From 468110b3276007f445741b41c36beb0ef62d751c Mon Sep 17 00:00:00 2001
From: XadillaX <admin@xcoder.in>
Date: Fri, 8 Sep 2017 15:58:54 +0800
Subject: [PATCH] tls: deprecate parseCertString & move to internal

`tls.parseCertString()` exposed by accident. Now move this function to
`internal/tls` and mark the original one as deprecated.

PR-URL: https://github.com/nodejs/node/pull/14249
Refs: https://github.com/nodejs/node/issues/14193
Reviewed-By: Refael Ackermann <refack@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
---
 doc/api/deprecations.md                     |  2 +-
 lib/_tls_common.js                          |  5 ++--
 lib/internal/tls.js                         | 28 +++++++++++++++++++++
 lib/tls.js                                  | 28 +++++----------------
 node.gyp                                    |  1 +
 test/parallel/test-tls-parse-cert-string.js | 25 +++++++++++++++---
 6 files changed, 60 insertions(+), 29 deletions(-)
 create mode 100644 lib/internal/tls.js

diff --git a/doc/api/deprecations.md b/doc/api/deprecations.md
index 8f94db9b3f3458..5d7b3b5ff16357 100644
--- a/doc/api/deprecations.md
+++ b/doc/api/deprecations.md
@@ -664,7 +664,7 @@ Type: Runtime
 <a id="DEP00XX"></a>
 ### DEP00XX: tls.parseCertString()
 
-Type: Documentation-only
+Type: Runtime
 
 `tls.parseCertString()` is a trivial parsing helper that was made public by
 mistake. This function can usually be replaced with:
diff --git a/lib/_tls_common.js b/lib/_tls_common.js
index 3c4f2e2bb90f85..fa31fd7de64654 100644
--- a/lib/_tls_common.js
+++ b/lib/_tls_common.js
@@ -21,6 +21,7 @@
 
 'use strict';
 
+const { parseCertString } = require('internal/tls');
 const tls = require('tls');
 const errors = require('internal/errors');
 
@@ -202,11 +203,11 @@ exports.translatePeerCertificate = function translatePeerCertificate(c) {
   if (!c)
     return null;
 
-  if (c.issuer != null) c.issuer = tls.parseCertString(c.issuer);
+  if (c.issuer != null) c.issuer = parseCertString(c.issuer);
   if (c.issuerCertificate != null && c.issuerCertificate !== c) {
     c.issuerCertificate = translatePeerCertificate(c.issuerCertificate);
   }
-  if (c.subject != null) c.subject = tls.parseCertString(c.subject);
+  if (c.subject != null) c.subject = parseCertString(c.subject);
   if (c.infoAccess != null) {
     var info = c.infoAccess;
     c.infoAccess = Object.create(null);
diff --git a/lib/internal/tls.js b/lib/internal/tls.js
new file mode 100644
index 00000000000000..6d367dbf285ff7
--- /dev/null
+++ b/lib/internal/tls.js
@@ -0,0 +1,28 @@
+'use strict';
+
+// Example:
+// C=US\nST=CA\nL=SF\nO=Joyent\nOU=Node.js\nCN=ca1\nemailAddress=ry@clouds.org
+function parseCertString(s) {
+  var out = Object.create(null);
+  var parts = s.split('\n');
+  for (var i = 0, len = parts.length; i < len; i++) {
+    var sepIndex = parts[i].indexOf('=');
+    if (sepIndex > 0) {
+      var key = parts[i].slice(0, sepIndex);
+      var value = parts[i].slice(sepIndex + 1);
+      if (key in out) {
+        if (!Array.isArray(out[key])) {
+          out[key] = [out[key]];
+        }
+        out[key].push(value);
+      } else {
+        out[key] = value;
+      }
+    }
+  }
+  return out;
+}
+
+module.exports = {
+  parseCertString
+};
diff --git a/lib/tls.js b/lib/tls.js
index bbf73e6e2ad065..91a543cb552397 100644
--- a/lib/tls.js
+++ b/lib/tls.js
@@ -23,6 +23,7 @@
 
 const errors = require('internal/errors');
 const internalUtil = require('internal/util');
+const internalTLS = require('internal/tls');
 internalUtil.assertCrypto();
 
 const net = require('net');
@@ -228,28 +229,11 @@ exports.checkServerIdentity = function checkServerIdentity(host, cert) {
   }
 };
 
-// Example:
-// C=US\nST=CA\nL=SF\nO=Joyent\nOU=Node.js\nCN=ca1\nemailAddress=ry@clouds.org
-exports.parseCertString = function parseCertString(s) {
-  var out = Object.create(null);
-  var parts = s.split('\n');
-  for (var i = 0, len = parts.length; i < len; i++) {
-    var sepIndex = parts[i].indexOf('=');
-    if (sepIndex > 0) {
-      var key = parts[i].slice(0, sepIndex);
-      var value = parts[i].slice(sepIndex + 1);
-      if (key in out) {
-        if (!Array.isArray(out[key])) {
-          out[key] = [out[key]];
-        }
-        out[key].push(value);
-      } else {
-        out[key] = value;
-      }
-    }
-  }
-  return out;
-};
+exports.parseCertString = internalUtil.deprecate(
+  internalTLS.parseCertString,
+  'tls.parseCertString() is deprecated. ' +
+  'Please use querystring.parse() instead.',
+  'DEP00XX');
 
 // Public API
 exports.createSecureContext = require('_tls_common').createSecureContext;
diff --git a/node.gyp b/node.gyp
index 17f23564147dd1..c06008a39a05ca 100644
--- a/node.gyp
+++ b/node.gyp
@@ -112,6 +112,7 @@
       'lib/internal/repl.js',
       'lib/internal/socket_list.js',
       'lib/internal/test/unicode.js',
+      'lib/internal/tls.js',
       'lib/internal/url.js',
       'lib/internal/util.js',
       'lib/internal/http2/core.js',
diff --git a/test/parallel/test-tls-parse-cert-string.js b/test/parallel/test-tls-parse-cert-string.js
index 165e45cb9aabe0..78e570d0889c8f 100644
--- a/test/parallel/test-tls-parse-cert-string.js
+++ b/test/parallel/test-tls-parse-cert-string.js
@@ -1,16 +1,22 @@
 /* eslint-disable no-proto */
 'use strict';
+
 const common = require('../common');
 if (!common.hasCrypto)
   common.skip('missing crypto');
 
 const assert = require('assert');
+// Flags: --expose_internals
+const internalTLS = require('internal/tls');
 const tls = require('tls');
 
+const noOutput = common.mustNotCall();
+common.hijackStderr(noOutput);
+
 {
   const singles = 'C=US\nST=CA\nL=SF\nO=Node.js Foundation\nOU=Node.js\n' +
                   'CN=ca1\nemailAddress=ry@clouds.org';
-  const singlesOut = tls.parseCertString(singles);
+  const singlesOut = internalTLS.parseCertString(singles);
   assert.deepStrictEqual(singlesOut, {
     __proto__: null,
     C: 'US',
@@ -26,7 +32,7 @@ const tls = require('tls');
 {
   const doubles = 'OU=Domain Control Validated\nOU=PositiveSSL Wildcard\n' +
                   'CN=*.nodejs.org';
-  const doublesOut = tls.parseCertString(doubles);
+  const doublesOut = internalTLS.parseCertString(doubles);
   assert.deepStrictEqual(doublesOut, {
     __proto__: null,
     OU: [ 'Domain Control Validated', 'PositiveSSL Wildcard' ],
@@ -36,7 +42,7 @@ const tls = require('tls');
 
 {
   const invalid = 'fhqwhgads';
-  const invalidOut = tls.parseCertString(invalid);
+  const invalidOut = internalTLS.parseCertString(invalid);
   assert.deepStrictEqual(invalidOut, { __proto__: null });
 }
 
@@ -45,5 +51,16 @@ const tls = require('tls');
   const expected = Object.create(null);
   expected.__proto__ = 'mostly harmless';
   expected.hasOwnProperty = 'not a function';
-  assert.deepStrictEqual(tls.parseCertString(input), expected);
+  assert.deepStrictEqual(internalTLS.parseCertString(input), expected);
+}
+
+common.restoreStderr();
+
+{
+  common.expectWarning('DeprecationWarning',
+                       'tls.parseCertString() is deprecated. ' +
+                       'Please use querystring.parse() instead.');
+
+  const ret = tls.parseCertString('foo=bar');
+  assert.deepStrictEqual(ret, { __proto__: null, foo: 'bar' });
 }