samlesa 2.12.3

package/build/src/entity-idp.js

@@ -0,0 +1,131 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.IdentityProvider = void 0;
+exports.default = default_1;
+/**
+* @file entity-idp.ts
+* @author tngan
+* @desc  Declares the actions taken by identity provider
+*/
+const entity_js_1 = __importDefault(require("./entity.js"));
+const libsaml_js_1 = __importDefault(require("./libsaml.js"));
+const urn_js_1 = require("./urn.js");
+const binding_post_js_1 = __importDefault(require("./binding-post.js"));
+const binding_redirect_js_1 = __importDefault(require("./binding-redirect.js"));
+const binding_simplesign_js_1 = __importDefault(require("./binding-simplesign.js"));
+const flow_js_1 = require("./flow.js");
+const utility_js_1 = require("./utility.js");
+/**
+ * Identity provider can be configured using either metadata importing or idpSetting
+ */
+function default_1(props) {
+    return new IdentityProvider(props);
+}
+/**
+ * Identity provider can be configured using either metadata importing or idpSetting
+ */
+class IdentityProvider extends entity_js_1.default {
+    constructor(idpSetting) {
+        const defaultIdpEntitySetting = {
+            wantAuthnRequestsSigned: false,
+            tagPrefix: {
+                encryptedAssertion: 'saml',
+            },
+        };
+        const entitySetting = Object.assign(defaultIdpEntitySetting, idpSetting);
+        // build attribute part
+        if (idpSetting.loginResponseTemplate) {
+            if ((0, utility_js_1.isString)(idpSetting.loginResponseTemplate.context) && Array.isArray(idpSetting.loginResponseTemplate.attributes)) {
+                let attributeStatementTemplate;
+                let attributeTemplate;
+                if (!idpSetting.loginResponseTemplate.additionalTemplates || !idpSetting.loginResponseTemplate.additionalTemplates.attributeStatementTemplate) {
+                    attributeStatementTemplate = libsaml_js_1.default.defaultAttributeStatementTemplate;
+                }
+                else {
+                    attributeStatementTemplate = idpSetting.loginResponseTemplate.additionalTemplates.attributeStatementTemplate;
+                }
+                if (!idpSetting.loginResponseTemplate.additionalTemplates || !idpSetting.loginResponseTemplate.additionalTemplates.attributeTemplate) {
+                    attributeTemplate = libsaml_js_1.default.defaultAttributeTemplate;
+                }
+                else {
+                    attributeTemplate = idpSetting.loginResponseTemplate.additionalTemplates.attributeTemplate;
+                }
+                const replacement = {
+                    AttributeStatement: libsaml_js_1.default.attributeStatementBuilder(idpSetting.loginResponseTemplate.attributes, attributeTemplate, attributeStatementTemplate),
+                };
+                entitySetting.loginResponseTemplate = {
+                    ...entitySetting.loginResponseTemplate,
+                    context: libsaml_js_1.default.replaceTagsByValue(entitySetting.loginResponseTemplate.context, replacement),
+                };
+            }
+            else {
+                console.warn('Invalid login response template');
+            }
+        }
+        super(entitySetting, 'idp');
+    }
+    /**
+    * @desc  Generates the login response for developers to design their own method
+    * @param  sp                        object of service provider
+    * @param  requestInfo               corresponding request, used to obtain the id
+    * @param  binding                   protocol binding
+    * @param  user                      current logged user (e.g. req.user)
+    * @param  customTagReplacement      used when developers have their own login response template
+    * @param  encryptThenSign           whether or not to encrypt then sign first (if signing)
+    * @param  relayState             the relayState from corresponding request
+    */
+    async createLoginResponse(sp, requestInfo, binding, user, customTagReplacement, encryptThenSign, relayState) {
+        const protocol = urn_js_1.namespace.binding[binding];
+        // can support post, redirect and post simple sign bindings for login response
+        let context = null;
+        switch (protocol) {
+            case urn_js_1.namespace.binding.post:
+                context = await binding_post_js_1.default.base64LoginResponse(requestInfo, {
+                    idp: this,
+                    sp,
+                }, user, customTagReplacement, encryptThenSign);
+                break;
+            case urn_js_1.namespace.binding.simpleSign:
+                context = await binding_simplesign_js_1.default.base64LoginResponse(requestInfo, {
+                    idp: this, sp,
+                }, user, relayState, customTagReplacement);
+                break;
+            case urn_js_1.namespace.binding.redirect:
+                return binding_redirect_js_1.default.loginResponseRedirectURL(requestInfo, {
+                    idp: this,
+                    sp,
+                }, user, relayState, customTagReplacement);
+            default:
+                throw new Error('ERR_CREATE_RESPONSE_UNDEFINED_BINDING');
+        }
+        return {
+            ...context,
+            relayState,
+            entityEndpoint: sp.entityMeta.getAssertionConsumerService(binding),
+            type: 'SAMLResponse'
+        };
+    }
+    /**
+     * Validation of the parsed URL parameters
+     * @param sp ServiceProvider instance
+     * @param binding Protocol binding
+     * @param req RequesmessageSigningOrderst
+     */
+    parseLoginRequest(sp, binding, req) {
+        const self = this;
+        return (0, flow_js_1.flow)({
+            from: sp,
+            self: self,
+            checkSignature: self.entityMeta.isWantAuthnRequestsSigned(),
+            parserType: 'SAMLRequest',
+            type: 'login',
+            binding: binding,
+            request: req
+        });
+    }
+}
+exports.IdentityProvider = IdentityProvider;
+//# sourceMappingURL=entity-idp.js.map

package/build/src/entity-idp.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"entity-idp.js","sourceRoot":"","sources":["../../src/entity-idp.ts"],"names":[],"mappings":";;;;;;AAwBA,4BAEC;AA1BD;;;;EAIE;AACF,4DAAuD;AAOvD,8DAAmC;AACnC,qCAAqC;AACrC,wEAA4C;AAC5C,gFAAoD;AACpD,oFAAwD;AACxD,uCAA8C;AAC9C,6CAAwC;AAGxC;;GAEG;AACH,mBAAwB,KAA+B;IACrD,OAAO,IAAI,gBAAgB,CAAC,KAAK,CAAC,CAAC;AACrC,CAAC;AAED;;GAEG;AACH,MAAa,gBAAiB,SAAQ,mBAAM;IAI1C,YAAY,UAAoC;QAC9C,MAAM,uBAAuB,GAAG;YAC9B,uBAAuB,EAAE,KAAK;YAC9B,SAAS,EAAE;gBACT,kBAAkB,EAAE,MAAM;aAC3B;SACF,CAAC;QACF,MAAM,aAAa,GAAG,MAAM,CAAC,MAAM,CAAC,uBAAuB,EAAE,UAAU,CAAC,CAAC;QACzE,uBAAuB;QACvB,IAAI,UAAU,CAAC,qBAAqB,EAAE,CAAC;YACrC,IAAI,IAAA,qBAAQ,EAAC,UAAU,CAAC,qBAAqB,CAAC,OAAO,CAAC,IAAI,KAAK,CAAC,OAAO,CAAC,UAAU,CAAC,qBAAqB,CAAC,UAAU,CAAC,EAAE,CAAC;gBACrH,IAAI,0BAA0B,CAAC;gBAC/B,IAAI,iBAAiB,CAAC;gBACtB,IAAI,CAAC,UAAU,CAAC,qBAAqB,CAAC,mBAAmB,IAAI,CAAC,UAAU,CAAC,qBAAqB,CAAC,mBAAoB,CAAC,0BAA0B,EAAE,CAAC;oBAC/I,0BAA0B,GAAG,oBAAO,CAAC,iCAAiC,CAAC;gBACzE,CAAC;qBAAM,CAAC;oBACN,0BAA0B,GAAG,UAAU,CAAC,qBAAqB,CAAC,mBAAoB,CAAC,0BAA2B,CAAC;gBACjH,CAAC;gBACD,IAAI,CAAC,UAAU,CAAC,qBAAqB,CAAC,mBAAmB,IAAI,CAAC,UAAU,CAAC,qBAAqB,CAAC,mBAAoB,CAAC,iBAAiB,EAAE,CAAC;oBACtI,iBAAiB,GAAG,oBAAO,CAAC,wBAAwB,CAAC;gBACvD,CAAC;qBAAM,CAAC;oBACN,iBAAiB,GAAG,UAAU,CAAC,qBAAqB,CAAC,mBAAoB,CAAC,iBAAkB,CAAC;gBAC/F,CAAC;gBACD,MAAM,WAAW,GAAG;oBAClB,kBAAkB,EAAE,oBAAO,CAAC,yBAAyB,CAAC,UAAU,CAAC,qBAAqB,CAAC,UAAU,EAAE,iBAAiB,EAAE,0BAA0B,CAAC;iBAClJ,CAAC;gBACF,aAAa,CAAC,qBAAqB,GAAG;oBACpC,GAAG,aAAa,CAAC,qBAAqB;oBACtC,OAAO,EAAE,oBAAO,CAAC,kBAAkB,CAAC,aAAa,CAAC,qBAAsB,CAAC,OAAO,EAAE,WAAW,CAAC;iBAC/F,CAAC;YACJ,CAAC;iBAAM,CAAC;gBACN,OAAO,CAAC,IAAI,CAAC,iCAAiC,CAAC,CAAC;YAClD,CAAC;QACH,CAAC;QACD,KAAK,CAAC,aAAa,EAAE,KAAK,CAAC,CAAC;IAC9B,CAAC;IAED;;;;;;;;;MASE;IACK,KAAK,CAAC,mBAAmB,CAC9B,EAAmB,EACnB,WAAmC,EACnC,OAAe,EACf,IAA4B,EAC5B,oBAA2D,EAC3D,eAAyB,EACzB,UAAmB;QAEnB,MAAM,QAAQ,GAAG,kBAAS,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC5C,8EAA8E;QAC9E,IAAI,OAAO,GAAQ,IAAI,CAAC;QACxB,QAAQ,QAAQ,EAAE,CAAC;YACjB,KAAK,kBAAS,CAAC,OAAO,CAAC,IAAI;gBACzB,OAAO,GAAG,MAAM,yBAAW,CAAC,mBAAmB,CAAC,WAAW,EAAE;oBAC3D,GAAG,EAAE,IAAI;oBACT,EAAE;iBACH,EAAE,IAAI,EAAE,oBAAoB,EAAE,eAAe,CAAC,CAAC;gBAChD,MAAM;YAER,KAAK,kBAAS,CAAC,OAAO,CAAC,UAAU;gBAC/B,OAAO,GAAG,MAAM,+BAAiB,CAAC,mBAAmB,CAAE,WAAW,EAAE;oBAClE,GAAG,EAAE,IAAI,EAAE,EAAE;iBACd,EAAE,IAAI,EAAE,UAAU,EAAE,oBAAoB,CAAC,CAAC;gBAC3C,MAAM;YAER,KAAK,kBAAS,CAAC,OAAO,CAAC,QAAQ;gBAC7B,OAAO,6BAAe,CAAC,wBAAwB,CAAC,WAAW,EAAE;oBAC3D,GAAG,EAAE,IAAI;oBACT,EAAE;iBACH,EAAE,IAAI,EAAE,UAAU,EAAE,oBAAoB,CAAC,CAAC;YAE7C;gBACE,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;QAC7D,CAAC;QAED,OAAO;YACL,GAAG,OAAO;YACV,UAAU;YACV,cAAc,EAAG,EAAE,CAAC,UAAsC,CAAC,2BAA2B,CAAC,OAAO,CAAW;YACzG,IAAI,EAAE,cAAc;SACrB,CAAC;IACJ,CAAC;IAED;;;;;OAKG;IACH,iBAAiB,CAAC,EAAmB,EAAE,OAAe,EAAE,GAAqB;QAC3E,MAAM,IAAI,GAAG,IAAI,CAAC;QAClB,OAAO,IAAA,cAAI,EAAC;YACV,IAAI,EAAE,EAAE;YACR,IAAI,EAAE,IAAI;YACV,cAAc,EAAE,IAAI,CAAC,UAAU,CAAC,yBAAyB,EAAE;YAC3D,UAAU,EAAE,aAAa;YACzB,IAAI,EAAE,OAAO;YACb,OAAO,EAAE,OAAO;YAChB,OAAO,EAAE,GAAG;SACb,CAAC,CAAC;IACL,CAAC;CACF;AAjHD,4CAiHC"}

package/build/src/entity-sp.js

@@ -0,0 +1,97 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ServiceProvider = void 0;
+exports.default = default_1;
+/**
+* @file entity-sp.ts
+* @author tngan
+* @desc  Declares the actions taken by service provider
+*/
+const entity_js_1 = __importDefault(require("./entity.js"));
+const urn_js_1 = require("./urn.js");
+const binding_redirect_js_1 = __importDefault(require("./binding-redirect.js"));
+const binding_post_js_1 = __importDefault(require("./binding-post.js"));
+const binding_simplesign_js_1 = __importDefault(require("./binding-simplesign.js"));
+const flow_js_1 = require("./flow.js");
+/*
+ * @desc interface function
+ */
+function default_1(props) {
+    return new ServiceProvider(props);
+}
+/**
+* @desc Service provider can be configured using either metadata importing or spSetting
+* @param  {object} spSettingimport { FlowResult } from '../types/src/flow.d';
+
+*/
+class ServiceProvider extends entity_js_1.default {
+    /**
+    * @desc  Inherited from Entity
+    * @param {object} spSetting    setting of service provider
+    */
+    constructor(spSetting) {
+        const entitySetting = Object.assign({
+            authnRequestsSigned: false,
+            wantAssertionsSigned: false,
+            wantMessageSigned: false,
+        }, spSetting);
+        super(entitySetting, 'sp');
+    }
+    /**
+    * @desc  Generates the login request for developers to design their own method
+    * @param  {IdentityProvider} idp               object of identity provider
+    * @param  {string}   binding                   protocol binding
+    * @param  {function} customTagReplacement     used when developers have their own login response template
+    */
+    createLoginRequest(idp, binding = 'redirect', customTagReplacement) {
+        const nsBinding = urn_js_1.namespace.binding;
+        const protocol = nsBinding[binding];
+        if (this.entityMeta.isAuthnRequestSigned() !== idp.entityMeta.isWantAuthnRequestsSigned()) {
+            throw new Error('ERR_METADATA_CONFLICT_REQUEST_SIGNED_FLAG');
+        }
+        let context = null;
+        switch (protocol) {
+            case nsBinding.redirect:
+                return binding_redirect_js_1.default.loginRequestRedirectURL({ idp, sp: this }, customTagReplacement);
+            case nsBinding.post:
+                context = binding_post_js_1.default.base64LoginRequest("/*[local-name(.)='AuthnRequest']", { idp, sp: this }, customTagReplacement);
+                break;
+            case nsBinding.simpleSign:
+                // Object context = {id, context, signature, sigAlg}
+                context = binding_simplesign_js_1.default.base64LoginRequest({ idp, sp: this }, customTagReplacement);
+                break;
+            default:
+                // Will support artifact in the next release
+                throw new Error('ERR_SP_LOGIN_REQUEST_UNDEFINED_BINDING');
+        }
+        return {
+            ...context,
+            relayState: this.entitySetting.relayState,
+            entityEndpoint: idp.entityMeta.getSingleSignOnService(binding),
+            type: 'SAMLRequest',
+        };
+    }
+    /**
+    * @desc   Validation of the parsed the URL parameters
+    * @param  {IdentityProvider}   idp             object of identity provider
+    * @param  {string}   binding                   protocol binding
+    * @param  {request}   req                      request
+    */
+    parseLoginResponse(idp, binding, request) {
+        const self = this;
+        return (0, flow_js_1.flow)({
+            from: idp,
+            self: self,
+            checkSignature: true, // saml response must have signature
+            parserType: 'SAMLResponse',
+            type: 'login',
+            binding: binding,
+            request: request
+        });
+    }
+}
+exports.ServiceProvider = ServiceProvider;
+//# sourceMappingURL=entity-sp.js.map

package/build/src/entity-sp.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"entity-sp.js","sourceRoot":"","sources":["../../src/entity-sp.ts"],"names":[],"mappings":";;;;;;AAyBA,4BAEC;AA3BD;;;;EAIE;AACF,4DAKqB;AAMrB,qCAAqC;AACrC,gFAAoD;AACpD,wEAA4C;AAC5C,oFAAwD;AACxD,uCAA8C;AAE9C;;GAEG;AACH,mBAAwB,KAA8B;IACpD,OAAO,IAAI,eAAe,CAAC,KAAK,CAAC,CAAC;AACpC,CAAC;AAED;;;;EAIE;AACF,MAAa,eAAgB,SAAQ,mBAAM;IAGzC;;;MAGE;IACF,YAAY,SAAkC;QAC5C,MAAM,aAAa,GAAG,MAAM,CAAC,MAAM,CAAC;YAClC,mBAAmB,EAAE,KAAK;YAC1B,oBAAoB,EAAE,KAAK;YAC3B,iBAAiB,EAAE,KAAK;SACzB,EAAE,SAAS,CAAC,CAAC;QACd,KAAK,CAAC,aAAa,EAAE,IAAI,CAAC,CAAC;IAC7B,CAAC;IAED;;;;;MAKE;IACK,kBAAkB,CACvB,GAAqB,EACrB,OAAO,GAAG,UAAU,EACpB,oBAA2D;QAE3D,MAAM,SAAS,GAAG,kBAAS,CAAC,OAAO,CAAC;QACpC,MAAM,QAAQ,GAAG,SAAS,CAAC,OAAO,CAAC,CAAC;QACpC,IAAI,IAAI,CAAC,UAAU,CAAC,oBAAoB,EAAE,KAAK,GAAG,CAAC,UAAU,CAAC,yBAAyB,EAAE,EAAE,CAAC;YAC1F,MAAM,IAAI,KAAK,CAAC,2CAA2C,CAAC,CAAC;QAC/D,CAAC;QAED,IAAI,OAAO,GAAQ,IAAI,CAAC;QACxB,QAAQ,QAAQ,EAAE,CAAC;YACjB,KAAK,SAAS,CAAC,QAAQ;gBACrB,OAAO,6BAAe,CAAC,uBAAuB,CAAC,EAAE,GAAG,EAAE,EAAE,EAAE,IAAI,EAAE,EAAE,oBAAoB,CAAC,CAAC;YAE1F,KAAK,SAAS,CAAC,IAAI;gBACjB,OAAO,GAAG,yBAAW,CAAC,kBAAkB,CAAC,kCAAkC,EAAE,EAAE,GAAG,EAAE,EAAE,EAAE,IAAI,EAAE,EAAE,oBAAoB,CAAC,CAAC;gBACtH,MAAM;YAER,KAAK,SAAS,CAAC,UAAU;gBACvB,oDAAoD;gBACpD,OAAO,GAAG,+BAAiB,CAAC,kBAAkB,CAAE,EAAE,GAAG,EAAE,EAAE,EAAE,IAAI,EAAE,EAAE,oBAAoB,CAAC,CAAC;gBACzF,MAAM;YAER;gBACE,4CAA4C;gBAC5C,MAAM,IAAI,KAAK,CAAC,wCAAwC,CAAC,CAAC;QAC9D,CAAC;QAED,OAAO;YACL,GAAG,OAAO;YACV,UAAU,EAAE,IAAI,CAAC,aAAa,CAAC,UAAU;YACzC,cAAc,EAAE,GAAG,CAAC,UAAU,CAAC,sBAAsB,CAAC,OAAO,CAAW;YACxE,IAAI,EAAE,aAAa;SACpB,CAAC;IACJ,CAAC;IAED;;;;;MAKE;IACK,kBAAkB,CAAC,GAAG,EAAE,OAAO,EAAE,OAAyB;QAC/D,MAAM,IAAI,GAAG,IAAI,CAAC;QAClB,OAAO,IAAA,cAAI,EAAC;YACV,IAAI,EAAE,GAAG;YACT,IAAI,EAAE,IAAI;YACV,cAAc,EAAE,IAAI,EAAE,oCAAoC;YAC1D,UAAU,EAAE,cAAc;YAC1B,IAAI,EAAE,OAAO;YACb,OAAO,EAAE,OAAO;YAChB,OAAO,EAAE,OAAO;SACjB,CAAC,CAAC;IACL,CAAC;CAEF;AA/ED,0CA+EC"}

package/build/src/entity.js

@@ -0,0 +1,236 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+/**
+* @file entity.ts
+* @author tngan
+* @desc  An abstraction for identity provider and service provider.
+*/
+const utility_js_1 = require("./utility.js");
+const urn_js_1 = require("./urn.js");
+const uuid = __importStar(require("uuid"));
+const metadata_idp_js_1 = __importDefault(require("./metadata-idp.js"));
+const metadata_sp_js_1 = __importDefault(require("./metadata-sp.js"));
+const binding_redirect_js_1 = __importDefault(require("./binding-redirect.js"));
+const binding_post_js_1 = __importDefault(require("./binding-post.js"));
+const flow_js_1 = require("./flow.js");
+const dataEncryptionAlgorithm = urn_js_1.algorithms.encryption.data;
+const keyEncryptionAlgorithm = urn_js_1.algorithms.encryption.key;
+const signatureAlgorithms = urn_js_1.algorithms.signature;
+const messageSigningOrders = urn_js_1.messageConfigurations.signingOrder;
+const defaultEntitySetting = {
+    wantLogoutResponseSigned: false,
+    messageSigningOrder: messageSigningOrders.SIGN_THEN_ENCRYPT,
+    wantLogoutRequestSigned: false,
+    allowCreate: false,
+    isAssertionEncrypted: false,
+    requestSignatureAlgorithm: signatureAlgorithms.RSA_SHA512,
+    dataEncryptionAlgorithm: dataEncryptionAlgorithm.AES_256_GCM,
+    keyEncryptionAlgorithm: keyEncryptionAlgorithm.RSA_OAEP_MGF1P,
+    generateID: () => ('_' + uuid.v4()),
+    relayState: '',
+};
+class Entity {
+    entitySetting;
+    entityType;
+    entityMeta;
+    /**
+    * @param entitySetting
+    * @param entityMeta is the entity metadata, deprecated after 2.0
+    */
+    constructor(entitySetting, entityType) {
+        this.entitySetting = Object.assign({}, defaultEntitySetting, entitySetting);
+        const metadata = entitySetting.metadata || entitySetting;
+        switch (entityType) {
+            case 'idp':
+                this.entityMeta = (0, metadata_idp_js_1.default)(metadata);
+                // setting with metadata has higher precedence
+                this.entitySetting.wantAuthnRequestsSigned = this.entityMeta.isWantAuthnRequestsSigned();
+                this.entitySetting.nameIDFormat = this.entityMeta.getNameIDFormat() || this.entitySetting.nameIDFormat;
+                break;
+            case 'sp':
+                this.entityMeta = (0, metadata_sp_js_1.default)(metadata);
+                // setting with metadata has higher precedence
+                this.entitySetting.authnRequestsSigned = this.entityMeta.isAuthnRequestSigned();
+                this.entitySetting.wantAssertionsSigned = this.entityMeta.isWantAssertionsSigned();
+                this.entitySetting.nameIDFormat = this.entityMeta.getNameIDFormat() || this.entitySetting.nameIDFormat;
+                break;
+            default:
+                throw new Error('ERR_UNDEFINED_ENTITY_TYPE');
+        }
+    }
+    /**
+    * @desc  Returns the setting of entity
+    * @return {object}
+    */
+    getEntitySetting() {
+        return this.entitySetting;
+    }
+    /**
+    * @desc  Returns the xml string of entity metadata
+    * @return {string}
+    */
+    getMetadata() {
+        return this.entityMeta.getMetadata();
+    }
+    /**
+    * @desc  Exports the entity metadata into specified folder
+    * @param  {string} exportFile indicates the file name
+    */
+    exportMetadata(exportFile) {
+        return this.entityMeta.exportMetadata(exportFile);
+    }
+    /** * @desc  Verify fields with the one specified in metadata
+    * @param  {string/[string]} field is a string or an array of string indicating the field value in SAML message
+    * @param  {string} metaField is a string indicating the same field specified in metadata
+    * @return {boolean} True/False
+    */
+    verifyFields(field, metaField) {
+        if ((0, utility_js_1.isString)(field)) {
+            return field === metaField;
+        }
+        if ((0, utility_js_1.isNonEmptyArray)(field)) {
+            let res = true;
+            field.forEach(f => {
+                if (f !== metaField) {
+                    res = false;
+                    return;
+                }
+            });
+            return res;
+        }
+        return false;
+    }
+    /** @desc   Generates the logout request for developers to design their own method
+    * @param  {ServiceProvider} sp     object of service provider
+    * @param  {string}   binding       protocol binding
+    * @param  {object}   user          current logged user (e.g. user)
+    * @param  {string} relayState      the URL to which to redirect the user when logout is complete
+    * @param  {function} customTagReplacement     used when developers have their own login response template
+    */
+    createLogoutRequest(targetEntity, binding, user, relayState = '', customTagReplacement) {
+        if (binding === urn_js_1.wording.binding.redirect) {
+            return binding_redirect_js_1.default.logoutRequestRedirectURL(user, {
+                init: this,
+                target: targetEntity,
+            }, relayState, customTagReplacement);
+        }
+        if (binding === urn_js_1.wording.binding.post) {
+            const entityEndpoint = targetEntity.entityMeta.getSingleLogoutService(binding);
+            const context = binding_post_js_1.default.base64LogoutRequest(user, "/*[local-name(.)='LogoutRequest']", { init: this, target: targetEntity }, customTagReplacement);
+            return {
+                ...context,
+                relayState,
+                entityEndpoint,
+                type: 'SAMLRequest',
+            };
+        }
+        // Will support artifact in the next release
+        throw new Error('ERR_UNDEFINED_BINDING');
+    }
+    /**
+    * @desc  Generates the logout response for developers to design their own method
+    * @param  {IdentityProvider} idp               object of identity provider
+    * @param  {object} requestInfo                 corresponding request, used to obtain the id
+    * @param  {string} relayState                  the URL to which to redirect the user when logout is complete.
+    * @param  {string} binding                     protocol binding
+    * @param  {function} customTagReplacement                 used when developers have their own login response template
+    */
+    createLogoutResponse(target, requestInfo, binding, relayState = '', customTagReplacement) {
+        const protocol = urn_js_1.namespace.binding[binding];
+        if (protocol === urn_js_1.namespace.binding.redirect) {
+            return binding_redirect_js_1.default.logoutResponseRedirectURL(requestInfo, {
+                init: this,
+                target,
+            }, relayState, customTagReplacement);
+        }
+        if (protocol === urn_js_1.namespace.binding.post) {
+            const context = binding_post_js_1.default.base64LogoutResponse(requestInfo, {
+                init: this,
+                target,
+            }, customTagReplacement);
+            return {
+                ...context,
+                relayState,
+                entityEndpoint: target.entityMeta.getSingleLogoutService(binding),
+                type: 'SAMLResponse',
+            };
+        }
+        throw new Error('ERR_CREATE_LOGOUT_RESPONSE_UNDEFINED_BINDING');
+    }
+    /**
+    * @desc   Validation of the parsed the URL parameters
+    * @param  {IdentityProvider}   idp             object of identity provider
+    * @param  {string}   binding                   protocol binding
+    * @param  {request}   req                      request
+    * @return {Promise}
+    */
+    parseLogoutRequest(from, binding, request) {
+        const self = this;
+        return (0, flow_js_1.flow)({
+            from: from,
+            self: self,
+            type: 'logout',
+            parserType: 'LogoutRequest',
+            checkSignature: this.entitySetting.wantLogoutRequestSigned,
+            binding: binding,
+            request: request,
+        });
+    }
+    /**
+    * @desc   Validation of the parsed the URL parameters
+    * @param  {object} config                      config for the parser
+    * @param  {string}   binding                   protocol binding
+    * @param  {request}   req                      request
+    * @return {Promise}
+    */
+    parseLogoutResponse(from, binding, request) {
+        const self = this;
+        return (0, flow_js_1.flow)({
+            from: from,
+            self: self,
+            type: 'logout',
+            parserType: 'LogoutResponse',
+            checkSignature: self.entitySetting.wantLogoutResponseSigned,
+            binding: binding,
+            request: request
+        });
+    }
+}
+exports.default = Entity;
+//# sourceMappingURL=entity.js.map

package/build/src/entity.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"entity.js","sourceRoot":"","sources":["../../src/entity.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;;;;EAIE;AACF,6CAAyD;AACzD,qCAAiF;AACjF,2CAA6B;AAC7B,wEAAuF;AACvF,sEAAmF;AACnF,gFAAoD;AACpD,wEAA4C;AAE5C,uCAA8C;AAE9C,MAAM,uBAAuB,GAAG,mBAAU,CAAC,UAAU,CAAC,IAAI,CAAC;AAC3D,MAAM,sBAAsB,GAAG,mBAAU,CAAC,UAAU,CAAC,GAAG,CAAC;AACzD,MAAM,mBAAmB,GAAG,mBAAU,CAAC,SAAS,CAAC;AACjD,MAAM,oBAAoB,GAAG,8BAAqB,CAAC,YAAY,CAAC;AAEhE,MAAM,oBAAoB,GAAG;IAC3B,wBAAwB,EAAE,KAAK;IAC/B,mBAAmB,EAAE,oBAAoB,CAAC,iBAAiB;IAC3D,uBAAuB,EAAE,KAAK;IAC9B,WAAW,EAAE,KAAK;IAClB,oBAAoB,EAAE,KAAK;IAC3B,yBAAyB,EAAE,mBAAmB,CAAC,UAAU;IACzD,uBAAuB,EAAE,uBAAuB,CAAC,WAAW;IAC5D,sBAAsB,EAAE,sBAAsB,CAAC,cAAc;IAC7D,UAAU,EAAE,GAAW,EAAE,CAAC,CAAC,GAAG,GAAG,IAAI,CAAC,EAAE,EAAE,CAAC;IAC3C,UAAU,EAAE,EAAE;CACf,CAAC;AAuCF,MAAqB,MAAM;IACzB,aAAa,CAAgB;IAC7B,UAAU,CAAS;IACnB,UAAU,CAAiD;IAE3D;;;MAGE;IACF,YAAY,aAAgC,EAAE,UAAwB;QACpE,IAAI,CAAC,aAAa,GAAG,MAAM,CAAC,MAAM,CAAC,EAAE,EAAE,oBAAoB,EAAE,aAAa,CAAC,CAAC;QAC5E,MAAM,QAAQ,GAAG,aAAa,CAAC,QAAQ,IAAI,aAAa,CAAC;QACzD,QAAQ,UAAU,EAAE,CAAC;YACnB,KAAK,KAAK;gBACR,IAAI,CAAC,UAAU,GAAG,IAAA,yBAAW,EAAC,QAAQ,CAAC,CAAC;gBACxC,8CAA8C;gBAC9C,IAAI,CAAC,aAAa,CAAC,uBAAuB,GAAG,IAAI,CAAC,UAAU,CAAC,yBAAyB,EAAE,CAAC;gBACzF,IAAI,CAAC,aAAa,CAAC,YAAY,GAAG,IAAI,CAAC,UAAU,CAAC,eAAe,EAAE,IAAI,IAAI,CAAC,aAAa,CAAC,YAAY,CAAC;gBACvG,MAAM;YACR,KAAK,IAAI;gBACP,IAAI,CAAC,UAAU,GAAG,IAAA,wBAAU,EAAC,QAAQ,CAAC,CAAC;gBACvC,8CAA8C;gBAC9C,IAAI,CAAC,aAAa,CAAC,mBAAmB,GAAG,IAAI,CAAC,UAAU,CAAC,oBAAoB,EAAE,CAAC;gBAChF,IAAI,CAAC,aAAa,CAAC,oBAAoB,GAAG,IAAI,CAAC,UAAU,CAAC,sBAAsB,EAAE,CAAC;gBACnF,IAAI,CAAC,aAAa,CAAC,YAAY,GAAG,IAAI,CAAC,UAAU,CAAC,eAAe,EAAE,IAAI,IAAI,CAAC,aAAa,CAAC,YAAY,CAAC;gBACvG,MAAM;YACR;gBACE,MAAM,IAAI,KAAK,CAAC,2BAA2B,CAAC,CAAC;QACjD,CAAC;IACH,CAAC;IAED;;;MAGE;IACF,gBAAgB;QACd,OAAO,IAAI,CAAC,aAAa,CAAC;IAC5B,CAAC;IACD;;;MAGE;IACF,WAAW;QACT,OAAO,IAAI,CAAC,UAAU,CAAC,WAAW,EAAE,CAAC;IACvC,CAAC;IAED;;;MAGE;IACF,cAAc,CAAC,UAAkB;QAC/B,OAAO,IAAI,CAAC,UAAU,CAAC,cAAc,CAAC,UAAU,CAAC,CAAC;IACpD,CAAC;IAED;;;;MAIE;IACF,YAAY,CAAC,KAAwB,EAAE,SAAiB;QACtD,IAAI,IAAA,qBAAQ,EAAC,KAAK,CAAC,EAAE,CAAC;YACpB,OAAO,KAAK,KAAK,SAAS,CAAC;QAC7B,CAAC;QACD,IAAI,IAAA,4BAAe,EAAC,KAAK,CAAC,EAAE,CAAC;YAC3B,IAAI,GAAG,GAAG,IAAI,CAAC;YACd,KAAkB,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE;gBAC9B,IAAI,CAAC,KAAK,SAAS,EAAE,CAAC;oBACpB,GAAG,GAAG,KAAK,CAAC;oBACZ,OAAO;gBACT,CAAC;YACH,CAAC,CAAC,CAAC;YACH,OAAO,GAAG,CAAC;QACb,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IACD;;;;;;MAME;IACF,mBAAmB,CAAC,YAAY,EAAE,OAAO,EAAE,IAAI,EAAE,UAAU,GAAG,EAAE,EAAE,oBAAqB;QACrF,IAAI,OAAO,KAAK,gBAAO,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAC;YACzC,OAAO,6BAAe,CAAC,wBAAwB,CAAC,IAAI,EAAE;gBACpD,IAAI,EAAE,IAAI;gBACV,MAAM,EAAE,YAAY;aACrB,EAAE,UAAU,EAAE,oBAAoB,CAAC,CAAC;QACvC,CAAC;QACD,IAAI,OAAO,KAAK,gBAAO,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;YACrC,MAAM,cAAc,GAAG,YAAY,CAAC,UAAU,CAAC,sBAAsB,CAAC,OAAO,CAAC,CAAC;YAC/E,MAAM,OAAO,GAAG,yBAAW,CAAC,mBAAmB,CAAC,IAAI,EAAE,mCAAmC,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,YAAY,EAAE,EAAE,oBAAoB,CAAC,CAAC;YACvJ,OAAO;gBACL,GAAG,OAAO;gBACV,UAAU;gBACV,cAAc;gBACd,IAAI,EAAE,aAAa;aACpB,CAAC;QACJ,CAAC;QACD,4CAA4C;QAC5C,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAC;IAC3C,CAAC;IAED;;;;;;;MAOE;IACF,oBAAoB,CAAC,MAAM,EAAE,WAAW,EAAE,OAAO,EAAE,UAAU,GAAG,EAAE,EAAE,oBAAqB;QACvF,MAAM,QAAQ,GAAG,kBAAS,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC5C,IAAI,QAAQ,KAAK,kBAAS,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAC;YAC5C,OAAO,6BAAe,CAAC,yBAAyB,CAAC,WAAW,EAAE;gBAC5D,IAAI,EAAE,IAAI;gBACV,MAAM;aACP,EAAE,UAAU,EAAE,oBAAoB,CAAC,CAAC;QACvC,CAAC;QACD,IAAI,QAAQ,KAAK,kBAAS,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;YACxC,MAAM,OAAO,GAAG,yBAAW,CAAC,oBAAoB,CAAC,WAAW,EAAE;gBAC5D,IAAI,EAAE,IAAI;gBACV,MAAM;aACP,EAAE,oBAAoB,CAAC,CAAC;YACzB,OAAO;gBACL,GAAG,OAAO;gBACV,UAAU;gBACV,cAAc,EAAE,MAAM,CAAC,UAAU,CAAC,sBAAsB,CAAC,OAAO,CAAC;gBACjE,IAAI,EAAE,cAAc;aACrB,CAAC;QACJ,CAAC;QACD,MAAM,IAAI,KAAK,CAAC,8CAA8C,CAAC,CAAC;IAClE,CAAC;IAED;;;;;;MAME;IACF,kBAAkB,CAAC,IAAI,EAAE,OAAO,EAAE,OAAyB;QACzD,MAAM,IAAI,GAAG,IAAI,CAAC;QAClB,OAAO,IAAA,cAAI,EAAC;YACV,IAAI,EAAE,IAAI;YACV,IAAI,EAAE,IAAI;YACV,IAAI,EAAE,QAAQ;YACd,UAAU,EAAE,eAAe;YAC3B,cAAc,EAAE,IAAI,CAAC,aAAa,CAAC,uBAAuB;YAC1D,OAAO,EAAE,OAAO;YAChB,OAAO,EAAE,OAAO;SACjB,CAAC,CAAC;IACL,CAAC;IACD;;;;;;MAME;IACF,mBAAmB,CAAC,IAAI,EAAE,OAAO,EAAE,OAAyB;QAC1D,MAAM,IAAI,GAAG,IAAI,CAAC;QAClB,OAAO,IAAA,cAAI,EAAC;YACV,IAAI,EAAE,IAAI;YACV,IAAI,EAAE,IAAI;YACV,IAAI,EAAE,QAAQ;YACd,UAAU,EAAE,gBAAgB;YAC5B,cAAc,EAAE,IAAI,CAAC,aAAa,CAAC,wBAAwB;YAC3D,OAAO,EAAE,OAAO;YAChB,OAAO,EAAE,OAAO;SACjB,CAAC,CAAC;IACL,CAAC;CACF;AA5KD,yBA4KC"}