samlesa 2.16.1 → 2.16.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of samlesa might be problematic. Click here for more details.

Files changed (83) hide show
  1. package/build/index.js.map +1 -0
  2. package/build/src/api.js.map +1 -0
  3. package/build/src/binding-artifact.js +333 -0
  4. package/build/src/binding-post.js.map +1 -0
  5. package/build/src/binding-redirect.js.map +1 -0
  6. package/build/src/binding-simplesign.js.map +1 -0
  7. package/build/src/entity-idp.js.map +1 -0
  8. package/build/src/entity-sp.js +23 -0
  9. package/build/src/entity-sp.js.map +1 -0
  10. package/build/src/entity.js.map +1 -0
  11. package/build/src/extractor.js.map +1 -0
  12. package/build/src/flow.js +235 -1
  13. package/build/src/flow.js.map +1 -0
  14. package/build/src/libsaml.js +228 -1
  15. package/build/src/libsaml.js.map +1 -0
  16. package/build/src/metadata-idp.js +22 -0
  17. package/build/src/metadata-idp.js.map +1 -0
  18. package/build/src/metadata-sp.js +17 -15
  19. package/build/src/metadata-sp.js.map +1 -0
  20. package/build/src/metadata.js +52 -31
  21. package/build/src/metadata.js.map +1 -0
  22. package/build/src/schema/env.xsd +100 -0
  23. package/build/src/schemaValidator.js +2 -1
  24. package/build/src/soap.js +25 -0
  25. package/build/src/types.js.map +1 -0
  26. package/build/src/urn.js +5 -3
  27. package/build/src/urn.js.map +1 -0
  28. package/build/src/utility.js.map +1 -0
  29. package/build/src/validator.js.map +1 -0
  30. package/package.json +2 -1
  31. package/types/{binding-post.d.ts → src/binding-artifact.d.ts} +25 -25
  32. package/types/src/binding-artifact.d.ts.map +1 -0
  33. package/types/src/entity-sp.d.ts +7 -0
  34. package/types/src/entity-sp.d.ts.map +1 -1
  35. package/types/src/flow.d.ts.map +1 -1
  36. package/types/src/libsaml.d.ts +13 -0
  37. package/types/src/libsaml.d.ts.map +1 -1
  38. package/types/src/metadata-idp.d.ts +6 -0
  39. package/types/src/metadata-idp.d.ts.map +1 -1
  40. package/types/src/metadata-sp.d.ts.map +1 -1
  41. package/types/src/metadata.d.ts +34 -27
  42. package/types/src/metadata.d.ts.map +1 -1
  43. package/types/src/schemaValidator.d.ts.map +1 -1
  44. package/types/src/soap.d.ts +2 -0
  45. package/types/src/soap.d.ts.map +1 -0
  46. package/types/src/urn.d.ts +2 -0
  47. package/types/src/urn.d.ts.map +1 -1
  48. package/build/.idea/build.iml +0 -12
  49. package/build/.idea/deployment.xml +0 -14
  50. package/build/.idea/modules.xml +0 -8
  51. package/types/api.d.ts +0 -15
  52. package/types/api.d.ts.map +0 -1
  53. package/types/binding-post.d.ts.map +0 -1
  54. package/types/binding-redirect.d.ts +0 -54
  55. package/types/binding-redirect.d.ts.map +0 -1
  56. package/types/binding-simplesign.d.ts +0 -41
  57. package/types/binding-simplesign.d.ts.map +0 -1
  58. package/types/entity-idp.d.ts +0 -38
  59. package/types/entity-idp.d.ts.map +0 -1
  60. package/types/entity-sp.d.ts +0 -38
  61. package/types/entity-sp.d.ts.map +0 -1
  62. package/types/entity.d.ts +0 -100
  63. package/types/entity.d.ts.map +0 -1
  64. package/types/extractor.d.ts +0 -26
  65. package/types/extractor.d.ts.map +0 -1
  66. package/types/flow.d.ts +0 -7
  67. package/types/flow.d.ts.map +0 -1
  68. package/types/libsaml.d.ts +0 -208
  69. package/types/libsaml.d.ts.map +0 -1
  70. package/types/metadata-idp.d.ts +0 -25
  71. package/types/metadata-idp.d.ts.map +0 -1
  72. package/types/metadata-sp.d.ts +0 -37
  73. package/types/metadata-sp.d.ts.map +0 -1
  74. package/types/metadata.d.ts +0 -58
  75. package/types/metadata.d.ts.map +0 -1
  76. package/types/types.d.ts +0 -128
  77. package/types/types.d.ts.map +0 -1
  78. package/types/urn.d.ts +0 -195
  79. package/types/urn.d.ts.map +0 -1
  80. package/types/utility.d.ts +0 -133
  81. package/types/utility.d.ts.map +0 -1
  82. package/types/validator.d.ts +0 -4
  83. package/types/validator.d.ts.map +0 -1
package/build/src/flow.js CHANGED
@@ -1,6 +1,10 @@
1
1
  import { base64Decode } from './utility.js';
2
2
  import { verifyTime } from './validator.js';
3
3
  import libsaml from './libsaml.js';
4
+ import * as uuid from 'uuid';
5
+ import { select } from 'xpath';
6
+ import { DOMParser } from '@xmldom/xmldom';
7
+ import { sendArtifactResolve } from "./soap.js";
4
8
  import { extract, loginRequestFields, loginResponseFields, logoutRequestFields, logoutResponseFields, logoutResponseStatusFields, loginResponseStatusFields } from './extractor.js';
5
9
  import { BindingNamespace, ParserType, wording, StatusCode } from './urn.js';
6
10
  const bindDict = wording.binding;
@@ -122,6 +126,237 @@ async function redirectFlow(options) {
122
126
  }
123
127
  // proceed the post flow
124
128
  async function postFlow(options) {
129
+ const { soap = false, request, from, self, parserType, checkSignature = true } = options;
130
+ const { body } = request;
131
+ const direction = libsaml.getQueryParamByType(parserType);
132
+ let encodedRequest = '';
133
+ let samlContent = '';
134
+ if (soap === false) {
135
+ encodedRequest = body[direction];
136
+ // @ts-ignore
137
+ samlContent = String(base64Decode(encodedRequest));
138
+ }
139
+ /** 增加判断是不是Soap 工件绑定*/
140
+ if (soap) {
141
+ const metadata = {
142
+ idp: from.entityMeta,
143
+ sp: self.entityMeta,
144
+ };
145
+ const spSetting = self.entitySetting;
146
+ let ID = '_' + uuid.v4();
147
+ let url = metadata.idp.getArtifactResolutionService(bindDict.soap);
148
+ let samlSoapRaw = libsaml.replaceTagsByValue(libsaml.defaultArtifactResolveTemplate.context, {
149
+ ID: request?.messageHandle,
150
+ Destination: url,
151
+ Issuer: metadata.sp.getEntityID(),
152
+ IssueInstant: new Date().toISOString(),
153
+ Art: request.Art
154
+ });
155
+ if (metadata.idp.isWantAuthnRequestsSigned()) {
156
+ const { privateKey, privateKeyPass, requestSignatureAlgorithm: signatureAlgorithm, transformationAlgorithms } = spSetting;
157
+ let signatureSoap = libsaml.constructSAMLSignature({
158
+ referenceTagXPath: "//*[local-name(.)='ArtifactResolve']",
159
+ isMessageSigned: false,
160
+ isBase64Output: false,
161
+ transformationAlgorithms: transformationAlgorithms,
162
+ privateKey,
163
+ privateKeyPass,
164
+ signatureAlgorithm,
165
+ rawSamlMessage: samlSoapRaw,
166
+ signingCert: metadata.sp.getX509Certificate('signing'),
167
+ signatureConfig: {
168
+ prefix: 'ds',
169
+ location: {
170
+ reference: "//*[local-name(.)='Issuer']",
171
+ action: 'after'
172
+ }
173
+ }
174
+ });
175
+ let data = await sendArtifactResolve(url, signatureSoap);
176
+ /* console.log(signatureSoap)
177
+ console.log("签过名的")*/
178
+ console.log(data);
179
+ console.log("keycloak数据----------------------");
180
+ samlContent = data;
181
+ }
182
+ // No need to embeded XML signature
183
+ }
184
+ const verificationOptions = {
185
+ metadata: from.entityMeta,
186
+ signatureAlgorithm: from.entitySetting.requestSignatureAlgorithm,
187
+ };
188
+ /** 断言是否加密应根据响应里面的字段判断*/
189
+ let decryptRequired = from.entitySetting.isAssertionEncrypted;
190
+ let extractorFields = [];
191
+ // validate the xml first
192
+ /* let res = await libsaml.isValidXml(samlContent).catch((error)=>{
193
+ console.log(error);
194
+ console.log("验证和结果-----------------------")
195
+ console.log("验证和结果-----------------------")
196
+ console.log("验证和结果-----------------------")
197
+ console.log("验证和结果-----------------------")
198
+ console.log("验证和结果-----------------------")
199
+ console.log("验证和结果-----------------------")
200
+ console.log("验证和结果-----------------------")
201
+ });
202
+ console.log(res);
203
+ console.log("验证和结果-----------------------")*/
204
+ if (parserType !== urlParams.samlResponse) {
205
+ extractorFields = getDefaultExtractorFields(parserType, null);
206
+ }
207
+ // check status based on different scenarios
208
+ /* await checkStatus(samlContent, parserType);*/
209
+ /**检查签名顺序 */
210
+ /* if (
211
+ checkSignature &&
212
+ from.entitySetting.messageSigningOrder === MessageSignatureOrder.ETS
213
+ ) {
214
+ console.log("===============我走的这里=========================")
215
+ const [verified, verifiedAssertionNode,isDecryptRequired] = libsaml.verifySignature(samlContent, verificationOptions);
216
+ console.log(verified);
217
+ console.log("verified")
218
+ decryptRequired = isDecryptRequired
219
+ if (!verified) {
220
+ return Promise.reject('ERR_FAIL_TO_VERIFY_ETS_SIGNATURE');
221
+ }
222
+ if (!decryptRequired) {
223
+ extractorFields = getDefaultExtractorFields(parserType, verifiedAssertionNode);
224
+ }
225
+ }*/
226
+ if (soap === true) {
227
+ const [verified, verifiedAssertionNode, isDecryptRequired] = libsaml.verifySignatureSoap(samlContent, verificationOptions);
228
+ decryptRequired = isDecryptRequired;
229
+ if (!verified) {
230
+ return Promise.reject('ERR_FAIL_TO_VERIFY_ETS_SIGNATURE');
231
+ }
232
+ if (!decryptRequired) {
233
+ console.log("-------------------走到了这里----------------------");
234
+ extractorFields = getDefaultExtractorFields(parserType, verifiedAssertionNode);
235
+ }
236
+ if (parserType === 'SAMLResponse' && decryptRequired) {
237
+ // 1. 解密断言
238
+ const [decryptedSAML, decryptedAssertion] = await libsaml.decryptAssertionSoap(self, samlContent);
239
+ console.log(decryptedAssertion);
240
+ console.log("解密数据-----------------------------");
241
+ // 2. 检查解密后的断言是否包含签名
242
+ const assertionDoc = new DOMParser().parseFromString(decryptedAssertion, 'text/xml');
243
+ const assertionSignatureNodes = select("./*[local-name()='Signature']", assertionDoc.documentElement);
244
+ // 3. 如果存在签名则验证
245
+ if (assertionSignatureNodes.length > 0) {
246
+ // 3.1 创建新的验证选项(保持原配置)
247
+ const assertionVerificationOptions = {
248
+ ...verificationOptions,
249
+ isAssertion: true // 添加标识表示正在验证断言
250
+ };
251
+ // 3.2 验证断言签名
252
+ const [assertionVerified, result] = libsaml.verifySignatureSoap(decryptedAssertion, assertionVerificationOptions);
253
+ console.log(assertionVerified);
254
+ console.log(result);
255
+ console.log("验证机结果--------------");
256
+ if (!assertionVerified) {
257
+ console.error("解密后的断言签名验证失败");
258
+ return Promise.reject('ERR_FAIL_TO_VERIFY_ASSERTION_SIGNATURE');
259
+ }
260
+ if (assertionVerified) {
261
+ // @ts-ignore
262
+ samlContent = result;
263
+ extractorFields = getDefaultExtractorFields(parserType, result);
264
+ }
265
+ }
266
+ else {
267
+ samlContent = decryptedAssertion;
268
+ extractorFields = getDefaultExtractorFields(parserType, decryptedAssertion);
269
+ }
270
+ }
271
+ }
272
+ if (soap === false) {
273
+ const [verified, verifiedAssertionNode, isDecryptRequired] = libsaml.verifySignature(samlContent, verificationOptions);
274
+ decryptRequired = isDecryptRequired;
275
+ if (!verified) {
276
+ return Promise.reject('ERR_FAIL_TO_VERIFY_ETS_SIGNATURE');
277
+ }
278
+ if (!decryptRequired) {
279
+ extractorFields = getDefaultExtractorFields(parserType, verifiedAssertionNode);
280
+ }
281
+ if (parserType === 'SAMLResponse' && decryptRequired) {
282
+ const result = await libsaml.decryptAssertion(self, samlContent);
283
+ samlContent = result[0];
284
+ extractorFields = getDefaultExtractorFields(parserType, result[1]);
285
+ }
286
+ }
287
+ // verify the signatures (the response is signed then encrypted, then decrypt first then verify)
288
+ /* if (
289
+ checkSignature &&
290
+ from.entitySetting.messageSigningOrder === MessageSignatureOrder.STE
291
+ ) {
292
+ const [verified, verifiedAssertionNode,isDecryptRequired] = libsaml.verifySignature(samlContent, verificationOptions);
293
+ decryptRequired = isDecryptRequired
294
+ if (verified) {
295
+ extractorFields = getDefaultExtractorFields(parserType, verifiedAssertionNode);
296
+ } else {
297
+ return Promise.reject('ERR_FAIL_TO_VERIFY_STE_SIGNATURE');
298
+ }
299
+ }*/
300
+ const parseResult = {
301
+ samlContent: samlContent,
302
+ extract: extract(samlContent, extractorFields),
303
+ };
304
+ /**
305
+ * Validation part: validate the context of response after signature is verified and decrypted (optional)
306
+ */
307
+ const targetEntityMetadata = from.entityMeta;
308
+ const issuer = targetEntityMetadata.getEntityID();
309
+ const extractedProperties = parseResult.extract;
310
+ console.log(extractedProperties);
311
+ console.log(parseResult);
312
+ console.log("解析结果----------------------------------");
313
+ console.log("签发这-----------");
314
+ // unmatched issuer
315
+ if ((parserType === 'LogoutResponse' || parserType === 'SAMLResponse')
316
+ && extractedProperties
317
+ && extractedProperties.issuer !== issuer) {
318
+ return Promise.reject('ERR_UNMATCH_ISSUER');
319
+ }
320
+ // invalid session time
321
+ // only run the verifyTime when `SessionNotOnOrAfter` exists
322
+ if (parserType === 'SAMLResponse'
323
+ && extractedProperties.sessionIndex.sessionNotOnOrAfter
324
+ && !verifyTime(undefined, extractedProperties.sessionIndex.sessionNotOnOrAfter, self.entitySetting.clockDrifts)) {
325
+ return Promise.reject('ERR_EXPIRED_SESSION');
326
+ }
327
+ // invalid time
328
+ // 2.4.1.2 https://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf
329
+ if (parserType === 'SAMLResponse'
330
+ && extractedProperties.conditions
331
+ && !verifyTime(extractedProperties.conditions.notBefore, extractedProperties.conditions.notOnOrAfter, self.entitySetting.clockDrifts)) {
332
+ return Promise.reject('ERR_SUBJECT_UNCONFIRMED');
333
+ }
334
+ //valid destination
335
+ //There is no validation of the response here. The upper-layer application
336
+ // should verify the result by itself to see if the destination is equal to the SP acs and
337
+ // whether the response.id is used to prevent replay attacks.
338
+ /*
339
+ let destination = extractedProperties?.response?.destination
340
+ let isExit = self.entitySetting?.assertionConsumerService?.filter((item) => {
341
+ return item?.Location === destination
342
+ })
343
+ if (isExit?.length === 0) {
344
+ return Promise.reject('ERR_Destination_URL');
345
+ }
346
+ if (parserType === 'SAMLResponse') {
347
+ let destination = extractedProperties?.response?.destination
348
+ let isExit = self.entitySetting?.assertionConsumerService?.filter((item: { Location: any; }) => {
349
+ return item?.Location === destination
350
+ })
351
+ if (isExit?.length === 0) {
352
+ return Promise.reject('ERR_Destination_URL');
353
+ }
354
+ }
355
+ */
356
+ return Promise.resolve(parseResult);
357
+ }
358
+ // proceed the post Artifact flow
359
+ async function postArtifactFlow(options) {
125
360
  const { request, from, self, parserType, checkSignature = true } = options;
126
361
  const { body } = request;
127
362
  const direction = libsaml.getQueryParamByType(parserType);
@@ -339,7 +574,6 @@ function checkStatus(content, parserType) {
339
574
  ? loginResponseStatusFields
340
575
  : logoutResponseStatusFields;
341
576
  const { top, second } = extract(content, fields);
342
- console.log(top, second);
343
577
  // only resolve when top-tier status code is success
344
578
  if (top === StatusCode.Success) {
345
579
  return Promise.resolve('OK');
package/build/src/flow.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"flow.js","sourceRoot":"","sources":["../../src/flow.ts"],"names":[],"mappings":"AAAA,OAAO,EAAiB,YAAY,EAAE,MAAM,cAAc,CAAC;AAC3D,OAAO,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAC;AAC5C,OAAO,OAAO,MAAM,cAAc,CAAC;AACnC,OAAO,EACL,OAAO,EACP,kBAAkB,EAClB,mBAAmB,EACnB,mBAAmB,EACnB,oBAAoB,EAEpB,0BAA0B,EAC1B,yBAAyB,EAC1B,MAAM,gBAAgB,CAAC;AAExB,OAAO,EACL,gBAAgB,EAChB,UAAU,EACV,OAAO,EAEP,UAAU,EACX,MAAM,UAAU,CAAC;AAElB,MAAM,QAAQ,GAAG,OAAO,CAAC,OAAO,CAAC;AACjC,MAAM,SAAS,GAAG,OAAO,CAAC,SAAS,CAAC;AAQpC,2DAA2D;AAC3D,SAAS,yBAAyB,CAAC,UAAsB,EAAE,SAAe;IACxE,QAAQ,UAAU,EAAE,CAAC;QACnB,KAAK,UAAU,CAAC,WAAW;YACzB,OAAO,kBAAkB,CAAC;QAC5B,KAAK,UAAU,CAAC,YAAY;YAC1B,IAAI,CAAC,SAAS,EAAE,CAAC;gBACf,iBAAiB;gBACjB,MAAM,IAAI,KAAK,CAAC,qBAAqB,CAAC,CAAC;YACzC,CAAC;YACD,OAAO,mBAAmB,CAAC,SAAS,CAAC,CAAC;QACxC,KAAK,UAAU,CAAC,aAAa;YAC3B,OAAO,mBAAmB,CAAC;QAC7B,KAAK,UAAU,CAAC,cAAc;YAC5B,OAAO,oBAAoB,CAAC;QAC9B;YACE,MAAM,IAAI,KAAK,CAAC,0BAA0B,CAAC,CAAC;IAChD,CAAC;AACH,CAAC;AAED,oCAAoC;AACpC,KAAK,UAAU,YAAY,CAAC,OAAO;IAEjC,MAAM,EAAE,OAAO,EAAE,UAAU,EAAE,IAAI,EAAE,cAAc,GAAG,IAAI,EAAE,IAAI,EAAE,GAAG,OAAO,CAAC;IAC3E,MAAM,EAAE,KAAK,EAAE,WAAW,EAAE,GAAG,OAAO,CAAC;IACvC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,SAAS,EAAE,GAAG,KAAK,CAAC;IAEvD,MAAM,oBAAoB,GAAG,IAAI,CAAC,UAAU,CAAC;IAE7C,kCAAkC;IAClC,MAAM,SAAS,GAAG,OAAO,CAAC,mBAAmB,CAAC,UAAU,CAAC,CAAC;IAC1D,MAAM,OAAO,GAAG,KAAK,CAAC,SAAS,CAAC,CAAC;IAEjC,sCAAsC;IACtC,IAAI,OAAO,KAAK,SAAS,EAAE,CAAC;QAC1B,OAAO,OAAO,CAAC,MAAM,CAAC,4BAA4B,CAAC,CAAC;IACtD,CAAC;IAEH,mEAAmE;IAEjE,aAAa;IACb,IAAK,EAAC,GAAG,EAAC,SAAS,EAAC,GAAG,OAAO,CAAC,8BAA8B,CAAC,OAAO,CAAC,CAAC;IACvE,mBAAmB;IACnB,IAAI,CAAC;QACJ,IAAI,MAAM,GAAI,MAAM,OAAO,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;QACjD,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QACpB,OAAO,CAAC,GAAG,CAAC,4BAA4B,CAAC,CAAA;IAC3C,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,OAAO,OAAO,CAAC,MAAM,CAAC,iBAAiB,CAAC,CAAC;IAC3C,CAAC;IAED,4CAA4C;IAC5C,MAAM,WAAW,CAAC,SAAS,EAAE,UAAU,CAAC,CAAC;IAEzC,IAAI,SAAS,GAAW,EAAE,CAAC;IAE3B,IAAI,UAAU,KAAK,SAAS,CAAC,YAAY,EAAC,CAAC;QACzC,6BAA6B;QAC7B,MAAM,WAAW,GAAG,OAAO,CAAC,SAAS,EAAE,CAAC;gBACtC,GAAG,EAAE,WAAW;gBAChB,SAAS,EAAE,CAAC,WAAW,EAAE,WAAW,CAAC;gBACrC,UAAU,EAAE,EAAE;gBACd,OAAO,EAAE,IAAI;aACd,CAAC,CAAC,CAAC;QACJ,IAAI,WAAW,IAAI,WAAW,CAAC,SAAS,EAAC,CAAC;YACxC,SAAS,GAAG,WAAW,CAAC,SAAmB,CAAC;QAC9C,CAAC;IACH,CAAC;IAED,MAAM,eAAe,GAAG,yBAAyB,CAAC,UAAU,EAAE,SAAS,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;IAEvG,MAAM,WAAW,GAAmE;QAClF,WAAW,EAAE,SAAS;QACtB,MAAM,EAAE,IAAI;QACZ,OAAO,EAAE,OAAO,CAAC,SAAS,EAAE,eAAe,CAAC;KAC7C,CAAC;IAEF,qCAAqC;IACrC,0CAA0C;IAC1C,IAAI,cAAc,EAAE,CAAC;QACnB,IAAI,CAAC,SAAS,IAAI,CAAC,MAAM,EAAE,CAAC;YAC1B,OAAO,OAAO,CAAC,MAAM,CAAC,qBAAqB,CAAC,CAAC;QAC/C,CAAC;QAED,qEAAqE;QACrE,MAAM,eAAe,GAAG,MAAM,CAAC,IAAI,CAAC,kBAAkB,CAAC,SAAS,CAAC,EAAE,QAAQ,CAAC,CAAC;QAC7E,MAAM,YAAY,GAAG,kBAAkB,CAAC,MAAM,CAAC,CAAC;QAEhD,MAAM,QAAQ,GAAG,OAAO,CAAC,sBAAsB,CAAC,oBAAoB,EAAE,WAAW,EAAE,eAAe,EAAE,MAAM,CAAC,CAAC;QAE5G,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,mCAAmC;YACnC,OAAO,OAAO,CAAC,MAAM,CAAC,2CAA2C,CAAC,CAAC;QACrE,CAAC;QAED,WAAW,CAAC,MAAM,GAAG,YAAY,CAAC;IACpC,CAAC;IAED;;OAEG;IACH,MAAM,MAAM,GAAG,oBAAoB,CAAC,WAAW,EAAE,CAAC;IAClD,MAAM,mBAAmB,GAAG,WAAW,CAAC,OAAO,CAAC;IAEhD,mBAAmB;IACnB,IACE,CAAC,UAAU,KAAK,gBAAgB,IAAI,UAAU,KAAK,cAAc,CAAC;WAC/D,mBAAmB;WACnB,mBAAmB,CAAC,MAAM,KAAK,MAAM,EACxC,CAAC;QACD,OAAO,OAAO,CAAC,MAAM,CAAC,oBAAoB,CAAC,CAAC;IAC9C,CAAC;IAED,uBAAuB;IACvB,4DAA4D;IAC5D,IACE,UAAU,KAAK,cAAc;WAC1B,mBAAmB,CAAC,YAAY,CAAC,mBAAmB;WACpD,CAAC,UAAU,CACZ,SAAS,EACT,mBAAmB,CAAC,YAAY,CAAC,mBAAmB,EACpD,IAAI,CAAC,aAAa,CAAC,WAAW,CAC/B,EACD,CAAC;QACD,OAAO,OAAO,CAAC,MAAM,CAAC,qBAAqB,CAAC,CAAC;IAC/C,CAAC;IAED,eAAe;IACf,8EAA8E;IAC9E,IACE,UAAU,KAAK,cAAc;WAC1B,mBAAmB,CAAC,UAAU;WAC9B,CAAC,UAAU,CACZ,mBAAmB,CAAC,UAAU,CAAC,SAAS,EACxC,mBAAmB,CAAC,UAAU,CAAC,YAAY,EAC3C,IAAI,CAAC,aAAa,CAAC,WAAW,CAC/B,EACD,CAAC;QACD,OAAO,OAAO,CAAC,MAAM,CAAC,yBAAyB,CAAC,CAAC;IACnD,CAAC;IACD,IAAI,WAAW,GAAI,mBAAmB,EAAE,QAAQ,EAAE,WAAW,CAAA;IAC7D,IAAI,MAAM,GAAG,IAAI,CAAC,aAAa,EAAE,wBAAwB,EAAE,MAAM,CAAC,CAAC,IAAwB,EAAC,EAAE;QAC5F,OAAO,IAAI,EAAE,QAAQ,KAAK,WAAW,CAAA;IACvC,CAAC,CAAC,CAAA;IACF,IAAG,MAAM,EAAE,MAAM,KAAK,CAAC,EAAC,CAAC;QACvB,OAAO,OAAO,CAAC,MAAM,CAAC,qBAAqB,CAAC,CAAC;IAC/C,CAAC;IAGD,OAAO,OAAO,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC;AACtC,CAAC;AAED,wBAAwB;AACxB,KAAK,UAAU,QAAQ,CAAC,OAAO;IAE7B,MAAM,EACJ,OAAO,EACP,IAAI,EACJ,IAAI,EACJ,UAAU,EACV,cAAc,GAAG,IAAI,EACtB,GAAG,OAAO,CAAC;IAEZ,MAAM,EAAE,IAAI,EAAE,GAAG,OAAO,CAAC;IAEzB,MAAM,SAAS,GAAG,OAAO,CAAC,mBAAmB,CAAC,UAAU,CAAC,CAAC;IAC1D,MAAM,cAAc,GAAG,IAAI,CAAC,SAAS,CAAC,CAAC;IAEvC,IAAI,WAAW,GAAG,MAAM,CAAC,YAAY,CAAC,cAAc,CAAC,CAAC,CAAC;IAEvD,MAAM,mBAAmB,GAAG;QAC1B,QAAQ,EAAE,IAAI,CAAC,UAAU;QACzB,kBAAkB,EAAE,IAAI,CAAC,aAAa,CAAC,yBAAyB;KACjE,CAAC;IACJ,wBAAwB;IACtB,IAAK,eAAe,GAAG,IAAI,CAAC,aAAa,CAAC,oBAAoB,CAAC;IAC/D,IAAI,eAAe,GAAoB,EAAE,CAAC;IAE1C,yBAAyB;IAC1B,IAAI,GAAG,GAAI,MAAM,OAAO,CAAC,UAAU,CAAC,WAAW,CAAC,CAAC;IAChD,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;IACjB,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAC,CAAA;IAClC,IAAI,UAAU,KAAK,SAAS,CAAC,YAAY,EAAE,CAAC;QAC1C,eAAe,GAAG,yBAAyB,CAAC,UAAU,EAAE,IAAI,CAAC,CAAC;IAChE,CAAC;IACD,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IACxB,4CAA4C;IAC5C,MAAM,WAAW,CAAC,WAAW,EAAE,UAAU,CAAC,CAAC;IAC7C,OAAO,CAAC,GAAG,CAAC,6BAA6B,CAAC,CAAA;IACxC,YAAY;IAEd;;;;;;;;;;;;;;;SAeK;IAEH,OAAO,CAAC,GAAG,CAAC,+CAA+C,CAAC,CAAA;IAC5D,MAAM,CAAC,QAAQ,EAAE,qBAAqB,EAAC,iBAAiB,CAAC,GAAG,OAAO,CAAC,eAAe,CAAC,WAAW,EAAE,mBAAmB,CAAC,CAAC;IACtH,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IACtB,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,CAAA;IACvB,eAAe,GAAG,iBAAiB,CAAA;IACnC,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,OAAO,OAAO,CAAC,MAAM,CAAC,kCAAkC,CAAC,CAAC;IAC5D,CAAC;IACD,IAAI,CAAC,eAAe,EAAE,CAAC;QACrB,eAAe,GAAG,yBAAyB,CAAC,UAAU,EAAE,qBAAqB,CAAC,CAAC;IACjF,CAAC;IACD,IAAI,UAAU,KAAK,cAAc,IAAI,eAAe,EAAE,CAAC;QACrD,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,gBAAgB,CAAC,IAAI,EAAE,WAAW,CAAC,CAAC;QACjE,WAAW,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;QACxB,eAAe,GAAG,yBAAyB,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;IACrE,CAAC;IAED,gGAAgG;IAElG;;;;;;;;;;;;;;;;;SAiBK;IAEH,MAAM,WAAW,GAAG;QAClB,WAAW,EAAE,WAAW;QACxB,OAAO,EAAE,OAAO,CAAC,WAAW,EAAE,eAAe,CAAC;KAC/C,CAAC;IAEF;;OAEG;IACH,MAAM,oBAAoB,GAAG,IAAI,CAAC,UAAU,CAAC;IAC7C,MAAM,MAAM,GAAG,oBAAoB,CAAC,WAAW,EAAE,CAAC;IAClD,MAAM,mBAAmB,GAAG,WAAW,CAAC,OAAO,CAAC;IAEhD,mBAAmB;IACnB,IACE,CAAC,UAAU,KAAK,gBAAgB,IAAI,UAAU,KAAK,cAAc,CAAC;WAC/D,mBAAmB;WACnB,mBAAmB,CAAC,MAAM,KAAK,MAAM,EACxC,CAAC;QACD,OAAO,OAAO,CAAC,MAAM,CAAC,oBAAoB,CAAC,CAAC;IAC9C,CAAC;IAED,uBAAuB;IACvB,4DAA4D;IAC5D,IACE,UAAU,KAAK,cAAc;WAC1B,mBAAmB,CAAC,YAAY,CAAC,mBAAmB;WACpD,CAAC,UAAU,CACZ,SAAS,EACT,mBAAmB,CAAC,YAAY,CAAC,mBAAmB,EACpD,IAAI,CAAC,aAAa,CAAC,WAAW,CAC/B,EACD,CAAC;QACD,OAAO,OAAO,CAAC,MAAM,CAAC,qBAAqB,CAAC,CAAC;IAC/C,CAAC;IAED,eAAe;IACf,8EAA8E;IAC9E,IACE,UAAU,KAAK,cAAc;WAC1B,mBAAmB,CAAC,UAAU;WAC9B,CAAC,UAAU,CACZ,mBAAmB,CAAC,UAAU,CAAC,SAAS,EACxC,mBAAmB,CAAC,UAAU,CAAC,YAAY,EAC3C,IAAI,CAAC,aAAa,CAAC,WAAW,CAC/B,EACD,CAAC;QACD,OAAO,OAAO,CAAC,MAAM,CAAC,yBAAyB,CAAC,CAAC;IACnD,CAAC;IACD,mBAAmB;IACnB,0EAA0E;IAC1E,0FAA0F;IAC1F,6DAA6D;IAC7D,IAAI,WAAW,GAAI,mBAAmB,EAAE,QAAQ,EAAE,WAAW,CAAA;IAC7D,IAAI,MAAM,GAAG,IAAI,CAAC,aAAa,EAAE,wBAAwB,EAAE,MAAM,CAAC,CAAC,IAAI,EAAC,EAAE;QACxE,OAAO,IAAI,EAAE,QAAQ,KAAK,WAAW,CAAA;IACvC,CAAC,CAAC,CAAA;IACF,IAAG,MAAM,EAAE,MAAM,KAAK,CAAC,EAAC,CAAC;QACvB,OAAO,OAAO,CAAC,MAAM,CAAC,qBAAqB,CAAC,CAAC;IAC/C,CAAC;IAED,OAAO,OAAO,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC;AACtC,CAAC;AAGD,4CAA4C;AAC5C,KAAK,UAAU,kBAAkB,CAAC,OAAO;IAEvC,MAAM,EAAE,OAAO,EAAE,UAAU,EAAE,IAAI,EAAE,cAAc,GAAG,IAAI,EAAE,IAAI,EAAE,GAAG,OAAO,CAAC;IAE3E,MAAM,EAAE,IAAI,EAAE,WAAW,EAAE,GAAG,OAAO,CAAC;IAEtC,MAAM,oBAAoB,GAAG,IAAI,CAAC,UAAU,CAAC;IAE7C,kCAAkC;IAClC,MAAM,SAAS,GAAG,OAAO,CAAC,mBAAmB,CAAC,UAAU,CAAC,CAAC;IAC1D,MAAM,cAAc,GAAW,IAAI,CAAC,SAAS,CAAC,CAAC;IAC/C,MAAM,MAAM,GAAW,IAAI,CAAC,QAAQ,CAAC,CAAC;IACtC,MAAM,SAAS,GAAW,IAAI,CAAC,WAAW,CAAC,CAAC;IAE5C,sCAAsC;IACtC,IAAI,cAAc,KAAK,SAAS,EAAE,CAAC;QACjC,OAAO,OAAO,CAAC,MAAM,CAAC,8BAA8B,CAAC,CAAC;IACxD,CAAC;IAED,MAAM,SAAS,GAAG,MAAM,CAAC,YAAY,CAAC,cAAc,CAAC,CAAC,CAAC;IAEvD,mBAAmB;IACnB,IAAI,CAAC;QACH,MAAM,OAAO,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;IACtC,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,OAAO,OAAO,CAAC,MAAM,CAAC,iBAAiB,CAAC,CAAC;IAC3C,CAAC;IAED,4CAA4C;IAC5C,MAAM,WAAW,CAAC,SAAS,EAAE,UAAU,CAAC,CAAC;IAEzC,IAAI,SAAS,GAAW,EAAE,CAAC;IAE3B,IAAI,UAAU,KAAK,SAAS,CAAC,YAAY,EAAC,CAAC;QACzC,6BAA6B;QAC7B,MAAM,WAAW,GAAG,OAAO,CAAC,SAAS,EAAE,CAAC;gBACtC,GAAG,EAAE,WAAW;gBAChB,SAAS,EAAE,CAAC,WAAW,EAAE,WAAW,CAAC;gBACrC,UAAU,EAAE,EAAE;gBACd,OAAO,EAAE,IAAI;aACd,CAAC,CAAC,CAAC;QACJ,IAAI,WAAW,IAAI,WAAW,CAAC,SAAS,EAAC,CAAC;YACxC,SAAS,GAAG,WAAW,CAAC,SAAmB,CAAC;QAC9C,CAAC;IACH,CAAC;IAED,MAAM,eAAe,GAAG,yBAAyB,CAAC,UAAU,EAAE,SAAS,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;IAEvG,MAAM,WAAW,GAAmE;QAClF,WAAW,EAAE,SAAS;QACtB,MAAM,EAAE,IAAI;QACZ,OAAO,EAAE,OAAO,CAAC,SAAS,EAAE,eAAe,CAAC;KAC7C,CAAC;IAEF,qCAAqC;IACrC,0CAA0C;IAC1C,IAAI,cAAc,EAAE,CAAC;QACnB,IAAI,CAAC,SAAS,IAAI,CAAC,MAAM,EAAE,CAAC;YAC1B,OAAO,OAAO,CAAC,MAAM,CAAC,qBAAqB,CAAC,CAAC;QAC/C,CAAC;QAED,qEAAqE;QACrE,MAAM,eAAe,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;QAEzD,MAAM,QAAQ,GAAG,OAAO,CAAC,sBAAsB,CAAC,oBAAoB,EAAE,WAAW,EAAE,eAAe,EAAE,MAAM,CAAC,CAAC;QAE5G,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,mCAAmC;YACnC,OAAO,OAAO,CAAC,MAAM,CAAC,2CAA2C,CAAC,CAAC;QACrE,CAAC;QAED,WAAW,CAAC,MAAM,GAAG,MAAM,CAAC;IAC9B,CAAC;IAED;;OAEG;IACH,MAAM,MAAM,GAAG,oBAAoB,CAAC,WAAW,EAAE,CAAC;IAClD,MAAM,mBAAmB,GAAG,WAAW,CAAC,OAAO,CAAC;IAEhD,mBAAmB;IACnB,IACE,CAAC,UAAU,KAAK,gBAAgB,IAAI,UAAU,KAAK,cAAc,CAAC;WAC/D,mBAAmB;WACnB,mBAAmB,CAAC,MAAM,KAAK,MAAM,EACxC,CAAC;QACD,OAAO,OAAO,CAAC,MAAM,CAAC,oBAAoB,CAAC,CAAC;IAC9C,CAAC;IAED,uBAAuB;IACvB,4DAA4D;IAC5D,IACE,UAAU,KAAK,cAAc;WAC1B,mBAAmB,CAAC,YAAY,CAAC,mBAAmB;WACpD,CAAC,UAAU,CACZ,SAAS,EACT,mBAAmB,CAAC,YAAY,CAAC,mBAAmB,EACpD,IAAI,CAAC,aAAa,CAAC,WAAW,CAC/B,EACD,CAAC;QACD,OAAO,OAAO,CAAC,MAAM,CAAC,qBAAqB,CAAC,CAAC;IAC/C,CAAC;IAED,eAAe;IACf,8EAA8E;IAC9E,IACE,UAAU,KAAK,cAAc;WAC1B,mBAAmB,CAAC,UAAU;WAC9B,CAAC,UAAU,CACZ,mBAAmB,CAAC,UAAU,CAAC,SAAS,EACxC,mBAAmB,CAAC,UAAU,CAAC,YAAY,EAC3C,IAAI,CAAC,aAAa,CAAC,WAAW,CAC/B,EACD,CAAC;QACD,OAAO,OAAO,CAAC,MAAM,CAAC,yBAAyB,CAAC,CAAC;IACnD,CAAC;IAED,IAAI,WAAW,GAAI,mBAAmB,EAAE,QAAQ,EAAE,WAAW,CAAA;IAC7D,IAAI,MAAM,GAAG,IAAI,CAAC,aAAa,EAAE,wBAAwB,EAAE,MAAM,CAAC,CAAC,IAAI,EAAC,EAAE;QACxE,OAAO,IAAI,EAAE,QAAQ,KAAK,WAAW,CAAA;IACvC,CAAC,CAAC,CAAA;IACF,IAAG,MAAM,EAAE,MAAM,KAAK,CAAC,EAAC,CAAC;QACvB,OAAO,OAAO,CAAC,MAAM,CAAC,qBAAqB,CAAC,CAAC;IAC/C,CAAC;IAGD,OAAO,OAAO,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC;AACtC,CAAC;AAGD,SAAS,WAAW,CAAC,OAAe,EAAE,UAAkB;IAEtD,6BAA6B;IAC7B,IAAI,UAAU,KAAK,SAAS,CAAC,YAAY,IAAI,UAAU,KAAK,SAAS,CAAC,cAAc,EAAE,CAAC;QACrF,OAAO,OAAO,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IACpC,CAAC;IAED,MAAM,MAAM,GAAG,UAAU,KAAK,SAAS,CAAC,YAAY;QAClD,CAAC,CAAC,yBAAyB;QAC3B,CAAC,CAAC,0BAA0B,CAAC;IAE/B,MAAM,EAAC,GAAG,EAAE,MAAM,EAAC,GAAG,OAAO,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IAC/C,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;IACzB,oDAAoD;IACpD,IAAI,GAAG,KAAK,UAAU,CAAC,OAAO,EAAE,CAAC;QAC/B,OAAO,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;IAC/B,CAAC;IAED,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,MAAM,IAAI,KAAK,CAAC,sBAAsB,CAAC,CAAC;IAC1C,CAAC;IAED,mDAAmD;IACnD,MAAM,IAAI,KAAK,CAAC,yCAAyC,GAAG,uBAAuB,MAAM,EAAE,CAAC,CAAC;AAC/F,CAAC;AAED,MAAM,UAAU,IAAI,CAAC,OAAO;IAE1B,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC;IAChC,MAAM,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC;IAEtC,OAAO,CAAC,eAAe,GAAG,CAAC,gBAAgB,CAAC,QAAQ,EAAE,gBAAgB,CAAC,IAAI,EAAE,gBAAgB,CAAC,UAAU,CAAC,CAAC;IAC1G,uCAAuC;IACvC,IAAI,UAAU,KAAK,UAAU,CAAC,YAAY,EAAE,CAAC;QAC3C,OAAO,CAAC,eAAe,GAAG,CAAC,gBAAgB,CAAC,IAAI,EAAE,gBAAgB,CAAC,QAAQ,EAAE,gBAAgB,CAAC,UAAU,CAAC,CAAC;IAC5G,CAAC;IAED,IAAI,OAAO,KAAK,QAAQ,CAAC,IAAI,EAAE,CAAC;QAC9B,OAAO,QAAQ,CAAC,OAAO,CAAC,CAAC;IAC3B,CAAC;IAED,IAAI,OAAO,KAAK,QAAQ,CAAC,QAAQ,EAAE,CAAC;QAClC,OAAO,YAAY,CAAC,OAAO,CAAC,CAAC;IAC/B,CAAC;IAED,IAAI,OAAO,KAAK,QAAQ,CAAC,UAAU,EAAE,CAAC;QACpC,OAAO,kBAAkB,CAAC,OAAO,CAAC,CAAC;IACrC,CAAC;IAED,OAAO,OAAO,CAAC,MAAM,CAAC,qBAAqB,CAAC,CAAC;AAE/C,CAAC"}
package/build/src/libsaml.js CHANGED
@@ -70,12 +70,19 @@ const libSaml = () => {
70
70
  context: '<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="{ID}" Version="2.0" IssueInstant="{IssueInstant}" Destination="{Destination}" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" AssertionConsumerServiceURL="{AssertionConsumerServiceURL}"><saml:Issuer>{Issuer}</saml:Issuer><samlp:NameIDPolicy Format="{NameIDFormat}" AllowCreate="{AllowCreate}"/></samlp:AuthnRequest>',
71
71
  };
72
72
  /**
73
- * @desc Default logout request template
73
+ * @desc Default art request template
74
74
  * @type {LogoutRequestTemplate}
75
75
  */
76
76
  const defaultLogoutRequestTemplate = {
77
77
  context: '<samlp:LogoutRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="{ID}" Version="2.0" IssueInstant="{IssueInstant}" Destination="{Destination}"><saml:Issuer>{Issuer}</saml:Issuer><saml:NameID Format="{NameIDFormat}">{NameID}</saml:NameID></samlp:LogoutRequest>',
78
78
  };
79
+ /**
80
+ * @desc Default logout request template
81
+ * @type {LogoutRequestTemplate}
82
+ */
83
+ const defaultArtifactResolveTemplate = {
84
+ context: `<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"><SOAP-ENV:Body><saml2p:ArtifactResolve xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" ID="{ID}" Version="2.0" IssueInstant="{IssueInstant}" Destination="{Destination}"><saml2:Issuer>{Issuer}</saml2:Issuer><saml2p:Artifact>{Art}</saml2p:Artifact></saml2p:ArtifactResolve></SOAP-ENV:Body></SOAP-ENV:Envelope>`,
85
+ };
79
86
  /**
80
87
  * @desc Default AttributeStatement template
81
88
  * @type {AttributeStatementTemplate}
@@ -202,6 +209,7 @@ const libSaml = () => {
202
209
  createXPath,
203
210
  getQueryParamByType,
204
211
  defaultLoginRequestTemplate,
212
+ defaultArtifactResolveTemplate,
205
213
  defaultLoginResponseTemplate,
206
214
  defaultAttributeStatementTemplate,
207
215
  defaultAttributeTemplate,
@@ -480,6 +488,170 @@ const libSaml = () => {
480
488
 
481
489
  return [verified, assertionNode];*/
482
490
  },
491
+ verifySignatureSoap(xml, opts) {
492
+ const { dom } = getContext();
493
+ const doc = dom.parseFromString(xml);
494
+ const docParser = new DOMParser();
495
+ let selection = [];
496
+ if (opts.isAssertion) {
497
+ // 断言模式下的专用逻辑
498
+ const assertionSignatureXpath = "./*[local-name()='Signature']";
499
+ const signatureNode = select(assertionSignatureXpath, doc.documentElement);
500
+ if (signatureNode.length === 0) {
501
+ throw new Error('ERR_ASSERTION_SIGNATURE_NOT_FOUND');
502
+ }
503
+ selection = selection.concat(signatureNode);
504
+ }
505
+ else {
506
+ // 原始的SOAP响应验证逻辑
507
+ const messageSignatureXpath = "/*[local-name()='Envelope']/*[local-name()='Body']" +
508
+ "/*[local-name()='ArtifactResponse']/*[local-name()='Signature'] | " +
509
+ "/*[local-name()='Envelope']/*[local-name()='Body']" +
510
+ "/*[local-name()='ArtifactResponse']/*[local-name()='Response']/*[local-name()='Signature']";
511
+ const assertionSignatureXpath = "/*[local-name()='Envelope']/*[local-name()='Body']" +
512
+ "/*[local-name()='ArtifactResponse']/*[local-name()='Response']" +
513
+ "/*[local-name()='Assertion']/*[local-name()='Signature'] | " +
514
+ "/*[local-name()='Envelope']/*[local-name()='Body']" +
515
+ "/*[local-name()='ArtifactResponse']/*[local-name()='Response']" +
516
+ "/*[local-name()='EncryptedAssertion']";
517
+ const wrappingElementsXPath = "/*[local-name()='Envelope']/*[local-name()='Body']" +
518
+ "/*[local-name()='ArtifactResponse']/*[local-name()='Response']" +
519
+ "/*[local-name()='Assertion']/*[local-name()='Subject']" +
520
+ "/*[local-name()='SubjectConfirmation']" +
521
+ "/*[local-name()='SubjectConfirmationData']" +
522
+ "//*[local-name()='Assertion' or local-name()='Signature']";
523
+ const messageSignatureNode = select(messageSignatureXpath, doc);
524
+ const assertionSignatureNode = select(assertionSignatureXpath, doc);
525
+ const wrappingElementNode = select(wrappingElementsXPath, doc);
526
+ // 检测包装攻击
527
+ if (wrappingElementNode.length !== 0) {
528
+ throw new Error('ERR_POTENTIAL_WRAPPING_ATTACK');
529
+ }
530
+ // 保证响应中至少有一个签名
531
+ if (messageSignatureNode.length === 0 && assertionSignatureNode.length === 0) {
532
+ throw new Error('ERR_ZERO_SIGNATURE');
533
+ }
534
+ selection = selection.concat(messageSignatureNode, assertionSignatureNode);
535
+ }
536
+ for (const signatureNode of selection) {
537
+ const sig = new SignedXml();
538
+ let verified = false;
539
+ sig.signatureAlgorithm = opts.signatureAlgorithm;
540
+ if (!opts.keyFile && !opts.metadata) {
541
+ throw new Error('ERR_UNDEFINED_SIGNATURE_VERIFIER_OPTIONS');
542
+ }
543
+ if (opts.keyFile) {
544
+ sig.publicCert = fs.readFileSync(opts.keyFile, 'utf-8');
545
+ }
546
+ if (opts.metadata) {
547
+ const certificateNodes = select(".//*[local-name(.)='X509Certificate']", signatureNode);
548
+ // 获取元数据中的证书
549
+ let metadataCert = opts.metadata.getX509Certificate(certUse.signing);
550
+ // 规范化元数据证书
551
+ if (Array.isArray(metadataCert)) {
552
+ metadataCert = flattenDeep(metadataCert);
553
+ }
554
+ else if (typeof metadataCert === 'string') {
555
+ metadataCert = [metadataCert];
556
+ }
557
+ metadataCert = metadataCert.map(utility.normalizeCerString);
558
+ // 检查证书可用性
559
+ if (certificateNodes.length === 0 && metadataCert.length === 0) {
560
+ throw new Error('NO_SELECTED_CERTIFICATE');
561
+ }
562
+ // 响应中有证书节点
563
+ if (certificateNodes.length !== 0) {
564
+ // 安全获取证书数据
565
+ let x509CertificateData = '';
566
+ if (certificateNodes[0].firstChild) {
567
+ x509CertificateData = certificateNodes[0].firstChild.data;
568
+ }
569
+ else if (certificateNodes[0].textContent) {
570
+ x509CertificateData = certificateNodes[0].textContent;
571
+ }
572
+ const x509Certificate = utility.normalizeCerString(x509CertificateData);
573
+ // 验证证书匹配
574
+ if (metadataCert.length >= 1 &&
575
+ !metadataCert.find(cert => cert.trim() === x509Certificate.trim())) {
576
+ throw new Error('ERROR_UNMATCH_CERTIFICATE_DECLARATION_IN_METADATA');
577
+ }
578
+ sig.publicCert = this.getKeyInfo(x509Certificate).getKey();
579
+ }
580
+ else {
581
+ // 使用元数据中的第一个证书
582
+ sig.publicCert = this.getKeyInfo(metadataCert[0]).getKey();
583
+ }
584
+ }
585
+ // 加载签名
586
+ sig.loadSignature(signatureNode);
587
+ // 使用原始 XML 进行验证
588
+ verified = sig.checkSignature(xml);
589
+ console.log("签名验证结果:", verified);
590
+ if (!verified) {
591
+ console.error("签名验证失败");
592
+ throw new Error('ERR_FAILED_TO_VERIFY_SIGNATURE');
593
+ }
594
+ // 检查签名引用
595
+ if (!(sig.getSignedReferences().length >= 1)) {
596
+ throw new Error('NO_SIGNATURE_REFERENCES');
597
+ }
598
+ const signedVerifiedXML = sig.getSignedReferences()[0];
599
+ const verifiedDoc = docParser.parseFromString(signedVerifiedXML, 'text/xml');
600
+ const rootNode = verifiedDoc.documentElement;
601
+ console.log("签名引用根节点:", rootNode.localName);
602
+ // 断言模式专用返回逻辑
603
+ if (opts.isAssertion) {
604
+ if (rootNode.localName === 'Assertion') {
605
+ return [true, rootNode.toString(), false];
606
+ }
607
+ else {
608
+ throw new Error('ERR_INVALID_ASSERTION_SIGNATURE');
609
+ }
610
+ }
611
+ // 处理已验证的签名
612
+ if (rootNode.localName === 'ArtifactResponse') {
613
+ // 在 ArtifactResponse 中查找 Response
614
+ const responseNodes = select("./*[local-name()='Response']", rootNode);
615
+ if (responseNodes.length === 0) {
616
+ console.warn("ArtifactResponse 中没有找到 Response 元素");
617
+ continue;
618
+ }
619
+ const responseNode = responseNodes[0];
620
+ // 在 Response 中查找断言
621
+ const encryptedAssertions = select("./*[local-name()='EncryptedAssertion']", responseNode);
622
+ const assertions = select("./*[local-name()='Assertion']", responseNode);
623
+ if (encryptedAssertions.length === 1) {
624
+ return [true, encryptedAssertions[0].toString(), true];
625
+ }
626
+ if (assertions.length === 1) {
627
+ return [true, assertions[0].toString(), false];
628
+ }
629
+ }
630
+ // 直接处理 Response
631
+ else if (rootNode.localName === 'Response') {
632
+ const encryptedAssertions = select("./*[local-name()='EncryptedAssertion']", rootNode);
633
+ const assertions = select("./*[local-name()='Assertion']", rootNode);
634
+ if (encryptedAssertions.length === 1) {
635
+ return [true, encryptedAssertions[0].toString(), true];
636
+ }
637
+ if (assertions.length === 1) {
638
+ return [true, assertions[0].toString(), false];
639
+ }
640
+ }
641
+ // 直接处理 Assertion
642
+ else if (rootNode.localName === 'Assertion') {
643
+ return [true, rootNode.toString(), false];
644
+ }
645
+ // 直接处理 EncryptedAssertion
646
+ else if (rootNode.localName === 'EncryptedAssertion') {
647
+ return [true, rootNode.toString(), true];
648
+ }
649
+ else {
650
+ console.warn("未知的根节点类型:", rootNode.localName);
651
+ }
652
+ }
653
+ throw new Error('ERR_ZERO_SIGNATURE');
654
+ },
483
655
  /**
484
656
  * @desc Helper function to create the key section in metadata (abstraction for signing and encrypt use)
485
657
  * @param {string} use type of certificate (e.g. signing, encrypt)
@@ -686,6 +858,61 @@ const libSaml = () => {
686
858
  });
687
859
  });
688
860
  },
861
+ /**
862
+ * 解密 SOAP 响应中的加密断言
863
+ * @param self 当前实体(SP 或 IdP)
864
+ * @param entireXML 完整的 SOAP XML 响应
865
+ * @returns [解密后的完整 SOAP XML, 解密后的断言 XML]
866
+ */
867
+ async decryptAssertionSoap(self, entireXML) {
868
+ const { dom } = getContext();
869
+ try {
870
+ // 1. 解析 XML
871
+ const doc = dom.parseFromString(entireXML);
872
+ // 2. 定位加密断言
873
+ const encryptedAssertions = select("/*[local-name()='Envelope']/*[local-name()='Body']" +
874
+ "/*[local-name()='ArtifactResponse']/*[local-name()='Response']" +
875
+ "/*[local-name()='EncryptedAssertion']", doc);
876
+ if (!encryptedAssertions || encryptedAssertions.length === 0) {
877
+ throw new Error('ERR_ENCRYPTED_ASSERTION_NOT_FOUND');
878
+ }
879
+ if (encryptedAssertions.length > 1) {
880
+ console.warn('发现多个加密断言,仅处理第一个');
881
+ }
882
+ const encAssertionNode = encryptedAssertions[0];
883
+ // 3. 准备解密密钥
884
+ const privateKey = utility.readPrivateKey(self.entitySetting.encPrivateKey, self.entitySetting.encPrivateKeyPass);
885
+ // 4. 解密断言
886
+ const decryptedAssertion = await new Promise((resolve, reject) => {
887
+ xmlenc.decrypt(encAssertionNode.toString(), { key: privateKey }, (err, result) => {
888
+ if (err) {
889
+ console.error('解密错误:', err);
890
+ return reject(new Error('ERR_ASSERTION_DECRYPTION_FAILED'));
891
+ }
892
+ if (!result) {
893
+ return reject(new Error('ERR_EMPTY_DECRYPTED_ASSERTION'));
894
+ }
895
+ resolve(result);
896
+ });
897
+ });
898
+ // 5. 创建解密断言的 DOM
899
+ const decryptedDoc = dom.parseFromString(decryptedAssertion);
900
+ const decryptedAssertionNode = decryptedDoc.documentElement;
901
+ // 6. 替换加密断言为解密后的断言
902
+ const parentNode = encAssertionNode.parentNode;
903
+ if (!parentNode) {
904
+ throw new Error('ERR_NO_PARENT_NODE_FOR_ENCRYPTED_ASSERTION');
905
+ }
906
+ parentNode.replaceChild(decryptedAssertionNode, encAssertionNode);
907
+ // 7. 序列化更新后的文档
908
+ const updatedSoapXml = doc.toString();
909
+ return [updatedSoapXml, decryptedAssertion];
910
+ }
911
+ catch (error) {
912
+ console.error('SOAP断言解密失败:', error);
913
+ throw new Error('ERR_SOAP_ASSERTION_DECRYPTION');
914
+ }
915
+ },
689
916
  /**
690
917
  * @desc Check if the xml string is valid and bounded
691
918
  */
package/build/src/libsaml.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"libsaml.js","sourceRoot":"","sources":["../../src/libsaml.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AACH,OAAO,GAAG,MAAM,KAAK,CAAA;AACrB,OAAO,EAAC,UAAU,EAAE,gBAAgB,EAAE,YAAY,EAAC,MAAM,aAAa,CAAC;AACvE,OAAO,OAAO,EAAE,EAAC,WAAW,EAAE,QAAQ,EAAC,MAAM,cAAc,CAAC;AAC5D,OAAO,EAAC,UAAU,EAAE,OAAO,EAAE,SAAS,EAAC,MAAM,UAAU,CAAC;AACxD,OAAO,EAAC,MAAM,EAAC,MAAM,OAAO,CAAC;AAE7B,OAAO,EAAC,SAAS,EAAC,MAAM,YAAY,CAAC;AACrC,OAAO,KAAK,MAAM,MAAM,gBAAgB,CAAC;AAEzC,OAAO,SAAS,MAAM,WAAW,CAAC;AAClC,OAAO,EAAC,UAAU,EAAC,MAAM,UAAU,CAAC;AACpC,OAAO,SAAS,MAAM,YAAY,CAAC;AACnC,OAAO,KAAK,EAAE,MAAM,IAAI,CAAC;AACzB,OAAO,EAAC,SAAS,EAAC,MAAM,gBAAgB,CAAC;AACzC,OAAO,EAAC,OAAO,EAAC,MAAM,MAAM,CAAA;AAE5B,MAAM,mBAAmB,GAAG,UAAU,CAAC,SAAS,CAAC;AACjD,MAAM,gBAAgB,GAAG,UAAU,CAAC,MAAM,CAAC;AAC3C,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC;AAChC,MAAM,SAAS,GAAG,OAAO,CAAC,SAAS,CAAC;AAEpC;;GAEG;AACH,SAAS,gBAAgB,CAAC,SAAiB;IACzC,MAAM,YAAY,GAAG;QACnB,UAAU,EAAE,UAAU;QACtB,YAAY,EAAE,YAAY;QAC1B,YAAY,EAAE,YAAY;QAC1B,YAAY,EAAE,YAAY;QAC1B,cAAc,EAAE,cAAc;QAC9B,cAAc,EAAE,cAAc;QAC9B,cAAc,EAAE,cAAc;KAC/B,CAAC;IAEF,OAAO,YAAY,CAAC,SAAS,CAAC,WAAW,EAAE,CAAC,IAAI,SAAS,CAAC;AAC5D,CAAC;AA8GD,MAAM,OAAO,GAAG,GAAG,EAAE;IAEnB;;;OAGG;IACH,SAAS,mBAAmB,CAAC,IAAY;QACvC,IAAI,CAAC,SAAS,CAAC,aAAa,EAAE,SAAS,CAAC,WAAW,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC;YAC1E,OAAO,aAAa,CAAC;QACvB,CAAC;QACD,IAAI,CAAC,SAAS,CAAC,cAAc,EAAE,SAAS,CAAC,YAAY,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC;YAC5E,OAAO,cAAc,CAAC;QACxB,CAAC;QACD,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC;IAChD,CAAC;IAED;;OAEG;IACH,MAAM,gBAAgB,GAAG;QACvB,4CAA4C,EAAE,YAAY;QAC1D,mDAAmD,EAAE,cAAc;QACnE,mDAAmD,EAAE,cAAc;KACpE,CAAC;IACF,MAAM,uBAAuB,GAAG;QAC9B,4CAA4C,EAAE,UAAU;QACxD,mDAAmD,EAAE,YAAY;QACjE,mDAAmD,EAAE,YAAY;KAClE,CAAC;IACF;;;OAGG;IACH,MAAM,2BAA2B,GAAG;QAClC,OAAO,EAAE,4cAA4c;KACtd,CAAC;IACF;;;OAGG;IACH,MAAM,4BAA4B,GAAG;QACnC,OAAO,EAAE,mUAAmU;KAC7U,CAAC;IAEF;;;OAGG;IACH,MAAM,iCAAiC,GAAG;QACxC,OAAO,EAAE,iEAAiE;KAC3E,CAAC;IAEF;;;OAGG;IACH,MAAM,wBAAwB,GAAG;QAC/B,OAAO,EAAE,4FAA4F;KACtG,CAAC;IACF;;;OAGG;IACH,MAAM,6BAA6B,GAAG;QACpC,OAAO,EAAE,oIAAoI;KAC9I,CAAC;IAEF;;;OAGG;IACH,MAAM,4BAA4B,GAAG;QACnC,OAAO,EAAE,qrCAAqrC;QAC9rC,UAAU,EAAE,EAAE;QACd,mBAAmB,EAAE;YACnB,4BAA4B,EAAE,iCAAiC;YAC/D,mBAAmB,EAAE,wBAAwB;SAC9C;KACF,CAAC;IACF;;;OAGG;IACH,MAAM,6BAA6B,GAAG;QACpC,OAAO,EAAE,6WAA6W;KACvX,CAAC;IACF,SAAS,8BAA8B,CAAC,kBAAkB;QACxD,sCAAsC;QACtC,IAAI,GAAG,GAAE,EAAE,CAAC;QACZ,IAAI,UAAU,GAAG,IAAI,CAAC;QAItB,IAAI,CAAC,CAAQ,WAAW;YACtB,MAAM,aAAa,GAAG,kBAAkB,CAAC,kBAAkB,CAAC,CAAC;YAE7D,yBAAyB;YACzB,MAAM,SAAS,GAAG,IAAI,CAAC,aAAa,CAAC,CAAC;YACtC,MAAM,cAAc,GAAG,IAAI,UAAU,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;YACxD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,SAAS,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;gBAC1C,cAAc,CAAC,CAAC,CAAC,GAAG,SAAS,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;YAC9C,CAAC;YAED,GAAG,GAAG,OAAO,CAAC,cAAc,EAAE,EAAE,EAAE,EAAE,QAAQ,EAAE,GAAG,EAAE,IAAI,EAAE,CAAC,CAAC;QAC7D,CAAC;QAAC,OAAO,YAAY,EAAE,CAAC;YACtB,yBAAyB;YACzB,OAAO,CAAC,GAAG,CAAC,8BAA8B,CAAC,CAAA;YAC3C,IAAI,CAAC;gBACH,MAAM,aAAa,GAAG,kBAAkB,CAAC,kBAAkB,CAAC,CAAC;gBAC7D,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,aAAa,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAA;gBAC5D,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;gBACjB,OAAO,CAAC,GAAG,CAAC,6CAA6C,CAAC,CAAA;gBAC1D,OAAO,EAAE,UAAU,EAAC,KAAK,EAAE,GAAG,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;YAChD,CAAC;YAAC,OAAO,QAAQ,EAAE,CAAC;gBAC1B,OAAO,OAAO,CAAC,OAAO,CAAC,EAAE,UAAU,EAAC,KAAK,EAAE,GAAG,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAA;YACxD,CAAC;QACH,CAAC;QAED,OAAO,EAAE,UAAU,EAAE,GAAG,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;IAE1C,CAAC;IACD,SAAS,uBAAuB,CAAC,MAAe;QAC9C,IAAI,MAAM,EAAE,CAAC;YACX,MAAM,QAAQ,GAAG,uBAAuB,CAAC,MAAM,CAAC,CAAC;YACjD,IAAI,CAAC,CAAC,QAAQ,KAAK,SAAS,CAAC,EAAE,CAAC;gBAC9B,OAAO,QAAQ,CAAC;YAClB,CAAC;QACH,CAAC;QACD,OAAO,uBAAuB,CAAC,mBAAmB,CAAC,UAAU,CAAC,CAAC;IACjE,CAAC;IAED;;;;;OAKG;IACH,SAAS,eAAe,CAAC,MAAc;QACrC,OAAO,gBAAgB,CAAC,MAAM,CAAC,CAAC;IAClC,CAAC;IAED;;;;;;OAMG;IACH,SAAS,WAAW,CAAC,KAAK,EAAE,YAAsB;QAChD,IAAI,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;YACpB,OAAO,YAAY,KAAK,IAAI,CAAC,CAAC,CAAC,qBAAqB,GAAG,KAAK,GAAG,WAAW,CAAC,CAAC,CAAC,qBAAqB,GAAG,KAAK,GAAG,IAAI,CAAC;QACpH,CAAC;QACD,OAAO,qBAAqB,GAAG,KAAK,CAAC,IAAI,GAAG,MAAM,GAAG,KAAK,CAAC,IAAI,CAAC;IAClE,CAAC;IAED;;;;;;OAMG;IACH,SAAS,OAAO,CAAC,MAAc,EAAE,OAAe;QAC9C,MAAM,YAAY,GAAG,SAAS,CAAC,OAAO,EAAE,EAAC,MAAM,EAAE,OAAO,EAAC,CAAC,CAAC;QAC3D,OAAO,MAAM,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,GAAG,YAAY,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IAC/E,CAAC;IAED,SAAS,SAAS,CAAC,WAAoB;QACrC,OAAO,CAAC,MAAc,EAAE,KAAc,EAAE,EAAE;YACxC,MAAM,IAAI,GAAW,CAAC,WAAW,KAAK,IAAI,IAAI,WAAW,KAAK,SAAS,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;YAEpG,oGAAoG;YACpG,OAAO,KAAK,CAAC,CAAC,CAAC,GAAG,KAAK,GAAG,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;QACrD,CAAC,CAAA;IACH,CAAC;IAED,OAAO;QAEL,WAAW;QACX,mBAAmB;QACnB,2BAA2B;QAC3B,4BAA4B;QAC5B,iCAAiC;QACjC,wBAAwB;QACxB,4BAA4B;QAC5B,6BAA6B;QAC7B,6BAA6B;QAC7B,8BAA8B;QAC9B;;;;;WAKG;QACH,kBAAkB,CAAC,MAAc,EAAE,SAAkC;YACnE,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE;gBACjC,MAAM,GAAG,MAAM,CAAC,OAAO,CACrB,IAAI,MAAM,CAAC,UAAU,CAAC,KAAK,EAAE,GAAG,CAAC,EACjC,SAAS,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CACxB,CAAC;YACJ,CAAC,CAAC,CAAC;YACH,OAAO,MAAM,CAAC;QAChB,CAAC;QACD;;;;;;WAMG;QACH,eAAe;QACf,yBAAyB,CAAC,aAAoB;YAClD,cAAc;YACR,YAAY;YACZ,MAAM,kBAAkB,GAAG;gBACzB,yBAAyB,EAAE;oBACzB,mCAAmC;oBACnC,EAEC;oBACD,mBAAmB;oBACnB,GAAG,aAAa,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;wBAC5B,iBAAiB,EAAE;4BACjB,eAAe;4BACf;gCACE,KAAK,EAAE;oCACL,IAAI,EAAE,IAAI,CAAC,IAAI;oCACf,UAAU,EAAE,IAAI,CAAC,UAAU;iCAC5B;6BACF;4BACD,wBAAwB;4BACxB,GAAG,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,QAAa,EAAE,EAAE,CAAC,CAAC;gCACzC,sBAAsB,EAAE;oCACtB,qBAAqB;oCACrB;wCACE,KAAK,EAAE,IAAI,CAAC,SAAS,KAAK,CAAC;4CACzB,CAAC,CAAC,EAAE,UAAU,EAAE,WAAW,EAAE;4CAC7B,CAAC,CAAC,EAAE;qCACP;oCACD,MAAM;oCACN,QAAQ,CAAC,KAAK;iCACf;6BACF,CAAC,CAAC;yBACJ;qBACF,CAAC,CAAC;iBACJ;aACF,CAAC;YAEF,kBAAkB;YAClB,MAAM,SAAS,GAAI,GAAG,CAAC,CAAC,kBAAkB,CAAC,EAAE,EAAE,WAAW,EAAE,KAAK,EAAC,CAAC,CAAC;YACpE,OAAO,SAAS,CAAC,IAAI,EAAE,CAAC;QAC1B,CAAC;QACD;;;;;;;;;;WAUG;QACH,sBAAsB,CAAC,IAA0B;YAC/C,MAAM,EACJ,cAAc,EACd,iBAAiB,EACjB,UAAU,EACV,cAAc,EACd,kBAAkB,GAAG,mBAAmB,CAAC,UAAU,EACnD,wBAAwB,GAAG;gBACzB,uDAAuD;gBACvD,yCAAyC;aAC1C,EACD,WAAW,EACX,eAAe,EACf,cAAc,GAAG,IAAI,EACrB,eAAe,GAAG,KAAK,GACxB,GAAG,IAAI,CAAC;YACT,MAAM,GAAG,GAAG,IAAI,SAAS,EAAE,CAAC;YAC5B,sCAAsC;YACtC,MAAM,eAAe,GAAG,eAAe,CAAC,kBAAkB,CAAC,CAAC;YAC5D,IAAI,iBAAiB,EAAE,CAAC;gBACtB,GAAG,CAAC,YAAY,CAAC;oBACf,KAAK,EAAE,iBAAiB;oBACxB,UAAU,EAAE,wBAAwB;oBACpC,eAAe,EAAE,eAAe;iBACjC,CAAC,CAAC;YACL,CAAC;YACD,IAAI,eAAe,EAAE,CAAC;gBACpB,GAAG,CAAC,YAAY,CAAC;oBACf,6BAA6B;oBAC7B,KAAK,EAAE,IAAI;oBACX,UAAU,EAAE,wBAAwB;oBACpC,eAAe;iBAChB,CAAC,CAAC;YACL,CAAC;YACD,GAAG,CAAC,kBAAkB,GAAG,kBAAkB,CAAC;YAC5C,GAAG,CAAC,UAAU,GAAG,IAAI,CAAC,UAAU,CAAC,WAAW,EAAE,eAAe,CAAC,CAAC,MAAM,EAAE,CAAC;YACxE,GAAG,CAAC,iBAAiB,GAAG,IAAI,CAAC,UAAU,CAAC,WAAW,EAAE,eAAe,CAAC,CAAC,UAAU,CAAC;YACjF,GAAG,CAAC,UAAU,GAAG,OAAO,CAAC,cAAc,CAAC,UAAU,EAAE,cAAc,EAAE,IAAI,CAAC,CAAC;YAC1E,GAAG,CAAC,yBAAyB,GAAG,yCAAyC,CAAC;YAE1E,IAAI,eAAe,EAAE,CAAC;gBACpB,GAAG,CAAC,gBAAgB,CAAC,cAAc,EAAE,eAAe,CAAC,CAAC;YACxD,CAAC;iBAAM,CAAC;gBACN,GAAG,CAAC,gBAAgB,CAAC,cAAc,CAAC,CAAC;YACvC,CAAC;YACD,OAAO,cAAc,KAAK,KAAK,CAAC,CAAC,CAAC,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,YAAY,EAAE,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,YAAY,EAAE,CAAC;QAClG,CAAC;QAED,uBAAuB,CAAC,eAAe;YACrC,MAAM,EAAC,GAAG,EAAC,GAAG,UAAU,EAAE,CAAC;YAC3B,MAAM,GAAG,GAAG,GAAG,CAAC,eAAe,CAAC,eAAe,EAAC,iBAAiB,CAAC,CAAC;YAEnE,kBAAkB;YAClB,MAAM,QAAQ,GAAG,GAAG,CAAC,eAAe,CAAC;YACrC,IAAI,CAAC,QAAQ,IAAI,QAAQ,CAAC,SAAS,KAAK,UAAU,EAAE,CAAC;gBACnD,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAC;YAC3C,CAAC;YAED,mBAAmB;YACnB,MAAM,UAAU,GAAG,QAAQ,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC;YAE/C,sBAAsB;YACtB,MAAM,QAAQ,GAAG,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC,MAAM,CACnD,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,QAAQ,KAAK,CAAC,CAChC,CAAC,CAAC,UAAU;YAEb,kCAAkC;YAClC,MAAM,SAAS,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE;gBACvC,aAAa;gBACb,MAAM,SAAS,GAAG,IAAI,CAAC,QAAQ,CAAC;gBAChC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAA;gBACrB,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;gBACvB,aAAa;gBACb,MAAM,EAAE,GAAG,IAAI,CAAC,YAAY,CAAC;gBAC7B,OAAO,CACH,CAAC,SAAS,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,EAAE,KAAK,oCAAoC,CAAC;uBAC7E,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,WAAW,CAAC,CACzC,CAAC;YACJ,CAAC,CAAC,CAAC;YAEH,IAAI,CAAC,SAAS,EAAE,CAAC;gBACf,MAAM,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAC;YACjD,CAAC;YACD,aAAa;YAEb,yBAAyB;YACzB,aAAa;YACb,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,oBAAoB,CAAC,WAAW,CAAC,CAAC,CAAC;YACzD,OAAO,CAAC,GAAG,CAAC,uBAAuB,CAAC,CAAA;YACpC,aAAa;YACb,MAAM,SAAS,GAAG,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,oBAAoB,CAAC,WAAW,CAAC,CAAC,CAAC,IAAI,CAE1E,CAAC,GAAG,EAAE,EAAE;gBACN,aAAa;gBACb,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE,UAAU,EAAE,SAAS,CAAC,CAAC;gBACxC,OAAO,CAAC,GAAG,CAAC,0CAA0C,CAAC,CAAA;gBACvD,aAAa;gBACd,OAAO,GAAG,EAAE,UAAU,EAAE,SAAU,EAAE,QAAQ,CAAC,YAAY,CAAC,CAAA;YAC3D,CAAC,CACJ,CAAC;YACF,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;YACvB,OAAO,CAAC,GAAG,CAAC,wBAAwB,CAAC,CAAA;YACrC,aAAa;YACb,MAAM,YAAY,GAAG,SAAS,EAAE,YAAY,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC;YAC1D,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAC,CAAA;YACtC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;YAC1B,OAAO,CAAC,GAAG,CAAC,IAAI,UAAU,EAAE,CAAC,CAAC;YAC9B,OAAO,CAAC,GAAG,CAAC,wBAAwB,CAAC,CAAA;YACrC,oBAAoB;YACpB,MAAM,mBAAmB,GAAG,YAAY,KAAK,IAAI,UAAU,EAAE,CAAC;YAE9D,2BAA2B;YAC3B,MAAM,kBAAkB,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE;gBAChD,aAAa;gBACb,MAAM,SAAS,GAAG,IAAI,EAAE,SAAS,CAAC;gBAClC,OAAO,CACH,CAAC,SAAS,KAAK,oBAAoB,CAAE;uBAClC,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,oBAAoB,CAAC,CAClD,CAAC;YACJ,CAAC,CAAC,CAAC;YAEH,IAAI,CAAC,kBAAkB,EAAE,CAAC;gBACxB,MAAM,IAAI,KAAK,CAAC,8BAA8B,CAAC,CAAC;YAClD,CAAC;YAED,oBAAoB;YACpB,MAAM,cAAc,GAAG,QAAQ,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;YACnD,MAAM,cAAc,GAAG,QAAQ,CAAC,OAAO,CAAC,kBAAkB,CAAC,CAAC;YAC5D,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;YAC5B,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;YAC5B,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,CAAA;YAChC,OAAO;YACP,IAAI,mBAAmB,IAAI,cAAc,GAAG,cAAc,EAAE,CAAC;gBAC3D,OAAO,mBAAmB,CAAC,CAAC,SAAS;YACvC,CAAC;iBAAM,CAAC;gBACN,OAAO,mBAAmB,CAAC,CAAC,SAAS;YACvC,CAAC;QACH,CAAC;QACD;;;;;;;WAOG;QACH,gDAAgD;QAChD,eAAe,CAAC,GAAW,EAAE,IAA8B;YACzD,MAAM,EAAC,GAAG,EAAC,GAAG,UAAU,EAAE,CAAC;YAC3B,MAAM,GAAG,GAAG,GAAG,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC;YAErC,MAAM,SAAS,GAAG,IAAI,SAAS,EAAE,CAAC;YAClC,iIAAiI;YACjI,sDAAsD;YACtD,MAAM,qBAAqB,GAAG,0GAA0G,CAAC;YACzI,wDAAwD;YACxD,MAAM,uBAAuB,GAAG,uIAAuI,CAAC;YACxK,6DAA6D;YAC7D,MAAM,qBAAqB,GAAG,6OAA6O,CAAC;YAE5Q,4BAA4B;YAC5B,IAAI,SAAS,GAAQ,EAAE,CAAC;YACxB,MAAM,oBAAoB,GAAG,MAAM,CAAC,qBAAqB,EAAE,GAAG,CAAC,CAAC;YAChE,MAAM,sBAAsB,GAAG,MAAM,CAAC,uBAAuB,EAAE,GAAG,CAAC,CAAC;YACpE,MAAM,mBAAmB,GAAG,MAAM,CAAC,qBAAqB,EAAE,GAAG,CAAC,CAAC;YAE/D,SAAS,GAAG,SAAS,CAAC,MAAM,CAAC,oBAAoB,CAAC,CAAC;YACnD,SAAS,GAAG,SAAS,CAAC,MAAM,CAAC,sBAAsB,CAAC,CAAC;YAErD,yCAAyC;YACzC,IAAI,mBAAmB,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBACrC,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAC;YACnD,CAAC;YAED,iDAAiD;YACjD,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBAC3B,MAAM,IAAI,KAAK,CAAC,oBAAoB,CAAC,CAAC;YACxC,CAAC;YAGD,4BAA4B;YAC5B,KAAK,MAAM,aAAa,IAAI,SAAS,EAAE,CAAC;gBACtC,MAAM,GAAG,GAAG,IAAI,SAAS,EAAE,CAAC;gBAC5B,IAAI,QAAQ,GAAG,KAAK,CAAC;gBAErB,GAAG,CAAC,kBAAkB,GAAG,IAAI,CAAC,kBAAmB,CAAC;gBAElD,IAAI,CAAC,IAAI,CAAC,OAAO,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC;oBACpC,MAAM,IAAI,KAAK,CAAC,0CAA0C,CAAC,CAAC;gBAC9D,CAAC;gBAED,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;oBACjB,GAAG,CAAC,UAAU,GAAG,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;gBAChD,CAAC;gBAED,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;oBAClB,MAAM,eAAe,GAAG,MAAM,CAAC,uCAAuC,EAAE,aAAa,CAAQ,CAAC;oBAC9F,0BAA0B;oBAC1B,IAAI,YAAY,GAAQ,IAAI,CAAC,QAAQ,CAAC,kBAAkB,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;oBAC1E,oEAAoE;oBACpE,IAAI,KAAK,CAAC,OAAO,CAAC,YAAY,CAAC,EAAE,CAAC;wBAChC,YAAY,GAAG,WAAW,CAAC,YAAY,CAAC,CAAC;oBAC3C,CAAC;yBAAM,IAAI,OAAO,YAAY,KAAK,QAAQ,EAAE,CAAC;wBAC5C,YAAY,GAAG,CAAC,YAAY,CAAC,CAAC;oBAChC,CAAC;oBACD,mCAAmC;oBACnC,YAAY,GAAG,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,kBAAkB,CAAC,CAAC;oBAE5D,gDAAgD;oBAChD,IAAI,eAAe,CAAC,MAAM,KAAK,CAAC,IAAI,YAAY,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;wBAC9D,MAAM,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAC;oBAC7C,CAAC;oBAED,+BAA+B;oBAC/B,IAAI,eAAe,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;wBACjC,MAAM,mBAAmB,GAAG,eAAe,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,IAAI,CAAC;wBAC/D,MAAM,eAAe,GAAG,OAAO,CAAC,kBAAkB,CAAC,mBAAmB,CAAC,CAAC;wBACxE,IACE,YAAY,CAAC,MAAM,IAAI,CAAC;4BACxB,CAAC,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,IAAI,EAAE,KAAK,eAAe,CAAC,IAAI,EAAE,CAAC,EAClE,CAAC;4BACD,sDAAsD;4BACtD,8EAA8E;4BAC9E,MAAM,IAAI,KAAK,CAAC,mDAAmD,CAAC,CAAC;wBACvE,CAAC;wBAED,GAAG,CAAC,UAAU,GAAG,IAAI,CAAC,UAAU,CAAC,eAAe,CAAC,CAAC,MAAM,EAAE,CAAC;oBAE7D,CAAC;yBAAM,CAAC;wBACN,iCAAiC;wBACjC,GAAG,CAAC,UAAU,GAAG,IAAI,CAAC,UAAU,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;oBAE7D,CAAC;gBACH,CAAC;gBAED,GAAG,CAAC,aAAa,CAAC,aAAa,CAAC,CAAC;gBAEjC,GAAG,CAAC,WAAW,CAAC,aAAa,CAAC,CAAC;gBAE/B,QAAQ,GAAG,GAAG,CAAC,cAAc,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC,CAAC;gBAE9C,kFAAkF;gBAClF,IAAI,CAAC,QAAQ,EAAE,CAAC;oBACd,MAAM,IAAI,KAAK,CAAC,gCAAgC,CAAC,CAAC;gBACpD,CAAC;gBAED,6DAA6D;gBAC7D,8EAA8E;gBAC9E,8GAA8G;gBAC9G,IAAI,CAAC,CAAC,GAAG,CAAC,mBAAmB,EAAE,CAAC,MAAM,IAAI,CAAC,CAAC,EAAE,CAAC;oBAC7C,MAAM,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAA;gBAC5C,CAAC;gBACD,MAAM,iBAAiB,GAAG,GAAG,CAAC,mBAAmB,EAAE,CAAC,CAAC,CAAC,CAAC;gBACvD,MAAM,QAAQ,GAAG,SAAS,CAAC,eAAe,CAAC,iBAAiB,EAAE,UAAU,CAAC,CAAC,eAAe,CAAC;gBAC1F,kCAAkC;gBAClC,uCAAuC;gBACvC,IAAI,QAAQ,CAAC,SAAS,KAAK,UAAU,EAAE,CAAC;oBAEtC,+CAA+C;oBAC/C,MAAM,mBAAmB,GAAG,MAAM,CAChC,wCAAwC,EACxC,QAAQ,CACT,CAAC;oBACF,MAAM,UAAU,GAAG,MAAM,CACvB,+BAA+B,EAC/B,QAAQ,CACT,CAAC;oBACF,gBAAgB;oBAChB,mDAAmD;oBACnD,IAAI,mBAAmB,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;wBACtC,SAAS;wBACR,OAAO,CAAC,IAAI,EAAE,mBAAmB,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE,EAAC,IAAI,CAAC,CAAC;oBACxD,CAAC;oBAED,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;wBAE5B,OAAO,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE,EAAC,KAAK,CAAC,CAAC;oBAChD,CAAC;gBAEH,CAAC;qBAAM,IAAI,QAAQ,CAAC,SAAS,KAAK,WAAW,EAAE,CAAC;oBAC9C,OAAO,CAAC,IAAI,EAAE,QAAQ,CAAC,QAAQ,EAAE,EAAC,KAAK,CAAC,CAAC;gBAC3C,CAAC;qBAAM,IAAI,QAAQ,CAAC,SAAS,KAAK,oBAAoB,EAAE,CAAC;oBACvD,OAAO,CAAC,IAAI,EAAE,QAAQ,CAAC,QAAQ,EAAE,EAAC,IAAI,CAAC,CAAC;gBAC1C,CAAC;qBAAK,CAAC;oBACL,OAAO,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC,CAAC,wGAAwG;gBAC/H,CAAC;YACH,CAAC;YAED,0DAA0D;YAC1D,MAAM,IAAI,KAAK,CAAC,oBAAoB,CAAC,CAAC;YAEtC,+DAA+D;YAC/D,wDAAwD;YACxD;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;qDAuCyC;QAC3C,CAAC;QACD;;;;;WAKG;QACH,gBAAgB,CAAC,GAAW,EAAE,UAA2B;YACvD,OAAO;gBACL,CAAC,eAAe,CAAC,EAAE;oBACjB;wBACE,KAAK,EAAE,EAAC,GAAG,EAAC;qBACb;oBACD;wBACE,CAAC,YAAY,CAAC,EAAE;4BACd;gCACE,KAAK,EAAE;oCACL,UAAU,EAAE,oCAAoC;iCACjD;6BACF;4BACD;gCACE,CAAC,aAAa,CAAC,EAAE,CAAC;wCAChB,oBAAoB,EAAE,OAAO,CAAC,kBAAkB,CAAC,UAAU,CAAC;qCAC7D,CAAC;6BACH;yBACF;qBACF;iBAAC;aACL,CAAC;QACJ,CAAC;QAED;;;;;;;;WAQG;QAEH,yBAAyB,CACvB,WAA4B,EAC5B,GAAoB,EACpB,UAAmB,EACnB,WAAoB,IAAI,EACxB,mBAA2B,uBAAuB,CAAC,mBAAmB,CAAC,UAAU,CAAC;YAElF,IAAI,CAAC;gBACH,aAAa;gBACb,MAAM,SAAS,GAAG,MAAM,CAAC,QAAQ,CAAC,WAAW,CAAC;oBAC5C,CAAC,CAAC,WAAW;oBACb,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,WAAW,EAAE,MAAM,CAAC,CAAC;gBACrC,eAAe;gBACf,MAAM,qBAAqB,GAAG,uBAAuB,CAAC,gBAAgB,CAAC,CAAA;gBACvE,MAAM,MAAM,GAAG,UAAU,CAAC,qBAAqB,CAAC,CAAA;gBAEhD,UAAU;gBACV,MAAM,UAAU,GAAG,gBAAgB,CAAC;oBAClC,GAAG,EAAE,GAAG;oBACR,MAAM,EAAE,KAAK;oBACb,UAAU,EAAE,UAAU;oBACtB,QAAQ,EAAE,MAAM;iBACjB,CAAC,CAAC;gBACH,MAAM,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;gBAC1B,MAAM,CAAC,GAAG,EAAE,CAAC;gBACb,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC;gBACpD,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,QAAQ,EAAE,CAAC,CAAC;gBAClC,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,CAAA;gBAC1B,YAAY;gBACZ,OAAO,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC;YACrD,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,MAAM,IAAI,KAAK,CAAC,cAAc,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;YACjD,CAAC;QACH,CAAC;QACD,sBAAsB,CACpB,QAAQ,EACR,WAAmB,EACnB,SAA0B,EAC1B,eAAwB;YAExB,MAAM,QAAQ,GAAG,QAAQ,CAAC,kBAAkB,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;YAC9D,MAAM,aAAa,GAAG,uBAAuB,CAAC,eAAe,CAAC,CAAC;YAC/D,MAAM,QAAQ,GAAG,YAAY,CAAC,aAAa,CAAC,CAAC;YAC7C,QAAQ,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;YAC7B,MAAM,OAAO,GAAG,QAAQ,CAAC,MAAM,CAAC,OAAO,CAAC,8BAA8B,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC,CAAC;YAC7J,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;YACrB,OAAO,CAAC,GAAG,CAAC,kCAAkC,CAAC,CAAA;YAC/C,OAAO,OAAO,CAAA;QAEhB,CAAC;QAGD;;;;WAIG;QACH,UAAU,CAAC,eAAuB,EAAE,kBAAuB,EAAE;YAC3D,MAAM,MAAM,GAAG,eAAe,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,eAAe,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;YAC1E,OAAO;gBACL,UAAU,EAAE,GAAG,EAAE;oBACf,OAAO,IAAI,MAAM,aAAa,MAAM,mBAAmB,eAAe,KAAK,MAAM,qBAAqB,MAAM,WAAW,CAAC;gBAC1H,CAAC;gBACD,MAAM,EAAE,GAAG,EAAE;oBACX,OAAO,OAAO,CAAC,8BAA8B,CAAC,eAAe,CAAC,CAAC,QAAQ,EAAE,CAAC;gBAC5E,CAAC;aACF,CAAC;QACJ,CAAC;QACD;;;;;;WAMG;QACH,gDAAgD;QAChD,gBAAgB,CAAC,YAAY,EAAE,YAAY,EAAE,GAAY;YACvD,iDAAiD;YACjD,OAAO,IAAI,OAAO,CAAS,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;gBAE7C,IAAI,CAAC,GAAG,EAAE,CAAC;oBACT,OAAO,MAAM,CAAC,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAC,CAAC;gBACtD,CAAC;gBAED,MAAM,mBAAmB,GAAG,YAAY,CAAC,aAAa,CAAC;gBACvD,MAAM,oBAAoB,GAAG,YAAY,CAAC,UAAU,CAAC;gBACrD,MAAM,EAAC,GAAG,EAAC,GAAG,UAAU,EAAE,CAAC;gBAC3B,MAAM,GAAG,GAAG,GAAG,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC;gBACrC,MAAM,UAAU,GAAG,MAAM,CAAC,gCAAgC,EAAE,GAAG,CAAW,CAAC;gBAC3E,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,UAAU,CAAC,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;oBAC1D,MAAM,IAAI,KAAK,CAAC,kBAAkB,CAAC,CAAC;gBACtC,CAAC;gBACD,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBAC1B,MAAM,IAAI,KAAK,CAAC,wBAAwB,CAAC,CAAC;gBAC5C,CAAC;gBACD,MAAM,gBAAgB,GAAG,UAAU,CAAC,CAAC,CAAC,CAAC;gBAEvC,8DAA8D;gBAC9D,IAAI,mBAAmB,CAAC,oBAAoB,EAAE,CAAC;oBAE7C,MAAM,YAAY,GAAG,OAAO,CAAC,8BAA8B,CAAC,oBAAoB,CAAC,kBAAkB,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC;oBAEtH,MAAM,CAAC,OAAO,CAAC,gBAAgB,CAAC,QAAQ,EAAE,EAAE;wBAC1C,4BAA4B;wBAC5B,OAAO,EAAE,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,EAAE,8BAA8B;wBAClE,GAAG,EAAE,MAAM,CAAC,IAAI,CAAC,8BAA8B,oBAAoB,CAAC,kBAAkB,CAAC,OAAO,CAAC,OAAO,CAAC,2BAA2B,CAAC;wBACnI,mBAAmB,EAAE,mBAAmB,CAAC,uBAAuB;wBAChE,sBAAsB,EAAE,mBAAmB,CAAC,sBAAsB;wBAClE,mBAAmB,EAAE,SAAS;wBAC9B,uCAAuC,EAAE,IAAI;wBAC7C,qBAAqB,EAAE,IAAI;qBAC5B,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;wBACd,IAAI,GAAG,EAAE,CAAC;4BACR,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;4BACnB,OAAO,MAAM,CAAC,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC,CAAC;wBACpE,CAAC;wBACD,IAAI,CAAC,GAAG,EAAE,CAAC;4BACT,OAAO,MAAM,CAAC,IAAI,KAAK,CAAC,mCAAmC,CAAC,CAAC,CAAC;wBAChE,CAAC;wBACD,MAAM,EAAC,kBAAkB,EAAE,kBAAkB,EAAC,GAAG,mBAAmB,CAAC,SAAS,CAAC;wBAC/E,MAAM,mBAAmB,GAAG,GAAG,CAAC,eAAe,CAAC,IAAI,kBAAkB,6BAA6B,kBAAkB,KAAK,SAAS,CAAC,KAAK,CAAC,SAAS,KAAK,GAAG,KAAK,kBAAkB,sBAAsB,CAAC,CAAC;wBAC1M,GAAG,CAAC,eAAe,CAAC,YAAY,CAAC,mBAAmB,CAAC,eAAe,EAAE,gBAAgB,CAAC,CAAC;wBACxF,OAAO,OAAO,CAAC,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC;oBACvD,CAAC,CAAC,CAAC;gBACL,CAAC;qBAAM,CAAC;oBACN,OAAO,OAAO,CAAC,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,2BAA2B;gBACxE,CAAC;YACH,CAAC,CAAC,CAAC;QACL,CAAC;QACD;;;;;;;WAOG;QACH,gBAAgB,CAAC,IAAI,EAAE,SAAiB;YACtC,OAAO,IAAI,OAAO,CAAgB,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;gBACpD,sDAAsD;gBACtD,IAAI,CAAC,SAAS,EAAE,CAAC;oBACf,OAAO,MAAM,CAAC,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAC,CAAC;gBACtD,CAAC;gBACD,2FAA2F;gBAC3F,MAAM,WAAW,GAAG,IAAI,CAAC,aAAa,CAAC;gBACvC,MAAM,EAAC,GAAG,EAAC,GAAG,UAAU,EAAE,CAAC;gBAC3B,MAAM,GAAG,GAAG,GAAG,CAAC,eAAe,CAAC,SAAS,CAAC,CAAC;gBAC3C,MAAM,mBAAmB,GAAG,MAAM,CAAC,8EAA8E,EAAE,GAAG,CAAW,CAAC;gBAClI,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,mBAAmB,CAAC,IAAI,mBAAmB,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;oBAC5E,MAAM,IAAI,KAAK,CAAC,mCAAmC,CAAC,CAAC;gBACvD,CAAC;gBACD,IAAI,mBAAmB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBACnC,MAAM,IAAI,KAAK,CAAC,wBAAwB,CAAC,CAAC;gBAC5C,CAAC;gBACD,MAAM,gBAAgB,GAAG,mBAAmB,CAAC,CAAC,CAAC,CAAC;gBAChD,OAAO,MAAM,CAAC,OAAO,CAAC,gBAAgB,CAAC,QAAQ,EAAE,EAAE;oBACjD,GAAG,EAAE,OAAO,CAAC,cAAc,CAAC,WAAW,CAAC,aAAa,EAAE,WAAW,CAAC,iBAAiB,CAAC;iBACtF,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;oBACd,IAAI,GAAG,EAAE,CAAC;wBACR,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;wBACnB,OAAO,MAAM,CAAC,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC,CAAC;oBACpE,CAAC;oBACD,IAAI,CAAC,GAAG,EAAE,CAAC;wBACT,OAAO,MAAM,CAAC,IAAI,KAAK,CAAC,mCAAmC,CAAC,CAAC,CAAC;oBAChE,CAAC;oBACD,MAAM,eAAe,GAAG,GAAG,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC;oBACjD,GAAG,CAAC,eAAe,CAAC,YAAY,CAAC,eAAe,CAAC,eAAe,EAAE,gBAAgB,CAAC,CAAC;oBACpF,OAAO,OAAO,CAAC,CAAC,GAAG,CAAC,QAAQ,EAAE,EAAE,GAAG,CAAC,CAAC,CAAC;gBACxC,CAAC,CAAC,CAAC;YACL,CAAC,CAAC,CAAC;QACL,CAAC;QACD;;WAEG;QACH,KAAK,CAAC,UAAU,CAAC,KAAa;YAE5B,qDAAqD;YACrD,MAAM,EAAC,QAAQ,EAAC,GAAG,UAAU,EAAE,CAAC;YAEhC;;;;;eAKG;YACH,IAAI,CAAC,QAAQ,EAAE,CAAC;gBAEd,qCAAqC;gBACrC,OAAO,OAAO,CAAC,MAAM,CAAC,+LAA+L,CAAC,CAAC;YAEzN,CAAC;YAED,IAAI,CAAC;gBACH,OAAO,MAAM,QAAQ,CAAC,KAAK,CAAC,CAAC;YAC/B,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC;gBACX,MAAM,CAAC,CAAC;YACV,CAAC;QAEH,CAAC;KACF,CAAC;AACJ,CAAC,CAAC;AAEF,eAAe,OAAO,EAAE,CAAC"}
package/build/src/metadata-idp.js CHANGED
@@ -102,6 +102,13 @@ export class IdpMetadata extends Metadata {
102
102
  attributePath: [],
103
103
  attributes: ['Location']
104
104
  },
105
+ {
106
+ key: 'artifactResolutionService',
107
+ localPath: ['EntityDescriptor', 'IDPSSODescriptor', 'ArtifactResolutionService'],
108
+ index: ['Binding'],
109
+ attributePath: [],
110
+ attributes: ['Location']
111
+ },
105
112
  ]);
106
113
  }
107
114
  /**
@@ -130,4 +137,19 @@ export class IdpMetadata extends Metadata {
130
137
  }
131
138
  return this.meta.singleSignOnService;
132
139
  }
140
+ /**
141
+ * @desc Get the entity endpoint for single ArtifactResolutionService
142
+ * @param {string} binding protocol binding (e.g. redirect, post)
143
+ * @return {string/object} location
144
+ */
145
+ getArtifactResolutionService(binding) {
146
+ if (isString(binding)) {
147
+ const bindName = namespace.binding[binding];
148
+ const service = this.meta.artifactResolutionService[bindName];
149
+ if (service) {
150
+ return service;
151
+ }
152
+ }
153
+ return this.meta.artifactResolutionService;
154
+ }
133
155
  }
package/build/src/metadata-idp.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"metadata-idp.js","sourceRoot":"","sources":["../../src/metadata-idp.ts"],"names":[],"mappings":"AAAA;;;;EAIE;AACF,OAAO,QAAqC,MAAM,eAAe,CAAC;AAElE,OAAO,EAAE,SAAS,EAAE,MAAM,UAAU,CAAC;AACrC,OAAO,OAAO,MAAM,cAAc,CAAC;AACnC,OAAO,EAAE,YAAY,EAAE,eAAe,EAAE,QAAQ,EAAE,MAAM,cAAc,CAAC;AACvE,OAAO,GAAG,MAAM,KAAK,CAAC;AAMtB;;GAEG;AACH,MAAM,CAAC,OAAO,WAAU,IAA4B;IAClD,OAAO,IAAI,WAAW,CAAC,IAAI,CAAC,CAAC;AAC/B,CAAC;AAED,MAAM,OAAO,WAAY,SAAQ,QAAQ;IAEvC,YAAY,IAA4B;QAEtC,MAAM,MAAM,GAAG,QAAQ,CAAC,IAAI,CAAC,IAAI,IAAI,YAAY,MAAM,CAAC;QAExD,IAAI,CAAC,MAAM,EAAE,CAAC;YAEZ,MAAM,EACJ,QAAQ,EACR,WAAW,EACX,WAAW,EACX,uBAAuB,GAAG,KAAK,EAC/B,YAAY,GAAG,EAAE,EACjB,mBAAmB,GAAG,EAAE,EACxB,mBAAmB,GAAG,EAAE,EACxB,yBAAyB,GAAC,EAAE,EAE7B,GAAG,IAA0B,CAAC;YAE/B,MAAM,gBAAgB,GAAU,CAAC;oBAC/B,KAAK,EAAE;wBACL,uBAAuB,EAAE,MAAM,CAAC,uBAAuB,CAAC;wBACxD,0BAA0B,EAAE,SAAS,CAAC,KAAK,CAAC,QAAQ;qBACrD;iBACF,CAAC,CAAC;YAEH,KAAI,MAAM,IAAI,IAAI,YAAY,CAAC,WAAW,CAAC,EAAE,CAAC;gBAC5C,gBAAgB,CAAC,IAAI,CAAC,OAAO,CAAC,gBAAgB,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC,CAAC;YACnE,CAAC;YAED,KAAI,MAAM,IAAI,IAAI,YAAY,CAAC,WAAW,CAAC,EAAE,CAAC;gBAC5C,gBAAgB,CAAC,IAAI,CAAC,OAAO,CAAC,gBAAgB,CAAC,YAAY,EAAE,IAAI,CAAC,CAAC,CAAC;YACtE,CAAC;YAED,IAAI,eAAe,CAAC,YAAY,CAAC,EAAE,CAAC;gBAClC,YAAY,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,gBAAgB,CAAC,IAAI,CAAC,EAAE,YAAY,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC;YACxE,CAAC;YAED,IAAI,eAAe,CAAC,mBAAmB,CAAC,EAAE,CAAC;gBACzC,mBAAmB,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,UAAU,EAAE,EAAE;oBAC5C,MAAM,IAAI,GAAQ;wBAChB,OAAO,EAAE,CAAC,CAAC,OAAO;wBAClB,QAAQ,EAAE,CAAC,CAAC,QAAQ;qBACrB,CAAC;oBACF,IAAI,CAAC,CAAC,SAAS,EAAE,CAAC;wBAChB,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC;oBACxB,CAAC;oBACD,gBAAgB,CAAC,IAAI,CAAC,EAAE,mBAAmB,EAAE,CAAC,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC,CAAC;gBACpE,CAAC,CAAC,CAAC;YACL,CAAC;iBAAM,CAAC;gBACN,MAAM,IAAI,KAAK,CAAC,iDAAiD,CAAC,CAAC;YACrE,CAAC;YAED,IAAI,eAAe,CAAC,mBAAmB,CAAC,EAAE,CAAC;gBACzC,mBAAmB,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,UAAU,EAAE,EAAE;oBAC5C,MAAM,IAAI,GAAQ,EAAE,CAAC;oBACrB,IAAI,CAAC,CAAC,SAAS,EAAE,CAAC;wBAChB,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC;oBACxB,CAAC;oBACD,IAAI,CAAC,OAAO,GAAG,CAAC,CAAC,OAAO,CAAC;oBACzB,IAAI,CAAC,QAAQ,GAAG,CAAC,CAAC,QAAQ,CAAC;oBAC3B,gBAAgB,CAAC,IAAI,CAAC,EAAE,mBAAmB,EAAE,CAAC,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC,CAAC;gBACpE,CAAC,CAAC,CAAC;YACL,CAAC;iBAAM,CAAC;gBACN,OAAO,CAAC,IAAI,CAAC,wEAAwE,CAAC,CAAC;YACzF,CAAC;YACD,IAAI,eAAe,CAAC,yBAAyB,CAAC,EAAE,CAAC;gBAC/C,yBAAyB,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,UAAU,EAAE,EAAE;oBAClD,MAAM,IAAI,GAAQ,EAAE,CAAC;oBACrB,IAAI,CAAC,CAAC,SAAS,EAAE,CAAC;wBAChB,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC;oBACxB,CAAC;oBACD,IAAI,CAAC,OAAO,GAAG,CAAC,CAAC,OAAO,CAAC;oBACzB,IAAI,CAAC,QAAQ,GAAG,CAAC,CAAC,QAAQ,CAAC;oBAC3B,gBAAgB,CAAC,IAAI,CAAC,EAAE,yBAAyB,EAAE,CAAC,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC,CAAC;gBAC1E,CAAC,CAAC,CAAC;YACL,CAAC;iBAAM,CAAC;gBACN,OAAO,CAAC,IAAI,CAAC,8EAA8E,CAAC,CAAC;YAC/F,CAAC;YACD,mCAAmC;YACnC,IAAI,GAAG,GAAG,CAAC,CAAC;oBACV,gBAAgB,EAAE,CAAC;4BACjB,KAAK,EAAE;gCACL,OAAO,EAAE,SAAS,CAAC,KAAK,CAAC,QAAQ;gCACjC,iBAAiB,EAAE,SAAS,CAAC,KAAK,CAAC,SAAS;gCAC5C,UAAU,EAAE,oCAAoC;gCAChD,QAAQ;6BACT;yBACF,EAAE,EAAE,gBAAgB,EAAE,CAAC;iBACzB,CAAC,CAAC,CAAC;QACN,CAAC;QAED,KAAK,CAAC,IAAuB,EAAE;YAC7B;gBACE,GAAG,EAAE,yBAAyB;gBAC9B,SAAS,EAAE,CAAC,kBAAkB,EAAE,kBAAkB,CAAC;gBACnD,UAAU,EAAE,CAAC,yBAAyB,CAAC;aACxC;YACD;gBACE,GAAG,EAAE,qBAAqB;gBAC1B,SAAS,EAAE,CAAC,kBAAkB,EAAE,kBAAkB,EAAE,qBAAqB,CAAC;gBAC1E,KAAK,EAAE,CAAC,SAAS,CAAC;gBAClB,aAAa,EAAE,EAAE;gBACjB,UAAU,EAAE,CAAC,UAAU,CAAC;aACzB;SACF,CAAC,CAAC;IAEL,CAAC;IAED;;;MAGE;IACF,yBAAyB;QACvB,MAAM,GAAG,GAAG,IAAI,CAAC,IAAI,CAAC,uBAAuB,CAAC;QAC9C,IAAI,GAAG,KAAK,SAAS,EAAE,CAAC;YACtB,OAAO,KAAK,CAAC;QACf,CAAC;QACD,OAAO,MAAM,CAAC,GAAG,CAAC,KAAK,MAAM,CAAC;IAChC,CAAC;IAED;;;;MAIE;IACF,sBAAsB,CAAC,OAAe;QACpC,IAAI,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;YACtB,MAAM,QAAQ,GAAG,SAAS,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;YAC5C,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,mBAAmB,CAAC,QAAQ,CAAC,CAAC;YACxD,IAAI,OAAO,EAAE,CAAC;gBACZ,OAAO,OAAO,CAAC;YACjB,CAAC;QACH,CAAC;QACD,OAAO,IAAI,CAAC,IAAI,CAAC,mBAAmB,CAAC;IACvC,CAAC;CACF"}