From 3d0637f4326795b09cdb6cc823d4a4ae266ebafc Mon Sep 17 00:00:00 2001
From: Rhys Arkins <rhys@arkins.net>
Date: Wed, 22 Aug 2018 11:00:19 +0200
Subject: [PATCH] feat: support encryption with RSA_PKCS1_PADDING

Renovate will now attempt to decrypt with existing default padding, and if that fails then try with RSA_PKCS1_PADDING.
---
 lib/config/decrypt.js | 22 +++++++++++++++++++---
 1 file changed, 19 insertions(+), 3 deletions(-)

diff --git a/lib/config/decrypt.js b/lib/config/decrypt.js
index 93d8ffb25b..939d40d31f 100644
--- a/lib/config/decrypt.js
+++ b/lib/config/decrypt.js
@@ -15,9 +15,25 @@ function decryptConfig(config, privateKey) {
       if (privateKey) {
         for (const [eKey, eVal] of Object.entries(val)) {
           try {
-            const decryptedStr = crypto
-              .privateDecrypt(privateKey, Buffer.from(eVal, 'base64'))
-              .toString();
+            let decryptedStr;
+            try {
+              logger.debug('Trying default padding');
+              decryptedStr = crypto
+                .privateDecrypt(privateKey, Buffer.from(eVal, 'base64'))
+                .toString();
+            } catch (err) {
+              logger.debug('Trying RSA_PKCS1_PADDING');
+              decryptedStr = crypto
+                .privateDecrypt(
+                  {
+                    key: privateKey,
+                    padding: crypto.constants.RSA_PKCS1_PADDING,
+                  },
+                  Buffer.from(eVal, 'base64')
+                )
+                .toString();
+              // let it throw if the above fails
+            }
             logger.info(`Decrypted ${eKey}`);
             if (eKey === 'npmToken') {
               const token = decryptedStr.replace(/\n$/, '');
-- 
GitLab