData.id], false))[createdBySelf.exchangeData.id], createdBySelf);
|
|
582
|
-
yield checkDataEqual((yield recreatedExchangeData.getDecryptionDataKeyByIds([createdByOther.exchangeData.id], false))[createdByOther.exchangeData.id], createdByOther);
|
|
583
|
-
exchangeDataApi.compareCallCountFromBaseline(apiCallsAfterCreation, {
|
|
584
|
-
getExchangeDataByIds: 0,
|
|
585
|
-
createExchangeData: 0,
|
|
586
|
-
modifyExchangeData: 0,
|
|
587
|
-
getExchangeDataByParticipant: 0,
|
|
588
|
-
getExchangeDataByDelegatorDelegate: 0,
|
|
589
|
-
});
|
|
590
|
-
});
|
|
591
|
-
});
|
|
592
|
-
});
|
|
593
|
-
});
|
|
594
|
-
let env;
|
|
595
|
-
(0, mocha_1.describe)('Exchange data manager - e2e', function () {
|
|
596
|
-
return __awaiter(this, void 0, void 0, function* () {
|
|
597
|
-
before(function () {
|
|
598
|
-
return __awaiter(this, void 0, void 0, function* () {
|
|
599
|
-
this.timeout(600000);
|
|
600
|
-
const initializer = yield (0, test_utils_1.getEnvironmentInitializer)();
|
|
601
|
-
env = yield initializer.execute((0, types_1.getEnvVariables)());
|
|
602
|
-
});
|
|
603
|
-
});
|
|
604
|
-
it('give access back should not invalidate existing and valid exchange data', function () {
|
|
605
|
-
return __awaiter(this, void 0, void 0, function* () {
|
|
606
|
-
const hcp1Details = yield (0, test_utils_1.createNewHcpApi)(env);
|
|
607
|
-
const hcp2Details = yield (0, test_utils_1.createNewHcpApi)(env);
|
|
608
|
-
const ed1to2 = yield hcp1Details.api.cryptoApi.exchangeData.getOrCreateEncryptionDataTo(hcp2Details.credentials.dataOwnerId);
|
|
609
|
-
const ed2to1 = yield hcp2Details.api.cryptoApi.exchangeData.getOrCreateEncryptionDataTo(hcp1Details.credentials.dataOwnerId);
|
|
610
|
-
yield hcp1Details.api.cryptoApi.exchangeData.clearOrRepopulateCache();
|
|
611
|
-
yield hcp2Details.api.cryptoApi.exchangeData.clearOrRepopulateCache();
|
|
612
|
-
const newKeyPair = yield hcp1Details.api.cryptoApi.primitives.RSA.generateKeyPair(icc_x_api_1.ShaVersion.Sha256);
|
|
613
|
-
const exportedPub = (0, icc_x_api_1.ua2hex)(yield hcp1Details.api.cryptoApi.primitives.RSA.exportKey(newKeyPair.publicKey, 'spki'));
|
|
614
|
-
const hcp2 = yield hcp2Details.api.healthcarePartyApi.getHealthcareParty(hcp2Details.credentials.dataOwnerId);
|
|
615
|
-
yield hcp2Details.api.healthcarePartyApi.modifyHealthcareParty(Object.assign(Object.assign({}, hcp2), { publicKeysForOaepWithSha256: [...hcp2.publicKeysForOaepWithSha256, exportedPub] }));
|
|
616
|
-
yield hcp1Details.api.cryptoApi.exchangeData.giveAccessBackTo(hcp2Details.credentials.dataOwnerId, exportedPub);
|
|
617
|
-
yield hcp1Details.api.cryptoApi.exchangeData.clearOrRepopulateCache();
|
|
618
|
-
yield hcp2Details.api.cryptoApi.exchangeData.clearOrRepopulateCache();
|
|
619
|
-
const updatedEd1to2 = yield hcp1Details.api.cryptoApi.exchangeData.getOrCreateEncryptionDataTo(hcp2Details.credentials.dataOwnerId);
|
|
620
|
-
const updatedEd2to1 = yield hcp2Details.api.cryptoApi.exchangeData.getOrCreateEncryptionDataTo(hcp1Details.credentials.dataOwnerId);
|
|
621
|
-
(0, chai_1.expect)(updatedEd1to2.exchangeData.id).to.equal(ed1to2.exchangeData.id);
|
|
622
|
-
(0, chai_1.expect)(Object.keys(updatedEd2to1.exchangeData.exchangeKey).length).to.be.greaterThan(Object.keys(ed2to1.exchangeData.exchangeKey).length);
|
|
623
|
-
(0, chai_1.expect)(Object.keys(updatedEd2to1.exchangeData.exchangeKey).length).to.equal(Object.keys(updatedEd2to1.exchangeData.accessControlSecret).length);
|
|
624
|
-
(0, chai_1.expect)(Object.keys(updatedEd2to1.exchangeData.exchangeKey).length).to.equal(Object.keys(updatedEd2to1.exchangeData.sharedSignatureKey).length);
|
|
625
|
-
(0, chai_1.expect)(updatedEd2to1.exchangeData.id).to.equal(ed2to1.exchangeData.id);
|
|
626
|
-
(0, chai_1.expect)(Object.keys(updatedEd1to2.exchangeData.exchangeKey).length).to.be.greaterThan(Object.keys(ed1to2.exchangeData.exchangeKey).length);
|
|
627
|
-
(0, chai_1.expect)(Object.keys(updatedEd1to2.exchangeData.exchangeKey).length).to.equal(Object.keys(updatedEd1to2.exchangeData.accessControlSecret).length);
|
|
628
|
-
(0, chai_1.expect)(Object.keys(updatedEd1to2.exchangeData.exchangeKey).length).to.equal(Object.keys(updatedEd1to2.exchangeData.sharedSignatureKey).length);
|
|
629
|
-
});
|
|
630
|
-
});
|
|
631
|
-
it('invalid exchange data should not be re-validated by give access back', function () {
|
|
632
|
-
return __awaiter(this, void 0, void 0, function* () {
|
|
633
|
-
const hcp1Details = yield (0, test_utils_1.createNewHcpApi)(env);
|
|
634
|
-
const hcp2Details = yield (0, test_utils_1.createNewHcpApi)(env);
|
|
635
|
-
const ed1to2 = yield hcp1Details.api.cryptoApi.exchangeData.getOrCreateEncryptionDataTo(hcp2Details.credentials.dataOwnerId);
|
|
636
|
-
const ed2to1 = yield hcp2Details.api.cryptoApi.exchangeData.getOrCreateEncryptionDataTo(hcp1Details.credentials.dataOwnerId);
|
|
637
|
-
yield hcp1Details.api.cryptoApi.exchangeData.clearOrRepopulateCache();
|
|
638
|
-
yield hcp2Details.api.cryptoApi.exchangeData.clearOrRepopulateCache();
|
|
639
|
-
const exchangeDataApi = new IccExchangeDataApi_1.IccExchangeDataApi(env.iCureUrl, {}, hcp1Details.api.authApi.authenticationProvider, fetch);
|
|
640
|
-
const extraKeyPair = yield hcp1Details.api.cryptoApi.primitives.RSA.generateKeyPair(icc_x_api_1.ShaVersion.Sha256);
|
|
641
|
-
const extraKeyPairPub = (0, icc_x_api_1.ua2hex)(yield hcp1Details.api.cryptoApi.primitives.RSA.exportKey(extraKeyPair.publicKey, 'spki'));
|
|
642
|
-
const extraKeyPairFp = (0, utils_1.fingerprintV2)(extraKeyPairPub);
|
|
643
|
-
const fakeData = yield hcp1Details.api.cryptoApi.primitives.randomBytes(16);
|
|
644
|
-
function tamperWithData(data) {
|
|
645
|
-
return __awaiter(this, void 0, void 0, function* () {
|
|
646
|
-
yield exchangeDataApi.modifyExchangeData(Object.assign(Object.assign({}, data), { exchangeKey: Object.assign(Object.assign({}, data.exchangeKey), { [extraKeyPairFp]: (0, icc_x_api_1.ua2b64)(yield hcp1Details.api.cryptoApi.primitives.RSA.encrypt(extraKeyPair.publicKey, fakeData)) }), accessControlSecret: Object.assign(Object.assign({}, data.accessControlSecret), { [extraKeyPairFp]: (0, icc_x_api_1.ua2b64)(yield hcp1Details.api.cryptoApi.primitives.RSA.encrypt(extraKeyPair.publicKey, fakeData)) }), sharedSignatureKey: Object.assign(Object.assign({}, data.sharedSignatureKey), { [extraKeyPairFp]: (0, icc_x_api_1.ua2b64)(yield hcp1Details.api.cryptoApi.primitives.RSA.encrypt(extraKeyPair.publicKey, fakeData)) }) }));
|
|
647
|
-
});
|
|
648
|
-
}
|
|
649
|
-
yield tamperWithData(ed1to2.exchangeData);
|
|
650
|
-
yield tamperWithData(ed2to1.exchangeData);
|
|
651
|
-
const newKeyPair = yield hcp1Details.api.cryptoApi.primitives.RSA.generateKeyPair(icc_x_api_1.ShaVersion.Sha256);
|
|
652
|
-
const exportedPub = (0, icc_x_api_1.ua2hex)(yield hcp1Details.api.cryptoApi.primitives.RSA.exportKey(newKeyPair.publicKey, 'spki'));
|
|
653
|
-
const hcp2 = yield hcp2Details.api.healthcarePartyApi.getHealthcareParty(hcp2Details.credentials.dataOwnerId);
|
|
654
|
-
yield hcp2Details.api.healthcarePartyApi.modifyHealthcareParty(Object.assign(Object.assign({}, hcp2), { publicKeysForOaepWithSha256: [...hcp2.publicKeysForOaepWithSha256, exportedPub, extraKeyPairPub] }));
|
|
655
|
-
yield hcp1Details.api.cryptoApi.exchangeData.giveAccessBackTo(hcp2Details.credentials.dataOwnerId, exportedPub);
|
|
656
|
-
yield hcp1Details.api.cryptoApi.exchangeData.clearOrRepopulateCache();
|
|
657
|
-
yield hcp2Details.api.cryptoApi.exchangeData.clearOrRepopulateCache();
|
|
658
|
-
const updatedEd1to2 = yield hcp1Details.api.cryptoApi.exchangeData.getOrCreateEncryptionDataTo(hcp2Details.credentials.dataOwnerId);
|
|
659
|
-
const updatedEd2to1 = yield hcp2Details.api.cryptoApi.exchangeData.getOrCreateEncryptionDataTo(hcp1Details.credentials.dataOwnerId);
|
|
660
|
-
(0, chai_1.expect)(updatedEd1to2.exchangeData.id).to.not.equal(ed1to2.exchangeData.id);
|
|
661
|
-
(0, chai_1.expect)(updatedEd2to1.exchangeData.id).to.not.equal(ed2to1.exchangeData.id);
|
|
662
|
-
const decData1to2 = (yield hcp1Details.api.cryptoApi.exchangeData.getDecryptionDataKeyByIds([ed1to2.exchangeData.id], true))[ed1to2.exchangeData.id];
|
|
663
|
-
(0, chai_1.expect)(decData1to2).to.not.be.undefined;
|
|
664
|
-
(0, chai_1.expect)(decData1to2.exchangeKey).to.not.be.undefined;
|
|
665
|
-
(0, chai_1.expect)(decData1to2.accessControlSecret).to.not.be.undefined;
|
|
666
|
-
const decData2to1 = (yield hcp2Details.api.cryptoApi.exchangeData.getDecryptionDataKeyByIds([ed2to1.exchangeData.id], true))[ed2to1.exchangeData.id];
|
|
667
|
-
(0, chai_1.expect)(decData2to1).to.not.be.undefined;
|
|
668
|
-
(0, chai_1.expect)(decData2to1.exchangeKey).to.not.be.undefined;
|
|
669
|
-
(0, chai_1.expect)(decData2to1.accessControlSecret).to.not.be.undefined;
|
|
670
|
-
});
|
|
671
|
-
});
|
|
672
|
-
});
|
|
673
|
-
});
|
|
674
|
-
//# sourceMappingURL=exchange-data-manager-test.js.map
|