samlesa 2.12.3

package/types/src/metadata-sp.d.ts

@@ -0,0 +1,36 @@
+/**
+* @file metadata-sp.ts
+* @author tngan
+* @desc  Metadata of service provider
+*/
+import Metadata, { MetadataInterface } from './metadata.js';
+import { MetadataSpConstructor } from './types.js';
+export interface SpMetadataInterface extends MetadataInterface {
+}
+export default function (meta: MetadataSpConstructor): SpMetadata;
+/**
+* @desc SP Metadata is for creating Service Provider, provides a set of API to manage the actions in SP.
+*/
+export declare class SpMetadata extends Metadata {
+    /**
+    * @param  {object/string} meta (either xml string or configuration in object)
+    * @return {object} prototypes including public functions
+    */
+    constructor(meta: MetadataSpConstructor);
+    /**
+    * @desc Get the preference whether it wants a signed assertion response
+    * @return {boolean} Wantassertionssigned
+    */
+    isWantAssertionsSigned(): boolean;
+    /**
+    * @desc Get the preference whether it signs request
+    * @return {boolean} Authnrequestssigned
+    */
+    isAuthnRequestSigned(): boolean;
+    /**
+    * @desc Get the entity endpoint for assertion consumer service
+    * @param  {string} binding         protocol binding (e.g. redirect, post)
+    * @return {string/[string]} URL of endpoint(s)
+    */
+    getAssertionConsumerService(binding: string): string | string[];
+}

package/types/src/metadata.d.ts

@@ -0,0 +1,57 @@
+export interface MetadataInterface {
+    xmlString: string;
+    getMetadata: () => string;
+    exportMetadata: (exportFile: string) => void;
+    getEntityID: () => string;
+    getX509Certificate: (certType: string) => string | string[];
+    getNameIDFormat: () => any[];
+    getSingleLogoutService: (binding: string | undefined) => string | object;
+    getSupportBindings: (services: string[]) => string[];
+}
+export default class Metadata implements MetadataInterface {
+    xmlString: string;
+    meta: any;
+    /**
+    * @param  {string | Buffer} xml
+    * @param  {object} extraParse for custom metadata extractor
+    */
+    constructor(xml: string | Buffer, extraParse?: any);
+    /**
+    * @desc Get the metadata in xml format
+    * @return {string} metadata in xml format
+    */
+    getMetadata(): string;
+    /**
+    * @desc Export the metadata to specific file
+    * @param {string} exportFile is the output file path
+    */
+    exportMetadata(exportFile: string): void;
+    /**
+    * @desc Get the entityID in metadata
+    * @return {string} entityID
+    */
+    getEntityID(): string;
+    /**
+    * @desc Get the x509 certificate declared in entity metadata
+    * @param  {string} use declares the type of certificate
+    * @return {string} certificate in string format
+    */
+    getX509Certificate(use: string): any;
+    /**
+    * @desc Get the support NameID format declared in entity metadata
+    * @return {array} support NameID format
+    */
+    getNameIDFormat(): any;
+    /**
+    * @desc Get the entity endpoint for single logout service
+    * @param  {string} binding e.g. redirect, post
+    * @return {string/object} location
+    */
+    getSingleLogoutService(binding: string | undefined): string | object;
+    /**
+    * @desc Get the support bindings
+    * @param  {[string]} services
+    * @return {[string]} support bindings
+    */
+    getSupportBindings(services: string[]): string[];
+}

package/types/src/types.d.ts

@@ -0,0 +1,127 @@
+import { LoginResponseTemplate } from './libsaml.js';
+export { IdentityProvider as IdentityProviderConstructor } from './entity-idp.js';
+export { IdpMetadata as IdentityProviderMetadata } from './metadata-idp.js';
+export { ServiceProvider as ServiceProviderConstructor } from './entity-sp.js';
+export { SpMetadata as ServiceProviderMetadata } from './metadata-sp.js';
+export type MetadataFile = string | Buffer;
+type SSOService = {
+    isDefault?: boolean;
+    Binding: string;
+    Location: string;
+};
+export type ServiceName = {
+    value: string;
+    /** @description 语言标识符（如 en/zh-CN） */
+    lang?: string;
+};
+export type RequestedAttribute = {
+    name: string;
+    friendlyName?: string;
+    isRequired?: boolean;
+    nameFormat?: string;
+    attributeValue?: string[];
+};
+export type AttributeConsumingService = {
+    isDefault: boolean;
+    serviceName: ServiceName[];
+    serviceDescription: ServiceName[];
+    requestedAttributes: RequestedAttribute[];
+};
+export type AttrService = AttributeConsumingService[];
+export interface MetadataIdpOptions {
+    entityID?: string;
+    signingCert?: string | Buffer | (string | Buffer)[];
+    encryptCert?: string | Buffer | (string | Buffer)[];
+    wantAuthnRequestsSigned?: boolean;
+    nameIDFormat?: string[];
+    singleSignOnService?: SSOService[];
+    singleLogoutService?: SSOService[];
+    requestSignatureAlgorithm?: string;
+}
+export type MetadataIdpConstructor = MetadataIdpOptions | MetadataFile;
+export interface MetadataSpOptions {
+    entityID?: string;
+    signingCert?: string | Buffer | (string | Buffer)[];
+    encryptCert?: string | Buffer | (string | Buffer)[];
+    authnRequestsSigned?: boolean;
+    wantAssertionsSigned?: boolean;
+    wantMessageSigned?: boolean;
+    signatureConfig?: {
+        [key: string]: any;
+    };
+    nameIDFormat?: string[];
+    singleSignOnService?: SSOService[];
+    singleLogoutService?: SSOService[];
+    assertionConsumerService?: SSOService[];
+    attributeConsumingService?: AttributeConsumingService[];
+    elementsOrder?: string[];
+}
+export type MetadataSpConstructor = MetadataSpOptions | MetadataFile;
+export type EntitySetting = ServiceProviderSettings & IdentityProviderSettings;
+export interface SignatureConfig {
+    prefix?: string;
+    location?: {
+        reference?: string;
+        action?: 'append' | 'prepend' | 'before' | 'after';
+    };
+}
+export interface SAMLDocumentTemplate {
+    context?: string;
+}
+export type ServiceProviderSettings = {
+    metadata?: string | Buffer;
+    entityID?: string;
+    authnRequestsSigned?: boolean;
+    wantAssertionsSigned?: boolean;
+    wantMessageSigned?: boolean;
+    wantLogoutResponseSigned?: boolean;
+    wantLogoutRequestSigned?: boolean;
+    privateKey?: string | Buffer;
+    privateKeyPass?: string;
+    isAssertionEncrypted?: boolean;
+    requestSignatureAlgorithm?: string;
+    encPrivateKey?: string | Buffer;
+    encPrivateKeyPass?: string | Buffer;
+    assertionConsumerService?: SSOService[];
+    singleLogoutService?: SSOService[];
+    signatureConfig?: SignatureConfig;
+    loginRequestTemplate?: SAMLDocumentTemplate;
+    logoutRequestTemplate?: SAMLDocumentTemplate;
+    signingCert?: string | Buffer | (string | Buffer)[];
+    encryptCert?: string | Buffer | (string | Buffer)[];
+    transformationAlgorithms?: string[];
+    nameIDFormat?: string[];
+    allowCreate?: boolean;
+    relayState?: string;
+    clockDrifts?: [number, number];
+};
+export type IdentityProviderSettings = {
+    metadata?: string | Buffer;
+    /** signature algorithm */
+    requestSignatureAlgorithm?: string;
+    /** template of login response */
+    loginResponseTemplate?: LoginResponseTemplate;
+    /** template of logout request */
+    logoutRequestTemplate?: SAMLDocumentTemplate;
+    /** customized function used for generating request ID */
+    generateID?: () => string;
+    entityID?: string;
+    privateKey?: string | Buffer;
+    privateKeyPass?: string;
+    signingCert?: string | Buffer | (string | Buffer)[];
+    encryptCert?: string | Buffer | (string | Buffer)[];
+    nameIDFormat?: string[];
+    singleSignOnService?: SSOService[];
+    singleLogoutService?: SSOService[];
+    isAssertionEncrypted?: boolean;
+    encPrivateKey?: string | Buffer;
+    encPrivateKeyPass?: string;
+    messageSigningOrder?: string;
+    wantLogoutRequestSigned?: boolean;
+    wantLogoutResponseSigned?: boolean;
+    wantAuthnRequestsSigned?: boolean;
+    wantLogoutRequestSignedResponseSigned?: boolean;
+    tagPrefix?: {
+        [key: string]: string;
+    };
+};

package/types/src/urn.d.ts

@@ -0,0 +1,194 @@
+/**
+* @file urn.ts
+* @author tngan
+* @desc  Includes all keywords need in samlify
+*/
+export declare enum BindingNamespace {
+    Redirect = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect",
+    Post = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST",
+    SimpleSign = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign",
+    Artifact = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"
+}
+export declare enum MessageSignatureOrder {
+    STE = "sign-then-encrypt",
+    ETS = "encrypt-then-sign"
+}
+export declare enum StatusCode {
+    Success = "urn:oasis:names:tc:SAML:2.0:status:Success",
+    Requester = "urn:oasis:names:tc:SAML:2.0:status:Requester",
+    Responder = "urn:oasis:names:tc:SAML:2.0:status:Responder",
+    VersionMismatch = "urn:oasis:names:tc:SAML:2.0:status:VersionMismatch",
+    AuthFailed = "urn:oasis:names:tc:SAML:2.0:status:AuthnFailed",
+    InvalidAttrNameOrValue = "urn:oasis:names:tc:SAML:2.0:status:InvalidAttrNameOrValue",
+    InvalidNameIDPolicy = "urn:oasis:names:tc:SAML:2.0:status:InvalidNameIDPolicy",
+    NoAuthnContext = "urn:oasis:names:tc:SAML:2.0:status:NoAuthnContext",
+    NoAvailableIDP = "urn:oasis:names:tc:SAML:2.0:status:NoAvailableIDP",
+    NoPassive = "urn:oasis:names:tc:SAML:2.0:status:NoPassive",
+    NoSupportedIDP = "urn:oasis:names:tc:SAML:2.0:status:NoSupportedIDP",
+    PartialLogout = "urn:oasis:names:tc:SAML:2.0:status:PartialLogout",
+    ProxyCountExceeded = "urn:oasis:names:tc:SAML:2.0:status:ProxyCountExceeded",
+    RequestDenied = "urn:oasis:names:tc:SAML:2.0:status:RequestDenied",
+    RequestUnsupported = "urn:oasis:names:tc:SAML:2.0:status:RequestUnsupported",
+    RequestVersionDeprecated = "urn:oasis:names:tc:SAML:2.0:status:RequestVersionDeprecated",
+    RequestVersionTooHigh = "urn:oasis:names:tc:SAML:2.0:status:RequestVersionTooHigh",
+    RequestVersionTooLow = "urn:oasis:names:tc:SAML:2.0:status:RequestVersionTooLow",
+    ResourceNotRecognized = "urn:oasis:names:tc:SAML:2.0:status:ResourceNotRecognized",
+    TooManyResponses = "urn:oasis:names:tc:SAML:2.0:status:TooManyResponses",
+    UnknownAttrProfile = "urn:oasis:names:tc:SAML:2.0:status:UnknownAttrProfile",
+    UnknownPrincipal = "urn:oasis:names:tc:SAML:2.0:status:UnknownPrincipal",
+    UnsupportedBinding = "urn:oasis:names:tc:SAML:2.0:status:UnsupportedBinding"
+}
+declare const namespace: {
+    binding: {
+        redirect: string;
+        post: string;
+        simpleSign: string;
+        artifact: string;
+    };
+    names: {
+        protocol: string;
+        assertion: string;
+        metadata: string;
+        userLogout: string;
+        adminLogout: string;
+    };
+    authnContextClassRef: {
+        password: string;
+        passwordProtectedTransport: string;
+    };
+    format: {
+        emailAddress: string;
+        persistent: string;
+        transient: string;
+        entity: string;
+        unspecified: string;
+        kerberos: string;
+        windowsDomainQualifiedName: string;
+        x509SubjectName: string;
+    };
+    statusCode: {
+        success: string;
+        requester: string;
+        responder: string;
+        versionMismatch: string;
+        authFailed: string;
+        invalidAttrNameOrValue: string;
+        invalidNameIDPolicy: string;
+        noAuthnContext: string;
+        noAvailableIDP: string;
+        noPassive: string;
+        noSupportedIDP: string;
+        partialLogout: string;
+        proxyCountExceeded: string;
+        requestDenied: string;
+        requestUnsupported: string;
+        requestVersionDeprecated: string;
+        requestVersionTooHigh: string;
+        requestVersionTooLow: string;
+        resourceNotRecognized: string;
+        tooManyResponses: string;
+        unknownAttrProfile: string;
+        unknownPrincipal: string;
+        unsupportedBinding: string;
+    };
+};
+declare const tags: {
+    request: {
+        AllowCreate: string;
+        AssertionConsumerServiceURL: string;
+        AuthnContextClassRef: string;
+        AssertionID: string;
+        Audience: string;
+        AuthnStatement: string;
+        AttributeStatement: string;
+        ConditionsNotBefore: string;
+        ConditionsNotOnOrAfter: string;
+        Destination: string;
+        EntityID: string;
+        ID: string;
+        Issuer: string;
+        IssueInstant: string;
+        InResponseTo: string;
+        NameID: string;
+        NameIDFormat: string;
+        ProtocolBinding: string;
+        SessionIndex: string;
+        SubjectRecipient: string;
+        SubjectConfirmationDataNotOnOrAfter: string;
+        StatusCode: string;
+    };
+    xmlTag: {
+        loginRequest: string;
+        logoutRequest: string;
+        loginResponse: string;
+        logoutResponse: string;
+    };
+};
+declare const messageConfigurations: {
+    signingOrder: {
+        SIGN_THEN_ENCRYPT: string;
+        ENCRYPT_THEN_SIGN: string;
+    };
+};
+declare const algorithms: {
+    signature: {
+        RSA_SHA1: string;
+        RSA_SHA256: string;
+        RSA_SHA512: string;
+    };
+    encryption: {
+        data: {
+            AES_128: string;
+            AES_256: string;
+            AES_256_GCM: string;
+            TRI_DEC: string;
+            AES_128_GCM: string;
+        };
+        key: {
+            RSA_OAEP_MGF1P: string;
+            RSA_1_5: string;
+        };
+    };
+    digest: {
+        'http://www.w3.org/2000/09/xmldsig#rsa-sha1': string;
+        'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256': string;
+        'http://www.w3.org/2001/04/xmldsig-more#rsa-sha512': string;
+    };
+};
+export declare enum ParserType {
+    SAMLRequest = "SAMLRequest",
+    SAMLResponse = "SAMLResponse",
+    LogoutRequest = "LogoutRequest",
+    LogoutResponse = "LogoutResponse"
+}
+declare const wording: {
+    urlParams: {
+        samlRequest: string;
+        samlResponse: string;
+        logoutRequest: string;
+        logoutResponse: string;
+        sigAlg: string;
+        signature: string;
+        relayState: string;
+    };
+    binding: {
+        redirect: string;
+        post: string;
+        simpleSign: string;
+        artifact: string;
+    };
+    certUse: {
+        signing: string;
+        encrypt: string;
+    };
+    metadata: {
+        sp: string;
+        idp: string;
+    };
+};
+declare const elementsOrder: {
+    default: string[];
+    onelogin: string[];
+    shibboleth: string[];
+};
+export { namespace, tags, algorithms, wording, elementsOrder, messageConfigurations };

package/types/src/utility.d.ts

@@ -0,0 +1,134 @@
+/**
+ * @desc Mimic lodash.zipObject
+ * @param arr1 {string[]}
+ * @param arr2 {[]}
+ */
+export declare function zipObject(arr1: string[], arr2: any[], skipDuplicated?: boolean): {};
+/**
+ * @desc Alternative to lodash.flattenDeep
+ * @reference https://github.com/you-dont-need/You-Dont-Need-Lodash-Underscore#_flattendeep
+ * @param input {[]}
+ */
+export declare function flattenDeep(input: any[]): any;
+/**
+ * @desc Alternative to lodash.last
+ * @reference https://github.com/you-dont-need/You-Dont-Need-Lodash-Underscore#_last
+ * @param input {[]}
+ */
+export declare function last(input: any[]): any;
+/**
+ * @desc Alternative to lodash.uniq
+ * @reference https://github.com/you-dont-need/You-Dont-Need-Lodash-Underscore#_uniq
+ * @param input {string[]}
+ */
+export declare function uniq(input: string[]): string[];
+/**
+ * @desc Alternative to lodash.get
+ * @reference https://github.com/you-dont-need/You-Dont-Need-Lodash-Underscore#_get
+ * @param obj
+ * @param path
+ * @param defaultValue
+ */
+export declare function get(obj: any, path: any, defaultValue: any): any;
+/**
+ * @desc Check if the input is string
+ * @param {any} input
+ */
+export declare function isString(input: any): input is string;
+/**
+* @desc Encode string with base64 format
+* @param  {string} message                       plain-text message
+* @return {string} base64 encoded string
+*/
+declare function base64Encode(message: string | number[]): string;
+/**
+* @desc Decode string from base64 format
+* @param  {string} base64Message                 encoded string
+* @param  {boolean} isBytes                      determine the return value type (True: bytes False: string)
+* @return {bytes/string}  decoded bytes/string depends on isBytes, default is {string}
+*/
+export declare function base64Decode(base64Message: string, isBytes?: boolean): string | Buffer;
+/**
+* @desc Compress the string
+* @param  {string} message
+* @return {string} compressed string
+*/
+declare function deflateString(message: string): number[];
+/**
+* @desc Decompress the compressed string
+* @param  {string} compressedString
+* @return {string} decompressed string
+*/
+export declare function inflateString(compressedString: string): string;
+/**
+* @desc Parse the .cer to string format without line break, header and footer
+* @param  {string} certString     declares the certificate contents
+* @return {string} certificiate in string format
+*/
+declare function normalizeCerString(certString: string | Buffer): string;
+/**
+* @desc Normalize the string in .pem format without line break, header and footer
+* @param  {string} pemString
+* @return {string} private key in string format
+*/
+declare function normalizePemString(pemString: string | Buffer): string;
+/**
+* @desc Return the complete URL
+* @param  {object} req                   HTTP request
+* @return {string} URL
+*/
+declare function getFullURL(req: any): string;
+/**
+* @desc Parse input string, return default value if it is undefined
+* @param  {string/boolean}
+* @return {boolean}
+*/
+declare function parseString(str: any, defaultValue?: string): any;
+/**
+* @desc Override the object by another object (rtl)
+* @param  {object} default object
+* @param  {object} object applied to the default object
+* @return {object} result object
+*/
+declare function applyDefault(obj1: any, obj2: any): any;
+/**
+* @desc Get public key in pem format from the certificate included in the metadata
+* @param {string} x509 certificate
+* @return {string} public key fetched from the certificate
+*/
+declare function getPublicKeyPemFromCertificate(x509CertificateString: string): string;
+/**
+* @desc Read private key from pem-formatted string
+* @param {string | Buffer} keyString pem-formatted string
+* @param {string} protected passphrase of the key
+* @return {string} string in pem format
+* If passphrase is used to protect the .pem content (recommend)
+*/
+export declare function readPrivateKey(keyString: string | Buffer, passphrase: string | undefined, isOutputString?: boolean): any;
+/**
+* @desc Inline syntax sugar
+*/
+declare function convertToString(input: any, isOutputString: any): any;
+/**
+ * @desc Check if the input is an array with non-zero size
+ */
+export declare function isNonEmptyArray(a: any): boolean;
+export declare function castArrayOpt<T>(a?: T | T[]): T[];
+export declare function notEmpty<TValue>(value: TValue | null | undefined): value is TValue;
+declare const utility: {
+    isString: typeof isString;
+    base64Encode: typeof base64Encode;
+    base64Decode: typeof base64Decode;
+    deflateString: typeof deflateString;
+    inflateString: typeof inflateString;
+    normalizeCerString: typeof normalizeCerString;
+    normalizePemString: typeof normalizePemString;
+    getFullURL: typeof getFullURL;
+    parseString: typeof parseString;
+    applyDefault: typeof applyDefault;
+    getPublicKeyPemFromCertificate: typeof getPublicKeyPemFromCertificate;
+    readPrivateKey: typeof readPrivateKey;
+    convertToString: typeof convertToString;
+    isNonEmptyArray: typeof isNonEmptyArray;
+};
+export default utility;

package/types/src/validator.d.ts

@@ -0,0 +1,3 @@
+type DriftTolerance = [number, number];
+declare function verifyTime(utcNotBefore: string | undefined, utcNotOnOrAfter: string | undefined, drift?: DriftTolerance): boolean;
+export { verifyTime };

package/types.d.ts

@@ -0,0 +1,2 @@
+export * from './index'
+export * from './src/types'