Merge upstream
This commit is contained in:
commit
3e0bcd2b5b
9 changed files with 173 additions and 159 deletions
|
|
@ -63,8 +63,8 @@
|
|||
},
|
||||
"dependencies": {
|
||||
"@authenio/samlify-node-xmllint": "2.0.0",
|
||||
"@aws-sdk/client-s3": "3.777.0",
|
||||
"@aws-sdk/lib-storage": "3.777.0",
|
||||
"@aws-sdk/client-s3": "3.779.0",
|
||||
"@aws-sdk/lib-storage": "3.779.0",
|
||||
"@bull-board/api": "6.7.10",
|
||||
"@bull-board/fastify": "6.7.10",
|
||||
"@bull-board/ui": "6.7.10",
|
||||
|
|
@ -117,7 +117,7 @@
|
|||
"file-type": "20.4.1",
|
||||
"fluent-ffmpeg": "2.1.3",
|
||||
"form-data": "4.0.2",
|
||||
"got": "14.4.6",
|
||||
"got": "14.4.7",
|
||||
"hpagent": "1.2.0",
|
||||
"htmlescape": "1.1.1",
|
||||
"http-link-header": "1.1.3",
|
||||
|
|
@ -153,7 +153,7 @@
|
|||
"pg": "8.14.1",
|
||||
"pino": "9.6.0",
|
||||
"pino-pretty": "13.0.0",
|
||||
"pkce-challenge": "4.1.0",
|
||||
"pkce-challenge": "5.0.0",
|
||||
"probe-image-size": "7.2.3",
|
||||
"promise-limit": "2.7.0",
|
||||
"psl": "1.15.0",
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@ export async function genX509CertFromJWK(
|
|||
notAfter: Date,
|
||||
publicKey: string,
|
||||
privateKey: string,
|
||||
alg: string,
|
||||
): Promise<string> {
|
||||
const cert = forge.pki.createCertificate();
|
||||
cert.serialNumber = '01';
|
||||
|
|
@ -17,13 +18,13 @@ export async function genX509CertFromJWK(
|
|||
cert.setSubject(attrs);
|
||||
cert.setIssuer(attrs);
|
||||
cert.publicKey = await jose
|
||||
.importJWK(JSON.parse(publicKey))
|
||||
.importJWK(JSON.parse(publicKey), alg, { extractable: true })
|
||||
.then((k) => jose.exportSPKI(k as jose.CryptoKey))
|
||||
.then((k) => forge.pki.publicKeyFromPem(k));
|
||||
|
||||
cert.sign(
|
||||
await jose
|
||||
.importJWK(JSON.parse(privateKey))
|
||||
.importJWK(JSON.parse(privateKey), alg, { extractable: true })
|
||||
.then((k) => jose.exportPKCS8(k as jose.CryptoKey))
|
||||
.then((k) => forge.pki.privateKeyFromPem(k)),
|
||||
forge.md.sha256.create(),
|
||||
|
|
|
|||
|
|
@ -123,7 +123,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
|
|||
}
|
||||
|
||||
const { publicKey, privateKey } = ps.useCertificate
|
||||
? await jose.generateKeyPair(ps.signatureAlgorithm).then(async keypair => ({
|
||||
? await jose.generateKeyPair(ps.signatureAlgorithm, { extractable: true }).then(async keypair => ({
|
||||
publicKey: JSON.stringify(await jose.exportJWK(keypair.publicKey)),
|
||||
privateKey: JSON.stringify(await jose.exportJWK(keypair.privateKey)),
|
||||
}))
|
||||
|
|
@ -139,6 +139,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
|
|||
tenYearsLaterTime,
|
||||
publicKey,
|
||||
privateKey ?? '',
|
||||
ps.signatureAlgorithm,
|
||||
) : undefined;
|
||||
|
||||
const ssoServiceProvider = await this.singleSignOnServiceProviderRepository.insert({
|
||||
|
|
|
|||
|
|
@ -60,7 +60,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
|
|||
|
||||
const alg = ps.signatureAlgorithm ? ps.signatureAlgorithm : service.signatureAlgorithm;
|
||||
const { publicKey, privateKey } = ps.regenerateCertificate
|
||||
? await jose.generateKeyPair(alg).then(async keypair => ({
|
||||
? await jose.generateKeyPair(alg, { extractable: true }).then(async keypair => ({
|
||||
publicKey: JSON.stringify(await jose.exportJWK(keypair.publicKey)),
|
||||
privateKey: JSON.stringify(await jose.exportJWK(keypair.privateKey)),
|
||||
}))
|
||||
|
|
@ -76,6 +76,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
|
|||
tenYearsLaterTime,
|
||||
publicKey ?? '',
|
||||
privateKey ?? '',
|
||||
alg,
|
||||
) : undefined;
|
||||
|
||||
await this.singleSignOnServiceProviderRepository.update(service.id, {
|
||||
|
|
|
|||
|
|
@ -193,7 +193,7 @@ export class JWTIdentifyProviderService {
|
|||
try {
|
||||
if (ssoServiceProvider.cipherAlgorithm) {
|
||||
const key = ssoServiceProvider.publicKey.startsWith('{')
|
||||
? await jose.importJWK(JSON.parse(ssoServiceProvider.publicKey))
|
||||
? await jose.importJWK(JSON.parse(ssoServiceProvider.publicKey), ssoServiceProvider.signatureAlgorithm)
|
||||
: jose.base64url.decode(ssoServiceProvider.publicKey);
|
||||
|
||||
jwt = await new jose.EncryptJWT(payload)
|
||||
|
|
@ -211,7 +211,7 @@ export class JWTIdentifyProviderService {
|
|||
.encrypt(key);
|
||||
} else {
|
||||
const key = ssoServiceProvider.privateKey
|
||||
? await jose.importJWK(JSON.parse(ssoServiceProvider.privateKey))
|
||||
? await jose.importJWK(JSON.parse(ssoServiceProvider.privateKey), ssoServiceProvider.signatureAlgorithm)
|
||||
: jose.base64url.decode(ssoServiceProvider.publicKey);
|
||||
|
||||
jwt = await new jose.SignJWT(payload)
|
||||
|
|
@ -311,7 +311,7 @@ export class JWTIdentifyProviderService {
|
|||
try {
|
||||
if (ssoServiceProvider.cipherAlgorithm) {
|
||||
const key = ssoServiceProvider.privateKey
|
||||
? await jose.importJWK(JSON.parse(ssoServiceProvider.privateKey))
|
||||
? await jose.importJWK(JSON.parse(ssoServiceProvider.privateKey), ssoServiceProvider.signatureAlgorithm)
|
||||
: jose.base64url.decode(ssoServiceProvider.publicKey);
|
||||
|
||||
const { payload } = await jose.jwtDecrypt(jwt, key, {
|
||||
|
|
@ -323,7 +323,7 @@ export class JWTIdentifyProviderService {
|
|||
return;
|
||||
} else {
|
||||
const key = ssoServiceProvider.publicKey.startsWith('{')
|
||||
? await jose.importJWK(JSON.parse(ssoServiceProvider.publicKey))
|
||||
? await jose.importJWK(JSON.parse(ssoServiceProvider.publicKey), ssoServiceProvider.signatureAlgorithm)
|
||||
: jose.base64url.decode(ssoServiceProvider.publicKey);
|
||||
|
||||
const { payload } = await jose.jwtVerify(jwt, key, {
|
||||
|
|
|
|||
|
|
@ -238,7 +238,7 @@ export class SAMLIdentifyProviderService {
|
|||
const idp = saml.IdentityProvider({
|
||||
metadata: await this.createIdPMetadataXml(ssoServiceProvider),
|
||||
privateKey: await jose
|
||||
.importJWK(JSON.parse(ssoServiceProvider.privateKey ?? '{}'))
|
||||
.importJWK(JSON.parse(ssoServiceProvider.privateKey ?? '{}'), ssoServiceProvider.signatureAlgorithm, { extractable: true })
|
||||
.then(k => jose.exportPKCS8(k as jose.CryptoKey)),
|
||||
});
|
||||
|
||||
|
|
@ -392,7 +392,7 @@ export class SAMLIdentifyProviderService {
|
|||
const idp = saml.IdentityProvider({
|
||||
metadata: await this.createIdPMetadataXml(ssoServiceProvider),
|
||||
privateKey: await jose
|
||||
.importJWK(JSON.parse(ssoServiceProvider.privateKey ?? '{}'))
|
||||
.importJWK(JSON.parse(ssoServiceProvider.privateKey ?? '{}'), ssoServiceProvider.signatureAlgorithm, { extractable: true })
|
||||
.then(k => jose.exportPKCS8(k as jose.CryptoKey)),
|
||||
loginResponseTemplate: { context: 'ignored' },
|
||||
});
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue