🐛 Bug Report — Runtime APIs: Error: [unenv] crypto.X509Certificate is not implemented yet!

[1yasa]

Codes:

Error:

Crypto supports on workers doc:

Config:

So my question is, why does the official website state that it supports crypto.X509Certificate, and in the code, it can also print out that X509Certificate is an anonymous class, why does it report an error when used: Error: [unenv] crypto.X509Certificate is not implemented yet!

Both local and deploy to the server.

I really need help with this; if Cloudflare can't use the X509Certificate, it will be very troublesome!

[1yasa]

Success with compatibility_flags = ["nodejs_compat"]:

But compatibility_flags = ["nodejs_compat_v2"] can treat cryptp as node:crypto, even import * from 'crypto' in packages, it use unenv as polyfills for nodejs apis, However, when it polyfills the crypto module for Node.js, it ignores the internal implementation of workerd.

So is there a way to merge the Node.js API implementation of workerd with that of unenv (using workerd's implementation when the API is not implemented in unenv, instead of throwing an Error: [unenv] crypto.X509Certificate is not implemented yet!)?

[IgorMinar]

it's because this code is outdated now that we have a native crypto implementation:

https://github.com/unjs/unenv/blob/main/src/runtime/node/crypto/%24cloudflare.ts#L12-L41

related issue: https://github.com/cloudflare/workerd/issues/2097

more recent discussion on how to stay up to date: https://github.com/unjs/unenv/issues/294

[anonrig]

This will be fixed with the next release.

[1yasa]

This will be fixed with the next release.

Unrecognized or unimplemented EC curve \"id-ecPublicKey\" requested when use crypto with compatibility_flags = ["nodejs_compat"].

Here is the error source:

https://github.com/agisboye/app-store-server-api/blob/main/src/Decoding.ts#L47

Here is the error detail:

So my question is, the X509 implemented by workerd seems to be completely unusable when using the decodeJWS function of /app-store-server-api.

Did I make a mistake, or does the X509 implementation in workerd indeed throw an error when trying to get the public key with cert.publicKey? Below is my business code (for reproduction):

const app_store_api = getAppStoreApi()
const res_subscription = await app_store_api.getSubscriptionStatuses(tid!)

const item = res_subscription.data[0].lastTransactions.find(item => item.originalTransactionId === tid)!

const res_transaction = await decodeTransaction(item.signedTransactionInfo)

[vicb]

@1yasa the PR referenced above on cloudflare/workers-sdk will expose the workerd implentation for crypto.X509Certificate when the nodejs_compat_v2 flag is used.

This should be released in wrangler 3.78.7 later today. Please note that you can test now by using the wrangler build in https://github.com/cloudflare/workers-sdk/pull/6782#issuecomment-2362936857

Once this is released we will close the issue "Runtime APIs: Error: [unenv] crypto.X509Certificate is not implemented yet!".

If you still see problems, please open a distinct issue to make tracking easier.

Thanks!

[1yasa]

@1yasa the PR referenced above on cloudflare/workers-sdk will expose the workerd implentation for crypto.X509Certificate when the nodejs_compat_v2 flag is used.

This should be released in wrangler 3.78.7 later today. Please note that you can test now by using the wrangler build in cloudflare/workers-sdk#6782 (comment)

Once this is released we will close the issue "Runtime APIs: Error: [unenv] crypto.X509Certificate is not implemented yet!".

If you still see problems, please open a distinct issue to make tracking easier.

Thanks!

Get. Thanks!