feat!: remove support for conversion of *.p12 to *.pem

README.md

@@ -22,12 +22,12 @@ npm install gtoken
 
 ## Usage
 
-### Use with a `.pem` or `.p12` key file:
+### Use with a `.pem` or `.json` key file:
 
 ``` js
 const { GoogleToken } = require('gtoken');
 const gtoken = new GoogleToken({
-  keyFile: 'path/to/key.pem', // or path to .p12 key file
+  keyFile: 'path/to/key.pem', // or path to .json key file
   email: 'my_service_account_email@developer.gserviceaccount.com',
   scope: ['https://scope1', 'https://scope2'], // or space-delimited string of scopes
   eagerRefreshThresholdMillis: 5 * 60 * 1000
@@ -103,7 +103,7 @@ const gtoken = new GoogleToken({
 - `options.email or options.iss`: The service account email address.
 - `options.scope`: An array of scope strings or space-delimited string of scopes.
 - `options.sub`: The email address of the user requesting delegated access.
-- `options.keyFile`: The filename of `.json` key, `.pem` key or `.p12` key.
+- `options.keyFile`: The filename of `.json` key or `.pem` key.
 - `options.key`: The raw RSA private key value, in place of using `options.keyFile`.
 - `options.additionalClaims`: Additional claims to include in the JWT when requesting a token.
 - `options.eagerRefreshThresholdMillis`: How long must a token be valid for in order to return it from the cache. Defaults to 0.
@@ -155,15 +155,15 @@ await gtoken.revokeToken();
 console.log('Token revoked!');
 ```
 
-## Downloading your private `.p12` key from Google
+## Downloading your private `.json` key from Google
 
 1. Open the [Google Developer Console][gdevconsole].
 2. Open your project and under "APIs & auth", click Credentials.
-3. Generate a new `.p12` key and download it into your project.
+3. Generate a new `.json` key and download it into your project.
 
 ## Converting your `.p12` key to a `.pem` key
 
-You can just specify your `.p12` file (with `.p12` extension) as the `keyFile` and it will automatically be converted to a `.pem` on the fly, however this results in a slight performance hit. If you'd like to convert to a `.pem` for use later, use OpenSSL if you have it installed.
+If you'd like to convert to a `.pem` for use later, use OpenSSL if you have it installed.
 
 ``` sh
 $ openssl pkcs12 -in key.p12 -nodes -nocerts > key.pem

package.json

@@ -40,7 +40,6 @@
   "license": "MIT",
   "dependencies": {
     "gaxios": "^5.0.1",
-    "google-p12-pem": "^4.0.0",
     "jws": "^4.0.0"
   },
   "devDependencies": {

src/index.ts

@@ -69,8 +69,6 @@ class ErrorWithCode extends Error {
   }
 }
 
-let getPem: ((filename: string) => Promise<string>) | undefined;
-
 export class GoogleToken {
   get accessToken() {
     return this.rawToken ? this.rawToken.access_token : undefined;
@@ -199,20 +197,16 @@ export class GoogleToken {
       }
       case '.p12':
       case '.pfx': {
-        // NOTE:  The loading of `google-p12-pem` is deferred for performance
-        // reasons.  The `node-forge` npm module in `google-p12-pem` adds a fair
-        // bit time to overall module loading, and is likely not frequently
-        // used.  In a future release, p12 support will be entirely removed.
-        if (!getPem) {
-          getPem = (await import('google-p12-pem')).getPem;
-        }
-        const privateKey = await getPem(keyFile);
-        return {privateKey};
+        throw new ErrorWithCode(
+          '*.p12 certificates are not supported after v6.1.2. ' +
+            'Consider utilizing *.json format or converting *.p12 to *.pem using the OpenSSL CLI.',
+          'UNKNOWN_CERTIFICATE_TYPE'
+        );
       }
       default:
         throw new ErrorWithCode(
           'Unknown certificate type. Type is determined based on file extension. ' +
-            'Current supported extensions are *.json, *.pem, and *.p12.',
+            'Current supported extensions are *.json, and *.pem.',
           'UNKNOWN_CERTIFICATE_TYPE'
         );
     }

test/index.ts

@@ -15,7 +15,6 @@ import {GoogleToken} from '../src';
 const EMAIL = 'example@developer.gserviceaccount.com';
 const UNKNOWN_KEYFILE = './test/assets/key';
 const KEYFILE = './test/assets/key.pem';
-const P12FILE = './test/assets/key.p12';
 const KEYFILEJSON = './test/assets/key.json';
 const KEYFILENOEMAILJSON = './test/assets/key-no-email.json';
 const KEYCONTENTS = fs.readFileSync(KEYFILE, 'utf8');
@@ -59,17 +58,6 @@ const TESTDATA_KEYFILENOEMAILJSON = {
   keyFile: KEYFILENOEMAILJSON,
 };
 
-const TESTDATA_P12 = {
-  email: 'email@developer.gserviceaccount.com',
-  scope: 'scope123', // or space-delimited string of scopes
-  keyFile: P12FILE,
-};
-
-const TESTDATA_P12_NO_EMAIL = {
-  scope: 'scope123', // or space-delimited string of scopes
-  keyFile: P12FILE,
-};
-
 nock.disableNetConnect();
 
 it('should exist', () => {
@@ -445,30 +433,6 @@ describe('.getToken()', () => {
     );
   });
 
-  it('should run gp12pem if .p12 file is given', done => {
-    const gtoken = new GoogleToken(TESTDATA_P12);
-    const scope = createGetTokenMock();
-    gtoken.getToken((err, token) => {
-      scope.done();
-      assert.strictEqual(err, null);
-      done();
-    });
-  });
-
-  it('should return error if iss is not set with .p12', done => {
-    const gtoken = new GoogleToken(TESTDATA_P12_NO_EMAIL);
-    gtoken.getToken(err => {
-      assert(err);
-      if (err) {
-        assert.strictEqual(
-          (err as NodeJS.ErrnoException).code,
-          'MISSING_CREDENTIALS'
-        );
-        done();
-      }
-    });
-  });
-
   it('should return error if unknown file type is used', done => {
     const gtoken = new GoogleToken(TESTDATA_UNKNOWN);
     gtoken.getToken(err => {