diff --git a/src/context/directory/handlers/connections.ts b/src/context/directory/handlers/connections.ts index f3e23ed8..e53f2417 100644 --- a/src/context/directory/handlers/connections.ts +++ b/src/context/directory/handlers/connections.ts @@ -12,6 +12,7 @@ import { sanitize, ensureProp, mapClientID2NameSorted, + encodeCertStringToBase64, } from '../../../utils'; import { DirectoryHandler } from '.'; import DirectoryContext from '..'; @@ -88,6 +89,18 @@ async function dump(context: DirectoryContext): Promise { dumpedConnection.options.email.body = `./${connectionName}.html`; } + if (dumpedConnection.strategy === 'samlp' && dumpedConnection.options) { + if ('cert' in dumpedConnection.options) { + dumpedConnection.options.cert = encodeCertStringToBase64(dumpedConnection.options.cert); + } + + if ('signingCert' in dumpedConnection.options) { + dumpedConnection.options.signingCert = encodeCertStringToBase64( + dumpedConnection.options.signingCert + ); + } + } + const connectionFile = path.join(connectionsFolder, `${connectionName}.json`); dumpJSON(connectionFile, dumpedConnection); }); diff --git a/src/context/yaml/handlers/connections.ts b/src/context/yaml/handlers/connections.ts index 31abab41..c9dc3006 100644 --- a/src/context/yaml/handlers/connections.ts +++ b/src/context/yaml/handlers/connections.ts @@ -9,6 +9,7 @@ import { ensureProp, convertClientIdToName, mapClientID2NameSorted, + encodeCertStringToBase64, } from '../../../utils'; import { YAMLHandler } from '.'; import YAMLContext from '..'; @@ -90,6 +91,17 @@ async function dump(context: YAMLContext): Promise { dumpedConnection.options.email.body = `./${connectionName}.html`; } + if (dumpedConnection.strategy === 'samlp' && dumpedConnection.options) { + if ('cert' in dumpedConnection.options) { + dumpedConnection.options.cert = encodeCertStringToBase64(dumpedConnection.options.cert); + } + + if ('signingCert' in dumpedConnection.options) { + dumpedConnection.options.signingCert = encodeCertStringToBase64( + dumpedConnection.options.signingCert + ); + } + } return dumpedConnection; }), }; diff --git a/src/utils.ts b/src/utils.ts index fe68e1cf..737baa09 100644 --- a/src/utils.ts +++ b/src/utils.ts @@ -259,3 +259,16 @@ export const findKeyPathWithValue = (obj: any, findKey: string, parentPath: stri return results; }; + +/** + * Encodes a certificate string to Base64 format if it starts with '-----BEGIN CERTIFICATE-----'. + * + * @param cert - The certificate string to be encoded. + * @returns The Base64 encoded certificate string if the input starts with '-----BEGIN CERTIFICATE-----', otherwise returns the original string. + */ +export const encodeCertStringToBase64 = (cert: string) => { + if (cert?.startsWith('-----BEGIN CERTIFICATE-----')) { + return Buffer.from(cert).toString('base64'); + } + return cert; +}; diff --git a/test/utils.test.js b/test/utils.test.js index ef3e6d60..a46b2387 100644 --- a/test/utils.test.js +++ b/test/utils.test.js @@ -19,6 +19,7 @@ import { sanitize, stripIdentifiers, toConfigFn, + encodeCertStringToBase64, } from '../src/utils'; const mockConfigFn = () => {}; @@ -269,4 +270,23 @@ describe('#utils', function () { expect(mapClientID2NameSorted(null, null)).deep.equal([]); }); }); + + describe('encodeCertStringToBase64', () => { + it('should encode certificate string to Base64', () => { + const cert = + '-----BEGIN CERTIFICATE-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7\n-----END CERTIFICATE-----'; + const expectedBase64 = Buffer.from(cert).toString('base64'); + expect(encodeCertStringToBase64(cert)).to.equal(expectedBase64); + }); + + it('should return the original string if it does not start with "-----BEGIN CERTIFICATE-----"', () => { + const nonCertString = 'This is not a certificate'; + expect(encodeCertStringToBase64(nonCertString)).to.equal(nonCertString); + }); + + it('should return the original string if it is null or undefined', () => { + expect(encodeCertStringToBase64(null)).to.equal(null); + expect(encodeCertStringToBase64(undefined)).to.equal(undefined); + }); + }); });