@icure/api 8.6.3 → 8.6.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (78) hide show
  1. package/icc-api/model/ModelHelper.d.ts +1 -1
  2. package/icc-api/model/ModelHelper.js +15 -2
  3. package/icc-api/model/ModelHelper.js.map +1 -1
  4. package/icc-api/model/User.d.ts +1 -0
  5. package/icc-api/model/User.js.map +1 -1
  6. package/icc-x-api/crypto/AES.js +1 -1
  7. package/icc-x-api/crypto/AES.js.map +1 -1
  8. package/icc-x-api/crypto/BaseExchangeDataManager.js +14 -14
  9. package/icc-x-api/crypto/BaseExchangeDataManager.js.map +1 -1
  10. package/icc-x-api/crypto/BaseExchangeKeysManager.js +1 -1
  11. package/icc-x-api/crypto/BaseExchangeKeysManager.js.map +1 -1
  12. package/icc-x-api/crypto/CryptoPrimitives.js +3 -2
  13. package/icc-x-api/crypto/CryptoPrimitives.js.map +1 -1
  14. package/icc-x-api/crypto/ExchangeDataManager.js +3 -3
  15. package/icc-x-api/crypto/ExchangeDataManager.js.map +1 -1
  16. package/icc-x-api/crypto/ExtendedApisUtilsImpl.js +1 -1
  17. package/icc-x-api/crypto/ExtendedApisUtilsImpl.js.map +1 -1
  18. package/icc-x-api/crypto/KeyRecovery.js +3 -3
  19. package/icc-x-api/crypto/KeyRecovery.js.map +1 -1
  20. package/icc-x-api/crypto/NativeCryptoPrimitivesBridge.js +13 -13
  21. package/icc-x-api/crypto/NativeCryptoPrimitivesBridge.js.map +1 -1
  22. package/icc-x-api/crypto/RSA.js +2 -2
  23. package/icc-x-api/crypto/RSA.js.map +1 -1
  24. package/icc-x-api/crypto/RecoveryDataEncryption.js +5 -5
  25. package/icc-x-api/crypto/RecoveryDataEncryption.js.map +1 -1
  26. package/icc-x-api/crypto/SecureDelegationsManager.js +1 -1
  27. package/icc-x-api/crypto/SecureDelegationsManager.js.map +1 -1
  28. package/icc-x-api/crypto/ShamirKeysManager.js +1 -1
  29. package/icc-x-api/crypto/ShamirKeysManager.js.map +1 -1
  30. package/icc-x-api/crypto/utils.js +1 -1
  31. package/icc-x-api/crypto/utils.js.map +1 -1
  32. package/icc-x-api/filters/HealthElementByHcPartyCodeFilter.d.ts +24 -0
  33. package/icc-x-api/filters/HealthElementByHcPartyCodeFilter.js +24 -0
  34. package/icc-x-api/filters/HealthElementByHcPartyCodeFilter.js.map +1 -0
  35. package/icc-x-api/filters/HealthElementByHcPartyIdentifiersVersioningFilter.d.ts +22 -0
  36. package/icc-x-api/filters/HealthElementByHcPartyIdentifiersVersioningFilter.js +24 -0
  37. package/icc-x-api/filters/HealthElementByHcPartyIdentifiersVersioningFilter.js.map +1 -0
  38. package/icc-x-api/filters/HealthElementByHcPartyStatusVersioningFilter.d.ts +21 -0
  39. package/icc-x-api/filters/HealthElementByHcPartyStatusVersioningFilter.js +24 -0
  40. package/icc-x-api/filters/HealthElementByHcPartyStatusVersioningFilter.js.map +1 -0
  41. package/icc-x-api/filters/HealthElementByHcPartyTagFilter.d.ts +24 -0
  42. package/icc-x-api/filters/HealthElementByHcPartyTagFilter.js +24 -0
  43. package/icc-x-api/filters/HealthElementByHcPartyTagFilter.js.map +1 -0
  44. package/icc-x-api/filters/VersionFiltering.d.ts +14 -0
  45. package/icc-x-api/filters/VersionFiltering.js +19 -0
  46. package/icc-x-api/filters/VersionFiltering.js.map +1 -0
  47. package/icc-x-api/filters/filters.d.ts +8 -4
  48. package/icc-x-api/filters/filters.js +4 -0
  49. package/icc-x-api/filters/filters.js.map +1 -1
  50. package/icc-x-api/icc-receipt-x-api.js +1 -1
  51. package/icc-x-api/icc-receipt-x-api.js.map +1 -1
  52. package/icc-x-api/utils/binary-utils.js +1 -1
  53. package/icc-x-api/utils/binary-utils.js.map +1 -1
  54. package/package.json +1 -1
  55. package/test/icc-api/api/IccAnonymousAccessApi.js +1 -1
  56. package/test/icc-api/api/IccAnonymousAccessApi.js.map +1 -1
  57. package/test/icc-api/api/IccDocumentApi.js +13 -12
  58. package/test/icc-api/api/IccDocumentApi.js.map +1 -1
  59. package/test/icc-x-api/crud/comprehensive-crud-test.js +2 -2
  60. package/test/icc-x-api/crud/comprehensive-crud-test.js.map +1 -1
  61. package/test/icc-x-api/crypto/crypto-utils.js +1 -1
  62. package/test/icc-x-api/crypto/crypto-utils.js.map +1 -1
  63. package/test/icc-x-api/crypto/soft-deleted-data-owners.js +1 -1
  64. package/test/icc-x-api/crypto/soft-deleted-data-owners.js.map +1 -1
  65. package/test/icc-x-api/crypto/user-encryption-keys-manager-test.js +1 -1
  66. package/test/icc-x-api/crypto/user-encryption-keys-manager-test.js.map +1 -1
  67. package/test/icc-x-api/filters/healthelement.d.ts +1 -0
  68. package/test/icc-x-api/filters/healthelement.js +333 -0
  69. package/test/icc-x-api/filters/healthelement.js.map +1 -0
  70. package/test/icc-x-api/test-legacy-data-support.js +4 -4
  71. package/test/icc-x-api/test-legacy-data-support.js.map +1 -1
  72. package/test/utils/TestCryptoStrategies.js +1 -1
  73. package/test/utils/TestCryptoStrategies.js.map +1 -1
  74. package/test/utils/roles.d.ts +1 -0
  75. package/test/utils/roles.js +1 -0
  76. package/test/utils/roles.js.map +1 -1
  77. package/test/utils/test_utils.js +2 -2
  78. package/test/utils/test_utils.js.map +1 -1
@@ -1 +1 @@
1
- {"version":3,"file":"BaseExchangeKeysManager.js","sourceRoot":"","sources":["../../../icc-x-api/crypto/BaseExchangeKeysManager.ts"],"names":[],"mappings":";;;;;;;;;;;;AACA,oCAAwD;AAIxD,mCAA4D;AAI5D;;;;GAIG;AACH,MAAa,uBAAuB;IAQlC,YACE,UAA4B,EAC5B,YAA8B,EAC9B,cAA6B,EAC7B,cAA6B,EAC7B,aAA2B;QAZZ,8BAAyB,GAAwC,EAAE,CAAA;QAclF,IAAI,CAAC,UAAU,GAAG,UAAU,CAAA;QAC5B,IAAI,CAAC,YAAY,GAAG,YAAY,CAAA;QAChC,IAAI,CAAC,cAAc,GAAG,cAAc,CAAA;QACpC,IAAI,CAAC,cAAc,GAAG,cAAc,CAAA;QACpC,IAAI,CAAC,aAAa,GAAG,aAAa,CAAA;IACpC,CAAC;IAED;;;;;;;OAOG;IACG,gBAAgB,CACpB,cAAsB,EACtB,qBAA6B,EAC7B,qBAA6E;;YAE7E,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,qBAAqB,EAAE,CAAA;YAC9D,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,kBAAkB,CAAC,cAAc,CAAC,CAAA;YACxE,MAAM,iBAAiB,GAAG,IAAA,2BAAmB,EAAC,KAAK,CAAC,IAAI,EAAE,qBAAqB,CAAC,CAAA;YAChF,IAAI,CAAC,iBAAiB;gBAAE,MAAM,IAAI,KAAK,CAAC,uCAAuC,cAAc,EAAE,CAAC,CAAA;YAChG,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,SAAS,CAAC,MAAM,EAAE,IAAA,cAAM,EAAC,qBAAqB,CAAC,EAAE,CAAC,SAAS,CAAC,EAAE,iBAAiB,CAAC,CAAA;YAC/H,MAAM,IAAI,CAAC,yBAAyB,CAAC,MAAM,EAAE,cAAc,EAAE,IAAA,qBAAa,EAAC,qBAAqB,CAAC,EAAE,YAAY,EAAE,qBAAqB,CAAC,CAAA;YACvI,MAAM,IAAI,CAAC,yBAAyB,CAAC,cAAc,EAAE,MAAM,EAAE,IAAA,qBAAa,EAAC,qBAAqB,CAAC,EAAE,YAAY,EAAE,qBAAqB,CAAC,CAAA;QACzI,CAAC;KAAA;IAED;;;;;OAKG;IACG,2BAA2B,CAAC,WAAmB,EAAE,UAAkB;;;YACvE,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,kBAAkB,CAAC,WAAW,CAAC,CAAA;YACzE,MAAM,GAAG,GAAiD,MAAM,CAAC,MAAM,CAAC,MAAA,SAAS,CAAC,IAAI,CAAC,eAAe,mCAAI,EAAE,CAAC,CAAC,OAAO,CAAC,CAAC,aAAa,EAAE,EAAE;gBACtI,MAAM,uBAAuB,GAAG,aAAa,CAAC,UAAU,CAAC,CAAA;gBACzD,IAAI,uBAAuB,EAAE,CAAC;oBAC5B,OAAO,CAAC,uBAAuB,CAAC,CAAA;gBAClC,CAAC;qBAAM,CAAC;oBACN,OAAO,EAAE,CAAA;gBACX,CAAC;YACH,CAAC,CAAC,CAAA;YACF,MAAM,gBAAgB,GAAG,MAAA,MAAA,SAAS,CAAC,IAAI,CAAC,WAAW,0CAAG,UAAU,CAAC,0CAAG,CAAC,CAAC,CAAA;YACtE,IAAI,gBAAgB;gBAAE,GAAG,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,gBAAgB,EAAE,CAAC,CAAA;YACxD,OAAO,GAAG,CAAA;QACZ,CAAC;KAAA;IAED;;;;;OAKG;IACG,sBAAsB,CAC1B,WAAmB,EACnB,eAA2C;;YAK3C,IAAI,eAAe,IAAI,IAAI,IAAI,eAAe,CAAC,MAAM,KAAK,CAAC;gBAAE,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAA;YAClH,MAAM,WAAW,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC;gBACpC,eAAe,IAAI,IAAI,IAAI,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,KAAK,CAAC;oBACjE,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,6BAA6B,CAAC,WAAW,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC;oBAChF,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;gBACvB,eAAe,IAAI,IAAI,IAAI,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,SAAS,CAAC;oBACrE,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,oCAAoC,CAAC,WAAW,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC;oBACvF,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;gBACvB,eAAe,IAAI,IAAI,IAAI,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,QAAQ,CAAC;oBACpE,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,mCAAmC,CAAC,WAAW,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC;oBACrF,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;aACxB,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,8CAAK,CAAC,GAAK,CAAC,GAAK,CAAC,CAA0F,CAAA,CAAC,CAAA;YACrI,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,kBAAkB,CAAC,WAAW,CAAC,CAAA;YACzE,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,uCAAuC,CAAC,SAAS,CAAC,IAAI,EAAE,SAAS,EAAE,KAAK,CAAC,CAAA;YACzG,MAAM,iBAAiB,GAAG,IAAI,GAAG,CAC/B,MAAM,KAAK,CAAC,IAAI,CAAC,IAAI,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAO,GAAG,EAAE,OAAO,EAAE,EAAE;gBAClH,MAAM,UAAU,GAAG,MAAM,GAAG,CAAA;gBAC5B,IAAI,OAAO,KAAK,WAAW,IAAI,eAAe,IAAI,IAAI,EAAE,CAAC;oBACvD,OAAO,CAAC,GAAG,UAAU,EAAE,OAAO,CAAC,CAAA;gBACjC,CAAC;qBAAM,CAAC;oBACN,IAAI,CAAC;wBACH,MAAM,aAAa,GAAsB,CAAC,MAAM,IAAI,CAAC,YAAY,CAAC,kBAAkB,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAA;wBACnG,IAAI,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,aAAa,CAAC,EAAE,CAAC;4BACrD,OAAO,CAAC,GAAG,UAAU,EAAE,OAAO,CAAC,CAAA;wBACjC,CAAC;;4BAAM,OAAO,UAAU,CAAA;oBAC1B,CAAC;oBAAC,OAAO,CAAC,EAAE,CAAC;wBACX,OAAO,UAAU,CAAA;oBACnB,CAAC;gBACH,CAAC;YACH,CAAC,CAAA,EAAE,OAAO,CAAC,OAAO,CAAC,EAAc,CAAC,CAAC,CACpC,CAAA;YACD,MAAM,aAAa,GAAG,MAAM,CAAC,WAAW,CACtC,MAAM,CAAC,OAAO,CAAC,YAAY,CAAC;iBACzB,GAAG,CAAC,CAAC,CAAC,eAAe,EAAE,cAAc,CAAC,EAAE,EAAE,CAAC;gBAC1C,eAAe;gBACf,MAAM,CAAC,WAAW,CAChB,MAAM,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,UAAU,CAAC,EAAE,EAAE,CAAC,iBAAiB,CAAC,GAAG,CAAC,UAAU,CAAC,CAAwC,CAClI;aACF,CAAC;iBACD,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAyD,CACxG,CAAA;YACD,OAAO,EAAE,WAAW,EAAE,aAAa,EAAE,CAAA;QACvC,CAAC;KAAA;IAED;;;;;OAKG;IACG,sBAAsB,CAC1B,qBAAmE,EACnE,qBAA6E;;YAK7E,MAAM,IAAI,GAAG,IAAI,GAAG,EAAU,CAAA;YAC9B,MAAM,GAAG,GAGL,EAAE,qBAAqB,EAAE,EAAE,EAAE,iBAAiB,EAAE,EAAE,EAAE,CAAA;YACxD,KAAK,MAAM,oBAAoB,IAAI,qBAAqB,EAAE,CAAC;gBACzD,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,qBAAqB,CAAC,oBAAoB,EAAE,qBAAqB,CAAC,CAAA;gBAC/F,IAAI,SAAS,KAAK,SAAS,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,EAAE,CAAC;oBACxD,IAAI,CAAC,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAA;oBACvB,GAAG,CAAC,qBAAqB,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAA;gBAC/C,CAAC;qBAAM,CAAC;oBACN,GAAG,CAAC,iBAAiB,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAA;gBAClD,CAAC;YACH,CAAC;YACD,OAAO,GAAG,CAAA;QACZ,CAAC;KAAA;IAEa,yBAAyB,CACrC,WAAmB,EACnB,UAAkB,EAClB,cAAsB,EACtB,YAAuB,EACvB,+BAAuF;;YAEvF,MAAM,IAAA,qBAAa,EAAC,IAAI,CAAC,yBAAyB,EAAE,WAAW,EAAE,GAAS,EAAE;gBAC1E,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,kBAAkB,CAAC,WAAW,CAAC,CAAA;gBACzE,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,kBAAkB,CAAC,UAAU,CAAC,CAAA;gBACvE,IAAI,gBAAgB,GAAG,KAAK,CAAA;gBAC5B,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,uCAAuC,CAAC,SAAS,CAAC,IAAI,EAAE,QAAQ,CAAC,IAAI,EAAE,IAAI,CAAC,CAAA;gBAC5G,MAAM,mBAAmB,GAAsF,EAAE,CAAA;gBACjH,MAAM,iBAAiB,GAAG,EAAE,CAAC,cAAc,CAAC,EAAE,YAAY,EAAE,CAAA;gBAC5D,KAAK,MAAM,CAAC,gBAAgB,EAAE,mBAAmB,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,YAAY,CAAC,EAAE,CAAC;oBACnF,MAAM,sBAAsB,GAA0D,EAAE,CAAA;oBACxF,KAAK,MAAM,CAAC,cAAc,EAAE,gBAAgB,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,mBAAmB,CAAC,EAAE,CAAC;wBACrF,IAAI,UAAU,KAAK,cAAc,IAAI,cAAc,IAAI,gBAAgB,EAAE,CAAC;4BACxE,sBAAsB,CAAC,cAAc,CAAC,GAAG,gBAAgB,CAAA;wBAC3D,CAAC;6BAAM,CAAC;4BACN,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,qBAAqB,CAAC,gBAAgB,EAAE,+BAA+B,CAAC,CAAA;4BACrG,IAAI,SAAS,EAAE,CAAC;gCACd,gBAAgB,GAAG,IAAI,CAAA;gCACvB,sBAAsB,CAAC,cAAc,CAAC,mCACjC,gBAAgB,GAChB,CAAC,MAAM,IAAI,CAAC,kBAAkB,CAAC,SAAS,EAAE,iBAAiB,CAAC,CAAC,CAAC,oBAAoB,CACtF,CAAA;4BACH,CAAC;iCAAM,CAAC;gCACN,sBAAsB,CAAC,cAAc,CAAC,GAAG,gBAAgB,CAAA;4BAC3D,CAAC;wBACH,CAAC;oBACH,CAAC;oBACD,mBAAmB,CAAC,gBAAgB,CAAC,GAAG,sBAAsB,CAAA;gBAChE,CAAC;gBACD,IAAI,gBAAgB,EAAE,CAAC;oBACrB,MAAM,IAAI,CAAC,YAAY,CAAC,qBAAqB,CAAC;wBAC5C,IAAI,EAAE,SAAS,CAAC,IAAI;wBACpB,IAAI,kCACC,SAAS,CAAC,IAAI,KACjB,eAAe,EAAE,mBAAmB,GACrC;qBACF,CAAC,CAAA;gBACJ,CAAC;YACH,CAAC,CAAA,CAAC,CAAA;QACJ,CAAC;KAAA;IAED;;;;;;OAMG;IACW,qBAAqB,CACjC,oBAAgE,EAChE,qBAA6E;;YAE7E,KAAK,MAAM,CAAC,QAAQ,EAAE,SAAS,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,oBAAoB,CAAC,EAAE,CAAC;gBACzE,kHAAkH;gBAClH,MAAM,EAAE,GAAG,IAAA,qBAAa,EAAC,QAAQ,CAAC,CAAA;gBAClC,MAAM,OAAO,GAAG,qBAAqB,CAAC,EAAE,CAAC,CAAA;gBACzC,IAAI,OAAO,KAAK,SAAS,EAAE,CAAC;oBAC1B,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,yBAAyB,CAAC,SAAS,EAAE,OAAO,EAAE,EAAE,CAAC,CAAA;oBACxE,IAAI,GAAG,KAAK,SAAS;wBAAE,OAAO,GAAG,CAAA;gBACnC,CAAC;YACH,CAAC;YACD,MAAM,mBAAmB,GAAG,oBAAoB,CAAC,EAAE,CAAC,CAAA;YACpD,IAAI,mBAAmB,KAAK,SAAS,EAAE,CAAC;gBACtC,KAAK,MAAM,OAAO,IAAI,MAAM,CAAC,MAAM,CAAC,qBAAqB,CAAC,EAAE,CAAC;oBAC3D,oEAAoE;oBACpE,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,yBAAyB,CAAC,mBAAmB,EAAE,OAAO,EAAE,SAAS,CAAC,CAAA;oBACzF,IAAI,GAAG,KAAK,SAAS;wBAAE,OAAO,GAAG,CAAA;gBACnC,CAAC;YACH,CAAC;YACD,OAAO,SAAS,CAAA;QAClB,CAAC;KAAA;IAED;;;;;OAKG;IACW,kBAAkB,CAC9B,WAAwD,EACxD,UAAmD;;;YAKnD,MAAM,iBAAiB,GAAG,MAAA,WAAW,aAAX,WAAW,uBAAX,WAAW,CAAE,GAAG,mCAAI,CAAC,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,iBAAiB,CAAC,KAAK,CAAC,CAAC,CAAA;YAClG,MAAM,gBAAgB,GAAG,WAAW,KAAK,SAAS,CAAC,CAAC,CAAC,IAAA,cAAM,EAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,SAAS,CAAC,iBAAiB,EAAE,KAAK,CAAC,CAAA;YAC5I,MAAM,oBAAoB,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,MAAM,CAClE,YAAkC,EAAE,iDAA7B,GAAG,EAAE,CAAC,SAAS,EAAE,OAAO,CAAC;gBAAK,OAAA,iCAChC,CAAC,MAAM,GAAG,CAAC,KACd,CAAC,SAAS,CAAC,EAAE,IAAA,cAAM,EAAC,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,OAAO,EAAE,IAAI,UAAU,CAAC,gBAAgB,CAAC,CAAC,CAAC,IACjG,CAAA;cAAA,EACF,OAAO,CAAC,OAAO,CAAC,EAAoC,CAAC,CACtD,CAAA;YACD,OAAO,EAAE,WAAW,EAAE,iBAAiB,EAAE,oBAAoB,EAAE,CAAA;QACjE,CAAC;KAAA;IAED;;;;;;;;;OASG;IACW,yBAAyB,CACrC,iBAAyB,EACzB,OAA2B,EAC3B,SAA6B,CAAC,iGAAiG;;;YAE/H,IAAI,CAAC;gBACH,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,OAAO,CAAC,UAAU,EAAE,IAAA,cAAM,EAAC,iBAAiB,CAAC,CAAC,CAAA;gBAClG,OAAO,EAAE,GAAG,EAAE,IAAA,cAAM,EAAC,SAAS,CAAC,EAAE,GAAG,EAAE,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,SAAS,CAAC,KAAK,EAAE,SAAS,CAAC,EAAE,CAAA;YAC/F,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC;gBACX,IAAI,SAAS,EAAE,CAAC;oBACd,OAAO,CAAC,KAAK,CAAC,4CAA4C,iBAAiB,+BAA+B,SAAS,GAAG,EAAE,CAAC,CAAC,CAAA;gBAC5H,CAAC;YACH,CAAC;QACH,CAAC;KAAA;IACD,mEAAmE;IACrD,uCAAuC,CACnD,KAAsB,EACtB,QAAqC,EACrC,qBAA8B;;;YAE9B,MAAM,oBAAoB,GAAG,KAAK,CAAC,SAAS,CAAA;YAC5C,IAAI,oBAAoB,IAAI,SAAS,IAAI,CAAC,CAAC,MAAA,KAAK,CAAC,eAAe,mCAAI,EAAE,CAAC,CAAC,oBAAoB,CAAC,EAAE,CAAC;gBAC9F;;;;mBAIG;gBACH,MAAM,gBAAgB,GAAsC,EAAE,CAAA;gBAC9D,IAAI,qBAAqB,EAAE,CAAC;oBAC1B,gBAAgB,CAAC,KAAK,CAAC,EAAG,CAAC,GAAG,KAAK,CAAA;oBACnC,IAAI,QAAQ,EAAE,CAAC;wBACb,gBAAgB,CAAC,QAAQ,CAAC,EAAG,CAAC,GAAG,QAAQ,CAAA;oBAC3C,CAAC;oBACD,KAAK,MAAM,KAAK,IAAI,MAAM,CAAC,IAAI,CAAC,MAAA,KAAK,CAAC,WAAW,mCAAI,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,KAAK,CAAC,EAAE,IAAI,CAAC,MAAK,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,EAAE,CAAA,CAAC,EAAE,CAAC;wBAC7G,IAAI,CAAC;4BACH,gBAAgB,CAAC,KAAK,CAAC,GAAG,CAAC,MAAM,IAAI,CAAC,YAAY,CAAC,kBAAkB,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAA;wBACpF,CAAC;wBAAC,WAAM,CAAC;4BACP,SAAS;wBACX,CAAC;oBACH,CAAC;gBACH,CAAC;gBACD,uBACE,CAAC,oBAAoB,CAAC,EAAE,MAAM,CAAC,OAAO,CAAC,MAAA,KAAK,CAAC,WAAW,mCAAI,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,CAAC,KAAK,EAAE,IAAI,CAAC,EAAE,EAAE;;wBAC5F,MAAM,cAAc,GAAG,MAAA,gBAAgB,CAAC,KAAK,CAAC,0CAAE,SAAS,CAAA;wBACzD,GAAG,CAAC,KAAK,CAAC,GAAG;4BACX,CAAC,IAAA,qBAAa,EAAC,oBAAoB,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC;4BAC9C,CAAC,MAAA,CAAC,cAAc,IAAI,IAAA,qBAAa,EAAC,cAAc,CAAC,CAAC,mCAAI,EAAE,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC;yBACnE,CAAA;wBACD,OAAO,GAAG,CAAA;oBACZ,CAAC,EAAE,EAAiE,CAAC,IAClE,CAAC,MAAA,KAAK,CAAC,eAAe,mCAAI,EAAE,CAAC,EACjC;YACH,CAAC;;gBAAM,OAAO,MAAA,KAAK,CAAC,eAAe,mCAAI,EAAE,CAAA;QAC3C,CAAC;KAAA;CACF;AA9TD,0DA8TC","sourcesContent":["import { KeyPair } from './RSA'\nimport { hex2ua, notConcurrent, ua2hex } from '../utils'\nimport { DataOwner, IccDataOwnerXApi } from '../icc-data-owner-x-api'\nimport { CryptoPrimitives } from './CryptoPrimitives'\nimport { IccDeviceApi, IccHcpartyApi, IccPatientApi } from '../../icc-api'\nimport { fingerprintV1, getShaVersionForKey } from './utils'\nimport { CryptoActorStub, CryptoActorStubWithType } from '../../icc-api/model/CryptoActorStub'\nimport { DataOwnerTypeEnum } from '../../icc-api/model/DataOwnerTypeEnum'\n\n/**\n * @internal This class is meant only for internal use and may be changed without notice.\n * Functions to create and get exchange keys.\n * The methods of this api require to pass the appropriate keys for encryption/decryption manually.\n */\nexport class BaseExchangeKeysManager {\n private readonly generateKeyConcurrencyMap: { [key: string]: PromiseLike<any> } = {}\n private readonly primitives: CryptoPrimitives\n private readonly dataOwnerApi: IccDataOwnerXApi\n private readonly hcpartyBaseApi: IccHcpartyApi\n private readonly patientBaseApi: IccPatientApi\n private readonly deviceBaseApi: IccDeviceApi\n\n constructor(\n primitives: CryptoPrimitives,\n dataOwnerApi: IccDataOwnerXApi,\n hcpartyBaseApi: IccHcpartyApi,\n patientBaseApi: IccPatientApi,\n deviceBaseApi: IccDeviceApi\n ) {\n this.primitives = primitives\n this.dataOwnerApi = dataOwnerApi\n this.hcpartyBaseApi = hcpartyBaseApi\n this.patientBaseApi = patientBaseApi\n this.deviceBaseApi = deviceBaseApi\n }\n\n /**\n * Updates the aes exchange keys between the current data owner and another data owner to allow the other data owner to access the exchange key\n * using his new public key. Note that this will make existing exchange keys from the other data owner to the current data owner invalid for\n * encryption.\n * @param otherDataOwner the other data owner.\n * @param newDataOwnerPublicKey a new public key of the other data owner.\n * @param keyPairsByFingerprint all available key pairs to use for the decryption of existing aes exchange keys.\n */\n async giveAccessBackTo(\n otherDataOwner: string,\n newDataOwnerPublicKey: string,\n keyPairsByFingerprint: { [publicKeyFingerprint: string]: KeyPair<CryptoKey> }\n ) {\n const selfId = await this.dataOwnerApi.getCurrentDataOwnerId()\n const other = await this.dataOwnerApi.getCryptoActorStub(otherDataOwner)\n const newKeyHashVersion = getShaVersionForKey(other.stub, newDataOwnerPublicKey)\n if (!newKeyHashVersion) throw new Error(`Public key not found for data owner ${otherDataOwner}`)\n const newPublicKey = await this.primitives.RSA.importKey('spki', hex2ua(newDataOwnerPublicKey), ['encrypt'], newKeyHashVersion)\n await this.extendForGiveAccessBackTo(selfId, otherDataOwner, fingerprintV1(newDataOwnerPublicKey), newPublicKey, keyPairsByFingerprint)\n await this.extendForGiveAccessBackTo(otherDataOwner, selfId, fingerprintV1(newDataOwnerPublicKey), newPublicKey, keyPairsByFingerprint)\n }\n\n /**\n * Get the encrypted exchange keys for a delegator-delegate pair.\n * @param delegatorId id of the delegator data owner.\n * @param delegateId id of the delegate data owner.\n * @return an array of exchange keys from the delegator to delegate where each key is encrypted with one or more public keys.\n */\n async getEncryptedExchangeKeysFor(delegatorId: string, delegateId: string): Promise<{ [publicKeyFingerprint: string]: string }[]> {\n const delegator = await this.dataOwnerApi.getCryptoActorStub(delegatorId)\n const res: { [publicKeyFingerprint: string]: string }[] = Object.values(delegator.stub.aesExchangeKeys ?? {}).flatMap((delegateToKey) => {\n const encryptedKeyForDelegate = delegateToKey[delegateId]\n if (encryptedKeyForDelegate) {\n return [encryptedKeyForDelegate]\n } else {\n return []\n }\n })\n const legacyDelegation = delegator.stub.hcPartyKeys?.[delegateId]?.[1]\n if (legacyDelegation) res.push({ '': legacyDelegation })\n return res\n }\n\n /**\n * Get all exchange keys where the provided data owner is involved either as the delegator or as the delegate.\n * @param dataOwnerId id of a data owner.\n * @param otherOwnerTypes only exchange keys between the current data owner and data owners of this type will be included in the result. If null considers all delegates\n * @return all exchange keys involving the provided data owner. Note that there may be an overlap between some keys to and from the data owner.\n */\n async getAllExchangeKeysWith(\n dataOwnerId: string,\n otherOwnerTypes: DataOwnerTypeEnum[] | null\n ): Promise<{\n keysToOwner: { [delegatorId: string]: { [delegatorFp: string]: { [entryFp: string]: string } } }\n keysFromOwner: { [delegatorFp: string]: { [delegateId: string]: { [entryFp: string]: string } } }\n }> {\n if (otherOwnerTypes != null && otherOwnerTypes.length === 0) throw new Error('otherOwnerTypes must not be empty!')\n const keysToOwner = await Promise.all([\n otherOwnerTypes == null || otherOwnerTypes.find((x) => x === 'hcp')\n ? this.hcpartyBaseApi.getAesExchangeKeysForDelegate(dataOwnerId).catch(() => {})\n : Promise.resolve({}),\n otherOwnerTypes == null || otherOwnerTypes.find((x) => x === 'patient')\n ? this.patientBaseApi.getPatientAesExchangeKeysForDelegate(dataOwnerId).catch(() => {})\n : Promise.resolve({}),\n otherOwnerTypes == null || otherOwnerTypes.find((x) => x === 'device')\n ? this.deviceBaseApi.getDeviceAesExchangeKeysForDelegate(dataOwnerId).catch(() => {})\n : Promise.resolve({}),\n ]).then(([a, b, c]) => ({ ...a, ...b, ...c } as { [delegatorId: string]: { [delegatorFp: string]: { [entryFp: string]: string } } }))\n const dataOwner = await this.dataOwnerApi.getCryptoActorStub(dataOwnerId)\n const allOwnerKeys = await this.combineLegacyHcpKeysWithAesExchangeKeys(dataOwner.stub, undefined, false)\n const filteredDelegates = new Set(\n await Array.from(new Set(Object.values(allOwnerKeys).flatMap((x) => Object.keys(x)))).reduce(async (acc, ownerId) => {\n const awaitedAcc = await acc\n if (ownerId === dataOwnerId || otherOwnerTypes == null) {\n return [...awaitedAcc, ownerId]\n } else {\n try {\n const dataOwnerType: DataOwnerTypeEnum = (await this.dataOwnerApi.getCryptoActorStub(ownerId)).type\n if (otherOwnerTypes.some((x) => x === dataOwnerType)) {\n return [...awaitedAcc, ownerId]\n } else return awaitedAcc\n } catch (_) {\n return awaitedAcc\n }\n }\n }, Promise.resolve([] as string[]))\n )\n const keysFromOwner = Object.fromEntries(\n Object.entries(allOwnerKeys)\n .map(([delegatorPubKey, delegateToKeys]) => [\n delegatorPubKey,\n Object.fromEntries(\n Object.entries(delegateToKeys).filter(([delegateId]) => filteredDelegates.has(delegateId)) as [string, { [k: string]: string }][]\n ),\n ])\n .filter(([, x]) => Object.keys(x).length > 0) as [string, { [k: string]: { [k: string]: string } }][]\n )\n return { keysToOwner, keysFromOwner }\n }\n\n /**\n * Attempts to decrypt many exchange keys using any of the provided key pairs.\n * @param encryptedExchangeKeys an array of exchange keys where each key is encrypted with one or more public keys.\n * @param keyPairsByFingerprint rsa key pairs to use for decryption.\n * @return an array all successfully decrypted exchange keys and an array containing all exchange keys which could not be decrypted.\n */\n async tryDecryptExchangeKeys(\n encryptedExchangeKeys: { [publicKeyFingerprint: string]: string }[],\n keyPairsByFingerprint: { [publicKeyFingerprint: string]: KeyPair<CryptoKey> }\n ): Promise<{\n successfulDecryptions: CryptoKey[]\n failedDecryptions: { [publicKeyFingerprint: string]: string }[]\n }> {\n const raws = new Set<string>()\n const res: {\n successfulDecryptions: CryptoKey[]\n failedDecryptions: { [publicKeyFingerprint: string]: string }[]\n } = { successfulDecryptions: [], failedDecryptions: [] }\n for (const encryptedExchangeKey of encryptedExchangeKeys) {\n const decrypted = await this.tryDecryptExchangeKey(encryptedExchangeKey, keyPairsByFingerprint)\n if (decrypted !== undefined && !raws.has(decrypted.raw)) {\n raws.add(decrypted.raw)\n res.successfulDecryptions.push(decrypted.key)\n } else {\n res.failedDecryptions.push(encryptedExchangeKey)\n }\n }\n return res\n }\n\n private async extendForGiveAccessBackTo(\n delegatorId: string,\n delegateId: string,\n newPublicKeyFp: string,\n newPublicKey: CryptoKey,\n decryptionKeyPairsByFingerprint: { [publicKeyFingerprint: string]: KeyPair<CryptoKey> }\n ) {\n await notConcurrent(this.generateKeyConcurrencyMap, delegatorId, async () => {\n const delegator = await this.dataOwnerApi.getCryptoActorStub(delegatorId)\n const delegate = await this.dataOwnerApi.getCryptoActorStub(delegateId)\n let didUpdateSomeKey = false\n const combinedKeys = await this.combineLegacyHcpKeysWithAesExchangeKeys(delegator.stub, delegate.stub, true)\n const updatedExchangeKeys: { [delegatorKey: string]: { [delegateId: string]: { [keyFp: string]: string } } } = {}\n const newEncryptionKeys = { [newPublicKeyFp]: newPublicKey }\n for (const [currDelegatorKey, currDelegatesToKeys] of Object.entries(combinedKeys)) {\n const updatedDelegatesToKeys: { [delegateId: string]: { [keyFp: string]: string } } = {}\n for (const [currDelegateId, currEncryptedKey] of Object.entries(currDelegatesToKeys)) {\n if (delegateId !== currDelegateId || newPublicKeyFp in currEncryptedKey) {\n updatedDelegatesToKeys[currDelegateId] = currEncryptedKey\n } else {\n const decrypted = await this.tryDecryptExchangeKey(currEncryptedKey, decryptionKeyPairsByFingerprint)\n if (decrypted) {\n didUpdateSomeKey = true\n updatedDelegatesToKeys[currDelegateId] = {\n ...currEncryptedKey,\n ...(await this.encryptExchangeKey(decrypted, newEncryptionKeys)).encryptedExchangeKey,\n }\n } else {\n updatedDelegatesToKeys[currDelegateId] = currEncryptedKey\n }\n }\n }\n updatedExchangeKeys[currDelegatorKey] = updatedDelegatesToKeys\n }\n if (didUpdateSomeKey) {\n await this.dataOwnerApi.modifyCryptoActorStub({\n type: delegator.type,\n stub: {\n ...delegator.stub,\n aesExchangeKeys: updatedExchangeKeys,\n },\n })\n }\n })\n }\n\n /**\n * Attempts to decrypt an exchange key using any of the provided key pairs.\n * @param encryptedExchangeKey an encrypted exchange key, in the form publicKeyXyzFingerprint -> hex(exchangeKeyEncryptedByPrivateKeyXyz).\n * @param keyPairsByFingerprint rsa key pairs to use for decryption.\n * @return the decrypted exchange key, in raw and key format (to allow deduplication), or undefined if the key could not be decrypted using the\n * provided keys.\n */\n private async tryDecryptExchangeKey(\n encryptedExchangeKey: { [publicKeyFingerprint: string]: string },\n keyPairsByFingerprint: { [publicKeyFingerprint: string]: KeyPair<CryptoKey> }\n ): Promise<{ raw: string; key: CryptoKey } | undefined> {\n for (const [entryKey, encrypted] of Object.entries(encryptedExchangeKey)) {\n // Due to bugs in past version the entry may actually contain the full public key instead of just the fingerprint.\n const fp = fingerprintV1(entryKey)\n const keyPair = keyPairsByFingerprint[fp]\n if (keyPair !== undefined) {\n const res = await this.tryDecryptExchangeKeyWith(encrypted, keyPair, fp)\n if (res !== undefined) return res\n }\n }\n const defaultEncryptedKey = encryptedExchangeKey['']\n if (defaultEncryptedKey !== undefined) {\n for (const keyPair of Object.values(keyPairsByFingerprint)) {\n // disable error logging, we are not sure keyPair is the correct key\n const res = await this.tryDecryptExchangeKeyWith(defaultEncryptedKey, keyPair, undefined)\n if (res !== undefined) return res\n }\n }\n return undefined\n }\n\n /**\n * Creates an encrypted exchange key for the provided public keys.\n * @param exchangeKey the exchange key in raw and imported format. If undefined a new key will be automatically created.\n * @param publicKeys additional public keys that will have access to the exchange key in spki format, hex-encoded.\n * @return the exchangeKey and an object with the exchange key encrypted with each of the provided public keys, hex-encoded, by fingerprint.\n */\n private async encryptExchangeKey(\n exchangeKey: { raw: string; key: CryptoKey } | undefined,\n publicKeys: { [keyFingerprint: string]: CryptoKey }\n ): Promise<{\n exchangeKey: CryptoKey\n encryptedExchangeKey: { [pubKeyFp: string]: string }\n }> {\n const exchangeKeyCrypto = exchangeKey?.key ?? (await this.primitives.AES.generateCryptoKey(false))\n const exchangeKeyBytes = exchangeKey !== undefined ? hex2ua(exchangeKey.raw) : await this.primitives.AES.exportKey(exchangeKeyCrypto, 'raw')\n const encryptedExchangeKey = await Object.entries(publicKeys).reduce(\n async (acc, [currKeyFp, currKey]) => ({\n ...(await acc),\n [currKeyFp]: ua2hex(await this.primitives.RSA.encrypt(currKey, new Uint8Array(exchangeKeyBytes))),\n }),\n Promise.resolve({} as { [pubKeyFp: string]: string })\n )\n return { exchangeKey: exchangeKeyCrypto, encryptedExchangeKey }\n }\n\n /**\n * Attempts to decrypt an exchange key using the provided key pairs.\n * If you are confident that the provided {@link keyPair} was used to encrypt {@link encryptedByOneKey} you should also provide {@link keyPairFp},\n * so that if the decryption fail an error will be logged to console before returning undefined.\n * @param encryptedByOneKey an exchange key which may be encrypted with {@link keyPair}.\n * @param keyPair an rsa key pair.\n * @param keyPairFp the fingerprint of the provided key pair or undefined to disable logging of error if the decryption failed.\n * @return the decrypted exchange key, in raw and key format (to allow deduplication), or undefined if the key could not be decrypted using the\n * provided key.\n */\n private async tryDecryptExchangeKeyWith(\n encryptedByOneKey: string,\n keyPair: KeyPair<CryptoKey>,\n keyPairFp: string | undefined // if undefined will not log errors, when we are not sure the key to be used is the provided key.\n ): Promise<{ raw: string; key: CryptoKey } | undefined> {\n try {\n const decrypted = await this.primitives.RSA.decrypt(keyPair.privateKey, hex2ua(encryptedByOneKey))\n return { raw: ua2hex(decrypted), key: await this.primitives.AES.importKey('raw', decrypted) }\n } catch (e) {\n if (keyPairFp) {\n console.error(`Failed to decrypt or import exchange key ${encryptedByOneKey} using key with fingerprint ${keyPairFp}.`, e)\n }\n }\n }\n // Copy all legacy hcp exchange keys into the new aes exchange keys\n private async combineLegacyHcpKeysWithAesExchangeKeys(\n owner: CryptoActorStub,\n delegate: CryptoActorStub | undefined,\n fillDelegateLegacyKey: boolean\n ): Promise<{ [ownerPublicKey: string]: { [delegateId: string]: { [fingerprint: string]: string } } }> {\n const ownerLegacyPublicKey = owner.publicKey\n if (ownerLegacyPublicKey != undefined && !(owner.aesExchangeKeys ?? {})[ownerLegacyPublicKey]) {\n /*\n * This condition would technically prevent new updates to the hcPartyKeys to be migrated to the aes exchange keys, but since I can only update\n * data for self data owner and parent entities this is not an issue, because I will always be using the new api from now on and I won't have\n * a situation where the legacy keys are updated but the aes exchange keys are not.\n */\n const counterPartsById: { [id: string]: CryptoActorStub } = {}\n if (fillDelegateLegacyKey) {\n counterPartsById[owner.id!] = owner\n if (delegate) {\n counterPartsById[delegate.id!] = delegate\n }\n for (const other of Object.keys(owner.hcPartyKeys ?? {}).filter((x) => x !== owner.id && x !== delegate?.id)) {\n try {\n counterPartsById[other] = (await this.dataOwnerApi.getCryptoActorStub(other)).stub\n } catch {\n // ignore\n }\n }\n }\n return {\n [ownerLegacyPublicKey]: Object.entries(owner.hcPartyKeys ?? {}).reduce((acc, [hcpId, keys]) => {\n const counterpartKey = counterPartsById[hcpId]?.publicKey\n acc[hcpId] = {\n [fingerprintV1(ownerLegacyPublicKey)]: keys[0],\n [(counterpartKey && fingerprintV1(counterpartKey)) ?? '']: keys[1],\n }\n return acc\n }, {} as { [delegateId: string]: { [fingerprint: string]: string } }),\n ...(owner.aesExchangeKeys ?? {}),\n }\n } else return owner.aesExchangeKeys ?? {}\n }\n}\n"]}
1
+ {"version":3,"file":"BaseExchangeKeysManager.js","sourceRoot":"","sources":["../../../icc-x-api/crypto/BaseExchangeKeysManager.ts"],"names":[],"mappings":";;;;;;;;;;;;AACA,oCAA+D;AAI/D,mCAA4D;AAI5D;;;;GAIG;AACH,MAAa,uBAAuB;IAQlC,YACE,UAA4B,EAC5B,YAA8B,EAC9B,cAA6B,EAC7B,cAA6B,EAC7B,aAA2B;QAZZ,8BAAyB,GAAwC,EAAE,CAAA;QAclF,IAAI,CAAC,UAAU,GAAG,UAAU,CAAA;QAC5B,IAAI,CAAC,YAAY,GAAG,YAAY,CAAA;QAChC,IAAI,CAAC,cAAc,GAAG,cAAc,CAAA;QACpC,IAAI,CAAC,cAAc,GAAG,cAAc,CAAA;QACpC,IAAI,CAAC,aAAa,GAAG,aAAa,CAAA;IACpC,CAAC;IAED;;;;;;;OAOG;IACG,gBAAgB,CACpB,cAAsB,EACtB,qBAA6B,EAC7B,qBAA6E;;YAE7E,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,qBAAqB,EAAE,CAAA;YAC9D,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,kBAAkB,CAAC,cAAc,CAAC,CAAA;YACxE,MAAM,iBAAiB,GAAG,IAAA,2BAAmB,EAAC,KAAK,CAAC,IAAI,EAAE,qBAAqB,CAAC,CAAA;YAChF,IAAI,CAAC,iBAAiB;gBAAE,MAAM,IAAI,KAAK,CAAC,uCAAuC,cAAc,EAAE,CAAC,CAAA;YAChG,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,SAAS,CAAC,MAAM,EAAE,IAAA,aAAK,EAAC,IAAA,cAAM,EAAC,qBAAqB,CAAC,CAAC,EAAE,CAAC,SAAS,CAAC,EAAE,iBAAiB,CAAC,CAAA;YACtI,MAAM,IAAI,CAAC,yBAAyB,CAAC,MAAM,EAAE,cAAc,EAAE,IAAA,qBAAa,EAAC,qBAAqB,CAAC,EAAE,YAAY,EAAE,qBAAqB,CAAC,CAAA;YACvI,MAAM,IAAI,CAAC,yBAAyB,CAAC,cAAc,EAAE,MAAM,EAAE,IAAA,qBAAa,EAAC,qBAAqB,CAAC,EAAE,YAAY,EAAE,qBAAqB,CAAC,CAAA;QACzI,CAAC;KAAA;IAED;;;;;OAKG;IACG,2BAA2B,CAAC,WAAmB,EAAE,UAAkB;;;YACvE,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,kBAAkB,CAAC,WAAW,CAAC,CAAA;YACzE,MAAM,GAAG,GAAiD,MAAM,CAAC,MAAM,CAAC,MAAA,SAAS,CAAC,IAAI,CAAC,eAAe,mCAAI,EAAE,CAAC,CAAC,OAAO,CAAC,CAAC,aAAa,EAAE,EAAE;gBACtI,MAAM,uBAAuB,GAAG,aAAa,CAAC,UAAU,CAAC,CAAA;gBACzD,IAAI,uBAAuB,EAAE,CAAC;oBAC5B,OAAO,CAAC,uBAAuB,CAAC,CAAA;gBAClC,CAAC;qBAAM,CAAC;oBACN,OAAO,EAAE,CAAA;gBACX,CAAC;YACH,CAAC,CAAC,CAAA;YACF,MAAM,gBAAgB,GAAG,MAAA,MAAA,SAAS,CAAC,IAAI,CAAC,WAAW,0CAAG,UAAU,CAAC,0CAAG,CAAC,CAAC,CAAA;YACtE,IAAI,gBAAgB;gBAAE,GAAG,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,gBAAgB,EAAE,CAAC,CAAA;YACxD,OAAO,GAAG,CAAA;QACZ,CAAC;KAAA;IAED;;;;;OAKG;IACG,sBAAsB,CAC1B,WAAmB,EACnB,eAA2C;;YAK3C,IAAI,eAAe,IAAI,IAAI,IAAI,eAAe,CAAC,MAAM,KAAK,CAAC;gBAAE,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAA;YAClH,MAAM,WAAW,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC;gBACpC,eAAe,IAAI,IAAI,IAAI,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,KAAK,CAAC;oBACjE,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,6BAA6B,CAAC,WAAW,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC;oBAChF,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;gBACvB,eAAe,IAAI,IAAI,IAAI,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,SAAS,CAAC;oBACrE,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,oCAAoC,CAAC,WAAW,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC;oBACvF,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;gBACvB,eAAe,IAAI,IAAI,IAAI,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,QAAQ,CAAC;oBACpE,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,mCAAmC,CAAC,WAAW,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC;oBACrF,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;aACxB,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,8CAAK,CAAC,GAAK,CAAC,GAAK,CAAC,CAA0F,CAAA,CAAC,CAAA;YACrI,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,kBAAkB,CAAC,WAAW,CAAC,CAAA;YACzE,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,uCAAuC,CAAC,SAAS,CAAC,IAAI,EAAE,SAAS,EAAE,KAAK,CAAC,CAAA;YACzG,MAAM,iBAAiB,GAAG,IAAI,GAAG,CAC/B,MAAM,KAAK,CAAC,IAAI,CAAC,IAAI,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAO,GAAG,EAAE,OAAO,EAAE,EAAE;gBAClH,MAAM,UAAU,GAAG,MAAM,GAAG,CAAA;gBAC5B,IAAI,OAAO,KAAK,WAAW,IAAI,eAAe,IAAI,IAAI,EAAE,CAAC;oBACvD,OAAO,CAAC,GAAG,UAAU,EAAE,OAAO,CAAC,CAAA;gBACjC,CAAC;qBAAM,CAAC;oBACN,IAAI,CAAC;wBACH,MAAM,aAAa,GAAsB,CAAC,MAAM,IAAI,CAAC,YAAY,CAAC,kBAAkB,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAA;wBACnG,IAAI,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,aAAa,CAAC,EAAE,CAAC;4BACrD,OAAO,CAAC,GAAG,UAAU,EAAE,OAAO,CAAC,CAAA;wBACjC,CAAC;;4BAAM,OAAO,UAAU,CAAA;oBAC1B,CAAC;oBAAC,OAAO,CAAC,EAAE,CAAC;wBACX,OAAO,UAAU,CAAA;oBACnB,CAAC;gBACH,CAAC;YACH,CAAC,CAAA,EAAE,OAAO,CAAC,OAAO,CAAC,EAAc,CAAC,CAAC,CACpC,CAAA;YACD,MAAM,aAAa,GAAG,MAAM,CAAC,WAAW,CACtC,MAAM,CAAC,OAAO,CAAC,YAAY,CAAC;iBACzB,GAAG,CAAC,CAAC,CAAC,eAAe,EAAE,cAAc,CAAC,EAAE,EAAE,CAAC;gBAC1C,eAAe;gBACf,MAAM,CAAC,WAAW,CAChB,MAAM,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,UAAU,CAAC,EAAE,EAAE,CAAC,iBAAiB,CAAC,GAAG,CAAC,UAAU,CAAC,CAAwC,CAClI;aACF,CAAC;iBACD,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAyD,CACxG,CAAA;YACD,OAAO,EAAE,WAAW,EAAE,aAAa,EAAE,CAAA;QACvC,CAAC;KAAA;IAED;;;;;OAKG;IACG,sBAAsB,CAC1B,qBAAmE,EACnE,qBAA6E;;YAK7E,MAAM,IAAI,GAAG,IAAI,GAAG,EAAU,CAAA;YAC9B,MAAM,GAAG,GAGL,EAAE,qBAAqB,EAAE,EAAE,EAAE,iBAAiB,EAAE,EAAE,EAAE,CAAA;YACxD,KAAK,MAAM,oBAAoB,IAAI,qBAAqB,EAAE,CAAC;gBACzD,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,qBAAqB,CAAC,oBAAoB,EAAE,qBAAqB,CAAC,CAAA;gBAC/F,IAAI,SAAS,KAAK,SAAS,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,EAAE,CAAC;oBACxD,IAAI,CAAC,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAA;oBACvB,GAAG,CAAC,qBAAqB,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAA;gBAC/C,CAAC;qBAAM,CAAC;oBACN,GAAG,CAAC,iBAAiB,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAA;gBAClD,CAAC;YACH,CAAC;YACD,OAAO,GAAG,CAAA;QACZ,CAAC;KAAA;IAEa,yBAAyB,CACrC,WAAmB,EACnB,UAAkB,EAClB,cAAsB,EACtB,YAAuB,EACvB,+BAAuF;;YAEvF,MAAM,IAAA,qBAAa,EAAC,IAAI,CAAC,yBAAyB,EAAE,WAAW,EAAE,GAAS,EAAE;gBAC1E,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,kBAAkB,CAAC,WAAW,CAAC,CAAA;gBACzE,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,kBAAkB,CAAC,UAAU,CAAC,CAAA;gBACvE,IAAI,gBAAgB,GAAG,KAAK,CAAA;gBAC5B,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,uCAAuC,CAAC,SAAS,CAAC,IAAI,EAAE,QAAQ,CAAC,IAAI,EAAE,IAAI,CAAC,CAAA;gBAC5G,MAAM,mBAAmB,GAAsF,EAAE,CAAA;gBACjH,MAAM,iBAAiB,GAAG,EAAE,CAAC,cAAc,CAAC,EAAE,YAAY,EAAE,CAAA;gBAC5D,KAAK,MAAM,CAAC,gBAAgB,EAAE,mBAAmB,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,YAAY,CAAC,EAAE,CAAC;oBACnF,MAAM,sBAAsB,GAA0D,EAAE,CAAA;oBACxF,KAAK,MAAM,CAAC,cAAc,EAAE,gBAAgB,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,mBAAmB,CAAC,EAAE,CAAC;wBACrF,IAAI,UAAU,KAAK,cAAc,IAAI,cAAc,IAAI,gBAAgB,EAAE,CAAC;4BACxE,sBAAsB,CAAC,cAAc,CAAC,GAAG,gBAAgB,CAAA;wBAC3D,CAAC;6BAAM,CAAC;4BACN,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,qBAAqB,CAAC,gBAAgB,EAAE,+BAA+B,CAAC,CAAA;4BACrG,IAAI,SAAS,EAAE,CAAC;gCACd,gBAAgB,GAAG,IAAI,CAAA;gCACvB,sBAAsB,CAAC,cAAc,CAAC,mCACjC,gBAAgB,GAChB,CAAC,MAAM,IAAI,CAAC,kBAAkB,CAAC,SAAS,EAAE,iBAAiB,CAAC,CAAC,CAAC,oBAAoB,CACtF,CAAA;4BACH,CAAC;iCAAM,CAAC;gCACN,sBAAsB,CAAC,cAAc,CAAC,GAAG,gBAAgB,CAAA;4BAC3D,CAAC;wBACH,CAAC;oBACH,CAAC;oBACD,mBAAmB,CAAC,gBAAgB,CAAC,GAAG,sBAAsB,CAAA;gBAChE,CAAC;gBACD,IAAI,gBAAgB,EAAE,CAAC;oBACrB,MAAM,IAAI,CAAC,YAAY,CAAC,qBAAqB,CAAC;wBAC5C,IAAI,EAAE,SAAS,CAAC,IAAI;wBACpB,IAAI,kCACC,SAAS,CAAC,IAAI,KACjB,eAAe,EAAE,mBAAmB,GACrC;qBACF,CAAC,CAAA;gBACJ,CAAC;YACH,CAAC,CAAA,CAAC,CAAA;QACJ,CAAC;KAAA;IAED;;;;;;OAMG;IACW,qBAAqB,CACjC,oBAAgE,EAChE,qBAA6E;;YAE7E,KAAK,MAAM,CAAC,QAAQ,EAAE,SAAS,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,oBAAoB,CAAC,EAAE,CAAC;gBACzE,kHAAkH;gBAClH,MAAM,EAAE,GAAG,IAAA,qBAAa,EAAC,QAAQ,CAAC,CAAA;gBAClC,MAAM,OAAO,GAAG,qBAAqB,CAAC,EAAE,CAAC,CAAA;gBACzC,IAAI,OAAO,KAAK,SAAS,EAAE,CAAC;oBAC1B,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,yBAAyB,CAAC,SAAS,EAAE,OAAO,EAAE,EAAE,CAAC,CAAA;oBACxE,IAAI,GAAG,KAAK,SAAS;wBAAE,OAAO,GAAG,CAAA;gBACnC,CAAC;YACH,CAAC;YACD,MAAM,mBAAmB,GAAG,oBAAoB,CAAC,EAAE,CAAC,CAAA;YACpD,IAAI,mBAAmB,KAAK,SAAS,EAAE,CAAC;gBACtC,KAAK,MAAM,OAAO,IAAI,MAAM,CAAC,MAAM,CAAC,qBAAqB,CAAC,EAAE,CAAC;oBAC3D,oEAAoE;oBACpE,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,yBAAyB,CAAC,mBAAmB,EAAE,OAAO,EAAE,SAAS,CAAC,CAAA;oBACzF,IAAI,GAAG,KAAK,SAAS;wBAAE,OAAO,GAAG,CAAA;gBACnC,CAAC;YACH,CAAC;YACD,OAAO,SAAS,CAAA;QAClB,CAAC;KAAA;IAED;;;;;OAKG;IACW,kBAAkB,CAC9B,WAAwD,EACxD,UAAmD;;;YAKnD,MAAM,iBAAiB,GAAG,MAAA,WAAW,aAAX,WAAW,uBAAX,WAAW,CAAE,GAAG,mCAAI,CAAC,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,iBAAiB,CAAC,KAAK,CAAC,CAAC,CAAA;YAClG,MAAM,gBAAgB,GAAG,WAAW,KAAK,SAAS,CAAC,CAAC,CAAC,IAAA,cAAM,EAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,SAAS,CAAC,iBAAiB,EAAE,KAAK,CAAC,CAAA;YAC5I,MAAM,oBAAoB,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,MAAM,CAClE,YAAkC,EAAE,iDAA7B,GAAG,EAAE,CAAC,SAAS,EAAE,OAAO,CAAC;gBAAK,OAAA,iCAChC,CAAC,MAAM,GAAG,CAAC,KACd,CAAC,SAAS,CAAC,EAAE,IAAA,cAAM,EAAC,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,OAAO,EAAE,IAAI,UAAU,CAAC,gBAAgB,CAAC,CAAC,CAAC,IACjG,CAAA;cAAA,EACF,OAAO,CAAC,OAAO,CAAC,EAAoC,CAAC,CACtD,CAAA;YACD,OAAO,EAAE,WAAW,EAAE,iBAAiB,EAAE,oBAAoB,EAAE,CAAA;QACjE,CAAC;KAAA;IAED;;;;;;;;;OASG;IACW,yBAAyB,CACrC,iBAAyB,EACzB,OAA2B,EAC3B,SAA6B,CAAC,iGAAiG;;;YAE/H,IAAI,CAAC;gBACH,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,OAAO,CAAC,UAAU,EAAE,IAAA,cAAM,EAAC,iBAAiB,CAAC,CAAC,CAAA;gBAClG,OAAO,EAAE,GAAG,EAAE,IAAA,cAAM,EAAC,SAAS,CAAC,EAAE,GAAG,EAAE,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,SAAS,CAAC,KAAK,EAAE,SAAS,CAAC,EAAE,CAAA;YAC/F,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC;gBACX,IAAI,SAAS,EAAE,CAAC;oBACd,OAAO,CAAC,KAAK,CAAC,4CAA4C,iBAAiB,+BAA+B,SAAS,GAAG,EAAE,CAAC,CAAC,CAAA;gBAC5H,CAAC;YACH,CAAC;QACH,CAAC;KAAA;IACD,mEAAmE;IACrD,uCAAuC,CACnD,KAAsB,EACtB,QAAqC,EACrC,qBAA8B;;;YAE9B,MAAM,oBAAoB,GAAG,KAAK,CAAC,SAAS,CAAA;YAC5C,IAAI,oBAAoB,IAAI,SAAS,IAAI,CAAC,CAAC,MAAA,KAAK,CAAC,eAAe,mCAAI,EAAE,CAAC,CAAC,oBAAoB,CAAC,EAAE,CAAC;gBAC9F;;;;mBAIG;gBACH,MAAM,gBAAgB,GAAsC,EAAE,CAAA;gBAC9D,IAAI,qBAAqB,EAAE,CAAC;oBAC1B,gBAAgB,CAAC,KAAK,CAAC,EAAG,CAAC,GAAG,KAAK,CAAA;oBACnC,IAAI,QAAQ,EAAE,CAAC;wBACb,gBAAgB,CAAC,QAAQ,CAAC,EAAG,CAAC,GAAG,QAAQ,CAAA;oBAC3C,CAAC;oBACD,KAAK,MAAM,KAAK,IAAI,MAAM,CAAC,IAAI,CAAC,MAAA,KAAK,CAAC,WAAW,mCAAI,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,KAAK,CAAC,EAAE,IAAI,CAAC,MAAK,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,EAAE,CAAA,CAAC,EAAE,CAAC;wBAC7G,IAAI,CAAC;4BACH,gBAAgB,CAAC,KAAK,CAAC,GAAG,CAAC,MAAM,IAAI,CAAC,YAAY,CAAC,kBAAkB,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAA;wBACpF,CAAC;wBAAC,WAAM,CAAC;4BACP,SAAS;wBACX,CAAC;oBACH,CAAC;gBACH,CAAC;gBACD,uBACE,CAAC,oBAAoB,CAAC,EAAE,MAAM,CAAC,OAAO,CAAC,MAAA,KAAK,CAAC,WAAW,mCAAI,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,CAAC,KAAK,EAAE,IAAI,CAAC,EAAE,EAAE;;wBAC5F,MAAM,cAAc,GAAG,MAAA,gBAAgB,CAAC,KAAK,CAAC,0CAAE,SAAS,CAAA;wBACzD,GAAG,CAAC,KAAK,CAAC,GAAG;4BACX,CAAC,IAAA,qBAAa,EAAC,oBAAoB,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC;4BAC9C,CAAC,MAAA,CAAC,cAAc,IAAI,IAAA,qBAAa,EAAC,cAAc,CAAC,CAAC,mCAAI,EAAE,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC;yBACnE,CAAA;wBACD,OAAO,GAAG,CAAA;oBACZ,CAAC,EAAE,EAAiE,CAAC,IAClE,CAAC,MAAA,KAAK,CAAC,eAAe,mCAAI,EAAE,CAAC,EACjC;YACH,CAAC;;gBAAM,OAAO,MAAA,KAAK,CAAC,eAAe,mCAAI,EAAE,CAAA;QAC3C,CAAC;KAAA;CACF;AA9TD,0DA8TC","sourcesContent":["import { KeyPair } from './RSA'\nimport { hex2ua, notConcurrent, ua2ab, ua2hex } from '../utils'\nimport { DataOwner, IccDataOwnerXApi } from '../icc-data-owner-x-api'\nimport { CryptoPrimitives } from './CryptoPrimitives'\nimport { IccDeviceApi, IccHcpartyApi, IccPatientApi } from '../../icc-api'\nimport { fingerprintV1, getShaVersionForKey } from './utils'\nimport { CryptoActorStub, CryptoActorStubWithType } from '../../icc-api/model/CryptoActorStub'\nimport { DataOwnerTypeEnum } from '../../icc-api/model/DataOwnerTypeEnum'\n\n/**\n * @internal This class is meant only for internal use and may be changed without notice.\n * Functions to create and get exchange keys.\n * The methods of this api require to pass the appropriate keys for encryption/decryption manually.\n */\nexport class BaseExchangeKeysManager {\n private readonly generateKeyConcurrencyMap: { [key: string]: PromiseLike<any> } = {}\n private readonly primitives: CryptoPrimitives\n private readonly dataOwnerApi: IccDataOwnerXApi\n private readonly hcpartyBaseApi: IccHcpartyApi\n private readonly patientBaseApi: IccPatientApi\n private readonly deviceBaseApi: IccDeviceApi\n\n constructor(\n primitives: CryptoPrimitives,\n dataOwnerApi: IccDataOwnerXApi,\n hcpartyBaseApi: IccHcpartyApi,\n patientBaseApi: IccPatientApi,\n deviceBaseApi: IccDeviceApi\n ) {\n this.primitives = primitives\n this.dataOwnerApi = dataOwnerApi\n this.hcpartyBaseApi = hcpartyBaseApi\n this.patientBaseApi = patientBaseApi\n this.deviceBaseApi = deviceBaseApi\n }\n\n /**\n * Updates the aes exchange keys between the current data owner and another data owner to allow the other data owner to access the exchange key\n * using his new public key. Note that this will make existing exchange keys from the other data owner to the current data owner invalid for\n * encryption.\n * @param otherDataOwner the other data owner.\n * @param newDataOwnerPublicKey a new public key of the other data owner.\n * @param keyPairsByFingerprint all available key pairs to use for the decryption of existing aes exchange keys.\n */\n async giveAccessBackTo(\n otherDataOwner: string,\n newDataOwnerPublicKey: string,\n keyPairsByFingerprint: { [publicKeyFingerprint: string]: KeyPair<CryptoKey> }\n ) {\n const selfId = await this.dataOwnerApi.getCurrentDataOwnerId()\n const other = await this.dataOwnerApi.getCryptoActorStub(otherDataOwner)\n const newKeyHashVersion = getShaVersionForKey(other.stub, newDataOwnerPublicKey)\n if (!newKeyHashVersion) throw new Error(`Public key not found for data owner ${otherDataOwner}`)\n const newPublicKey = await this.primitives.RSA.importKey('spki', ua2ab(hex2ua(newDataOwnerPublicKey)), ['encrypt'], newKeyHashVersion)\n await this.extendForGiveAccessBackTo(selfId, otherDataOwner, fingerprintV1(newDataOwnerPublicKey), newPublicKey, keyPairsByFingerprint)\n await this.extendForGiveAccessBackTo(otherDataOwner, selfId, fingerprintV1(newDataOwnerPublicKey), newPublicKey, keyPairsByFingerprint)\n }\n\n /**\n * Get the encrypted exchange keys for a delegator-delegate pair.\n * @param delegatorId id of the delegator data owner.\n * @param delegateId id of the delegate data owner.\n * @return an array of exchange keys from the delegator to delegate where each key is encrypted with one or more public keys.\n */\n async getEncryptedExchangeKeysFor(delegatorId: string, delegateId: string): Promise<{ [publicKeyFingerprint: string]: string }[]> {\n const delegator = await this.dataOwnerApi.getCryptoActorStub(delegatorId)\n const res: { [publicKeyFingerprint: string]: string }[] = Object.values(delegator.stub.aesExchangeKeys ?? {}).flatMap((delegateToKey) => {\n const encryptedKeyForDelegate = delegateToKey[delegateId]\n if (encryptedKeyForDelegate) {\n return [encryptedKeyForDelegate]\n } else {\n return []\n }\n })\n const legacyDelegation = delegator.stub.hcPartyKeys?.[delegateId]?.[1]\n if (legacyDelegation) res.push({ '': legacyDelegation })\n return res\n }\n\n /**\n * Get all exchange keys where the provided data owner is involved either as the delegator or as the delegate.\n * @param dataOwnerId id of a data owner.\n * @param otherOwnerTypes only exchange keys between the current data owner and data owners of this type will be included in the result. If null considers all delegates\n * @return all exchange keys involving the provided data owner. Note that there may be an overlap between some keys to and from the data owner.\n */\n async getAllExchangeKeysWith(\n dataOwnerId: string,\n otherOwnerTypes: DataOwnerTypeEnum[] | null\n ): Promise<{\n keysToOwner: { [delegatorId: string]: { [delegatorFp: string]: { [entryFp: string]: string } } }\n keysFromOwner: { [delegatorFp: string]: { [delegateId: string]: { [entryFp: string]: string } } }\n }> {\n if (otherOwnerTypes != null && otherOwnerTypes.length === 0) throw new Error('otherOwnerTypes must not be empty!')\n const keysToOwner = await Promise.all([\n otherOwnerTypes == null || otherOwnerTypes.find((x) => x === 'hcp')\n ? this.hcpartyBaseApi.getAesExchangeKeysForDelegate(dataOwnerId).catch(() => {})\n : Promise.resolve({}),\n otherOwnerTypes == null || otherOwnerTypes.find((x) => x === 'patient')\n ? this.patientBaseApi.getPatientAesExchangeKeysForDelegate(dataOwnerId).catch(() => {})\n : Promise.resolve({}),\n otherOwnerTypes == null || otherOwnerTypes.find((x) => x === 'device')\n ? this.deviceBaseApi.getDeviceAesExchangeKeysForDelegate(dataOwnerId).catch(() => {})\n : Promise.resolve({}),\n ]).then(([a, b, c]) => ({ ...a, ...b, ...c } as { [delegatorId: string]: { [delegatorFp: string]: { [entryFp: string]: string } } }))\n const dataOwner = await this.dataOwnerApi.getCryptoActorStub(dataOwnerId)\n const allOwnerKeys = await this.combineLegacyHcpKeysWithAesExchangeKeys(dataOwner.stub, undefined, false)\n const filteredDelegates = new Set(\n await Array.from(new Set(Object.values(allOwnerKeys).flatMap((x) => Object.keys(x)))).reduce(async (acc, ownerId) => {\n const awaitedAcc = await acc\n if (ownerId === dataOwnerId || otherOwnerTypes == null) {\n return [...awaitedAcc, ownerId]\n } else {\n try {\n const dataOwnerType: DataOwnerTypeEnum = (await this.dataOwnerApi.getCryptoActorStub(ownerId)).type\n if (otherOwnerTypes.some((x) => x === dataOwnerType)) {\n return [...awaitedAcc, ownerId]\n } else return awaitedAcc\n } catch (_) {\n return awaitedAcc\n }\n }\n }, Promise.resolve([] as string[]))\n )\n const keysFromOwner = Object.fromEntries(\n Object.entries(allOwnerKeys)\n .map(([delegatorPubKey, delegateToKeys]) => [\n delegatorPubKey,\n Object.fromEntries(\n Object.entries(delegateToKeys).filter(([delegateId]) => filteredDelegates.has(delegateId)) as [string, { [k: string]: string }][]\n ),\n ])\n .filter(([, x]) => Object.keys(x).length > 0) as [string, { [k: string]: { [k: string]: string } }][]\n )\n return { keysToOwner, keysFromOwner }\n }\n\n /**\n * Attempts to decrypt many exchange keys using any of the provided key pairs.\n * @param encryptedExchangeKeys an array of exchange keys where each key is encrypted with one or more public keys.\n * @param keyPairsByFingerprint rsa key pairs to use for decryption.\n * @return an array all successfully decrypted exchange keys and an array containing all exchange keys which could not be decrypted.\n */\n async tryDecryptExchangeKeys(\n encryptedExchangeKeys: { [publicKeyFingerprint: string]: string }[],\n keyPairsByFingerprint: { [publicKeyFingerprint: string]: KeyPair<CryptoKey> }\n ): Promise<{\n successfulDecryptions: CryptoKey[]\n failedDecryptions: { [publicKeyFingerprint: string]: string }[]\n }> {\n const raws = new Set<string>()\n const res: {\n successfulDecryptions: CryptoKey[]\n failedDecryptions: { [publicKeyFingerprint: string]: string }[]\n } = { successfulDecryptions: [], failedDecryptions: [] }\n for (const encryptedExchangeKey of encryptedExchangeKeys) {\n const decrypted = await this.tryDecryptExchangeKey(encryptedExchangeKey, keyPairsByFingerprint)\n if (decrypted !== undefined && !raws.has(decrypted.raw)) {\n raws.add(decrypted.raw)\n res.successfulDecryptions.push(decrypted.key)\n } else {\n res.failedDecryptions.push(encryptedExchangeKey)\n }\n }\n return res\n }\n\n private async extendForGiveAccessBackTo(\n delegatorId: string,\n delegateId: string,\n newPublicKeyFp: string,\n newPublicKey: CryptoKey,\n decryptionKeyPairsByFingerprint: { [publicKeyFingerprint: string]: KeyPair<CryptoKey> }\n ) {\n await notConcurrent(this.generateKeyConcurrencyMap, delegatorId, async () => {\n const delegator = await this.dataOwnerApi.getCryptoActorStub(delegatorId)\n const delegate = await this.dataOwnerApi.getCryptoActorStub(delegateId)\n let didUpdateSomeKey = false\n const combinedKeys = await this.combineLegacyHcpKeysWithAesExchangeKeys(delegator.stub, delegate.stub, true)\n const updatedExchangeKeys: { [delegatorKey: string]: { [delegateId: string]: { [keyFp: string]: string } } } = {}\n const newEncryptionKeys = { [newPublicKeyFp]: newPublicKey }\n for (const [currDelegatorKey, currDelegatesToKeys] of Object.entries(combinedKeys)) {\n const updatedDelegatesToKeys: { [delegateId: string]: { [keyFp: string]: string } } = {}\n for (const [currDelegateId, currEncryptedKey] of Object.entries(currDelegatesToKeys)) {\n if (delegateId !== currDelegateId || newPublicKeyFp in currEncryptedKey) {\n updatedDelegatesToKeys[currDelegateId] = currEncryptedKey\n } else {\n const decrypted = await this.tryDecryptExchangeKey(currEncryptedKey, decryptionKeyPairsByFingerprint)\n if (decrypted) {\n didUpdateSomeKey = true\n updatedDelegatesToKeys[currDelegateId] = {\n ...currEncryptedKey,\n ...(await this.encryptExchangeKey(decrypted, newEncryptionKeys)).encryptedExchangeKey,\n }\n } else {\n updatedDelegatesToKeys[currDelegateId] = currEncryptedKey\n }\n }\n }\n updatedExchangeKeys[currDelegatorKey] = updatedDelegatesToKeys\n }\n if (didUpdateSomeKey) {\n await this.dataOwnerApi.modifyCryptoActorStub({\n type: delegator.type,\n stub: {\n ...delegator.stub,\n aesExchangeKeys: updatedExchangeKeys,\n },\n })\n }\n })\n }\n\n /**\n * Attempts to decrypt an exchange key using any of the provided key pairs.\n * @param encryptedExchangeKey an encrypted exchange key, in the form publicKeyXyzFingerprint -> hex(exchangeKeyEncryptedByPrivateKeyXyz).\n * @param keyPairsByFingerprint rsa key pairs to use for decryption.\n * @return the decrypted exchange key, in raw and key format (to allow deduplication), or undefined if the key could not be decrypted using the\n * provided keys.\n */\n private async tryDecryptExchangeKey(\n encryptedExchangeKey: { [publicKeyFingerprint: string]: string },\n keyPairsByFingerprint: { [publicKeyFingerprint: string]: KeyPair<CryptoKey> }\n ): Promise<{ raw: string; key: CryptoKey } | undefined> {\n for (const [entryKey, encrypted] of Object.entries(encryptedExchangeKey)) {\n // Due to bugs in past version the entry may actually contain the full public key instead of just the fingerprint.\n const fp = fingerprintV1(entryKey)\n const keyPair = keyPairsByFingerprint[fp]\n if (keyPair !== undefined) {\n const res = await this.tryDecryptExchangeKeyWith(encrypted, keyPair, fp)\n if (res !== undefined) return res\n }\n }\n const defaultEncryptedKey = encryptedExchangeKey['']\n if (defaultEncryptedKey !== undefined) {\n for (const keyPair of Object.values(keyPairsByFingerprint)) {\n // disable error logging, we are not sure keyPair is the correct key\n const res = await this.tryDecryptExchangeKeyWith(defaultEncryptedKey, keyPair, undefined)\n if (res !== undefined) return res\n }\n }\n return undefined\n }\n\n /**\n * Creates an encrypted exchange key for the provided public keys.\n * @param exchangeKey the exchange key in raw and imported format. If undefined a new key will be automatically created.\n * @param publicKeys additional public keys that will have access to the exchange key in spki format, hex-encoded.\n * @return the exchangeKey and an object with the exchange key encrypted with each of the provided public keys, hex-encoded, by fingerprint.\n */\n private async encryptExchangeKey(\n exchangeKey: { raw: string; key: CryptoKey } | undefined,\n publicKeys: { [keyFingerprint: string]: CryptoKey }\n ): Promise<{\n exchangeKey: CryptoKey\n encryptedExchangeKey: { [pubKeyFp: string]: string }\n }> {\n const exchangeKeyCrypto = exchangeKey?.key ?? (await this.primitives.AES.generateCryptoKey(false))\n const exchangeKeyBytes = exchangeKey !== undefined ? hex2ua(exchangeKey.raw) : await this.primitives.AES.exportKey(exchangeKeyCrypto, 'raw')\n const encryptedExchangeKey = await Object.entries(publicKeys).reduce(\n async (acc, [currKeyFp, currKey]) => ({\n ...(await acc),\n [currKeyFp]: ua2hex(await this.primitives.RSA.encrypt(currKey, new Uint8Array(exchangeKeyBytes))),\n }),\n Promise.resolve({} as { [pubKeyFp: string]: string })\n )\n return { exchangeKey: exchangeKeyCrypto, encryptedExchangeKey }\n }\n\n /**\n * Attempts to decrypt an exchange key using the provided key pairs.\n * If you are confident that the provided {@link keyPair} was used to encrypt {@link encryptedByOneKey} you should also provide {@link keyPairFp},\n * so that if the decryption fail an error will be logged to console before returning undefined.\n * @param encryptedByOneKey an exchange key which may be encrypted with {@link keyPair}.\n * @param keyPair an rsa key pair.\n * @param keyPairFp the fingerprint of the provided key pair or undefined to disable logging of error if the decryption failed.\n * @return the decrypted exchange key, in raw and key format (to allow deduplication), or undefined if the key could not be decrypted using the\n * provided key.\n */\n private async tryDecryptExchangeKeyWith(\n encryptedByOneKey: string,\n keyPair: KeyPair<CryptoKey>,\n keyPairFp: string | undefined // if undefined will not log errors, when we are not sure the key to be used is the provided key.\n ): Promise<{ raw: string; key: CryptoKey } | undefined> {\n try {\n const decrypted = await this.primitives.RSA.decrypt(keyPair.privateKey, hex2ua(encryptedByOneKey))\n return { raw: ua2hex(decrypted), key: await this.primitives.AES.importKey('raw', decrypted) }\n } catch (e) {\n if (keyPairFp) {\n console.error(`Failed to decrypt or import exchange key ${encryptedByOneKey} using key with fingerprint ${keyPairFp}.`, e)\n }\n }\n }\n // Copy all legacy hcp exchange keys into the new aes exchange keys\n private async combineLegacyHcpKeysWithAesExchangeKeys(\n owner: CryptoActorStub,\n delegate: CryptoActorStub | undefined,\n fillDelegateLegacyKey: boolean\n ): Promise<{ [ownerPublicKey: string]: { [delegateId: string]: { [fingerprint: string]: string } } }> {\n const ownerLegacyPublicKey = owner.publicKey\n if (ownerLegacyPublicKey != undefined && !(owner.aesExchangeKeys ?? {})[ownerLegacyPublicKey]) {\n /*\n * This condition would technically prevent new updates to the hcPartyKeys to be migrated to the aes exchange keys, but since I can only update\n * data for self data owner and parent entities this is not an issue, because I will always be using the new api from now on and I won't have\n * a situation where the legacy keys are updated but the aes exchange keys are not.\n */\n const counterPartsById: { [id: string]: CryptoActorStub } = {}\n if (fillDelegateLegacyKey) {\n counterPartsById[owner.id!] = owner\n if (delegate) {\n counterPartsById[delegate.id!] = delegate\n }\n for (const other of Object.keys(owner.hcPartyKeys ?? {}).filter((x) => x !== owner.id && x !== delegate?.id)) {\n try {\n counterPartsById[other] = (await this.dataOwnerApi.getCryptoActorStub(other)).stub\n } catch {\n // ignore\n }\n }\n }\n return {\n [ownerLegacyPublicKey]: Object.entries(owner.hcPartyKeys ?? {}).reduce((acc, [hcpId, keys]) => {\n const counterpartKey = counterPartsById[hcpId]?.publicKey\n acc[hcpId] = {\n [fingerprintV1(ownerLegacyPublicKey)]: keys[0],\n [(counterpartKey && fingerprintV1(counterpartKey)) ?? '']: keys[1],\n }\n return acc\n }, {} as { [delegateId: string]: { [fingerprint: string]: string } }),\n ...(owner.aesExchangeKeys ?? {}),\n }\n } else return owner.aesExchangeKeys ?? {}\n }\n}\n"]}
@@ -5,6 +5,7 @@ const RSA_1 = require("./RSA");
5
5
  const AES_1 = require("./AES");
6
6
  const shamir_1 = require("./shamir");
7
7
  const HMACUtils_1 = require("./HMACUtils");
8
+ const utils_1 = require("../utils");
8
9
  /**
9
10
  * Gives access to cryptographic primitives.
10
11
  */
@@ -37,10 +38,10 @@ class WebCryptoPrimitives {
37
38
  (c) => (Number(c) ^ (this.crypto.getRandomValues(new Uint8Array(1))[0] & (15 >> (Number(c) / 4)))).toString(16));
38
39
  }
39
40
  sha256(data) {
40
- return this.crypto.subtle.digest('SHA-256', data);
41
+ return this.crypto.subtle.digest('SHA-256', (0, utils_1.ua2ab)(data));
41
42
  }
42
43
  sha512(data) {
43
- return this.crypto.subtle.digest('SHA-512', data);
44
+ return this.crypto.subtle.digest('SHA-512', (0, utils_1.ua2ab)(data));
44
45
  }
45
46
  randomBytes(n) {
46
47
  const res = new Uint8Array(n);
@@ -1 +1 @@
1
- {"version":3,"file":"CryptoPrimitives.js","sourceRoot":"","sources":["../../../icc-x-api/crypto/CryptoPrimitives.ts"],"names":[],"mappings":";;;AAAA,+BAA8C;AAC9C,+BAA8C;AAC9C,qCAAuD;AACvD,2CAAsD;AAwBtD;;GAEG;AACH,MAAa,mBAAmB;IAO9B,IAAI,MAAM;QACR,OAAO,IAAI,CAAC,OAAO,CAAA;IACrB,CAAC;IAED,IAAI,MAAM;QACR,OAAO,IAAI,CAAC,OAAO,CAAA;IACrB,CAAC;IAED,IAAI,GAAG;QACL,OAAO,IAAI,CAAC,IAAI,CAAA;IAClB,CAAC;IAED,IAAI,GAAG;QACL,OAAO,IAAI,CAAC,IAAI,CAAA;IAClB,CAAC;IAED,IAAI,IAAI;QACN,OAAO,IAAI,CAAC,KAAK,CAAA;IACnB,CAAC;IAED,YAAY,SAAiB,OAAO,MAAM,KAAK,WAAW,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO,IAAI,KAAK,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAE,EAAa;QACrI,IAAI,CAAC,OAAO,GAAG,MAAM,CAAA;QACrB,IAAI,CAAC,IAAI,GAAG,IAAI,kBAAY,CAAC,MAAM,CAAC,CAAA;QACpC,IAAI,CAAC,IAAI,GAAG,IAAI,kBAAY,CAAC,MAAM,CAAC,CAAA;QACpC,IAAI,CAAC,OAAO,GAAG,IAAI,wBAAe,CAAC,MAAM,CAAC,CAAA;QAC1C,IAAI,CAAC,KAAK,GAAG,IAAI,yBAAa,CAAC,MAAM,CAAC,CAAA;IACxC,CAAC;IAED,UAAU;QACR,OAAO,CAAC,CAAC,GAAG,CAAC,CAAC,QAAQ,EAAE,GAAG,CAAC,GAAG,GAAG,CAAC,GAAG,GAAG,CAAC,GAAG,GAAG,CAAC,IAAI,CAAC,CAAC,OAAO,CAC5D,QAAQ;QACR,+CAA+C;QAC/C,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,CAAE,IAAI,CAAC,MAAM,CAAC,eAAe,CAAC,IAAI,UAAU,CAAC,CAAC,CAAC,CAAiB,CAAC,CAAC,CAAC,GAAG,CAAC,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CACjI,CAAA;IACH,CAAC;IAED,MAAM,CAAC,IAA8B;QACnC,OAAO,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,IAAI,CAAC,CAAA;IACnD,CAAC;IAED,MAAM,CAAC,IAA8B;QACnC,OAAO,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,IAAI,CAAC,CAAA;IACnD,CAAC;IAED,WAAW,CAAC,CAAS;QACnB,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,CAAC,CAAC,CAAA;QAC7B,IAAI,CAAC,MAAM,CAAC,eAAe,CAAC,GAAG,CAAC,CAAA;QAChC,OAAO,GAAG,CAAA;IACZ,CAAC;CACF;AAxDD,kDAwDC","sourcesContent":["import { RSAUtils, RSAUtilsImpl } from './RSA'\nimport { AESUtils, AESUtilsImpl } from './AES'\nimport { ShamirClass, WebcryptoShamir } from './shamir'\nimport { HMACUtils, HMACUtilsImpl } from './HMACUtils'\n\nexport interface CryptoPrimitives {\n readonly shamir: ShamirClass\n readonly RSA: RSAUtils\n readonly AES: AESUtils\n readonly HMAC: HMACUtils\n /**\n * Generates a UUID using a cryptographically secure random number generator.\n */\n randomUuid(): string\n /**\n * @param data some data\n * @return the sha256 hash of {@link data}\n */\n sha256(data: ArrayBuffer | Uint8Array): Promise<ArrayBuffer>\n sha512(data: ArrayBuffer | Uint8Array): Promise<ArrayBuffer>\n /**\n * @param n how many bytes to generate\n * @return an array with n random bytes\n */\n randomBytes(n: number): Uint8Array\n}\n\n/**\n * Gives access to cryptographic primitives.\n */\nexport class WebCryptoPrimitives implements CryptoPrimitives {\n private readonly _rsa: RSAUtils\n private readonly _aes: AESUtils\n private readonly _shamir: ShamirClass\n private readonly _crypto: Crypto\n private readonly _hmac: HMACUtils\n\n get crypto(): Crypto {\n return this._crypto\n }\n\n get shamir(): ShamirClass {\n return this._shamir\n }\n\n get RSA(): RSAUtils {\n return this._rsa\n }\n\n get AES(): AESUtils {\n return this._aes\n }\n\n get HMAC(): HMACUtils {\n return this._hmac\n }\n\n constructor(crypto: Crypto = typeof window !== 'undefined' ? window.crypto : typeof self !== 'undefined' ? self.crypto : ({} as Crypto)) {\n this._crypto = crypto\n this._rsa = new RSAUtilsImpl(crypto)\n this._aes = new AESUtilsImpl(crypto)\n this._shamir = new WebcryptoShamir(crypto)\n this._hmac = new HMACUtilsImpl(crypto)\n }\n\n randomUuid() {\n return ((1e7).toString() + -1e3 + -4e3 + -8e3 + -1e11).replace(\n /[018]/g,\n //Keep next inlined or you will lose the random\n (c) => (Number(c) ^ ((this.crypto.getRandomValues(new Uint8Array(1))! as Uint8Array)[0] & (15 >> (Number(c) / 4)))).toString(16)\n )\n }\n\n sha256(data: ArrayBuffer | Uint8Array): Promise<ArrayBuffer> {\n return this.crypto.subtle.digest('SHA-256', data)\n }\n\n sha512(data: ArrayBuffer | Uint8Array): Promise<ArrayBuffer> {\n return this.crypto.subtle.digest('SHA-512', data)\n }\n\n randomBytes(n: number): Uint8Array {\n const res = new Uint8Array(n)\n this.crypto.getRandomValues(res)\n return res\n }\n}\n"]}
1
+ {"version":3,"file":"CryptoPrimitives.js","sourceRoot":"","sources":["../../../icc-x-api/crypto/CryptoPrimitives.ts"],"names":[],"mappings":";;;AAAA,+BAA8C;AAC9C,+BAA8C;AAC9C,qCAAuD;AACvD,2CAAsD;AACtD,oCAAgC;AAwBhC;;GAEG;AACH,MAAa,mBAAmB;IAO9B,IAAI,MAAM;QACR,OAAO,IAAI,CAAC,OAAO,CAAA;IACrB,CAAC;IAED,IAAI,MAAM;QACR,OAAO,IAAI,CAAC,OAAO,CAAA;IACrB,CAAC;IAED,IAAI,GAAG;QACL,OAAO,IAAI,CAAC,IAAI,CAAA;IAClB,CAAC;IAED,IAAI,GAAG;QACL,OAAO,IAAI,CAAC,IAAI,CAAA;IAClB,CAAC;IAED,IAAI,IAAI;QACN,OAAO,IAAI,CAAC,KAAK,CAAA;IACnB,CAAC;IAED,YAAY,SAAiB,OAAO,MAAM,KAAK,WAAW,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO,IAAI,KAAK,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAE,EAAa;QACrI,IAAI,CAAC,OAAO,GAAG,MAAM,CAAA;QACrB,IAAI,CAAC,IAAI,GAAG,IAAI,kBAAY,CAAC,MAAM,CAAC,CAAA;QACpC,IAAI,CAAC,IAAI,GAAG,IAAI,kBAAY,CAAC,MAAM,CAAC,CAAA;QACpC,IAAI,CAAC,OAAO,GAAG,IAAI,wBAAe,CAAC,MAAM,CAAC,CAAA;QAC1C,IAAI,CAAC,KAAK,GAAG,IAAI,yBAAa,CAAC,MAAM,CAAC,CAAA;IACxC,CAAC;IAED,UAAU;QACR,OAAO,CAAC,CAAC,GAAG,CAAC,CAAC,QAAQ,EAAE,GAAG,CAAC,GAAG,GAAG,CAAC,GAAG,GAAG,CAAC,GAAG,GAAG,CAAC,IAAI,CAAC,CAAC,OAAO,CAC5D,QAAQ;QACR,+CAA+C;QAC/C,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,CAAE,IAAI,CAAC,MAAM,CAAC,eAAe,CAAC,IAAI,UAAU,CAAC,CAAC,CAAC,CAAiB,CAAC,CAAC,CAAC,GAAG,CAAC,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CACjI,CAAA;IACH,CAAC;IAED,MAAM,CAAC,IAA8B;QACnC,OAAO,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,IAAA,aAAK,EAAC,IAAI,CAAC,CAAC,CAAA;IAC1D,CAAC;IAED,MAAM,CAAC,IAA8B;QACnC,OAAO,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,IAAA,aAAK,EAAC,IAAI,CAAC,CAAC,CAAA;IAC1D,CAAC;IAED,WAAW,CAAC,CAAS;QACnB,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,CAAC,CAAC,CAAA;QAC7B,IAAI,CAAC,MAAM,CAAC,eAAe,CAAC,GAAG,CAAC,CAAA;QAChC,OAAO,GAAG,CAAA;IACZ,CAAC;CACF;AAxDD,kDAwDC","sourcesContent":["import { RSAUtils, RSAUtilsImpl } from './RSA'\nimport { AESUtils, AESUtilsImpl } from './AES'\nimport { ShamirClass, WebcryptoShamir } from './shamir'\nimport { HMACUtils, HMACUtilsImpl } from './HMACUtils'\nimport { ua2ab } from '../utils'\n\nexport interface CryptoPrimitives {\n readonly shamir: ShamirClass\n readonly RSA: RSAUtils\n readonly AES: AESUtils\n readonly HMAC: HMACUtils\n /**\n * Generates a UUID using a cryptographically secure random number generator.\n */\n randomUuid(): string\n /**\n * @param data some data\n * @return the sha256 hash of {@link data}\n */\n sha256(data: ArrayBuffer | Uint8Array): Promise<ArrayBuffer>\n sha512(data: ArrayBuffer | Uint8Array): Promise<ArrayBuffer>\n /**\n * @param n how many bytes to generate\n * @return an array with n random bytes\n */\n randomBytes(n: number): Uint8Array\n}\n\n/**\n * Gives access to cryptographic primitives.\n */\nexport class WebCryptoPrimitives implements CryptoPrimitives {\n private readonly _rsa: RSAUtils\n private readonly _aes: AESUtils\n private readonly _shamir: ShamirClass\n private readonly _crypto: Crypto\n private readonly _hmac: HMACUtils\n\n get crypto(): Crypto {\n return this._crypto\n }\n\n get shamir(): ShamirClass {\n return this._shamir\n }\n\n get RSA(): RSAUtils {\n return this._rsa\n }\n\n get AES(): AESUtils {\n return this._aes\n }\n\n get HMAC(): HMACUtils {\n return this._hmac\n }\n\n constructor(crypto: Crypto = typeof window !== 'undefined' ? window.crypto : typeof self !== 'undefined' ? self.crypto : ({} as Crypto)) {\n this._crypto = crypto\n this._rsa = new RSAUtilsImpl(crypto)\n this._aes = new AESUtilsImpl(crypto)\n this._shamir = new WebcryptoShamir(crypto)\n this._hmac = new HMACUtilsImpl(crypto)\n }\n\n randomUuid() {\n return ((1e7).toString() + -1e3 + -4e3 + -8e3 + -1e11).replace(\n /[018]/g,\n //Keep next inlined or you will lose the random\n (c) => (Number(c) ^ ((this.crypto.getRandomValues(new Uint8Array(1))! as Uint8Array)[0] & (15 >> (Number(c) / 4)))).toString(16)\n )\n }\n\n sha256(data: ArrayBuffer | Uint8Array): Promise<ArrayBuffer> {\n return this.crypto.subtle.digest('SHA-256', ua2ab(data))\n }\n\n sha512(data: ArrayBuffer | Uint8Array): Promise<ArrayBuffer> {\n return this.crypto.subtle.digest('SHA-512', ua2ab(data))\n }\n\n randomBytes(n: number): Uint8Array {\n const res = new Uint8Array(n)\n this.crypto.getRandomValues(res)\n return res\n }\n}\n"]}
@@ -100,10 +100,10 @@ class AbstractExchangeDataManager {
100
100
  throw new Error(`Could not create exchange data to ${delegateId} as no public key for the delegate could be verified.`);
101
101
  for (const delegateKey of allVerifiedDelegateKeys) {
102
102
  if (sha1KeysOfDelegate.has(delegateKey)) {
103
- encryptionKeys[(0, utils_1.fingerprintV1)(delegateKey)] = yield this.primitives.RSA.importKey('spki', (0, utils_2.hex2ua)(delegateKey), ['encrypt'], RSA_1.ShaVersion.Sha1);
103
+ encryptionKeys[(0, utils_1.fingerprintV1)(delegateKey)] = yield this.primitives.RSA.importKey('spki', (0, utils_2.ua2ab)((0, utils_2.hex2ua)(delegateKey)), ['encrypt'], RSA_1.ShaVersion.Sha1);
104
104
  }
105
105
  else if (sha256KeysOfDelegate.has(delegateKey)) {
106
- encryptionKeys[(0, utils_1.fingerprintV1)(delegateKey)] = yield this.primitives.RSA.importKey('spki', (0, utils_2.hex2ua)(delegateKey), ['encrypt'], RSA_1.ShaVersion.Sha256);
106
+ encryptionKeys[(0, utils_1.fingerprintV1)(delegateKey)] = yield this.primitives.RSA.importKey('spki', (0, utils_2.ua2ab)((0, utils_2.hex2ua)(delegateKey)), ['encrypt'], RSA_1.ShaVersion.Sha256);
107
107
  }
108
108
  else
109
109
  throw new Error('Illegal state: verified keys should contain only keys for OAPE-SHA1 or OAPE-SHA256.');
@@ -126,7 +126,7 @@ class AbstractExchangeDataManager {
126
126
  const newKeyHashVersion = (0, utils_1.getShaVersionForKey)(other.stub, newDataOwnerPublicKey);
127
127
  if (!newKeyHashVersion)
128
128
  throw new Error(`Public key not found for data owner ${otherDataOwner}`);
129
- const importedNewKey = yield this.primitives.RSA.importKey('spki', (0, utils_2.hex2ua)(newDataOwnerPublicKey), ['encrypt'], newKeyHashVersion);
129
+ const importedNewKey = yield this.primitives.RSA.importKey('spki', (0, utils_2.ua2ab)((0, utils_2.hex2ua)(newDataOwnerPublicKey)), ['encrypt'], newKeyHashVersion);
130
130
  const decryptionKeys = this.encryptionKeys.getDecryptionKeys();
131
131
  const allExchangeDataToUpdate = self == otherDataOwner
132
132
  ? yield this.base.getExchangeDataByDelegatorDelegatePair(self, self)
@@ -1 +1 @@
1
- {"version":3,"file":"ExchangeDataManager.js","sourceRoot":"","sources":["../../../icc-x-api/crypto/ExchangeDataManager.ts"],"names":[],"mappings":";;;;;;;;;;;AAuBA,4GAmCC;AApDD,mCAAgH;AAEhH,oCAA+D;AAC/D,yEAA6E;AAC7E,+BAAkC;AAClC,6CAAmC;AACnC,gEAA0D;AAO1D;;;GAGG;AACH,SAAsB,gDAAgD;yDACpE,IAA6B,EAC7B,cAAyC,EACzC,mBAA6C,EAC7C,gBAAkC,EAClC,YAA8B,EAC9B,UAA4B,EAC5B,aAAsB,EACtB,qBAA4D,EAAE;QAE9D,MAAM,YAAY,GAAG,yCAAuB,CAAC,aAAa,CAAC,MAAM,YAAY,CAAC,mBAAmB,EAAE,CAAC,CAAA;QACpG,IAAI,gBAAgB,CAAC,oCAAoC,CAAC,YAAY,CAAC,EAAE,CAAC;YACxE,MAAM,GAAG,GAAG,IAAI,8BAA8B,CAC5C,IAAI,EACJ,cAAc,EACd,mBAAmB,EACnB,gBAAgB,EAChB,YAAY,EACZ,UAAU,EACV,aAAa,CACd,CAAA;YACD,MAAM,GAAG,CAAC,sBAAsB,EAAE,CAAA;YAClC,OAAO,GAAG,CAAA;QACZ,CAAC;aAAM,CAAC;YACN,OAAO,IAAI,kCAAkC,CAC3C,IAAI,EACJ,cAAc,EACd,mBAAmB,EACnB,gBAAgB,EAChB,YAAY,EACZ,UAAU,EACV,aAAa,EACb,kBAAkB,CACnB,CAAA;QACH,CAAC;IACH,CAAC;CAAA;AA+GD,MAAe,2BAA2B;IACxC,YACW,IAA6B,EACnB,cAAyC,EACzC,mBAA6C,EAC7C,gBAAkC,EAClC,YAA8B,EAC9B,UAA4B,EAC9B,aAAsB;QAN9B,SAAI,GAAJ,IAAI,CAAyB;QACnB,mBAAc,GAAd,cAAc,CAA2B;QACzC,wBAAmB,GAAnB,mBAAmB,CAA0B;QAC7C,qBAAgB,GAAhB,gBAAgB,CAAkB;QAClC,iBAAY,GAAZ,YAAY,CAAkB;QAC9B,eAAU,GAAV,UAAU,CAAkB;QAC9B,kBAAa,GAAb,aAAa,CAAS;IACtC,CAAC;IAEY,WAAW,CAAC,IAAkB;;YAS5C,MAAM,cAAc,GAAG,IAAI,CAAC,cAAc,CAAC,iBAAiB,EAAE,CAAA;YAC9D,MAAM,cAAc,GAAG,MAAM,CAAC,WAAW,CACvC,IAAI,CAAC,cAAc,CAAC,mBAAmB,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,EAAuB,EAAE,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAC9G,CAAA;YACD,MAAM,oBAAoB,GAAG,CAAC,MAAM,IAAI,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC,IAAI,CAAC,EAAE,cAAc,CAAC,CAAC,CAAC,qBAAqB,CAAC,CAAC,CAAC,CAAA;YACtH,IAAI,CAAC,oBAAoB;gBAAE,OAAO,SAAS,CAAA;YAC3C,MAAM,4BAA4B,GAAG,CAAC,MAAM,IAAI,CAAC,IAAI,CAAC,6BAA6B,CAAC,CAAC,IAAI,CAAC,EAAE,cAAc,CAAC,CAAC,CAAC,qBAAqB,CAAC,CAAC,CAAC,CAAA;YACrI,IAAI,CAAC,4BAA4B;gBAC/B,MAAM,IAAI,KAAK,CAAC,kFAAkF,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;YAC3H,MAAM,2BAA2B,GAAG,CAAC,MAAM,IAAI,CAAC,IAAI,CAAC,6BAA6B,CAAC,CAAC,IAAI,CAAC,EAAE,cAAc,CAAC,CAAC,CAAC,qBAAqB,CAAC,CAAC,CAAC,CAAA;YACpI,IAAI,CAAC,2BAA2B;gBAC9B,MAAM,IAAI,KAAK,CAAC,iFAAiF,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;YAC1H,OAAO;gBACL,mBAAmB,EAAE,4BAA4B;gBACjD,WAAW,EAAE,oBAAoB;gBACjC,kBAAkB,EAAE,2BAA2B;gBAC/C,QAAQ,EAAE,MAAM,IAAI,CAAC,IAAI,CAAC,kBAAkB,CAC1C;oBACE,YAAY,EAAE,IAAI;oBAClB,4BAA4B;oBAC5B,oBAAoB;oBACpB,2BAA2B;iBAC5B,EACD,cAAc,EACd,IAAI,CACL;aACF,CAAA;QACH,CAAC;KAAA;IAEe,qBAAqB,CACnC,UAAkB,EAClB,OAIC;;YAED,IAAI,OAAO,CAAC,mBAAmB,IAAI,OAAO,CAAC,oBAAoB;gBAC7D,MAAM,IAAI,KAAK,CAAC,sFAAsF,CAAC,CAAA;YACzG,MAAM,cAAc,GAAgC,EAAE,CAAA;YACtD,MAAM,gBAAgB,GAAG,IAAI,CAAC,cAAc,CAAC,mBAAmB,EAAE,CAAA;YAClE,IAAI,gBAAgB,CAAC,MAAM,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,oBAAoB;gBAC/D,MAAM,IAAI,KAAK,CAAC,oFAAoF,CAAC,CAAA;YACvG,gBAAgB,CAAC,OAAO,CAAC,CAAC,EAAE,WAAW,EAAE,IAAI,EAAE,EAAE,EAAE;gBACjD,cAAc,CAAC,WAAW,CAAC,GAAG,IAAI,CAAC,SAAS,CAAA;YAC9C,CAAC,CAAC,CAAA;YACF,IAAI,UAAU,IAAI,CAAC,MAAM,IAAI,CAAC,YAAY,CAAC,qBAAqB,EAAE,CAAC,EAAE,CAAC;gBACpE,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,kBAAkB,CAAC,UAAU,CAAC,CAAA;gBACvE,MAAM,oBAAoB,GAAG,IAAA,iCAAyB,EAAC,QAAQ,CAAC,IAAI,CAAC,CAAA;gBACrE,MAAM,kBAAkB,GAAG,IAAA,+BAAuB,EAAC,QAAQ,CAAC,IAAI,CAAC,CAAA;gBACjE,IAAI,uBAAiC,CAAA;gBACrC,IAAI,CAAC,oBAAoB,CAAC,IAAI,IAAI,CAAC,kBAAkB,CAAC,IAAI,EAAE,CAAC;oBAC3D,IAAI,CAAC,OAAO,CAAC,mBAAmB;wBAC9B,MAAM,IAAI,KAAK,CAAC,qCAAqC,UAAU,+CAA+C,CAAC,CAAA;oBACjH,uBAAuB,GAAG,EAAE,CAAA;gBAC9B,CAAC;qBAAM,IAAI,IAAI,CAAC,aAAa,IAAI,CAAC,MAAM,IAAI,CAAC,YAAY,CAAC,+BAA+B,EAAE,CAAC,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;oBAClH,uBAAuB,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,wBAAwB,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAA;gBAC7F,CAAC;qBAAM,CAAC;oBACN,uBAAuB,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,wBAAwB,CAC5E,QAAQ,EACR,CAAC,GAAG,KAAK,CAAC,IAAI,CAAC,oBAAoB,CAAC,EAAE,GAAG,KAAK,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC,EACxE,IAAI,CAAC,UAAU,CAChB,CAAA;gBACH,CAAC;gBACD,IAAI,CAAC,uBAAuB,CAAC,MAAM,IAAI,CAAC,OAAO,CAAC,mBAAmB;oBACjE,MAAM,IAAI,KAAK,CAAC,qCAAqC,UAAU,uDAAuD,CAAC,CAAA;gBACzH,KAAK,MAAM,WAAW,IAAI,uBAAuB,EAAE,CAAC;oBAClD,IAAI,kBAAkB,CAAC,GAAG,CAAC,WAAW,CAAC,EAAE,CAAC;wBACxC,cAAc,CAAC,IAAA,qBAAa,EAAC,WAAW,CAAC,CAAC,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,SAAS,CAAC,MAAM,EAAE,IAAA,cAAM,EAAC,WAAW,CAAC,EAAE,CAAC,SAAS,CAAC,EAAE,gBAAU,CAAC,IAAI,CAAC,CAAA;oBAC7I,CAAC;yBAAM,IAAI,oBAAoB,CAAC,GAAG,CAAC,WAAW,CAAC,EAAE,CAAC;wBACjD,cAAc,CAAC,IAAA,qBAAa,EAAC,WAAW,CAAC,CAAC,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,SAAS,CAC9E,MAAM,EACN,IAAA,cAAM,EAAC,WAAW,CAAC,EACnB,CAAC,SAAS,CAAC,EACX,gBAAU,CAAC,MAAM,CAClB,CAAA;oBACH,CAAC;;wBAAM,MAAM,IAAI,KAAK,CAAC,qFAAqF,CAAC,CAAA;gBAC/G,CAAC;YACH,CAAC;YACD,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,kBAAkB,CAChD,UAAU,EACV,MAAM,CAAC,WAAW,CAAC,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAuB,EAAE,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,EACxG,cAAc,EACd,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,EAAE,EAAE,OAAO,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC,EAAE,CACnD,CAAA;YACD,OAAO;gBACL,YAAY,EAAE,OAAO,CAAC,YAAY;gBAClC,mBAAmB,EAAE,OAAO,CAAC,mBAAmB;gBAChD,WAAW,EAAE,OAAO,CAAC,WAAW;gBAChC,kBAAkB,EAAE,OAAO,CAAC,kBAAkB;aAC/C,CAAA;QACH,CAAC;KAAA;IAEK,gBAAgB,CAAC,cAAsB,EAAE,qBAA6B;;YAC1E,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,qBAAqB,EAAE,CAAA;YAC5D,MAAM,QAAQ,GAAG,IAAA,qBAAa,EAAC,qBAAqB,CAAC,CAAA;YACrD,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,kBAAkB,CAAC,cAAc,CAAC,CAAA;YACxE,MAAM,iBAAiB,GAAG,IAAA,2BAAmB,EAAC,KAAK,CAAC,IAAI,EAAE,qBAAqB,CAAC,CAAA;YAChF,IAAI,CAAC,iBAAiB;gBAAE,MAAM,IAAI,KAAK,CAAC,uCAAuC,cAAc,EAAE,CAAC,CAAA;YAChG,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,SAAS,CAAC,MAAM,EAAE,IAAA,cAAM,EAAC,qBAAqB,CAAC,EAAE,CAAC,SAAS,CAAC,EAAE,iBAAiB,CAAC,CAAA;YACjI,MAAM,cAAc,GAAG,IAAI,CAAC,cAAc,CAAC,iBAAiB,EAAE,CAAA;YAC9D,MAAM,uBAAuB,GAC3B,IAAI,IAAI,cAAc;gBACpB,CAAC,CAAC,MAAM,IAAI,CAAC,IAAI,CAAC,sCAAsC,CAAC,IAAI,EAAE,IAAI,CAAC;gBACpE,CAAC,CAAC;oBACE,GAAG,CAAC,MAAM,IAAI,CAAC,IAAI,CAAC,sCAAsC,CAAC,IAAI,EAAE,cAAc,CAAC,CAAC;oBACjF,GAAG,CAAC,MAAM,IAAI,CAAC,IAAI,CAAC,sCAAsC,CAAC,cAAc,EAAE,IAAI,CAAC,CAAC;iBAClF,CAAA;YACP,KAAK,MAAM,YAAY,IAAI,uBAAuB,EAAE,CAAC;gBACnD,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,WAAW,CAAC,CAAC,IAAI,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,IAAI,QAAQ,CAAC,EAAE,CAAC;oBACxE,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,qBAAqB,CAAC,YAAY,EAAE,cAAc,EAAE,EAAE,CAAC,QAAQ,CAAC,EAAE,cAAc,EAAE,CAAC,CAAA;oBACnH,IAAI,CAAC,OAAO,EAAE,CAAC;wBACb,OAAO,CAAC,IAAI,CAAC,gDAAgD,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC,EAAE,CAAC,CAAA;oBAC9F,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;KAAA;IAED,sBAAsB;QACpB,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAA;IAClD,CAAC;IAED,2BAA2B,CACzB,UAAkB,EAClB,OAGC;QAED,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAA;IAClD,CAAC;IAED,6CAA6C,CAC3C,MAAgB;QAEhB,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAA;IAClD,CAAC;IAED,yBAAyB,CACvB,GAAa,EACb,mBAA4B;QAQ5B,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAA;IAClD,CAAC;IAED,yBAAyB,CAAC,UAAwC;QAChE,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAA;IAClD,CAAC;IAED,oBAAoB,CAAC,UAAwC;QAC3D,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAA;IAClD,CAAC;IAEK,2BAA2B,CAC/B,mBAMG,EACH,oBAA6B;;YAE7B,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,qBAAqB,EAAE,CAAA;YAC5D,MAAM,qBAAqB,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,oBAAoB,CAAC,mBAAmB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAA;YACpH,IAAI,qBAAqB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,IAAI,IAAI,IAAI,CAAC,CAAC,QAAQ,IAAI,IAAI,CAAC;gBAC9E,MAAM,IAAI,KAAK,CAAC,2DAA2D,CAAC,CAAA;YAC9E,MAAM,gBAAgB,GAAmC,EAAE,CAAA;YAC3D,qBAAqB,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,gBAAgB,CAAC,CAAC,CAAC,EAAG,CAAC,GAAG,CAAC,CAAC,CAAC,CAAA;YACnE,IAAI,oBAAoB,EAAE,CAAC;gBACzB,MAAM,gBAAgB,GAAG,IAAI,CAAC,cAAc,CAAC,mBAAmB,EAAE,CAAA;gBAClE,IAAI,gBAAgB,CAAC,MAAM,IAAI,CAAC;oBAAE,MAAM,IAAI,KAAK,CAAC,0EAA0E,CAAC,CAAA;gBAC7H,MAAM,cAAc,GAAgC,EAAE,CAAA;gBACtD,gBAAgB,CAAC,OAAO,CAAC,CAAC,EAAE,WAAW,EAAE,IAAI,EAAE,EAAE,EAAE;oBACjD,cAAc,CAAC,WAAW,CAAC,GAAG,IAAI,CAAC,SAAS,CAAA;gBAC9C,CAAC,CAAC,CAAA;gBACF,MAAM,aAAa,GAAG,MAAM,CAAC,WAAW,CAAC,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAuB,EAAE,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,CAAA;gBAC9H,KAAK,MAAM,OAAO,IAAI,mBAAmB,EAAE,CAAC;oBAC1C,MAAM,YAAY,GAAG,gBAAgB,CAAC,OAAO,CAAC,cAAc,CAAC,CAAA;oBAC7D,IAAI,YAAY,IAAI,IAAI;wBACtB,MAAM,IAAI,CAAC,IAAI,CAAC,yCAAyC,CAAC;4BACxD,YAAY;4BACZ,iBAAiB,EAAE,cAAc;4BACjC,yBAAyB,EAAE,YAAY,CAAC,SAAS,IAAI,IAAI,IAAI,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,EAAE;4BAClG,cAAc,EAAE,OAAO,CAAC,WAAW;4BACnC,sBAAsB,EAAE,OAAO,CAAC,mBAAmB;4BACnD,qBAAqB,EAAE,OAAO,CAAC,kBAAkB;yBAClD,CAAC,CAAA;gBACN,CAAC;YACH,CAAC;YACD,MAAM,eAAe,GAMf,EAAE,CAAA;YACR,KAAK,MAAM,OAAO,IAAI,mBAAmB,EAAE,CAAC;gBAC1C,MAAM,YAAY,GAAG,gBAAgB,CAAC,OAAO,CAAC,cAAc,CAAC,CAAA;gBAC7D,IAAI,YAAY,IAAI,SAAS;oBAC3B,eAAe,CAAC,IAAI,CAAC;wBACnB,YAAY,EAAE,YAAY;wBAC1B,mBAAmB,EAAE,MAAM,IAAI,CAAC,IAAI,CAAC,yBAAyB,CAAC,OAAO,CAAC,mBAAmB,CAAC;wBAC3F,WAAW,EAAE,MAAM,IAAI,CAAC,IAAI,CAAC,iBAAiB,CAAC,OAAO,CAAC,WAAW,CAAC;wBACnE,kBAAkB,EAAE,MAAM,IAAI,CAAC,IAAI,CAAC,wBAAwB,CAAC,OAAO,CAAC,kBAAkB,CAAC;wBACxF,QAAQ,EAAE,OAAO,CAAC,QAAQ;qBAC3B,CAAC,CAAA;YACN,CAAC;YACD,MAAM,IAAI,CAAC,yBAAyB,CAAC,eAAe,CAAC,CAAA;QACvD,CAAC;KAAA;CAWF;AAED,MAAM,8BAA+B,SAAQ,2BAA2B;IAAxE;;QACU,WAAM,GAKT,OAAO,CAAC,OAAO,CAAC,EAAE,QAAQ,EAAE,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,kCAAkC,EAAE,EAAE,EAAE,kCAAkC,EAAE,EAAE,EAAE,CAAC,CAAA;QAC5H,4BAAuB,GAAG,IAAI,mBAAK,EAAE,CAAA;IAuM/C,CAAC;IArMO,sBAAsB;;YAC1B,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC,iBAAiB,EAAE,CAAA;YACtC,MAAM,IAAI,CAAC,MAAM,CAAA;QACnB,CAAC;KAAA;IAEK,6CAA6C,CACjD,MAAgB;;YAEhB,SAAS,0BAA0B,CAAC,MAInC;gBACC,OAAO,MAAM,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE;oBACjC,MAAM,EAAE,GAAG,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAA;oBAChC,IAAI,EAAE,EAAE,CAAC;wBACP,MAAM,MAAM,GAAG,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAA;wBAClC,IAAI,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,SAAS,EAAE,CAAC;4BACtB,GAAG,CAAC,IAAI,CAAC,GAAG;gCACV,YAAY,EAAE,MAAM,CAAC,YAAY;gCACjC,WAAW,EAAE,MAAM,CAAC,SAAS,CAAC,WAAW;gCACzC,mBAAmB,EAAE,MAAM,CAAC,SAAS,CAAC,mBAAmB;6BAC1D,CAAA;wBACH,CAAC;oBACH,CAAC;oBACD,OAAO,GAAG,CAAA;gBACZ,CAAC,EAAE,EAA6G,CAAC,CAAA;YACnH,CAAC;YAED,OAAO,0BAA0B,CAAC,MAAM,IAAI,CAAC,MAAM,CAAC,CAAA;QACtD,CAAC;KAAA;IAEa,yBAAyB,CACrC,UAAkB;;YAElB,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAA;YAChC,MAAM,MAAM,GAAG,MAAM,CAAC,kCAAkC,CAAC,UAAU,CAAC,CAAA;YACpE,MAAM,MAAM,GAAG,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,SAAS,CAAA;YAC3D,IAAI,MAAM,KAAI,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,SAAS,CAAA,EAAE,CAAC;gBAChC,OAAO;oBACL,YAAY,EAAE,MAAM,CAAC,YAAY;oBACjC,mBAAmB,EAAE,MAAM,CAAC,SAAS,CAAC,mBAAmB;oBACzD,WAAW,EAAE,MAAM,CAAC,SAAS,CAAC,WAAW;oBACzC,kBAAkB,EAAE,MAAM,CAAC,SAAS,CAAC,kBAAkB;iBACxD,CAAA;YACH,CAAC;iBAAM,CAAC;gBACN,OAAO,SAAS,CAAA;YAClB,CAAC;QACH,CAAC;KAAA;IAEK,2BAA2B,CAC/B,UAAkB,EAClB,OAGC;;;YAED,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,yBAAyB,CAAC,UAAU,CAAC,CAAA;YACtE,IAAI,aAAa;gBAAE,OAAO,aAAa,CAAA;YACvC,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,uBAAuB,CAAC,OAAO,EAAE,CAAA;YAC5D,IAAI,CAAC;gBACH,MAAM,gBAAgB,GAAG,MAAM,IAAI,CAAC,yBAAyB,CAAC,UAAU,CAAC,CAAA;gBACzE,IAAI,gBAAgB;oBAAE,OAAO,gBAAgB,CAAA;gBAC7C,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,qBAAqB,CAAC,UAAU,EAAE;oBAC3D,mBAAmB,EAAE,MAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,+BAA+B,mCAAI,KAAK;oBACtE,oBAAoB,EAAE,MAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,gCAAgC,mCAAI,KAAK;iBACzE,CAAC,CAAA;gBACF,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,YAAY,EAAE,IAAI,EAAE;oBACzC,mBAAmB,EAAE,OAAO,CAAC,mBAAmB;oBAChD,WAAW,EAAE,OAAO,CAAC,WAAW;oBAChC,kBAAkB,EAAE,OAAO,CAAC,kBAAkB;oBAC9C,QAAQ,EAAE,IAAI;iBACf,CAAC,CAAA;gBACF,OAAO,OAAO,CAAA;YAChB,CAAC;oBAAS,CAAC;gBACT,OAAO,EAAE,CAAA;YACX,CAAC;QACH,CAAC;KAAA;IAEK,yBAAyB,CAC7B,GAAa,EACb,mBAA4B;;;YAQ5B,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAA;YAChC,MAAM,GAAG,GAML,EAAE,CAAA;YACN,KAAK,MAAM,EAAE,IAAI,GAAG,EAAE,CAAC;gBACrB,MAAM,IAAI,GAAG,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAA;gBAChC,IAAI,IAAI,EAAE,CAAC;oBACT,GAAG,CAAC,EAAE,CAAC,GAAG;wBACR,YAAY,EAAE,IAAI,CAAC,YAAY;wBAC/B,WAAW,EAAE,MAAA,IAAI,CAAC,SAAS,0CAAE,WAAW;wBACxC,mBAAmB,EAAE,MAAA,IAAI,CAAC,SAAS,0CAAE,mBAAmB;qBACzD,CAAA;gBACH,CAAC;YACH,CAAC;YACD,OAAO,GAAG,CAAA;QACZ,CAAC;KAAA;IAEO,SAAS,CACf,YAA0B,EAC1B,SAAkB,EAClB,SAAgI;QAEhI,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAO,MAAM,EAAE,EAAE;YAC9C,MAAM,CAAC,QAAQ,CAAC,YAAY,CAAC,EAAG,CAAC,GAAG,EAAE,YAAY,EAAE,SAAS,EAAE,CAAA;YAC/D,IAAI,SAAS,EAAE,CAAC;gBACd,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,0BAA0B,CAAC,SAAS,CAAC,mBAAmB,CAAC,CAAA;gBACvG,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,EAAE;oBACtB,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,YAAY,CAAC,EAAG,CAAA;gBAC1C,CAAC,CAAC,CAAA;gBACF,IAAI,SAAS,CAAC,QAAQ,EAAE,CAAC;oBACvB,MAAM,CAAC,kCAAkC,CAAC,YAAY,CAAC,QAAQ,CAAC,GAAG,YAAY,CAAC,EAAG,CAAA;gBACrF,CAAC;YACH,CAAC;YACD,IAAI,SAAS;gBAAE,MAAM,CAAC,kCAAkC,GAAG,EAAE,CAAA;YAC7D,OAAO,MAAM,CAAA;QACf,CAAC,CAAA,CAAC,CAAA;IACJ,CAAC;IAEa,iBAAiB;;YAM7B,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,8CAA8C,EAAE,CAAA;YAChF,IAAI,CAAC,OAAO;gBAAE,MAAM,IAAI,KAAK,CAAC,8EAA8E,CAAC,CAAA;YAC7G,MAAM,QAAQ,GAAyC,EAAE,CAAA;YACzD,MAAM,QAAQ,GAA+B,EAAE,CAAA;YAC/C,MAAM,kCAAkC,GAAmC,EAAE,CAAA;YAC7E,KAAK,MAAM,QAAQ,IAAI,OAAO,EAAE,CAAC;gBAC/B,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAA;gBACtD,QAAQ,CAAC,QAAQ,CAAC,EAAG,CAAC,GAAG,EAAE,YAAY,EAAE,QAAQ,EAAE,SAAS,EAAE,aAAa,EAAE,CAAA;gBAC7E,IAAI,aAAa,aAAb,aAAa,uBAAb,aAAa,CAAE,QAAQ,EAAE,CAAC;oBAC5B,kCAAkC,CAAC,QAAQ,CAAC,QAAQ,CAAC,GAAG,QAAQ,CAAC,EAAG,CAAA;gBACtE,CAAC;gBACD,IAAI,aAAa,aAAb,aAAa,uBAAb,aAAa,CAAE,mBAAmB,EAAE,CAAC;oBACvC,KAAK,MAAM,CAAC,IAAI,MAAM,IAAI,CAAC,mBAAmB,CAAC,0BAA0B,CAAC,aAAc,CAAC,mBAAmB,CAAC,EAAE,CAAC;wBAC9G,QAAQ,CAAC,CAAC,CAAC,GAAG,QAAQ,CAAC,EAAG,CAAA;oBAC5B,CAAC;gBACH,CAAC;YACH,CAAC;YACD,MAAM,kCAAkC,GAA8D,EAAE,CAAA;YACxG,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,kCAAkC,EAAE,kCAAkC,EAAE,CAAA;QACvG,CAAC;KAAA;IAEK,yBAAyB,CAAC,UAAwC;;YACtE,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAA;YAChC,MAAM,MAAM,GAAG,MAAM,CAAC,kCAAkC,CAAC,UAAU,CAAC,CAAA;YACpE,IAAI,MAAM;gBAAE,OAAO,MAAM,CAAA;YACzB,MAAM,oBAAoB,GAAG,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,mBAAmB,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAA;YAClI,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,2BAA2B,CAAC,oBAAoB,EAAE,UAAU,CAAC,CAAA;YAC7G,MAAM,CAAC,kCAAkC,CAAC,UAAU,CAAC,GAAG,QAAQ,CAAA;YAChE,OAAO,QAAQ,CAAA;QACjB,CAAC;KAAA;IAEK,oBAAoB,CAAC,UAAwC;;YACjE,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAA;YAChC,MAAM,oBAAoB,GAAG,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,mBAAmB,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAA;YAClI,MAAM,GAAG,GAAa,EAAE,CAAA;YACxB,KAAK,MAAM,mBAAmB,IAAI,oBAAoB,EAAE,CAAC;gBACvD,sIAAsI;gBACtI,GAAG,CAAC,IAAI,CAAC,MAAM,IAAI,CAAC,mBAAmB,CAAC,sBAAsB,CAAC,mBAAmB,EAAE,UAAU,CAAC,CAAC,CAAA;YAClG,CAAC;YACD,OAAO,GAAG,CAAA;QACZ,CAAC;KAAA;IAEe,yBAAyB,CACvC,mBAMG;;YAEH,KAAK,MAAM,OAAO,IAAI,mBAAmB,EAAE,CAAC;gBAC1C,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,YAAY,EAAE,IAAI,EAAE;oBACzC,mBAAmB,EAAE,OAAO,CAAC,mBAAmB;oBAChD,WAAW,EAAE,OAAO,CAAC,WAAW;oBAChC,kBAAkB,EAAE,OAAO,CAAC,kBAAkB;oBAC9C,QAAQ,EAAE,OAAO,CAAC,QAAQ;iBAC3B,CAAC,CAAA;YACJ,CAAC;QACH,CAAC;KAAA;CACF;AAED,MAAM,kCAAmC,SAAQ,2BAA2B;IAO1E,YACE,IAA6B,EAC7B,cAAyC,EACzC,mBAA6C,EAC7C,gBAAkC,EAClC,YAA8B,EAC9B,UAA4B,EAC5B,aAAsB,EACtB,kBAEC;;QAED,KAAK,CAAC,IAAI,EAAE,cAAc,EAAE,mBAAmB,EAAE,gBAAgB,EAAE,YAAY,EAAE,UAAU,EAAE,aAAa,CAAC,CAAA;QAlB5F,aAAQ,GAAsE,IAAI,iCAAc,EAAE,CAAA;QAClG,aAAQ,GAAwB,IAAI,GAAG,EAAE,CAAA;QACzC,uCAAkC,GAAwB,IAAI,GAAG,EAAE,CAAA;QAEnE,eAAU,GAAG,IAAI,mBAAK,EAAE,CAAA;QAevC,IAAI,CAAC,qBAAqB,GAAG,MAAA,kBAAkB,CAAC,YAAY,mCAAI,IAAI,CAAA;IACtE,CAAC;IAEK,sBAAsB;;YAC1B,IAAI,CAAC,QAAQ,CAAC,KAAK,EAAE,CAAA;YACrB,IAAI,CAAC,QAAQ,CAAC,KAAK,EAAE,CAAA;YACrB,IAAI,CAAC,kCAAkC,CAAC,KAAK,EAAE,CAAA;QACjD,CAAC;KAAA;IAEK,6CAA6C,CACjD,MAAgB;;YAEhB,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,OAAO,EAAE,CAAA;YAC/C,IAAI,CAAC;gBACH,MAAM,GAAG,GAEL,EAAE,CAAA;gBACN,KAAK,MAAM,IAAI,IAAI,MAAM,EAAE,CAAC;oBAC1B,MAAM,MAAM,GAAG,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,CAAA;oBACtC,IAAI,MAAM,EAAE,CAAC;wBACX,MAAM,SAAS,GAAG,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,MAAM,CAAC,CAAA;wBACjD,IAAI,CAAC,SAAS;4BAAE,MAAM,IAAI,KAAK,CAAC,gBAAgB,MAAM,mCAAmC,CAAC,CAAA;wBAC1F,IAAI,SAAS,CAAC,SAAS,EAAE,CAAC;4BACxB,GAAG,CAAC,IAAI,CAAC,GAAG;gCACV,YAAY,EAAE,SAAS,CAAC,YAAY;gCACpC,WAAW,EAAE,SAAS,CAAC,SAAS,CAAC,WAAW;gCAC5C,mBAAmB,EAAE,SAAS,CAAC,SAAS,CAAC,mBAAmB;6BAC7D,CAAA;wBACH,CAAC;oBACH,CAAC;gBACH,CAAC;gBACD,OAAO,GAAG,CAAA;YACZ,CAAC;oBAAS,CAAC;gBACT,OAAO,EAAE,CAAA;YACX,CAAC;QACH,CAAC;KAAA;IAEK,yBAAyB,CAC7B,GAAa,EACb,mBAA4B;;;YAQ5B,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,OAAO,EAAE,CAAA;YAC/C,IAAI,CAAC;gBACH,MAAM,GAAG,GAML,EAAE,CAAA;gBACN,MAAM,QAAQ,GAAa,EAAE,CAAA;gBAC7B,KAAK,MAAM,EAAE,IAAI,GAAG,EAAE,CAAC;oBACrB,MAAM,MAAM,GAAuD,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC,CAAA;oBAC9F,IAAI,MAAM,EAAE,CAAC;wBACX,GAAG,CAAC,EAAE,CAAC,GAAG;4BACR,WAAW,EAAE,MAAA,MAAM,CAAC,SAAS,0CAAE,WAAW;4BAC1C,mBAAmB,EAAE,MAAA,MAAM,CAAC,SAAS,0CAAE,mBAAmB;4BAC1D,YAAY,EAAE,MAAM,CAAC,YAAY;yBAClC,CAAA;oBACH,CAAC;yBAAM,IAAI,mBAAmB,EAAE,CAAC;wBAC/B,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;oBACnB,CAAC;gBACH,CAAC;gBACD,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBACxB,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,oBAAoB,CAAC,QAAQ,CAAC,CAAA;oBAChE,KAAK,MAAM,IAAI,IAAI,SAAS,EAAE,CAAC;wBAC7B,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,CAAA;wBAC9C,IAAI,SAAS,EAAE,CAAC;4BACd,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,0BAA0B,CAAC,SAAS,CAAC,mBAAmB,CAAC,CAAA;4BACvG,IAAI,CAAC,UAAU,CAAC,EAAE,YAAY,EAAE,IAAI,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC,CAAA;wBAC5D,CAAC;6BAAM,CAAC;4BACN,IAAI,CAAC,UAAU,CAAC,EAAE,YAAY,EAAE,IAAI,EAAE,MAAM,EAAE,EAAE,EAAE,CAAC,CAAA;wBACrD,CAAC;wBACD,GAAG,CAAC,IAAI,CAAC,EAAG,CAAC,GAAG;4BACd,WAAW,EAAE,SAAS,aAAT,SAAS,uBAAT,SAAS,CAAE,WAAW;4BACnC,mBAAmB,EAAE,SAAS,aAAT,SAAS,uBAAT,SAAS,CAAE,mBAAmB;4BACnD,YAAY,EAAE,IAAI;yBACnB,CAAA;oBACH,CAAC;gBACH,CAAC;gBACD,OAAO,GAAG,CAAA;YACZ,CAAC;oBAAS,CAAC;gBACT,OAAO,EAAE,CAAA;YACX,CAAC;QACH,CAAC;KAAA;IAEK,2BAA2B,CAC/B,UAAkB,EAClB,OAGC;;;YAED,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,OAAO,EAAE,CAAA;YAC/C,IAAI,CAAC;gBACH,IAAI,UAAU,GAAG,IAAI,CAAC,kCAAkC,CAAC,GAAG,CAAC,UAAU,CAAC,CAAA;gBACxE,IAAI,CAAC,UAAU,EAAE,CAAC;oBAChB,MAAM,IAAI,CAAC,uBAAuB,CAAC,UAAU,CAAC,CAAA;oBAC9C,UAAU,GAAG,IAAI,CAAC,kCAAkC,CAAC,GAAG,CAAC,UAAU,CAAC,CAAA;gBACtE,CAAC;gBACD,IAAI,UAAU,EAAE,CAAC;oBACf,MAAM,MAAM,GAAG,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,UAAU,CAAC,CAAA;oBAClD,IAAI,CAAC,MAAM;wBAAE,MAAM,IAAI,KAAK,CAAC,+BAA+B,UAAU,4BAA4B,CAAC,CAAA;oBACnG,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;wBACrB,OAAO;4BACL,YAAY,EAAE,MAAM,CAAC,YAAY;4BACjC,WAAW,EAAE,MAAM,CAAC,SAAS,CAAC,WAAW;4BACzC,mBAAmB,EAAE,MAAM,CAAC,SAAS,CAAC,mBAAmB;4BACzD,kBAAkB,EAAE,MAAM,CAAC,SAAS,CAAC,kBAAkB;yBACxD,CAAA;oBACH,CAAC;;wBAAM,MAAM,IAAI,KAAK,CAAC,0DAA0D,CAAC,CAAA;gBACpF,CAAC;qBAAM,CAAC;oBACN,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,qBAAqB,CAAC,UAAU,EAAE;wBAC3D,mBAAmB,EAAE,MAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,+BAA+B,mCAAI,KAAK;wBACtE,oBAAoB,EAAE,MAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,gCAAgC,mCAAI,KAAK;qBACzE,CAAC,CAAA;oBACF,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,0BAA0B,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAA;oBACrG,MAAM,IAAI,GAAG;wBACX,YAAY,EAAE,OAAO,CAAC,YAAY;wBAClC,SAAS,EAAE;4BACT,mBAAmB,EAAE,OAAO,CAAC,mBAAmB;4BAChD,WAAW,EAAE,OAAO,CAAC,WAAW;4BAChC,kBAAkB,EAAE,OAAO,CAAC,kBAAkB;4BAC9C,QAAQ,EAAE,IAAI;yBACf;wBACD,MAAM;qBACP,CAAA;oBACD,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,CAAA;oBACrB,OAAO;wBACL,YAAY,EAAE,IAAI,CAAC,YAAY;wBAC/B,WAAW,EAAE,IAAI,CAAC,SAAS,CAAC,WAAW;wBACvC,mBAAmB,EAAE,IAAI,CAAC,SAAS,CAAC,mBAAmB;wBACvD,kBAAkB,EAAE,IAAI,CAAC,SAAS,CAAC,kBAAkB;qBACtD,CAAA;gBACH,CAAC;YACH,CAAC;oBAAS,CAAC;gBACT,OAAO,EAAE,CAAA;YACX,CAAC;QACH,CAAC;KAAA;IAED,iJAAiJ;IACjJ,uEAAuE;IACzD,uBAAuB,CAAC,UAAkB;;YACtD,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,sCAAsC,CAAC,MAAM,IAAI,CAAC,YAAY,CAAC,qBAAqB,EAAE,EAAE,UAAU,CAAC,CAAA;YAC1I,KAAK,MAAM,IAAI,IAAI,cAAc,EAAE,CAAC;gBAClC,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,CAAA;gBAC9C,IAAI,SAAS,EAAE,CAAC;oBACd,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,0BAA0B,CAAC,SAAS,CAAC,mBAAmB,CAAC,CAAA;oBACvG,IAAI,CAAC,UAAU,CAAC,EAAE,YAAY,EAAE,IAAI,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC,CAAA;gBAC5D,CAAC;qBAAM,CAAC;oBACN,IAAI,CAAC,UAAU,CAAC,EAAE,YAAY,EAAE,IAAI,EAAE,MAAM,EAAE,EAAE,EAAE,CAAC,CAAA;gBACrD,CAAC;YACH,CAAC;QACH,CAAC;KAAA;IAEO,UAAU,CAAC,IAA+C;;QAChE,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,IAAI,IAAI,CAAC,qBAAqB,EAAE,CAAC;YACrD,IAAI,CAAC,aAAa,EAAE,CAAA;QACtB,CAAC;QACD,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,EAAE,IAAI,CAAC,YAAY,CAAC,EAAG,CAAC,CAAC,CAAA;QAC7E,IAAI,CAAA,MAAA,IAAI,CAAC,SAAS,0CAAE,QAAQ,KAAI,CAAC,IAAI,CAAC,kCAAkC,CAAC,GAAG,CAAC,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,EAAE,CAAC;YACzG,IAAI,CAAC,kCAAkC,CAAC,GAAG,CAAC,IAAI,CAAC,YAAY,CAAC,QAAQ,EAAE,IAAI,CAAC,YAAY,CAAC,EAAG,CAAC,CAAA;QAChG,CAAC;QACD,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,YAAY,CAAC,EAAG,EAAE,IAAI,CAAC,CAAA;IAChD,CAAC;IAEO,aAAa;QACnB,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,CAAC,sBAAsB,EAAE,CAAA;QACtD,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAA;QAC5D,IAAI,IAAI,CAAC,kCAAkC,CAAC,GAAG,CAAC,OAAO,CAAC,YAAY,CAAC,QAAQ,CAAC,KAAK,OAAO,CAAC,YAAY,CAAC,EAAE,EAAE,CAAC;YAC3G,IAAI,CAAC,kCAAkC,CAAC,MAAM,CAAC,OAAO,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAA;QAC/E,CAAC;IACH,CAAC;IAED,yBAAyB;QACvB,OAAO,OAAO,CAAC,OAAO,CAAC,SAAS,CAAC,CAAA;IACnC,CAAC;IAED,oBAAoB;QAClB,OAAO,OAAO,CAAC,OAAO,CAAC,SAAS,CAAC,CAAA;IACnC,CAAC;IAEe,yBAAyB,CACvC,mBAMG;;YAEH,KAAK,MAAM,OAAO,IAAI,mBAAmB,EAAE,CAAC;gBAC1C,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,0BAA0B,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAA;gBACrG,MAAM,IAAI,GAAG;oBACX,YAAY,EAAE,OAAO,CAAC,YAAY;oBAClC,SAAS,EAAE;wBACT,mBAAmB,EAAE,OAAO,CAAC,mBAAmB;wBAChD,WAAW,EAAE,OAAO,CAAC,WAAW;wBAChC,kBAAkB,EAAE,OAAO,CAAC,kBAAkB;wBAC9C,QAAQ,EAAE,OAAO,CAAC,QAAQ;qBAC3B;oBACD,MAAM;iBACP,CAAA;gBACD,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,CAAA;YACvB,CAAC;QACH,CAAC;KAAA;CACF","sourcesContent":["import { ExchangeData } from '../../icc-api/model/internal/ExchangeData'\nimport { IccDataOwnerXApi } from '../icc-data-owner-x-api'\nimport { BaseExchangeDataManager } from './BaseExchangeDataManager'\nimport { UserEncryptionKeysManager } from './UserEncryptionKeysManager'\nimport { AccessControlSecretUtils } from './AccessControlSecretUtils'\nimport { CryptoStrategies } from './CryptoStrategies'\nimport { fingerprintV1, getShaVersionForKey, hexPublicKeysWithSha1Of, hexPublicKeysWithSha256Of } from './utils'\nimport { CryptoPrimitives } from './CryptoPrimitives'\nimport { EntityWithDelegationTypeName, hex2ua } from '../utils'\nimport { CryptoActorStubWithType } from '../../icc-api/model/CryptoActorStub'\nimport { ShaVersion } from './RSA'\nimport { Mutex } from 'async-mutex'\nimport { SimpleLruCache } from '../utils/simple-lru-cache'\n\nexport type ExchangeDataManagerOptionalParameters = {\n // Only for not fully cached implementation (data owner can't request all his exchange data), amount of exchange data which can be cached\n lruCacheSize?: number // default = 2000\n}\n\n/**\n * @internal this function is for internal use only and may be changed without notice.\n * Initialises and returns the exchange data manager which is most appropriate for the current data owner.\n */\nexport async function initialiseExchangeDataManagerForCurrentDataOwner(\n base: BaseExchangeDataManager,\n encryptionKeys: UserEncryptionKeysManager,\n accessControlSecret: AccessControlSecretUtils,\n cryptoStrategies: CryptoStrategies,\n dataOwnerApi: IccDataOwnerXApi,\n primitives: CryptoPrimitives,\n useParentKeys: boolean,\n optionalParameters: ExchangeDataManagerOptionalParameters = {}\n): Promise<ExchangeDataManager> {\n const currentOwner = CryptoActorStubWithType.fromDataOwner(await dataOwnerApi.getCurrentDataOwner())\n if (cryptoStrategies.dataOwnerRequiresAnonymousDelegation(currentOwner)) {\n const res = new FullyCachedExchangeDataManager(\n base,\n encryptionKeys,\n accessControlSecret,\n cryptoStrategies,\n dataOwnerApi,\n primitives,\n useParentKeys\n )\n await res.clearOrRepopulateCache()\n return res\n } else {\n return new LimitedLruCacheExchangeDataManager(\n base,\n encryptionKeys,\n accessControlSecret,\n cryptoStrategies,\n dataOwnerApi,\n primitives,\n useParentKeys,\n optionalParameters\n )\n }\n}\n\ntype CachedExchangeData = {\n exchangeData: ExchangeData\n decrypted?: {\n accessControlSecret: string\n exchangeKey: CryptoKey\n verified: boolean\n sharedSignatureKey: CryptoKey\n }\n}\n\n/**\n * @internal this class is intended for internal use only and may be changed without notice.\n * Exchange data manager which automatically handles decryption and cache\n */\nexport interface ExchangeDataManager {\n readonly base: BaseExchangeDataManager\n\n /**\n * Updates all exchange data between the current data owner and another data owner to allow the other data owner to access existing exchange data\n * using a new public key. Note that this will make existing exchange keys from the other data owner to the current data owner unverified, therefore\n * invalid for encryption.\n * @param otherDataOwner the other data owner.\n * @param newDataOwnerPublicKey a new public key of the other data owner.\n */\n giveAccessBackTo(otherDataOwner: string, newDataOwnerPublicKey: string): Promise<void>\n\n /**\n * Gets any existing and verified exchange data from the current data owner to the provided delegate or creates new data if no verified data is\n * available, then caches it.\n * @param delegateId the id of the delegate.\n * @param options\n * - allowCreationWithoutDelegatorKey if true, when creating new exchange data, even if no verified key is available for the delegator the method\n * will create the new exchange data anyway (will not be usable by the delegate without additional steps).\n * - allowCreationWithoutDelegateKey if true, when creating new exchange data, even if no verified key is available for the delegate the method\n * will create the new exchange data anyway (will not be usable by the delegate without additional steps).\n * @return the access control secret and key of the data to use for encryption.\n */\n getOrCreateEncryptionDataTo(\n delegateId: string,\n options?: {\n allowCreationWithoutDelegatorKey?: boolean\n allowCreationWithoutDelegateKey?: boolean\n }\n ): Promise<{ exchangeData: ExchangeData; accessControlSecret: string; exchangeKey: CryptoKey; sharedSignatureKey: CryptoKey }>\n\n /**\n * Retrieve the cached decrypted exchange data key associated with any of the provided hashes/entry keys of secure delegations.\n * @param hashes hashes of access control secrets for a specific entity, as they appear in the key of secure delegation entries\n * @return the exchange data and decrypted key associated to that hash if cached\n */\n getCachedDecryptionDataKeyByAccessControlHash(\n hashes: string[]\n ): Promise<{ [hash: string]: { exchangeData: ExchangeData; accessControlSecret: string; exchangeKey: CryptoKey } }>\n\n /**\n * Retrieves the exchange data with the provided id (from the cache if available or from the server otherwise if allowed by\n * and attempts to decrypt it, then caches the result.\n * @param ids ids of the exchange datas to retrieve\n * @param retrieveIfNotCached if false only cached data will be returned, and the access control hases options will be\n * ignored\n * @return a map containing the exchange data id associated with:\n * - exchangeData: the exchange data with the provided id\n * - exchangeKey: the exchange key corresponding to the provided exchange data if it could be decrypted, else undefined\n * - accessControlSecret: the access control secret corresponding to the provided exchange data if it could be decrypted, else undefined\n */\n getDecryptionDataKeyByIds(\n ids: string[],\n retrieveIfNotCached: boolean\n ): Promise<{ [id: string]: { exchangeKey: CryptoKey | undefined; accessControlSecret: string | undefined; exchangeData: ExchangeData } }>\n\n /**\n * Clears the cache or fully repopulates the cache if the current data owner can retrieve all of his exchange data according to the crypto\n * strategies.\n */\n clearOrRepopulateCache(): Promise<void>\n\n /**\n * If the current data owner requires anonymous delegations this returns the base64 representation of the concatenation of all available access\n * control keys for the current data owner.\n */\n getAccessControlKeysValue(entityType: EntityWithDelegationTypeName): Promise<string | undefined>\n\n /**\n * If the current data owner requires anonymous delegations this returns the access control keys which may be used in secure delegations for the\n * data owner, which can be used to search for data.\n */\n getAllDelegationKeys(entityType: EntityWithDelegationTypeName): Promise<string[] | undefined>\n\n /**\n * Injects already decrypted exchange data, allowing it to be used by the sdk.\n * @param exchangeDataDetails the exchange data to inject, with the decrypted content and verified status.\n * Note that the SDK won't verify that the provided decrypted content actually matches what is stored in the exchange\n * data.\n * @param reEncryptWithOwnKeys if true all the provided exchange data that is not encrypted with any of the self\n * verified keys of the user will be re-encrypted with them. In case the user is also the delegator and the data is\n * verified the delegator signature will be updated.\n */\n injectDecryptedExchangeData(\n exchangeDataDetails: {\n exchangeDataId: string\n accessControlSecret: ArrayBuffer\n exchangeKey: ArrayBuffer\n sharedSignatureKey: ArrayBuffer\n verified: boolean\n }[],\n reEncryptWithOwnKeys: boolean\n ): Promise<void>\n}\n\nabstract class AbstractExchangeDataManager implements ExchangeDataManager {\n constructor(\n readonly base: BaseExchangeDataManager,\n protected readonly encryptionKeys: UserEncryptionKeysManager,\n protected readonly accessControlSecret: AccessControlSecretUtils,\n protected readonly cryptoStrategies: CryptoStrategies,\n protected readonly dataOwnerApi: IccDataOwnerXApi,\n protected readonly primitives: CryptoPrimitives,\n private readonly useParentKeys: boolean\n ) {}\n\n protected async decryptData(data: ExchangeData): Promise<\n | {\n accessControlSecret: string\n exchangeKey: CryptoKey\n verified: boolean\n sharedSignatureKey: CryptoKey\n }\n | undefined\n > {\n const decryptionKeys = this.encryptionKeys.getDecryptionKeys()\n const encryptionKeys = Object.fromEntries(\n this.encryptionKeys.getSelfVerifiedKeys().map((x): [string, CryptoKey] => [x.fingerprint, x.pair.privateKey])\n )\n const decryptedExchangeKey = (await this.base.tryDecryptExchangeKeys([data], decryptionKeys)).successfulDecryptions[0]\n if (!decryptedExchangeKey) return undefined\n const decryptedAccessControlSecret = (await this.base.tryDecryptAccessControlSecret([data], decryptionKeys)).successfulDecryptions[0]\n if (!decryptedAccessControlSecret)\n throw new Error(`Decryption key could be decrypted but access control secret could not for data ${JSON.stringify(data)}`)\n const decryptedSharedSignatureKey = (await this.base.tryDecryptSharedSignatureKeys([data], decryptionKeys)).successfulDecryptions[0]\n if (!decryptedSharedSignatureKey)\n throw new Error(`Decryption key could be decrypted but shared signature key could not for data ${JSON.stringify(data)}`)\n return {\n accessControlSecret: decryptedAccessControlSecret,\n exchangeKey: decryptedExchangeKey,\n sharedSignatureKey: decryptedSharedSignatureKey,\n verified: await this.base.verifyExchangeData(\n {\n exchangeData: data,\n decryptedAccessControlSecret,\n decryptedExchangeKey,\n decryptedSharedSignatureKey,\n },\n encryptionKeys,\n true\n ),\n }\n }\n\n protected async createNewExchangeData(\n delegateId: string,\n options: {\n newDataId?: string\n allowNoDelegatorKeys?: boolean\n allowNoDelegateKeys?: boolean\n }\n ): Promise<{ exchangeData: ExchangeData; accessControlSecret: string; exchangeKey: CryptoKey; sharedSignatureKey: CryptoKey }> {\n if (options.allowNoDelegateKeys && options.allowNoDelegatorKeys)\n throw new Error('Illegal arguments: allow no delegator and no delegate keys should never both be true')\n const encryptionKeys: { [fp: string]: CryptoKey } = {}\n const selfVerifiedKeys = this.encryptionKeys.getSelfVerifiedKeys()\n if (selfVerifiedKeys.length <= 0 && !options.allowNoDelegatorKeys)\n throw new Error('If the sdk is initialized in keyless mode you must create exchange data explicitly')\n selfVerifiedKeys.forEach(({ fingerprint, pair }) => {\n encryptionKeys[fingerprint] = pair.publicKey\n })\n if (delegateId != (await this.dataOwnerApi.getCurrentDataOwnerId())) {\n const delegate = await this.dataOwnerApi.getCryptoActorStub(delegateId)\n const sha256KeysOfDelegate = hexPublicKeysWithSha256Of(delegate.stub)\n const sha1KeysOfDelegate = hexPublicKeysWithSha1Of(delegate.stub)\n let allVerifiedDelegateKeys: string[]\n if (!sha256KeysOfDelegate.size && !sha1KeysOfDelegate.size) {\n if (!options.allowNoDelegateKeys)\n throw new Error(`Could not create exchange data to ${delegateId} as no public key for the delegate was found.`)\n allVerifiedDelegateKeys = []\n } else if (this.useParentKeys && (await this.dataOwnerApi.getCurrentDataOwnerHierarchyIds()).includes(delegateId)) {\n allVerifiedDelegateKeys = await this.encryptionKeys.getVerifiedPublicKeysFor(delegate.stub)\n } else {\n allVerifiedDelegateKeys = await this.cryptoStrategies.verifyDelegatePublicKeys(\n delegate,\n [...Array.from(sha256KeysOfDelegate), ...Array.from(sha1KeysOfDelegate)],\n this.primitives\n )\n }\n if (!allVerifiedDelegateKeys.length && !options.allowNoDelegateKeys)\n throw new Error(`Could not create exchange data to ${delegateId} as no public key for the delegate could be verified.`)\n for (const delegateKey of allVerifiedDelegateKeys) {\n if (sha1KeysOfDelegate.has(delegateKey)) {\n encryptionKeys[fingerprintV1(delegateKey)] = await this.primitives.RSA.importKey('spki', hex2ua(delegateKey), ['encrypt'], ShaVersion.Sha1)\n } else if (sha256KeysOfDelegate.has(delegateKey)) {\n encryptionKeys[fingerprintV1(delegateKey)] = await this.primitives.RSA.importKey(\n 'spki',\n hex2ua(delegateKey),\n ['encrypt'],\n ShaVersion.Sha256\n )\n } else throw new Error('Illegal state: verified keys should contain only keys for OAPE-SHA1 or OAPE-SHA256.')\n }\n }\n const newData = await this.base.createExchangeData(\n delegateId,\n Object.fromEntries(selfVerifiedKeys.map((x): [string, CryptoKey] => [x.fingerprint, x.pair.privateKey])),\n encryptionKeys,\n options.newDataId ? { id: options.newDataId } : {}\n )\n return {\n exchangeData: newData.exchangeData,\n accessControlSecret: newData.accessControlSecret,\n exchangeKey: newData.exchangeKey,\n sharedSignatureKey: newData.sharedSignatureKey,\n }\n }\n\n async giveAccessBackTo(otherDataOwner: string, newDataOwnerPublicKey: string) {\n const self = await this.dataOwnerApi.getCurrentDataOwnerId()\n const newKeyFp = fingerprintV1(newDataOwnerPublicKey)\n const other = await this.dataOwnerApi.getCryptoActorStub(otherDataOwner)\n const newKeyHashVersion = getShaVersionForKey(other.stub, newDataOwnerPublicKey)\n if (!newKeyHashVersion) throw new Error(`Public key not found for data owner ${otherDataOwner}`)\n const importedNewKey = await this.primitives.RSA.importKey('spki', hex2ua(newDataOwnerPublicKey), ['encrypt'], newKeyHashVersion)\n const decryptionKeys = this.encryptionKeys.getDecryptionKeys()\n const allExchangeDataToUpdate =\n self == otherDataOwner\n ? await this.base.getExchangeDataByDelegatorDelegatePair(self, self)\n : [\n ...(await this.base.getExchangeDataByDelegatorDelegatePair(self, otherDataOwner)),\n ...(await this.base.getExchangeDataByDelegatorDelegatePair(otherDataOwner, self)),\n ]\n for (const dataToUpdate of allExchangeDataToUpdate) {\n if (!Object.keys(dataToUpdate.exchangeKey).find((fp) => fp == newKeyFp)) {\n const updated = await this.base.tryUpdateExchangeData(dataToUpdate, decryptionKeys, { [newKeyFp]: importedNewKey })\n if (!updated) {\n console.warn(`Failed to give access back to exchanged data ${JSON.stringify(dataToUpdate)}`)\n }\n }\n }\n }\n\n clearOrRepopulateCache(): Promise<void> {\n throw new Error('Implemented by concrete class')\n }\n\n getOrCreateEncryptionDataTo(\n delegateId: string,\n options?: {\n allowCreationWithoutDelegatorKey?: boolean\n allowCreationWithoutDelegateKey?: boolean\n }\n ): Promise<{ exchangeData: ExchangeData; accessControlSecret: string; exchangeKey: CryptoKey; sharedSignatureKey: CryptoKey }> {\n throw new Error('Implemented by concrete class')\n }\n\n getCachedDecryptionDataKeyByAccessControlHash(\n hashes: string[]\n ): Promise<{ [p: string]: { exchangeData: ExchangeData; exchangeKey: CryptoKey; accessControlSecret: string } }> {\n throw new Error('Implemented by concrete class')\n }\n\n getDecryptionDataKeyByIds(\n ids: string[],\n retrieveIfNotCached: boolean\n ): Promise<{\n [p: string]: {\n exchangeKey: CryptoKey | undefined\n accessControlSecret: string | undefined\n exchangeData: ExchangeData\n }\n }> {\n throw new Error('Implemented by concrete class')\n }\n\n getAccessControlKeysValue(entityType: EntityWithDelegationTypeName): Promise<string | undefined> {\n throw new Error('Implemented by concrete class')\n }\n\n getAllDelegationKeys(entityType: EntityWithDelegationTypeName): Promise<string[] | undefined> {\n throw new Error('Implemented by concrete class')\n }\n\n async injectDecryptedExchangeData(\n exchangeDataDetails: {\n exchangeDataId: string\n accessControlSecret: ArrayBuffer\n exchangeKey: ArrayBuffer\n sharedSignatureKey: ArrayBuffer\n verified: boolean\n }[],\n reEncryptWithOwnKeys: boolean\n ): Promise<void> {\n const self = await this.dataOwnerApi.getCurrentDataOwnerId()\n const retrievedExchangeData = await this.base.getExchangeDataByIds(exchangeDataDetails.map((x) => x.exchangeDataId))\n if (retrievedExchangeData.some((x) => x.delegator != self && x.delegate != self))\n throw new Error('Should only inject exchange date from/to the current user')\n const exchangeDataById: { [id: string]: ExchangeData } = {}\n retrievedExchangeData.forEach((x) => (exchangeDataById[x.id!] = x))\n if (reEncryptWithOwnKeys) {\n const selfVerifiedKeys = this.encryptionKeys.getSelfVerifiedKeys()\n if (selfVerifiedKeys.length <= 0) throw new Error(\"Can't re-encrypt injected exchange data with own keys if in keyless mode\")\n const encryptionKeys: { [fp: string]: CryptoKey } = {}\n selfVerifiedKeys.forEach(({ fingerprint, pair }) => {\n encryptionKeys[fingerprint] = pair.publicKey\n })\n const signatureKeys = Object.fromEntries(selfVerifiedKeys.map((x): [string, CryptoKey] => [x.fingerprint, x.pair.privateKey]))\n for (const details of exchangeDataDetails) {\n const exchangeData = exchangeDataById[details.exchangeDataId]\n if (exchangeData != null)\n await this.base.updateExchangeDataWithRawDecryptedContent({\n exchangeData,\n newEncryptionKeys: encryptionKeys,\n newDelegatorSignatureKeys: exchangeData.delegator == self && details.verified ? signatureKeys : {},\n rawExchangeKey: details.exchangeKey,\n rawAccessControlSecret: details.accessControlSecret,\n rawSharedSignatureKey: details.sharedSignatureKey,\n })\n }\n }\n const importedDetails: {\n exchangeData: ExchangeData\n accessControlSecret: string\n exchangeKey: CryptoKey\n sharedSignatureKey: CryptoKey\n verified: boolean\n }[] = []\n for (const details of exchangeDataDetails) {\n const exchangeData = exchangeDataById[details.exchangeDataId]\n if (exchangeData != undefined)\n importedDetails.push({\n exchangeData: exchangeData,\n accessControlSecret: await this.base.importAccessControlSecret(details.accessControlSecret),\n exchangeKey: await this.base.importExchangeKey(details.exchangeKey),\n sharedSignatureKey: await this.base.importSharedSignatureKey(details.sharedSignatureKey),\n verified: details.verified,\n })\n }\n await this.cacheInjectedExchangeData(importedDetails)\n }\n\n protected abstract cacheInjectedExchangeData(\n exchangeDataDetails: {\n exchangeData: ExchangeData\n accessControlSecret: string\n exchangeKey: CryptoKey\n sharedSignatureKey: CryptoKey\n verified: boolean\n }[]\n ): Promise<void>\n}\n\nclass FullyCachedExchangeDataManager extends AbstractExchangeDataManager {\n private caches: Promise<{\n dataById: { [id: string]: CachedExchangeData }\n hashToId: { [hash: string]: string }\n delegateToVerifiedEncryptionDataId: { [delegate: string]: string }\n entityTypeToAccessControlKeysValue: { [entityType in EntityWithDelegationTypeName]?: string }\n }> = Promise.resolve({ dataById: {}, hashToId: {}, delegateToVerifiedEncryptionDataId: {}, entityTypeToAccessControlKeysValue: {} })\n private createExchangeDataMutex = new Mutex()\n\n async clearOrRepopulateCache(): Promise<void> {\n this.caches = this.doRepopulateCache()\n await this.caches\n }\n\n async getCachedDecryptionDataKeyByAccessControlHash(\n hashes: string[]\n ): Promise<{ [hash: string]: { exchangeData: ExchangeData; exchangeKey: CryptoKey; accessControlSecret: string } }> {\n function retrieveByHashesFromCaches(caches: {\n dataById: { [id: string]: CachedExchangeData }\n hashToId: { [hash: string]: string }\n delegateToVerifiedEncryptionDataId: { [delegate: string]: string }\n }): { [hash: string]: { exchangeData: ExchangeData; exchangeKey: CryptoKey; accessControlSecret: string } } {\n return hashes.reduce((res, hash) => {\n const id = caches.hashToId[hash]\n if (id) {\n const cached = caches.dataById[id]\n if (cached?.decrypted) {\n res[hash] = {\n exchangeData: cached.exchangeData,\n exchangeKey: cached.decrypted.exchangeKey,\n accessControlSecret: cached.decrypted.accessControlSecret,\n }\n }\n }\n return res\n }, {} as { [hash: string]: { exchangeData: ExchangeData; exchangeKey: CryptoKey; accessControlSecret: string } })\n }\n\n return retrieveByHashesFromCaches(await this.caches)\n }\n\n private async getCachedEncryptionDataTo(\n delegateId: string\n ): Promise<{ exchangeKey: CryptoKey; accessControlSecret: string; exchangeData: ExchangeData; sharedSignatureKey: CryptoKey } | undefined> {\n const caches = await this.caches\n const dataId = caches.delegateToVerifiedEncryptionDataId[delegateId]\n const cached = dataId ? caches.dataById[dataId] : undefined\n if (cached && cached?.decrypted) {\n return {\n exchangeData: cached.exchangeData,\n accessControlSecret: cached.decrypted.accessControlSecret,\n exchangeKey: cached.decrypted.exchangeKey,\n sharedSignatureKey: cached.decrypted.sharedSignatureKey,\n }\n } else {\n return undefined\n }\n }\n\n async getOrCreateEncryptionDataTo(\n delegateId: string,\n options?: {\n allowCreationWithoutDelegatorKey?: boolean\n allowCreationWithoutDelegateKey?: boolean\n }\n ): Promise<{ exchangeData: ExchangeData; accessControlSecret: string; exchangeKey: CryptoKey; sharedSignatureKey: CryptoKey }> {\n const initialCached = await this.getCachedEncryptionDataTo(delegateId)\n if (initialCached) return initialCached\n const release = await this.createExchangeDataMutex.acquire()\n try {\n const cachedAfterMutex = await this.getCachedEncryptionDataTo(delegateId)\n if (cachedAfterMutex) return cachedAfterMutex\n const created = await this.createNewExchangeData(delegateId, {\n allowNoDelegateKeys: options?.allowCreationWithoutDelegateKey ?? false,\n allowNoDelegatorKeys: options?.allowCreationWithoutDelegatorKey ?? false,\n })\n this.cacheData(created.exchangeData, true, {\n accessControlSecret: created.accessControlSecret,\n exchangeKey: created.exchangeKey,\n sharedSignatureKey: created.sharedSignatureKey,\n verified: true,\n })\n return created\n } finally {\n release()\n }\n }\n\n async getDecryptionDataKeyByIds(\n ids: string[],\n retrieveIfNotCached: boolean\n ): Promise<{\n [p: string]: {\n exchangeKey: CryptoKey | undefined\n accessControlSecret: string | undefined\n exchangeData: ExchangeData\n }\n }> {\n const caches = await this.caches\n const res: {\n [p: string]: {\n exchangeKey: CryptoKey | undefined\n accessControlSecret: string | undefined\n exchangeData: ExchangeData\n }\n } = {}\n for (const id of ids) {\n const data = caches.dataById[id]\n if (data) {\n res[id] = {\n exchangeData: data.exchangeData,\n exchangeKey: data.decrypted?.exchangeKey,\n accessControlSecret: data.decrypted?.accessControlSecret,\n }\n }\n }\n return res\n }\n\n private cacheData(\n exchangeData: ExchangeData,\n isNewData: boolean,\n decrypted: { accessControlSecret: string; exchangeKey: CryptoKey; verified: boolean; sharedSignatureKey: CryptoKey } | undefined\n ): void {\n this.caches = this.caches.then(async (caches) => {\n caches.dataById[exchangeData.id!] = { exchangeData, decrypted }\n if (decrypted) {\n const hashes = await this.accessControlSecret.allSecureDelegationKeysFor(decrypted.accessControlSecret)\n hashes.forEach((hash) => {\n caches.hashToId[hash] = exchangeData.id!\n })\n if (decrypted.verified) {\n caches.delegateToVerifiedEncryptionDataId[exchangeData.delegate] = exchangeData.id!\n }\n }\n if (isNewData) caches.entityTypeToAccessControlKeysValue = {}\n return caches\n })\n }\n\n private async doRepopulateCache(): Promise<{\n dataById: { [id: string]: CachedExchangeData }\n hashToId: { [hash: string]: string }\n delegateToVerifiedEncryptionDataId: { [delegate: string]: string }\n entityTypeToAccessControlKeysValue: { [entityType in EntityWithDelegationTypeName]?: string }\n }> {\n const allData = await this.base.getAllExchangeDataForCurrentDataOwnerIfAllowed()\n if (!allData) throw new Error('Impossible to use fully cached exchange data manager for current data owner.')\n const dataById: { [id: string]: CachedExchangeData } = {}\n const hashToId: { [hash: string]: string } = {}\n const delegateToVerifiedEncryptionDataId: { [delegate: string]: string } = {}\n for (const currData of allData) {\n const currDecrypted = await this.decryptData(currData)\n dataById[currData.id!] = { exchangeData: currData, decrypted: currDecrypted }\n if (currDecrypted?.verified) {\n delegateToVerifiedEncryptionDataId[currData.delegate] = currData.id!\n }\n if (currDecrypted?.accessControlSecret) {\n for (const h of await this.accessControlSecret.allSecureDelegationKeysFor(currDecrypted!.accessControlSecret)) {\n hashToId[h] = currData.id!\n }\n }\n }\n const entityTypeToAccessControlKeysValue: { [entityType in EntityWithDelegationTypeName]?: string } = {}\n return { dataById, hashToId, delegateToVerifiedEncryptionDataId, entityTypeToAccessControlKeysValue }\n }\n\n async getAccessControlKeysValue(entityType: EntityWithDelegationTypeName): Promise<string | undefined> {\n const caches = await this.caches\n const cached = caches.entityTypeToAccessControlKeysValue[entityType]\n if (cached) return cached\n const accessControlSecrets = Object.values(caches.dataById).flatMap((x) => (x.decrypted ? [x.decrypted.accessControlSecret] : []))\n const fullData = await this.accessControlSecret.getEncodedAccessControlKeys(accessControlSecrets, entityType)\n caches.entityTypeToAccessControlKeysValue[entityType] = fullData\n return fullData\n }\n\n async getAllDelegationKeys(entityType: EntityWithDelegationTypeName): Promise<string[] | undefined> {\n const caches = await this.caches\n const accessControlSecrets = Object.values(caches.dataById).flatMap((x) => (x.decrypted ? [x.decrypted.accessControlSecret] : []))\n const res: string[] = []\n for (const accessControlSecret of accessControlSecrets) {\n // Usage of sfks in secure delegation key should be configurable: it is not necessary for all users and it has some performance impact\n res.push(await this.accessControlSecret.secureDelegationKeyFor(accessControlSecret, entityType))\n }\n return res\n }\n\n protected async cacheInjectedExchangeData(\n exchangeDataDetails: {\n exchangeData: ExchangeData\n accessControlSecret: string\n exchangeKey: CryptoKey\n sharedSignatureKey: CryptoKey\n verified: boolean\n }[]\n ): Promise<void> {\n for (const details of exchangeDataDetails) {\n this.cacheData(details.exchangeData, true, {\n accessControlSecret: details.accessControlSecret,\n exchangeKey: details.exchangeKey,\n sharedSignatureKey: details.sharedSignatureKey,\n verified: details.verified,\n })\n }\n }\n}\n\nclass LimitedLruCacheExchangeDataManager extends AbstractExchangeDataManager {\n private readonly idToData: SimpleLruCache<string, CachedExchangeData & { hashes: string[] }> = new SimpleLruCache()\n private readonly hashToId: Map<string, string> = new Map()\n private readonly delegateToVerifiedEncryptionDataId: Map<string, string> = new Map()\n private readonly maxCachedExchangeData: number\n private readonly cacheMutex = new Mutex()\n\n constructor(\n base: BaseExchangeDataManager,\n encryptionKeys: UserEncryptionKeysManager,\n accessControlSecret: AccessControlSecretUtils,\n cryptoStrategies: CryptoStrategies,\n dataOwnerApi: IccDataOwnerXApi,\n primitives: CryptoPrimitives,\n useParentKeys: boolean,\n optionalParameters: {\n lruCacheSize?: number\n }\n ) {\n super(base, encryptionKeys, accessControlSecret, cryptoStrategies, dataOwnerApi, primitives, useParentKeys)\n this.maxCachedExchangeData = optionalParameters.lruCacheSize ?? 2000\n }\n\n async clearOrRepopulateCache(): Promise<void> {\n this.idToData.clear()\n this.hashToId.clear()\n this.delegateToVerifiedEncryptionDataId.clear()\n }\n\n async getCachedDecryptionDataKeyByAccessControlHash(\n hashes: string[]\n ): Promise<{ [p: string]: { exchangeData: ExchangeData; exchangeKey: CryptoKey; accessControlSecret: string } }> {\n const release = await this.cacheMutex.acquire()\n try {\n const res: {\n [p: string]: { exchangeData: ExchangeData; exchangeKey: CryptoKey; accessControlSecret: string }\n } = {}\n for (const hash of hashes) {\n const dataId = this.hashToId.get(hash)\n if (dataId) {\n const retrieved = this.idToData.getCached(dataId)\n if (!retrieved) throw new Error(`Data with id ${dataId} should have been already cached.`)\n if (retrieved.decrypted) {\n res[hash] = {\n exchangeData: retrieved.exchangeData,\n exchangeKey: retrieved.decrypted.exchangeKey,\n accessControlSecret: retrieved.decrypted.accessControlSecret,\n }\n }\n }\n }\n return res\n } finally {\n release()\n }\n }\n\n async getDecryptionDataKeyByIds(\n ids: string[],\n retrieveIfNotCached: boolean\n ): Promise<{\n [p: string]: {\n exchangeKey: CryptoKey | undefined\n accessControlSecret: string | undefined\n exchangeData: ExchangeData\n }\n }> {\n const release = await this.cacheMutex.acquire()\n try {\n const res: {\n [p: string]: {\n exchangeKey: CryptoKey | undefined\n accessControlSecret: string | undefined\n exchangeData: ExchangeData\n }\n } = {}\n const uncached: string[] = []\n for (const id of ids) {\n const cached: (CachedExchangeData & { hashes: string[] }) | null = this.idToData.getCached(id)\n if (cached) {\n res[id] = {\n exchangeKey: cached.decrypted?.exchangeKey,\n accessControlSecret: cached.decrypted?.accessControlSecret,\n exchangeData: cached.exchangeData,\n }\n } else if (retrieveIfNotCached) {\n uncached.push(id)\n }\n }\n if (uncached.length > 0) {\n const retrieved = await this.base.getExchangeDataByIds(uncached)\n for (const data of retrieved) {\n const decrypted = await this.decryptData(data)\n if (decrypted) {\n const hashes = await this.accessControlSecret.allSecureDelegationKeysFor(decrypted.accessControlSecret)\n this.addToCache({ exchangeData: data, hashes, decrypted })\n } else {\n this.addToCache({ exchangeData: data, hashes: [] })\n }\n res[data.id!] = {\n exchangeKey: decrypted?.exchangeKey,\n accessControlSecret: decrypted?.accessControlSecret,\n exchangeData: data,\n }\n }\n }\n return res\n } finally {\n release()\n }\n }\n\n async getOrCreateEncryptionDataTo(\n delegateId: string,\n options?: {\n allowCreationWithoutDelegatorKey?: boolean\n allowCreationWithoutDelegateKey?: boolean\n }\n ): Promise<{ exchangeData: ExchangeData; accessControlSecret: string; exchangeKey: CryptoKey; sharedSignatureKey: CryptoKey }> {\n const release = await this.cacheMutex.acquire()\n try {\n let existingId = this.delegateToVerifiedEncryptionDataId.get(delegateId)\n if (!existingId) {\n await this.populateCacheToDelegate(delegateId)\n existingId = this.delegateToVerifiedEncryptionDataId.get(delegateId)\n }\n if (existingId) {\n const cached = this.idToData.getCached(existingId)\n if (!cached) throw new Error(`Illegal state: data with id ${existingId} should have been in cache`)\n if (cached.decrypted) {\n return {\n exchangeData: cached.exchangeData,\n exchangeKey: cached.decrypted.exchangeKey,\n accessControlSecret: cached.decrypted.accessControlSecret,\n sharedSignatureKey: cached.decrypted.sharedSignatureKey,\n }\n } else throw new Error(`Illegal state: cached verified data should be decrypted.`)\n } else {\n const created = await this.createNewExchangeData(delegateId, {\n allowNoDelegateKeys: options?.allowCreationWithoutDelegateKey ?? false,\n allowNoDelegatorKeys: options?.allowCreationWithoutDelegatorKey ?? false,\n })\n const hashes = await this.accessControlSecret.allSecureDelegationKeysFor(created.accessControlSecret)\n const data = {\n exchangeData: created.exchangeData,\n decrypted: {\n accessControlSecret: created.accessControlSecret,\n exchangeKey: created.exchangeKey,\n sharedSignatureKey: created.sharedSignatureKey,\n verified: true,\n },\n hashes,\n }\n this.addToCache(data)\n return {\n exchangeData: data.exchangeData,\n exchangeKey: data.decrypted.exchangeKey,\n accessControlSecret: data.decrypted.accessControlSecret,\n sharedSignatureKey: data.decrypted.sharedSignatureKey,\n }\n }\n } finally {\n release()\n }\n }\n\n // Loads and adds to the cache all exchange data from the current data owner to the given delegate. Allows to check if there is already data from\n // the current data owner to the delegate which is good for encryption.\n private async populateCacheToDelegate(delegateId: string): Promise<void> {\n const dataToDelegate = await this.base.getExchangeDataByDelegatorDelegatePair(await this.dataOwnerApi.getCurrentDataOwnerId(), delegateId)\n for (const data of dataToDelegate) {\n const decrypted = await this.decryptData(data)\n if (decrypted) {\n const hashes = await this.accessControlSecret.allSecureDelegationKeysFor(decrypted.accessControlSecret)\n this.addToCache({ exchangeData: data, hashes, decrypted })\n } else {\n this.addToCache({ exchangeData: data, hashes: [] })\n }\n }\n }\n\n private addToCache(data: CachedExchangeData & { hashes: string[] }) {\n if (this.idToData.size >= this.maxCachedExchangeData) {\n this.evictOneEntry()\n }\n data.hashes.forEach((hash) => this.hashToId.set(hash, data.exchangeData.id!))\n if (data.decrypted?.verified && !this.delegateToVerifiedEncryptionDataId.has(data.exchangeData.delegate)) {\n this.delegateToVerifiedEncryptionDataId.set(data.exchangeData.delegate, data.exchangeData.id!)\n }\n this.idToData.set(data.exchangeData.id!, data)\n }\n\n private evictOneEntry() {\n const evicted = this.idToData.evictLeastRecentlyUsed()\n evicted.hashes.forEach((hash) => this.hashToId.delete(hash))\n if (this.delegateToVerifiedEncryptionDataId.get(evicted.exchangeData.delegate) === evicted.exchangeData.id) {\n this.delegateToVerifiedEncryptionDataId.delete(evicted.exchangeData.delegate)\n }\n }\n\n getAccessControlKeysValue(): Promise<string | undefined> {\n return Promise.resolve(undefined)\n }\n\n getAllDelegationKeys(): Promise<string[] | undefined> {\n return Promise.resolve(undefined)\n }\n\n protected async cacheInjectedExchangeData(\n exchangeDataDetails: {\n exchangeData: ExchangeData\n accessControlSecret: string\n exchangeKey: CryptoKey\n sharedSignatureKey: CryptoKey\n verified: boolean\n }[]\n ): Promise<void> {\n for (const details of exchangeDataDetails) {\n const hashes = await this.accessControlSecret.allSecureDelegationKeysFor(details.accessControlSecret)\n const data = {\n exchangeData: details.exchangeData,\n decrypted: {\n accessControlSecret: details.accessControlSecret,\n exchangeKey: details.exchangeKey,\n sharedSignatureKey: details.sharedSignatureKey,\n verified: details.verified,\n },\n hashes,\n }\n this.addToCache(data)\n }\n }\n}\n"]}
1
+ {"version":3,"file":"ExchangeDataManager.js","sourceRoot":"","sources":["../../../icc-x-api/crypto/ExchangeDataManager.ts"],"names":[],"mappings":";;;;;;;;;;;AAuBA,4GAmCC;AApDD,mCAAgH;AAEhH,oCAAsE;AACtE,yEAA6E;AAC7E,+BAAkC;AAClC,6CAAmC;AACnC,gEAA0D;AAO1D;;;GAGG;AACH,SAAsB,gDAAgD;yDACpE,IAA6B,EAC7B,cAAyC,EACzC,mBAA6C,EAC7C,gBAAkC,EAClC,YAA8B,EAC9B,UAA4B,EAC5B,aAAsB,EACtB,qBAA4D,EAAE;QAE9D,MAAM,YAAY,GAAG,yCAAuB,CAAC,aAAa,CAAC,MAAM,YAAY,CAAC,mBAAmB,EAAE,CAAC,CAAA;QACpG,IAAI,gBAAgB,CAAC,oCAAoC,CAAC,YAAY,CAAC,EAAE,CAAC;YACxE,MAAM,GAAG,GAAG,IAAI,8BAA8B,CAC5C,IAAI,EACJ,cAAc,EACd,mBAAmB,EACnB,gBAAgB,EAChB,YAAY,EACZ,UAAU,EACV,aAAa,CACd,CAAA;YACD,MAAM,GAAG,CAAC,sBAAsB,EAAE,CAAA;YAClC,OAAO,GAAG,CAAA;QACZ,CAAC;aAAM,CAAC;YACN,OAAO,IAAI,kCAAkC,CAC3C,IAAI,EACJ,cAAc,EACd,mBAAmB,EACnB,gBAAgB,EAChB,YAAY,EACZ,UAAU,EACV,aAAa,EACb,kBAAkB,CACnB,CAAA;QACH,CAAC;IACH,CAAC;CAAA;AA+GD,MAAe,2BAA2B;IACxC,YACW,IAA6B,EACnB,cAAyC,EACzC,mBAA6C,EAC7C,gBAAkC,EAClC,YAA8B,EAC9B,UAA4B,EAC9B,aAAsB;QAN9B,SAAI,GAAJ,IAAI,CAAyB;QACnB,mBAAc,GAAd,cAAc,CAA2B;QACzC,wBAAmB,GAAnB,mBAAmB,CAA0B;QAC7C,qBAAgB,GAAhB,gBAAgB,CAAkB;QAClC,iBAAY,GAAZ,YAAY,CAAkB;QAC9B,eAAU,GAAV,UAAU,CAAkB;QAC9B,kBAAa,GAAb,aAAa,CAAS;IACtC,CAAC;IAEY,WAAW,CAAC,IAAkB;;YAS5C,MAAM,cAAc,GAAG,IAAI,CAAC,cAAc,CAAC,iBAAiB,EAAE,CAAA;YAC9D,MAAM,cAAc,GAAG,MAAM,CAAC,WAAW,CACvC,IAAI,CAAC,cAAc,CAAC,mBAAmB,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,EAAuB,EAAE,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAC9G,CAAA;YACD,MAAM,oBAAoB,GAAG,CAAC,MAAM,IAAI,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC,IAAI,CAAC,EAAE,cAAc,CAAC,CAAC,CAAC,qBAAqB,CAAC,CAAC,CAAC,CAAA;YACtH,IAAI,CAAC,oBAAoB;gBAAE,OAAO,SAAS,CAAA;YAC3C,MAAM,4BAA4B,GAAG,CAAC,MAAM,IAAI,CAAC,IAAI,CAAC,6BAA6B,CAAC,CAAC,IAAI,CAAC,EAAE,cAAc,CAAC,CAAC,CAAC,qBAAqB,CAAC,CAAC,CAAC,CAAA;YACrI,IAAI,CAAC,4BAA4B;gBAC/B,MAAM,IAAI,KAAK,CAAC,kFAAkF,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;YAC3H,MAAM,2BAA2B,GAAG,CAAC,MAAM,IAAI,CAAC,IAAI,CAAC,6BAA6B,CAAC,CAAC,IAAI,CAAC,EAAE,cAAc,CAAC,CAAC,CAAC,qBAAqB,CAAC,CAAC,CAAC,CAAA;YACpI,IAAI,CAAC,2BAA2B;gBAC9B,MAAM,IAAI,KAAK,CAAC,iFAAiF,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;YAC1H,OAAO;gBACL,mBAAmB,EAAE,4BAA4B;gBACjD,WAAW,EAAE,oBAAoB;gBACjC,kBAAkB,EAAE,2BAA2B;gBAC/C,QAAQ,EAAE,MAAM,IAAI,CAAC,IAAI,CAAC,kBAAkB,CAC1C;oBACE,YAAY,EAAE,IAAI;oBAClB,4BAA4B;oBAC5B,oBAAoB;oBACpB,2BAA2B;iBAC5B,EACD,cAAc,EACd,IAAI,CACL;aACF,CAAA;QACH,CAAC;KAAA;IAEe,qBAAqB,CACnC,UAAkB,EAClB,OAIC;;YAED,IAAI,OAAO,CAAC,mBAAmB,IAAI,OAAO,CAAC,oBAAoB;gBAC7D,MAAM,IAAI,KAAK,CAAC,sFAAsF,CAAC,CAAA;YACzG,MAAM,cAAc,GAAgC,EAAE,CAAA;YACtD,MAAM,gBAAgB,GAAG,IAAI,CAAC,cAAc,CAAC,mBAAmB,EAAE,CAAA;YAClE,IAAI,gBAAgB,CAAC,MAAM,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,oBAAoB;gBAC/D,MAAM,IAAI,KAAK,CAAC,oFAAoF,CAAC,CAAA;YACvG,gBAAgB,CAAC,OAAO,CAAC,CAAC,EAAE,WAAW,EAAE,IAAI,EAAE,EAAE,EAAE;gBACjD,cAAc,CAAC,WAAW,CAAC,GAAG,IAAI,CAAC,SAAS,CAAA;YAC9C,CAAC,CAAC,CAAA;YACF,IAAI,UAAU,IAAI,CAAC,MAAM,IAAI,CAAC,YAAY,CAAC,qBAAqB,EAAE,CAAC,EAAE,CAAC;gBACpE,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,kBAAkB,CAAC,UAAU,CAAC,CAAA;gBACvE,MAAM,oBAAoB,GAAG,IAAA,iCAAyB,EAAC,QAAQ,CAAC,IAAI,CAAC,CAAA;gBACrE,MAAM,kBAAkB,GAAG,IAAA,+BAAuB,EAAC,QAAQ,CAAC,IAAI,CAAC,CAAA;gBACjE,IAAI,uBAAiC,CAAA;gBACrC,IAAI,CAAC,oBAAoB,CAAC,IAAI,IAAI,CAAC,kBAAkB,CAAC,IAAI,EAAE,CAAC;oBAC3D,IAAI,CAAC,OAAO,CAAC,mBAAmB;wBAC9B,MAAM,IAAI,KAAK,CAAC,qCAAqC,UAAU,+CAA+C,CAAC,CAAA;oBACjH,uBAAuB,GAAG,EAAE,CAAA;gBAC9B,CAAC;qBAAM,IAAI,IAAI,CAAC,aAAa,IAAI,CAAC,MAAM,IAAI,CAAC,YAAY,CAAC,+BAA+B,EAAE,CAAC,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;oBAClH,uBAAuB,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,wBAAwB,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAA;gBAC7F,CAAC;qBAAM,CAAC;oBACN,uBAAuB,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,wBAAwB,CAC5E,QAAQ,EACR,CAAC,GAAG,KAAK,CAAC,IAAI,CAAC,oBAAoB,CAAC,EAAE,GAAG,KAAK,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC,EACxE,IAAI,CAAC,UAAU,CAChB,CAAA;gBACH,CAAC;gBACD,IAAI,CAAC,uBAAuB,CAAC,MAAM,IAAI,CAAC,OAAO,CAAC,mBAAmB;oBACjE,MAAM,IAAI,KAAK,CAAC,qCAAqC,UAAU,uDAAuD,CAAC,CAAA;gBACzH,KAAK,MAAM,WAAW,IAAI,uBAAuB,EAAE,CAAC;oBAClD,IAAI,kBAAkB,CAAC,GAAG,CAAC,WAAW,CAAC,EAAE,CAAC;wBACxC,cAAc,CAAC,IAAA,qBAAa,EAAC,WAAW,CAAC,CAAC,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,SAAS,CAC9E,MAAM,EACN,IAAA,aAAK,EAAC,IAAA,cAAM,EAAC,WAAW,CAAC,CAAC,EAC1B,CAAC,SAAS,CAAC,EACX,gBAAU,CAAC,IAAI,CAChB,CAAA;oBACH,CAAC;yBAAM,IAAI,oBAAoB,CAAC,GAAG,CAAC,WAAW,CAAC,EAAE,CAAC;wBACjD,cAAc,CAAC,IAAA,qBAAa,EAAC,WAAW,CAAC,CAAC,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,SAAS,CAC9E,MAAM,EACN,IAAA,aAAK,EAAC,IAAA,cAAM,EAAC,WAAW,CAAC,CAAC,EAC1B,CAAC,SAAS,CAAC,EACX,gBAAU,CAAC,MAAM,CAClB,CAAA;oBACH,CAAC;;wBAAM,MAAM,IAAI,KAAK,CAAC,qFAAqF,CAAC,CAAA;gBAC/G,CAAC;YACH,CAAC;YACD,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,kBAAkB,CAChD,UAAU,EACV,MAAM,CAAC,WAAW,CAAC,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAuB,EAAE,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,EACxG,cAAc,EACd,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,EAAE,EAAE,OAAO,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC,EAAE,CACnD,CAAA;YACD,OAAO;gBACL,YAAY,EAAE,OAAO,CAAC,YAAY;gBAClC,mBAAmB,EAAE,OAAO,CAAC,mBAAmB;gBAChD,WAAW,EAAE,OAAO,CAAC,WAAW;gBAChC,kBAAkB,EAAE,OAAO,CAAC,kBAAkB;aAC/C,CAAA;QACH,CAAC;KAAA;IAEK,gBAAgB,CAAC,cAAsB,EAAE,qBAA6B;;YAC1E,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,qBAAqB,EAAE,CAAA;YAC5D,MAAM,QAAQ,GAAG,IAAA,qBAAa,EAAC,qBAAqB,CAAC,CAAA;YACrD,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,kBAAkB,CAAC,cAAc,CAAC,CAAA;YACxE,MAAM,iBAAiB,GAAG,IAAA,2BAAmB,EAAC,KAAK,CAAC,IAAI,EAAE,qBAAqB,CAAC,CAAA;YAChF,IAAI,CAAC,iBAAiB;gBAAE,MAAM,IAAI,KAAK,CAAC,uCAAuC,cAAc,EAAE,CAAC,CAAA;YAChG,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,SAAS,CAAC,MAAM,EAAE,IAAA,aAAK,EAAC,IAAA,cAAM,EAAC,qBAAqB,CAAC,CAAC,EAAE,CAAC,SAAS,CAAC,EAAE,iBAAiB,CAAC,CAAA;YACxI,MAAM,cAAc,GAAG,IAAI,CAAC,cAAc,CAAC,iBAAiB,EAAE,CAAA;YAC9D,MAAM,uBAAuB,GAC3B,IAAI,IAAI,cAAc;gBACpB,CAAC,CAAC,MAAM,IAAI,CAAC,IAAI,CAAC,sCAAsC,CAAC,IAAI,EAAE,IAAI,CAAC;gBACpE,CAAC,CAAC;oBACE,GAAG,CAAC,MAAM,IAAI,CAAC,IAAI,CAAC,sCAAsC,CAAC,IAAI,EAAE,cAAc,CAAC,CAAC;oBACjF,GAAG,CAAC,MAAM,IAAI,CAAC,IAAI,CAAC,sCAAsC,CAAC,cAAc,EAAE,IAAI,CAAC,CAAC;iBAClF,CAAA;YACP,KAAK,MAAM,YAAY,IAAI,uBAAuB,EAAE,CAAC;gBACnD,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,WAAW,CAAC,CAAC,IAAI,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,IAAI,QAAQ,CAAC,EAAE,CAAC;oBACxE,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,qBAAqB,CAAC,YAAY,EAAE,cAAc,EAAE,EAAE,CAAC,QAAQ,CAAC,EAAE,cAAc,EAAE,CAAC,CAAA;oBACnH,IAAI,CAAC,OAAO,EAAE,CAAC;wBACb,OAAO,CAAC,IAAI,CAAC,gDAAgD,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC,EAAE,CAAC,CAAA;oBAC9F,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;KAAA;IAED,sBAAsB;QACpB,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAA;IAClD,CAAC;IAED,2BAA2B,CACzB,UAAkB,EAClB,OAGC;QAED,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAA;IAClD,CAAC;IAED,6CAA6C,CAC3C,MAAgB;QAEhB,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAA;IAClD,CAAC;IAED,yBAAyB,CACvB,GAAa,EACb,mBAA4B;QAQ5B,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAA;IAClD,CAAC;IAED,yBAAyB,CAAC,UAAwC;QAChE,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAA;IAClD,CAAC;IAED,oBAAoB,CAAC,UAAwC;QAC3D,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAA;IAClD,CAAC;IAEK,2BAA2B,CAC/B,mBAMG,EACH,oBAA6B;;YAE7B,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,qBAAqB,EAAE,CAAA;YAC5D,MAAM,qBAAqB,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,oBAAoB,CAAC,mBAAmB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAA;YACpH,IAAI,qBAAqB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,IAAI,IAAI,IAAI,CAAC,CAAC,QAAQ,IAAI,IAAI,CAAC;gBAC9E,MAAM,IAAI,KAAK,CAAC,2DAA2D,CAAC,CAAA;YAC9E,MAAM,gBAAgB,GAAmC,EAAE,CAAA;YAC3D,qBAAqB,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,gBAAgB,CAAC,CAAC,CAAC,EAAG,CAAC,GAAG,CAAC,CAAC,CAAC,CAAA;YACnE,IAAI,oBAAoB,EAAE,CAAC;gBACzB,MAAM,gBAAgB,GAAG,IAAI,CAAC,cAAc,CAAC,mBAAmB,EAAE,CAAA;gBAClE,IAAI,gBAAgB,CAAC,MAAM,IAAI,CAAC;oBAAE,MAAM,IAAI,KAAK,CAAC,0EAA0E,CAAC,CAAA;gBAC7H,MAAM,cAAc,GAAgC,EAAE,CAAA;gBACtD,gBAAgB,CAAC,OAAO,CAAC,CAAC,EAAE,WAAW,EAAE,IAAI,EAAE,EAAE,EAAE;oBACjD,cAAc,CAAC,WAAW,CAAC,GAAG,IAAI,CAAC,SAAS,CAAA;gBAC9C,CAAC,CAAC,CAAA;gBACF,MAAM,aAAa,GAAG,MAAM,CAAC,WAAW,CAAC,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAuB,EAAE,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,CAAA;gBAC9H,KAAK,MAAM,OAAO,IAAI,mBAAmB,EAAE,CAAC;oBAC1C,MAAM,YAAY,GAAG,gBAAgB,CAAC,OAAO,CAAC,cAAc,CAAC,CAAA;oBAC7D,IAAI,YAAY,IAAI,IAAI;wBACtB,MAAM,IAAI,CAAC,IAAI,CAAC,yCAAyC,CAAC;4BACxD,YAAY;4BACZ,iBAAiB,EAAE,cAAc;4BACjC,yBAAyB,EAAE,YAAY,CAAC,SAAS,IAAI,IAAI,IAAI,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,EAAE;4BAClG,cAAc,EAAE,OAAO,CAAC,WAAW;4BACnC,sBAAsB,EAAE,OAAO,CAAC,mBAAmB;4BACnD,qBAAqB,EAAE,OAAO,CAAC,kBAAkB;yBAClD,CAAC,CAAA;gBACN,CAAC;YACH,CAAC;YACD,MAAM,eAAe,GAMf,EAAE,CAAA;YACR,KAAK,MAAM,OAAO,IAAI,mBAAmB,EAAE,CAAC;gBAC1C,MAAM,YAAY,GAAG,gBAAgB,CAAC,OAAO,CAAC,cAAc,CAAC,CAAA;gBAC7D,IAAI,YAAY,IAAI,SAAS;oBAC3B,eAAe,CAAC,IAAI,CAAC;wBACnB,YAAY,EAAE,YAAY;wBAC1B,mBAAmB,EAAE,MAAM,IAAI,CAAC,IAAI,CAAC,yBAAyB,CAAC,OAAO,CAAC,mBAAmB,CAAC;wBAC3F,WAAW,EAAE,MAAM,IAAI,CAAC,IAAI,CAAC,iBAAiB,CAAC,OAAO,CAAC,WAAW,CAAC;wBACnE,kBAAkB,EAAE,MAAM,IAAI,CAAC,IAAI,CAAC,wBAAwB,CAAC,OAAO,CAAC,kBAAkB,CAAC;wBACxF,QAAQ,EAAE,OAAO,CAAC,QAAQ;qBAC3B,CAAC,CAAA;YACN,CAAC;YACD,MAAM,IAAI,CAAC,yBAAyB,CAAC,eAAe,CAAC,CAAA;QACvD,CAAC;KAAA;CAWF;AAED,MAAM,8BAA+B,SAAQ,2BAA2B;IAAxE;;QACU,WAAM,GAKT,OAAO,CAAC,OAAO,CAAC,EAAE,QAAQ,EAAE,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,kCAAkC,EAAE,EAAE,EAAE,kCAAkC,EAAE,EAAE,EAAE,CAAC,CAAA;QAC5H,4BAAuB,GAAG,IAAI,mBAAK,EAAE,CAAA;IAuM/C,CAAC;IArMO,sBAAsB;;YAC1B,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC,iBAAiB,EAAE,CAAA;YACtC,MAAM,IAAI,CAAC,MAAM,CAAA;QACnB,CAAC;KAAA;IAEK,6CAA6C,CACjD,MAAgB;;YAEhB,SAAS,0BAA0B,CAAC,MAInC;gBACC,OAAO,MAAM,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE;oBACjC,MAAM,EAAE,GAAG,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAA;oBAChC,IAAI,EAAE,EAAE,CAAC;wBACP,MAAM,MAAM,GAAG,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAA;wBAClC,IAAI,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,SAAS,EAAE,CAAC;4BACtB,GAAG,CAAC,IAAI,CAAC,GAAG;gCACV,YAAY,EAAE,MAAM,CAAC,YAAY;gCACjC,WAAW,EAAE,MAAM,CAAC,SAAS,CAAC,WAAW;gCACzC,mBAAmB,EAAE,MAAM,CAAC,SAAS,CAAC,mBAAmB;6BAC1D,CAAA;wBACH,CAAC;oBACH,CAAC;oBACD,OAAO,GAAG,CAAA;gBACZ,CAAC,EAAE,EAA6G,CAAC,CAAA;YACnH,CAAC;YAED,OAAO,0BAA0B,CAAC,MAAM,IAAI,CAAC,MAAM,CAAC,CAAA;QACtD,CAAC;KAAA;IAEa,yBAAyB,CACrC,UAAkB;;YAElB,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAA;YAChC,MAAM,MAAM,GAAG,MAAM,CAAC,kCAAkC,CAAC,UAAU,CAAC,CAAA;YACpE,MAAM,MAAM,GAAG,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,SAAS,CAAA;YAC3D,IAAI,MAAM,KAAI,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,SAAS,CAAA,EAAE,CAAC;gBAChC,OAAO;oBACL,YAAY,EAAE,MAAM,CAAC,YAAY;oBACjC,mBAAmB,EAAE,MAAM,CAAC,SAAS,CAAC,mBAAmB;oBACzD,WAAW,EAAE,MAAM,CAAC,SAAS,CAAC,WAAW;oBACzC,kBAAkB,EAAE,MAAM,CAAC,SAAS,CAAC,kBAAkB;iBACxD,CAAA;YACH,CAAC;iBAAM,CAAC;gBACN,OAAO,SAAS,CAAA;YAClB,CAAC;QACH,CAAC;KAAA;IAEK,2BAA2B,CAC/B,UAAkB,EAClB,OAGC;;;YAED,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,yBAAyB,CAAC,UAAU,CAAC,CAAA;YACtE,IAAI,aAAa;gBAAE,OAAO,aAAa,CAAA;YACvC,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,uBAAuB,CAAC,OAAO,EAAE,CAAA;YAC5D,IAAI,CAAC;gBACH,MAAM,gBAAgB,GAAG,MAAM,IAAI,CAAC,yBAAyB,CAAC,UAAU,CAAC,CAAA;gBACzE,IAAI,gBAAgB;oBAAE,OAAO,gBAAgB,CAAA;gBAC7C,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,qBAAqB,CAAC,UAAU,EAAE;oBAC3D,mBAAmB,EAAE,MAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,+BAA+B,mCAAI,KAAK;oBACtE,oBAAoB,EAAE,MAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,gCAAgC,mCAAI,KAAK;iBACzE,CAAC,CAAA;gBACF,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,YAAY,EAAE,IAAI,EAAE;oBACzC,mBAAmB,EAAE,OAAO,CAAC,mBAAmB;oBAChD,WAAW,EAAE,OAAO,CAAC,WAAW;oBAChC,kBAAkB,EAAE,OAAO,CAAC,kBAAkB;oBAC9C,QAAQ,EAAE,IAAI;iBACf,CAAC,CAAA;gBACF,OAAO,OAAO,CAAA;YAChB,CAAC;oBAAS,CAAC;gBACT,OAAO,EAAE,CAAA;YACX,CAAC;QACH,CAAC;KAAA;IAEK,yBAAyB,CAC7B,GAAa,EACb,mBAA4B;;;YAQ5B,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAA;YAChC,MAAM,GAAG,GAML,EAAE,CAAA;YACN,KAAK,MAAM,EAAE,IAAI,GAAG,EAAE,CAAC;gBACrB,MAAM,IAAI,GAAG,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAA;gBAChC,IAAI,IAAI,EAAE,CAAC;oBACT,GAAG,CAAC,EAAE,CAAC,GAAG;wBACR,YAAY,EAAE,IAAI,CAAC,YAAY;wBAC/B,WAAW,EAAE,MAAA,IAAI,CAAC,SAAS,0CAAE,WAAW;wBACxC,mBAAmB,EAAE,MAAA,IAAI,CAAC,SAAS,0CAAE,mBAAmB;qBACzD,CAAA;gBACH,CAAC;YACH,CAAC;YACD,OAAO,GAAG,CAAA;QACZ,CAAC;KAAA;IAEO,SAAS,CACf,YAA0B,EAC1B,SAAkB,EAClB,SAAgI;QAEhI,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAO,MAAM,EAAE,EAAE;YAC9C,MAAM,CAAC,QAAQ,CAAC,YAAY,CAAC,EAAG,CAAC,GAAG,EAAE,YAAY,EAAE,SAAS,EAAE,CAAA;YAC/D,IAAI,SAAS,EAAE,CAAC;gBACd,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,0BAA0B,CAAC,SAAS,CAAC,mBAAmB,CAAC,CAAA;gBACvG,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,EAAE;oBACtB,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,YAAY,CAAC,EAAG,CAAA;gBAC1C,CAAC,CAAC,CAAA;gBACF,IAAI,SAAS,CAAC,QAAQ,EAAE,CAAC;oBACvB,MAAM,CAAC,kCAAkC,CAAC,YAAY,CAAC,QAAQ,CAAC,GAAG,YAAY,CAAC,EAAG,CAAA;gBACrF,CAAC;YACH,CAAC;YACD,IAAI,SAAS;gBAAE,MAAM,CAAC,kCAAkC,GAAG,EAAE,CAAA;YAC7D,OAAO,MAAM,CAAA;QACf,CAAC,CAAA,CAAC,CAAA;IACJ,CAAC;IAEa,iBAAiB;;YAM7B,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,8CAA8C,EAAE,CAAA;YAChF,IAAI,CAAC,OAAO;gBAAE,MAAM,IAAI,KAAK,CAAC,8EAA8E,CAAC,CAAA;YAC7G,MAAM,QAAQ,GAAyC,EAAE,CAAA;YACzD,MAAM,QAAQ,GAA+B,EAAE,CAAA;YAC/C,MAAM,kCAAkC,GAAmC,EAAE,CAAA;YAC7E,KAAK,MAAM,QAAQ,IAAI,OAAO,EAAE,CAAC;gBAC/B,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAA;gBACtD,QAAQ,CAAC,QAAQ,CAAC,EAAG,CAAC,GAAG,EAAE,YAAY,EAAE,QAAQ,EAAE,SAAS,EAAE,aAAa,EAAE,CAAA;gBAC7E,IAAI,aAAa,aAAb,aAAa,uBAAb,aAAa,CAAE,QAAQ,EAAE,CAAC;oBAC5B,kCAAkC,CAAC,QAAQ,CAAC,QAAQ,CAAC,GAAG,QAAQ,CAAC,EAAG,CAAA;gBACtE,CAAC;gBACD,IAAI,aAAa,aAAb,aAAa,uBAAb,aAAa,CAAE,mBAAmB,EAAE,CAAC;oBACvC,KAAK,MAAM,CAAC,IAAI,MAAM,IAAI,CAAC,mBAAmB,CAAC,0BAA0B,CAAC,aAAc,CAAC,mBAAmB,CAAC,EAAE,CAAC;wBAC9G,QAAQ,CAAC,CAAC,CAAC,GAAG,QAAQ,CAAC,EAAG,CAAA;oBAC5B,CAAC;gBACH,CAAC;YACH,CAAC;YACD,MAAM,kCAAkC,GAA8D,EAAE,CAAA;YACxG,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,kCAAkC,EAAE,kCAAkC,EAAE,CAAA;QACvG,CAAC;KAAA;IAEK,yBAAyB,CAAC,UAAwC;;YACtE,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAA;YAChC,MAAM,MAAM,GAAG,MAAM,CAAC,kCAAkC,CAAC,UAAU,CAAC,CAAA;YACpE,IAAI,MAAM;gBAAE,OAAO,MAAM,CAAA;YACzB,MAAM,oBAAoB,GAAG,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,mBAAmB,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAA;YAClI,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,2BAA2B,CAAC,oBAAoB,EAAE,UAAU,CAAC,CAAA;YAC7G,MAAM,CAAC,kCAAkC,CAAC,UAAU,CAAC,GAAG,QAAQ,CAAA;YAChE,OAAO,QAAQ,CAAA;QACjB,CAAC;KAAA;IAEK,oBAAoB,CAAC,UAAwC;;YACjE,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAA;YAChC,MAAM,oBAAoB,GAAG,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,mBAAmB,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAA;YAClI,MAAM,GAAG,GAAa,EAAE,CAAA;YACxB,KAAK,MAAM,mBAAmB,IAAI,oBAAoB,EAAE,CAAC;gBACvD,sIAAsI;gBACtI,GAAG,CAAC,IAAI,CAAC,MAAM,IAAI,CAAC,mBAAmB,CAAC,sBAAsB,CAAC,mBAAmB,EAAE,UAAU,CAAC,CAAC,CAAA;YAClG,CAAC;YACD,OAAO,GAAG,CAAA;QACZ,CAAC;KAAA;IAEe,yBAAyB,CACvC,mBAMG;;YAEH,KAAK,MAAM,OAAO,IAAI,mBAAmB,EAAE,CAAC;gBAC1C,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,YAAY,EAAE,IAAI,EAAE;oBACzC,mBAAmB,EAAE,OAAO,CAAC,mBAAmB;oBAChD,WAAW,EAAE,OAAO,CAAC,WAAW;oBAChC,kBAAkB,EAAE,OAAO,CAAC,kBAAkB;oBAC9C,QAAQ,EAAE,OAAO,CAAC,QAAQ;iBAC3B,CAAC,CAAA;YACJ,CAAC;QACH,CAAC;KAAA;CACF;AAED,MAAM,kCAAmC,SAAQ,2BAA2B;IAO1E,YACE,IAA6B,EAC7B,cAAyC,EACzC,mBAA6C,EAC7C,gBAAkC,EAClC,YAA8B,EAC9B,UAA4B,EAC5B,aAAsB,EACtB,kBAEC;;QAED,KAAK,CAAC,IAAI,EAAE,cAAc,EAAE,mBAAmB,EAAE,gBAAgB,EAAE,YAAY,EAAE,UAAU,EAAE,aAAa,CAAC,CAAA;QAlB5F,aAAQ,GAAsE,IAAI,iCAAc,EAAE,CAAA;QAClG,aAAQ,GAAwB,IAAI,GAAG,EAAE,CAAA;QACzC,uCAAkC,GAAwB,IAAI,GAAG,EAAE,CAAA;QAEnE,eAAU,GAAG,IAAI,mBAAK,EAAE,CAAA;QAevC,IAAI,CAAC,qBAAqB,GAAG,MAAA,kBAAkB,CAAC,YAAY,mCAAI,IAAI,CAAA;IACtE,CAAC;IAEK,sBAAsB;;YAC1B,IAAI,CAAC,QAAQ,CAAC,KAAK,EAAE,CAAA;YACrB,IAAI,CAAC,QAAQ,CAAC,KAAK,EAAE,CAAA;YACrB,IAAI,CAAC,kCAAkC,CAAC,KAAK,EAAE,CAAA;QACjD,CAAC;KAAA;IAEK,6CAA6C,CACjD,MAAgB;;YAEhB,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,OAAO,EAAE,CAAA;YAC/C,IAAI,CAAC;gBACH,MAAM,GAAG,GAEL,EAAE,CAAA;gBACN,KAAK,MAAM,IAAI,IAAI,MAAM,EAAE,CAAC;oBAC1B,MAAM,MAAM,GAAG,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,CAAA;oBACtC,IAAI,MAAM,EAAE,CAAC;wBACX,MAAM,SAAS,GAAG,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,MAAM,CAAC,CAAA;wBACjD,IAAI,CAAC,SAAS;4BAAE,MAAM,IAAI,KAAK,CAAC,gBAAgB,MAAM,mCAAmC,CAAC,CAAA;wBAC1F,IAAI,SAAS,CAAC,SAAS,EAAE,CAAC;4BACxB,GAAG,CAAC,IAAI,CAAC,GAAG;gCACV,YAAY,EAAE,SAAS,CAAC,YAAY;gCACpC,WAAW,EAAE,SAAS,CAAC,SAAS,CAAC,WAAW;gCAC5C,mBAAmB,EAAE,SAAS,CAAC,SAAS,CAAC,mBAAmB;6BAC7D,CAAA;wBACH,CAAC;oBACH,CAAC;gBACH,CAAC;gBACD,OAAO,GAAG,CAAA;YACZ,CAAC;oBAAS,CAAC;gBACT,OAAO,EAAE,CAAA;YACX,CAAC;QACH,CAAC;KAAA;IAEK,yBAAyB,CAC7B,GAAa,EACb,mBAA4B;;;YAQ5B,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,OAAO,EAAE,CAAA;YAC/C,IAAI,CAAC;gBACH,MAAM,GAAG,GAML,EAAE,CAAA;gBACN,MAAM,QAAQ,GAAa,EAAE,CAAA;gBAC7B,KAAK,MAAM,EAAE,IAAI,GAAG,EAAE,CAAC;oBACrB,MAAM,MAAM,GAAuD,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC,CAAA;oBAC9F,IAAI,MAAM,EAAE,CAAC;wBACX,GAAG,CAAC,EAAE,CAAC,GAAG;4BACR,WAAW,EAAE,MAAA,MAAM,CAAC,SAAS,0CAAE,WAAW;4BAC1C,mBAAmB,EAAE,MAAA,MAAM,CAAC,SAAS,0CAAE,mBAAmB;4BAC1D,YAAY,EAAE,MAAM,CAAC,YAAY;yBAClC,CAAA;oBACH,CAAC;yBAAM,IAAI,mBAAmB,EAAE,CAAC;wBAC/B,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;oBACnB,CAAC;gBACH,CAAC;gBACD,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBACxB,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,oBAAoB,CAAC,QAAQ,CAAC,CAAA;oBAChE,KAAK,MAAM,IAAI,IAAI,SAAS,EAAE,CAAC;wBAC7B,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,CAAA;wBAC9C,IAAI,SAAS,EAAE,CAAC;4BACd,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,0BAA0B,CAAC,SAAS,CAAC,mBAAmB,CAAC,CAAA;4BACvG,IAAI,CAAC,UAAU,CAAC,EAAE,YAAY,EAAE,IAAI,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC,CAAA;wBAC5D,CAAC;6BAAM,CAAC;4BACN,IAAI,CAAC,UAAU,CAAC,EAAE,YAAY,EAAE,IAAI,EAAE,MAAM,EAAE,EAAE,EAAE,CAAC,CAAA;wBACrD,CAAC;wBACD,GAAG,CAAC,IAAI,CAAC,EAAG,CAAC,GAAG;4BACd,WAAW,EAAE,SAAS,aAAT,SAAS,uBAAT,SAAS,CAAE,WAAW;4BACnC,mBAAmB,EAAE,SAAS,aAAT,SAAS,uBAAT,SAAS,CAAE,mBAAmB;4BACnD,YAAY,EAAE,IAAI;yBACnB,CAAA;oBACH,CAAC;gBACH,CAAC;gBACD,OAAO,GAAG,CAAA;YACZ,CAAC;oBAAS,CAAC;gBACT,OAAO,EAAE,CAAA;YACX,CAAC;QACH,CAAC;KAAA;IAEK,2BAA2B,CAC/B,UAAkB,EAClB,OAGC;;;YAED,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,OAAO,EAAE,CAAA;YAC/C,IAAI,CAAC;gBACH,IAAI,UAAU,GAAG,IAAI,CAAC,kCAAkC,CAAC,GAAG,CAAC,UAAU,CAAC,CAAA;gBACxE,IAAI,CAAC,UAAU,EAAE,CAAC;oBAChB,MAAM,IAAI,CAAC,uBAAuB,CAAC,UAAU,CAAC,CAAA;oBAC9C,UAAU,GAAG,IAAI,CAAC,kCAAkC,CAAC,GAAG,CAAC,UAAU,CAAC,CAAA;gBACtE,CAAC;gBACD,IAAI,UAAU,EAAE,CAAC;oBACf,MAAM,MAAM,GAAG,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,UAAU,CAAC,CAAA;oBAClD,IAAI,CAAC,MAAM;wBAAE,MAAM,IAAI,KAAK,CAAC,+BAA+B,UAAU,4BAA4B,CAAC,CAAA;oBACnG,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;wBACrB,OAAO;4BACL,YAAY,EAAE,MAAM,CAAC,YAAY;4BACjC,WAAW,EAAE,MAAM,CAAC,SAAS,CAAC,WAAW;4BACzC,mBAAmB,EAAE,MAAM,CAAC,SAAS,CAAC,mBAAmB;4BACzD,kBAAkB,EAAE,MAAM,CAAC,SAAS,CAAC,kBAAkB;yBACxD,CAAA;oBACH,CAAC;;wBAAM,MAAM,IAAI,KAAK,CAAC,0DAA0D,CAAC,CAAA;gBACpF,CAAC;qBAAM,CAAC;oBACN,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,qBAAqB,CAAC,UAAU,EAAE;wBAC3D,mBAAmB,EAAE,MAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,+BAA+B,mCAAI,KAAK;wBACtE,oBAAoB,EAAE,MAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,gCAAgC,mCAAI,KAAK;qBACzE,CAAC,CAAA;oBACF,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,0BAA0B,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAA;oBACrG,MAAM,IAAI,GAAG;wBACX,YAAY,EAAE,OAAO,CAAC,YAAY;wBAClC,SAAS,EAAE;4BACT,mBAAmB,EAAE,OAAO,CAAC,mBAAmB;4BAChD,WAAW,EAAE,OAAO,CAAC,WAAW;4BAChC,kBAAkB,EAAE,OAAO,CAAC,kBAAkB;4BAC9C,QAAQ,EAAE,IAAI;yBACf;wBACD,MAAM;qBACP,CAAA;oBACD,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,CAAA;oBACrB,OAAO;wBACL,YAAY,EAAE,IAAI,CAAC,YAAY;wBAC/B,WAAW,EAAE,IAAI,CAAC,SAAS,CAAC,WAAW;wBACvC,mBAAmB,EAAE,IAAI,CAAC,SAAS,CAAC,mBAAmB;wBACvD,kBAAkB,EAAE,IAAI,CAAC,SAAS,CAAC,kBAAkB;qBACtD,CAAA;gBACH,CAAC;YACH,CAAC;oBAAS,CAAC;gBACT,OAAO,EAAE,CAAA;YACX,CAAC;QACH,CAAC;KAAA;IAED,iJAAiJ;IACjJ,uEAAuE;IACzD,uBAAuB,CAAC,UAAkB;;YACtD,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,sCAAsC,CAAC,MAAM,IAAI,CAAC,YAAY,CAAC,qBAAqB,EAAE,EAAE,UAAU,CAAC,CAAA;YAC1I,KAAK,MAAM,IAAI,IAAI,cAAc,EAAE,CAAC;gBAClC,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,CAAA;gBAC9C,IAAI,SAAS,EAAE,CAAC;oBACd,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,0BAA0B,CAAC,SAAS,CAAC,mBAAmB,CAAC,CAAA;oBACvG,IAAI,CAAC,UAAU,CAAC,EAAE,YAAY,EAAE,IAAI,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC,CAAA;gBAC5D,CAAC;qBAAM,CAAC;oBACN,IAAI,CAAC,UAAU,CAAC,EAAE,YAAY,EAAE,IAAI,EAAE,MAAM,EAAE,EAAE,EAAE,CAAC,CAAA;gBACrD,CAAC;YACH,CAAC;QACH,CAAC;KAAA;IAEO,UAAU,CAAC,IAA+C;;QAChE,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,IAAI,IAAI,CAAC,qBAAqB,EAAE,CAAC;YACrD,IAAI,CAAC,aAAa,EAAE,CAAA;QACtB,CAAC;QACD,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,EAAE,IAAI,CAAC,YAAY,CAAC,EAAG,CAAC,CAAC,CAAA;QAC7E,IAAI,CAAA,MAAA,IAAI,CAAC,SAAS,0CAAE,QAAQ,KAAI,CAAC,IAAI,CAAC,kCAAkC,CAAC,GAAG,CAAC,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,EAAE,CAAC;YACzG,IAAI,CAAC,kCAAkC,CAAC,GAAG,CAAC,IAAI,CAAC,YAAY,CAAC,QAAQ,EAAE,IAAI,CAAC,YAAY,CAAC,EAAG,CAAC,CAAA;QAChG,CAAC;QACD,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,YAAY,CAAC,EAAG,EAAE,IAAI,CAAC,CAAA;IAChD,CAAC;IAEO,aAAa;QACnB,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,CAAC,sBAAsB,EAAE,CAAA;QACtD,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAA;QAC5D,IAAI,IAAI,CAAC,kCAAkC,CAAC,GAAG,CAAC,OAAO,CAAC,YAAY,CAAC,QAAQ,CAAC,KAAK,OAAO,CAAC,YAAY,CAAC,EAAE,EAAE,CAAC;YAC3G,IAAI,CAAC,kCAAkC,CAAC,MAAM,CAAC,OAAO,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAA;QAC/E,CAAC;IACH,CAAC;IAED,yBAAyB;QACvB,OAAO,OAAO,CAAC,OAAO,CAAC,SAAS,CAAC,CAAA;IACnC,CAAC;IAED,oBAAoB;QAClB,OAAO,OAAO,CAAC,OAAO,CAAC,SAAS,CAAC,CAAA;IACnC,CAAC;IAEe,yBAAyB,CACvC,mBAMG;;YAEH,KAAK,MAAM,OAAO,IAAI,mBAAmB,EAAE,CAAC;gBAC1C,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,0BAA0B,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAA;gBACrG,MAAM,IAAI,GAAG;oBACX,YAAY,EAAE,OAAO,CAAC,YAAY;oBAClC,SAAS,EAAE;wBACT,mBAAmB,EAAE,OAAO,CAAC,mBAAmB;wBAChD,WAAW,EAAE,OAAO,CAAC,WAAW;wBAChC,kBAAkB,EAAE,OAAO,CAAC,kBAAkB;wBAC9C,QAAQ,EAAE,OAAO,CAAC,QAAQ;qBAC3B;oBACD,MAAM;iBACP,CAAA;gBACD,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,CAAA;YACvB,CAAC;QACH,CAAC;KAAA;CACF","sourcesContent":["import { ExchangeData } from '../../icc-api/model/internal/ExchangeData'\nimport { IccDataOwnerXApi } from '../icc-data-owner-x-api'\nimport { BaseExchangeDataManager } from './BaseExchangeDataManager'\nimport { UserEncryptionKeysManager } from './UserEncryptionKeysManager'\nimport { AccessControlSecretUtils } from './AccessControlSecretUtils'\nimport { CryptoStrategies } from './CryptoStrategies'\nimport { fingerprintV1, getShaVersionForKey, hexPublicKeysWithSha1Of, hexPublicKeysWithSha256Of } from './utils'\nimport { CryptoPrimitives } from './CryptoPrimitives'\nimport { EntityWithDelegationTypeName, hex2ua, ua2ab } from '../utils'\nimport { CryptoActorStubWithType } from '../../icc-api/model/CryptoActorStub'\nimport { ShaVersion } from './RSA'\nimport { Mutex } from 'async-mutex'\nimport { SimpleLruCache } from '../utils/simple-lru-cache'\n\nexport type ExchangeDataManagerOptionalParameters = {\n // Only for not fully cached implementation (data owner can't request all his exchange data), amount of exchange data which can be cached\n lruCacheSize?: number // default = 2000\n}\n\n/**\n * @internal this function is for internal use only and may be changed without notice.\n * Initialises and returns the exchange data manager which is most appropriate for the current data owner.\n */\nexport async function initialiseExchangeDataManagerForCurrentDataOwner(\n base: BaseExchangeDataManager,\n encryptionKeys: UserEncryptionKeysManager,\n accessControlSecret: AccessControlSecretUtils,\n cryptoStrategies: CryptoStrategies,\n dataOwnerApi: IccDataOwnerXApi,\n primitives: CryptoPrimitives,\n useParentKeys: boolean,\n optionalParameters: ExchangeDataManagerOptionalParameters = {}\n): Promise<ExchangeDataManager> {\n const currentOwner = CryptoActorStubWithType.fromDataOwner(await dataOwnerApi.getCurrentDataOwner())\n if (cryptoStrategies.dataOwnerRequiresAnonymousDelegation(currentOwner)) {\n const res = new FullyCachedExchangeDataManager(\n base,\n encryptionKeys,\n accessControlSecret,\n cryptoStrategies,\n dataOwnerApi,\n primitives,\n useParentKeys\n )\n await res.clearOrRepopulateCache()\n return res\n } else {\n return new LimitedLruCacheExchangeDataManager(\n base,\n encryptionKeys,\n accessControlSecret,\n cryptoStrategies,\n dataOwnerApi,\n primitives,\n useParentKeys,\n optionalParameters\n )\n }\n}\n\ntype CachedExchangeData = {\n exchangeData: ExchangeData\n decrypted?: {\n accessControlSecret: string\n exchangeKey: CryptoKey\n verified: boolean\n sharedSignatureKey: CryptoKey\n }\n}\n\n/**\n * @internal this class is intended for internal use only and may be changed without notice.\n * Exchange data manager which automatically handles decryption and cache\n */\nexport interface ExchangeDataManager {\n readonly base: BaseExchangeDataManager\n\n /**\n * Updates all exchange data between the current data owner and another data owner to allow the other data owner to access existing exchange data\n * using a new public key. Note that this will make existing exchange keys from the other data owner to the current data owner unverified, therefore\n * invalid for encryption.\n * @param otherDataOwner the other data owner.\n * @param newDataOwnerPublicKey a new public key of the other data owner.\n */\n giveAccessBackTo(otherDataOwner: string, newDataOwnerPublicKey: string): Promise<void>\n\n /**\n * Gets any existing and verified exchange data from the current data owner to the provided delegate or creates new data if no verified data is\n * available, then caches it.\n * @param delegateId the id of the delegate.\n * @param options\n * - allowCreationWithoutDelegatorKey if true, when creating new exchange data, even if no verified key is available for the delegator the method\n * will create the new exchange data anyway (will not be usable by the delegate without additional steps).\n * - allowCreationWithoutDelegateKey if true, when creating new exchange data, even if no verified key is available for the delegate the method\n * will create the new exchange data anyway (will not be usable by the delegate without additional steps).\n * @return the access control secret and key of the data to use for encryption.\n */\n getOrCreateEncryptionDataTo(\n delegateId: string,\n options?: {\n allowCreationWithoutDelegatorKey?: boolean\n allowCreationWithoutDelegateKey?: boolean\n }\n ): Promise<{ exchangeData: ExchangeData; accessControlSecret: string; exchangeKey: CryptoKey; sharedSignatureKey: CryptoKey }>\n\n /**\n * Retrieve the cached decrypted exchange data key associated with any of the provided hashes/entry keys of secure delegations.\n * @param hashes hashes of access control secrets for a specific entity, as they appear in the key of secure delegation entries\n * @return the exchange data and decrypted key associated to that hash if cached\n */\n getCachedDecryptionDataKeyByAccessControlHash(\n hashes: string[]\n ): Promise<{ [hash: string]: { exchangeData: ExchangeData; accessControlSecret: string; exchangeKey: CryptoKey } }>\n\n /**\n * Retrieves the exchange data with the provided id (from the cache if available or from the server otherwise if allowed by\n * and attempts to decrypt it, then caches the result.\n * @param ids ids of the exchange datas to retrieve\n * @param retrieveIfNotCached if false only cached data will be returned, and the access control hases options will be\n * ignored\n * @return a map containing the exchange data id associated with:\n * - exchangeData: the exchange data with the provided id\n * - exchangeKey: the exchange key corresponding to the provided exchange data if it could be decrypted, else undefined\n * - accessControlSecret: the access control secret corresponding to the provided exchange data if it could be decrypted, else undefined\n */\n getDecryptionDataKeyByIds(\n ids: string[],\n retrieveIfNotCached: boolean\n ): Promise<{ [id: string]: { exchangeKey: CryptoKey | undefined; accessControlSecret: string | undefined; exchangeData: ExchangeData } }>\n\n /**\n * Clears the cache or fully repopulates the cache if the current data owner can retrieve all of his exchange data according to the crypto\n * strategies.\n */\n clearOrRepopulateCache(): Promise<void>\n\n /**\n * If the current data owner requires anonymous delegations this returns the base64 representation of the concatenation of all available access\n * control keys for the current data owner.\n */\n getAccessControlKeysValue(entityType: EntityWithDelegationTypeName): Promise<string | undefined>\n\n /**\n * If the current data owner requires anonymous delegations this returns the access control keys which may be used in secure delegations for the\n * data owner, which can be used to search for data.\n */\n getAllDelegationKeys(entityType: EntityWithDelegationTypeName): Promise<string[] | undefined>\n\n /**\n * Injects already decrypted exchange data, allowing it to be used by the sdk.\n * @param exchangeDataDetails the exchange data to inject, with the decrypted content and verified status.\n * Note that the SDK won't verify that the provided decrypted content actually matches what is stored in the exchange\n * data.\n * @param reEncryptWithOwnKeys if true all the provided exchange data that is not encrypted with any of the self\n * verified keys of the user will be re-encrypted with them. In case the user is also the delegator and the data is\n * verified the delegator signature will be updated.\n */\n injectDecryptedExchangeData(\n exchangeDataDetails: {\n exchangeDataId: string\n accessControlSecret: ArrayBuffer\n exchangeKey: ArrayBuffer\n sharedSignatureKey: ArrayBuffer\n verified: boolean\n }[],\n reEncryptWithOwnKeys: boolean\n ): Promise<void>\n}\n\nabstract class AbstractExchangeDataManager implements ExchangeDataManager {\n constructor(\n readonly base: BaseExchangeDataManager,\n protected readonly encryptionKeys: UserEncryptionKeysManager,\n protected readonly accessControlSecret: AccessControlSecretUtils,\n protected readonly cryptoStrategies: CryptoStrategies,\n protected readonly dataOwnerApi: IccDataOwnerXApi,\n protected readonly primitives: CryptoPrimitives,\n private readonly useParentKeys: boolean\n ) {}\n\n protected async decryptData(data: ExchangeData): Promise<\n | {\n accessControlSecret: string\n exchangeKey: CryptoKey\n verified: boolean\n sharedSignatureKey: CryptoKey\n }\n | undefined\n > {\n const decryptionKeys = this.encryptionKeys.getDecryptionKeys()\n const encryptionKeys = Object.fromEntries(\n this.encryptionKeys.getSelfVerifiedKeys().map((x): [string, CryptoKey] => [x.fingerprint, x.pair.privateKey])\n )\n const decryptedExchangeKey = (await this.base.tryDecryptExchangeKeys([data], decryptionKeys)).successfulDecryptions[0]\n if (!decryptedExchangeKey) return undefined\n const decryptedAccessControlSecret = (await this.base.tryDecryptAccessControlSecret([data], decryptionKeys)).successfulDecryptions[0]\n if (!decryptedAccessControlSecret)\n throw new Error(`Decryption key could be decrypted but access control secret could not for data ${JSON.stringify(data)}`)\n const decryptedSharedSignatureKey = (await this.base.tryDecryptSharedSignatureKeys([data], decryptionKeys)).successfulDecryptions[0]\n if (!decryptedSharedSignatureKey)\n throw new Error(`Decryption key could be decrypted but shared signature key could not for data ${JSON.stringify(data)}`)\n return {\n accessControlSecret: decryptedAccessControlSecret,\n exchangeKey: decryptedExchangeKey,\n sharedSignatureKey: decryptedSharedSignatureKey,\n verified: await this.base.verifyExchangeData(\n {\n exchangeData: data,\n decryptedAccessControlSecret,\n decryptedExchangeKey,\n decryptedSharedSignatureKey,\n },\n encryptionKeys,\n true\n ),\n }\n }\n\n protected async createNewExchangeData(\n delegateId: string,\n options: {\n newDataId?: string\n allowNoDelegatorKeys?: boolean\n allowNoDelegateKeys?: boolean\n }\n ): Promise<{ exchangeData: ExchangeData; accessControlSecret: string; exchangeKey: CryptoKey; sharedSignatureKey: CryptoKey }> {\n if (options.allowNoDelegateKeys && options.allowNoDelegatorKeys)\n throw new Error('Illegal arguments: allow no delegator and no delegate keys should never both be true')\n const encryptionKeys: { [fp: string]: CryptoKey } = {}\n const selfVerifiedKeys = this.encryptionKeys.getSelfVerifiedKeys()\n if (selfVerifiedKeys.length <= 0 && !options.allowNoDelegatorKeys)\n throw new Error('If the sdk is initialized in keyless mode you must create exchange data explicitly')\n selfVerifiedKeys.forEach(({ fingerprint, pair }) => {\n encryptionKeys[fingerprint] = pair.publicKey\n })\n if (delegateId != (await this.dataOwnerApi.getCurrentDataOwnerId())) {\n const delegate = await this.dataOwnerApi.getCryptoActorStub(delegateId)\n const sha256KeysOfDelegate = hexPublicKeysWithSha256Of(delegate.stub)\n const sha1KeysOfDelegate = hexPublicKeysWithSha1Of(delegate.stub)\n let allVerifiedDelegateKeys: string[]\n if (!sha256KeysOfDelegate.size && !sha1KeysOfDelegate.size) {\n if (!options.allowNoDelegateKeys)\n throw new Error(`Could not create exchange data to ${delegateId} as no public key for the delegate was found.`)\n allVerifiedDelegateKeys = []\n } else if (this.useParentKeys && (await this.dataOwnerApi.getCurrentDataOwnerHierarchyIds()).includes(delegateId)) {\n allVerifiedDelegateKeys = await this.encryptionKeys.getVerifiedPublicKeysFor(delegate.stub)\n } else {\n allVerifiedDelegateKeys = await this.cryptoStrategies.verifyDelegatePublicKeys(\n delegate,\n [...Array.from(sha256KeysOfDelegate), ...Array.from(sha1KeysOfDelegate)],\n this.primitives\n )\n }\n if (!allVerifiedDelegateKeys.length && !options.allowNoDelegateKeys)\n throw new Error(`Could not create exchange data to ${delegateId} as no public key for the delegate could be verified.`)\n for (const delegateKey of allVerifiedDelegateKeys) {\n if (sha1KeysOfDelegate.has(delegateKey)) {\n encryptionKeys[fingerprintV1(delegateKey)] = await this.primitives.RSA.importKey(\n 'spki',\n ua2ab(hex2ua(delegateKey)),\n ['encrypt'],\n ShaVersion.Sha1\n )\n } else if (sha256KeysOfDelegate.has(delegateKey)) {\n encryptionKeys[fingerprintV1(delegateKey)] = await this.primitives.RSA.importKey(\n 'spki',\n ua2ab(hex2ua(delegateKey)),\n ['encrypt'],\n ShaVersion.Sha256\n )\n } else throw new Error('Illegal state: verified keys should contain only keys for OAPE-SHA1 or OAPE-SHA256.')\n }\n }\n const newData = await this.base.createExchangeData(\n delegateId,\n Object.fromEntries(selfVerifiedKeys.map((x): [string, CryptoKey] => [x.fingerprint, x.pair.privateKey])),\n encryptionKeys,\n options.newDataId ? { id: options.newDataId } : {}\n )\n return {\n exchangeData: newData.exchangeData,\n accessControlSecret: newData.accessControlSecret,\n exchangeKey: newData.exchangeKey,\n sharedSignatureKey: newData.sharedSignatureKey,\n }\n }\n\n async giveAccessBackTo(otherDataOwner: string, newDataOwnerPublicKey: string) {\n const self = await this.dataOwnerApi.getCurrentDataOwnerId()\n const newKeyFp = fingerprintV1(newDataOwnerPublicKey)\n const other = await this.dataOwnerApi.getCryptoActorStub(otherDataOwner)\n const newKeyHashVersion = getShaVersionForKey(other.stub, newDataOwnerPublicKey)\n if (!newKeyHashVersion) throw new Error(`Public key not found for data owner ${otherDataOwner}`)\n const importedNewKey = await this.primitives.RSA.importKey('spki', ua2ab(hex2ua(newDataOwnerPublicKey)), ['encrypt'], newKeyHashVersion)\n const decryptionKeys = this.encryptionKeys.getDecryptionKeys()\n const allExchangeDataToUpdate =\n self == otherDataOwner\n ? await this.base.getExchangeDataByDelegatorDelegatePair(self, self)\n : [\n ...(await this.base.getExchangeDataByDelegatorDelegatePair(self, otherDataOwner)),\n ...(await this.base.getExchangeDataByDelegatorDelegatePair(otherDataOwner, self)),\n ]\n for (const dataToUpdate of allExchangeDataToUpdate) {\n if (!Object.keys(dataToUpdate.exchangeKey).find((fp) => fp == newKeyFp)) {\n const updated = await this.base.tryUpdateExchangeData(dataToUpdate, decryptionKeys, { [newKeyFp]: importedNewKey })\n if (!updated) {\n console.warn(`Failed to give access back to exchanged data ${JSON.stringify(dataToUpdate)}`)\n }\n }\n }\n }\n\n clearOrRepopulateCache(): Promise<void> {\n throw new Error('Implemented by concrete class')\n }\n\n getOrCreateEncryptionDataTo(\n delegateId: string,\n options?: {\n allowCreationWithoutDelegatorKey?: boolean\n allowCreationWithoutDelegateKey?: boolean\n }\n ): Promise<{ exchangeData: ExchangeData; accessControlSecret: string; exchangeKey: CryptoKey; sharedSignatureKey: CryptoKey }> {\n throw new Error('Implemented by concrete class')\n }\n\n getCachedDecryptionDataKeyByAccessControlHash(\n hashes: string[]\n ): Promise<{ [p: string]: { exchangeData: ExchangeData; exchangeKey: CryptoKey; accessControlSecret: string } }> {\n throw new Error('Implemented by concrete class')\n }\n\n getDecryptionDataKeyByIds(\n ids: string[],\n retrieveIfNotCached: boolean\n ): Promise<{\n [p: string]: {\n exchangeKey: CryptoKey | undefined\n accessControlSecret: string | undefined\n exchangeData: ExchangeData\n }\n }> {\n throw new Error('Implemented by concrete class')\n }\n\n getAccessControlKeysValue(entityType: EntityWithDelegationTypeName): Promise<string | undefined> {\n throw new Error('Implemented by concrete class')\n }\n\n getAllDelegationKeys(entityType: EntityWithDelegationTypeName): Promise<string[] | undefined> {\n throw new Error('Implemented by concrete class')\n }\n\n async injectDecryptedExchangeData(\n exchangeDataDetails: {\n exchangeDataId: string\n accessControlSecret: ArrayBuffer\n exchangeKey: ArrayBuffer\n sharedSignatureKey: ArrayBuffer\n verified: boolean\n }[],\n reEncryptWithOwnKeys: boolean\n ): Promise<void> {\n const self = await this.dataOwnerApi.getCurrentDataOwnerId()\n const retrievedExchangeData = await this.base.getExchangeDataByIds(exchangeDataDetails.map((x) => x.exchangeDataId))\n if (retrievedExchangeData.some((x) => x.delegator != self && x.delegate != self))\n throw new Error('Should only inject exchange date from/to the current user')\n const exchangeDataById: { [id: string]: ExchangeData } = {}\n retrievedExchangeData.forEach((x) => (exchangeDataById[x.id!] = x))\n if (reEncryptWithOwnKeys) {\n const selfVerifiedKeys = this.encryptionKeys.getSelfVerifiedKeys()\n if (selfVerifiedKeys.length <= 0) throw new Error(\"Can't re-encrypt injected exchange data with own keys if in keyless mode\")\n const encryptionKeys: { [fp: string]: CryptoKey } = {}\n selfVerifiedKeys.forEach(({ fingerprint, pair }) => {\n encryptionKeys[fingerprint] = pair.publicKey\n })\n const signatureKeys = Object.fromEntries(selfVerifiedKeys.map((x): [string, CryptoKey] => [x.fingerprint, x.pair.privateKey]))\n for (const details of exchangeDataDetails) {\n const exchangeData = exchangeDataById[details.exchangeDataId]\n if (exchangeData != null)\n await this.base.updateExchangeDataWithRawDecryptedContent({\n exchangeData,\n newEncryptionKeys: encryptionKeys,\n newDelegatorSignatureKeys: exchangeData.delegator == self && details.verified ? signatureKeys : {},\n rawExchangeKey: details.exchangeKey,\n rawAccessControlSecret: details.accessControlSecret,\n rawSharedSignatureKey: details.sharedSignatureKey,\n })\n }\n }\n const importedDetails: {\n exchangeData: ExchangeData\n accessControlSecret: string\n exchangeKey: CryptoKey\n sharedSignatureKey: CryptoKey\n verified: boolean\n }[] = []\n for (const details of exchangeDataDetails) {\n const exchangeData = exchangeDataById[details.exchangeDataId]\n if (exchangeData != undefined)\n importedDetails.push({\n exchangeData: exchangeData,\n accessControlSecret: await this.base.importAccessControlSecret(details.accessControlSecret),\n exchangeKey: await this.base.importExchangeKey(details.exchangeKey),\n sharedSignatureKey: await this.base.importSharedSignatureKey(details.sharedSignatureKey),\n verified: details.verified,\n })\n }\n await this.cacheInjectedExchangeData(importedDetails)\n }\n\n protected abstract cacheInjectedExchangeData(\n exchangeDataDetails: {\n exchangeData: ExchangeData\n accessControlSecret: string\n exchangeKey: CryptoKey\n sharedSignatureKey: CryptoKey\n verified: boolean\n }[]\n ): Promise<void>\n}\n\nclass FullyCachedExchangeDataManager extends AbstractExchangeDataManager {\n private caches: Promise<{\n dataById: { [id: string]: CachedExchangeData }\n hashToId: { [hash: string]: string }\n delegateToVerifiedEncryptionDataId: { [delegate: string]: string }\n entityTypeToAccessControlKeysValue: { [entityType in EntityWithDelegationTypeName]?: string }\n }> = Promise.resolve({ dataById: {}, hashToId: {}, delegateToVerifiedEncryptionDataId: {}, entityTypeToAccessControlKeysValue: {} })\n private createExchangeDataMutex = new Mutex()\n\n async clearOrRepopulateCache(): Promise<void> {\n this.caches = this.doRepopulateCache()\n await this.caches\n }\n\n async getCachedDecryptionDataKeyByAccessControlHash(\n hashes: string[]\n ): Promise<{ [hash: string]: { exchangeData: ExchangeData; exchangeKey: CryptoKey; accessControlSecret: string } }> {\n function retrieveByHashesFromCaches(caches: {\n dataById: { [id: string]: CachedExchangeData }\n hashToId: { [hash: string]: string }\n delegateToVerifiedEncryptionDataId: { [delegate: string]: string }\n }): { [hash: string]: { exchangeData: ExchangeData; exchangeKey: CryptoKey; accessControlSecret: string } } {\n return hashes.reduce((res, hash) => {\n const id = caches.hashToId[hash]\n if (id) {\n const cached = caches.dataById[id]\n if (cached?.decrypted) {\n res[hash] = {\n exchangeData: cached.exchangeData,\n exchangeKey: cached.decrypted.exchangeKey,\n accessControlSecret: cached.decrypted.accessControlSecret,\n }\n }\n }\n return res\n }, {} as { [hash: string]: { exchangeData: ExchangeData; exchangeKey: CryptoKey; accessControlSecret: string } })\n }\n\n return retrieveByHashesFromCaches(await this.caches)\n }\n\n private async getCachedEncryptionDataTo(\n delegateId: string\n ): Promise<{ exchangeKey: CryptoKey; accessControlSecret: string; exchangeData: ExchangeData; sharedSignatureKey: CryptoKey } | undefined> {\n const caches = await this.caches\n const dataId = caches.delegateToVerifiedEncryptionDataId[delegateId]\n const cached = dataId ? caches.dataById[dataId] : undefined\n if (cached && cached?.decrypted) {\n return {\n exchangeData: cached.exchangeData,\n accessControlSecret: cached.decrypted.accessControlSecret,\n exchangeKey: cached.decrypted.exchangeKey,\n sharedSignatureKey: cached.decrypted.sharedSignatureKey,\n }\n } else {\n return undefined\n }\n }\n\n async getOrCreateEncryptionDataTo(\n delegateId: string,\n options?: {\n allowCreationWithoutDelegatorKey?: boolean\n allowCreationWithoutDelegateKey?: boolean\n }\n ): Promise<{ exchangeData: ExchangeData; accessControlSecret: string; exchangeKey: CryptoKey; sharedSignatureKey: CryptoKey }> {\n const initialCached = await this.getCachedEncryptionDataTo(delegateId)\n if (initialCached) return initialCached\n const release = await this.createExchangeDataMutex.acquire()\n try {\n const cachedAfterMutex = await this.getCachedEncryptionDataTo(delegateId)\n if (cachedAfterMutex) return cachedAfterMutex\n const created = await this.createNewExchangeData(delegateId, {\n allowNoDelegateKeys: options?.allowCreationWithoutDelegateKey ?? false,\n allowNoDelegatorKeys: options?.allowCreationWithoutDelegatorKey ?? false,\n })\n this.cacheData(created.exchangeData, true, {\n accessControlSecret: created.accessControlSecret,\n exchangeKey: created.exchangeKey,\n sharedSignatureKey: created.sharedSignatureKey,\n verified: true,\n })\n return created\n } finally {\n release()\n }\n }\n\n async getDecryptionDataKeyByIds(\n ids: string[],\n retrieveIfNotCached: boolean\n ): Promise<{\n [p: string]: {\n exchangeKey: CryptoKey | undefined\n accessControlSecret: string | undefined\n exchangeData: ExchangeData\n }\n }> {\n const caches = await this.caches\n const res: {\n [p: string]: {\n exchangeKey: CryptoKey | undefined\n accessControlSecret: string | undefined\n exchangeData: ExchangeData\n }\n } = {}\n for (const id of ids) {\n const data = caches.dataById[id]\n if (data) {\n res[id] = {\n exchangeData: data.exchangeData,\n exchangeKey: data.decrypted?.exchangeKey,\n accessControlSecret: data.decrypted?.accessControlSecret,\n }\n }\n }\n return res\n }\n\n private cacheData(\n exchangeData: ExchangeData,\n isNewData: boolean,\n decrypted: { accessControlSecret: string; exchangeKey: CryptoKey; verified: boolean; sharedSignatureKey: CryptoKey } | undefined\n ): void {\n this.caches = this.caches.then(async (caches) => {\n caches.dataById[exchangeData.id!] = { exchangeData, decrypted }\n if (decrypted) {\n const hashes = await this.accessControlSecret.allSecureDelegationKeysFor(decrypted.accessControlSecret)\n hashes.forEach((hash) => {\n caches.hashToId[hash] = exchangeData.id!\n })\n if (decrypted.verified) {\n caches.delegateToVerifiedEncryptionDataId[exchangeData.delegate] = exchangeData.id!\n }\n }\n if (isNewData) caches.entityTypeToAccessControlKeysValue = {}\n return caches\n })\n }\n\n private async doRepopulateCache(): Promise<{\n dataById: { [id: string]: CachedExchangeData }\n hashToId: { [hash: string]: string }\n delegateToVerifiedEncryptionDataId: { [delegate: string]: string }\n entityTypeToAccessControlKeysValue: { [entityType in EntityWithDelegationTypeName]?: string }\n }> {\n const allData = await this.base.getAllExchangeDataForCurrentDataOwnerIfAllowed()\n if (!allData) throw new Error('Impossible to use fully cached exchange data manager for current data owner.')\n const dataById: { [id: string]: CachedExchangeData } = {}\n const hashToId: { [hash: string]: string } = {}\n const delegateToVerifiedEncryptionDataId: { [delegate: string]: string } = {}\n for (const currData of allData) {\n const currDecrypted = await this.decryptData(currData)\n dataById[currData.id!] = { exchangeData: currData, decrypted: currDecrypted }\n if (currDecrypted?.verified) {\n delegateToVerifiedEncryptionDataId[currData.delegate] = currData.id!\n }\n if (currDecrypted?.accessControlSecret) {\n for (const h of await this.accessControlSecret.allSecureDelegationKeysFor(currDecrypted!.accessControlSecret)) {\n hashToId[h] = currData.id!\n }\n }\n }\n const entityTypeToAccessControlKeysValue: { [entityType in EntityWithDelegationTypeName]?: string } = {}\n return { dataById, hashToId, delegateToVerifiedEncryptionDataId, entityTypeToAccessControlKeysValue }\n }\n\n async getAccessControlKeysValue(entityType: EntityWithDelegationTypeName): Promise<string | undefined> {\n const caches = await this.caches\n const cached = caches.entityTypeToAccessControlKeysValue[entityType]\n if (cached) return cached\n const accessControlSecrets = Object.values(caches.dataById).flatMap((x) => (x.decrypted ? [x.decrypted.accessControlSecret] : []))\n const fullData = await this.accessControlSecret.getEncodedAccessControlKeys(accessControlSecrets, entityType)\n caches.entityTypeToAccessControlKeysValue[entityType] = fullData\n return fullData\n }\n\n async getAllDelegationKeys(entityType: EntityWithDelegationTypeName): Promise<string[] | undefined> {\n const caches = await this.caches\n const accessControlSecrets = Object.values(caches.dataById).flatMap((x) => (x.decrypted ? [x.decrypted.accessControlSecret] : []))\n const res: string[] = []\n for (const accessControlSecret of accessControlSecrets) {\n // Usage of sfks in secure delegation key should be configurable: it is not necessary for all users and it has some performance impact\n res.push(await this.accessControlSecret.secureDelegationKeyFor(accessControlSecret, entityType))\n }\n return res\n }\n\n protected async cacheInjectedExchangeData(\n exchangeDataDetails: {\n exchangeData: ExchangeData\n accessControlSecret: string\n exchangeKey: CryptoKey\n sharedSignatureKey: CryptoKey\n verified: boolean\n }[]\n ): Promise<void> {\n for (const details of exchangeDataDetails) {\n this.cacheData(details.exchangeData, true, {\n accessControlSecret: details.accessControlSecret,\n exchangeKey: details.exchangeKey,\n sharedSignatureKey: details.sharedSignatureKey,\n verified: details.verified,\n })\n }\n }\n}\n\nclass LimitedLruCacheExchangeDataManager extends AbstractExchangeDataManager {\n private readonly idToData: SimpleLruCache<string, CachedExchangeData & { hashes: string[] }> = new SimpleLruCache()\n private readonly hashToId: Map<string, string> = new Map()\n private readonly delegateToVerifiedEncryptionDataId: Map<string, string> = new Map()\n private readonly maxCachedExchangeData: number\n private readonly cacheMutex = new Mutex()\n\n constructor(\n base: BaseExchangeDataManager,\n encryptionKeys: UserEncryptionKeysManager,\n accessControlSecret: AccessControlSecretUtils,\n cryptoStrategies: CryptoStrategies,\n dataOwnerApi: IccDataOwnerXApi,\n primitives: CryptoPrimitives,\n useParentKeys: boolean,\n optionalParameters: {\n lruCacheSize?: number\n }\n ) {\n super(base, encryptionKeys, accessControlSecret, cryptoStrategies, dataOwnerApi, primitives, useParentKeys)\n this.maxCachedExchangeData = optionalParameters.lruCacheSize ?? 2000\n }\n\n async clearOrRepopulateCache(): Promise<void> {\n this.idToData.clear()\n this.hashToId.clear()\n this.delegateToVerifiedEncryptionDataId.clear()\n }\n\n async getCachedDecryptionDataKeyByAccessControlHash(\n hashes: string[]\n ): Promise<{ [p: string]: { exchangeData: ExchangeData; exchangeKey: CryptoKey; accessControlSecret: string } }> {\n const release = await this.cacheMutex.acquire()\n try {\n const res: {\n [p: string]: { exchangeData: ExchangeData; exchangeKey: CryptoKey; accessControlSecret: string }\n } = {}\n for (const hash of hashes) {\n const dataId = this.hashToId.get(hash)\n if (dataId) {\n const retrieved = this.idToData.getCached(dataId)\n if (!retrieved) throw new Error(`Data with id ${dataId} should have been already cached.`)\n if (retrieved.decrypted) {\n res[hash] = {\n exchangeData: retrieved.exchangeData,\n exchangeKey: retrieved.decrypted.exchangeKey,\n accessControlSecret: retrieved.decrypted.accessControlSecret,\n }\n }\n }\n }\n return res\n } finally {\n release()\n }\n }\n\n async getDecryptionDataKeyByIds(\n ids: string[],\n retrieveIfNotCached: boolean\n ): Promise<{\n [p: string]: {\n exchangeKey: CryptoKey | undefined\n accessControlSecret: string | undefined\n exchangeData: ExchangeData\n }\n }> {\n const release = await this.cacheMutex.acquire()\n try {\n const res: {\n [p: string]: {\n exchangeKey: CryptoKey | undefined\n accessControlSecret: string | undefined\n exchangeData: ExchangeData\n }\n } = {}\n const uncached: string[] = []\n for (const id of ids) {\n const cached: (CachedExchangeData & { hashes: string[] }) | null = this.idToData.getCached(id)\n if (cached) {\n res[id] = {\n exchangeKey: cached.decrypted?.exchangeKey,\n accessControlSecret: cached.decrypted?.accessControlSecret,\n exchangeData: cached.exchangeData,\n }\n } else if (retrieveIfNotCached) {\n uncached.push(id)\n }\n }\n if (uncached.length > 0) {\n const retrieved = await this.base.getExchangeDataByIds(uncached)\n for (const data of retrieved) {\n const decrypted = await this.decryptData(data)\n if (decrypted) {\n const hashes = await this.accessControlSecret.allSecureDelegationKeysFor(decrypted.accessControlSecret)\n this.addToCache({ exchangeData: data, hashes, decrypted })\n } else {\n this.addToCache({ exchangeData: data, hashes: [] })\n }\n res[data.id!] = {\n exchangeKey: decrypted?.exchangeKey,\n accessControlSecret: decrypted?.accessControlSecret,\n exchangeData: data,\n }\n }\n }\n return res\n } finally {\n release()\n }\n }\n\n async getOrCreateEncryptionDataTo(\n delegateId: string,\n options?: {\n allowCreationWithoutDelegatorKey?: boolean\n allowCreationWithoutDelegateKey?: boolean\n }\n ): Promise<{ exchangeData: ExchangeData; accessControlSecret: string; exchangeKey: CryptoKey; sharedSignatureKey: CryptoKey }> {\n const release = await this.cacheMutex.acquire()\n try {\n let existingId = this.delegateToVerifiedEncryptionDataId.get(delegateId)\n if (!existingId) {\n await this.populateCacheToDelegate(delegateId)\n existingId = this.delegateToVerifiedEncryptionDataId.get(delegateId)\n }\n if (existingId) {\n const cached = this.idToData.getCached(existingId)\n if (!cached) throw new Error(`Illegal state: data with id ${existingId} should have been in cache`)\n if (cached.decrypted) {\n return {\n exchangeData: cached.exchangeData,\n exchangeKey: cached.decrypted.exchangeKey,\n accessControlSecret: cached.decrypted.accessControlSecret,\n sharedSignatureKey: cached.decrypted.sharedSignatureKey,\n }\n } else throw new Error(`Illegal state: cached verified data should be decrypted.`)\n } else {\n const created = await this.createNewExchangeData(delegateId, {\n allowNoDelegateKeys: options?.allowCreationWithoutDelegateKey ?? false,\n allowNoDelegatorKeys: options?.allowCreationWithoutDelegatorKey ?? false,\n })\n const hashes = await this.accessControlSecret.allSecureDelegationKeysFor(created.accessControlSecret)\n const data = {\n exchangeData: created.exchangeData,\n decrypted: {\n accessControlSecret: created.accessControlSecret,\n exchangeKey: created.exchangeKey,\n sharedSignatureKey: created.sharedSignatureKey,\n verified: true,\n },\n hashes,\n }\n this.addToCache(data)\n return {\n exchangeData: data.exchangeData,\n exchangeKey: data.decrypted.exchangeKey,\n accessControlSecret: data.decrypted.accessControlSecret,\n sharedSignatureKey: data.decrypted.sharedSignatureKey,\n }\n }\n } finally {\n release()\n }\n }\n\n // Loads and adds to the cache all exchange data from the current data owner to the given delegate. Allows to check if there is already data from\n // the current data owner to the delegate which is good for encryption.\n private async populateCacheToDelegate(delegateId: string): Promise<void> {\n const dataToDelegate = await this.base.getExchangeDataByDelegatorDelegatePair(await this.dataOwnerApi.getCurrentDataOwnerId(), delegateId)\n for (const data of dataToDelegate) {\n const decrypted = await this.decryptData(data)\n if (decrypted) {\n const hashes = await this.accessControlSecret.allSecureDelegationKeysFor(decrypted.accessControlSecret)\n this.addToCache({ exchangeData: data, hashes, decrypted })\n } else {\n this.addToCache({ exchangeData: data, hashes: [] })\n }\n }\n }\n\n private addToCache(data: CachedExchangeData & { hashes: string[] }) {\n if (this.idToData.size >= this.maxCachedExchangeData) {\n this.evictOneEntry()\n }\n data.hashes.forEach((hash) => this.hashToId.set(hash, data.exchangeData.id!))\n if (data.decrypted?.verified && !this.delegateToVerifiedEncryptionDataId.has(data.exchangeData.delegate)) {\n this.delegateToVerifiedEncryptionDataId.set(data.exchangeData.delegate, data.exchangeData.id!)\n }\n this.idToData.set(data.exchangeData.id!, data)\n }\n\n private evictOneEntry() {\n const evicted = this.idToData.evictLeastRecentlyUsed()\n evicted.hashes.forEach((hash) => this.hashToId.delete(hash))\n if (this.delegateToVerifiedEncryptionDataId.get(evicted.exchangeData.delegate) === evicted.exchangeData.id) {\n this.delegateToVerifiedEncryptionDataId.delete(evicted.exchangeData.delegate)\n }\n }\n\n getAccessControlKeysValue(): Promise<string | undefined> {\n return Promise.resolve(undefined)\n }\n\n getAllDelegationKeys(): Promise<string[] | undefined> {\n return Promise.resolve(undefined)\n }\n\n protected async cacheInjectedExchangeData(\n exchangeDataDetails: {\n exchangeData: ExchangeData\n accessControlSecret: string\n exchangeKey: CryptoKey\n sharedSignatureKey: CryptoKey\n verified: boolean\n }[]\n ): Promise<void> {\n for (const details of exchangeDataDetails) {\n const hashes = await this.accessControlSecret.allSecureDelegationKeysFor(details.accessControlSecret)\n const data = {\n exchangeData: details.exchangeData,\n decrypted: {\n accessControlSecret: details.accessControlSecret,\n exchangeKey: details.exchangeKey,\n sharedSignatureKey: details.sharedSignatureKey,\n verified: details.verified,\n },\n hashes,\n }\n this.addToCache(data)\n }\n }\n}\n"]}
@@ -337,7 +337,7 @@ class ExtendedApisUtilsImpl {
337
337
  return { data: result.success, wasDecrypted: true };
338
338
  }
339
339
  else {
340
- return { data: content, wasDecrypted: false };
340
+ return { data: (0, utils_1.ua2ab)(content), wasDecrypted: false };
341
341
  }
342
342
  });
343
343
  }