mocksaml/utils/request.ts

import { promisify } from 'util';
import xml2js from 'xml2js';
import { inflateRaw } from 'zlib';

const inflateRawAsync = promisify(inflateRaw);

// Parse XML
const parseXML = (xml: string): Promise<Record<string, any>> => {
  return new Promise((resolve, reject) => {
    xml2js.parseString(xml, (err: Error | null, result: any) => {
      if (err) {
        reject(err);
      }

      resolve(result);
    });
  });
};

// Decode the base64 string
const decodeBase64 = async (string: string, isDeflated: boolean) => {
  return isDeflated
    ? (await inflateRawAsync(Buffer.from(string, 'base64'))).toString()
    : Buffer.from(string, 'base64').toString();
};

// Parse SAMLRequest attributes
const extractSAMLRequestAttributes = async (rawRequest: string) => {
  const result = await parseXML(rawRequest);

  const attributes = result['samlp:AuthnRequest']['$'];
  const issuer = result['samlp:AuthnRequest']['saml:Issuer'];

  return {
    id: attributes.ID,
    acsUrl: attributes.AssertionConsumerServiceURL,
    providerName: attributes.ProviderName,
    audience: issuer[0]['_'],
    publicKey:
      result['samlp:AuthnRequest']['Signature'][0]['KeyInfo'][0]['X509Data'][0]['X509Certificate'][0],
  };
};

export { extractSAMLRequestAttributes, decodeBase64 };
Applied prettier 2022-02-22 06:14:12 +00:00			`import { promisify } from 'util';`
Code cleanup 2022-02-23 13:48:20 +00:00			`import xml2js from 'xml2js';`
Applied prettier 2022-02-22 06:14:12 +00:00			`import { inflateRaw } from 'zlib';`
cleanup util 2022-02-21 14:31:47 +00:00
parse SAML req 2022-02-22 05:35:42 +00:00			`const inflateRawAsync = promisify(inflateRaw);`
cleanup util 2022-02-21 14:31:47 +00:00
			`// Parse XML`
			`const parseXML = (xml: string): Promise<Record<string, any>> => {`
			`return new Promise((resolve, reject) => {`
Update deps (#24) * updated deps * updated saml20 2022-07-26 21:48:29 +00:00			`xml2js.parseString(xml, (err: Error \| null, result: any) => {`
Add prettier config and format files 2022-02-22 05:36:06 +00:00			`if (err) {`
cleanup util 2022-02-21 14:31:47 +00:00			`reject(err);`
			`}`

			`resolve(result);`
			`});`
			`});`
			`};`

Validate AuthnRequest signature (#11) * Validate AuthnRequest signature skelton * Code refactor: Move the base64decode to common method * wip * Add signature validation * Read the keys from config * Lock dep version Co-authored-by: Deepak Prabhakara <deepak@boxyhq.com> 2022-03-02 21:06:04 +00:00			`// Decode the base64 string`
			`const decodeBase64 = async (string: string, isDeflated: boolean) => {`
			`return isDeflated`
			`? (await inflateRawAsync(Buffer.from(string, 'base64'))).toString()`
			`: Buffer.from(string, 'base64').toString();`
			`};`

cleanup util 2022-02-21 14:31:47 +00:00			`// Parse SAMLRequest attributes`
Validate AuthnRequest signature (#11) * Validate AuthnRequest signature skelton * Code refactor: Move the base64decode to common method * wip * Add signature validation * Read the keys from config * Lock dep version Co-authored-by: Deepak Prabhakara <deepak@boxyhq.com> 2022-03-02 21:06:04 +00:00			`const extractSAMLRequestAttributes = async (rawRequest: string) => {`
			`const result = await parseXML(rawRequest);`
cleanup util 2022-02-21 14:31:47 +00:00
Applied prettier 2022-02-22 06:14:12 +00:00			`const attributes = result['samlp:AuthnRequest']['$'];`
			`const issuer = result['samlp:AuthnRequest']['saml:Issuer'];`
Validate AuthnRequest signature (#11) * Validate AuthnRequest signature skelton * Code refactor: Move the base64decode to common method * wip * Add signature validation * Read the keys from config * Lock dep version Co-authored-by: Deepak Prabhakara <deepak@boxyhq.com> 2022-03-02 21:06:04 +00:00
cleanup util 2022-02-21 14:31:47 +00:00			`return {`
parse SAML req 2022-02-22 05:35:42 +00:00			`id: attributes.ID,`
			`acsUrl: attributes.AssertionConsumerServiceURL,`
			`providerName: attributes.ProviderName,`
Applied prettier 2022-02-22 06:14:12 +00:00			`audience: issuer[0]['_'],`
Validate AuthnRequest signature (#11) * Validate AuthnRequest signature skelton * Code refactor: Move the base64decode to common method * wip * Add signature validation * Read the keys from config * Lock dep version Co-authored-by: Deepak Prabhakara <deepak@boxyhq.com> 2022-03-02 21:06:04 +00:00			`publicKey:`
			`result['samlp:AuthnRequest']['Signature'][0]['KeyInfo'][0]['X509Data'][0]['X509Certificate'][0],`
cleanup util 2022-02-21 14:31:47 +00:00			`};`
			`};`

Switch to saml20 (#21) * Use boxyhq/saml20 * use sign from saml20 * cleaned up GetKeyInfo * cleaned up getPublicKeyPemFromCertificate * cleaned up node-forge * use hasValidSignature from saml20 * cleanup and update saml20 to the beta version * throw an error if signature is not valid * updated saml20 2022-04-26 17:02:12 +00:00			`export { extractSAMLRequestAttributes, decodeBase64 };`