deps: replace jsrsasign

We were only using a couple of utility functionss to parse tokens, not to
validate them in any way.

package-lock.json

@@ -5313,9 +5313,9 @@
       "integrity": "sha1-eAqZyE59YAJgNhURxId2E78k9rs="
     },
     "base64-js": {
-      "version": "1.2.3",
-      "resolved": "https://registry.npmjs.org/base64-js/-/base64-js-1.2.3.tgz",
-      "integrity": "sha512-MsAhsUW1GxCdgYSO6tAfZrNapmUKk7mWx/k5mFY/A1gBtkaCaNapTg+FExCw1r9yeaZhqx/xPg43xgTFH6KL5w=="
+      "version": "1.3.1",
+      "resolved": "https://registry.npmjs.org/base64-js/-/base64-js-1.3.1.tgz",
+      "integrity": "sha512-mLQ4i2QO1ytvGWFWmcngKO//JXAQueZvwEKtjgQFM4jIK0kU+ytMfplL8j+n5mspOfjHwoAg+9yhb7BwAHm36g=="
     },
     "basic-auth": {
       "version": "2.0.1",
@@ -10714,11 +10714,6 @@
         "verror": "1.10.0"
       }
     },
-    "jsrsasign": {
-      "version": "8.0.12",
-      "resolved": "https://registry.npmjs.org/jsrsasign/-/jsrsasign-8.0.12.tgz",
-      "integrity": "sha1-Iqu5ZW00owuVMENnIINeicLlwxY="
-    },
     "jssha": {
       "version": "2.3.1",
       "resolved": "https://registry.npmjs.org/jssha/-/jssha-2.3.1.tgz",

package.json

@@ -41,6 +41,7 @@
     "@tensorflow/tfjs": "1.5.1",
     "@webcomponents/url": "0.7.1",
     "amplitude-js": "4.5.2",
+    "base64-js": "1.3.1",
     "bc-css-flags": "3.0.0",
     "dropbox": "4.0.9",
     "i18n-iso-countries": "3.7.8",
@@ -54,7 +55,6 @@
     "jquery-i18next": "1.2.1",
     "js-md5": "0.6.1",
     "js-utils": "github:jitsi/js-utils#cf11996bd866fdb47326c59a5d3bc24be17282d4",
-    "jsrsasign": "8.0.12",
     "jwt-decode": "2.2.0",
     "lib-jitsi-meet": "github:jitsi/lib-jitsi-meet#3c8d411c96fdfa18c57111630f29880f3f72949e",
     "libflacjs": "github:mmig/libflac.js#93d37e7f811f01cf7d8b6a603e38bd3c3810907d",

react/features/calendar-sync/web/microsoftCalendar.js

@@ -1,7 +1,8 @@
 // @flow
 
 import { Client } from '@microsoft/microsoft-graph-client';
-import rs from 'jsrsasign';
+import base64js from 'base64-js';
+
 import type { Dispatch } from 'redux';
 
 import { createDeferred } from '../../../../modules/util/helpers';
@@ -452,8 +453,13 @@ function getValidatedTokenParts(tokenInfo, guids, appId) {
         return null;
     }
 
-    const payload
-         = rs.KJUR.jws.JWS.readSafeJSONString(rs.b64utoutf8(tokenParts[1]));
+    let payload;
+
+    try {
+        payload = JSON.parse(b64utoutf8(tokenParts[1]));
+    } catch (e) {
+        return null;
+    }
 
     if (payload.nonce !== guids.authNonce
         || payload.aud !== appId
@@ -596,3 +602,40 @@ function s4(num) {
 
     return ret;
 }
+
+/**
+ * Convert a Base64URL encoded string to a UTF-8 encoded string including CJK or Latin.
+ *
+ * @param {string} str - The string that needs conversion.
+ * @private
+ * @returns {string} - The converted string.
+ */
+function b64utoutf8(str) {
+    let s = str;
+
+    // Convert from Base64URL to Base64.
+
+    if (s.length % 4 === 2) {
+        s += '==';
+    } else if (s.length % 4 === 3) {
+        s += '=';
+    }
+
+    s = s.replace(/-/g, '+').replace(/_/g, '/');
+
+    // Convert Base64 to a byte array.
+
+    const bytes = base64js.toByteArray(s);
+
+    // Convert bytes to hex.
+
+    s = bytes.reduce((str_, byte) => str_ + byte.toString(16).padStart(2, '0'), '');
+
+    // Convert a hexadecimal string to a URLComponent string
+
+    s = s.replace(/(..)/g, '%$1');
+
+    // Decodee the URI component
+
+    return decodeURIComponent(s);
+}