@boxyhq/saml-jackson 0.3.8-beta.761 → 0.3.8-beta.767

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/dist/controller/oauth.js +1 -0
  2. package/dist/saml/saml.d.ts +2 -1
  3. package/dist/saml/saml.js +30 -3
  4. package/dist/typings.d.ts +1 -0
  5. package/package.json +1 -1
package/dist/controller/oauth.js CHANGED
@@ -138,6 +138,7 @@ class OAuthController {
138
138
  entityID: this.opts.samlAudience,
139
139
  callbackUrl: this.opts.externalUrl + this.opts.samlPath,
140
140
  signingKey: samlConfig.certs.privateKey,
141
+ publicKey: samlConfig.certs.publicKey,
141
142
  });
142
143
  const sessionId = crypto_1.default.randomBytes(16).toString('hex');
143
144
  yield this.sessionStore.put(sessionId, {
package/dist/saml/saml.d.ts CHANGED
@@ -1,6 +1,7 @@
1
1
  import { SAMLProfile, SAMLReq } from '../typings';
2
+ export declare const stripCertHeaderAndFooter: (cert: string) => string;
2
3
  declare const _default: {
3
- request: ({ ssoUrl, entityID, callbackUrl, isPassive, forceAuthn, identifierFormat, providerName, signingKey, }: SAMLReq) => {
4
+ request: ({ ssoUrl, entityID, callbackUrl, isPassive, forceAuthn, identifierFormat, providerName, signingKey, publicKey, }: SAMLReq) => {
4
5
  id: string;
5
6
  request: string;
6
7
  };
package/dist/saml/saml.js CHANGED
@@ -31,6 +31,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
31
31
  return (mod && mod.__esModule) ? mod : { "default": mod };
32
32
  };
33
33
  Object.defineProperty(exports, "__esModule", { value: true });
34
+ exports.stripCertHeaderAndFooter = void 0;
34
35
  const saml20_1 = __importDefault(require("@boxyhq/saml20"));
35
36
  const xml2js_1 = __importDefault(require("xml2js"));
36
37
  const thumbprint_1 = __importDefault(require("thumbprint"));
@@ -42,7 +43,32 @@ const claims_1 = __importDefault(require("./claims"));
42
43
  const idPrefix = '_';
43
44
  const authnXPath = '/*[local-name(.)="AuthnRequest" and namespace-uri(.)="urn:oasis:names:tc:SAML:2.0:protocol"]';
44
45
  const issuerXPath = '/*[local-name(.)="Issuer" and namespace-uri(.)="urn:oasis:names:tc:SAML:2.0:assertion"]';
45
- const signRequest = (xml, signingKey) => {
46
+ const stripCertHeaderAndFooter = (cert) => {
47
+ cert = cert.replace(/-+BEGIN CERTIFICATE-+\r?\n?/, '');
48
+ cert = cert.replace(/-+END CERTIFICATE-+\r?\n?/, '');
49
+ cert = cert.replace(/\r\n/g, '\n');
50
+ return cert;
51
+ };
52
+ exports.stripCertHeaderAndFooter = stripCertHeaderAndFooter;
53
+ function PubKeyInfo(pubKey) {
54
+ this.pubKey = (0, exports.stripCertHeaderAndFooter)(pubKey);
55
+ this.getKeyInfo = function (_key, prefix) {
56
+ prefix = prefix || '';
57
+ prefix = prefix ? prefix + ':' : prefix;
58
+ return ('<' +
59
+ prefix +
60
+ 'X509Data><' +
61
+ prefix +
62
+ 'X509Certificate>' +
63
+ this.pubKey +
64
+ '</' +
65
+ prefix +
66
+ 'X509Certificate></' +
67
+ prefix +
68
+ 'X509Data>');
69
+ };
70
+ }
71
+ const signRequest = (xml, signingKey, publicKey) => {
46
72
  if (!xml) {
47
73
  throw new Error('Please specify xml');
48
74
  }
@@ -51,6 +77,7 @@ const signRequest = (xml, signingKey) => {
51
77
  }
52
78
  const sig = new xml_crypto_1.default.SignedXml();
53
79
  sig.signatureAlgorithm = 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256';
80
+ sig.keyInfoProvider = new PubKeyInfo(publicKey);
54
81
  sig.signingKey = signingKey;
55
82
  sig.addReference(authnXPath, ['http://www.w3.org/2000/09/xmldsig#enveloped-signature', 'http://www.w3.org/2001/10/xml-exc-c14n#'], 'http://www.w3.org/2001/04/xmlenc#sha256');
56
83
  sig.computeSignature(xml, {
@@ -58,7 +85,7 @@ const signRequest = (xml, signingKey) => {
58
85
  });
59
86
  return sig.getSignedXml();
60
87
  };
61
- const request = ({ ssoUrl, entityID, callbackUrl, isPassive = false, forceAuthn = false, identifierFormat = 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress', providerName = 'BoxyHQ', signingKey, }) => {
88
+ const request = ({ ssoUrl, entityID, callbackUrl, isPassive = false, forceAuthn = false, identifierFormat = 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress', providerName = 'BoxyHQ', signingKey, publicKey, }) => {
62
89
  const id = idPrefix + crypto_1.default.randomBytes(10).toString('hex');
63
90
  const date = new Date().toISOString();
64
91
  // eslint-disable-next-line @typescript-eslint/no-explicit-any
@@ -92,7 +119,7 @@ const request = ({ ssoUrl, entityID, callbackUrl, isPassive = false, forceAuthn
92
119
  }
93
120
  let xml = xmlbuilder_1.default.create(samlReq).end({});
94
121
  if (signingKey) {
95
- xml = signRequest(xml, signingKey);
122
+ xml = signRequest(xml, signingKey, publicKey);
96
123
  }
97
124
  return {
98
125
  id,
package/dist/typings.d.ts CHANGED
@@ -110,6 +110,7 @@ export interface SAMLReq {
110
110
  identifierFormat?: 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress';
111
111
  providerName?: 'BoxyHQ';
112
112
  signingKey: string;
113
+ publicKey: string;
113
114
  }
114
115
  export interface SAMLProfile {
115
116
  audience: string;
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@boxyhq/saml-jackson",
3
- "version": "0.3.8-beta.761",
3
+ "version": "0.3.8-beta.767",
4
4
  "description": "SAML 2.0 service",
5
5
  "keywords": [
6
6
  "SAML 2.0"