security vulnerability fix code

Author: mahmishr

package.json

@@ -25,8 +25,7 @@
     "promise": "^8.3.0",
     "winston": "^3.11.0",
     "winston-daily-rotate-file": "^4.7.1",
-    "node-jose": "^2.2.0",
-    "jwk-to-pem": "^2.0.7"
+    "node-jose": "^2.2.0"
   },
   "keywords": [
     "nodeJS"

src/index.js

@@ -7703,7 +7703,7 @@
     OAuthApi: OAuthApi
   };
 
-  exports.TokenVerification = require('./utilities/flex/TokenVerification.js');
+  // exports.TokenVerification = require('./utilities/flex/TokenVerification.js');
   exports.Authorization = require('./authentication/core/Authorization.js');
   exports.MerchantConfig = require('./authentication/core/MerchantConfig.js');
   exports.Logger = require('./authentication/logging/Logger.js');

src/utilities/flex/TokenVerification.js

@@ -1,50 +1,50 @@
-'use strict';
+// 'use strict';
 
-const crypto = require('crypto');
-const jwkToPem = require('jwk-to-pem');
+// const crypto = require('crypto');
+// const jwkToPem = require('jwk-to-pem');
 
-/**
- * This function has all the merchentConfig properties getters and setters methods
- * 
- * @param  result 
- */
-function TokenVerification() {
+// /**
+//  * This function has all the merchentConfig properties getters and setters methods
+//  * 
+//  * @param  result 
+//  */
+// function TokenVerification() {
 
-}
+// }
 
-function isPemFormattedString(input) {
-  	return typeof input === 'string' && /^-----BEGIN PUBLIC KEY-----[\S\s]*-----END PUBLIC KEY-----/.test(input);
-  }
+// function isPemFormattedString(input) {
+//   	return typeof input === 'string' && /^-----BEGIN PUBLIC KEY-----[\S\s]*-----END PUBLIC KEY-----/.test(input);
+//   }
 
-  function isBase64String(input) {
-  	return typeof input === 'string' && /^[a-zA-Z0-9+/=]*$/g.test(input);
-  }
+//   function isBase64String(input) {
+//   	return typeof input === 'string' && /^[a-zA-Z0-9+/=]*$/g.test(input);
+//   }
 
-  function base64toPem(base64) {
-  	const urlDecoded = base64.replace(/-/g, '+').replace(/_/g, '/');
+//   function base64toPem(base64) {
+//   	const urlDecoded = base64.replace(/-/g, '+').replace(/_/g, '/');
 
-  	return [
-  		'-----BEGIN PUBLIC KEY-----',
-  		...urlDecoded.match(/.{1,64}/g),
-  		'-----END PUBLIC KEY-----',
-  	].join('\n');
-  }
+//   	return [
+//   		'-----BEGIN PUBLIC KEY-----',
+//   		...urlDecoded.match(/.{1,64}/g),
+//   		'-----END PUBLIC KEY-----',
+//   	].join('\n');
+//   }
 
-TokenVerification.prototype.verifyToken = function verifyToken(publicKey, token) {
-    if (typeof token !== 'object' || !token) throw new Error('Invalid token object');
-	if (!Object.prototype.hasOwnProperty.call(token, 'signature')) throw new Error('token.signature is missing');
-	if (!Object.prototype.hasOwnProperty.call(token, 'signedFields')) throw new Error('token.signedFields is missing');
+// TokenVerification.prototype.verifyToken = function verifyToken(publicKey, token) {
+//     if (typeof token !== 'object' || !token) throw new Error('Invalid token object');
+// 	if (!Object.prototype.hasOwnProperty.call(token, 'signature')) throw new Error('token.signature is missing');
+// 	if (!Object.prototype.hasOwnProperty.call(token, 'signedFields')) throw new Error('token.signedFields is missing');
 
-	let pem;
-	if (typeof publicKey === 'object') pem = jwkToPem(publicKey);
-	else if (isPemFormattedString(publicKey)) pem = publicKey;
-	else if (isBase64String(publicKey)) pem = base64toPem(publicKey);
-	else {
-		throw new Error('Invalid publicKey parameter');
-	}
+// 	let pem;
+// 	if (typeof publicKey === 'object') pem = jwkToPem(publicKey);
+// 	else if (isPemFormattedString(publicKey)) pem = publicKey;
+// 	else if (isBase64String(publicKey)) pem = base64toPem(publicKey);
+// 	else {
+// 		throw new Error('Invalid publicKey parameter');
+// 	}
 
-	const dataToVerify = token.signedFields.split(',').map(field => token[field]).join(',');
-	return crypto.createVerify('RSA-SHA512').update(dataToVerify).verify(pem, token.signature, 'base64');
-};
+// 	const dataToVerify = token.signedFields.split(',').map(field => token[field]).join(',');
+// 	return crypto.createVerify('RSA-SHA512').update(dataToVerify).verify(pem, token.signature, 'base64');
+// };
 
-module.exports = TokenVerification;
+// module.exports = TokenVerification;