samlesa 4.3.1 → 4.3.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/build/src/binding-redirect.js +4 -1
- package/build/src/binding-simplesign.js +4 -1
- package/build/src/entity-sp.js +2 -1
- package/build/src/entity.js +6 -0
- package/build/src/flow.js +8 -2
- package/build/src/libsaml.js +71 -12
- package/build/src/metadata-idp.js +4 -1
- package/build/src/metadata-sp.js +15 -3
- package/build/src/schemaValidator.js +64 -125
- package/package.json +87 -87
- package/types/src/binding-redirect.d.ts.map +1 -1
- package/types/src/binding-simplesign.d.ts.map +1 -1
- package/types/src/entity-sp.d.ts.map +1 -1
- package/types/src/entity.d.ts.map +1 -1
- package/types/src/flow.d.ts.map +1 -1
- package/types/src/libsaml.d.ts +10 -4
- package/types/src/libsaml.d.ts.map +1 -1
- package/types/src/metadata-idp.d.ts.map +1 -1
- package/types/src/metadata-sp.d.ts.map +1 -1
- package/types/src/schemaValidator.d.ts +1 -15
- package/types/src/schemaValidator.d.ts.map +1 -1
- package/types/src/types.d.ts +8 -0
- package/types/src/types.d.ts.map +1 -1
|
@@ -50,7 +50,10 @@ function buildRedirectURL(opts) {
|
|
|
50
50
|
const octetString = samlRequest + relayState + sigAlg;
|
|
51
51
|
return baseUrl
|
|
52
52
|
+ pvPair(queryParam, octetString, noParams)
|
|
53
|
-
+ pvPair(urlParams.signature, encodeURIComponent(libsaml.constructMessageSignature(queryParam + '=' + octetString, entitySetting.privateKey, entitySetting.privateKeyPass, undefined, entitySetting.requestSignatureAlgorithm
|
|
53
|
+
+ pvPair(urlParams.signature, encodeURIComponent(libsaml.constructMessageSignature(queryParam + '=' + octetString, entitySetting.privateKey, entitySetting.privateKeyPass, undefined, entitySetting.requestSignatureAlgorithm, {
|
|
54
|
+
strictSecurity: entitySetting.strictSecurity,
|
|
55
|
+
allowLegacySha1: entitySetting.allowLegacySha1,
|
|
56
|
+
}).toString()));
|
|
54
57
|
}
|
|
55
58
|
return baseUrl + pvPair(queryParam, samlRequest + relayState, noParams);
|
|
56
59
|
}
|
|
@@ -36,7 +36,10 @@ function buildSimpleSignature(opts) {
|
|
|
36
36
|
}
|
|
37
37
|
const sigAlg = pvPair(urlParams.sigAlg, entitySetting.requestSignatureAlgorithm);
|
|
38
38
|
const octetString = context + relayState + sigAlg;
|
|
39
|
-
return libsaml.constructMessageSignature(queryParam + '=' + octetString, entitySetting.privateKey, entitySetting.privateKeyPass, undefined, entitySetting.requestSignatureAlgorithm
|
|
39
|
+
return libsaml.constructMessageSignature(queryParam + '=' + octetString, entitySetting.privateKey, entitySetting.privateKeyPass, undefined, entitySetting.requestSignatureAlgorithm, {
|
|
40
|
+
strictSecurity: entitySetting.strictSecurity,
|
|
41
|
+
allowLegacySha1: entitySetting.allowLegacySha1,
|
|
42
|
+
}).toString();
|
|
40
43
|
}
|
|
41
44
|
/**
|
|
42
45
|
* @desc Generate a base64 encoded login request
|
package/build/src/entity-sp.js
CHANGED
|
@@ -42,7 +42,8 @@ export class ServiceProvider extends Entity {
|
|
|
42
42
|
createLoginRequest(idp, binding = 'redirect', customTagReplacement) {
|
|
43
43
|
const nsBinding = namespace.binding;
|
|
44
44
|
const protocol = nsBinding[binding];
|
|
45
|
-
|
|
45
|
+
const strictSecurity = this.entitySetting.strictSecurity !== false;
|
|
46
|
+
if (strictSecurity && this.entityMeta.isAuthnRequestSigned() !== idp.entityMeta.isWantAuthnRequestsSigned()) {
|
|
46
47
|
throw new Error('ERR_METADATA_CONFLICT_REQUEST_SIGNED_FLAG');
|
|
47
48
|
}
|
|
48
49
|
let context = null;
|
package/build/src/entity.js
CHANGED
|
@@ -16,6 +16,8 @@ const keyEncryptionAlgorithm = algorithms.encryption.key;
|
|
|
16
16
|
const signatureAlgorithms = algorithms.signature;
|
|
17
17
|
const messageSigningOrders = messageConfigurations.signingOrder;
|
|
18
18
|
const defaultEntitySetting = {
|
|
19
|
+
strictSecurity: true,
|
|
20
|
+
allowLegacySha1: false,
|
|
19
21
|
wantLogoutResponseSigned: false,
|
|
20
22
|
messageSigningOrder: messageSigningOrders.SIGN_THEN_ENCRYPT,
|
|
21
23
|
wantLogoutRequestSigned: false,
|
|
@@ -34,6 +36,10 @@ export default class Entity {
|
|
|
34
36
|
*/
|
|
35
37
|
constructor(entitySetting, entityType) {
|
|
36
38
|
this.entitySetting = Object.assign({}, defaultEntitySetting, entitySetting);
|
|
39
|
+
const rawEntitySetting = entitySetting;
|
|
40
|
+
if (this.entitySetting.strictSecurity === false && rawEntitySetting.allowLegacySha1 === undefined) {
|
|
41
|
+
this.entitySetting.allowLegacySha1 = true;
|
|
42
|
+
}
|
|
37
43
|
const metadata = entitySetting.metadata || entitySetting;
|
|
38
44
|
switch (entityType) {
|
|
39
45
|
case 'idp':
|
package/build/src/flow.js
CHANGED
|
@@ -77,7 +77,10 @@ async function redirectFlow(options) {
|
|
|
77
77
|
// put the below two assignments into verifyMessageSignature function
|
|
78
78
|
const base64Signature = Buffer.from(decodeURIComponent(signature), 'base64');
|
|
79
79
|
const decodeSigAlg = decodeURIComponent(sigAlg);
|
|
80
|
-
const verified = libsaml.verifyMessageSignature(targetEntityMetadata, octetString, base64Signature, sigAlg
|
|
80
|
+
const verified = libsaml.verifyMessageSignature(targetEntityMetadata, octetString, base64Signature, sigAlg, {
|
|
81
|
+
strictSecurity: self?.entitySetting?.strictSecurity,
|
|
82
|
+
allowLegacySha1: self?.entitySetting?.allowLegacySha1,
|
|
83
|
+
});
|
|
81
84
|
if (!verified) {
|
|
82
85
|
// Fail to verify message signature
|
|
83
86
|
return Promise.reject('ERR_FAILED_MESSAGE_SIGNATURE_VERIFICATION');
|
|
@@ -478,7 +481,10 @@ async function postSimpleSignFlow(options) {
|
|
|
478
481
|
}
|
|
479
482
|
// put the below two assignments into verifyMessageSignature function
|
|
480
483
|
const base64Signature = Buffer.from(signature, 'base64');
|
|
481
|
-
const verified = libsaml.verifyMessageSignature(targetEntityMetadata, octetString, base64Signature, sigAlg
|
|
484
|
+
const verified = libsaml.verifyMessageSignature(targetEntityMetadata, octetString, base64Signature, sigAlg, {
|
|
485
|
+
strictSecurity: self?.entitySetting?.strictSecurity,
|
|
486
|
+
allowLegacySha1: self?.entitySetting?.allowLegacySha1,
|
|
487
|
+
});
|
|
482
488
|
if (!verified) {
|
|
483
489
|
// Fail to verify message signature
|
|
484
490
|
return Promise.reject('ERR_FAILED_MESSAGE_SIGNATURE_VERIFICATION');
|
package/build/src/libsaml.js
CHANGED
|
@@ -67,6 +67,44 @@ const libSaml = () => {
|
|
|
67
67
|
unsafeSignatureAlgorithm: isUnsafe ? signatureAlgorithm : null
|
|
68
68
|
};
|
|
69
69
|
}
|
|
70
|
+
function getEnvironmentBoolean(name) {
|
|
71
|
+
const rawValue = process.env[name];
|
|
72
|
+
if (rawValue === undefined) {
|
|
73
|
+
return undefined;
|
|
74
|
+
}
|
|
75
|
+
const normalized = rawValue.trim().toLowerCase();
|
|
76
|
+
if (['1', 'true', 'yes', 'on'].includes(normalized)) {
|
|
77
|
+
return true;
|
|
78
|
+
}
|
|
79
|
+
if (['0', 'false', 'no', 'off'].includes(normalized)) {
|
|
80
|
+
return false;
|
|
81
|
+
}
|
|
82
|
+
return undefined;
|
|
83
|
+
}
|
|
84
|
+
function resolveAllowLegacySha1(securityOptions, self) {
|
|
85
|
+
if (securityOptions?.allowLegacySha1 !== undefined) {
|
|
86
|
+
return securityOptions.allowLegacySha1;
|
|
87
|
+
}
|
|
88
|
+
if (securityOptions?.strictSecurity !== undefined) {
|
|
89
|
+
return securityOptions.strictSecurity === false;
|
|
90
|
+
}
|
|
91
|
+
const envAllowLegacy = getEnvironmentBoolean('SAMLIFY_ALLOW_LEGACY_SHA1');
|
|
92
|
+
if (envAllowLegacy !== undefined) {
|
|
93
|
+
return envAllowLegacy;
|
|
94
|
+
}
|
|
95
|
+
const envStrictSecurity = getEnvironmentBoolean('SAMLIFY_STRICT_SECURITY');
|
|
96
|
+
if (envStrictSecurity !== undefined) {
|
|
97
|
+
return envStrictSecurity === false;
|
|
98
|
+
}
|
|
99
|
+
const entitySetting = self?.entitySetting;
|
|
100
|
+
if (entitySetting?.allowLegacySha1 !== undefined) {
|
|
101
|
+
return entitySetting.allowLegacySha1 === true;
|
|
102
|
+
}
|
|
103
|
+
if (entitySetting?.strictSecurity !== undefined) {
|
|
104
|
+
return entitySetting.strictSecurity === false;
|
|
105
|
+
}
|
|
106
|
+
return false;
|
|
107
|
+
}
|
|
70
108
|
/**
|
|
71
109
|
* @desc Default login request template
|
|
72
110
|
* @type {LoginRequestTemplate}
|
|
@@ -166,14 +204,17 @@ xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="{ID}"
|
|
|
166
204
|
'http://www.w3.org/2001/04/xmldsig-more#rsa-sha384': 'sha384',
|
|
167
205
|
'http://www.w3.org/2001/04/xmldsig-more#rsa-sha512': 'sha512',
|
|
168
206
|
};
|
|
169
|
-
function getSigningAlgorithm(sigAlg) {
|
|
170
|
-
|
|
171
|
-
|
|
172
|
-
|
|
173
|
-
|
|
174
|
-
|
|
207
|
+
function getSigningAlgorithm(sigAlg, securityOptions, self) {
|
|
208
|
+
const algorithm = sigAlg ?? signatureAlgorithms.RSA_SHA256;
|
|
209
|
+
const safetyCheck = checkUnsafeSignatureAlgorithm(algorithm);
|
|
210
|
+
if (safetyCheck.hasUnsafeSignatureAlgorithm && !resolveAllowLegacySha1(securityOptions, self)) {
|
|
211
|
+
throw new Error('ERR_UNSAFE_SIGNATURE_ALGORITHM');
|
|
212
|
+
}
|
|
213
|
+
const algAlias = cryptoAlgorithmMapping[algorithm];
|
|
214
|
+
if (algAlias !== undefined) {
|
|
215
|
+
return algAlias;
|
|
175
216
|
}
|
|
176
|
-
|
|
217
|
+
throw new Error('ERR_UNSUPPORTED_SIGNATURE_ALGORITHM');
|
|
177
218
|
}
|
|
178
219
|
function validateAndInflateSamlResponse(urlEncodedResponse) {
|
|
179
220
|
// 3. 尝试DEFLATE解压(SAML规范要求使用原始DEFLATE)
|
|
@@ -514,6 +555,9 @@ xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="{ID}"
|
|
|
514
555
|
const checkResult = checkUnsafeSignatureAlgorithm(signatureAlgorithm);
|
|
515
556
|
hasUnsafeSignatureAlgorithm = checkResult.hasUnsafeSignatureAlgorithm;
|
|
516
557
|
unsafeSignatureAlgorithm = checkResult.unsafeSignatureAlgorithm ?? "";
|
|
558
|
+
if (checkResult.hasUnsafeSignatureAlgorithm && !resolveAllowLegacySha1(opts, self)) {
|
|
559
|
+
throw new Error('ERR_UNSAFE_SIGNATURE_ALGORITHM');
|
|
560
|
+
}
|
|
517
561
|
const sig = new SignedXml();
|
|
518
562
|
if (!opts.keyFile && !opts.metadata) {
|
|
519
563
|
throw new Error('ERR_UNDEFINED_SIGNATURE_VERIFIER_OPTIONS');
|
|
@@ -565,6 +609,9 @@ xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="{ID}"
|
|
|
565
609
|
const checkResult = checkUnsafeSignatureAlgorithm(signatureAlgorithm);
|
|
566
610
|
hasUnsafeSignatureAlgorithm = checkResult.hasUnsafeSignatureAlgorithm;
|
|
567
611
|
unsafeSignatureAlgorithm = checkResult.unsafeSignatureAlgorithm ?? "";
|
|
612
|
+
if (checkResult.hasUnsafeSignatureAlgorithm && !resolveAllowLegacySha1(opts, self)) {
|
|
613
|
+
throw new Error('ERR_UNSAFE_SIGNATURE_ALGORITHM');
|
|
614
|
+
}
|
|
568
615
|
const sig = new SignedXml();
|
|
569
616
|
if (!opts.keyFile && !opts.metadata) {
|
|
570
617
|
throw new Error('ERR_UNDEFINED_SIGNATURE_VERIFIER_OPTIONS');
|
|
@@ -605,6 +652,9 @@ xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="{ID}"
|
|
|
605
652
|
const checkResult = checkUnsafeSignatureAlgorithm(signatureAlgorithm);
|
|
606
653
|
hasUnsafeSignatureAlgorithm = checkResult.hasUnsafeSignatureAlgorithm;
|
|
607
654
|
unsafeSignatureAlgorithm = checkResult.unsafeSignatureAlgorithm ?? "";
|
|
655
|
+
if (checkResult.hasUnsafeSignatureAlgorithm && !resolveAllowLegacySha1(opts, self)) {
|
|
656
|
+
throw new Error('ERR_UNSAFE_SIGNATURE_ALGORITHM');
|
|
657
|
+
}
|
|
608
658
|
const sig = new SignedXml();
|
|
609
659
|
if (!opts.keyFile && !opts.metadata) {
|
|
610
660
|
throw new Error('ERR_UNDEFINED_SIGNATURE_VERIFIER_OPTIONS');
|
|
@@ -762,6 +812,9 @@ xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="{ID}"
|
|
|
762
812
|
let verified = false;
|
|
763
813
|
// 检测不安全的签名算法
|
|
764
814
|
const { hasUnsafeSignatureAlgorithm, unsafeSignatureAlgorithm } = checkUnsafeSignatureAlgorithm(opts.signatureAlgorithm || '');
|
|
815
|
+
if (hasUnsafeSignatureAlgorithm && !resolveAllowLegacySha1(opts)) {
|
|
816
|
+
throw new Error('ERR_UNSAFE_SIGNATURE_ALGORITHM');
|
|
817
|
+
}
|
|
765
818
|
sig.signatureAlgorithm = opts.signatureAlgorithm;
|
|
766
819
|
if (!opts.keyFile && !opts.metadata) {
|
|
767
820
|
throw new Error('ERR_UNDEFINED_SIGNATURE_VERIFIER_OPTIONS');
|
|
@@ -866,9 +919,9 @@ xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="{ID}"
|
|
|
866
919
|
* @param signingAlgorithm - 签名算法 (默认 'rsa-sha256')
|
|
867
920
|
* @returns 消息签名
|
|
868
921
|
*/
|
|
869
|
-
constructMessageSignature(octetString, key, passphrase, isBase64, signingAlgorithm) {
|
|
922
|
+
constructMessageSignature(octetString, key, passphrase, isBase64, signingAlgorithm, securityOptions) {
|
|
870
923
|
try {
|
|
871
|
-
const algorithm = getSigningAlgorithm(signingAlgorithm ?? signatureAlgorithms.RSA_SHA256);
|
|
924
|
+
const algorithm = getSigningAlgorithm(signingAlgorithm ?? signatureAlgorithms.RSA_SHA256, securityOptions);
|
|
872
925
|
const privateKeyPem = utility.readPrivateKey(key, passphrase); // 假设utility对象存在
|
|
873
926
|
const signer = crypto.createSign(algorithm);
|
|
874
927
|
signer.update(octetString, 'utf8');
|
|
@@ -893,10 +946,10 @@ xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="{ID}"
|
|
|
893
946
|
* @return {boolean} verification result
|
|
894
947
|
*/
|
|
895
948
|
verifyMessageSignature(metadata, // 假设metadata对象有getX509Certificate方法
|
|
896
|
-
octetString, signature, verifyAlgorithm) {
|
|
949
|
+
octetString, signature, verifyAlgorithm, securityOptions) {
|
|
897
950
|
try {
|
|
898
951
|
const signCert = metadata.getX509Certificate('signing'); // 假设certUse.signing是'signing'
|
|
899
|
-
const algorithm = getSigningAlgorithm(verifyAlgorithm);
|
|
952
|
+
const algorithm = getSigningAlgorithm(verifyAlgorithm, securityOptions);
|
|
900
953
|
const publicKeyPem = utility.getPublicKeyPemFromCertificate(signCert); // 假设utility对象存在
|
|
901
954
|
const verifier = crypto.createVerify(algorithm);
|
|
902
955
|
verifier.update(octetString, 'utf8');
|
|
@@ -960,7 +1013,7 @@ xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="{ID}"
|
|
|
960
1013
|
pem: Buffer.from(`-----BEGIN CERTIFICATE-----${encryptPem}-----END CERTIFICATE-----`),
|
|
961
1014
|
encryptionAlgorithm: sourceEntitySetting.dataEncryptionAlgorithm,
|
|
962
1015
|
keyEncryptionAlgorithm: sourceEntitySetting.keyEncryptionAlgorithm,
|
|
963
|
-
keyEncryptionDigest: sourceEntitySetting.keyEncryptionDigest ?? '
|
|
1016
|
+
keyEncryptionDigest: sourceEntitySetting.keyEncryptionDigest ?? 'sha256', // default sha256
|
|
964
1017
|
keyEncryptionMgf1: sourceEntitySetting.keyEncryptionMgf1 ?? 'sha256',
|
|
965
1018
|
disallowEncryptionWithInsecureAlgorithm: sourceEntitySetting.disallowEncryptionWithInsecureAlgorithm, // 禁止使用rsa-1_5 tripledes-cbc
|
|
966
1019
|
disallowInsecureEncryption: sourceEntitySetting.disallowInsecureEncryption, //禁aes cbc系列加密算法
|
|
@@ -1031,6 +1084,9 @@ xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="{ID}"
|
|
|
1031
1084
|
let checkResult = checkUnsafeSignatureAlgorithm(signatureAlgorithm.value || '');
|
|
1032
1085
|
hasUnsafeSignatureAlgorithm = checkResult.hasUnsafeSignatureAlgorithm;
|
|
1033
1086
|
unsafeSignatureAlgorithm = checkResult.unsafeSignatureAlgorithm ?? "";
|
|
1087
|
+
if (checkResult.hasUnsafeSignatureAlgorithm && !resolveAllowLegacySha1(opts, here)) {
|
|
1088
|
+
throw new Error('ERR_UNSAFE_SIGNATURE_ALGORITHM');
|
|
1089
|
+
}
|
|
1034
1090
|
const sig = new SignedXml();
|
|
1035
1091
|
if (!opts.keyFile && !opts.metadata) {
|
|
1036
1092
|
throw new Error('ERR_UNDEFINED_SIGNATURE_VERIFIER_OPTIONS');
|
|
@@ -1061,6 +1117,9 @@ xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="{ID}"
|
|
|
1061
1117
|
let checkSafeResult = checkUnsafeSignatureAlgorithm(opts.signatureAlgorithm || '');
|
|
1062
1118
|
hasUnsafeSignatureAlgorithm = checkSafeResult.hasUnsafeSignatureAlgorithm;
|
|
1063
1119
|
unsafeSignatureAlgorithm = checkSafeResult.unsafeSignatureAlgorithm ?? "";
|
|
1120
|
+
if (checkSafeResult.hasUnsafeSignatureAlgorithm && !resolveAllowLegacySha1(opts, here)) {
|
|
1121
|
+
throw new Error('ERR_UNSAFE_SIGNATURE_ALGORITHM');
|
|
1122
|
+
}
|
|
1064
1123
|
sig.signatureAlgorithm = opts.signatureAlgorithm;
|
|
1065
1124
|
sig.loadSignature(signatureNode);
|
|
1066
1125
|
// 验证解密后断言的签名
|
|
@@ -18,7 +18,10 @@ export class IdpMetadata extends Metadata {
|
|
|
18
18
|
constructor(meta) {
|
|
19
19
|
const isFile = isString(meta) || meta instanceof Buffer;
|
|
20
20
|
if (!isFile) {
|
|
21
|
-
const
|
|
21
|
+
const settings = meta;
|
|
22
|
+
const strictSecurity = settings.strictSecurity === true;
|
|
23
|
+
const { entityID, signingCert, encryptCert, nameIDFormat = [], singleSignOnService = [], singleLogoutService = [], artifactResolutionService = [] } = settings;
|
|
24
|
+
const wantAuthnRequestsSigned = settings.wantAuthnRequestsSigned ?? strictSecurity;
|
|
22
25
|
const IDPSSODescriptor = [{
|
|
23
26
|
_attr: {
|
|
24
27
|
WantAuthnRequestsSigned: String(wantAuthnRequestsSigned),
|
package/build/src/metadata-sp.js
CHANGED
|
@@ -26,7 +26,11 @@ export class SpMetadata extends Metadata {
|
|
|
26
26
|
const isFile = isString(meta) || meta instanceof Buffer;
|
|
27
27
|
// use object configuration instead of importing metadata file directly
|
|
28
28
|
if (!isFile) {
|
|
29
|
-
const
|
|
29
|
+
const settings = meta;
|
|
30
|
+
const strictSecurity = settings.strictSecurity === true;
|
|
31
|
+
const { elementsOrder = order.default, entityID, signingCert, encryptCert, wantMessageSigned = false, signatureConfig, nameIDFormat = [], singleLogoutService = [], assertionConsumerService = [], attributeConsumingService = [], artifactResolutionService = [] } = settings;
|
|
32
|
+
const authnRequestsSigned = settings.authnRequestsSigned ?? strictSecurity;
|
|
33
|
+
const wantAssertionsSigned = settings.wantAssertionsSigned ?? strictSecurity;
|
|
30
34
|
const descriptors = {
|
|
31
35
|
KeyDescriptor: [],
|
|
32
36
|
NameIDFormat: [],
|
|
@@ -217,14 +221,22 @@ export class SpMetadata extends Metadata {
|
|
|
217
221
|
* @return {boolean} Wantassertionssigned
|
|
218
222
|
*/
|
|
219
223
|
isWantAssertionsSigned() {
|
|
220
|
-
|
|
224
|
+
const value = this.meta.spSSODescriptor.wantAssertionsSigned;
|
|
225
|
+
if (value === undefined) {
|
|
226
|
+
return false;
|
|
227
|
+
}
|
|
228
|
+
return value === 'true';
|
|
221
229
|
}
|
|
222
230
|
/**
|
|
223
231
|
* @desc Get the preference whether it signs request
|
|
224
232
|
* @return {boolean} Authnrequestssigned
|
|
225
233
|
*/
|
|
226
234
|
isAuthnRequestSigned() {
|
|
227
|
-
|
|
235
|
+
const value = this.meta.spSSODescriptor.authnRequestsSigned;
|
|
236
|
+
if (value === undefined) {
|
|
237
|
+
return false;
|
|
238
|
+
}
|
|
239
|
+
return value === 'true';
|
|
228
240
|
}
|
|
229
241
|
/**
|
|
230
242
|
* @desc Get the entity endpoint for assertion consumer service
|
|
@@ -5,7 +5,6 @@ import { fileURLToPath } from 'node:url';
|
|
|
5
5
|
import { DOMParser } from '@xmldom/xmldom';
|
|
6
6
|
const __filename = fileURLToPath(import.meta.url);
|
|
7
7
|
const __dirname = path.dirname(__filename);
|
|
8
|
-
// 定义各个场景所需的 schema 文件列表(保持不变)
|
|
9
8
|
const normalSchemas = [
|
|
10
9
|
'saml-schema-protocol-2.0.xsd',
|
|
11
10
|
'saml-schema-assertion-2.0.xsd',
|
|
@@ -14,7 +13,7 @@ const normalSchemas = [
|
|
|
14
13
|
'xenc-schema-11.xsd',
|
|
15
14
|
'saml-schema-metadata-2.0.xsd',
|
|
16
15
|
'saml-schema-ecp-2.0.xsd',
|
|
17
|
-
'saml-schema-dce-2.0.xsd'
|
|
16
|
+
'saml-schema-dce-2.0.xsd',
|
|
18
17
|
];
|
|
19
18
|
const soapSchemas = [
|
|
20
19
|
'soap-envelope.xsd',
|
|
@@ -26,7 +25,7 @@ const soapSchemas = [
|
|
|
26
25
|
'saml-schema-protocol-2.0.xsd',
|
|
27
26
|
'saml-schema-metadata-2.0.xsd',
|
|
28
27
|
'saml-schema-ecp-2.0.xsd',
|
|
29
|
-
'saml-schema-dce-2.0.xsd'
|
|
28
|
+
'saml-schema-dce-2.0.xsd',
|
|
30
29
|
];
|
|
31
30
|
const metadataSchemas = [
|
|
32
31
|
'saml-schema-metadata-2.0.xsd',
|
|
@@ -34,169 +33,109 @@ const metadataSchemas = [
|
|
|
34
33
|
'saml-schema-assertion-2.0.xsd',
|
|
35
34
|
'xmldsig-core-schema.xsd',
|
|
36
35
|
'xenc-schema.xsd',
|
|
37
|
-
'xenc-schema-11.xsd'
|
|
36
|
+
'xenc-schema-11.xsd',
|
|
38
37
|
];
|
|
39
|
-
/**
|
|
40
|
-
* 检测 XML 字符串中是否存在 XXE 攻击指示器
|
|
41
|
-
* @param samlString 待检测的 XML 字符串
|
|
42
|
-
* @returns 如果存在可疑模式则返回匹配详情,否则返回 null
|
|
43
|
-
*/
|
|
44
|
-
/**
|
|
45
|
-
* 检测SAML字符串中可能的XXE攻击模式
|
|
46
|
-
* @param samlString - 要检查的SAML字符串
|
|
47
|
-
* @returns 包含发现的潜在XXE模式的对象,如果没有发现则返回null
|
|
48
|
-
*/
|
|
49
38
|
function detectXXEIndicators(samlString) {
|
|
50
|
-
// 更全面的XXE模式检测
|
|
51
39
|
const xxePatterns = [
|
|
52
|
-
|
|
53
|
-
/<!
|
|
54
|
-
|
|
55
|
-
/<!ENTITY\s+([a-zA-Z_][a-zA-Z0-9]*)\s+(SYSTEM|PUBLIC)\s+["'][^"']*["']\s*>/gi,
|
|
56
|
-
// file://协议引用
|
|
57
|
-
/SYSTEM\s+["']file:\/\/\/?([^"']+)["']/gi,
|
|
58
|
-
// HTTP/HTTPS外部实体
|
|
59
|
-
/SYSTEM\s+["'](https?:\/\/[^"']+)["']/gi,
|
|
60
|
-
// 本地文件引用
|
|
61
|
-
/SYSTEM\s+["'](\.\.\/|\/)[^"']*\.dtd["']/gi,
|
|
62
|
-
// 内部实体引用(可能用于Billion Laughs攻击)
|
|
63
|
-
/<!ENTITY\s+([a-zA-Z_][a-zA-Z0-9]*)\s+"?\1"?/gi,
|
|
64
|
-
// CDATA节中的恶意内容
|
|
65
|
-
/<!\[CDATA\[(.*?)\]\]>/gi,
|
|
66
|
-
// 注释中的潜在恶意内容
|
|
67
|
-
/<!--(.*?)-->/gi
|
|
40
|
+
/<!DOCTYPE\b[^>]*>/gi,
|
|
41
|
+
/<!ENTITY\b[^>]*>/gi,
|
|
42
|
+
/\b(SYSTEM|PUBLIC)\b\s+["'][^"']+["']/gi,
|
|
68
43
|
];
|
|
69
44
|
const patternNames = [
|
|
70
45
|
'DOCTYPE Declaration',
|
|
71
|
-
'
|
|
72
|
-
'
|
|
73
|
-
'HTTP External Entity',
|
|
74
|
-
'Local File Reference',
|
|
75
|
-
'Recursive Entity Reference',
|
|
76
|
-
'CDATA Section',
|
|
77
|
-
'Comment Section'
|
|
46
|
+
'Entity Declaration',
|
|
47
|
+
'External Entity Reference',
|
|
78
48
|
];
|
|
79
49
|
const matches = {};
|
|
80
50
|
xxePatterns.forEach((pattern, index) => {
|
|
81
|
-
// 重置正则表达式的lastIndex以便多次使用
|
|
82
51
|
pattern.lastIndex = 0;
|
|
83
52
|
const found = samlString.match(pattern);
|
|
84
53
|
if (found) {
|
|
85
54
|
matches[patternNames[index]] = {
|
|
86
55
|
pattern: pattern.toString(),
|
|
87
56
|
matches: found,
|
|
88
|
-
description: patternNames[index]
|
|
57
|
+
description: patternNames[index],
|
|
89
58
|
};
|
|
90
59
|
}
|
|
91
60
|
});
|
|
92
61
|
return Object.keys(matches).length > 0 ? matches : null;
|
|
93
62
|
}
|
|
94
|
-
|
|
95
|
-
|
|
96
|
-
|
|
97
|
-
|
|
98
|
-
|
|
63
|
+
function assertSafeXmlParse(xml) {
|
|
64
|
+
const parser = new DOMParser();
|
|
65
|
+
const xmlDoc = parser.parseFromString(xml, 'text/xml');
|
|
66
|
+
const parserError = xmlDoc.getElementsByTagName('parsererror');
|
|
67
|
+
if (parserError.length > 0 || xmlDoc.doctype) {
|
|
68
|
+
throw new Error('ERR_EXCEPTION_VALIDATE_XML');
|
|
69
|
+
}
|
|
70
|
+
}
|
|
99
71
|
async function loadSchemas(schemaNames) {
|
|
100
72
|
const schemaPath = path.resolve(__dirname, 'schema');
|
|
101
73
|
return Promise.all(schemaNames.map(async (file) => ({
|
|
102
74
|
fileName: file,
|
|
103
|
-
contents: await fs.promises.readFile(`${schemaPath}/${file}`, 'utf-8')
|
|
75
|
+
contents: await fs.promises.readFile(`${schemaPath}/${file}`, 'utf-8'),
|
|
104
76
|
})));
|
|
105
77
|
}
|
|
106
|
-
/**
|
|
107
|
-
* 验证 SAML 消息(普通或 SOAP)
|
|
108
|
-
* @param xml XML 字符串
|
|
109
|
-
* @param isSoap 是否为 SOAP 消息,默认 false
|
|
110
|
-
* @returns true 表示验证通过,否则抛出错误
|
|
111
|
-
* @throws 当检测到 XXE 或验证失败时抛出错误
|
|
112
|
-
*/
|
|
113
78
|
export const validate = async (xml, isSoap = false) => {
|
|
114
|
-
// 检测 XXE 攻击
|
|
115
79
|
const indicators = detectXXEIndicators(xml);
|
|
116
80
|
if (indicators) {
|
|
117
81
|
throw new Error('ERR_EXCEPTION_VALIDATE_XML');
|
|
118
82
|
}
|
|
119
|
-
|
|
83
|
+
assertSafeXmlParse(xml);
|
|
120
84
|
const schemaList = isSoap ? soapSchemas : normalSchemas;
|
|
121
85
|
const schemas = await loadSchemas(schemaList);
|
|
122
|
-
|
|
123
|
-
|
|
124
|
-
|
|
125
|
-
|
|
126
|
-
|
|
127
|
-
|
|
128
|
-
|
|
129
|
-
|
|
130
|
-
return true;
|
|
131
|
-
}
|
|
132
|
-
// 验证失败,抛出错误对象
|
|
133
|
-
throw validationResult.errors;
|
|
134
|
-
}
|
|
135
|
-
catch (error) {
|
|
136
|
-
// 保留原始错误信息
|
|
137
|
-
throw error;
|
|
86
|
+
const validationResult = await validateXML({
|
|
87
|
+
xml: [{ fileName: 'content.xml', contents: xml }],
|
|
88
|
+
extension: 'schema',
|
|
89
|
+
schema: [schemas[0]],
|
|
90
|
+
preload: [schemas[0], ...schemas.slice(1)],
|
|
91
|
+
});
|
|
92
|
+
if (validationResult.valid) {
|
|
93
|
+
return true;
|
|
138
94
|
}
|
|
95
|
+
throw validationResult.errors;
|
|
139
96
|
};
|
|
140
|
-
/**
|
|
141
|
-
* 验证 SAML 元数据,并可选择解析元数据类型
|
|
142
|
-
* @param xml XML 字符串
|
|
143
|
-
* @param isParse 是否解析并返回元数据类型,默认 false
|
|
144
|
-
* @returns 验证通过时:若 isParse 为 true 返回 { isValid: true, metadataType: string },否则返回 true;
|
|
145
|
-
* 验证失败时返回 Error 对象(保持原行为)
|
|
146
|
-
*/
|
|
147
97
|
export const validateMetadata = async (xml, isParse = false) => {
|
|
148
|
-
// 检测 XXE 攻击
|
|
149
98
|
const indicators = detectXXEIndicators(xml);
|
|
150
99
|
if (indicators) {
|
|
151
100
|
throw new Error('ERR_EXCEPTION_VALIDATE_XML');
|
|
152
101
|
}
|
|
102
|
+
assertSafeXmlParse(xml);
|
|
153
103
|
const schemas = await loadSchemas(metadataSchemas);
|
|
154
|
-
|
|
155
|
-
|
|
156
|
-
|
|
157
|
-
|
|
158
|
-
|
|
159
|
-
|
|
160
|
-
|
|
161
|
-
|
|
162
|
-
|
|
163
|
-
|
|
164
|
-
|
|
165
|
-
|
|
166
|
-
|
|
167
|
-
|
|
168
|
-
|
|
169
|
-
|
|
170
|
-
|
|
171
|
-
|
|
172
|
-
|
|
173
|
-
|
|
174
|
-
|
|
175
|
-
|
|
176
|
-
|
|
177
|
-
|
|
178
|
-
|
|
179
|
-
|
|
180
|
-
|
|
181
|
-
|
|
182
|
-
|
|
183
|
-
metadataType = 'SP';
|
|
184
|
-
}
|
|
185
|
-
else {
|
|
186
|
-
metadataType = 'unknown';
|
|
187
|
-
}
|
|
188
|
-
return {
|
|
189
|
-
isValid: true,
|
|
190
|
-
metadataType
|
|
191
|
-
};
|
|
192
|
-
}
|
|
193
|
-
return true;
|
|
194
|
-
}
|
|
195
|
-
// 验证失败,返回错误对象(保持原行为)
|
|
196
|
-
return validationResult.errors;
|
|
104
|
+
const validationResult = await validateXML({
|
|
105
|
+
xml: [{ fileName: 'content.xml', contents: xml }],
|
|
106
|
+
extension: 'schema',
|
|
107
|
+
schema: [schemas[0]],
|
|
108
|
+
preload: [schemas[0], ...schemas.slice(1)],
|
|
109
|
+
});
|
|
110
|
+
if (!validationResult.valid) {
|
|
111
|
+
throw validationResult.errors;
|
|
112
|
+
}
|
|
113
|
+
if (!isParse) {
|
|
114
|
+
return true;
|
|
115
|
+
}
|
|
116
|
+
const parser = new DOMParser();
|
|
117
|
+
const xmlDoc = parser.parseFromString(xml, 'text/xml');
|
|
118
|
+
const parserError = xmlDoc.getElementsByTagName('parsererror');
|
|
119
|
+
if (parserError.length > 0 || xmlDoc.doctype) {
|
|
120
|
+
throw new Error('ERR_EXCEPTION_VALIDATE_XML');
|
|
121
|
+
}
|
|
122
|
+
const idpDescriptor = xmlDoc.getElementsByTagNameNS('urn:oasis:names:tc:SAML:2.0:metadata', 'IDPSSODescriptor');
|
|
123
|
+
const spDescriptor = xmlDoc.getElementsByTagNameNS('urn:oasis:names:tc:SAML:2.0:metadata', 'SPSSODescriptor');
|
|
124
|
+
let metadataType;
|
|
125
|
+
if (idpDescriptor.length > 0 && spDescriptor.length > 0) {
|
|
126
|
+
metadataType = 'both';
|
|
127
|
+
}
|
|
128
|
+
else if (idpDescriptor.length > 0) {
|
|
129
|
+
metadataType = 'IdP';
|
|
130
|
+
}
|
|
131
|
+
else if (spDescriptor.length > 0) {
|
|
132
|
+
metadataType = 'SP';
|
|
197
133
|
}
|
|
198
|
-
|
|
199
|
-
|
|
200
|
-
return error instanceof Error ? error : new Error(String(error));
|
|
134
|
+
else {
|
|
135
|
+
metadataType = 'unknown';
|
|
201
136
|
}
|
|
137
|
+
return {
|
|
138
|
+
isValid: true,
|
|
139
|
+
metadataType,
|
|
140
|
+
};
|
|
202
141
|
};
|
package/package.json
CHANGED
|
@@ -1,87 +1,87 @@
|
|
|
1
|
-
{
|
|
2
|
-
"name": "samlesa",
|
|
3
|
-
"version": "4.3.
|
|
4
|
-
"description": "High-level API for Single Sign On (SAML 2.0) baseed on samlify ",
|
|
5
|
-
"main": "build/index.js",
|
|
6
|
-
"keywords": [
|
|
7
|
-
"nodejs",
|
|
8
|
-
"saml2",
|
|
9
|
-
"sso",
|
|
10
|
-
"slo",
|
|
11
|
-
"metadata"
|
|
12
|
-
],
|
|
13
|
-
"type": "module",
|
|
14
|
-
"typings": "types/index.d.ts",
|
|
15
|
-
"homepage": "https://saml.veclea.com",
|
|
16
|
-
"
|
|
17
|
-
"
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
"
|
|
24
|
-
"
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
"
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
"
|
|
32
|
-
"
|
|
33
|
-
},
|
|
34
|
-
"
|
|
35
|
-
"
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
"
|
|
42
|
-
"
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
"
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
"
|
|
50
|
-
"
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
"
|
|
54
|
-
},
|
|
55
|
-
"
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
"@
|
|
59
|
-
"
|
|
60
|
-
"
|
|
61
|
-
"
|
|
62
|
-
"
|
|
63
|
-
"
|
|
64
|
-
"
|
|
65
|
-
"
|
|
66
|
-
"
|
|
67
|
-
"
|
|
68
|
-
|
|
69
|
-
|
|
70
|
-
"
|
|
71
|
-
"
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
"
|
|
75
|
-
"
|
|
76
|
-
"
|
|
77
|
-
"
|
|
78
|
-
"
|
|
79
|
-
"
|
|
80
|
-
"
|
|
81
|
-
"
|
|
82
|
-
"
|
|
83
|
-
"
|
|
84
|
-
"
|
|
85
|
-
"
|
|
86
|
-
}
|
|
87
|
-
}
|
|
1
|
+
{
|
|
2
|
+
"name": "samlesa",
|
|
3
|
+
"version": "4.3.2",
|
|
4
|
+
"description": "High-level API for Single Sign On (SAML 2.0) baseed on samlify ",
|
|
5
|
+
"main": "build/index.js",
|
|
6
|
+
"keywords": [
|
|
7
|
+
"nodejs",
|
|
8
|
+
"saml2",
|
|
9
|
+
"sso",
|
|
10
|
+
"slo",
|
|
11
|
+
"metadata"
|
|
12
|
+
],
|
|
13
|
+
"type": "module",
|
|
14
|
+
"typings": "types/index.d.ts",
|
|
15
|
+
"homepage": "https://saml.veclea.com",
|
|
16
|
+
"scripts": {
|
|
17
|
+
"build": "tsc && copyfiles -u 1 src/schema/**/* build/src",
|
|
18
|
+
"build:fast": "tsc",
|
|
19
|
+
"build:clean": "tsc --build --clean && pnpm run build",
|
|
20
|
+
"docs:dev": "cd docs && npm run docs:dev",
|
|
21
|
+
"docs:build": "cd docs && npm run docs:build",
|
|
22
|
+
"docs:preview": "cd docs && npm run docs:preview",
|
|
23
|
+
"docs:deploy": "vercel --prod",
|
|
24
|
+
"lint": "tslint -p .",
|
|
25
|
+
"lint:fix": "tslint -p . --fix",
|
|
26
|
+
"test": "vitest run",
|
|
27
|
+
"test:watch": "vitest",
|
|
28
|
+
"test:coverage": "vitest run --coverage",
|
|
29
|
+
"test:fast": "vitest run --pool=forks",
|
|
30
|
+
"test:artifact": "vitest run test/artifact.test.ts",
|
|
31
|
+
"generate-certs": "node scripts/generate-certs.js",
|
|
32
|
+
"hooks:postinstall": "mklink /J .git\\hooks\\pre-commit .pre-commit.sh || copy .pre-commit.sh .git\\hooks\\pre-commit"
|
|
33
|
+
},
|
|
34
|
+
"exports": {
|
|
35
|
+
".": {
|
|
36
|
+
"types": "./types/index.d.ts",
|
|
37
|
+
"import": "./build/index.js"
|
|
38
|
+
}
|
|
39
|
+
},
|
|
40
|
+
"files": [
|
|
41
|
+
"build",
|
|
42
|
+
"types"
|
|
43
|
+
],
|
|
44
|
+
"contributors": [
|
|
45
|
+
"Veclea <vemocle@gmail.com>"
|
|
46
|
+
],
|
|
47
|
+
"author": "Veclea",
|
|
48
|
+
"repository": {
|
|
49
|
+
"url": "https://github.com/Veclea/samlify.git",
|
|
50
|
+
"type": "git"
|
|
51
|
+
},
|
|
52
|
+
"bugs": {
|
|
53
|
+
"url": "https://github.com/Veclea/samlify/issues"
|
|
54
|
+
},
|
|
55
|
+
"docs": "https://saml.veclea.com",
|
|
56
|
+
"license": "MIT",
|
|
57
|
+
"dependencies": {
|
|
58
|
+
"@xmldom/xmldom": "^0.9.8",
|
|
59
|
+
"axios": "^1.13.6",
|
|
60
|
+
"camelcase": "^9.0.0",
|
|
61
|
+
"cross-env": "^10.1.0",
|
|
62
|
+
"iconv-lite": "^0.7.2",
|
|
63
|
+
"ts-node": "^10.9.2",
|
|
64
|
+
"vite-tsconfig-paths": "^6.1.1",
|
|
65
|
+
"xml": "^1.0.1",
|
|
66
|
+
"xml-crypto-next": "^8.0.0",
|
|
67
|
+
"xml-encryption-next": "^5.0.0",
|
|
68
|
+
"xml-escape": "^1.1.0",
|
|
69
|
+
"xml2js": "^0.6.2",
|
|
70
|
+
"xmllint-wasm": "^5.2.0",
|
|
71
|
+
"xpath": "^0.0.34"
|
|
72
|
+
},
|
|
73
|
+
"devDependencies": {
|
|
74
|
+
"@types/node": "^25.5.0",
|
|
75
|
+
"@types/pako": "2.0.4",
|
|
76
|
+
"@types/uuid": "11.0.0",
|
|
77
|
+
"@vitest/coverage-istanbul": "^4.1.2",
|
|
78
|
+
"@vitest/coverage-v8": "4.1.2",
|
|
79
|
+
"copyfiles": "^2.4.1",
|
|
80
|
+
"coveralls": "^3.1.1",
|
|
81
|
+
"esbuild": "^0.27.4",
|
|
82
|
+
"jsdom": "^29.0.1",
|
|
83
|
+
"timekeeper": "^2.3.1",
|
|
84
|
+
"typescript": "6.0.2",
|
|
85
|
+
"vitest": "^4.1.2"
|
|
86
|
+
}
|
|
87
|
+
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"binding-redirect.d.ts","sourceRoot":"","sources":["../../src/binding-redirect.ts"],"names":[],"mappings":"AAOA,OAAO,KAAK,EAAC,cAAc,EAAC,MAAM,aAAa,CAAC;AAChD,OAAO,EAAC,gBAAgB,IAAI,GAAG,EAAC,MAAM,iBAAiB,CAAC;AACxD,OAAO,EAAC,eAAe,IAAI,EAAE,EAAC,MAAM,gBAAgB,CAAC;AAQrD,MAAM,WAAW,mBAAmB;IAChC,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,OAAO,CAAC;IAClB,OAAO,EAAE,MAAM,CAAC;IAChB,aAAa,EAAE,GAAG,CAAC;IACnB,UAAU,CAAC,EAAE,MAAM,CAAC;CACvB;
|
|
1
|
+
{"version":3,"file":"binding-redirect.d.ts","sourceRoot":"","sources":["../../src/binding-redirect.ts"],"names":[],"mappings":"AAOA,OAAO,KAAK,EAAC,cAAc,EAAC,MAAM,aAAa,CAAC;AAChD,OAAO,EAAC,gBAAgB,IAAI,GAAG,EAAC,MAAM,iBAAiB,CAAC;AACxD,OAAO,EAAC,eAAe,IAAI,EAAE,EAAC,MAAM,gBAAgB,CAAC;AAQrD,MAAM,WAAW,mBAAmB;IAChC,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,OAAO,CAAC;IAClB,OAAO,EAAE,MAAM,CAAC;IAChB,aAAa,EAAE,GAAG,CAAC;IACnB,UAAU,CAAC,EAAE,MAAM,CAAC;CACvB;AAqED;;;;;GAKG;AAEH,iBAAS,uBAAuB,CAAC,MAAM,EAAE;IACrC,GAAG,EAAE,GAAG,CAAC;IACT,EAAE,EAAE,EAAE,CAAC;IACP,IAAI,CAAC,EAAE,OAAO,CAAA;CACjB,EAAE,oBAAoB,CAAC,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK,cAAc,GAAG,GAAG,CAgDnE;AACD;;;;;GAKG;AAEH,iBAAS,0BAA0B,CAAC,MAAM,EAAE;IACxC,GAAG,EAAE,GAAG,CAAC;IACT,EAAE,EAAE,EAAE,CAAC;IAAC,UAAU,CAAC,EAAE,MAAM,CAAA;CAC9B,EAAE,oBAAoB,CAAC,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK,cAAc,GAAG,GAAG,CAqGnE;AAID;;;;;;;;GAQG;AACH,iBAAS,wBAAwB,CAAC,WAAW,EAAE,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,GAAE,GAAQ,EAAE,UAAU,CAAC,EAAE,MAAM,EAAE,oBAAoB,CAAC,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK,cAAc,EAAE,kBAAkB,UAAK,GAAG,cAAc,CAmG1M;AAED;;;;;;GAMG;AACH,iBAAS,wBAAwB,CAAC,IAAI,KAAA,EAAE,MAAM,KAAA,EAAE,UAAU,CAAC,EAAE,MAAM,EAAE,oBAAoB,CAAC,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,KAAK,cAAc,GAAG,cAAc,CAwC9J;AAED;;;;;GAKG;AACF,iBAAS,yBAAyB,CAAC,WAAW,EAAE,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,UAAU,CAAC,EAAE,MAAM,EAAE,oBAAoB,CAAC,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK,cAAc,GAAG,cAAc,CAyCnK;AAED,QAAA,MAAM,eAAe;;;;;;CAMpB,CAAC;AAEF,eAAe,eAAe,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"binding-simplesign.d.ts","sourceRoot":"","sources":["../../src/binding-simplesign.ts"],"names":[],"mappings":"AAAA;;;;EAIE;AAGF,OAAQ,KAAK,EAAE,cAAc,EAAE,yBAAyB,EAAE,MAAM,aAAa,CAAC;AAO9E,MAAM,WAAW,qBAAqB;IACpC,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,aAAa,EAAE,GAAG,CAAC;IACnB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,wBAAwB;IACvC,EAAE,EAAE,MAAM,CAAC;IACX,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,GAAG,CAAC;IACf,MAAM,EAAE,MAAM,CAAC;CAChB;
|
|
1
|
+
{"version":3,"file":"binding-simplesign.d.ts","sourceRoot":"","sources":["../../src/binding-simplesign.ts"],"names":[],"mappings":"AAAA;;;;EAIE;AAGF,OAAQ,KAAK,EAAE,cAAc,EAAE,yBAAyB,EAAE,MAAM,aAAa,CAAC;AAO9E,MAAM,WAAW,qBAAqB;IACpC,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,aAAa,EAAE,GAAG,CAAC;IACnB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,wBAAwB;IACvC,EAAE,EAAE,MAAM,CAAC;IACX,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,GAAG,CAAC;IACf,MAAM,EAAE,MAAM,CAAC;CAChB;AAiDD;;;;;EAKE;AACF,iBAAS,kBAAkB,CAAC,MAAM,EAAE,GAAG,EAAE,oBAAoB,CAAC,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK,cAAc,GAAG,yBAAyB,CAkD/H;AACD;;;;;;;;GAQG;AACH,iBAAe,mBAAmB,CAAC,WAAW,EAAE,GAAG,YAAK,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,GAAE,GAAQ,EAAE,UAAU,CAAC,EAAE,MAAM,EAAE,oBAAoB,CAAC,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK,cAAc,EAAE,kBAAkB,GAAC,EAAO,GAAG,OAAO,CAAC,wBAAwB,CAAC,CAkGtO;AAED,QAAA,MAAM,iBAAiB;;;CAGpB,CAAC;AAEJ,eAAe,iBAAiB,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"entity-sp.d.ts","sourceRoot":"","sources":["../../src/entity-sp.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AACH,OAAO,MAAM,MAAM,aAAa,CAAC;AAEjC,OAAO,KAAK,EACV,cAAc,EACd,kBAAkB,EAClB,gBAAgB,EAChB,wBAAwB,EACzB,MAAM,aAAa,CAAC;AACrB,OAAO,EACL,2BAA2B,IAAI,gBAAgB,EAC/C,uBAAuB,EACvB,KAAK,uBAAuB,EAC7B,MAAM,YAAY,CAAC;AAMpB,OAAO,EAAO,KAAK,UAAU,EAAC,MAAM,WAAW,CAAC;AAKhD,MAAM,CAAC,OAAO,WAAW,KAAK,EAAE,uBAAuB,mBAEtD;AAED;;;GAGG;AACH,qBAAa,eAAgB,SAAQ,MAAM;IACjC,UAAU,EAAE,uBAAuB,CAAC;IAE5C;;;OAGG;gBACS,SAAS,EAAE,uBAAuB;IAS9C;;;;;OAKG;IACI,kBAAkB,CACrB,GAAG,EAAE,gBAAgB,EACrB,OAAO,SAAa,EACpB,oBAAoB,CAAC,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK,cAAc,GAC5D,cAAc,GAAG,kBAAkB,GAAG,wBAAwB;
|
|
1
|
+
{"version":3,"file":"entity-sp.d.ts","sourceRoot":"","sources":["../../src/entity-sp.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AACH,OAAO,MAAM,MAAM,aAAa,CAAC;AAEjC,OAAO,KAAK,EACV,cAAc,EACd,kBAAkB,EAClB,gBAAgB,EAChB,wBAAwB,EACzB,MAAM,aAAa,CAAC;AACrB,OAAO,EACL,2BAA2B,IAAI,gBAAgB,EAC/C,uBAAuB,EACvB,KAAK,uBAAuB,EAC7B,MAAM,YAAY,CAAC;AAMpB,OAAO,EAAO,KAAK,UAAU,EAAC,MAAM,WAAW,CAAC;AAKhD,MAAM,CAAC,OAAO,WAAW,KAAK,EAAE,uBAAuB,mBAEtD;AAED;;;GAGG;AACH,qBAAa,eAAgB,SAAQ,MAAM;IACjC,UAAU,EAAE,uBAAuB,CAAC;IAE5C;;;OAGG;gBACS,SAAS,EAAE,uBAAuB;IAS9C;;;;;OAKG;IACI,kBAAkB,CACrB,GAAG,EAAE,gBAAgB,EACrB,OAAO,SAAa,EACpB,oBAAoB,CAAC,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK,cAAc,GAC5D,cAAc,GAAG,kBAAkB,GAAG,wBAAwB;IAwCpD,sBAAsB,CAC/B,GAAG,EAAE,gBAAgB,EACrB,OAAO,SAAa,EACpB,MAAM,CAAC,EAAE;QACP,oBAAoB,CAAC,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK,cAAc,CAAC;QAC5D,YAAY,CAAC,EAAE,MAAM,CAAC;QACtB,UAAU,CAAC,EAAE,MAAM,CAAC;KACrB,GACF,OAAO,CAAC,cAAc,CAAC;IAmB1B;;;;;OAKG;IACI,kBAAkB,CAAC,GAAG,KAAA,EAAE,OAAO,KAAA,EAAE,OAAO,EAAE,gBAAgB;IAajE;;;;OAIG;IACI,wBAAwB,CAAC,GAAG,EAAE,gBAAgB,EAAE,GAAG,EAAE,MAAM;IASlE;;;;;OAKG;IACI,yBAAyB,CAAC,GAAG,EAAE,gBAAgB,EAAE,GAAG,EAAE,MAAM,EAAE,OAAO,EAAE,gBAAgB;CAS/F"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"entity.d.ts","sourceRoot":"","sources":["../../src/entity.ts"],"names":[],"mappings":"AAQA,OAAoB,EAAE,WAAW,IAAI,sBAAsB,EAAE,MAAM,mBAAmB,CAAC;AACvF,OAAmB,EAAE,UAAU,IAAI,qBAAqB,EAAE,MAAM,kBAAkB,CAAC;AAGnF,OAAQ,KAAK,EAAE,sBAAsB,EAAE,qBAAqB,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAChG,OAAO,EAAQ,KAAK,UAAU,EAAE,MAAM,WAAW,CAAC;AAClD,OAAO,EACH,0BAA0B,IAAI,eAAe,EAIhD,MAAM,YAAY,CAAC;
|
|
1
|
+
{"version":3,"file":"entity.d.ts","sourceRoot":"","sources":["../../src/entity.ts"],"names":[],"mappings":"AAQA,OAAoB,EAAE,WAAW,IAAI,sBAAsB,EAAE,MAAM,mBAAmB,CAAC;AACvF,OAAmB,EAAE,UAAU,IAAI,qBAAqB,EAAE,MAAM,kBAAkB,CAAC;AAGnF,OAAQ,KAAK,EAAE,sBAAsB,EAAE,qBAAqB,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAChG,OAAO,EAAQ,KAAK,UAAU,EAAE,MAAM,WAAW,CAAC;AAClD,OAAO,EACH,0BAA0B,IAAI,eAAe,EAIhD,MAAM,YAAY,CAAC;AAsBpB,MAAM,WAAW,gBAAgB;IAC/B,KAAK,CAAC,EAAE,GAAG,CAAC;IACZ,IAAI,CAAC,EAAE,GAAG,CAAC;IACX,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED,MAAM,WAAW,cAAc;IAC7B,OAAO,EAAE,MAAM,CAAC;IAChB,EAAE,EAAE,MAAM,CAAC;CACZ;AAED,MAAM,WAAW,kBAAmB,SAAQ,cAAc;IACxD,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,cAAc,EAAE,MAAM,CAAC;IACvB,IAAI,EAAE,MAAM,CAAC;CACd;AAED,MAAM,WAAW,wBAAyB,SAAQ,kBAAkB;IAClE,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,yBAA0B,SAAQ,cAAc;IAC/D,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,WAAW;IAC1B,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,EAAE,GAAG,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,MAAM,iBAAiB,GAAG,CAAC,sBAAsB,GAAG,qBAAqB,CAAC,GAC5E;IAAE,QAAQ,CAAC,EAAE,MAAM,GAAG,MAAM,CAAA;CAAE,CAAC;AAEnC,MAAM,CAAC,OAAO,OAAO,MAAM;IACzB,aAAa,EAAE,aAAa,CAAC;IAC7B,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,sBAAsB,GAAG,qBAAqB,CAAC;IAE3D;;;MAGE;gBACU,aAAa,EAAE,iBAAiB,EAAE,UAAU,EAAE,KAAK,GAAG,IAAI;IA0BtE;;;MAGE;IACF,gBAAgB;IAGhB;;;MAGE;IACF,WAAW,IAAI,MAAM;IAIrB;;;MAGE;IACF,cAAc,CAAC,UAAU,EAAE,MAAM;IAIjC;;;;MAIE;IACF,YAAY,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,EAAE,EAAE,SAAS,EAAE,MAAM,GAAG,OAAO;IAgBlE;;;;;;MAME;IACF,mBAAmB,CAAC,YAAY,KAAA,EAAE,OAAO,KAAA,EAAE,IAAI,KAAA,EAAE,UAAU,SAAK,EAAE,oBAAoB,CAAC,KAAA,GAAG,cAAc,GAAG,kBAAkB;IAqB7H;;;OAGG;IAIK,oBAAoB,CAAG,MAAM,EAAE;QACjC,EAAE,EAAE,eAAe,CAAC;QACpB,WAAW,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;QAClC,OAAO,CAAC,EAAE,MAAM,CAAC;QACjB,UAAU,CAAC,EAAE,MAAM,CAAC;QACpB,oBAAoB,CAAC,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK,cAAc,GAAG,kBAAkB,CAAC;KACpF,GAAG,OAAO,CAAC,cAAc,GAAG,kBAAkB,CAAC;IAyBlD;;;;;;MAME;IACF,kBAAkB,CAAC,IAAI,KAAA,EAAE,OAAO,KAAA,EAAE,OAAO,EAAE,gBAAgB;IAY3D;;;;;;MAME;IACF,mBAAmB,CAAC,IAAI,KAAA,EAAE,OAAO,KAAA,EAAE,OAAO,EAAE,gBAAgB;CAY7D"}
|
package/types/src/flow.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"flow.d.ts","sourceRoot":"","sources":["../../src/flow.ts"],"names":[],"mappings":"AAuBA,MAAM,WAAW,UAAU;IACvB,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,EAAE,GAAG,CAAC;IACb,MAAM,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CAC1B;
|
|
1
|
+
{"version":3,"file":"flow.d.ts","sourceRoot":"","sources":["../../src/flow.ts"],"names":[],"mappings":"AAuBA,MAAM,WAAW,UAAU;IACvB,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,EAAE,GAAG,CAAC;IACb,MAAM,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CAC1B;AAosBD,wBAAgB,WAAW,CAAC,OAAO,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC,CA8BhG;AAED,wBAAgB,IAAI,CAAC,OAAO,KAAA,GAAG,OAAO,CAAC,UAAU,CAAC,CA0BjD"}
|
package/types/src/libsaml.d.ts
CHANGED
|
@@ -21,6 +21,12 @@ export interface SignatureVerifierOptions {
|
|
|
21
21
|
metadata?: MetadataInterface;
|
|
22
22
|
keyFile?: string;
|
|
23
23
|
signatureAlgorithm?: string;
|
|
24
|
+
strictSecurity?: boolean;
|
|
25
|
+
allowLegacySha1?: boolean;
|
|
26
|
+
}
|
|
27
|
+
export interface SignatureSecurityOptions {
|
|
28
|
+
strictSecurity?: boolean;
|
|
29
|
+
allowLegacySha1?: boolean;
|
|
24
30
|
}
|
|
25
31
|
export interface ExtractorResult {
|
|
26
32
|
[key: string]: any;
|
|
@@ -71,8 +77,8 @@ export interface LibSamlInterface {
|
|
|
71
77
|
constructSAMLSignature: (opts: SignatureConstructor) => string;
|
|
72
78
|
verifySignature: (xml: string, opts: SignatureVerifierOptions) => [boolean, any];
|
|
73
79
|
createKeySection: (use: KeyUse, cert: string | Buffer) => {};
|
|
74
|
-
constructMessageSignature: (octetString: string, key: string, passphrase?: string, isBase64?: boolean, signingAlgorithm?: string) => string;
|
|
75
|
-
verifyMessageSignature: (metadata: any, octetString: string, signature: string | Buffer, verifyAlgorithm?: string) => boolean;
|
|
80
|
+
constructMessageSignature: (octetString: string, key: string, passphrase?: string, isBase64?: boolean, signingAlgorithm?: string, securityOptions?: SignatureSecurityOptions) => string;
|
|
81
|
+
verifyMessageSignature: (metadata: any, octetString: string, signature: string | Buffer, verifyAlgorithm?: string, securityOptions?: SignatureSecurityOptions) => boolean;
|
|
76
82
|
getKeyInfo: (x509Certificate: string, signatureConfig?: any) => void;
|
|
77
83
|
encryptAssertion: (sourceEntity: any, targetEntity: any, entireXML: string) => Promise<string>;
|
|
78
84
|
decryptAssertion: (here: any, entireXML: string) => Promise<[string, any]>;
|
|
@@ -217,7 +223,7 @@ declare const _default: {
|
|
|
217
223
|
* @param signingAlgorithm - 签名算法 (默认 'rsa-sha256')
|
|
218
224
|
* @returns 消息签名
|
|
219
225
|
*/
|
|
220
|
-
constructMessageSignature(octetString: string, key: string, passphrase?: string, isBase64?: boolean, signingAlgorithm?: string): string | Buffer;
|
|
226
|
+
constructMessageSignature(octetString: string, key: string, passphrase?: string, isBase64?: boolean, signingAlgorithm?: string, securityOptions?: SignatureSecurityOptions): string | Buffer;
|
|
221
227
|
/**
|
|
222
228
|
* @desc Verifies message signature
|
|
223
229
|
* @param {Metadata} metadata metadata object of identity provider or service provider
|
|
@@ -226,7 +232,7 @@ declare const _default: {
|
|
|
226
232
|
* @param {string} verifyAlgorithm algorithm used to verify
|
|
227
233
|
* @return {boolean} verification result
|
|
228
234
|
*/
|
|
229
|
-
verifyMessageSignature(metadata: any, octetString: string, signature: string | Buffer, verifyAlgorithm?: string): boolean;
|
|
235
|
+
verifyMessageSignature(metadata: any, octetString: string, signature: string | Buffer, verifyAlgorithm?: string, securityOptions?: SignatureSecurityOptions): boolean;
|
|
230
236
|
/**
|
|
231
237
|
* @desc Get the public key in string format
|
|
232
238
|
* @param {string} x509Certificate certificate
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"libsaml.d.ts","sourceRoot":"","sources":["../../src/libsaml.ts"],"names":[],"mappings":"AAQA,OAAQ,KAAK,MAAM,MAAM,aAAa,CAAA;AAItC,OAAO,KAAK,EAAC,iBAAiB,EAAC,MAAM,eAAe,CAAC;AAoBrD;;;;GAIG;AAGH,MAAM,WAAW,oBAAoB;IACnC,cAAc,EAAE,MAAM,CAAC;IACvB,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,UAAU,EAAE,MAAM,CAAC;IACnB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,WAAW,EAAE,MAAM,GAAG,MAAM,CAAC;IAC7B,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,eAAe,CAAC,EAAE,GAAG,CAAC;IACtB,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,wBAAwB,CAAC,EAAE,MAAM,EAAE,CAAC;CACrC;AAED,MAAM,WAAW,wBAAwB;IACvC,QAAQ,CAAC,EAAE,iBAAiB,CAAC;IAC7B,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,kBAAkB,CAAC,EAAE,MAAM,CAAC;
|
|
1
|
+
{"version":3,"file":"libsaml.d.ts","sourceRoot":"","sources":["../../src/libsaml.ts"],"names":[],"mappings":"AAQA,OAAQ,KAAK,MAAM,MAAM,aAAa,CAAA;AAItC,OAAO,KAAK,EAAC,iBAAiB,EAAC,MAAM,eAAe,CAAC;AAoBrD;;;;GAIG;AAGH,MAAM,WAAW,oBAAoB;IACnC,cAAc,EAAE,MAAM,CAAC;IACvB,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,UAAU,EAAE,MAAM,CAAC;IACnB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,WAAW,EAAE,MAAM,GAAG,MAAM,CAAC;IAC7B,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,eAAe,CAAC,EAAE,GAAG,CAAC;IACtB,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,wBAAwB,CAAC,EAAE,MAAM,EAAE,CAAC;CACrC;AAED,MAAM,WAAW,wBAAwB;IACvC,QAAQ,CAAC,EAAE,iBAAiB,CAAC;IAC7B,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,eAAe,CAAC,EAAE,OAAO,CAAC;CAC3B;AAED,MAAM,WAAW,wBAAwB;IACvC,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,eAAe,CAAC,EAAE,OAAO,CAAC;CAC3B;AAED,MAAM,WAAW,eAAe;IAC9B,CAAC,GAAG,EAAE,MAAM,GAAG,GAAG,CAAC;IAEnB,SAAS,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IAC9B,MAAM,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IAC3B,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,OAAO,CAAC;CACpB;AAED,MAAM,WAAW,sBAAsB;IACrC,IAAI,EAAE,MAAM,CAAC;IACb,UAAU,EAAE,MAAM,CAAC;IACnB,YAAY,EAAE,MAAM,CAAC;IACrB,QAAQ,EAAE,MAAM,CAAC;IACjB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,IAAI,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;CAC1B;AAED,MAAM,WAAW,gCAAgC;IAC/C,0BAA0B,CAAC,EAAE,0BAA0B,CAAC;IACxD,iBAAiB,CAAC,EAAE,iBAAiB,CAAC;CACvC;AAED,MAAM,WAAW,gBAAgB;IAC/B,OAAO,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,qBAAsB,SAAQ,gBAAgB;IAC7D,UAAU,CAAC,EAAE,sBAAsB,EAAE,CAAC;IACtC,mBAAmB,CAAC,EAAE,gCAAgC,CAAC;CACxD;AAED,MAAM,WAAW,0BAA2B,SAAQ,gBAAgB;CACnE;AAED,MAAM,WAAW,iBAAkB,SAAQ,gBAAgB;CAC1D;AAED,MAAM,WAAW,oBAAqB,SAAQ,gBAAgB;CAC7D;AAED,MAAM,WAAW,qBAAsB,SAAQ,gBAAgB;CAC9D;AAED,MAAM,WAAW,sBAAuB,SAAQ,gBAAgB;CAC/D;AAED,MAAM,MAAM,MAAM,GAAG,SAAS,GAAG,YAAY,CAAC;AAE9C,MAAM,WAAW,YAAY;IAC3B,CAAC,GAAG,EAAE,MAAM,GAAG,GAAG,CAAC;CACpB;AAED,MAAM,WAAW,gBAAgB;IAC/B,mBAAmB,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,MAAM,CAAC;IAC9C,WAAW,EAAE,CAAC,KAAK,KAAA,EAAE,YAAY,CAAC,EAAE,OAAO,KAAK,MAAM,CAAC;IACvD,kBAAkB,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,GAAG,KAAK,MAAM,CAAC;IAC/D,yBAAyB,EAAE,CAAC,UAAU,EAAE,sBAAsB,EAAE,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,0BAA0B,EAAE,0BAA0B,KAAK,MAAM,CAAC;IAC1K,sBAAsB,EAAE,CAAC,IAAI,EAAE,oBAAoB,KAAK,MAAM,CAAC;IAC/D,eAAe,EAAE,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,EAAE,wBAAwB,KAAK,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;IACjF,gBAAgB,EAAE,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,MAAM,KAAK,EAAE,CAAC;IAC7D,yBAAyB,EAAE,CAAC,WAAW,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,EAAE,UAAU,CAAC,EAAE,MAAM,EAAE,QAAQ,CAAC,EAAE,OAAO,EAAE,gBAAgB,CAAC,EAAE,MAAM,EAAE,eAAe,CAAC,EAAE,wBAAwB,KAAK,MAAM,CAAC;IAExL,sBAAsB,EAAE,CAAC,QAAQ,KAAA,EAAE,WAAW,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,MAAM,EAAE,eAAe,CAAC,EAAE,MAAM,EAAE,eAAe,CAAC,EAAE,wBAAwB,KAAK,OAAO,CAAC;IACrK,UAAU,EAAE,CAAC,eAAe,EAAE,MAAM,EAAE,eAAe,CAAC,EAAE,GAAG,KAAK,IAAI,CAAC;IACrE,gBAAgB,EAAE,CAAC,YAAY,KAAA,EAAE,YAAY,KAAA,EAAE,SAAS,EAAE,MAAM,KAAK,OAAO,CAAC,MAAM,CAAC,CAAC;IACrF,gBAAgB,EAAE,CAAC,IAAI,KAAA,EAAE,SAAS,EAAE,MAAM,KAAK,OAAO,CAAC,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,CAAC;IAEtE,gBAAgB,EAAE,CAAC,MAAM,EAAE,MAAM,KAAK,MAAM,GAAG,IAAI,CAAC;IACpD,eAAe,EAAE,CAAC,MAAM,EAAE,MAAM,KAAK,MAAM,GAAG,IAAI,CAAC;IAEnD,2BAA2B,EAAE,oBAAoB,CAAC;IAClD,4BAA4B,EAAE,qBAAqB,CAAC;IACpD,iCAAiC,EAAE,0BAA0B,CAAC;IAC9D,wBAAwB,EAAE,iBAAiB,CAAC;IAC5C,4BAA4B,EAAE,qBAAqB,CAAC;IACpD,6BAA6B,EAAE,sBAAsB,CAAC;CACvD;;6CA6Q4C,OAAO,KAAG,MAAM;gCAhQxB,MAAM;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;wDAgBkB,MAAM;;;;IA6R/D;;;;;OAKG;+BACwB,MAAM,aAAa,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,MAAM;IAS9E;;;;;;OAMG;IACH,eAAe;6CAC0B,GAAG,EAAE,GAAG,MAAM;IA0CvD;;;OAGG;iCAC0B;QAC3B,eAAe,CAAC,EAAE,OAAO,CAAC;QAC1B,UAAU,EAAE,MAAM,GAAG,MAAM,CAAC;QAC5B,cAAc,CAAC,EAAE,MAAM,CAAC;QACxB,kBAAkB,EAAE,MAAM,CAAC;QAC3B,WAAW,EAAE,GAAG,CAAC;QACjB,cAAc,CAAC,EAAE,OAAO,CAAC;QACzB,cAAc,EAAE,GAAG,CAAC;QACpB,wBAAwB,CAAC,EAAE,MAAM,EAAE,GAAG,SAAS,CAAC;QAChD,iBAAiB,EAAE,MAAM,CAAC;QAC1B,eAAe,EAAE;YAAE,MAAM,EAAE,MAAM,CAAC;YAAC,QAAQ,EAAE;gBAAE,SAAS,EAAE,MAAM,CAAC;gBAAC,MAAM,EAAE,MAAM,CAAA;aAAE,CAAA;SAAE,CAAA;KACrF,GAAG,MAAM;2CA0D6B,MAAM,mBAAmB,MAAM;;;;;;;;;;;;;IAmCtE;;;;;;OAMG;yBAEwB,MAAM,QAAQ,wBAAwB,QAAQ,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC;6BAoWlE,MAAM,QAAQ,wBAAwB;IAqK/D;;;;;OAKG;0BACmB,MAAM,cAAc,MAAM,GAAG,MAAM,GAAG,YAAY;IAsBxE;;;;;;;;OAQG;2CAGY,MAAM,OAChB,MAAM,eACE,MAAM,aACR,OAAO,qBACC,MAAM,oBACP,wBAAwB,GAC3C,MAAM,GAAG,MAAM;IAyBd;;;;;;;OAOG;qCAES,GAAG,eACF,MAAM,aACR,MAAM,GAAG,MAAM,oBACR,MAAM,oBACN,wBAAwB;IAmB5C;;;;SAIK;gCACyB,MAAM,oBAAmB,GAAG;;;;IAWxD;;;;;;OAMG;iEAEgD,MAAM;IA2DzD;;OAEG;IACH;;OAEG;gDAC0C,MAAM,SAAS,wBAAwB;;;;;;IAiHpF;;;;;OAKG;+BAC8B,GAAG,aAAa,MAAM,GAAG,OAAO,CAAC,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IA8EnF;;OAEG;sBACqB,MAAM,SAAQ,OAAO;;AA8BjD,wBAAyB"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"metadata-idp.d.ts","sourceRoot":"","sources":["../../src/metadata-idp.ts"],"names":[],"mappings":"AAAA;;;;EAIE;AACF,OAAO,QAAQ,EAAE,EAAE,KAAM,iBAAiB,EAAE,MAAM,eAAe,CAAC;AAClE,OAAQ,KAAK,EAAsB,sBAAsB,EAAE,MAAM,YAAY,CAAC;AAM9E,MAAM,WAAW,oBAAqB,SAAQ,iBAAiB;CAE9D;AAKD,MAAM,CAAC,OAAO,WAAU,IAAI,EAAE,sBAAsB,eAEnD;AAED,qBAAa,WAAY,SAAQ,QAAQ;
|
|
1
|
+
{"version":3,"file":"metadata-idp.d.ts","sourceRoot":"","sources":["../../src/metadata-idp.ts"],"names":[],"mappings":"AAAA;;;;EAIE;AACF,OAAO,QAAQ,EAAE,EAAE,KAAM,iBAAiB,EAAE,MAAM,eAAe,CAAC;AAClE,OAAQ,KAAK,EAAsB,sBAAsB,EAAE,MAAM,YAAY,CAAC;AAM9E,MAAM,WAAW,oBAAqB,SAAQ,iBAAiB;CAE9D;AAKD,MAAM,CAAC,OAAO,WAAU,IAAI,EAAE,sBAAsB,eAEnD;AAED,qBAAa,WAAY,SAAQ,QAAQ;gBAC3B,IAAI,EAAE,sBAAsB;IAuHxC;;;MAGE;IACF,yBAAyB,IAAI,OAAO;IAQpC;;;;MAIE;IACF,sBAAsB,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,GAAG,MAAM;IAUxD;;;;OAIG;IACH,4BAA4B,CAAE,OAAO,EAAE,MAAM,GAAG,MAAM,GAAG,MAAM;CAUhE"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"metadata-sp.d.ts","sourceRoot":"","sources":["../../src/metadata-sp.ts"],"names":[],"mappings":"AAAA;;;;EAIE;AACF,OAAO,QAAQ,EAAE,EAAC,KAAK,iBAAiB,EAAC,MAAM,eAAe,CAAC;AAE/D,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,YAAY,CAAC;AAMxD,MAAM,WAAW,mBAAoB,SAAQ,iBAAiB;CAE7D;AAeD,MAAM,CAAC,OAAO,WAAU,IAAI,EAAE,qBAAqB,cAElD;AAED;;EAEE;AACF,qBAAa,UAAW,SAAQ,QAAQ;IAEtC;;;MAGE;gBACU,IAAI,EAAE,qBAAqB;
|
|
1
|
+
{"version":3,"file":"metadata-sp.d.ts","sourceRoot":"","sources":["../../src/metadata-sp.ts"],"names":[],"mappings":"AAAA;;;;EAIE;AACF,OAAO,QAAQ,EAAE,EAAC,KAAK,iBAAiB,EAAC,MAAM,eAAe,CAAC;AAE/D,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,YAAY,CAAC;AAMxD,MAAM,WAAW,mBAAoB,SAAQ,iBAAiB;CAE7D;AAeD,MAAM,CAAC,OAAO,WAAU,IAAI,EAAE,qBAAqB,cAElD;AAED;;EAEE;AACF,qBAAa,UAAW,SAAQ,QAAQ;IAEtC;;;MAGE;gBACU,IAAI,EAAE,qBAAqB;IA+NvC;;;MAGE;IACK,sBAAsB,IAAI,OAAO;IAOxC;;;MAGE;IACK,oBAAoB,IAAI,OAAO;IAOtC;;;;MAIE;IACK,2BAA2B,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM;CAwL5D"}
|
|
@@ -1,19 +1,5 @@
|
|
|
1
|
-
/**
|
|
2
|
-
* 验证 SAML 消息(普通或 SOAP)
|
|
3
|
-
* @param xml XML 字符串
|
|
4
|
-
* @param isSoap 是否为 SOAP 消息,默认 false
|
|
5
|
-
* @returns true 表示验证通过,否则抛出错误
|
|
6
|
-
* @throws 当检测到 XXE 或验证失败时抛出错误
|
|
7
|
-
*/
|
|
8
1
|
export declare const validate: (xml: string, isSoap?: boolean) => Promise<boolean>;
|
|
9
|
-
|
|
10
|
-
* 验证 SAML 元数据,并可选择解析元数据类型
|
|
11
|
-
* @param xml XML 字符串
|
|
12
|
-
* @param isParse 是否解析并返回元数据类型,默认 false
|
|
13
|
-
* @returns 验证通过时:若 isParse 为 true 返回 { isValid: true, metadataType: string },否则返回 true;
|
|
14
|
-
* 验证失败时返回 Error 对象(保持原行为)
|
|
15
|
-
*/
|
|
16
|
-
export declare const validateMetadata: (xml: string, isParse?: boolean) => Promise<true | Error | readonly import("xmllint-wasm").XMLValidationError[] | {
|
|
2
|
+
export declare const validateMetadata: (xml: string, isParse?: boolean) => Promise<true | {
|
|
17
3
|
isValid: boolean;
|
|
18
4
|
metadataType: string;
|
|
19
5
|
}>;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"schemaValidator.d.ts","sourceRoot":"","sources":["../../src/schemaValidator.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"schemaValidator.d.ts","sourceRoot":"","sources":["../../src/schemaValidator.ts"],"names":[],"mappings":"AA2FA,eAAO,MAAM,QAAQ,GAAU,KAAK,MAAM,EAAE,SAAQ,OAAe,qBAoBlE,CAAC;AAEF,eAAO,MAAM,gBAAgB,GAAU,KAAK,MAAM,EAAE,UAAS,OAAe;;;EAsD3E,CAAC"}
|
package/types/src/types.d.ts
CHANGED
|
@@ -142,6 +142,8 @@ export interface MetadataIdpOptions {
|
|
|
142
142
|
entityID?: string;
|
|
143
143
|
signingCert?: string | Buffer | (string | Buffer)[];
|
|
144
144
|
encryptCert?: string | Buffer | (string | Buffer)[];
|
|
145
|
+
strictSecurity?: boolean;
|
|
146
|
+
allowLegacySha1?: boolean;
|
|
145
147
|
wantAuthnRequestsSigned?: boolean;
|
|
146
148
|
nameIDFormat?: string[];
|
|
147
149
|
singleSignOnService?: SSOService[];
|
|
@@ -155,6 +157,8 @@ export interface MetadataSpOptions {
|
|
|
155
157
|
entityID?: string;
|
|
156
158
|
signingCert?: string | Buffer | (string | Buffer)[];
|
|
157
159
|
encryptCert?: string | Buffer | (string | Buffer)[];
|
|
160
|
+
strictSecurity?: boolean;
|
|
161
|
+
allowLegacySha1?: boolean;
|
|
158
162
|
authnRequestsSigned?: boolean;
|
|
159
163
|
wantAssertionsSigned?: boolean;
|
|
160
164
|
wantMessageSigned?: boolean;
|
|
@@ -184,6 +188,8 @@ export interface SAMLDocumentTemplate {
|
|
|
184
188
|
}
|
|
185
189
|
export type ServiceProviderSettings = {
|
|
186
190
|
metadata?: string | Buffer;
|
|
191
|
+
strictSecurity?: boolean;
|
|
192
|
+
allowLegacySha1?: boolean;
|
|
187
193
|
entityID?: string;
|
|
188
194
|
authnRequestsSigned?: boolean;
|
|
189
195
|
wantAssertionsSigned?: boolean;
|
|
@@ -215,6 +221,8 @@ export type ServiceProviderSettings = {
|
|
|
215
221
|
};
|
|
216
222
|
export type IdentityProviderSettings = {
|
|
217
223
|
metadata?: string | Buffer;
|
|
224
|
+
strictSecurity?: boolean;
|
|
225
|
+
allowLegacySha1?: boolean;
|
|
218
226
|
/** signature algorithm */
|
|
219
227
|
requestSignatureAlgorithm?: string;
|
|
220
228
|
/** template of login response */
|
package/types/src/types.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/types.ts"],"names":[],"mappings":"AAAA,OAAQ,KAAK,EAAE,qBAAqB,EAAE,MAAM,cAAc,CAAC;AAC3D,OAAO,EAAC,gBAAgB,EAAC,MAAM,iBAAiB,CAAC;AACjD,OAAO,EAAC,eAAe,EAAC,MAAM,gBAAgB,CAAC;AAC/C,OAAO,EAAC,cAAc,EAAC,MAAM,aAAa,CAAC;AAC3C,OAAO,EAAE,gBAAgB,IAAI,2BAA2B,EAAE,MAAM,iBAAiB,CAAC;AAClF,OAAO,EAAE,WAAW,IAAI,wBAAwB,EAAE,MAAM,mBAAmB,CAAC;AAE5E,OAAO,EAAE,eAAe,IAAI,0BAA0B,EAAE,MAAM,gBAAgB,CAAC;AAC/E,OAAO,EAAE,UAAU,IAAI,uBAAuB,EAAE,MAAM,kBAAkB,CAAC;AAEzE,MAAM,MAAM,YAAY,GAAG,MAAM,GAAG,MAAM,CAAC;AAC3C,MAAM,WAAY,yBAAyB;IACvC,WAAW,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IAClC,MAAM,EAAE;QACJ,GAAG,EAAE,gBAAgB,CAAC;QACtB,EAAE,EAAE,eAAe,CAAC;KACvB,CAAC;IACF,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IAC3B,oBAAoB,CAAC,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK,cAAc,CAAC;IAC5D,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,kBAAkB,CAAC,EAAE,GAAG,EAAE,CAAC;IAC3B,OAAO,CAAC,EAAE,OAAO,CAAA;CACpB;AACD,KAAK,UAAU,GAAG;IACd,SAAS,CAAC,EAAE,IAAI,GAAG,KAAK,GAAG,MAAM,GAAG,OAAO,CAAC;IAC9C,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,MAAM,CAAC;CAClB,CAAC;AAEF,MAAM,MAAM,WAAW,GAAG;IACxB,KAAK,EAAE,MAAM,CAAC;IACd,qCAAqC;IACrC,IAAI,CAAC,EAAE,MAAM,CAAC;CACf,CAAC;AAGF,MAAM,MAAM,kBAAkB,GAAG;IAC/B,IAAI,EAAE,MAAM,CAAC;IACb,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;CAC3B,CAAC;AAGF,MAAM,MAAM,yBAAyB,GAAG;IACtC,SAAS,EAAE,OAAO,CAAC;IACnB,WAAW,EAAE,WAAW,EAAE,CAAC;IAC3B,kBAAkB,EAAE,WAAW,EAAE,CAAC;IAClC,mBAAmB,EAAE,kBAAkB,EAAE,CAAC;CAC3C,CAAC;AAGF,MAAM,MAAM,WAAW,GAAG,yBAAyB,EAAE,CAAC;AAMtD;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;IACvB,OAAO,CAAC,EAAE,KAAK,CAAC;QACd,UAAU,EAAE,MAAM,CAAC;QACnB,IAAI,CAAC,EAAE,MAAM,CAAC;QACd,GAAG,CAAC,EAAE,MAAM,CAAC;KACd,CAAC,CAAC;CACJ;AAED;;GAEG;AACH,MAAM,WAAW,2BAA2B;IAC1C,UAAU,CAAC,EAAE,OAAO,GAAG,SAAS,GAAG,SAAS,GAAG,QAAQ,CAAC;IACxD,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;IACrB,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;CACrB;AAED;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,OAAO,EAAE,OAAO,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,sBAAsB;IACrC,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;CACrB;AAED;;GAEG;AACH,MAAM,WAAW,6BAA6B;IAC5C,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,IAAI,EAAE;QACJ,UAAU,CAAC,EAAE,MAAM,CAAC;QACpB,KAAK,EAAE,MAAM,CAAC;KACf,CAAC;IACF,WAAW,CAAC,EAAE;QACZ,UAAU,CAAC,EAAE,MAAM,CAAC;QACpB,KAAK,EAAE,MAAM,CAAC;KACf,CAAC;IACF,GAAG,CAAC,EAAE;QACJ,UAAU,CAAC,EAAE,MAAM,CAAC;QACpB,KAAK,EAAE,MAAM,CAAC;KACf,CAAC;CACH;AAED;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC,WAAW,EAAE,WAAW,GAAG,SAAS,GAAG,gBAAgB,GAAG,SAAS,GAAG,OAAO,CAAC;IAC9E,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,eAAe,CAAC,EAAE,MAAM,CAAC;CAC1B;AAED;;GAEG;AACH,MAAM,WAAW,0BAA0B;IACzC,OAAO,CAAC,EAAE,aAAa,CAAC;IACxB,qBAAqB,CAAC,EAAE,2BAA2B,CAAC;IACpD,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,8BAA8B,CAAC,EAAE,MAAM,CAAC;IACxC,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED;;GAEG;AACH,MAAM,WAAW,wBAAwB;IACvC,UAAU,CAAC,EAAE,gBAAgB,CAAC;IAC9B,gBAAgB,CAAC,EAAE,sBAAsB,CAAC;CAC3C;AAED;;GAEG;AACH,MAAM,WAAW,sBAAsB;IACrC,YAAY,CAAC,EAAE,kBAAkB,CAAC;IAClC,aAAa,CAAC,EAAE,mBAAmB,EAAE,CAAC;CACvC;AAED,MAAM,WAAW,kBAAkB;IACjC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,WAAW,CAAC,EAAE,MAAM,GAAG,MAAM,GAAG,CAAC,MAAM,GAAG,MAAM,CAAC,EAAE,CAAC;IACpD,WAAW,CAAC,EAAE,MAAM,GAAG,MAAM,GAAG,CAAC,MAAM,GAAG,MAAM,CAAC,EAAE,CAAC;IACpD,uBAAuB,CAAC,EAAE,OAAO,CAAC;IAClC,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IACxB,mBAAmB,CAAC,EAAE,UAAU,EAAE,CAAC;IACnC,mBAAmB,CAAC,EAAE,UAAU,EAAE,CAAC;IACnC,yBAAyB,CAAC,EAAC,UAAU,EAAE,CAAC;IACxC,yBAAyB,CAAC,EAAE,MAAM,CAAC;IAEnC,oBAAoB,CAAC,EAAE,sBAAsB,CAAC;CAC/C;AAED,MAAM,MAAM,sBAAsB,GAC9B,kBAAkB,GAClB,YAAY,CAAC;AAEjB,MAAM,WAAW,iBAAiB;IAChC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,WAAW,CAAC,EAAE,MAAM,GAAG,MAAM,GAAG,CAAC,MAAM,GAAG,MAAM,CAAC,EAAE,CAAC;IACpD,WAAW,CAAC,EAAE,MAAM,GAAG,MAAM,GAAG,CAAC,MAAM,GAAG,MAAM,CAAC,EAAE,CAAC;IACpD,mBAAmB,CAAC,EAAE,OAAO,CAAC;IAC9B,oBAAoB,CAAC,EAAE,OAAO,CAAC;IAC/B,iBAAiB,CAAC,EAAE,OAAO,CAAC;IAC5B,eAAe,CAAC,EAAE;QAAE,CAAC,GAAG,EAAE,MAAM,GAAG,GAAG,CAAA;KAAE,CAAC;IACzC,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IACxB,mBAAmB,CAAC,EAAE,UAAU,EAAE,CAAC;IACnC,mBAAmB,CAAC,EAAE,UAAU,EAAE,CAAC;IACnC,wBAAwB,CAAC,EAAE,UAAU,EAAE,CAAC;IACxC,yBAAyB,CAAC,EAAE,yBAAyB,EAAE,CAAC;IACxD,yBAAyB,CAAC,EAAC,UAAU,EAAE,CAAC;IACxC,aAAa,CAAC,EAAE,MAAM,EAAE,CAAC;IAEzB,oBAAoB,CAAC,EAAE,sBAAsB,CAAC;CAC/C;AAED,MAAM,MAAM,qBAAqB,GAC7B,iBAAiB,GACjB,YAAY,CAAC;AAEjB,MAAM,MAAM,aAAa,GAAG,uBAAuB,GAAG,wBAAwB,CAAC;AAE/E,MAAM,WAAW,eAAe;IAC9B,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE;QACT,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,MAAM,CAAC,EAAE,QAAQ,GAAG,SAAS,GAAG,QAAQ,GAAG,OAAO,CAAC;KACpD,CAAC;CACH;AAED,MAAM,WAAW,oBAAoB;IACnC,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,MAAM,uBAAuB,GAAG;IACpC,QAAQ,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IAC3B,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,mBAAmB,CAAC,EAAE,OAAO,CAAC;IAC9B,oBAAoB,CAAC,EAAE,OAAO,CAAC;IAC/B,iBAAiB,CAAC,EAAE,OAAO,CAAC;IAC5B,wBAAwB,CAAC,EAAE,OAAO,CAAC;IACnC,uBAAuB,CAAC,EAAE,OAAO,CAAC;IAClC,UAAU,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IAC7B,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,oBAAoB,CAAC,EAAE,OAAO,CAAC;IAC/B,yBAAyB,CAAC,EAAE,MAAM,CAAC;IACnC,aAAa,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IAChC,iBAAiB,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IACpC,wBAAwB,CAAC,EAAE,UAAU,EAAE,CAAC;IACxC,mBAAmB,CAAC,EAAE,UAAU,EAAE,CAAC;IACnC,eAAe,CAAC,EAAE,eAAe,CAAC;IAClC,oBAAoB,CAAC,EAAE,oBAAoB,CAAC;IAC5C,qBAAqB,CAAC,EAAE,oBAAoB,CAAC;IAC7C,WAAW,CAAC,EAAE,MAAM,GAAG,MAAM,GAAG,CAAC,MAAM,GAAG,MAAM,CAAC,EAAE,CAAC;IACpD,WAAW,CAAC,EAAE,MAAM,GAAG,MAAM,GAAG,CAAC,MAAM,GAAG,MAAM,CAAC,EAAE,CAAC;IACpD,wBAAwB,CAAC,EAAE,MAAM,EAAE,CAAC;IACpC,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IACxB,WAAW,CAAC,EAAE,OAAO,CAAC;IAEtB,UAAU,CAAC,EAAE,MAAM,CAAC;IAEpB,WAAW,CAAC,EAAE,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAE/B,wBAAwB,CAAC,EAAE,0BAA0B,CAAC;IACtD,sBAAsB,CAAC,EAAE,wBAAwB,CAAC;IAClD,+BAA+B,CAAC,EAAE,6BAA6B,CAAC;IAChE,oBAAoB,CAAC,EAAE,sBAAsB,CAAC;CAC/C,CAAC;AAEF,MAAM,MAAM,wBAAwB,GAAG;IACrC,QAAQ,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;
|
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/types.ts"],"names":[],"mappings":"AAAA,OAAQ,KAAK,EAAE,qBAAqB,EAAE,MAAM,cAAc,CAAC;AAC3D,OAAO,EAAC,gBAAgB,EAAC,MAAM,iBAAiB,CAAC;AACjD,OAAO,EAAC,eAAe,EAAC,MAAM,gBAAgB,CAAC;AAC/C,OAAO,EAAC,cAAc,EAAC,MAAM,aAAa,CAAC;AAC3C,OAAO,EAAE,gBAAgB,IAAI,2BAA2B,EAAE,MAAM,iBAAiB,CAAC;AAClF,OAAO,EAAE,WAAW,IAAI,wBAAwB,EAAE,MAAM,mBAAmB,CAAC;AAE5E,OAAO,EAAE,eAAe,IAAI,0BAA0B,EAAE,MAAM,gBAAgB,CAAC;AAC/E,OAAO,EAAE,UAAU,IAAI,uBAAuB,EAAE,MAAM,kBAAkB,CAAC;AAEzE,MAAM,MAAM,YAAY,GAAG,MAAM,GAAG,MAAM,CAAC;AAC3C,MAAM,WAAY,yBAAyB;IACvC,WAAW,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IAClC,MAAM,EAAE;QACJ,GAAG,EAAE,gBAAgB,CAAC;QACtB,EAAE,EAAE,eAAe,CAAC;KACvB,CAAC;IACF,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IAC3B,oBAAoB,CAAC,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK,cAAc,CAAC;IAC5D,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,kBAAkB,CAAC,EAAE,GAAG,EAAE,CAAC;IAC3B,OAAO,CAAC,EAAE,OAAO,CAAA;CACpB;AACD,KAAK,UAAU,GAAG;IACd,SAAS,CAAC,EAAE,IAAI,GAAG,KAAK,GAAG,MAAM,GAAG,OAAO,CAAC;IAC9C,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,MAAM,CAAC;CAClB,CAAC;AAEF,MAAM,MAAM,WAAW,GAAG;IACxB,KAAK,EAAE,MAAM,CAAC;IACd,qCAAqC;IACrC,IAAI,CAAC,EAAE,MAAM,CAAC;CACf,CAAC;AAGF,MAAM,MAAM,kBAAkB,GAAG;IAC/B,IAAI,EAAE,MAAM,CAAC;IACb,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;CAC3B,CAAC;AAGF,MAAM,MAAM,yBAAyB,GAAG;IACtC,SAAS,EAAE,OAAO,CAAC;IACnB,WAAW,EAAE,WAAW,EAAE,CAAC;IAC3B,kBAAkB,EAAE,WAAW,EAAE,CAAC;IAClC,mBAAmB,EAAE,kBAAkB,EAAE,CAAC;CAC3C,CAAC;AAGF,MAAM,MAAM,WAAW,GAAG,yBAAyB,EAAE,CAAC;AAMtD;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;IACvB,OAAO,CAAC,EAAE,KAAK,CAAC;QACd,UAAU,EAAE,MAAM,CAAC;QACnB,IAAI,CAAC,EAAE,MAAM,CAAC;QACd,GAAG,CAAC,EAAE,MAAM,CAAC;KACd,CAAC,CAAC;CACJ;AAED;;GAEG;AACH,MAAM,WAAW,2BAA2B;IAC1C,UAAU,CAAC,EAAE,OAAO,GAAG,SAAS,GAAG,SAAS,GAAG,QAAQ,CAAC;IACxD,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;IACrB,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;CACrB;AAED;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,OAAO,EAAE,OAAO,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,sBAAsB;IACrC,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;CACrB;AAED;;GAEG;AACH,MAAM,WAAW,6BAA6B;IAC5C,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,IAAI,EAAE;QACJ,UAAU,CAAC,EAAE,MAAM,CAAC;QACpB,KAAK,EAAE,MAAM,CAAC;KACf,CAAC;IACF,WAAW,CAAC,EAAE;QACZ,UAAU,CAAC,EAAE,MAAM,CAAC;QACpB,KAAK,EAAE,MAAM,CAAC;KACf,CAAC;IACF,GAAG,CAAC,EAAE;QACJ,UAAU,CAAC,EAAE,MAAM,CAAC;QACpB,KAAK,EAAE,MAAM,CAAC;KACf,CAAC;CACH;AAED;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC,WAAW,EAAE,WAAW,GAAG,SAAS,GAAG,gBAAgB,GAAG,SAAS,GAAG,OAAO,CAAC;IAC9E,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,eAAe,CAAC,EAAE,MAAM,CAAC;CAC1B;AAED;;GAEG;AACH,MAAM,WAAW,0BAA0B;IACzC,OAAO,CAAC,EAAE,aAAa,CAAC;IACxB,qBAAqB,CAAC,EAAE,2BAA2B,CAAC;IACpD,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,8BAA8B,CAAC,EAAE,MAAM,CAAC;IACxC,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED;;GAEG;AACH,MAAM,WAAW,wBAAwB;IACvC,UAAU,CAAC,EAAE,gBAAgB,CAAC;IAC9B,gBAAgB,CAAC,EAAE,sBAAsB,CAAC;CAC3C;AAED;;GAEG;AACH,MAAM,WAAW,sBAAsB;IACrC,YAAY,CAAC,EAAE,kBAAkB,CAAC;IAClC,aAAa,CAAC,EAAE,mBAAmB,EAAE,CAAC;CACvC;AAED,MAAM,WAAW,kBAAkB;IACjC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,WAAW,CAAC,EAAE,MAAM,GAAG,MAAM,GAAG,CAAC,MAAM,GAAG,MAAM,CAAC,EAAE,CAAC;IACpD,WAAW,CAAC,EAAE,MAAM,GAAG,MAAM,GAAG,CAAC,MAAM,GAAG,MAAM,CAAC,EAAE,CAAC;IACpD,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,uBAAuB,CAAC,EAAE,OAAO,CAAC;IAClC,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IACxB,mBAAmB,CAAC,EAAE,UAAU,EAAE,CAAC;IACnC,mBAAmB,CAAC,EAAE,UAAU,EAAE,CAAC;IACnC,yBAAyB,CAAC,EAAC,UAAU,EAAE,CAAC;IACxC,yBAAyB,CAAC,EAAE,MAAM,CAAC;IAEnC,oBAAoB,CAAC,EAAE,sBAAsB,CAAC;CAC/C;AAED,MAAM,MAAM,sBAAsB,GAC9B,kBAAkB,GAClB,YAAY,CAAC;AAEjB,MAAM,WAAW,iBAAiB;IAChC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,WAAW,CAAC,EAAE,MAAM,GAAG,MAAM,GAAG,CAAC,MAAM,GAAG,MAAM,CAAC,EAAE,CAAC;IACpD,WAAW,CAAC,EAAE,MAAM,GAAG,MAAM,GAAG,CAAC,MAAM,GAAG,MAAM,CAAC,EAAE,CAAC;IACpD,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,mBAAmB,CAAC,EAAE,OAAO,CAAC;IAC9B,oBAAoB,CAAC,EAAE,OAAO,CAAC;IAC/B,iBAAiB,CAAC,EAAE,OAAO,CAAC;IAC5B,eAAe,CAAC,EAAE;QAAE,CAAC,GAAG,EAAE,MAAM,GAAG,GAAG,CAAA;KAAE,CAAC;IACzC,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IACxB,mBAAmB,CAAC,EAAE,UAAU,EAAE,CAAC;IACnC,mBAAmB,CAAC,EAAE,UAAU,EAAE,CAAC;IACnC,wBAAwB,CAAC,EAAE,UAAU,EAAE,CAAC;IACxC,yBAAyB,CAAC,EAAE,yBAAyB,EAAE,CAAC;IACxD,yBAAyB,CAAC,EAAC,UAAU,EAAE,CAAC;IACxC,aAAa,CAAC,EAAE,MAAM,EAAE,CAAC;IAEzB,oBAAoB,CAAC,EAAE,sBAAsB,CAAC;CAC/C;AAED,MAAM,MAAM,qBAAqB,GAC7B,iBAAiB,GACjB,YAAY,CAAC;AAEjB,MAAM,MAAM,aAAa,GAAG,uBAAuB,GAAG,wBAAwB,CAAC;AAE/E,MAAM,WAAW,eAAe;IAC9B,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE;QACT,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,MAAM,CAAC,EAAE,QAAQ,GAAG,SAAS,GAAG,QAAQ,GAAG,OAAO,CAAC;KACpD,CAAC;CACH;AAED,MAAM,WAAW,oBAAoB;IACnC,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,MAAM,uBAAuB,GAAG;IACpC,QAAQ,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IAC3B,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,mBAAmB,CAAC,EAAE,OAAO,CAAC;IAC9B,oBAAoB,CAAC,EAAE,OAAO,CAAC;IAC/B,iBAAiB,CAAC,EAAE,OAAO,CAAC;IAC5B,wBAAwB,CAAC,EAAE,OAAO,CAAC;IACnC,uBAAuB,CAAC,EAAE,OAAO,CAAC;IAClC,UAAU,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IAC7B,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,oBAAoB,CAAC,EAAE,OAAO,CAAC;IAC/B,yBAAyB,CAAC,EAAE,MAAM,CAAC;IACnC,aAAa,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IAChC,iBAAiB,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IACpC,wBAAwB,CAAC,EAAE,UAAU,EAAE,CAAC;IACxC,mBAAmB,CAAC,EAAE,UAAU,EAAE,CAAC;IACnC,eAAe,CAAC,EAAE,eAAe,CAAC;IAClC,oBAAoB,CAAC,EAAE,oBAAoB,CAAC;IAC5C,qBAAqB,CAAC,EAAE,oBAAoB,CAAC;IAC7C,WAAW,CAAC,EAAE,MAAM,GAAG,MAAM,GAAG,CAAC,MAAM,GAAG,MAAM,CAAC,EAAE,CAAC;IACpD,WAAW,CAAC,EAAE,MAAM,GAAG,MAAM,GAAG,CAAC,MAAM,GAAG,MAAM,CAAC,EAAE,CAAC;IACpD,wBAAwB,CAAC,EAAE,MAAM,EAAE,CAAC;IACpC,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IACxB,WAAW,CAAC,EAAE,OAAO,CAAC;IAEtB,UAAU,CAAC,EAAE,MAAM,CAAC;IAEpB,WAAW,CAAC,EAAE,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAE/B,wBAAwB,CAAC,EAAE,0BAA0B,CAAC;IACtD,sBAAsB,CAAC,EAAE,wBAAwB,CAAC;IAClD,+BAA+B,CAAC,EAAE,6BAA6B,CAAC;IAChE,oBAAoB,CAAC,EAAE,sBAAsB,CAAC;CAC/C,CAAC;AAEF,MAAM,MAAM,wBAAwB,GAAG;IACrC,QAAQ,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IAC3B,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,eAAe,CAAC,EAAE,OAAO,CAAC;IAE1B,0BAA0B;IAC1B,yBAAyB,CAAC,EAAE,MAAM,CAAC;IAEnC,iCAAiC;IACjC,qBAAqB,CAAC,EAAE,qBAAqB,CAAC;IAE9C,iCAAiC;IACjC,qBAAqB,CAAC,EAAE,oBAAoB,CAAC;IAE7C,yDAAyD;IACzD,UAAU,CAAC,EAAE,MAAM,MAAM,CAAC;IAE1B,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IAC7B,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,WAAW,CAAC,EAAE,MAAM,GAAG,MAAM,GAAG,CAAC,MAAM,GAAG,MAAM,CAAC,EAAE,CAAC;IACpD,WAAW,CAAC,EAAE,MAAM,GAAG,MAAM,GAAG,CAAC,MAAM,GAAG,MAAM,CAAC,EAAE,CAAC;IACpD,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IACxB,mBAAmB,CAAC,EAAE,UAAU,EAAE,CAAC;IACnC,mBAAmB,CAAC,EAAE,UAAU,EAAE,CAAC;IACnC,oBAAoB,CAAC,EAAE,OAAO,CAAC;IAC/B,aAAa,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IAChC,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,uBAAuB,CAAC,EAAE,OAAO,CAAC;IAClC,wBAAwB,CAAC,EAAE,OAAO,CAAC;IACnC,uBAAuB,CAAC,EAAE,OAAO,CAAC;IAClC,qCAAqC,CAAC,EAAE,OAAO,CAAC;IAChD,SAAS,CAAC,EAAE;QAAE,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAAA;KAAE,CAAC;IAEtC,wBAAwB,CAAC,EAAE,0BAA0B,CAAC;IACtD,sBAAsB,CAAC,EAAE,wBAAwB,CAAC;IAClD,+BAA+B,CAAC,EAAE,6BAA6B,CAAC;IAChE,oBAAoB,CAAC,EAAE,sBAAsB,CAAC;CAC/C,CAAC"}
|