Replace ursa with node 12 core crypto or node-rsa

loopbackio · Jun 3, 2019 · 5f9ea2b · 5f9ea2b
1 parent 949dbb9
commit 5f9ea2b
Show file tree

Hide file tree

Showing 3 changed files with 24 additions and 34 deletions.
diff --git a/package.json b/package.json
@@ -3,15 +3,14 @@
   "version": "1.19.1",
   "description": "A minimal node SOAP client",
   "engines": {
-    "node": ">=6.0"
+    "node": ">=8.11.1"
   },
   "dependencies": {
     "compress": "^0.99.0",
     "debug": "^4.1.1",
     "httpntlm": "^1.7.6",
     "lodash": "^4.17.11",
-    "optional": "^0.1.3",
-    "path": "^0.12.7",
+    "node-rsa": "^1.0.5",
     "request": "^2.72.0",
     "sax": "^1.2",
     "selectn": "^1.0.20",
@@ -20,9 +19,6 @@
     "xml-crypto": "^1.4.0",
     "xmlbuilder": "^10.1.1"
   },
-  "optionalDependencies": {
-    "strong-ursa": "^0.11.0"
-  },
   "repository": {
     "type": "git",
     "url": "https://github.com/strongloop/strong-soap.git"

diff --git a/src/security/WSSecurityCert.js b/src/security/WSSecurityCert.js
@@ -5,16 +5,14 @@
 
 'use strict';
 
-var g = require('../globalize');
-var optional = require('optional');
-var ursa = optional('strong-ursa');
-var fs = require('fs');
-var path = require('path');
+var NodeRsa = require('node-rsa');
 var SignedXml = require('xml-crypto').SignedXml;
 var uuid = require('uuid');
 var Security = require('./security');
 var xmlHandler = require('../parser/xmlHandler');
 
+var crypto = require('crypto');
+
 function addMinutes(date, minutes) {
   return new Date(date.getTime() + minutes * 60000);
 }
@@ -36,28 +34,21 @@ function generateExpires() {
   return dateStringForSOAP(addMinutes(new Date(), 10));
 }
 
-function insertStr(src, dst, pos) {
-  return [dst.slice(0, pos), src, dst.slice(pos)].join('');
-}
-
 function generateId() {
   return uuid.v4().replace(/-/gm, '');
 }
 
 class WSSecurityCert extends Security {
-  constructor(privatePEM, publicP12PEM, password, encoding) {
+  constructor(privatePEM, publicP12PEM, password) {
     super();
-    if (!ursa) {
-      throw new Error(g.f('Module {{ursa}} must be installed to use {{WSSecurityCert}}'));
-    }
-    this.privateKey = ursa.createPrivateKey(privatePEM, password, encoding);
+
     this.publicP12PEM = publicP12PEM.toString()
       .replace('-----BEGIN CERTIFICATE-----', '')
       .replace('-----END CERTIFICATE-----', '')
       .replace(/(\r\n|\n|\r)/gm, '');
 
     this.signer = new SignedXml();
-    this.signer.signingKey = this.privateKey.toPrivatePem();
+    this.signer.signingKey = this.getSigningKey(privatePEM, password);
     this.x509Id = 'x509-' + generateId();
 
     var references = ['http://www.w3.org/2000/09/xmldsig#enveloped-signature',
@@ -78,6 +69,19 @@ class WSSecurityCert extends Security {
     };
   }
 
+  getSigningKey(privatePEM, password) {
+    if (typeof crypto.createPrivateKey === 'function') {
+      // Node 11 or above
+      this.privateKey = crypto.createPrivateKey({key: privatePEM, passphrase: password});
+      return this.privateKey.export({type: 'pkcs1', format: 'pem'});
+    } else {
+      // Node 10 or below, fall back to https://github.com/rzcoder/node-rsa
+      if (password) throw new Error('Passphrase is not supported by node-rsa.');
+      this.privateKey = new NodeRsa(privatePEM);
+      return this.privateKey.exportKey('private');
+    }
+  }
+
   postProcess(headerElement, bodyElement) {
     this.created = generateCreated();
     this.expires = generateExpires();

diff --git a/test/security/WSSecurityCert.js b/test/security/WSSecurityCert.js
@@ -22,7 +22,7 @@ describe('WSSecurityCert', function() {
     if(process.platform === 'win32'){
       return true;
     }
-    var instance = new WSSecurityCert(key, cert, '', 'utf8');
+    var instance = new WSSecurityCert(key, cert, '');
     instance.should.have.property('privateKey');
     instance.should.have.property('publicP12PEM');
     instance.should.have.property('signer');
@@ -36,7 +36,7 @@ describe('WSSecurityCert', function() {
     var passed = true;
 
     try {
-      new WSSecurityCert('*****', cert, '', 'utf8');
+      new WSSecurityCert('*****', cert, '');
     } catch(e) {
       passed = false;
     }
@@ -46,24 +46,14 @@ describe('WSSecurityCert', function() {
     }
 
     passed = true;
-
-    try {
-      new WSSecurityCert(key, cert, '', 'bob');
-    } catch(e) {
-      passed = false;
-    }
-
-    if (passed) {
-      throw new Error('bad encoding');
-    }
   });
 
   it('should insert a WSSecurity signing block when postProcess is called',
     function() {
     if(process.platform === 'win32'){
       return true;
     }
-    var instance = new WSSecurityCert(key, cert, '', 'utf8');
+    var instance = new WSSecurityCert(key, cert, '');
     var env = XMLHandler.createSOAPEnvelope();
     instance.postProcess(env.header, env.body);
     var xml = env.header.toString({pretty: false});