Fix pemToDer() return type (#364)

node-saml · Jul 29, 2023 · 06cab68 · 06cab68
1 parent be61682
commit 06cab68
Show file tree

Hide file tree

Showing 4 changed files with 58 additions and 10 deletions.
diff --git a/src/signed-xml.ts b/src/signed-xml.ts
@@ -194,7 +194,7 @@ export class SignedXml {
 
  if (publicCertMatches.length > 0) {
  x509Certs = publicCertMatches
- .map((c) => `<X509Certificate>${utils.pemToDer(c)}</X509Certificate>`)
+ .map((c) => `<X509Certificate>${utils.pemToDer(c).toString("base64")}</X509Certificate>`)
  .join("");
  }
 

diff --git a/src/utils.ts b/src/utils.ts
@@ -142,11 +142,18 @@ export function normalizePem(pem: string): string {
 /**
  * @param pem The PEM-encoded base64 certificate to strip headers from
  */
-export function pemToDer(pem: string): string {
- return pem
- .replace(/(\r\n|\r)/g, "\n")
- .replace(/-----BEGIN [A-Z\x20]{1,48}-----\n?/, "")
- .replace(/-----END [A-Z\x20]{1,48}-----\n?/, "");
+export function pemToDer(pem: string): Buffer {
+ if (!PEM_FORMAT_REGEX.test(pem.trim())) {
+ throw new Error("Invalid PEM format.");
+ }
+
+ return Buffer.from(
+ pem
+ .replace(/(\r\n|\r)/g, "")
+ .replace(/-----BEGIN [A-Z\x20]{1,48}-----\n?/, "")
+ .replace(/-----END [A-Z\x20]{1,48}-----\n?/, ""),
+ "base64",
+ );
 }
 
 /**
@@ -155,15 +162,20 @@ export function pemToDer(pem: string): string {
  */
 export function derToPem(
  der: string | Buffer,
- pemLabel: "CERTIFICATE" | "PRIVATE KEY" | "RSA PUBLIC KEY",
+ pemLabel?: "CERTIFICATE" | "PRIVATE KEY" | "RSA PUBLIC KEY",
 ): string {
- const base64Der = Buffer.isBuffer(der) ? der.toString("latin1").trim() : der.trim();
+ const base64Der = Buffer.isBuffer(der)
+ ? der.toString("base64").trim()
+ : der.replace(/(\r\n|\r)/g, "").trim();
 
  if (PEM_FORMAT_REGEX.test(base64Der)) {
  return normalizePem(base64Der);
  }
 
  if (BASE64_REGEX.test(base64Der)) {
+ if (pemLabel == null) {
+ throw new Error("PEM label is required when DER is given.");
+ }
  const pem = `-----BEGIN ${pemLabel}-----\n${base64Der}\n-----END ${pemLabel}-----`;
 
  return normalizePem(pem);

diff --git a/test/static/client_public.der b/test/static/client_public.der
diff --git a/test/utils-tests.spec.ts b/test/utils-tests.spec.ts
@@ -12,7 +12,6 @@ describe("Utils tests", function () {
  pemAsArray[pemAsArray.length - 1]
  }`;
 
- // @ts-expect-error FIXME
  expect(utils.derToPem(nonNormalizedPem)).to.equal(normalizedPem);
  });
 
@@ -25,8 +24,45 @@ describe("Utils tests", function () {
  });
 
  it("will throw if the format is neither PEM nor DER", function () {
- // @ts-expect-error FIXME
  expect(() => utils.derToPem("not a pem")).to.throw();
  });
+
+ it("will return a normalized PEM format when given a DER Buffer", function () {
+ const normalizedPem = fs.readFileSync("./test/static/client_public.pem", "latin1");
+ const derBuffer = fs.readFileSync("./test/static/client_public.der");
+
+ expect(utils.derToPem(derBuffer, "CERTIFICATE")).to.equal(normalizedPem);
+ });
+
+ it("will return a normalized PEM format when given a base64 string with line breaks", function () {
+ const normalizedPem = fs.readFileSync("./test/static/client_public.pem", "latin1");
+ const base64String = fs.readFileSync("./test/static/client_public.der", "base64");
+
+ expect(utils.derToPem(base64String, "CERTIFICATE")).to.equal(normalizedPem);
+ });
+
+ it("will throw if the DER string is not base64 encoded", function () {
+ expect(() => utils.derToPem("not base64", "CERTIFICATE")).to.throw();
+ });
+
+ it("will throw if the PEM label is not provided", function () {
+ const derBuffer = fs.readFileSync("./test/static/client_public.der");
+ expect(() => utils.derToPem(derBuffer)).to.throw();
+ });
+ });
+
+ describe("pemToDer", function () {
+ it("will return a Buffer of binary DER when given a normalized PEM format", function () {
+ const pem = fs.readFileSync("./test/static/client_public.pem", "latin1");
+ const derBuffer = fs.readFileSync("./test/static/client_public.der");
+
+ const result = utils.pemToDer(pem);
+ expect(result).to.be.instanceOf(Buffer);
+ expect(result).to.deep.equal(derBuffer);
+ });
+
+ it("will throw if the format is not PEM", function () {
+ expect(() => utils.pemToDer("not a pem")).to.throw();
+ });
  });
 });