samlesa 3.3.7 → 3.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (19) hide show
  1. package/build/src/binding-artifact.js +2 -2
  2. package/build/src/binding-post.js +13 -24
  3. package/build/src/entity.js +2 -2
  4. package/build/src/extractor.js +1082 -24
  5. package/build/src/libsaml.js +52 -63
  6. package/build/src/metadata-sp.js +21 -6
  7. package/build/src/metadata.js +4 -3
  8. package/build/src/utility.js +11 -7
  9. package/package.json +76 -78
  10. package/types/src/binding-post.d.ts.map +1 -1
  11. package/types/src/extractor.d.ts +10 -0
  12. package/types/src/extractor.d.ts.map +1 -1
  13. package/types/src/libsaml.d.ts +8 -8
  14. package/types/src/libsaml.d.ts.map +1 -1
  15. package/types/src/metadata-sp.d.ts.map +1 -1
  16. package/types/src/metadata.d.ts.map +1 -1
  17. package/types/src/types.d.ts +1 -1
  18. package/types/src/types.d.ts.map +1 -1
  19. package/types/src/utility.d.ts.map +1 -1
package/build/src/binding-artifact.js CHANGED
@@ -9,7 +9,7 @@ import libsaml from './libsaml.js';
9
9
  import libsamlSoap from './libsamlSoap.js';
10
10
  import utility, { get } from './utility.js';
11
11
  import { fileURLToPath } from "node:url";
12
- import * as uuid from 'uuid';
12
+ import { randomUUID } from 'node:crypto';
13
13
  import { artifactResolveFields, extract, loginRequestFields, loginResponseFields, logoutRequestFields, logoutResponseFields } from "./extractor.js";
14
14
  import { verifyTime } from "./validator.js";
15
15
  import { sendArtifactResolve } from "./soap.js";
@@ -328,7 +328,7 @@ async function parseLoginResponseResolve(params) {
328
328
  let extractorFields = [];
329
329
  let samlContent = '';
330
330
  const spSetting = sp.entitySetting;
331
- let ID = '_' + uuid.v4();
331
+ let ID = '_' + randomUUID();
332
332
  let url = metadata.idp.getArtifactResolutionService('soap');
333
333
  let samlSoapRaw = libsaml.replaceTagsByValue(libsaml.defaultArtifactResolveTemplate.context, {
334
334
  ID: ID,
package/build/src/binding-post.js CHANGED
@@ -106,7 +106,7 @@ async function base64LoginResponse({ requestInfo = {}, entity, user = {}, custom
106
106
  const now = nowTime.toISOString();
107
107
  const acl = metadata.sp.getAssertionConsumerService(binding.post);
108
108
  // @ts-ignore
109
- const sessionID = idpSetting?.generateID() ?? `${randomUUID()}`;
109
+ const sessionID = idpSetting?.generateID() ?? `_${randomUUID()}`;
110
110
  const sessionIndex = 'session' + sessionID; // 这个是当前系统的会话索引,用于单点注销
111
111
  const tenHoursLaterTime = new Date(nowTime.getTime());
112
112
  tenHoursLaterTime.setHours(tenHoursLaterTime.getHours() + 10);
@@ -159,6 +159,7 @@ async function base64LoginResponse({ requestInfo = {}, entity, user = {}, custom
159
159
  };
160
160
  // step: sign assertion ? -> encrypted ? -> sign message ?
161
161
  if (metadata.sp.isWantAssertionsSigned()) {
162
+ // console.debug('sp wants assertion signed');
162
163
  // @ts-ignore
163
164
  rawSamlResponse = libsaml.constructSAMLSignature({
164
165
  ...config,
@@ -167,10 +168,7 @@ async function base64LoginResponse({ requestInfo = {}, entity, user = {}, custom
167
168
  referenceTagXPath: "/*[local-name(.)='Response']/*[local-name(.)='Assertion']",
168
169
  signatureConfig: {
169
170
  prefix: 'ds',
170
- location: {
171
- reference: "/*[local-name(.)='Response']/*[local-name(.)='Assertion']/*[local-name(.)='Issuer']",
172
- action: 'after'
173
- },
171
+ location: { reference: "/*[local-name(.)='Response']/*[local-name(.)='Assertion']/*[local-name(.)='Issuer']", action: 'after' },
174
172
  },
175
173
  });
176
174
  }
@@ -190,19 +188,6 @@ async function base64LoginResponse({ requestInfo = {}, entity, user = {}, custom
190
188
  },
191
189
  });
192
190
  }
193
- /* if (spSetting.wantMessageSigned) {
194
- // console.debug('sign then encrypt and sign entire message');
195
- rawSamlResponse = libsaml.constructSAMLSignature({
196
- ...config,
197
- rawSamlMessage: rawSamlResponse,
198
- isMessageSigned: true,
199
- transformationAlgorithms: spSetting.transformationAlgorithms,
200
- signatureConfig: spSetting.signatureConfig || {
201
- prefix: 'ds',
202
- location: {reference: "/!*[local-name(.)='Response']/!*[local-name(.)='Issuer']", action: 'after'},
203
- },
204
- });
205
- }*/
206
191
  if (idpSetting.isAssertionEncrypted) {
207
192
  // console.debug('idp is configured to do encryption');
208
193
  const context = await libsaml.encryptAssertion(entity.idp, entity.sp, rawSamlResponse);
@@ -215,18 +200,22 @@ async function base64LoginResponse({ requestInfo = {}, entity, user = {}, custom
215
200
  }
216
201
  }
217
202
  //sign after encrypting
218
- /* if (encryptThenSign && (spSetting.wantMessageSigned || !metadata.sp.isWantAssertionsSigned())) {
219
- rawSamlResponse = libsaml.constructSAMLSignature({
203
+ /* console.log(encryptThenSign)
204
+ console.log(encryptThenSign && (spSetting.wantMessageSigned || !metadata.sp.isWantAssertionsSigned()))
205
+ console.log("结果====================")*/
206
+ if (encryptThenSign && (spSetting.wantMessageSigned || !metadata.sp.isWantAssertionsSigned())) {
207
+ rawSamlResponse = libsaml.constructSAMLSignature({
220
208
  ...config,
221
209
  rawSamlMessage: rawSamlResponse,
222
210
  isMessageSigned: true,
223
211
  transformationAlgorithms: spSetting.transformationAlgorithms,
212
+ // @ts-ignore
224
213
  signatureConfig: spSetting.signatureConfig || {
225
- prefix: 'ds',
226
- location: {reference: "/!*[local-name(.)='Response']/!*[local-name(.)='Issuer']", action: 'after'},
214
+ prefix: 'ds',
215
+ location: { reference: "/*[local-name(.)='Response']/*[local-name(.)='Issuer']", action: 'after' },
227
216
  },
228
- });
229
- }*/
217
+ });
218
+ }
230
219
  return Promise.resolve({
231
220
  id,
232
221
  context: utility.base64Encode(rawSamlResponse),
package/build/src/entity.js CHANGED
@@ -5,7 +5,7 @@
5
5
  */
6
6
  import { isString, isNonEmptyArray } from './utility.js';
7
7
  import { namespace, wording, algorithms, messageConfigurations } from './urn.js';
8
- import * as uuid from 'uuid';
8
+ import { randomUUID } from 'node:crypto';
9
9
  import IdpMetadata from './metadata-idp.js';
10
10
  import SpMetadata from './metadata-sp.js';
11
11
  import redirectBinding from './binding-redirect.js';
@@ -24,7 +24,7 @@ const defaultEntitySetting = {
24
24
  requestSignatureAlgorithm: signatureAlgorithms.RSA_SHA512,
25
25
  dataEncryptionAlgorithm: dataEncryptionAlgorithm.AES_256_GCM,
26
26
  keyEncryptionAlgorithm: keyEncryptionAlgorithm.RSA_OAEP_MGF1P,
27
- generateID: () => ('_' + uuid.v4()),
27
+ generateID: () => ('_' + randomUUID()),
28
28
  relayState: '',
29
29
  };
30
30
  export default class Entity {