tls: move parseCertString to internal

doc/api/deprecations.md

@@ -634,6 +634,29 @@ Type: Runtime
 
 *Note*: change was made while `async_hooks` was an experimental API.
 
+<a id="DEP0073"></a>
+### DEP0073: tls.parseCertString()
+
+Type: Runtime
+
+`tls.parseCertString()` is a trivial parsing helper that was made public by
+mistake. This function can usually be replaced with
+
+```js
+const querystring = require('querystring');
+querystring.parse(str, '\n', '=')`;
+```
+
+*Note*: This function is not 100% same as `querystring.parse()`. One difference
+is that `querystring.parse()` does URLDecoding, e.g.:
+
+```js
+> querystring.parse("%E5%A5%BD=1", "\n", "=");
+{ '好': '1' }
+> tls.parseCertString("%E5%A5%BD=1");
+{ '%E5%A5%BD': '1' }
+```
+
 [`Buffer.allocUnsafeSlow(size)`]: buffer.html#buffer_class_method_buffer_allocunsafeslow_size
 [`Buffer.from(array)`]: buffer.html#buffer_class_method_buffer_from_array
 [`Buffer.from(buffer)`]: buffer.html#buffer_class_method_buffer_from_buffer

lib/_tls_common.js

@@ -21,7 +21,7 @@
 
 'use strict';
 
-const tls = require('tls');
+const tls = require('internal/tls');
 
 const SSL_OP_CIPHER_SERVER_PREFERENCE =
     process.binding('constants').crypto.SSL_OP_CIPHER_SERVER_PREFERENCE;

lib/internal/tls.js

@@ -0,0 +1,33 @@
+'use strict';
+
+const DEFAULT_CIPHERS = process.binding('constants').crypto.defaultCipherList;
+const DEFAULT_ECDH_CURVE = 'prime256v1';
+
+// Example:
+// C=US\nST=CA\nL=SF\nO=Joyent\nOU=Node.js\nCN=ca1\[email protected]
+function parseCertString(s) {
+  var out = {};
+  var parts = s.split('\n');
+  for (var i = 0, len = parts.length; i < len; i++) {
+    var sepIndex = parts[i].indexOf('=');
+    if (sepIndex > 0) {
+      var key = parts[i].slice(0, sepIndex);
+      var value = parts[i].slice(sepIndex + 1);
+      if (key in out) {
+        if (!Array.isArray(out[key])) {
+          out[key] = [out[key]];
+        }
+        out[key].push(value);
+      } else {
+        out[key] = value;
+      }
+    }
+  }
+  return out;
+}
+
+module.exports = {
+  parseCertString,
+  DEFAULT_CIPHERS,
+  DEFAULT_ECDH_CURVE
+};

lib/tls.js

@@ -24,6 +24,7 @@
 const internalUtil = require('internal/util');
 internalUtil.assertCrypto();
 
+const internalTLS = require('internal/tls');
 const net = require('net');
 const url = require('url');
 const binding = process.binding('crypto');
@@ -39,10 +40,12 @@ exports.CLIENT_RENEG_WINDOW = 600;
 
 exports.SLAB_BUFFER_SIZE = 10 * 1024 * 1024;
 
-exports.DEFAULT_CIPHERS =
-    process.binding('constants').crypto.defaultCipherList;
-
-exports.DEFAULT_ECDH_CURVE = 'prime256v1';
+[ 'DEFAULT_CIPHERS', 'DEFAULT_ECDH_CURVE' ].forEach((key) => {
+  Object.defineProperty(exports, key, {
+    get: () => { return internalTLS[key]; },
+    set: (c) => { internalTLS[key] = c; }
+  });
+});
 
 exports.getCiphers = internalUtil.cachedResult(
   () => internalUtil.filterDuplicateStrings(binding.getSSLCiphers(), true)
@@ -228,28 +231,10 @@ exports.checkServerIdentity = function checkServerIdentity(host, cert) {
   }
 };
 
-// Example:
-// C=US\nST=CA\nL=SF\nO=Joyent\nOU=Node.js\nCN=ca1\[email protected]
-exports.parseCertString = function parseCertString(s) {
-  var out = {};
-  var parts = s.split('\n');
-  for (var i = 0, len = parts.length; i < len; i++) {
-    var sepIndex = parts[i].indexOf('=');
-    if (sepIndex > 0) {
-      var key = parts[i].slice(0, sepIndex);
-      var value = parts[i].slice(sepIndex + 1);
-      if (key in out) {
-        if (!Array.isArray(out[key])) {
-          out[key] = [out[key]];
-        }
-        out[key].push(value);
-      } else {
-        out[key] = value;
-      }
-    }
-  }
-  return out;
-};
+exports.parseCertString = internalUtil.deprecate(
+  internalTLS.parseCertString,
+  'tls.parseCertString is deprecated',
+  'DEP0073');
 
 // Public API
 exports.createSecureContext = require('_tls_common').createSecureContext;

node.gyp

@@ -100,6 +100,7 @@
       'lib/internal/repl.js',
       'lib/internal/socket_list.js',
       'lib/internal/test/unicode.js',
+      'lib/internal/tls.js',
       'lib/internal/url.js',
       'lib/internal/util.js',
       'lib/internal/v8_prof_polyfill.js',

test/parallel/test-tls-parse-cert-string.js

@@ -1,10 +1,12 @@
 'use strict';
+
+// Flags: --expose_internals
 const common = require('../common');
 if (!common.hasCrypto)
   common.skip('missing crypto');
 
 const assert = require('assert');
-const tls = require('tls');
+const tls = require('internal/tls');
 
 {
   const singles = 'C=US\nST=CA\nL=SF\nO=Node.js Foundation\nOU=Node.js\n' +
@@ -36,3 +38,17 @@ const tls = require('tls');
   const invalidOut = tls.parseCertString(invalid);
   assert.deepStrictEqual(invalidOut, {});
 }
+
+{
+  const regexp = new RegExp('^\\(node:\\d+\\) [DEP0073] DeprecationWarning: ' +
+                            'tls\\.parseCertString is deprecated$');
+
+  // test for deprecate message
+  common.hijackStderr(common.mustCall(function(data) {
+    assert.ok(regexp.test(data));
+    common.restoreStderr();
+  }));
+
+  const ret = require('tls').parseCertString('foo=bar');
+  assert.deepStrictEqual(ret, { foo: 'bar' });
+}