Merge pull request #7 from windingtree/feat/aws-kms-keys

Feat/aws kms keys
windingtree · Nov 5, 2022 · 105dd67 · 105dd67
2 parents 79a7747 + ffe905c
commit 105dd67
Show file tree

Hide file tree

Showing 37 changed files with 2,591 additions and 1,093 deletions.
diff --git a/.eslintrc b/.eslintrc
@@ -1,13 +1,13 @@
 {
   "root": true,
   "parser": "@typescript-eslint/parser",
-  "plugins": [
-    "@typescript-eslint"
-  ],
+  "plugins": ["@typescript-eslint"],
   "extends": [
     "eslint:recommended",
     "plugin:@typescript-eslint/eslint-recommended",
     "plugin:@typescript-eslint/recommended"
   ],
-  "rules": {}
+  "rules": {
+    "@typescript-eslint/no-explicit-any": "off"
+  }
 }
diff --git a/.prettierignore b/.prettierignore
@@ -0,0 +1,3 @@
+node_modules
+.github
+dist
diff --git a/.prettierrc b/.prettierrc
@@ -0,0 +1,6 @@
+{
+  "semi": true,
+  "singleQuote": true,
+  "printWidth": 80,
+  "trailingComma": "es5"
+}
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -4,39 +4,34 @@ All notable changes to this project will be documented in this file. See [standa
 
 ## [3.0.0](https://github.com/windingtree/org.id-sdk/compare/v1.2.0...v3.0.0) (2022-10-27)
 
-
 ### Features
 
-* Added support for creation of an ORGiD using multisig wallet ([8dd9b11](https://github.com/windingtree/org.id-sdk/commit/8dd9b11cb0dc7befe344e2f96a684978c2e05e78))
+- Added support for creation of an ORGiD using multisig wallet ([8dd9b11](https://github.com/windingtree/org.id-sdk/commit/8dd9b11cb0dc7befe344e2f96a684978c2e05e78))
 
 ## [1.1.0](https://github.com/windingtree/org.id-sdk/compare/v1.0.0...v1.1.0) (2022-10-22)
 
-
 ### Features
 
-* First version with JWT creation ([35cfa81](https://github.com/windingtree/org.id-sdk/commit/35cfa81677a3804a0dfc4aa7c619408c6619d731))
-
+- First version with JWT creation ([35cfa81](https://github.com/windingtree/org.id-sdk/commit/35cfa81677a3804a0dfc4aa7c619408c6619d731))
 
 ### Bug Fixes
 
-* Fixed release action script ([6455370](https://github.com/windingtree/org.id-sdk/commit/645537012b5c0f852b8839814305593a59162af1))
-* Fixed tests action script ([61af659](https://github.com/windingtree/org.id-sdk/commit/61af6593f96036d61bf05ecf2dafedb28575498e))
+- Fixed release action script ([6455370](https://github.com/windingtree/org.id-sdk/commit/645537012b5c0f852b8839814305593a59162af1))
+- Fixed tests action script ([61af659](https://github.com/windingtree/org.id-sdk/commit/61af6593f96036d61bf05ecf2dafedb28575498e))
 
 ## [1.0.0](https://github.com/windingtree/org.id-sdk/compare/v1.0.0-beta.48...v1.0.0) (2022-10-21)
 
-
 ### Features
 
-* add auth headers to ipfs requests ([2fa1803](https://github.com/windingtree/org.id-sdk/commit/2fa1803f23f5b66c4aa40127f0226f1cc497b7ed))
-* added env IPFS_API_HOST ([eaa7f15](https://github.com/windingtree/org.id-sdk/commit/eaa7f15090641e71969a580a90a082e23694cb4a))
+- add auth headers to ipfs requests ([2fa1803](https://github.com/windingtree/org.id-sdk/commit/2fa1803f23f5b66c4aa40127f0226f1cc497b7ed))
+- added env IPFS_API_HOST ([eaa7f15](https://github.com/windingtree/org.id-sdk/commit/eaa7f15090641e71969a580a90a082e23694cb4a))
 
 ## [1.0.0-beta.48](https://github.com/windingtree/org.id-sdk/compare/v1.0.0-beta.47...v1.0.0-beta.48) (2022-01-21)
 
 ## [1.0.0-beta.47](https://github.com/windingtree/org.id-sdk/compare/v1.0.0-beta.46...v1.0.0-beta.47) (2022-01-18)
 
-
 ### Bug Fixes
 
-* could not detect network CLI issue ([0844997](https://github.com/windingtree/org.id-sdk/commit/084499749d8f833a49b4f4fca7a45ac728667dfe))
+- could not detect network CLI issue ([0844997](https://github.com/windingtree/org.id-sdk/commit/084499749d8f833a49b4f4fca7a45ac728667dfe))
 
 ## 1.0.0-beta.46 (2022-01-14)
diff --git a/docs/create.md b/docs/create.md
@@ -70,6 +70,22 @@ orgid --operation keys:import --keyType pem --pubPem ./key.pub --privPem ./pkcs8
 
 > Important! You can import `pkcs8`-formatted private key only
 
+### Import of key pair managed by AWS KMS
+
+```bash
+orgid --operation keys:import --keyType kmsEthereum
+```
+
+> During the import process you will be prompted enter the following credentials\*:
+>
+> - `keyId` - unique Key Id that has been created when key has been create on AWS KMS
+> - `region` - AWS region in which the key is enabled
+> - `accessKeyId`
+> - `secretAccessKey`
+>
+> * all these credentials are mandatory options.
+>   As usual, you will be prompted for password that will be used for an encryption of key data in the project
+
 ## Bootstrap a new ORGiD
 
 ```bash
@@ -86,9 +102,12 @@ orgid --operation bootstrap --output ./rawOrgId.json
 
 ```bash
 orgid --operation keys:add --keyType ethereum --delegated true
+orgid --operation keys:add --keyType kmsEthereum --delegated true
 orgid --operation keys:add --keyType pem --delegated true
 ```
 
+> If you do not owner of the key you also should add parameter `--controller <did>` which will point to the owner (its DID) of the key to the verification method record
+
 ## Create ORGiD VC
 
 ```bash

diff --git a/docs/jwt.md b/docs/jwt.md
@@ -12,7 +12,7 @@ The issuer ORGiD must be registered before a JWT generation
 orgid --operation jwt --issuer <ISSUER_DID#key> --audience <AUDIENCE_DID> --expiration <TIME_IN_MILLISECONDS> --scope <scope1>,<scope2>,<scope3>,...
 ```
 
-- `issuer` - the creator and signer of a JWT, full DID, the verification method Id (mandatory)
-- `audience` - an entity which will use JWT for accessing an issuer service, DID only (mandatory)
+- `issuer` - the creator and signer of a JWT, full DID with the verification method Id (mandatory option)
+- `audience` - an entity which will use JWT for accessing an issuer service, DID only (mandatory option)
 - `scope` - scope of permissions (comma separated strings, optional)
 - `expiration` - JWT ttl in milliseconds (optional, if not defined a JWT will not be restricted by time)
diff --git a/docs/testcases.md b/docs/testcases.md
@@ -308,14 +308,9 @@ Here is an example of created ORGiD VC file:
 
 ```json
 {
-  "@context": [
-    "https://www.w3.org/2018/credentials/v1"
-  ],
+  "@context": ["https://www.w3.org/2018/credentials/v1"],
   "id": "a1b0e326-81c4-46c8-9776-ae065ffc7341",
-  "type": [
-    "VerifiableCredential",
-    "OrgJson"
-  ],
+  "type": ["VerifiableCredential", "OrgJson"],
   "issuer": "did:orgid:4:0xd6a429d09a197ad...870f0ee126ae236481fc2b40895b",
   "issuanceDate": "2021-12-23T01:34:21.401+02:00",
   "name": "Test entity",
@@ -386,57 +381,57 @@ Here is an example of an ORGiD DID resolution:
 
 ```json
 {
-   "@context": "https://w3id.org/did-resolution/v1",
-   "did": "did:orgid:4:0xd6a429d09a197adafbe...1fe870f0ee126ae236481fc2b40895b",
-   "didDocument": {
-      "@context": [
-         "https://www.w3.org/ns/did/v1",
-         "https://raw.githubusercontent.com/windingtree/org.json-schema/feat/new-orgid/src/context.json"
-      ],
-      "id": "did:orgid:4:0xd6a429d09a19ada...711fe870f0ee126ae236481fc2b40895b",
-      "created": "2021-12-21T23:32:51.818+02:00",
-      "verificationMethod": [
-         {
-            "id": "did:orgid:4:0xd6a429d09a...126ae236481f2b40895b#testCliKey1",
-            "controller": "did:orgid:4:0xd6a429d09a1...0ee26ae236481fc2b40895b",
-            "type": "EcdsaSecp256k1RecoveryMethod2020",
-            "blockchainAccountId": "0xeE75487409991A8F...5B0B5E6e99d7A@eip155:4"
-         }
-      ],
-      "legalEntity": {
-         "legalName": "Test entity",
-         "registryCode": "123456789",
-         "legalType": "Lsd",
-         "registeredAddress": {
-            "country": "ua",
-            "locality": "Odesa",
-            "postalCode": "65000",
-            "streetAddress": "Deribasovskaya, str 0"
-         },
-         "media": {
-            "logo": "ipfs://QmSTgJiMGsaRbuieVttWDki3uMHwgqnGMpM9yJ3TXHBnBf"
-         }
+  "@context": "https://w3id.org/did-resolution/v1",
+  "did": "did:orgid:4:0xd6a429d09a197adafbe...1fe870f0ee126ae236481fc2b40895b",
+  "didDocument": {
+    "@context": [
+      "https://www.w3.org/ns/did/v1",
+      "https://raw.githubusercontent.com/windingtree/org.json-schema/feat/new-orgid/src/context.json"
+    ],
+    "id": "did:orgid:4:0xd6a429d09a19ada...711fe870f0ee126ae236481fc2b40895b",
+    "created": "2021-12-21T23:32:51.818+02:00",
+    "verificationMethod": [
+      {
+        "id": "did:orgid:4:0xd6a429d09a...126ae236481f2b40895b#testCliKey1",
+        "controller": "did:orgid:4:0xd6a429d09a1...0ee26ae236481fc2b40895b",
+        "type": "EcdsaSecp256k1RecoveryMethod2020",
+        "blockchainAccountId": "0xeE75487409991A8F...5B0B5E6e99d7A@eip155:4"
+      }
+    ],
+    "legalEntity": {
+      "legalName": "Test entity",
+      "registryCode": "123456789",
+      "legalType": "Lsd",
+      "registeredAddress": {
+        "country": "ua",
+        "locality": "Odesa",
+        "postalCode": "65000",
+        "streetAddress": "Deribasovskaya, str 0"
       },
-      "updated": "2021-12-23T01:34:21.386+02:00"
-   },
-   "didResolutionMetadata": {
-      "contentType": "application/did+ld+json",
-      "retrieved": "2021-12-31T00:05:05.104+02:00",
-      "duration": 5101,
-      "resolverVersion": "3.0.0-beta.12"
-   },
-   "didDocumentMetadata": {
-      "created": "2021-12-21T23:32:51.818+02:00",
-      "updated": "2021-12-23T01:34:21.386+02:00",
-      "data":{
-         "tokenId": "1",
-         "orgId": "0xd6a429d09a197adafbe8c0d...70f0ee126ae236481fc2b40895b",
-         "owner": "0xeE75487409991A8...AdA852B0B5E6e99d7A",
-         "orgJsonUri": "ipfs://QmVQnh7HJu4FeJZM945PifkCH8CFskYZgUDMSQqgQzDMQ4",
-         "delegates": [],
-         "created": "2021-12-22T15:50:49.000Z"
+      "media": {
+        "logo": "ipfs://QmSTgJiMGsaRbuieVttWDki3uMHwgqnGMpM9yJ3TXHBnBf"
       }
-   }
+    },
+    "updated": "2021-12-23T01:34:21.386+02:00"
+  },
+  "didResolutionMetadata": {
+    "contentType": "application/did+ld+json",
+    "retrieved": "2021-12-31T00:05:05.104+02:00",
+    "duration": 5101,
+    "resolverVersion": "3.0.0-beta.12"
+  },
+  "didDocumentMetadata": {
+    "created": "2021-12-21T23:32:51.818+02:00",
+    "updated": "2021-12-23T01:34:21.386+02:00",
+    "data": {
+      "tokenId": "1",
+      "orgId": "0xd6a429d09a197adafbe8c0d...70f0ee126ae236481fc2b40895b",
+      "owner": "0xeE75487409991A8...AdA852B0B5E6e99d7A",
+      "orgJsonUri": "ipfs://QmVQnh7HJu4FeJZM945PifkCH8CFskYZgUDMSQqgQzDMQ4",
+      "delegates": [],
+      "created": "2021-12-22T15:50:49.000Z"
+    }
+  }
 }
 ```
 

diff --git a/jest.config.js b/jest.config.js
@@ -2,7 +2,5 @@ module.exports = {
   preset: 'ts-jest',
   testEnvironment: 'node',
   verbose: true,
-  testMatch: [
-    '**/test/*.spec.ts'
-  ]
+  testMatch: ['**/test/*.spec.ts'],
 };
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@windingtree/org.id-cli",
-  "version": "3.1.2",
+  "version": "3.2.0",
   "description": "The ORGiD command-line utility",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
@@ -15,6 +15,7 @@
   ],
   "scripts": {
     "lint": "npx eslint . --ext .ts",
+    "lint:fix": "npx eslint . --ext .ts --fix && npx prettier --write .",
     "test": "npx jest",
     "test:coverage": "npx jest --coverage",
     "build": "rm -rf dist && npx webpack --config webpack.config.js && chmod +x ./dist/index.js",
@@ -51,6 +52,8 @@
     "@types/luxon": "^3.0.2",
     "@types/node": "^18.11.3",
     "@types/prompts": "^2.4.1",
+    "@types/bn.js": "^5.1.1",
+    "@types/asn1": "^0.2.0",
     "@typescript-eslint/eslint-plugin": "^5.40.1",
     "@typescript-eslint/parser": "^5.40.1",
     "eslint": "^8.25.0",
@@ -63,6 +66,7 @@
     "webpack": "^5.74.0",
     "webpack-cli": "^4.10.0",
     "standard-version": "^9.5.0",
+    "prettier": "^2.7.1",
     "@windingtree/org.id-auth": "^1.2.4",
     "@windingtree/org.id-core": "^1.2.4",
     "@windingtree/org.id-resolver": "^3.2.1",
@@ -78,6 +82,9 @@
     "luxon": "^3.0.4",
     "prompts": "^2.4.2",
     "web3.storage": "^4.4.0",
-    "axios": "^1.1.3"
+    "axios": "^1.1.3",
+    "@aws-sdk/client-kms": "^3.202.0",
+    "asn1.js": "^5.4.1",
+    "aws-crt": "^1.14.5"
   }
 }