samlesa 2.12.3

package/tslint.json

@@ -0,0 +1,35 @@
+{
+    "extends": "tslint:recommended",
+    "rulesDirectory": [],
+    "linterOptions": {
+      "exclude": [
+        "node_modules/**"
+      ]
+    },
+    "rules": {
+      "arrow-parens": [true, "ban-single-arg-parens"],
+      "comment-format": false,
+      "interface-name": [true, "never-prefix"],
+      "jsdoc-format": false,
+      "max-line-length": false,
+      "member-access": false,
+      "no-console": [false],
+      "no-consecutive-blank-lines": [true, 3],
+      "no-empty-interface": false,
+      "no-string-literal": false,
+      "object-literal-sort-keys": false,
+      "object-literal-key-quotes": false,
+      "object-literal-shorthand": false,
+      "trailing-comma": false,
+      "eofline": false,
+      "no-empty": false,
+      "align": false,
+      "no-trailing-whitespace": false,
+      "ordered-imports": false,
+      "quotemark": [true, "single", "avoid-escape", "avoid-template"],
+      "variable-name": [true, "ban-keywords", "check-format", "allow-leading-underscore", "allow-pascal-case"],
+      "interface-over-type-literal": false,
+      "no-var-requires": false
+    },
+    "jsRules": {}
+}

package/types/index.d.ts

@@ -0,0 +1,10 @@
+import IdentityProvider, { IdentityProvider as IdentityProviderInstance } from './src/entity-idp.js';
+import ServiceProvider, { ServiceProvider as ServiceProviderInstance } from './src/entity-sp.js';
+export { default as IdPMetadata } from './src/metadata-idp.js';
+export { default as SPMetadata } from './src/metadata-sp.js';
+export { default as Utility } from './src/utility.js';
+export { default as SamlLib } from './src/libsaml.js';
+import * as Constants from './src/urn.js';
+import * as Extractor from './src/extractor.js';
+import { setSchemaValidator, setDOMParserOptions } from './src/api.js';
+export { Constants, Extractor, IdentityProvider, IdentityProviderInstance, ServiceProvider, ServiceProviderInstance, setSchemaValidator, setDOMParserOptions };

package/types/src/api.d.ts

@@ -0,0 +1,13 @@
+import { DOMParser as dom, Options as DOMParserOptions } from '@xmldom/xmldom';
+interface Context extends ValidatorContext, DOMParserContext {
+}
+interface ValidatorContext {
+    validate?: (xml: string) => Promise<any>;
+}
+interface DOMParserContext {
+    dom: dom;
+}
+export declare function getContext(): Context;
+export declare function setSchemaValidator(params: ValidatorContext): void;
+export declare function setDOMParserOptions(options?: DOMParserOptions): void;
+export {};

package/types/src/binding-post.d.ts

@@ -0,0 +1,46 @@
+/**
+* @file binding-post.ts
+* @author tngan
+* @desc Binding-level API, declare the functions using POST binding
+*/
+import { BindingContext } from './entity.js';
+/**
+* @desc Generate a base64 encoded login request
+* @param  {string} referenceTagXPath           reference uri
+* @param  {object} entity                      object includes both idp and sp
+* @param  {function} customTagReplacement     used when developers have their own login response template
+*/
+declare function base64LoginRequest(referenceTagXPath: string, entity: any, customTagReplacement?: (template: string) => BindingContext): BindingContext;
+/**
+* @desc Generate a base64 encoded login response
+* @param  {object} requestInfo                 corresponding request, used to obtain the id
+* @param  {object} entity                      object includes both idp and sp
+* @param  {object} user                        current logged user (e.g. req.user)
+* @param  {function} customTagReplacement     used when developers have their own login response template
+* @param  {boolean}  encryptThenSign           whether or not to encrypt then sign first (if signing). Defaults to sign-then-encrypt
+*/
+declare function base64LoginResponse(requestInfo: any | undefined, entity: any, user?: any, customTagReplacement?: (template: string) => BindingContext, encryptThenSign?: boolean): Promise<BindingContext>;
+/**
+* @desc Generate a base64 encoded logout request
+* @param  {object} user                         current logged user (e.g. req.user)
+* @param  {string} referenceTagXPath            reference uri
+* @param  {object} entity                       object includes both idp and sp
+* @param  {function} customTagReplacement      used when developers have their own login response template
+* @return {string} base64 encoded request
+*/
+declare function base64LogoutRequest(user: any, referenceTagXPath: any, entity: any, customTagReplacement?: (template: string) => BindingContext): BindingContext;
+/**
+* @desc Generate a base64 encoded logout response
+* @param  {object} requestInfo                 corresponding request, used to obtain the id
+* @param  {string} referenceTagXPath           reference uri
+* @param  {object} entity                      object includes both idp and sp
+* @param  {function} customTagReplacement     used when developers have their own login response template
+*/
+declare function base64LogoutResponse(requestInfo: any, entity: any, customTagReplacement: (template: string) => BindingContext): BindingContext;
+declare const postBinding: {
+    base64LoginRequest: typeof base64LoginRequest;
+    base64LoginResponse: typeof base64LoginResponse;
+    base64LogoutRequest: typeof base64LogoutRequest;
+    base64LogoutResponse: typeof base64LogoutResponse;
+};
+export default postBinding;

package/types/src/binding-redirect.d.ts

@@ -0,0 +1,52 @@
+import { BindingContext } from './entity.js';
+import { IdentityProvider as Idp } from './entity-idp.js';
+import { ServiceProvider as Sp } from './entity-sp.js';
+export interface BuildRedirectConfig {
+    baseUrl: string;
+    type: string;
+    isSigned: boolean;
+    context: string;
+    entitySetting: any;
+    relayState?: string;
+}
+/**
+* @desc Redirect URL for login request
+* @param  {object} entity                       object includes both idp and sp
+* @param  {function} customTagReplacement      used when developers have their own login response template
+* @return {string} redirect URL
+*/
+declare function loginRequestRedirectURL(entity: {
+    idp: Idp;
+    sp: Sp;
+}, customTagReplacement?: (template: string) => BindingContext): BindingContext;
+/**
+* @desc Redirect URL for login response
+* @param  {object} requestInfo             corresponding request, used to obtain the id
+* @param  {object} entity                      object includes both idp and sp
+* @param  {object} user                         current logged user (e.g. req.user)
+* @param  {String} relayState                the relaystate sent by sp corresponding request
+* @param  {function} customTagReplacement     used when developers have their own login response template
+*/
+declare function loginResponseRedirectURL(requestInfo: any, entity: any, user?: any, relayState?: string, customTagReplacement?: (template: string) => BindingContext): BindingContext;
+/**
+* @desc Redirect URL for logout request
+* @param  {object} user                        current logged user (e.g. req.user)
+* @param  {object} entity                      object includes both idp and sp
+* @param  {function} customTagReplacement     used when developers have their own login response template
+* @return {string} redirect URL
+*/
+declare function logoutRequestRedirectURL(user: any, entity: any, relayState?: string, customTagReplacement?: (template: string, tags: object) => BindingContext): BindingContext;
+/**
+* @desc Redirect URL for logout response
+* @param  {object} requescorresponding request, used to obtain the id
+* @param  {object} entity                      object includes both idp and sp
+* @param  {function} customTagReplacement     used when developers have their own login response template
+*/
+declare function logoutResponseRedirectURL(requestInfo: any, entity: any, relayState?: string, customTagReplacement?: (template: string) => BindingContext): BindingContext;
+declare const redirectBinding: {
+    loginRequestRedirectURL: typeof loginRequestRedirectURL;
+    loginResponseRedirectURL: typeof loginResponseRedirectURL;
+    logoutRequestRedirectURL: typeof logoutRequestRedirectURL;
+    logoutResponseRedirectURL: typeof logoutResponseRedirectURL;
+};
+export default redirectBinding;

package/types/src/binding-simplesign.d.ts

@@ -0,0 +1,39 @@
+/**
+* @file binding-simplesign.ts
+* @author Orange
+* @desc Binding-level API, declare the functions using POST SimpleSign binding
+*/
+import { BindingContext, SimpleSignComputedContext } from './entity.js';
+export interface BuildSimpleSignConfig {
+    type: string;
+    context: string;
+    entitySetting: any;
+    relayState?: string;
+}
+export interface BindingSimpleSignContext {
+    id: string;
+    context: string;
+    signature: any;
+    sigAlg: string;
+}
+/**
+* @desc Generate a base64 encoded login request
+* @param  {string} referenceTagXPath           reference uri
+* @param  {object} entity                      object includes both idp and sp
+* @param  {function} customTagReplacement     used when developers have their own login response template
+*/
+declare function base64LoginRequest(entity: any, customTagReplacement?: (template: string) => BindingContext): SimpleSignComputedContext;
+/**
+* @desc Generate a base64 encoded login response
+* @param  {object} requestInfo                 corresponding request, used to obtain the id
+* @param  {object} entity                      object includes both idp and sp
+* @param  {object} user                        current logged user (e.g. req.user)
+* @param  {string}  relayState               the relay state
+* @param  {function} customTagReplacement     used when developers have their own login response template
+*/
+declare function base64LoginResponse(requestInfo: any | undefined, entity: any, user?: any, relayState?: string, customTagReplacement?: (template: string) => BindingContext): Promise<BindingSimpleSignContext>;
+declare const simpleSignBinding: {
+    base64LoginRequest: typeof base64LoginRequest;
+    base64LoginResponse: typeof base64LoginResponse;
+};
+export default simpleSignBinding;

package/types/src/entity-idp.d.ts

@@ -0,0 +1,42 @@
+/**
+* @file entity-idp.ts
+* @author tngan
+* @desc  Declares the actions taken by identity provider
+*/
+import Entity, { ESamlHttpRequest } from './entity.js';
+import { ServiceProviderConstructor as ServiceProvider, IdentityProviderMetadata, IdentityProviderSettings } from './types.js';
+import { FlowResult } from './flow.js';
+import { BindingContext } from './entity.js';
+/**
+ * Identity provider can be configured using either metadata importing or idpSetting
+ */
+export default function (props: IdentityProviderSettings): IdentityProvider;
+/**
+ * Identity provider can be configured using either metadata importing or idpSetting
+ */
+export declare class IdentityProvider extends Entity {
+    entityMeta: IdentityProviderMetadata;
+    constructor(idpSetting: IdentityProviderSettings);
+    /**
+    * @desc  Generates the login response for developers to design their own method
+    * @param  sp                        object of service provider
+    * @param  requestInfo               corresponding request, used to obtain the id
+    * @param  binding                   protocol binding
+    * @param  user                      current logged user (e.g. req.user)
+    * @param  customTagReplacement      used when developers have their own login response template
+    * @param  encryptThenSign           whether or not to encrypt then sign first (if signing)
+    * @param  relayState             the relayState from corresponding request
+    */
+    createLoginResponse(sp: ServiceProvider, requestInfo: {
+        [key: string]: any;
+    }, binding: string, user: {
+        [key: string]: any;
+    }, customTagReplacement?: (template: string) => BindingContext, encryptThenSign?: boolean, relayState?: string): Promise<any>;
+    /**
+     * Validation of the parsed URL parameters
+     * @param sp ServiceProvider instance
+     * @param binding Protocol binding
+     * @param req RequesmessageSigningOrderst
+     */
+    parseLoginRequest(sp: ServiceProvider, binding: string, req: ESamlHttpRequest): Promise<FlowResult>;
+}

package/types/src/entity-sp.d.ts

@@ -0,0 +1,36 @@
+/**
+* @file entity-sp.ts
+* @author tngan
+* @desc  Declares the actions taken by service provider
+*/
+import Entity, { BindingContext, PostBindingContext, ESamlHttpRequest, SimpleSignBindingContext } from './entity.js';
+import { IdentityProviderConstructor as IdentityProvider, ServiceProviderMetadata, ServiceProviderSettings } from './types.js';
+import { FlowResult } from './flow.js';
+export default function (props: ServiceProviderSettings): ServiceProvider;
+/**
+* @desc Service provider can be configured using either metadata importing or spSetting
+* @param  {object} spSettingimport { FlowResult } from '../types/src/flow.d';
+
+*/
+export declare class ServiceProvider extends Entity {
+    entityMeta: ServiceProviderMetadata;
+    /**
+    * @desc  Inherited from Entity
+    * @param {object} spSetting    setting of service provider
+    */
+    constructor(spSetting: ServiceProviderSettings);
+    /**
+    * @desc  Generates the login request for developers to design their own method
+    * @param  {IdentityProvider} idp               object of identity provider
+    * @param  {string}   binding                   protocol binding
+    * @param  {function} customTagReplacement     used when developers have their own login response template
+    */
+    createLoginRequest(idp: IdentityProvider, binding?: string, customTagReplacement?: (template: string) => BindingContext): BindingContext | PostBindingContext | SimpleSignBindingContext;
+    /**
+    * @desc   Validation of the parsed the URL parameters
+    * @param  {IdentityProvider}   idp             object of identity provider
+    * @param  {string}   binding                   protocol binding
+    * @param  {request}   req                      request
+    */
+    parseLoginResponse(idp: any, binding: any, request: ESamlHttpRequest): Promise<FlowResult>;
+}

package/types/src/entity.d.ts

@@ -0,0 +1,99 @@
+import { IdpMetadata as IdpMetadataConstructor } from './metadata-idp.js';
+import { SpMetadata as SpMetadataConstructor } from './metadata-sp.js';
+import { MetadataIdpConstructor, MetadataSpConstructor, EntitySetting } from './types.js';
+import { FlowResult } from './flow.js';
+export interface ESamlHttpRequest {
+    query?: any;
+    body?: any;
+    octetString?: string;
+}
+export interface BindingContext {
+    context: string;
+    id: string;
+}
+export interface PostBindingContext extends BindingContext {
+    relayState?: string;
+    entityEndpoint: string;
+    type: string;
+}
+export interface SimpleSignBindingContext extends PostBindingContext {
+    sigAlg?: string;
+    signature?: string;
+    keyInfo?: string;
+}
+export interface SimpleSignComputedContext extends BindingContext {
+    sigAlg?: string;
+    signature?: string;
+}
+export interface ParseResult {
+    samlContent: string;
+    extract: any;
+    sigAlg: string;
+}
+export type EntityConstructor = (MetadataIdpConstructor | MetadataSpConstructor) & {
+    metadata?: string | Buffer;
+};
+export default class Entity {
+    entitySetting: EntitySetting;
+    entityType: string;
+    entityMeta: IdpMetadataConstructor | SpMetadataConstructor;
+    /**
+    * @param entitySetting
+    * @param entityMeta is the entity metadata, deprecated after 2.0
+    */
+    constructor(entitySetting: EntityConstructor, entityType: 'idp' | 'sp');
+    /**
+    * @desc  Returns the setting of entity
+    * @return {object}
+    */
+    getEntitySetting(): EntitySetting;
+    /**
+    * @desc  Returns the xml string of entity metadata
+    * @return {string}
+    */
+    getMetadata(): string;
+    /**
+    * @desc  Exports the entity metadata into specified folder
+    * @param  {string} exportFile indicates the file name
+    */
+    exportMetadata(exportFile: string): void;
+    /** * @desc  Verify fields with the one specified in metadata
+    * @param  {string/[string]} field is a string or an array of string indicating the field value in SAML message
+    * @param  {string} metaField is a string indicating the same field specified in metadata
+    * @return {boolean} True/False
+    */
+    verifyFields(field: string | string[], metaField: string): boolean;
+    /** @desc   Generates the logout request for developers to design their own method
+    * @param  {ServiceProvider} sp     object of service provider
+    * @param  {string}   binding       protocol binding
+    * @param  {object}   user          current logged user (e.g. user)
+    * @param  {string} relayState      the URL to which to redirect the user when logout is complete
+    * @param  {function} customTagReplacement     used when developers have their own login response template
+    */
+    createLogoutRequest(targetEntity: any, binding: any, user: any, relayState?: string, customTagReplacement?: any): BindingContext | PostBindingContext;
+    /**
+    * @desc  Generates the logout response for developers to design their own method
+    * @param  {IdentityProvider} idp               object of identity provider
+    * @param  {object} requestInfo                 corresponding request, used to obtain the id
+    * @param  {string} relayState                  the URL to which to redirect the user when logout is complete.
+    * @param  {string} binding                     protocol binding
+    * @param  {function} customTagReplacement                 used when developers have their own login response template
+    */
+    createLogoutResponse(target: any, requestInfo: any, binding: any, relayState?: string, customTagReplacement?: any): BindingContext | PostBindingContext;
+    /**
+    * @desc   Validation of the parsed the URL parameters
+    * @param  {IdentityProvider}   idp             object of identity provider
+    * @param  {string}   binding                   protocol binding
+    * @param  {request}   req                      request
+    * @return {Promise}
+    */
+    parseLogoutRequest(from: any, binding: any, request: ESamlHttpRequest): Promise<FlowResult>;
+    /**
+    * @desc   Validation of the parsed the URL parameters
+    * @param  {object} config                      config for the parser
+    * @param  {string}   binding                   protocol binding
+    * @param  {request}   req                      request
+    * @return {Promise}
+    */
+    parseLogoutResponse(from: any, binding: any, request: ESamlHttpRequest): Promise<FlowResult>;
+}

package/types/src/extractor.d.ts

@@ -0,0 +1,25 @@
+interface ExtractorField {
+    key: string;
+    localPath: string[] | string[][];
+    attributes: string[];
+    index?: string[];
+    attributePath?: string[];
+    context?: boolean;
+}
+export type ExtractorFields = ExtractorField[];
+export declare const loginRequestFields: ExtractorFields;
+export declare const loginResponseStatusFields: {
+    key: string;
+    localPath: string[];
+    attributes: string[];
+}[];
+export declare const logoutResponseStatusFields: {
+    key: string;
+    localPath: string[];
+    attributes: string[];
+}[];
+export declare const loginResponseFields: ((assertion: any) => ExtractorFields);
+export declare const logoutRequestFields: ExtractorFields;
+export declare const logoutResponseFields: ExtractorFields;
+export declare function extract(context: string, fields: any): any;
+export {};

package/types/src/flow.d.ts

@@ -0,0 +1,6 @@
+export interface FlowResult {
+    samlContent: string;
+    extract: any;
+    sigAlg?: string | null;
+}
+export declare function flow(options: any): Promise<FlowResult>;

package/types/src/libsaml.d.ts

@@ -0,0 +1,210 @@
+/**
+* @file SamlLib.js
+* @author tngan
+* @desc  A simple library including some common functions
+*/
+import { MetadataInterface } from './metadata.js';
+export interface SignatureConstructor {
+    rawSamlMessage: string;
+    referenceTagXPath?: string;
+    privateKey: string;
+    privateKeyPass?: string;
+    signatureAlgorithm: string;
+    signingCert: string | Buffer;
+    isBase64Output?: boolean;
+    signatureConfig?: any;
+    isMessageSigned?: boolean;
+    transformationAlgorithms?: string[];
+}
+export interface SignatureVerifierOptions {
+    metadata?: MetadataInterface;
+    keyFile?: string;
+    signatureAlgorithm?: string;
+}
+export interface ExtractorResult {
+    [key: string]: any;
+    signature?: string | string[];
+    issuer?: string | string[];
+    nameID?: string;
+    notexist?: boolean;
+}
+export interface LoginResponseAttribute {
+    name: string;
+    nameFormat: string;
+    valueXsiType: string;
+    valueTag: string;
+    valueXmlnsXs?: string;
+    valueXmlnsXsi?: string;
+    type?: string | string[];
+}
+export interface LoginResponseAdditionalTemplates {
+    attributeStatementTemplate?: AttributeStatementTemplate;
+    attributeTemplate?: AttributeTemplate;
+}
+export interface BaseSamlTemplate {
+    context: string;
+}
+export interface LoginResponseTemplate extends BaseSamlTemplate {
+    attributes?: LoginResponseAttribute[];
+    additionalTemplates?: LoginResponseAdditionalTemplates;
+}
+export interface AttributeStatementTemplate extends BaseSamlTemplate {
+}
+export interface AttributeTemplate extends BaseSamlTemplate {
+}
+export interface LoginRequestTemplate extends BaseSamlTemplate {
+}
+export interface LogoutRequestTemplate extends BaseSamlTemplate {
+}
+export interface LogoutResponseTemplate extends BaseSamlTemplate {
+}
+export type KeyUse = 'signing' | 'encryption';
+export interface KeyComponent {
+    [key: string]: any;
+}
+export interface LibSamlInterface {
+    getQueryParamByType: (type: string) => string;
+    createXPath: (local: any, isExtractAll?: boolean) => string;
+    replaceTagsByValue: (rawXML: string, tagValues: any) => string;
+    attributeStatementBuilder: (attributes: LoginResponseAttribute[], attributeTemplate: AttributeTemplate, attributeStatementTemplate: AttributeStatementTemplate) => string;
+    constructSAMLSignature: (opts: SignatureConstructor) => string;
+    verifySignature: (xml: string, opts: SignatureVerifierOptions) => [boolean, any];
+    createKeySection: (use: KeyUse, cert: string | Buffer) => {};
+    constructMessageSignature: (octetString: string, key: string, passphrase?: string, isBase64?: boolean, signingAlgorithm?: string) => string;
+    verifyMessageSignature: (metadata: any, octetString: string, signature: string | Buffer, verifyAlgorithm?: string) => boolean;
+    getKeyInfo: (x509Certificate: string, signatureConfig?: any) => void;
+    encryptAssertion: (sourceEntity: any, targetEntity: any, entireXML: string) => Promise<string>;
+    decryptAssertion: (here: any, entireXML: string) => Promise<[string, any]>;
+    getSigningScheme: (sigAlg: string) => string | null;
+    getDigestMethod: (sigAlg: string) => string | null;
+    nrsaAliasMapping: any;
+    defaultLoginRequestTemplate: LoginRequestTemplate;
+    defaultLoginResponseTemplate: LoginResponseTemplate;
+    defaultAttributeStatementTemplate: AttributeStatementTemplate;
+    defaultAttributeTemplate: AttributeTemplate;
+    defaultLogoutRequestTemplate: LogoutRequestTemplate;
+    defaultLogoutResponseTemplate: LogoutResponseTemplate;
+}
+declare const _default: {
+    createXPath: (local: any, isExtractAll?: boolean) => string;
+    getQueryParamByType: (type: string) => "SAMLRequest" | "SAMLResponse";
+    defaultLoginRequestTemplate: {
+        context: string;
+    };
+    defaultLoginResponseTemplate: {
+        context: string;
+        attributes: never[];
+        additionalTemplates: {
+            attributeStatementTemplate: {
+                context: string;
+            };
+            attributeTemplate: {
+                context: string;
+            };
+        };
+    };
+    defaultAttributeStatementTemplate: {
+        context: string;
+    };
+    defaultAttributeTemplate: {
+        context: string;
+    };
+    defaultLogoutRequestTemplate: {
+        context: string;
+    };
+    defaultLogoutResponseTemplate: {
+        context: string;
+    };
+    /**
+    * @desc Replace the tag (e.g. {tag}) inside the raw XML
+    * @param  {string} rawXML      raw XML string used to do keyword replacement
+    * @param  {array} tagValues    tag values
+    * @return {string}
+    */
+    replaceTagsByValue(rawXML: string, tagValues: Record<string, unknown>): string;
+    /**
+    * @desc Helper function to build the AttributeStatement tag
+    * @param  {LoginResponseAttribute} attributes    an array of attribute configuration
+    * @param  {AttributeTemplate} attributeTemplate    the attribute tag template to be used
+    * @param  {AttributeStatementTemplate} attributeStatementTemplate    the attributeStatement tag template to be used
+    * @return {string}
+    */
+    attributeStatementBuilder(attributes: LoginResponseAttribute[], attributeTemplate?: AttributeTemplate, attributeStatementTemplate?: AttributeStatementTemplate): string;
+    /**
+    * @desc Construct the XML signature for POST binding
+    * @param  {string} rawSamlMessage      request/response xml string
+    * @param  {string} referenceTagXPath    reference uri
+    * @param  {string} privateKey           declares the private key
+    * @param  {string} passphrase           passphrase of the private key [optional]
+    * @param  {string|buffer} signingCert   signing certificate
+    * @param  {string} signatureAlgorithm   signature algorithm
+    * @param  {string[]} transformationAlgorithms   canonicalization and transformation Algorithms
+    * @return {string} base64 encoded string
+    */
+    constructSAMLSignature(opts: SignatureConstructor): string;
+    /**
+    * @desc Verify the XML signature
+    * @param  {string} xml xml
+    * @param  {SignatureVerifierOptions} opts cert declares the X509 certificate
+     * @return {[boolean, string | null]} - A tuple where:
+     *   - The first element is `true` if the signature is valid, `false` otherwise.
+     *   - The second element is the cryptographically authenticated assertion node as a string, or `null` if not found.
+     */
+    verifySignature(xml: string, opts: SignatureVerifierOptions): (string | boolean)[] | (boolean | null)[];
+    /**
+    * @desc Helper function to create the key section in metadata (abstraction for signing and encrypt use)
+    * @param  {string} use          type of certificate (e.g. signing, encrypt)
+    * @param  {string} certString    declares the certificate String
+    * @return {object} object used in xml module
+    */
+    createKeySection(use: KeyUse, certString: string | Buffer): KeyComponent;
+    /**
+    * @desc Constructs SAML message
+    * @param  {string} octetString               see "Bindings for the OASIS Security Assertion Markup Language (SAML V2.0)" P.17/46
+    * @param  {string} key                       declares the pem-formatted private key
+    * @param  {string} passphrase                passphrase of private key [optional]
+    * @param  {string} signingAlgorithm          signing algorithm
+    * @return {string} message signature
+    */
+    constructMessageSignature(octetString: string, key: string, passphrase?: string, isBase64?: boolean, signingAlgorithm?: string): string | Buffer<ArrayBufferLike>;
+    /**
+    * @desc Verifies message signature
+    * @param  {Metadata} metadata                 metadata object of identity provider or service provider
+    * @param  {string} octetString                see "Bindings for the OASIS Security Assertion Markup Language (SAML V2.0)" P.17/46
+    * @param  {string} signature                  context of XML signature
+    * @param  {string} verifyAlgorithm            algorithm used to verify
+    * @return {boolean} verification result
+    */
+    verifyMessageSignature(metadata: any, octetString: string, signature: string | Buffer, verifyAlgorithm?: string): boolean;
+    /**
+    * @desc Get the public key in string format
+    * @param  {string} x509Certificate certificate
+    * @return {string} public key
+    */
+    getKeyInfo(x509Certificate: string, signatureConfig?: any): {
+        getKeyInfo: () => string;
+        getKey: () => string;
+    };
+    /**
+    * @desc Encrypt the assertion section in Response
+    * @param  {Entity} sourceEntity             source entity
+    * @param  {Entity} targetEntity             target entity
+    * @param  {string} xml                      response in xml string format
+    * @return {Promise} a promise to resolve the finalized xml
+    */
+    encryptAssertion(sourceEntity: any, targetEntity: any, xml?: string): Promise<string>;
+    /**
+    * @desc Decrypt the assertion section in Response
+    * @param  {string} type             only accept SAMLResponse to proceed decryption
+    * @param  {Entity} here             this entity
+    * @param  {Entity} from             from the entity where the message is sent
+    * @param {string} entireXML         response in xml string format
+    * @return {function} a promise to get back the entire xml with decrypted assertion
+    */
+    decryptAssertion(here: any, entireXML: string): Promise<[string, any]>;
+    /**
+     * @desc Check if the xml string is valid and bounded
+     */
+    isValidXml(input: string): Promise<any>;
+};
+export default _default;

package/types/src/metadata-idp.d.ts

@@ -0,0 +1,24 @@
+/**
+* @file metadata-idp.ts
+* @author tngan
+* @desc  Metadata of identity provider
+*/
+import Metadata, { MetadataInterface } from './metadata.js';
+import { MetadataIdpConstructor } from './types.js';
+export interface IdpMetadataInterface extends MetadataInterface {
+}
+export default function (meta: MetadataIdpConstructor): IdpMetadata;
+export declare class IdpMetadata extends Metadata {
+    constructor(meta: MetadataIdpConstructor);
+    /**
+    * @desc Get the preference whether it wants a signed request
+    * @return {boolean} WantAuthnRequestsSigned
+    */
+    isWantAuthnRequestsSigned(): boolean;
+    /**
+    * @desc Get the entity endpoint for single sign on service
+    * @param  {string} binding      protocol binding (e.g. redirect, post)
+    * @return {string/object} location
+    */
+    getSingleSignOnService(binding: string): string | object;
+}