Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More →
samlify - npm Package Compare versions
Comparing version 2.8.1 to 2.8.2
@@ -80,3 +80,5 @@ "use strict"; | ||
| var octetString = samlRequest + relayState + sigAlg; | ||
| return baseUrl + pvPair(queryParam, octetString, noParams) + pvPair(urlParams.signature, encodeURIComponent(libsaml_1.default.constructMessageSignature(queryParam + '=' + octetString, entitySetting.privateKey, entitySetting.privateKeyPass, undefined, entitySetting.requestSignatureAlgorithm))); | ||
| return baseUrl | ||
| + pvPair(queryParam, octetString, noParams) | ||
| + pvPair(urlParams.signature, encodeURIComponent(libsaml_1.default.constructMessageSignature(queryParam + '=' + octetString, entitySetting.privateKey, entitySetting.privateKeyPass, undefined, entitySetting.requestSignatureAlgorithm).toString())); | ||
| } | ||
@@ -83,0 +85,0 @@ return baseUrl + pvPair(queryParam, samlRequest + relayState, noParams); |
@@ -110,3 +110,3 @@ "use strict"; | ||
| var octetString = context + relayState + sigAlg; | ||
| return libsaml_1.default.constructMessageSignature(queryParam + '=' + octetString, entitySetting.privateKey, entitySetting.privateKeyPass, undefined, entitySetting.requestSignatureAlgorithm); | ||
| return libsaml_1.default.constructMessageSignature(queryParam + '=' + octetString, entitySetting.privateKey, entitySetting.privateKeyPass, undefined, entitySetting.requestSignatureAlgorithm).toString(); | ||
| } | ||
@@ -113,0 +113,0 @@ /** |
@@ -70,3 +70,3 @@ "use strict"; | ||
| var xpath_1 = require("xpath"); | ||
| var nrsa = __importStar(require("node-rsa")); | ||
| var node_rsa_1 = __importDefault(require("node-rsa")); | ||
| var xml_crypto_1 = require("xml-crypto"); | ||
@@ -100,5 +100,5 @@ var xmlenc = __importStar(require("@authenio/xml-encryption")); | ||
| var nrsaAliasMapping = { | ||
| 'http://www.w3.org/2000/09/xmldsig#rsa-sha1': 'sha1', | ||
| 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256': 'sha256', | ||
| 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha512': 'sha512', | ||
| 'http://www.w3.org/2000/09/xmldsig#rsa-sha1': 'pkcs1-sha1', | ||
| 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256': 'pkcs1-sha256', | ||
| 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha512': 'pkcs1-sha512', | ||
| }; | ||
@@ -131,3 +131,3 @@ /** | ||
| var defaultAttributeTemplate = { | ||
| context: '<saml:Attribute Name="{Name}" NameFormat="{NameFormat}"><AttributeValue xmlns:xs="{ValueXmlnsXs}" xmlns:xsi="{ValueXmlnsXsi}" xsi:type="{ValueXsiType}">{Value}</AttributeValue></Attribute>', | ||
| context: '<saml:Attribute Name="{Name}" NameFormat="{NameFormat}"><saml:AttributeValue xmlns:xs="{ValueXmlnsXs}" xmlns:xsi="{ValueXmlnsXsi}" xsi:type="{ValueXsiType}">{Value}</saml:AttributeValue></saml:Attribute>', | ||
| }; | ||
@@ -166,3 +166,3 @@ /** | ||
| } | ||
| return nrsaAliasMapping[signatureAlgorithms.RSA_SHA1]; // default value | ||
| return nrsaAliasMapping[signatureAlgorithms.RSA_SHA1]; | ||
| } | ||
@@ -235,8 +235,4 @@ /** | ||
| attributeStatementBuilder: function (attributes, attributeTemplate, attributeStatementTemplate) { | ||
| if (!attributeStatementTemplate) { | ||
| attributeStatementTemplate = defaultAttributeStatementTemplate; | ||
| } | ||
| if (!attributeTemplate) { | ||
| attributeTemplate = defaultAttributeTemplate; | ||
| } | ||
| if (attributeTemplate === void 0) { attributeTemplate = defaultAttributeTemplate; } | ||
| if (attributeStatementTemplate === void 0) { attributeStatementTemplate = defaultAttributeStatementTemplate; } | ||
| var attr = attributes.map(function (_a) { | ||
@@ -462,3 +458,3 @@ var name = _a.name, nameFormat = _a.nameFormat, valueTag = _a.valueTag, valueXsiType = _a.valueXsiType, valueXmlnsXs = _a.valueXmlnsXs, valueXmlnsXsi = _a.valueXmlnsXsi; | ||
| // Embed with node-rsa module | ||
| var decryptedKey = new nrsa(utility_1.default.readPrivateKey(key, passphrase), { | ||
| var decryptedKey = new node_rsa_1.default(utility_1.default.readPrivateKey(key, passphrase), 'private', { | ||
| signingScheme: getSigningScheme(signingAlgorithm), | ||
@@ -481,4 +477,4 @@ }); | ||
| var signingScheme = getSigningScheme(verifyAlgorithm); | ||
| var key = new nrsa(utility_1.default.getPublicKeyPemFromCertificate(signCert), { signingScheme: signingScheme }); | ||
| return key.verify(new Buffer(octetString), signature); | ||
| var key = new node_rsa_1.default(utility_1.default.getPublicKeyPemFromCertificate(signCert), 'public', { signingScheme: signingScheme }); | ||
| return key.verify(Buffer.from(octetString), Buffer.from(signature)); | ||
| }, | ||
@@ -485,0 +481,0 @@ /** |
@@ -17,21 +17,2 @@ "use strict"; | ||
| })(); | ||
| var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) { | ||
| if (k2 === undefined) k2 = k; | ||
| Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } }); | ||
| }) : (function(o, m, k, k2) { | ||
| if (k2 === undefined) k2 = k; | ||
| o[k2] = m[k]; | ||
| })); | ||
| var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) { | ||
| Object.defineProperty(o, "default", { enumerable: true, value: v }); | ||
| }) : function(o, v) { | ||
| o["default"] = v; | ||
| }); | ||
| var __importStar = (this && this.__importStar) || function (mod) { | ||
| if (mod && mod.__esModule) return mod; | ||
| var result = {}; | ||
| if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k); | ||
| __setModuleDefault(result, mod); | ||
| return result; | ||
| }; | ||
| var __importDefault = (this && this.__importDefault) || function (mod) { | ||
@@ -51,3 +32,3 @@ return (mod && mod.__esModule) ? mod : { "default": mod }; | ||
| var utility_1 = require("./utility"); | ||
| var xml = __importStar(require("xml")); | ||
| var xml_1 = __importDefault(require("xml")); | ||
| /* | ||
@@ -118,3 +99,3 @@ * @desc interface function | ||
| // Create a new metadata by setting | ||
| meta = xml([{ | ||
| meta = (0, xml_1.default)([{ | ||
| EntityDescriptor: [{ | ||
@@ -121,0 +102,0 @@ _attr: { |
@@ -17,21 +17,2 @@ "use strict"; | ||
| })(); | ||
| var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) { | ||
| if (k2 === undefined) k2 = k; | ||
| Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } }); | ||
| }) : (function(o, m, k, k2) { | ||
| if (k2 === undefined) k2 = k; | ||
| o[k2] = m[k]; | ||
| })); | ||
| var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) { | ||
| Object.defineProperty(o, "default", { enumerable: true, value: v }); | ||
| }) : function(o, v) { | ||
| o["default"] = v; | ||
| }); | ||
| var __importStar = (this && this.__importStar) || function (mod) { | ||
| if (mod && mod.__esModule) return mod; | ||
| var result = {}; | ||
| if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k); | ||
| __setModuleDefault(result, mod); | ||
| return result; | ||
| }; | ||
| var __importDefault = (this && this.__importDefault) || function (mod) { | ||
@@ -51,3 +32,3 @@ return (mod && mod.__esModule) ? mod : { "default": mod }; | ||
| var utility_1 = require("./utility"); | ||
| var xml = __importStar(require("xml")); | ||
| var xml_1 = __importDefault(require("xml")); | ||
| /* | ||
@@ -149,3 +130,3 @@ * @desc interface function | ||
| // Re-assign the meta reference as a XML string|Buffer for use with the parent constructor | ||
| meta = xml([{ | ||
| meta = (0, xml_1.default)([{ | ||
| EntityDescriptor: [{ | ||
@@ -152,0 +133,0 @@ _attr: { |
| { | ||
| "name": "samlify", | ||
| "version": "2.8.1", | ||
| "version": "2.8.2", | ||
| "description": "High-level API for Single Sign On (SAML 2.0)", | ||
@@ -49,5 +49,6 @@ "main": "build/index.js", | ||
| "@types/node-forge": "^0.10.3", | ||
| "@types/node-rsa": "^1.1.1", | ||
| "@types/pako": "^1.0.1", | ||
| "@types/uuid": "3.0.0", | ||
| "@types/xmldom": "^0.1.31", | ||
| "@types/uuid": "3.0.0", | ||
| "ava": "^3.15.0", | ||
@@ -54,0 +55,0 @@ "coveralls": "^3.1.0", |
@@ -65,3 +65,14 @@ /** | ||
| const octetString = samlRequest + relayState + sigAlg; | ||
| return baseUrl + pvPair(queryParam, octetString, noParams) + pvPair(urlParams.signature, encodeURIComponent(libsaml.constructMessageSignature(queryParam + '=' + octetString, entitySetting.privateKey, entitySetting.privateKeyPass, undefined, entitySetting.requestSignatureAlgorithm))); | ||
| return baseUrl | ||
| + pvPair(queryParam, octetString, noParams) | ||
| + pvPair(urlParams.signature, encodeURIComponent( | ||
| libsaml.constructMessageSignature( | ||
| queryParam + '=' + octetString, | ||
| entitySetting.privateKey, | ||
| entitySetting.privateKeyPass, | ||
| undefined, | ||
| entitySetting.requestSignatureAlgorithm | ||
| ).toString() | ||
| ) | ||
| ); | ||
| } | ||
@@ -144,3 +155,3 @@ return baseUrl + pvPair(queryParam, samlRequest + relayState, noParams); | ||
| // Five minutes later : nowtime + 5 * 60 * 1000 (in milliseconds) | ||
| const fiveMinutesLaterTime = new Date(nowTime.getTime() + 300_000 ); | ||
| const fiveMinutesLaterTime = new Date(nowTime.getTime() + 300_000); | ||
| const tvalue: any = { | ||
@@ -147,0 +158,0 @@ ID: id, |
@@ -63,3 +63,9 @@ /** | ||
| const octetString = context + relayState + sigAlg; | ||
| return libsaml.constructMessageSignature(queryParam + '=' + octetString, entitySetting.privateKey, entitySetting.privateKeyPass, undefined, entitySetting.requestSignatureAlgorithm); | ||
| return libsaml.constructMessageSignature( | ||
| queryParam + '=' + octetString, | ||
| entitySetting.privateKey, | ||
| entitySetting.privateKeyPass, | ||
| undefined, | ||
| entitySetting.requestSignatureAlgorithm | ||
| ).toString(); | ||
| } | ||
@@ -66,0 +72,0 @@ |
@@ -10,5 +10,5 @@ /** | ||
| import { algorithms, wording, namespace } from './urn'; | ||
| import { select, SelectedValue } from 'xpath'; | ||
| import { select } from 'xpath'; | ||
| import { MetadataInterface } from './metadata'; | ||
| import * as nrsa from 'node-rsa'; | ||
| import nrsa, { SigningSchemeHash } from 'node-rsa'; | ||
| import { SignedXml, FileKeyInfo } from 'xml-crypto'; | ||
@@ -64,3 +64,3 @@ import * as xmlenc from '@authenio/xml-encryption'; | ||
| attributeStatementTemplate?: AttributeStatementTemplate; | ||
| attributeTemplate?:AttributeTemplate; | ||
| attributeTemplate?: AttributeTemplate; | ||
| } | ||
@@ -96,3 +96,3 @@ | ||
| replaceTagsByValue: (rawXML: string, tagValues: any) => string; | ||
| attributeStatementBuilder: (attributes: LoginResponseAttribute[], attributeTemplate : AttributeTemplate, attributeStatementTemplate : AttributeStatementTemplate) => string; | ||
| attributeStatementBuilder: (attributes: LoginResponseAttribute[], attributeTemplate: AttributeTemplate, attributeStatementTemplate: AttributeStatementTemplate) => string; | ||
| constructSAMLSignature: (opts: SignatureConstructor) => string; | ||
@@ -138,5 +138,5 @@ verifySignature: (xml: string, opts) => [boolean, any]; | ||
| const nrsaAliasMapping = { | ||
| 'http://www.w3.org/2000/09/xmldsig#rsa-sha1': 'sha1', | ||
| 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256': 'sha256', | ||
| 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha512': 'sha512', | ||
| 'http://www.w3.org/2000/09/xmldsig#rsa-sha1': 'pkcs1-sha1', | ||
| 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256': 'pkcs1-sha256', | ||
| 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha512': 'pkcs1-sha512', | ||
| }; | ||
@@ -171,3 +171,3 @@ /** | ||
| const defaultAttributeTemplate = { | ||
| context: '<saml:Attribute Name="{Name}" NameFormat="{NameFormat}"><AttributeValue xmlns:xs="{ValueXmlnsXs}" xmlns:xsi="{ValueXmlnsXsi}" xsi:type="{ValueXsiType}">{Value}</AttributeValue></Attribute>', | ||
| context: '<saml:Attribute Name="{Name}" NameFormat="{NameFormat}"><saml:AttributeValue xmlns:xs="{ValueXmlnsXs}" xmlns:xsi="{ValueXmlnsXsi}" xsi:type="{ValueXsiType}">{Value}</saml:AttributeValue></saml:Attribute>', | ||
| }; | ||
@@ -182,3 +182,3 @@ | ||
| attributes: [], | ||
| additionalTemplates:{ | ||
| additionalTemplates: { | ||
| "attributeStatementTemplate": defaultAttributeStatementTemplate, | ||
@@ -201,3 +201,3 @@ "attributeTemplate": defaultAttributeTemplate | ||
| */ | ||
| function getSigningScheme(sigAlg?: string): string | null { | ||
| function getSigningScheme(sigAlg?: string): SigningSchemeHash { | ||
| if (sigAlg) { | ||
@@ -209,3 +209,3 @@ const algAlias = nrsaAliasMapping[sigAlg]; | ||
| } | ||
| return nrsaAliasMapping[signatureAlgorithms.RSA_SHA1]; // default value | ||
| return nrsaAliasMapping[signatureAlgorithms.RSA_SHA1]; | ||
| } | ||
@@ -281,23 +281,21 @@ /** | ||
| */ | ||
| attributeStatementBuilder(attributes: LoginResponseAttribute[], attributeTemplate : AttributeTemplate, attributeStatementTemplate : AttributeStatementTemplate): string { | ||
| if (!attributeStatementTemplate){ | ||
| attributeStatementTemplate = defaultAttributeStatementTemplate; | ||
| } | ||
| if (!attributeTemplate){ | ||
| attributeTemplate = defaultAttributeTemplate; | ||
| } | ||
| const attr = attributes.map(({ name, nameFormat, valueTag, valueXsiType, valueXmlnsXs, valueXmlnsXsi }) => { | ||
| const defaultValueXmlnsXs = 'http://www.w3.org/2001/XMLSchema'; | ||
| const defaultValueXmlnsXsi = 'http://www.w3.org/2001/XMLSchema-instance'; | ||
| let attributeLine = attributeTemplate.context; | ||
| attributeLine = attributeLine.replace('{Name}',name); | ||
| attributeLine = attributeLine.replace('{NameFormat}',nameFormat); | ||
| attributeLine = attributeLine.replace('{ValueXmlnsXs}',valueXmlnsXs ? valueXmlnsXs : defaultValueXmlnsXs); | ||
| attributeLine = attributeLine.replace('{ValueXmlnsXsi}',valueXmlnsXsi ? valueXmlnsXsi : defaultValueXmlnsXsi); | ||
| attributeLine = attributeLine.replace('{ValueXsiType}',valueXsiType); | ||
| attributeLine = attributeLine.replace('{Value}',`{${tagging('attr', valueTag)}}`); | ||
| return attributeLine; | ||
| }).join(''); | ||
| return attributeStatementTemplate.context.replace('{Attributes}',attr); | ||
| }, | ||
| attributeStatementBuilder( | ||
| attributes: LoginResponseAttribute[], | ||
| attributeTemplate: AttributeTemplate = defaultAttributeTemplate, | ||
| attributeStatementTemplate: AttributeStatementTemplate = defaultAttributeStatementTemplate | ||
| ): string { | ||
| const attr = attributes.map(({ name, nameFormat, valueTag, valueXsiType, valueXmlnsXs, valueXmlnsXsi }) => { | ||
| const defaultValueXmlnsXs = 'http://www.w3.org/2001/XMLSchema'; | ||
| const defaultValueXmlnsXsi = 'http://www.w3.org/2001/XMLSchema-instance'; | ||
| let attributeLine = attributeTemplate.context; | ||
| attributeLine = attributeLine.replace('{Name}', name); | ||
| attributeLine = attributeLine.replace('{NameFormat}', nameFormat); | ||
| attributeLine = attributeLine.replace('{ValueXmlnsXs}', valueXmlnsXs ? valueXmlnsXs : defaultValueXmlnsXs); | ||
| attributeLine = attributeLine.replace('{ValueXmlnsXsi}', valueXmlnsXsi ? valueXmlnsXsi : defaultValueXmlnsXsi); | ||
| attributeLine = attributeLine.replace('{ValueXsiType}', valueXsiType); | ||
| attributeLine = attributeLine.replace('{Value}', `{${tagging('attr', valueTag)}}`); | ||
| return attributeLine; | ||
| }).join(''); | ||
| return attributeStatementTemplate.context.replace('{Attributes}', attr); | ||
| }, | ||
@@ -549,8 +547,18 @@ /** | ||
| */ | ||
| constructMessageSignature(octetString: string, key: string, passphrase?: string, isBase64?: boolean, signingAlgorithm?: string) { | ||
| constructMessageSignature( | ||
| octetString: string, | ||
| key: string, | ||
| passphrase?: string, | ||
| isBase64?: boolean, | ||
| signingAlgorithm?: string | ||
| ) { | ||
| // Default returning base64 encoded signature | ||
| // Embed with node-rsa module | ||
| const decryptedKey = new nrsa(utility.readPrivateKey(key, passphrase), { | ||
| signingScheme: getSigningScheme(signingAlgorithm), | ||
| }); | ||
| const decryptedKey = new nrsa( | ||
| utility.readPrivateKey(key, passphrase), | ||
| 'private', | ||
| { | ||
| signingScheme: getSigningScheme(signingAlgorithm), | ||
| } | ||
| ); | ||
| const signature = decryptedKey.sign(octetString); | ||
@@ -568,7 +576,12 @@ // Use private key to sign data | ||
| */ | ||
| verifyMessageSignature(metadata, octetString: string, signature: string | Buffer, verifyAlgorithm?: string) { | ||
| verifyMessageSignature( | ||
| metadata, | ||
| octetString: string, | ||
| signature: string | Buffer, | ||
| verifyAlgorithm?: string | ||
| ) { | ||
| const signCert = metadata.getX509Certificate(certUse.signing); | ||
| const signingScheme = getSigningScheme(verifyAlgorithm); | ||
| const key = new nrsa(utility.getPublicKeyPemFromCertificate(signCert), { signingScheme }); | ||
| return key.verify(new Buffer(octetString), signature); | ||
| const key = new nrsa(utility.getPublicKeyPemFromCertificate(signCert), 'public', { signingScheme }); | ||
| return key.verify(Buffer.from(octetString), Buffer.from(signature)); | ||
| }, | ||
@@ -575,0 +588,0 @@ /** |
@@ -11,3 +11,3 @@ /** | ||
| import { isNonEmptyArray, isString } from './utility'; | ||
| import * as xml from 'xml'; | ||
| import xml from 'xml'; | ||
@@ -14,0 +14,0 @@ export interface IdpMetadataInterface extends MetadataInterface { |
@@ -11,3 +11,3 @@ /** | ||
| import { isNonEmptyArray, isString } from './utility'; | ||
| import * as xml from 'xml'; | ||
| import xml from 'xml'; | ||
@@ -14,0 +14,0 @@ export interface SpMetadataInterface extends MetadataInterface { |
@@ -132,3 +132,3 @@ /** | ||
| */ | ||
| attributeStatementBuilder(attributes: LoginResponseAttribute[], attributeTemplate: AttributeTemplate, attributeStatementTemplate: AttributeStatementTemplate): string; | ||
| attributeStatementBuilder(attributes: LoginResponseAttribute[], attributeTemplate?: AttributeTemplate, attributeStatementTemplate?: AttributeStatementTemplate): string; | ||
| /** | ||
@@ -169,3 +169,3 @@ * @desc Construct the XML signature for POST binding | ||
| */ | ||
| constructMessageSignature(octetString: string, key: string, passphrase?: string | undefined, isBase64?: boolean | undefined, signingAlgorithm?: string | undefined): any; | ||
| constructMessageSignature(octetString: string, key: string, passphrase?: string | undefined, isBase64?: boolean | undefined, signingAlgorithm?: string | undefined): string | Buffer; | ||
| /** | ||
@@ -179,3 +179,3 @@ * @desc Verifies message signature | ||
| */ | ||
| verifyMessageSignature(metadata: any, octetString: string, signature: string | Buffer, verifyAlgorithm?: string | undefined): any; | ||
| verifyMessageSignature(metadata: any, octetString: string, signature: string | Buffer, verifyAlgorithm?: string | undefined): boolean; | ||
| /** | ||
@@ -182,0 +182,0 @@ * @desc Get the public key in string format |
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Worsened metrics
- Total package byte prevSize
- decreased by-0.27%
489108
- Dev dependency count
- increased by7.69%
14
- Lines of code
- decreased by-0.13%
9000
No dependency changes