Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove extra newline from private key check #335

Closed
CJxD opened this issue Aug 2, 2022 · 7 comments
Closed

Remove extra newline from private key check #335

CJxD opened this issue Aug 2, 2022 · 7 comments
Assignees
@sfc-gh-triage-snowpark-ecosystem-dl
Labels
bug Something isn't working

Comments

@CJxD
Copy link

CJxD commented Aug 2, 2022
edited
Loading

  1. What did you do?
    Didn't have an extra newline in my private key in my credentials.

  2. What did you expect to see?
    It not to matter.

  3. What did you see instead?

InvalidParameterError: Invalid private key. The specified value must be a string in pem format of type pkcs8

This took a lot of debugging to check if the key encryption was OK and the format could be read by OpenSSL, but it turned out to just be the lack of a newline.

The culprit is isPrivateKey in lib/utils.js

snowflake-connector-nodejs/lib/util.js

Lines 153 to 158 in 5bd5c13

exports.isPrivateKey = function (value)
{
// The private key is expected to be decrypted when set in the connection string
return (value.startsWith("-----BEGIN PRIVATE KEY-----") &&
value.endsWith("\n-----END PRIVATE KEY-----\n"));
};

which requires a newline at the end, and I can't imagine why it's necessary.

You've already got a regex based private key detector here

snowflake-connector-nodejs/lib/secret_detector.js

Line 72 in 7b3eaa9

const PRIVATE_KEY_PATTERN = new RegExp(String.raw`-----BEGIN PRIVATE KEY-----\\n([a-z0-9/+=\\n]{32,})\\n-----END PRIVATE KEY-----`,

@sfc-gh-dszmolka
Copy link
Collaborator

hi, thank you for submitting this issue and pinpointing where it happens. Checked and it seems that both the privateKey and privateKeyPath methods for keypair authentication are working well as described in Snowflake documentation for Using Key Pair Authentication & Key Pair Rotation.

however if one would paste the private key as a literal and try to use that with privateKey, it indeed breaks with the aforementioned error - until the newline character is introduced at the end of the key's footer, that is. we'll look into this and see if the private key detection could be made a bit more resilient.

@CJxD
Copy link
Author

CJxD commented Jan 18, 2023

Thanks David :)

@sfc-gh-dszmolka sfc-gh-dszmolka added bug Something isn't working status-in_progress Issue is worked on by the driver team labels Mar 29, 2023
@sfc-gh-dszmolka
Copy link
Collaborator

#566

@sfc-gh-dszmolka sfc-gh-dszmolka added status-pr_pending_merge A PR is made and is under review and removed status-in_progress Issue is worked on by the driver team labels Jul 5, 2023
@sfc-gh-dszmolka
Copy link
Collaborator

PR is now merged and will be part of the next release; expected towards end of July

@sfc-gh-dszmolka sfc-gh-dszmolka added status-fixed_awaiting_release The issue has been fixed, its PR merged, and now awaiting the next release cycle of the connector. and removed status-pr_pending_merge A PR is made and is under review labels Jul 6, 2023
@sfc-gh-dszmolka
Copy link
Collaborator

PR is released as part of the latest Snowflake Node.JS driver version 1.7.0. Closing this issue.

@sfc-gh-dszmolka sfc-gh-dszmolka removed the status-fixed_awaiting_release The issue has been fixed, its PR merged, and now awaiting the next release cycle of the connector. label Jul 27, 2023
@sfc-gh-dszmolka
Copy link
Collaborator

Releng team hit a bump in the release process which will be continued on Monday as expected. Reopening the issue and will only close when artifact confirmed to published to npm. Apologies for the inconvenience.

@sfc-gh-dszmolka sfc-gh-dszmolka added the status-fixed_awaiting_release The issue has been fixed, its PR merged, and now awaiting the next release cycle of the connector. label Jul 28, 2023
@sfc-gh-dszmolka
Copy link
Collaborator

PR is released as part of the latest Snowflake Node.JS driver version 1.7.0, for real this time :) Visible on npm too. Closing this issue and thank you for bearing with us !

@sfc-gh-dszmolka sfc-gh-dszmolka removed the status-fixed_awaiting_release The issue has been fixed, its PR merged, and now awaiting the next release cycle of the connector. label Jul 28, 2023
@jverce jverce mentioned this issue Jun 12, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sfc-gh-triage-snowpark-ecosystem-dl sfc-gh-triage-snowpark-ecosystem-dl

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@CJxD @sfc-gh-dszmolka @sfc-gh-ext-simba-ti @sfc-gh-triage-snowpark-ecosystem-dl