[appconf] use SHA-256 helpers from core-util instead (Azure#21715)

jeremymeng · web-flow · commit ebbfcff02ca1 · 2022-05-03T17:43:27.000-07:00
and remove its own helpers.
diff --git a/sdk/appconfiguration/app-configuration/CHANGELOG.md b/sdk/appconfiguration/app-configuration/CHANGELOG.md
@@ -20,6 +20,8 @@
   - Notable changes include Removal of `@opentelemetry/api` as a transitive dependency and ensuring that the active context is properly propagated.
   - Customers who would like to continue using OpenTelemetry driven tracing should visit our [OpenTelemetry Instrumentation](https://www.npmjs.com/package/@azure/opentelemetry-instrumentation-azure-sdk) package for instructions.
 
+- Move to depend on `@azure/core-util` for SHA256 Digest and HMAC computing.
+
 ## 1.3.1 (2021-12-14)
 
 ### Bugs Fixed
diff --git a/sdk/appconfiguration/app-configuration/package.json b/sdk/appconfiguration/app-configuration/package.json
@@ -21,9 +21,6 @@
   "bugs": {
     "url": "https://github.com/Azure/azure-sdk-for-js/issues"
   },
-  "browser": {
-    "./dist-esm/src/internal/cryptoHelpers.js": "./dist-esm/src/internal/cryptoHelpers.browser.js"
-  },
   "react-native": {
     "./dist/index.js": "./dist-esm/src/index.js"
   },
@@ -94,6 +91,7 @@
     "@azure/core-rest-pipeline": "^1.6.0",
     "@azure/core-tracing": "^1.0.0",
     "@azure/core-auth": "^1.3.0",
+    "@azure/core-util": "^1.0.0",
     "tslib": "^2.2.0"
   },
   "devDependencies": {
diff --git a/sdk/appconfiguration/app-configuration/src/appConfigCredential.ts b/sdk/appconfiguration/app-configuration/src/appConfigCredential.ts
@@ -7,7 +7,7 @@ import {
   PipelineResponse,
   SendRequest,
 } from "@azure/core-rest-pipeline";
-import { sha256Digest, sha256Hmac } from "./internal/cryptoHelpers";
+import { computeSha256Hash, computeSha256Hmac } from "@azure/core-util";
 
 /**
  * Create an HTTP pipeline policy to authenticate a request
@@ -19,13 +19,13 @@ export function appConfigKeyCredentialPolicy(credential: string, secret: string)
     async sendRequest(request: PipelineRequest, next: SendRequest): Promise<PipelineResponse> {
       const verb = request.method;
       const utcNow = new Date().toUTCString();
-      const contentHash = await sha256Digest(request.body?.toString() || "");
+      const contentHash = await computeSha256Hash(request.body?.toString() || "", "base64");
       const signedHeaders = "x-ms-date;host;x-ms-content-sha256";
       const url = new URL(request.url);
       const query = url.search;
       const urlPathAndQuery = query ? `${url.pathname}${query}` : url.pathname;
       const stringToSign = `${verb}\n${urlPathAndQuery}\n${utcNow};${url.host};${contentHash}`;
-      const signature = await sha256Hmac(secret, stringToSign);
+      const signature = await computeSha256Hmac(secret, stringToSign, "base64");
 
       request.headers.set("x-ms-date", utcNow);
       request.headers.set("x-ms-content-sha256", contentHash);
diff --git a/sdk/appconfiguration/app-configuration/src/internal/cryptoHelpers.browser.ts b/sdk/appconfiguration/app-configuration/src/internal/cryptoHelpers.browser.ts
diff --git a/sdk/appconfiguration/app-configuration/src/internal/cryptoHelpers.ts b/sdk/appconfiguration/app-configuration/src/internal/cryptoHelpers.ts
diff --git a/sdk/core/core-util/src/sha256.browser.ts b/sdk/core/core-util/src/sha256.browser.ts
@@ -67,11 +67,6 @@ function getCrypto(): SubtleCrypto {
   return subtleCrypto;
 }
 
-const importParams: HmacImportParams = {
-  name: "HMAC",
-  hash: { name: "SHA-256" },
-};
-
 /**
  * Generates a SHA-256 HMAC signature.
  * @param key - The HMAC key represented as a base64 string, used to generate the cryptographic HMAC hash.
@@ -87,8 +82,24 @@ export async function computeSha256Hmac(
   const keyBytes = base64ToBytes(key);
   const stringToSignBytes = utf8ToBytes(stringToSign);
 
-  const cryptoKey = await crypto.importKey("raw", keyBytes, importParams, false, ["sign"]);
-  const signature = await crypto.sign(importParams, cryptoKey, stringToSignBytes);
+  const cryptoKey = await crypto.importKey(
+    "raw",
+    keyBytes,
+    {
+      name: "HMAC",
+      hash: { name: "SHA-256" },
+    },
+    false,
+    ["sign"]
+  );
+  const signature = await crypto.sign(
+    {
+      name: "HMAC",
+      hash: { name: "SHA-256" },
+    },
+    cryptoKey,
+    stringToSignBytes
+  );
 
   switch (encoding) {
     case "base64":
