Improve token authentication error handling

Author: cjbj

lib/errors.js

@@ -109,6 +109,7 @@ const ERR_POOL_HAS_BUSY_CONNECTIONS = 104;
 const ERR_NAN_VALUE = 105;
 const ERR_INVALID_REF_CURSOR = 107;
 const ERR_LOB_CLOSED = 108;
+const ERR_INVALID_PRIVATE_KEY = 117;
 
 // define mapping for ODPI-C errors that need to be wrapped with NJS errors
 const adjustErrorXref = new Map();
@@ -284,6 +285,8 @@ messages.set(ERR_INVALID_REF_CURSOR,
   'invalid cursor');
 messages.set(ERR_LOB_CLOSED,
   'LOB was already closed');
+messages.set(ERR_INVALID_PRIVATE_KEY,
+  'invalid private key. Headers and footers are not allowed');
 
 //-----------------------------------------------------------------------------
 // assert()
@@ -544,6 +547,7 @@ module.exports = {
   ERR_INVALID_BIND_NAME,
   ERR_INVALID_REF_CURSOR,
   ERR_LOB_CLOSED,
+  ERR_INVALID_PRIVATE_KEY,
   assert,
   assertArgCount,
   assertParamPropBool,

lib/oracledb.js

@@ -366,6 +366,10 @@ async function _verifyOptions(options, inCreatePool) {
     }
     errors.assert(nodbUtil.isTokenValid(accessToken),
       errors.ERR_TOKEN_HAS_EXPIRED);
+    if (accessToken.privateKey !== undefined) {
+      errors.assert(nodbUtil.isPrivateKeyValid(accessToken),
+        errors.ERR_INVALID_PRIVATE_KEY);
+    }
 
     // store token and privatekey
     if (typeof accessToken === 'string') {

lib/util.js

@@ -291,6 +291,18 @@ function isTokenValid(accessToken) {
   }
 }
 
+function isPrivateKeyValid(accessToken) {
+  errors.assert(typeof accessToken.privateKey === 'string',
+    errors.ERR_TOKEN_BASED_AUTH);
+
+  if (accessToken.privateKey.startsWith("-----BEGIN PRIVATE KEY-----") ||
+    accessToken.privateKey.endsWith("-----END PRIVATE KEY-----")) {
+    return false;
+  }
+
+  return true;
+}
+
 // define exports
 module.exports = {
   BINARY_FILE,
@@ -303,6 +315,7 @@ module.exports = {
   isArrayOfStrings,
   isObject,
   isObjectOrArray,
+  isPrivateKeyValid,
   isShardingKey,
   isSodaDocument,
   isTokenExpired,