From 1f09de0c882deb20a23c5681ecb6ee063f04f35e Mon Sep 17 00:00:00 2001
From: Kiran <kiran@boxyhq.com>
Date: Mon, 21 Feb 2022 18:45:17 +0530
Subject: [PATCH] wip

---
 data/{x509cert.txt => idp-private-key.txt} |  0
 data/idp-public-key.txt                    |  0
 data/saml-response.xml                     | 58 ----------------
 utils/index.ts                             | 81 +++++++++++-----------
 4 files changed, 42 insertions(+), 97 deletions(-)
 rename data/{x509cert.txt => idp-private-key.txt} (100%)
 create mode 100644 data/idp-public-key.txt
 delete mode 100644 data/saml-response.xml

diff --git a/data/x509cert.txt b/data/idp-private-key.txt
similarity index 100%
rename from data/x509cert.txt
rename to data/idp-private-key.txt
diff --git a/data/idp-public-key.txt b/data/idp-public-key.txt
new file mode 100644
index 0000000..e69de29
diff --git a/data/saml-response.xml b/data/saml-response.xml
deleted file mode 100644
index 391b2b0..0000000
--- a/data/saml-response.xml
+++ /dev/null
@@ -1,58 +0,0 @@
-<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<saml2p:Response xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" Destination="https://28a2-103-153-104-43.ngrok.io/sso/acs" ID="_41a01ff26e2669a4ffe974cd57079b3c" InResponseTo="_f5da12eb6e20fd04b654" IssueInstant="2022-01-14T18:39:01.757Z" Version="2.0">
-	<saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">idp_entity_id</saml2:Issuer>
-	<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-		<ds:SignedInfo>
-			<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
-			<ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
-			<ds:Reference URI="#_41a01ff26e2669a4ffe974cd57079b3c">
-				<ds:Transforms>
-					<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
-					<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
-				</ds:Transforms>
-				<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
-				<ds:DigestValue>xPMc7SSHhFSWGljyk1L8mRE1M6otu0qlukR42E6QdiQ=</ds:DigestValue>
-			</ds:Reference>
-		</ds:SignedInfo>
-		<ds:SignatureValue>VXlnv1pN3BsHvfbwkugYfsgcjoiXzsbm8OiWczkbNQcadaYTHgIOPf9mNLLJXq1vSfBVLyDY+1Xq</ds:SignatureValue>
-		<ds:KeyInfo>
-			<ds:X509Data>
-				<ds:X509SubjectName>ST=California,C=US,OU=Google For Work,CN=Google,L=Mountain View,O=Google Inc.</ds:X509SubjectName>
-				<ds:X509Certificate>MIIDdDCCAlygAwIBAgIGAXo6K+u/MA0GCSqGSIb3DQEBCwUAMHsxFDASBgNVBAoTC0dvb2dsZSBJ</ds:X509Certificate>
-			</ds:X509Data>
-		</ds:KeyInfo>
-	</ds:Signature>
-	<saml2p:Status>
-		<saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
-	</saml2p:Status>
-	<saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" ID="_28c7bb0ebe6359c70c1b2a9b7b1f280a" IssueInstant="2022-01-14T18:39:01.757Z" Version="2.0">
-		<saml2:Issuer>idp_entity_id</saml2:Issuer>
-		<saml2:Subject>
-			<saml2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">user_email</saml2:NameID>
-			<saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
-				<saml2:SubjectConfirmationData InResponseTo="_f5da12eb6e20fd04b654" NotOnOrAfter="2022-01-14T18:44:01.757Z" Recipient="sp_acs_url"/>
-			</saml2:SubjectConfirmation>
-		</saml2:Subject>
-		<saml2:Conditions NotBefore="2022-01-14T18:34:01.757Z" NotOnOrAfter="2022-01-14T18:44:01.757Z">
-			<saml2:AudienceRestriction>
-				<saml2:Audience>https://saml.boxyhq.com</saml2:Audience>
-			</saml2:AudienceRestriction>
-		</saml2:Conditions>
-		<saml2:AttributeStatement>
-			<saml2:Attribute Name="email">
-				<saml2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:anyType">user_email</saml2:AttributeValue>
-			</saml2:Attribute>
-			<saml2:Attribute Name="firstName">
-				<saml2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:anyType">user_firstName</saml2:AttributeValue>
-			</saml2:Attribute>
-			<saml2:Attribute Name="lastName">
-				<saml2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:anyType">user_lastName</saml2:AttributeValue>
-			</saml2:Attribute>
-		</saml2:AttributeStatement>
-		<saml2:AuthnStatement AuthnInstant="2022-01-14T15:01:16.000Z" SessionIndex="_28c7bb0ebe6359c70c1b2a9b7b1f280a">
-			<saml2:AuthnContext>
-				<saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</saml2:AuthnContextClassRef>
-			</saml2:AuthnContext>
-		</saml2:AuthnStatement>
-	</saml2:Assertion>
-</saml2p:Response>
\ No newline at end of file
diff --git a/utils/index.ts b/utils/index.ts
index 5d39dec..baea3c9 100644
--- a/utils/index.ts
+++ b/utils/index.ts
@@ -56,7 +56,7 @@ const createIdPMetadataXML = async ({
 };
 
 const createCertificate = async () => {
-  const certificateFilePath = path.join('data', 'x509cert.txt');
+  const certificateFilePath = path.join('data', 'idp-public-key.txt');
 
   return await fs.readFile(certificateFilePath, 'utf8');
 };
@@ -85,9 +85,44 @@ const createSAMLResponseXML = async (params: {
   authDate.setMinutes(authDate.getMinutes() + 10);
   const notAfter = authDate.toISOString();
 
-  const inResponseTo = '_dde944f3d9cb96238b0c'
+  const inResponseTo = '_1234'
   const responseId = crypto.randomBytes(10).toString('hex');
 
+  const attributeStatement = {
+    '@xmlns:xs': 'http://www.w3.org/2001/XMLSchema',
+    '@xmlns:xsi': 'http://www.w3.org/2001/XMLSchema-instance',
+    'saml:Attribute' : [
+      {
+        '@Name': 'id',
+        '@NameFormat': 'urn:oasis:names:tc:SAML:2.0:attrname-format:basic',
+        'saml:AttributeValue': {
+          '#text': user.id,
+        }
+      },
+      {
+        '@Name': 'email',
+        '@NameFormat': 'urn:oasis:names:tc:SAML:2.0:attrname-format:basic',
+        'saml:AttributeValue': {
+          '#text': user.email,
+        }
+      },
+      {
+        '@Name': 'firstName',
+        '@NameFormat': 'urn:oasis:names:tc:SAML:2.0:attrname-format:basic',
+        'saml:AttributeValue': {
+          '#text': user.firstName,
+        }
+      },
+      {
+        '@Name': 'lastName',
+        '@NameFormat': 'urn:oasis:names:tc:SAML:2.0:attrname-format:basic',
+        'saml:AttributeValue': {
+          '#text': user.lastName,
+        }
+      },
+    ]
+  }
+
   const nodes = {
     'samlp:Response':{
       '@xmlns:samlp': 'urn:oasis:names:tc:SAML:2.0:protocol',
@@ -137,49 +172,17 @@ const createSAMLResponseXML = async (params: {
             }
           }
         },
-        'saml:AttributeStatement': {
-          '@xmlns:xs': 'http://www.w3.org/2001/XMLSchema',
-          '@xmlns:xsi': 'http://www.w3.org/2001/XMLSchema-instance',
-          'saml:Attribute': [
-            {
-              '@Name': 'id',
-              '@NameFormat': 'urn:oasis:names:tc:SAML:2.0:attrname-format:basic',
-              'saml:AttributeValue': {
-                '#text': user.id,
-              }
-            },
-            {
-              '@Name': 'email',
-              '@NameFormat': 'urn:oasis:names:tc:SAML:2.0:attrname-format:basic',
-              'saml:AttributeValue': {
-                '#text': user.email,
-              }
-            },
-            {
-              '@Name': 'firstName',
-              '@NameFormat': 'urn:oasis:names:tc:SAML:2.0:attrname-format:basic',
-              'saml:AttributeValue': {
-                '#text': user.firstName,
-              }
-            },
-            {
-              '@Name': 'lastName',
-              '@NameFormat': 'urn:oasis:names:tc:SAML:2.0:attrname-format:basic',
-              'saml:AttributeValue': {
-                '#text': user.lastName,
-              }
-            },
-          ]
-        }
-      }
+        'saml:AttributeStatement': attributeStatement,
+      },
     }
   }
 
   return xmlbuilder.create(nodes).end({ pretty: true});
 };
 
-// Add DigestValue
-// Add X509Certificate
+const signResponseXML = (xml: string, signingKey: any, publicKey: any): string => {
+  return xml;
+}
 
 // Create the HTML form to submit the response
 export const createResponseForm = (relayState: string, encodedSamlResponse: string, acsUrl: string) => {