gmgauthier/mocksaml
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Code cleanup

Browse Source
This commit is contained in:
Kiran 2022-02-23 19:18:20 +05:30
parent faa3946353
commit 9b86ea8b2e
6 changed files with 42 additions and 38 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
pages/api/saml/auth.ts
View File

@ -1,3 +1,4 @@
import config from 'lib/env';
import type { NextApiRequest, NextApiResponse } from 'next'; import type { NextApiRequest, NextApiResponse } from 'next';
import type { User } from 'types'; import type { User } from 'types';
import { import {
@ -7,22 +8,23 @@ import {
fetchPublicKey, fetchPublicKey,
signResponseXML, signResponseXML,
} from 'utils'; } from 'utils';
import config from 'lib/env';
export default async function handler(req: NextApiRequest, res: NextApiResponse) { export default async function handler(req: NextApiRequest, res: NextApiResponse) {
if (req.method === 'POST') { if (req.method === 'POST') {
const email = req.body.email; const email = req.body.email;
if (!email.endsWith('@example.com')) { if (!email.endsWith('@example.com')) {
res.status(403).send(`${email} denied access`); res.status(403).send(`${email} denied access`);
} }
const id = email.replace('@example.com', ''); const id = email.replace('@example.com', '');
const user: User = { const user: User = {
id, id,
email, email,
firstName: id, firstName: id,
lastName: id, lastName: id,
}; };
console.log(`🏁`, user);
const xml = await createResponseXML({ const xml = await createResponseXML({
idpIdentityId: config.entityId, idpIdentityId: config.entityId,

5
pages/api/saml/sso.ts
View File

@ -12,15 +12,16 @@ export default async function handler(req: NextApiRequest, res: NextApiResponse<
async function processSAMLRequest() { async function processSAMLRequest() {
const relayState = <string>req.query.RelayState; const relayState = <string>req.query.RelayState;
const samlRequest = <string>req.query.SAMLRequest; const samlRequest = <string>req.query.SAMLRequest;
try { try {
const { id, audience, acsUrl, providerName } = await extractSAMLRequestAttributes(samlRequest); const { id, audience, acsUrl, providerName } = await extractSAMLRequestAttributes(samlRequest);
const params = new URLSearchParams({ id, audience, acsUrl, providerName, relayState }); const params = new URLSearchParams({ id, audience, acsUrl, providerName, relayState });
res.redirect(302, `/saml/login?${params.toString()}`); res.redirect(302, `/saml/login?${params.toString()}`);
} catch (err) { } catch (err) {
console.error(err); console.error(err);
res.status(500).send(`Error parsing SAML request`); res.status(500).send(`Error parsing SAML request`);
} }
// const audience = config.entityId;
} }
} }

30
utils/certificate.ts
View File

@ -1,4 +1,5 @@
import { promises as fs } from 'fs'; import { promises as fs } from 'fs';
import { asn1, pki, util } from 'node-forge';
import path from 'path'; import path from 'path';
const fetchPublicKey = async (): Promise<string> => { const fetchPublicKey = async (): Promise<string> => {
@ -9,6 +10,14 @@ const fetchPrivateKey = async (): Promise<string> => {
return await fs.readFile(path.join('data', 'key.pem'), 'ascii'); return await fs.readFile(path.join('data', 'key.pem'), 'ascii');
}; };
function getPublicKeyPemFromCertificate(x509Certificate: string) {
const certDerBytes = util.decode64(x509Certificate);
const obj = asn1.fromDer(certDerBytes);
const cert = pki.certificateFromAsn1(obj);
return pki.publicKeyToPem(cert.publicKey);
}
const stripCertHeaderAndFooter = (cert: string): string => { const stripCertHeaderAndFooter = (cert: string): string => {
cert = cert.replace(/-+BEGIN CERTIFICATE-+\r?\n?/, ''); cert = cert.replace(/-+BEGIN CERTIFICATE-+\r?\n?/, '');
cert = cert.replace(/-+END CERTIFICATE-+\r?\n?/, ''); cert = cert.replace(/-+END CERTIFICATE-+\r?\n?/, '');
@ -17,4 +26,23 @@ const stripCertHeaderAndFooter = (cert: string): string => {
return cert; return cert;
}; };
export { fetchPublicKey, fetchPrivateKey, stripCertHeaderAndFooter }; function GetKeyInfo(x509Certificate: string, signatureConfig: any = {}) {
x509Certificate = stripCertHeaderAndFooter(x509Certificate);
this.getKeyInfo = () => {
const prefix = signatureConfig.prefix ? `${signatureConfig.prefix}:` : '';
return `<${prefix}X509Data><${prefix}X509Certificate>${x509Certificate}</${prefix}X509Certificate></${prefix}X509Data>`;
};
this.getKey = () => {
return getPublicKeyPemFromCertificate(x509Certificate).toString();
};
}
export {
fetchPublicKey,
fetchPrivateKey,
stripCertHeaderAndFooter,
getPublicKeyPemFromCertificate,
GetKeyInfo,
};

2
utils/index.ts
View File

@ -1,4 +1,4 @@
export * from './certificate'; export * from './certificate';
export * from './idp';
export * from './request'; export * from './request';
export * from './response'; export * from './response';
export * from './idp';

2
utils/request.ts
View File

@ -1,5 +1,5 @@
import xml2js from 'xml2js';
import { promisify } from 'util'; import { promisify } from 'util';
import xml2js from 'xml2js';
import { inflateRaw } from 'zlib'; import { inflateRaw } from 'zlib';
const inflateRawAsync = promisify(inflateRaw); const inflateRawAsync = promisify(inflateRaw);

35
utils/response.ts
View File

@ -1,8 +1,8 @@
import { User } from '../types';
import xmlbuilder from 'xmlbuilder';
import crypto from 'crypto'; import crypto from 'crypto';
import { SignedXml, FileKeyInfo } from 'xml-crypto'; import { SignedXml } from 'xml-crypto';
import { pki, util, asn1 } from 'node-forge'; import xmlbuilder from 'xmlbuilder';
import { User } from '../types';
import { GetKeyInfo } from './certificate';
const createResponseXML = async (params: { const createResponseXML = async (params: {
idpIdentityId: string; idpIdentityId: string;
@ -156,33 +156,6 @@ const createResponseForm = (relayState: string, encodedSamlResponse: string, acs
return formElements.join(''); return formElements.join('');
}; };
function getPublicKeyPemFromCertificate(x509Certificate: string) {
const certDerBytes = util.decode64(x509Certificate);
const obj = asn1.fromDer(certDerBytes);
const cert = pki.certificateFromAsn1(obj);
return pki.publicKeyToPem(cert.publicKey);
}
const stripCertHeaderAndFooter = (cert: string): string => {
cert = cert.replace(/-+BEGIN CERTIFICATE-+\r?\n?/, '');
cert = cert.replace(/-+END CERTIFICATE-+\r?\n?/, '');
cert = cert.replace(/\r\n/g, '\n');
return cert;
};
function GetKeyInfo(x509Certificate: string, signatureConfig: any = {}) {
x509Certificate = stripCertHeaderAndFooter(x509Certificate);
this.getKeyInfo = () => {
const prefix = signatureConfig.prefix ? `${signatureConfig.prefix}:` : '';
return `<${prefix}X509Data><${prefix}X509Certificate>${x509Certificate}</${prefix}X509Certificate></${prefix}X509Data>`;
};
this.getKey = () => {
return getPublicKeyPemFromCertificate(x509Certificate).toString();
};
}
const signResponseXML = async (xml: string, signingKey: any, publicKey: any): Promise<string> => { const signResponseXML = async (xml: string, signingKey: any, publicKey: any): Promise<string> => {
const sig = new SignedXml(); const sig = new SignedXml();
const responseXPath = const responseXPath =