fix: nodejs crypto privateDecrypt function changed to use NodeRSA for…

… Windows RDP cr: https://code.amazon.com/reviews/CR-117206787
awslabs · Mar 12, 2024 · a5b1c03 · a5b1c03
1 parent f757c44
commit a5b1c03
Show file tree

Hide file tree

Showing 5 changed files with 3,021 additions and 2,873 deletions.
diff --git a/addons/addon-base-raas-ui/packages/base-raas-ui/package.json b/addons/addon-base-raas-ui/packages/base-raas-ui/package.json
@@ -21,6 +21,7 @@
     "mobx-react": "^6.3.1",
     "mobx-react-form": "^2.0.9",
     "mobx-state-tree": "^3.17.3",
+    "node-rsa": "^1.1.1",
     "numeral": "^2.0.6",
     "pretty-bytes": "^5.6.0",
     "prop-types": "^15.8.1",

diff --git a/...ase-raas-ui/packages/base-raas-ui/src/parts/environments-builtin/EnvironmentDetailPage.js b/...ase-raas-ui/packages/base-raas-ui/src/parts/environments-builtin/EnvironmentDetailPage.js
@@ -36,7 +36,7 @@ import {
 } from 'semantic-ui-react';
 import { CopyToClipboard } from 'react-copy-to-clipboard';
 
-import crypto from 'crypto';
+import NodeRSA from 'node-rsa'
 
 import { gotoFn } from '@amzn/base-ui/dist/helpers/routing';
 import { swallowError } from '@amzn/base-ui/dist/helpers/utils';
@@ -465,12 +465,15 @@ class EnvironmentDetailPage extends React.Component {
     const environment = this.getEnvironment();
     const [{ privateKey }, { passwordData }] = await environment.getWindowsPassword();
 
-    const password = crypto
-      .privateDecrypt(
-        { key: privateKey, padding: crypto.constants.RSA_PKCS1_PADDING },
-        Buffer.from(passwordData, 'base64'),
-      )
-      .toString('utf8');
+    const keyRSA = new NodeRSA(
+      privateKey,
+      "private",
+      {
+        environment: "browser",
+        encryptionScheme: "pkcs1",
+      }
+    );
+    const password = keyRSA.decrypt(Buffer.from(passwordData, "base64"), "buffer").toString('utf8');
 
     runInAction(() => {
       this.windowsPassword = password;

diff --git a/...vices/lib/environment/service-catalog/__tests__/environment-sc-connection-service.test.js b/...vices/lib/environment/service-catalog/__tests__/environment-sc-connection-service.test.js
@@ -16,7 +16,7 @@
 const ServicesContainer = require('@amzn/base-services-container/lib/services-container');
 const JsonSchemaValidationService = require('@amzn/base-services/lib/json-schema-validation-service');
 const Logger = require('@amzn/base-services/lib/logger/logger-service');
-const crypto = require('crypto');
+const NodeRSA = require('node-rsa');
 const Boom = require('@amzn/base-services-container/lib/boom');
 
 // Mocked dependencies
@@ -67,6 +67,9 @@ AgMBAAE=
 -----END PUBLIC KEY-----`,
       ),
     })),
+    decrypt: jest.fn(
+        () => `rstudio-user\nfcc91a0d7cfdef9fea2854f2b8b2c80355c391ca617e08567e6584efe6833948`,
+    ),
   })),
 );
 
@@ -612,10 +615,15 @@ jM0re//6SUWx/9VfBLN+6Ul8wcqGR2uCmK/PJpzWYxz0IzhnyA==
       const encodedCreds = result.url.split('?v=')[1];
       const decodedCreds = decodeURIComponent(encodedCreds);
       const credBuff = Buffer.from(decodedCreds, 'base64');
-      const decryptedCreds = crypto.privateDecrypt(
-        { key: privateKeyBuffer, padding: crypto.constants.RSA_PKCS1_PADDING },
-        credBuff,
+      const keyRSA = new NodeRSA(
+        privateKeyBuffer,
+        "private",
+        {
+          environment: "browser",
+          encryptionScheme: "pkcs1",
+        }
       );
+      const decryptedCreds = keyRSA.decrypt(credBuff, "buffer");
       expect(decryptedCreds.toString('utf8')).toBe(credentials);
     });
 

diff --git a/...s/base-raas-services/lib/environment/service-catalog/environment-sc-connection-service.js b/...s/base-raas-services/lib/environment/service-catalog/environment-sc-connection-service.js
@@ -384,12 +384,15 @@ class EnvironmentScConnectionService extends Service {
     const { PasswordData: passwordData } = await ec2.getPasswordData({ InstanceId: connection.instanceId }).promise();
     const { privateKey } = await environmentScKeypairService.mustFind(requestContext, envId);
 
-    const password = crypto
-      .privateDecrypt(
-        { key: privateKey, padding: crypto.constants.RSA_PKCS1_PADDING },
-        Buffer.from(passwordData, 'base64'),
-      )
-      .toString('utf8');
+    const keyRSA = new NodeRSA(
+      privateKey,
+      "private",
+      {
+        environment: "browser",
+        encryptionScheme: "pkcs1",
+      }
+    );
+    const password = keyRSA.decrypt(Buffer.from(passwordData, "base64"), "buffer").toString('utf8');
 
     // Write audit event
     await this.audit(requestContext, { action: 'env-windows-password-requested', body: { id: envId, connection } });