samlesa 3.4.3 → 3.5.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +260 -25
- package/build/src/binding-artifact.js +150 -213
- package/build/src/entity-idp.js +2 -1
- package/build/src/entity-sp.js +19 -17
- package/build/src/flow.js +1 -8
- package/build/src/schemaValidator.js +5 -7
- package/build/src/urn.js +93 -11
- package/build/src/utility.js +71 -0
- package/package.json +17 -4
- package/types/src/binding-artifact.d.ts +53 -17
- package/types/src/binding-artifact.d.ts.map +1 -1
- package/types/src/entity-idp.d.ts.map +1 -1
- package/types/src/entity-sp.d.ts +12 -14
- package/types/src/entity-sp.d.ts.map +1 -1
- package/types/src/flow.d.ts.map +1 -1
- package/types/src/schemaValidator.d.ts.map +1 -1
- package/types/src/urn.d.ts +53 -5
- package/types/src/urn.d.ts.map +1 -1
- package/types/src/utility.d.ts +17 -0
- package/types/src/utility.d.ts.map +1 -1
package/build/src/entity-sp.js
CHANGED
|
@@ -4,12 +4,11 @@
|
|
|
4
4
|
* @desc Declares the actions taken by service provider
|
|
5
5
|
*/
|
|
6
6
|
import Entity from './entity.js';
|
|
7
|
-
import
|
|
7
|
+
import artifactBinding from './binding-artifact.js';
|
|
8
8
|
import { namespace } from './urn.js';
|
|
9
9
|
import redirectBinding from './binding-redirect.js';
|
|
10
10
|
import postBinding from './binding-post.js';
|
|
11
11
|
import simpleSignBinding from './binding-simplesign.js';
|
|
12
|
-
import artifactSignBinding from './binding-artifact.js';
|
|
13
12
|
import { flow } from './flow.js';
|
|
14
13
|
/*
|
|
15
14
|
* @desc interface function
|
|
@@ -19,8 +18,7 @@ export default function (props) {
|
|
|
19
18
|
}
|
|
20
19
|
/**
|
|
21
20
|
* @desc Service provider can be configured using either metadata importing or spSetting
|
|
22
|
-
* @param {object}
|
|
23
|
-
|
|
21
|
+
* @param {object} spSetting
|
|
24
22
|
*/
|
|
25
23
|
export class ServiceProvider extends Entity {
|
|
26
24
|
/**
|
|
@@ -61,8 +59,13 @@ export class ServiceProvider extends Entity {
|
|
|
61
59
|
// Object context = {id, context, signature, sigAlg}
|
|
62
60
|
context = simpleSignBinding.base64LoginRequest({ idp, sp: this }, customTagReplacement);
|
|
63
61
|
break;
|
|
62
|
+
case nsBinding.artifact:
|
|
63
|
+
context = artifactBinding.soapLoginRequest("/*[local-name(.)='AuthnRequest']", {
|
|
64
|
+
idp,
|
|
65
|
+
sp: this
|
|
66
|
+
}, customTagReplacement);
|
|
67
|
+
break;
|
|
64
68
|
default:
|
|
65
|
-
// Will support artifact in the next release
|
|
66
69
|
throw new Error('ERR_SP_LOGIN_REQUEST_UNDEFINED_BINDING');
|
|
67
70
|
}
|
|
68
71
|
return {
|
|
@@ -73,13 +76,7 @@ export class ServiceProvider extends Entity {
|
|
|
73
76
|
};
|
|
74
77
|
}
|
|
75
78
|
async createLoginSoapRequest(idp, binding = 'artifact', config) {
|
|
76
|
-
const
|
|
77
|
-
const protocol = nsBinding[binding];
|
|
78
|
-
if (this.entityMeta.isAuthnRequestSigned() !== idp.entityMeta.isWantAuthnRequestsSigned()) {
|
|
79
|
-
throw new Error('ERR_METADATA_CONFLICT_REQUEST_SIGNED_FLAG');
|
|
80
|
-
}
|
|
81
|
-
let context = null;
|
|
82
|
-
context = await artifactSignBinding.soapLoginRequest("/*[local-name(.)='AuthnRequest']", {
|
|
79
|
+
const context = await artifactBinding.soapLoginRequest("/*[local-name(.)='AuthnRequest']", {
|
|
83
80
|
idp,
|
|
84
81
|
sp: this,
|
|
85
82
|
inResponse: config?.inResponseTo,
|
|
@@ -106,22 +103,27 @@ export class ServiceProvider extends Entity {
|
|
|
106
103
|
});
|
|
107
104
|
}
|
|
108
105
|
/**
|
|
109
|
-
* @desc
|
|
106
|
+
* @desc Parse and validate Artifact Resolve request
|
|
110
107
|
* @param {IdentityProvider} idp object of identity provider
|
|
111
|
-
* @param {string}
|
|
112
|
-
* @param {request} req request
|
|
108
|
+
* @param {string} xml SOAP request XML string
|
|
113
109
|
*/
|
|
114
110
|
parseLoginRequestResolve(idp, xml) {
|
|
115
111
|
const self = this;
|
|
116
|
-
return
|
|
112
|
+
return artifactBinding.parseLoginRequestResolve({
|
|
117
113
|
idp: idp,
|
|
118
114
|
sp: self,
|
|
119
115
|
xml: xml
|
|
120
116
|
});
|
|
121
117
|
}
|
|
118
|
+
/**
|
|
119
|
+
* @desc Resolve SAML Response by Artifact ID
|
|
120
|
+
* @param {IdentityProvider} idp object of identity provider
|
|
121
|
+
* @param {string} art Artifact string
|
|
122
|
+
* @param {request} req request
|
|
123
|
+
*/
|
|
122
124
|
parseLoginResponseResolve(idp, art, request) {
|
|
123
125
|
const self = this;
|
|
124
|
-
return
|
|
126
|
+
return artifactBinding.parseLoginResponseResolve({
|
|
125
127
|
idp: idp,
|
|
126
128
|
sp: self,
|
|
127
129
|
art: art
|
package/build/src/flow.js
CHANGED
|
@@ -225,7 +225,7 @@ async function postFlow(options) {
|
|
|
225
225
|
if (parserType === 'SAMLResponse'
|
|
226
226
|
&& extractedProperties.conditions
|
|
227
227
|
&& !verifyTime(extractedProperties.conditions.notBefore, extractedProperties.conditions.notOnOrAfter, self.entitySetting.clockDrifts)) {
|
|
228
|
-
return Promise.reject('
|
|
228
|
+
return Promise.reject('ERR_CONDITION_UNCONFIRMED');
|
|
229
229
|
}
|
|
230
230
|
// invalid subjectConfirmation time
|
|
231
231
|
// invalid time
|
|
@@ -416,13 +416,6 @@ async function postArtifactFlow(options) {
|
|
|
416
416
|
//There is no validation of the response here. The upper-layer application
|
|
417
417
|
// should verify the result by itself to see if the destination is equal to the SP acs and
|
|
418
418
|
// whether the response.id is used to prevent replay attacks.
|
|
419
|
-
let destination = extractedProperties?.response?.destination;
|
|
420
|
-
let isExit = self?.entityMeta?.meta?.assertionConsumerService?.filter((item) => {
|
|
421
|
-
return item?.location === destination;
|
|
422
|
-
});
|
|
423
|
-
if (isExit?.length === 0) {
|
|
424
|
-
return Promise.reject('ERR_Destination_URL');
|
|
425
|
-
}
|
|
426
419
|
if (parserType === 'SAMLResponse') {
|
|
427
420
|
let destination = extractedProperties?.response?.destination;
|
|
428
421
|
let isExit = self?.entityMeta?.meta?.assertionConsumerService?.filter((item) => {
|
|
@@ -43,13 +43,11 @@ const metadataSchemas = [
|
|
|
43
43
|
*/
|
|
44
44
|
function detectXXEIndicators(samlString) {
|
|
45
45
|
const xxePatterns = [
|
|
46
|
-
/<!DOCTYPE\s[^>]*>/i,
|
|
47
|
-
/<!ENTITY\s+[^\s>]+\s+(?:SYSTEM|PUBLIC)\s+['"][^>]*>/i,
|
|
48
|
-
|
|
49
|
-
/SYSTEM\s
|
|
50
|
-
/PUBLIC\s
|
|
51
|
-
/file:\/\//,
|
|
52
|
-
/\.dtd['"]?/
|
|
46
|
+
/<!DOCTYPE\s[^>]*>/i, // DOCTYPE 声明
|
|
47
|
+
/<!ENTITY\s+[^\s>]+\s+(?:SYSTEM|PUBLIC)\s+['"][^>]*>/i, // 外部实体声明
|
|
48
|
+
/SYSTEM\s*['"]\s*file:\/\//i, // file:// 协议的系统引用
|
|
49
|
+
/SYSTEM\s*['"]\s*\.\.\/.*\.dtd['"]?/i, // 相对路径的 DTD 引用
|
|
50
|
+
/PUBLIC\s*['"][^'"]*['"]\s*['"][^'"]*\.dtd['"]?/i // 公共 DTD 引用
|
|
53
51
|
];
|
|
54
52
|
const matches = {};
|
|
55
53
|
xxePatterns.forEach((pattern, index) => {
|
package/build/src/urn.js
CHANGED
|
@@ -189,22 +189,31 @@ const messageConfigurations = {
|
|
|
189
189
|
const algorithms = {
|
|
190
190
|
// 1. 签名算法定义 (SignatureMethod)
|
|
191
191
|
signature: {
|
|
192
|
-
// ❌
|
|
193
|
-
|
|
194
|
-
|
|
195
|
-
|
|
196
|
-
DSA_SHA1: 'http://www.w3.org/2000/09/xmldsig#dsa-sha1',
|
|
197
|
-
RSA_SHA1: 'http://www.w3.org/2000/09/xmldsig#rsa-sha1',
|
|
192
|
+
// ❌ 不安全的算法(已废弃)
|
|
193
|
+
RSA_SHA1: 'http://www.w3.org/2000/09/xmldsig#rsa-sha1', // ⚠️ 已废弃,不推荐使用
|
|
194
|
+
DSA_SHA1: 'http://www.w3.org/2000/09/xmldsig#dsa-sha1', // ⚠️ 已废弃,不推荐使用
|
|
195
|
+
// ✅ 安全的 RSA 算法(推荐)
|
|
198
196
|
RSA_SHA224: 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha224',
|
|
199
|
-
RSA_SHA256: 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256', // 推荐
|
|
197
|
+
RSA_SHA256: 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256', // ⭐ 推荐
|
|
200
198
|
RSA_SHA384: 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha384',
|
|
201
199
|
RSA_SHA512: 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha512',
|
|
202
|
-
//
|
|
200
|
+
// ✅ ECDSA 算法(推荐)
|
|
201
|
+
ECDSA_SHA256: 'http://www.w3.org/2007/05/xmldsig-more#ecdsa-sha256', // ⭐ 推荐
|
|
202
|
+
ECDSA_SHA384: 'http://www.w3.org/2007/05/xmldsig-more#ecdsa-sha384',
|
|
203
|
+
ECDSA_SHA512: 'http://www.w3.org/2007/05/xmldsig-more#ecdsa-sha512',
|
|
204
|
+
// ✅ XML Signature 1.1 PSS 填充(更安全)
|
|
203
205
|
RSA_PSS_SHA256: 'http://www.w3.org/2007/05/xmldsig-more#rsa-pss-sha256',
|
|
204
|
-
// EdDSA (Ed25519)
|
|
205
|
-
EDDSA_ED25519: 'http://www.w3.org/2007/05/xmldsig-more#eddsa-ed25519',
|
|
206
|
+
// ✅ EdDSA (Ed25519/Ed448)
|
|
207
|
+
EDDSA_ED25519: 'http://www.w3.org/2007/05/xmldsig-more#eddsa-ed25519', // ⭐ 推荐
|
|
206
208
|
EDDSA_ED488: 'http://www.w3.org/2021/04/xmldsig-more#eddsa-ed448'
|
|
207
209
|
},
|
|
210
|
+
// 不安全的算法列表(用于验证和阻止)
|
|
211
|
+
unsafeAlgorithms: [
|
|
212
|
+
'http://www.w3.org/2000/09/xmldsig#rsa-sha1',
|
|
213
|
+
'http://www.w3.org/2000/09/xmldsig#dsa-sha1',
|
|
214
|
+
'http://www.w3.org/2000/09/xmldsig#hmac-sha1',
|
|
215
|
+
'http://www.w3.org/2000/09/xmldsig#sha1',
|
|
216
|
+
],
|
|
208
217
|
// 2. 摘要算法定义 (DigestMethod)
|
|
209
218
|
// 注意:这里直接使用标准推荐的 URI,SHA-2xx 系列推荐使用 xmlenc 命名空间
|
|
210
219
|
digest: {
|
|
@@ -322,4 +331,77 @@ const elementsOrder = {
|
|
|
322
331
|
onelogin: ['KeyDescriptor', 'NameIDFormat', 'ArtifactResolutionService', 'SingleLogoutService', 'AssertionConsumerService', 'AttributeConsumingService'],
|
|
323
332
|
shibboleth: ['KeyDescriptor', 'ArtifactResolutionService', 'SingleLogoutService', 'NameIDFormat', 'AssertionConsumerService', 'AttributeConsumingService',],
|
|
324
333
|
};
|
|
325
|
-
|
|
334
|
+
/**
|
|
335
|
+
* 默认安全配置
|
|
336
|
+
*/
|
|
337
|
+
const defaultSecurityOptions = {
|
|
338
|
+
allowSHA1: false,
|
|
339
|
+
allowRSA15: false,
|
|
340
|
+
allowTripleDES: false,
|
|
341
|
+
};
|
|
342
|
+
/**
|
|
343
|
+
* 当前安全配置
|
|
344
|
+
*/
|
|
345
|
+
let currentSecurityOptions = { ...defaultSecurityOptions };
|
|
346
|
+
/**
|
|
347
|
+
* 设置安全配置
|
|
348
|
+
* @param options 安全配置选项
|
|
349
|
+
*/
|
|
350
|
+
function setSecurityOptions(options) {
|
|
351
|
+
currentSecurityOptions = { ...currentSecurityOptions, ...options };
|
|
352
|
+
}
|
|
353
|
+
/**
|
|
354
|
+
* 获取当前安全配置
|
|
355
|
+
* @returns 安全配置对象
|
|
356
|
+
*/
|
|
357
|
+
function getSecurityOptions() {
|
|
358
|
+
return currentSecurityOptions;
|
|
359
|
+
}
|
|
360
|
+
/**
|
|
361
|
+
* 重置为默认安全配置
|
|
362
|
+
*/
|
|
363
|
+
function resetSecurityOptions() {
|
|
364
|
+
currentSecurityOptions = { ...defaultSecurityOptions };
|
|
365
|
+
}
|
|
366
|
+
/**
|
|
367
|
+
* 验证算法是否安全
|
|
368
|
+
* @param algorithm 算法 URI
|
|
369
|
+
* @returns 验证结果
|
|
370
|
+
*/
|
|
371
|
+
function validateAlgorithm(algorithm) {
|
|
372
|
+
// 检查 SHA-1
|
|
373
|
+
if (!currentSecurityOptions.allowSHA1 && algorithm.toLowerCase().includes('sha1')) {
|
|
374
|
+
return {
|
|
375
|
+
valid: false,
|
|
376
|
+
reason: 'SHA-1 algorithm is not allowed. Use SHA-256 or stronger.'
|
|
377
|
+
};
|
|
378
|
+
}
|
|
379
|
+
// 检查 RSA-1_5
|
|
380
|
+
if (!currentSecurityOptions.allowRSA15 && algorithm.includes('rsa-1_5')) {
|
|
381
|
+
return {
|
|
382
|
+
valid: false,
|
|
383
|
+
reason: 'RSA-1_5 key encryption is not allowed. Use RSA-OAEP instead.'
|
|
384
|
+
};
|
|
385
|
+
}
|
|
386
|
+
// 检查 TripleDES
|
|
387
|
+
if (!currentSecurityOptions.allowTripleDES && algorithm.includes('tripledes')) {
|
|
388
|
+
return {
|
|
389
|
+
valid: false,
|
|
390
|
+
reason: 'TripleDES encryption is not allowed. Use AES-GCM instead.'
|
|
391
|
+
};
|
|
392
|
+
}
|
|
393
|
+
return { valid: true };
|
|
394
|
+
}
|
|
395
|
+
/**
|
|
396
|
+
* 检查算法是否为不安全算法
|
|
397
|
+
* @param algorithm 算法 URI
|
|
398
|
+
* @returns 检查结果
|
|
399
|
+
*/
|
|
400
|
+
function checkUnsafeAlgorithm(algorithm) {
|
|
401
|
+
const isUnsafe = algorithms.unsafeAlgorithms.some(unsafeAlg => algorithm.toLowerCase().includes(unsafeAlg.toLowerCase().replace('http://www.w3.org/2000/09/xmldsig#', '').replace('#', ''))) || algorithm.toLowerCase().includes('sha1');
|
|
402
|
+
return {
|
|
403
|
+
isUnsafe,
|
|
404
|
+
algorithm: isUnsafe ? algorithm : undefined
|
|
405
|
+
};
|
|
406
|
+
}
|
|
407
|
+
export { namespace, tags, algorithms, wording, elementsOrder, messageConfigurations, getBindingName, defaultSecurityOptions, setSecurityOptions, getSecurityOptions, resetSecurityOptions, validateAlgorithm, checkUnsafeAlgorithm };
|
package/build/src/utility.js
CHANGED
|
@@ -312,6 +312,75 @@ export function castArrayOpt(a) {
|
|
|
312
312
|
export function notEmpty(value) {
|
|
313
313
|
return value !== null && value !== undefined;
|
|
314
314
|
}
|
|
315
|
+
/**
|
|
316
|
+
* @desc 验证 RelayState 是否符合 SAML 2.0 规范
|
|
317
|
+
* @param {string} relayState - RelayState 值
|
|
318
|
+
* @returns {{ valid: boolean; error?: string }} 验证结果
|
|
319
|
+
*/
|
|
320
|
+
export function validateRelayState(relayState) {
|
|
321
|
+
// RelayState 是可选的
|
|
322
|
+
if (!relayState || relayState.length === 0) {
|
|
323
|
+
return { valid: true };
|
|
324
|
+
}
|
|
325
|
+
// 验证长度(SAML 规范限制 80 字节)
|
|
326
|
+
if (relayState.length > 80) {
|
|
327
|
+
return {
|
|
328
|
+
valid: false,
|
|
329
|
+
error: 'RelayState exceeds 80 bytes'
|
|
330
|
+
};
|
|
331
|
+
}
|
|
332
|
+
// 验证是否为合法 URL(如果是 URL)
|
|
333
|
+
if (relayState.startsWith('http://') || relayState.startsWith('https://')) {
|
|
334
|
+
try {
|
|
335
|
+
new URL(relayState);
|
|
336
|
+
}
|
|
337
|
+
catch {
|
|
338
|
+
return {
|
|
339
|
+
valid: false,
|
|
340
|
+
error: 'RelayState is not a valid URL'
|
|
341
|
+
};
|
|
342
|
+
}
|
|
343
|
+
}
|
|
344
|
+
return { valid: true };
|
|
345
|
+
}
|
|
346
|
+
/**
|
|
347
|
+
* @desc 敏感信息键名列表(用于日志脱敏)
|
|
348
|
+
*/
|
|
349
|
+
const sensitiveKeys = [
|
|
350
|
+
'privateKey',
|
|
351
|
+
'privateKeyPass',
|
|
352
|
+
'encPrivateKey',
|
|
353
|
+
'encPrivateKeyPass',
|
|
354
|
+
'password',
|
|
355
|
+
'secret',
|
|
356
|
+
'signingCert',
|
|
357
|
+
'encryptCert'
|
|
358
|
+
];
|
|
359
|
+
/**
|
|
360
|
+
* @desc 日志脱敏函数,过滤敏感信息
|
|
361
|
+
* @param {any} data - 需要脱敏的数据
|
|
362
|
+
* @returns {any} 脱敏后的数据
|
|
363
|
+
*/
|
|
364
|
+
export function sanitizeLog(data) {
|
|
365
|
+
if (typeof data !== 'object' || data === null) {
|
|
366
|
+
return data;
|
|
367
|
+
}
|
|
368
|
+
const sanitized = Array.isArray(data) ? [] : {};
|
|
369
|
+
for (const [key, value] of Object.entries(data)) {
|
|
370
|
+
// 检查是否为敏感键名
|
|
371
|
+
if (sensitiveKeys.some(k => k.toLowerCase() === key.toLowerCase())) {
|
|
372
|
+
sanitized[key] = '***REDACTED***';
|
|
373
|
+
}
|
|
374
|
+
else if (typeof value === 'object' && value !== null) {
|
|
375
|
+
// 递归处理嵌套对象
|
|
376
|
+
sanitized[key] = sanitizeLog(value);
|
|
377
|
+
}
|
|
378
|
+
else {
|
|
379
|
+
sanitized[key] = value;
|
|
380
|
+
}
|
|
381
|
+
}
|
|
382
|
+
return sanitized;
|
|
383
|
+
}
|
|
315
384
|
const utility = {
|
|
316
385
|
isString,
|
|
317
386
|
base64Encode,
|
|
@@ -327,5 +396,7 @@ const utility = {
|
|
|
327
396
|
readPrivateKey,
|
|
328
397
|
convertToString,
|
|
329
398
|
isNonEmptyArray,
|
|
399
|
+
validateRelayState,
|
|
400
|
+
sanitizeLog,
|
|
330
401
|
};
|
|
331
402
|
export default utility;
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "samlesa",
|
|
3
|
-
"version": "3.
|
|
3
|
+
"version": "3.5.0",
|
|
4
4
|
"description": "High-level API for Single Sign On (SAML 2.0) baseed on samlify ",
|
|
5
5
|
"main": "build/index.js",
|
|
6
6
|
"keywords": [
|
|
@@ -12,14 +12,23 @@
|
|
|
12
12
|
],
|
|
13
13
|
"type": "module",
|
|
14
14
|
"typings": "types/index.d.ts",
|
|
15
|
+
"homepage": "https://saml.veclea.com",
|
|
15
16
|
"scripts": {
|
|
16
17
|
"build": "tsc && copyfiles -u 1 src/schema/**/* build/src",
|
|
17
|
-
"
|
|
18
|
+
"build:fast": "tsc",
|
|
19
|
+
"build:clean": "tsc --build --clean && pnpm run build",
|
|
20
|
+
"docs:dev": "cd docs && npm run docs:dev",
|
|
21
|
+
"docs:build": "cd docs && npm run docs:build",
|
|
22
|
+
"docs:preview": "cd docs && npm run docs:preview",
|
|
23
|
+
"docs:deploy": "vercel --prod",
|
|
18
24
|
"lint": "tslint -p .",
|
|
19
25
|
"lint:fix": "tslint -p . --fix",
|
|
20
|
-
"test": "vitest",
|
|
21
|
-
"test:watch": "vitest
|
|
26
|
+
"test": "vitest run",
|
|
27
|
+
"test:watch": "vitest",
|
|
22
28
|
"test:coverage": "vitest run --coverage",
|
|
29
|
+
"test:fast": "vitest run --pool=forks",
|
|
30
|
+
"test:artifact": "vitest run test/artifact.test.ts",
|
|
31
|
+
"generate-certs": "node scripts/generate-certs.js",
|
|
23
32
|
"hooks:postinstall": "mklink /J .git\\hooks\\pre-commit .pre-commit.sh || copy .pre-commit.sh .git\\hooks\\pre-commit"
|
|
24
33
|
},
|
|
25
34
|
"exports": {
|
|
@@ -40,6 +49,10 @@
|
|
|
40
49
|
"url": "https://github.com/Veclea/samlify.git",
|
|
41
50
|
"type": "git"
|
|
42
51
|
},
|
|
52
|
+
"bugs": {
|
|
53
|
+
"url": "https://github.com/Veclea/samlify/issues"
|
|
54
|
+
},
|
|
55
|
+
"docs": "https://saml.veclea.com",
|
|
43
56
|
"license": "MIT",
|
|
44
57
|
"dependencies": {
|
|
45
58
|
"@xmldom/xmldom": "^0.9.8",
|
|
@@ -1,35 +1,71 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* @file binding-artifact.ts
|
|
3
|
+
* @author tngan
|
|
4
|
+
* @desc Binding-level API for SAML 2.0 Artifact Binding
|
|
5
|
+
* @see https://docs.oasis-open.org/security/saml/v2.0/saml-bind-2.0-os.pdf
|
|
6
|
+
*/
|
|
1
7
|
import type { BindingContext } from './entity.js';
|
|
2
8
|
import { IdentityProviderConstructor as IdentityProvider, ServiceProviderConstructor as ServiceProvider } from "./types.js";
|
|
3
9
|
import { Base64LoginResponseParams } from "./types.js";
|
|
4
10
|
/**
|
|
5
|
-
*
|
|
6
|
-
*
|
|
7
|
-
* @param
|
|
8
|
-
* @param
|
|
11
|
+
* Generate a SAML 2.0 compliant Artifact ID
|
|
12
|
+
* Format: [TypeCode: 2 bytes] + [EndpointIndex: 2 bytes] + [SourceID: 20 bytes] + [MessageHandle: 20 bytes]
|
|
13
|
+
* @param issuerId The entity ID of the issuing party (IdP)
|
|
14
|
+
* @param endpointIndex The index of the destination endpoint (default is 1 for Artifact Resolution Service)
|
|
15
|
+
* @returns The Base64 encoded Artifact ID string
|
|
16
|
+
*/
|
|
17
|
+
export declare function generateArtifactId(issuerId: string, endpointIndex?: number): string;
|
|
18
|
+
/**
|
|
19
|
+
* @desc Generate a SOAP-encoded login request for Artifact binding
|
|
20
|
+
* @param {string} referenceTagXPath reference uri
|
|
21
|
+
* @param {object} entity object includes both idp and sp
|
|
22
|
+
* @param {function} customTagReplacement used when developers have their own login request template
|
|
23
|
+
* @returns {BindingContext}
|
|
24
|
+
*/
|
|
25
|
+
declare function soapLoginRequest(referenceTagXPath: string, entity: {
|
|
26
|
+
idp: IdentityProvider;
|
|
27
|
+
sp: ServiceProvider;
|
|
28
|
+
inResponse?: string;
|
|
29
|
+
relayState?: string;
|
|
30
|
+
}, customTagReplacement?: (template: string) => BindingContext): BindingContext;
|
|
31
|
+
/**
|
|
32
|
+
* @desc Generate a SOAP-encoded login response for Artifact binding
|
|
33
|
+
* @param {Base64LoginResponseParams} params parameters for generating login response
|
|
34
|
+
* @returns {BindingContext}
|
|
9
35
|
*/
|
|
10
|
-
declare function soapLoginRequest(referenceTagXPath: string, entity: any, customTagReplacement?: (template: string) => BindingContext): any;
|
|
11
36
|
declare function soapLoginResponse(params: Base64LoginResponseParams): Promise<BindingContext>;
|
|
37
|
+
/**
|
|
38
|
+
* @desc Parse and validate Artifact Resolve request
|
|
39
|
+
* @param {object} params
|
|
40
|
+
* @param {IdentityProvider} params.idp Identity Provider instance
|
|
41
|
+
* @param {ServiceProvider} params.sp Service Provider instance
|
|
42
|
+
* @param {string} params.xml SOAP request XML string
|
|
43
|
+
* @returns {Promise}
|
|
44
|
+
*/
|
|
12
45
|
declare function parseLoginRequestResolve(params: {
|
|
13
46
|
idp: IdentityProvider;
|
|
14
47
|
sp: ServiceProvider;
|
|
15
48
|
xml: string;
|
|
16
|
-
}): Promise<
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
}
|
|
49
|
+
}): Promise<any>;
|
|
50
|
+
/**
|
|
51
|
+
* @desc Parse and validate Artifact Resolve response
|
|
52
|
+
* @param {object} params
|
|
53
|
+
* @param {IdentityProvider} params.idp Identity Provider instance
|
|
54
|
+
* @param {ServiceProvider} params.sp Service Provider instance
|
|
55
|
+
* @param {string} params.art Artifact string
|
|
56
|
+
* @returns {Promise}
|
|
57
|
+
*/
|
|
20
58
|
declare function parseLoginResponseResolve(params: {
|
|
21
59
|
idp: IdentityProvider;
|
|
22
60
|
sp: ServiceProvider;
|
|
23
61
|
art: string;
|
|
24
|
-
}): Promise<
|
|
25
|
-
|
|
26
|
-
extract: any;
|
|
27
|
-
}>;
|
|
28
|
-
declare const artifactSignBinding: {
|
|
29
|
-
parseLoginRequestResolve: typeof parseLoginRequestResolve;
|
|
62
|
+
}): Promise<any>;
|
|
63
|
+
declare const artifactBinding: {
|
|
30
64
|
soapLoginRequest: typeof soapLoginRequest;
|
|
31
|
-
parseLoginResponseResolve: typeof parseLoginResponseResolve;
|
|
32
65
|
soapLoginResponse: typeof soapLoginResponse;
|
|
66
|
+
parseLoginRequestResolve: typeof parseLoginRequestResolve;
|
|
67
|
+
parseLoginResponseResolve: typeof parseLoginResponseResolve;
|
|
68
|
+
generateArtifactId: typeof generateArtifactId;
|
|
33
69
|
};
|
|
34
|
-
export default
|
|
70
|
+
export default artifactBinding;
|
|
35
71
|
//# sourceMappingURL=binding-artifact.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"binding-artifact.d.ts","sourceRoot":"","sources":["../../src/binding-artifact.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"binding-artifact.d.ts","sourceRoot":"","sources":["../../src/binding-artifact.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAIH,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAOlD,OAAO,EACH,2BAA2B,IAAI,gBAAgB,EAC/C,0BAA0B,IAAI,eAAe,EAChD,MAAM,YAAY,CAAC;AAYpB,OAAO,EAAE,yBAAyB,EAAE,MAAM,YAAY,CAAC;AA0BvD;;;;;;GAMG;AACH,wBAAgB,kBAAkB,CAAC,QAAQ,EAAE,MAAM,EAAE,aAAa,GAAE,MAAU,GAAG,MAAM,CAoBtF;AAED;;;;;;GAMG;AACH,iBAAS,gBAAgB,CACrB,iBAAiB,EAAE,MAAM,EACzB,MAAM,EAAE;IACJ,GAAG,EAAE,gBAAgB,CAAC;IACtB,EAAE,EAAE,eAAe,CAAC;IACpB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,UAAU,CAAC,EAAE,MAAM,CAAC;CACvB,EACD,oBAAoB,CAAC,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK,cAAc,GAC5D,cAAc,CAsGhB;AAED;;;;GAIG;AACH,iBAAe,iBAAiB,CAAC,MAAM,EAAE,yBAAyB,GAAG,OAAO,CAAC,cAAc,CAAC,CAuE3F;AAED;;;;;;;GAOG;AACH,iBAAe,wBAAwB,CAAC,MAAM,EAAE;IAC5C,GAAG,EAAE,gBAAgB,CAAC;IACtB,EAAE,EAAE,eAAe,CAAC;IACpB,GAAG,EAAE,MAAM,CAAC;CACf,GAAG,OAAO,CAAC,GAAG,CAAC,CA6Cf;AAED;;;;;;;GAOG;AACH,iBAAe,yBAAyB,CAAC,MAAM,EAAE;IAC7C,GAAG,EAAE,gBAAgB,CAAC;IACtB,EAAE,EAAE,eAAe,CAAC;IACpB,GAAG,EAAE,MAAM,CAAC;CACf,GAAG,OAAO,CAAC,GAAG,CAAC,CAyJf;AAED,QAAA,MAAM,eAAe;;;;;;CAMpB,CAAC;AAEF,eAAe,eAAe,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"entity-idp.d.ts","sourceRoot":"","sources":["../../src/entity-idp.ts"],"names":[],"mappings":"AAYA,OAAO,MAAM,EAAE,EAAC,KAAK,gBAAgB,EAAC,MAAM,aAAa,CAAC;AAC1D,OAAO,EACH,0BAA0B,IAAI,eAAe,EAE7C,wBAAwB,EACxB,KAAK,wBAAwB,EAChC,MAAM,YAAY,CAAC;AAOpB,OAAO,EAAO,KAAK,UAAU,EAAC,MAAM,WAAW,CAAC;
|
|
1
|
+
{"version":3,"file":"entity-idp.d.ts","sourceRoot":"","sources":["../../src/entity-idp.ts"],"names":[],"mappings":"AAYA,OAAO,MAAM,EAAE,EAAC,KAAK,gBAAgB,EAAC,MAAM,aAAa,CAAC;AAC1D,OAAO,EACH,0BAA0B,IAAI,eAAe,EAE7C,wBAAwB,EACxB,KAAK,wBAAwB,EAChC,MAAM,YAAY,CAAC;AAOpB,OAAO,EAAO,KAAK,UAAU,EAAC,MAAM,WAAW,CAAC;AAChD,OAAO,KAAK,EAAC,cAAc,EAAC,MAAM,aAAa,CAAC;AAEhD;;GAEG;AACH,MAAM,CAAC,OAAO,WAAW,KAAK,EAAE,wBAAwB,oBAEvD;AAED;;GAEG;AACH,qBAAa,gBAAiB,SAAQ,MAAM;IAEhC,UAAU,EAAE,wBAAwB,CAAC;gBAEjC,UAAU,EAAE,wBAAwB;IAWhD;;;OAGG;IACU,mBAAmB,CAAC,MAAM,EAAE;QACrC,EAAE,EAAE,eAAe,CAAC;QACpB,WAAW,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;QAClC,OAAO,CAAC,EAAE,MAAM,CAAC;QACjB,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;QAC3B,oBAAoB,CAAC,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK,cAAc,CAAC;QAC5D,eAAe,CAAC,EAAE,OAAO,CAAC;QAC1B,UAAU,CAAC,EAAE,MAAM,CAAC;QACpB,kBAAkB,CAAC,EAAE,EAAE,CAAC;QACxB,OAAO,CAAC,EAAE,KAAK,CAAC;KACnB;IAiED;;;;;OAKG;IACH,iBAAiB,CAAC,EAAE,EAAE,eAAe,EAAE,OAAO,EAAE,MAAM,EAAE,GAAG,EAAE,gBAAgB;CAYhF"}
|
package/types/src/entity-sp.d.ts
CHANGED
|
@@ -10,8 +10,7 @@ import { type FlowResult } from './flow.js';
|
|
|
10
10
|
export default function (props: ServiceProviderSettings): ServiceProvider;
|
|
11
11
|
/**
|
|
12
12
|
* @desc Service provider can be configured using either metadata importing or spSetting
|
|
13
|
-
* @param {object}
|
|
14
|
-
|
|
13
|
+
* @param {object} spSetting
|
|
15
14
|
*/
|
|
16
15
|
export declare class ServiceProvider extends Entity {
|
|
17
16
|
entityMeta: ServiceProviderMetadata;
|
|
@@ -27,11 +26,11 @@ export declare class ServiceProvider extends Entity {
|
|
|
27
26
|
* @param {function} customTagReplacement used when developers have their own login response template
|
|
28
27
|
*/
|
|
29
28
|
createLoginRequest(idp: IdentityProvider, binding?: string, customTagReplacement?: (template: string) => BindingContext): BindingContext | PostBindingContext | SimpleSignBindingContext;
|
|
30
|
-
createLoginSoapRequest(idp: IdentityProvider, binding
|
|
29
|
+
createLoginSoapRequest(idp: IdentityProvider, binding?: string, config?: {
|
|
31
30
|
customTagReplacement?: (template: string) => BindingContext;
|
|
32
31
|
inResponseTo?: string;
|
|
33
32
|
relayState?: string;
|
|
34
|
-
}): Promise<
|
|
33
|
+
}): Promise<BindingContext>;
|
|
35
34
|
/**
|
|
36
35
|
* @desc Validation of the parsed the URL parameters
|
|
37
36
|
* @param {IdentityProvider} idp object of identity provider
|
|
@@ -40,18 +39,17 @@ export declare class ServiceProvider extends Entity {
|
|
|
40
39
|
*/
|
|
41
40
|
parseLoginResponse(idp: any, binding: any, request: ESamlHttpRequest): Promise<FlowResult>;
|
|
42
41
|
/**
|
|
43
|
-
* @desc
|
|
42
|
+
* @desc Parse and validate Artifact Resolve request
|
|
44
43
|
* @param {IdentityProvider} idp object of identity provider
|
|
45
|
-
* @param {string}
|
|
44
|
+
* @param {string} xml SOAP request XML string
|
|
45
|
+
*/
|
|
46
|
+
parseLoginRequestResolve(idp: IdentityProvider, xml: string): Promise<any>;
|
|
47
|
+
/**
|
|
48
|
+
* @desc Resolve SAML Response by Artifact ID
|
|
49
|
+
* @param {IdentityProvider} idp object of identity provider
|
|
50
|
+
* @param {string} art Artifact string
|
|
46
51
|
* @param {request} req request
|
|
47
52
|
*/
|
|
48
|
-
|
|
49
|
-
samlContent: any;
|
|
50
|
-
extract: any;
|
|
51
|
-
}>;
|
|
52
|
-
parseLoginResponseResolve(idp: IdentityProvider, art: string, request: ESamlHttpRequest): Promise<{
|
|
53
|
-
samlContent: string;
|
|
54
|
-
extract: any;
|
|
55
|
-
}>;
|
|
53
|
+
parseLoginResponseResolve(idp: IdentityProvider, art: string, request: ESamlHttpRequest): Promise<any>;
|
|
56
54
|
}
|
|
57
55
|
//# sourceMappingURL=entity-sp.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"entity-sp.d.ts","sourceRoot":"","sources":["../../src/entity-sp.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AACH,OAAO,
|
|
1
|
+
{"version":3,"file":"entity-sp.d.ts","sourceRoot":"","sources":["../../src/entity-sp.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AACH,OAAO,MAAM,MAAM,aAAa,CAAC;AAEjC,OAAO,KAAK,EACV,cAAc,EACd,kBAAkB,EAClB,gBAAgB,EAChB,wBAAwB,EACzB,MAAM,aAAa,CAAC;AACrB,OAAO,EACL,2BAA2B,IAAI,gBAAgB,EAC/C,uBAAuB,EACvB,KAAK,uBAAuB,EAC7B,MAAM,YAAY,CAAC;AAMpB,OAAO,EAAO,KAAK,UAAU,EAAC,MAAM,WAAW,CAAC;AAKhD,MAAM,CAAC,OAAO,WAAW,KAAK,EAAE,uBAAuB,mBAEtD;AAED;;;GAGG;AACH,qBAAa,eAAgB,SAAQ,MAAM;IACjC,UAAU,EAAE,uBAAuB,CAAC;IAE5C;;;OAGG;gBACS,SAAS,EAAE,uBAAuB;IAS9C;;;;;OAKG;IACI,kBAAkB,CACrB,GAAG,EAAE,gBAAgB,EACrB,OAAO,SAAa,EACpB,oBAAoB,CAAC,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK,cAAc,GAC5D,cAAc,GAAG,kBAAkB,GAAG,wBAAwB;IAuCpD,sBAAsB,CAC/B,GAAG,EAAE,gBAAgB,EACrB,OAAO,SAAa,EACpB,MAAM,CAAC,EAAE;QACP,oBAAoB,CAAC,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK,cAAc,CAAC;QAC5D,YAAY,CAAC,EAAE,MAAM,CAAC;QACtB,UAAU,CAAC,EAAE,MAAM,CAAC;KACrB,GACF,OAAO,CAAC,cAAc,CAAC;IAmB1B;;;;;OAKG;IACI,kBAAkB,CAAC,GAAG,KAAA,EAAE,OAAO,KAAA,EAAE,OAAO,EAAE,gBAAgB;IAajE;;;;OAIG;IACI,wBAAwB,CAAC,GAAG,EAAE,gBAAgB,EAAE,GAAG,EAAE,MAAM;IASlE;;;;;OAKG;IACI,yBAAyB,CAAC,GAAG,EAAE,gBAAgB,EAAE,GAAG,EAAE,MAAM,EAAE,OAAO,EAAE,gBAAgB;CAS/F"}
|
package/types/src/flow.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"flow.d.ts","sourceRoot":"","sources":["../../src/flow.ts"],"names":[],"mappings":"AAuBA,MAAM,WAAW,UAAU;IACvB,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,EAAE,GAAG,CAAC;IACb,MAAM,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CAC1B;
|
|
1
|
+
{"version":3,"file":"flow.d.ts","sourceRoot":"","sources":["../../src/flow.ts"],"names":[],"mappings":"AAuBA,MAAM,WAAW,UAAU;IACvB,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,EAAE,GAAG,CAAC;IACb,MAAM,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CAC1B;AA8rBD,wBAAgB,WAAW,CAAC,OAAO,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC,CA8BhG;AAED,wBAAgB,IAAI,CAAC,OAAO,KAAA,GAAG,OAAO,CAAC,UAAU,CAAC,CA0BjD"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"schemaValidator.d.ts","sourceRoot":"","sources":["../../src/schemaValidator.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"schemaValidator.d.ts","sourceRoot":"","sources":["../../src/schemaValidator.ts"],"names":[],"mappings":"AAoFA;;;;;;GAMG;AACH,eAAO,MAAM,QAAQ,GAAU,KAAK,MAAM,EAAE,SAAQ,OAAe,qBA4BlE,CAAC;AAEF;;;;;;GAMG;AACH,eAAO,MAAM,gBAAgB,GAAU,KAAK,MAAM,EAAE,UAAS,OAAe;;;EA+D3E,CAAC"}
|
package/types/src/urn.d.ts
CHANGED
|
@@ -164,19 +164,20 @@ declare const messageConfigurations: {
|
|
|
164
164
|
};
|
|
165
165
|
declare const algorithms: {
|
|
166
166
|
signature: {
|
|
167
|
-
ECDSA_SHA256: string;
|
|
168
|
-
ECDSA_SHA384: string;
|
|
169
|
-
ECDSA_SHA512: string;
|
|
170
|
-
DSA_SHA1: string;
|
|
171
167
|
RSA_SHA1: string;
|
|
168
|
+
DSA_SHA1: string;
|
|
172
169
|
RSA_SHA224: string;
|
|
173
170
|
RSA_SHA256: string;
|
|
174
171
|
RSA_SHA384: string;
|
|
175
172
|
RSA_SHA512: string;
|
|
173
|
+
ECDSA_SHA256: string;
|
|
174
|
+
ECDSA_SHA384: string;
|
|
175
|
+
ECDSA_SHA512: string;
|
|
176
176
|
RSA_PSS_SHA256: string;
|
|
177
177
|
EDDSA_ED25519: string;
|
|
178
178
|
EDDSA_ED488: string;
|
|
179
179
|
};
|
|
180
|
+
unsafeAlgorithms: string[];
|
|
180
181
|
digest: {
|
|
181
182
|
SHA1: string;
|
|
182
183
|
SHA224: string;
|
|
@@ -268,5 +269,52 @@ declare const elementsOrder: {
|
|
|
268
269
|
onelogin: string[];
|
|
269
270
|
shibboleth: string[];
|
|
270
271
|
};
|
|
271
|
-
|
|
272
|
+
/**
|
|
273
|
+
* 安全配置选项
|
|
274
|
+
*/
|
|
275
|
+
interface SecurityOptions {
|
|
276
|
+
/** 是否允许 SHA-1 算法(默认 false) */
|
|
277
|
+
allowSHA1: boolean;
|
|
278
|
+
/** 是否允许 RSA-1_5 密钥加密(默认 false) */
|
|
279
|
+
allowRSA15: boolean;
|
|
280
|
+
/** 是否允许 TripleDES 加密(默认 false) */
|
|
281
|
+
allowTripleDES: boolean;
|
|
282
|
+
}
|
|
283
|
+
/**
|
|
284
|
+
* 默认安全配置
|
|
285
|
+
*/
|
|
286
|
+
declare const defaultSecurityOptions: SecurityOptions;
|
|
287
|
+
/**
|
|
288
|
+
* 设置安全配置
|
|
289
|
+
* @param options 安全配置选项
|
|
290
|
+
*/
|
|
291
|
+
declare function setSecurityOptions(options: Partial<SecurityOptions>): void;
|
|
292
|
+
/**
|
|
293
|
+
* 获取当前安全配置
|
|
294
|
+
* @returns 安全配置对象
|
|
295
|
+
*/
|
|
296
|
+
declare function getSecurityOptions(): SecurityOptions;
|
|
297
|
+
/**
|
|
298
|
+
* 重置为默认安全配置
|
|
299
|
+
*/
|
|
300
|
+
declare function resetSecurityOptions(): void;
|
|
301
|
+
/**
|
|
302
|
+
* 验证算法是否安全
|
|
303
|
+
* @param algorithm 算法 URI
|
|
304
|
+
* @returns 验证结果
|
|
305
|
+
*/
|
|
306
|
+
declare function validateAlgorithm(algorithm: string): {
|
|
307
|
+
valid: boolean;
|
|
308
|
+
reason?: string;
|
|
309
|
+
};
|
|
310
|
+
/**
|
|
311
|
+
* 检查算法是否为不安全算法
|
|
312
|
+
* @param algorithm 算法 URI
|
|
313
|
+
* @returns 检查结果
|
|
314
|
+
*/
|
|
315
|
+
declare function checkUnsafeAlgorithm(algorithm: string): {
|
|
316
|
+
isUnsafe: boolean;
|
|
317
|
+
algorithm?: string;
|
|
318
|
+
};
|
|
319
|
+
export { namespace, tags, algorithms, wording, elementsOrder, messageConfigurations, getBindingName, SecurityOptions, defaultSecurityOptions, setSecurityOptions, getSecurityOptions, resetSecurityOptions, validateAlgorithm, checkUnsafeAlgorithm };
|
|
272
320
|
//# sourceMappingURL=urn.d.ts.map
|
package/types/src/urn.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"urn.d.ts","sourceRoot":"","sources":["../../src/urn.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,oBAAY,gBAAgB;IAC1B,QAAQ,uDAAuD;IAC/D,IAAI,mDAAmD;IACvD,UAAU,8DAA8D;IACxE,QAAQ,uDAAuD;CAChE;AACD,eAAO,MAAM,mBAAmB,EAAE,MAAM,CAAC,MAAM,EAAE,UAAU,GAAG,MAAM,GAAG,YAAY,GAAG,UAAU,CAK/F,CAAC;AAGD,iBAAS,cAAc,CAAC,GAAG,EAAE,MAAM,GAAG,UAAU,GAAG,MAAM,GAAG,YAAY,GAAG,UAAU,GAAG,SAAS,CAEjG;AAED,oBAAY,qBAAqB;IAC/B,GAAG,sBAAsB;IACzB,GAAG,sBAAsB;CAC1B;AAED,oBAAY,UAAU;IAEpB,OAAO,+CAA+C;IACtD,SAAS,iDAAiD;IAC1D,SAAS,iDAAiD;IAC1D,eAAe,uDAAuD;IAEtE,UAAU,mDAAmD;IAC7D,sBAAsB,8DAA8D;IACpF,mBAAmB,2DAA2D;IAC9E,cAAc,sDAAsD;IACpE,cAAc,sDAAsD;IACpE,SAAS,iDAAiD;IAC1D,cAAc,sDAAsD;IACpE,aAAa,qDAAqD;IAClE,kBAAkB,0DAA0D;IAC5E,aAAa,qDAAqD;IAClE,kBAAkB,0DAA0D;IAC5E,wBAAwB,gEAAgE;IACxF,qBAAqB,6DAA6D;IAClF,oBAAoB,4DAA4D;IAChF,qBAAqB,6DAA6D;IAClF,gBAAgB,wDAAwD;IACxE,kBAAkB,0DAA0D;IAC5E,gBAAgB,wDAAwD;IACxE,kBAAkB,0DAA0D;CAC7E;AAED,QAAA,MAAM,SAAS;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAoGd,CAAC;AAEF,QAAA,MAAM,IAAI;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CA+BT,CAAC;AAEF,QAAA,MAAM,qBAAqB;;;;;CAK1B,CAAC;AAEF,QAAA,MAAM,UAAU
|
|
1
|
+
{"version":3,"file":"urn.d.ts","sourceRoot":"","sources":["../../src/urn.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,oBAAY,gBAAgB;IAC1B,QAAQ,uDAAuD;IAC/D,IAAI,mDAAmD;IACvD,UAAU,8DAA8D;IACxE,QAAQ,uDAAuD;CAChE;AACD,eAAO,MAAM,mBAAmB,EAAE,MAAM,CAAC,MAAM,EAAE,UAAU,GAAG,MAAM,GAAG,YAAY,GAAG,UAAU,CAK/F,CAAC;AAGD,iBAAS,cAAc,CAAC,GAAG,EAAE,MAAM,GAAG,UAAU,GAAG,MAAM,GAAG,YAAY,GAAG,UAAU,GAAG,SAAS,CAEjG;AAED,oBAAY,qBAAqB;IAC/B,GAAG,sBAAsB;IACzB,GAAG,sBAAsB;CAC1B;AAED,oBAAY,UAAU;IAEpB,OAAO,+CAA+C;IACtD,SAAS,iDAAiD;IAC1D,SAAS,iDAAiD;IAC1D,eAAe,uDAAuD;IAEtE,UAAU,mDAAmD;IAC7D,sBAAsB,8DAA8D;IACpF,mBAAmB,2DAA2D;IAC9E,cAAc,sDAAsD;IACpE,cAAc,sDAAsD;IACpE,SAAS,iDAAiD;IAC1D,cAAc,sDAAsD;IACpE,aAAa,qDAAqD;IAClE,kBAAkB,0DAA0D;IAC5E,aAAa,qDAAqD;IAClE,kBAAkB,0DAA0D;IAC5E,wBAAwB,gEAAgE;IACxF,qBAAqB,6DAA6D;IAClF,oBAAoB,4DAA4D;IAChF,qBAAqB,6DAA6D;IAClF,gBAAgB,wDAAwD;IACxE,kBAAkB,0DAA0D;IAC5E,gBAAgB,wDAAwD;IACxE,kBAAkB,0DAA0D;CAC7E;AAED,QAAA,MAAM,SAAS;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAoGd,CAAC;AAEF,QAAA,MAAM,IAAI;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CA+BT,CAAC;AAEF,QAAA,MAAM,qBAAqB;;;;;CAK1B,CAAC;AAEF,QAAA,MAAM,UAAU;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;QA6FZ;;;WAGG;;;;;;;;;;;;;CAwBN,CAAC;AAaF,oBAAY,UAAU;IACpB,WAAW,gBAAgB;IAC3B,YAAY,iBAAiB;IAC7B,aAAa,kBAAkB;IAC/B,cAAc,mBAAmB;CAClC;AAED,QAAA,MAAM,OAAO;;;;;;;;;;;;;;;;;;;;;;;;;CAyBZ,CAAC;AAIF,QAAA,MAAM,aAAa;;;;CAIlB,CAAC;AAEF;;GAEG;AACH,UAAU,eAAe;IACvB,8BAA8B;IAC9B,SAAS,EAAE,OAAO,CAAC;IACnB,kCAAkC;IAClC,UAAU,EAAE,OAAO,CAAC;IACpB,kCAAkC;IAClC,cAAc,EAAE,OAAO,CAAC;CACzB;AAED;;GAEG;AACH,QAAA,MAAM,sBAAsB,EAAE,eAI7B,CAAC;AAOF;;;GAGG;AACH,iBAAS,kBAAkB,CAAC,OAAO,EAAE,OAAO,CAAC,eAAe,CAAC,QAE5D;AAED;;;GAGG;AACH,iBAAS,kBAAkB,IAAI,eAAe,CAE7C;AAED;;GAEG;AACH,iBAAS,oBAAoB,SAE5B;AAED;;;;GAIG;AACH,iBAAS,iBAAiB,CAAC,SAAS,EAAE,MAAM,GAAG;IAAE,KAAK,EAAE,OAAO,CAAC;IAAC,MAAM,CAAC,EAAE,MAAM,CAAA;CAAE,CA0BjF;AAED;;;;GAIG;AACH,iBAAS,oBAAoB,CAAC,SAAS,EAAE,MAAM,GAAG;IAAE,QAAQ,EAAE,OAAO,CAAC;IAAC,SAAS,CAAC,EAAE,MAAM,CAAA;CAAE,CAS1F;AAED,OAAO,EACL,SAAS,EACT,IAAI,EACJ,UAAU,EACV,OAAO,EACP,aAAa,EACb,qBAAqB,EACrB,cAAc,EACd,eAAe,EACf,sBAAsB,EACtB,kBAAkB,EAClB,kBAAkB,EAClB,oBAAoB,EACpB,iBAAiB,EACjB,oBAAoB,EACrB,CAAC"}
|