Add test to get all keystores for a controller.

Author: dlongley

CHANGELOG.md

@@ -1,9 +1,9 @@
 # bedrock-kms-http ChangeLog
 
-## 23.2.0 - 2025-11-dd
+## 23.1.0 - 2025-11-dd
 
-### Changed
-- Include route for fetching all keystore configs for a given root controller.
+### Added
+- Add route for fetching all keystore configs for a given root controller.
 
 ## 23.0.0 - 2025-10-14
 

lib/http.js

@@ -1,5 +1,5 @@
 /*!
- * Copyright (c) 2019-2022 Digital Bazaar, Inc. All rights reserved.
+ * Copyright (c) 2019-2025 Digital Bazaar, Inc. All rights reserved.
  */
 import * as bedrock from '@bedrock/core';
 import * as brZCapStorage from '@bedrock/zcap-storage';
@@ -17,13 +17,12 @@ import {
 } from '@bedrock/kms';
 import {reportOperationUsage, SERVICE_TYPE} from './metering.js';
 import {asyncHandler} from '@bedrock/express';
-import {BedrockKeystoreConfigStorage} from './BedrockKeystoreConfigStorage.js';
 import {generateRandom} from '@digitalbazaar/webkms-switch';
 import {meters} from '@bedrock/meter-usage-reporter';
 import {createValidateMiddleware as validate} from '@bedrock/validation';
 
 const {config, util: {BedrockError}} = bedrock;
-const {cors} = middleware;
+const {cors, storage} = middleware;
 
 bedrock.events.on('bedrock-express.configure.routes', app => {
   const cfg = config['kms-http'];
@@ -43,10 +42,6 @@ bedrock.events.on('bedrock-express.configure.routes', app => {
   routes.key = `${routes.keys}/:keyId`;
   routes.revocations = `${routes.keystore}/zcaps/revocations/:revocationId`;
 
-  const {baseUri} = bedrock.config.server;
-
-  const storage = new BedrockKeystoreConfigStorage();
-
   // create middleware for handling KMS operations
   const handleOperation = middleware.createKmsOperationMiddleware();
 
@@ -57,30 +52,6 @@ bedrock.events.on('bedrock-express.configure.routes', app => {
   /* Note: CORS is used on all endpoints. This is safe because authorization
   uses HTTP signatures + capabilities, not cookies; CSRF is not possible. */
 
-  // get all keystores with root controller
-  app.options(routes.keystores, cors());
-  app.get(
-    routes.keystores,
-    cors(),
-    validate({querySchema: getConfigsQuery}),
-    middleware.authorizeZcapInvocation({
-      async getExpectedValues() {
-        return {
-          host: bedrock.config.server.host,
-          rootInvocationTarget: baseUri + routes.keystores
-        };
-      },
-      async getRootController({req}) {
-        return req.query.controller;
-      }
-    }),
-    asyncHandler(async (req, res) => {
-      const controller = req.query.controller;
-      const options = {projection: {_id: 0, config: 1}, limit: 100};
-      const results = await storage.getAll({controller, req, options});
-      res.json({results});
-    }));
-
   // create a new keystore
   app.options(routes.keystores, cors());
   app.post(
@@ -204,6 +175,30 @@ bedrock.events.on('bedrock-express.configure.routes', app => {
       reportOperationUsage({req});
     }));
 
+  // get all keystores with root controller
+  app.get(
+    routes.keystores,
+    cors(),
+    validate({querySchema: getConfigsQuery}),
+    middleware.authorizeZcapInvocation({
+      async getExpectedValues() {
+        const {baseUri, host} = bedrock.config.server;
+        return {
+          host,
+          rootInvocationTarget: `${baseUri}${routes.keystores}`
+        };
+      },
+      async getRootController({req}) {
+        return req.query.controller;
+      }
+    }),
+    asyncHandler(async (req, res) => {
+      const controller = req.query.controller;
+      const options = {projection: {_id: 0, config: 1}, limit: 100};
+      const results = await storage.getAll({controller, req, options});
+      res.json({results});
+    }));
+
   // get a keystore config
   app.get(
     routes.keystore,

lib/middleware.js

@@ -24,7 +24,7 @@ const {helpers: {inspectCapabilityChain}} = brZCapStorage;
 
 const FIVE_MINUTES = 1000 * 60 * 5;
 
-const storage = new BedrockKeystoreConfigStorage();
+export const storage = new BedrockKeystoreConfigStorage();
 
 // creates middleware to get the keystore config for the current request and
 // caches it in `req.webkms.keystore`

test/mocha/10-keystore.js

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2019-2022 Digital Bazaar, Inc. All rights reserved.
+ * Copyright (c) 2019-2025 Digital Bazaar, Inc. All rights reserved.
  */
 import * as bedrock from '@bedrock/core';
 import * as helpers from './helpers.js';
@@ -138,7 +138,7 @@ describe('bedrock-kms-http API', () => {
           'the \'postKeystoreBody\' validator.');
       });
     it('throws error with no controller in zcap validation', async () => {
-      const secret = ' b07e6b31-d910-438e-9a5f-08d945a5f676';
+      const secret = 'b07e6b31-d910-438e-9a5f-08d945a5f676';
       const handle = 'testKey1';
       const capabilityAgent = await CapabilityAgent.fromSecret(
         {secret, handle});
@@ -165,6 +165,36 @@ describe('bedrock-kms-http API', () => {
         'A validation error occurred in the \'delegatedZcap\' validator.');
     });
 
+    describe(`get a controller's keystore configs`, () => {
+      it('gets two keystores', async () => {
+        const secret = 'e3ecebb0-d94f-47bf-b11b-5ac08ce37f5d';
+        const handle = 'testKey1';
+        const capabilityAgent = await CapabilityAgent.fromSecret(
+          {secret, handle});
+
+        const keystore1 = await helpers.createKeystore({capabilityAgent});
+        const keystore2 = await helpers.createKeystore({capabilityAgent});
+
+        let err;
+        let result;
+        try {
+          const kmsBaseUrl = `${bedrock.config.server.baseUri}/kms`;
+          const url = `${kmsBaseUrl}/keystores`;
+          result = await helpers.getKeystores({url, capabilityAgent});
+        } catch(e) {
+          err = e;
+        }
+        assertNoError(err);
+        should.exist(result);
+        result.should.have.keys(['results']);
+        result.results.length.should.equal(2);
+        result.results[0].id.should.equal(keystore1.id);
+        result.results[0].controller.should.equal(capabilityAgent.id);
+        result.results[1].id.should.equal(keystore2.id);
+        result.results[1].controller.should.equal(capabilityAgent.id);
+      });
+    }); // get keystore configs
+
     describe('get keystore config', () => {
       it('gets a keystore', async () => {
         const secret = 'b07e6b31-d910-438e-9a5f-08d945a5f676';
@@ -216,7 +246,7 @@ describe('bedrock-kms-http API', () => {
         result.ipAllowList.should.eql(ipAllowList);
       });
       it('returns NotAllowedError for invalid source IP', async () => {
-        const secret = ' b07e6b31-d910-438e-9a5f-08d945a5f676';
+        const secret = 'b07e6b31-d910-438e-9a5f-08d945a5f676';
         const handle = 'testKey1';
         const capabilityAgent = await CapabilityAgent.fromSecret(
           {secret, handle});

test/mocha/helpers.js

@@ -107,6 +107,19 @@ export async function getKeystore({id, capabilityAgent}) {
   return kmsClient.getKeystore({invocationSigner});
 }
 
+export async function getKeystores({url, capabilityAgent}) {
+  const zcapClient = new ZcapClient({
+    agent: httpsAgent,
+    invocationSigner: capabilityAgent.getSigner(),
+    SuiteClass: Ed25519Signature2020
+  });
+  const {data} = await zcapClient.read({
+    url: `${url}?controller=${encodeURIComponent(capabilityAgent.id)}`,
+    capability: `urn:zcap:root:${encodeURIComponent(url)}`
+  });
+  return data;
+}
+
 export async function delegate({
   parentCapability, controller, invocationTarget, expires, allowedAction,
   delegator, purposeOptions = {}