samlesa 3.4.0 → 3.4.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/build/src/extractor.js +21 -14
- package/build/src/libsaml.js +28 -48
- package/build/src/libsamlSoap.js +10 -3
- package/build/src/metadata.js +2 -2
- package/build/src/urn.js +4 -2
- package/build/src/utility.js +1 -0
- package/package.json +3 -4
- package/types/src/binding-artifact.d.ts +1 -1
- package/types/src/entity-sp.d.ts +1 -1
- package/types/src/extractor.d.ts.map +1 -1
- package/types/src/flow.d.ts.map +1 -1
- package/types/src/libsaml.d.ts +1 -14
- package/types/src/libsaml.d.ts.map +1 -1
- package/types/src/libsamlSoap.d.ts +1 -1
- package/types/src/libsamlSoap.d.ts.map +1 -1
- package/types/src/urn.d.ts +2 -0
- package/types/src/urn.d.ts.map +1 -1
package/build/src/extractor.js
CHANGED
|
@@ -2,6 +2,13 @@ import { select } from 'xpath';
|
|
|
2
2
|
import { uniq, last, zipObject, notEmpty } from './utility.js'; // 假设这些工具函数存在
|
|
3
3
|
import { getContext } from './api.js'; // 假设这个API存在
|
|
4
4
|
import camelCase from 'camelcase';
|
|
5
|
+
function toNodeArray(result) {
|
|
6
|
+
if (Array.isArray(result))
|
|
7
|
+
return result;
|
|
8
|
+
if (result != null && typeof result === 'object' && 'nodeType' in result)
|
|
9
|
+
return [result];
|
|
10
|
+
return [];
|
|
11
|
+
}
|
|
5
12
|
function buildAbsoluteXPath(paths) {
|
|
6
13
|
if (!paths || paths.length === 0)
|
|
7
14
|
return '';
|
|
@@ -693,7 +700,7 @@ export function extract(context, fields) {
|
|
|
693
700
|
}
|
|
694
701
|
try {
|
|
695
702
|
// @ts-ignore
|
|
696
|
-
const nodes = select(fullXPath, targetDoc);
|
|
703
|
+
const nodes = toNodeArray(select(fullXPath, targetDoc));
|
|
697
704
|
if (isKeyName) {
|
|
698
705
|
const keyNames = nodes.map((n) => n.nodeValue).filter(notEmpty);
|
|
699
706
|
return {
|
|
@@ -721,7 +728,7 @@ export function extract(context, fields) {
|
|
|
721
728
|
if (Array.isArray(localPath) && localPath.length > 0 && Array.isArray(localPath[0])) {
|
|
722
729
|
const multiXPaths = localPath.map(path => `${buildAbsoluteXPath(path)}/text()`).join(' | ');
|
|
723
730
|
// @ts-ignore
|
|
724
|
-
const nodes = select(multiXPaths, targetDoc);
|
|
731
|
+
const nodes = toNodeArray(select(multiXPaths, targetDoc));
|
|
725
732
|
return {
|
|
726
733
|
...result,
|
|
727
734
|
[key]: uniq(nodes.map((n) => n.nodeValue).filter(notEmpty))
|
|
@@ -738,7 +745,7 @@ export function extract(context, fields) {
|
|
|
738
745
|
// --- 新增:列表模式处理 (用于 SSO Service, ACS 等) ---
|
|
739
746
|
if (listMode && attributes.length > 0) {
|
|
740
747
|
// @ts-ignore
|
|
741
|
-
const nodes = select(baseXPath, targetDoc);
|
|
748
|
+
const nodes = toNodeArray(select(baseXPath, targetDoc));
|
|
742
749
|
const resultList = nodes.map((node) => {
|
|
743
750
|
const attrResult = {};
|
|
744
751
|
attributes.forEach(attr => {
|
|
@@ -762,7 +769,7 @@ export function extract(context, fields) {
|
|
|
762
769
|
const indexPath = buildAttributeXPath(index);
|
|
763
770
|
const fullLocalXPath = `${baseXPath}${indexPath}`;
|
|
764
771
|
// @ts-ignore
|
|
765
|
-
const parentNodes = select(baseXPath, targetDoc);
|
|
772
|
+
const parentNodes = toNodeArray(select(baseXPath, targetDoc));
|
|
766
773
|
// @ts-ignore
|
|
767
774
|
const parentAttributes = select(fullLocalXPath, targetDoc).map((n) => n.value);
|
|
768
775
|
const childXPath = buildAbsoluteXPath([last(currentLocalPath)].concat(attributePath));
|
|
@@ -788,7 +795,7 @@ export function extract(context, fields) {
|
|
|
788
795
|
// 特殊 case: 获取整个节点内容 (原有逻辑)
|
|
789
796
|
if (isEntire) {
|
|
790
797
|
// @ts-ignore
|
|
791
|
-
const node = select(baseXPath, targetDoc);
|
|
798
|
+
const node = toNodeArray(select(baseXPath, targetDoc));
|
|
792
799
|
let value = null;
|
|
793
800
|
if (node.length === 1) {
|
|
794
801
|
value = node[0].toString();
|
|
@@ -829,7 +836,7 @@ export function extract(context, fields) {
|
|
|
829
836
|
if (attributes.length === 0 && !listMode) {
|
|
830
837
|
let attributeValue = null;
|
|
831
838
|
// @ts-ignore
|
|
832
|
-
const node = select(baseXPath, targetDoc);
|
|
839
|
+
const node = toNodeArray(select(baseXPath, targetDoc));
|
|
833
840
|
if (node.length === 1) {
|
|
834
841
|
const fullPath = `string(${baseXPath}${attributeXPath})`;
|
|
835
842
|
// @ts-ignore
|
|
@@ -1258,7 +1265,7 @@ export function extractSpToll(context, fields) {
|
|
|
1258
1265
|
}
|
|
1259
1266
|
try {
|
|
1260
1267
|
// @ts-ignore
|
|
1261
|
-
const nodes = select(fullXPath, targetDoc);
|
|
1268
|
+
const nodes = toNodeArray(select(fullXPath, targetDoc));
|
|
1262
1269
|
if (isKeyName) {
|
|
1263
1270
|
const keyNames = nodes.map((n) => n.nodeValue).filter(notEmpty);
|
|
1264
1271
|
return { ...result, [key]: keyNames.length > 0 ? keyNames[0] : null };
|
|
@@ -1280,7 +1287,7 @@ export function extractSpToll(context, fields) {
|
|
|
1280
1287
|
const multiXPaths = localPath.map(path => `${buildAbsoluteXPath(path)}/text()`).join(' | ');
|
|
1281
1288
|
try {
|
|
1282
1289
|
// @ts-ignore
|
|
1283
|
-
const nodes = select(multiXPaths, targetDoc);
|
|
1290
|
+
const nodes = toNodeArray(select(multiXPaths, targetDoc));
|
|
1284
1291
|
return { ...result, [key]: uniq(nodes.map((n) => n.nodeValue).filter(notEmpty)) };
|
|
1285
1292
|
}
|
|
1286
1293
|
catch (e) {
|
|
@@ -1296,7 +1303,7 @@ export function extractSpToll(context, fields) {
|
|
|
1296
1303
|
if (listMode) {
|
|
1297
1304
|
try {
|
|
1298
1305
|
// @ts-ignore
|
|
1299
|
-
const nodes = select(baseXPath, targetDoc);
|
|
1306
|
+
const nodes = toNodeArray(select(baseXPath, targetDoc));
|
|
1300
1307
|
if (parseCallback) {
|
|
1301
1308
|
// 使用自定义回调函数处理列表
|
|
1302
1309
|
return { ...result, [key]: parseCallback(nodes) };
|
|
@@ -1337,7 +1344,7 @@ export function extractSpToll(context, fields) {
|
|
|
1337
1344
|
const indexPath = buildAttributeXPath(index);
|
|
1338
1345
|
const fullLocalXPath = `${baseXPath}${indexPath}`;
|
|
1339
1346
|
// @ts-ignore
|
|
1340
|
-
const parentNodes = select(baseXPath, targetDoc);
|
|
1347
|
+
const parentNodes = toNodeArray(select(baseXPath, targetDoc));
|
|
1341
1348
|
// @ts-ignore
|
|
1342
1349
|
const parentAttributes = select(fullLocalXPath, targetDoc).map((n) => n.value);
|
|
1343
1350
|
const childXPath = buildAbsoluteXPath([last(currentLocalPath)].concat(attributePath));
|
|
@@ -1376,7 +1383,7 @@ export function extractSpToll(context, fields) {
|
|
|
1376
1383
|
if (isEntire) {
|
|
1377
1384
|
try {
|
|
1378
1385
|
// @ts-ignore
|
|
1379
|
-
const node = select(baseXPath, targetDoc);
|
|
1386
|
+
const node = toNodeArray(select(baseXPath, targetDoc));
|
|
1380
1387
|
let value = null;
|
|
1381
1388
|
if (node.length === 1) {
|
|
1382
1389
|
value = node[0].toString();
|
|
@@ -1399,7 +1406,7 @@ export function extractSpToll(context, fields) {
|
|
|
1399
1406
|
if (attributes.length > 1 && !listMode) {
|
|
1400
1407
|
try {
|
|
1401
1408
|
// @ts-ignore
|
|
1402
|
-
const baseNodeList = select(baseXPath, targetDoc);
|
|
1409
|
+
const baseNodeList = toNodeArray(select(baseXPath, targetDoc));
|
|
1403
1410
|
if (baseNodeList.length === 0)
|
|
1404
1411
|
return { ...result, [key]: null };
|
|
1405
1412
|
const attributeValues = baseNodeList.map((node) => {
|
|
@@ -1438,7 +1445,7 @@ export function extractSpToll(context, fields) {
|
|
|
1438
1445
|
if (attributes.length === 0 && !listMode) {
|
|
1439
1446
|
try {
|
|
1440
1447
|
// @ts-ignore
|
|
1441
|
-
const node = select(baseXPath, targetDoc);
|
|
1448
|
+
const node = toNodeArray(select(baseXPath, targetDoc));
|
|
1442
1449
|
if (parseCallback) {
|
|
1443
1450
|
// 使用自定义回调函数处理单个节点
|
|
1444
1451
|
return { ...result, [key]: parseCallback(node[0]) };
|
|
@@ -1447,7 +1454,7 @@ export function extractSpToll(context, fields) {
|
|
|
1447
1454
|
if (node.length === 1) {
|
|
1448
1455
|
const fullPath = `string(${baseXPath})`;
|
|
1449
1456
|
// @ts-ignore
|
|
1450
|
-
attributeValue = select(fullPath, targetDoc);
|
|
1457
|
+
attributeValue = toNodeArray(select(fullPath, targetDoc));
|
|
1451
1458
|
}
|
|
1452
1459
|
if (node.length > 1) {
|
|
1453
1460
|
attributeValue = node.filter((n) => n.firstChild)
|
package/build/src/libsaml.js
CHANGED
|
@@ -17,6 +17,13 @@ import { getContext } from './api.js';
|
|
|
17
17
|
import xmlEscape from 'xml-escape';
|
|
18
18
|
import * as fs from 'fs';
|
|
19
19
|
import { DOMParser } from '@xmldom/xmldom';
|
|
20
|
+
function toNodeArray(result) {
|
|
21
|
+
if (Array.isArray(result))
|
|
22
|
+
return result;
|
|
23
|
+
if (result != null && typeof result === 'object' && 'nodeType' in result)
|
|
24
|
+
return [result];
|
|
25
|
+
return [];
|
|
26
|
+
}
|
|
20
27
|
const signatureAlgorithms = algorithms.signature;
|
|
21
28
|
const digestAlgorithms = algorithms.signatureToDigestMap;
|
|
22
29
|
const certUse = wording.certUse;
|
|
@@ -400,7 +407,7 @@ xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="{ID}"
|
|
|
400
407
|
* @returns 验证结果对象
|
|
401
408
|
*/
|
|
402
409
|
async verifySignature(xml, opts, self) {
|
|
403
|
-
const { dom } = getContext();
|
|
410
|
+
const { dom } = getContext(); // 现在正常了
|
|
404
411
|
const doc = dom.parseFromString(xml, 'application/xml');
|
|
405
412
|
const docParser = new DOMParser();
|
|
406
413
|
// ✅ 优化1: 所有 XPath 路径改为精确匹配 SAML 2.0 标准
|
|
@@ -409,18 +416,14 @@ xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="{ID}"
|
|
|
409
416
|
const wrappingElementsXPath = "/*[local-name() = 'Response']/*[local-name() = 'Assertion']/*[local-name() = 'Subject']/*[local-name() = 'SubjectConfirmation']/*[local-name() = 'SubjectConfirmationData']//*[local-name() = 'Assertion' or local-name() = 'Signature']";
|
|
410
417
|
const encryptedAssertionsXPath = "/*[local-name() = 'Response']/*[local-name() = 'EncryptedAssertion']";
|
|
411
418
|
// 检测包装攻击
|
|
412
|
-
|
|
413
|
-
const wrappingElementNode = select(wrappingElementsXPath, doc);
|
|
419
|
+
const wrappingElementNode = toNodeArray(select(wrappingElementsXPath, doc));
|
|
414
420
|
if (wrappingElementNode.length !== 0) {
|
|
415
421
|
throw new Error('ERR_POTENTIAL_WRAPPING_ATTACK');
|
|
416
422
|
}
|
|
417
423
|
// 获取各种元素
|
|
418
|
-
|
|
419
|
-
const
|
|
420
|
-
|
|
421
|
-
const assertionSignatureNode = select(assertionSignatureXpath, doc);
|
|
422
|
-
// @ts-expect-error misssing Node properties are not needed
|
|
423
|
-
const encryptedAssertions = select(encryptedAssertionsXPath, doc);
|
|
424
|
+
const messageSignatureNode = toNodeArray(select(messageSignatureXpath, doc));
|
|
425
|
+
const assertionSignatureNode = toNodeArray(select(assertionSignatureXpath, doc));
|
|
426
|
+
const encryptedAssertions = toNodeArray(select(encryptedAssertionsXPath, doc));
|
|
424
427
|
// 初始化验证状态
|
|
425
428
|
let isMessageSigned = messageSignatureNode.length > 0;
|
|
426
429
|
let isAssertionSigned = assertionSignatureNode.length > 0;
|
|
@@ -448,18 +451,14 @@ xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="{ID}"
|
|
|
448
451
|
type = 'LogoutResponse';
|
|
449
452
|
break;
|
|
450
453
|
default:
|
|
451
|
-
// @ts-expect-error misssing Node properties are not needed
|
|
452
454
|
if (rootElementName.includes('AuthnRequest')) {
|
|
453
455
|
type = 'AuthnRequest';
|
|
454
|
-
// @ts-expect-error misssing Node properties are not needed
|
|
455
456
|
}
|
|
456
457
|
else if (rootElementName.includes('LogoutResponse')) {
|
|
457
458
|
type = 'LogoutResponse';
|
|
458
|
-
// @ts-expect-error misssing Node properties are not needed
|
|
459
459
|
}
|
|
460
460
|
else if (rootElementName.includes('LogoutRequest')) {
|
|
461
461
|
type = 'LogoutRequest';
|
|
462
|
-
// @ts-expect-error misssing Node properties are not needed
|
|
463
462
|
}
|
|
464
463
|
else if (rootElementName.includes('Response')) {
|
|
465
464
|
type = 'Response';
|
|
@@ -523,7 +522,6 @@ xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="{ID}"
|
|
|
523
522
|
sig.publicCert = fs.readFileSync(opts.keyFile);
|
|
524
523
|
}
|
|
525
524
|
else if (opts.metadata) {
|
|
526
|
-
// @ts-expect-error misssing Node properties are not needed
|
|
527
525
|
const certificateNode = select(".//*[local-name() = 'X509Certificate']", signatureNode);
|
|
528
526
|
let metadataCert = opts.metadata.getX509Certificate(certUse.signing);
|
|
529
527
|
if (Array.isArray(metadataCert)) {
|
|
@@ -549,7 +547,6 @@ xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="{ID}"
|
|
|
549
547
|
}
|
|
550
548
|
}
|
|
551
549
|
sig.signatureAlgorithm = opts.signatureAlgorithm;
|
|
552
|
-
// @ts-expect-error misssing Node properties are not needed
|
|
553
550
|
sig.loadSignature(signatureNode);
|
|
554
551
|
// 验证最外层消息签名
|
|
555
552
|
MessageSignatureStatus = sig.checkSignature(decryptedDoc.toString());
|
|
@@ -582,7 +579,6 @@ xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="{ID}"
|
|
|
582
579
|
sig.publicCert = fs.readFileSync(opts.keyFile);
|
|
583
580
|
}
|
|
584
581
|
else if (opts.metadata) {
|
|
585
|
-
// @ts-expect-error misssing Node properties are not needed
|
|
586
582
|
const certificateNode = select(".//*[local-name() = 'X509Certificate']", signatureNode);
|
|
587
583
|
let metadataCert = opts.metadata.getX509Certificate(certUse.signing);
|
|
588
584
|
if (Array.isArray(metadataCert)) {
|
|
@@ -608,7 +604,6 @@ xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="{ID}"
|
|
|
608
604
|
}
|
|
609
605
|
}
|
|
610
606
|
sig.signatureAlgorithm = signatureAlgorithm;
|
|
611
|
-
// @ts-expect-error misssing Node properties are not needed
|
|
612
607
|
sig.loadSignature(signatureNode);
|
|
613
608
|
MessageSignatureStatus = sig.checkSignature(doc.toString());
|
|
614
609
|
if (!MessageSignatureStatus) {
|
|
@@ -630,7 +625,6 @@ xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="{ID}"
|
|
|
630
625
|
sig.publicCert = fs.readFileSync(opts.keyFile);
|
|
631
626
|
}
|
|
632
627
|
else if (opts.metadata) {
|
|
633
|
-
// @ts-expect-error misssing Node properties are not needed
|
|
634
628
|
const certificateNode = select(".//*[local-name() = 'X509Certificate']", signatureNode);
|
|
635
629
|
let metadataCert = opts.metadata.getX509Certificate(certUse.signing);
|
|
636
630
|
if (Array.isArray(metadataCert)) {
|
|
@@ -656,12 +650,9 @@ xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="{ID}"
|
|
|
656
650
|
}
|
|
657
651
|
}
|
|
658
652
|
sig.signatureAlgorithm = signatureAlgorithm;
|
|
659
|
-
// @ts-expect-error misssing Node properties are not needed
|
|
660
653
|
sig.loadSignature(signatureNode);
|
|
661
654
|
// ✅ 优化4: 修复断言节点获取路径(精确匹配)
|
|
662
|
-
const assertionNode = select("/*[local-name() = 'Response' or local-name() = 'AuthnRequest']/*[local-name() = 'Assertion']",
|
|
663
|
-
// @ts-expect-error misssing Node properties are not needed
|
|
664
|
-
doc)[0];
|
|
655
|
+
const assertionNode = select("/*[local-name() = 'Response' or local-name() = 'AuthnRequest']/*[local-name() = 'Assertion']", doc)[0];
|
|
665
656
|
if (assertionNode) {
|
|
666
657
|
const assertionDoc = dom.parseFromString(assertionNode.toString(), 'application/xml');
|
|
667
658
|
AssertionSignatureStatus = sig.checkSignature(assertionDoc.toString());
|
|
@@ -699,11 +690,9 @@ xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="{ID}"
|
|
|
699
690
|
}
|
|
700
691
|
// ✅ 优化5: 修复断言内容获取路径(精确匹配)
|
|
701
692
|
else if (!encrypted && (isMessageSigned || isAssertionSigned)) {
|
|
702
|
-
const assertions = select("/*[local-name() = 'Response' or local-name() = 'AuthnRequest']/*[local-name() = 'Assertion']",
|
|
703
|
-
|
|
704
|
-
|
|
705
|
-
if (assertions.length > 0) {
|
|
706
|
-
// @ts-expect-error misssing Node properties are not needed
|
|
693
|
+
const assertions = toNodeArray(select("/*[local-name() = 'Response' or local-name() = 'AuthnRequest']/*[local-name() = 'Assertion']", doc));
|
|
694
|
+
if (assertions?.length > 0) {
|
|
695
|
+
// @ts-ignore
|
|
707
696
|
assertionContent = assertions[0].toString();
|
|
708
697
|
}
|
|
709
698
|
}
|
|
@@ -735,9 +724,9 @@ xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="{ID}"
|
|
|
735
724
|
const artifactResponseXpath = "/*[local-name()='Envelope']/*[local-name()='Body']/*[local-name()='ArtifactResponse']";
|
|
736
725
|
// 检测 ArtifactResolve 或 ArtifactResponse 的存在
|
|
737
726
|
// @ts-expect-error
|
|
738
|
-
const artifactResolveNodes = select(artifactResolveXpath, doc);
|
|
727
|
+
const artifactResolveNodes = toNodeArray(select(artifactResolveXpath, doc));
|
|
739
728
|
// @ts-expect-error
|
|
740
|
-
const artifactResponseNodes = select(artifactResponseXpath, doc);
|
|
729
|
+
const artifactResponseNodes = toNodeArray(select(artifactResponseXpath, doc));
|
|
741
730
|
// 根据消息类型选择合适的 XPath
|
|
742
731
|
let basePath = "";
|
|
743
732
|
if (artifactResolveNodes.length > 0) {
|
|
@@ -756,16 +745,16 @@ xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="{ID}"
|
|
|
756
745
|
const encryptedAssertionsXpath = `${basePath}/*[local-name(.)='Response']/*[local-name(.)='EncryptedAssertion']`;
|
|
757
746
|
// 包装攻击检测
|
|
758
747
|
// @ts-expect-error
|
|
759
|
-
const wrappingElementNode = select(wrappingElementsXPath, doc);
|
|
748
|
+
const wrappingElementNode = toNodeArray(select(wrappingElementsXPath, doc));
|
|
760
749
|
if (wrappingElementNode.length !== 0) {
|
|
761
750
|
throw new Error('ERR_POTENTIAL_WRAPPING_ATTACK');
|
|
762
751
|
}
|
|
763
752
|
// @ts-expect-error
|
|
764
|
-
const encryptedAssertions = select(encryptedAssertionsXpath, doc);
|
|
753
|
+
const encryptedAssertions = toNodeArray(select(encryptedAssertionsXpath, doc));
|
|
765
754
|
// @ts-expect-error
|
|
766
|
-
const messageSignatureNode = select(messageSignatureXpath, doc);
|
|
755
|
+
const messageSignatureNode = toNodeArray(select(messageSignatureXpath, doc));
|
|
767
756
|
// @ts-expect-error
|
|
768
|
-
const assertionSignatureNode = select(assertionSignatureXpath, doc);
|
|
757
|
+
const assertionSignatureNode = toNodeArray(select(assertionSignatureXpath, doc));
|
|
769
758
|
let selection = [];
|
|
770
759
|
if (messageSignatureNode.length > 0) {
|
|
771
760
|
selection = selection.concat(messageSignatureNode);
|
|
@@ -839,9 +828,9 @@ xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="{ID}"
|
|
|
839
828
|
switch (rootNode?.localName) {
|
|
840
829
|
case 'Response':
|
|
841
830
|
// @ts-expect-error
|
|
842
|
-
const encryptedAssert = select("./*[local-name()='EncryptedAssertion']", rootNode);
|
|
831
|
+
const encryptedAssert = toNodeArray(select("./*[local-name()='EncryptedAssertion']", rootNode));
|
|
843
832
|
// @ts-expect-error
|
|
844
|
-
const assertions = select("./*[local-name()='Assertion']", rootNode);
|
|
833
|
+
const assertions = toNodeArray(select("./*[local-name()='Assertion']", rootNode));
|
|
845
834
|
if (encryptedAssert.length === 1) {
|
|
846
835
|
return [true, encryptedAssert[0].toString(), true, false, hasUnsafeSignatureAlgorithm, unsafeSignatureAlgorithm];
|
|
847
836
|
}
|
|
@@ -903,7 +892,7 @@ xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="{ID}"
|
|
|
903
892
|
*/
|
|
904
893
|
constructMessageSignature(octetString, key, passphrase, isBase64, signingAlgorithm) {
|
|
905
894
|
try {
|
|
906
|
-
const algorithm = getSigningAlgorithm(signingAlgorithm);
|
|
895
|
+
const algorithm = getSigningAlgorithm(signingAlgorithm ?? signatureAlgorithms.RSA_SHA256);
|
|
907
896
|
const privateKeyPem = utility.readPrivateKey(key, passphrase); // 假设utility对象存在
|
|
908
897
|
const signer = crypto.createSign(algorithm);
|
|
909
898
|
signer.update(octetString, 'utf8');
|
|
@@ -975,12 +964,9 @@ xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="{ID}"
|
|
|
975
964
|
}
|
|
976
965
|
const sourceEntitySetting = sourceEntity.entitySetting;
|
|
977
966
|
const targetEntityMetadata = targetEntity.entityMeta;
|
|
978
|
-
console.log(targetEntityMetadata);
|
|
979
|
-
console.log("看一下是什么=====");
|
|
980
967
|
const { dom } = getContext();
|
|
981
968
|
const doc = dom.parseFromString(xml, 'application/xml');
|
|
982
|
-
|
|
983
|
-
const assertions = select("//*[local-name(.)='Assertion']", doc);
|
|
969
|
+
const assertions = toNodeArray(select("//*[local-name(.)='Assertion']", doc));
|
|
984
970
|
if (!Array.isArray(assertions) || assertions.length === 0) {
|
|
985
971
|
throw new Error('ERR_NO_ASSERTION');
|
|
986
972
|
}
|
|
@@ -1013,7 +999,6 @@ xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="{ID}"
|
|
|
1013
999
|
}
|
|
1014
1000
|
const { encryptedAssertion: encAssertionPrefix } = sourceEntitySetting.tagPrefix;
|
|
1015
1001
|
const encryptAssertionDoc = dom.parseFromString(`<${encAssertionPrefix}:EncryptedAssertion xmlns:${encAssertionPrefix}="${namespace.names.assertion}">${res}</${encAssertionPrefix}:EncryptedAssertion>`, 'application/xml');
|
|
1016
|
-
// @ts-expect-error misssing Node properties are not needed
|
|
1017
1002
|
doc.documentElement.replaceChild(encryptAssertionDoc.documentElement, rawAssertionNode);
|
|
1018
1003
|
return resolve(utility.base64Encode(doc.toString()));
|
|
1019
1004
|
});
|
|
@@ -1033,8 +1018,7 @@ xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="{ID}"
|
|
|
1033
1018
|
const hereSetting = here.entitySetting;
|
|
1034
1019
|
const { dom } = getContext();
|
|
1035
1020
|
const doc = dom.parseFromString(entireXML, 'application/xml');
|
|
1036
|
-
|
|
1037
|
-
const encryptedAssertions = select("/*[contains(local-name(), 'Response')]/*[local-name(.)='EncryptedAssertion']", doc);
|
|
1021
|
+
const encryptedAssertions = toNodeArray(select("/*[contains(local-name(), 'Response')]/*[local-name(.)='EncryptedAssertion']", doc));
|
|
1038
1022
|
if (!Array.isArray(encryptedAssertions) || encryptedAssertions.length === 0) {
|
|
1039
1023
|
throw new Error('ERR_UNDEFINED_ENCRYPTED_ASSERTION');
|
|
1040
1024
|
}
|
|
@@ -1068,12 +1052,10 @@ xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="{ID}"
|
|
|
1068
1052
|
const decryptedAssertionDoc = dom.parseFromString(decryptedResult, 'application/xml');
|
|
1069
1053
|
let AssertionSignatureStatus = false;
|
|
1070
1054
|
// 检查解密后的断言是否有签名
|
|
1071
|
-
|
|
1072
|
-
const assertionSignatureNode = select("/*[local-name(.)='Assertion']/*[local-name(.)='Signature']", decryptedAssertionDoc);
|
|
1055
|
+
const assertionSignatureNode = toNodeArray(select("/*[local-name(.)='Assertion']/*[local-name(.)='Signature']", decryptedAssertionDoc));
|
|
1073
1056
|
if (assertionSignatureNode.length > 0 && opts) {
|
|
1074
1057
|
// 解密后的断言有签名,需要验证
|
|
1075
1058
|
const signatureNode = assertionSignatureNode[0];
|
|
1076
|
-
// @ts-expect-error misssing Node properties are not needed
|
|
1077
1059
|
const signatureAlgorithm = xpath.select1(".//*[local-name(.)='SignatureMethod']/@Algorithm", signatureNode);
|
|
1078
1060
|
let checkResult = checkUnsafeSignatureAlgorithm(signatureAlgorithm.value || '');
|
|
1079
1061
|
hasUnsafeSignatureAlgorithm = checkResult.hasUnsafeSignatureAlgorithm;
|
|
@@ -1086,7 +1068,6 @@ xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="{ID}"
|
|
|
1086
1068
|
sig.publicCert = fs.readFileSync(opts.keyFile);
|
|
1087
1069
|
}
|
|
1088
1070
|
else if (opts.metadata) {
|
|
1089
|
-
// @ts-expect-error misssing Node properties are not needed
|
|
1090
1071
|
const certificateNode = select(".//*[local-name(.)='X509Certificate']", signatureNode);
|
|
1091
1072
|
let metadataCert = opts.metadata.getX509Certificate(certUse.signing);
|
|
1092
1073
|
if (Array.isArray(metadataCert)) {
|
|
@@ -1116,7 +1097,6 @@ xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="{ID}"
|
|
|
1116
1097
|
hasUnsafeSignatureAlgorithm = checkSafeResult.hasUnsafeSignatureAlgorithm;
|
|
1117
1098
|
unsafeSignatureAlgorithm = checkSafeResult.unsafeSignatureAlgorithm ?? "";
|
|
1118
1099
|
sig.signatureAlgorithm = opts.signatureAlgorithm;
|
|
1119
|
-
// @ts-expect-error misssing Node properties are not needed
|
|
1120
1100
|
sig.loadSignature(signatureNode);
|
|
1121
1101
|
// 验证解密后断言的签名
|
|
1122
1102
|
const assertionDocForVerification = dom.parseFromString(decryptedResult, 'application/xml');
|
package/build/src/libsamlSoap.js
CHANGED
|
@@ -6,6 +6,13 @@ import utility, { flattenDeep } from "./utility.js";
|
|
|
6
6
|
import libsaml from "./libsaml.js";
|
|
7
7
|
import { wording } from "./urn.js";
|
|
8
8
|
import { DOMParser } from '@xmldom/xmldom';
|
|
9
|
+
function toNodeArray(result) {
|
|
10
|
+
if (Array.isArray(result))
|
|
11
|
+
return result;
|
|
12
|
+
if (result != null && typeof result === 'object' && 'nodeType' in result)
|
|
13
|
+
return [result];
|
|
14
|
+
return [];
|
|
15
|
+
}
|
|
9
16
|
const certUse = wording.certUse;
|
|
10
17
|
const docParser = new DOMParser();
|
|
11
18
|
async function verifyAndDecryptSoapMessage(xml, opts) {
|
|
@@ -18,9 +25,9 @@ async function verifyAndDecryptSoapMessage(xml, opts) {
|
|
|
18
25
|
const artifactResponseXpath = "/*[local-name()='Envelope']/*[local-name()='Body']/*[local-name()='ArtifactResponse']";
|
|
19
26
|
// 检测 ArtifactResolve 或 ArtifactResponse 的存在
|
|
20
27
|
// @ts-expect-error
|
|
21
|
-
const artifactResolveNodes = select(artifactResolveXpath, doc);
|
|
28
|
+
const artifactResolveNodes = toNodeArray(select(artifactResolveXpath, doc));
|
|
22
29
|
// @ts-expect-error
|
|
23
|
-
const artifactResponseNodes = select(artifactResponseXpath, doc);
|
|
30
|
+
const artifactResponseNodes = toNodeArray(select(artifactResponseXpath, doc));
|
|
24
31
|
// 根据消息类型选择合适的 XPath
|
|
25
32
|
let basePath = "";
|
|
26
33
|
if (artifactResolveNodes?.length > 0) {
|
|
@@ -37,7 +44,7 @@ async function verifyAndDecryptSoapMessage(xml, opts) {
|
|
|
37
44
|
// 基于 SOAP 结构重新定义 XPath
|
|
38
45
|
const messageSignatureXpath = `${basePath}/*[local-name(.)='Signature']`;
|
|
39
46
|
// @ts-expect-error
|
|
40
|
-
const messageSignatureNode = select(messageSignatureXpath, doc);
|
|
47
|
+
const messageSignatureNode = toNodeArray(select(messageSignatureXpath, doc));
|
|
41
48
|
let selection = [];
|
|
42
49
|
if (messageSignatureNode?.length > 0) {
|
|
43
50
|
selection = selection.concat(messageSignatureNode);
|
package/build/src/metadata.js
CHANGED
|
@@ -5,7 +5,7 @@
|
|
|
5
5
|
*/
|
|
6
6
|
import * as fs from 'fs';
|
|
7
7
|
import { namespace } from './urn.js';
|
|
8
|
-
import {
|
|
8
|
+
import { extract } from './extractor.js';
|
|
9
9
|
import { isString } from './utility.js';
|
|
10
10
|
export default class Metadata {
|
|
11
11
|
/**
|
|
@@ -15,7 +15,7 @@ export default class Metadata {
|
|
|
15
15
|
constructor(xml, extraParse = []) {
|
|
16
16
|
this.xmlString = xml.toString();
|
|
17
17
|
this.xmlString = xml.toString();
|
|
18
|
-
this.meta =
|
|
18
|
+
this.meta = extract(this.xmlString, extraParse.concat([
|
|
19
19
|
{
|
|
20
20
|
key: 'entityDescriptor',
|
|
21
21
|
localPath: ['EntityDescriptor'],
|
package/build/src/urn.js
CHANGED
|
@@ -186,7 +186,8 @@ const algorithms = {
|
|
|
186
186
|
// XML Signature 1.1 PSS 填充 (更安全)
|
|
187
187
|
RSA_PSS_SHA256: 'http://www.w3.org/2007/05/xmldsig-more#rsa-pss-sha256',
|
|
188
188
|
// EdDSA (Ed25519)
|
|
189
|
-
EDDSA_ED25519: 'http://www.w3.org/2007/05/xmldsig-more#eddsa-ed25519'
|
|
189
|
+
EDDSA_ED25519: 'http://www.w3.org/2007/05/xmldsig-more#eddsa-ed25519',
|
|
190
|
+
EDDSA_ED488: 'http://www.w3.org/2021/04/xmldsig-more#eddsa-ed448'
|
|
190
191
|
},
|
|
191
192
|
// 2. 摘要算法定义 (DigestMethod)
|
|
192
193
|
// 注意:这里直接使用标准推荐的 URI,SHA-2xx 系列推荐使用 xmlenc 命名空间
|
|
@@ -214,7 +215,8 @@ const algorithms = {
|
|
|
214
215
|
'http://www.w3.org/2007/05/xmldsig-more#ecdsa-sha512': 'http://www.w3.org/2001/04/xmlenc#sha512',
|
|
215
216
|
'http://www.w3.org/2007/05/xmldsig-more#rsa-pss-sha256': 'http://www.w3.org/2001/04/xmlenc#sha256',
|
|
216
217
|
// EdDSA 比较特殊,它内部硬编码了 SHA-512,但在 XML 结构中如果需要显式声明 DigestMethod,通常指向 SHA-512
|
|
217
|
-
'http://www.w3.org/2007/05/xmldsig-more#eddsa-ed25519': 'http://www.w3.org/2001/04/xmlenc#sha512'
|
|
218
|
+
'http://www.w3.org/2007/05/xmldsig-more#eddsa-ed25519': 'http://www.w3.org/2001/04/xmlenc#sha512',
|
|
219
|
+
'http://www.w3.org/2021/04/xmldsig-more#eddsa-ed448': 'http://www.w3.org/2001/04/xmldsig-more#shake256'
|
|
218
220
|
},
|
|
219
221
|
encryption: {
|
|
220
222
|
data: {
|
package/build/src/utility.js
CHANGED
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "samlesa",
|
|
3
|
-
"version": "3.4.
|
|
3
|
+
"version": "3.4.2",
|
|
4
4
|
"description": "High-level API for Single Sign On (SAML 2.0) baseed on samlify ",
|
|
5
5
|
"main": "build/index.js",
|
|
6
6
|
"keywords": [
|
|
@@ -42,7 +42,6 @@
|
|
|
42
42
|
},
|
|
43
43
|
"license": "MIT",
|
|
44
44
|
"dependencies": {
|
|
45
|
-
"@xmldom/is-dom-node": "^1.0.1",
|
|
46
45
|
"@xmldom/xmldom": "^0.9.8",
|
|
47
46
|
"axios": "^1.13.5",
|
|
48
47
|
"camelcase": "^9.0.0",
|
|
@@ -52,12 +51,12 @@
|
|
|
52
51
|
"vite-tsconfig-paths": "^6.1.1",
|
|
53
52
|
"xml": "^1.0.1",
|
|
54
53
|
"xml-crypto": "^6.1.2",
|
|
55
|
-
"xml-crypto-next": "^7.0.
|
|
54
|
+
"xml-crypto-next": "^7.0.4",
|
|
56
55
|
"xml-encryption-next": "^4.6.0",
|
|
57
56
|
"xml-escape": "^1.1.0",
|
|
58
57
|
"xml2js": "^0.6.2",
|
|
59
58
|
"xmllint-wasm": "^5.1.0",
|
|
60
|
-
"xpath": "^0.0.
|
|
59
|
+
"xpath": "^0.0.34"
|
|
61
60
|
},
|
|
62
61
|
"devDependencies": {
|
|
63
62
|
"@types/node": "^25.3.2",
|
package/types/src/entity-sp.d.ts
CHANGED
|
@@ -46,7 +46,7 @@ export declare class ServiceProvider extends Entity {
|
|
|
46
46
|
* @param {request} req request
|
|
47
47
|
*/
|
|
48
48
|
parseLoginRequestResolve(idp: any, xml: any): Promise<{
|
|
49
|
-
samlContent:
|
|
49
|
+
samlContent: any;
|
|
50
50
|
extract: any;
|
|
51
51
|
}>;
|
|
52
52
|
parseLoginResponseResolve(idp: IdentityProvider, art: string, request: ESamlHttpRequest): Promise<{
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"extractor.d.ts","sourceRoot":"","sources":["../../src/extractor.ts"],"names":[],"mappings":"AAMA,UAAU,cAAc;IACtB,GAAG,EAAE,MAAM,CAAC;IACZ,SAAS,CAAC,EAAE,MAAM,EAAE,GAAG,MAAM,EAAE,EAAE,CAAC;IAClC,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;IACtB,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;IACjB,aAAa,CAAC,EAAE,MAAM,EAAE,CAAC;IACzB,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB,aAAa,CAAC,EAAE,CAAC,IAAI,EAAE,GAAG,KAAK,GAAG,CAAC;IAEnC,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;
|
|
1
|
+
{"version":3,"file":"extractor.d.ts","sourceRoot":"","sources":["../../src/extractor.ts"],"names":[],"mappings":"AAMA,UAAU,cAAc;IACtB,GAAG,EAAE,MAAM,CAAC;IACZ,SAAS,CAAC,EAAE,MAAM,EAAE,GAAG,MAAM,EAAE,EAAE,CAAC;IAClC,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;IACtB,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;IACjB,aAAa,CAAC,EAAE,MAAM,EAAE,CAAC;IACzB,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB,aAAa,CAAC,EAAE,CAAC,IAAI,EAAE,GAAG,KAAK,GAAG,CAAC;IAEnC,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAOD,MAAM,MAAM,eAAe,GAAG,cAAc,EAAE,CAAC;AA4B/C,eAAO,MAAM,kBAAkB,EAAE,eAsFhC,CAAC;AAKF,eAAO,MAAM,qBAAqB,EAAE,eAKnC,CAAC;AAEF,eAAO,MAAM,sBAAsB,EAAE,eAKpC,CAAC;AAEF,eAAO,MAAM,yBAAyB,EAAE,eAGvC,CAAC;AAEF,eAAO,MAAM,iCAAiC,EAAE,eAG/C,CAAC;AAEF,eAAO,MAAM,0BAA0B,EAAE,eAGxC,CAAC;AAEF,eAAO,MAAM,mBAAmB,EAAE,CAAC,CAAC,SAAS,EAAE,GAAG,KAAK,eAAe,CAWrE,CAAC;AAqMF,eAAO,MAAM,mBAAmB,EAAE,eAMjC,CAAC;AAEF,eAAO,MAAM,oBAAoB,EAAE,eAIlC,CAAC;AAKF,eAAO,MAAM,iBAAiB,EAAE,eAiI/B,CAAC;AAOF,eAAO,MAAM,gBAAgB,EAAE,eAyL9B,CAAC;AAEF,wBAAgB,OAAO,CAAC,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,eAAe,OAiN/D;AASD,eAAO,MAAM,2BAA2B,EAAE,eAkZzC,CAAC;AAIF;;GAEG;AACH,wBAAgB,aAAa,CAAC,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,eAAe,OAkRrE;AAKD,wBAAgB,aAAa,CAAC,OAAO,EAAE,MAAM,OAE5C;AAED,wBAAgB,UAAU,CAAC,OAAO,EAAE,MAAM,OAEzC;AAGD,wBAAgB,SAAS,CAAC,OAAO,EAAE,MAAM,OAExC;AACD,wBAAgB,kBAAkB,CAAC,OAAO,EAAE,MAAM,OAEjD;AACD,wBAAgB,eAAe,CAAC,OAAO,EAAE,MAAM,EAAC,GAAG,EAAC,GAAG,OAEtD"}
|
package/types/src/flow.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"flow.d.ts","sourceRoot":"","sources":["../../src/flow.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"flow.d.ts","sourceRoot":"","sources":["../../src/flow.ts"],"names":[],"mappings":"AAuBA,MAAM,WAAW,UAAU;IACvB,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,EAAE,GAAG,CAAC;IACb,MAAM,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CAC1B;AAqsBD,wBAAgB,WAAW,CAAC,OAAO,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC,CA8BhG;AAED,wBAAgB,IAAI,CAAC,OAAO,KAAA,GAAG,OAAO,CAAC,UAAU,CAAC,CA0BjD"}
|
package/types/src/libsaml.d.ts
CHANGED
|
@@ -199,20 +199,7 @@ declare const _default: {
|
|
|
199
199
|
* @param self
|
|
200
200
|
* @returns 验证结果对象
|
|
201
201
|
*/
|
|
202
|
-
verifySignature(xml: string, opts: SignatureVerifierOptions, self: any): Promise<
|
|
203
|
-
isMessageSigned: boolean;
|
|
204
|
-
MessageSignatureStatus: boolean;
|
|
205
|
-
isAssertionSigned: boolean;
|
|
206
|
-
AssertionSignatureStatus: boolean;
|
|
207
|
-
encrypted: boolean;
|
|
208
|
-
decrypted: boolean;
|
|
209
|
-
type: "AuthnRequest" | "LogoutRequest" | "Response" | "LogoutResponse" | "Unknown";
|
|
210
|
-
status: boolean;
|
|
211
|
-
samlContent: string;
|
|
212
|
-
assertionContent: null;
|
|
213
|
-
hasUnsafeSignatureAlgorithm: boolean;
|
|
214
|
-
unsafeSignatureAlgorithm: string;
|
|
215
|
-
}>;
|
|
202
|
+
verifySignature(xml: string, opts: SignatureVerifierOptions, self: any): Promise<any>;
|
|
216
203
|
verifySignatureSoap(xml: string, opts: SignatureVerifierOptions): (string | boolean | null)[];
|
|
217
204
|
/**
|
|
218
205
|
* @desc Helper function to create the key section in metadata (abstraction for signing and encrypt use)
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"libsaml.d.ts","sourceRoot":"","sources":["../../src/libsaml.ts"],"names":[],"mappings":"AAQA,OAAQ,KAAK,MAAM,MAAM,aAAa,CAAA;AAItC,OAAO,KAAK,EAAC,iBAAiB,EAAC,MAAM,eAAe,CAAC;
|
|
1
|
+
{"version":3,"file":"libsaml.d.ts","sourceRoot":"","sources":["../../src/libsaml.ts"],"names":[],"mappings":"AAQA,OAAQ,KAAK,MAAM,MAAM,aAAa,CAAA;AAItC,OAAO,KAAK,EAAC,iBAAiB,EAAC,MAAM,eAAe,CAAC;AAoBrD;;;;GAIG;AAGH,MAAM,WAAW,oBAAoB;IACnC,cAAc,EAAE,MAAM,CAAC;IACvB,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,UAAU,EAAE,MAAM,CAAC;IACnB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,WAAW,EAAE,MAAM,GAAG,MAAM,CAAC;IAC7B,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,eAAe,CAAC,EAAE,GAAG,CAAC;IACtB,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,wBAAwB,CAAC,EAAE,MAAM,EAAE,CAAC;CACrC;AAED,MAAM,WAAW,wBAAwB;IACvC,QAAQ,CAAC,EAAE,iBAAiB,CAAC;IAC7B,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,kBAAkB,CAAC,EAAE,MAAM,CAAC;CAC7B;AAED,MAAM,WAAW,eAAe;IAC9B,CAAC,GAAG,EAAE,MAAM,GAAG,GAAG,CAAC;IAEnB,SAAS,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IAC9B,MAAM,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IAC3B,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,OAAO,CAAC;CACpB;AAED,MAAM,WAAW,sBAAsB;IACrC,IAAI,EAAE,MAAM,CAAC;IACb,UAAU,EAAE,MAAM,CAAC;IACnB,YAAY,EAAE,MAAM,CAAC;IACrB,QAAQ,EAAE,MAAM,CAAC;IACjB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,IAAI,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;CAC1B;AAED,MAAM,WAAW,gCAAgC;IAC/C,0BAA0B,CAAC,EAAE,0BAA0B,CAAC;IACxD,iBAAiB,CAAC,EAAE,iBAAiB,CAAC;CACvC;AAED,MAAM,WAAW,gBAAgB;IAC/B,OAAO,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,qBAAsB,SAAQ,gBAAgB;IAC7D,UAAU,CAAC,EAAE,sBAAsB,EAAE,CAAC;IACtC,mBAAmB,CAAC,EAAE,gCAAgC,CAAC;CACxD;AAED,MAAM,WAAW,0BAA2B,SAAQ,gBAAgB;CACnE;AAED,MAAM,WAAW,iBAAkB,SAAQ,gBAAgB;CAC1D;AAED,MAAM,WAAW,oBAAqB,SAAQ,gBAAgB;CAC7D;AAED,MAAM,WAAW,qBAAsB,SAAQ,gBAAgB;CAC9D;AAED,MAAM,WAAW,sBAAuB,SAAQ,gBAAgB;CAC/D;AAED,MAAM,MAAM,MAAM,GAAG,SAAS,GAAG,YAAY,CAAC;AAE9C,MAAM,WAAW,YAAY;IAC3B,CAAC,GAAG,EAAE,MAAM,GAAG,GAAG,CAAC;CACpB;AAED,MAAM,WAAW,gBAAgB;IAC/B,mBAAmB,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,MAAM,CAAC;IAC9C,WAAW,EAAE,CAAC,KAAK,KAAA,EAAE,YAAY,CAAC,EAAE,OAAO,KAAK,MAAM,CAAC;IACvD,kBAAkB,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,GAAG,KAAK,MAAM,CAAC;IAC/D,yBAAyB,EAAE,CAAC,UAAU,EAAE,sBAAsB,EAAE,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,0BAA0B,EAAE,0BAA0B,KAAK,MAAM,CAAC;IAC1K,sBAAsB,EAAE,CAAC,IAAI,EAAE,oBAAoB,KAAK,MAAM,CAAC;IAC/D,eAAe,EAAE,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,EAAE,wBAAwB,KAAK,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;IACjF,gBAAgB,EAAE,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,MAAM,KAAK,EAAE,CAAC;IAC7D,yBAAyB,EAAE,CAAC,WAAW,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,EAAE,UAAU,CAAC,EAAE,MAAM,EAAE,QAAQ,CAAC,EAAE,OAAO,EAAE,gBAAgB,CAAC,EAAE,MAAM,KAAK,MAAM,CAAC;IAE5I,sBAAsB,EAAE,CAAC,QAAQ,KAAA,EAAE,WAAW,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,MAAM,EAAE,eAAe,CAAC,EAAE,MAAM,KAAK,OAAO,CAAC;IACzH,UAAU,EAAE,CAAC,eAAe,EAAE,MAAM,EAAE,eAAe,CAAC,EAAE,GAAG,KAAK,IAAI,CAAC;IACrE,gBAAgB,EAAE,CAAC,YAAY,KAAA,EAAE,YAAY,KAAA,EAAE,SAAS,EAAE,MAAM,KAAK,OAAO,CAAC,MAAM,CAAC,CAAC;IACrF,gBAAgB,EAAE,CAAC,IAAI,KAAA,EAAE,SAAS,EAAE,MAAM,KAAK,OAAO,CAAC,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,CAAC;IAEtE,gBAAgB,EAAE,CAAC,MAAM,EAAE,MAAM,KAAK,MAAM,GAAG,IAAI,CAAC;IACpD,eAAe,EAAE,CAAC,MAAM,EAAE,MAAM,KAAK,MAAM,GAAG,IAAI,CAAC;IAEnD,2BAA2B,EAAE,oBAAoB,CAAC;IAClD,4BAA4B,EAAE,qBAAqB,CAAC;IACpD,iCAAiC,EAAE,0BAA0B,CAAC;IAC9D,wBAAwB,EAAE,iBAAiB,CAAC;IAC5C,4BAA4B,EAAE,qBAAqB,CAAC;IACpD,6BAA6B,EAAE,sBAAsB,CAAC;CACvD;;6CAwN4C,OAAO,KAAG,MAAM;gCA3MxB,MAAM;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;wDAgBkB,MAAM;;;;IAwO/D;;;;;OAKG;+BACwB,MAAM,aAAa,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,MAAM;IAS9E;;;;;;OAMG;IACH,eAAe;6CAC0B,GAAG,EAAE,GAAG,MAAM;IA0CvD;;;OAGG;iCAC0B;QAC3B,eAAe,CAAC,EAAE,OAAO,CAAC;QAC1B,UAAU,EAAE,MAAM,GAAG,MAAM,CAAC;QAC5B,cAAc,CAAC,EAAE,MAAM,CAAC;QACxB,kBAAkB,EAAE,MAAM,CAAC;QAC3B,WAAW,EAAE,GAAG,CAAC;QACjB,cAAc,CAAC,EAAE,OAAO,CAAC;QACzB,cAAc,EAAE,GAAG,CAAC;QACpB,wBAAwB,CAAC,EAAE,MAAM,EAAE,GAAG,SAAS,CAAC;QAChD,iBAAiB,EAAE,MAAM,CAAC;QAC1B,eAAe,EAAE;YAAE,MAAM,EAAE,MAAM,CAAC;YAAC,QAAQ,EAAE;gBAAE,SAAS,EAAE,MAAM,CAAC;gBAAC,MAAM,EAAE,MAAM,CAAA;aAAE,CAAA;SAAE,CAAA;KACrF,GAAG,MAAM;2CA0D6B,MAAM,mBAAmB,MAAM;;;;;;;;;;;;;IAmCtE;;;;;;OAMG;yBAEwB,MAAM,QAAQ,wBAAwB,QAAQ,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC;6BA0WlE,MAAM,QAAQ,wBAAwB;IAuK/D;;;;;OAKG;0BACmB,MAAM,cAAc,MAAM,GAAG,MAAM,GAAG,YAAY;IAsBxE;;;;;;;;OAQG;2CAGY,MAAM,OAChB,MAAM,eACE,MAAM,aACR,OAAO,qBACC,MAAM,GAC1B,MAAM,GAAG,MAAM;IAyBd;;;;;;;OAOG;qCAES,GAAG,eACF,MAAM,aACR,MAAM,GAAG,MAAM,oBACR,MAAM;IAmB1B;;;;SAIK;gCACyB,MAAM,oBAAmB,GAAG;;;;IAWxD;;;;;;OAMG;iEAEgD,MAAM;IA2DzD;;OAEG;IACH;;OAEG;+CACmC,MAAM,SAAS,wBAAwB;;;;;;IAsH7E;;;;;OAKG;+BAC8B,GAAG,aAAa,MAAM,GAAG,OAAO,CAAC,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IA8EnF;;OAEG;sBACqB,MAAM,SAAQ,OAAO;;AA8BjD,wBAAyB"}
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
import { SignatureVerifierOptions } from "./libsaml.js";
|
|
2
|
-
declare function verifyAndDecryptSoapMessage(xml: any, opts: SignatureVerifierOptions): Promise<
|
|
2
|
+
declare function verifyAndDecryptSoapMessage(xml: any, opts: SignatureVerifierOptions): Promise<any[]>;
|
|
3
3
|
declare const _default: {
|
|
4
4
|
verifyAndDecryptSoapMessage: typeof verifyAndDecryptSoapMessage;
|
|
5
5
|
};
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"libsamlSoap.d.ts","sourceRoot":"","sources":["../../src/libsamlSoap.ts"],"names":[],"mappings":"AAKA,OAAgB,EAAC,wBAAwB,EAAC,MAAM,cAAc,CAAC;
|
|
1
|
+
{"version":3,"file":"libsamlSoap.d.ts","sourceRoot":"","sources":["../../src/libsamlSoap.ts"],"names":[],"mappings":"AAKA,OAAgB,EAAC,wBAAwB,EAAC,MAAM,cAAc,CAAC;AAY/D,iBAAe,2BAA2B,CAAC,GAAG,KAAA,EAAE,IAAI,EAAE,wBAAwB,kBA4C7E;;;;AA8ED,wBAEC"}
|
package/types/src/urn.d.ts
CHANGED
|
@@ -167,6 +167,7 @@ declare const algorithms: {
|
|
|
167
167
|
RSA_SHA512: string;
|
|
168
168
|
RSA_PSS_SHA256: string;
|
|
169
169
|
EDDSA_ED25519: string;
|
|
170
|
+
EDDSA_ED488: string;
|
|
170
171
|
};
|
|
171
172
|
digest: {
|
|
172
173
|
SHA1: string;
|
|
@@ -190,6 +191,7 @@ declare const algorithms: {
|
|
|
190
191
|
'http://www.w3.org/2007/05/xmldsig-more#ecdsa-sha512': string;
|
|
191
192
|
'http://www.w3.org/2007/05/xmldsig-more#rsa-pss-sha256': string;
|
|
192
193
|
'http://www.w3.org/2007/05/xmldsig-more#eddsa-ed25519': string;
|
|
194
|
+
'http://www.w3.org/2021/04/xmldsig-more#eddsa-ed448': string;
|
|
193
195
|
};
|
|
194
196
|
encryption: {
|
|
195
197
|
data: {
|
package/types/src/urn.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"urn.d.ts","sourceRoot":"","sources":["../../src/urn.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,oBAAY,gBAAgB;IAC1B,QAAQ,uDAAuD;IAC/D,IAAI,mDAAmD;IACvD,UAAU,8DAA8D;IACxE,QAAQ,uDAAuD;CAChE;AAED,oBAAY,qBAAqB;IAC/B,GAAG,sBAAsB;IACzB,GAAG,sBAAsB;CAC1B;AAED,oBAAY,UAAU;IAEpB,OAAO,+CAA+C;IACtD,SAAS,iDAAiD;IAC1D,SAAS,iDAAiD;IAC1D,eAAe,uDAAuD;IAEtE,UAAU,mDAAmD;IAC7D,sBAAsB,8DAA8D;IACpF,mBAAmB,2DAA2D;IAC9E,cAAc,sDAAsD;IACpE,cAAc,sDAAsD;IACpE,SAAS,iDAAiD;IAC1D,cAAc,sDAAsD;IACpE,aAAa,qDAAqD;IAClE,kBAAkB,0DAA0D;IAC5E,aAAa,qDAAqD;IAClE,kBAAkB,0DAA0D;IAC5E,wBAAwB,gEAAgE;IACxF,qBAAqB,6DAA6D;IAClF,oBAAoB,4DAA4D;IAChF,qBAAqB,6DAA6D;IAClF,gBAAgB,wDAAwD;IACxE,kBAAkB,0DAA0D;IAC5E,gBAAgB,wDAAwD;IACxE,kBAAkB,0DAA0D;CAC7E;AAED,QAAA,MAAM,SAAS;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CA8Fd,CAAC;AAEF,QAAA,MAAM,IAAI;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CA+BT,CAAC;AAEF,QAAA,MAAM,qBAAqB;;;;;CAK1B,CAAC;AAEF,QAAA,MAAM,UAAU
|
|
1
|
+
{"version":3,"file":"urn.d.ts","sourceRoot":"","sources":["../../src/urn.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,oBAAY,gBAAgB;IAC1B,QAAQ,uDAAuD;IAC/D,IAAI,mDAAmD;IACvD,UAAU,8DAA8D;IACxE,QAAQ,uDAAuD;CAChE;AAED,oBAAY,qBAAqB;IAC/B,GAAG,sBAAsB;IACzB,GAAG,sBAAsB;CAC1B;AAED,oBAAY,UAAU;IAEpB,OAAO,+CAA+C;IACtD,SAAS,iDAAiD;IAC1D,SAAS,iDAAiD;IAC1D,eAAe,uDAAuD;IAEtE,UAAU,mDAAmD;IAC7D,sBAAsB,8DAA8D;IACpF,mBAAmB,2DAA2D;IAC9E,cAAc,sDAAsD;IACpE,cAAc,sDAAsD;IACpE,SAAS,iDAAiD;IAC1D,cAAc,sDAAsD;IACpE,aAAa,qDAAqD;IAClE,kBAAkB,0DAA0D;IAC5E,aAAa,qDAAqD;IAClE,kBAAkB,0DAA0D;IAC5E,wBAAwB,gEAAgE;IACxF,qBAAqB,6DAA6D;IAClF,oBAAoB,4DAA4D;IAChF,qBAAqB,6DAA6D;IAClF,gBAAgB,wDAAwD;IACxE,kBAAkB,0DAA0D;IAC5E,gBAAgB,wDAAwD;IACxE,kBAAkB,0DAA0D;CAC7E;AAED,QAAA,MAAM,SAAS;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CA8Fd,CAAC;AAEF,QAAA,MAAM,IAAI;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CA+BT,CAAC;AAEF,QAAA,MAAM,qBAAqB;;;;;CAK1B,CAAC;AAEF,QAAA,MAAM,UAAU;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;QAmFZ;;;WAGG;;;;;;;;;;;;;CAwBN,CAAC;AAaF,oBAAY,UAAU;IACpB,WAAW,gBAAgB;IAC3B,YAAY,iBAAiB;IAC7B,aAAa,kBAAkB;IAC/B,cAAc,mBAAmB;CAClC;AAED,QAAA,MAAM,OAAO;;;;;;;;;;;;;;;;;;;;;;;;;CAyBZ,CAAC;AAIF,QAAA,MAAM,aAAa;;;;CAIlB,CAAC;AAEF,OAAO,EAAC,SAAS,EAAE,IAAI,EAAE,UAAU,EAAE,OAAO,EAAE,aAAa,EAAE,qBAAqB,EAAC,CAAC"}
|