From 667273e52e3bfb0f4f6f24fc1429b0525819051f Mon Sep 17 00:00:00 2001
From: Dave Longley <dlongley@digitalbazaar.com>
Date: Sat, 27 Sep 2025 17:27:59 -0400
Subject: [PATCH] Use `@bedrock/zcap-storage@9.3`.

---
 CHANGELOG.md      |  6 ++++++
 lib/middleware.js | 41 ++---------------------------------------
 package.json      |  2 +-
 test/package.json |  2 +-
 4 files changed, 10 insertions(+), 41 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 0439850..ff0f6fe 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,11 @@
 # bedrock-kms-http ChangeLog
 
+## 22.1.0 - 2025-mm-dd
+
+### Changed
+- Update peer dependencies:
+  - `@bedrock/zcap-storage@9.3`.
+
 ## 22.0.0 - 2025-03-07
 
 ### Changed
diff --git a/lib/middleware.js b/lib/middleware.js
index b195d13..52ee181 100644
--- a/lib/middleware.js
+++ b/lib/middleware.js
@@ -1,5 +1,5 @@
 /*!
- * Copyright (c) 2019-2024 Digital Bazaar, Inc. All rights reserved.
+ * Copyright (c) 2019-2025 Digital Bazaar, Inc. All rights reserved.
  */
 import * as bedrock from '@bedrock/core';
 import * as brZCapStorage from '@bedrock/zcap-storage';
@@ -20,6 +20,7 @@ import {defaultModuleManager as moduleManager} from '@bedrock/kms';
 import {reportOperationUsage} from './metering.js';
 
 const {config, util: {BedrockError}} = bedrock;
+const {helpers: {inspectCapabilityChain}} = brZCapStorage;
 
 const FIVE_MINUTES = 1000 * 60 * 5;
 
@@ -200,44 +201,6 @@ async function getVerifier({keyId, documentLoader}) {
   return {verifier, verificationMethod};
 }
 
-async function inspectCapabilityChain({
-  capabilityChain, capabilityChainMeta
-}) {
-  // if capability chain has only root, there's nothing to check as root
-  // zcaps cannot be revoked
-  if(capabilityChain.length === 1) {
-    return {valid: true};
-  }
-
-  // collect capability IDs and delegators for all delegated capabilities in
-  // chain (skip root) so they can be checked for revocation
-  const capabilities = [];
-  for(const [i, capability] of capabilityChain.entries()) {
-    // skip root zcap, it cannot be revoked
-    if(i === 0) {
-      continue;
-    }
-    const [{purposeResult}] = capabilityChainMeta[i].verifyResult.results;
-    if(purposeResult && purposeResult.delegator) {
-      capabilities.push({
-        capabilityId: capability.id,
-        delegator: purposeResult.delegator.id,
-      });
-    }
-  }
-
-  const revoked = await brZCapStorage.revocations.isRevoked({capabilities});
-  if(revoked) {
-    return {
-      valid: false,
-      error: new Error(
-        'One or more capabilities in the chain have been revoked.')
-    };
-  }
-
-  return {valid: true};
-}
-
 function onError({error}) {
   if(!(error instanceof BedrockError)) {
     // always expose cause message and name; expose cause details as
diff --git a/package.json b/package.json
index 98533f0..c92ad95 100644
--- a/package.json
+++ b/package.json
@@ -49,7 +49,7 @@
     "@bedrock/security-context": "^9.0.0",
     "@bedrock/validation": "^7.1.1",
     "@bedrock/veres-one-context": "^16.0.0",
-    "@bedrock/zcap-storage": "^9.0.0"
+    "@bedrock/zcap-storage": "^9.3.0"
   },
   "directories": {
     "lib": "./lib"
diff --git a/test/package.json b/test/package.json
index bfd6fe2..dca1fbe 100644
--- a/test/package.json
+++ b/test/package.json
@@ -36,7 +36,7 @@
     "@bedrock/test": "^8.2.0",
     "@bedrock/validation": "^7.1.1",
     "@bedrock/veres-one-context": "^16.0.0",
-    "@bedrock/zcap-storage": "^9.0.0",
+    "@bedrock/zcap-storage": "^9.3.0",
     "@digitalbazaar/did-method-key": "^4.0.0",
     "@digitalbazaar/ed25519-signature-2020": "^5.4.0",
     "@digitalbazaar/ezcap": "^4.1.0",