@bedrock/kms 9.0.0

package/.eslintrc.cjs

@@ -0,0 +1,12 @@
+module.exports = {
+  root: true,
+  parserOptions: {
+    // this is required for dynamic import()
+    ecmaVersion: 2020
+  },
+  env: {
+    node: true
+  },
+  extends: ['digitalbazaar', 'digitalbazaar/jsdoc'],
+  ignorePatterns: ['node_modules/']
+};

package/.github/workflows/main.yml

@@ -0,0 +1,77 @@
+name: Bedrock Node.js CI
+
+on: [push]
+
+jobs:
+  lint:
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+    strategy:
+      matrix:
+        node-version: [14.x]
+    steps:
+    - uses: actions/checkout@v2
+    - name: Use Node.js ${{ matrix.node-version }}
+      uses: actions/setup-node@v1
+      with:
+        node-version: ${{ matrix.node-version }}
+    - run: npm install
+    - name: Run eslint
+      run: npm run lint
+  test-node:
+    needs: [lint]
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+    services:
+      mongodb:
+        image: mongo:4.2
+        ports:
+          - 27017:27017
+    strategy:
+      matrix:
+        node-version: [14.x]
+    steps:
+    - uses: actions/checkout@v2
+    - name: Use Node.js ${{ matrix.node-version }}
+      uses: actions/setup-node@v1
+      with:
+        node-version: ${{ matrix.node-version }}
+    - run: |
+        npm install
+        cd test
+        npm install
+    - name: Run test with Node.js ${{ matrix.node-version }}
+      run: |
+        cd test
+        npm test
+  coverage:
+    needs: [test-node]
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+    services:
+      mongodb:
+        image: mongo:4.2
+        ports:
+          - 27017:27017
+    strategy:
+      matrix:
+        node-version: [14.x]
+    steps:
+    - uses: actions/checkout@v2
+    - name: Use Node.js ${{ matrix.node-version }}
+      uses: actions/setup-node@v1
+      with:
+        node-version: ${{ matrix.node-version }}
+    - run: |
+        npm install
+        cd test
+        npm install
+    - name: Generate coverage report
+      run: |
+        cd test
+        npm run coverage-ci
+    - name: Upload coverage to Codecov
+      uses: codecov/codecov-action@v2
+      with:
+        file: ./test/coverage/lcov.info
+        fail_ci_if_error: true

package/CHANGELOG.md

@@ -0,0 +1,219 @@
+# bedrock-kms ChangeLog
+
+## 9.0.0 - 2022-04-05
+
+### Changed
+- **BREAKING**: Rename package to `@bedrock/kms`.
+- **BREAKING**: Convert to module (ESM).
+- **BREAKING**: Remove default export.
+- **BREAKING**: Require node 14.x.
+
+## 8.3.1 - 2022-03-29
+
+### Fixed
+- Use updated `bedrock-security-context` peer dependency.
+
+## 8.3.0 - 2022-03-29
+
+### Changed
+- Update peer deps:
+  - `bedrock@4.5`
+  - `bedrock-mongodb@8.5`.
+  - `bedrock-did-context@2.1`
+  - `bedrock-package-manager@1.2`
+  - `bedrock-jsonld-document-loader@1.3`
+  - `bedrock-veres-one-context@12.1`.
+- Update internals to use esm style and use `esm.js` to
+  transpile to CommonJS.
+
+## 8.2.0 - 2022-02-10
+
+### Changed
+- Use `bedrock-did-io@6`.
+
+## 8.1.0 - 2022-02-08
+
+### Changed
+- Update peer dependency `bedrock-veres-one-context@12`.
+
+## 8.0.0 - 2022-01-11
+
+### Changed
+- **BREAKING**: Require bedrock-did-io@5. This change effectively pulls in
+  the latest did-veres-one driver which ultimately uses zcap@7.
+
+## 7.4.0 - 2021-12-17
+
+### Changed
+- Replace `p-limit` with `p-all`.
+
+## 7.3.0 - 2021-12-16
+
+### Changed
+- Changed `getStorageUsage` to use `p-limit` for handling max concurrency.
+
+## 7.2.0 - 2021-11-22
+
+### Added
+- Add `aggregate` function option for `getStorageUsage` to allow custom
+  aggregation of additional usage information. This is used, for example,
+  by `bedrock-kms-http` to store zcap revocation storage usage.
+
+### Fixed
+- Fixed bugs with `keystores.getStorageUsage()`.
+
+## 7.1.0 - 2021-11-15
+
+### Added
+- Added optional `explain` param to get more details about database performance.
+- Added database tests in order to check database performance.
+
+### Changed
+- Exposed helper functions in order to properly test database calls.
+
+## 7.0.1 - 2021-09-01
+
+### Fixed
+- Fix typo in controller+referenceId index.
+
+## 7.0.0 - 2021-07-22
+
+### Added
+- Add `getStorageUsage` API. This function can be called with a meter ID,
+  WebKMS module manager API and an optional abort signal. It will return the
+  current storage usage for all keystores that use the identified meter.
+
+### Changed
+- **BREAKING**: Database keystore collection now named `kms-keystore` to match
+  modern naming convention. There is no expectation that old systems will
+  be able to upgrade in place to this new version, rather existing systems
+  that relied on bedrock-kms (typically via bedrock-kms-http) must transition
+  to new systems running the new version.
+
+### Removed
+- **BREAKING**: Removed deprecated `fields` option from `keystores.find` API.
+  Use `options.projection` option instead.
+
+## 6.0.0 - 2021-05-20
+
+### Changed
+- **BREAKING**: Drop support for node 10.
+- **BREAKING**: Use `ed25519-signature-2020` signature suite. Operations must
+  now be signed using the `Ed25519Signature2020` suite.
+- Remove unused `did-veres-one`.
+- Remove use of `jsonld-signatures`.
+- Remove `@digitalbazaar/did-io` and use `bedrock-did-io@2.0`.
+- Remove `did-method-key`.
+- Update dependencies to latest:
+  - [bedrock-did-io@2.0](https://github.com/digitalbazaar/bedrock-did-io/blob/main/CHANGELOG.md),
+  - [webkms-switch@5.0](https://github.com/digitalbazaar/webkms-switch/blob/main/CHANGELOG.md).
+
+## 5.0.0 - 2021-03-11
+
+### Fixed
+- **BREAKING**: Fix incorrectly configured MongoDB index on the `kmsKeystore`
+  collection. If this software needs to be deployed along with an existing
+  database, the index named `controller_1_config.referenceId_1` will need to
+  be dropped manually. The index will be recreated automatically on Bedrock
+  application startup.
+
+## 4.0.1 - 2021-03-09
+
+### Fixed
+- Remove obsolete `allowedHost` config.
+
+## 4.0.0 - 2021-03-09
+
+### Added
+- Keystore configurations may now include an optional `ipAllowList` array. If
+  specified, the KMS system will only execute requests originating from IPs
+  listed in `ipAllowList`. This applies to key operations for all keys in the
+  keystore as well as modification of the configuration itself.
+
+### Changed
+- **BREAKING**: Change data model and validation of keystore configs. Configs
+  no longer include `invoker` or `delegator` properties.
+
+## 3.1.0 - 2020-09-25
+
+## Added
+- Add cache for public key records.
+
+## 3.0.2 - 2020-07-09
+
+## Fixed
+- Fix usage of MongoDB projection API.
+
+## 3.0.1 - 2020-06-09
+
+## Added
+- Add `delegator` and `invoker` as valid kms config properties.
+
+## 3.0.0 - 2020-06-09
+
+### Changed
+- **BREAKING**: Upgraded to `bedrock-mongodb` ^7.0.0.
+- Mongodb `update` is now `updateOne`.
+- Mongodb `find` no longer accepts fields.
+
+### Added
+- `find` now throws in both options.projection and fields are set.
+
+## 2.1.0 - 2020-05-15
+
+### Changed
+- Add support for `did:v1` resolution.
+- Add dependency for `did-io`.
+- Add dependency for `did-veres-one`.
+
+## 2.0.1 - 2020-05-06
+
+### Fixed
+- Fix error handling in `keystore.update` API.
+
+## 2.0.0 - 2020-04-02
+
+### Changed
+- **BREAKING**: Use webkms-switch@2.
+- Remove unused peer deps.
+
+## 1.4.0 - 2020-02-25
+
+### Changed
+- Add dependency for `did-key-method`.
+- Add peer dependency for `bedrock-did-context`.
+- Add peer dependency for `bedrock-jsonld-document-loader`.
+
+## 1.3.0 - 2020-02-14
+
+### Changed
+- Use jsonld-signatures@5.
+
+## 1.2.0 - 2020-02-07
+
+### Added
+- Add support for `inspectCapabilityChain` handler in `validateOperation`. This
+  handler can be used to check for revocations in a capability chain.
+- Handle reading DID key URLs (with `#`) in document loader.
+
+## 1.1.0 - 2020-01-22
+
+### Changed
+- Specify peer dep bedrock-security-context@3.
+
+## 1.0.2 - 2020-01-22
+
+### Fixed
+- Add missing jsonld-sigatures dep.
+
+## 1.0.1 - 2019-12-20
+
+### Fixed
+- Fixed typo in module import.
+
+## 1.0.0 - 2019-12-20
+
+### Added
+- Add core files.
+
+- See git history for changes previous to this release.

package/LICENSE.md

@@ -0,0 +1,115 @@
+Bedrock Non-Commercial License v1.0
+===================================
+
+Copyright (c) 2011-2021 Digital Bazaar, Inc.
+All rights reserved.
+
+Summary
+=======
+
+This license allows the licensee to use Bedrock and its software modules
+for non-commercial purposes such as self-study, research, personal
+projects, or for evaluation purposes. If the licensee uses Bedrock
+directly or indirectly to generate revenue, or to provide products or
+services to more than 500 people (users), the licensee must immediately
+obtain a non-profit or commercial license.
+
+Examples
+========
+
+These are examples of cases that are allowed by this license:
+
+* The licensee is an individual that creates Bedrock-dependent software for
+  personal use only.
+* The licensee is an individual or group of students/researchers that uses
+  Bedrock to experiment with an idea for a non-commercial project.
+* The licensee is a startup company that prototypes a Bedrock-dependent
+  product before they have cash flow and will be testing the prototype
+  software with less than 500 users. The service will not generate revenue
+  of any kind.
+* The licensee is a for-profit organization that creates a product or
+  service that is used by less than 500 users and is built with or
+  integrates with Bedrock. The service must be exclusively provided for free
+  and no parent, subsidiary, agent, or affiliate organization may profit
+  from its use.
+
+These cases require a non-profit or commercial license:
+
+* The licensee is a non-profit that receives funding to create and/or run a
+  Bedrock-dependent service.
+* The licensee is a startup company with Bedrock-dependent software that is
+  funded by another organization.
+* The licensee is a startup company that is going into production with
+  Bedrock-dependent software.
+* The licensee has more than 500 users using a Bedrock-dependent service
+  either directly or indirectly.
+* The licensee is a medium to large organization that builds or integrates a
+  commercial product or service with Bedrock.
+
+THE LICENSE
+===========
+
+This section and all subsequent sections of this document constitute the
+agreement between the licensee and Digital Bazaar, Inc.
+
+DEFINITIONS
+===========
+
+* Product - The Bedrock software and any modules associated with Bedrock
+where Digital Bazaar, Inc. owns the copyright.
+
+CONDITIONS
+==========
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted for NON-COMMERCIAL PURPOSES as long as the
+following conditions are met:
+
+1. Any use of the Product must not generate revenue for the licensee or
+   any parent, subsidiary, agent, or affiliate of the licensee. Use of
+   Product includes, but is not limited to, interacting with any of the
+   licensee's Product-dependent products or services over a network.
+
+2. The aggregate number of individual people (users) of the licensee's
+   products or services that use Product must be less than 500.
+
+3. Redistributions of source code must retain the above copyright notice
+   intact, this list of conditions and the following disclaimer.
+
+4. Redistributions in binary form must reproduce the above copyright
+   notice, this license and the following disclaimer in the documentation and
+   on a web page available via interactive use and/or other materials
+   provided with the distribution.
+
+5. Neither the name of the copyright holder, the names of its
+   contributors, nor any trademarks held by the copyright holder may be used
+   to endorse or promote products or services built using the Product without
+   specific prior written permission.
+
+6. Any modifications are clearly outlined in release documentation and are
+   specifically mentioned as not being a part of an official Product release.
+   No additional restrictions to this license may be made when distributing
+   modifications.
+
+7. For the avoidance of doubt, this license prohibits sublicensing of the
+   Product.
+
+8. Any breach of this license by licensee must be resolved within 30 days.
+   Failure to do so results in the termination of this license.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR
+CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+To obtain a non-profit or commercial license for Product, please contact
+Digital Bazaar, Inc. at the following email address:
+
+Digital Bazaar <support@digitalbazaar.com>

package/README.md

@@ -0,0 +1,2 @@
+# bedrock-kms
+Key management for Bedrock Applications

package/lib/BedrockKmsModuleManager.js

@@ -0,0 +1,16 @@
+/*!
+ * Copyright (c) 2019-2022 Digital Bazaar, Inc. All rights reserved.
+ */
+import * as brPackageManager from '@bedrock/package-manager';
+
+// load config defaults
+import './config.js';
+
+export class BedrockKmsModuleManager {
+  async get({id}) {
+    const {packageName} = brPackageManager.get(
+      {alias: id, type: 'webkms-module'});
+    const api = await import(packageName);
+    return api.default || api;
+  }
+}

package/lib/config.js

@@ -0,0 +1,16 @@
+/*!
+ * Copyright (c) 2019-2022 Digital Bazaar, Inc. All rights reserved.
+ */
+import {config} from '@bedrock/core';
+
+const cfg = config.kms = {};
+cfg.keystoreConfigCache = {
+  maxSize: 1000,
+  maxAge: 5 * 60 * 1000
+};
+
+// storage size to report to meter service
+cfg.storageCost = {
+  keystore: 1,
+  key: 1
+};

package/lib/index.js

@@ -0,0 +1,34 @@
+/*!
+ * Copyright (c) 2019-2022 Digital Bazaar, Inc. All rights reserved.
+ */
+import * as keystores from './keystores.js';
+import {BedrockKmsModuleManager} from './BedrockKmsModuleManager.js';
+import {didIo} from '@bedrock/did-io';
+import {documentLoader} from '@bedrock/jsonld-document-loader';
+import '@bedrock/did-context';
+import '@bedrock/security-context';
+import '@bedrock/veres-one-context';
+
+// load config defaults
+import './config.js';
+
+async function defaultDocumentLoader(url) {
+  let document;
+  if(url.startsWith('did:')) {
+    document = await didIo.get({did: url});
+    return {
+      contextUrl: null,
+      documentUrl: url,
+      document
+    };
+  }
+
+  // finally, try the bedrock document loader
+  return documentLoader(url);
+}
+const defaultModuleManager = new BedrockKmsModuleManager();
+
+export {
+  BedrockKmsModuleManager, keystores,
+  defaultDocumentLoader, defaultModuleManager
+};