samlesa 2.16.0 → 2.16.1

package/build/.idea/build.iml

@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<module type="WEB_MODULE" version="4">
+  <component name="NewModuleRootManager">
+    <content url="file://$MODULE_DIR$">
+      <excludeFolder url="file://$MODULE_DIR$/.tmp" />
+      <excludeFolder url="file://$MODULE_DIR$/temp" />
+      <excludeFolder url="file://$MODULE_DIR$/tmp" />
+    </content>
+    <orderEntry type="inheritedJdk" />
+    <orderEntry type="sourceFolder" forTests="false" />
+  </component>
+</module>

package/build/.idea/deployment.xml

@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="PublishConfigData" remoteFilesAllowedToDisappearOnAutoupload="false">
+    <serverData>
+      <paths name="阿里云">
+        <serverdata>
+          <mappings>
+            <mapping local="$PROJECT_DIR$" web="/" />
+          </mappings>
+        </serverdata>
+      </paths>
+    </serverData>
+  </component>
+</project>

package/build/.idea/modules.xml

@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="ProjectModuleManager">
+    <modules>
+      <module fileurl="file://$PROJECT_DIR$/.idea/build.iml" filepath="$PROJECT_DIR$/.idea/build.iml" />
+    </modules>
+  </component>
+</project>

package/build/src/libsaml.js

@@ -152,6 +152,12 @@ const libSaml = () => {
         }
         return nrsaAliasMappingForNode[signatureAlgorithms.RSA_SHA256];
     }
+    /**
+     * @private
+     * @desc Get the signing scheme alias by signature algorithms, used by the node-rsa module
+     * @param {string} sigAlg    signature algorithm
+     * @return {string/null} signing algorithm short-hand for the module node-rsa
+     */
     /**
      * @private
      * @desc Get the digest algorithms by signature algorithms
@@ -538,6 +544,26 @@ const libSaml = () => {
                 throw new Error(`SAML 签名失败: ${error.message}`);
             }
         },
+        /*    constructMessageSignature(
+              octetString: string,
+              key: string,
+              passphrase?: string,
+              isBase64?: boolean,
+              signingAlgorithm?: string
+            ) {
+              // Default returning base64 encoded signature
+              // Embed with node-rsa module
+              const decryptedKey = new nrsa(
+                utility.readPrivateKey(key, passphrase),
+                undefined,
+                {
+                  signingScheme: getSigningScheme(signingAlgorithm),
+                }
+              );
+              const signature = decryptedKey.sign(octetString);
+              // Use private key to sign data
+              return isBase64 !== false ? signature.toString('base64') : signature;
+            },*/
         verifyMessageSignature(metadata, octetString, signature, verifyAlgorithm) {
             const signCert = metadata.getX509Certificate(certUse.signing);
             const signingScheme = getSigningSchemeForNode(verifyAlgorithm);

package/build/src/schemaValidator.js

@@ -15,7 +15,34 @@ const schemas = [
     'saml-schema-ecp-2.0.xsd',
     'saml-schema-dce-2.0.xsd'
 ];
+function detectXXEIndicators(samlString) {
+    const xxePatterns = [
+        /<!DOCTYPE\s[^>]*>/i,
+        /<!ENTITY\s+[^\s>]+\s+(?:SYSTEM|PUBLIC)\s+['"][^>]*>/i,
+        /&[a-zA-Z0-9._-]+;/g,
+        /SYSTEM\s*=/i,
+        /PUBLIC\s*=/i,
+        /file:\/\//,
+        /\.dtd['"]?/
+    ];
+    const matches = {};
+    xxePatterns.forEach((pattern, index) => {
+        const found = samlString.match(pattern);
+        if (found) {
+            matches[`pattern_${index}`] = {
+                pattern: pattern.toString(),
+                matches: found
+            };
+        }
+    });
+    return Object.keys(matches).length > 0 ? matches : null;
+}
 export const validate = async (xml) => {
+    const indicators = detectXXEIndicators(xml);
+    if (indicators) {
+        console.error('XXE风险特征:', indicators);
+        throw new Error('ERR_EXCEPTION_VALIDATE_XML');
+    }
     const schemaPath = path.resolve(__dirname, 'schema');
     const [schema, ...preload] = await Promise.all(schemas.map(async (file) => ({
         fileName: file,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "samlesa",
-  "version": "2.16.0",
+  "version": "2.16.1",
   "description": "High-level API for Single Sign On (SAML 2.0) baseed on samlify ",
   "main": "build/index.js",
   "keywords": [
@@ -55,7 +55,7 @@
   },
   "devDependencies": {
     "@microsoft/api-extractor": "7.52.8",
-    "@types/node": "^22.15.34",
+    "@types/node": "^24.0.10",
     "@types/pako": "2.0.3",
     "@types/uuid": "10.0.0",
     "ava": "^4.3.3",

package/types/api.d.ts

@@ -0,0 +1,15 @@
+import { DOMParser as dom } from '@xmldom/xmldom';
+import type { Options as DOMParserOptions } from '@xmldom/xmldom';
+interface Context extends ValidatorContext, DOMParserContext {
+}
+interface ValidatorContext {
+    validate?: (xml: string) => Promise<any>;
+}
+interface DOMParserContext {
+    dom: dom;
+}
+export declare function getContext(): Context;
+export declare function setSchemaValidator(params: ValidatorContext): void;
+export declare function setDOMParserOptions(options?: DOMParserOptions): void;
+export {};
+//# sourceMappingURL=api.d.ts.map

package/types/api.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"api.d.ts","sourceRoot":"","sources":["../src/api.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,IAAI,GAAG,EAAE,MAAM,gBAAgB,CAAC;AAClD,OAAO,KAAK,EAAE,OAAO,IAAI,gBAAgB,EAAE,MAAM,gBAAgB,CAAC;AAElE,UAAU,OAAQ,SAAQ,gBAAgB,EAAE,gBAAgB;CAAG;AAE/D,UAAU,gBAAgB;IACxB,QAAQ,CAAC,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,OAAO,CAAC,GAAG,CAAC,CAAC;CAC1C;AAED,UAAU,gBAAgB;IACxB,GAAG,EAAE,GAAG,CAAC;CACV;AAOD,wBAAgB,UAAU,IAAG,OAAO,CAEnC;AAED,wBAAgB,kBAAkB,CAAC,MAAM,EAAE,gBAAgB,GAAE,IAAI,CAShE;AAED,wBAAgB,mBAAmB,CAAC,OAAO,GAAE,gBAAqB,GAAE,IAAI,CAEvE"}

package/types/binding-post.d.ts

@@ -0,0 +1,48 @@
+/**
+* @file binding-post.ts
+* @author tngan
+* @desc Binding-level API, declare the functions using POST binding
+*/
+import type { BindingContext } from './entity.js';
+/**
+* @desc Generate a base64 encoded login request
+* @param  {string} referenceTagXPath           reference uri
+* @param  {object} entity                      object includes both idp and sp
+* @param  {function} customTagReplacement     used when developers have their own login response template
+*/
+declare function base64LoginRequest(referenceTagXPath: string, entity: any, customTagReplacement?: (template: string) => BindingContext): BindingContext;
+/**
+ * @desc Generate a base64 encoded login response
+ * @param  {object} requestInfo                 corresponding request, used to obtain the id
+ * @param  {object} entity                      object includes both idp and sp
+ * @param  {object} user                        current logged user (e.g. req.user)
+ * @param  {function} customTagReplacement     used when developers have their own login response template
+ * @param  {boolean}  encryptThenSign           whether or not to encrypt then sign first (if signing). Defaults to sign-then-encrypt
+ * @param AttributeStatement
+ */
+declare function base64LoginResponse(requestInfo: any | undefined, entity: any, user?: any, customTagReplacement?: (template: string) => BindingContext, encryptThenSign?: boolean, AttributeStatement?: never[]): Promise<BindingContext>;
+/**
+* @desc Generate a base64 encoded logout request
+* @param  {object} user                         current logged user (e.g. req.user)
+* @param  {string} referenceTagXPath            reference uri
+* @param  {object} entity                       object includes both idp and sp
+* @param  {function} customTagReplacement      used when developers have their own login response template
+* @return {string} base64 encoded request
+*/
+declare function base64LogoutRequest(user: Record<string, unknown>, referenceTagXPath: string, entity: any, customTagReplacement?: (template: string) => BindingContext): BindingContext;
+/**
+* @desc Generate a base64 encoded logout response
+* @param  {object} requestInfo                 corresponding request, used to obtain the id
+* @param  {string} referenceTagXPath           reference uri
+* @param  {object} entity                      object includes both idp and sp
+* @param  {function} customTagReplacement     used when developers have their own login response template
+*/
+declare function base64LogoutResponse(requestInfo: any, entity: any, customTagReplacement: (template: string) => BindingContext): BindingContext;
+declare const postBinding: {
+    base64LoginRequest: typeof base64LoginRequest;
+    base64LoginResponse: typeof base64LoginResponse;
+    base64LogoutRequest: typeof base64LogoutRequest;
+    base64LogoutResponse: typeof base64LogoutResponse;
+};
+export default postBinding;
+//# sourceMappingURL=binding-post.d.ts.map

package/types/binding-post.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"binding-post.d.ts","sourceRoot":"","sources":["../src/binding-post.ts"],"names":[],"mappings":"AAAA;;;;EAIE;AAGF,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAMlD;;;;;EAKE;AACF,iBAAS,kBAAkB,CAAC,iBAAiB,EAAE,MAAM,EAAE,MAAM,EAAE,GAAG,EAAE,oBAAoB,CAAC,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK,cAAc,GAAG,cAAc,CAqD/I;AACD;;;;;;;;GAQG;AACH,iBAAe,mBAAmB,CAAC,WAAW,EAAE,GAAG,YAAK,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,GAAE,GAAQ,EAAE,oBAAoB,CAAC,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK,cAAc,EAAE,eAAe,GAAE,OAAe,EAAG,kBAAkB,UAAG,GAAG,OAAO,CAAC,cAAc,CAAC,CAuIrO;AACD;;;;;;;EAOE;AACF,iBAAS,mBAAmB,CAAC,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,iBAAiB,EAAC,MAAM,EAAE,MAAM,KAAA,EAAE,oBAAoB,CAAC,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK,cAAc,GAAG,cAAc,CAkDzK;AACD;;;;;;EAME;AACF,iBAAS,oBAAoB,CAAC,WAAW,EAAE,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,oBAAoB,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK,cAAc,GAAG,cAAc,CAsDvI;AAED,QAAA,MAAM,WAAW;;;;;CAKhB,CAAC;AAEF,eAAe,WAAW,CAAC"}

package/types/binding-redirect.d.ts

@@ -0,0 +1,54 @@
+import type { BindingContext } from './entity.js';
+import { IdentityProvider as Idp } from './entity-idp.js';
+import { ServiceProvider as Sp } from './entity-sp.js';
+export interface BuildRedirectConfig {
+    baseUrl: string;
+    type: string;
+    isSigned: boolean;
+    context: string;
+    entitySetting: any;
+    relayState?: string;
+}
+/**
+ * @desc Redirect URL for login request
+ * @param  {object} entity                       object includes both idp and sp
+ * @param  {function} customTagReplacement      used when developers have their own login response template
+ * @return {string} redirect URL
+ */
+declare function loginRequestRedirectURL(entity: {
+    idp: Idp;
+    sp: Sp;
+}, customTagReplacement?: (template: string) => BindingContext): BindingContext;
+/**
+ * @desc Redirect URL for login response
+ * @param  {object} requestInfo             corresponding request, used to obtain the id
+ * @param  {object} entity                      object includes both idp and sp
+ * @param  {object} user                         current logged user (e.g. req.user)
+ * @param  {String} relayState                the relaystate sent by sp corresponding request
+ * @param  {function} customTagReplacement     used when developers have their own login response template
+ * @param AttributeStatement
+ */
+declare function loginResponseRedirectURL(requestInfo: any, entity: any, user?: any, relayState?: string, customTagReplacement?: (template: string) => BindingContext, AttributeStatement?: never[]): BindingContext;
+/**
+ * @desc Redirect URL for logout request
+ * @param  {object} user                        current logged user (e.g. req.user)
+ * @param  {object} entity                      object includes both idp and sp
+ * @param  {function} customTagReplacement     used when developers have their own login response template
+ * @return {string} redirect URL
+ */
+declare function logoutRequestRedirectURL(user: any, entity: any, relayState?: string, customTagReplacement?: (template: string, tags: object) => BindingContext): BindingContext;
+/**
+ * @desc Redirect URL for logout response
+ * @param  {object} requescorresponding request, used to obtain the id
+ * @param  {object} entity                      object includes both idp and sp
+ * @param  {function} customTagReplacement     used when developers have their own login response template
+ */
+declare function logoutResponseRedirectURL(requestInfo: any, entity: any, relayState?: string, customTagReplacement?: (template: string) => BindingContext): BindingContext;
+declare const redirectBinding: {
+    loginRequestRedirectURL: typeof loginRequestRedirectURL;
+    loginResponseRedirectURL: typeof loginResponseRedirectURL;
+    logoutRequestRedirectURL: typeof logoutRequestRedirectURL;
+    logoutResponseRedirectURL: typeof logoutResponseRedirectURL;
+};
+export default redirectBinding;
+//# sourceMappingURL=binding-redirect.d.ts.map

package/types/binding-redirect.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"binding-redirect.d.ts","sourceRoot":"","sources":["../src/binding-redirect.ts"],"names":[],"mappings":"AAOA,OAAO,KAAK,EAAC,cAAc,EAAC,MAAM,aAAa,CAAC;AAChD,OAAO,EAAC,gBAAgB,IAAI,GAAG,EAAC,MAAM,iBAAiB,CAAC;AACxD,OAAO,EAAC,eAAe,IAAI,EAAE,EAAC,MAAM,gBAAgB,CAAC;AAOrD,MAAM,WAAW,mBAAmB;IAClC,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,OAAO,CAAC;IAClB,OAAO,EAAE,MAAM,CAAC;IAChB,aAAa,EAAE,GAAG,CAAC;IACnB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAgED;;;;;GAKG;AACH,iBAAS,uBAAuB,CAAC,MAAM,EAAE;IACvC,GAAG,EAAE,GAAG,CAAC;IACT,EAAE,EAAE,EAAE,CAAA;CACP,EAAE,oBAAoB,CAAC,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK,cAAc,GAAG,cAAc,CAyC9E;AAED;;;;;;;;GAQG;AACH,iBAAS,wBAAwB,CAAC,WAAW,EAAE,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,GAAE,GAAQ,EAAE,UAAU,CAAC,EAAE,MAAM,EAAE,oBAAoB,CAAC,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK,cAAc,EAAC,kBAAkB,UAAI,GAAG,cAAc,CAoGxM;AAED;;;;;;GAMG;AACH,iBAAS,wBAAwB,CAAC,IAAI,KAAA,EAAE,MAAM,KAAA,EAAE,UAAU,CAAC,EAAE,MAAM,EAAE,oBAAoB,CAAC,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,KAAK,cAAc,GAAG,cAAc,CAwC9J;AAED;;;;;GAKG;AACH,iBAAS,yBAAyB,CAAC,WAAW,EAAE,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,UAAU,CAAC,EAAE,MAAM,EAAE,oBAAoB,CAAC,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK,cAAc,GAAG,cAAc,CAyClK;AAED,QAAA,MAAM,eAAe;;;;;CAKpB,CAAC;AAEF,eAAe,eAAe,CAAC"}

package/types/binding-simplesign.d.ts

@@ -0,0 +1,41 @@
+/**
+* @file binding-simplesign.ts
+* @author Orange
+* @desc Binding-level API, declare the functions using POST SimpleSign binding
+*/
+import type { BindingContext, SimpleSignComputedContext } from './entity.js';
+export interface BuildSimpleSignConfig {
+    type: string;
+    context: string;
+    entitySetting: any;
+    relayState?: string;
+}
+export interface BindingSimpleSignContext {
+    id: string;
+    context: string;
+    signature: any;
+    sigAlg: string;
+}
+/**
+* @desc Generate a base64 encoded login request
+* @param  {string} referenceTagXPath           reference uri
+* @param  {object} entity                      object includes both idp and sp
+* @param  {function} customTagReplacement     used when developers have their own login response template
+*/
+declare function base64LoginRequest(entity: any, customTagReplacement?: (template: string) => BindingContext): SimpleSignComputedContext;
+/**
+ * @desc Generate a base64 encoded login response
+ * @param  {object} requestInfo                 corresponding request, used to obtain the id
+ * @param  {object} entity                      object includes both idp and sp
+ * @param  {object} user                        current logged user (e.g. req.user)
+ * @param  {string}  relayState               the relay state
+ * @param  {function} customTagReplacement     used when developers have their own login response template
+ * @param AttributeStatement
+ */
+declare function base64LoginResponse(requestInfo: any | undefined, entity: any, user?: any, relayState?: string, customTagReplacement?: (template: string) => BindingContext, AttributeStatement?: []): Promise<BindingSimpleSignContext>;
+declare const simpleSignBinding: {
+    base64LoginRequest: typeof base64LoginRequest;
+    base64LoginResponse: typeof base64LoginResponse;
+};
+export default simpleSignBinding;
+//# sourceMappingURL=binding-simplesign.d.ts.map

package/types/binding-simplesign.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"binding-simplesign.d.ts","sourceRoot":"","sources":["../src/binding-simplesign.ts"],"names":[],"mappings":"AAAA;;;;EAIE;AAGF,OAAQ,KAAK,EAAE,cAAc,EAAE,yBAAyB,EAAE,MAAM,aAAa,CAAC;AAO9E,MAAM,WAAW,qBAAqB;IACpC,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,aAAa,EAAE,GAAG,CAAC;IACnB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,wBAAwB;IACvC,EAAE,EAAE,MAAM,CAAC;IACX,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,GAAG,CAAC;IACf,MAAM,EAAE,MAAM,CAAC;CAChB;AA6CD;;;;;EAKE;AACF,iBAAS,kBAAkB,CAAC,MAAM,EAAE,GAAG,EAAE,oBAAoB,CAAC,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK,cAAc,GAAG,yBAAyB,CAkD/H;AACD;;;;;;;;GAQG;AACH,iBAAe,mBAAmB,CAAC,WAAW,EAAE,GAAG,YAAK,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,GAAE,GAAQ,EAAE,UAAU,CAAC,EAAE,MAAM,EAAE,oBAAoB,CAAC,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK,cAAc,EAAE,kBAAkB,GAAC,EAAO,GAAG,OAAO,CAAC,wBAAwB,CAAC,CA6FtO;AAED,QAAA,MAAM,iBAAiB;;;CAGpB,CAAC;AAEJ,eAAe,iBAAiB,CAAC"}

package/types/entity-idp.d.ts

@@ -0,0 +1,38 @@
+import Entity, { type ESamlHttpRequest } from './entity.js';
+import { ServiceProviderConstructor as ServiceProvider, IdentityProviderMetadata, type IdentityProviderSettings } from './types.js';
+import { type FlowResult } from './flow.js';
+import type { BindingContext } from './entity.js';
+/**
+ * Identity provider can be configured using either metadata importing or idpSetting
+ */
+export default function (props: IdentityProviderSettings): IdentityProvider;
+/**
+ * Identity provider can be configured using either metadata importing or idpSetting
+ */
+export declare class IdentityProvider extends Entity {
+    entityMeta: IdentityProviderMetadata;
+    constructor(idpSetting: IdentityProviderSettings);
+    /**
+     * @desc  Generates the login response for developers to design their own method
+     * @param params
+     */
+    createLoginResponse(params: {
+        sp: ServiceProvider;
+        requestInfo: Record<string, any>;
+        binding?: string;
+        user: Record<string, any>;
+        customTagReplacement?: (template: string) => BindingContext;
+        encryptThenSign?: boolean;
+        relayState?: string;
+        context: Record<string, any>;
+        AttributeStatement: [];
+    }): Promise<any>;
+    /**
+     * Validation of the parsed URL parameters
+     * @param sp ServiceProvider instance
+     * @param binding Protocol binding
+     * @param req RequesmessageSigningOrderst
+     */
+    parseLoginRequest(sp: ServiceProvider, binding: string, req: ESamlHttpRequest): Promise<FlowResult>;
+}
+//# sourceMappingURL=entity-idp.d.ts.map

package/types/entity-idp.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"entity-idp.d.ts","sourceRoot":"","sources":["../src/entity-idp.ts"],"names":[],"mappings":"AAYA,OAAO,MAAM,EAAE,EAAE,KAAK,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAC5D,OAAO,EACL,0BAA0B,IAAI,eAAe,EAE7C,wBAAwB,EACxB,KAAK,wBAAwB,EAC9B,MAAM,YAAY,CAAC;AAMpB,OAAO,EAAQ,KAAK,UAAU,EAAE,MAAO,WAAW,CAAC;AAEnD,OAAO,KAAM,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAEnD;;GAEG;AACH,MAAM,CAAC,OAAO,WAAU,KAAK,EAAE,wBAAwB,oBAEtD;AAED;;GAEG;AACH,qBAAa,gBAAiB,SAAQ,MAAM;IAElC,UAAU,EAAE,wBAAwB,CAAC;gBAEjC,UAAU,EAAE,wBAAwB;IAqChD;;;OAGG;IACU,mBAAmB,CAAC,MAAM,EAAC;QACtC,EAAE,EAAE,eAAe,CAAC;QACpB,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;QACjC,OAAO,CAAC,EAAE,MAAM,CAAC;QACjB,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;QAC1B,oBAAoB,CAAC,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK,cAAc,CAAC;QAC5D,eAAe,CAAC,EAAE,OAAO,CAAC;QAC1B,UAAU,CAAC,EAAE,MAAM,CAAC;QACpB,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;QAC7B,kBAAkB,EAAC,EAAE,CAAA;KACtB;IAyCD;;;;;OAKG;IACH,iBAAiB,CAAC,EAAE,EAAE,eAAe,EAAE,OAAO,EAAE,MAAM,EAAE,GAAG,EAAE,gBAAgB;CAY9E"}

package/types/entity-sp.d.ts

@@ -0,0 +1,38 @@
+/**
+* @file entity-sp.ts
+* @author tngan
+* @desc  Declares the actions taken by service provider
+*/
+import Entity from './entity.js';
+import type { BindingContext, PostBindingContext, ESamlHttpRequest, SimpleSignBindingContext } from './entity.js';
+import { IdentityProviderConstructor as IdentityProvider, ServiceProviderMetadata, type ServiceProviderSettings } from './types.js';
+import { type FlowResult } from './flow.js';
+export default function (props: ServiceProviderSettings): ServiceProvider;
+/**
+* @desc Service provider can be configured using either metadata importing or spSetting
+* @param  {object} spSettingimport { FlowResult } from '../types/src/flow.d';
+
+*/
+export declare class ServiceProvider extends Entity {
+    entityMeta: ServiceProviderMetadata;
+    /**
+    * @desc  Inherited from Entity
+    * @param {object} spSetting    setting of service provider
+    */
+    constructor(spSetting: ServiceProviderSettings);
+    /**
+    * @desc  Generates the login request for developers to design their own method
+    * @param  {IdentityProvider} idp               object of identity provider
+    * @param  {string}   binding                   protocol binding
+    * @param  {function} customTagReplacement     used when developers have their own login response template
+    */
+    createLoginRequest(idp: IdentityProvider, binding?: string, customTagReplacement?: (template: string) => BindingContext): BindingContext | PostBindingContext | SimpleSignBindingContext;
+    /**
+    * @desc   Validation of the parsed the URL parameters
+    * @param  {IdentityProvider}   idp             object of identity provider
+    * @param  {string}   binding                   protocol binding
+    * @param  {request}   req                      request
+    */
+    parseLoginResponse(idp: any, binding: any, request: ESamlHttpRequest): Promise<FlowResult>;
+}
+//# sourceMappingURL=entity-sp.d.ts.map

package/types/entity-sp.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"entity-sp.d.ts","sourceRoot":"","sources":["../src/entity-sp.ts"],"names":[],"mappings":"AAAA;;;;EAIE;AACF,OAAO,MAEN,MAAM,aAAa,CAAC;AACrB,OAAQ,KAAK,EAAG,cAAc,EAC5B,kBAAkB,EAClB,gBAAgB,EAChB,wBAAwB,EAAE,MAAK,aAAa,CAAC;AAC/C,OAAO,EACL,2BAA2B,IAAI,gBAAgB,EAC/C,uBAAuB,EACvB,KAAK,uBAAuB,EAC7B,MAAM,YAAY,CAAC;AAKpB,OAAO,EAAQ,KAAK,UAAU,EAAE,MAAO,WAAW,CAAC;AAKnD,MAAM,CAAC,OAAO,WAAU,KAAK,EAAE,uBAAuB,mBAErD;AAED;;;;EAIE;AACF,qBAAa,eAAgB,SAAQ,MAAM;IAChC,UAAU,EAAE,uBAAuB,CAAC;IAE7C;;;MAGE;gBACU,SAAS,EAAE,uBAAuB;IAS9C;;;;;MAKE;IACK,kBAAkB,CACvB,GAAG,EAAE,gBAAgB,EACrB,OAAO,SAAa,EACpB,oBAAoB,CAAC,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK,cAAc,GAC1D,cAAc,GAAG,kBAAkB,GAAE,wBAAwB;IAkChE;;;;;MAKE;IACK,kBAAkB,CAAC,GAAG,KAAA,EAAE,OAAO,KAAA,EAAE,OAAO,EAAE,gBAAgB;CAalE"}

package/types/entity.d.ts

@@ -0,0 +1,100 @@
+import { IdpMetadata as IdpMetadataConstructor } from './metadata-idp.js';
+import { SpMetadata as SpMetadataConstructor } from './metadata-sp.js';
+import type { MetadataIdpConstructor, MetadataSpConstructor, EntitySetting } from './types.js';
+import { type FlowResult } from './flow.js';
+export interface ESamlHttpRequest {
+    query?: any;
+    body?: any;
+    octetString?: string;
+}
+export interface BindingContext {
+    context: string;
+    id: string;
+}
+export interface PostBindingContext extends BindingContext {
+    relayState?: string;
+    entityEndpoint: string;
+    type: string;
+}
+export interface SimpleSignBindingContext extends PostBindingContext {
+    sigAlg?: string;
+    signature?: string;
+    keyInfo?: string;
+}
+export interface SimpleSignComputedContext extends BindingContext {
+    sigAlg?: string;
+    signature?: string;
+}
+export interface ParseResult {
+    samlContent: string;
+    extract: any;
+    sigAlg: string;
+}
+export type EntityConstructor = (MetadataIdpConstructor | MetadataSpConstructor) & {
+    metadata?: string | Buffer;
+};
+export default class Entity {
+    entitySetting: EntitySetting;
+    entityType: string;
+    entityMeta: IdpMetadataConstructor | SpMetadataConstructor;
+    /**
+    * @param entitySetting
+    * @param entityMeta is the entity metadata, deprecated after 2.0
+    */
+    constructor(entitySetting: EntityConstructor, entityType: 'idp' | 'sp');
+    /**
+    * @desc  Returns the setting of entity
+    * @return {object}
+    */
+    getEntitySetting(): EntitySetting;
+    /**
+    * @desc  Returns the xml string of entity metadata
+    * @return {string}
+    */
+    getMetadata(): string;
+    /**
+    * @desc  Exports the entity metadata into specified folder
+    * @param  {string} exportFile indicates the file name
+    */
+    exportMetadata(exportFile: string): void;
+    /** * @desc  Verify fields with the one specified in metadata
+    * @param  {string/[string]} field is a string or an array of string indicating the field value in SAML message
+    * @param  {string} metaField is a string indicating the same field specified in metadata
+    * @return {boolean} True/False
+    */
+    verifyFields(field: string | string[], metaField: string): boolean;
+    /** @desc   Generates the logout request for developers to design their own method
+    * @param  {ServiceProvider} sp     object of service provider
+    * @param  {string}   binding       protocol binding
+    * @param  {object}   user          current logged user (e.g. user)
+    * @param  {string} relayState      the URL to which to redirect the user when logout is complete
+    * @param  {function} customTagReplacement     used when developers have their own login response template
+    */
+    createLogoutRequest(targetEntity: any, binding: any, user: any, relayState?: string, customTagReplacement?: any): BindingContext | PostBindingContext;
+    /**
+    * @desc  Generates the logout response for developers to design their own method
+    * @param  {IdentityProvider} idp               object of identity provider
+    * @param  {object} requestInfo                 corresponding request, used to obtain the id
+    * @param  {string} relayState                  the URL to which to redirect the user when logout is complete.
+    * @param  {string} binding                     protocol binding
+    * @param  {function} customTagReplacement                 used when developers have their own login response template
+    */
+    createLogoutResponse(target: any, requestInfo: any, binding: any, relayState?: string, customTagReplacement?: any): BindingContext | PostBindingContext;
+    /**
+    * @desc   Validation of the parsed the URL parameters
+    * @param  {IdentityProvider}   idp             object of identity provider
+    * @param  {string}   binding                   protocol binding
+    * @param  {request}   req                      request
+    * @return {Promise}
+    */
+    parseLogoutRequest(from: any, binding: any, request: ESamlHttpRequest): Promise<FlowResult>;
+    /**
+    * @desc   Validation of the parsed the URL parameters
+    * @param  {object} config                      config for the parser
+    * @param  {string}   binding                   protocol binding
+    * @param  {request}   req                      request
+    * @return {Promise}
+    */
+    parseLogoutResponse(from: any, binding: any, request: ESamlHttpRequest): Promise<FlowResult>;
+}
+//# sourceMappingURL=entity.d.ts.map

package/types/entity.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"entity.d.ts","sourceRoot":"","sources":["../src/entity.ts"],"names":[],"mappings":"AAQA,OAAoB,EAAE,WAAW,IAAI,sBAAsB,EAAE,MAAM,mBAAmB,CAAC;AACvF,OAAmB,EAAE,UAAU,IAAI,qBAAqB,EAAE,MAAM,kBAAkB,CAAC;AAGnF,OAAQ,KAAK,EAAE,sBAAsB,EAAE,qBAAqB,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAChG,OAAO,EAAQ,KAAK,UAAU,EAAE,MAAO,WAAW,CAAC;AAoBnD,MAAM,WAAW,gBAAgB;IAC/B,KAAK,CAAC,EAAE,GAAG,CAAC;IACZ,IAAI,CAAC,EAAE,GAAG,CAAC;IACX,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED,MAAM,WAAW,cAAc;IAC7B,OAAO,EAAE,MAAM,CAAC;IAChB,EAAE,EAAE,MAAM,CAAC;CACZ;AAED,MAAM,WAAW,kBAAmB,SAAQ,cAAc;IACxD,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,cAAc,EAAE,MAAM,CAAC;IACvB,IAAI,EAAE,MAAM,CAAC;CACd;AAED,MAAM,WAAW,wBAAyB,SAAQ,kBAAkB;IAClE,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,yBAA0B,SAAQ,cAAc;IAC/D,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,WAAW;IAC1B,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,EAAE,GAAG,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,MAAM,iBAAiB,GAAG,CAAC,sBAAsB,GAAG,qBAAqB,CAAC,GAC5E;IAAE,QAAQ,CAAC,EAAE,MAAM,GAAG,MAAM,CAAA;CAAE,CAAC;AAEnC,MAAM,CAAC,OAAO,OAAO,MAAM;IACzB,aAAa,EAAE,aAAa,CAAC;IAC7B,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,sBAAsB,GAAG,qBAAqB,CAAC;IAE3D;;;MAGE;gBACU,aAAa,EAAE,iBAAiB,EAAE,UAAU,EAAE,KAAK,GAAG,IAAI;IAsBtE;;;MAGE;IACF,gBAAgB;IAGhB;;;MAGE;IACF,WAAW,IAAI,MAAM;IAIrB;;;MAGE;IACF,cAAc,CAAC,UAAU,EAAE,MAAM;IAIjC;;;;MAIE;IACF,YAAY,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,EAAE,EAAE,SAAS,EAAE,MAAM,GAAG,OAAO;IAgBlE;;;;;;MAME;IACF,mBAAmB,CAAC,YAAY,KAAA,EAAE,OAAO,KAAA,EAAE,IAAI,KAAA,EAAE,UAAU,SAAK,EAAE,oBAAoB,CAAC,KAAA,GAAG,cAAc,GAAG,kBAAkB;IAqB7H;;;;;;;MAOE;IACF,oBAAoB,CAAC,MAAM,KAAA,EAAE,WAAW,KAAA,EAAE,OAAO,KAAA,EAAE,UAAU,SAAK,EAAE,oBAAoB,CAAC,KAAA,GAAG,cAAc,GAAG,kBAAkB;IAuB/H;;;;;;MAME;IACF,kBAAkB,CAAC,IAAI,KAAA,EAAE,OAAO,KAAA,EAAE,OAAO,EAAE,gBAAgB;IAY3D;;;;;;MAME;IACF,mBAAmB,CAAC,IAAI,KAAA,EAAE,OAAO,KAAA,EAAE,OAAO,EAAE,gBAAgB;CAY7D"}

package/types/extractor.d.ts

@@ -0,0 +1,26 @@
+interface ExtractorField {
+    key: string;
+    localPath: string[] | string[][];
+    attributes: string[];
+    index?: string[];
+    attributePath?: string[];
+    context?: boolean;
+}
+export type ExtractorFields = ExtractorField[];
+export declare const loginRequestFields: ExtractorFields;
+export declare const loginResponseStatusFields: {
+    key: string;
+    localPath: string[];
+    attributes: string[];
+}[];
+export declare const logoutResponseStatusFields: {
+    key: string;
+    localPath: string[];
+    attributes: string[];
+}[];
+export declare const loginResponseFields: ((assertion: any) => ExtractorFields);
+export declare const logoutRequestFields: ExtractorFields;
+export declare const logoutResponseFields: ExtractorFields;
+export declare function extract(context: string, fields: any): any;
+export {};
+//# sourceMappingURL=extractor.d.ts.map

package/types/extractor.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"extractor.d.ts","sourceRoot":"","sources":["../src/extractor.ts"],"names":[],"mappings":"AAKA,UAAU,cAAc;IACtB,GAAG,EAAE,MAAM,CAAC;IACZ,SAAS,EAAE,MAAM,EAAE,GAAG,MAAM,EAAE,EAAE,CAAC;IACjC,UAAU,EAAE,MAAM,EAAE,CAAC;IACrB,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;IACjB,aAAa,CAAC,EAAE,MAAM,EAAE,CAAC;IACzB,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB;AAED,MAAM,MAAM,eAAe,GAAG,cAAc,EAAE,CAAC;AA4B/C,eAAO,MAAM,kBAAkB,EAAE,eA2BhC,CAAC;AAGF,eAAO,MAAM,yBAAyB;;;;GAWrC,CAAC;AAGF,eAAO,MAAM,0BAA0B;;;;GAWtC,CAAC;AAEF,eAAO,MAAM,mBAAmB,EAAE,CAAC,CAAC,SAAS,EAAE,GAAG,KAAK,eAAe,CAiDrE,CAAC;AAEF,eAAO,MAAM,mBAAmB,EAAE,eA2BjC,CAAC;AAEF,eAAO,MAAM,oBAAoB,EAAE,eAiBlC,CAAC;AAEF,wBAAgB,OAAO,CAAC,OAAO,EAAE,MAAM,EAAE,MAAM,KAAA,OAiM9C"}

package/types/flow.d.ts

@@ -0,0 +1,7 @@
+export interface FlowResult {
+    samlContent: string;
+    extract: any;
+    sigAlg?: string | null;
+}
+export declare function flow(options: any): Promise<FlowResult>;
+//# sourceMappingURL=flow.d.ts.map

package/types/flow.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"flow.d.ts","sourceRoot":"","sources":["../src/flow.ts"],"names":[],"mappings":"AAyBA,MAAM,WAAW,UAAU;IACzB,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,EAAE,GAAG,CAAC;IACb,MAAM,CAAC,EAAE,MAAM,GAAC,IAAI,CAAE;CACvB;AA4ZD,wBAAgB,IAAI,CAAC,OAAO,KAAA,GAAG,OAAO,CAAC,UAAU,CAAC,CAyBjD"}