diff --git a/README.md b/README.md index 11692db..9dcb82e 100644 --- a/README.md +++ b/README.md @@ -22,12 +22,12 @@ npm install gtoken ## Usage -### Use with a `.pem` or `.p12` key file: +### Use with a `.pem` or `.json` key file: ``` js const { GoogleToken } = require('gtoken'); const gtoken = new GoogleToken({ - keyFile: 'path/to/key.pem', // or path to .p12 key file + keyFile: 'path/to/key.pem', // or path to .json key file email: 'my_service_account_email@developer.gserviceaccount.com', scope: ['https://scope1', 'https://scope2'], // or space-delimited string of scopes eagerRefreshThresholdMillis: 5 * 60 * 1000 @@ -103,7 +103,7 @@ const gtoken = new GoogleToken({ - `options.email or options.iss`: The service account email address. - `options.scope`: An array of scope strings or space-delimited string of scopes. - `options.sub`: The email address of the user requesting delegated access. -- `options.keyFile`: The filename of `.json` key, `.pem` key or `.p12` key. +- `options.keyFile`: The filename of `.json` key or `.pem` key. - `options.key`: The raw RSA private key value, in place of using `options.keyFile`. - `options.additionalClaims`: Additional claims to include in the JWT when requesting a token. - `options.eagerRefreshThresholdMillis`: How long must a token be valid for in order to return it from the cache. Defaults to 0. @@ -155,15 +155,15 @@ await gtoken.revokeToken(); console.log('Token revoked!'); ``` -## Downloading your private `.p12` key from Google +## Downloading your private `.json` key from Google 1. Open the [Google Developer Console][gdevconsole]. 2. Open your project and under "APIs & auth", click Credentials. -3. Generate a new `.p12` key and download it into your project. +3. Generate a new `.json` key and download it into your project. ## Converting your `.p12` key to a `.pem` key -You can just specify your `.p12` file (with `.p12` extension) as the `keyFile` and it will automatically be converted to a `.pem` on the fly, however this results in a slight performance hit. If you'd like to convert to a `.pem` for use later, use OpenSSL if you have it installed. +If you'd like to convert to a `.pem` for use later, use OpenSSL if you have it installed. ``` sh $ openssl pkcs12 -in key.p12 -nodes -nocerts > key.pem diff --git a/package.json b/package.json index eeb5f85..5e90724 100644 --- a/package.json +++ b/package.json @@ -40,7 +40,6 @@ "license": "MIT", "dependencies": { "gaxios": "^5.0.1", - "google-p12-pem": "^4.0.0", "jws": "^4.0.0" }, "devDependencies": { diff --git a/src/index.ts b/src/index.ts index 797d19f..b08f8ac 100644 --- a/src/index.ts +++ b/src/index.ts @@ -69,8 +69,6 @@ class ErrorWithCode extends Error { } } -let getPem: ((filename: string) => Promise) | undefined; - export class GoogleToken { get accessToken() { return this.rawToken ? this.rawToken.access_token : undefined; @@ -199,20 +197,16 @@ export class GoogleToken { } case '.p12': case '.pfx': { - // NOTE: The loading of `google-p12-pem` is deferred for performance - // reasons. The `node-forge` npm module in `google-p12-pem` adds a fair - // bit time to overall module loading, and is likely not frequently - // used. In a future release, p12 support will be entirely removed. - if (!getPem) { - getPem = (await import('google-p12-pem')).getPem; - } - const privateKey = await getPem(keyFile); - return {privateKey}; + throw new ErrorWithCode( + '*.p12 certificates are not supported after v6.1.2. ' + + 'Consider utilizing *.json format or converting *.p12 to *.pem using the OpenSSL CLI.', + 'UNKNOWN_CERTIFICATE_TYPE' + ); } default: throw new ErrorWithCode( 'Unknown certificate type. Type is determined based on file extension. ' + - 'Current supported extensions are *.json, *.pem, and *.p12.', + 'Current supported extensions are *.json, and *.pem.', 'UNKNOWN_CERTIFICATE_TYPE' ); } diff --git a/test/assets/key.p12 b/test/assets/key.p12 deleted file mode 100644 index 38de5de..0000000 Binary files a/test/assets/key.p12 and /dev/null differ diff --git a/test/index.ts b/test/index.ts index db730d8..dc8214b 100644 --- a/test/index.ts +++ b/test/index.ts @@ -15,7 +15,6 @@ import {GoogleToken} from '../src'; const EMAIL = 'example@developer.gserviceaccount.com'; const UNKNOWN_KEYFILE = './test/assets/key'; const KEYFILE = './test/assets/key.pem'; -const P12FILE = './test/assets/key.p12'; const KEYFILEJSON = './test/assets/key.json'; const KEYFILENOEMAILJSON = './test/assets/key-no-email.json'; const KEYCONTENTS = fs.readFileSync(KEYFILE, 'utf8'); @@ -59,17 +58,6 @@ const TESTDATA_KEYFILENOEMAILJSON = { keyFile: KEYFILENOEMAILJSON, }; -const TESTDATA_P12 = { - email: 'email@developer.gserviceaccount.com', - scope: 'scope123', // or space-delimited string of scopes - keyFile: P12FILE, -}; - -const TESTDATA_P12_NO_EMAIL = { - scope: 'scope123', // or space-delimited string of scopes - keyFile: P12FILE, -}; - nock.disableNetConnect(); it('should exist', () => { @@ -445,30 +433,6 @@ describe('.getToken()', () => { ); }); - it('should run gp12pem if .p12 file is given', done => { - const gtoken = new GoogleToken(TESTDATA_P12); - const scope = createGetTokenMock(); - gtoken.getToken((err, token) => { - scope.done(); - assert.strictEqual(err, null); - done(); - }); - }); - - it('should return error if iss is not set with .p12', done => { - const gtoken = new GoogleToken(TESTDATA_P12_NO_EMAIL); - gtoken.getToken(err => { - assert(err); - if (err) { - assert.strictEqual( - (err as NodeJS.ErrnoException).code, - 'MISSING_CREDENTIALS' - ); - done(); - } - }); - }); - it('should return error if unknown file type is used', done => { const gtoken = new GoogleToken(TESTDATA_UNKNOWN); gtoken.getToken(err => {