all tests pass and all features “work”

seebees · seebees · commit 78396d7ed3ce · 2024-12-12T13:52:10.000-08:00
diff --git a/modules/kms-keyring-node/src/kms_hkeyring_node.ts b/modules/kms-keyring-node/src/kms_hkeyring_node.ts
@@ -55,15 +55,16 @@ export interface KmsHierarchicalKeyRingNodeInput {
   branchKeyIdSupplier?: BranchKeyIdSupplier
   keyStore: BranchKeyStoreNode
   cacheLimitTtl: number
+  cache?: CryptographicMaterialsCache<NodeAlgorithmSuite>
   maxCacheSize?: number
+  partitionId?: string
 }
 
 export interface IKmsHierarchicalKeyRingNode extends KeyringNode {
   branchKeyId?: string
   branchKeyIdSupplier?: Readonly<BranchKeyIdSupplier>
   keyStore: Readonly<BranchKeyStoreNode>
   cacheLimitTtl: number
-  maxCacheSize: number
   _onEncrypt(material: NodeEncryptionMaterial): Promise<NodeEncryptionMaterial>
   _onDecrypt(
     material: NodeDecryptionMaterial,
@@ -78,23 +79,25 @@ export class KmsHierarchicalKeyRingNode
   public declare branchKeyId?: string
   public declare branchKeyIdSupplier?: Readonly<BranchKeyIdSupplier>
   public declare keyStore: Readonly<BranchKeyStoreNode>
-  public declare _logicalKeyStoreName: Buffer 
+  public declare _logicalKeyStoreName: Buffer
   public declare cacheLimitTtl: number
-  public declare maxCacheSize: number
-  private _cmc: CryptographicMaterialsCache<NodeAlgorithmSuite>
+  public declare maxCacheSize?: number
+  public declare _cmc: CryptographicMaterialsCache<NodeAlgorithmSuite>
   declare readonly _partition: Buffer
 
   constructor({
     branchKeyId,
     branchKeyIdSupplier,
     keyStore,
     cacheLimitTtl,
+    cache,
     maxCacheSize,
+    partitionId,
   }: KmsHierarchicalKeyRingNodeInput) {
     super()
 
-    const partition = randomBytes(64)
-    readOnlyProperty(this, '_partition', partition)
+    needs(!partitionId || typeof partitionId === 'string', 'Partition id must be a string.')
+    readOnlyProperty(this, '_partition', partitionId ? stringToUtf8Bytes(partitionId) : randomBytes(64))
 
     /* Precondition: The branch key id must be a string */
     if (branchKeyId) {
@@ -122,24 +125,18 @@ export class KmsHierarchicalKeyRingNode
       'The keystore must be a BranchKeyStore'
     )
 
-    readOnlyProperty(this, '_logicalKeyStoreName', stringToUtf8Bytes(keyStore.getKeyStoreInfo().logicalKeyStoreName))    
+    readOnlyProperty(
+      this,
+      '_logicalKeyStoreName',
+      stringToUtf8Bytes(keyStore.getKeyStoreInfo().logicalKeyStoreName)
+    )
 
     /* Precondition: The cache limit TTL must be a number */
     needs(
       typeof cacheLimitTtl === 'number',
       'The cache limit TTL must be a number'
     )
 
-    /* Precondition: The max cache size must be a number */
-    if (maxCacheSize || maxCacheSize === 0) {
-      needs(
-        typeof maxCacheSize === 'number',
-        'The max cache size must be a number'
-      )
-    } else {
-      maxCacheSize = undefined
-    }
-
     //= aws-encryption-sdk-specification/framework/aws-kms/aws-kms-hierarchical-keyring.md#cache-limit-ttl
     //# The maximum amount of time in seconds that an entry within the cache may be used before it MUST be evicted.
     //# The client MUST set a time-to-live (TTL) for [branch key materials](../structures.md#branch-key-materials) in the underlying cache.
@@ -162,14 +159,6 @@ export class KmsHierarchicalKeyRingNode
       'Must provide a branch key identifier or supplier'
     )
 
-    /* Precondition: Max cache size must be non-negative and less than or equal Number.MAX_SAFE_INTEGER */
-    if (maxCacheSize) {
-      needs(
-        0 <= maxCacheSize && maxCacheSize <= Number.MAX_SAFE_INTEGER,
-        'Max cache size must be non-negative and less than or equal Number.MAX_SAFE_INTEGER'
-      )
-    }
-
     readOnlyProperty(this, 'keyStore', Object.freeze(keyStore))
     /* Postcondition: The keystore object is frozen */
 
@@ -187,17 +176,33 @@ export class KmsHierarchicalKeyRingNode
     )
     /* Postcondition: Provided branch key supplier must be frozen */
 
-    //= aws-encryption-sdk-specification/framework/aws-kms/aws-kms-hierarchical-keyring.md#initialization
-    //# If no max cache size is provided, the cryptographic materials cache MUST be configured to a
-    //# max cache size of 1000.
-    readOnlyProperty(
-      this,
-      'maxCacheSize',
-      maxCacheSize || maxCacheSize === 0 ? maxCacheSize : 1000
-    )
-    /* Postcondition: The max cache size is initialized */
+    if (cache) {
+      needs(!maxCacheSize, 'Max cache size not supported when passing a cache.')
+    } else {
 
-    this._cmc = getLocalCryptographicMaterialsCache(this.maxCacheSize)
+      console.log(maxCacheSize)
+
+      /* Precondition: The max cache size must be a number */
+      needs(
+        // Order is important, 0 is a number but also false.
+        typeof maxCacheSize === 'number' || !maxCacheSize,
+        'The max cache size must be a number'
+      )
+
+      //= aws-encryption-sdk-specification/framework/aws-kms/aws-kms-hierarchical-keyring.md#initialization
+      //# If no max cache size is provided, the cryptographic materials cache MUST be configured to a
+      //# max cache size of 1000.
+      maxCacheSize = maxCacheSize === 0 || maxCacheSize ? maxCacheSize : 1000
+      /* Precondition: Max cache size must be non-negative and less than or equal Number.MAX_SAFE_INTEGER */
+      needs(
+        0 <= maxCacheSize && maxCacheSize <= Number.MAX_SAFE_INTEGER,
+        'Max cache size must be non-negative and less than or equal Number.MAX_SAFE_INTEGER'
+      )
+
+      cache = getLocalCryptographicMaterialsCache(maxCacheSize)
+    }
+    readOnlyProperty(this, 'maxCacheSize', maxCacheSize)
+    readOnlyProperty(this, '_cmc', cache)
 
     Object.freeze(this)
     /* Postcondition: The HKR object must be frozen */
