From 643ff3c9a9a0aebe4fd7ba89dfe64f78d33f3851 Mon Sep 17 00:00:00 2001
From: Prithvish Baidya <deformercoding@gmail.com>
Date: Mon, 7 Oct 2024 19:33:20 +0530
Subject: [PATCH 1/3] replace String.raw`\n` with `\n` in gcp private key

---
 src/server/utils/wallets/getGcpKmsAccount.ts | 16 +++++++++++++++-
 src/utils/account.ts                         |  5 ++++-
 2 files changed, 19 insertions(+), 2 deletions(-)

diff --git a/src/server/utils/wallets/getGcpKmsAccount.ts b/src/server/utils/wallets/getGcpKmsAccount.ts
index 7160415b9..8f124001b 100644
--- a/src/server/utils/wallets/getGcpKmsAccount.ts
+++ b/src/server/utils/wallets/getGcpKmsAccount.ts
@@ -40,6 +40,13 @@ export async function getGcpKmsAccount(
 ): Promise<GcpKmsAccount> {
   const { name: unprocessedName, clientOptions, client } = options;
 
+  let rawPrivateKey: string | undefined;
+  if (clientOptions?.credentials) {
+    if ("private_key" in clientOptions.credentials) {
+      rawPrivateKey = clientOptions.credentials.private_key;
+    }
+  }
+
   // we had a bug previously where we previously called it "cryptoKeyVersion" instead of "cryptoKeyVersions"
   // if we detect that, we'll fix it here
   // TODO: remove this as a breaking change
@@ -47,7 +54,14 @@ export async function getGcpKmsAccount(
     ? unprocessedName
     : unprocessedName.replace("cryptoKeyVersion", "cryptoKeyVersions");
 
-  const signer = new CloudKmsSigner(name, clientOptions);
+  const signer = new CloudKmsSigner(name, {
+    ...clientOptions,
+    credentials: {
+      ...clientOptions?.credentials,
+      // https://stackoverflow.com/questions/74131595/error-error1e08010cdecoder-routinesunsupported-with-google-auth-library
+      private_key: rawPrivateKey?.split(String.raw`\n`).join("\n"),
+    },
+  });
 
   // Populate address immediately
   const publicKey = await signer.getPublicKey();
diff --git a/src/utils/account.ts b/src/utils/account.ts
index 8880a553d..021c65618 100644
--- a/src/utils/account.ts
+++ b/src/utils/account.ts
@@ -126,7 +126,10 @@ export const getAccount = async (args: {
         clientOptions: {
           credentials: {
             client_email: gcpApplicationCredentialEmail,
-            private_key: gcpApplicationCredentialPrivateKey,
+            // https://stackoverflow.com/questions/74131595/error-error1e08010cdecoder-routinesunsupported-with-google-auth-library
+            private_key: gcpApplicationCredentialPrivateKey
+              .split(String.raw`\n`)
+              .join("\n"),
           },
         },
       });

From ed66110bd1443c9b45574ebde8554df29fc6115d Mon Sep 17 00:00:00 2001
From: Prithvish Baidya <deformercoding@gmail.com>
Date: Mon, 7 Oct 2024 23:50:19 +0530
Subject: [PATCH 2/3] refactor

---
 src/server/utils/wallets/getGcpKmsAccount.ts | 20 +++++++++-----------
 1 file changed, 9 insertions(+), 11 deletions(-)

diff --git a/src/server/utils/wallets/getGcpKmsAccount.ts b/src/server/utils/wallets/getGcpKmsAccount.ts
index 8f124001b..6337ba3fc 100644
--- a/src/server/utils/wallets/getGcpKmsAccount.ts
+++ b/src/server/utils/wallets/getGcpKmsAccount.ts
@@ -40,10 +40,15 @@ export async function getGcpKmsAccount(
 ): Promise<GcpKmsAccount> {
   const { name: unprocessedName, clientOptions, client } = options;
 
-  let rawPrivateKey: string | undefined;
   if (clientOptions?.credentials) {
-    if ("private_key" in clientOptions.credentials) {
-      rawPrivateKey = clientOptions.credentials.private_key;
+    if (
+      "private_key" in clientOptions.credentials &&
+      clientOptions.credentials.private_key
+    ) {
+      // https://stackoverflow.com/questions/74131595/error-error1e08010cdecoder-routinesunsupported-with-google-auth-library
+      // new keys are stored correctly with newlines, but older keys need this sanitization for backwards compatibility
+      clientOptions.credentials.private_key =
+        clientOptions.credentials.private_key.split(String.raw`\n`).join("\n");
     }
   }
 
@@ -54,14 +59,7 @@ export async function getGcpKmsAccount(
     ? unprocessedName
     : unprocessedName.replace("cryptoKeyVersion", "cryptoKeyVersions");
 
-  const signer = new CloudKmsSigner(name, {
-    ...clientOptions,
-    credentials: {
-      ...clientOptions?.credentials,
-      // https://stackoverflow.com/questions/74131595/error-error1e08010cdecoder-routinesunsupported-with-google-auth-library
-      private_key: rawPrivateKey?.split(String.raw`\n`).join("\n"),
-    },
-  });
+  const signer = new CloudKmsSigner(name, clientOptions);
 
   // Populate address immediately
   const publicKey = await signer.getPublicKey();

From c4cb19912a8836687910781566a19e1939c53038 Mon Sep 17 00:00:00 2001
From: Prithvish Baidya <deformercoding@gmail.com>
Date: Tue, 8 Oct 2024 00:42:27 +0530
Subject: [PATCH 3/3] remove redundant sanitisation

---
 src/utils/account.ts | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/src/utils/account.ts b/src/utils/account.ts
index 021c65618..8880a553d 100644
--- a/src/utils/account.ts
+++ b/src/utils/account.ts
@@ -126,10 +126,7 @@ export const getAccount = async (args: {
         clientOptions: {
           credentials: {
             client_email: gcpApplicationCredentialEmail,
-            // https://stackoverflow.com/questions/74131595/error-error1e08010cdecoder-routinesunsupported-with-google-auth-library
-            private_key: gcpApplicationCredentialPrivateKey
-              .split(String.raw`\n`)
-              .join("\n"),
+            private_key: gcpApplicationCredentialPrivateKey,
           },
         },
       });