samlesa 2.12.3 → 2.12.5

package/src/libsaml.ts

@@ -3,12 +3,12 @@
 * @author tngan
 * @desc  A simple library including some common functions
 */
-
+import { createSign, createPrivateKey,createVerify } from 'node:crypto';
 import utility, { flattenDeep, isString } from './utility.js';
 import { algorithms, wording, namespace } from './urn.js';
 import { select } from 'xpath';
 import { MetadataInterface } from './metadata.js';
-import nrsa, { SigningSchemeHash } from 'node-rsa';
+
 import { SignedXml } from 'xml-crypto';
 import * as xmlenc from 'xml-encryption';
 import { extract } from './extractor.js';
@@ -22,7 +22,22 @@ const signatureAlgorithms = algorithms.signature;
 const digestAlgorithms = algorithms.digest;
 const certUse = wording.certUse;
 const urlParams = wording.urlParams;
+/**
+ * 算法名称映射表 (兼容 X.509 和 SAML 规范)
+ */
+function mapSignAlgorithm(algorithm: string): string {
+  const algorithmMap =  {
+    'rsa-sha1': 'RSA-SHA1',
+    'rsa-sha256': 'RSA-SHA256',
+    'rsa-sha384': 'RSA-SHA384',
+    'rsa-sha512': 'RSA-SHA512',
+    'ecdsa-sha256': 'ECDSA-SHA256',
+    'ecdsa-sha384': 'ECDSA-SHA384',
+    'ecdsa-sha512': 'ECDSA-SHA512'
+  };
 
+  return algorithmMap[algorithm.toLowerCase()] || algorithm;
+}
 export interface SignatureConstructor {
   rawSamlMessage: string;
   referenceTagXPath?: string;
@@ -139,6 +154,11 @@ const libSaml = () => {
     'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256': 'pkcs1-sha256',
     'http://www.w3.org/2001/04/xmldsig-more#rsa-sha512': 'pkcs1-sha512',
   };
+  const nrsaAliasMappingForNode = {
+    'http://www.w3.org/2000/09/xmldsig#rsa-sha1': 'RSA-SHA1',
+    'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256': 'RSA-SHA256',
+    'http://www.w3.org/2001/04/xmldsig-more#rsa-sha512': 'RSA-SHA512',
+  };
   /**
   * @desc Default login request template
   * @type {LoginRequestTemplate}
@@ -189,20 +209,15 @@ const libSaml = () => {
   const defaultLogoutResponseTemplate = {
     context: '<samlp:LogoutResponse xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="{ID}" Version="2.0" IssueInstant="{IssueInstant}" Destination="{Destination}" InResponseTo="{InResponseTo}"><saml:Issuer>{Issuer}</saml:Issuer><samlp:Status><samlp:StatusCode Value="{StatusCode}"/></samlp:Status></samlp:LogoutResponse>',
   };
-  /**
-  * @private
-  * @desc Get the signing scheme alias by signature algorithms, used by the node-rsa module
-  * @param {string} sigAlg    signature algorithm
-  * @return {string/null} signing algorithm short-hand for the module node-rsa
-  */
-  function getSigningScheme(sigAlg?: string): SigningSchemeHash {
+
+  function getSigningSchemeForNode(sigAlg?: string){
     if (sigAlg) {
-      const algAlias = nrsaAliasMapping[sigAlg];
+      const algAlias = nrsaAliasMappingForNode[sigAlg];
       if (!(algAlias === undefined)) {
         return algAlias;
       }
     }
-    return nrsaAliasMapping[signatureAlgorithms.RSA_SHA1];
+    return nrsaAliasMappingForNode[signatureAlgorithms.RSA_SHA1];
   }
   /**
   * @private
@@ -376,7 +391,7 @@ const libSaml = () => {
      */
     verifySignature(xml: string, opts: SignatureVerifierOptions) {
       const { dom } = getContext();
-      const doc = dom.parseFromString(xml);
+      const doc = dom.parseFromString(xml,'application/xml') as unknown as Node;
 
       const docParser = new DOMParser();
       // In order to avoid the wrapping attack, we have changed to use absolute xpath instead of naively fetching the signature element
@@ -397,6 +412,7 @@ const libSaml = () => {
       selection = selection.concat(assertionSignatureNode);
 
       // try to catch potential wrapping attack
+      // @ts-expect-error misssing Node properties are not needed
       if (wrappingElementNode.length !== 0) {
         throw new Error('ERR_POTENTIAL_WRAPPING_ATTACK');
       }
@@ -476,14 +492,14 @@ const libSaml = () => {
         // attempt is made to get the signed Reference as a string();
         // note, we don't have access to the actual signedReferences API unfortunately
         // mainly a sanity check here for SAML. (Although ours would still be secure, if multiple references are used)
-        if (!(sig.getReferences().length >= 1)) {
+        if (!(sig.getSignedReferences().length >= 1)) {
           throw new Error('NO_SIGNATURE_REFERENCES')
         }
         const signedVerifiedXML = sig.getSignedReferences()[0];
-        const rootNode = docParser.parseFromString(signedVerifiedXML, 'text/xml').documentElement;
+        const rootNode = docParser.parseFromString(signedVerifiedXML, 'text/xml').documentElement as unknown as Element;
         // process the verified signature:
         // case 1, rootSignedDoc is a response:
-        if (rootNode.localName === 'Response') {
+        if (rootNode?.localName === 'Response') {
 
           // try getting the Xml from the first assertion
           const EncryptedAssertions = select(
@@ -496,17 +512,18 @@ const libSaml = () => {
           );
 
             // now we can process the assertion as an assertion
+          // @ts-expect-error misssing Node properties are not needed
             if (EncryptedAssertions.length === 1) {
-
+              // @ts-expect-error misssing Node properties are not needed
               return [true, EncryptedAssertions[0].toString()];
             }
-
+          // @ts-expect-error misssing Node properties are not needed
           if (assertions.length === 1) {
-
+            // @ts-expect-error misssing Node properties are not needed
             return [true, assertions[0].toString()];
           }
 
-        } else if (rootNode.localName === 'Assertion') {
+        } else if (rootNode?.localName === 'Assertion') {
           return [true, rootNode.toString()];
         } else {
           return [true, null]; // signature is valid. But there is no assertion node here. It could be metadata node, hence return null
@@ -587,42 +604,51 @@ const libSaml = () => {
           }],
       };
     },
+
     /**
-    * @desc Constructs SAML message
-    * @param  {string} octetString               see "Bindings for the OASIS Security Assertion Markup Language (SAML V2.0)" P.17/46
-    * @param  {string} key                       declares the pem-formatted private key
-    * @param  {string} passphrase                passphrase of private key [optional]
-    * @param  {string} signingAlgorithm          signing algorithm
-    * @return {string} message signature
-    */
+     * SAML 消息签名 (符合 SAML V2.0 绑定规范)
+     * @param octetString - 要签名的原始数据 (OCTET STRING)
+     * @param key - PEM 格式私钥
+     * @param passphrase - 私钥密码 (如果有加密)
+     * @param isBase64 - 是否返回 base64 编码 (默认 true)
+     * @param signingAlgorithm - 签名算法 (默认 'rsa-sha256')
+     * @returns 消息签名
+     */
+
     constructMessageSignature(
-      octetString: string,
-      key: string,
-      passphrase?: string,
-      isBase64?: boolean,
-      signingAlgorithm?: string
-    ) {
-      // Default returning base64 encoded signature
-      // Embed with node-rsa module
-      const decryptedKey = new nrsa(
-        utility.readPrivateKey(key, passphrase),
-        undefined,
-        {
-          signingScheme: getSigningScheme(signingAlgorithm),
-        }
-      );
-      const signature = decryptedKey.sign(octetString);
-      // Use private key to sign data
-      return isBase64 !== false ? signature.toString('base64') : signature;
-    },
-    /**
-    * @desc Verifies message signature
-    * @param  {Metadata} metadata                 metadata object of identity provider or service provider
-    * @param  {string} octetString                see "Bindings for the OASIS Security Assertion Markup Language (SAML V2.0)" P.17/46
-    * @param  {string} signature                  context of XML signature
-    * @param  {string} verifyAlgorithm            algorithm used to verify
-    * @return {boolean} verification result
-    */
+      octetString: string | Buffer,
+    key: string | Buffer,
+    passphrase?: string,
+    isBase64: boolean = true,
+    signingAlgorithm: string = nrsaAliasMappingForNode[signatureAlgorithms.RSA_SHA1]
+): string | Buffer {
+    try {
+      // 1. 标准化输入数据
+      const inputData = Buffer.isBuffer(octetString)
+        ? octetString
+        : Buffer.from(octetString, 'utf8');
+      // 2. 创建签名器并设置算
+      const signingAlgorithmValue = getSigningSchemeForNode(signingAlgorithm)
+      const signer = createSign(signingAlgorithmValue)
+
+      // 3. 加载私钥
+      const privateKey = createPrivateKey({
+        key: key,
+        format: 'pem',
+        passphrase: passphrase,
+        encoding: 'utf8'
+      });
+      signer.write(octetString);
+      signer.end();
+      const signature = signer.sign(privateKey, 'base64');
+      console.log(signature.toString());
+      console.log('dayingyixia')
+      // 5. 处理编码输出
+      return isBase64 ? signature.toString() : signature;
+    } catch (error) {
+      throw new Error(`SAML 签名失败: ${error.message}`);
+    }
+  },
     verifyMessageSignature(
       metadata,
       octetString: string,
@@ -630,10 +656,17 @@ const libSaml = () => {
       verifyAlgorithm?: string
     ) {
       const signCert = metadata.getX509Certificate(certUse.signing);
-      const signingScheme = getSigningScheme(verifyAlgorithm);
-      const key = new nrsa(utility.getPublicKeyPemFromCertificate(signCert), 'public', { signingScheme });
-      return key.verify(Buffer.from(octetString), Buffer.from(signature));
+      const signingScheme = getSigningSchemeForNode(verifyAlgorithm);
+      const verifier = createVerify(signingScheme);
+      verifier.update(octetString);
+      const isValid = verifier.verify(utility.getPublicKeyPemFromCertificate(signCert),       Buffer.isBuffer(signature) ? signature : Buffer.from(signature, 'base64'));
+      console.log(isValid);
+      console.log('验证结果-------------')
+      return isValid
+
     },
+
+
     /**
     * @desc Get the public key in string format
     * @param  {string} x509Certificate certificate
@@ -668,7 +701,7 @@ const libSaml = () => {
         const sourceEntitySetting = sourceEntity.entitySetting;
         const targetEntityMetadata = targetEntity.entityMeta;
         const { dom } = getContext();
-        const doc = dom.parseFromString(xml);
+        const doc = dom.parseFromString(xml,'application/xml')  as unknown as Node;
         const assertions = select("//*[local-name(.)='Assertion']", doc) as Node[];
         if (!Array.isArray(assertions) || assertions.length === 0) {
           throw new Error('ERR_NO_ASSERTION');
@@ -701,8 +734,8 @@ const libSaml = () => {
               return reject(new Error('ERR_UNDEFINED_ENCRYPTED_ASSERTION'));
             }
             const { encryptedAssertion: encAssertionPrefix } = sourceEntitySetting.tagPrefix;
-            const encryptAssertionDoc = dom.parseFromString(`<${encAssertionPrefix}:EncryptedAssertion xmlns:${encAssertionPrefix}="${namespace.names.assertion}">${res}</${encAssertionPrefix}:EncryptedAssertion>`);
-            doc.documentElement.replaceChild(encryptAssertionDoc.documentElement, rawAssertionNode);
+            const encryptAssertionDoc = dom.parseFromString(`<${encAssertionPrefix}:EncryptedAssertion xmlns:${encAssertionPrefix}="${namespace.names.assertion}">${res}</${encAssertionPrefix}:EncryptedAssertion>`,'application/xml');
+            (doc as Document)?.replaceChild(encryptAssertionDoc.documentElement  as unknown as Node, rawAssertionNode) ;
             return resolve(utility.base64Encode(doc.toString()));
           });
         } else {
@@ -727,7 +760,7 @@ const libSaml = () => {
         // Perform encryption depends on the setting of where the message is sent, default is false
         const hereSetting = here.entitySetting;
         const { dom  } = getContext();
-        const doc = dom.parseFromString(entireXML);
+        const doc = dom.parseFromString(entireXML,'application/xml')  as unknown as Node;
         const encryptedAssertions = select("/*[contains(local-name(), 'Response')]/*[local-name(.)='EncryptedAssertion']", doc) as Node[];
         if (!Array.isArray(encryptedAssertions) || encryptedAssertions.length === 0) {
           throw new Error('ERR_UNDEFINED_ENCRYPTED_ASSERTION');
@@ -746,8 +779,8 @@ const libSaml = () => {
           if (!res) {
             return reject(new Error('ERR_UNDEFINED_ENCRYPTED_ASSERTION'));
           }
-          const rawAssertionDoc = dom.parseFromString(res);
-          doc.documentElement.replaceChild(rawAssertionDoc.documentElement, encAssertionNode);
+          const rawAssertionDoc = dom.parseFromString(res,'application/xml') ;
+          (doc as Document)?.replaceChild(rawAssertionDoc?.documentElement as unknown as Node , encAssertionNode);
           return resolve([doc.toString(), res]);
         });
       });

package/src/utility.ts

@@ -1,13 +1,13 @@
 /**
-* @file utility.ts
-* @author tngan
-* @desc  Library for some common functions (e.g. de/inflation, en/decoding)
-*/
-import { pki, util, asn1 } from 'node-forge';
-import { X509Certificate } from 'node:crypto';
+ * @file utility.ts
+ * @author tngan
+ * @desc  Library for some common functions (e.g. de/inflation, en/decoding)
+ */
+
+import {X509Certificate,createPrivateKey } from 'node:crypto';
 
 
-import { inflate, deflate } from 'pako';
+import {inflate, deflate} from 'pako';
 
 const BASE64_STR = 'base64';
 
@@ -36,6 +36,7 @@ export function zipObject(arr1: string[], arr2: any[], skipDuplicated = true) {
 
   }, {});
 }
+
 /**
  * @desc Alternative to lodash.flattenDeep
  * @reference https://github.com/you-dont-need/You-Dont-Need-Lodash-Underscore#_flattendeep
@@ -43,9 +44,10 @@ export function zipObject(arr1: string[], arr2: any[], skipDuplicated = true) {
  */
 export function flattenDeep(input: any[]) {
   return Array.isArray(input)
-  ? input.reduce( (a, b) => a.concat(flattenDeep(b)) , [])
-  : [input];
+    ? input.reduce((a, b) => a.concat(flattenDeep(b)), [])
+    : [input];
 }
+
 /**
  * @desc Alternative to lodash.last
  * @reference https://github.com/you-dont-need/You-Dont-Need-Lodash-Underscore#_last
@@ -54,6 +56,7 @@ export function flattenDeep(input: any[]) {
 export function last(input: any[]) {
   return input.slice(-1)[0];
 }
+
 /**
  * @desc Alternative to lodash.uniq
  * @reference https://github.com/you-dont-need/You-Dont-Need-Lodash-Underscore#_uniq
@@ -61,8 +64,9 @@ export function last(input: any[]) {
  */
 export function uniq(input: string[]) {
   const set = new Set(input);
-  return [... set];
+  return [...set];
 }
+
 /**
  * @desc Alternative to lodash.get
  * @reference https://github.com/you-dont-need/You-Dont-Need-Lodash-Underscore#_get
@@ -72,8 +76,9 @@ export function uniq(input: string[]) {
  */
 export function get(obj, path, defaultValue) {
   return path.split('.')
-  .reduce((a, c) => (a && a[c] ? a[c] : (defaultValue || null)), obj);
+    .reduce((a, c) => (a && a[c] ? a[c] : (defaultValue || null)), obj);
 }
+
 /**
  * @desc Check if the input is string
  * @param {any} input
@@ -81,107 +86,123 @@ export function get(obj, path, defaultValue) {
 export function isString(input: any) {
   return typeof input === 'string';
 }
+
 /**
-* @desc Encode string with base64 format
-* @param  {string} message                       plain-text message
-* @return {string} base64 encoded string
-*/
+ * @desc Encode string with base64 format
+ * @param  {string} message                       plain-text message
+ * @return {string} base64 encoded string
+ */
 function base64Encode(message: string | number[]) {
   return Buffer.from(message as string).toString(BASE64_STR);
 }
+
 /**
-* @desc Decode string from base64 format
-* @param  {string} base64Message                 encoded string
-* @param  {boolean} isBytes                      determine the return value type (True: bytes False: string)
-* @return {bytes/string}  decoded bytes/string depends on isBytes, default is {string}
-*/
+ * @desc Decode string from base64 format
+ * @param  {string} base64Message                 encoded string
+ * @param  {boolean} isBytes                      determine the return value type (True: bytes False: string)
+ * @return {bytes/string}  decoded bytes/string depends on isBytes, default is {string}
+ */
 export function base64Decode(base64Message: string, isBytes?: boolean): string | Buffer {
   const bytes = Buffer.from(base64Message, BASE64_STR);
   return Boolean(isBytes) ? bytes : bytes.toString();
 }
+
 /**
-* @desc Compress the string
-* @param  {string} message
-* @return {string} compressed string
-*/
+ * @desc Compress the string
+ * @param  {string} message
+ * @return {string} compressed string
+ */
 function deflateString(message: string): number[] {
   const input = Array.prototype.map.call(message, char => char.charCodeAt(0));
-  return Array.from(deflate(input, { raw: true }));
+  return Array.from(deflate(input, {raw: true}));
 }
+
 /**
-* @desc Decompress the compressed string
-* @param  {string} compressedString
-* @return {string} decompressed string
-*/
+ * @desc Decompress the compressed string
+ * @param  {string} compressedString
+ * @return {string} decompressed string
+ */
 export function inflateString(compressedString: string): string {
   const inputBuffer = Buffer.from(compressedString, BASE64_STR);
   const input = Array.prototype.map.call(inputBuffer.toString('binary'), char => char.charCodeAt(0));
-  return Array.from(inflate(input, { raw: true }))
+  return Array.from(inflate(input, {raw: true}))
     .map((byte: number) => String.fromCharCode(byte))
     .join('');
 }
+
 /**
-* @desc Abstract the normalizeCerString and normalizePemString
-* @param {buffer} File stream or string
-* @param {string} String for header and tail
-* @return {string} A formatted certificate string
-*/
+ * @desc Abstract the normalizeCerString and normalizePemString
+ * @param {buffer} File stream or string
+ * @param {string} String for header and tail
+ * @return {string} A formatted certificate string
+ */
 function _normalizeCerString(bin: string | Buffer, format: string) {
   return bin.toString().replace(/\n/g, '').replace(/\r/g, '').replace(`-----BEGIN ${format}-----`, '').replace(`-----END ${format}-----`, '').replace(/ /g, '').replace(/\t/g, '');
 }
+
 /**
-* @desc Parse the .cer to string format without line break, header and footer
-* @param  {string} certString     declares the certificate contents
-* @return {string} certificiate in string format
-*/
+ * @desc Parse the .cer to string format without line break, header and footer
+ * @param  {string} certString     declares the certificate contents
+ * @return {string} certificiate in string format
+ */
 function normalizeCerString(certString: string | Buffer) {
   return _normalizeCerString(certString, 'CERTIFICATE');
 }
+
 /**
-* @desc Normalize the string in .pem format without line break, header and footer
-* @param  {string} pemString
-* @return {string} private key in string format
-*/
+ * @desc Normalize the string in .pem format without line break, header and footer
+ * @param  {string} pemString
+ * @return {string} private key in string format
+ */
 function normalizePemString(pemString: string | Buffer) {
   return _normalizeCerString(pemString.toString(), 'RSA PRIVATE KEY');
 }
+
 /**
-* @desc Return the complete URL
-* @param  {object} req                   HTTP request
-* @return {string} URL
-*/
+ * @desc Return the complete URL
+ * @param  {object} req                   HTTP request
+ * @return {string} URL
+ */
 function getFullURL(req) {
   return `${req.protocol}://${req.get('host')}${req.originalUrl}`;
 }
+
 /**
-* @desc Parse input string, return default value if it is undefined
-* @param  {string/boolean}
-* @return {boolean}
-*/
+ * @desc Parse input string, return default value if it is undefined
+ * @param  {string/boolean}
+ * @return {boolean}
+ */
 function parseString(str, defaultValue = '') {
   return str || defaultValue;
 }
+
 /**
-* @desc Override the object by another object (rtl)
-* @param  {object} default object
-* @param  {object} object applied to the default object
-* @return {object} result object
-*/
+ * @desc Override the object by another object (rtl)
+ * @param  {object} default object
+ * @param  {object} object applied to the default object
+ * @return {object} result object
+ */
 function applyDefault(obj1, obj2) {
   return Object.assign({}, obj1, obj2);
 }
+
 /**
-* @desc Get public key in pem format from the certificate included in the metadata
-* @param {string} x509 certificate
-* @return {string} public key fetched from the certificate
-*/
+ * @desc Get public key in pem format from the certificate included in the metadata
+ * @param {string} x509 certificate
+ * @return {string} public key fetched from the certificate
+ */
 function getPublicKeyPemFromCertificate(x509CertificateString: string) {
-  const certDerBytes = util.decode64(x509CertificateString);
-  const obj = asn1.fromDer(certDerBytes);
-  const cert = pki.certificateFromAsn1(obj);
-  return pki.publicKeyToPem(cert.publicKey);
-}
+  const derBuffer = Buffer.from(x509CertificateString, 'base64');
+  // 解析 X.509 证书
+  const cert2 = new X509Certificate(derBuffer);
+  const publicKeyObject = cert2.publicKey
+  // 3. 导出为 PEM 格式
+  return publicKeyObject.export({
+    type: 'spki',   // 使用 Subject Public Key Info 结构
+    format: 'pem'  // 输出 PEM 格式
+  });
 
+}
 
 
 /*function getPublicKeyPemFromCertificate(x509Certificate: string): string {
@@ -197,25 +218,75 @@ function getPublicKeyPemFromCertificate(x509CertificateString: string) {
   return cert.publicKey?.toString();
 }*/
 /**
-* @desc Read private key from pem-formatted string
-* @param {string | Buffer} keyString pem-formatted string
-* @param {string} protected passphrase of the key
-* @return {string} string in pem format
-* If passphrase is used to protect the .pem content (recommend)
-*/
-export function readPrivateKey(keyString: string | Buffer, passphrase: string | undefined, isOutputString?: boolean) {
-  return isString(passphrase) ? this.convertToString(pki.privateKeyToPem(pki.decryptRsaPrivateKey(String(keyString), passphrase)), isOutputString) : keyString;
+ * @desc Read private key from pem-formatted string
+ * @param {string | Buffer} keyString pem-formatted string
+ * @param {string} protected passphrase of the key
+ * @return {string} string in pem format
+ * If passphrase is used to protect the .pem content (recommend)
+ */
+
+/**
+ * PEM 头尾格式校验与修复
+ */
+function validatePEMHeaders(pem: string, keyType: string): string {
+  const expectedHeader = `-----BEGIN ${keyType}-----`;
+  const expectedFooter = `-----END ${keyType}-----`;
+
+  // 自动修复不规范的 PEM 头尾
+  return pem
+      .replace(/-{5}.*PRIVATE KEY-{5}/g, '')  // 清除已有头尾
+      .replace(/(\r\n|\n|\r)/gm, '\n')       // 统一换行符
+      .trim() +                               // 清理空白
+    `\n${expectedHeader}\n${pem}\n${expectedFooter}\n`;
 }
+export function readPrivateKey(
+  keyString: string | Buffer,
+  passphrase?: string,
+  isOutputString: boolean = true
+): string | Buffer {
+  try {
+    // 统一转换为字符串格式处理
+    const pemKey = Buffer.isBuffer(keyString)
+      ? keyString.toString('utf8')
+      : keyString;
+
+    // 创建私钥对象 (自动处理加密)
+    const keyObject = createPrivateKey({
+      key: pemKey,
+      format: 'pem',
+      passphrase: isString(passphrase) ? passphrase : undefined,
+      encoding: 'utf8'
+    });
+
+    // 验证密钥类型为 RSA
+    if (keyObject.asymmetricKeyType !== 'rsa') {
+      throw new Error('仅支持 RSA 私钥类型');
+    }
+
+    // 强制转换为 PKCS#1 格式
+    const exported = keyObject.export({
+      type: 'pkcs1',      // 明确指定 RSA 传统格式
+      format: 'pem'      // 输出为 PEM 格式
+    }) as string;
+
+    return isOutputString ? String(exported) : Buffer.from(exported, 'utf8');
+  } catch (error) {
+    throw new Error(`私钥读取失败: ${error.message}`);
+  }
+}
+
+
 /**
-* @desc Inline syntax sugar
-*/
+ * @desc Inline syntax sugar
+ */
 function convertToString(input, isOutputString) {
   return Boolean(isOutputString) ? String(input) : input;
 }
+
 /**
  * @desc Check if the input is an array with non-zero size
  */
-export function isNonEmptyArray(a:any) {
+export function isNonEmptyArray(a: any) {
   return Array.isArray(a) && a.length > 0;
 }
 

package/types/index.d.ts

@@ -1,10 +1,10 @@
-import IdentityProvider, { IdentityProvider as IdentityProviderInstance } from './src/entity-idp.js';
-import ServiceProvider, { ServiceProvider as ServiceProviderInstance } from './src/entity-sp.js';
-export { default as IdPMetadata } from './src/metadata-idp.js';
-export { default as SPMetadata } from './src/metadata-sp.js';
-export { default as Utility } from './src/utility.js';
-export { default as SamlLib } from './src/libsaml.js';
-import * as Constants from './src/urn.js';
-import * as Extractor from './src/extractor.js';
-import { setSchemaValidator, setDOMParserOptions } from './src/api.js';
-export { Constants, Extractor, IdentityProvider, IdentityProviderInstance, ServiceProvider, ServiceProviderInstance, setSchemaValidator, setDOMParserOptions };
+import IdentityProvider, { IdentityProvider as IdentityProviderInstance } from './src/entity-idp.js';
+import ServiceProvider, { ServiceProvider as ServiceProviderInstance } from './src/entity-sp.js';
+export { default as IdPMetadata } from './src/metadata-idp.js';
+export { default as SPMetadata } from './src/metadata-sp.js';
+export { default as Utility } from './src/utility.js';
+export { default as SamlLib } from './src/libsaml.js';
+import * as Constants from './src/urn.js';
+import * as Extractor from './src/extractor.js';
+import { setSchemaValidator, setDOMParserOptions } from './src/api.js';
+export { Constants, Extractor, IdentityProvider, IdentityProviderInstance, ServiceProvider, ServiceProviderInstance, setSchemaValidator, setDOMParserOptions };

package/types/src/api.d.ts

@@ -1,13 +1,13 @@
-import { DOMParser as dom, Options as DOMParserOptions } from '@xmldom/xmldom';
-interface Context extends ValidatorContext, DOMParserContext {
-}
-interface ValidatorContext {
-    validate?: (xml: string) => Promise<any>;
-}
-interface DOMParserContext {
-    dom: dom;
-}
-export declare function getContext(): Context;
-export declare function setSchemaValidator(params: ValidatorContext): void;
-export declare function setDOMParserOptions(options?: DOMParserOptions): void;
-export {};
+import { DOMParser as dom, DOMParserOptions } from '@xmldom/xmldom';
+interface Context extends ValidatorContext, DOMParserContext {
+}
+interface ValidatorContext {
+    validate?: (xml: string) => Promise<any>;
+}
+interface DOMParserContext {
+    dom: dom;
+}
+export declare function getContext(): Context;
+export declare function setSchemaValidator(params: ValidatorContext): void;
+export declare function setDOMParserOptions(options?: DOMParserOptions): void;
+export {};