TypeError: Invalid hex string in aadutils.js

[dhodgin]

When using the BearerStrategy the code fails inside rsaPublicKeyPem when trying to generate the pem cert

TypeError: Invalid hex string
    at TypeError (native)
    at Buffer.write (buffer.js:594:21)
    at fromString (buffer.js:113:26)
    at new Buffer (buffer.js:58:12)
    at Object.exports.getElement.exports.getFirstElement.exports.originalURL.exports.merge.exports.uid.exports.rsaPublicKeyPem (\azure-angular-nodejs-sandbox\node_modules\passport-azure-ad\lib\aadutils.js:155:18)
    at \azure-angular-nodejs-sandbox\node_modules\passport-azure-ad\lib\metadata.js:206:23
    at Array.some (native)
    at Metadata.generateOidcPEM (\azure-angular-nodejs-sandbox\node_modules\passport-azure-ad\lib\metadata.js:182:8)
    at Strategy.jwtVerify [as _verify] (\azure-angular-nodejs-sandbox\node_modules\passport-azure-ad\lib\bearerstrategy.js:158:30)
    at Strategy.authenticate (\azure-angular-nodejs-sandbox\node_modules\passport-http-bearer\lib\strategy.js:130:10)

seems to happen here:

  const encodedPubkey = `30
    ${encodeLengthHex(
          modlen +
          explen +
          encodedModlen.length / 2 +
          encodedExplen.length / 2 + 2
        )}
    02${encodedModlen}${modulusHex}
    02${encodedExplen}${exponentHex}`;
    console.log(encodedPubkey);
  const derB64 = new Buffer(encodedPubkey, 'hex').toString('base64');

[dhodgin]

Found the problem. It's the ES6 template strings spanning multiple lines for both the encodedPubkey and the final pem string. extra spaces are inserted into the pem certificate which then fails to read properly

The invalid hex string error is caused by encoded Pubkey having whitespace.

Once that's fixed you get Error: PEM_read_bio_PUBKEY failed from Verify.verify in crypto.js in node

Logging the pem certificate shows it will look like this:

-----BEGIN RSA PUBLIC KEY-----

    MBIBCgKCAQEAvIqz+4+ER/vNWLON9yv8hIYV737JQ6rCl6XfzOC628seYUPf0TaG
k91CFxefhzh23V9Tkq+RtwN1Bs/z57hO82kkzL+cQHZX3bMJD+GEGOKXCEXURN7V
MyZWMAuzQoW9vFb1k3cR1RW/EW/P+C8bb2dCGXhBYqPfHyimvz2WarXhntPSbM5X
yS5v5yCw5T/Vuwqqsio3V8wooWGMbp61y12NhN8bNVD3AkDPNu2DT9DXB1g0CeFI
Np/KAS/qQ2Kq6TSvRHJqxRR68RezYtje9KAqwqx4jxlmVAQy0T3+T+IAbsk1wRtW
DndhO6s1Os+dck5TzyZ/dNOhfXgelixLUQIDAQAB

-----END RSA PUBLIC KEY-----

I changed a few of the chars above to invalidate my actual cert that was generated

note the 4 spaces inserted at the start of the string and the newlines between begin and end

the function has strict requirements that the cert contain the begin line, 64 chars per line, and end line

PR coming soon...