Refactoring loading private key into utils class

Author: rossphelan

lib/mcapi/crypto/jwe-crypto.js

@@ -89,6 +89,8 @@ function JweCrypto(config) {
     const encryptedText = Buffer.from(jweTokenParts[3], 'base64url');
     const authTag = Buffer.from(jweTokenParts[4], 'base64url');
 
+    // const node10 = utils.isNode10()
+
     let secretKey = nodeCrypto.privateDecrypt(
       {
         key: this.privateKey,
@@ -152,111 +154,12 @@ function readPublicCertificate(publicCertificatePath) {
  * @private
  */
 function getPrivateKey(config) {
-  if (config.privateKey) {
-    return loadPrivateKey(config.privateKey);
-  } else if (config.keyStore) {
-    if (config.keyStore.includes(".p12")) {
-      return getPrivateKey12(config.keyStore, config.keyStoreAlias, config.keyStorePassword);
-    }
-    if (config.keyStore.includes(".pem")) {
-      return getPrivateKeyPem(config.keyStore);
-    }
-    if (config.keyStore.includes(".der")) {
-      return getPrivateKeyDer(config.keyStore);
-    }
-  }
-  return null;
-}
-
-/**
- * @private
- */
-function getPrivateKey12(p12Path, alias, password) {
-  const p12Content = fs.readFileSync(p12Path, 'binary');
-
-  if (!p12Content || p12Content.length <= 1) {
-    throw new Error('p12 keystore content is empty');
-  }
-
-  if (!utils.isSet(alias)) {
-    throw new Error('Key alias is not set');
-  }
-
-  if (!utils.isSet(password)) {
-    throw new Error('Keystore password is not set');
-  }
-
-  // Get asn1 from DER
-  const p12Asn1 = forge.asn1.fromDer(p12Content, false);
-
-  // Get p12 using the password
-  const p12 = forge.pkcs12.pkcs12FromAsn1(p12Asn1, false, password);
-
-  // Get Key from p12
-  const keyObj = p12.getBags({
-    friendlyName: alias,
-    bagType: forge.pki.oids.pkcs8ShroudedKeyBag
-  }).friendlyName[0];
-
-  if (!utils.isSet(keyObj)) {
-    throw new Error("No key found for alias [" + alias + "]");
-  }
-
-  return forge.pki.privateKeyToPem(keyObj.key);
-}
-
-/**
- * @private
- */
-function loadPrivateKey(privateKeyPath) {
-  const privateKeyContent = fs.readFileSync(privateKeyPath, 'binary');
-
-  if (!privateKeyContent || privateKeyContent.length <= 1) {
-    throw new Error('Private key content not valid');
-  }
-
-  const privateKey = nodeCrypto.createPrivateKey({
-    key: privateKeyContent,
-    type: 'pkcs8',
-    format: 'der',
-    encoding: 'binary'
-  });
-  return privateKey;
-}
-
-/**
- * @private
- */
-function getPrivateKeyPem(pemPath) {
-  const pemContent = fs.readFileSync(pemPath, 'binary');
-
-  if (!pemContent || pemContent.length <= 1) {
-    throw new Error('pem keystore content is empty');
-  }
-  const privateKey = nodeCrypto.createPrivateKey({
-    key: pemContent,
-    format: 'pem'
-  });
-  return privateKey;
-}
-
-/**
- * @private
- */
-function getPrivateKeyDer(derPath) {
-  const derContent = fs.readFileSync(derPath, 'binary');
-
-  if (!derContent || derContent.length <= 1) {
-    throw new Error('der keystore content is empty');
+  const privateKey = utils.getPrivateKey(config);
+  if( privateKey ){
+    return forge.pki.privateKeyToPem(privateKey);
+  }else{
+    return null;
   }
-
-  const privateKey = nodeCrypto.createPrivateKey({
-    key: derContent,
-    type: 'pkcs8',
-    format: 'der',
-    encoding: 'binary'
-  });
-  return privateKey;
 }
 
 /**
@@ -368,4 +271,3 @@ function validateRootMapping(config) {
 }
 
 module.exports = JweCrypto;
-

lib/mcapi/crypto/legacy-crypto.js

@@ -18,7 +18,7 @@ function LegacyCrypto(config) {
   this.encryptionCertificate = readPublicCertificate(config.encryptionCertificate);
 
   // Load private key (for decryption)
-  this.privateKey = getPrivateKey(config);
+  this.privateKey = utils.getPrivateKey(config);
 
   this.encoding = config.dataEncoding;
 
@@ -165,19 +165,6 @@ function generateSecretKey(algorithm, size, digest) {
   throw new Error('Unsupported symmetric algorithm');
 }
 
-/**
- * @private
- */
-function loadPrivateKey(privateKeyPath) {
-  const privateKeyContent = fs.readFileSync(privateKeyPath, 'binary');
-
-  if (!privateKeyContent || privateKeyContent.length <= 1) {
-    throw new Error('Private key content not valid');
-  }
-
-  return forge.pki.privateKeyFromAsn1(forge.asn1.fromDer(privateKeyContent));
-}
-
 /**
  * @private
  */
@@ -189,95 +176,6 @@ function readPublicCertificate(publicCertificatePath) {
   return forge.pki.certificateFromPem(certificateContent);
 }
 
-/**
- * @private
- */
-function getPrivateKey(config) {
-  if (config.privateKey) {
-    return loadPrivateKey(config.privateKey);
-  } else if (config.keyStore) {
-    if (config.keyStore.includes(".p12")) {
-      return getPrivateKey12(config.keyStore, config.keyStoreAlias, config.keyStorePassword);
-    }
-    if (config.keyStore.includes(".pem")) {
-      return getPrivateKeyPem(config.keyStore);
-    }
-    if (config.keyStore.includes(".der")) {
-      return getPrivateKeyDer(config.keyStore);
-    }
-  }
-  return null;
-}
-
-/**
- * @private
- */
-function getPrivateKey12(p12Path, alias, password) {
-  const p12Content = fs.readFileSync(p12Path, 'binary');
-
-  if (!p12Content || p12Content.length <= 1) {
-    throw new Error('p12 keystore content is empty');
-  }
-
-  if (!utils.isSet(alias)) {
-    throw new Error('Key alias is not set');
-  }
-
-  if (!utils.isSet(password)) {
-    throw new Error('Keystore password is not set');
-  }
-
-  // Get asn1 from DER
-  const p12Asn1 = forge.asn1.fromDer(p12Content, false);
-
-  // Get p12 using the password
-  const p12 = forge.pkcs12.pkcs12FromAsn1(p12Asn1, false, password);
-
-  // Get Key from p12
-  const keyObj = p12.getBags({
-    friendlyName: alias,
-    bagType: forge.pki.oids.pkcs8ShroudedKeyBag
-  }).friendlyName[0];
-
-  if (!utils.isSet(keyObj)) {
-    throw new Error("No key found for alias [" + alias + "]");
-  }
-
-  return keyObj.key;
-}
-
-/**
- * Load a PKCS#1 PEM (starts with "-----BEGIN RSA PRIVATE KEY-----")
- * or a PKCS#8 PEM (starts with "-----BEGIN PRIVATE KEY-----")"
- */
-function getPrivateKeyPem(pemPath) {
-  let pemContent = fs.readFileSync(pemPath, 'binary');
-
-  if (!pemContent || pemContent.length <= 1) {
-    throw new Error('pem keystore content is empty');
-  }
-
-  pemContent = pemContent.replace("\n", "");
-  pemContent = pemContent.replace("\r\n", "");
-
-  return forge.pki.privateKeyFromPem(pemContent);
-}
-
-/**
- * Load a Binary DER-encoded PKCS#8
- */
-function getPrivateKeyDer(derPath) {
-  const derContent = fs.readFileSync(derPath, 'binary');
-
-  if (!derContent || derContent.length <= 1) {
-    throw new Error('der keystore content is empty');
-  }
-
-  const pkeyAsn1 = forge.asn1.fromDer(derContent);
-  return forge.pki.privateKeyFromAsn1(pkeyAsn1);
-}
-
-
 /**
  * @private
  * @param config Configuration object

lib/mcapi/utils/utils.js

@@ -1,4 +1,5 @@
 const forge = require('node-forge');
+const fs = require('fs');
 
 /**
  * Utils module
@@ -14,6 +15,9 @@ const forge = require('node-forge');
 module.exports.isSet = function (value) {
   return typeof value !== "undefined" && value !== null && value.length !== 0;
 };
+isSet = function (value) {
+  return typeof value !== "undefined" && value !== null && value.length !== 0;
+};
 
 /**
  * Converts a 'binary' encoded string of bytes to (hex or base64) encoded string.
@@ -139,3 +143,100 @@ function deleteRoot(obj, paths, properties){
     });
   }
 }
+
+// module.exports.isNode10 = function(){
+//   const majorVersion = parseInt(parseInt(process.version.substring(1,3)));
+//   if(majorVersion < 10){
+//     throw new Error("Only node version 10+ supported");
+//   }
+//   if(majorVersion === 10){
+//     return true;
+//   }
+//   return false;
+// };
+
+module.exports.getPrivateKey = function(config){
+  if (config.privateKey) {
+    return loadPrivateKey(config.privateKey);
+  } else if (config.keyStore) {
+    if (config.keyStore.includes(".p12")) {
+      return getPrivateKey12(config.keyStore, config.keyStoreAlias, config.keyStorePassword);
+    }
+    if (config.keyStore.includes(".pem")) {
+      return getPrivateKeyPem(config.keyStore);
+    }
+    if (config.keyStore.includes(".der")) {
+      return getPrivateKeyDer(config.keyStore);
+    }
+  }
+  return null;
+};
+
+function getPrivateKey12(p12Path, alias, password) {
+  const p12Content = fs.readFileSync(p12Path, 'binary');
+
+  if (!p12Content || p12Content.length <= 1) {
+    throw new Error('p12 keystore content is empty');
+  }
+
+  if (!isSet(alias)) {
+    throw new Error('Key alias is not set');
+  }
+
+  if (!isSet(password)) {
+    throw new Error('Keystore password is not set');
+  }
+
+  // Get asn1 from DER
+  const p12Asn1 = forge.asn1.fromDer(p12Content, false);
+
+  // Get p12 using the password
+  const p12 = forge.pkcs12.pkcs12FromAsn1(p12Asn1, false, password);
+
+  // Get Key from p12
+  const keyObj = p12.getBags({
+    friendlyName: alias,
+    bagType: forge.pki.oids.pkcs8ShroudedKeyBag
+  }).friendlyName[0];
+
+  if (!isSet(keyObj)) {
+    throw new Error("No key found for alias [" + alias + "]");
+  }
+
+  return keyObj.key;
+}
+
+function getPrivateKeyPem(pemPath) {
+  let pemContent = fs.readFileSync(pemPath, 'binary');
+
+  if (!pemContent || pemContent.length <= 1) {
+    throw new Error('pem keystore content is empty');
+  }
+
+  pemContent = pemContent.replace("\n", "");
+  pemContent = pemContent.replace("\r\n", "");
+
+  return forge.pki.privateKeyFromPem(pemContent);
+}
+
+function getPrivateKeyDer(derPath) {
+  const derContent = fs.readFileSync(derPath, 'binary');
+
+  if (!derContent || derContent.length <= 1) {
+    throw new Error('der keystore content is empty');
+  }
+
+  const pkeyAsn1 = forge.asn1.fromDer(derContent);
+  return forge.pki.privateKeyFromAsn1(pkeyAsn1);
+}
+
+function loadPrivateKey(privateKeyPath) {
+  const privateKeyContent = fs.readFileSync(privateKeyPath, 'binary');
+
+  if (!privateKeyContent || privateKeyContent.length <= 1) {
+    throw new Error('Private key content not valid');
+  }
+
+  return forge.pki.privateKeyFromAsn1(forge.asn1.fromDer(privateKeyContent));
+}
+